From: Will Fiveash Date: Sat, 10 Jan 2009 01:06:45 +0000 (+0000) Subject: Merged with current trunk, no new function added. Everything builds X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9002edc53df996fd9ab740e6652b8eadf31b8cb3;p=thirdparty%2Fkrb5.git Merged with current trunk, no new function added. Everything builds git-svn-id: svn://anonsvn.mit.edu/krb5/branches/mkey_migrate@21722 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/README b/README index c281205986..8b1f996409 100644 --- a/README +++ b/README @@ -425,6 +425,10 @@ the following new or changed files: slave/kpropd_rpc.c slave/kproplog.c +and marked portions of the following files: + + lib/krb5/os/hst_realm.c + are subject to the following license: Copyright (c) 2004 Sun Microsystems, Inc. @@ -594,6 +598,79 @@ THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + -------------------- + +The implementations of strlcpy and strlcat in +src/util/support/strlcat.c have the following copyright and permission +notice: + +Copyright (c) 1998 Todd C. Miller + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + + -------------------- + +The implementations of UTF-8 string handling in src/util/support and +src/lib/krb5/unicode are subject to the following copyright and +permission notice: + +The OpenLDAP Public License + Version 2.8, 17 August 2003 + +Redistribution and use of this software and associated documentation +("Software"), with or without modification, are permitted provided +that the following conditions are met: + +1. Redistributions in source form must retain copyright statements + and notices, + +2. Redistributions in binary form must reproduce applicable copyright + statements and notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution, and + +3. Redistributions must contain a verbatim copy of this document. + +The OpenLDAP Foundation may revise this license from time to time. +Each revision is distinguished by a version number. You may use +this Software under terms of this license revision or under the +terms of any subsequent revision of the license. + +THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS +CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT +SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) +OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +The names of the authors and copyright holders must not be used in +advertising or otherwise to promote the sale, use or other dealing +in this Software without specific, written prior permission. Title +to copyright in this Software shall at all times remain with copyright +holders. + +OpenLDAP is a registered trademark of the OpenLDAP Foundation. + +Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, +California, USA. All Rights Reserved. Permission to copy and +distribute verbatim copies of this document is granted. Acknowledgements ---------------- diff --git a/doc/Makefile b/doc/Makefile index 1bfaaa59c4..d9b315e30b 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -26,11 +26,8 @@ MANPAGES=$(SRCDIR)/appl/gssftp/ftp/ftp.M $(SRCDIR)/clients/kdestroy/kdestroy.M $ USER_GUIDE_INCLUDES=definitions.texinfo copyright.texinfo glossary.texinfo USER_GUIDE_DEPS=user-guide.texinfo $(USER_GUIDE_INCLUDES) -KRB425_INCLUDES=definitions.texinfo copyright.texinfo -KRB425_DEPS=krb425.texinfo $(KRB425_INCLUDES) - .PHONY: all -all:: admin-guide-full install-guide-full user-guide-full krb425-guide-full clean-temp-ps clean-tex +all:: admin-guide-full install-guide-full user-guide-full clean-temp-ps clean-tex .PHONY: admin-guide-full admin-guide-full:: admin-guide admin-guide-info admin-guide-html @@ -118,28 +115,6 @@ user-guide.html: $(USER_GUIDE_DEPS) $(MANTXT) $(SRCDIR)/kadmin/passwd/kpasswd.M | $(MANHTML) > kpasswd.html $(HTML) user-guide.texinfo -.PHONY: krb425-guide-full -krb425-guide-full:: krb425-guide krb425-guide-info krb425-guide-html - -.PHONY: krb425-guide -krb425-guide:: krb425-guide.ps - -krb425-guide.ps: $(KRB425_DEPS) - $(DVI) krb425.texinfo - $(DVIPS) krb425 - -.PHONY: krb425-guide-html -krb425-guide-html:: krb425.html - -krb425.html:: $(KRB425_DEPS) - $(HTML) krb425.texinfo - -.PHONY: krb425-guide-info -krb425-guide-info:: krb425.info - -krb425.info: $(KRB425_DEPS) - $(INFO) krb425.texinfo - .PHONY: implementor.ps implementor.pdf implementor.info implementor.pdf: implementor.ps $(PSPDF) implementor.ps diff --git a/doc/admin.texinfo b/doc/admin.texinfo index 79608f3720..d067b78035 100644 --- a/doc/admin.texinfo +++ b/doc/admin.texinfo @@ -502,18 +502,6 @@ The default lifetime of a ticket. The default is code. @end ignore -@itemx krb4_srvtab -Specifies the location of the Kerberos V4 srvtab file. Default is -@value{DefaultKrb4Srvtab}. - -@itemx krb4_config -Specifies the location of hte Kerberos V4 configuration file. Default -is @value{DefaultKrb4Config}. - -@itemx krb4_realms -Specifies the location of the Kerberos V4 domain/realm translation -file. Default is @value{DefaultKrb4Realms}. - @itemx dns_lookup_kdc Indicate whether DNS SRV records should be used to locate the KDCs and other servers for a realm, if they are not listed in the information for @@ -637,32 +625,6 @@ The list of specifiable options for each application may be found in that application's man pages. The application defaults specified here are overridden by those specified in the [realms] section. -A special application name (afs_krb5) is used by the krb524 service to -know whether new format AFS tokens based on Kerberos 5 can be used -rather than the older format which used a converted Kerberos 4 ticket. -The new format allows for cross-realm authentication without -introducing a security hole. It is used by default. Older AFS -servers (before OpenAFS 1.2.8) will not support the new format. If -servers in your cell do not support the new format, you will need to -add an @code{afs_krb5} relation to the @code{appdefaults} section. -The following config file shows how to disable new format AFS tickets -for the @code{afs.example.com} cell in the @code{EXAMPLE.COM} realm. - -@smallexample -@group -[appdefaults] - afs_krb5 = @{ - EXAMPLE.COM = @{ - afs/afs.example.com = false - @} - @} - -@end group -@end smallexample - - - - @node login, realms (krb5.conf), appdefaults, krb5.conf @subsection [login] @@ -675,20 +637,6 @@ login.krb5. This section may contain any of the following relations: Indicate whether or not to use a user's password to get V5 tickets. The default value is @value{DefaultKrb5GetTickets}. -@itemx krb4_get_tickets -Indicate whether or not to user a user's password to get V4 tickets. -The default value is @value{DefaultKrb4GetTickets}. - -@itemx krb4_convert -Indicate whether or not to use the Kerberos conversion daemon to get V4 -tickets. The default value is @value{DefaultKrb4Convert}. If this is -set to false and krb4_get_tickets is true, then login will get the V5 -tickets directly using the Kerberos V4 protocol directly. This does -not currently work with non-MIT-V4 salt types (such as the AFS3 salt -type). Note that if this is set to true and krb524d is not running, -login will hang for approximately a minute under Solaris, due to a -Solaris socket emulation bug. - @itemx krb_run_aklog Indicate whether or not to run aklog. The default value is @value{DefaultKrbRunAklog}. @@ -1493,13 +1441,7 @@ If you wish to change this (which we do not recommend, because the current implementation has little protection against denial-of-service attacks), the standard port number assigned for Kerberos TCP traffic is port 88. - -@itemx v4_mode -This string specifies how the KDC should respond to Kerberos 4 -packets. The possible values are none, disable, full, and nopreauth. -The default value is @value{DefaultV4Mode}. -@comment these values found in krb5/src/kdc/kerberos_v4.c in v4mode_table -@end table +-@end table @node realms (kdc.conf), pkinit kdc options, kdcdefaults, kdc.conf @subsection [realms] @@ -4353,7 +4295,6 @@ kerberos-adm @value{DefaultKadmindPort}/udp # Kerberos 5 admin/changep krb5_prop @value{DefaultKrbPropPort}/tcp # Kerberos slave propagation @c kpop 1109/tcp # Pop with Kerberos eklogin @value{DefaultEkloginPort}/tcp # Kerberos auth. & encrypted rlogin -krb524 @value{DefaultKrb524Port}/tcp # Kerberos 5 to 4 ticket translator @end group @end smallexample diff --git a/doc/copyright.texinfo b/doc/copyright.texinfo index 45f58aa311..5d58c592a9 100644 --- a/doc/copyright.texinfo +++ b/doc/copyright.texinfo @@ -553,6 +553,70 @@ WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @end iftex @end quotation +The implementations of UTF-8 string handling in src/util/support and +src/lib/krb5/unicode are subject to the following copyright and +permission notice: + +@quotation +@iftex +@smallfonts @rm +@end iftex + +The OpenLDAP Public License + Version 2.8, 17 August 2003 + +Redistribution and use of this software and associated documentation +("Software"), with or without modification, are permitted provided +that the following conditions are met: + +1. Redistributions in source form must retain copyright statements + and notices, + +2. Redistributions in binary form must reproduce applicable copyright + statements and notices, this list of conditions, and the following + disclaimer in the documentation and/or other materials provided + with the distribution, and + +3. Redistributions must contain a verbatim copy of this document. + +The OpenLDAP Foundation may revise this license from time to time. +Each revision is distinguished by a version number. You may use +this Software under terms of this license revision or under the +terms of any subsequent revision of the license. + +THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS +CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT +SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) +OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +The names of the authors and copyright holders must not be used in +advertising or otherwise to promote the sale, use or other dealing +in this Software without specific, written prior permission. Title +to copyright in this Software shall at all times remain with copyright +holders. + +OpenLDAP is a registered trademark of the OpenLDAP Foundation. + +Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, +California, USA. All Rights Reserved. Permission to copy and +distribute verbatim copies of this document is granted. + +@iftex +@vskip 12pt +@hrule +@vskip 12pt +@end iftex +@end quotation + Permission is granted to make and distribute verbatim copies of this manual provided the copyright notices and this permission notice are preserved on all copies. diff --git a/doc/definitions.texinfo b/doc/definitions.texinfo index 529445f48c..cce3905b40 100644 --- a/doc/definitions.texinfo +++ b/doc/definitions.texinfo @@ -131,10 +131,6 @@ krb5/src/appl/bsd/login.c @end ignore @set DefaultKrb5GetTickets true @comment login_krb5_get_tickets -@set DefaultKrb4GetTickets false -@comment login_krb4_get_tickets -@set DefaultKrb4Convert false -@comment login_krb4_convert @set DefaultKrbRunAklog false @comment login_krb_run_aklog @set DefaultAklogPath $(prefix)/bin/aklog @@ -142,13 +138,6 @@ krb5/src/appl/bsd/login.c @set DefaultAcceptPasswd false @comment login_accept_password -@ignore -the following defaults should be consistent with the values set in -krb5/src/kdc/kerberos_v4 -@end ignore -@set DefaultV4Mode none -@comment KDC_V4_DEFAULT_MODE - @ignore these defaults are based on code in krb5/src/aclocal.m4 @end ignore @@ -175,14 +164,6 @@ the following are based on variables in krb5/src/include/kerberosIV/krbports.h @set DefaultFTPPort 21 @set DefaultKrb524Port 4444 -@comment src/include/kerberosIV/krb.h -@set DefaultKrb4Srvtab /etc/srvtab -@comment line 131 -@set DefaultKrb4Config /etc/krb.conf -@comment KRB_CONF -@set DefaultKrb4Realms /etc/krb.realms -@comment KRB_RLM_TRANS - @comment krb5/src/lib/krb5/krb/get_in_tkt.c @set DefaultRenewLifetime 0 @set DefaultNoaddresses set diff --git a/doc/dnssrv.texinfo b/doc/dnssrv.texinfo index c969fb2690..1a401ac14e 100644 --- a/doc/dnssrv.texinfo +++ b/doc/dnssrv.texinfo @@ -59,10 +59,6 @@ will also need the @code{admin_server} entry in @code{krb5.conf}. This should list port @value{DefaultKpasswdPort} on your master KDC. It is used when a user changes her password. -@item _kerberos-iv._udp -This should refer to your KDCs that serve Kerberos version 4 requests, -if you have Kerberos v4 enabled. - @end table Be aware, however, that the DNS SRV specification requires that the diff --git a/doc/install.texinfo b/doc/install.texinfo index 54f183d435..f9c682f5f4 100644 --- a/doc/install.texinfo +++ b/doc/install.texinfo @@ -206,9 +206,6 @@ The hostnames of your master and slave KDCs. @item How frequently you will propagate the database from the master KDC to the slave KDCs. - -@item -Whether you need backward compatibility with Kerberos V4. @end itemize @menu @@ -1093,10 +1090,10 @@ The ``call out to @code{kprop}'' mechanism is a bit fragile; if the @code{kprop} propagation fails to connect for some reason, the process on the slave may hang waiting for it, and will need to be restarted. @item -The master and slave must be able to initiate TCP connections in -both directions, without an intervening NAT. They must also be able -to communicate over IPv4, since MIT's RPC code does not currently -support IPv6. +The master and slave must be able to initiate TCP connections in both +directions, without an intervening NAT. They must also be able to +communicate over IPv4, since MIT's kprop and RPC code does not +currently support IPv6. @end itemize @menu @@ -1184,17 +1181,6 @@ to just insert the following code: @smallexample @group -# -# Note --- if you are using Kerberos V4 and you either: -# -# (a) haven't converted all your master or slave KDCs to V5, or -# -# (b) are worried about inter-realm interoperability with other KDC's -# that are still using V4 -# -# you will need to switch the "kerberos" service to port 750 and create a -# "kerberos-sec" service on port 88. -# kerberos @value{DefaultPort}/udp kdc # Kerberos V5 KDC kerberos @value{DefaultPort}/tcp kdc # Kerberos V5 KDC klogin @value{DefaultKloginPort}/tcp # Kerberos authenticated rlogin @@ -1208,13 +1194,6 @@ krb524 @value{DefaultKrb524Port}/tcp # Kerberos 5 to 4 ticket tra @end group @end smallexample -@noindent As described in the comments in the above code, if your master -KDC or any of your slave KDCs is running Kerberos V4, (or if you will be -authenticating to any Kerberos V4 KDCs in another realm) you will need -to switch the port number for @code{kerberos} to 750 and create a -@code{kerberos-sec} service (tcp and udp) on port 88, so the Kerberos -V4 KDC(s) will continue to work properly. - @menu * Mac OS X Configuration:: @end menu diff --git a/doc/kim/html/group__kim__ccache__iterator__reference.html b/doc/kim/html/group__kim__ccache__iterator__reference.html index 21e20b04ae..4b51443cd0 100644 --- a/doc/kim/html/group__kim__ccache__iterator__reference.html +++ b/doc/kim/html/group__kim__ccache__iterator__reference.html @@ -107,7 +107,7 @@ Free memory associated with a ccache iterator.

-

Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
diff --git a/doc/kim/html/group__kim__ccache__reference.html b/doc/kim/html/group__kim__ccache__reference.html index ac7d22be4b..57886e601f 100644 --- a/doc/kim/html/group__kim__ccache__reference.html +++ b/doc/kim/html/group__kim__ccache__reference.html @@ -10,8 +10,10 @@

Functions

  • kim_error kim_ccache_create_new (kim_ccache *out_ccache, kim_identity in_client_identity, kim_options in_options) -
    Acquire a new initial credential and store it in a ccache.
  • kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, kim_identity in_client_identity, kim_options in_options) -
    Find a ccache containing a valid initial credential in the cache collection, or if unavailable, acquire and store a new initial credential.
  • kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, kim_identity in_client_identity) +
    Acquire a new initial credential and store it in a ccache.
  • kim_error kim_ccache_create_new_with_password (kim_ccache *out_ccache, kim_identity in_client_identity, kim_options in_options, kim_string in_password) +
    Acquire a new initial credential and store it in a ccache using the provided password..
  • kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, kim_identity in_client_identity, kim_options in_options) +
    Find a ccache containing a valid initial credential in the cache collection, or if unavailable, acquire and store a new initial credential.
  • kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache *out_ccache, kim_identity in_client_identity, kim_options in_options, kim_string in_password) +
    Find a ccache containing a valid initial credential in the cache collection, or if unavailable, acquire and store a new initial credential using the provided password.
  • kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, kim_identity in_client_identity)
    Find a ccache for a client identity in the cache collection.
  • kim_error kim_ccache_create_from_keytab (kim_ccache *out_ccache, kim_identity in_identity, kim_options in_options, kim_string in_keytab)
    Acquire a new initial credential from a keytab and store it in a ccache.
  • kim_error kim_ccache_create_from_default (kim_ccache *out_ccache)
    Get the default ccache.
  • kim_error kim_ccache_create_from_display_name (kim_ccache *out_ccache, kim_string in_display_name) @@ -79,7 +81,60 @@ Acquire a new initial credential and store it in a ccache. in_options options to control credential acquisition. -
    Note:
    Depending on the kim_options specified, kim_ccache_create_new() may present a GUI or command line prompt to obtain information from the user.
    +
    Note:
    kim_ccache_create_new() may present a GUI or command line prompt to obtain information from the user.
    +
    Returns:
    On success, KIM_NO_ERROR. On failure, an error code representing the failure.
    + + +

    + +

    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    kim_error kim_ccache_create_new_with_password (kim_ccache out_ccache,
    kim_identity  in_client_identity,
    kim_options  in_options,
    kim_string  in_password 
    )
    +
    +
    + +

    +Acquire a new initial credential and store it in a ccache using the provided password.. +

    +

    Parameters:
    + + + + + +
    out_ccache on exit, a new cache object for a ccache containing a newly acquired initial credential. Must be freed with kim_ccache_free().
    in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to allow the user to choose.
    in_options options to control credential acquisition.
    in_password a password to be used while obtaining credentials.
    +
    +
    Note:
    kim_ccache_create_new_with_password() exists to support legacy password-based Kerberos environments. You should not use this function unless you know that it will only be used in environments using passwords. This function may also present a GUI or command line prompt to obtain additional information needed to obtain credentials (eg: SecurID pin).
    Returns:
    On success, KIM_NO_ERROR. On failure, an error code representing the failure.
    @@ -125,7 +180,60 @@ Find a ccache containing a valid initial credential in the cache collection, or in_options options to control credential acquisition (if a credential is acquired). -
    Note:
    Depending on the kim_options specified, kim_ccache_create_new_if_needed() may present a GUI or command line prompt to obtain information from the user.
    +
    Note:
    kim_ccache_create_new_if_needed() may present a GUI or command line prompt to obtain information from the user.
    +
    Returns:
    On success, KIM_NO_ERROR. On failure, an error code representing the failure.
    + +
    +

    + +

    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache out_ccache,
    kim_identity  in_client_identity,
    kim_options  in_options,
    kim_string  in_password 
    )
    +
    +
    + +

    +Find a ccache containing a valid initial credential in the cache collection, or if unavailable, acquire and store a new initial credential using the provided password. +

    +

    Parameters:
    + + + + + +
    out_ccache on exit, a ccache object for a ccache containing a newly acquired initial credential. Must be freed with kim_ccache_free().
    in_client_identity a client identity to obtain a credential for.
    in_options options to control credential acquisition (if a credential is acquired).
    in_password a password to be used while obtaining credentials.
    +
    +
    Note:
    kim_ccache_create_new_if_needed_with_password() exists to support legacy password-based Kerberos environments. You should not use this function unless you know that it will only be used in environments using passwords. This function may also present a GUI or command line prompt to obtain additional information needed to obtain credentials (eg: SecurID pin).
    Returns:
    On success, KIM_NO_ERROR. On failure, an error code representing the failure.
    @@ -161,7 +269,7 @@ Find a ccache for a client identity in the cache collection.
    Parameters:
    - +
    out_ccache on exit, a ccache object for a ccache containing a TGT credential. Must be freed with kim_ccache_free().
    in_client_identity a client identity to obtain a credential for.
    in_client_identity a client identity to find a ccache for. If in_client_identity is KIM_IDENTITY_ANY, this function returns the default ccache (ie: is equivalent to kim_ccache_create_from_default()).
    Returns:
    On success, KIM_NO_ERROR. On failure, an error code representing the failure.
    @@ -1102,7 +1210,7 @@ Free memory associated with a ccache.

    -

    Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
    Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
    diff --git a/doc/kim/html/group__kim__credential__iterator__reference.html b/doc/kim/html/group__kim__credential__iterator__reference.html index f7905d77d0..770119554b 100644 --- a/doc/kim/html/group__kim__credential__iterator__reference.html +++ b/doc/kim/html/group__kim__credential__iterator__reference.html @@ -117,7 +117,7 @@ Free memory associated with a credential iterator.

    -

    Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
    Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
    diff --git a/doc/kim/html/group__kim__credential__reference.html b/doc/kim/html/group__kim__credential__reference.html index 5bb99fad28..2cd1f787c1 100644 --- a/doc/kim/html/group__kim__credential__reference.html +++ b/doc/kim/html/group__kim__credential__reference.html @@ -10,7 +10,8 @@

    Functions

    • kim_error kim_credential_create_new (kim_credential *out_credential, kim_identity in_client_identity, kim_options in_options) -
      Acquire a new initial credential.
    • kim_error kim_credential_create_from_keytab (kim_credential *out_credential, kim_identity in_identity, kim_options in_options, kim_string in_keytab) +
      Acquire a new initial credential.
    • kim_error kim_credential_create_new_with_password (kim_credential *out_credential, kim_identity in_client_identity, kim_options in_options, kim_string in_password) +
      Acquire a new initial credential using the provided password.
    • kim_error kim_credential_create_from_keytab (kim_credential *out_credential, kim_identity in_identity, kim_options in_options, kim_string in_keytab)
      Acquire a new initial credential from a keytab.
    • kim_error kim_credential_create_from_krb5_creds (kim_credential *out_credential, krb5_context in_krb5_context, krb5_creds *in_krb5_creds)
      Copy a credential from a krb5 credential object.
    • kim_error kim_credential_copy (kim_credential *out_credential, kim_credential in_credential)
      Copy a credential object.
    • kim_error kim_credential_get_krb5_creds (kim_credential in_credential, krb5_context in_krb5_context, krb5_creds **out_krb5_creds) @@ -70,7 +71,61 @@ Acquire a new initial credential. in_options options to control credential acquisition. -
      Note:
      Depending on the kim_options specified, kim_credential_create_new() may present a GUI or command line prompt to obtain information from the user.
      +
      Note:
      kim_credential_create_new() may present a GUI or command line prompt to obtain information from the user.
      +
      Returns:
      On success, KIM_NO_ERROR. On failure, an error code representing the failure.
      +
      See also:
      kim_ccache_create_new
      + + +

      + +

      +
      + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      kim_error kim_credential_create_new_with_password (kim_credential out_credential,
      kim_identity  in_client_identity,
      kim_options  in_options,
      kim_string  in_password 
      )
      +
      +
      + +

      +Acquire a new initial credential using the provided password. +

      +

      Parameters:
      + + + + + +
      out_credential on exit, a new credential object containing a newly acquired initial credential. Must be freed with kim_credential_free().
      in_client_identity a client identity to obtain a credential for. Specify NULL to allow the user to choose the identity
      in_options options to control credential acquisition.
      in_password a password to be used while obtaining the credential.
      +
      +
      Note:
      kim_credential_create_new_with_password() exists to support legacy password-based Kerberos environments. You should not use this function unless you know that it will only be used in environments using passwords. This function may also present a GUI or command line prompt to obtain additional information needed to obtain credentials (eg: SecurID pin).
      Returns:
      On success, KIM_NO_ERROR. On failure, an error code representing the failure.
      See also:
      kim_ccache_create_new
      @@ -768,7 +823,7 @@ Free memory associated with a credential object.

      -

      Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
      Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
      diff --git a/doc/kim/html/group__kim__identity__reference.html b/doc/kim/html/group__kim__identity__reference.html index 9a0bf521c6..c975c731c9 100644 --- a/doc/kim/html/group__kim__identity__reference.html +++ b/doc/kim/html/group__kim__identity__reference.html @@ -582,7 +582,7 @@ Free memory associated with an identity.

      -

      Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
      Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
      diff --git a/doc/kim/html/group__kim__library__reference.html b/doc/kim/html/group__kim__library__reference.html index 63b430d16e..c646557b71 100644 --- a/doc/kim/html/group__kim__library__reference.html +++ b/doc/kim/html/group__kim__library__reference.html @@ -218,7 +218,7 @@ Set the name of your application for KIM to use for user interface.

      -

      Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
      Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
      diff --git a/doc/kim/html/group__kim__options__reference.html b/doc/kim/html/group__kim__options__reference.html index 3c4f5ae629..aea7292d72 100644 --- a/doc/kim/html/group__kim__options__reference.html +++ b/doc/kim/html/group__kim__options__reference.html @@ -88,7 +88,7 @@ Copy options.

      Parameters:
      - +
      out_options on exit, a new options object which is a copy of in_options. Must be freed with kim_options_free().
      out_options on exit, a new options object which is a copy of in_options. Must be freed with kim_options_free(). If passed KIM_OPTIONS_DEFAULT will set out_options to KIM_OPTIONS_DEFAULT.
      in_options a options object.
      @@ -769,7 +769,7 @@ Free memory associated with an options object.

      -

      Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
      Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
      diff --git a/doc/kim/html/group__kim__preferences__reference.html b/doc/kim/html/group__kim__preferences__reference.html index 90412e71fc..5320884dd4 100644 --- a/doc/kim/html/group__kim__preferences__reference.html +++ b/doc/kim/html/group__kim__preferences__reference.html @@ -172,7 +172,7 @@ Get the user's preferred options.
      Parameters:
      - +
      in_preferences a preferences object.
      out_options on exit, the options specified in in_preferences. Must be freed with kim_options_free().
      out_options on exit, the options specified in in_preferences. May be KIM_OPTIONS_DEFAULT. If not, must be freed with kim_options_free().
      Returns:
      On success, KIM_NO_ERROR. On failure, an error code representing the failure.
      @@ -982,7 +982,7 @@ Free memory associated with a preferences object.

      -

      Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
      Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
      diff --git a/doc/kim/html/group__kim__selection__hints__reference.html b/doc/kim/html/group__kim__selection__hints__reference.html index b1f72bc84e..a80eb73479 100644 --- a/doc/kim/html/group__kim__selection__hints__reference.html +++ b/doc/kim/html/group__kim__selection__hints__reference.html @@ -744,7 +744,7 @@ Free memory associated with a selection hints object.

      -

      Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
      Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
      diff --git a/doc/kim/html/group__kim__string__reference.html b/doc/kim/html/group__kim__string__reference.html index e79bd22290..31192c96f7 100644 --- a/doc/kim/html/group__kim__string__reference.html +++ b/doc/kim/html/group__kim__string__reference.html @@ -164,7 +164,7 @@ Free memory associated with a string.

      -

      Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
      Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
      diff --git a/doc/kim/html/group__kim__types__reference.html b/doc/kim/html/group__kim__types__reference.html index 09a5da6a95..a3c037609c 100644 --- a/doc/kim/html/group__kim__types__reference.html +++ b/doc/kim/html/group__kim__types__reference.html @@ -447,7 +447,7 @@ Possible credential states. Credentials may be:

        -

        Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
        Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/index.html b/doc/kim/html/index.html index c514f270bd..a11d58f648 100644 --- a/doc/kim/html/index.html +++ b/doc/kim/html/index.html @@ -76,7 +76,7 @@ Types and Constants -
        Generated on Wed Oct 1 18:42:05 2008 for Kerberos Identity Management by  +
        Generated on Mon Nov 3 17:45:43 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/kim_ccache_overview.html b/doc/kim/html/kim_ccache_overview.html index 4bb914b727..e6cce0abe1 100644 --- a/doc/kim/html/kim_ccache_overview.html +++ b/doc/kim/html/kim_ccache_overview.html @@ -21,6 +21,7 @@ Acquiring Credentials from the Default CCache Acquiring New Credentials in a CCache KIM provides the kim_ccache_create_new() API for acquiring new credentials and storing them in a ccache. Credentials can either be obtained for a specific client identity or by specifying KIM_IDENTITY_ANY to allow the user to choose. Typically callers of this API obtain the client identity using kim_selection_hints_get_identity(). Depending on the kim_options specified, kim_ccache_create_new() may present a GUI or command line prompt to obtain information from the user.

        kim_ccache_create_new_if_needed() searches the cache collection for a ccache for the client identity and if no appropriate ccache is available, attempts to acquire new credentials and store them in a new ccache. Depending on the kim_options specified, kim_ccache_create_new_if_needed() may present a GUI or command line prompt to obtain information from the user. This function exists for convenience and to avoid code duplication. It can be trivially implemented using kim_ccache_create_from_client_identity() and kim_ccache_create_new().

        +For legacy password-based Kerberos environments KIM also provides kim_ccache_create_new_with_password() and kim_ccache_create_new_if_needed_with_password(). You should not use these functions unless you know that they will only be used in environments using passwords. Otherwise users without passwords may be prompted for them.

        KIM provides the kim_ccache_create_from_keytab() to create credentials using a keytab and store them in the cache collection. A keytab is an on-disk copy of a client identity's secret key. Typically sites use keytabs for client identities that identify a machine or service and protect the keytab with disk permissions. Because a keytab is sufficient to obtain credentials, keytabs will normally only be readable by root, Administrator or some other privileged account. Typically applications use credentials obtained from keytabs to obtain credentials for batch processes. These keytabs and credentials are usually for a special identity used for the batch process rather than a user identity.

        Validating Credentials in a CCache

        A credential with a start time in the future (ie: after the issue date) is called a post-dated credential. Because the KDC administrator may wish to disable a identity, once the start time is reached, all post-dated credentials must be validated before they can be used. Otherwise an attacker using a compromised account could acquire lots of post-dated credentials to circumvent the acccount being disabled.

        @@ -62,7 +63,7 @@ Examining CCache Properties

        • kim_ccache_get_options() returns a kim_options object with the credential options of the credentials in the ccache. This function is intended to be used when adding an identity with existing credentials to the favorite identities list. By passing in the options returned by this call, future requests for the favorite identity will use the same credential options.
        -See KIM CCache Reference Documentation and KIM CCache Iterator Reference Documentation for information on specific APIs.
        Generated on Wed Oct 1 18:42:05 2008 for Kerberos Identity Management by  +See KIM CCache Reference Documentation and KIM CCache Iterator Reference Documentation for information on specific APIs.
        Generated on Mon Nov 3 17:45:43 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/kim_credential_overview.html b/doc/kim/html/kim_credential_overview.html index 894a3d6f7d..71f9817771 100644 --- a/doc/kim/html/kim_credential_overview.html +++ b/doc/kim/html/kim_credential_overview.html @@ -14,6 +14,7 @@ KIM credential APIs are intended for applications and system tools which manage

        Acquiring New Credentials

        KIM provides the kim_credential_create_new() API for acquiring new credentials. Credentials can either be obtained for a specific client identity or by specifying KIM_IDENTITY_ANY to allow the user to choose. Typically callers of this API obtain the client identity using kim_selection_hints_get_identity(). Depending on the kim_options specified, kim_credential_create_new() may present a GUI or command line prompt to obtain information from the user.

        +For legacy password-based Kerberos environments KIM also provides kim_credential_create_new_with_password(). You should not use this function unless you know that it will only be used in environments using passwords. Otherwise users without passwords may be prompted for them.

        KIM provides the kim_credential_create_from_keytab() to create credentials using a keytab. A keytab is an on-disk copy of a client identity's secret key. Typically sites use keytabs for client identities that identify a machine or service and protect the keytab with disk permissions. Because a keytab is sufficient to obtain credentials, keytabs will normally only be readable by root, Administrator or some other privileged account. Typically applications use credentials obtained from keytabs to obtain credentials for batch processes. These keytabs and credentials are usually for a special identity used for the batch process rather than a user identity.

        Validating Credentials

        A credential with a start time in the future (ie: after the issue date) is called a post-dated credential. Because the KDC administrator may wish to disable a identity, once the start time is reached, all post-dated credentials must be validated before they can be used. Otherwise an attacker using a compromised account could acquire lots of post-dated credentials to circumvent the acccount being disabled.

        @@ -59,7 +60,7 @@ Examining Credential Properties

        • kim_credential_get_options() returns a kim_options object with the credential options of the credential. This function is intended to be used when adding an identity with existing credentials to the favorite identities list. By passing in the options returned by this call, future requests for the favorite identity will use the same credential options.
        -See KIM Credential Reference Documentation and KIM Credential Iterator Reference Documentation for information on specific APIs.
        Generated on Wed Oct 1 18:42:05 2008 for Kerberos Identity Management by  +See KIM Credential Reference Documentation and KIM Credential Iterator Reference Documentation for information on specific APIs.
        Generated on Mon Nov 3 17:45:43 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/kim_identity_overview.html b/doc/kim/html/kim_identity_overview.html index a7c4f76b6c..a930d43212 100644 --- a/doc/kim/html/kim_identity_overview.html +++ b/doc/kim/html/kim_identity_overview.html @@ -36,7 +36,7 @@ Changing a Identity's Password Many Kerberos sites use passwords for user accounts. Because passwords may be stolen or compromised, they must be frequently changed. KIM provides APIs to change the identity's password directly, and also handles changing the identity's password when it has expired.

        kim_identity_change_password() presents a user interface to obtain the old and new passwords from the user.

        Note:
        Not all identities have a password. Some sites use certificates (pkinit) and in the future there may be other authentication mechanisms (eg: smart cards).
        -See KIM Identity Reference Documentation for information on specific APIs.
        Generated on Wed Oct 1 18:42:05 2008 for Kerberos Identity Management by  +See KIM Identity Reference Documentation for information on specific APIs.
        Generated on Mon Nov 3 17:45:43 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/kim_options_overview.html b/doc/kim/html/kim_options_overview.html index 4b297df024..9932398367 100644 --- a/doc/kim/html/kim_options_overview.html +++ b/doc/kim/html/kim_options_overview.html @@ -33,7 +33,7 @@ Like forwardability, the proxiable flag only applies to TGT credentials. Unlike Use kim_options_set_proxiable() to change whether or not the Kerberos libraries request proxiable credentials. Use kim_options_get_proxiable() to find out the current setting.

        Service Name

        Normally users acquire TGT credentials (ie "ticket granting tickets") and then use those credentials to acquire service credentials. This allows Kerberos to provide single sign-on while still providing mutual authentication to services. However, sometimes you just want an initial credential for a service. KIM options allows you to set the service name with kim_options_set_service_name() and query it with kim_options_get_service_name().

        -See KIM Options Reference Documentation for information on specific APIs.

        Generated on Wed Oct 1 18:42:05 2008 for Kerberos Identity Management by  +See KIM Options Reference Documentation for information on specific APIs.
        Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/kim_preferences_overview.html b/doc/kim/html/kim_preferences_overview.html index 30c518cda2..2759f594c4 100644 --- a/doc/kim/html/kim_preferences_overview.html +++ b/doc/kim/html/kim_preferences_overview.html @@ -29,7 +29,7 @@ Viewing and Editing the Favorite Identities First, you need to acquire the Favorite Identities stored in the user's preferences using kim_preferences_create().

        Then use kim_preferences_get_number_of_favorite_identities() and kim_preferences_get_favorite_identity_at_index() to display the identities list. Use kim_preferences_add_favorite_identity() and kim_preferences_remove_favorite_identity() to change which identities are in the identities list. Identities are always stored in alphabetical order and duplicate identities are not permitted, so when you add or remove a identity you should redisplay the entire list. If you wish to replace the identities list entirely, use kim_preferences_remove_all_favorite_identities() to clear the list before adding your identities.

        Once you are done editing the favorite identities list, store changes in the user's preference file using kim_preferences_synchronize().

        -See KIM Preferences Documentation for information on specific APIs.

        Generated on Wed Oct 1 18:42:05 2008 for Kerberos Identity Management by  +See KIM Preferences Documentation for information on specific APIs.
        Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/kim_selection_hints_overview.html b/doc/kim/html/kim_selection_hints_overview.html index 5f4a382ea4..44a1cd28da 100644 --- a/doc/kim/html/kim_selection_hints_overview.html +++ b/doc/kim/html/kim_selection_hints_overview.html @@ -48,7 +48,7 @@ In order to let the user know why Kerberos needs their assistance, KIM displays In many cases a single application may select different identities for different purposes. For example an email application might use different identities to check mail for different accounts. If your application has this property you may need to provide the user with a localized string describing how the identity will be used. You can specify this string with kim_selection_hints_get_explanation(). You can find out what string will be used with kim_selection_hints_set_explanation().

        Since the user may choose to acquire credentials when selection an identity, KIM also provides kim_selection_hints_set_options() to set what credential acquisition options are used. kim_selection_hints_get_options() returns the options which will be used.

        If you need to disable user interaction, use kim_selection_hints_set_allow_user_interaction(). Use kim_selection_hints_get_allow_user_interaction() to find out whether or not user interaction is enabled. User interaction is enabled by default.

        -See KIM Selection Hints Reference Documentation for information on specific APIs.

        Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +See KIM Selection Hints Reference Documentation for information on specific APIs.
        Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/kim_string_overview.html b/doc/kim/html/kim_string_overview.html index ced9da69df..fbc0962acf 100644 --- a/doc/kim/html/kim_string_overview.html +++ b/doc/kim/html/kim_string_overview.html @@ -11,7 +11,7 @@ KIM Error Messages Like most C APIs, the KIM API returns numeric error codes. These error codes may come from KIM, krb5 or GSS APIs. In most cases the caller will want to handle these error programmatically. However, in some circumstances the caller may wish to print an error string to the user.

        One problem with just printing the error code to the user is that frequently the context behind the error has been lost. For example if KIM is trying to obtain credentials via referrals, it may fail partway through the process. In this case the error code will be KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, which maps to "Client not found in Kerberos database". Unfortunately this error isn't terribly helpful because it doesn't tell the user whether they typoed their principal name or if referrals failed.

        To avoid this problem, KIM maintains an explanatory string for the last error seen in each thread calling into KIM. If a caller wishes to display an error to the user, immediately after getting the error the caller should call kim_string_create_for_last_error() to obtain a copy of the descriptive error message.

        -See KIM String Reference Documentation for information on specific APIs.

        Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +See KIM String Reference Documentation for information on specific APIs.
        Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
        diff --git a/doc/kim/html/modules.html b/doc/kim/html/modules.html index ba79467e23..0239b81d58 100644 --- a/doc/kim/html/modules.html +++ b/doc/kim/html/modules.html @@ -18,7 +18,7 @@
      • KIM String Reference Documentation
      • KIM Types and Constants
      -
      Generated on Wed Oct 1 18:42:06 2008 for Kerberos Identity Management by  +
      Generated on Mon Nov 3 17:45:44 2008 for Kerberos Identity Management by  doxygen 1.5.3
      diff --git a/doc/krb4-xrealm.txt b/doc/krb4-xrealm.txt deleted file mode 100644 index f8c4566e5c..0000000000 --- a/doc/krb4-xrealm.txt +++ /dev/null @@ -1,143 +0,0 @@ -The following text was taken from the patchkit disabling cross-realm -authentication and triple-DES in krb4. - -PATCH KIT DESCRIPTION -===================== - -** FLAG DAY REQUIRED ** - -One of the things we decided to do (and must do for security reasons) -was drop support for the 3DES krb4 TGTs. Unfortunately the current -code will only accept 3DES TGTs if it issues 3DES TGTs. Since the new -code issues only DES TGTs, the old code will not understand its v4 -TGTs if the site has a 3DES key available for the krbtgt principal. -The new code will understand and accept both DES and 3DES v4 TGTs. - -So, the easiest upgrade option is to deploy the code on all KDCs at -once, being sure to deploy it on the master KDC last. Under this -scenario, a brief window exists where slaves may be able to issue -tickets that the master will not understand. However, the slaves will -understand tickets issued by the master throughout the upgrade. - -An alternate and more annoying upgrade strategy exists. At least one -max TGT life time before the upgrade, the TGT key can be changed to be -a single-des key. Since we support adding a new TGT key while -preserving the old one, this does not create an interruption in -service. Since no 3DES key is available then both the old and new -code will issue and accept DES v4 TGTs. After the upgrade, the TGT -key can again be rekeyed to add 3DES keys. This does require two TGT -key changes and creates a window where DES is used for the v5 TGT, but -creates no window in which slaves will issue TGTs the master cannot -accept. - -* What the patch does -===================== - -1) Kerberos 4 cross-realm authentication is disabled by default. A - "-X" switch is added to both krb524d and krb5kdc to enable v4 - cross-realm. This switch logs a note that a security hole has been - opened in the KDC log. We said while designing the patch, that we - were going to try to allow per-realm configuration; because of a - design problem in the kadm5 library, we could not do this without - bumping the ABI version of that library. We are unwilling to bump - an ABI version in a security patch release to get that feature, so - the configuration of v4 cross-realm is a global switch. - -2) Code responsible for v5 TGTs has been changed to require that the - enctype of the ticket service key be the same as the enctype that - would currently be issued for that kvno. This means that even if a - service has multiple keys, you cannot use a weak key to fake the - KDC into accepting tickets for that service. If you have a non-DES - TGT key, this separates keys used for v4 and v5. We actually relax - this requirement for cross-realm TGT keys (which in the new code - are only used for v5) because we cannot guarantee other Kerberos - implementations will choose keys the same way. - -3) We no longer issue 3DES v4 tickets either in the KDC or krb524d. - We add code to accept either DES or 3DES tickets for v4. None of - the attacks discovered so far can be implemented given a KDC that - accepts but does not issue 3DES tickets, so we believe that leaving - this functionality in as compatibility for a version or two is - reasonable. Note however that the attacks described do allow - successful attackers to print future tickets, so sites probably - want to rekey important keys after installing this update. Note - also that even if issuance of 3DES v4 tickets has been disabled, - outstanding tickets may be used to perform the 3DES cut-and-paste - attack. - -* Test Cases -============ - -This code is difficult to test for two reasons. First, you need a -cross-realm relationship between two KDCs. Secondly, you need a KDC -that will issue 3DES v4 tickets even though the code with the patch -applied can no longer do this. - -I propose to meet these requirements by setting up a cross-realm 3DES -key between a realm I control and the test environment. In order to -provide concrete examples of what I plan to test with the automated -tests, I assume a shared key between a realm PREPATCH.KRBTEST.COM and the -test realm PATCH. - -In all of the following tests I assume the following configuration. -A principal v4test@PREPATCH.KRBTEST.COM exists with known password and -without requiring preauthentication. The PREPATCH.KRBTEST.COM KDC will -issue v4 tickets for this principal. A principal test@PATCH exists -with known password and without requiring preauthentication. A -principal service@PATCH exists. The TGT for the PATCH realm has a -3des and des key. The shared TGT keys between PATCH and -PREPATCH.KRBTEST.COM are identical in both directions (required for v4) and -support both 3DES and DES keys. - -1) Run krb524d and krb5kdc for PATCH with no special options using a - krb5.conf without permitted_enctypes (fully permissive). - - -A) Get v4 tickets as v4test@PREPATCH.KRBTEST.COM. Confirm that kvno -4 -service@PATCH fails with an unknown principal error and logs an error -about cross-realm being denied to the PATCH KDC log. This confirms -that v4 cross-realm is not accepted. - -B) Get v5 tickets as v4test@PREPATCH.KRBTEST.COM. Confirm that krb524init --p service@PATCH fails with a prohibited by policy error, but that -klist -5 includes a ticket for service@PATCH. This confirms that v5 -cross-realm works but the krb524d denies converting such a ticket into -a cross-realm ticket. Note that the krb524init currently in the -mainline source tree will not be useful for this test because the -client denies cross-realm for the simple reason that the v4 ticket -file format is not flexible enough to support it. The krb524init in -the 1.2.x release is useful for this test. - - -2) Restart the krb5kdc and krb524d for PATCH with the -X option - enabling v4 cross-realm. - -A) Confirm that the security warning is written to kdc.log. - -B) Get v4 tickets as v4test@PREPATCH.KRBTEST.COM. Confirm that kvno -4 -service@PATCH works and leaves a service@PATCH ticket in the cache. -This confirms that v4 cross-realm works in the KDC. It also confirms -that the KDC can accept 3DES v4 TGTs. The code path for decrypting a -TGT is the same for the local realm and for foreign realms, so I don't -see a need to test local 3DES TGTs in an automated manner although I -did test it manually. - -C) Get v5 tickets as v4test@PREPATCH.KRBTEST.COM. Confirm that krb524init --p service@PATCH works. This confirms that krb524d will issue -cross-realm tickets. They're completely useless because the v4 ticket -file can't represent them, but that's not our problem today. - -3) Start the kdc and krb524d with a krb5.conf that includes - permitted_enctypes only listing des-cbc-crc. Get tickets as - test@PATCH. Restart the KDC and confirm that kvno service fails - logging an error about permitted enctypes. This confirms that if - you manage to obtain a ticket of the wrong enctype it will not be - accepted later. - -These tests do not check to make sure that 3DES tickets are not -issued by the v4 code. I'm fairly certain that is true as I've -physically remove the calls to the routine that generates 3DES tickets -from the code in both the KDC and krb524d. These tests also do not -check to make sure that cross-realm TGTs are not required to follow -the strict enctype policy. I've tested that manually but don't know -how to test that without significantly complicating the test setup. diff --git a/doc/krb425.texinfo b/doc/krb425.texinfo deleted file mode 100644 index fdeb033c19..0000000000 --- a/doc/krb425.texinfo +++ /dev/null @@ -1,322 +0,0 @@ -\input texinfo @c -*-texinfo-*- -@c Note: the above texinfo file must include the "doubleleftarrow" -@c definitions added by jcb. -@c %**start of header -@c guide -@setfilename krb425.info -@settitle Upgrading to Kerberos V5 from Kerberos V4 -@c @setchapternewpage odd @c chapter begins on next odd page -@c @setchapternewpage on @c chapter begins on next page -@c @smallbook @c Format for 7" X 9.25" paper -@c %**end of header - -@paragraphindent 0 -@iftex -@parskip 6pt plus 6pt -@end iftex - -@dircategory Kerberos -@direntry -* krb425: (krb425). Upgrading to Kerberos V5 from V4 -@end direntry - -@include definitions.texinfo -@set EDITION 1.0 -@set UPDATED May 22, 2003 - -@finalout @c don't print black warning boxes - -@titlepage -@title Upgrading to @value{PRODUCT} from Kerberos V4 -@subtitle Release: @value{RELEASE} -@subtitle Document Edition: @value{EDITION} -@subtitle Last updated: @value{UPDATED} -@author @value{COMPANY} - -@page -@vskip 0pt plus 1filll - -@end titlepage - -@node Top, Copyright, (dir), (dir) - -@ifinfo -This document describes how to convert to @value{PRODUCT} from Kerberos V4. -@end ifinfo - -@menu -* Copyright:: -* Introduction:: -* Configuration Files:: -* Upgrading KDCs:: -* Upgrading Application Servers:: -* Upgrading Client machines:: -* Firewall Considerations:: -@end menu - -@node Copyright, Introduction, Top, Top -@unnumbered Copyright -@include copyright.texinfo - -@node Introduction, Configuration Files, Copyright, Top -@chapter Introduction - -As with most software upgrades, @value{PRODUCT} is generally backward -compatible but not necessarily forward compatible. The @value{PRODUCT} -daemons can interoperate with Kerberos V4 clients, but most of the -Kerberos V4 daemons can not interoperate with Kerberos V5 clients. This -suggests the following strategy for performing the upgrade: - -@enumerate -@item -@strong{Upgrade your KDCs.} This must be done first, so that -interactions with the Kerberos database, whether by Kerberos V5 clients -or by Kerberos V4 clients, will succeed. - -@item -@strong{Upgrade your servers.} This must be done before upgrading -client machines, so that the servers are able to respond to both -Kerberos V5 and Kerberos V4 queries. - -@item -@strong{Upgrade your client machines.} Do this only after your KDCs and -application servers are upgraded, so that all of your Kerberos V5 -clients will be talking to Kerberos V5 daemons. -@end enumerate - -@node Configuration Files, Upgrading KDCs, Introduction, Top -@chapter Configuration Files - -The Kerberos @code{krb5.conf} and KDC @code{kdc.conf} configuration -files allow additional tags for Kerberos V4 compatibility. - -@menu -* krb5.conf:: -* kdc.conf:: -@end menu - -@node krb5.conf, kdc.conf, Configuration Files, Configuration Files -@section krb5.conf - -If you used the defaults, both when you installed Kerberos V4 and when -you installed @value{PRODUCT}, you should not need to include any of -these tags. However, some or all of them may be necessary for -nonstandard installations. - -@menu -* libdefaults:: -* realms (krb5.conf):: -* AFS and the Appdefaults Section:: -@end menu - -@node libdefaults, realms (krb5.conf), krb5.conf, krb5.conf -@subsection [libdefaults] - -In the [libdefaults] section, the following additional tags may be used: - -@table @b -@item krb4_srvtab -Specifies the location of the Kerberos V4 srvtab file. Default is -@value{DefaultKrb4Srvtab}. - -@item krb4_config -Specifies the location of the Kerberos V4 configuration file. Default -is @value{DefaultKrb4Config}. - -@item krb4_realms -Specifies the location of the Kerberos V4 domain/realm translation -file. Default is @value{DefaultKrb4Realms}. -@end table - -@node realms (krb5.conf), AFS and the Appdefaults Section, libdefaults, krb5.conf -@subsection [realms] - -In the [realms] section, the following Kerberos V4 tags may be used: -@table @b -@itemx default_domain -Identifies the default domain for hosts in this realm. This is needed -for translating V4 principal names (which do not contain a domain name) -to V5 principal names. The default is your Kerberos realm name, -converted to lower case. - -@itemx v4_instance_convert -This subsection allows the administrator to configure exceptions to the -default_domain mapping rule. It contains V4 instances (tag name) which -should be translated to some specific hostname (tag value) as the second -component in a Kerberos V5 principal name. - -@itemx v4_realm -This relation allows the administrator to configure a different -realm name to be used when converting V5 principals to V4 -ones. This should only be used when running separate V4 and V5 -realms, with some external means of password sychronization -between the realms. - -@end table - -@node AFS and the Appdefaults Section, , realms (krb5.conf), krb5.conf -@subsection AFS and the Appdefaults Section - -Many Kerberos 4 sites also run the Andrew File System (AFS). - -Modern AFS servers (OpenAFS > 1.2.8) support the AFS 2b token format. -This allows AFS to use Kerberos 5 tickets rather than version 4 -tickets, enabling cross-realm authentication. By default, the -@file{krb524d} service will issue the new AFS 2b tokens. If you are -using old AFS servers, you will need to disable these new tokens. -Please see the documentation of the @code{appdefaults} section of -@file{krb5.conf} in the Kerberos Administration guide. - - - -@node kdc.conf, , krb5.conf, Configuration Files -@section kdc.conf - -Because Kerberos V4 requires a different type of salt for the encryption -type, you will need to change the @code{supported_enctypes} line in the -[realms] section to: - -@smallexample -supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 -@end smallexample - -This is the only change needed to the @code{kdc.conf} file. - -@node Upgrading KDCs, Upgrading Application Servers, Configuration Files, Top -@chapter Upgrading KDCs - -To convert your KDCs from Kerberos V4 to @value{PRODUCT}, do the -following: - -@enumerate -@item -Install @value{PRODUCT} on each KDC, according to the instructions in -the @value{PRODUCT} Installation Guide, up to the point where it tells -you to create the database. - -@item -Find the @code{kadmind} (V4) daemon process on the master KDC and kill -it. This will prevent changes to the Kerberos database while you -convert the database to the new Kerberos V5 format. - -@item -Create a dump of the V4 database in the directory where your V5 database -will reside by issuing the command: - -@smallexample -% kdb_util dump @value{ROOTDIR}/var/krb5kdc/v4-dump -@end smallexample - -@item -Load the V4 dump into a Kerberos V5 database, by issuing the command: - -@smallexample -% kdb5_util load_v4 v4-dump -@end smallexample - -@item -Create a Kerberos V5 stash file, if desired, by issuing the command: - -@smallexample -% kdb5_util stash -@end smallexample - -@item -Proceed with the rest of the @value{PRODUCT} installation as described -in the @value{PRODUCT} Installation Guide. When you get to the section -that tells you to start the @code{krb5kdc} and @code{kadmind} daemons, -first find and kill the Kerberos V4 @code{kerberos} daemon on each of -the KDCs. Then start the @code{krb5kdc} and @code{kadmind} daemons as -You will need to specify an argument to the @code{-4} command line option to enable Kerberos 4 compatibility. -See the @code{krb5kdc} man page for details. -directed. Finally, start the Kerberos V5 to V4 ticket translator -daemon, @code{krb524d}, by issuing the command: - -@smallexample -% @value{ROOTDIR}/sbin/krb524d -m > /dev/null & -@end smallexample - -If you have a stash file and you start the @code{krb5kdc} and -@code{kadmind} daemons at boot time, you should add the above line to -your @code{/etc/rc} (or @code{/etc/rc.local}) file on each KDC. -@end enumerate - -@node Upgrading Application Servers, Upgrading Client machines, Upgrading KDCs, Top -@chapter Upgrading Application Servers - -Install @value{PRODUCT} on each application server, according to the -instructions in the @value{PRODUCT} Installation Guide, with the -following exceptions: - -@itemize @bullet -@item -In the file @code{/etc/services}, add or edit the lines described in the -@value{PRODUCT} Installation Guide, with the following exception: - -in place of: - -@smallexample -@group -kerberos @value{DefaultPort}/udp kdc # Kerberos V5 KDC -kerberos @value{DefaultPort}/tcp kdc # Kerberos V5 KDC -@end group -@end smallexample - -@noindent -add instead: - -@smallexample -@group -kerberos-sec @value{DefaultPort}/udp kdc # Kerberos V5 KDC -kerberos-sec @value{DefaultPort}/tcp kdc # Kerberos V5 KDC -@end group -@end smallexample - -@item -Convert your Kerberos V4 srvtab file to Kerberos V5 keytab file as -follows: - -@smallexample -@group -@b{#} @value{ROOTDIR}/sbin/ktutil -@b{ktutil:} rst /etc/krb-srvtab -@b{ktutil:} wkt /etc/krb5.keytab -@b{ktutil:} q -@b{#} -@end group -@end smallexample -@end itemize - -@node Upgrading Client machines, Firewall Considerations, Upgrading Application Servers, Top -@chapter Upgrading Client machines - -Install @value{PRODUCT} on each client machine, according to the -instructions in the @value{PRODUCT} Installation Guide. - -Tell your users to add the appropriate directory to their paths. On -UNIX machines, this will probably be @code{@value{BINDIR}}. - -Note that if you upgrade your client machines before all of your -application servers are upgraded, your users will need to use the -Kerberos V4 programs to connect to application servers that are still -running Kerberos V4. (The one exception is the UNIX version of -@value{PRODUCT} telnet, which can connect to a Kerberos V4 and Kerberos -V5 application servers.) Users can use either the Kerberos V4 or -@value{PRODUCT} programs to connect to Kerberos V5 servers. - -@node Firewall Considerations, , Upgrading Client machines, Top -@chapter Firewall Considerations - -@value{PRODUCT} uses port @value{DefaultPort}, which is the port -assigned by the IETF, for KDC requests. Kerberos V4 used port -@value{DefaultSecondPort}. If your users will need to get to any KDCs -outside your firewall, you will need to allow TCP and UDP requests on -port @value{DefaultPort} for your users to get to off-site Kerberos V5 -KDCs, and on port @value{DefaultSecondPort} for your users to get to -off-site Kerberos V4 KDCs. - -@contents -@c second page break makes sure right-left page alignment works right -@c with a one-page toc, even though we don't have setchapternewpage odd. -@c end of texinfo file -@bye diff --git a/doc/krb5-protocol/draft-ietf-cat-kerberos-pk-init-09.txt b/doc/krb5-protocol/draft-ietf-cat-kerberos-pk-init-09.txt new file mode 100644 index 0000000000..748f08954b --- /dev/null +++ b/doc/krb5-protocol/draft-ietf-cat-kerberos-pk-init-09.txt @@ -0,0 +1,908 @@ +INTERNET-DRAFT Brian Tung +draft-ietf-cat-kerberos-pk-init-09.txt Clifford Neuman +Updates: RFC 1510 ISI +expires December 1, 1999 Matthew Hur + CyberSafe Corporation + Ari Medvinsky + Excite + Sasha Medvinsky + General Instrument + John Wray + Iris Associates, Inc. + Jonathan Trostle + Cisco + + Public Key Cryptography for Initial Authentication in Kerberos + +0. Status Of This Memo + + This document is an Internet-Draft and is in full conformance with + all provisions of Section 10 of RFC 2026. Internet-Drafts are + working documents of the Internet Engineering Task Force (IETF), + its areas, and its working groups. Note that other groups may also + distribute working documents as Internet-Drafts. + + Internet-Drafts are draft documents valid for a maximum of six + months and may be updated, replaced, or obsoleted by other + documents at any time. It is inappropriate to use Internet-Drafts + as reference material or to cite them other than as "work in + progress." + + + The list of current Internet-Drafts can be accessed at + http://www.ietf.org/ietf/1id-abstracts.txt + + The list of Internet-Draft Shadow Directories can be accessed at + http://www.ietf.org/shadow.html. + + To learn the current status of any Internet-Draft, please check + the "1id-abstracts.txt" listing contained in the Internet-Drafts + Shadow Directories on ftp.ietf.org (US East Coast), + nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or + munnari.oz.au (Pacific Rim). + + The distribution of this memo is unlimited. It is filed as + draft-ietf-cat-kerberos-pk-init-09.txt, and expires December 1, + 1999. Please send comments to the authors. + +1. Abstract + + This document defines extensions (PKINIT) to the Kerberos protocol + specification (RFC 1510 [1]) to provide a method for using public + key cryptography during initial authentication. The methods + defined specify the ways in which preauthentication data fields and + error data fields in Kerberos messages are to be used to transport + public key data. + +2. Introduction + + The popularity of public key cryptography has produced a desire for + its support in Kerberos [2]. The advantages provided by public key + cryptography include simplified key management (from the Kerberos + perspective) and the ability to leverage existing and developing + public key certification infrastructures. + + Public key cryptography can be integrated into Kerberos in a number + of ways. One is to associate a key pair with each realm, which can + then be used to facilitate cross-realm authentication; this is the + topic of another draft proposal. Another way is to allow users with + public key certificates to use them in initial authentication. This + is the concern of the current document. + + PKINIT utilizes Diffie-Hellman keys in combination with digital + signature keys as the primary, required mechanism. It also allows + for the use of RSA keys. Note that PKINIT supports the use of + separate signature and encryption keys. + + PKINIT enables access to Kerberos-secured services based on initial + authentication utilizing public key cryptography. PKINIT utilizes + standard public key signature and encryption data formats within the + standard Kerberos messages. The basic mechanism is as follows: The + user sends a request to the KDC as before, except that if that user + is to use public key cryptography in the initial authentication + step, his certificate and a signature accompany the initial request + in the preauthentication fields. Upon receipt of this request, the + KDC verifies the certificate and issues a ticket granting ticket + (TGT) as before, except that the encPart from the AS-REP message + carrying the TGT is now encrypted utilizing either a Diffie-Hellman + derived key or the user's public key. This message is authenticated + utilizing the public key signature of the KDC. + + The PKINIT specification may also be used as a building block for + other specifications. PKCROSS [3] utilizes PKINIT for establishing + the inter-realm key and associated inter-realm policy to be applied + in issuing cross realm service tickets. As specified in [4], + anonymous Kerberos tickets can be issued by applying a NULL + signature in combination with Diffie-Hellman in the PKINIT exchange. + Additionally, the PKINIT specification may be used for direct peer + to peer authentication without contacting a central KDC. This + application of PKINIT is described in PKTAPP [5] and is based on + concepts introduced in [6, 7]. For direct client-to-server + authentication, the client uses PKINIT to authenticate to the end + server (instead of a central KDC), which then issues a ticket for + itself. This approach has an advantage over TLS [8] in that the + server does not need to save state (cache session keys). + Furthermore, an additional benefit is that Kerberos tickets can + facilitate delegation (see [9]). + +3. Proposed Extensions + + This section describes extensions to RFC 1510 for supporting the + use of public key cryptography in the initial request for a ticket + granting ticket (TGT). + + In summary, the following change to RFC 1510 is proposed: + + * Users may authenticate using either a public key pair or a + conventional (symmetric) key. If public key cryptography is + used, public key data is transported in preauthentication + data fields to help establish identity. The user presents + a public key certificate and obtains an ordinary TGT that may + be used for subsequent authentication, with such + authentication using only conventional cryptography. + + Section 3.1 provides definitions to help specify message formats. + Section 3.2 describes the extensions for the initial authentication + method. + +3.1. Definitions + + The extensions involve new preauthentication fields; we introduce + the following preauthentication types: + + PA-PK-AS-REQ 14 + PA-PK-AS-REP 15 + + The extensions also involve new error types; we introduce the + following types: + + KDC_ERR_CLIENT_NOT_TRUSTED 62 + KDC_ERR_KDC_NOT_TRUSTED 63 + KDC_ERR_INVALID_SIG 64 + KDC_ERR_KEY_TOO_WEAK 65 + KDC_ERR_CERTIFICATE_MISMATCH 66 + KDC_ERR_CANT_VERIFY_CERTIFICATE 70 + KDC_ERR_INVALID_CERTIFICATE 71 + KDC_ERR_REVOKED_CERTIFICATE 72 + KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 + KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74 + KDC_ERR_CLIENT_NAME_MISMATCH 75 + KDC_ERR_KDC_NAME_MISMATCH 76 + + We utilize the following typed data for errors: + + TD-PKINIT-CMS-CERTIFICATES 101 + TD-KRB-PRINCIPAL 102 + TD-KRB-REALM 103 + TD-TRUSTED-CERTIFIERS 104 + TD-CERTIFICATE-INDEX 105 + + We utilize the following encryption types (which map directly to + OIDs): + + dsaWithSHA1-CmsOID 9 + md5WithRSAEncryption-CmsOID 10 + sha1WithRSAEncryption-CmsOID 11 + rc2CBC-EnvOID 12 + rsaEncryption-EnvOID (PKCS#1 v1.5) 13 + rsaES-OAEP-ENV-OID (PKCS#1 v2.0) 14 + des-ede3-cbc-Env-OID 15 + + These mappings are provided so that a client may send the + appropriate enctypes in the AS-REQ message in order to indicate + support for the corresponding OIDs (for performing PKINIT). + + In many cases, PKINIT requires the encoding of an X.500 name as a + Realm. In these cases, the realm will be represented using a + different style, specified in RFC 1510 with the following example: + + NAMETYPE:rest/of.name=without-restrictions + + For a realm derived from an X.500 name, NAMETYPE will have the value + X500-RFC2253. The full realm name will appear as follows: + + X500-RFC2253:RFC2253Encode(DistinguishedName) + + where DistinguishedName is an X.500 name, and RFC2253Encode is a + readable UTF encoding of an X.500 name, as defined by + RFC 2253 [14] (part of LDAPv3). + + To ensure that this encoding is unique, we add the following rule + to those specified by RFC 2253: + + The order in which the attributes appear in the RFC 2253 + encoding must be the reverse of the order in the ASN.1 + encoding of the X.500 name that appears in the public key + certificate. The order of the relative distinguished names + (RDNs), as well as the order of the AttributeTypeAndValues + within each RDN, will be reversed. (This is despite the fact + that an RDN is defined as a SET of AttributeTypeAndValues, where + an order is normally not important.) + + Similarly, PKINIT may require the encoding of an X.500 name as a + PrincipalName. In these cases, the name-type of the principal name + shall be set to KRB_NT-X500-PRINCIPAL. This new name type is + defined as: + + KRB_NT_X500_PRINCIPAL 6 + + The name-string shall be set as follows: + + RFC2253Encode(DistinguishedName) + + as described above. + + RFC 1510 specifies the ASN.1 structure for PrincipalName as follows: + + PrincipalName ::= SEQUENCE { + name-type[0] INTEGER, + name-string[1] SEQUENCE OF GeneralString + } + + For the purposes of encoding an X.500 name within this structure, + the name-string shall be encoded as a single GeneralString. + + Note that name mapping may be required or optional based on + policy. + +3.1.1. Encryption and Key Formats + + In the exposition below, we use the terms public key and private + key generically. It should be understood that the term "public + key" may be used to refer to either a public encryption key or a + signature verification key, and that the term "private key" may be + used to refer to either a private decryption key or a signature + generation key. The fact that these are logically distinct does + not preclude the assignment of bitwise identical keys. + + In the case of Diffie-Hellman, the key shall be produced from the + agreed bit string as follows: + + * Truncate the bit string to the appropriate length. + * Rectify parity in each byte (if necessary) to obtain the key. + + For instance, in the case of a DES key, we take the first eight + bytes of the bit stream, and then adjust the least significant bit + of each byte to ensure that each byte has odd parity. + +3.1.2. Algorithm Identifiers + + PKINIT does not define, but does permit, the algorithm identifiers + listed below. + +3.1.2.1. Signature Algorithm Identifiers + + The following signature algorithm identifiers specified in [11] and + in [15] shall be used with PKINIT: + + id-dsa-with-sha1 (DSA with SHA1) + md5WithRSAEncryption (RSA with MD5) + sha-1WithRSAEncryption (RSA with SHA1) + +3.1.2.2 Diffie-Hellman Key Agreement Algorithm Identifier + + The following algorithm identifier shall be used within the + SubjectPublicKeyInfo data structure: dhpublicnumber + + This identifier and the associated algorithm parameters are + specified in RFC 2459 [15]. + +3.1.2.3. Algorithm Identifiers for RSA Encryption + + These algorithm identifiers are used inside the EnvelopedData data + structure, for encrypting the temporary key with a public key: + + rsaEncryption (RSA encryption, PKCS#1 v1.5) + id-RSAES-OAEP (RSA encryption, PKCS#1 v2.0) + + Both of the above RSA encryption schemes are specified in [16]. + Currently, only PKCS#1 v1.5 is specified by CMS [11], although the + CMS specification says that it will likely include PKCS#1 v2.0 in + the future. (PKCS#1 v2.0 addresses adaptive chosen ciphertext + vulnerability discovered in PKCS#1 v1.5.) + +3.1.2.4. Algorithm Identifiers for Encryption with Secret Keys + + These algorithm identifiers are used inside the EnvelopedData data + structure in the PKINIT Reply, for encrypting the reply key with the + temporary key: + des-ede3-cbc (3-key 3-DES, CBC mode) + rc2-cbc (RC2, CBC mode) + + The full definition of the above algorithm identifiers and their + corresponding parameters (an IV for block chaining) is provided in + the CMS specification [11]. + +3.2. Public Key Authentication + + Implementation of the changes in this section is REQUIRED for + compliance with PKINIT. + + It is assumed that all public keys are signed by some certification + authority (CA). The initial authentication request is sent as per + RFC 1510, except that a preauthentication field containing data + signed by the user's private key accompanies the request: + + PA-PK-AS-REQ ::= SEQUENCE { + -- PA TYPE 14 + signedAuthPack [0] SignedData + -- defined in CMS [11] + -- AuthPack (below) defines the data + -- that is signed + trustedCertifiers [1] SEQUENCE OF TrustedCas OPTIONAL, + -- CAs that the client trusts + kdcCert [2] IssuerAndSerialNumber OPTIONAL + -- as defined in CMS [11] + -- specifies a particular KDC + -- certificate if the client + -- already has it; + -- must be accompanied by + -- a single trustedCertifier + encryptionCert [3] IssuerAndSerialNumber OPTIONAL + -- For example, this may be the + -- client's Diffie-Hellman + -- certificate, or it may be the + -- client's RSA encryption + -- certificate. + } + + TrustedCas ::= CHOICE { + principalName [0] KerberosName, + -- as defined below + caName [1] Name + -- fully qualified X.500 name + -- as defined by X.509 + issuerAndSerial [2] IssuerAndSerialNumber OPTIONAL + -- Since a CA may have a number of + -- certificates, only one of which + -- a client trusts + } + + Usage of SignedData: + The SignedData data type is specified in the Cryptographic + Message Syntax, a product of the S/MIME working group of the IETF. + - The encapContentInfo field must contain the PKAuthenticator + and, optionally, the client's Diffie Hellman public value. + - The eContentType field shall contain the OID value for + id-data: iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs7(7) data(1) + - The eContent field is data of the type AuthPack (below). + - The signerInfos field contains the signature of AuthPack. + - The Certificates field, when non-empty, contains the client's + certificate chain. If present, the KDC uses the public key from + the client's certificate to verify the signature in the request. + Note that the client may pass different certificates that are used + for signing or for encrypting. Thus, the KDC may utilize a + different client certificate for signature verification than the + one it uses to encrypt the reply to the client. For example, the + client may place a Diffie-Hellman certificate in this field in + order to convey its static Diffie Hellman certificate to the KDC + enable static-ephemeral Diffie-Hellman mode for the reply. As + another example, the client may place an RSA encryption + certificate in this field. + + AuthPack ::= SEQUENCE { + pkAuthenticator [0] PKAuthenticator, + clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL + -- if client is using Diffie-Hellman + } + + PKAuthenticator ::= SEQUENCE { + kdcName [0] PrincipalName, + kdcRealm [1] Realm, + cusec [2] INTEGER, + -- for replay prevention + ctime [3] KerberosTime, + -- for replay prevention + nonce [4] INTEGER + } + + SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + -- dhKeyAgreement + subjectPublicKey BIT STRING + -- for DH, equals + -- public exponent (INTEGER encoded + -- as payload of BIT STRING) + } -- as specified by the X.509 recommendation [10] + + AlgorithmIdentifier ::= SEQUENCE { + algorithm ALGORITHM.&id, + parameters ALGORITHM.&type + } -- as specified by the X.509 recommendation [10] + + If the client passes an issuer and serial number in the request, + the KDC is requested to use the referred-to certificate. If none + exists, then the KDC returns an error of type + KDC_ERR_CERTIFICATE_MISMATCH. It also returns this error if, on the + other hand, the client does not pass any trustedCertifiers, + believing that it has the KDC's certificate, but the KDC has more + than one certificate. The KDC should include information in the + KRB-ERROR message that indicates the KDC certificate(s) that a + client may utilize. This data is specified in the e-data, which + is defined in RFC 1510 revisions as a SEQUENCE of TypedData: + + TypedData ::= SEQUENCE { + data-type [0] INTEGER, + data-value [1] OCTET STRING, + } -- per Kerberos RFC 1510 revisions + + where: + data-type = TD-PKINIT-CMS-CERTIFICATES = 101 + data-value = CertificateSet // as specified by CMS [11] + + The PKAuthenticator carries information to foil replay attacks, + to bind the request and response. The PKAuthenticator is signed + with the private key corresponding to the public key in the + certificate found in userCert (or cached by the KDC). + + The trustedCertifiers field contains a list of certification + authorities trusted by the client, in the case that the client does + not possess the KDC's public key certificate. If the KDC has no + certificate signed by any of the trustedCertifiers, then it returns + an error of type KDC_ERR_KDC_NOT_TRUSTED. + + KDCs should try to (in order of preference): + 1. Use the KDC certificate identified by the serialNumber included + in the client's request. + 2. Use a certificate issued to the KDC by the client's CA (if in the + middle of a CA key roll-over, use the KDC cert issued under same + CA key as user cert used to verify request). + 3. Use a certificate issued to the KDC by one of the client's + trustedCertifier(s); + If the KDC is unable to comply with any of these options, then the + KDC returns an error message of type KDC_ERR_KDC_NOT_TRUSTED to the + client. + + Upon receipt of the AS_REQ with PA-PK-AS-REQ pre-authentication + type, the KDC attempts to verify the user's certificate chain + (userCert), if one is provided in the request. This is done by + verifying the certification path against the KDC's policy of + legitimate certifiers. This may be based on a certification + hierarchy, or it may be simply a list of recognized certifiers in a + system like PGP. + + If the client's certificate chain contains no certificate signed by + a CA trusted by the KDC, then the KDC sends back an error message + of type KDC_ERR_CANT_VERIFY_CERTIFICATE. The accompanying e-data + is a SEQUENCE of one TypedData (with type TD-TRUSTED-CERTIFIERS=104) + whose data-value is an OCTET STRING which is the DER encoding of + + TrustedCertifiers ::= SEQUENCE OF PrincipalName + -- X.500 name encoded as a principal name + -- see Section 3.1 + + If the signature on one of the certificates in the client's chain + fails verification, then the KDC returns an error of type + KDC_ERR_INVALID_CERTIFICATE. The accompanying e-data is a SEQUENCE + of one TypedData (with type TD-CERTIFICATE-INDEX=105) whose + data-value is an OCTET STRING which is the DER encoding of + + CertificateIndex ::= INTEGER + -- 0 = 1st certificate, + -- (in order of encoding) + -- 1 = 2nd certificate, etc + + The KDC may also check whether any of the certificates in the + client's chain has been revoked. If one of the certificates has + been revoked, then the KDC returns an error of type + KDC_ERR_REVOKED_CERTIFICATE; if such a query reveals that the + certificate's revocation status is unknown, the KDC returns an + error of type KDC_ERR_REVOCATION_STATUS_UNKNOWN; if the revocation + status is unavailable, the KDC returns an error of type + KDC_ERR_REVOCATION_STATUS_UNAVAILABLE. In any of these three + cases, the affected certificate is identified by the accompanying + e-data, which contains a CertificateIndex as described for + KDC_ERR_INVALID_CERTIFICATE. + + If the certificate chain can be verified, but the name of the + client in the certificate does not match the client's name in the + request, then the KDC returns an error of type + KDC_ERR_CLIENT_NAME_MISMATCH. There is no accompanying e-data + field in this case. + + Finally, if the certificate chain is verified, but the KDC's name + or realm as given in the PKAuthenticator does not match the KDC's + actual principal name, then the KDC returns an error of type + KDC_ERR_KDC_NAME_MISMATCH. The accompanying e-data field is again + a SEQUENCE of one TypedData (with type TD-KRB-PRINCIPAL=102 or + TD-KRB-REALM=103 as appropriate) whose data-value is an OCTET + STRING whose data-value is the DER encoding of a PrincipalName or + Realm as defined in RFC 1510 revisions. + + Even if all succeeds, the KDC may--for policy reasons--decide not + to trust the client. In this case, the KDC returns an error message + of type KDC_ERR_CLIENT_NOT_TRUSTED. + + If a trust relationship exists, the KDC then verifies the client's + signature on AuthPack. If that fails, the KDC returns an error + message of type KDC_ERR_INVALID_SIG. Otherwise, the KDC uses the + timestamp (ctime and cusec) in the PKAuthenticator to assure that + the request is not a replay. The KDC also verifies that its name + is specified in the PKAuthenticator. + + If the clientPublicValue field is filled in, indicating that the + client wishes to use Diffie-Hellman key agreement, then the KDC + checks to see that the parameters satisfy its policy. If they do + not (e.g., the prime size is insufficient for the expected + encryption type), then the KDC sends back an error message of type + KDC_ERR_KEY_TOO_WEAK. Otherwise, it generates its own public and + private values for the response. + + The KDC also checks that the timestamp in the PKAuthenticator is + within the allowable window and that the principal name and realm + are correct. If the local (server) time and the client time in the + authenticator differ by more than the allowable clock skew, then the + KDC returns an error message of type KRB_AP_ERR_SKEW. + + Assuming no errors, the KDC replies as per RFC 1510, except as + follows. The user's name in the ticket is determined by the + following decision algorithm: + + 1. If the KDC has a mapping from the name in the certificate + to a Kerberos name, then use that name. + Else + 2. If the certificate contains a Kerberos name in an extension + field, and local KDC policy allows, then use that name. + Else + 3. Use the name as represented in the certificate, mapping + as necessary (e.g., as per RFC 2253 for X.500 names). In + this case the realm in the ticket shall be the name of the + certification authority that issued the user's certificate. + + The KDC encrypts the reply not with the user's long-term key, but + with a random key generated only for this particular response. This + random key is sealed in the preauthentication field: + + PA-PK-AS-REP ::= CHOICE { + -- PA TYPE 15 + dhSignedData [0] SignedData, + -- Defined in CMS and used only with + -- Diffie-Helman key exchange + -- This choice MUST be supported + -- by compliant implementations. + encKeyPack [1] EnvelopedData, + -- Defined in CMS + -- The temporary key is encrypted + -- using the client public key + -- key + -- SignedReplyKeyPack, encrypted + -- with the temporary key, is also + -- included. + } + + Usage of SignedData: + If the Diffie-Hellman option is used, dhSignedData in PA-PK-AS-REP + provides authenticated Diffie-Hellman parameters of the KDC. The + reply key used to encrypt part of the KDC reply message is derived + from the Diffie-Hellman exchange: + - Both the KDC and the client calculate a secret value (g^ab mod p), + where a is the client's private exponent and b is the KDC's + private exponent. + - Both the KDC and the client take the first N bits of this secret + value and convert it into a reply key. N depends on the reply key + type. + - If the reply key is DES, N=64 bits, where some of the bits are + replaced with parity bits, according to FIPS PUB 74. + - If the reply key is (3-key) 3-DES, N=192 bits, where some of the + bits are replaced with parity bits, according to FIPS PUB 74. + - The encapContentInfo field must contain the KdcDHKeyInfo as + defined below. + - The eContentType field shall contain the OID value for + id-data: iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs7(7) data(1) + - The certificates field must contain the certificates necessary + for the client to establish trust in the KDC's certificate + based on the list of trusted certifiers sent by the client in + the PA-PK-AS-REQ. This field may be empty if the client did + not send to the KDC a list of trusted certifiers (the + trustedCertifiers field was empty, meaning that the client + already possesses the KDC's certificate). + - The signerInfos field is a SET that must contain at least one + member, since it contains the actual signature. + + Usage of EnvelopedData: + The EnvelopedData data type is specified in the Cryptographic + Message Syntax, a product of the S/MIME working group of the IETF. + It contains an temporary key encrypted with the PKINIT + client's public key. It also contains a signed and encrypted + reply key. + - The originatorInfo field is not required, since that information + may be presented in the signedData structure that is encrypted + within the encryptedContentInfo field. + - The optional unprotectedAttrs field is not required for PKINIT. + - The recipientInfos field is a SET which must contain exactly one + member of the KeyTransRecipientInfo type for encryption + with an RSA public key. + - The encryptedKey field (in KeyTransRecipientInfo) contains + the temporary key which is encrypted with the PKINIT client's + public key. + - The encryptedContentInfo field contains the signed and encrypted + reply key. + - The contentType field shall contain the OID value for + id-signedData: iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs7(7) signedData(2) + - The encryptedContent field is encrypted data of the CMS type + signedData as specified below. + - The encapContentInfo field must contains the ReplyKeyPack. + - The eContentType field shall contain the OID value for + id-data: iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs7(7) data(1) + - The eContent field is data of the type ReplyKeyPack (below). + - The certificates field must contain the certificates necessary + for the client to establish trust in the KDC's certificate + based on the list of trusted certifiers sent by the client in + the PA-PK-AS-REQ. This field may be empty if the client did + not send to the KDC a list of trusted certifiers (the + trustedCertifiers field was empty, meaning that the client + already possesses the KDC's certificate). + - The signerInfos field is a SET that must contain at least one + member, since it contains the actual signature. + + KdcDHKeyInfo ::= SEQUENCE { + -- used only when utilizing Diffie-Hellman + nonce [0] INTEGER, + -- binds responce to the request + subjectPublicKey [2] BIT STRING + -- Equals public exponent (g^a mod p) + -- INTEGER encoded as payload of + -- BIT STRING + } + + ReplyKeyPack ::= SEQUENCE { + -- not used for Diffie-Hellman + replyKey [0] EncryptionKey, + -- used to encrypt main reply + -- ENCTYPE is at least as strong as + -- ENCTYPE of session key + nonce [1] INTEGER, + -- binds response to the request + -- must be same as the nonce + -- passed in the PKAuthenticator + } + + + Since each certifier in the certification path of a user's + certificate is essentially a separate realm, the name of each + certifier must be added to the transited field of the ticket. The + format of these realm names is defined in Section 3.1 of this + document. If applicable, the transit-policy-checked flag should be + set in the issued ticket. + + The KDC's certificate must bind the public key to a name derivable + from the name of the realm for that KDC. X.509 certificates shall + contain the principal name of the KDC as the SubjectAltName version + 3 extension. Below is the definition of this version 3 extension, as + specified by the X.509 standard: + + subjectAltName EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-subjectAltName + } + + GeneralNames ::= SEQUENCE SIZE(1..MAX) OF GeneralName + + GeneralName ::= CHOICE { + otherName [0] INSTANCE OF OTHER-NAME, + ... + } + + OTHER-NAME ::= TYPE-IDENTIFIER + + In this definition, otherName is a name of any form defined as an + instance of the OTHER-NAME information object class. For the purpose + of specifying a Kerberos principal name, INSTANCE OF OTHER-NAME will + be chosen and replaced by the type KerberosName: + + KerberosName ::= SEQUENCE { + realm [0] Realm, + -- as define in RFC 1510 + principalName [1] PrincipalName, + -- as define in RFC 1510 + } + + This specific syntax is identified within subjectAltName by setting + the OID id-ce-subjectAltName to krb5PrincipalName, where (from the + Kerberos specification) we have + + krb5 OBJECT IDENTIFIER ::= { iso (1) + org (3) + dod (6) + internet (1) + security (5) + kerberosv5 (2) } + + krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 } + + This specification may also be used to specify a Kerberos name + within the user's certificate. + + If a non-KDC X.509 certificate contains the principal name within + the subjectAltName version 3 extension , that name may utilize + KerberosName as defined below, or, in the case of an S/MIME + certificate [17], may utilize the email address. If the KDC + is presented with as S/MIME certificate, then the email address + within subjectAltName will be interpreted as a principal and realm + separated by the "@" sign, or as a name that needs to be + canonicalized. If the resulting name does not correspond to a + registered principal name, then the principal name is formed as + defined in section 3.1. + + The client then extracts the random key used to encrypt the main + reply. This random key (in encPaReply) is encrypted with either the + client's public key or with a key derived from the DH values + exchanged between the client and the KDC. + +3.2.2. Required Algorithms + + Not all of the algorithms in the PKINIT protocol specification have + to be implemented in order to comply with the proposed standard. + Below is a list of the required algorithms: + + - Diffie-Hellman public/private key pairs + - utilizing Diffie-Hellman ephemeral-ephemeral mode + - SHA1 digest and DSA for signatures + - 3-key triple DES keys derived from the Diffie-Hellman Exchange + - 3-key triple DES Temporary and Reply keys + +4. Logistics and Policy + + This section describes a way to define the policy on the use of + PKINIT for each principal and request. + + The KDC is not required to contain a database record for users + who use public key authentication. However, if these users are + registered with the KDC, it is recommended that the database record + for these users be modified to an additional flag in the attributes + field to indicate that the user should authenticate using PKINIT. + If this flag is set and a request message does not contain the + PKINIT preauthentication field, then the KDC sends back as error of + type KDC_ERR_PREAUTH_REQUIRED indicating that a preauthentication + field of type PA-PK-AS-REQ must be included in the request. + +5. Security Considerations + + PKINIT raises a few security considerations, which we will address + in this section. + + First of all, PKINIT introduces a new trust model, where KDCs do not + (necessarily) certify the identity of those for whom they issue + tickets. PKINIT does allow KDCs to act as their own CAs, in order + to simplify key management, but one of the additional benefits is to + align Kerberos authentication with a global public key + infrastructure. Anyone using PKINIT in this way must be aware of + how the certification infrastructure they are linking to works. + + Secondly, PKINIT also introduces the possibility of interactions + between different cryptosystems, which may be of widely varying + strengths. Many systems, for instance, allow the use of 512-bit + public keys. Using such keys to wrap data encrypted under strong + conventional cryptosystems, such as triple-DES, is inappropriate; + it adds a weak link to a strong one at extra cost. Implementors + and administrators should take care to avoid such wasteful and + deceptive interactions. + + Lastly, PKINIT calls for randomly generated keys for conventional + cryptosystems. Many such systems contain systematically "weak" + keys. PKINIT implementations MUST avoid use of these keys, either + by discarding those keys when they are generated, or by fixing them + in some way (e.g., by XORing them with a given mask). These + precautions vary from system to system; it is not our intention to + give an explicit recipe for them here. + +6. Transport Issues + + Certificate chains can potentially grow quite large and span several + UDP packets; this in turn increases the probability that a Kerberos + message involving PKINIT extensions will be broken in transit. In + light of the possibility that the Kerberos specification will + require KDCs to accept requests using TCP as a transport mechanism, + we make the same recommendation with respect to the PKINIT + extensions as well. + +7. Bibliography + + [1] J. Kohl, C. Neuman. The Kerberos Network Authentication Service + (V5). Request for Comments 1510. + + [2] B.C. Neuman, Theodore Ts'o. Kerberos: An Authentication Service + for Computer Networks, IEEE Communications, 32(9):33-38. September + 1994. + + [3] B. Tung, T. Ryutov, C. Neuman, G. Tsudik, B. Sommerfeld, + A. Medvinsky, M. Hur. Public Key Cryptography for Cross-Realm + Authentication in Kerberos. + draft-ietf-cat-kerberos-pk-cross-04.txt + + [4] A. Medvinsky, J. Cargille, M. Hur. Anonymous Credentials in + Kerberos. + draft-ietf-cat-kerberos-anoncred-00.txt + + [5] A. Medvinsky, M. Hur, B. Clifford Neuman. Public Key Utilizing + Tickets for Application Servers (PKTAPP). + draft-ietf-cat-pktapp-00.txt + + [6] M. Sirbu, J. Chuang. Distributed Authentication in Kerberos + Using Public Key Cryptography. Symposium On Network and Distributed + System Security, 1997. + + [7] B. Cox, J.D. Tygar, M. Sirbu. NetBill Security and Transaction + Protocol. In Proceedings of the USENIX Workshop on Electronic + Commerce, July 1995. + + [8] T. Dierks, C. Allen. The TLS Protocol, Version 1.0 + Request for Comments 2246, January 1999. + + [9] B.C. Neuman, Proxy-Based Authorization and Accounting for + Distributed Systems. In Proceedings of the 13th International + Conference on Distributed Computing Systems, May 1993. + + [10] ITU-T (formerly CCITT) Information technology - Open Systems + Interconnection - The Directory: Authentication Framework + Recommendation X.509 ISO/IEC 9594-8 + + [11] R. Housley. Cryptographic Message Syntax. + draft-ietf-smime-cms-13.txt, April 1999. + + [12] PKCS #7: Cryptographic Message Syntax Standard, + An RSA Laboratories Technical Note Version 1.5 + Revised November 1, 1993 + + [13] R. Rivest, MIT Laboratory for Computer Science and RSA Data + Security, Inc. A Description of the RC2(r) Encryption Algorithm + March 1998. + Request for Comments 2268. + + [14] M. Wahl, S. Kille, T. Howes. Lightweight Directory Access + Protocol (v3): UTF-8 String Representation of Distinguished Names. + Request for Comments 2253. + + [15] R. Housley, W. Ford, W. Polk, D. Solo. Internet X.509 Public + Key Infrastructure, Certificate and CRL Profile, January 1999. + Request for Comments 2459. + + [16] B. Kaliski, J. Staddon. PKCS #1: RSA Cryptography + Specifications, October 1998. + Request for Comments 2437. + + [17] S. Dusse, P. Hoffman, B. Ramsdell, J. Weinstein. + S/MIME Version 2 Certificate Handling, March 1998. + Request for Comments 2312 + +8. Acknowledgements + + Some of the ideas on which this proposal is based arose during + discussions over several years between members of the SAAG, the IETF + CAT working group, and the PSRG, regarding integration of Kerberos + and SPX. Some ideas have also been drawn from the DASS system. + These changes are by no means endorsed by these groups. This is an + attempt to revive some of the goals of those groups, and this + proposal approaches those goals primarily from the Kerberos + perspective. Lastly, comments from groups working on similar ideas + in DCE have been invaluable. + +9. Expiration Date + + This draft expires December 1, 1999. + +10. Authors + + Brian Tung + Clifford Neuman + USC Information Sciences Institute + 4676 Admiralty Way Suite 1001 + Marina del Rey CA 90292-6695 + Phone: +1 310 822 1511 + E-mail: {brian, bcn}@isi.edu + + Matthew Hur + CyberSafe Corporation + 1605 NW Sammamish Road + Issaquah WA 98027-5378 + Phone: +1 425 391 6000 + E-mail: matt.hur@cybersafe.com + + Ari Medvinsky + Excite + 555 Broadway + Redwood City, CA 94063 + Phone +1 650 569 2119 + E-mail: amedvins@excitecorp.com + + Sasha Medvinsky + General Instrument + 6450 Sequence Drive + San Diego, CA 92121 + Phone +1 619 404 2825 + E-mail: smedvinsky@gi.com + + John Wray + Iris Associates, Inc. + 5 Technology Park Dr. + Westford, MA 01886 + E-mail: John_Wray@iris.com + + Jonathan Trostle + 170 W. Tasman Dr. + San Jose, CA 95134 + E-mail: jtrostle@cisco.com diff --git a/doc/krb5-protocol/rfc4557.txt b/doc/krb5-protocol/rfc4557.txt new file mode 100644 index 0000000000..fe9a8810df --- /dev/null +++ b/doc/krb5-protocol/rfc4557.txt @@ -0,0 +1,339 @@ + + + + + + +Network Working Group L. Zhu +Request for Comments: 4557 K. Jaganathan +Category: Standards Track Microsoft Corporation + N. Williams + Sun Microsystems + June 2006 + + + Online Certificate Status Protocol (OCSP) Support for + Public Key Cryptography for + Initial Authentication in Kerberos (PKINIT) + +Status of This Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2006). + +Abstract + + This document defines a mechanism to enable in-band transmission of + Online Certificate Status Protocol (OCSP) responses in the Kerberos + network authentication protocol. These responses are used to verify + the validity of the certificates used in Public Key Cryptography for + Initial Authentication in Kerberos (PKINIT), which is the Kerberos + Version 5 extension that provides for the use of public key + cryptography. + +Table of Contents + + 1. Introduction ....................................................2 + 2. Conventions Used in This Document ...............................2 + 3. Message Definition ..............................................2 + 4. Security Considerations .........................................3 + 5. Acknowledgements ................................................4 + 6. References ......................................................4 + 6.1. Normative References .......................................4 + 6.2. Informative References .....................................4 + + + + + + + +Zhu, et al. Standards Track [Page 1] + +RFC 4557 OCSP Support for PKINIT June 2006 + + +1. Introduction + + Online Certificate Status Protocol (OCSP) [RFC2560] enables + applications to obtain timely information regarding the revocation + status of a certificate. Because OCSP responses are well bounded and + small in size, constrained clients may wish to use OCSP to check the + validity of the certificates for Kerberos Key Distribution Center + (KDC) in order to avoid transmission of large Certificate Revocation + Lists (CRLs) and therefore save bandwidth on constrained networks + [OCSP-PROFILE]. + + This document defines a pre-authentication type [RFC4120], where the + client and the KDC MAY piggyback OCSP responses for certificates used + in authentication exchanges, as defined in [RFC4556]. + + By using this OPTIONAL extension, PKINIT clients and the KDC can + maximize the reuse of cached OCSP responses. + +2. Conventions Used in This Document + + In this document, the key words "MUST", "MUST NOT", "REQUIRED", + "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", + and "OPTIONAL" are to be interpreted as described in [RFC2119]. + +3. Message Definition + + A pre-authentication type identifier is defined for this mechanism: + + PA-PK-OCSP-RESPONSE 18 + + The corresponding padata-value field [RFC4120] contains the DER [X60] + encoding of the following ASN.1 type: + + PKOcspData ::= SEQUENCE OF OcspResponse + -- If more than one OcspResponse is + -- included, the first OcspResponse + -- MUST contain the OCSP response + -- for the signer's certificate. + -- The signer refers to the client for + -- AS-REQ, and the KDC for the AS-REP, + -- respectively. + + OcspResponse ::= OCTET STRING + -- Contains a complete OCSP response, + -- as defined in [RFC2560]. + + The client MAY send OCSP responses for certificates used in PA-PK- + AS-REQ [RFC4556] via a PA-PK-OCSP-RESPONSE. + + + +Zhu, et al. Standards Track [Page 2] + +RFC 4557 OCSP Support for PKINIT June 2006 + + + The KDC that receives a PA-PK-OCSP-RESPONSE SHOULD send a PA-PK- + OCSP-RESPONSE containing OCSP responses for certificates used in the + KDC's PA-PK-AS-REP. The client can request a PA-PK-OCSP-RESPONSE by + using a PKOcspData containing an empty sequence. + + The KDC MAY send a PA-PK-OCSP-RESPONSE when it does not receive a + PA-PK-OCSP-RESPONSE from the client. + + The PA-PK-OCSP-RESPONSE sent by the KDC contains OCSP responses for + certificates used in PA-PK-AS-REP [RFC4556]. + + Note the lack of integrity protection for the empty or missing OCSP + response; lack of an expected OCSP response from the KDC for the + KDC's certificates SHOULD be treated as an error by the client, + unless it is configured otherwise. + + When using OCSP, the response is signed by the OCSP server, which is + trusted by the receiver. Depending on local policy, further + verification of the validity of the OCSP servers may be needed + + The client and the KDC SHOULD ignore invalid OCSP responses received + via this mechanism, and they MAY implement CRL processing logic as a + fall-back position, if the OCSP responses received via this mechanism + alone are not sufficient for the verification of certificate + validity. The client and/or the KDC MAY ignore a valid OCSP response + and perform its own revocation status verification independently. + +4. Security Considerations + + The pre-authentication data in this document do not actually + authenticate any principals, but are designed to be used in + conjunction with PKINIT. + + There is no binding between PA-PK-OCSP-RESPONSE pre-authentication + data and PKINIT pre-authentication data other than a given OCSP + response corresponding to a certificate used in a PKINIT pre- + authentication data element. Attacks involving removal or + replacement of PA-PK-OCSP-RESPONSE pre-authentication data elements + are, at worst, downgrade attacks, where a PKINIT client or KDC would + proceed without use of CRLs or OCSP for certificate validation, or + denial-of-service attacks, where a PKINIT client or KDC that cannot + validate the other's certificate without an accompanying OCSP + response might reject the AS exchange or might have to download very + large CRLs in order to continue. Kerberos V does not protect against + denial-of-service attacks; therefore, the denial-of-service aspect of + these attacks is acceptable. + + + + + +Zhu, et al. Standards Track [Page 3] + +RFC 4557 OCSP Support for PKINIT June 2006 + + + If a PKINIT client or KDC cannot validate certificates without the + aid of a valid PA-PK-OCSP-RESPONSE, then it SHOULD fail the AS + exchange, possibly according to local configuration. + +5. Acknowledgements + + This document was based on conversations among the authors, Jeffrey + Altman, Sam Hartman, Martin Rex, and other members of the Kerberos + working group. + +6. References + +6.1. Normative References + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC2560] Myers, M., Ankney, R., Malpani, A., Galperin, S., and + C. Adams, "X.509 Internet Public Key Infrastructure + Online Certificate Status Protocol - OCSP", RFC 2560, + June 1999. + + [RFC4120] Neuman, C., Yu, T., Hartman, S., and K. Raeburn, "The + Kerberos Network Authentication Service (V5)", RFC + 4120, July 2005. + + [RFC4556] Zhu, L. and B. Tung, "Public Key Cryptography for + Initial Authentication in Kerberos (PKINIT)", RFC + 4556, June 2006. + + [X690] ASN.1 encoding rules: Specification of Basic Encoding + Rules (BER), Canonical Encoding Rules (CER) and + Distinguished Encoding Rules (DER), ITU-T + Recommendation X.690 (1997) | ISO/IEC International + Standard 8825-1:1998. + +6.2. Informative References + + [OCSP-PROFILE] Deacon, A. and R. Hurst, "Lightweight OCSP Profile for + High Volume Environments", Work in Progress, May 2006. + + + + + + + + + + + +Zhu, et al. Standards Track [Page 4] + +RFC 4557 OCSP Support for PKINIT June 2006 + + +Authors' Addresses + + Larry Zhu + Microsoft Corporation + One Microsoft Way + Redmond, WA 98052 + US + + EMail: lzhu@microsoft.com + + + Karthik Jaganathan + Microsoft Corporation + One Microsoft Way + Redmond, WA 98052 + US + + EMail: karthikj@microsoft.com + + + Nicolas Williams + Sun Microsystems + 5300 Riata Trace Ct + Austin, TX 78727 + US + + EMail: Nicolas.Williams@sun.com + + + + + + + + + + + + + + + + + + + + + + + + +Zhu, et al. Standards Track [Page 5] + +RFC 4557 OCSP Support for PKINIT June 2006 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2006). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET + ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, + INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE + INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + +Acknowledgement + + Funding for the RFC Editor function is provided by the IETF + Administrative Support Activity (IASA). + + + + + + + +Zhu, et al. Standards Track [Page 6] + diff --git a/doc/old-V4-docs/README b/doc/old-V4-docs/README deleted file mode 100644 index 8858655cb2..0000000000 --- a/doc/old-V4-docs/README +++ /dev/null @@ -1,4 +0,0 @@ -These documentation files are old --- and refer to the Kerberos V4 -implementation. They are included because the equivalent V5 documentation -set have not been written yet, and the concepts contained in these documents -may be helpful. diff --git a/doc/old-V4-docs/installation.PS b/doc/old-V4-docs/installation.PS deleted file mode 100644 index 7609d4e64c..0000000000 --- a/doc/old-V4-docs/installation.PS +++ /dev/null @@ -1,2338 +0,0 @@ -%!PS-Adobe-2.0 -%%Title: installation.mss -%%DocumentFonts: (atend) -%%Creator: John T Kohl,,E40-351M,31510,6176432831 and Scribe 7(1700) -%%CreationDate: 4 January 1990 11:56 -%%Pages: (atend) -%%EndComments -% PostScript Prelude for Scribe. -/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def -/ES {showpage SV restore} bind def -/SC {setrgbcolor} bind def -/FMTX matrix def -/RDF {WFT SLT 0.0 eq - {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore} - {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore} - ifelse makefont setfont} bind def -/SLT 0.0 def -/SI { /SLT exch cvr def RDF} bind def -/WFT /Courier findfont def -/SF { /WFT exch findfont def RDF} bind def -/SSZ 1000.0 def -/SS { /SSZ exch 100.0 mul def RDF} bind def -/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def -/MT /moveto load def -/XM {currentpoint exch pop moveto} bind def -/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto - setlinewidth 0.0 rlineto stroke grestore} bind def -/LH {gsave newpath moveto setlinewidth - 0.0 rlineto - gsave stroke grestore} bind def -/LV {gsave newpath moveto setlinewidth - 0.0 exch rlineto - gsave stroke grestore} bind def -/BX {gsave newpath moveto setlinewidth - exch - dup 0.0 rlineto - exch 0.0 exch neg rlineto - neg 0.0 rlineto - closepath - gsave stroke grestore} bind def -/BX1 {grestore} bind def -/BX2 {setlinewidth 1 setgray stroke grestore} bind def -/PB {/PV save def newpath translate - 100.0 -100.0 scale pop /showpage {} def} bind def -/PE {PV restore} bind def -/GB {/PV save def newpath translate rotate - div dup scale 100.0 -100.0 scale /showpage {} def} bind def -/GE {PV restore} bind def -/FB {dict dup /FontMapDict exch def begin} bind def -/FM {cvn exch cvn exch def} bind def -/FE {end /original-findfont /findfont load def /findfont - {dup FontMapDict exch known{FontMapDict exch get} if - original-findfont} def} bind def -/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def -/EC /grestore load def -/SH /show load def -/MX {exch show 0.0 rmoveto} bind def -/W {0 32 4 -1 roll widthshow} bind def -/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def -/RC {100.0 -100.0 scale -612.0 0.0 translate --90.0 rotate -.01 -.01 scale} bind def -/URC {100.0 -100.0 scale -90.0 rotate --612.0 0.0 translate -.01 -.01 scale} bind def -/RCC {100.0 -100.0 scale -0.0 -792.0 translate 90.0 rotate -.01 -.01 scale} bind def -/URCC {100.0 -100.0 scale --90.0 rotate 0.0 792.0 translate -.01 -.01 scale} bind def -%%EndProlog -%%Page: 0 1 -BS -0 SI -20 /Times-Bold AF -18823 13788 MT -(Kerberos Installation Notes)SH -27156 15798 MT -(DRAFT)SH -16 /Times-Roman AF -27021 23502 MT -(Bill Bryant)SH -25557 25150 MT -(Jennifer Steiner)SH -27289 26798 MT -(John Kohl)SH -23957 30444 MT -(Project Athena, MIT)SH -/Times-Bold SF -19489 36042 MT -(Initial Release, January 24, 1989)SH -/Times-Italic SF -17558 37690 MT -(\050plus later patches through patchlevel 7\051)SH -11 /Times-Roman AF -7200 45644 MT -(The release consists of three parts.)SH -7200 47942 MT -(The first part consists of the core Kerberos system, which was developed at MIT and does not require)SH -7200 49138 MT -(additional licenses for us to distribute. Included in this part are the Kerberos authentication server, the)SH -7200 50334 MT -(Kerberos library, the)SH -/Times-Italic SF -16606 XM -(ndbm)SH -/Times-Roman SF -19325 XM -(database interface library, user programs, administration programs, manual)SH -7200 51530 MT -(pages, some applications which use Kerberos for authentication, and some utilities.)SH -7200 53828 MT -(The second part is the Data Encryption Standard \050DES\051 library, which we are distributing only within the)SH -7200 55024 MT -(United States.)SH -7200 57322 MT -(The third part contains Kerberos modifications to Sun's NFS, which we distribute as ``context diffs'' to)SH -7200 58518 MT -(the Sun NFS source code. Its distribution is controlled to provide an accounting of who has retrieved the)SH -7200 59714 MT -(patches, so that Project Athena can comply with its agreements with Sun regarding distribution of these)SH -7200 60910 MT -(changes.)SH -ES -%%Page: 1 2 -BS -0 SI -16 /Times-Bold AF -7200 8272 MT -(1. Organization) -400 W( of the Source Directory)SH -11 /Times-Roman AF -7200 10467 MT -(The Kerberos building and installation process, as described in this document, builds the binaries and)SH -7200 11663 MT -(executables from the files contained in the Kerberos source tree, and deposits them in a separate object)SH -7200 12859 MT -(tree. This) -275 W( is intended to easily support several different build trees from a single source tree \050this is useful)SH -7200 14055 MT -(if you support several machine architectures\051. We suggest that you copy the Kerberos sources into a)SH -/Times-Italic SF -7200 15251 MT -(/mit/kerberos/src)SH -/Times-Roman SF -14991 XM -(directory, and create as well a)SH -/Times-Italic SF -28396 XM -(/mit/kerberos/obj)SH -/Times-Roman SF -36249 XM -(directory in which to hold the)SH -7200 16447 MT -(executables. In) -275 W( the rest of this document, we'll refer to the Kerberos source and object directories as)SH -7200 17643 MT -([SOURCE_DIR] and [OBJ_DIR], respectively.)SH -7200 19941 MT -(Below is a brief overview of the organization of the complete source directory. More detailed)SH -7200 21137 MT -(descriptions follow.)SH -/Times-Bold SF -7200 23088 MT -(admin)SH -/Times-Roman SF -18200 XM -(utilities for the Kerberos administrator)SH -/Times-Bold SF -7200 24783 MT -(appl)SH -/Times-Roman SF -18200 XM -(applications that use Kerberos)SH -/Times-Bold SF -7200 26478 MT -(appl/bsd)SH -/Times-Roman SF -18200 XM -(Berkeley's rsh/rlogin suite, using Kerberos)SH -/Times-Bold SF -7200 28173 MT -(appl/knetd)SH -/Times-Roman SF -18200 XM -(\050old\051 software for inetd-like multiplexing of a single TCP listening port)SH -/Times-Bold SF -7200 29868 MT -(appl/sample)SH -/Times-Roman SF -18200 XM -(sample application servers and clients)SH -/Times-Bold SF -7200 31563 MT -(appl/tftp)SH -/Times-Roman SF -18200 XM -(Trivial File Transfer Protocol, using Kerberos)SH -/Times-Bold SF -7200 33258 MT -(include)SH -/Times-Roman SF -18200 XM -(include files)SH -/Times-Bold SF -7200 34953 MT -(kadmin)SH -/Times-Roman SF -18200 XM -(remote administrative interface to the Kerberos master database)SH -/Times-Bold SF -7200 36648 MT -(kuser)SH -/Times-Roman SF -18200 XM -(assorted user programs)SH -/Times-Bold SF -7200 38343 MT -(lib)SH -/Times-Roman SF -18200 XM -(libraries for use with/by Kerberos)SH -/Times-Bold SF -7200 40038 MT -(lib/acl)SH -/Times-Roman SF -18200 XM -(Access Control List library)SH -/Times-Bold SF -7200 41733 MT -(lib/des)SH -/Times-Roman SF -18200 XM -(Data Encryption Standard library \050US only\051)SH -/Times-Bold SF -7200 43428 MT -(lib/kadm)SH -/Times-Roman SF -18200 XM -(administrative interface library)SH -/Times-Bold SF -7200 45123 MT -(lib/kdb)SH -/Times-Roman SF -18200 XM -(Kerberos server library interface to)SH -/Times-Italic SF -33925 XM -(ndbm)SH -/Times-Bold SF -7200 46818 MT -(lib/knet)SH -/Times-Roman SF -18200 XM -(\050old\051 library for use with)SH -/Times-Bold SF -29349 XM -(knetd)SH -7200 48513 MT -(lib/krb)SH -/Times-Roman SF -18200 XM -(Kerberos library)SH -/Times-Bold SF -7200 50208 MT -(man)SH -/Times-Roman SF -18200 XM -(manual pages)SH -/Times-Bold SF -7200 51903 MT -(prototypes)SH -/Times-Roman SF -18200 XM -(sample configuration files)SH -/Times-Bold SF -7200 53598 MT -(server)SH -/Times-Roman SF -18200 XM -(the authentication server)SH -/Times-Bold SF -7200 55293 MT -(slave)SH -/Times-Roman SF -18200 XM -(Kerberos slave database propagation software)SH -/Times-Bold SF -7200 56988 MT -(tools)SH -/Times-Roman SF -18200 XM -(shell scripts for maintaining the source tree)SH -/Times-Bold SF -7200 58683 MT -(util)SH -/Times-Roman SF -18200 XM -(utilities)SH -/Times-Bold SF -7200 60378 MT -(util/imake)SH -/Times-Roman SF -18200 XM -(Imakefile-to-Makefile ``compilation'' tool)SH -/Times-Bold SF -7200 62073 MT -(util/ss)SH -/Times-Roman SF -18200 XM -(Sub-system library \050for command line subsystems\051)SH -/Times-Bold SF -7200 63768 MT -(util/et)SH -/Times-Roman SF -18200 XM -(Error-table library \050for independent, unique error codes\051)SH -/Times-Bold SF -7200 65463 MT -(util/makedepend)SH -/Times-Roman SF -18200 XM -(Makefile dependency generator tool)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(1)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 2 3 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(1.1 The)350 W -/Times-BoldItalic SF -12334 XM -(admin)SH -/Times-Bold SF -16340 XM -(Directory)SH -11 /Times-Roman AF -7200 10362 MT -(This directory contains source for the Kerberos master database administration tools.)SH -/Times-Bold SF -7200 12313 MT -(kdb_init)SH -/Times-Roman SF -18200 XM -(This program creates and initializes the Kerberos master database. It prompts)SH -18200 13509 MT -(for a Kerberos realmname, and the Kerberos master password.)SH -/Times-Bold SF -7200 15204 MT -(kstash)SH -/Times-Roman SF -18200 XM -(This program ``stashes'' the master password in the file)SH -/Times-Italic SF -43033 XM -(/.k)SH -/Times-Roman SF -44377 XM -(so that the master)SH -18200 16400 MT -(server machine can restart the Kerberos server automatically after an unattended)SH -18200 17596 MT -(reboot. The) -275 W( hidden password is also available to administrative programs that)SH -18200 18792 MT -(have been set to run automatically.)SH -/Times-Bold SF -7200 20487 MT -(kdb_edit)SH -/Times-Roman SF -18200 XM -(This program is a low-level tool for editing the master database.)SH -/Times-Bold SF -7200 22182 MT -(kdb_destroy)SH -/Times-Roman SF -18200 XM -(This program deletes the master database.)SH -/Times-Bold SF -7200 23877 MT -(kdb_util)SH -/Times-Roman SF -18200 XM -(This program can be used to dump the master database into an ascii file, and can)SH -18200 25073 MT -(also be used to load the ascii file into the master database.)SH -/Times-Bold SF -7200 26768 MT -(ext_srvtab)SH -/Times-Roman SF -18200 XM -(This program extracts information from the master database and creates a host-)SH -18200 27964 MT -(dependent)SH -/Times-Italic SF -22995 XM -(srvtab)SH -/Times-Roman SF -26020 XM -(file. This) -275 W( file contains the Kerberos keys for the host's)SH -18200 29160 MT -(``Kerberized'' services. These services look up their keys in the)SH -/Times-Italic SF -46846 XM -(srvtab)SH -/Times-Roman SF -49871 XM -(file for)SH -18200 30356 MT -(use in the authentication process.)SH -14 /Times-Bold AF -7200 34203 MT -(1.2 The)350 W -/Times-BoldItalic SF -12334 XM -(kuser)SH -/Times-Bold SF -15874 XM -(Directory)SH -11 /Times-Roman AF -7200 36398 MT -(This directory contains the source code for several user-oriented programs.)SH -/Times-Bold SF -7200 38349 MT -(kinit)SH -/Times-Roman SF -18200 XM -(This program prompts users for their usernames and Kerberos passwords, then)SH -18200 39545 MT -(furnishes them with Kerberos ticket-granting tickets.)SH -/Times-Bold SF -7200 41240 MT -(kdestroy)SH -/Times-Roman SF -18200 XM -(This program destroys any active tickets. Users should use)SH -/Times-Italic SF -44563 XM -(kdestroy)SH -/Times-Roman SF -48564 XM -(before they)SH -18200 42436 MT -(log off their workstations.)SH -/Times-Bold SF -7200 44131 MT -(klist)SH -/Times-Roman SF -18200 XM -(This program lists a user's active tickets.)SH -/Times-Bold SF -7200 45826 MT -(ksrvtgt)SH -/Times-Roman SF -18200 XM -(This retrieves a ticket-granting ticket with a life time of five minutes, using a)SH -18200 47022 MT -(server's secret key in lieu of a password. It is primarily for use in shell scripts)SH -18200 48218 MT -(and other batch facilities.)SH -/Times-Bold SF -7200 49913 MT -(ksu)SH -/Times-Roman SF -18200 XM -(Substitute user id, using Kerberos to mediate attempts to change to ``root''.)SH -14 /Times-Bold AF -7200 53760 MT -(1.3 The)350 W -/Times-BoldItalic SF -12334 XM -(appl)SH -/Times-Bold SF -15173 XM -(Directory)SH -11 /Times-Roman AF -7200 55955 MT -(If your site has the appropriate BSD license, your Kerberos release provides certain Unix utilities The)SH -7200 57151 MT -(Berkeley programs that have been modified to use Kerberos authentication are found in the)SH -/Times-Italic SF -47640 XM -(appl/bsd)SH -/Times-Roman SF -7200 58347 MT -(directory. They) -275 W( include)SH -/Times-Italic SF -18043 XM -(login)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -20855 XM -(rlogin)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24095 XM -(rsh)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -27914 XM -(rcp)SH -/Times-Roman SF -(, as well as the associated daemon programs)SH -/Times-Italic SF -49081 XM -(kshd)SH -/Times-Roman SF -51372 XM -(and)SH -/Times-Italic SF -7200 59543 MT -(klogind)SH -/Times-Roman SF -(. The)275 W -/Times-Italic SF -13310 XM -(login)SH -/Times-Roman SF -15847 XM -(program obtains ticket-granting tickets for users upon login; the other utilities provide)SH -7200 60739 MT -(authenticated Unix network services.)SH -7200 63037 MT -(The)SH -/Times-Italic SF -9185 XM -(appl)SH -/Times-Roman SF -11416 XM -(directory also contains samples Kerberos application client and server programs, an)SH -7200 64233 MT -(authenticated)SH -/Times-Italic SF -13339 XM -(tftp)SH -/Times-Roman SF -15082 XM -(program,)SH -/Times-Italic SF -19358 XM -(knetd)SH -/Times-Roman SF -(, an authenticated inet daemon.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(2)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 3 4 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(1.4 The)350 W -/Times-BoldItalic SF -12334 XM -(server)SH -/Times-Bold SF -16185 XM -(Directory)SH -11 /Times-Roman AF -7200 10362 MT -(The)SH -/Times-Italic SF -9185 XM -(server)SH -/Times-Roman SF -12208 XM -(directory contains the Kerberos KDC server, called)SH -/Times-Italic SF -35052 XM -(kerberos)SH -/Times-Roman SF -(. This) -275 W( program manages read-)SH -7200 11558 MT -(only requests made to the master database, distributing tickets and encryption keys to clients requesting)SH -7200 12754 MT -(authentication service.)SH -14 /Times-Bold AF -7200 16601 MT -(1.5 The)350 W -/Times-BoldItalic SF -12334 XM -(kadmin)SH -/Times-Bold SF -17040 XM -(Directory)SH -11 /Times-Roman AF -7200 18796 MT -(The)SH -/Times-Italic SF -9185 XM -(kadmin)SH -/Times-Roman SF -12698 XM -(directory contains the Kerberos administration server and associated client programs. The)SH -7200 19992 MT -(server accepts network requests from the user program)SH -/Times-Italic SF -31570 XM -(kpasswd)SH -/Times-Roman SF -35573 XM -(\050used to change a user's password\051, the)SH -7200 21188 MT -(Kerberos administration program)SH -/Times-Italic SF -22137 XM -(kadmin)SH -/Times-Roman SF -(, and the srvtab utility program)SH -/Times-Italic SF -39276 XM -(ksrvutil)SH -/Times-Roman SF -(. The) -275 W( administration)SH -7200 22384 MT -(server can make modifications to the master database.)SH -14 /Times-Bold AF -7200 26231 MT -(1.6 The)350 W -/Times-BoldItalic SF -12334 XM -(include)SH -/Times-Bold SF -16962 XM -(Directory)SH -11 /Times-Roman AF -7200 28426 MT -(This directory contains the)SH -/Times-Italic SF -19236 XM -(include)SH -/Times-Roman SF -22749 XM -(files needed to build the Kerberos system.)SH -14 /Times-Bold AF -7200 32273 MT -(1.7 The)350 W -/Times-BoldItalic SF -12334 XM -(lib)SH -/Times-Bold SF -14162 XM -(Directory)SH -11 /Times-Roman AF -7200 34468 MT -(The)SH -/Times-Italic SF -9185 XM -(lib)SH -/Times-Roman SF -10622 XM -(directory has six subdirectories:)SH -/Times-Italic SF -25193 XM -(acl)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -27087 XM -(des)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -29103 XM -(kadm)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -32035 XM -(kdb)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -34173 XM -(knet)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -38418 XM -(krb)SH -/Times-Roman SF -(. The)275 W -/Times-Italic SF -42694 XM -(des)SH -/Times-Roman SF -44435 XM -(directory contains)SH -7200 35664 MT -(source for the DES encryption library. The)SH -/Times-Italic SF -26595 XM -(kadm)SH -/Times-Roman SF -29252 XM -(directory contains source for the Kerberos)SH -7200 36860 MT -(administration server utility library. The)SH -/Times-Italic SF -25439 XM -(kdb)SH -/Times-Roman SF -27302 XM -(directory contains source for the Kerberos database routine)SH -7200 38056 MT -(library. The)275 W -/Times-Italic SF -12942 XM -(knet)SH -/Times-Roman SF -15049 XM -(directory contains source for a library used by clients of the)SH -/Times-Italic SF -41530 XM -(knetd)SH -/Times-Roman SF -44187 XM -(server. The)275 W -/Times-Italic SF -49683 XM -(krb)SH -/Times-Roman SF -7200 39252 MT -(directory contains source for the)SH -/Times-Italic SF -21707 XM -(libkrb.a)SH -/Times-Roman SF -25435 XM -(library. This) -275 W( library contains routines that are used by the)SH -7200 40448 MT -(Kerberos server program, and by applications programs that require authentication service.)SH -14 /Times-Bold AF -7200 44295 MT -(1.8 The)350 W -/Times-BoldItalic SF -12334 XM -(man)SH -/Times-Bold SF -15251 XM -(Directory)SH -11 /Times-Roman AF -7200 46490 MT -(This directory contains manual pages for Kerberos programs and library routines.)SH -14 /Times-Bold AF -7200 50337 MT -(1.9 The)350 W -/Times-BoldItalic SF -12334 XM -(prototypes)SH -/Times-Bold SF -18596 XM -(Directory)SH -11 /Times-Roman AF -7200 52532 MT -(This directory contains prototype)SH -/Times-Italic SF -22108 XM -(/etc/services)SH -/Times-Roman SF -27819 XM -(and)SH -/Times-Italic SF -29682 XM -(/etc/krb.conf)SH -/Times-Roman SF -35486 XM -(files. New) -275 W( entries must be added to the)SH -/Times-Italic SF -7200 53728 MT -(/etc/services)SH -/Times-Roman SF -12911 XM -(file for the Kerberos server, and possibly for Kerberized applications \050)SH -/Times-Italic SF -(services.append)SH -/Times-Roman SF -7200 54924 MT -(contains the entries used by the Athena-provided servers & applications, and is suitable for appending to)SH -7200 56120 MT -(your existing)SH -/Times-Italic SF -13250 XM -(/etc/services)SH -/Times-Roman SF -18961 XM -(file.\051. The)275 W -/Times-Italic SF -23878 XM -(/etc/krb.conf)SH -/Times-Roman SF -29682 XM -(file defines the local Kerberos realm for its host and)SH -7200 57316 MT -(lists Kerberos servers for given realms. The)SH -/Times-Italic SF -26961 XM -(/etc/krb.realms)SH -/Times-Roman SF -33865 XM -(file defines exceptions for mapping machine)SH -7200 58512 MT -(names to Kerberos realms.)SH -14 /Times-Bold AF -7200 62359 MT -(1.10 The)350 W -/Times-BoldItalic SF -13034 XM -(tools)SH -/Times-Bold SF -16107 XM -(Directory)SH -11 /Times-Roman AF -7200 64554 MT -(This directory contains a makefile to set up a directory tree for building the software in, and a shell script)SH -7200 65750 MT -(to format code in the style we use.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(3)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 4 5 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(1.11 The)350 W -/Times-BoldItalic SF -13034 XM -(util)SH -/Times-Bold SF -15329 XM -(Directory)SH -11 /Times-Roman AF -7200 10362 MT -(This directory contains several utility programs and libraries. Included are Larry Wall's)SH -/Times-Italic SF -46296 XM -(patch)SH -/Times-Roman SF -49015 XM -(program, a)SH -/Times-Italic SF -7200 11558 MT -(make)SH -/Times-Roman SF -9795 XM -(pre-processor program called)SH -/Times-Italic SF -22956 XM -(imake)SH -/Times-Roman SF -(, and a program for generating Makefile dependencies,)SH -/Times-Italic SF -7200 12754 MT -(makedepend)SH -/Times-Roman SF -(, as well as the Sub-system library and utilities \050)SH -/Times-Italic SF -(ss)SH -/Times-Roman SF -(\051, and the Error table library and utilities)SH -7200 13950 MT -(\050)SH -/Times-Italic SF -(et)SH -/Times-Roman SF -(\051.)SH -16 /Times-Bold AF -7200 18622 MT -(2. Preparing) -400 W( for Installation)SH -11 /Times-Roman AF -7200 20817 MT -(This document assumes that you will build the system on the machine on which you plan to install the)SH -7200 22013 MT -(Kerberos master server and its database. You'll need about 10 megabytes for source and executables.)SH -7200 24311 MT -(By default, there must be a)SH -/Times-Italic SF -19327 XM -(/kerberos)SH -/Times-Roman SF -23756 XM -(directory on the master server machine in which to store the)SH -7200 25507 MT -(Kerberos database files. If the master server machine does not have room on its root partition for these)SH -7200 26703 MT -(files, create a)SH -/Times-Italic SF -13306 XM -(/kerberos)SH -/Times-Roman SF -17735 XM -(symbolic link to another file system.)SH -16 /Times-Bold AF -7200 31375 MT -(3. Preparing) -400 W( for the Build)SH -11 /Times-Roman AF -7200 33570 MT -(Before you build the system, you have to choose a)SH -/Times-Bold SF -29653 XM -(realm name)SH -/Times-Roman SF -(, the name that specifies the system's)SH -7200 34766 MT -(administrative domain. Project Athena uses the internet domain name ATHENA.MIT.EDU to specify its)SH -7200 35962 MT -(Kerberos realm name. We recommend using a name of this form.)SH -/Times-Bold SF -36857 XM -(NOTE:)SH -/Times-Roman SF -40616 XM -(the realm-name is case)SH -7200 37158 MT -(sensitive; by convention, we suggest that you use your internet domain name, in capital letters.)SH -7200 39456 MT -(Edit the [SOURCE_DIR]/)SH -/Times-Italic SF -(include/krb.h)SH -/Times-Roman SF -24860 XM -(file and look for the following lines of code:)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(4)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 5 6 -BS -0 SI -11 /Courier AF -8520 7886 MT -(/*)SH -9180 9000 MT -(* Kerberos specific definitions)SH -9180 10114 MT -(*)SH -9180 11228 MT -(* KRBLOG is the log file for the kerberos master server.)SH -9180 12342 MT -(* KRB_CONF is the configuration file where different host)SH -9180 13456 MT -(* machines running master and slave servers can be found.)SH -9180 14570 MT -(* KRB_MASTER is the name of the machine with the master)SH -9180 15684 MT -(* database. The admin_server runs on this machine, and all)SH -9180 16798 MT -(* changes to the db \050as opposed to read-only requests, which)SH -9180 17912 MT -(* can go to slaves\051 must go to it.)SH -9180 19026 MT -(* KRB_HOST is the default machine when looking for a kerberos)SH -9180 20140 MT -(* slave server. Other possibilities are in the KRB_CONF file.)SH -9180 21254 MT -(* KRB_REALM is the name of the realm.)SH -9180 22368 MT -(*/)SH -8520 24596 MT -(#ifdef notdef)SH -8520 25710 MT -(this is server-only, does not belong here;)SH -8520 26824 MT -(#define KRBLOG) -3960 W( "/kerberos/kerberos.log")5940 W -8520 27938 MT -(are these used anyplace '?';)SH -8520 29052 MT -(#define VX_KRB_HSTFILE) -9240 W( "/etc/krbhst")660 W -8520 30166 MT -(#define PC_KRB_HSTFILE) -9240 W( "\134\134kerberos\134\134krbhst")660 W -8520 31280 MT -(#endif)SH -8520 33508 MT -(#define KRB_CONF) -9240 W( "/etc/krb.conf")4620 W -8520 34622 MT -(#define KRB_RLM_TRANS) -9240 W( "/etc/krb.realms")1320 W -8520 35736 MT -(#define KRB_MASTER) -9240 W( "kerberos")3300 W -8520 36850 MT -(#define KRB_HOST) -9240 W( KRB_MASTER)5280 W -8520 37964 MT -(#define KRB_REALM) -9240 W( "ATHENA.MIT.EDU")3960 W -/Times-Roman SF -7200 39559 MT -(Edit the last line as follows:)SH -9400 41510 MT -(1.)SH -10500 XM -(Change the KRB_REALM definition so that it specifies the realm name you have chosen)SH -10500 42706 MT -(for your Kerberos system. This is a default which is usually overridden by a configuration)SH -10500 43902 MT -(file on each machine; however, if that config file is absent, many programs will use this)SH -10500 45098 MT -("built-in" realm name.)SH -14 /Times-Bold AF -7200 48945 MT -(3.1 The)350 W -/Times-BoldItalic SF -12334 XM -(/etc/krb.conf)SH -/Times-Bold SF -19956 XM -(File)SH -11 /Times-Roman AF -7200 51140 MT -(Create a)SH -/Times-Italic SF -11108 XM -(/etc/krb.conf)SH -/Times-Roman SF -16912 XM -(file using the following format:)SH -/Times-BoldItalic SF -8520 52740 MT -(realm_name)SH -8520 53854 MT -(realm_name master_server_name)1045 W -/Courier SF -25594 XM -(admin server)SH -/Times-Roman SF -7200 55449 MT -(where)SH -/Times-Italic SF -10161 XM -(realm_name)SH -/Times-Roman SF -15934 XM -(specifies the system's realm name, and)SH -/Times-Italic SF -33375 XM -(master_server_name)SH -/Times-Roman SF -42874 XM -(specifies the machine)SH -7200 56645 MT -(name on which you will run the master server. The words 'admin server' must appear next to the name of)SH -7200 57841 MT -(the server on which you intend to run the administration server \050which must be a machine with access to)SH -7200 59037 MT -(the database\051.)SH -7200 61335 MT -(For example, if your realm name is)SH -/Times-Italic SF -22962 XM -(tim.edu)SH -/Times-Roman SF -26506 XM -(and your master server's name is)SH -/Times-Italic SF -41288 XM -(kerberos.tim.edu)SH -/Times-Roman SF -(, the file)SH -7200 62531 MT -(should have these contents:)SH -/Courier SF -8520 64057 MT -(tim.edu)SH -8520 65171 MT -(tim.edu kerberos.tim.edu) -660 W( admin server)SH -/Times-Roman SF -7200 67469 MT -(See the [SOURCE_DIR]/)SH -/Times-Italic SF -(prototypes/etc.krb.conf)SH -/Times-Roman SF -28921 XM -(file for an example)SH -/Times-Italic SF -37533 XM -(/etc/krb.conf)SH -/Times-Roman SF -43337 XM -(file. That) -275 W( file has)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(5)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 6 7 -BS -0 SI -11 /Times-Roman AF -7200 7955 MT -(examples of how to provide backup servers for a given realm \050additional lines with the same leading)SH -7200 9151 MT -(realm name\051 and how to designate servers for remote realms.)SH -14 /Times-Bold AF -7200 12998 MT -(3.2 The)350 W -/Times-BoldItalic SF -12334 XM -(/etc/krb.realms)SH -/Times-Bold SF -21280 XM -(File)SH -11 /Times-Roman AF -7200 15193 MT -(In many situations, the default realm in which a host operates will be identical to the domain portion its)SH -7200 16389 MT -(Internet domain name.)SH -7200 18687 MT -(If this is not the case, you will need to establish a translation from host name or domain name to realm)SH -7200 19883 MT -(name. This) -275 W( is accomplished with the)SH -/Times-Italic SF -23820 XM -(/etc/krb.realms)SH -/Times-Roman SF -30724 XM -(file.)SH -7200 22181 MT -(Each line of the translation file specifies either a hostname or domain name, and its associated realm:)SH -/Courier SF -8520 23707 MT -(.domain.name kerberos.realm1)SH -8520 24821 MT -(host.name kerberos.realm2)SH -/Times-Roman SF -7200 26416 MT -(For example, to map all hosts in the domain LSC.TIM.EDU to KRB.REALM1 but the host)SH -7200 27612 MT -(FILMS.LSC.TIM.EDU to KRB.REALM2 your file would read:)SH -/Courier SF -8520 29138 MT -(.LSC.TIM.EDU KRB.REALM1)SH -8520 30252 MT -(FILMS.LSC.TIM.EDU KRB.REALM2)SH -/Times-Roman SF -7200 31847 MT -(If a particular host matches both a domain and a host entry, the host entry takes precedence.)SH -16 /Times-Bold AF -7200 36519 MT -(4. Building) -400 W( the Software)SH -11 /Times-Roman AF -7200 38714 MT -(Before you build the software read the)SH -/Times-Bold SF -24395 XM -(README)SH -/Times-Roman SF -29558 XM -(file in [SOURCE_DIR]. What follows is a more)SH -7200 39910 MT -(detailed description of the instructions listed in README.)SH -9400 41861 MT -(1.)SH -10500 XM -(Create an [OBJ_DIR] directory to hold the tree of Kerberos object files you are about to)SH -10500 43057 MT -(build, for example,)SH -/Times-Italic SF -19145 XM -(/mit/kerberos/obj)SH -/Times-Roman SF -(.)SH -9400 44951 MT -(2.)SH -10500 XM -(Change directory to [OBJ_DIR]. The following command creates directories under)SH -10500 46147 MT -([OBJ_DIR] and installs Makefiles for the final build.)SH -/Courier SF -11820 47724 MT -(host%)SH -/Times-Bold SF -15780 XM -(make -f [SOURCE_DIR]/tools/makeconfig SRCDIR=[SOURCE_DIR])275 W -/Times-Roman SF -9400 49618 MT -(3.)SH -10500 XM -(Change directory to util/imake.includes. Read through config.Imakefile, turning on)SH -10500 50814 MT -(appropriate flags for your installation. Change SRCTOP so that it is set to the top level of)SH -10500 52010 MT -(your source directory.)SH -9400 53904 MT -(4.)SH -10500 XM -(Check that your machine type has a definition in include/osconf.h & related files in the)SH -10500 55100 MT -(source tree \050if it doesn't, then you may need to create your own; if you get successful)SH -10500 56296 MT -(results, please post to kerberos@athena.mit.edu\051)SH -9400 58190 MT -(5.)SH -10500 XM -(Change directory to [OBJ_DIR]. The next command generates new Makefiles based on the)SH -10500 59386 MT -(configuration you selected in config.Imakefile, then adds dependency information to the)SH -10500 60582 MT -(Makefiles, and finally builds the system:)SH -/Courier SF -11820 62159 MT -(host%)SH -/Times-Bold SF -15780 XM -(make world)275 W -/Times-Roman SF -10500 63754 MT -(This command takes a while to complete; you may wish to redirect the output onto a file)SH -10500 64950 MT -(and put the job in the background:)SH -/Courier SF -11820 66527 MT -(host%)SH -/Times-Bold SF -15780 XM -(make world) -275 W( >&WORLDLOG_891201 &)SH -/Times-Roman SF -10500 68122 MT -(If you need to rebuild the Kerberos programs and libraries after making a change, you can)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(6)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 7 8 -BS -0 SI -11 /Times-Roman AF -10500 7955 MT -(usually just type:)SH -/Courier SF -11820 9532 MT -(host%)SH -/Times-Bold SF -15780 XM -(make all)275 W -/Times-Roman SF -10500 11127 MT -(However, if you changed the configuration in config.Imakefile or modified the Imakefiles)SH -10500 12323 MT -(or Makefiles, you should run)SH -/Times-Italic SF -23514 XM -(make world)SH -/Times-Roman SF -28952 XM -(to re-build all the Makefiles and dependency lists.)SH -14 /Times-Bold AF -7200 16141 MT -(4.1 Testing) -350 W( the DES Library)SH -11 /Times-Roman AF -7200 18336 MT -(Use the)SH -/Times-Italic SF -10804 XM -(verify)SH -/Times-Roman SF -13583 XM -(command to test the DES library implementation:)SH -/Courier SF -8520 19913 MT -(host%)SH -/Times-Bold SF -12480 XM -([OBJ_DIR]/lib/des/verify)SH -/Times-Roman SF -7200 21508 MT -(The command should display the following:)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(7)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 8 9 -BS -0 SI -11 /Courier AF -8520 7886 MT -(Examples per FIPS publication 81, keys ivs and cipher)SH -8520 9000 MT -(in hex. These are the correct answers, see below for)SH -8520 10114 MT -(the actual answers.)SH -8520 12342 MT -(Examples per Davies and Price.)SH -8520 14570 MT -(EXAMPLE ECB) -SH( key) -2640 W( = 08192a3b4c5d6e7f)SH -13800 15684 MT -(clear = 0)SH -13800 16798 MT -(cipher = 25 dd ac 3e 96 17 64 67)SH -8520 17912 MT -(ACTUAL ECB)SH -13800 19026 MT -(clear "")SH -13800 20140 MT -(cipher =) -660 W( \050low to high bytes\051)SH -19080 21254 MT -(25 dd ac 3e 96 17 64 67)SH -8520 23482 MT -(EXAMPLE ECB) -SH( key) -2640 W( = 0123456789abcdef)SH -13800 24596 MT -(clear = "Now is the time for all ")SH -13800 25710 MT -(cipher = 3f a4 0e 8a 98 4d 48 15 ...)SH -8520 26824 MT -(ACTUAL ECB)SH -13800 27938 MT -(clear "Now is the time for all ")SH -13800 29052 MT -(cipher =) -660 W( \050low to high bytes\051)SH -19080 30166 MT -(3f a4 0e 8a 98 4d 48 15)SH -8520 32394 MT -(EXAMPLE CBC) -SH( key) -2640 W( = 0123456789abcdef iv = 1234567890abcdef)SH -13800 33508 MT -(clear = "Now is the time for all ")SH -13800 34622 MT -(cipher =) -SH( e5) -4620 W( c7 cd de 87 2b f2 7c)SH -24360 35736 MT -(43 e9 34 00 8c 38 9c 0f)SH -24360 36850 MT -(68 37 88 49 9a 7c 05 f6)SH -8520 37964 MT -(ACTUAL CBC)SH -13800 39078 MT -(clear "Now is the time for all ")SH -13800 40192 MT -(ciphertext = \050low to high bytes\051)SH -19080 41306 MT -(e5 c7 cd de 87 2b f2 7c)SH -19080 42420 MT -(43 e9 34 00 8c 38 9c 0f)SH -19080 43534 MT -(68 37 88 49 9a 7c 05 f6)SH -19080 44648 MT -(00 00 00 00 00 00 00 00)SH -19080 45762 MT -(00 00 00 00 00 00 00 00)SH -19080 46876 MT -(00 00 00 00 00 00 00 00)SH -19080 47990 MT -(00 00 00 00 00 00 00 00)SH -19080 49104 MT -(00 00 00 00 00 00 00 00)SH -13800 50218 MT -(decrypted clear_text = "Now is the time for all ")SH -8520 51332 MT -(EXAMPLE CBC checksum) -SH( key) -1980 W( = 0123456789abcdef iv = 1234567890abcdef)SH -13800 52446 MT -(clear =) -SH( "7654321) -5280 W( Now is the time for ")SH -13800 53560 MT -(checksum 58) -4620 W( d2 e7 7e 86 06 27 33 or some part thereof)SH -8520 54674 MT -(ACTUAL CBC checksum)SH -19080 55788 MT -(encrypted cksum = \050low to high bytes\051)SH -19080 56902 MT -(58 d2 e7 7e 86 06 27 33)SH -/Times-Roman SF -7200 59200 MT -(If the)SH -/Times-Italic SF -9826 XM -(verify)SH -/Times-Roman SF -12605 XM -(command fails to display this information as specified above, the implementation of DES for)SH -7200 60396 MT -(your hardware needs to be adjusted. Your Kerberos system cannot work properly if your DES library)SH -7200 61592 MT -(fails this test.)SH -7200 63890 MT -(When you have finished building the software, you will find the executables in the object tree as follows:)SH -/Times-Bold SF -7200 65841 MT -([OBJ_DIR]/admin)SH -/Times-Italic SF -18200 XM -(ext_srvtab)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -23332 XM -(kdb_destroy)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -29258 XM -(kdb_edit)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -33596 XM -(kdb_init)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -37752 XM -(kdb_util)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -43771 XM -(kstash)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 67536 MT -([OBJ_DIR]/kuser)SH -/Times-Italic SF -18200 XM -(kdestroy)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -22476 XM -(kinit)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24982 XM -(klist)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -27366 XM -(ksrvtgt)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -32773 XM -(ksu)SH -/Times-Roman SF -(.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(8)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 9 10 -BS -0 SI -11 /Times-Bold AF -7200 7955 MT -([OBJ_DIR]/server)SH -/Times-Italic SF -18200 XM -(kerberos)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 9650 MT -([OBJ_DIR]/appl/bsd)SH -/Times-Italic SF -18200 XM -(klogind)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -22050 XM -(kshd)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24616 XM -(login.krb)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -29169 XM -(rcp)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -31185 XM -(rlogin)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -36288 XM -(rsh)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 11345 MT -([OBJ_DIR]/appl/knetd)SH -/Times-Italic SF -18200 XM -(knetd)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 13040 MT -([OBJ_DIR]/appl/sample)SH -/Times-Italic SF -18200 14236 MT -(sample_server)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -25164 XM -(sample_client)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -31824 XM -(simple_server)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -40407 XM -(simple_client)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 15931 MT -([OBJ_DIR]/appl/tftp)SH -/Times-Italic SF -18200 XM -(tcom)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -20888 XM -(tftpd)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -25319 XM -(tftp)SH -/Times-Roman SF -(.)SH -/Times-Bold SF -7200 17626 MT -([OBJ_DIR]/slave)SH -/Times-Italic SF -18200 XM -(kprop)SH -/Times-Roman SF -21041 XM -(and)SH -/Times-Italic SF -22904 XM -(kpropd)SH -/Times-Roman SF -(.)SH -16 /Times-Bold AF -7200 22298 MT -(5. Installing) -400 W( the Software)SH -11 /Times-Roman AF -7200 24493 MT -(To install the software, issue the)SH -/Times-Italic SF -21711 XM -(make install)SH -/Times-Roman SF -27333 XM -(command from the [OBJ_DIR] \050you need to be a privileged)SH -7200 25689 MT -(user in order to properly install the programs\051. Programs can either be installed in default directories, or)SH -7200 26885 MT -(under a given root directory, as described below.)SH -14 /Times-Bold AF -7200 30703 MT -(5.1 The) -350 W( ``Standard'' Places)SH -11 /Times-Roman AF -7200 32898 MT -(If you use the)SH -/Times-Italic SF -13492 XM -(make)SH -/Times-Roman SF -16087 XM -(command as follows:)SH -/Courier SF -8520 34475 MT -(host#)SH -/Times-Bold SF -12480 XM -(make install)275 W -/Times-Roman SF -7200 36070 MT -(the installation process will try to install the various parts of the system in ``standard'' directories. This)SH -7200 37266 MT -(process creates the ``standard'' directories as needed.)SH -7200 39564 MT -(The standard installation process copies things as follows:)SH -/Symbol SF -9169 41640 MT -(\267)SH -/Times-Roman SF -9950 XM -(The)SH -/Times-Italic SF -11935 XM -(include)SH -/Times-Roman SF -15448 XM -(files)SH -/Times-Italic SF -17617 XM -(krb.h)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -20458 XM -(des.h)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -23299 XM -(mit-copyright.h)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -30662 XM -(kadm.h)SH -/Times-Roman SF -34144 XM -(and)SH -/Times-Italic SF -36007 XM -(kadm_err.h)SH -/Times-Roman SF -41383 XM -(get copied to the)SH -/Times-Italic SF -9950 42836 MT -(/usr/include)SH -/Times-Roman SF -15481 XM -(directory.)SH -/Symbol SF -9169 44730 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos libraries)SH -/Times-Italic SF -20119 XM -(libdes.a)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24122 XM -(libkrb.a)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -28125 XM -(libkdb.a)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -32250 XM -(libkadm.a)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -37169 XM -(libknet.a)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -43401 XM -(libacl.a)SH -/Times-Roman SF -47007 XM -(get)SH -9950 45926 MT -(copied to the)SH -/Times-Italic SF -15907 XM -(/usr/athena/lib)SH -/Times-Roman SF -22662 XM -(\050or wherever you pointed LIBDIR in config.Imakefile\051)SH -9950 47122 MT -(directory.)SH -/Symbol SF -9169 49016 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos master database utilities)SH -/Times-Italic SF -27085 XM -(kdb_init)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -31241 XM -(kdb_destroy)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -37167 XM -(kdb_edit)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -41505 XM -(kdb_util)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -45661 XM -(kstash)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -9950 50212 MT -(ext_srvtab)SH -/Times-Roman SF -14807 XM -(get copied to the)SH -/Times-Italic SF -22383 XM -(/usr/etc)SH -/Times-Roman SF -25958 XM -(\050DAEMDIR\051 directory.)SH -/Symbol SF -9169 52106 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos user utilities)SH -/Times-Italic SF -21924 XM -(kinit)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -24430 XM -(kdestroy)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -28706 XM -(klist)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -31090 XM -(ksrvtgt)SH -/Times-Roman SF -34359 XM -(and)SH -/Times-Italic SF -36222 XM -(ksu)SH -/Times-Roman SF -37963 XM -(get copied to the)SH -/Times-Italic SF -45539 XM -(/usr/athena)SH -/Times-Roman SF -9950 53302 MT -(\050PROGDIR\051 directory.)SH -/Symbol SF -9169 55196 MT -(\267)SH -/Times-Roman SF -9950 XM -(The modified Berkeley utilities)SH -/Times-Italic SF -24004 XM -(rsh)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -25960 XM -(rlogin)SH -/Times-Roman SF -28925 XM -(get copied to the)SH -/Times-Italic SF -36501 XM -(/usr/ucb)SH -/Times-Roman SF -40382 XM -(\050UCBDIR\051 directory;)SH -/Times-Italic SF -9950 56392 MT -(rcp)SH -/Times-Roman SF -11691 XM -(gets copied to the)SH -/Times-Italic SF -19695 XM -(/bin)SH -/Times-Roman SF -21682 XM -(\050SLASHBINDIR\051 directory; and)SH -/Times-Italic SF -36375 XM -(rlogind)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -40165 XM -(rshd)SH -/Times-Roman SF -(, and)SH -/Times-Italic SF -44534 XM -(login.krb)SH -/Times-Roman SF -48812 XM -(get)SH -9950 57588 MT -(copied to the)SH -/Times-Italic SF -15907 XM -(/usr/etc)SH -/Times-Roman SF -19482 XM -(\050DAEMDIR\051 directory. The old copies of the user programs are)SH -9950 58784 MT -(renamed)SH -/Times-Italic SF -14011 XM -(rsh.ucb)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -17830 XM -(rlogin.ucb)SH -/Times-Roman SF -22658 XM -(and)SH -/Times-Italic SF -24521 XM -(rcp.ucb)SH -/Times-Roman SF -(, respectively. The Kerberos versions of these)SH -9950 59980 MT -(programs are designed to fall back and execute the original versions if something prevents)SH -9950 61176 MT -(the Kerberos versions from succeeding.)SH -/Symbol SF -9169 63070 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos version of)SH -/Times-Italic SF -20944 XM -(tftp)SH -/Times-Roman SF -22687 XM -(and)SH -/Times-Italic SF -24550 XM -(tcom)SH -/Times-Roman SF -26963 XM -(get copied to the)SH -/Times-Italic SF -34539 XM -(/usr/athena)SH -/Times-Roman SF -39826 XM -(\050PROGDIR\051 directory;)SH -/Times-Italic SF -9950 64266 MT -(tftpd)SH -/Times-Roman SF -12243 XM -(gets copied to the)SH -/Times-Italic SF -20247 XM -(/etc)SH -/Times-Roman SF -22110 XM -(\050ETCDIR\051 directory.)SH -/Times-Italic SF -31884 XM -(tftp)SH -/Times-Roman SF -33627 XM -(and)SH -/Times-Italic SF -35490 XM -(tftpd)SH -/Times-Roman SF -37783 XM -(are installed set-uid to an)SH -9950 65462 MT -(unprivileged user \050user id of DEF_UID\051.)SH -/Symbol SF -9169 67356 MT -(\267)SH -/Times-Roman SF -9950 XM -(The)SH -/Times-Italic SF -11935 XM -(knetd)SH -/Times-Roman SF -14592 XM -(daemon gets copied to the)SH -/Times-Italic SF -26353 XM -(/usr/etc)SH -/Times-Roman SF -29928 XM -(\050DAEMDIR\051 directory.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(9)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 10 11 -BS -0 SI -11 /Symbol AF -9169 8080 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos server)SH -/Times-Italic SF -19201 XM -(kerberos)SH -/Times-Roman SF -(, the slave propagation software)SH -/Times-Italic SF -37343 XM -(kprop)SH -/Times-Roman SF -40184 XM -(and)SH -/Times-Italic SF -42047 XM -(kpropd)SH -/Times-Roman SF -(, and the)SH -9950 9276 MT -(administration server)SH -/Times-Italic SF -19542 XM -(kadmind)SH -/Times-Roman SF -23605 XM -(get copied to the)SH -/Times-Italic SF -31181 XM -(/usr/etc)SH -/Times-Roman SF -34756 XM -(\050SVRDIR, SVRDIR, and)SH -9950 10472 MT -(DAEMDIR\051 directory.)SH -/Symbol SF -9169 12366 MT -(\267)SH -/Times-Roman SF -9950 XM -(The remote administration tools)SH -/Times-Italic SF -24310 XM -(kpasswd)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -28588 XM -(ksrvutil)SH -/Times-Roman SF -32163 XM -(and)SH -/Times-Italic SF -34026 XM -(kadmin)SH -/Times-Roman SF -37539 XM -(get copied to the)SH -/Times-Italic SF -45115 XM -(/usr/athena)SH -/Times-Roman SF -9950 13562 MT -(\050PROGDIR\051 directory.)SH -/Symbol SF -9169 15456 MT -(\267)SH -/Times-Roman SF -9950 XM -(The Kerberos manual pages get installed in the appropriate)SH -/Times-Italic SF -36187 XM -(/usr/man)SH -/Times-Roman SF -40374 XM -(directories. Don't)275 W -9950 16652 MT -(forget to run)SH -/Times-Italic SF -15723 XM -(makewhatis)SH -/Times-Roman SF -21192 XM -(after installing the manual pages.)SH -14 /Times-Bold AF -7200 20470 MT -(5.2 ``Non-Standard'') -350 W( Installation)SH -11 /Times-Roman AF -7200 22665 MT -(If you'd rather install the software in a different location, you can use the)SH -/Times-Italic SF -39667 XM -(make)SH -/Times-Roman SF -42262 XM -(command as follows,)SH -7200 23861 MT -(where [DEST_DIR] specifies an alternate destination directory which will be used as the root for the)SH -7200 25057 MT -(installed programs, i.e. programs that would normally be installed in /usr/athena would be installed in)SH -7200 26253 MT -([DEST_DIR]/usr/athena.)SH -/Courier SF -8520 27830 MT -(host#)SH -/Times-Bold SF -12480 XM -(make install DESTDIR=[DEST_DIR])275 W -16 SS -7200 32502 MT -(6. Conclusion)400 W -11 /Times-Roman AF -7200 34697 MT -(Now that you have built and installed your Kerberos system, use the accompanying Kerberos Operation)SH -4030 50 44224 34897 UL -4398 50 48529 34897 UL -7200 35893 MT -(Notes to create a Kerberos Master database, install authenticated services, and start the Kerberos server.)SH -2566 50 7200 36093 UL -16 /Times-Bold AF -7200 40565 MT -(7. Acknowledgements)400 W -11 /Times-Roman AF -7200 42760 MT -(We'd like to thank Henry Mensch and Jon Rochlis for helping us debug this document.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30100 XM -(10)SH -47890 XM -(4 January 1990)SH -ES -%%Page: i 12 -BS -0 SI -14 /Times-Bold AF -25272 8138 MT -(Table of Contents)SH -13 SS -7200 9781 MT -(1. Organization) -325 W( of the Source Directory)SH -53350 XM -(1)SH -12 /Times-Roman AF -9000 11136 MT -(1.1 The)300 W -/Times-BoldItalic SF -13266 XM -(admin)SH -/Times-Roman SF -16701 XM -(Directory)SH -53400 XM -(2)SH -9000 12491 MT -(1.2 The)300 W -/Times-BoldItalic SF -13266 XM -(kuser)SH -/Times-Roman SF -16300 XM -(Directory)SH -53400 XM -(2)SH -9000 13846 MT -(1.3 The)300 W -/Times-BoldItalic SF -13266 XM -(appl)SH -/Times-Roman SF -15700 XM -(Directory)SH -53400 XM -(2)SH -9000 15201 MT -(1.4 The)300 W -/Times-BoldItalic SF -13266 XM -(server)SH -/Times-Roman SF -16566 XM -(Directory)SH -53400 XM -(3)SH -9000 16556 MT -(1.5 The)300 W -/Times-BoldItalic SF -13266 XM -(kadmin)SH -/Times-Roman SF -17301 XM -(Directory)SH -53400 XM -(3)SH -9000 17911 MT -(1.6 The)300 W -/Times-BoldItalic SF -13266 XM -(include)SH -/Times-Roman SF -17234 XM -(Directory)SH -53400 XM -(3)SH -9000 19266 MT -(1.7 The)300 W -/Times-BoldItalic SF -13266 XM -(lib)SH -/Times-Roman SF -14834 XM -(Directory)SH -53400 XM -(3)SH -9000 20621 MT -(1.8 The)300 W -/Times-BoldItalic SF -13266 XM -(man)SH -/Times-Roman SF -15767 XM -(Directory)SH -53400 XM -(3)SH -9000 21976 MT -(1.9 The)300 W -/Times-BoldItalic SF -13266 XM -(prototypes)SH -/Times-Roman SF -18634 XM -(Directory)SH -53400 XM -(3)SH -9000 23331 MT -(1.10 The)300 W -/Times-BoldItalic SF -13866 XM -(tools)SH -/Times-Roman SF -16501 XM -(Directory)SH -53400 XM -(3)SH -9000 24686 MT -(1.11 The)300 W -/Times-BoldItalic SF -13866 XM -(util)SH -/Times-Roman SF -15835 XM -(Directory)SH -53400 XM -(4)SH -13 /Times-Bold AF -7200 26329 MT -(2. Preparing) -325 W( for Installation)SH -53350 XM -(4)SH -7200 27972 MT -(3. Preparing) -325 W( for the Build)SH -53350 XM -(4)SH -12 /Times-Roman AF -9000 29327 MT -(3.1 The)300 W -/Times-BoldItalic SF -13266 XM -(/etc/krb.conf)SH -/Times-Roman SF -19801 XM -(File)SH -53400 XM -(5)SH -9000 30682 MT -(3.2 The)300 W -/Times-BoldItalic SF -13266 XM -(/etc/krb.realms)SH -/Times-Roman SF -20936 XM -(File)SH -53400 XM -(6)SH -13 /Times-Bold AF -7200 32325 MT -(4. Building) -325 W( the Software)SH -53350 XM -(6)SH -12 /Times-Roman AF -9000 33674 MT -(4.1 Testing) -300 W( the DES Library)SH -53400 XM -(7)SH -13 /Times-Bold AF -7200 35317 MT -(5. Installing) -325 W( the Software)SH -53350 XM -(9)SH -12 /Times-Roman AF -9000 36666 MT -(5.1 The) -300 W( ``Standard'' Places)SH -53400 XM -(9)SH -9000 38015 MT -(5.2 ``Non-Standard'') -300 W( Installation)SH -52800 XM -(10)SH -13 /Times-Bold AF -7200 39658 MT -(6. Conclusion)325 W -52700 XM -(10)SH -7200 41301 MT -(7. Acknowledgements)325 W -52700 XM -(10)SH -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30461 XM -(i)SH -47890 XM -(4 January 1990)SH -ES -%%Trailer -%%Pages: 12 -%%DocumentFonts: Times-Roman Times-Bold Times-Italic Times-BoldItalic Courier Symbol diff --git a/doc/old-V4-docs/installation.mss b/doc/old-V4-docs/installation.mss deleted file mode 100644 index 0a2ae7595c..0000000000 --- a/doc/old-V4-docs/installation.mss +++ /dev/null @@ -1,681 +0,0 @@ -@Comment[ $Source$] -@Comment[ $Author$] -@Comment[ $Id$] -@Comment[] -@device[postscript] -@make[report] -@comment[ -@DefineFont(HeadingFont, - P=, - B=, - I=, - R=) -] -@DefineFont(HeadingFont, - P=, - B=, - I=, - R=) -@Counter(MajorPart,TitleEnv HD0,ContentsEnv tc0,Numbered [@I], - IncrementedBy Use,Announced) -@Counter(Chapter,TitleEnv HD1,ContentsEnv tc1,Numbered [@1. ], - IncrementedBy Use,Referenced [@1],Announced) -@Counter(Appendix,TitleEnv HD1,ContentsEnv tc1,Numbered [@A. ], - IncrementedBy,Referenced [@A],Announced,Alias Chapter) -@Counter(UnNumbered,TitleEnv HD1,ContentsEnv tc1,Announced,Alias - Chapter) -@Counter(Section,Within Chapter,TitleEnv HD2,ContentsEnv tc2, - Numbered [@#@:.@1 ],Referenced [@#@:.@1],IncrementedBy - Use,Announced) -@Counter(AppendixSection,Within Appendix,TitleEnv HD2, - ContentsEnv tc2, - Numbered [@#@:.@1 ],Referenced [@#@:.@1],IncrementedBy - Use,Announced) -@Counter(SubSection,Within Section,TitleEnv HD3,ContentsEnv tc3, - Numbered [@#@:.@1 ],IncrementedBy Use, - Referenced [@#@:.@1 ]) -@Counter(AppendixSubSection,Within AppendixSection,TitleEnv HD3, - ContentsEnv tc3, - Numbered [@#@:.@1 ],IncrementedBy Use, - Referenced [@#@:.@1 ]) -@Counter(Paragraph,Within SubSection,TitleEnv HD4,ContentsEnv tc4, - Numbered [@#@:.@1 ],Referenced [@#@:.@1], - IncrementedBy Use) -@modify(CopyrightNotice, Fixed -1 inch, Flushright) -@Modify(Titlebox, Fixed 3.0 inches) -@Modify(hd1, below .2 inch, facecode B, size 16, spaces kept, pagebreak off) -@Modify(hd2, below .2 inch, facecode B, size 14, spaces kept) -@Modify(hd3, below .2 inch, facecode B, size 12, spaces kept) -@Modify(Description, Leftmargin +20, Indent -20,below 1 line, above 1 line) -@Modify(Tc1, Above .5, Facecode B) -@Modify(Tc2, Above .25, Below .25, Facecode R) -@Modify(Tc3,Facecode R) -@Modify(Tc4,Facecode R) -@Modify(Itemize,Above 1line,Below 1line) -@Modify(Insert,LeftMargin +2, RightMargin +2) -@libraryfile[stable] -@comment[@Style(Font NewCenturySchoolBook, size 11)] -@Style(Font TimesRoman, size 11) -@Style(Spacing 1.1, indent 0) -@Style(leftmargin 1.0inch) -@Style(justification no) -@Style(BottomMargin 1.5inch) -@Style(ChangeBarLocation Right) -@Style(ChangeBars=off) -@pageheading[immediate] -@pagefooting[immediate, left = "MIT Project Athena", center = "@value(page)", -right = "@value(date)"] -@set[page = 0] -@blankspace[.5 inches] -@begin[group, size 20] -@begin(center) -@b[Kerberos Installation Notes] -@b[DRAFT] -@end[center] -@end(group) -@blankspace[.5 inches] -@begin[group, size 16] -@begin(center) -Bill Bryant -Jennifer Steiner -John Kohl -@blankspace[1 line] -Project Athena, MIT -@blankspace[.5 inches] -@b[Initial Release, January 24, 1989] -@i[(plus later patches through patchlevel 7)] -@end[center] -@end(group) -@begin[group, size 10] -@end[group] -@blankspace[.75 inches] - - -The release consists of three parts. - -The first part consists of the core Kerberos system, which was developed -at MIT and does not require additional licenses for us to distribute. -Included in this part are the Kerberos authentication server, the -Kerberos library, the -@i[ndbm] -database interface library, user programs, administration programs, -manual pages, some applications which use Kerberos for authentication, -and some utilities. - -The second part is the Data Encryption Standard (DES) library, which we -are distributing only within the United States. - -The third part contains Kerberos modifications to Sun's NFS, which we -distribute as ``context diffs'' to the Sun NFS source code. Its -distribution is controlled to provide an accounting of who has retrieved -the patches, so that Project Athena can comply with its agreements with -Sun regarding distribution of these changes. - -@newpage() -@chapter[Organization of the Source Directory] - -The Kerberos building and installation process, -as described in this document, -builds the binaries and executables from the files contained in the Kerberos -source tree, and deposits them in a separate object tree. -This is intended to easily support several different build trees from a -single source tree (this is useful if you support several machine -architectures). -We suggest that you copy the Kerberos sources into a -@i[/mit/kerberos/src] directory, -and create as well a @i[/mit/kerberos/obj] directory in which -to hold the executables. -In the rest of this document, we'll refer to the Kerberos -source and object directories as [SOURCE_DIR] -and [OBJ_DIR], respectively. - -Below is a brief overview of the organization of the complete -source directory. -More detailed descriptions follow. - -@begin[description] - -@b[admin]@\utilities for the Kerberos administrator - -@b[appl]@\applications that use Kerberos - -@b[appl/bsd]@\Berkeley's rsh/rlogin suite, using Kerberos - -@b[appl/knetd]@\(old) software for inetd-like multiplexing of a single -TCP listening port - -@b[appl/sample]@\sample application servers and clients - -@b[appl/tftp]@\Trivial File Transfer Protocol, using Kerberos - -@b[include]@\include files - -@b[kadmin]@\remote administrative interface to the Kerberos master database - -@b[kuser]@\assorted user programs - -@b[lib]@\libraries for use with/by Kerberos - -@b[lib/acl]@\Access Control List library - -@b[lib/des]@\Data Encryption Standard library (US only) - -@b[lib/kadm]@\administrative interface library - -@b[lib/kdb]@\Kerberos server library interface to @i[ndbm] - -@b[lib/knet]@\(old) library for use with @b[knetd] - -@b[lib/krb]@\Kerberos library - -@b[man]@\manual pages - -@b[prototypes]@\sample configuration files - -@b[server]@\the authentication server - -@b[slave]@\Kerberos slave database propagation software - -@b[tools]@\shell scripts for maintaining the source tree - -@b[util]@\utilities - -@b[util/imake]@\Imakefile-to-Makefile ``compilation'' tool - -@b[util/ss]@\Sub-system library (for command line subsystems) - -@b[util/et]@\Error-table library (for independent, unique error codes) - -@b[util/makedepend]@\Makefile dependency generator tool - -@end[description] - -@section[The @p(admin) Directory] - -This directory contains source for -the Kerberos master database administration tools. -@begin[description] -@b[kdb_init]@\This program creates and initializes the -Kerberos master database. -It prompts for a Kerberos realmname, and the Kerberos master password. - -@b[kstash]@\This program ``stashes'' the master password in the file -@i[/.k] so that the master server machine can restart the Kerberos -server automatically after an unattended reboot. -The hidden password is also available to administrative programs -that have been set to run automatically. - -@b[kdb_edit]@\This program is a low-level tool for editing -the master database. - -@b[kdb_destroy]@\This program deletes the master database. - -@b[kdb_util]@\This program can be used to dump the master database -into an ascii file, and can also be used to load the ascii file -into the master database. - -@b[ext_srvtab]@\This program extracts information from the master -database and creates a host-dependent @i[srvtab] file. -This file contains the Kerberos keys for the host's -``Kerberized'' services. -These services look up their keys in the @i[srvtab] file -for use in the authentication process. -@end[description] - -@section[The @p(kuser) Directory] - -This directory contains the source code for several user-oriented -programs. -@begin[description] -@b[kinit]@\This program prompts users for their usernames and -Kerberos passwords, then furnishes them with Kerberos ticket-granting -tickets. - -@b[kdestroy]@\This program destroys any active tickets. -Users should use @i[kdestroy] before they log off their workstations. - -@b[klist]@\This program lists a user's active tickets. - -@b[ksrvtgt]@\This retrieves a ticket-granting ticket with a life time -of five minutes, using a server's secret key in lieu of a password. It -is primarily for use in shell scripts and other batch facilities. - -@b[ksu]@\Substitute user id, using Kerberos to mediate attempts to -change to ``root''. -@end[description] - -@section[The @p(appl) Directory] - -If your site has the appropriate BSD license, -your Kerberos release provides certain Unix utilities -The Berkeley programs that have been modified to use Kerberos -authentication are found in the @i[appl/bsd] directory. -They include @i[login], @i[rlogin], @i[rsh], and @i[rcp], as well as the -associated daemon programs @i[kshd] and @i[klogind]. -The @i[login] program obtains ticket-granting tickets for users -upon login; the other utilities provide authenticated -Unix network services. - -The @i[appl] directory also contains samples Kerberos application -client and server programs, an authenticated @i[tftp] program, -@i[knetd], an authenticated inet daemon. - -@section[The @p(server) Directory] - -The @i[server] directory contains the Kerberos KDC server, called -@i[kerberos]. -This program manages read-only requests made to the -master database, -distributing tickets and encryption keys to clients requesting -authentication service. - -@section[The @p(kadmin) Directory] - -The @i[kadmin] directory contains the Kerberos administration server and -associated client programs. -The server accepts network requests from the -user program @i[kpasswd] (used to change a user's password), the -Kerberos administration program @i(kadmin), and the srvtab utility -program @i[ksrvutil]. -The administration server can make modifications to the master database. - -@section[The @p(include) Directory] - -This directory contains the @i[include] files needed to -build the Kerberos system. - -@section[The @p(lib) Directory] - -The @i[lib] directory has six subdirectories: -@i[acl], @i[des], @i[kadm], @i[kdb], @i[knet], and @i[krb]. -The @i[des] directory contains source for the DES encryption library. -The @i[kadm] directory contains source for the Kerberos administration -server utility library. -The @i[kdb] directory contains source for the Kerberos database -routine library. -The @i[knet] directory contains source for a library used by clients of -the @i[knetd] server. -The @i[krb] directory contains source for the @i[libkrb.a] -library. -This library contains routines that are used by the Kerberos server program, -and by applications programs that require authentication service. - -@section[The @p(man) Directory] - -This directory contains manual pages for Kerberos programs and -library routines. - -@section[The @p(prototypes) Directory] - -This directory contains prototype -@i[/etc/services] and @i[/etc/krb.conf] files. -New entries must be added to the @i[/etc/services] file for -the Kerberos server, and possibly for Kerberized applications -(@i[services.append] contains the entries used by the Athena-provided -servers & applications, and is suitable for appending to your existing -@i[/etc/services] file.). -The @i[/etc/krb.conf] file defines the local Kerberos realm -for its host and lists Kerberos servers for given realms. -The @i[/etc/krb.realms] file defines exceptions for mapping machine -names to Kerberos realms. - -@section[The @p(tools) Directory] - -This directory contains -a makefile to set up a directory tree -for building the software in, and -a shell script to format code in the -style we use. - - -@section[The @p(util) Directory] - -This directory contains several utility programs and libraries. -Included are Larry Wall's @i[patch] program, a @i[make] pre-processor -program called -@i[imake], and a program for generating Makefile dependencies, -@i[makedepend], as well as the Sub-system library and -utilities (@i[ss]), and the Error table library and utilities (@i[et]). - -@chapter[Preparing for Installation] - -This document assumes that you will build the system -on the machine on which you plan to install -the Kerberos master server and its database. -You'll need about 10 megabytes for source and executables. - -By default, there must be -a @i[/kerberos] directory on the master server machine -in which to store the Kerberos -database files. -If the master server machine does not have room on its root partition -for these files, -create a @i[/kerberos] symbolic link to another file system. - -@chapter[Preparing for the Build] - -Before you build the system, -you have to choose a @b[realm name], -the name that specifies the system's administrative domain. -Project Athena uses the internet domain name ATHENA.MIT.EDU -to specify its Kerberos realm name. -We recommend using a name of this form. -@b[NOTE:] the realm-name is case sensitive; by convention, we suggest -that you use your internet domain name, in capital letters. - -Edit the [SOURCE_DIR]/@i[include/krb.h] file and look for the following -lines of code: -@begin[example] -/* - * Kerberos specific definitions - * - * KRBLOG is the log file for the kerberos master server. - * KRB_CONF is the configuration file where different host - * machines running master and slave servers can be found. - * KRB_MASTER is the name of the machine with the master - * database. The admin_server runs on this machine, and all - * changes to the db (as opposed to read-only requests, which - * can go to slaves) must go to it. - * KRB_HOST is the default machine when looking for a kerberos - * slave server. Other possibilities are in the KRB_CONF file. - * KRB_REALM is the name of the realm. - */ - -#ifdef notdef -this is server-only, does not belong here; -#define KRBLOG "/kerberos/kerberos.log" -are these used anyplace '?'; -#define VX_KRB_HSTFILE "/etc/krbhst" -#define PC_KRB_HSTFILE "\\kerberos\\krbhst" -#endif - -#define KRB_CONF "/etc/krb.conf" -#define KRB_RLM_TRANS "/etc/krb.realms" -#define KRB_MASTER "kerberos" -#define KRB_HOST KRB_MASTER -#define KRB_REALM "ATHENA.MIT.EDU" -@end[example] -Edit the last line as follows: -@begin[enumerate] -Change the KRB_REALM definition so that it specifies the realm name -you have chosen for your Kerberos system. This is a default which is -usually overridden by a configuration file on each machine; however, if -that config file is absent, many programs will use this "built-in" realm -name. -@end[enumerate] - -@section[The @p(/etc/krb.conf) File] - -Create a @i[/etc/krb.conf] file using the following format: -@begin[example] -@p[realm_name] -@p[realm_name] @p[master_server_name] admin server -@end[example] -where @i[realm_name] specifies the system's realm name, -and @i[master_server_name] specifies the machine name on -which you will run the master server. The words 'admin server' must -appear next to the name of the server on which you intend to run the -administration server (which must be a machine with access to the database). - -For example, -if your realm name is @i[tim.edu] and your master server's name is -@i[kerberos.tim.edu], the file should have these contents: -@begin[example] -tim.edu -tim.edu kerberos.tim.edu admin server -@end[example] - -See the [SOURCE_DIR]/@i[prototypes/etc.krb.conf] file for an -example @i[/etc/krb.conf] file. That file has examples of how to -provide backup servers for a given realm (additional lines with the same -leading realm name) and how to designate servers for remote realms. - -@section[The @p(/etc/krb.realms) File] - -In many situations, the default realm in which a host operates will be -identical to the domain portion its Internet domain name. - -If this is not the case, you will need to establish a translation from -host name or domain name to realm name. This is accomplished with the -@i(/etc/krb.realms) file. - -Each line of the translation file specifies either a hostname or domain -name, and its associated realm: -@begin[example] -.domain.name kerberos.realm1 -host.name kerberos.realm2 -@end[example] -For example, to map all hosts in the domain LSC.TIM.EDU to KRB.REALM1 -but the host FILMS.LSC.TIM.EDU to KRB.REALM2 your file would read: -@begin[example] -.LSC.TIM.EDU KRB.REALM1 -FILMS.LSC.TIM.EDU KRB.REALM2 -@end[example] -If a particular host matches both a domain and a host entry, the host -entry takes precedence. - -@chapter[Building the Software] - -Before you build the software -read the @b[README] file in [SOURCE_DIR]. -What follows is a more detailed description of the instructions -listed in README. -@begin[enumerate] -Create an [OBJ_DIR] directory to hold the tree of Kerberos object files you -are about to build, for example, -@i[/mit/kerberos/obj]. - -Change directory to [OBJ_DIR]. -The following command creates directories under [OBJ_DIR] -and installs Makefiles for the final build. -@begin[example, rightmargin -7] -host% @b(make -f [SOURCE_DIR]/tools/makeconfig SRCDIR=[SOURCE_DIR]) -@end[example] - - - -Change directory to util/imake.includes. Read through config.Imakefile, -turning on appropriate flags for your installation. Change SRCTOP so -that it is set to the top level of your source directory. - -Check that your machine type has a definition in include/osconf.h & -related files in the source tree (if it doesn't, then you may need to -create your own; if you get successful results, please post to -kerberos@@athena.mit.edu) - -Change directory to [OBJ_DIR]. The next command generates new Makefiles -based on the configuration you selected in config.Imakefile, then adds -dependency information to the Makefiles, and finally builds the system: -@begin[example, rightmargin -7] -host% @b(make world) -@end[example] -This command takes a while to complete; you may wish to redirect the -output onto a file and put the job in the background: -@begin[example, rightmargin -7] -host% @b(make world >&WORLDLOG_891201 &) -@end[example] -If you need to rebuild the Kerberos programs and libraries after making -a change, you can usually just type: -@begin[example, rightmargin -7] -host% @b(make all) -@end[example] -However, if you changed the configuration in config.Imakefile or modified -the Imakefiles or Makefiles, you should run @i[make world] to re-build -all the Makefiles and dependency lists. -@end(enumerate) - -@section[Testing the DES Library] - -Use the @i[verify] command to test the DES library -implementation: -@begin[example] -host% @b([OBJ_DIR]/lib/des/verify) -@end[example] -The command should display the following: -@begin[example, rightmargin -10] -Examples per FIPS publication 81, keys ivs and cipher -in hex. These are the correct answers, see below for -the actual answers. - -Examples per Davies and Price. - -EXAMPLE ECB key = 08192a3b4c5d6e7f - clear = 0 - cipher = 25 dd ac 3e 96 17 64 67 -ACTUAL ECB - clear "" - cipher = (low to high bytes) - 25 dd ac 3e 96 17 64 67 - -EXAMPLE ECB key = 0123456789abcdef - clear = "Now is the time for all " - cipher = 3f a4 0e 8a 98 4d 48 15 ... -ACTUAL ECB - clear "Now is the time for all " - cipher = (low to high bytes) - 3f a4 0e 8a 98 4d 48 15 - -EXAMPLE CBC key = 0123456789abcdef iv = 1234567890abcdef - clear = "Now is the time for all " - cipher = e5 c7 cd de 87 2b f2 7c - 43 e9 34 00 8c 38 9c 0f - 68 37 88 49 9a 7c 05 f6 -ACTUAL CBC - clear "Now is the time for all " - ciphertext = (low to high bytes) - e5 c7 cd de 87 2b f2 7c - 43 e9 34 00 8c 38 9c 0f - 68 37 88 49 9a 7c 05 f6 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 - decrypted clear_text = "Now is the time for all " -EXAMPLE CBC checksum key = 0123456789abcdef iv = 1234567890abcdef - clear = "7654321 Now is the time for " - checksum 58 d2 e7 7e 86 06 27 33 or some part thereof -ACTUAL CBC checksum - encrypted cksum = (low to high bytes) - 58 d2 e7 7e 86 06 27 33 -@end[example] - -If the @i[verify] command fails to display this information as specified -above, the implementation of DES for your hardware needs to -be adjusted. -Your Kerberos system cannot work properly if your DES library -fails this test. - -When you have finished building the software, -you will find the executables in the object tree as follows: -@begin[description] -@b([OBJ_DIR]/admin)@\@i[ext_srvtab], @i[kdb_destroy], -@i[kdb_edit], @i[kdb_init], @i[kdb_util], and @i[kstash]. - -@b([OBJ_DIR]/kuser)@\@i[kdestroy], @i[kinit], @i[klist], @i[ksrvtgt], -and @i[ksu]. - -@b([OBJ_DIR]/server)@\@i[kerberos]. - -@b([OBJ_DIR]/appl/bsd)@\@i[klogind], @i[kshd], @i[login.krb], @i[rcp], -@i[rlogin], and @i[rsh]. - -@b([OBJ_DIR]/appl/knetd)@\@i[knetd]. - -@b([OBJ_DIR]/appl/sample)@\@i[sample_server], @i[sample_client], -@i[simple_server], and @i[simple_client]. - -@b([OBJ_DIR]/appl/tftp)@\@i[tcom], @i[tftpd], and @i[tftp]. - -@b([OBJ_DIR]/slave)@\@i[kprop] and @i[kpropd]. -@end[description] - -@chapter[Installing the Software] - -To install the software, issue the @i[make install] command from -the [OBJ_DIR] (you need to be a privileged user in order to -properly install the programs). -Programs can either be installed in default directories, or under -a given root directory, as described below. - -@section[The ``Standard'' Places] - -If you use the @i[make] command as follows: -@begin[example] -host# @b(make install) -@end[example] -the installation process will try to install the various parts of the -system in ``standard'' directories. -This process creates the ``standard'' directories as needed. - -The standard installation process copies things as follows: -@begin[itemize] -The @i[include] files @i[krb.h], @i[des.h], @i[mit-copyright.h], -@i[kadm.h] and @i[kadm_err.h] get copied to the -@i[/usr/include] directory. - -The Kerberos libraries @i[libdes.a], @i[libkrb.a], @i[libkdb.a], -@i[libkadm.a], @i[libknet.a], and @i[libacl.a] get copied -to the @i[/usr/athena/lib] (or wherever you pointed LIBDIR in -config.Imakefile) directory. - -The Kerberos master database utilities @i[kdb_init], @i[kdb_destroy], -@i[kdb_edit], @i[kdb_util], @i[kstash], and @i[ext_srvtab] get copied to -the @i[/usr/etc] (DAEMDIR) directory. - -The Kerberos user utilities @i[kinit], @i[kdestroy], @i[klist], -@i[ksrvtgt] and @i[ksu] get copied to the @i[/usr/athena] (PROGDIR) -directory. - -The modified Berkeley utilities @i[rsh], @i[rlogin] get copied to the -@i[/usr/ucb] (UCBDIR) directory; @i[rcp] gets copied to the @i[/bin] -(SLASHBINDIR) directory; and @i[rlogind], @i[rshd], and @i[login.krb] -get copied to the @i[/usr/etc] (DAEMDIR) directory. The old copies of -the user programs are renamed @i(rsh.ucb), @i(rlogin.ucb) and -@i(rcp.ucb), respectively. The Kerberos versions of these programs are -designed to fall back and execute the original versions if something -prevents the Kerberos versions from succeeding. - -The Kerberos version of @i[tftp] and @i[tcom] get copied to the -@i[/usr/athena] (PROGDIR) directory; @i[tftpd] gets copied to the -@i[/etc] (ETCDIR) directory. @i[tftp] and @i[tftpd] are installed -set-uid to an unprivileged user (user id of DEF_UID). - -The @i[knetd] daemon gets copied to the @i[/usr/etc] (DAEMDIR) directory. - -The Kerberos server @i[kerberos], the slave propagation software -@i[kprop] and @i[kpropd], and the administration server @i[kadmind] get -copied to the @i[/usr/etc] (SVRDIR, SVRDIR, and DAEMDIR) directory. - -The remote administration tools @i[kpasswd], @i[ksrvutil] and @i[kadmin] -get copied to the @i[/usr/athena] (PROGDIR) directory. - -The Kerberos manual pages get installed in the appropriate -@i[/usr/man] directories. Don't forget to run @i[makewhatis] -after installing the manual pages. - -@end[itemize] - -@section[``Non-Standard'' Installation] - -If you'd rather install the software in a different location, -you can use the @i[make] command as follows, -where [DEST_DIR] specifies an alternate destination directory -which will be used as the root for the installed programs, i.e. programs -that would normally be installed in /usr/athena would be installed in -[DEST_DIR]/usr/athena. -@begin[example] -host# @b(make install DESTDIR=[DEST_DIR]) -@end[example] - -@chapter[Conclusion] - -Now that you have built and installed your Kerberos system, -use the accompanying @u[Kerberos Operation Notes] -to create a Kerberos Master database, install authenticated services, -and start the Kerberos server. - -@chapter [Acknowledgements] - -We'd like to thank Henry Mensch and Jon Rochlis for helping us debug -this document. diff --git a/doc/old-V4-docs/operation.PS b/doc/old-V4-docs/operation.PS deleted file mode 100644 index 3afb8cf060..0000000000 --- a/doc/old-V4-docs/operation.PS +++ /dev/null @@ -1,2669 +0,0 @@ -%!PS-Adobe-2.0 -%%Title: operation.mss -%%DocumentFonts: (atend) -%%Creator: John T Kohl,,E40-351M,31510,6176432831 and Scribe 7(1700) -%%CreationDate: 4 January 1990 11:55 -%%Pages: (atend) -%%EndComments -% PostScript Prelude for Scribe. -/BS {/SV save def 0.0 792.0 translate .01 -.01 scale} bind def -/ES {showpage SV restore} bind def -/SC {setrgbcolor} bind def -/FMTX matrix def -/RDF {WFT SLT 0.0 eq - {SSZ 0.0 0.0 SSZ neg 0.0 0.0 FMTX astore} - {SSZ 0.0 SLT neg sin SLT cos div SSZ mul SSZ neg 0.0 0.0 FMTX astore} - ifelse makefont setfont} bind def -/SLT 0.0 def -/SI { /SLT exch cvr def RDF} bind def -/WFT /Courier findfont def -/SF { /WFT exch findfont def RDF} bind def -/SSZ 1000.0 def -/SS { /SSZ exch 100.0 mul def RDF} bind def -/AF { /WFT exch findfont def /SSZ exch 100.0 mul def RDF} bind def -/MT /moveto load def -/XM {currentpoint exch pop moveto} bind def -/UL {gsave newpath moveto dup 2.0 div 0.0 exch rmoveto - setlinewidth 0.0 rlineto stroke grestore} bind def -/LH {gsave newpath moveto setlinewidth - 0.0 rlineto - gsave stroke grestore} bind def -/LV {gsave newpath moveto setlinewidth - 0.0 exch rlineto - gsave stroke grestore} bind def -/BX {gsave newpath moveto setlinewidth - exch - dup 0.0 rlineto - exch 0.0 exch neg rlineto - neg 0.0 rlineto - closepath - gsave stroke grestore} bind def -/BX1 {grestore} bind def -/BX2 {setlinewidth 1 setgray stroke grestore} bind def -/PB {/PV save def newpath translate - 100.0 -100.0 scale pop /showpage {} def} bind def -/PE {PV restore} bind def -/GB {/PV save def newpath translate rotate - div dup scale 100.0 -100.0 scale /showpage {} def} bind def -/GE {PV restore} bind def -/FB {dict dup /FontMapDict exch def begin} bind def -/FM {cvn exch cvn exch def} bind def -/FE {end /original-findfont /findfont load def /findfont - {dup FontMapDict exch known{FontMapDict exch get} if - original-findfont} def} bind def -/BC {gsave moveto dup 0 exch rlineto exch 0 rlineto neg 0 exch rlineto closepath clip} bind def -/EC /grestore load def -/SH /show load def -/MX {exch show 0.0 rmoveto} bind def -/W {0 32 4 -1 roll widthshow} bind def -/WX {0 32 5 -1 roll widthshow 0.0 rmoveto} bind def -/RC {100.0 -100.0 scale -612.0 0.0 translate --90.0 rotate -.01 -.01 scale} bind def -/URC {100.0 -100.0 scale -90.0 rotate --612.0 0.0 translate -.01 -.01 scale} bind def -/RCC {100.0 -100.0 scale -0.0 -792.0 translate 90.0 rotate -.01 -.01 scale} bind def -/URCC {100.0 -100.0 scale --90.0 rotate 0.0 792.0 translate -.01 -.01 scale} bind def -%%EndProlog -%%Page: 0 1 -BS -0 SI -20 /Times-Bold AF -19324 13788 MT -(Kerberos Operation Notes)SH -27156 15798 MT -(DRAFT)SH -16 /Times-Roman AF -27021 23502 MT -(Bill Bryant)SH -27289 25150 MT -(John Kohl)SH -23957 26798 MT -(Project Athena, MIT)SH -/Times-Bold SF -19489 32396 MT -(Initial Release, January 24, 1989)SH -/Times-Italic SF -17558 34044 MT -(\050plus later patches through patchlevel 7\051)SH -11 /Times-Roman AF -7200 43798 MT -(These notes assume that you have used the)SH -/Times-Italic SF -26322 XM -(Kerberos Installation Notes)SH -/Times-Roman SF -38821 XM -(to build and install your Kerberos)SH -7200 44994 MT -(system. As) -275 W( in that document, we refer to the directory that contains the built Kerberos binaries as)SH -7200 46190 MT -([OBJ_DIR].)SH -7200 48488 MT -(This document assumes that you are a Unix system manager.)SH -ES -%%Page: 1 2 -BS -0 SI -16 /Times-Bold AF -7200 8272 MT -(1. How) -400 W( Kerberos Works: A Schematic Description)SH -11 /Times-Roman AF -7200 10467 MT -(This section provides a simplified description of a general user's interaction with the Kerberos system.)SH -7200 11663 MT -(This interaction happens transparently--users don't need to know and probably don't care about what's)SH -7200 12859 MT -(going on--but Kerberos administrators might find a schematic description of the process useful. The)SH -7200 14055 MT -(description glosses over a lot of details; for more information, see)SH -/Times-Italic SF -36404 XM -(Kerberos: An Authentication Service)SH -7200 15251 MT -(for Open Network Systems)SH -/Times-Roman SF -(, a paper presented at Winter USENIX 1988, in Dallas, Texas.)SH -14 /Times-Bold AF -7200 19069 MT -(1.1 Network) -350 W( Services and Their Client Programs)SH -11 /Times-Roman AF -7200 21264 MT -(In an environment that provides network services, you use)SH -/Times-Italic SF -33164 XM -(client)SH -/Times-Roman SF -35883 XM -(programs to request service from)SH -/Times-Italic SF -50696 XM -(server)SH -/Times-Roman SF -7200 22460 MT -(programs that are somewhere on the network. Suppose you have logged in to a workstation and you want)SH -7200 23656 MT -(to)SH -/Times-Italic SF -8331 XM -(rlogin)SH -/Times-Roman SF -11296 XM -(to another machine. You use the local)SH -/Times-Italic SF -28493 XM -(rlogin)SH -/Times-Roman SF -31458 XM -(client program to contact the remote machine's)SH -/Times-Italic SF -7200 24852 MT -(rlogin)SH -/Times-Roman SF -10165 XM -(service daemon.)SH -14 /Times-Bold AF -7200 28670 MT -(1.2 Kerberos) -350 W( Tickets)SH -11 /Times-Roman AF -7200 30865 MT -(Under Kerberos, the)SH -/Times-Italic SF -16422 XM -(rlogin)SH -/Times-Roman SF -19387 XM -(service program allows a client to login to a remote machine if it can provide)SH -7200 32061 MT -(a Kerberos)SH -/Times-Bold SF -12268 XM -(ticket)SH -/Times-Roman SF -15169 XM -(for the request. This ticket proves the identity of the person who has used the client)SH -7200 33257 MT -(program to access the server program.)SH -14 /Times-Bold AF -7200 37075 MT -(1.3 The) -350 W( Kerberos Master Database)SH -11 /Times-Roman AF -7200 39270 MT -(Kerberos will give you tickets only if you have an entry in the Kerberos server's)SH -/Times-Bold SF -42845 XM -(master database)SH -/Times-Roman SF -(. Your)275 W -7200 40466 MT -(database entry includes your Kerberos username \050often referred to as your Kerberos)SH -/Times-Bold SF -44394 XM -(principal)SH -/Times-Roman SF -48949 XM -(name\051, and)SH -7200 41662 MT -(your Kerberos password. Every Kerberos user must have an entry in this database.)SH -14 /Times-Bold AF -7200 45480 MT -(1.4 The) -350 W( Ticket-Granting Ticket)SH -11 /Times-Roman AF -7200 47675 MT -(The)SH -/Times-Italic SF -9185 XM -(kinit)SH -/Times-Roman SF -11416 XM -(command prompts for your Kerberos username and password, and if you enter them)SH -7200 48871 MT -(successfully, you will obtain a Kerberos)SH -/Times-Italic SF -25131 XM -(ticket-granting ticket)SH -/Times-Roman SF -(. As) -275 W( illustrated below, client programs use)SH -7200 50067 MT -(this ticket to get other Kerberos tickets as needed.)SH -14 /Times-Bold AF -7200 53885 MT -(1.5 Network) -350 W( Services and the Master Database)SH -11 /Times-Roman AF -7200 56080 MT -(The master database also contains entries for all network services that require Kerberos authentication.)SH -7200 57276 MT -(Suppose for instance that your site has a machine)SH -/Times-Italic SF -29163 XM -(laughter)SH -/Times-Roman SF -33166 XM -(that requires Kerberos authentication from)SH -7200 58472 MT -(anyone who wants to)SH -/Times-Italic SF -16792 XM -(rlogin)SH -/Times-Roman SF -19757 XM -(to it. This service must be registered in the master database. Its entry)SH -7200 59668 MT -(includes the service's principal name, and its)SH -/Times-Bold SF -27238 XM -(instance)SH -/Times-Roman SF -(.)SH -7200 61966 MT -(The)SH -/Times-Italic SF -9185 XM -(instance)SH -/Times-Roman SF -13126 XM -(is the name of the service's machine; in this case, the service's instance is the name)SH -/Times-Italic SF -7200 63162 MT -(laughter)SH -/Times-Roman SF -(. The) -275 W( instance provides a means for Kerberos to distinguish between machines that provide the)SH -7200 64358 MT -(same service. Your site is likely to have more than one machine that provides)SH -/Times-Italic SF -41840 XM -(rlogin)SH -/Times-Roman SF -44805 XM -(service.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(1)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 2 3 -BS -0 SI -14 /Times-Bold AF -7200 8138 MT -(1.6 The) -350 W( User-Kerberos Interaction)SH -11 /Times-Roman AF -7200 10333 MT -(Suppose that you \050in the guise of a general user\051 walk up to a workstation intending to login to it, and)SH -7200 11529 MT -(then)SH -/Times-Italic SF -9369 XM -(rlogin)SH -/Times-Roman SF -12334 XM -(to the machine)SH -/Times-Italic SF -19085 XM -(laughter)SH -/Times-Roman SF -(. Here's) -275 W( what happens.)SH -9400 13480 MT -(1.)SH -10500 XM -(You login to the workstation and use the)SH -/Times-Italic SF -28648 XM -(kinit)SH -/Times-Roman SF -30879 XM -(command to to get a ticket-granting ticket.)SH -10500 14676 MT -(This command prompts you for your username \050your Kerberos Principal Name\051, and your)SH -10500 15872 MT -(Kerberos password [on some systems which use the new version of)SH -/Times-Italic SF -40465 XM -(/bin/login)SH -/Times-Roman SF -(, this may be)SH -10500 17068 MT -(done as part of the login process, not requiring the user to run a separate program].)SH -12762 19019 MT -(a.)SH -13800 XM -(The)SH -/Times-Italic SF -15785 XM -(kinit)SH -/Times-Roman SF -18016 XM -(command sends your request to the Kerberos master server machine. The)SH -13800 20215 MT -(server software looks for your principal name's entry in the Kerberos)SH -/Times-Bold SF -44555 XM -(master)SH -13800 21411 MT -(database)SH -/Times-Roman SF -(.)SH -12700 23305 MT -(b.)SH -13800 XM -(If this entry exists, the Kerberos server creates and returns a)SH -/Times-Italic SF -40430 XM -(ticket-granting ticket)SH -/Times-Roman SF -(,)SH -13800 24501 MT -(encrypted in your password. If)SH -/Times-Italic SF -27819 XM -(kinit)SH -/Times-Roman SF -30050 XM -(can decrypt the Kerberos reply using the)SH -13800 25697 MT -(password you provide, it stores this ticket in a)SH -/Times-Bold SF -34270 XM -(ticket file)SH -/Times-Roman SF -38912 XM -(on your local machine for)SH -13800 26893 MT -(later use. The ticket file to be used can be specified in the)SH -/Times-Bold SF -39609 XM -(KRBTKFILE)SH -/Times-Roman SF -13800 28089 MT -(environment variable. If this variable is not set, the name of the file will be)SH -/Times-Italic SF -13800 29285 MT -(/tmp/tkt)SH -/Times-BoldItalic SF -(uid)SH -/Times-Roman SF -(, where)SH -/Times-BoldItalic SF -22141 XM -(uid)SH -/Times-Roman SF -23884 XM -(is the UNIX user-id, represented in decimal.)SH -9400 31236 MT -(2.)SH -10500 XM -(Now you use the)SH -/Times-Italic SF -18198 XM -(rlogin)SH -/Times-Roman SF -21163 XM -(client to try to access the machine)SH -/Times-Italic SF -36344 XM -(laughter)SH -/Times-Roman SF -(.)SH -/Courier SF -11820 32813 MT -(host%)SH -/Times-Bold SF -15780 XM -(rlogin laughter)275 W -/Times-Roman SF -12762 34764 MT -(a.)SH -13800 XM -(The)SH -/Times-Italic SF -15785 XM -(rlogin)SH -/Times-Roman SF -18750 XM -(client checks your ticket file to see if you have a ticket for)SH -/Times-Italic SF -44559 XM -(laughter)SH -/Times-Roman SF -('s)SH -/Times-Italic SF -13800 35960 MT -(rcmd)SH -/Times-Roman SF -16335 XM -(service \050the rlogin program uses the)SH -/Times-Italic SF -32401 XM -(rcmd)SH -/Times-Roman SF -34936 XM -(service name, mostly for historical)SH -13800 37156 MT -(reasons\051. You) -275 W( don't, so)SH -/Times-Italic SF -24583 XM -(rlogin)SH -/Times-Roman SF -27548 XM -(uses the ticket file's)SH -/Times-Italic SF -36590 XM -(ticket-granting ticket)SH -/Times-Roman SF -46060 XM -(to make a)SH -13800 38352 MT -(request to the master server's ticket-granting service.)SH -12700 40246 MT -(b.)SH -13800 XM -(This ticket-granting service receives the)SH -/Times-Italic SF -31667 XM -(rcmd-laughter)SH -/Times-Roman SF -38296 XM -(request and looks in the)SH -13800 41442 MT -(master database for an)SH -/Times-Italic SF -23938 XM -(rcmd-laughter)SH -/Times-Roman SF -30567 XM -(entry. If) -275 W( that entry exists, the ticket-granting)SH -13800 42638 MT -(service issues you a ticket for that service. That ticket is also cached in your ticket)SH -13800 43834 MT -(file.)SH -12762 45728 MT -(c.)SH -13800 XM -(The)SH -/Times-Italic SF -15785 XM -(rlogin)SH -/Times-Roman SF -18750 XM -(client now uses that ticket to request service from the)SH -/Times-Italic SF -42454 XM -(laughter rlogin)SH -/Times-Roman SF -13800 46924 MT -(service program. The service program lets you)SH -/Times-Italic SF -34843 XM -(rlogin)SH -/Times-Roman SF -37808 XM -(if the ticket is valid.)SH -16 /Times-Bold AF -7200 51596 MT -(2. Setting) -400 W( Up and Testing the Kerberos Server)SH -11 /Times-Roman AF -7200 53791 MT -(The procedure for setting up and testing a Kerberos server is as follows:)SH -9400 55742 MT -(1.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kdb_init)SH -/Times-Roman SF -17985 XM -(command to create and initialize the master database.)SH -9400 57636 MT -(2.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kdb_edit)SH -/Times-Roman SF -18167 XM -(utility to add your username to the master database.)SH -9400 59530 MT -(3.)SH -10500 XM -(Start the Kerberos server.)SH -9400 61424 MT -(4.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kinit)SH -/Times-Roman SF -16335 XM -(command to obtain a Kerberos ticket-granting ticket.)SH -9400 63318 MT -(5.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(klist)SH -/Times-Roman SF -16213 XM -(command to verify that the)SH -/Times-Italic SF -28402 XM -(kinit)SH -/Times-Roman SF -30633 XM -(command authenticated you successfully.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(2)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 3 4 -BS -0 SI -14 /Times-Bold AF -7200 8138 MT -(2.1 Creating) -350 W( and Initializing the Master Database)SH -11 /Times-Roman AF -7200 10333 MT -(Login to the Kerberos master server machine, and use the)SH -/Times-Bold SF -32825 XM -(su)SH -/Times-Roman SF -34140 XM -(command to become root. If you installed)SH -7200 11529 MT -(the Kerberos administration tools with the)SH -/Times-Italic SF -26020 XM -(make install)SH -/Times-Roman SF -31642 XM -(command and the default pathnames, they should)SH -7200 12725 MT -(be in the)SH -/Times-Italic SF -11263 XM -(/usr/etc)SH -/Times-Roman SF -14838 XM -(directory. If) -275 W( you installed the tools in a different directory, hopefully you know what it)SH -7200 13921 MT -(is. From) -275 W( now on, we will refer to this directory as [ADMIN_DIR].)SH -7200 16219 MT -(The)SH -/Times-Italic SF -9185 XM -(kdb_init)SH -/Times-Roman SF -13066 XM -(command creates and initializes the master database. It asks you to enter the system's realm)SH -7200 17415 MT -(name and the database's master password. Do not forget this password. If you do, the database becomes)SH -7200 18611 MT -(useless. \050Your) -275 W( realm name should be substituted for [REALMNAME] below.\051)SH -7200 20909 MT -(Use)SH -/Times-Italic SF -9185 XM -(kdb_init)SH -/Times-Roman SF -13066 XM -(as follows:)SH -/Courier SF -8520 22486 MT -(host#)SH -/Times-Bold SF -12480 XM -([ADMIN_DIR]/kdb_init)SH -/Courier SF -8520 23600 MT -(Realm name \050default XXX\051:)SH -/Times-Bold SF -25680 XM -([REALMNAME])SH -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(Enter your system's realm name.)SH -/Courier SF -8520 24714 MT -(You will be prompted for the database Master Password.)SH -8520 25828 MT -(It is important that you NOT FORGET this password.)SH -8520 28056 MT -(Enter Kerberos master key:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter the master password.)SH -14 /Times-Bold AF -7200 32988 MT -(2.2 Storing) -350 W( the Master Password)SH -11 /Times-Roman AF -7200 35183 MT -(The)SH -/Times-Italic SF -9185 XM -(kstash)SH -/Times-Roman SF -12210 XM -(command ``stashes'' the master password in the file)SH -/Times-Italic SF -35424 XM -(/.k)SH -/Times-Roman SF -36768 XM -(so that the Kerberos server can be)SH -7200 36379 MT -(started automatically during an unattended reboot of the master server. Other administrative programs)SH -7200 37575 MT -(use this hidden password so that they can access the master database without someone having to manually)SH -7200 38771 MT -(provide the master password. This command is an optional one; if you'd rather enter the master password)SH -7200 39967 MT -(each time you start the Kerberos server, don't use)SH -/Times-Italic SF -29312 XM -(kstash)SH -/Times-Roman SF -(.)SH -7200 42265 MT -(One the one hand, if you use)SH -/Times-Italic SF -20090 XM -(kstash)SH -/Times-Roman SF -(, a copy of the master key will reside on disk which may not be)SH -7200 43461 MT -(acceptable; on the other hand, if you don't use)SH -/Times-Italic SF -27848 XM -(kstash)SH -/Times-Roman SF -(, the server cannot be started unless someone is)SH -7200 44657 MT -(around to type the password in manually.)SH -7200 46955 MT -(The command prompts you twice for the master password:)SH -/Courier SF -8520 48532 MT -(host#)SH -/Times-Bold SF -12480 XM -([ADMIN_DIR]/kstash)SH -/Courier SF -8520 50760 MT -(Enter Kerberos master key:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter the master password.)SH -/Courier SF -8520 51874 MT -(Current Kerberos master key version is 1.)SH -8520 54102 MT -(Master key entered) -SH( BEWARE!)1320 W -/Times-Roman SF -7200 56400 MT -(A note about the Kerberos database master key: if your master key is compromised and the database is)SH -7200 57596 MT -(obtained, the security of your entire authentication system is compromised. The master key must be a)SH -7200 58792 MT -(carefully kept secret. If you keep backups, you must guard all the master keys you use, in case someone)SH -7200 59988 MT -(has stolen an old backup and wants to attack users' whose passwords haven't changed since the backup)SH -7200 61184 MT -(was stolen. This is why we provide the option not to store it on disk.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(3)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 4 5 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(2.3 Using)350 W -/Times-BoldItalic SF -13423 XM -(kdb_edit)SH -/Times-Bold SF -18673 XM -(to Add Users to the Master Database)SH -11 /Times-Roman AF -7200 10362 MT -(The)SH -/Times-Italic SF -9185 XM -(kdb_edit)SH -/Times-Roman SF -13248 XM -(program is used to add new users and services to the master database, and to modify)SH -7200 11558 MT -(existing database information. The program prompts you to enter a principal's)SH -/Times-Bold SF -42177 XM -(name)SH -/Times-Roman SF -45018 XM -(and)SH -/Times-Bold SF -46881 XM -(instance)SH -/Times-Roman SF -(.)SH -7200 13856 MT -(A principal name is typically a username or a service program's name. An instance further qualifies the)SH -7200 15052 MT -(principal. If) -275 W( the principal is a service, the instance is used to specify the name of the machine on which)SH -7200 16248 MT -(that service runs. If the principal is a username that has general user privileges, the instance is usually set)SH -7200 17444 MT -(to null.)SH -7200 19742 MT -(The following example shows how to use)SH -/Times-Italic SF -25805 XM -(kdb_edit)SH -/Times-Roman SF -29868 XM -(to add the user)SH -/Times-Italic SF -36588 XM -(wave)SH -/Times-Roman SF -39123 XM -(to the Kerberos database.)SH -/Courier SF -8520 21319 MT -(host#)SH -/Times-Bold SF -12480 XM -([ADMIN_DIR]/kdb_edit)SH -/Courier SF -8520 23547 MT -(Opening database...)SH -8520 25775 MT -(Enter Kerberos master key:)SH -8520 26889 MT -(Verifying, please re-enter)SH -8520 28003 MT -(Enter Kerberos master key:)SH -8520 29117 MT -(Current Kerberos master key version is 1)SH -8520 31345 MT -(Master key entered. BEWARE!)SH -8520 32459 MT -(Previous or default values are in [brackets] ,)SH -8520 33573 MT -(enter return to leave the same, or new value.)SH -8520 35801 MT -(Principal name:)SH -/Times-Bold SF -19080 XM -(wave)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter the username.)SH -/Courier SF -8520 36915 MT -(Instance:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter a null instance.)SH -/Courier SF -8520 39143 MT -(, Create [y] ?)SH -/Times-Bold SF -25680 XM -(y)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(The user-instance does not exist.)SH -30450 40257 MT -(Enter y to create the user-instance.)SH -/Courier SF -8520 41371 MT -(Principal: wave Instance: m_key_v: 1)SH -8520 42485 MT -(New Password:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter the user-instance's password.)SH -/Courier SF -8520 43599 MT -(Verifying, please re-enter)SH -8520 44713 MT -(New Password:)SH -8520 45827 MT -(Principal's new key version = 1)SH -8520 46941 MT -(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH -/Times-Bold SF -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(Enter newlines)SH -/Courier SF -8520 48055 MT -(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH -/Times-Bold SF -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(to get the)SH -/Courier SF -8520 49169 MT -(Attributes [ 0 ] ?)SH -/Times-Bold SF -30120 XM -(<--)SH -/Times-BoldItalic SF -32139 XM -(default values.)SH -/Courier SF -8520 50283 MT -(Edit O.K.)SH -8520 52511 MT -(Principal name:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter a newline to exit the program.)SH -/Times-Roman SF -7200 54809 MT -(Use the)SH -/Times-Italic SF -10804 XM -(kdb_edit)SH -/Times-Roman SF -14867 XM -(utility to add your username to the master database.)SH -14 /Times-Bold AF -7200 58627 MT -(2.4 Starting) -350 W( the Kerberos Server)SH -11 /Times-Roman AF -7200 60822 MT -(Change directories to the directory in which you have installed the server program)SH -/Times-Italic SF -43701 XM -(kerberos)SH -/Times-Roman SF -47824 XM -(\050the default)SH -7200 62018 MT -(directory is)SH -/Times-Italic SF -12454 XM -(/usr/etc)SH -/Times-Roman SF -(\051, and start the program as a background process:)SH -/Courier SF -8520 63595 MT -(host#)SH -/Times-Bold SF -12480 XM -(./kerberos &)SH -/Times-Roman SF -7200 65190 MT -(If you have used the)SH -/Times-Italic SF -16393 XM -(kstash)SH -/Times-Roman SF -19418 XM -(command to store the master database password, the server will start)SH -7200 66386 MT -(automatically. If) -275 W( you did not use)SH -/Times-Italic SF -22048 XM -(kstash)SH -/Times-Roman SF -(, use the following command:)SH -/Courier SF -8520 67963 MT -(host#)SH -/Times-Bold SF -12480 XM -(./kerberos -m)SH -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(4)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 5 6 -BS -0 SI -11 /Times-Roman AF -7200 7955 MT -(The server will prompt you to enter the master password before actually starting itself.)SH -14 /Times-Bold AF -7200 11773 MT -(2.5 Testing) -350 W( the Kerberos Server)SH -11 /Times-Roman AF -7200 13968 MT -(Exit the root account and use the)SH -/Times-Italic SF -21893 XM -(kinit)SH -/Times-Roman SF -24124 XM -(command obtain a Kerberos ticket-granting ticket. This command)SH -7200 15164 MT -(creates your ticket file and stores the ticket-granting ticket in it.)SH -7200 17462 MT -(If you used the default)SH -/Times-Italic SF -17371 XM -(make install)SH -/Times-Roman SF -22993 XM -(command and directories to install the Kerberos user utilities,)SH -/Times-Italic SF -50365 XM -(kinit)SH -/Times-Roman SF -7200 18658 MT -(will be in the)SH -/Times-Italic SF -13250 XM -(/usr/athena)SH -/Times-Roman SF -18537 XM -(directory. From now on, we'll refer to the Kerberos user commands directory as)SH -7200 19854 MT -([K_USER].)SH -7200 22152 MT -(Use)SH -/Times-Italic SF -9185 XM -(kinit)SH -/Times-Roman SF -11416 XM -(as follows:)SH -/Courier SF -8520 23729 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kinit)SH -/Courier SF -8520 24843 MT -(MIT Project Athena, \050ariadne\051)SH -8520 25957 MT -(Kerberos Initialization)SH -8520 27071 MT -(Kerberos name:)SH -/Times-BoldItalic SF -18420 XM -(yourusername)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter your Kerberos username.)SH -/Courier SF -8520 28185 MT -(Password:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter your Kerberos password.)SH -/Times-Roman SF -7200 30483 MT -(Use the)SH -/Times-Italic SF -10804 XM -(klist)SH -/Times-Roman SF -12913 XM -(program to list the contents of your ticket file.)SH -/Courier SF -8520 32060 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/klist)SH -/Times-Roman SF -7200 33655 MT -(The command should display something like the following:)SH -/Courier SF -8520 35181 MT -(Ticket file:) -SH( /tmp/tkt5555)1980 W -8520 36295 MT -(Principal: yourusername@REALMNAME)3300 W -9840 38523 MT -(Issued Expires) -6600 W( Principal)5940 W -8520 39637 MT -(May 6) -660 W( 10:15:23 May 6 18:15:23 krbtgt.REALMNAME@REALMNAME)SH -/Times-Roman SF -7200 41935 MT -(If you have any problems, you can examine the log file)SH -/Times-Italic SF -31758 XM -(/kerberos/kerberos.log)SH -/Times-Roman SF -42022 XM -(on the Kerberos server)SH -7200 43131 MT -(machine to see if there was some sort of error.)SH -16 /Times-Bold AF -7200 47803 MT -(3. Setting) -400 W( up and testing the Administration server)SH -11 /Times-Roman AF -7200 49998 MT -(The procedure for setting up and testing the Kerberos administration server is as follows:)SH -9400 51949 MT -(1.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kdb_edit)SH -/Times-Roman SF -18167 XM -(utility to add your username with an administration instance to the master)SH -10500 53145 MT -(database.)SH -9400 55039 MT -(2.)SH -10500 XM -(Edit the access control lists for the administration server)SH -9400 56933 MT -(3.)SH -10500 XM -(Start the Kerberos administration server.)SH -9400 58827 MT -(4.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kpasswd)SH -/Times-Roman SF -18107 XM -(command to change your password.)SH -9400 60721 MT -(5.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kadmin)SH -/Times-Roman SF -17617 XM -(command to add new entries to the database.)SH -9400 62615 MT -(6.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(kinit)SH -/Times-Roman SF -16335 XM -(command to verify that the)SH -/Times-Italic SF -28524 XM -(kadmin)SH -/Times-Roman SF -32037 XM -(command correctly added new entries to)SH -10500 63811 MT -(the database.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(5)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 6 7 -BS -0 SI -14 /Times-Bold AF -7200 8138 MT -(3.1 Adding) -350 W( an administration instance for the administrator)SH -11 /Times-Roman AF -7200 10333 MT -(Login to the Kerberos master server machine, and use the)SH -/Times-Bold SF -32825 XM -(su)SH -/Times-Roman SF -34140 XM -(command to become root. Use the)SH -/Times-Italic SF -49780 XM -(kdb_edit)SH -/Times-Roman SF -7200 11529 MT -(program to create an entry for each administrator with the instance ``)SH -/Times-BoldItalic SF -(admin)SH -/Times-Roman SF -(''.)SH -/Courier SF -8520 13106 MT -(host#)SH -/Times-Bold SF -12480 XM -([ADMIN_DIR]/kdb_edit)SH -/Courier SF -8520 15334 MT -(Opening database...)SH -8520 17562 MT -(Enter Kerberos master key:)SH -8520 18676 MT -(Verifying, please re-enter)SH -8520 19790 MT -(Enter Kerberos master key:)SH -8520 20904 MT -(Current Kerberos master key version is 1)SH -8520 23132 MT -(Master key entered. BEWARE!)SH -8520 24246 MT -(Previous or default values are in [brackets] ,)SH -8520 25360 MT -(enter return to leave the same, or new value.)SH -8520 27588 MT -(Principal name:)SH -/Times-Bold SF -19080 XM -(wave)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter the username.)SH -/Courier SF -8520 28702 MT -(Instance:)SH -/Times-Bold SF -(admin)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter ``admin''.)SH -/Courier SF -8520 30930 MT -(, Create [y] ?)SH -/Times-Bold SF -25680 XM -(y)SH -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(The user-instance does not exist.)SH -30450 32044 MT -(Enter y to create the user-instance.)SH -/Courier SF -8520 33158 MT -(Principal: wave Instance: admin m_key_v: 1)SH -8520 34272 MT -(New Password:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter the user-instance's password.)SH -/Courier SF -8520 35386 MT -(Verifying, please re-enter)SH -8520 36500 MT -(New Password:)SH -8520 37614 MT -(Principal's new key version = 1)SH -8520 38728 MT -(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH -/Times-Bold SF -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(Enter newlines)SH -/Courier SF -8520 39842 MT -(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH -/Times-Bold SF -39600 XM -(<--)SH -/Times-BoldItalic SF -41619 XM -(to get the)SH -/Courier SF -8520 40956 MT -(Attributes [ 0 ] ?)SH -/Times-Bold SF -30120 XM -(<--)SH -/Times-BoldItalic SF -32139 XM -(default values.)SH -/Courier SF -8520 42070 MT -(Edit O.K.)SH -8520 44298 MT -(Principal name:)SH -/Times-BoldItalic SF -28800 XM -(<-- Enter a newline to exit the program.)SH -14 /Times-Bold AF -7200 48116 MT -(3.2 The) -350 W( Access Control Lists)SH -11 /Times-Roman AF -7200 50311 MT -(The Kerberos administration server uses three access control lists to determine who is authorized to make)SH -7200 51507 MT -(certain requests. The access control lists are stored on the master Kerberos server in the same directory as)SH -7200 52703 MT -(the principal database,)SH -/Times-Italic SF -17340 XM -(/kerberos)SH -/Times-Roman SF -(. The) -275 W( access control lists are simple ASCII text files, with each line)SH -7200 53899 MT -(specifying the name of one principal who is allowed the particular function. To allow several people to)SH -7200 55095 MT -(perform the same function, put their principal names on separate lines in the same file.)SH -7200 57393 MT -(The first list,)SH -/Times-Italic SF -13128 XM -(/kerberos/admin_acl.mod)SH -/Times-Roman SF -(, is a list of principals which are authorized to change entries in the)SH -7200 58589 MT -(database. To) -275 W( allow the administrator `)SH -/Times-Bold SF -(wave)SH -/Times-Roman SF -(' to modify entries in the database for the realm `)SH -/Times-Bold SF -(TIM.EDU)SH -/Times-Roman SF -(',)SH -7200 59785 MT -(you would put the following line into the file)SH -/Times-Italic SF -27275 XM -(/kerberos/admin_acl.mod)SH -/Times-Roman SF -(:)SH -/Courier SF -8520 61311 MT -(wave.admin@TIM.EDU)SH -/Times-Roman SF -7200 63609 MT -(The second list,)SH -/Times-Italic SF -14410 XM -(/kerberos/admin_acl.get)SH -/Times-Roman SF -(, is a list of principals which are authorized to retrieve entries)SH -7200 64805 MT -(from the database.)SH -7200 67103 MT -(The third list,)SH -/Times-Italic SF -13434 XM -(/kerberos/admin_acl.add)SH -/Times-Roman SF -(, is a list of principals which are authorized to add new entries to)SH -7200 68299 MT -(the database.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(6)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 7 8 -BS -0 SI -14 /Times-Bold AF -7200 8138 MT -(3.3 Starting) -350 W( the administration server)SH -11 /Times-Roman AF -7200 10333 MT -(Change directories to the directory in which you have installed the administration server program)SH -/Times-Italic SF -7200 11529 MT -(kadmind)SH -/Times-Roman SF -11263 XM -(\050the default directory is)SH -/Times-Italic SF -21831 XM -(/usr/etc)SH -/Times-Roman SF -(\051, and start the program as a background process:)SH -/Courier SF -8520 13106 MT -(host#)SH -/Times-Bold SF -12480 XM -(./kadmind -n&)SH -/Times-Roman SF -7200 14701 MT -(If you have used the)SH -/Times-Italic SF -16393 XM -(kstash)SH -/Times-Roman SF -19418 XM -(command to store the master database password, the server will start)SH -7200 15897 MT -(automatically. If) -275 W( you did not use)SH -/Times-Italic SF -22048 XM -(kstash)SH -/Times-Roman SF -(, use the following command:)SH -/Courier SF -8520 17474 MT -(host#)SH -/Times-Bold SF -12480 XM -(./kadmind)SH -/Times-Roman SF -7200 19069 MT -(The server will prompt you to enter the master password before actually starting itself; after it starts, you)SH -7200 20265 MT -(should suspend it and put it in the background \050usually this is done by typing control-Z and then)SH -/Times-Bold SF -49792 XM -(bg)SH -/Times-Roman SF -(\051.)SH -14 /Times-Bold AF -7200 24112 MT -(3.4 Testing)350 W -/Times-BoldItalic SF -14434 XM -(kpasswd)SH -11 /Times-Roman AF -7200 26307 MT -(To test the administration server, you should try changing your password with the)SH -/Times-Italic SF -43494 XM -(kpasswd)SH -/Times-Roman SF -47497 XM -(command, and)SH -7200 27503 MT -(you should try adding new users with the)SH -/Times-Italic SF -25592 XM -(kadmin)SH -/Times-Roman SF -29105 XM -(command \050both commands are installed into)SH -/Times-Italic SF -48963 XM -(/usr/athena)SH -/Times-Roman SF -7200 28699 MT -(by default\051.)SH -7200 30997 MT -(Before testing, you should exit the root account.)SH -7200 33295 MT -(To change your password, run the)SH -/Times-Italic SF -22441 XM -(kpasswd)SH -/Times-Roman SF -26444 XM -(command:)SH -/Courier SF -8520 34872 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kpasswd)SH -/Courier SF -8520 35986 MT -(Old password for wave@TIM.EDU:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -(Enter your password)SH -/Courier SF -8520 37100 MT -(New Password for wave@TIM.EDU:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -(Enter a new password)SH -/Courier SF -8520 38214 MT -(Verifying, please re-enter New Password for wave@TIM.EDU:)SH -/Times-Bold SF -28800 39328 MT -(<--)SH -/Times-BoldItalic SF -(Enter new password again)SH -/Courier SF -8520 40442 MT -(Password changed.)SH -/Times-Roman SF -7200 42037 MT -(Once you have changed your password, use the)SH -/Times-Italic SF -28365 XM -(kinit)SH -/Times-Roman SF -30596 XM -(program as shown above to verify that the password)SH -7200 43233 MT -(was properly changed.)SH -14 /Times-Bold AF -7200 47080 MT -(3.5 Testing)350 W -/Times-BoldItalic SF -14434 XM -(kadmin)SH -11 /Times-Roman AF -7200 49275 MT -(You should also test the function of the)SH -/Times-Italic SF -24798 XM -(kadmin)SH -/Times-Roman SF -28311 XM -(program, by adding a new user \050here named)SH -7200 50471 MT -(``)SH -/Courier SF -(username)SH -/Times-Roman SF -(''\051:)SH -/Courier SF -8520 52048 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kadmin)SH -/Courier SF -8520 53162 MT -(Welcome to the Kerberos Administration Program, version 2)SH -8520 54276 MT -(Type "help" if you need it.)SH -8520 55390 MT -(admin:)SH -/Times-Bold SF -13800 XM -(ank username)SH -/Times-BoldItalic SF -28800 XM -(`ank' stands for Add New Key)SH -/Courier SF -8520 56504 MT -(Admin password:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -(enter the password)SH -28800 57618 MT -(you chose above for wave.admin)SH -/Courier SF -8520 58732 MT -(Password for username:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -(Enter the user's initial password)SH -/Courier SF -8520 59846 MT -(Verifying, please re-enter Password for username:)SH -/Times-Bold SF -40920 XM -(<--)SH -/Times-BoldItalic SF -(enter it again)SH -/Courier SF -8520 60960 MT -(username added to database.)SH -8520 63188 MT -(admin: quit)660 W -8520 64302 MT -(Cleaning up and exiting.)SH -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(7)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 8 9 -BS -0 SI -14 /Times-Bold AF -7200 8167 MT -(3.6 Verifying) -350 W( with)SH -/Times-BoldItalic SF -18671 XM -(kinit)SH -11 /Times-Roman AF -7200 10362 MT -(Once you've added a new user, you should test to make sure it was added properly by using)SH -/Times-Italic SF -47917 XM -(kinit)SH -/Times-Roman SF -(, and)SH -7200 11558 MT -(trying to get tickets for that user:)SH -/Courier SF -8520 13135 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kinit username)SH -/Courier SF -8520 14249 MT -(MIT Project Athena \050ariadne\051)SH -8520 15363 MT -(Kerberos Initialization for "username@TIM.EDU")SH -8520 16477 MT -(Password:)SH -/Times-Bold SF -15120 XM -(<--)SH -/Times-BoldItalic SF -(Enter the user's password you used above)SH -/Courier SF -8520 17591 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/klist)SH -/Courier SF -8520 18705 MT -(Ticket file:) -SH( /tmp/tkt_5509_spare1)1980 W -8520 19819 MT -(Principal: username@TIM.MIT.EDU)3300 W -9840 22047 MT -(Issued Expires) -6600 W( Principal)5940 W -8520 23161 MT -(Nov 20 15:58:52 Nov 20 23:58:52 krbtgt.TIM.EDU@TIM.EDU)SH -/Times-Roman SF -7200 25459 MT -(If you have any problems, you can examine the log files)SH -/Times-Italic SF -32186 XM -(/kerberos/kerberos.log)SH -/Times-Roman SF -42450 XM -(and)SH -/Times-Italic SF -7200 26655 MT -(/kerberos/admin_server.syslog)SH -/Times-Roman SF -21008 XM -(on the Kerberos server machine to see if there was some sort of error.)SH -16 /Times-Bold AF -7200 31327 MT -(4. Setting) -400 W( up and testing slave server\050s\051)SH -11 /Times-Roman AF -7200 33522 MT -([Unfortunately, this chapter is not yet ready. Sorry. -ed])SH -16 /Times-Bold AF -7200 38194 MT -(5. A) -400 W( Sample Application)SH -11 /Times-Roman AF -7200 40389 MT -(This release of Kerberos comes with a sample application server and a corresponding client program.)SH -7200 41585 MT -(You will find this software in the [OBJ_DIR])SH -/Times-Italic SF -(/appl/sample)SH -/Times-Roman SF -33170 XM -(directory. The) -275 W( file)SH -/Times-Italic SF -41691 XM -(sample_client)SH -/Times-Roman SF -48076 XM -(contains the)SH -7200 42781 MT -(client program's executable code, the file)SH -/Times-Italic SF -25677 XM -(sample_server)SH -/Times-Roman SF -32366 XM -(contains the server's executable.)SH -7200 45079 MT -(The programs are rudimentary. When they have been installed \050the installation procedure is described in)SH -7200 46275 MT -(detail later\051, they work as follows:)SH -/Symbol SF -9169 48351 MT -(\267)SH -/Times-Roman SF -9950 XM -(The user starts)SH -/Times-Italic SF -16639 XM -(sample_client)SH -/Times-Roman SF -23024 XM -(and provides as arguments to the command the name of the)SH -9950 49547 MT -(server machine and a checksum. For instance:)SH -/Courier SF -11270 51147 MT -(host%)SH -/Times-Bold SF -15230 XM -(sample_client)SH -/Times-BoldItalic SF -22966 XM -(servername 43)385 W -/Symbol SF -9169 53041 MT -(\267)SH -/Times-Italic SF -9950 XM -(Sample_client)SH -/Times-Roman SF -16457 XM -(contacts the server machine and authenticates the user to)SH -/Times-Italic SF -41654 XM -(sample_server)SH -/Times-Roman SF -(.)SH -/Symbol SF -9169 54935 MT -(\267)SH -/Times-Italic SF -9950 XM -(Sample_server)SH -/Times-Roman SF -16761 XM -(authenticates itself to)SH -/Times-Italic SF -26384 XM -(sample_client)SH -/Times-Roman SF -(, then returns a message to the client)SH -9950 56131 MT -(program. This) -275 W( message contains diagnostic information that includes the user's username,)SH -9950 57327 MT -(the Kerberos realm, and the user's workstation address.)SH -/Symbol SF -9169 59221 MT -(\267)SH -/Times-Italic SF -9950 XM -(Sample_client)SH -/Times-Roman SF -16457 XM -(displays the server's message on the user's terminal screen.)SH -14 /Times-Bold AF -7200 63039 MT -(5.1 The) -350 W( Installation Process)SH -11 /Times-Roman AF -7200 65234 MT -(In general, you use the following procedure to install a Kerberos-authenticated server-client system.)SH -9400 67185 MT -(1.)SH -10500 XM -(Add the appropriate entry to the Kerberos database using)SH -/Times-Italic SF -35881 XM -(kdb_edit)SH -/Times-Roman SF -39944 XM -(or)SH -/Times-Italic SF -41135 XM -(kadmin)SH -/Times-Roman SF -44648 XM -(\050described)SH -10500 68381 MT -(below\051.)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(8)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 9 10 -BS -0 SI -11 /Times-Roman AF -9400 7955 MT -(2.)SH -10500 XM -(Create a)SH -/Times-Italic SF -14408 XM -(/etc/srvtab)SH -/Times-Roman SF -19327 XM -(file for the server machine.)SH -9400 9849 MT -(3.)SH -10500 XM -(Install the service program and the)SH -/Times-Italic SF -26016 XM -(/etc/srvtab)SH -/Times-Roman SF -30935 XM -(file on the server machine.)SH -9400 11743 MT -(4.)SH -10500 XM -(Install the client program on the client machine.)SH -9400 13637 MT -(5.)SH -10500 XM -(Update the)SH -/Times-Italic SF -15570 XM -(/etc/services)SH -/Times-Roman SF -21281 XM -(file on the client and server machines.)SH -7200 15935 MT -(We will use the sample application as an example, although the procedure used to install)SH -/Times-Italic SF -46484 XM -(sample_server)SH -/Times-Roman SF -7200 17131 MT -(differs slightly from the general case because the)SH -/Times-Italic SF -29006 XM -(sample_server)SH -/Times-Roman SF -35695 XM -(takes requests via the)SH -/Times-Italic SF -45347 XM -(inetd)SH -/Times-Roman SF -47822 XM -(program.)SH -/Times-Italic SF -7200 18327 MT -(Inetd)SH -/Times-Roman SF -9735 XM -(starts)SH -/Times-Italic SF -12332 XM -(sample_server)SH -/Times-Roman SF -19021 XM -(each time a client process contacts the server machine.)SH -/Times-Italic SF -43606 XM -(Sample_server)SH -/Times-Roman SF -7200 19523 MT -(processes the request, terminiates, then is restarted when)SH -/Times-Italic SF -32368 XM -(inetd)SH -/Times-Roman SF -34843 XM -(receives another)SH -/Times-Italic SF -42293 XM -(sample_client)SH -/Times-Roman SF -48678 XM -(request.)SH -7200 20719 MT -(When you install the program on the server, you must add a)SH -/Times-Italic SF -33807 XM -(sample)SH -/Times-Roman SF -37198 XM -(entry to the server machine's)SH -/Times-Italic SF -7200 21915 MT -(/etc/inetd.conf)SH -/Times-Roman SF -13738 XM -(file.)SH -7200 24213 MT -(The following description assumes that you are installing)SH -/Times-Italic SF -32680 XM -(sample_server)SH -/Times-Roman SF -39369 XM -(on the machine)SH -/Times-Italic SF -46364 XM -(ariadne.tim.edu)SH -/Times-Roman SF -(.)SH -7200 25409 MT -(Here's the process, step by step:)SH -9400 27360 MT -(1.)SH -10500 XM -(Login as or)SH -/Times-Italic SF -15785 XM -(su)SH -/Times-Roman SF -17038 XM -(to root on the Kerberos server machine. Use the)SH -/Times-Italic SF -38631 XM -(kdb_edit)SH -/Times-Roman SF -42694 XM -(or)SH -/Times-Italic SF -43885 XM -(kadmin)SH -/Times-Roman SF -47398 XM -(program)SH -10500 28556 MT -(to create an entry for)SH -/Times-Italic SF -19935 XM -(sample)SH -/Times-Roman SF -23326 XM -(in the Kerberos database:)SH -/Courier SF -11820 30133 MT -(host#)SH -/Times-Bold SF -15780 XM -([ADMIN_DIR]/kdb_edit)SH -/Courier SF -11820 32361 MT -(Opening database...)SH -11820 34589 MT -(Enter Kerberos master key:)SH -11820 35703 MT -(Verifying, please re-enter)SH -11820 36817 MT -(master key entered. BEWARE!)SH -11820 37931 MT -(Previous or default values are in [brackets] ,)SH -11820 39045 MT -(enter return to leave the same, or new value.)SH -11820 41273 MT -(Principal name:)SH -/Times-Bold SF -22380 XM -(sample)SH -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Enter the principal name.)SH -/Courier SF -11820 42387 MT -(Instance:)SH -/Times-Bold SF -18420 XM -(ariadne)SH -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Instances cannot have periods in them.)SH -/Courier SF -11820 44615 MT -(, Create [y] ?)SH -/Times-Bold SF -28980 XM -(y)SH -/Courier SF -11820 46843 MT -(Principal: sample_server Instance: ariadne m_key_v: 1)SH -11820 47957 MT -(New Password:)SH -/Times-Bold SF -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Enter ``RANDOM'' to get random password.)SH -/Courier SF -11820 49071 MT -(Verifying, please re-enter)SH -11820 50185 MT -(New Password:)SH -/Times-Bold SF -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Enter ``RANDOM'' again.)SH -/Courier SF -11820 51299 MT -(Random password [y] ?)SH -/Times-Bold SF -26340 XM -(y)SH -/Courier SF -11820 53527 MT -(Principal's new key version = 1)SH -11820 54641 MT -(Expiration date \050enter dd-mm-yy\051 [ 12/31/99 ] ?)SH -11820 55755 MT -(Max ticket lifetime \050*5 minutes\051 [ 255 ] ?)SH -11820 56869 MT -(Attributes [ 0 ] ?)SH -11820 57983 MT -(Edit O.K.)SH -11820 60211 MT -(Principal name:)SH -/Times-Bold SF -26220 XM -(<--)SH -/Times-BoldItalic SF -28239 XM -(Enter newline to exit kdb_edit.)SH -/Times-Roman SF -9400 62105 MT -(2.)SH -10500 XM -(Use the)SH -/Times-Italic SF -14104 XM -(ext_srvtab)SH -/Times-Roman SF -18961 XM -(program to create a)SH -/Times-Italic SF -27755 XM -(srvtab)SH -/Times-Roman SF -30780 XM -(file for)SH -/Times-Italic SF -34078 XM -(sample_server)SH -/Times-Roman SF -('s host machine:)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30350 XM -(9)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 10 11 -BS -0 SI -11 /Courier AF -11820 7937 MT -(host#)SH -/Times-Bold SF -15780 XM -([ADMIN_DIR]/ext_srvtab ariadne)275 W -/Courier SF -11820 10165 MT -(Enter Kerberos master key:)SH -11820 11279 MT -(Current Kerberos master key version is 1.)SH -11820 13507 MT -(Generating 'ariadne-new-srvtab'....)SH -/Times-Roman SF -10500 15102 MT -(Transfer the)SH -/Times-Italic SF -16118 XM -(ariadne-new-srvtab)SH -/Times-Roman SF -25069 XM -(file to)SH -/Times-Italic SF -27941 XM -(ariadne)SH -/Times-Roman SF -31638 XM -(and install it as)SH -/Times-Italic SF -38544 XM -(/etc/srvtab)SH -/Times-Roman SF -(. Note) -275 W( that this)SH -10500 16298 MT -(file is equivalent to the service's password and should be treated with care. For example, it)SH -10500 17494 MT -(could be transferred by removable media, but should not be sent over an open network in)SH -10500 18690 MT -(the clear. Once installed, this file should be readable only by root.)SH -9400 20584 MT -(3.)SH -10500 XM -(Add the following line to the)SH -/Times-Italic SF -23516 XM -(/etc/services)SH -/Times-Roman SF -29227 XM -(file on)SH -/Times-Italic SF -32343 XM -(ariadne)SH -/Times-Roman SF -(, and on all machines that will run)SH -10500 21780 MT -(the)SH -/Times-Italic SF -12119 XM -(sample_client)SH -/Times-Roman SF -18504 XM -(program:)SH -/Courier SF -11820 23306 MT -(sample 906/tcp) -2640 W( #) -3960 W( Kerberos sample app server)SH -/Times-Roman SF -9400 25200 MT -(4.)SH -10500 XM -(Add a line similar to the following line to the)SH -/Times-Italic SF -30666 XM -(/etc/inetd.conf)SH -/Times-Roman SF -37204 XM -(file on)SH -/Times-Italic SF -40320 XM -(sample_server)SH -/Times-Roman SF -('s)SH -10500 26396 MT -(machine:)SH -/Courier SF -11820 27922 MT -(sample stream tcp nowait switched root)1320 W -14460 29036 MT -([PATH]/sample_server sample_server)SH -/Times-Roman SF -10500 30631 MT -(where [PATH] should be substituted with the path to the)SH -/Times-Italic SF -35674 XM -(sample_server)SH -/Times-Roman SF -42363 XM -(program. \050This)275 W -/Times-Italic SF -10500 31827 MT -(inetd.conf)SH -/Times-Roman SF -15144 XM -(information should be placed on one line.\051 You should examine existing lines in)SH -/Times-Italic SF -10500 33023 MT -(/etc/inetd.conf)SH -/Times-Roman SF -17038 XM -(and use the same format used by other entries \050e.g. for telnet\051. Most systems)SH -10500 34219 MT -(do not have a column for the `switched' keyword, and some do not have a column for the)SH -10500 35415 MT -(username \050usually `root', as above\051.)SH -9400 37309 MT -(5.)SH -10500 XM -(Restart)SH -/Times-Italic SF -13891 XM -(inetd)SH -/Times-Roman SF -16366 XM -(by sending the current)SH -/Times-Italic SF -26446 XM -(inetd)SH -/Times-Roman SF -28921 XM -(process a hangup signal:)SH -/Courier SF -11820 38909 MT -(host#)SH -/Times-Bold SF -15780 XM -(kill -HUP)275 W -/Times-BoldItalic SF -21373 XM -(process_id_number)SH -/Times-Roman SF -9400 40803 MT -(6.)SH -10500 XM -(The)SH -/Times-Italic SF -12485 XM -(sample_server)SH -/Times-Roman SF -19174 XM -(is now ready to take)SH -/Times-Italic SF -28307 XM -(sample_client)SH -/Times-Roman SF -34692 XM -(requests.)SH -14 /Times-Bold AF -7200 44621 MT -(5.2 Testing) -350 W( the Sample Server)SH -11 /Times-Roman AF -7200 46816 MT -(Assume that you have installed)SH -/Times-Italic SF -21223 XM -(sample_server)SH -/Times-Roman SF -27912 XM -(on)SH -/Times-Italic SF -29287 XM -(ariadne)SH -/Times-Roman SF -(.)SH -7200 49114 MT -(Login to your workstation and use the)SH -/Times-Italic SF -24217 XM -(kinit)SH -/Times-Roman SF -26448 XM -(command to obtain a Kerberos ticket-granting ticket:)SH -/Courier SF -8520 50691 MT -(host%)SH -/Times-Bold SF -12480 XM -([K_USER]/kinit)SH -/Courier SF -8520 51805 MT -(MIT Project Athena, \050your_workstation\051)SH -8520 52919 MT -(Kerberos Initialization)SH -8520 54033 MT -(Kerberos name:)SH -/Times-BoldItalic SF -18420 XM -(yourusername)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter your Kerberos username.)SH -/Courier SF -8520 55147 MT -(Password:)SH -/Times-Bold SF -28800 XM -(<--)SH -/Times-BoldItalic SF -30819 XM -(Enter your Kerberos password.)SH -/Times-Roman SF -7200 57445 MT -(Now use the)SH -/Times-Italic SF -12973 XM -(sample_client)SH -/Times-Roman SF -19358 XM -(program as follows:)SH -/Courier SF -8520 59022 MT -(host%)SH -/Times-Bold SF -12480 XM -([PATH]/sample_client ariadne)275 W -/Times-Roman SF -7200 60617 MT -(The command should display something like the following:)SH -/Courier SF -8520 62143 MT -(The server says:)SH -8520 63257 MT -(You are)SH -/Times-BoldItalic SF -13800 XM -(yourusername)SH -/Courier SF -(.@REALMNAME \050local name)SH -/Times-BoldItalic SF -36180 XM -(yourusername)SH -/Courier SF -(\051,)SH -9180 64371 MT -(at address)SH -/Times-BoldItalic SF -16440 XM -(yournetaddress)SH -/Courier SF -(, version VERSION9, cksum 997)SH -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30100 XM -(10)SH -47890 XM -(4 January 1990)SH -ES -%%Page: 11 12 -BS -0 SI -16 /Times-Bold AF -7200 8272 MT -(6. Service) -400 W( names and other services)SH -14 SS -7200 12090 MT -(6.1 rlogin,) -350 W( rsh, rcp, tftp, and others)SH -11 /Times-Roman AF -7200 14285 MT -(Many services use a common principal name for authentication purposes.)SH -/Times-Italic SF -40128 XM -(rlogin)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -43368 XM -(rsh)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -45324 XM -(rcp)SH -/Times-Roman SF -(,)SH -/Times-Italic SF -47340 XM -(tftp)SH -/Times-Roman SF -49083 XM -(and others)SH -7200 15481 MT -(use the principal name ``)SH -/Courier SF -(rcmd)SH -/Times-Roman SF -(''. For) -275 W( example, to set up the machine)SH -/Times-Italic SF -38033 XM -(ariadne)SH -/Times-Roman SF -41730 XM -(to support Kerberos rlogin,)SH -7200 16677 MT -(it needs to have a service key for principal ``)SH -/Courier SF -(rcmd)SH -/Times-Roman SF -('', instance ``)SH -/Courier SF -(ariadne)SH -/Times-Roman SF -(''. You) -275 W( create this key in the)SH -7200 17873 MT -(same way as shown above for the sample service.)SH -7200 20171 MT -(After creating this key, you need to run the)SH -/Times-Italic SF -26382 XM -(ext_srvtab)SH -/Times-Roman SF -31239 XM -(program again to generate a new srvtab file for)SH -7200 21367 MT -(ariadne.)SH -14 /Times-Bold AF -7200 25185 MT -(6.2 NFS) -350 W( modifications)SH -11 /Times-Roman AF -7200 27380 MT -(The NFS modifications distributed separately use the service name ``)SH -/Courier SF -(rvdsrv)SH -/Times-Roman SF -('' with the instance set to)SH -7200 28576 MT -(the machine name \050as for the sample server and the rlogin, rsh, rcp and tftp services\051.)SH -14 /Times-Bold AF -7200 32394 MT -(6.3 inetd.conf) -350 W( entries)SH -11 /Times-Roman AF -7200 34589 MT -(The following are the)SH -/Times-Italic SF -16974 XM -(/etc/inetd.conf)SH -/Times-Roman SF -23512 XM -(entries necessary to support rlogin, encrypted rlogin, rsh, and rcp)SH -7200 35785 MT -(services on a server machine. As above, your)SH -/Times-Italic SF -27631 XM -(inetd.conf)SH -/Times-Roman SF -32275 XM -(may not support all the fields shown here.)SH -/Courier SF -8520 37311 MT -(eklogin stream) -660 W( tcp nowait unswitched root)1320 W -11160 38425 MT -([PATH]/klogind eklogind)1320 W -8520 39539 MT -(kshell stream tcp nowait unswitched root)1320 W -11160 40653 MT -([PATH]/kshd kshd)1320 W -8520 41767 MT -(klogin stream tcp nowait unswitched root)1320 W -11160 42881 MT -([PATH]/klogind klogind)1320 W -10 /Times-Roman AF -7200 75600 MT -(MIT Project Athena)SH -30100 XM -(11)SH -47890 XM -(4 January 1990)SH -ES -%%Page: i 13 -BS -0 SI -14 /Times-Bold AF -25272 8138 MT -(Table of Contents)SH -13 SS -7200 9781 MT -(1. How) -325 W( Kerberos Works: A Schematic Description)SH -53350 XM -(1)SH -12 /Times-Roman AF -9000 11130 MT -(1.1 Network) -300 W( Services and Their Client Programs)SH -53400 XM -(1)SH -9000 12479 MT -(1.2 Kerberos) -300 W( Tickets)SH -53400 XM -(1)SH -9000 13828 MT -(1.3 The) -300 W( Kerberos Master Database)SH -53400 XM -(1)SH -9000 15177 MT -(1.4 The) -300 W( Ticket-Granting Ticket)SH -53400 XM -(1)SH -9000 16526 MT -(1.5 Network) -300 W( Services and the Master Database)SH -53400 XM -(1)SH -9000 17875 MT -(1.6 The) -300 W( User-Kerberos Interaction)SH -53400 XM -(2)SH -13 /Times-Bold AF -7200 19518 MT -(2. Setting) -325 W( Up and Testing the Kerberos Server)SH -53350 XM -(2)SH -12 /Times-Roman AF -9000 20867 MT -(2.1 Creating) -300 W( and Initializing the Master Database)SH -53400 XM -(3)SH -9000 22216 MT -(2.2 Storing) -300 W( the Master Password)SH -53400 XM -(3)SH -9000 23571 MT -(2.3 Using)300 W -/Times-BoldItalic SF -14267 XM -(kdb_edit)SH -/Times-Roman SF -18768 XM -(to Add Users to the Master Database)SH -53400 XM -(4)SH -9000 24920 MT -(2.4 Starting) -300 W( the Kerberos Server)SH -53400 XM -(4)SH -9000 26269 MT -(2.5 Testing) -300 W( the Kerberos Server)SH -53400 XM -(5)SH -13 /Times-Bold AF -7200 27912 MT -(3. Setting) -325 W( up and testing the Administration server)SH -53350 XM -(5)SH -12 /Times-Roman AF -9000 29261 MT -(3.1 Adding) -300 W( an administration instance for the administrator)SH -53400 XM -(6)SH -9000 30610 MT -(3.2 The) -300 W( Access Control Lists)SH -53400 XM -(6)SH -9000 31959 MT -(3.3 Starting) -300 W( the administration server)SH -53400 XM -(7)SH -9000 33314 MT -(3.4 Testing)300 W -/Times-BoldItalic SF -15001 XM -(kpasswd)SH -/Times-Roman SF -53400 XM -(7)SH -9000 34669 MT -(3.5 Testing)300 W -/Times-BoldItalic SF -15001 XM -(kadmin)SH -/Times-Roman SF -53400 XM -(7)SH -9000 36024 MT -(3.6 Verifying) -300 W( with)SH -/Times-BoldItalic SF -18501 XM -(kinit)SH -/Times-Roman SF -53400 XM -(8)SH -13 /Times-Bold AF -7200 37667 MT -(4. Setting) -325 W( up and testing slave server\050s\051)SH -53350 XM -(8)SH -7200 39310 MT -(5. A) -325 W( Sample Application)SH -53350 XM -(8)SH -12 /Times-Roman AF -9000 40659 MT -(5.1 The) -300 W( Installation Process)SH -53400 XM -(8)SH -9000 42008 MT -(5.2 Testing) -300 W( the Sample Server)SH -52800 XM -(10)SH -13 /Times-Bold AF -7200 43651 MT -(6. Service) -325 W( names and other services)SH -52700 XM -(11)SH -12 /Times-Roman AF -9000 45000 MT -(6.1 rlogin,) -300 W( rsh, rcp, tftp, and others)SH -52800 XM -(11)SH -9000 46349 MT -(6.2 NFS) -300 W( modifications)SH -52800 XM -(11)SH -9000 47698 MT -(6.3 inetd.conf) -300 W( entries)SH -52800 XM -(11)SH -10 SS -7200 75600 MT -(MIT Project Athena)SH -30461 XM -(i)SH -47890 XM -(4 January 1990)SH -ES -%%Trailer -%%Pages: 13 -%%DocumentFonts: Times-Roman Times-Bold Times-Italic Times-BoldItalic Courier Symbol diff --git a/doc/old-V4-docs/operation.mss b/doc/old-V4-docs/operation.mss deleted file mode 100644 index a35bb9f95e..0000000000 --- a/doc/old-V4-docs/operation.mss +++ /dev/null @@ -1,799 +0,0 @@ -@Comment[ $Source$] -@Comment[ $Author$] -@Comment[ $Id$] -@Comment[] -@device[postscript] -@make[report] -@comment[ -@DefineFont(HeadingFont, - P=, - B=, - I=, - R=) -] -@DefineFont(HeadingFont, - P=, - B=, - I=, - R=) -@Counter(MajorPart,TitleEnv HD0,ContentsEnv tc0,Numbered [@I], - IncrementedBy Use,Announced) -@Counter(Chapter,TitleEnv HD1,ContentsEnv tc1,Numbered [@1. ], - IncrementedBy Use,Referenced [@1],Announced) -@Counter(Appendix,TitleEnv HD1,ContentsEnv tc1,Numbered [@A. ], - IncrementedBy,Referenced [@A],Announced,Alias Chapter) -@Counter(UnNumbered,TitleEnv HD1,ContentsEnv tc1,Announced,Alias - Chapter) -@Counter(Section,Within Chapter,TitleEnv HD2,ContentsEnv tc2, - Numbered [@#@:.@1 ],Referenced [@#@:.@1],IncrementedBy - Use,Announced) -@Counter(AppendixSection,Within Appendix,TitleEnv HD2, - ContentsEnv tc2, - Numbered [@#@:.@1 ],Referenced [@#@:.@1],IncrementedBy - Use,Announced) -@Counter(SubSection,Within Section,TitleEnv HD3,ContentsEnv tc3, - Numbered [@#@:.@1 ],IncrementedBy Use, - Referenced [@#@:.@1 ]) -@Counter(AppendixSubSection,Within AppendixSection,TitleEnv HD3, - ContentsEnv tc3, - Numbered [@#@:.@1 ],IncrementedBy Use, - Referenced [@#@:.@1 ]) -@Counter(Paragraph,Within SubSection,TitleEnv HD4,ContentsEnv tc4, - Numbered [@#@:.@1 ],Referenced [@#@:.@1], - IncrementedBy Use) -@modify(CopyrightNotice, Fixed -1 inch, Flushright) -@Modify(Titlebox, Fixed 3.0 inches) -@Modify(hd1, below .2 inch, facecode B, size 16, spaces kept, pagebreak off) -@Modify(hd2, below .2 inch, facecode B, size 14, spaces kept) -@Modify(hd3, below .2 inch, facecode B, size 12, spaces kept) -@Modify(Description, Leftmargin +20, Indent -20,below 1 line, above 1 line) -@Modify(Tc1, Above .5, Facecode B) -@Modify(Tc2, Above .25, Below .25, Facecode R) -@Modify(Tc3,Facecode R) -@Modify(Tc4,Facecode R) -@Modify(Itemize,Above 1line,Below 1line) -@Modify(Insert,LeftMargin +2, RightMargin +2) -@libraryfile[stable] -@comment[@Style(Font NewCenturySchoolBook, size 11)] -@Style(Font TimesRoman, size 11) -@Style(Spacing 1.1, indent 0) -@Style(leftmargin 1.0inch) -@Style(justification no) -@Style(BottomMargin 1.5inch) -@Style(ChangeBarLocation Right) -@Style(ChangeBars=off) -@pageheading[immediate] -@pagefooting[immediate, left = "MIT Project Athena", center = "@value(page)", -right = "@value(date)"] -@set[page = 0] -@blankspace[.5 inches] -@begin[group, size 20] -@begin(center) -@b[Kerberos Operation Notes] -@b[DRAFT] -@end[center] -@blankspace[.5 inches] -@end(group) -@begin[group, size 16] -@begin(center) -Bill Bryant -John Kohl -Project Athena, MIT -@blankspace[.5 inches] -@b[Initial Release, January 24, 1989] -@i[(plus later patches through patchlevel 7)] -@end[center] -@end(group) -@begin[group, size 10] -@end[group] -@blankspace[1inches] - -These notes assume that you have used the -@i[Kerberos Installation Notes] to build and install your -Kerberos system. -As in that document, we refer to the directory that contains -the built Kerberos binaries as [OBJ_DIR]. - -This document assumes that you are a Unix system manager. - -@newpage() -@chapter[How Kerberos Works: A Schematic Description] - -This section provides a simplified description of -a general user's interaction with the Kerberos system. -This interaction happens transparently--users don't need to know -and probably don't care about what's going on--but Kerberos administrators -might find a schematic description of the process useful. -The description glosses over a lot of details; -for more information, see @i[Kerberos: An Authentication -Service for Open Network Systems], -a paper presented at Winter USENIX 1988, in Dallas, Texas. - -@section[Network Services and Their Client Programs] - -In an environment that provides network services, -you use @i[client] programs to request service from -@i[server] programs that are somewhere on the network. -Suppose you have logged in to a workstation -and you want to @i[rlogin] to another machine. -You use the local @i[rlogin] client program to -contact the remote machine's @i[rlogin] service daemon. - -@section[Kerberos Tickets] - -Under Kerberos, the @i[rlogin] service program -allows a client to login to a remote machine if it -can provide -a Kerberos @b[ticket] for the request. -This ticket proves the identity of the person who has used -the client program to access the server program. - -@section[The Kerberos Master Database] - -Kerberos will give you tickets only if you -have an entry in the Kerberos server's -@b[master database]. -Your database entry includes your Kerberos username (often referred to -as your Kerberos @b[principal] name), and your Kerberos password. -Every Kerberos user must have an entry in this database. - -@section[The Ticket-Granting Ticket] - -The @i[kinit] command prompts for your Kerberos username and password, -and if you enter them successfully, you will obtain a Kerberos -@i[ticket-granting ticket]. -As illustrated below, -client programs use this ticket to get other Kerberos tickets as -needed. - -@section[Network Services and the Master Database] - -The master database also contains entries for all network services that -require Kerberos authentication. -Suppose for instance that your site has a machine @i[laughter] -that requires Kerberos authentication from anyone who wants -to @i[rlogin] to it. -This service must be registered in the master database. -Its entry includes the service's principal name, and its @b[instance]. - -The @i[instance] is the name of the service's machine; -in this case, the service's instance is the name @i[laughter]. -The instance provides a means for Kerberos to distinguish between -machines that provide the same service. -Your site is likely to have more than one machine that -provides @i[rlogin] service. - -@section[The User-Kerberos Interaction] - -Suppose that you (in the guise of a general user) walk up to a workstation -intending to login to it, and then @i[rlogin] to the machine @i[laughter]. -Here's what happens. -@begin[enumerate] -You login to the workstation and use the @i[kinit] command -to to get a ticket-granting ticket. -This command prompts you for your username (your Kerberos Principal Name), -and your Kerberos password [on some systems which use the new version of -@i{/bin/login}, this may be done as part of the login process, not -requiring the user to run a separate program]. -@begin[enumerate] -The @i[kinit] command sends your request to the Kerberos master server -machine. -The server software looks for your principal name's entry in the -Kerberos @b[master database]. - -If this entry exists, the -Kerberos server creates and returns a -@i[ticket-granting ticket], encrypted in your password. -If @i[kinit] can decrypt the Kerberos reply using the password you -provide, it stores this ticket in a @b[ticket file] on your -local machine for later use. -The ticket file to be used -can be specified in the @b[KRBTKFILE] environment -variable. If this variable is not set, the name of the file will be -@i[/tmp/tkt@p(uid)], where @p(uid) is the UNIX user-id, represented in decimal. -@end[enumerate] - -Now you use the @i[rlogin] client to try to access the machine @i[laughter]. -@begin[example] -host% @b[rlogin laughter] -@end[example] -@begin[enumerate] -The @i[rlogin] client checks your ticket file to see if you -have a ticket for @i[laughter]'s @i[rcmd] service (the rlogin program -uses the @i[rcmd] service name, mostly for historical reasons). -You don't, so @i[rlogin] uses the ticket file's @i[ticket-granting -ticket] to make a request to the master server's ticket-granting service. - -This ticket-granting service receives the @i[rcmd-laughter] request -and looks in the master database for an @i[rcmd-laughter] entry. -If that entry exists, the ticket-granting service issues you a ticket -for that service. -That ticket is also cached in your ticket file. - -The @i[rlogin] client now uses that ticket to request service from -the @i[laughter] @i[rlogin] service program. -The service program -lets you @i[rlogin] if the ticket is valid. -@end[enumerate] -@end[enumerate] - -@chapter[Setting Up and Testing the Kerberos Server] - -The procedure for setting up and testing a Kerberos server -is as follows: -@begin[enumerate] -Use the @i[kdb_init] command to create and initialize the master database. - -Use the @i[kdb_edit] utility to add your username to the -master database. - -Start the Kerberos server. - -Use the @i[kinit] command to obtain a Kerberos ticket-granting ticket. - -Use the @i[klist] command to verify that the @i[kinit] command -authenticated you successfully. -@end[enumerate] - -@section[Creating and Initializing the Master Database] - -Login to the Kerberos master server machine, -and use the @b[su] command to become root. -If you installed the Kerberos administration tools -with the @i[make install] command and the default pathnames, -they should be in the @i[/usr/etc] directory. -If you installed the tools in a different directory, -hopefully you know what it is. -From now on, we will refer to this directory as [ADMIN_DIR]. - -The @i[kdb_init] command creates and initializes the master database. -It asks you to enter the system's -realm name and the database's master password. -Do not forget this password. -If you do, the database becomes useless. -(Your realm name should be substituted for [REALMNAME] below.) - -Use @i[kdb_init] as follows: -@tabset[3inches, +1.5inches] -@begin[example, rightmargin -10] -host# @b([ADMIN_DIR]/kdb_init) -Realm name (default XXX): @b([REALMNAME])@\@b[<--] @p[Enter your system's realm name.] -You will be prompted for the database Master Password. -It is important that you NOT FORGET this password. - -Enter Kerberos master key: @\@b[<--] @p[Enter the master password.] -@comment(this needs to be re-fixed...: -Verifying, please re-enter -Enter Kerberos master key: @\@b[<--] @p[Re-enter it.] -) -@end[example] - -@section[Storing the Master Password] - -The @i[kstash] command ``stashes'' the master password in the file @i[/.k] -so that the Kerberos server can -be started automatically during an unattended reboot of the -master server. -Other administrative programs use this hidden password so that they -can access the master database without someone having to manually -provide the master password. -This command is an optional one; -if you'd rather enter the master password each time you -start the Kerberos server, don't use @i[kstash]. - -One the one hand, if you use @i[kstash], a copy of the master -key will reside -on disk which may not be acceptable; on the other hand, if you don't -use @i[kstash], the server cannot be started unless someone is around to -type the password in manually. - -The command prompts you twice for the master password: -@begin[example] -@tabset[3inches] -host# @b([ADMIN_DIR]/kstash) - -Enter Kerberos master key:@\@b[<--] @p[Enter the master password.] -Current Kerberos master key version is 1. - -Master key entered BEWARE! -@end[example] - -A note about the Kerberos database master key: -if your master key is compromised and the database is obtained, -the security of your entire authentication system is compromised. -The master key must be a carefully kept secret. If you keep backups, -you must guard all the master keys you use, in case someone has stolen -an old backup and wants to attack users' whose passwords haven't changed -since the backup was stolen. -This is why we provide the option not to store it on disk. - -@section[Using @p(kdb_edit) to Add Users to the Master Database] - -The @i[kdb_edit] program is used to add new users and services -to the master database, and to modify existing database information. -The program prompts you to enter a principal's @b[name] and @b[instance]. - -A principal name is typically a username or a service program's name. -An instance further qualifies the principal. -If the principal is a service, -the instance is used to specify the name of the machine on which that -service runs. -If the principal is a username that has general user privileges, -the instance is usually set to null. - -The following example shows how to use @i[kdb_edit] to -add the user @i[wave] to the Kerberos database. -@begin[example, rightmargin -10] -@tabset[3inches, +1.5inches] -host# @b([ADMIN_DIR]/kdb_edit) - -Opening database... - -Enter Kerberos master key: -Verifying, please re-enter -Enter Kerberos master key: -Current Kerberos master key version is 1 - -Master key entered. BEWARE! -Previous or default values are in [brackets] , -enter return to leave the same, or new value. - -Principal name: @b[wave]@\@b[<--] @p[Enter the username.] -Instance:@\@p[<-- Enter a null instance.] - -, Create [y] ? @b[y]@\@b[<--] @p[The user-instance does not exist.] -@\@p[ Enter y to create the user-instance.] -Principal: wave Instance: m_key_v: 1 -New Password: @\@p[<-- Enter the user-instance's password.] -Verifying, please re-enter -New Password: -Principal's new key version = 1 -Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?@\@b[<--] @p[Enter newlines] -Max ticket lifetime (*5 minutes) [ 255 ] ? @\@b[<--] @p[to get the] -Attributes [ 0 ] ? @\@\@b[<--] @p[default values.] -Edit O.K. - -Principal name:@\@p[<-- Enter a newline to exit the program.] -@end[example] - -Use the @i[kdb_edit] utility to add your username to the master database. - -@section[Starting the Kerberos Server] - -Change directories to the directory in which you have installed -the server program @i[kerberos] -(the default directory is @i[/usr/etc]), -and start the program as a background process: -@begin[example] -host# @b[./kerberos &] -@end[example] -If you have used the @i[kstash] command to store the master database password, -the server will start automatically. -If you did not use @i[kstash], -use the following command: -@begin[example] -host# @b[./kerberos -m] -@end[example] -The server will prompt you to enter the master password before actually -starting itself. - -@section[Testing the Kerberos Server] - -Exit the root account and use the @i[kinit] command obtain a Kerberos -ticket-granting ticket. -This command -creates your ticket file -and stores the ticket-granting ticket in it. - -If you used the default @i[make install] command and directories to -install the Kerberos user utilities, @i[kinit] will be in the -@i[/usr/athena] directory. From now on, we'll refer to the Kerberos user -commands directory as [K_USER]. - -Use @i[kinit] as follows: -@begin[example] -@tabset[3 inches] -host% @b([K_USER]/kinit) -MIT Project Athena, (ariadne) -Kerberos Initialization -Kerberos name: @p[yourusername]@\@b[<--] @p[Enter your Kerberos username.] -Password: @\@b[<--] @p[Enter your Kerberos password.] -@end[example] - -Use the @i[klist] program to list the contents of your ticket file. -@begin[example] -host% @b([K_USER]/klist) -@end[example] -The command should display something like the following: -@begin[example] -Ticket file: /tmp/tkt5555 -Principal: yourusername@@REALMNAME - - Issued Expires Principal -May 6 10:15:23 May 6 18:15:23 krbtgt.REALMNAME@@REALMNAME -@end[example] - -If you have any problems, you can examine the log file -@i[/kerberos/kerberos.log] on the Kerberos server machine to see if -there was some sort of error. - -@chapter[Setting up and testing the Administration server] - -The procedure for setting up and testing the Kerberos administration server -is as follows: -@begin[enumerate] -Use the @i[kdb_edit] utility to add your username with an administration -instance to the master database. - -Edit the access control lists for the administration server - -Start the Kerberos administration server. - -Use the @i[kpasswd] command to change your password. - -Use the @i[kadmin] command to add new entries to the database. - -Use the @i[kinit] command to verify that the @i[kadmin] command -correctly added new entries to the database. -@end(enumerate) - -@section[Adding an administration instance for the administrator] - -Login to the Kerberos master server machine, -and use the @b[su] command to become root. -Use the @i[kdb_edit] program to create an entry for each administrator -with the instance ``@p(admin)''. -@begin[example] -@tabset[3inches, +1.5inches] -host# @b([ADMIN_DIR]/kdb_edit) - -Opening database... - -Enter Kerberos master key: -Verifying, please re-enter -Enter Kerberos master key: -Current Kerberos master key version is 1 - -Master key entered. BEWARE! -Previous or default values are in [brackets] , -enter return to leave the same, or new value. - -Principal name: @b[wave]@\@b[<--] @p[Enter the username.] -Instance:@b[admin]@\@b[<--] @p[Enter ``admin''.] - -, Create [y] ? @b[y]@\@b[<--] @p[The user-instance does not exist.] -@\@p[ Enter y to create the user-instance.] -Principal: wave Instance: admin m_key_v: 1 -New Password: @\@p[<-- Enter the user-instance's password.] -Verifying, please re-enter -New Password: -Principal's new key version = 1 -Expiration date (enter dd-mm-yy) [ 12/31/99 ] ?@\@b[<--] @p[Enter newlines] -Max ticket lifetime (*5 minutes) [ 255 ] ? @\@b[<--] @p[to get the] -Attributes [ 0 ] ? @\@\@b[<--] @p[default values.] -Edit O.K. - -Principal name:@\@p[<-- Enter a newline to exit the program.] -@end[example] - -@section[The Access Control Lists] -The Kerberos administration server uses three access control lists to -determine who is authorized to make certain requests. The access -control lists are stored on the master Kerberos server in the same -directory as the principal database, @i(/kerberos). The access control -lists are simple ASCII text files, with each line specifying the name of -one principal who is allowed the particular function. To allow several -people to perform the same function, put their principal names on -separate lines in the same file. - -The first list, @i(/kerberos/admin_acl.mod), is a list of principals -which are authorized to change entries in the database. To allow the -administrator `@b[wave]' to modify entries in the database for the realm -`@b[TIM.EDU]', you would put the following line into the file -@i(/kerberos/admin_acl.mod): -@begin(example) -wave.admin@@TIM.EDU -@end(example) - -The second list, @i(/kerberos/admin_acl.get), is a list of principals -which are authorized to retrieve entries from the database. - -The third list, @i(/kerberos/admin_acl.add), is a list of principals -which are authorized to add new entries to the database. - -@section(Starting the administration server) -Change directories to the directory in which you have installed -the administration server program @i[kadmind] -(the default directory is @i[/usr/etc]), -and start the program as a background process: -@begin[example] -host# @b[./kadmind -n&] -@end[example] -If you have used the @i[kstash] command to store the master database password, -the server will start automatically. -If you did not use @i[kstash], -use the following command: -@begin[example] -host# @b[./kadmind] -@end[example] -The server will prompt you to enter the master password before actually -starting itself; after it starts, you should suspend it and put it in -the background (usually this is done by typing control-Z and then @b(bg)). - -@section(Testing @p[kpasswd]) - -To test the administration server, you should try changing your password -with the @i[kpasswd] command, and you should try adding new users with -the @i[kadmin] command (both commands are installed into @i[/usr/athena] -by default). - -Before testing, you should exit the root account. - -To change your password, run the @i[kpasswd] command: -@begin(example) -@tabset[3inches, +1.5inches] -host% @b([K_USER]/kpasswd) -Old password for wave@@TIM.EDU:@\@b[<--]@p[Enter your password] -New Password for wave@@TIM.EDU:@\@b[<--]@p[Enter a new password] -Verifying, please re-enter New Password for wave@@TIM.EDU: -@\@b[<--]@p[Enter new password again] -Password changed. -@end(example) -Once you have changed your password, use the @i[kinit] program as shown -above to verify that the password was properly changed. - -@section(Testing @p[kadmin]) -You should also test the function of the @i[kadmin] program, by adding a -new user (here named ``@t[username]''): -@begin(example) -@tabset[3inches, +1.5inches] -host% @b([K_USER]/kadmin) -Welcome to the Kerberos Administration Program, version 2 -Type "help" if you need it. -admin: @b(ank username)@\@p[`ank' stands for Add New Key] -Admin password: @\@b[<--]@p[enter the password -@\you chose above for wave.admin] -Password for username:@\@b[<--]@p[Enter the user's initial password] -Verifying, please re-enter Password for username:@\@b[<--]@p[enter it again] -username added to database. - -admin: quit -Cleaning up and exiting. -@end[example] - -@section(Verifying with @p[kinit]) -Once you've added a new user, you should test to make sure it was added -properly by using @i[kinit], and trying to get tickets for that user: - -@begin[example] -@tabset[3inches, +1.5inches] -host% @b([K_USER]/kinit username) -MIT Project Athena (ariadne) -Kerberos Initialization for "username@@TIM.EDU" -Password: @b[<--]@p[Enter the user's password you used above] -host% @b([K_USER]/klist) -Ticket file: /tmp/tkt_5509_spare1 -Principal: username@@TIM.MIT.EDU - - Issued Expires Principal -Nov 20 15:58:52 Nov 20 23:58:52 krbtgt.TIM.EDU@@TIM.EDU -@end[example] - -If you have any problems, you can examine the log files -@i[/kerberos/kerberos.log] and @i[/kerberos/admin_server.syslog] on the -Kerberos server machine to see if there was some sort of error. - -@chapter[Setting up and testing slave server(s)] - -[Unfortunately, this chapter is not yet ready. Sorry. -ed] - -@chapter[A Sample Application] - -This release of Kerberos comes with a sample application -server and a corresponding client program. -You will find this software in the [OBJ_DIR]@i[/appl/sample] directory. -The file @i[sample_client] contains the client program's executable -code, the file @i[sample_server] contains the server's executable. - -The programs are rudimentary. -When they have been installed (the installation procedure is described -in detail later), they work as follows: -@begin[itemize] -The user starts @i[sample_client] and provides as arguments -to the command the name of the server machine and a checksum. -For instance: -@begin[example] -host% @b[sample_client] @p[servername] @p[43] -@end[example] - -@i[Sample_client] contacts the server machine and -authenticates the user to @i[sample_server]. - -@i[Sample_server] authenticates itself to @i[sample_client], -then returns a message to the client program. -This message contains diagnostic information -that includes the user's username, the Kerberos realm, -and the user's workstation address. - -@i[Sample_client] displays the server's message on the user's -terminal screen. -@end[itemize] - -@section[The Installation Process] - -In general, -you use the following procedure to install a Kerberos-authenticated -server-client system. -@begin[enumerate] -Add the appropriate entry to the Kerberos database using @i[kdb_edit] or -@i[kadmin] (described below). - -Create a @i[/etc/srvtab] file for the server machine. - -Install the service program and the @i[/etc/srvtab] -file on the server machine. - -Install the client program on the client machine. - -Update the @i[/etc/services] file on the client and server machines. -@end[enumerate] - -We will use the sample application as an example, although -the procedure used to install @i[sample_server] differs slightly -from the general case because the @i[sample_server] -takes requests via the -@i[inetd] program. -@i[Inetd] starts @i[sample_server] each time -a client process contacts the server machine. -@i[Sample_server] processes the request, -terminiates, then is restarted when @i[inetd] receives another -@i[sample_client] request. -When you install the program on the server, -you must add a @i[sample] entry to the server machine's -@i[/etc/inetd.conf] file. - -The following description assumes that you are installing -@i[sample_server] on the machine @i[ariadne.tim.edu]. -Here's the process, step by step: -@begin[enumerate] -Login as or @i[su] to root on the Kerberos server machine. -Use the @i[kdb_edit] or @i[kadmin] program to create an entry for -@i[sample] in the Kerberos database: -@begin[example, rightmargin -10] -@tabset[2.0inches, +.5inches] -host# @b([ADMIN_DIR]/kdb_edit) - -Opening database... - -Enter Kerberos master key: -Verifying, please re-enter -master key entered. BEWARE! -Previous or default values are in [brackets] , -enter return to leave the same, or new value. - -Principal name: @b[sample]@\@b[<--] @p[Enter the principal name.] -Instance: @b[ariadne]@\@b[<--] @p[Instances cannot have periods in them.] - -, Create [y] ? @b[y] - -Principal: sample_server Instance: ariadne m_key_v: 1 -New Password:@\@b[<--] @p[Enter ``RANDOM'' to get random password.] -Verifying, please re-enter -New Password:@\@b[<--] @p[Enter ``RANDOM'' again.] -Random password [y] ? @b[y] - -Principal's new key version = 1 -Expiration date (enter dd-mm-yy) [ 12/31/99 ] ? -Max ticket lifetime (*5 minutes) [ 255 ] ? -Attributes [ 0 ] ? -Edit O.K. - -Principal name:@\@b[<--] @p[Enter newline to exit kdb_edit.] -@end[example] - -Use the @i[ext_srvtab] program to create a @i[srvtab] file -for @i[sample_server]'s host machine: -@begin[example] -host# @b([ADMIN_DIR]/ext_srvtab ariadne) - -Enter Kerberos master key: -Current Kerberos master key version is 1. - -Generating 'ariadne-new-srvtab'.... -@end[example] -Transfer the @i[ariadne-new-srvtab] file to @i[ariadne] and install it as -@i[/etc/srvtab]. -Note that this file is equivalent to the service's password and should -be treated with care. -For example, it could be transferred by removable media, but should -not be sent over an open network in the clear. -Once installed, this file should be readable only by root. - -Add the following line to the @i[/etc/services] file on -@i[ariadne], and on all machines that -will run the @i[sample_client] program: -@begin[example] -sample 906/tcp # Kerberos sample app server -@end[example] - -Add a line similar to the following line to the @i[/etc/inetd.conf] -file on @i[sample_server]'s machine: -@begin[example] -sample stream tcp nowait switched root - [PATH]/sample_server sample_server -@end[example] -where [PATH] should be substituted with -the path to the @i[sample_server] program. -(This @i[inetd.conf] information should be placed on one line.) -You should examine existing lines in @i[/etc/inetd.conf] and use the -same format used by other entries (e.g. for telnet). Most systems do -not have a column for the `switched' keyword, and some do not have a -column for the username (usually `root', as above). - -Restart @i[inetd] by sending the current @i[inetd] process -a hangup signal: -@begin[example] -host# @b[kill -HUP @p(process_id_number)] -@end[example] - -The @i[sample_server] is now ready to take @i[sample_client] requests. -@end[enumerate] - -@section[Testing the Sample Server] - -Assume that you have installed @i[sample_server] on @i[ariadne]. - -Login to your workstation and use the @i[kinit] command to -obtain a Kerberos ticket-granting ticket: -@begin[example] -@tabset[3 inches] -host% @b([K_USER]/kinit) -MIT Project Athena, (your_workstation) -Kerberos Initialization -Kerberos name: @p[yourusername]@\@b[<--] @p[Enter your Kerberos username.] -Password: @\@b[<--] @p[Enter your Kerberos password.] -@end[example] - -Now use the @i[sample_client] program as follows: -@begin[example] -host% @b([PATH]/sample_client ariadne) -@end[example] -The command should display something like the following: -@begin[example] -The server says: -You are @p[yourusername].@@REALMNAME (local name @p[yourusername]), - at address @p[yournetaddress], version VERSION9, cksum 997 -@end[example] - -@chapter[Service names and other services] - -@section(rlogin, rsh, rcp, tftp, and others) - -Many services use a common principal name for authentication purposes. -@i[rlogin], @i[rsh], @i[rcp], @i[tftp] and others use the principal name -``@t[rcmd]''. For example, to set up the machine @i[ariadne] to support -Kerberos rlogin, it needs to have a service key for principal -``@t[rcmd]'', instance ``@t[ariadne]''. You create this key in the same -way as shown above for the sample service. - -After creating this key, you need to run the @i[ext_srvtab] program -again to generate a new srvtab file for ariadne. - -@section(NFS modifications) - -The NFS modifications distributed separately use the service name -``@t[rvdsrv]'' with the instance set to the machine name (as for the -sample server and the rlogin, rsh, rcp and tftp services). - -@section(inetd.conf entries) -The following are the @i(/etc/inetd.conf) entries necessary to support -rlogin, encrypted rlogin, rsh, and rcp services on a server machine. As -above, your @i(inetd.conf) may not support all the fields shown here. -@begin[example] -eklogin stream tcp nowait unswitched root - [PATH]/klogind eklogind -kshell stream tcp nowait unswitched root - [PATH]/kshd kshd -klogin stream tcp nowait unswitched root - [PATH]/klogind klogind -@end[example] diff --git a/src/BADSYMS b/src/BADSYMS index 882bd7b043..35b2c7c8f7 100644 --- a/src/BADSYMS +++ b/src/BADSYMS @@ -273,7 +273,6 @@ ./util/pty/void_assoc.c: TIOCNOTTY ./util/ss/configure.in: const HAVE_STDARG_H HAVE_VARARGS_H KRB5_DNS_LOOKUP KRB5_DNS_LOOKUP_KDC KRB5_DNS_LOOKUP_REALM NO_YYLINENO POSIX_SIGNALS RETSIGTYPE USE_DIRENT_H USE_SIGPROCMASK WAIT_USES_INT HAVE_STRDUP HAVE_STDLIB_H HAVE_LIBNSL HAVE_LIBSOCKET ./util/ss/error.c: ibm032 NeXT __STDC__ -./util/ss/execute_cmd.c: __SABER__ ./util/ss/invocation.c: silly ./util/ss/list_rqs.c: lint NO_FORK __STDC__ ./util/ss/pager.c: NO_FORK diff --git a/src/Makefile.in b/src/Makefile.in index 0fb2b2d379..09f32e8e79 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -9,7 +9,7 @@ mydir=. # plugins/preauth/wpse # plugins/preauth/cksum_body # plugins/authdata/greet -SUBDIRS=util include lib @krb524@ kdc kadmin @ldap_plugin_dir@ slave clients \ +SUBDIRS=util include lib kdc kadmin @ldap_plugin_dir@ slave clients \ plugins/kdb/db2 \ plugins/preauth/pkinit \ appl tests \ @@ -102,7 +102,6 @@ install-headers-mkdirs: $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR) $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssapi $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/gssrpc - $(srcdir)/config/mkinstalldirs $(DESTDIR)$(KRB5_INCDIR)/kerberosIV install-headers-prerecurse: install-headers-mkdirs # install:: @@ -195,7 +194,6 @@ WINMAKEFILES=Makefile \ clients\kpasswd\Makefile clients\kvno\Makefile \ clients\kcpytkt\Makefile clients\kdeltkt\Makefile \ include\Makefile \ - krb524\Makefile \ lib\Makefile lib\crypto\Makefile \ lib\crypto\crc32\Makefile lib\crypto\des\Makefile \ lib\crypto\dk\Makefile lib\crypto\enc_provider\Makefile \ @@ -205,11 +203,10 @@ WINMAKEFILES=Makefile \ lib\crypto\sha1\Makefile lib\crypto\arcfour\Makefile \ lib\crypto\md4\Makefile lib\crypto\md5\Makefile \ lib\crypto\yarrow\Makefile lib\crypto\aes\Makefile \ - lib\des425\Makefile \ lib\gssapi\Makefile lib\gssapi\generic\Makefile \ lib\gssapi\krb5\Makefile lib\gssapi\mechglue\Makefile \ lib\gssapi\spnego\Makefile \ - lib\krb4\Makefile lib\krb5\Makefile \ + lib\krb5\Makefile \ lib\krb5\asn.1\Makefile lib\krb5\ccache\Makefile \ lib\krb5\ccache\ccapi\Makefile \ lib\krb5\error_tables\Makefile \ @@ -260,8 +257,6 @@ WINMAKEFILES=Makefile \ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##include\Makefile: include\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##krb524\Makefile: krb524\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\Makefile: lib\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\Makefile: lib\crypto\Makefile.in $(MKFDEP) @@ -294,20 +289,14 @@ WINMAKEFILES=Makefile \ ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\crypto\raw\Makefile: lib\crypto\raw\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##lib\des425\Makefile: lib\des425\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\Makefile: lib\gssapi\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\generic\Makefile: lib\gssapi\generic\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\mechglue\Makefile: lib\gssapi\mechglue\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##lib\gssapi\spnego\Makefile: lib\gssapi\spnego\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\gssapi\krb5\Makefile: lib\gssapi\krb5\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ -##DOS##lib\krb4\Makefile: lib\krb4\Makefile.in $(MKFDEP) -##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\Makefile: lib\krb5\Makefile.in $(MKFDEP) ##DOS## $(WCONFIG) config < $@.in > $@ ##DOS##lib\krb5\asn.1\Makefile: lib\krb5\asn.1\Makefile.in $(MKFDEP) @@ -395,14 +384,14 @@ FILES= ./* \ clients/* clients/kdestroy/* clients/kinit/* clients/klist/* \ clients/kpasswd/* clients/kcpytkt/* clients/kdeltkt/* \ config/* include/* include/kerberosIV/* \ - include/krb5/* include/krb5/stock/* include/sys/* krb524/* lib/* \ + include/krb5/* include/krb5/stock/* include/sys/* lib/* \ lib/crypto/* lib/crypto/crc32/* lib/crypto/des/* lib/crypto/dk/* \ lib/crypto/enc_provider/* lib/crypto/hash_provider/* \ lib/crypto/keyhash_provider/* lib/crypto/old/* lib/crypto/raw/* \ lib/crypto/sha1/* lib/crypto/arcfour/* lib/crypto/md4/* \ lib/crypto/md5/* lib/crypto/yarrow/* \ - lib/des425/* lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \ - lib/gssapi/mechglue/* lib/gssapi/spnego/* lib/krb4/* \ + lib/gssapi/* lib/gssapi/generic/* lib/gssapi/krb5/* \ + lib/gssapi/mechglue/* lib/gssapi/spnego/* \ lib/krb5/* lib/krb5/asn.1/* lib/krb5/krb/* \ lib/krb5/ccache/* lib/krb5/ccache/ccapi/* \ lib/krb5/error_tables/* \ @@ -442,12 +431,9 @@ ETOUT = \ $(INC)krb5_err.h $(ET)krb5_err.c \ $(INC)kv5m_err.h $(ET)kv5m_err.c \ $(INC)krb524_err.h $(ET)krb524_err.c \ - $(INC)/kerberosIV/kadm_err.h lib/krb4/kadm_err.c \ - $(INC)/kerberosIV/krb_err.h lib/krb4/krb_err.c \ $(PR)prof_err.h $(PR)prof_err.c \ $(GG)gssapi_err_generic.h $(GG)gssapi_err_generic.c \ - $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c \ - lib/krb4/krb_err_txt.c + $(GK)gssapi_err_krb5.h $(GK)gssapi_err_krb5.c HOUT = $(INC)krb5\krb5.h $(GG)gssapi.h $(PR)profile.h @@ -502,10 +488,6 @@ $(INC)kv5m_err.h: $(AH) $(ET)kv5m_err.et $(AWK) -f $(AH) outfile=$@ $(ET)kv5m_err.et $(INC)krb524_err.h: $(AH) $(ET)krb524_err.et $(AWK) -f $(AH) outfile=$@ $(ET)krb524_err.et -$(INC)/kerberosIV/kadm_err.h: $(AH) lib/krb4/kadm_err.et - $(AWK) -f $(AH) outfile=$@ lib/krb4/kadm_err.et -$(INC)/kerberosIV/krb_err.h: $(AH) lib/krb4/krb_err.et - $(AWK) -f $(AH) outfile=$@ lib/krb4/krb_err.et $(PR)prof_err.h: $(AH) $(PR)prof_err.et $(AWK) -f $(AH) outfile=$@ $(PR)prof_err.et $(GG)gssapi_err_generic.h: $(AH) $(GG)gssapi_err_generic.et @@ -527,10 +509,6 @@ $(ET)kv5m_err.c: $(AC) $(ET)kv5m_err.et $(AWK) -f $(AC) outfile=$@ $(ET)kv5m_err.et $(ET)krb524_err.c: $(AC) $(ET)krb524_err.et $(AWK) -f $(AC) outfile=$@ $(ET)krb524_err.et -lib/krb4/kadm_err.c: $(AC) lib/krb4/kadm_err.et - $(AWK) -f $(AC) outfile=$@ lib/krb4/kadm_err.et -lib/krb4/krb_err.c: $(AC) lib/krb4/krb_err.et - $(AWK) -f $(AC) outfile=$@ lib/krb4/krb_err.et $(PR)prof_err.c: $(AC) $(PR)prof_err.et $(AWK) -f $(AC) outfile=$@ $(PR)prof_err.et $(GG)gssapi_err_generic.c: $(AC) $(GG)gssapi_err_generic.et @@ -542,10 +520,6 @@ $(CE)test1.c: $(AC) $(CE)test1.et $(CE)test2.c: $(AC) $(CE)test2.et $(AWK) -f $(AC) outfile=$@ $(CE)test2.et -lib/krb4/krb_err_txt.c: lib/krb4/krb_err.et - $(AWK) -f lib/krb4/et_errtxt.awk outfile=$@ \ - lib/krb4/krb_err.et - KRBHDEP = $(INC)krb5\krb5.hin $(INC)krb5_err.h $(INC)kdb5_err.h \ $(INC)kv5m_err.h $(INC)krb524_err.h $(INC)asn1_err.h @@ -616,8 +590,6 @@ install-windows:: $(CP) clients\kcpytkt\$(OUTPRE)kcpytkt.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\kdeltkt\$(OUTPRE)kdeltkt.exe "$(KRB_INSTALL_DIR)\bin\." $(CP) clients\kpasswd\$(OUTPRE)kpasswd.exe "$(KRB_INSTALL_DIR)\bin\." - @if exist "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" del "$(KRB_INSTALL_DIR)\bin\krb4_32.dll" - @if exist "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" del "$(KRB_INSTALL_DIR)\lib\krb4_32.lib" install-unix:: $(INSTALL_SCRIPT) krb5-config \ diff --git a/src/aclocal.m4 b/src/aclocal.m4 index d1e98522e3..b1141e86c9 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -1,5 +1,5 @@ AC_PREREQ(2.52) -AC_COPYRIGHT([Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008 +AC_COPYRIGHT([Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009 Massachusetts Institute of Technology. ]) dnl @@ -74,7 +74,6 @@ AC_REQUIRE_CPP if test -z "$LD" ; then LD=$CC; fi AC_ARG_VAR(LD,[linker command [CC]]) AC_SUBST(LDFLAGS) dnl -WITH_KRB4 dnl KRB5_AC_CHOOSE_ET dnl KRB5_AC_CHOOSE_SS dnl KRB5_AC_CHOOSE_DB dnl @@ -91,7 +90,6 @@ dnl in which the configure file lives. dnl CONFIG_RELTOPDIR=$ac_reltopdir AC_SUBST(CONFIG_RELTOPDIR) -AC_SUBST(subdirs) lib_frag=$srcdir/$ac_config_fragdir/lib.in AC_SUBST_FILE(lib_frag) libobj_frag=$srcdir/$ac_config_fragdir/libobj.in @@ -502,69 +500,16 @@ changequote([, ])dnl AC_DEFINE_UNQUOTED($ac_tr_file) $2], $3)dnl done ]) -dnl -dnl set $(KRB4) from --with-krb4=value -- WITH_KRB4 -dnl -AC_DEFUN(WITH_KRB4,[ -AC_ARG_WITH([krb4], -[ --without-krb4 omit Kerberos V4 backwards compatibility (default) - --with-krb4 use V4 libraries included with V5 - --with-krb4=KRB4DIR use preinstalled V4 libraries], -, -withval=no -)dnl -if test $withval = no; then - AC_MSG_NOTICE(no krb4 support) - KRB4_LIB= - KRB4_DEPLIB= - KRB4_INCLUDES= - KRB4_LIBPATH= - KRB_ERR_H_DEP= - krb5_cv_build_krb4_libs=no - krb5_cv_krb4_libdir= -else - AC_DEFINE([KRB5_KRB4_COMPAT], 1, [Define this if building with krb4 compat]) - if test $withval = yes; then - AC_MSG_NOTICE(enabling built in krb4 support) - KRB4_DEPLIB='$(TOPLIBD)/libkrb4$(DEPLIBEXT)' - KRB4_LIB=-lkrb4 - KRB4_INCLUDES='-I$(SRCTOP)/include/kerberosIV -I$(BUILDTOP)/include/kerberosIV' - KRB4_LIBPATH= - KRB_ERR_H_DEP='$(BUILDTOP)/include/kerberosIV/krb_err.h' - krb5_cv_build_krb4_libs=yes - krb5_cv_krb4_libdir= - else - AC_MSG_NOTICE(using preinstalled krb4 in $withval) - KRB4_LIB="-lkrb" -dnl DEPKRB4_LIB="$withval/lib/libkrb.a" - KRB4_INCLUDES="-I$withval/include" - KRB4_LIBPATH="-L$withval/lib" - KRB_ERR_H_DEP= - krb5_cv_build_krb4_libs=no - krb5_cv_krb4_libdir="$withval/lib" - fi -fi -AC_SUBST(KRB4_INCLUDES) -AC_SUBST(KRB4_LIBPATH) -AC_SUBST(KRB4_LIB) -AC_SUBST(KRB4_DEPLIB) -AC_SUBST(KRB_ERR_H_DEP) -dnl We always compile the des425 library -DES425_DEPLIB='$(TOPLIBD)/libdes425$(DEPLIBEXT)' -DES425_LIB=-ldes425 -AC_SUBST(DES425_DEPLIB) -AC_SUBST(DES425_LIB) -])dnl -dnl -dnl AC_DEFUN(KRB5_AC_CHECK_FOR_CFLAGS,[ AC_BEFORE([$0],[AC_PROG_CC]) AC_BEFORE([$0],[AC_PROG_CXX]) krb5_ac_cflags_set=${CFLAGS+set} krb5_ac_cxxflags_set=${CXXFLAGS+set} +krb5_ac_warn_cflags_set=${WARN_CFLAGS+set} +krb5_ac_warn_cxxflags_set=${WARN_CXXFLAGS+set} ]) dnl -AC_DEFUN(TRY_CC_FLAG,[dnl +AC_DEFUN(TRY_WARN_CC_FLAG,[dnl cachevar=`echo "krb5_cv_cc_flag_$1" | sed s/[[^a-zA-Z0-9_]]/_/g` AC_CACHE_CHECK([if C compiler supports $1], [$cachevar], [# first try without, then with @@ -575,7 +520,7 @@ AC_DEFUN(TRY_CC_FLAG,[dnl CFLAGS="$old_cflags"], [AC_MSG_ERROR(compiling simple test program with $CFLAGS failed)])]) if eval test '"${'$cachevar'}"' = yes; then - CFLAGS="$CFLAGS $1" + WARN_CFLAGS="$WARN_CFLAGS $1" fi eval flag_supported='${'$cachevar'}' ])dnl @@ -606,7 +551,7 @@ if test "$withval" = yes; then AC_DEFINE(CONFIG_SMALL,1,[Define to reduce code size even if it means more cpu usage]) fi # -Wno-long-long, if needed, for k5-platform.h without inttypes.h etc. -extra_gcc_warn_opts="-Wall -Wcast-qual -Wcast-align -Wconversion -Wshadow" +extra_gcc_warn_opts="-Wall -Wcast-qual -Wcast-align -Wshadow" # -Wmissing-prototypes if test "$GCC" = yes ; then # Putting this here means we get -Os after -O2, which works. @@ -618,32 +563,32 @@ if test "$GCC" = yes ; then *) CFLAGS="$CFLAGS -Os" ;; esac fi - if test "x$krb5_ac_cflags_set" = xset ; then - AC_MSG_NOTICE(not adding extra gcc warning flags because CFLAGS was set) + if test "x$krb5_ac_warn_cflags_set" = xset ; then + AC_MSG_NOTICE(not adding extra gcc warning flags because WARN_CFLAGS was set) else AC_MSG_NOTICE(adding extra warning flags for gcc) - CFLAGS="$CFLAGS $extra_gcc_warn_opts -Wmissing-prototypes" + WARN_CFLAGS="$WARN_CFLAGS $extra_gcc_warn_opts -Wmissing-prototypes" if test "`uname -s`" = Darwin ; then AC_MSG_NOTICE(skipping pedantic warnings on Darwin) elif test "`uname -s`" = Linux ; then AC_MSG_NOTICE(skipping pedantic warnings on Linux) else - CFLAGS="$CFLAGS -pedantic" + WARN_CFLAGS="$WARN_CFLAGS -pedantic" fi if test "$ac_cv_cxx_compiler_gnu" = yes; then - if test "x$krb5_ac_cxxflags_set" = xset ; then - AC_MSG_NOTICE(not adding extra g++ warnings because CXXFLAGS was set) + if test "x$krb5_ac_warn_cxxflags_set" = xset ; then + AC_MSG_NOTICE(not adding extra g++ warnings because WARN_CXXFLAGS was set) else AC_MSG_NOTICE(adding extra warning flags for g++) - CXXFLAGS="$CXXFLAGS $extra_gcc_warn_opts" + WARN_CXXFLAGS="$WARN_CXXFLAGS $extra_gcc_warn_opts" fi fi # Currently, G++ does not support -Wno-format-zero-length. - TRY_CC_FLAG(-Wno-format-zero-length) + TRY_WARN_CC_FLAG(-Wno-format-zero-length) # Other flags here may not be supported on some versions of # gcc that people want to use. for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof ; do - TRY_CC_FLAG(-W$flag) + TRY_WARN_CC_FLAG(-W$flag) done # old-style-definition? generates many, many warnings # @@ -659,9 +604,9 @@ if test "$GCC" = yes ; then # We're currently targeting C89+, not C99, so disallow some # constructs. for flag in declaration-after-statement variadic-macros ; do - TRY_CC_FLAG(-Werror=$flag) + TRY_WARN_CC_FLAG(-Werror=$flag) if test "$flag_supported" = no; then - TRY_CC_FLAG(-W$flag) + TRY_WARN_CC_FLAG(-W$flag) fi done # missing-prototypes? maybe someday @@ -712,7 +657,19 @@ else ;; esac fi + if test "`uname -s`" = SunOS ; then + # Using Solaris but not GCC, assume Sunsoft compiler. + # We have some error-out-on-warning options available. + # Sunsoft 12 compiler defaults to -xc99=all, it appears, so "inline" + # works, but it also means that declaration-in-code warnings won't + # be issued. + # -v -fd -errwarn=E_DECLARATION_IN_CODE ... + WARN_CFLAGS="-errtags=yes -errwarn=E_BAD_PTR_INT_COMBINATION" + WARN_CXXFLAGS="-errtags=yes +w +w2 -xport64" + fi fi +AC_SUBST(WARN_CFLAGS) +AC_SUBST(WARN_CXXFLAGS) ])dnl dnl dnl @@ -749,7 +706,7 @@ dnl Note: Be careful in quoting. dnl The ac_foreach generates the list of fragments to include dnl or "" if $2 is empty AC_DEFUN(_K5_GEN_MAKEFILE,[dnl -AC_CONFIG_FILES([$1/Makefile:$srcdir/]K5_TOPDIR[/config/pre.in:$1/Makefile.in:$srcdir/]K5_TOPDIR[/config/post.in]) +AC_CONFIG_FILES([$1/Makefile:$srcdir/]K5_TOPDIR[/config/pre.in:$1/Makefile.in:$1/deps:$srcdir/]K5_TOPDIR[/config/post.in]) ]) dnl dnl K5_GEN_FILE( ) @@ -769,7 +726,7 @@ dnl define(_V5_AC_OUTPUT_MAKEFILE, [ifelse($2, , ,AC_CONFIG_FILES($2)) AC_FOREACH([DIR], [$1],dnl - [AC_CONFIG_FILES(DIR[/Makefile:$srcdir/]K5_TOPDIR[/config/pre.in:]DIR[/Makefile.in:$srcdir/]K5_TOPDIR[/config/post.in])]) + [AC_CONFIG_FILES(DIR[/Makefile:$srcdir/]K5_TOPDIR[/config/pre.in:]DIR[/Makefile.in:]DIR[/deps:$srcdir/]K5_TOPDIR[/config/post.in])]) K5_AC_OUTPUT])dnl dnl dnl @@ -1185,6 +1142,7 @@ fi AC_SUBST(LIBLIST) AC_SUBST(LIBLINKS) AC_SUBST(MAKE_SHLIB_COMMAND) +AC_SUBST(SHLIB_RPATH_FLAGS) AC_SUBST(SHLIB_EXPFLAGS) AC_SUBST(SHLIB_EXPORT_FILE_DEP) AC_SUBST(DYNOBJ_EXPDEPS) @@ -1226,6 +1184,7 @@ AC_REQUIRE([KRB5_AC_NEED_LIBGEN])dnl AC_SUBST(CC_LINK) AC_SUBST(CXX_LINK) AC_SUBST(RPATH_FLAG) +AC_SUBST(PROG_RPATH_FLAGS) AC_SUBST(DEPLIBEXT)]) dnl @@ -1254,6 +1213,17 @@ AC_ARG_ENABLE([shared], , [if test "$enableval" != yes; then AC_MSG_ERROR([Sorry, this release builds only shared libraries, cannot disable them.]) fi]) +AC_ARG_ENABLE([rpath], +AC_HELP_STRING([--disable-rpath],[suppress run path flags in link lines]), +[enable_rpath=$withval], +[enable_rpath=yes]) + +if test "x$enable_rpath" != xyes ; then + # Unset the rpath flag values set by shlib.conf + SHLIB_RPATH_FLAGS= + RPATH_FLAG= + PROG_RPATH_FLAGS= +fi if test "$SHLIBEXT" = ".so-nobuild"; then AC_MSG_ERROR([Shared libraries are not yet supported on this platform.]) @@ -1462,7 +1432,8 @@ AC_DEFUN([KRB5_NEED_PROTO], [ ifelse([$3], ,[if test "x$ac_cv_func_$2" = xyes; then]) AC_CACHE_CHECK([if $2 needs a prototype provided], krb5_cv_func_$2_noproto, AC_TRY_COMPILE([$1], -[struct k5foo {int foo; } xx; +[#undef $2 +struct k5foo {int foo; } xx; extern int $2 (struct k5foo*); $2(&xx); ], @@ -1788,7 +1759,6 @@ else : # neither enabled dnl AC_MSG_NOTICE(disabling ldap backend module support) fi -AC_SUBST(OPENLDAP_PLUGIN) ])dnl dnl dnl If libkeyutils exists (on Linux) include it and use keyring ccache diff --git a/src/appl/bsd/Makefile.in b/src/appl/bsd/Makefile.in index ec0fcb97d4..5ec3c950fb 100644 --- a/src/appl/bsd/Makefile.in +++ b/src/appl/bsd/Makefile.in @@ -2,7 +2,6 @@ thisconfigdir=. myfulldir=appl/bsd mydir=. BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES=@KRB4_INCLUDES@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) @@ -11,16 +10,13 @@ SETENVOBJ=@SETENVOBJ@ LOGINLIBS=@LOGINLIBS@ LIBOBJS=@LIBOBJS@ -V4RCP=@V4RCP@ -V4RCPO=@V4RCPO@ KRSHDLIBS=@KRSHDLIBS@ SRCS= $(srcdir)/krcp.c $(srcdir)/krlogin.c $(srcdir)/krsh.c $(srcdir)/kcmd.c \ - $(srcdir)/forward.c $(srcdir)/compat_recv.c \ - $(srcdir)/login.c $(srcdir)/krshd.c $(srcdir)/krlogind.c \ - $(srcdir)/v4rcp.c -OBJS= krcp.o krlogin.o krsh.o kcmd.o forward.o compat_recv.o $(SETENVOBJ) \ - login.o krshd.o krlogind.o $(V4RCPO) $(LIBOBJS) + $(srcdir)/forward.c $(srcdir)/login.c $(srcdir)/krshd.c \ + $(srcdir)/krlogind.c +OBJS= krcp.o krlogin.o krsh.o kcmd.o forward.o $(SETENVOBJ) login.o krshd.o \ + krlogind.o $(LIBOBJS) UCB_RLOGIN = @UCB_RLOGIN@ UCB_RSH = @UCB_RSH@ @@ -34,22 +30,19 @@ DEFINES = $(RSH) $(BSD) $(RPROGS) -DKERBEROS \ -DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \ -DHEIMDAL_FRIENDLY -all:: rsh rcp rlogin kshd klogind login.krb5 $(V4RCP) +all:: rsh rcp rlogin kshd klogind login.krb5 clean:: - $(RM) rsh rcp rlogin kshd klogind login.krb5 v4rcp + $(RM) rsh rcp rlogin kshd klogind login.krb5 -rsh: krsh.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o rsh krsh.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB4COMPAT_LIBS) +rsh: krsh.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o rsh krsh.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_LIBS) -rcp: krcp.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o rcp krcp.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB4COMPAT_LIBS) +rcp: krcp.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o rcp krcp.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_LIBS) -v4rcp: v4rcp.o $(SETENVOBJ) $(LIBOBJS) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o v4rcp v4rcp.o $(SETENVOBJ) $(LIBOBJS) $(KRB4COMPAT_LIBS) - -rlogin: krlogin.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o rlogin krlogin.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB4COMPAT_LIBS) +rlogin: krlogin.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o rlogin krlogin.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_LIBS) install:: for f in rsh rcp rlogin; do \ @@ -59,18 +52,12 @@ install:: ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1 \ ) || exit 1; \ done - f=$(V4RCP); \ - if test -n "$$f" ; then $(INSTALL_SETUID) $$f \ - $(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \ - $(INSTALL_DATA) $(srcdir)/$$f.M \ - ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ - fi -kshd: krshd.o kcmd.o forward.o compat_recv.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o kshd krshd.o kcmd.o forward.o compat_recv.o $(SETENVOBJ) $(LIBOBJS) $(KRSHDLIBS) $(PTY_LIB) $(UTIL_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) +kshd: krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) + $(CC_LINK) -o kshd krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRSHDLIBS) $(PTY_LIB) $(UTIL_LIB) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) -klogind: krlogind.o kcmd.o forward.o compat_recv.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o klogind krlogind.o kcmd.o forward.o compat_recv.o $(SETENVOBJ) $(LIBOBJS) $(PTY_LIB) $(UTIL_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) +klogind: krlogind.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) + $(CC_LINK) -o klogind krlogind.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_LIB) $(UTIL_LIB) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) install:: for f in kshd klogind; do \ @@ -84,8 +71,8 @@ install:: # No program name transformation is done with login.krb5 since it is directly # referenced by klogind. # -login.krb5: login.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o login.krb5 login.o $(SETENVOBJ) $(LIBOBJS) $(LOGINLIBS) $(PTY_LIB) $(KRB4COMPAT_LIBS) +login.krb5: login.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o login.krb5 login.o $(SETENVOBJ) $(LIBOBJS) $(LOGINLIBS) $(PTY_LIB) $(KRB5_BASE_LIBS) install:: $(INSTALL_PROGRAM) login.krb5 $(DESTDIR)$(SERVER_BINDIR)/login.krb5 @@ -95,111 +82,3 @@ install:: getdtablesize.o: $(srcdir)/getdtablesize.c kcmd.o krcp.o krlogin.o krlogind.o krsh.o krshd.o forward.o: defines.h -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)krcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h defines.h krcp.c -$(OUTPRE)krlogin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - defines.h krlogin.c rpaths.h -$(OUTPRE)krsh.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - defines.h krsh.c -$(OUTPRE)kcmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - defines.h kcmd.c -$(OUTPRE)forward.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - defines.h forward.c -$(OUTPRE)compat_recv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - compat_recv.c defines.h -$(OUTPRE)login.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - login.c loginpaths.h -$(OUTPRE)krshd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - defines.h krshd.c loginpaths.h -$(OUTPRE)krlogind.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - defines.h krlogind.c -$(OUTPRE)v4rcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/krbports.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rpaths.h v4rcp.c diff --git a/src/appl/bsd/compat_recv.c b/src/appl/bsd/compat_recv.c deleted file mode 100644 index 1e54941e1e..0000000000 --- a/src/appl/bsd/compat_recv.c +++ /dev/null @@ -1,581 +0,0 @@ -/* - * lib/krb5/krb/compat_recv.c - * - * Copyright 1993, 2008 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * convenience sendauth/recvauth functions, with compatibility with V4 - * recvauth. - * - * NOTE: linking in this function will pull in V4 kerberos routines. - * - * WARNING: In the V4-style arguments, the ticket and kdata arguments - * have different types than the V4 recvauth; in V4, they were KTEXT - * and AUTH_DAT *, respectively. Here, they are KTEXT * and AUTH_DAT ** - * and they are allocated by recvauth if and only if we end up talking - * to a V4 sendauth. - */ - -#include "k5-int.h" -#if !defined(_MACINTOSH) -#ifdef KRB5_KRB4_COMPAT -#include -#endif -#include "com_err.h" -#include - -#include -#include - -#include "defines.h" - -#ifdef KRB5_KRB4_COMPAT -static int krb_v4_recvauth(long options, int fd, KTEXT ticket, - char *service, char *instance, - struct sockaddr_in *faddr, - struct sockaddr_in *laddr, - AUTH_DAT *kdata, - char *filename, - Key_schedule schedule, - char *version); -#endif - -#define KRB_V4_SENDAUTH_VERS "AUTHV0.1" /* MUST be 8 chars long */ -#define KRB_V5_SENDAUTH_VERS "KRB5_SENDAUTH_V1.0" - -#define KRB5_RECVAUTH_V4 4 -#define KRB5_RECVAUTH_V5 5 - -#ifdef KRB5_KRB4_COMPAT -krb5_error_code -krb5_compat_recvauth(context, auth_context, - /* IN */ - fdp, appl_version, server, flags, keytab, - v4_options, v4_service, v4_instance, v4_faddr, v4_laddr, - v4_filename, - /* OUT */ - ticket, - auth_sys, v4_kdata, v4_schedule, v4_version) - krb5_context context; - krb5_auth_context *auth_context; - krb5_pointer fdp; - char *appl_version; - krb5_principal server; - krb5_int32 flags; - krb5_keytab keytab; - krb5_ticket ** ticket; - krb5_int32 *auth_sys; - - /* - * Version 4 arguments - */ - krb5_int32 v4_options; /* bit-pattern of options */ - char *v4_service; /* service expected */ - char *v4_instance; /* inst expected (may be filled in) */ - struct sockaddr_in *v4_faddr; /* foreign address */ - struct sockaddr_in *v4_laddr; /* local address */ - AUTH_DAT **v4_kdata; /* kerberos data (returned) */ - char *v4_filename; /* name of file with service keys */ - Key_schedule v4_schedule; /* key schedule (return) */ - char *v4_version; /* version string (filled in) */ -{ - union verslen { - krb5_int32 len; - char vers[4]; - } vers; - char *buf; - int len, length; - krb5_int32 retval; - int fd = *( (int *) fdp); -#ifdef KRB5_KRB4_COMPAT - KTEXT v4_ticket; /* storage for client's ticket */ -#endif - - if ((retval = krb5_net_read(context, fd, vers.vers, 4)) != 4) - return((retval < 0) ? errno : ECONNABORTED); - -#ifdef KRB5_KRB4_COMPAT - if (!strncmp(vers.vers, KRB_V4_SENDAUTH_VERS, 4)) { - /* - * We must be talking to a V4 sendauth; read in the - * rest of the version string and make sure. - */ - if ((retval = krb5_net_read(context, fd, vers.vers, 4)) != 4) - return((retval < 0) ? errno : ECONNABORTED); - - if (strncmp(vers.vers, KRB_V4_SENDAUTH_VERS+4, 4)) - return KRB5_SENDAUTH_BADAUTHVERS; - - *auth_sys = KRB5_RECVAUTH_V4; - - *v4_kdata = (AUTH_DAT *) malloc( sizeof(AUTH_DAT) ); - v4_ticket = (KTEXT) malloc(sizeof(KTEXT_ST)); - - retval = krb_v4_recvauth(v4_options, fd, v4_ticket, - v4_service, v4_instance, v4_faddr, - v4_laddr, *v4_kdata, v4_filename, - v4_schedule, v4_version); - krb5_xfree(v4_ticket); - /* - * XXX error code translation? - */ - switch (retval) { - case RD_AP_OK: - return 0; - case RD_AP_TIME: - return KRB5KRB_AP_ERR_SKEW; - case RD_AP_EXP: - return KRB5KRB_AP_ERR_TKT_EXPIRED; - case RD_AP_NYV: - return KRB5KRB_AP_ERR_TKT_NYV; - case RD_AP_NOT_US: - return KRB5KRB_AP_ERR_NOT_US; - case RD_AP_UNDEC: - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - case RD_AP_REPEAT: - return KRB5KRB_AP_ERR_REPEAT; - case RD_AP_MSG_TYPE: - return KRB5KRB_AP_ERR_MSG_TYPE; - case RD_AP_MODIFIED: - return KRB5KRB_AP_ERR_MODIFIED; - case RD_AP_ORDER: - return KRB5KRB_AP_ERR_BADORDER; - case RD_AP_BADD: - return KRB5KRB_AP_ERR_BADADDR; - default: - return KRB5_SENDAUTH_BADRESPONSE; - } - } -#endif - - /* - * Assume that we're talking to a V5 recvauth; read in the - * the version string, and make sure it matches. - */ - - len = (int) ntohl(vers.len); - - if (len < 0 || len > 255) - return KRB5_SENDAUTH_BADAUTHVERS; - - buf = malloc((unsigned) len); - if (!buf) - return ENOMEM; - - length = krb5_net_read(context, fd, buf, len); - if (len != length) { - krb5_xfree(buf); - if (len < 0) - return errno; - else - return ECONNABORTED; - } - - if (strcmp(buf, KRB_V5_SENDAUTH_VERS)) { - krb5_xfree(buf); - return KRB5_SENDAUTH_BADAUTHVERS; - } - krb5_xfree(buf); - - *auth_sys = KRB5_RECVAUTH_V5; - - retval = krb5_recvauth(context, auth_context, fdp, appl_version, server, - flags | KRB5_RECVAUTH_SKIP_VERSION, - keytab, ticket); - - return retval; -} - -krb5_error_code -krb5_compat_recvauth_version(context, auth_context, - /* IN */ - fdp, server, flags, keytab, - v4_options, v4_service, v4_instance, v4_faddr, - v4_laddr, - v4_filename, - /* OUT */ - ticket, - auth_sys, v4_kdata, v4_schedule, - version) - krb5_context context; - krb5_auth_context *auth_context; - krb5_pointer fdp; - krb5_principal server; - krb5_int32 flags; - krb5_keytab keytab; - krb5_ticket ** ticket; - krb5_int32 *auth_sys; - - /* - * Version 4 arguments - */ - krb5_int32 v4_options; /* bit-pattern of options */ - char *v4_service; /* service expected */ - char *v4_instance; /* inst expected (may be filled in) */ - struct sockaddr_in *v4_faddr; /* foreign address */ - struct sockaddr_in *v4_laddr; /* local address */ - AUTH_DAT **v4_kdata; /* kerberos data (returned) */ - char *v4_filename; /* name of file with service keys */ - Key_schedule v4_schedule; /* key schedule (return) */ - krb5_data *version; /* application version filled in */ -{ - union verslen { - krb5_int32 len; - char vers[4]; - } vers; - char *buf; - int len, length; - krb5_int32 retval; - int fd = *( (int *) fdp); -#ifdef KRB5_KRB4_COMPAT - KTEXT v4_ticket; /* storage for client's ticket */ -#endif - - if ((retval = krb5_net_read(context, fd, vers.vers, 4)) != 4) - return((retval < 0) ? errno : ECONNABORTED); - -#ifdef KRB5_KRB4_COMPAT - if (v4_faddr->sin_family == AF_INET - && !strncmp(vers.vers, KRB_V4_SENDAUTH_VERS, 4)) { - /* - * We must be talking to a V4 sendauth; read in the - * rest of the version string and make sure. - */ - if ((retval = krb5_net_read(context, fd, vers.vers, 4)) != 4) - return((retval < 0) ? errno : ECONNABORTED); - - if (strncmp(vers.vers, KRB_V4_SENDAUTH_VERS+4, 4)) - return KRB5_SENDAUTH_BADAUTHVERS; - - *auth_sys = KRB5_RECVAUTH_V4; - - *v4_kdata = (AUTH_DAT *) malloc( sizeof(AUTH_DAT) ); - v4_ticket = (KTEXT) malloc(sizeof(KTEXT_ST)); - - version->length = KRB_SENDAUTH_VLEN; /* no trailing \0! */ - version->data = malloc (KRB_SENDAUTH_VLEN + 1); - version->data[KRB_SENDAUTH_VLEN] = 0; - if (version->data == 0) - return ENOMEM; - retval = krb_v4_recvauth(v4_options, fd, v4_ticket, - v4_service, v4_instance, v4_faddr, - v4_laddr, *v4_kdata, v4_filename, - v4_schedule, version->data); - krb5_xfree(v4_ticket); - /* - * XXX error code translation? - */ - switch (retval) { - case RD_AP_OK: - return 0; - case RD_AP_TIME: - return KRB5KRB_AP_ERR_SKEW; - case RD_AP_EXP: - return KRB5KRB_AP_ERR_TKT_EXPIRED; - case RD_AP_NYV: - return KRB5KRB_AP_ERR_TKT_NYV; - case RD_AP_NOT_US: - return KRB5KRB_AP_ERR_NOT_US; - case RD_AP_UNDEC: - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - case RD_AP_REPEAT: - return KRB5KRB_AP_ERR_REPEAT; - case RD_AP_MSG_TYPE: - return KRB5KRB_AP_ERR_MSG_TYPE; - case RD_AP_MODIFIED: - return KRB5KRB_AP_ERR_MODIFIED; - case RD_AP_ORDER: - return KRB5KRB_AP_ERR_BADORDER; - case RD_AP_BADD: - return KRB5KRB_AP_ERR_BADADDR; - default: - return KRB5_SENDAUTH_BADRESPONSE; - } - } -#endif - - /* - * Assume that we're talking to a V5 recvauth; read in the - * the version string, and make sure it matches. - */ - - len = (int) ntohl(vers.len); - - if (len < 0 || len > 255) - return KRB5_SENDAUTH_BADAUTHVERS; - - buf = malloc((unsigned) len); - if (!buf) - return ENOMEM; - - length = krb5_net_read(context, fd, buf, len); - if (len != length) { - krb5_xfree(buf); - if (len < 0) - return errno; - else - return ECONNABORTED; - } - - if (strcmp(buf, KRB_V5_SENDAUTH_VERS)) { - krb5_xfree(buf); - return KRB5_SENDAUTH_BADAUTHVERS; - } - krb5_xfree(buf); - - *auth_sys = KRB5_RECVAUTH_V5; - - retval = krb5_recvauth_version(context, auth_context, fdp, server, - flags | KRB5_RECVAUTH_SKIP_VERSION, - keytab, ticket, version); - - return retval; -} -#endif /* KRB5_KRB4_COMPAT */ - - -#ifndef max -#define max(a,b) (((a) > (b)) ? (a) : (b)) -#endif /* max */ - -#ifdef KRB5_KRB4_COMPAT -static int -krb_v4_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata, - filename, schedule, version) -long options; /* bit-pattern of options */ -int fd; /* file descr. to read from */ -KTEXT ticket; /* storage for client's ticket */ -char *service; /* service expected */ -char *instance; /* inst expected (may be filled in) */ -struct sockaddr_in *faddr; /* address of foreign host on fd */ -struct sockaddr_in *laddr; /* local address */ -AUTH_DAT *kdata; /* kerberos data (returned) */ -char *filename; /* name of file with service keys */ -Key_schedule schedule; /* key schedule (return) */ -char *version; /* version string (filled in) */ -{ - int cc, old_vers = 0; - int rem; - krb5_int32 tkt_len, priv_len; - krb5_ui_4 cksum; - u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; - - /* read the application version string */ - if ((krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != - KRB_SENDAUTH_VLEN)) - return(errno); - version[KRB_SENDAUTH_VLEN] = '\0'; - - /* get the length of the ticket */ - if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) != - sizeof(tkt_len)) - return(errno); - - /* sanity check */ - ticket->length = ntohl((unsigned long)tkt_len); - if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) { - if (options & KOPT_DO_MUTUAL) { - rem = KFAILURE; - goto mutual_fail; - } else - return(KFAILURE); /* XXX there may still be junk on the fd? */ - } - - /* read the ticket */ - if (krb_net_read(fd, (char *) ticket->dat, ticket->length) - != ticket->length) - return(errno); - - /* - * now have the ticket. decrypt it to get the authenticated - * data. - */ - rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr, - kdata,filename); - - if (old_vers) return(rem); /* XXX can't do mutual with old client */ - - /* if we are doing mutual auth, compose a response */ - if (options & KOPT_DO_MUTUAL) { - if (rem != KSUCCESS) - /* the krb_rd_req failed */ - goto mutual_fail; - - /* add one to the (formerly) sealed checksum, and re-seal it - for return to the client */ - cksum = kdata->checksum + 1; - cksum = htonl(cksum); -#ifndef NOENCRYPTION - key_sched(kdata->session,schedule); -#endif /* !NOENCRYPTION */ - priv_len = krb_mk_priv((unsigned char *)&cksum, - tmp_buf, - (unsigned long) sizeof(cksum), - schedule, - &kdata->session, - laddr, - faddr); - if (priv_len < 0) { - /* re-sealing failed; notify the client */ - rem = KFAILURE; /* XXX */ -mutual_fail: - priv_len = -1; - tkt_len = htonl((unsigned long) priv_len); - /* a length of -1 is interpreted as an authentication - failure by the client */ - if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len))) - != sizeof(tkt_len)) - return(cc); - return(rem); - } else { - /* re-sealing succeeded, send the private message */ - tkt_len = htonl((unsigned long)priv_len); - if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len))) - != sizeof(tkt_len)) - return(cc); - if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len)) - != (int) priv_len) - return(cc); - } - } - return(rem); -} -#endif -#endif - -#ifdef HAVE_SYS_SELECT_H -#include -#endif -#include "port-sockets.h" - -int -accept_a_connection (int debug_port, struct sockaddr *from, - socklen_t *fromlenp) -{ - int n, s, fd, s4 = -1, s6 = -1, on = 1; - fd_set sockets; - - FD_ZERO(&sockets); - -#ifdef KRB5_USE_INET6 - { - struct sockaddr_in6 sock_in6; - - if ((s = socket(AF_INET6, SOCK_STREAM, PF_UNSPEC)) < 0) { - if ((errno == EPROTONOSUPPORT) || (errno == EAFNOSUPPORT)) - goto skip_ipv6; - fprintf(stderr, "Error in socket(INET6): %s\n", strerror(errno)); - exit(2); - } - - memset((char *) &sock_in6, 0,sizeof(sock_in6)); - sock_in6.sin6_family = AF_INET6; - sock_in6.sin6_port = htons(debug_port); - sock_in6.sin6_addr = in6addr_any; - - (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, - (char *)&on, sizeof(on)); - - if ((bind(s, (struct sockaddr *) &sock_in6, sizeof(sock_in6))) < 0) { - fprintf(stderr, "Error in bind(INET6): %s\n", strerror(errno)); - exit(2); - } - - if ((listen(s, 5)) < 0) { - fprintf(stderr, "Error in listen(INET6): %s\n", strerror(errno)); - exit(2); - } - s6 = s; - FD_SET(s, &sockets); - skip_ipv6: - ; - } -#endif - - { - struct sockaddr_in sock_in; - - if ((s = socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) < 0) { - fprintf(stderr, "Error in socket: %s\n", strerror(errno)); - exit(2); - } - - memset((char *) &sock_in, 0,sizeof(sock_in)); - sock_in.sin_family = AF_INET; - sock_in.sin_port = htons(debug_port); - sock_in.sin_addr.s_addr = INADDR_ANY; - - (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, - (char *)&on, sizeof(on)); - - if ((bind(s, (struct sockaddr *) &sock_in, sizeof(sock_in))) < 0) { - if (s6 >= 0 && errno == EADDRINUSE) - goto try_ipv6_only; - fprintf(stderr, "Error in bind: %s\n", strerror(errno)); - exit(2); - } - - if ((listen(s, 5)) < 0) { - fprintf(stderr, "Error in listen: %s\n", strerror(errno)); - exit(2); - } - s4 = s; - FD_SET(s, &sockets); - try_ipv6_only: - ; - } - if (s4 == -1 && s6 == -1) { - fprintf(stderr, "No valid sockets established, exiting\n"); - exit(2); - } - n = select(((s4 < s6) ? s6 : s4) + 1, &sockets, 0, 0, 0); - if (n < 0) { - fprintf(stderr, "select error: %s\n", strerror(errno)); - exit(2); - } else if (n == 0) { - fprintf(stderr, "internal error? select returns 0\n"); - exit(2); - } - if (s6 != -1 && FD_ISSET(s6, &sockets)) { - if (s4 != -1) - close(s4); - s = s6; - } else if (FD_ISSET(s4, &sockets)) { - if (s6 != -1) - close(s6); - s = s4; - } else { - fprintf(stderr, - "internal error? select returns positive, " - "but neither fd available\n"); - exit(2); - } - - if ((fd = accept(s, from, fromlenp)) < 0) { - fprintf(stderr, "Error in accept: %s\n", strerror(errno)); - exit(2); - } - - close(s); - return fd; -} diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in index 5c70d8b2b2..330c87d514 100644 --- a/src/appl/bsd/configure.in +++ b/src/appl/bsd/configure.in @@ -42,30 +42,15 @@ alpha*-dec-osf*) ;; esac dnl -dnl krshd does not use krb524... -dnl KRSHDLIBS="$LOGINLIBS" -dnl -if test "$with_krb4" = "" || test "$with_krb4" = no; then - AC_MSG_RESULT(no krb4 support) - V4RCP= - V4RCPO= -else - AC_MSG_RESULT(Adding in krb4 rcp support) - V4RCP=v4rcp - V4RCPO=v4rcp.o -fi -dnl dnl AC_SUBST(KRSHDLIBS) AC_SUBST(LOGINLIBS) -AC_SUBST(V4RCP) -AC_SUBST(V4RCPO) dnl AC_FUNC_VFORK AC_TYPE_MODE_T AC_CHECK_FUNCS(isatty inet_aton getenv gettosbyname killpg initgroups setpriority setreuid setresuid waitpid setsid ptsname setlogin tcgetpgrp tcsetpgrp setpgid strsave utimes rmufile rresvport_af) -AC_CHECK_HEADERS(unistd.h stdlib.h string.h sys/filio.h sys/sockio.h sys/label.h sys/tty.h ttyent.h lastlog.h sys/select.h sys/ptyvar.h utmp.h sys/time.h krb4-proto.h sys/ioctl_compat.h paths.h arpa/nameser.h) +AC_CHECK_HEADERS(unistd.h stdlib.h string.h sys/filio.h sys/sockio.h sys/label.h sys/tty.h ttyent.h lastlog.h sys/select.h sys/ptyvar.h utmp.h sys/time.h sys/ioctl_compat.h paths.h arpa/nameser.h) AC_HEADER_STDARG AC_REPLACE_FUNCS(getdtablesize) dnl @@ -168,17 +153,7 @@ K5_AC_CHECK_FILES(/etc/environment /etc/TIMEZONE) dnl dnl AC_C_CONST -if test "$krb5_cv_build_krb4_libs" = yes; then - AC_DEFINE(HAVE_KRB_GET_ERR_TEXT) - AC_DEFINE(HAVE_KRB_SAVE_CREDENTIALS) -else - oldlibs=$LIBS - LIBS=" $KRB4_LIB -lkrb5 -lcrypto -lcom_err" - AC_CHECK_FUNCS(krb_get_err_text krb_save_credentials) - LIBS=$oldlibs -fi -AC_CHECK_HEADERS(krb4-proto.h) KRB5_AC_LIBUTIL KRB5_BUILD_PROGRAM V5_AC_OUTPUT_MAKEFILE diff --git a/src/appl/bsd/defines.h b/src/appl/bsd/defines.h index ac7948ab96..d04182bb9c 100644 --- a/src/appl/bsd/defines.h +++ b/src/appl/bsd/defines.h @@ -44,18 +44,6 @@ extern void rcmd_stream_init_krb5 (krb5_keyblock *in_keyblock, extern void rcmd_stream_init_normal(void); -#if defined(KRB5_KRB4_COMPAT) && !defined(SKIP_V4_PROTO) -extern void rcmd_stream_init_krb4(C_Block, int, int, int); - -extern int k4cmd(int *sock, char **ahost, unsigned int rport, - char *locuser, - char *remuser, char *cmd, int *fd2p, KTEXT ticket, - char *service, char *realm, CREDENTIALS *cred, - Key_schedule schedule, MSG_DAT *msg_data, - struct sockaddr_in *laddr, struct sockaddr_in *faddr, - long authopts, int anyport); -#endif - #ifndef HAVE_STRSAVE extern char *strsave(const char *sp); #endif @@ -95,6 +83,3 @@ krb5_compat_recvauth_version(krb5_context, krb5_auth_context *, #endif #include "port-sockets.h" - -int accept_a_connection (int debug_port, struct sockaddr *from, - socklen_t *fromlenp); diff --git a/src/appl/bsd/deps b/src/appl/bsd/deps new file mode 100644 index 0000000000..f86eafa864 --- /dev/null +++ b/src/appl/bsd/deps @@ -0,0 +1,78 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)krcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + defines.h krcp.c +$(OUTPRE)krlogin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h defines.h krlogin.c \ + rpaths.h +$(OUTPRE)krsh.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h defines.h krsh.c +$(OUTPRE)kcmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h defines.h kcmd.c +$(OUTPRE)forward.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h defines.h forward.c +$(OUTPRE)login.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h login.c loginpaths.h +$(OUTPRE)krshd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h defines.h krshd.c \ + loginpaths.h +$(OUTPRE)krlogind.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h defines.h krlogind.c diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c index 53f67e667c..1ac2a2a2e4 100644 --- a/src/appl/bsd/forward.c +++ b/src/appl/bsd/forward.c @@ -27,7 +27,6 @@ #include "k5-int.h" -#define SKIP_V4_PROTO /* To skip the krb4 prototypes */ #include "defines.h" /* Decode, decrypt and store the forwarded creds in the local ccache. */ @@ -54,7 +53,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache) * the rlogind or rshd. Set the environment variable as well. */ - sprintf(ccname, "FILE:/tmp/krb5cc_p%ld", (long) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_p%ld", (long) getpid()); setenv("KRB5CCNAME", ccname, 1); retval = krb5_cc_resolve(context, ccname, ccache); diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 64da72f708..c4212b302f 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -90,16 +90,10 @@ #include #include "k5-int.h" -#ifdef KRB5_KRB4_COMPAT -#include -#endif #include "defines.h" extern krb5_context bsd_context; -#ifdef KRB5_KRB4_COMPAT -extern Key_schedule v4_schedule; -#endif #define START_PORT 5120 /* arbitrary */ @@ -140,27 +134,8 @@ static char *store_ptr = storage; static int twrite(int, char *, size_t, int); static int v5_des_read(int, char *, size_t, int), v5_des_write(int, char *, size_t, int); -#ifdef KRB5_KRB4_COMPAT -static int v4_des_read(int, char *, size_t, int), - v4_des_write(int, char *, size_t, int); -static C_Block v4_session; -static int right_justify; -#endif static int do_lencheck; -#ifdef KRB5_KRB4_COMPAT -extern int -krb_sendauth(long options, int fd, KTEXT ticket, - char *service, char *inst, char *realm, - unsigned KRB4_32 checksum, - MSG_DAT *msg_data, - CREDENTIALS *cred, - Key_schedule schedule, - struct sockaddr_in *laddr, - struct sockaddr_in *faddr, - char *version); -#endif - #ifdef POSIX_SIGNALS typedef sigset_t masktype; #else @@ -205,7 +180,7 @@ kcmd_connect (int *sp, int *addrfamilyp, struct sockaddr_in *sockinp, fprintf(stderr, "can't connect to %s port 0\n", hname); return -1; } - sprintf(rport_buf, "%d", ntohs(rport)); + snprintf(rport_buf, sizeof(rport_buf), "%d", ntohs(rport)); memset(&aihints, 0, sizeof(aihints)); aihints.ai_socktype = SOCK_STREAM; aihints.ai_flags = AI_CANONNAME; @@ -334,7 +309,7 @@ setup_secondary_channel (int s, int *fd2p, int *lportp, int *addrfamilyp, FD_SET(s, &xfds); listen(s2, 1); FD_SET(s2, &rfds); - (void) sprintf(num, "%d", *lportp); + (void) snprintf(num, sizeof(num), "%d", *lportp); slen = strlen(num)+1; if (write(s, num, slen) != slen) { perror("write: setting up stderr"); @@ -424,13 +399,10 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, enum kcmd_proto protonum = *protonump; int addrfamily = /* AF_INET */0; - if ((cksumbuf = malloc(strlen(cmd)+strlen(remuser)+64)) == 0 ) { + if (asprintf(&cksumbuf, "%u:%s%s", ntohs(rport), cmd, remuser) < 0) { fprintf(stderr, "Unable to allocate memory for checksum buffer.\n"); return(-1); } - sprintf(cksumbuf, "%u:", ntohs(rport)); - strcat(cksumbuf, cmd); - strcat(cksumbuf, remuser); cksumdat.data = cksumbuf; cksumdat.length = strlen(cksumbuf); @@ -634,133 +606,6 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, } - -#ifdef KRB5_KRB4_COMPAT -int -k4cmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, ticket, service, realm, - cred, schedule, msg_data, laddr, faddr, authopts, anyport) - int *sock; - char **ahost; - unsigned int rport; - char *locuser, *remuser, *cmd; - int *fd2p; - KTEXT ticket; - char *service; - char *realm; - CREDENTIALS *cred; - Key_schedule schedule; - MSG_DAT *msg_data; - struct sockaddr_in *laddr, *faddr; - long authopts; - int anyport; -{ - int s; - masktype oldmask; - struct sockaddr_in sockin, from; - char c; - int lport = START_PORT; - int rc; - char *host_save; - int status; - int addrfamily = AF_INET; - - block_urgent(&oldmask); - if (kcmd_connect (&s, &addrfamily, &sockin, *ahost, &host_save, rport, &lport, laddr) == -1) { - restore_sigs(&oldmask); - return -1; - } - *ahost = host_save; - /* If realm is null, look up from table */ - if ((realm == NULL) || (realm[0] == '\0')) { - realm = krb_realmofhost(host_save); - } - lport--; - status = setup_secondary_channel(s, fd2p, &lport, &addrfamily, &from, - anyport); - if (status) - goto bad; - - /* set up the needed stuff for mutual auth */ - *faddr = sockin; - - status = krb_sendauth(authopts, s, ticket, service, *ahost, - realm, (unsigned long) getpid(), msg_data, - cred, schedule, laddr, faddr, "KCMDV0.1"); - if (status != KSUCCESS) { - fprintf(stderr, "krb_sendauth failed: %s\n", krb_get_err_text(status)); - status = -1; - goto bad2; - } - (void) write(s, remuser, strlen(remuser)+1); - (void) write(s, cmd, strlen(cmd)+1); - -reread: - if ((rc=read(s, &c, 1)) != 1) { - if (rc==-1) { - perror(*ahost); - } else { - fprintf(stderr,"rcmd: bad connection with remote host\n"); - } - status = -1; - goto bad2; - } - if (c != 0) { - /* If rlogind was compiled on SunOS4, and it somehow - got the shared library version numbers wrong, it - may give an ld.so warning about an old version of a - shared library. Just ignore any such warning. - Note that the warning is a characteristic of the - server; we may not ourselves be running under - SunOS4. */ - if (c == 'l') { - char *check = "d.so: warning:"; - char *p; - char cc; - - p = check; - while (read(s, &c, 1) == 1) { - if (*p == '\0') { - if (c == '\n') - break; - } else { - if (c != *p) - break; - ++p; - } - } - - if (*p == '\0') - goto reread; - - cc = 'l'; - (void) write(2, &cc, 1); - if (p != check) - (void) write(2, check, (unsigned) (p - check)); - } - - (void) write(2, &c, 1); - while (read(s, &c, 1) == 1) { - (void) write(2, &c, 1); - if (c == '\n') - break; - } - status = -1; - goto bad2; - } - restore_sigs(&oldmask); - *sock = s; - return (KSUCCESS); - bad2: - if (lport) - (void) close(*fd2p); - bad: - (void) close(s); - restore_sigs(&oldmask); - return (status); -} -#endif /* KRB5_KRB4_COMPAT */ - - static int setup_socket (struct sockaddr *sa, GETSOCKNAME_ARG3_TYPE len) { @@ -940,25 +785,6 @@ void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck, am_client, abort(); } -#ifdef KRB5_KRB4_COMPAT -void rcmd_stream_init_krb4(session, encrypt_flag, lencheck, justify) - C_Block session; - int encrypt_flag; - int lencheck; - int justify; -{ - if (!encrypt_flag) { - rcmd_stream_init_normal(); - return; - } - do_lencheck = lencheck; - right_justify = justify; - input = v4_des_read; - output = v4_des_write; - memcpy(v4_session, session, sizeof(v4_session)); -} -#endif - int rcmd_stream_read(fd, buf, len, sec) int fd; register char *buf; @@ -1014,7 +840,6 @@ static int v5_des_read(fd, buf, len, secondary) nstored = 0; } - /* See the comment in v4_des_read. */ while (1) { cc = krb5_net_read(bsd_context, fd, &c, 1); /* we should check for non-blocking here, but we'd have @@ -1153,162 +978,6 @@ static int v5_des_write(fd, buf, len, secondary) } - -#ifdef KRB5_KRB4_COMPAT - -static int -v4_des_read(fd, buf, len, secondary) -int fd; -char *buf; -size_t len; -int secondary; -{ - int nreturned = 0; - krb5_ui_4 net_len, rd_len; - int cc; - unsigned char c; - - if (nstored >= len) { - memcpy(buf, store_ptr, len); - store_ptr += len; - nstored -= len; - return(len); - } else if (nstored) { - memcpy(buf, store_ptr, nstored); - nreturned += nstored; - buf += nstored; - len -= nstored; - nstored = 0; - } - - /* We're fetching the length which is MSB first, and the MSB - has to be zero unless the client is sending more than 2^24 - (16M) bytes in a single write (which is why this code is used - in rlogin but not rcp or rsh.) The only reasons we'd get - something other than zero are: - -- corruption of the tcp stream (which will show up when - everything else is out of sync too) - -- un-caught Berkeley-style "pseudo out-of-band data" which - happens any time the user hits ^C twice. - The latter is *very* common, as shown by an 'rlogin -x -d' - using the CNS V4 rlogin. Mark EIchin 1/95 - */ - while (1) { - cc = krb_net_read(fd, &c, 1); - if (cc <= 0) return cc; /* read error */ - if (cc == 1) { - if (c == 0 || !do_lencheck) break; - } - } - - net_len = c; - if ((cc = krb_net_read(fd, &c, 1)) != 1) return 0; - net_len = (net_len << 8) | c; - if ((cc = krb_net_read(fd, &c, 1)) != 1) return 0; - net_len = (net_len << 8) | c; - if ((cc = krb_net_read(fd, &c, 1)) != 1) return 0; - net_len = (net_len << 8) | c; - - /* Note: net_len is unsigned */ - if (net_len > sizeof(des_inbuf)) { - errno = EIO; - return(-1); - } - /* the writer tells us how much real data we are getting, but - we need to read the pad bytes (8-byte boundary) */ - rd_len = roundup(net_len, 8); - if ((cc = krb_net_read(fd, des_inbuf, rd_len)) != rd_len) { - errno = EIO; - return(-1); - } - (void) pcbc_encrypt((des_cblock *) des_inbuf, - (des_cblock *) storage, - (int) ((net_len < 8) ? 8 : net_len), - v4_schedule, - &v4_session, - DECRYPT); - /* - * when the cleartext block is < 8 bytes, it is "right-justified" - * in the block, so we need to adjust the pointer to the data - */ - if (net_len < 8 && right_justify) - store_ptr = storage + 8 - net_len; - else - store_ptr = storage; - nstored = net_len; - if (nstored > len) { - memcpy(buf, store_ptr, len); - nreturned += len; - store_ptr += len; - nstored -= len; - } else { - memcpy(buf, store_ptr, nstored); - nreturned += nstored; - nstored = 0; - } - - return(nreturned); -} - -static int -v4_des_write(fd, buf, len, secondary) -int fd; -char *buf; -size_t len; -int secondary; -{ - static char garbage_buf[8]; - unsigned char *len_buf = (unsigned char *) des_outpkt; - - /* - * pcbc_encrypt outputs in 8-byte (64 bit) increments - * - * it zero-fills the cleartext to 8-byte padding, - * so if we have cleartext of < 8 bytes, we want - * to insert random garbage before it so that the ciphertext - * differs for each transmission of the same cleartext. - * if len < 8 - sizeof(long), sizeof(long) bytes of random - * garbage should be sufficient; leave the rest as-is in the buffer. - * if len > 8 - sizeof(long), just garbage fill the rest. - */ - -#ifdef min -#undef min -#endif -#define min(a,b) ((a < b) ? a : b) - - if (len < 8) { - if (right_justify) { - krb5_random_confounder(8 - len, garbage_buf); - /* this "right-justifies" the data in the buffer */ - (void) memcpy(garbage_buf + 8 - len, buf, len); - } else { - krb5_random_confounder(8 - len, garbage_buf + len); - (void) memcpy(garbage_buf, buf, len); - } - } - (void) pcbc_encrypt((des_cblock *) ((len < 8) ? garbage_buf : buf), - (des_cblock *) (des_outpkt+4), - (int) ((len < 8) ? 8 : len), - v4_schedule, - &v4_session, - ENCRYPT); - - /* tell the other end the real amount, but send an 8-byte padded - packet */ - len_buf[0] = (len & 0xff000000) >> 24; - len_buf[1] = (len & 0xff0000) >> 16; - len_buf[2] = (len & 0xff00) >> 8; - len_buf[3] = (len & 0xff); - if (write(fd, des_outpkt, roundup(len,8)+4) != roundup(len,8)+4) { - errno = EIO; - return(-1); - } - return(len); -} - -#endif /* KRB5_KRB4_COMPAT */ - #ifndef HAVE_STRSAVE /* Strsave was a routine in the version 4 krb library: we put it here for compatablilty with version 5 krb library, since kcmd.o is linked @@ -1320,11 +989,10 @@ strsave(sp) { register char *ret; - if((ret = (char *) malloc((unsigned) strlen(sp)+1)) == NULL) { + if((ret = strdup(sp)) == NULL) { fprintf(stderr, "no memory for saving args\n"); exit(1); } - (void) strcpy(ret,sp); return(ret); } #endif diff --git a/src/appl/bsd/klogind.M b/src/appl/bsd/klogind.M index de4cd342e9..574ae67b17 100644 --- a/src/appl/bsd/klogind.M +++ b/src/appl/bsd/klogind.M @@ -10,7 +10,7 @@ klogind \- remote login server .SH SYNOPSIS .B klogind [ -.B \-kr54cpPef +.B \-rcpPef ] [[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ] [ \fB\-D\fP \fIport\fP ] @@ -40,37 +40,19 @@ Check authorization via the access-control files \fI.k5login\fP and Prompt for password if any checks fail and the \fI-p\fP option was supplied. .PP If the authentication succeeds, login the user by calling the accompanying -login.krb5 or /bin/login, according to the definition of -DO_NOT_USE_K_LOGIN. +login.krb5. +.PP +klogind allows Kerberos V5 authentication with the \fI.k5login\fP +access control file to be trusted. If this authorization check is +passed, then the user is allowed to log in. If the user has no +\fI.k5login\fP file, the login will be authorized if the results of +krb5_aname_to_localname conversion matches the account name. Unless +special rules are configured, this will be true if and only if the +Kerberos principal of the connecting user is in the default local +realm and the principal portion matches the account name. .PP The configuration of \fIklogind\fP is done by command line arguments passed by inetd. The options are: -.IP \fB\-5\fP 10 -Allow Kerberos V5 authentication with the \fI.k5login\fP access control -file to be trusted. If this authentication system is used by the client -and the authorization check is passed, then the user is allowed to log in. -If the user has no \fI.k5login\fP file, the login will be authorized if -the results of krb5_aname_to_localname conversion matches the account -name. Unless special rules are configured, this will be true if and only -if the Kerberos principal of the connecting user is in the default local -realm and the principal portion matches the account name. - -.IP \fB\-4\fP -Allow Kerberos V4 authentication with the \fI.klogin\fP access control -file to be trusted. If this authentication system is used by the client -and the authorization check is passed, then the user is allowed to log -in. - -.IP \fB\-k\fP -Allow Kerberos V5 and Kerberos V4 as acceptable authentication -mechanisms. This is the same as including \fB\-4\fP and \fB\-5\fP. - - -.IP \fB\-p\fP - If all other authorization checks fail, prompt the user -for a password If this option is not included, access is denied -without successful authentication and authorization using one of the -previous mechanisms. .IP \fB\-P\fP Prompt the user for a password. @@ -82,15 +64,13 @@ Create an encrypted session. .IP \fB\-c\fP Require Kerberos V5 clients to present a cryptographic checksum of -initial connection information like the name of the user that the client -is trying to access in the initial authenticator. This checksum -provides additionl security by preventing an attacker from changing the -initial connection information. To benefit from this security, only -Kerberos V5 should be trusted; Kerberos V4 and rhosts authentication do -not include this checksum. If this option is specified, older Kerberos -V5 clients that do not send a checksum in the authenticator will not be -able to authenticate to this server. This option is mutually exclusive -with the \fB-i\fP option. +initial connection information like the name of the user that the +client is trying to access in the initial authenticator. This +checksum provides additionl security by preventing an attacker from +changing the initial connection information. If this option is +specified, older Kerberos V5 clients that do not send a checksum in +the authenticator will not be able to authenticate to this server. +This option is mutually exclusive with the \fB-i\fP option. If neither the \fB-c\fP or \fB-i\fP options are specified,then checksums are validated if presented. Since it is difficult to remove diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index a24dde0fb4..07a747b105 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -68,30 +68,18 @@ char copyright[] = #include #include -#ifdef KRB5_KRB4_COMPAT -#include -#endif - #include "defines.h" #define RCP_BUFSIZ 4096 int sock; -struct sockaddr_in local, foreign; /* set up by kcmd used by v4_send_auth */ char *krb_realm = NULL; char *krb_cache = NULL; char *krb_config = NULL; krb5_encrypt_block eblock; /* eblock for encrypt/decrypt */ krb5_context bsd_context; -#ifdef KRB5_KRB4_COMPAT -Key_schedule v4_schedule; -CREDENTIALS v4_cred; -KTEXT_ST v4_ticket; -MSG_DAT v4_msg_data; -#endif - -void v4_send_auth(char *, char *), try_normal(char **); +void try_normal(char **); char **save_argv(int, char **); #ifndef HAVE_STRSAVE char *strsave(); @@ -146,7 +134,6 @@ int main(argc, argv) char *targ, *host, *src; char *suser, *tuser, *thost; int i; - unsigned int cmdsiz = 30; char buf[RCP_BUFSIZ], cmdbuf[30]; char *cmd = cmdbuf; struct servent *sp; @@ -206,31 +193,28 @@ int main(argc, argv) argc--, argv++; if (argc == 0) usage(); - if(!(krb_realm = (char *)malloc(strlen(*argv) + 1))){ + if(!(krb_realm = strdup(*argv))){ fprintf(stderr, "rcp: Cannot malloc.\n"); exit(1); } - strcpy(krb_realm, *argv); goto next_arg; case 'c': /* Change default ccache file */ argc--, argv++; if (argc == 0) usage(); - if(!(krb_cache = (char *)malloc(strlen(*argv) + 1))){ + if(!(krb_cache = strdup(*argv))){ fprintf(stderr, "rcp: Cannot malloc.\n"); exit(1); } - strcpy(krb_cache, *argv); goto next_arg; case 'C': /* Change default config file */ argc--, argv++; if (argc == 0) usage(); - if(!(krb_config = (char *)malloc(strlen(*argv) + 1))){ + if(!(krb_config = strdup(*argv))){ fprintf(stderr, "rcp: Cannot malloc.\n"); exit(1); } - strcpy(krb_config, *argv); goto next_arg; case 'P': if (!strcmp (*argv, "O")) @@ -302,33 +286,25 @@ int main(argc, argv) } #ifdef KERBEROS - if (krb_realm != NULL) - cmdsiz += strlen(krb_realm); - if (krb_cache != NULL) - cmdsiz += strlen(krb_cache); - if (krb_config != NULL) - cmdsiz += strlen(krb_config); - - if ((cmd = (char *)malloc(cmdsiz)) == NULL) { + if (asprintf(&cmd, "%srcp %s%s%s%s%s%s%s%s%s", + encryptflag ? "-x " : "", + + iamrecursive ? " -r" : "", pflag ? " -p" : "", + targetshouldbedirectory ? " -d" : "", + krb_realm != NULL ? " -k " : "", + krb_realm != NULL ? krb_realm : "", + krb_cache != NULL ? " -c " : "", + krb_cache != NULL ? krb_cache : "", + krb_config != NULL ? " -C " : "", + krb_config != NULL ? krb_config : "") < 0) { fprintf(stderr, "rcp: Cannot malloc.\n"); exit(1); } - (void) sprintf(cmd, "%srcp %s%s%s%s%s%s%s%s%s", - encryptflag ? "-x " : "", - - iamrecursive ? " -r" : "", pflag ? " -p" : "", - targetshouldbedirectory ? " -d" : "", - krb_realm != NULL ? " -k " : "", - krb_realm != NULL ? krb_realm : "", - krb_cache != NULL ? " -c " : "", - krb_cache != NULL ? krb_cache : "", - krb_config != NULL ? " -C " : "", - krb_config != NULL ? krb_config : ""); #else /* !KERBEROS */ - (void) sprintf(cmd, "rcp%s%s%s", - iamrecursive ? " -r" : "", pflag ? " -p" : "", - targetshouldbedirectory ? " -d" : ""); + (void) snprintf(cmd, sizeof(cmdbuf), "rcp%s%s%s", + iamrecursive ? " -r" : "", pflag ? " -p" : "", + targetshouldbedirectory ? " -d" : ""); #endif /* KERBEROS */ #ifdef POSIX_SIGNALS @@ -392,22 +368,22 @@ int main(argc, argv) suser = pwd->pw_name; else if (!okname(suser)) continue; - (void) sprintf(buf, + (void) snprintf(buf, sizeof(buf), #if defined(hpux) || defined(__hpux) - "remsh %s -l %s -n %s %s '%s%s%s:%s'", + "remsh %s -l %s -n %s %s '%s%s%s:%s'", #else - "rsh %s -l %s -n %s %s '%s%s%s:%s'", + "rsh %s -l %s -n %s %s '%s%s%s:%s'", #endif - host, suser, cmd, src, - tuser ? tuser : "", - tuser ? "@" : "", + host, suser, cmd, src, + tuser ? tuser : "", + tuser ? "@" : "", thost, targ); } else - (void) sprintf(buf, + (void) snprintf(buf, sizeof(buf), #if defined(hpux) || defined(__hpux) - "remsh %s -n %s %s '%s%s%s:%s'", + "remsh %s -n %s %s '%s%s%s:%s'", #else - "rsh %s -n %s %s '%s%s%s:%s'", + "rsh %s -n %s %s '%s%s%s:%s'", #endif argv[i], cmd, src, tuser ? tuser : "", @@ -417,8 +393,8 @@ int main(argc, argv) } else { /* local to remote */ krb5_creds *cred; if (rem == -1) { - (void) sprintf(buf, "%s -t %s", - cmd, targ); + (void) snprintf(buf, sizeof(buf), "%s -t %s", + cmd, targ); host = thost; #ifdef KERBEROS authopts = AP_OPTS_MUTUAL_REQUIRED; @@ -434,8 +410,8 @@ int main(argc, argv) &cred, 0, /* No seq # */ 0, /* No server seq # */ - &local, - &foreign, + (struct sockaddr_in *) 0, + (struct sockaddr_in *) 0, &auth_context, authopts, 0, /* Not any port # */ 0, @@ -444,25 +420,7 @@ int main(argc, argv) if (kcmd_proto == KCMD_NEW_PROTOCOL) /* Don't fall back to less safe methods. */ exit (1); -#ifdef KRB5_KRB4_COMPAT - fprintf(stderr, "Trying krb4 rcp...\n"); - if (strncmp(buf, "-x rcp", 6) == 0) - memcpy(buf, "rcp -x", 6); - status = k4cmd(&sock, &host, port, - pwd->pw_name, - tuser ? tuser : pwd->pw_name, buf, - 0, &v4_ticket, "rcmd", krb_realm, - NULL, NULL, NULL, - &local, &foreign, 0L, 0); - if (status) - try_normal(orig_argv); - if (encryptflag) - v4_send_auth(host, krb_realm); - rcmd_stream_init_krb4(v4_cred.session, encryptflag, 0, - 0); -#else try_normal(orig_argv); -#endif } else { krb5_boolean similar; @@ -528,10 +486,10 @@ int main(argc, argv) } } if (src == 0) { /* local to local */ - (void) sprintf(buf, "/bin/cp%s%s %s %s", - iamrecursive ? " -r" : "", - pflag ? " -p" : "", - argv[i], argv[argc - 1]); + (void) snprintf(buf, sizeof(buf), "/bin/cp%s%s %s %s", + iamrecursive ? " -r" : "", + pflag ? " -p" : "", + argv[i], argv[argc - 1]); (void) susystem(buf); } else { /* remote to local */ krb5_creds *cred; @@ -550,7 +508,7 @@ int main(argc, argv) host = argv[i]; suser = pwd->pw_name; } - (void) sprintf(buf, "%s -f %s", cmd, src); + (void) snprintf(buf, sizeof(buf), "%s -f %s", cmd, src); #ifdef KERBEROS authopts = AP_OPTS_MUTUAL_REQUIRED; status = kcmd(&sock, &host, @@ -564,7 +522,7 @@ int main(argc, argv) 0, /* No seq # */ 0, /* No server seq # */ (struct sockaddr_in *) 0, - &foreign, + (struct sockaddr_in *) 0, &auth_context, authopts, 0, /* Not any port # */ 0, @@ -573,24 +531,7 @@ int main(argc, argv) if (kcmd_proto == KCMD_NEW_PROTOCOL) /* Don't fall back to less safe methods. */ exit (1); -#ifdef KRB5_KRB4_COMPAT - fprintf(stderr, "Trying krb4 rcp...\n"); - if (strncmp(buf, "-x rcp", 6) == 0) - memcpy(buf, "rcp -x", 6); - status = k4cmd(&sock, &host, port, - pwd->pw_name, suser, buf, - 0, &v4_ticket, "rcmd", krb_realm, - NULL, NULL, NULL, - &local, &foreign, 0L, 0); - if (status) - try_normal(orig_argv); - if (encryptflag) - v4_send_auth(host, krb_realm); - rcmd_stream_init_krb4(v4_cred.session, encryptflag, 0, - 0); -#else try_normal(orig_argv); -#endif } else { krb5_keyblock *key = &cred->keyblock; @@ -815,16 +756,16 @@ void source(argc, argv) * Make it compatible with possible future * versions expecting microseconds. */ - (void) sprintf(buf, "T%ld 0 %ld 0\n", - stb.st_mtime, stb.st_atime); + (void) snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + stb.st_mtime, stb.st_atime); (void) rcmd_stream_write(rem, buf, strlen(buf), 0); if (response() < 0) { (void) close(f); continue; } } - (void) sprintf(buf, "C%04o %ld %s\n", - (int) stb.st_mode&07777, (long ) stb.st_size, last); + (void) snprintf(buf, sizeof(buf), "C%04o %ld %s\n", + (int) stb.st_mode&07777, (long ) stb.st_size, last); (void) rcmd_stream_write(rem, buf, strlen(buf), 0); if (response() < 0) { (void) close(f); @@ -884,16 +825,16 @@ void rsource(name, statp) else last++; if (pflag) { - (void) sprintf(buf, "T%ld 0 %ld 0\n", - statp->st_mtime, statp->st_atime); + (void) snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + statp->st_mtime, statp->st_atime); (void) rcmd_stream_write(rem, buf, strlen(buf), 0); if (response() < 0) { closedir(d); return; } } - (void) sprintf(buf, "D%04lo %d %s\n", (long) statp->st_mode&07777, 0, - last); + (void) snprintf(buf, sizeof(buf), "D%04lo %d %s\n", + (long) statp->st_mode&07777, 0, last); (void) rcmd_stream_write(rem, buf, strlen(buf), 0); if (response() < 0) { closedir(d); @@ -908,7 +849,7 @@ void rsource(name, statp) error("%s/%s: Name too long.\n", name, dp->d_name); continue; } - (void) sprintf(buf, "%s/%s", name, dp->d_name); + (void) snprintf(buf, sizeof(buf), "%s/%s", name, dp->d_name); bufv[0] = buf; source(1, bufv); } @@ -1095,8 +1036,8 @@ void sink(argc, argv) if (targisdir) { if(strlen(targ) + strlen(cp) + 2 >= sizeof(nambuf)) SCREWUP("target name too long"); - (void) sprintf(nambuf, "%s%s%s", targ, - *targ ? "/" : "", cp); + (void) snprintf(nambuf, sizeof(nambuf), "%s%s%s", targ, + *targ ? "/" : "", cp); } else { if (strlen(targ) + 1 >= sizeof (nambuf)) SCREWUP("target name too long"); @@ -1241,7 +1182,7 @@ error(fmt, va_alist) errs++; *cp++ = 1; - (void) vsprintf(cp, fmt, ap); + (void) vsnprintf(cp, sizeof(buf) - (cp - buf), fmt, ap); va_end(ap); if (iamremote) @@ -1418,34 +1359,4 @@ char storage[2*RCP_BUFSIZ]; /* storage for the decryption */ int nstored = 0; char *store_ptr = storage; -#ifdef KRB5_KRB4_COMPAT -void -v4_send_auth(host,realm) -char *host; -char *realm; -{ - long authopts; - - if ((realm == NULL) || (realm[0] == '\0')) - realm = krb_realmofhost(host); - /* this needs to be sent again, because the - rcp process needs the key. the rshd has - grabbed the first one. */ - authopts = KOPT_DO_MUTUAL; - if ((rem = krb_sendauth(authopts, sock, &v4_ticket, - "rcmd", host, - realm, (unsigned long) getpid(), - &v4_msg_data, - &v4_cred, v4_schedule, - &local, - &foreign, - "KCMDV0.1")) != KSUCCESS) { - fprintf(stderr, - "krb_sendauth mutual fail: %s\n", - krb_get_err_text(rem)); - exit(1); - } -} -#endif /* KRB5_KRB4_COMPAT */ - #endif /* KERBEROS */ diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c index 0a0f5919cc..98b61ac2bc 100644 --- a/src/appl/bsd/krlogin.c +++ b/src/appl/bsd/krlogin.c @@ -157,9 +157,6 @@ char copyright[] = #ifdef KERBEROS #include #include -#ifdef KRB5_KRB4_COMPAT -#include -#endif #include "defines.h" #define RLOGIN_BUFSIZ 5120 @@ -173,11 +170,6 @@ struct sockaddr_in local, foreign; krb5_context bsd_context; krb5_auth_context auth_context; -#ifdef KRB5_KRB4_COMPAT -Key_schedule v4_schedule; -CREDENTIALS v4_cred; -#endif - #ifndef UCB_RLOGIN #define UCB_RLOGIN "/usr/ucb/rlogin" #endif @@ -381,11 +373,6 @@ main(argc, argv) int sock; krb5_flags authopts; krb5_error_code status; -#ifdef KRB5_KRB4_COMPAT - KTEXT_ST v4_ticket; - MSG_DAT v4_msg_data; - int v4only = 0; -#endif #endif int port, debug_port = 0; enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK; @@ -483,11 +470,10 @@ main(argc, argv) "rlogin: -k flag must be followed with a realm name.\n"); exit (1); } - if(!(krb_realm = (char *)malloc(strlen(*argv) + 1))){ + if(!(krb_realm = strdup(*argv))){ fprintf(stderr, "rlogin: Cannot malloc.\n"); exit(1); } - strcpy(krb_realm, *argv); argv++, argc--; goto another; } @@ -524,25 +510,11 @@ main(argc, argv) argv++, argc--; goto another; } -#ifdef KRB5_KRB4_COMPAT - if (argc > 0 && !strcmp(*argv, "-4")) { - v4only++; - argv++, argc--; - goto another; - } -#endif /* krb4 */ #endif /* KERBEROS */ if (host == 0) goto usage; if (argc > 0) goto usage; -#ifdef KRB5_KRB4_COMPAT - if (kcmd_proto != KCMD_PROTOCOL_COMPAT_HACK && v4only) { - com_err (argv[0], 0, - "-4 is incompatible with -PO/-PN"); - exit(1); - } -#endif pwd = getpwuid(getuid()); if (pwd == 0) { fprintf(stderr, "Who are you?\n"); @@ -600,7 +572,8 @@ main(argc, argv) if (ospeed >= 50) /* On some systems, ospeed is the baud rate itself, not a table index. */ - sprintf (term + strlen (term), "%d", ospeed); + snprintf (term + strlen (term), + sizeof(term) - strlen(term), "%d", ospeed); else if (ospeed >= sizeof(speeds)/sizeof(char*)) /* Past end of table, but not high enough to look like a real speed. */ @@ -661,10 +634,6 @@ main(argc, argv) if (Fflag) authopts |= OPTS_FORWARDABLE_CREDS; -#ifdef KRB5_KRB4_COMPAT - if (v4only) - goto try_v4; -#endif status = kcmd(&sock, &host, port, null_local_username ? "" : pwd->pw_name, name ? name : pwd->pw_name, term, @@ -681,21 +650,7 @@ main(argc, argv) if (kcmd_proto == KCMD_NEW_PROTOCOL && encrypt_flag) /* Don't fall back to something less secure. */ exit (1); -#ifdef KRB5_KRB4_COMPAT - fprintf(stderr, "Trying krb4 rlogin...\n"); - try_v4: - status = k4cmd(&sock, &host, port, - null_local_username ? "" : pwd->pw_name, - name ? name : pwd->pw_name, term, - 0, &v4_ticket, "rcmd", krb_realm, - &v4_cred, v4_schedule, &v4_msg_data, &local, &foreign, - (encrypt_flag) ? KOPT_DO_MUTUAL : 0L, 0); - if (status) - try_normal(orig_argv); - rcmd_stream_init_krb4(v4_cred.session, encrypt_flag, 1, 1); -#else try_normal(orig_argv); -#endif } else { krb5_keyblock *key = 0; @@ -739,11 +694,7 @@ main(argc, argv) #ifdef KERBEROS fprintf (stderr, "usage: rlogin host [-option] [-option...] [-k realm ] [-t ttytype] [-l username]\n"); -#ifdef KRB5_KRB4_COMPAT - fprintf (stderr, " where option is e, 7, 8, noflow, n, a, x, f, F, c, 4, PO, or PN\n"); -#else fprintf (stderr, " where option is e, 7, 8, noflow, n, a, x, f, F, c, PO, or PN\n"); -#endif #else /* !KERBEROS */ fprintf (stderr, "usage: rlogin host [-option] [-option...] [-t ttytype] [-l username]\n"); @@ -762,7 +713,7 @@ static int confirm_death () if (!confirm) return (1); /* no confirm, just die */ if (gethostname (hostname, sizeof(hostname)-1) != 0) - strcpy (hostname, "???"); + strlcpy (hostname, "???", sizeof(hostname)); else hostname[sizeof(hostname)-1] = '\0'; diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index cd362a4aa7..01b4ef205e 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -75,9 +75,7 @@ char copyright[] = * The configuration is done either by command-line arguments passed by * inetd, or by the name of the daemon. If command-line arguments are * present, they take priority. The options are: - * -k means trust krb4 or krb5 -* -5 means trust krb5 -* -4 means trust krb4 + * -k means trust krb5 * -p and -P means prompt for password. * If the -P option is passed, then the password is verified in * addition to all other checks. If -p is not passed with -k or -r, @@ -97,9 +95,6 @@ char copyright[] = * CRYPT - Define this if encryption is to be an option. * DO_NOT_USE_K_LOGIN - Define this if you want to use /bin/login * instead of the accompanying login.krb5. - * KRB5_KRB4_COMPAT - Define this if v4 rlogin clients are also to be served. - * ALWAYS_V5_KUSEROK - Define this if you want .k5login to be - * checked even for v4 clients (instead of .klogin). * LOG_ALL_LOGINS - Define this if you want to log all logins. * LOG_OTHER_USERS - Define this if you want to log all principals * that do not map onto the local user. @@ -234,28 +229,15 @@ struct winsize { #ifdef KERBEROS #include "k5-int.h" -#ifdef KRB5_KRB4_COMPAT -#include -#endif #include #ifdef HAVE_UTMP_H #include #include #endif -int auth_sys = 0; /* Which version of Kerberos used to authenticate */ - -#define KRB5_RECVAUTH_V4 4 -#define KRB5_RECVAUTH_V5 5 - int non_privileged = 0; /* set when connection is seen to be from */ /* a non-privileged port */ -#ifdef KRB5_KRB4_COMPAT -AUTH_DAT *v4_kdata; -Key_schedule v4_schedule; -#endif - #include "com_err.h" #include "defines.h" @@ -268,7 +250,7 @@ krb5_ccache ccache = NULL; krb5_keytab keytab = NULL; -#define ARGSTR "k54ciepPD:S:M:L:fw:?" +#define ARGSTR "k5ciepPD:S:M:L:fw:?" #else /* !KERBEROS */ #define ARGSTR "rpPD:f?" #endif /* KERBEROS */ @@ -334,18 +316,7 @@ int princ_maps_to_lname(krb5_principal, char *), default_realm(krb5_principal); krb5_sigtype cleanup(int); krb5_error_code recvauth(int *); -/* There are two authentication related masks: - * auth_ok and auth_sent. -* The auth_ok mask is the oring of authentication systems any one -* of which can be used. -* The auth_sent mask is the oring of one or more authentication/authorization -* systems that succeeded. If the anding -* of these two masks is true, then authorization is successful. -*/ -#define AUTH_KRB4 (0x1) -#define AUTH_KRB5 (0x2) -int auth_ok = 0, auth_sent = 0; -int do_encrypt = 0, passwd_if_fail = 0, passwd_req = 0; +int do_encrypt = 0, passwd_req = 0; int checksum_required = 0, checksum_ignored = 0; int stripdomain = 1; @@ -397,15 +368,9 @@ int main(argc, argv) switch (ch) { #ifdef KERBEROS case 'k': -#ifdef KRB5_KRB4_COMPAT - auth_ok |= (AUTH_KRB5|AUTH_KRB4); -#else - auth_ok |= AUTH_KRB5; -#endif /* KRB5_KRB4_COMPAT*/ break; case '5': - auth_ok |= AUTH_KRB5; break; case 'c': checksum_required = 1; @@ -414,11 +379,6 @@ int main(argc, argv) checksum_ignored = 1; break; -#ifdef KRB5_KRB4_COMPAT - case '4': - auth_ok |= AUTH_KRB4; - break; -#endif #ifdef CRYPT case 'x': /* Use encryption. */ case 'X': @@ -439,7 +399,6 @@ int main(argc, argv) break; #endif case 'p': - passwd_if_fail = 1; /* Passwd reqd if any check fails */ break; case 'P': /* passwd is a must */ passwd_req = 1; @@ -618,10 +577,6 @@ void doit(f, fromp) if (setsockopt(f, SOL_SOCKET, SO_KEEPALIVE, (const char *) &on, sizeof (on)) < 0) syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); - if (auth_ok == 0) { - syslog(LOG_CRIT, "No authentication systems were enabled; all connections will be refused."); - fatal(f, "All authentication systems disabled; connection refused."); - } if (checksum_required&&checksum_ignored) { syslog( LOG_CRIT, "Checksums are required and ignored; these options are mutually exclusive--check the documentation."); @@ -858,7 +813,7 @@ void doit(f, fromp) /* * Problems read failed ... */ - sprintf(buferror, "Cannot read slave pty %s ",line); + snprintf(buferror, sizeof(buferror), "Cannot read slave pty %s ",line); fatalperror(p,buferror); } close(syncpipe[0]); @@ -867,7 +822,8 @@ void doit(f, fromp) #if defined(KERBEROS) if (do_encrypt) { if (rcmd_stream_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE), 0) < 0){ - sprintf(buferror, "Cannot encrypt-write network."); + snprintf(buferror, sizeof(buferror), + "Cannot encrypt-write network."); fatal(p,buferror); } } @@ -900,7 +856,8 @@ void doit(f, fromp) /* * Problems write failed ... */ - sprintf(buferror,"Cannot write slave pty %s ",line); + snprintf(buferror, sizeof(buferror), "Cannot write slave pty %s ", + line); fatalperror(f,buferror); } @@ -1179,7 +1136,7 @@ void fatal(f, msg) #endif buf[0] = '\01'; /* error indicator */ - (void) sprintf(buf + 1, "%s: %s.\r\n",progname, msg); + (void) snprintf(buf + 1, sizeof(buf) - 1, "%s: %s.\r\n", progname, msg); if ((f == netf) && (pid > 0)) (void) rcmd_stream_write(f, buf, strlen(buf), 0); else @@ -1213,7 +1170,7 @@ void fatalperror(f, msg) { char buf[512]; - (void) sprintf(buf, "%s: %s", msg, error_message(errno)); + (void) snprintf(buf, sizeof(buf), "%s: %s", msg, error_message(errno)); fatal(f, buf); } @@ -1231,8 +1188,7 @@ do_krb_login(host_addr, hostname) exit(1); } - /* Check authentication. This can be either Kerberos V5, */ - /* Kerberos V4, or host-based. */ + /* Check authentication. */ if ((status = recvauth(&valid_checksum))) { if (ticket) krb5_free_ticket(bsd_context, ticket); @@ -1247,60 +1203,22 @@ do_krb_login(host_addr, hostname) /* OK we have authenticated this user - now check authorization. */ /* The Kerberos authenticated programs must use krb5_kuserok or kuserok*/ -#ifndef KRB5_KRB4_COMPAT - if (auth_sys == KRB5_RECVAUTH_V4) { - fatal(netf, "This server does not support Kerberos V4"); - } -#endif - - -#if (defined(ALWAYS_V5_KUSEROK) || !defined(KRB5_KRB4_COMPAT)) - /* krb5_kuserok returns 1 if OK */ - if (client && krb5_kuserok(bsd_context, client, lusername)) - auth_sent |= ((auth_sys == KRB5_RECVAUTH_V4)?AUTH_KRB4:AUTH_KRB5); -#else - if (auth_sys == KRB5_RECVAUTH_V4) { - /* kuserok returns 0 if OK */ - if (!kuserok(v4_kdata, lusername)) - auth_sent |= AUTH_KRB4; - } else { - /* krb5_kuserok returns 1 if OK */ - if (client && krb5_kuserok(bsd_context, client, lusername)) - auth_sent |= AUTH_KRB5; - } -#endif - - + /* krb5_kuserok returns 1 if OK */ + if (!client || !krb5_kuserok(bsd_context, client, lusername)) { + if (asprintf(&msg_fail, + "User %s is not authorized to login to account %s", + krusername, lusername) >= 0) + fatal(netf, msg_fail); + else + fatal(netf, + "User is not authorized to login to specified account"); + } if (checksum_required && !valid_checksum) { - if (auth_sent & AUTH_KRB5) { - syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected."); + syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected."); - fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized."); - } else { - syslog(LOG_WARNING, - "Configuration error: Requiring checksums with -c is inconsistent with allowing Kerberos V4 connections."); - } + fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized."); } - if (auth_ok&auth_sent) /* This should be bitwise.*/ - return; - - if (ticket) - krb5_free_ticket(bsd_context, ticket); - - if (krusername) - msg_fail = (char *)malloc(strlen(krusername) + strlen(lusername) + 80); - if (!msg_fail) - fatal(netf, "User is not authorized to login to specified account"); - - if (auth_sent) - sprintf(msg_fail, "Access denied because of improper credentials"); - else - sprintf(msg_fail, "User %s is not authorized to login to account %s", - krusername, lusername); - - fatal(netf, msg_fail); - /* NOTREACHED */ } #endif /* KERBEROS */ @@ -1334,10 +1252,10 @@ void usage() { #ifdef KERBEROS syslog(LOG_ERR, - "usage: klogind [-ke45pPf] [-D port] [-w[ip|maxhostlen[,[no]striplocal]]] or [r/R][k/K][x/e][p/P]logind"); + "usage: klogind [-ePf] [-D port] [-w[ip|maxhostlen[,[no]striplocal]]] or [r/R][k/K][x/e][p/P]logind"); #else syslog(LOG_ERR, - "usage: rlogind [-rpPf] [-D port] or [r/R][p/P]logind"); + "usage: rlogind [-rPf] [-D port] or [r/R][p/P]logind"); #endif } @@ -1361,9 +1279,6 @@ recvauth(valid_checksum) struct sockaddr_storage peersin, laddr; socklen_t len; krb5_data inbuf; -#ifdef KRB5_KRB4_COMPAT - char v4_instance[INST_SZ]; /* V4 Instance */ -#endif krb5_data version; krb5_authenticator *authenticator; krb5_rcache rcache; @@ -1382,10 +1297,6 @@ recvauth(valid_checksum) exit(1); } -#ifdef KRB5_KRB4_COMPAT - strcpy(v4_instance, "*"); -#endif - if ((status = krb5_auth_con_init(bsd_context, &auth_context))) return status; @@ -1414,38 +1325,15 @@ recvauth(valid_checksum) if (status) return status; } -#ifdef KRB5_KRB4_COMPAT - status = krb5_compat_recvauth_version(bsd_context, &auth_context, - &netf, - NULL, /* Specify daemon principal */ - 0, /* no flags */ - keytab, /* normally NULL to use v5srvtab */ - - do_encrypt ? KOPT_DO_MUTUAL : 0, /*v4_opts*/ - "rcmd", /* v4_service */ - v4_instance, /* v4_instance */ - ss2sin(&peersin), /* foriegn address */ - ss2sin(&laddr), /* our local address */ - "", /* use default srvtab */ - - &ticket, /* return ticket */ - &auth_sys, /* which authentication system*/ - &v4_kdata, v4_schedule, - &version); -#else - auth_sys = KRB5_RECVAUTH_V5; status = krb5_recvauth_version(bsd_context, &auth_context, &netf, NULL, 0, keytab, &ticket, &version); -#endif if (status) { - if (auth_sys == KRB5_RECVAUTH_V5) { - /* - * clean up before exiting - */ - getstr(netf, lusername, sizeof (lusername), "locuser"); - getstr(netf, term, sizeof(term), "Terminal type"); - getstr(netf, rusername, sizeof(rusername), "remuser"); - } + /* + * clean up before exiting + */ + getstr(netf, lusername, sizeof (lusername), "locuser"); + getstr(netf, term, sizeof(term), "Terminal type"); + getstr(netf, rusername, sizeof(rusername), "remuser"); return status; } @@ -1453,41 +1341,29 @@ recvauth(valid_checksum) getstr(netf, term, sizeof(term), "Terminal type"); kcmd_proto = KCMD_UNKNOWN_PROTOCOL; - if (auth_sys == KRB5_RECVAUTH_V5) { - if (version.length != 9) { - fatal (netf, "bad application version length"); - } - if (!memcmp (version.data, "KCMDV0.1", 9)) - kcmd_proto = KCMD_OLD_PROTOCOL; - else if (!memcmp (version.data, "KCMDV0.2", 9)) - kcmd_proto = KCMD_NEW_PROTOCOL; + if (version.length != 9) { + fatal (netf, "bad application version length"); } -#ifdef KRB5_KRB4_COMPAT - if (auth_sys == KRB5_RECVAUTH_V4) - kcmd_proto = KCMD_V4_PROTOCOL; -#endif + if (!memcmp (version.data, "KCMDV0.1", 9)) + kcmd_proto = KCMD_OLD_PROTOCOL; + else if (!memcmp (version.data, "KCMDV0.2", 9)) + kcmd_proto = KCMD_NEW_PROTOCOL; + + if (!(checksum_ignored && kcmd_proto == KCMD_OLD_PROTOCOL)) { - if ((auth_sys == KRB5_RECVAUTH_V5) - && !(checksum_ignored - && kcmd_proto == KCMD_OLD_PROTOCOL)) { - if ((status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator))) return status; - + if (authenticator->checksum) { struct sockaddr_in adr; socklen_t adr_length = sizeof(adr); - char * chksumbuf = (char *) malloc(strlen(term)+strlen(lusername)+32); + char * chksumbuf = NULL; if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0) goto error_cleanup; - if (chksumbuf == 0) + if (asprintf(&chksumbuf, "%u:%s%s", ntohs(adr.sin_port), term, lusername) < 0) goto error_cleanup; - sprintf(chksumbuf,"%u:", ntohs(adr.sin_port)); - strcat(chksumbuf,term); - strcat(chksumbuf,lusername); - status = krb5_verify_checksum(bsd_context, authenticator->checksum->checksum_type, authenticator->checksum, @@ -1506,32 +1382,6 @@ recvauth(valid_checksum) krb5_free_authenticator(bsd_context, authenticator); } - -#ifdef KRB5_KRB4_COMPAT - if (auth_sys == KRB5_RECVAUTH_V4) { - - rcmd_stream_init_krb4(v4_kdata->session, do_encrypt, 1, 1); - - /* We do not really know the remote user's login name. - * Assume it to be the same as the first component of the - * principal's name. - */ - strncpy(rusername, v4_kdata->pname, sizeof(rusername) - 1); - rusername[sizeof(rusername) - 1] = '\0'; - - status = krb5_425_conv_principal(bsd_context, v4_kdata->pname, - v4_kdata->pinst, v4_kdata->prealm, - &client); - if (status) return status; - - status = krb5_unparse_name(bsd_context, client, &krusername); - - return status; - } -#endif - - /* Must be V5 */ - if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, &client))) return status; diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c index 155223fab8..1999bb5e1f 100644 --- a/src/appl/bsd/krsh.c +++ b/src/appl/bsd/krsh.c @@ -64,17 +64,9 @@ char copyright[] = #ifdef KERBEROS #include #include -#ifdef KRB5_KRB4_COMPAT -#include -#endif #include "defines.h" #endif /* KERBEROS */ -#ifdef KRB5_KRB4_COMPAT -#include -Key_schedule v4_schedule; -#endif - /* * rsh - remote shell */ @@ -96,11 +88,6 @@ krb5_sigtype sendsig(int); krb5_context bsd_context; krb5_creds *cred; -#ifdef KRB5_KRB4_COMPAT -Key_schedule v4_schedule; -CREDENTIALS v4_cred; -#endif - int encrypt_flag = 0; char *krb_realm = (char *)0; void try_normal(char **); @@ -128,7 +115,7 @@ main(argc, argv0) char **argv0; { int rem, pid = 0; - char *host=0, *cp, **ap, buf[RCMD_BUFSIZ], *args, **argv = argv0, *user = 0; + char *host=0, **ap, buf[RCMD_BUFSIZ], *args, **argv = argv0, *user = 0; register int cc; struct passwd *pwd; fd_set readfrom, ready; @@ -149,10 +136,6 @@ main(argc, argv0) krb5_error_code status; krb5_auth_context auth_context; int fflag = 0, Fflag = 0; -#ifdef KRB5_KRB4_COMPAT - KTEXT_ST v4_ticket; - MSG_DAT v4_msg_data; -#endif #endif /* KERBEROS */ int debug_port = 0; enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK; @@ -202,11 +185,10 @@ main(argc, argv0) fprintf(stderr, "rsh(kerberos): -k flag must have a realm after it.\n"); exit (1); } - if(!(krb_realm = (char *)malloc(strlen(*argv) + 1))){ + if(!(krb_realm = strdup(*argv))){ fprintf(stderr, "rsh(kerberos): Cannot malloc.\n"); exit(1); } - strcpy(krb_realm, *argv); argv++, argc--; goto another; } @@ -321,17 +303,14 @@ main(argc, argv0) cc += strlen(*ap) + 1; if (encrypt_flag) cc += 3; - cp = args = (char *) malloc((unsigned) cc); - if (encrypt_flag) { - strcpy(args, "-x "); - cp += 3; - } + args = (char *) malloc((unsigned) cc); + *args = '\0'; + if (encrypt_flag) + strlcpy(args, "-x ", cc); for (ap = argv; *ap; ap++) { - (void) strcpy(cp, *ap); - while (*cp) - cp++; + (void) strlcat(args, *ap, cc); if (ap[1]) - *cp++ = ' '; + strlcat(args, " ", cc); } if(debug_port == 0) { @@ -387,26 +366,7 @@ main(argc, argv0) ones. */ if (kcmd_proto == KCMD_NEW_PROTOCOL) exit (1); -#ifdef KRB5_KRB4_COMPAT - /* No encrypted Kerberos 4 rsh. */ - if (encrypt_flag) - exit(1); -#ifdef HAVE_ISATTY - if (isatty(fileno(stderr))) - fprintf(stderr, "Trying krb4 rsh...\n"); -#endif - status = k4cmd(&rem, &host, debug_port, - pwd->pw_name, - user ? user : pwd->pw_name, args, - &rfd2, &v4_ticket, "rcmd", krb_realm, - &v4_cred, v4_schedule, &v4_msg_data, - &local, &foreign, 0L, 0); - if (status) - try_normal(argv0); - rcmd_stream_init_krb4(v4_cred.session, encrypt_flag, 0, 1); -#else try_normal(argv0); -#endif } else { krb5_keyblock *key = &cred->keyblock; diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 5a9baa3797..aa3f2edb96 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -39,25 +39,14 @@ char copyright[] = * This is the rshell daemon. The very basic protocol for checking * authentication and authorization is: * 1) Check authentication. - * 2) Check authorization via the access-control files: - * ~/.k5login (using krb5_kuserok) and/or + * 2) Check authorization via the access-control files: + * ~/.k5login (using krb5_kuserok) * Execute command if configured authoriztion checks pass, else deny * permission. - * - * The configuration is done either by command-line arguments passed by inetd, - * or by the name of the daemon. If command-line arguments are present, they - * take priority. The options are: - * -k means trust krb4 or krb5 - * -5 means trust krb5 - * -4 means trust krb4 (using .klogin) - * */ /* DEFINES: * KERBEROS - Define this if application is to be kerberised. - * KRB5_KRB4_COMPAT - Define this if v4 rlogin clients are also to be served. - * ALWAYS_V5_KUSEROK - Define this if you want .k5login to be - * checked even for v4 clients (instead of .klogin). * LOG_ALL_LOGINS - Define this if you want to log all logins. * LOG_OTHER_USERS - Define this if you want to log all principals that do * not map onto the local user. @@ -87,10 +76,7 @@ char copyright[] = #include #include #include -#if !defined(KERBEROS) || !defined(KRB5_KRB4_COMPAT) -/* Ultrix doesn't protect it vs multiple inclusion, and krb.h includes it */ #include -#endif #include #include #include @@ -122,10 +108,7 @@ char copyright[] = #include #include -#if !defined(KERBEROS) || !defined(KRB5_KRB4_COMPAT) -/* Ultrix doesn't protect it vs multiple inclusion, and krb.h includes it */ #include -#endif #ifdef CRAY #ifndef NO_UDB @@ -159,11 +142,8 @@ char copyright[] = #include "k5-int.h" #include #include "loginpaths.h" -#ifdef KRB5_KRB4_COMPAT -#include -Key_schedule v4_schedule; -#endif #include +#include #ifdef HAVE_PATHS_H #include @@ -185,7 +165,7 @@ Key_schedule v4_schedule; #define MAXDNAME 256 /*per the rfc*/ #endif -#define ARGSTR "ek54ciD:S:M:AP:?L:w:" +#define ARGSTR "ek5ciD:S:M:AP:?L:w:" @@ -217,22 +197,13 @@ static krb5_error_code recvauth(int netfd, struct sockaddr *peersin, #endif /* KERBEROS */ +static int accept_a_connection (int debug_port, struct sockaddr *from, + socklen_t *fromlenp); #ifndef HAVE_KILLPG #define killpg(pid, sig) kill(-(pid), (sig)) #endif -/* There are two authentication related masks: - * auth_ok and auth_sent. -* The auth_ok mask is the oring of authentication systems any one -* of which can be used. -* The auth_sent mask is the oring of one or more authentication/authorization -* systems that succeeded. If the anding -* of these two masks is true, then authorization is successful. -*/ -#define AUTH_KRB4 (0x1) -#define AUTH_KRB5 (0x2) -int auth_ok = 0, auth_sent = 0; int checksum_required = 0, checksum_ignored = 0; char *progname; @@ -320,15 +291,9 @@ int main(argc, argv) switch (ch) { #ifdef KERBEROS case 'k': -#ifdef KRB5_KRB4_COMPAT - auth_ok |= (AUTH_KRB5|AUTH_KRB4); -#else - auth_ok |= AUTH_KRB5; -#endif /* KRB5_KRB4_COMPAT*/ break; case '5': - auth_ok |= AUTH_KRB5; break; case 'c': checksum_required = 1; @@ -337,12 +302,6 @@ int main(argc, argv) checksum_ignored = 1; break; -#ifdef KRB5_KRB4_COMPAT - case '4': - auth_ok |= AUTH_KRB4; - break; -#endif - case 'e': require_encrypt = 1; break; @@ -537,16 +496,6 @@ char *kremuser; krb5_principal client; krb5_authenticator *kdata; -#ifdef KRB5_KRB4_COMPAT -AUTH_DAT *v4_kdata; -KTEXT v4_ticket; -#endif - -int auth_sys = 0; /* Which version of Kerberos used to authenticate */ - -#define KRB5_RECVAUTH_V4 4 -#define KRB5_RECVAUTH_V5 5 - static void ignore_signals() { @@ -940,7 +889,7 @@ void doit(f, fromp) privileges. */ if (port) { /* Place entry into wtmp */ - sprintf(ttyn,"krsh%ld",(long) (getpid() % 9999999)); + snprintf(ttyn,sizeof(ttyn),"krsh%ld",(long) (getpid() % 9999999)); pty_logwtmp(ttyn,locuser,sane_host); } /* We are simply execing a program over rshd : log entry into wtmp, @@ -1090,31 +1039,14 @@ void doit(f, fromp) } #ifdef KERBEROS - -#if defined(KRB5_KRB4_COMPAT) && !defined(ALWAYS_V5_KUSEROK) - if (auth_sys == KRB5_RECVAUTH_V4) { - /* kuserok returns 0 if OK */ - if (kuserok(v4_kdata, locuser)){ - syslog(LOG_ERR , - "Principal %s (%s@%s (%s)) for local user %s failed kuserok.\n", - kremuser, remuser, hostaddra, hostname, locuser); - } - else auth_sent |= AUTH_KRB4; - } else -#endif - { - /* krb5_kuserok returns 1 if OK */ - if (!krb5_kuserok(bsd_context, client, locuser)){ - syslog(LOG_ERR , - "Principal %s (%s@%s (%s)) for local user %s failed krb5_kuserok.\n", - kremuser, remuser, hostaddra, hostname, locuser); - } - else - auth_sent |= - ((auth_sys == KRB5_RECVAUTH_V4) ? AUTH_KRB4 : AUTH_KRB5); - } - - + /* krb5_kuserok returns 1 if OK */ + if (!krb5_kuserok(bsd_context, client, locuser)){ + syslog(LOG_ERR , + "Principal %s (%s@%s (%s)) for local user %s failed krb5_kuserok.\n", + kremuser, remuser, hostaddra, hostname, locuser); + error("Permission denied.\n"); + goto signout_please; + } #else if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && ruserok(hostname[0] ? hostname : hostaddra, @@ -1126,26 +1058,14 @@ void doit(f, fromp) if (checksum_required && !valid_checksum) { - if (auth_sent & AUTH_KRB5) { - syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected."); - error( "You are using an old Kerberos5 client without checksum support; only newer clients are authorized.\n"); - goto signout_please; - } else { - syslog(LOG_WARNING, - "Configuration error: Requiring checksums with -c is inconsistent with allowing Kerberos V4 connections."); - } + syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected."); + error( "You are using an old Kerberos5 client without checksum support; only newer clients are authorized.\n"); + goto signout_please; } if (require_encrypt&&(!do_encrypt)) { error("You must use encryption.\n"); goto signout_please; } - if (!(auth_ok&auth_sent)) { - if (auth_sent) - error("Another authentication mechanism must be used to access this host.\n"); - else - error("Permission denied.\n"); - goto signout_please; - } if (pwd->pw_uid && !access(NOLOGIN, F_OK)) { error("Logins currently disabled.\n"); @@ -1422,12 +1342,10 @@ void doit(f, fromp) strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); strncat(shell, pwd->pw_shell, sizeof(shell)-7); strncat(username, pwd->pw_name, sizeof(username)-6); - path = (char *) malloc(strlen(kprogdir) + strlen(path_rest) + 7); - if (path == NULL) { + if (asprintf(&path, "PATH=%s:%s", kprogdir, path_rest) < 0) { perror("malloc"); _exit(1); } - sprintf(path, "PATH=%s:%s", kprogdir, path_rest); envinit[PATHENV] = path; /* If we have KRB5CCNAME set, then copy into the @@ -1436,10 +1354,8 @@ void doit(f, fromp) */ if (getenv("KRB5CCNAME")) { int i; - char *buf2 = (char *)malloc(strlen(getenv("KRB5CCNAME")) - +strlen("KRB5CCNAME=")+1); - if (buf2) { - sprintf(buf2, "KRB5CCNAME=%s",getenv("KRB5CCNAME")); + char *buf2; + if (asprintf(&buf2, "KRB5CCNAME=%s",getenv("KRB5CCNAME")) >= 0) { for (i = 0; envinit[i]; i++); envinit[i] = buf2; @@ -1459,10 +1375,10 @@ void doit(f, fromp) NI_NUMERICHOST | NI_NUMERICSERV); if (aierr) goto skip_localaddr_env; - sprintf(local_addr, "KRB5LOCALADDR=%s", hbuf); + snprintf(local_addr, sizeof(local_addr), "KRB5LOCALADDR=%s", hbuf); envinit[i++] =local_addr; - sprintf(local_port, "KRB5LOCALPORT=%s", sbuf); + snprintf(local_port, sizeof(local_port), "KRB5LOCALPORT=%s", sbuf); envinit[i++] =local_port; skip_localaddr_env: @@ -1471,10 +1387,10 @@ void doit(f, fromp) NI_NUMERICHOST | NI_NUMERICSERV); if (aierr) goto skip_remoteaddr_env; - sprintf(remote_addr, "KRB5REMOTEADDR=%s", hbuf); + snprintf(remote_addr, sizeof(remote_addr), "KRB5REMOTEADDR=%s", hbuf); envinit[i++] =remote_addr; - sprintf(remote_port, "KRB5REMOTEPORT=%s", sbuf); + snprintf(remote_port, sizeof(remote_port), "KRB5REMOTEPORT=%s", sbuf); envinit[i++] =remote_port; skip_remoteaddr_env: @@ -1488,11 +1404,8 @@ void doit(f, fromp) char *buf2; if(getenv(save_env[cnt])) { - buf2 = (char *)malloc(strlen(getenv(save_env[cnt])) - +strlen(save_env[cnt])+2); - if (buf2) { - sprintf(buf2, "%s=%s", save_env[cnt], - getenv(save_env[cnt])); + if (asprintf(&buf2, "%s=%s", save_env[cnt], + getenv(save_env[cnt])) >= 0) { for (i = 0; envinit[i]; i++); envinit[i] = buf2; } @@ -1513,29 +1426,24 @@ void doit(f, fromp) struct stat s2; int offst = 0; - copy = malloc(strlen(cmdbuf) + 1); + copy = strdup(cmdbuf); if (copy == NULL) { perror("malloc"); _exit(1); } - strcpy(copy, cmdbuf); if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) { offst = 3; } - strcpy((char *) cmdbuf + offst, kprogdir); + strlcpy(cmdbuf + offst, kprogdir, sizeof(cmdbuf) - offst); cp = copy + 3 + offst; - cmdbuf[sizeof(cmdbuf) - 1] = '\0'; - if (auth_sys == KRB5_RECVAUTH_V4) { - strncat(cmdbuf, "/v4rcp", sizeof(cmdbuf) - 1 - strlen(cmdbuf)); - } else { - strncat(cmdbuf, "/rcp", sizeof(cmdbuf) - 1 - strlen(cmdbuf)); - } + strlcat(cmdbuf, "/rcp", sizeof(cmdbuf)); + if (stat((char *)cmdbuf + offst, &s2) >= 0) - strncat(cmdbuf, cp, sizeof(cmdbuf) - 1 - strlen(cmdbuf)); + strlcat(cmdbuf, cp, sizeof(cmdbuf)); else - strncpy(cmdbuf, copy, sizeof(cmdbuf) - 1 - strlen(cmdbuf)); + strlcpy(cmdbuf, copy, sizeof(cmdbuf)); free(copy); } #endif @@ -1585,8 +1493,8 @@ error(fmt, va_alist) #endif *cp++ = 1; - (void) sprintf(cp, "%s: ", progname); - (void) vsprintf(buf+strlen(buf), fmt, ap); + (void) snprintf(cp, sizeof(buf) - (cp - buf), "%s: ", progname); + (void) vsnprintf(buf+strlen(buf), sizeof(buf) - strlen(buf), fmt, ap); va_end(ap); (void) write(2, buf, strlen(buf)); syslog(LOG_ERR ,"%s",buf+1); @@ -1619,7 +1527,8 @@ char *makejtmp(uid, gid, jid) register char *endc, *tdp = &tmpdir[strlen(tmpdir)]; register int i; - sprintf(tdp, "%s/jtmp.%06d", JTMPDIR, jid); + snprintf(tdp, sizeof(tmpdir) - (tdp - tmpdir), "%s/jtmp.%06d", + JTMPDIR, jid); endc = &tmpdir[strlen(tmpdir)]; endc[1] = '\0'; @@ -1778,7 +1687,7 @@ loglogin(host, flag, failures, ue) void usage() { #ifdef KERBEROS - syslog(LOG_ERR, "usage: kshd [-54ecikK] "); + syslog(LOG_ERR, "usage: kshd [-eciK] "); #else syslog(LOG_ERR, "usage: rshd"); #endif @@ -1805,9 +1714,6 @@ recvauth(netfd, peersin, valid_checksum) struct sockaddr_in laddr; socklen_t len; krb5_data inbuf; -#ifdef KRB5_KRB4_COMPAT - char v4_instance[INST_SZ]; /* V4 Instance */ -#endif krb5_authenticator *authenticator; krb5_ticket *ticket; krb5_rcache rcache; @@ -1829,10 +1735,6 @@ recvauth(netfd, peersin, valid_checksum) #define SIZEOF_INADDR sizeof(struct in_addr) #endif -#ifdef KRB5_KRB4_COMPAT - strcpy(v4_instance, "*"); -#endif - status = krb5_auth_con_init(bsd_context, &auth_context); if (status) return status; @@ -1862,66 +1764,25 @@ recvauth(netfd, peersin, valid_checksum) if (status) return status; } -#ifdef KRB5_KRB4_COMPAT - status = krb5_compat_recvauth_version(bsd_context, &auth_context, &netfd, - NULL, /* Specify daemon principal */ - 0, /* no flags */ - keytab, /* normally NULL to use v5srvtab */ - 0, /* v4_opts */ - "rcmd", /* v4_service */ - v4_instance, /* v4_instance */ - (struct sockaddr_in *)peersin, /* foreign address */ - &laddr, /* our local address */ - "", /* use default srvtab */ - - &ticket, /* return ticket */ - &auth_sys, /* which authentication system*/ - &v4_kdata, 0, &version); -#else status = krb5_recvauth_version(bsd_context, &auth_context, &netfd, NULL, /* daemon principal */ 0, /* no flags */ keytab, /* normally NULL to use v5srvtab */ &ticket, /* return ticket */ &version); /* application version string */ - auth_sys = KRB5_RECVAUTH_V5; -#endif if (status) { - if (auth_sys == KRB5_RECVAUTH_V5) { - /* - * clean up before exiting - */ - getstr(netfd, locuser, sizeof(locuser), "locuser"); - getstr(netfd, cmdbuf, sizeof(cmdbuf), "command"); - getstr(netfd, remuser, sizeof(locuser), "remuser"); - } + /* + * clean up before exiting + */ + getstr(netfd, locuser, sizeof(locuser), "locuser"); + getstr(netfd, cmdbuf, sizeof(cmdbuf), "command"); + getstr(netfd, remuser, sizeof(locuser), "remuser"); return status; } getstr(netfd, locuser, sizeof(locuser), "locuser"); getstr(netfd, cmdbuf, sizeof(cmdbuf), "command"); -#ifdef KRB5_KRB4_COMPAT - if (auth_sys == KRB5_RECVAUTH_V4) { - rcmd_stream_init_normal(); - - /* We do not really know the remote user's login name. - * Assume it to be the same as the first component of the - * principal's name. - */ - strcpy(remuser, v4_kdata->pname); - - status = krb5_425_conv_principal(bsd_context, v4_kdata->pname, - v4_kdata->pinst, v4_kdata->prealm, - &client); - if (status) return status; - - status = krb5_unparse_name(bsd_context, client, &kremuser); - - return status; - } -#endif /* KRB5_KRB4_COMPAT */ - /* Must be V5 */ kcmd_proto = KCMD_UNKNOWN_PROTOCOL; @@ -1949,27 +1810,17 @@ recvauth(netfd, peersin, valid_checksum) struct sockaddr_storage adr; unsigned int adr_length = sizeof(adr); int e; - unsigned int buflen = strlen(cmdbuf)+strlen(locuser)+32; - char * chksumbuf = (char *) malloc(buflen); + char namebuf[32], *chksumbuf = NULL; - if (chksumbuf == 0) - goto error_cleanup; if (getsockname(netfd, (struct sockaddr *) &adr, &adr_length) != 0) goto error_cleanup; e = getnameinfo((struct sockaddr *)&adr, adr_length, 0, 0, - chksumbuf, buflen, NI_NUMERICSERV); - if (e) { - free(chksumbuf); + namebuf, sizeof(namebuf), NI_NUMERICSERV); + if (e) fatal(netfd, "local error: can't examine port number"); - } - if (strlen(chksumbuf) > 30) { - free(chksumbuf); - fatal(netfd, "wacky local port number?!"); - } - strcat(chksumbuf, ":"); - strcat(chksumbuf,cmdbuf); - strcat(chksumbuf,locuser); + if (asprintf(&chksumbuf, "%s:%s%s", namebuf, cmdbuf, locuser) < 0) + goto error_cleanup; status = krb5_verify_checksum(bsd_context, authenticator->checksum->checksum_type, @@ -2060,7 +1911,7 @@ void fatal(f, msg) #endif buf[0] = '\01'; /* error indicator */ - (void) sprintf(buf + 1, "%s: %s.\r\n",progname, msg); + (void) snprintf(buf + 1, sizeof(buf) - 1, "%s: %s.\r\n",progname, msg); if ((f == netf) && (pid > 0)) (void) rcmd_stream_write(f, buf, strlen(buf), 0); else @@ -2078,3 +1929,115 @@ void fatal(f, msg) } exit(1); } + +static int +accept_a_connection (int debug_port, struct sockaddr *from, + socklen_t *fromlenp) +{ + int n, s, fd, s4 = -1, s6 = -1, on = 1; + fd_set sockets; + + FD_ZERO(&sockets); + +#ifdef KRB5_USE_INET6 + { + struct sockaddr_in6 sock_in6; + + if ((s = socket(AF_INET6, SOCK_STREAM, PF_UNSPEC)) < 0) { + if ((errno == EPROTONOSUPPORT) || (errno == EAFNOSUPPORT)) + goto skip_ipv6; + fprintf(stderr, "Error in socket(INET6): %s\n", strerror(errno)); + exit(2); + } + + memset((char *) &sock_in6, 0,sizeof(sock_in6)); + sock_in6.sin6_family = AF_INET6; + sock_in6.sin6_port = htons(debug_port); + sock_in6.sin6_addr = in6addr_any; + + (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + (char *)&on, sizeof(on)); + + if ((bind(s, (struct sockaddr *) &sock_in6, sizeof(sock_in6))) < 0) { + fprintf(stderr, "Error in bind(INET6): %s\n", strerror(errno)); + exit(2); + } + + if ((listen(s, 5)) < 0) { + fprintf(stderr, "Error in listen(INET6): %s\n", strerror(errno)); + exit(2); + } + s6 = s; + FD_SET(s, &sockets); + skip_ipv6: + ; + } +#endif + + { + struct sockaddr_in sock_in; + + if ((s = socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) < 0) { + fprintf(stderr, "Error in socket: %s\n", strerror(errno)); + exit(2); + } + + memset((char *) &sock_in, 0,sizeof(sock_in)); + sock_in.sin_family = AF_INET; + sock_in.sin_port = htons(debug_port); + sock_in.sin_addr.s_addr = INADDR_ANY; + + (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + (char *)&on, sizeof(on)); + + if ((bind(s, (struct sockaddr *) &sock_in, sizeof(sock_in))) < 0) { + if (s6 >= 0 && errno == EADDRINUSE) + goto try_ipv6_only; + fprintf(stderr, "Error in bind: %s\n", strerror(errno)); + exit(2); + } + + if ((listen(s, 5)) < 0) { + fprintf(stderr, "Error in listen: %s\n", strerror(errno)); + exit(2); + } + s4 = s; + FD_SET(s, &sockets); + try_ipv6_only: + ; + } + if (s4 == -1 && s6 == -1) { + fprintf(stderr, "No valid sockets established, exiting\n"); + exit(2); + } + n = select(((s4 < s6) ? s6 : s4) + 1, &sockets, 0, 0, 0); + if (n < 0) { + fprintf(stderr, "select error: %s\n", strerror(errno)); + exit(2); + } else if (n == 0) { + fprintf(stderr, "internal error? select returns 0\n"); + exit(2); + } + if (s6 != -1 && FD_ISSET(s6, &sockets)) { + if (s4 != -1) + close(s4); + s = s6; + } else if (FD_ISSET(s4, &sockets)) { + if (s6 != -1) + close(s6); + s = s4; + } else { + fprintf(stderr, + "internal error? select returns positive, " + "but neither fd available\n"); + exit(2); + } + + if ((fd = accept(s, from, fromlenp)) < 0) { + fprintf(stderr, "Error in accept: %s\n", strerror(errno)); + exit(2); + } + + close(s); + return fd; +} diff --git a/src/appl/bsd/login.M b/src/appl/bsd/login.M index 0fceb3529a..3a1b05b4b1 100644 --- a/src/appl/bsd/login.M +++ b/src/appl/bsd/login.M @@ -19,8 +19,8 @@ tickets for the user. will prompt for a username, or take one on the command line, as .I login.krb5 username and will then prompt for a password. This password will be used to -acquire Kerberos Version 5 tickets and Kerberos Version 4 tickets (if -possible.) It will also attempt to run +acquire Kerberos Version 5 tickets (if possible.) It will also attempt +to run .I aklog to get \fIAFS\fP tokens for the user. The version 5 tickets will be tested against a local @@ -40,12 +40,6 @@ pass hostname to rlogind. Must be the last argument. \fB\-h\fP \fIhostname\fP pass hostname to telnetd, etc. Must be the last argument. .TP -\fB\-k\fP \fIhostname\fP -Use Kerberos V4 to login. Must be the last argument. -.TP -\fB\-K\fP \fIhostname\fP -Use Kerberos V4 to login. Must be the last argument. -.TP \fB\-f\fP \fIname\fP Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows preauthenticated login as root. @@ -66,17 +60,6 @@ stanza. A collection of options dealing with initial authentication are provided: .IP krb5_get_tickets Use password to get V5 tickets. Default value true. -.IP krb4_get_tickets -Use password to get V4 tickets. Default value false. -.IP krb4_convert -Use Kerberos conversion daemon to get V4 tickets. Default value -false. If false, and krb4_get_tickets is true, then login will get -the V5 tickets directly using the Kerberos V4 protocol directly. -This does not currently work with non MIT-V4 salt types -(such as the AFS3 salt type.) Note that if configuration parameter -is true, and the krb524d is not running, login will hang for -approximately a minute under Solaris, -due to a Solaris socket emulation bug. .IP krb_run_aklog Attempt to run aklog. Default value false. .IP aklog_path @@ -92,6 +75,3 @@ associated with .PP .SH SEE ALSO rlogind(8), rlogin(1), telnetd(8) -.SH BUGS -Should use a config file to select use of V5, V4, and AFS, as well as -policy for startup. diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 861b9a57af..57680ad3ca 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -32,10 +32,6 @@ char copyright[] = # login stanza krb5_get_tickets = 1 # use password to get v5 tickets - krb4_get_tickets = 0 - # use password to get v4 tickets - krb4_convert = 0 - # use kerberos conversion daemon to get v4 tickets krb_run_aklog = 0 # attempt to run aklog aklog_path = $(prefix)/bin/aklog @@ -46,14 +42,8 @@ char copyright[] = #define KRB5_GET_TICKETS int login_krb5_get_tickets = 1; -#ifdef KRB5_KRB4_COMPAT -#define KRB4_GET_TICKETS -int login_krb4_get_tickets = 0; -#define KRB4_CONVERT -int login_krb4_convert = 0; #define KRB_RUN_AKLOG int login_krb_run_aklog = 0; -#endif /* KRB5_KRB4_COMPAT */ int login_accept_passwd = 0; @@ -67,10 +57,6 @@ int login_accept_passwd = 0; * allows preauthenticated login as root) * login -e name (for pre-authenticated encrypted, must do term * negotiation) - * ifdef KRB4_KLOGIN - * login -k hostname (for Kerberos V4 rlogind with password access) - * login -K hostname (for Kerberos V4 rlogind with restricted access) - * endif KRB4_KLOGIN * * only one of: -r -f -e -k -K -F * only one of: -r -h -k -K @@ -159,44 +145,6 @@ typedef sigtype (*handler)(); #include "osconf.h" #endif /* KRB5_GET_TICKETS */ -#ifdef KRB4_KLOGIN -/* support for running under v4 klogind, -k -K flags */ -#define KRB4 -#endif - -#if (defined(KRB4_GET_TICKETS) || defined(KRB4_CONVERT)) -/* support for prompting for v4 initial tickets */ -#define KRB4 -#endif - -#ifdef KRB4 -#include -#include -#ifdef HAVE_KRB4_PROTO_H -#include -#endif -#include -#ifdef BIND_HACK -#include -#include -#endif /* BIND_HACK */ - -/* Hacks to maintain compatability with Athena libkrb*/ -#ifndef HAVE_KRB_SAVE_CREDENTIALS -#define krb_save_credentials save_credentials -#endif /*HAVE_KRB_SAVE_CREDENTIALS*/ - -#ifndef HAVE_KRB_GET_ERR_TEXT - -static const char *krb_get_err_text(kerror) - int kerror; -{ - return krb_err_txt[kerror]; -} - -#endif /*HAVE_KRB_GET_ERR_TEXT*/ -#endif /* KRB4 */ - #ifndef __STDC__ #ifndef volatile #define volatile @@ -302,13 +250,8 @@ char term[64], *username; -#ifdef KRB4 -#define KRB_ENVIRON "KRBTKFILE" /* Ticket file environment variable */ -#define KRB_TK_DIR "/tmp/tkt_" /* Where to put the ticket */ -#endif /* KRB4_GET_TICKETS */ - -#if defined(KRB4_GET_TICKETS) || defined(KRB5_GET_TICKETS) -#define MAXPWSIZE 128 /* Biggest string accepted for KRB4 +#ifdef KRB5_GET_TICKETS +#define MAXPWSIZE 128 /* Biggest string accepted for KRB5 passsword */ #endif @@ -353,12 +296,8 @@ static struct login_confs { } login_conf_set[] = { #ifdef KRB5_GET_TICKETS {"krb5_get_tickets", &login_krb5_get_tickets}, + {"krb_run_aklog", &login_krb_run_aklog}, #endif -#ifdef KRB5_KRB4_COMPAT - {"krb4_get_tickets", &login_krb4_get_tickets}, - {"krb4_convert", &login_krb4_convert}, - {"krb4_run_aklog", &login_krb_run_aklog}, -#endif /* KRB5_KRB4_COMPAT */ }; static char *conf_yes[] = { @@ -501,20 +440,8 @@ char ccfile[MAXPATHLEN+6]; /* FILE:path+\0 */ int krbflag; /* set if tickets have been obtained */ #endif /* KRB5_GET_TICKETS */ -#ifdef KRB4_GET_TICKETS -static int got_v4_tickets; -AUTH_DAT *kdata = (AUTH_DAT *) NULL; -char tkfile[MAXPATHLEN]; -#endif - -#ifdef KRB4_GET_TICKETS -static void k_init (ttyn, realm) - char *ttyn; - char *realm; -#else void k_init (ttyn) char *ttyn; -#endif { #ifdef KRB5_GET_TICKETS krb5_error_code retval; @@ -529,7 +456,8 @@ void k_init (ttyn) /* Set up the credential cache environment variable */ if (!getenv(KRB5_ENV_CCNAME)) { - sprintf(ccfile, "FILE:/tmp/krb5cc_p%ld", (long) getpid()); + snprintf(ccfile, sizeof(ccfile), "FILE:/tmp/krb5cc_p%ld", + (long) getpid()); setenv(KRB5_ENV_CCNAME, ccfile, 1); krb5_cc_set_default_name(kcontext, ccfile); unlink(ccfile+strlen("FILE:")); @@ -540,22 +468,6 @@ void k_init (ttyn) } #endif -#ifdef KRB4_GET_TICKETS - if (krb_get_lrealm(realm, 1) != KSUCCESS) { - strncpy(realm, KRB_REALM, sizeof(realm)); - realm[sizeof(realm) - 1] = '\0'; - } - if (login_krb4_get_tickets || login_krb4_convert) { - /* Set up the ticket file environment variable */ - strncpy(tkfile, KRB_TK_DIR, sizeof(tkfile)); - tkfile[sizeof(tkfile) - 1] = '\0'; - strncat(tkfile, strrchr(ttyn, '/')+1, - sizeof(tkfile) - strlen(tkfile)); - (void) unlink (tkfile); - setenv(KRB_ENVIRON, tkfile, 1); - } -#endif - #ifdef BIND_HACK /* Set name server timeout to be reasonable, so that people don't take 5 minutes to @@ -571,7 +483,7 @@ static int k5_get_password (user_pwstring, pwsize) { krb5_error_code code; char prompt[255]; - sprintf(prompt,"Password for %s", username); + snprintf(prompt, sizeof(prompt), "Password for %s", username); /* reduce opportunities to be swapped out */ code = krb5_read_password(kcontext, prompt, 0, user_pwstring, &pwsize); @@ -636,236 +548,8 @@ static int have_v5_tickets (me) } #endif /* KRB5_GET_TICKETS */ -#ifdef KRB4_CONVERT -static int -try_convert524(kctx, me, use_ccache) - krb5_context kctx; - krb5_principal me; - int use_ccache; -{ - krb5_principal kpcserver; - krb5_error_code kpccode; - int kpcval; - krb5_creds increds, *v5creds; - CREDENTIALS v4creds; - - - /* If we have forwarded v5 tickets, retrieve the credentials from - * the cache; otherwise, the v5 credentials are in my_creds. - */ - if (use_ccache) { - /* cc->ccache, already set up */ - /* client->me, already set up */ - kpccode = krb5_build_principal(kctx, &kpcserver, - krb5_princ_realm(kctx, me)->length, - krb5_princ_realm(kctx, me)->data, - "krbtgt", - krb5_princ_realm(kctx, me)->data, - NULL); - if (kpccode) { - com_err("login/v4", kpccode, - "while creating service principal name"); - return 0; - } - - memset((char *) &increds, 0, sizeof(increds)); - increds.client = me; - increds.server = kpcserver; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - kpccode = krb5_get_credentials(kctx, 0, ccache, - &increds, &v5creds); - krb5_free_principal(kctx, kpcserver); - increds.server = NULL; - if (kpccode) { - com_err("login/v4", kpccode, "getting V5 credentials"); - return 0; - } - - kpccode = krb524_convert_creds_kdc(kctx, v5creds, &v4creds); - krb5_free_creds(kctx, v5creds); - } else - kpccode = krb524_convert_creds_kdc(kctx, &my_creds, &v4creds); - if (kpccode) { - com_err("login/v4", kpccode, "converting to V4 credentials"); - return 0; - } - /* this is stolen from the v4 kinit */ - /* initialize ticket cache */ - if ((kpcval = in_tkt(v4creds.pname,v4creds.pinst) - != KSUCCESS)) { - com_err("login/v4", kpcval, - "trying to create the V4 ticket file"); - return 0; - } - /* stash ticket, session key, etc. for future use */ - if ((kpcval = krb_save_credentials(v4creds.service, - v4creds.instance, - v4creds.realm, - v4creds.session, - v4creds.lifetime, - v4creds.kvno, - &(v4creds.ticket_st), - v4creds.issue_date))) { - com_err("login/v4", kpcval, - "trying to save the V4 ticket"); - return 0; - } - got_v4_tickets = 1; - strncpy(tkfile, tkt_string(), sizeof(tkfile)); - tkfile[sizeof(tkfile) - 1] = '\0'; - return 1; -} -#endif - -#ifdef KRB4_GET_TICKETS -static int -try_krb4 (user_pwstring, realm) - char *user_pwstring; - char *realm; -{ - int krbval, kpass_ok = 0; - - krbval = krb_get_pw_in_tkt(username, "", realm, - "krbtgt", realm, - DEFAULT_TKT_LIFE, - user_pwstring); - - switch (krbval) { - case INTK_OK: - kpass_ok = 1; - krbflag = 1; - strncpy(tkfile, tkt_string(), sizeof(tkfile)); - tkfile[sizeof(tkfile) - 1] = '\0'; - break; - /* These errors should be silent */ - /* So the Kerberos database can't be probed */ - case KDC_NULL_KEY: - case KDC_PR_UNKNOWN: - case INTK_BADPW: - case KDC_PR_N_UNIQUE: - case -1: - break; -#if 0 /* I want to see where INTK_W_NOTALL comes from before letting - kpass_ok be set in that case. KR */ - /* These should be printed but are not fatal */ - case INTK_W_NOTALL: - krbflag = 1; - kpass_ok = 1; - fprintf(stderr, "Kerberos error: %s\n", - krb_get_err_text(krbval)); - break; -#endif - default: - fprintf(stderr, "Kerberos error: %s\n", - krb_get_err_text(krbval)); - break; - } - got_v4_tickets = kpass_ok; - return kpass_ok; -} -#endif /* KRB4_GET_TICKETS */ - /* Kerberos ticket-handling routines */ -#ifdef KRB4_GET_TICKETS -/* call already conditionalized on login_krb4_get_tickets */ -/* - * Verify the Kerberos ticket-granting ticket just retrieved for the - * user. If the Kerberos server doesn't respond, assume the user is - * trying to fake us out (since we DID just get a TGT from what is - * supposedly our KDC). If the rcmd. service is unknown (i.e., - * the local srvtab doesn't have it), let her in. - * - * Returns 1 for confirmation, -1 for failure, 0 for uncertainty. - */ -static int verify_krb_v4_tgt (realm) - char *realm; -{ - char hostname[MAXHOSTNAMELEN], phost[BUFSIZ]; - struct hostent *hp; - KTEXT_ST ticket; - AUTH_DAT authdata; - unsigned KRB4_32 addr; - static /*const*/ char rcmd_str[] = "rcmd"; -#if 0 - char key[8]; -#endif - int krbval, retval, have_keys; - - if (gethostname(hostname, sizeof(hostname)) == -1) { - perror ("cannot retrieve local hostname"); - return -1; - } - strncpy (phost, krb_get_phost (hostname), sizeof (phost)); - phost[sizeof(phost)-1] = 0; - hp = gethostbyname (hostname); - if (!hp) { - perror ("cannot retrieve local host address"); - return -1; - } - memcpy ((char *) &addr, (char *)hp->h_addr, sizeof (addr)); - /* Do we have rcmd. keys? */ -#if 0 /* Be paranoid. If srvtab exists, assume it must contain the - right key. The more paranoid mode also helps avoid a - possible DNS spoofing issue. */ - have_keys = read_service_key (rcmd_str, phost, realm, 0, KEYFILE, key) - ? 0 : 1; - memset (key, 0, sizeof (key)); -#else - have_keys = 0 == access (KEYFILE, F_OK); -#endif - krbval = krb_mk_req (&ticket, rcmd_str, phost, realm, 0); - if (krbval == KDC_PR_UNKNOWN) { - /* - * Our rcmd. principal isn't known -- just assume valid - * for now? This is one case that the user _could_ fake out. - */ - if (have_keys) - return -1; - else - return 0; - } - else if (krbval != KSUCCESS) { - printf ("Unable to verify Kerberos TGT: %s\n", - krb_get_err_text(krbval)); -#ifndef SYSLOG42 - syslog (LOG_NOTICE|LOG_AUTH, "Kerberos TGT bad: %s", - krb_get_err_text(krbval)); -#endif - return -1; - } - /* got ticket, try to use it */ - krbval = krb_rd_req (&ticket, rcmd_str, phost, addr, &authdata, ""); - if (krbval != KSUCCESS) { - if (krbval == RD_AP_UNDEC && !have_keys) - retval = 0; - else { - retval = -1; - printf ("Unable to verify `rcmd' ticket: %s\n", - krb_get_err_text(krbval)); - } -#ifndef SYSLOG42 - syslog (LOG_NOTICE|LOG_AUTH, "can't verify rcmd ticket: %s;%s\n", - krb_get_err_text(krbval), - retval - ? "srvtab found, assuming failure" - : "no srvtab found, assuming success"); -#endif - goto EGRESS; - } - /* - * The rcmd. ticket has been received _and_ verified. - */ - retval = 1; - /* do cleanup and return */ -EGRESS: - memset (&ticket, 0, sizeof (ticket)); - memset (&authdata, 0, sizeof (authdata)); - return retval; -} -#endif /* KRB4_GET_TICKETS */ - static void destroy_tickets() { #ifdef KRB5_GET_TICKETS @@ -876,10 +560,6 @@ static void destroy_tickets() krb5_cc_destroy (kcontext, cache); } #endif -#ifdef KRB4_GET_TICKETS - if (login_krb4_get_tickets || login_krb4_convert) - dest_tkt(); -#endif /* KRB4_GET_TICKETS */ } /* AFS support routines */ @@ -926,15 +606,15 @@ static int try_afscall (scall) static void afs_login () { -#if defined(KRB4_GET_TICKETS) && defined(SETPAG) - if (login_krb4_get_tickets && pwd->pw_uid) { +#if defined(SETPAG) + if (login_krb5_get_tickets && pwd->pw_uid) { /* Only reset the pag for non-root users. */ /* This allows root to become anything. */ pagflag = try_setpag (); } #endif #ifdef KRB_RUN_AKLOG - if (got_v4_tickets && login_krb_run_aklog) { + if (got_v5_tickets && login_krb_run_aklog) { /* KPROGDIR is $(prefix)/bin */ char aklog_path[MAXPATHLEN]; struct stat st; @@ -1046,10 +726,6 @@ int main(argc, argv) krb5_principal me; krb5_creds save_v5creds; krb5_ccache xtra_creds = NULL; -#endif -#ifdef KRB4_GET_TICKETS - CREDENTIALS save_v4creds; - char realm[REALM_SZ]; #endif char *ccname = 0; /* name of forwarded cache */ char *tz = 0; @@ -1079,9 +755,6 @@ int main(argc, argv) * login as root. * -h is used by other servers to pass the name of the * remote host to login so that it may be placed in utmp and wtmp - * -k is used by klogind to cause the Kerberos V4 autologin protocol; - * -K is used by klogind to cause the Kerberos V4 autologin - * protocol with restricted access. */ (void)gethostname(tbuf, sizeof(tbuf)); domain = strchr(tbuf, '.'); @@ -1132,33 +805,6 @@ int main(argc, argv) *p = '\0'; hostname = optarg; break; -#ifdef KRB4_KLOGIN - case 'k': - case 'K': - EXCL_AUTH_TEST; - EXCL_HOST_TEST; - if (getuid()) { - fprintf(stderr, - "login: -%c for super-user only.\n", ch); - exit(1); - } - /* "-k hostname" must be last args */ - if (optind != argc) { - fprintf(stderr, "Syntax error.\n"); - exit(1); - } - if (ch == 'K') - Kflag = 1; - else - kflag = 1; - passwd_req = (do_krb_login(optarg, Kflag ? 1 : 0) == -1); - if (domain && - (p = strchr(optarg, '.')) && - (!strcmp(p, domain))) - *p = '\0'; - hostname = optarg; - break; -#endif /* KRB4_KLOGIN */ case 'e': EXCL_AUTH_TEST; if (getuid()) { @@ -1242,18 +888,13 @@ int main(argc, argv) ask for username if we don't have it already look it up in local pw or shadow file (to get crypt string) ask for password - try and get v4, v5 tickets with it + try and get v5 tickets with it try and use the tickets against the local srvtab if the password matches, always let them in if the ticket decrypts, let them in. - v5 needs to work, does v4? */ -#ifdef KRB4_GET_TICKETS - k_init (ttyn, realm); -#else k_init (ttyn); -#endif for (cnt = 0;; username = NULL) { #ifdef KRB5_GET_TICKETS @@ -1292,17 +933,6 @@ int main(argc, argv) if (!unix_needs_passwd()) break; - /* we have several sets of code: - 1) get v5 tickets alone -DKRB5_GET_TICKETS - 2) get v4 tickets alone [** don't! only get them *with* v5 **] - 3) get both tickets -DKRB5_GET_TICKETS -DKRB4_GET_TICKETS - 3a) use krb524 calls to get the v4 tickets -DKRB4_CONVERT plus (3). - 4) get no tickets and use the password file (none of thes defined.) - - Likewise we need to (optionally?) test these tickets against - local srvtabs. - */ - #ifdef KRB5_GET_TICKETS if (login_krb5_get_tickets) { /* rename these to something more verbose */ @@ -1324,16 +954,7 @@ int main(argc, argv) if (pwd->pw_uid != 0) { /* Don't get tickets for root */ try_krb5(&me, user_pwstring); -#ifdef KRB4_GET_TICKETS - if (login_krb4_get_tickets && - !(got_v5_tickets && login_krb4_convert)) - try_krb4(user_pwstring, realm); -#endif - krbflag = (got_v5_tickets -#ifdef KRB4_GET_TICKETS - || got_v4_tickets -#endif - ); + krbflag = got_v5_tickets; memset (user_pwstring, 0, sizeof(user_pwstring)); /* password wiped, so we can relax */ setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); @@ -1370,13 +991,6 @@ int main(argc, argv) break; /* we're ok */ } } -#ifdef KRB4_GET_TICKETS - else if (got_v4_tickets) { - if (login_krb4_get_tickets && - (verify_krb_v4_tgt(realm) != -1)) - break; /* we're ok */ - } -#endif /* KRB4_GET_TICKETS */ bad_login: setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET); @@ -1480,21 +1094,10 @@ int main(argc, argv) forwarded_v5_tickets = 1; #endif /* KRB5_GET_TICKETS */ -#if defined(KRB5_GET_TICKETS) && defined(KRB4_CONVERT) - if (login_krb4_convert && !got_v4_tickets) { - if (got_v5_tickets||forwarded_v5_tickets) - try_convert524(kcontext, me, forwarded_v5_tickets); - } -#endif - #ifdef KRB5_GET_TICKETS if (login_krb5_get_tickets) dofork(); #endif -#ifdef KRB4_GET_TICKETS - else if (login_krb4_get_tickets) - dofork(); -#endif /* If the user's shell does not do job control we should put it in a different process group than than us, and set the tty process group @@ -1551,17 +1154,16 @@ int main(argc, argv) (void) initgroups(username, pwd->pw_gid); /* - * The V5 ccache and V4 ticket file are both created as root. - * They need to be owned by the user, and chown (a) assumes - * they are stored in a file and (b) allows a race condition - * in which a user can delete the file (if the directory - * sticky bit is not set) and make it a symlink to somewhere - * else; on some platforms, chown() on a symlink actually - * changes the owner of the pointed-to file. This is Bad. + * The V5 ccache is created as root. It needs to be owned by the + * user, and chown (a) assumes they are stored in a file and (b) + * allows a race condition in which a user can delete the file (if + * the directory sticky bit is not set) and make it a symlink to + * somewhere else; on some platforms, chown() on a symlink + * actually changes the owner of the pointed-to file. This is + * Bad. * - * So, we suck the V5 and V4 krbtgts into memory here, destroy - * the ccache/ticket file, and recreate them later after the - * setuid. + * So, we suck the V5 krbtgt into memory here, destroy the + * ccache/ticket file, and recreate them later after the setuid. * * With the new v5 api, v5 tickets are kept in memory until written * out after the setuid. However, forwarded tickets still @@ -1605,28 +1207,10 @@ int main(argc, argv) } #endif /* KRB5_GET_TICKETS */ -#ifdef KRB4_GET_TICKETS - if (got_v4_tickets) { - memset(&save_v4creds, 0, sizeof(save_v4creds)); - - retval = krb_get_cred("krbtgt", realm, realm, &save_v4creds); - if (retval != KSUCCESS) { - syslog(LOG_ERR, - "%s while retrieving V4 initial ticket for copy", - error_message(retval)); - rewrite_ccache = 0; - } - } -#endif /* KRB4_GET_TICKETS */ - #ifdef KRB5_GET_TICKETS if (forwarded_v5_tickets) destroy_tickets(); #endif -#ifdef KRB4_GET_TICKETS - else if (got_v4_tickets) - destroy_tickets(); -#endif #ifdef OQUOTA quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0); @@ -1701,29 +1285,6 @@ int main(argc, argv) } #endif /* KRB5_GET_TICKETS */ -#ifdef KRB4_GET_TICKETS - if (got_v4_tickets && rewrite_ccache) { - if ((retval = in_tkt(save_v4creds.pname, save_v4creds.pinst)) - != KSUCCESS) { - syslog(LOG_ERR, - "%s while re-initializing V4 ticket cache as user", - error_message((retval == -1)?errno:retval)); - } else if ((retval = krb_save_credentials(save_v4creds.service, - save_v4creds.instance, - save_v4creds.realm, - save_v4creds.session, - save_v4creds.lifetime, - save_v4creds.kvno, - &(save_v4creds.ticket_st), - save_v4creds.issue_date)) - != KSUCCESS) { - syslog(LOG_ERR, - "%s while re-storing V4 tickets as user", - error_message(retval)); - } - } -#endif /* KRB4_GET_TICKETS */ - if (*pwd->pw_shell == '\0') pwd->pw_shell = BSHELL; @@ -1778,12 +1339,6 @@ int main(argc, argv) if (term[0]) (void)setenv("TERM", term, 0); -#ifdef KRB4_GET_TICKETS - /* tkfile[0] is only set if we got tickets above */ - if (login_krb4_get_tickets && tkfile[0]) - (void) setenv(KRB_ENVIRON, tkfile, 1); -#endif /* KRB4_GET_TICKETS */ - #ifdef KRB5_GET_TICKETS /* ccfile[0] is only set if we got tickets above */ if (login_krb5_get_tickets && ccfile[0]) { @@ -1795,33 +1350,6 @@ int main(argc, argv) if (tty[sizeof("tty")-1] == 'd') syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); if (pwd->pw_uid == 0) -#ifdef KRB4_KLOGIN - if (kdata) { - if (hostname) { - char buf[BUFSIZ]; -#ifdef UT_HOSTSIZE - (void) sprintf(buf, - "ROOT LOGIN (krb) %s from %.*s, %s.%s@%s", - tty, UT_HOSTSIZE, hostname, - kdata->pname, kdata->pinst, - kdata->prealm); -#else - (void) sprintf(buf, - "ROOT LOGIN (krb) %s from %s, %s.%s@%s", - tty, hostname, - kdata->pname, kdata->pinst, - kdata->prealm); -#endif - syslog(LOG_NOTICE, "%s", buf); - } else { - syslog(LOG_NOTICE, - "ROOT LOGIN (krb) %s, %s.%s@%s", - tty, - kdata->pname, kdata->pinst, - kdata->prealm); - } - } else -#endif /* KRB4_KLOGIN */ { if (hostname) { #ifdef UT_HOSTSIZE @@ -1839,10 +1367,6 @@ int main(argc, argv) afs_login(); if (!quietlog) { -#ifdef KRB4_KLOGIN - if (!krbflag && !fflag && !eflag ) - printf("\nWarning: No Kerberos tickets obtained.\n\n"); -#endif /* KRB4_KLOGIN */ motd(); check_mail(); } @@ -2104,7 +1628,7 @@ void check_mail() { char tbuf[MAXPATHLEN+2]; struct stat st; - (void)sprintf(tbuf, "%s/%s", MAILDIR, pwd->pw_name); + (void)snprintf(tbuf, sizeof(tbuf), "%s/%s", MAILDIR, pwd->pw_name); if (stat(tbuf, &st) == 0 && st.st_size != 0) printf("You have %smail.\n", (st.st_mtime > st.st_atime) ? "new " : ""); @@ -2217,100 +1741,6 @@ int doremotelogin(host) return(ruserok(host, (pwd->pw_uid == 0), rusername, username)); } -#ifdef KRB4_KLOGIN -int do_krb_login(host, strict) - char *host; - int strict; -{ - int rc; - struct sockaddr_in sin; - char instance[INST_SZ], version[9]; - long authoptions = 0L; - struct hostent *hp = gethostbyname(host); - static char lusername[UT_NAMESIZE+1]; - - /* - * Kerberos autologin protocol. - */ - - (void) memset((char *) &sin, 0, (int) sizeof(sin)); - - if (hp) - (void) memcpy ((char *)&sin.sin_addr, hp->h_addr, - sizeof(sin.sin_addr)); - else - sin.sin_addr.s_addr = inet_addr(host); - - if ((hp == NULL) && (sin.sin_addr.s_addr == -1)) { - printf("Hostname did not resolve to an address, so Kerberos authentication failed\r\n"); - /* - * No host addr prevents auth, so - * punt krb and require password - */ - if (strict) { - goto paranoid; - } else { - pwd = NULL; - return(-1); - } - } - - kdata = (AUTH_DAT *)malloc( sizeof(AUTH_DAT) ); - ticket = (KTEXT) malloc(sizeof(KTEXT_ST)); - - (void) strcpy(instance, "*"); - if ((rc=krb_recvauth(authoptions, 0, ticket, "rcmd", - instance, &sin, - (struct sockaddr_in *)0, - kdata, "", (bit_64 *) 0, version))) { - printf("Kerberos rlogin failed: %s\r\n",krb_get_err_text(rc)); - if (strict) { -paranoid: - /* - * Paranoid hosts, such as a Kerberos server, - * specify the Klogind daemon to disallow - * even password access here. - */ - printf("Sorry, you must have Kerberos authentication to access this host.\r\n"); - exit(1); - } - } - (void) lgetstr(lusername, sizeof (lusername), "Local user"); - (void) lgetstr(term, sizeof(term), "Terminal type"); - username = lusername; - if (getuid()) { - pwd = NULL; - return(-1); - } - pwd = getpwnam(lusername); - if (pwd == NULL) { - pwd = NULL; - return(-1); - } - - /* - * if Kerberos login failed because of an error in krb_recvauth, - * return the indication of a bad attempt. User will be prompted - * for a password. We CAN'T check the .rhost file, because we need - * the remote username to do that, and the remote username is in the - * Kerberos ticket. This affects ONLY the case where there is - * Kerberos on both ends, but Kerberos fails on the server end. - */ - if (rc) { - return(-1); - } - - if ((rc=kuserok(kdata,lusername))) { - printf("login: %s has not given you permission to login without a password.\r\n",lusername); - if (strict) { - exit(1); - } - return(-1); - } - return(0); -} -#endif /* KRB4_KLOGIN */ - void lgetstr(buf, cnt, err) char *buf, *err; int cnt; @@ -2334,15 +1764,11 @@ void lgetstr(buf, cnt, err) void sleepexit(eval) int eval; { -#ifdef KRB4_GET_TICKETS - if (login_krb4_get_tickets && krbflag) - (void) destroy_tickets(); -#endif /* KRB4_GET_TICKETS */ sleep((u_int)5); exit(eval); } -#if defined(KRB4_GET_TICKETS) || defined(KRB5_GET_TICKETS) +#ifdef KRB5_GET_TICKETS static int hungup = 0; static sigtype @@ -2350,7 +1776,7 @@ sighup() { hungup = 1; } -/* call already conditionalized on login_krb4_get_tickets */ +/* call already conditionalized on login_krb5_get_tickets */ /* * This routine handles cleanup stuff, and the like. * It exits only in the child process. @@ -2435,7 +1861,7 @@ dofork() /* Leave */ exit(0); } -#endif /* KRB4_GET_TICKETS */ +#endif /* KRB5_GET_TICKETS */ #ifndef HAVE_STRSAVE @@ -2448,11 +1874,10 @@ char *strsave(sp) { register char *ret; - if ((ret = (char *) malloc((unsigned) strlen(sp)+1)) == NULL) { + if ((ret = strdup(sp)) == NULL) { fprintf(stderr, "no memory for saving args\n"); exit(1); } - (void) strcpy(ret,sp); return(ret); } #endif diff --git a/src/appl/bsd/rlogin.M b/src/appl/bsd/rlogin.M index e2597823e0..5958842804 100644 --- a/src/appl/bsd/rlogin.M +++ b/src/appl/bsd/rlogin.M @@ -25,7 +25,7 @@ rlogin \- remote login .I rhost [\fB\-e\fP\fI\|c\fP] [\fB\-8\fP] [\fB\-c\fP] [ \fB\-a\fP] [\fB\-f\fP] [\fB\-F\fP] [\fB\-t\fP \fItermtype\fP] [\fB\-n\fP] [\fB\-7\fP] -[\fB\-PN | \-PO\fP] [\fB\-4\fP] +[\fB\-PN | \-PO\fP] [\fB\-d\fP] [\fB\-k\fP \fIrealm\fP] [\fB\-x\fP] [\fB\-L\fP] [\fB\-l\fP \fIusername\fP] .PP @@ -145,9 +145,6 @@ old one, but is not interoperable with older servers. (An "input/output error" and a closed connection is the most likely result of attempting this combination.) If neither option is specified, some simple heuristics are used to guess which to try. -.TP -\fB\-4\fP -Use Kerberos V4 authentication only; don't try Kerberos V5. .SH SEE ALSO rsh(1), kerberos(1), krb_sendauth(3), krb_realmofhost(3), rlogin(1) [UCB version], klogind(8) diff --git a/src/appl/bsd/v4rcp.M b/src/appl/bsd/v4rcp.M deleted file mode 100644 index 97721a8011..0000000000 --- a/src/appl/bsd/v4rcp.M +++ /dev/null @@ -1,52 +0,0 @@ -.\" appl/bsd/v4rcp.M -.TH V4RCP 1 -.SH NAME -v4rcp \- back end for Kerberos V4 rcp -.SH SYNOPSIS -.B v4rcp -.I not invoked by users -.SH DESCRIPTION -This program is -.B not -for user execution. The usage message indicates this. -.PP -Kerberos Version 4 -.I rsh -did not support encryption. In order to perform -encrypted file transfer, the version 4 -.I rcp -program did a second authentication, directly to the -.I rcp -process at the other end. This meant that -.I rcp -needed to be -.IR setuid -to root in order to read the -.IR krb-srvtab -file on the remote end. -.PP -Rather than add this complexity into the main Kerberos 5 -.I rcp -the Kerberos 5 -.I kshd -instead detects the use of Kerberos 4 authentication, and checks the -command for the program name -.I rcp -and then substitutes the full pathname of -.I v4rcp -instead. Since -.I v4rcp -is installed -.IR setuid -to root, it can perform the the authentication and get the session key -needed to encrypt the file transfer. -.PP -Kerberos 5 -.I rcp -instead uses the encryption support built in to Kerberos 5 -.I rsh -and -.I kshd -directly. -.SH SEE ALSO -rsh(1), rcp(1), kshd(8) diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c deleted file mode 100644 index 3cb7b3f97d..0000000000 --- a/src/appl/bsd/v4rcp.c +++ /dev/null @@ -1,1107 +0,0 @@ -/* Stripped down Kerberos V4 rcp, for server-side use only */ -/* based on Cygnus CNS V4-96q1 src/appl/bsd/rcp.c. */ - -/* - * rcp.c - */ - -/* - * Copyright (c) 1983 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef lint -char copyright[] = -"@(#) Copyright (c) 1983 The Regents of the University of California.\n\ - All rights reserved.\n"; -#endif /* not lint */ - -#ifndef lint -static char sccsid[] = "@(#)rcp.c 5.10 (Berkeley) 9/20/88"; -#endif /* not lint */ - -/* - * rcp - */ -#ifdef KERBEROS -#include "k5-int.h" -#include -#include -#endif - -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_STDLIB_H -#include -#endif -#include -#include -#include -#ifndef KERBEROS -/* Ultrix doesn't protect it vs multiple inclusion, and krb.h includes it */ -#include -#endif -#include -#include -#include -#ifdef NEED_SYS_FCNTL_H -#include -#endif -#include - -#include -#include -#include -#include -#include -#include -#ifndef KERBEROS -/* Ultrix doesn't protect it vs multiple inclusion, and krb.h includes it */ -#include -#endif -#include -#include - -#include "port-sockets.h" - -#ifdef KERBEROS -#include -#include - - -void sink(int, char **), source(int, char **), - rsource(char *, struct stat *), usage(void); -/*VARARGS*/ -void error (char *fmt, ...) -#if !defined (__cplusplus) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)) - __attribute__ ((__format__ (__printf__, 1, 2))) -#endif - ; -int response(void); -#if !defined(HAVE_UTIMES) -int utimes(); -#endif - - -#if 0 -#include -#else -/* we don't have full kstream in v5, so fake it... */ - -typedef struct { - int encrypting; - int read_fd, write_fd; - des_key_schedule *sched; - des_cblock *ivec; - /* used on the read side */ - char *inbuf; - char *outbuf; - int writelen; - char* retbuf; - int retbuflen; - int retlen; - int returned; -} *kstream; - -static kstream kstream_create_rcp_from_fd(read_fd, write_fd, sched, ivec) - int read_fd, write_fd; - des_key_schedule *sched; - des_cblock *ivec; -{ - kstream tmp = (kstream)malloc(sizeof(*tmp)); - if (tmp == NULL) - return NULL; - tmp->encrypting = 1; - tmp->read_fd = read_fd; - tmp->write_fd = write_fd; - /* they're static in this file, so just hang on to the pointers */ - tmp->sched = sched; - tmp->ivec = ivec; - tmp->inbuf = 0; - tmp->outbuf = 0; - tmp->writelen = 0; - tmp->retbuf = 0; - tmp->retbuflen = 0; - tmp->returned = 0; - tmp->retlen = 0; - return tmp; -} - -static kstream kstream_create_from_fd(read_fd, write_fd, sched, session) - int read_fd, write_fd; - Key_schedule *sched; - des_cblock *session; -{ - /* just set it up... */ - kstream tmp = (kstream)malloc(sizeof(*tmp)); - if (tmp == NULL) - return NULL; - tmp->encrypting = 0; - tmp->read_fd = read_fd; - tmp->write_fd = write_fd; - return tmp; -} - - -/* always set to 0 here anyway */ -#define kstream_set_buffer_mode(x,y) - -static int kstream_read(krem, buf, len) - kstream krem; - char *buf; - unsigned int len; -{ - if(krem->encrypting) { - /* when we get a length, we have to read the whole block. However, - we have to hand it to the user in the chunks they want, which - may be smaller if BUFSIZ doesn't match. [the caller can deal if - the incoming blocks are smaller...] */ - if (krem->returned) { - int remaining = krem->retlen - krem->returned; - int returning; - - if (remaining <= len) { - returning = remaining; - } else { - returning = len; - } - memcpy(buf, krem->retbuf+krem->returned, returning); - krem->returned += returning; - if (krem->returned == krem->retlen) krem->returned = 0; - - return returning; - } - - /* we need 4 bytes to get a length, and once we have that we know how - much to get to fill the buffer. Then we can hand back bits, or loop. */ - { - int cc; - unsigned char clen[4]; - unsigned int x = 0; - unsigned int sz, off; - - cc = read(krem->read_fd, clen, 4); - if (cc != 4) return cc; - x <<= 8; x += clen[0] & 0xff; - x <<= 8; x += clen[1] & 0xff; - x <<= 8; x += clen[2] & 0xff; - x <<= 8; x += clen[3] & 0xff; - sz = (x + 7) & (~7U); - - if (krem->retbuflen < sz) { - if (krem->retbuflen == 0) - krem->retbuf = (char*)malloc(sz>(BUFSIZ)?sz:(BUFSIZ)); - else - krem->retbuf = (char*)realloc(krem->retbuf, sz); - if(!krem->retbuf) { errno = ENOMEM; return -1; } - krem->retbuflen = sz>(BUFSIZ)?sz:(BUFSIZ); - } - - /* get all of it */ - off = 0; - do { - cc = read(krem->read_fd, krem->retbuf+off, sz-off); - if (cc <= 0) return cc; - off += cc; - } while (off < sz); - - /* decrypt it */ - des_pcbc_encrypt ((des_cblock *)krem->retbuf, - (des_cblock *)krem->retbuf, - (int) sz, *krem->sched, krem->ivec, - DECRYPT); - - /* now retbuf has sz bytes, return len or x of them to the user */ - if (x <= len) { - memcpy(buf, krem->retbuf, x); - return x; - } else { - memcpy(buf, krem->retbuf, len); - /* defer the rest */ - krem->returned = len; - krem->retlen = x; - return len; - } - } - } else { - return read(krem->read_fd, buf, len); - } -} - -static int kstream_write(krem, buf, len) - kstream krem; - char *buf; - unsigned int len; -{ - if (krem->encrypting) { - unsigned long x; - int st; - unsigned int outlen = (len + 7) & (~7U); - - if (krem->writelen < outlen || krem->outbuf == 0) { - krem->inbuf = (char*)realloc(krem->inbuf, outlen ? outlen : 1); - krem->outbuf = (char*)realloc(krem->outbuf, outlen+8); - if(!krem->inbuf || !krem->outbuf) { errno = ENOMEM; return -1; } - krem->writelen = outlen; - } - - outlen = (len + 7) & (~7U); - - memcpy(krem->inbuf, buf, len); - krb5_random_confounder(outlen-len, krem->inbuf+len); - buf = krem->inbuf; - - x = len; - krem->outbuf[3+4] = x & 0xff; x >>= 8; - krem->outbuf[2+4] = x & 0xff; x >>= 8; - krem->outbuf[1+4] = x & 0xff; x >>= 8; - krem->outbuf[0+4] = x & 0xff; x >>= 8; - if (x) - abort (); - /* memset(outbuf+4+4, 0x42, BUFSIZ); */ - st = des_pcbc_encrypt ((des_cblock *)buf, (des_cblock *)(krem->outbuf+4+4), - (int) outlen, - *krem->sched, krem->ivec, ENCRYPT); - - if (st) abort(); - return write(krem->write_fd, krem->outbuf+4, 4+outlen); - } else { - return write(krem->write_fd, buf, len); - } -} - -/* 0 = stdin, read; 1 = stdout, write */ -#define rem 0,1 - -#endif - - -#ifdef _AUX_SOURCE -#define vfork fork -#endif -#ifdef NOVFORK -#define vfork fork -#endif - -#ifndef roundup -#define roundup(x,y) ((((x)+(y)-1)/(y))*(y)) -#endif - -int sock; -CREDENTIALS cred; -MSG_DAT msg_data; -struct sockaddr_in foreign, local; -Key_schedule schedule; - -KTEXT_ST ticket; -AUTH_DAT kdata; -static des_cblock crypt_session_key; -char krb_realm[REALM_SZ]; -char **save_argv(int, char **), *krb_realmofhost(); -#ifndef HAVE_STRSAVE -static char *strsave(char *); -#endif -#ifdef NOENCRYPTION -#define des_read read -#define des_write write -#else /* !NOENCRYPTION */ -void answer_auth(void); -int encryptflag = 0; -#endif /* NOENCRYPTION */ -#include "rpaths.h" -#else /* !KERBEROS */ -#define des_read read -#define des_write write -#endif /* KERBEROS */ - -kstream krem; -int errs; -krb5_sigtype lostconn(int); -int iamremote, targetshouldbedirectory; -int iamrecursive; -int pflag; -int force_net; -struct passwd *pwd; -int userid; -int port; - -char *getenv(); - -struct buffer { - int cnt; - char *buf; -} *allocbuf(struct buffer *, int, int); - -#define NULLBUF (struct buffer *) 0 - -#define ga() (void) kstream_write (krem, "", 1) - -int main(argc, argv) - int argc; - char **argv; -{ - char portarg[20], rcpportarg[20]; -#ifdef ATHENA - static char curhost[256]; -#endif /* ATHENA */ -#ifdef KERBEROS - char realmarg[REALM_SZ + 5]; -#endif /* KERBEROS */ - - portarg[0] = '\0'; - rcpportarg[0] = '\0'; - realmarg[0] = '\0'; - - pwd = getpwuid(userid = getuid()); - if (pwd == 0) { - fprintf(stderr, "who are you?\n"); - exit(1); - } - -#ifdef KERBEROS - krb_realm[0] = '\0'; /* Initially no kerberos realm set */ -#endif /* KERBEROS */ - for (argc--, argv++; argc > 0 && **argv == '-'; argc--, argv++) { - (*argv)++; - while (**argv) switch (*(*argv)++) { - - case 'r': - iamrecursive++; - break; - - case 'p': /* preserve mtimes and atimes */ - pflag++; - break; - - case 'P': /* Set port to use. */ - port = atoi(*argv); - sprintf(portarg, " -p%d", port); - sprintf(rcpportarg, " -P%d", port); - port = htons(port); - goto next_arg; - - case 'N': - /* Force use of network even on local machine. */ - force_net++; - break; - -#ifdef KERBEROS -#ifndef NOENCRYPTION - case 'x': - encryptflag++; - break; -#endif - case 'k': /* Change kerberos realm */ - argc--, argv++; - if (argc == 0) - usage(); - strncpy(krb_realm,*argv,REALM_SZ); - krb_realm[REALM_SZ-1] = 0; - sprintf(realmarg, " -k %s", krb_realm); - goto next_arg; -#endif /* KERBEROS */ - /* The rest of these are not for users. */ - case 'd': - targetshouldbedirectory = 1; - break; - - case 'f': /* "from" */ - iamremote = 1; -#if defined(KERBEROS) && !defined(NOENCRYPTION) - if (encryptflag) { - answer_auth(); - krem = kstream_create_rcp_from_fd (rem, - &schedule, - &crypt_session_key); - } else - krem = kstream_create_from_fd (rem, 0, 0); - if (krem == NULL) { - error("rcp: out of memory\n"); - exit(1); - } - kstream_set_buffer_mode (krem, 0); -#endif /* KERBEROS && !NOENCRYPTION */ - (void) response(); - if (setuid(userid)) { - error("rcp: can't setuid(user)\n"); - exit(1); - } - source(--argc, ++argv); - exit(errs); - - case 't': /* "to" */ - iamremote = 1; -#if defined(KERBEROS) && !defined(NOENCRYPTION) - if (encryptflag) { - answer_auth(); - krem = kstream_create_rcp_from_fd (rem, - &schedule, - &crypt_session_key); - } else - krem = kstream_create_from_fd (rem, 0, 0); - if (krem == NULL) { - error("rcp: out of memory\n"); - exit(1); - } - kstream_set_buffer_mode (krem, 0); -#endif /* KERBEROS && !NOENCRYPTION */ - if (setuid(userid)) { - error("rcp: can't setuid(user)\n"); - exit(1); - } - sink(--argc, ++argv); - exit(errs); - - default: - usage(); - } -#ifdef KERBEROS - next_arg: ; -#endif /* KERBEROS */ - } - usage(); - return 1; -} - -static void verifydir(cp) - char *cp; -{ - struct stat stb; - - if (stat(cp, &stb) >= 0) { - if ((stb.st_mode & S_IFMT) == S_IFDIR) - return; - errno = ENOTDIR; - } - error("rcp: %s: %s.\n", cp, error_message(errno)); - exit(1); -} - -void source(argc, argv) - int argc; - char **argv; -{ - char *last, *name; - struct stat stb; - static struct buffer buffer; - struct buffer *bp; - int x, readerr, f; - unsigned int amt; - off_t i; - char buf[BUFSIZ]; - - for (x = 0; x < argc; x++) { - name = argv[x]; - if ((f = open(name, 0)) < 0) { - error("rcp: %s: %s\n", name, error_message(errno)); - continue; - } - if (fstat(f, &stb) < 0) - goto notreg; - switch (stb.st_mode&S_IFMT) { - - case S_IFREG: - break; - - case S_IFDIR: - if (iamrecursive) { - (void) close(f); - rsource(name, &stb); - continue; - } - /* fall into ... */ - default: -notreg: - (void) close(f); - error("rcp: %s: not a plain file\n", name); - continue; - } - last = strrchr(name, '/'); - if (last == 0) - last = name; - else - last++; - if (pflag) { - /* - * Make it compatible with possible future - * versions expecting microseconds. - */ - (void) sprintf(buf, "T%ld 0 %ld 0\n", - stb.st_mtime, stb.st_atime); - kstream_write (krem, buf, strlen (buf)); - if (response() < 0) { - (void) close(f); - continue; - } - } - (void) sprintf(buf, "C%04o %ld %s\n", - (unsigned int) stb.st_mode&07777, (long) stb.st_size, last); - kstream_write (krem, buf, strlen (buf)); - if (response() < 0) { - (void) close(f); - continue; - } - if ((bp = allocbuf(&buffer, f, BUFSIZ)) == NULLBUF) { - (void) close(f); - continue; - } - readerr = 0; - for (i = 0; i < stb.st_size; i += bp->cnt) { - amt = bp->cnt; - if (i + amt > stb.st_size) - amt = stb.st_size - i; - if (readerr == 0 && read(f, bp->buf, amt) != amt) - readerr = errno; - kstream_write (krem, bp->buf, amt); - } - (void) close(f); - if (readerr == 0) - ga(); - else - error("rcp: %s: %s\n", name, error_message(readerr)); - (void) response(); - } -} - -#ifndef USE_DIRENT_H -#include -#else -#include -#endif - -void rsource(name, statp) - char *name; - struct stat *statp; -{ - DIR *d = opendir(name); - char *last; - char buf[BUFSIZ]; - char *bufv[1]; -#ifdef USE_DIRENT_H - struct dirent *dp; -#else - struct direct *dp; -#endif - - if (d == 0) { - error("rcp: %s: %s\n", name, error_message(errno)); - return; - } - last = strrchr(name, '/'); - if (last == 0) - last = name; - else - last++; - if (pflag) { - (void) sprintf(buf, "T%ld 0 %ld 0\n", - statp->st_mtime, statp->st_atime); - kstream_write (krem, buf, strlen (buf)); - if (response() < 0) { - closedir(d); - return; - } - } - (void) sprintf(buf, "D%04o %d %s\n", - (unsigned int) statp->st_mode&07777, 0, last); - kstream_write (krem, buf, strlen (buf)); - if (response() < 0) { - closedir(d); - return; - } - while ((dp = readdir(d))) { - if (dp->d_ino == 0) - continue; - if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) - continue; - if (strlen(name) + 1 + strlen(dp->d_name) >= BUFSIZ - 1) { - error("%s/%s: Name too long.\n", name, dp->d_name); - continue; - } - (void) sprintf(buf, "%s/%s", name, dp->d_name); - bufv[0] = buf; - source(1, bufv); - } - closedir(d); - kstream_write (krem, "E\n", 2); - (void) response(); -} - -int response() -{ - char resp, c, rbuf[BUFSIZ], *cp = rbuf; - - if (kstream_read (krem, &resp, 1) != 1) - lostconn(0); - switch (resp) { - - case 0: /* ok */ - return (0); - - default: - *cp++ = resp; - /* fall into... */ - case 1: /* error, followed by err msg */ - case 2: /* fatal error, "" */ - do { - if (kstream_read (krem, &c, 1) != 1) - lostconn(0); - *cp++ = c; - } while (cp < &rbuf[BUFSIZ] && c != '\n'); - if (iamremote == 0) - (void) write(2, rbuf, (unsigned) (cp - rbuf)); - errs++; - if (resp == 1) - return (-1); - exit(1); - } - /*NOTREACHED*/ - return -1; -} - -krb5_sigtype lostconn(signum) - int signum; -{ - - if (iamremote == 0) - fprintf(stderr, "rcp: lost connection\n"); - exit(1); -} - -#if !defined(HAVE_UTIMES) -#include -#include - -/* - * We emulate utimes() instead of utime() as necessary because - * utimes() is more powerful than utime(), and rcp actually tries to - * set the microsecond values; we don't want to take away - * functionality unnecessarily. - */ -int utimes(file, tvp) -const char *file; -struct timeval *tvp; -{ - struct utimbuf times; - - times.actime = tvp[0].tv_sec; - times.modtime = tvp[1].tv_sec; - return(utime(file, ×)); -} -#endif - -void sink(argc, argv) - int argc; - char **argv; -{ - off_t i, j; - char *targ, *whopp, *cp; - int of, wrerr, exists, first, amt; - mode_t mode; - unsigned int count; - off_t size; - struct buffer *bp; - static struct buffer buffer; - struct stat stb; - int targisdir = 0; - mode_t mask = umask(0); - char *myargv[1]; - char cmdbuf[BUFSIZ], nambuf[BUFSIZ]; - int setimes = 0; - struct timeval tv[2]; -#define atime tv[0] -#define mtime tv[1] -#define SCREWUP(str) { whopp = str; goto screwup; } - - if (!pflag) - (void) umask(mask); - if (argc != 1) { - error("rcp: ambiguous target\n"); - exit(1); - } - targ = *argv; - if (targetshouldbedirectory) - verifydir(targ); - ga(); - if (stat(targ, &stb) == 0 && (stb.st_mode & S_IFMT) == S_IFDIR) - targisdir = 1; - for (first = 1; ; first = 0) { - cp = cmdbuf; - if (kstream_read (krem, cp, 1) <= 0) - return; - if (*cp++ == '\n') - SCREWUP("unexpected '\\n'"); - do { - if (kstream_read(krem, cp, 1) != 1) - SCREWUP("lost connection"); - } while (*cp++ != '\n'); - *cp = 0; - if (cmdbuf[0] == '\01' || cmdbuf[0] == '\02') { - if (iamremote == 0) - (void) write(2, cmdbuf+1, strlen(cmdbuf+1)); - if (cmdbuf[0] == '\02') - exit(1); - errs++; - continue; - } - *--cp = 0; - cp = cmdbuf; - if (*cp == 'E') { - ga(); - return; - } - -#define getnum(t) (t) = 0; while (isdigit((int) *cp)) (t) = (t) * 10 + (*cp++ - '0'); - if (*cp == 'T') { - setimes++; - cp++; - getnum(mtime.tv_sec); - if (*cp++ != ' ') - SCREWUP("mtime.sec not delimited"); - getnum(mtime.tv_usec); - if (*cp++ != ' ') - SCREWUP("mtime.usec not delimited"); - getnum(atime.tv_sec); - if (*cp++ != ' ') - SCREWUP("atime.sec not delimited"); - getnum(atime.tv_usec); - if (*cp++ != '\0') - SCREWUP("atime.usec not delimited"); - ga(); - continue; - } - if (*cp != 'C' && *cp != 'D') { - /* - * Check for the case "rcp remote:foo\* local:bar". - * In this case, the line "No match." can be returned - * by the shell before the rcp command on the remote is - * executed so the ^Aerror_message convention isn't - * followed. - */ - if (first) { - error("%s\n", cp); - exit(1); - } - SCREWUP("expected control record"); - } - cp++; - mode = 0; - for (; cp < cmdbuf+5; cp++) { - if (*cp < '0' || *cp > '7') - SCREWUP("bad mode"); - mode = (mode << 3) | (*cp - '0'); - } - if (*cp++ != ' ') - SCREWUP("mode not delimited"); - size = 0; - while (isdigit((int) *cp)) - size = size * 10 + (*cp++ - '0'); - if (*cp++ != ' ') - SCREWUP("size not delimited"); - if (targisdir) { - if (strlen(targ) + strlen(cp) + 1 < sizeof(nambuf)) { - (void) snprintf(nambuf, sizeof(nambuf), - "%s%s%s", targ, - *targ ? "/" : "", cp); - } else { - SCREWUP("target directory name too long"); - } - } else { - if (strlen(targ) + 1 < sizeof(nambuf)) - (void) strncpy(nambuf, targ, sizeof(nambuf)-1); - else - SCREWUP("target pathname too long"); - } - nambuf[sizeof(nambuf)-1] = '\0'; - exists = stat(nambuf, &stb) == 0; - if (cmdbuf[0] == 'D') { - if (exists) { - if ((stb.st_mode&S_IFMT) != S_IFDIR) { - errno = ENOTDIR; - goto bad; - } - if (pflag) - (void) chmod(nambuf, mode); - } else if (mkdir(nambuf, mode) < 0) - goto bad; - myargv[0] = nambuf; - sink(1, myargv); - if (setimes) { - setimes = 0; - if (utimes(nambuf, tv) < 0) - error("rcp: can't set times on %s: %s\n", - nambuf, error_message(errno)); - } - continue; - } - if ((of = open(nambuf, O_WRONLY|O_CREAT|O_TRUNC, mode)) < 0) { - bad: - error("rcp: %s: %s\n", nambuf, error_message(errno)); - continue; - } -#ifdef NO_FCHMOD - if (exists && pflag) - (void) chmod(nambuf, mode); -#else - if (exists && pflag) - (void) fchmod(of, mode); -#endif - ga(); - if ((bp = allocbuf(&buffer, of, BUFSIZ)) == NULLBUF) { - (void) close(of); - continue; - } - cp = bp->buf; - count = 0; - wrerr = 0; - for (i = 0; i < size; i += BUFSIZ) { - amt = BUFSIZ; - if (i + amt > size) - amt = size - i; - count += amt; - do { - j = kstream_read(krem, cp, amt); - if (j <= 0) { - if (j == 0) - error("rcp: dropped connection"); - else - error("rcp: %s\n", - error_message(errno)); - exit(1); - } - amt -= j; - cp += j; - } while (amt > 0); - if (count == bp->cnt) { - if (wrerr == 0 && - write(of, bp->buf, count) != count) - wrerr++; - count = 0; - cp = bp->buf; - } - } - if (count != 0 && wrerr == 0 && - write(of, bp->buf, count) != count) - wrerr++; -#ifndef __SCO__ - if (ftruncate(of, size)) - error("rcp: can't truncate %s: %s\n", - nambuf, error_message(errno)); -#endif - (void) close(of); - (void) response(); - if (setimes) { - setimes = 0; - if (utimes(nambuf, tv) < 0) - error("rcp: can't set times on %s: %s\n", - nambuf, error_message(errno)); - } - if (wrerr) - error("rcp: %s: %s\n", nambuf, error_message(errno)); - else - ga(); - } -screwup: - error("rcp: protocol screwup: %s\n", whopp); - exit(1); -} - -struct buffer * -allocbuf(bp, fd, blksize) - struct buffer *bp; - int fd, blksize; -{ - int size; -#ifndef NOSTBLKSIZE - struct stat stb; - - if (fstat(fd, &stb) < 0) { - error("rcp: fstat: %s\n", error_message(errno)); - return (NULLBUF); - } - size = roundup(stb.st_blksize, blksize); - if (size == 0) -#endif - size = blksize; - if (bp->cnt < size) { - if (bp->buf != 0) - free(bp->buf); - bp->buf = (char *)malloc((unsigned) size); - if (bp->buf == 0) { - error("rcp: malloc: out of memory\n"); - return (NULLBUF); - } - } - bp->cnt = size; - return (bp); -} - -void -error(char *fmt, ...) -{ - va_list ap; - char buf[BUFSIZ], *cp = buf; - - va_start(ap, fmt); - - errs++; - *cp++ = 1; - (void) vsnprintf(cp, sizeof(buf) - (cp-buf), fmt, ap); - va_end(ap); - - if (krem) - (void) kstream_write(krem, buf, strlen(buf)); - if (iamremote == 0) - (void) write(2, buf+1, strlen(buf+1)); -} - -void usage() -{ - fprintf(stderr, -"v4rcp: this program only acts as a server, and is not for user function.\n"); - exit(1); -} - -#ifdef KERBEROS - -char ** -save_argv(argc, argv) -int argc; -char **argv; -{ - register int i; - - char **local_argv = (char **)calloc((unsigned) argc+1, - (unsigned) sizeof(char *)); - /* allocate an extra pointer, so that it is initialized to NULL - and execv() will work */ - for (i = 0; i < argc; i++) - local_argv[i] = strsave(argv[i]); - return(local_argv); -} - -#ifndef HAVE_STRSAVE -static char * -strsave(sp) -char *sp; -{ - register char *ret; - - ret = strdup(sp); - if (ret == NULL) { - fprintf(stderr, "rcp: no memory for saving args\n"); - exit(1); - } - return ret; -} -#endif - -#ifndef NOENCRYPTION -#undef rem -#define rem 0 - -void -answer_auth() -{ - int status; - long authopts = KOPT_DO_MUTUAL; - char instance[INST_SZ]; - char version[9]; - char *srvtab; - char *envaddr; - -#if 0 - int sin_len; - - sin_len = sizeof (struct sockaddr_in); - if (getpeername(rem, &foreign, &sin_len) < 0) { - perror("getpeername"); - exit(1); - } - - sin_len = sizeof (struct sockaddr_in); - if (getsockname(rem, &local, &sin_len) < 0) { - perror("getsockname"); - exit(1); - } -#else - if ((envaddr = getenv("KRB5LOCALADDR"))) { -#ifdef HAVE_INET_ATON - inet_aton(envaddr, &local.sin_addr); -#else - local.sin_addr.s_addr = inet_addr(envaddr); -#endif - local.sin_family = AF_INET; - envaddr = getenv("KRB5LOCALPORT"); - if (envaddr) - local.sin_port = htons(atoi(envaddr)); - else - local.sin_port = 0; - } else { - fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n"); - exit(1); - } - if ((envaddr = getenv("KRB5REMOTEADDR"))) { -#ifdef HAVE_INET_ATON - inet_aton(envaddr, &foreign.sin_addr); -#else - foreign.sin_addr.s_addr = inet_addr(envaddr); -#endif - foreign.sin_family = AF_INET; - envaddr = getenv("KRB5REMOTEPORT"); - if (envaddr) - foreign.sin_port = htons(atoi(envaddr)); - else - foreign.sin_port = 0; - } else { - fprintf(stderr, "v4rcp: couldn't get remote address (KRB5REMOTEADDR)\n"); - exit(1); - } - -#endif - strcpy(instance, "*"); - - /* If rshd was invoked with the -s argument, it will set the - environment variable KRB_SRVTAB. We use that to get the - srvtab file to use. If we do use the environment variable, - we reset to our real user ID (which will already have been - set up by rsh). Since rcp is setuid root, we would - otherwise have a security hole. If we are using the normal - srvtab (KEYFILE in krb.h, normally set to /etc/krb-srvtab), - we must keep our effective uid of root, because that file - can only be read by root. */ - srvtab = (char *) getenv("KRB_SRVTAB"); - if (srvtab == NULL) - srvtab = ""; - if (*srvtab != '\0') - (void) setuid (userid); - - if ((status = krb_recvauth(authopts, rem, &ticket, "rcmd", instance, - &foreign, - &local, - &kdata, - srvtab, - schedule, - version)) != KSUCCESS) { - fprintf(stderr, "krb_recvauth mutual fail: %s\n", - krb_get_err_text(status)); - exit(1); - } - memcpy(&crypt_session_key, &kdata.session, sizeof (crypt_session_key)); - return; -} -#endif /* !NOENCRYPTION */ - -#endif /* KERBEROS */ diff --git a/src/appl/deps b/src/appl/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/gss-sample/Makefile.in b/src/appl/gss-sample/Makefile.in index a77f3a2ad7..e64e4871dc 100644 --- a/src/appl/gss-sample/Makefile.in +++ b/src/appl/gss-sample/Makefile.in @@ -49,17 +49,3 @@ clean-unix:: install-unix:: $(INSTALL_PROGRAM) gss-client $(DESTDIR)$(CLIENT_BINDIR)/gss-client $(INSTALL_PROGRAM) gss-server $(DESTDIR)$(SERVER_BINDIR)/gss-server -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)gss-client.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssapi/gssapi_generic.h gss-client.c \ - gss-misc.h -$(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - gss-misc.c gss-misc.h -$(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(SRCTOP)/include/port-sockets.h gss-misc.h gss-server.c diff --git a/src/appl/gss-sample/deps b/src/appl/gss-sample/deps new file mode 100644 index 0000000000..34495ea98d --- /dev/null +++ b/src/appl/gss-sample/deps @@ -0,0 +1,12 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)gss-client.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h gss-client.c \ + gss-misc.h +$(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + gss-misc.c gss-misc.h +$(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(SRCTOP)/include/port-sockets.h gss-misc.h gss-server.c diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index 0ee2684992..390d6e56fa 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -567,20 +567,24 @@ call_server(host, port, oid, service_name, gss_flags, auth_flag, static void parse_oid(char *mechanism, gss_OID * oid) { - char *mechstr = 0, *cp; + char *mechstr = 0; gss_buffer_desc tok; OM_uint32 maj_stat, min_stat; + size_t i, mechlen = strlen(mechanism); if (isdigit((int) mechanism[0])) { - mechstr = malloc(strlen(mechanism) + 5); + mechstr = malloc(mechlen + 5); if (!mechstr) { fprintf(stderr, "Couldn't allocate mechanism scratch!\n"); return; } - sprintf(mechstr, "{ %s }", mechanism); - for (cp = mechstr; *cp; cp++) - if (*cp == '.') - *cp = ' '; + mechstr[0] = '{'; + mechstr[1] = ' '; + for (i = 0; i < mechlen; i++) + mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i]; + mechstr[mechlen + 2] = ' '; + mechstr[mechlen + 3] = ' '; + mechstr[mechlen + 4] = '\0'; tok.value = mechstr; } else tok.value = mechanism; diff --git a/src/appl/gssftp/deps b/src/appl/gssftp/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/gssftp/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/gssftp/ftp/Makefile.in b/src/appl/gssftp/ftp/Makefile.in index 490b5dc3be..8026f1e229 100644 --- a/src/appl/gssftp/ftp/Makefile.in +++ b/src/appl/gssftp/ftp/Makefile.in @@ -21,20 +21,13 @@ OBJS = $(OUTPRE)cmds.$(OBJEXT) $(OUTPRE)cmdtab.$(OBJEXT) \ $(OUTPRE)main.$(OBJEXT) $(OUTPRE)radix.$(OBJEXT) \ $(OUTPRE)ruserpass.$(OBJEXT) $(OUTPRE)secure.$(OBJEXT) -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir) @KRB4_INCLUDES@ - -# -# We cannot have @KRB4_INCLUDES@ under Windows, since we do not use -# configure, so we redefine LOCALINCLUDES not to have that. -# - -##WIN32##LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir) +LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir) all-unix:: ftp all-windows:: $(OUTPRE)ftp.exe ftp: $(OBJS) $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o ftp $(OBJS) $(GSS_LIBS) $(KRB4COMPAT_LIBS) + $(CC_LINK) -o ftp $(OBJS) $(GSS_LIBS) $(KRB5_BASE_LIBS) $(OUTPRE)ftp.exe: $(OBJS) $(GLIB) $(KLIB) link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib advapi32.lib $(SCLIB) @@ -70,35 +63,3 @@ radix.o: $(srcdir)/radix.c secure.o: $(srcdir)/secure.c # NOPOSTFIX -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)cmds.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ - cmds.c ftp_var.h pathnames.h -$(OUTPRE)cmdtab.$(OBJEXT): cmdtab.c ftp_var.h -$(OUTPRE)domacro.$(OBJEXT): domacro.c ftp_var.h -$(OUTPRE)ftp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ - $(srcdir)/../arpa/telnet.h ftp.c ftp_var.h secure.h -$(OUTPRE)getpass.$(OBJEXT): ftp_var.h getpass.c -$(OUTPRE)glob.$(OBJEXT): ftp_var.h glob.c -$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ - ftp_var.h main.c -$(OUTPRE)radix.$(OBJEXT): ftp_var.h radix.c -$(OUTPRE)ruserpass.$(OBJEXT): ftp_var.h ruserpass.c -$(OUTPRE)secure.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(srcdir)/../arpa/ftp.h secure.c secure.h diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c index e733781570..ac7a8039f8 100644 --- a/src/appl/gssftp/ftp/cmds.c +++ b/src/appl/gssftp/ftp/cmds.c @@ -66,6 +66,8 @@ static char sccsid[] = "@(#)cmds.c 5.26 (Berkeley) 3/5/91"; #include #include +#include + #ifdef HAVE_GETCWD #define getwd(x) getcwd(x,MAXPATHLEN) #endif @@ -182,7 +184,7 @@ void setpeer(argc, argv) form = FORM_N; mode = MODE_S; stru = STRU_F; - (void) strcpy(bytename, "8"), bytesize = 8; + (void) strlcpy(bytename, "8", sizeof(bytename)), bytesize = 8; if (autoauth) { if (do_auth() && autoencrypt) { clevel = PROT_P; @@ -1615,9 +1617,7 @@ void shell(argc, argv) namep = strrchr(shellprog,'/'); if (namep == NULL) namep = shellprog; - (void) strcpy(shellnam,"-"); - (void) strncat(shellnam, ++namep, sizeof(shellnam) - 1 - strlen(shellnam)); - shellnam[sizeof(shellnam) - 1] = '\0'; + (void) snprintf(shellnam, sizeof(shellnam), "-%s", ++namep); if (strcmp(namep, "sh") != 0) shellnam[0] = '+'; if (debug) { diff --git a/src/appl/gssftp/ftp/deps b/src/appl/gssftp/ftp/deps new file mode 100644 index 0000000000..7cee7b57c2 --- /dev/null +++ b/src/appl/gssftp/ftp/deps @@ -0,0 +1,28 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)cmds.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ + cmds.c ftp_var.h pathnames.h +$(OUTPRE)cmdtab.$(OBJEXT): cmdtab.c ftp_var.h +$(OUTPRE)domacro.$(OBJEXT): domacro.c ftp_var.h +$(OUTPRE)ftp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ + $(srcdir)/../arpa/telnet.h ftp.c ftp_var.h secure.h +$(OUTPRE)getpass.$(OBJEXT): ftp_var.h getpass.c +$(OUTPRE)glob.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + ftp_var.h glob.c +$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ + ftp_var.h main.c +$(OUTPRE)radix.$(OBJEXT): ftp_var.h radix.c +$(OUTPRE)ruserpass.$(OBJEXT): ftp_var.h ruserpass.c +$(OUTPRE)secure.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(srcdir)/../arpa/ftp.h secure.c secure.h diff --git a/src/appl/gssftp/ftp/ftp.M b/src/appl/gssftp/ftp/ftp.M index ce168813f6..11bbc931e4 100644 --- a/src/appl/gssftp/ftp/ftp.M +++ b/src/appl/gssftp/ftp/ftp.M @@ -94,10 +94,6 @@ Enables debugging. .B \-g Disables file name globbing. .TP -\fB\-k\fP \fIrealm\fP -When using Kerberos v4 authentication, gets tickets in -.IR realm . -.TP .B \-f Causes credentials to be forwarded to the remote host. .TP diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index 227ca5efc7..3df233fcdf 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -88,11 +88,8 @@ int gettimeofday(struct timeval *tv, void *tz); #include #include #include -#ifndef KRB5_KRB4_COMPAT -/* krb.h gets this, and Ultrix doesn't protect vs multiple inclusion */ #include #include -#endif #include #include #ifdef HAVE_SYS_SELECT_H @@ -124,14 +121,8 @@ int gettimeofday(struct timeval *tv, void *tz); #define L_INCR 1 #endif -#ifdef KRB5_KRB4_COMPAT -#include +#include -KTEXT_ST ticket; -CREDENTIALS cred; -Key_schedule schedule; -MSG_DAT msg_data; -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI #include /* need to include the krb5 file, because we're doing manual fallback @@ -411,7 +402,7 @@ int login(char *host) return(1); for (n = 0; n < macnum; ++n) { if (!strcmp("init", macros[n].mac_name)) { - (void) strcpy(line, "$init"); + (void) strlcpy(line, "$init", sizeof(line)); makeargv(); domacro(margc, margv); break; @@ -436,20 +427,6 @@ static int secure_command(char* cmd) int length; if (auth_type && clevel != PROT_C) { -#ifdef KRB5_KRB4_COMPAT - if (strcmp(auth_type, "KERBEROS_V4") == 0) - if ((length = clevel == PROT_P ? - krb_mk_priv((unsigned char *)cmd, (unsigned char *)out, - strlen(cmd), schedule, - &cred.session, &myctladdr, &hisctladdr) - : krb_mk_safe((unsigned char *)cmd, (unsigned char *)out, - strlen(cmd), &cred.session, - &myctladdr, &hisctladdr)) == -1) { - fprintf(stderr, "krb_mk_%s failed for KERBEROS_V4\n", - clevel == PROT_P ? "priv" : "safe"); - return(0); - } -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI /* secure_command (based on level) */ if (strcmp(auth_type, "GSSAPI") == 0) { @@ -528,7 +505,7 @@ int command(char *fmt, ...) } oldintr = signal(SIGINT, cmdabort); va_start(ap, fmt); - vsprintf(in, fmt, ap); + vsnprintf(in, FTP_BUFSIZ, fmt, ap); va_end(ap); again: if (secure_command(in) == 0) return(0); @@ -692,39 +669,6 @@ int getreply(int expecteof) code, radix_error(kerror), obuf); n = '5'; } -#ifdef KRB5_KRB4_COMPAT - else if (strcmp(auth_type, "KERBEROS_V4") == 0) { - if (safe) - kerror = krb_rd_safe((unsigned char *)ibuf, - (unsigned int) len, - &cred.session, - &hisctladdr, - &myctladdr, &msg_data); - else - kerror = krb_rd_priv((unsigned char *)ibuf, - (unsigned int) len, - schedule, &cred.session, - &hisctladdr, &myctladdr, - &msg_data); - if (kerror != KSUCCESS) { - printf("%d reply %s! (krb_rd_%s: %s)\n", code, - safe ? "modified" : "garbled", - safe ? "safe" : "priv", - krb_get_err_text(kerror)); - n = '5'; - } else { - if (debug) printf("%c:", safe ? 'S' : 'P'); - if(msg_data.app_length < sizeof(ibuf) - 2) { - memmove(ibuf, msg_data.app_data, - msg_data.app_length); - strcpy(&ibuf[msg_data.app_length], "\r\n"); - } else { - printf("Message too long!"); - } - continue; - } - } -#endif #ifdef GSSAPI else if (strcmp(auth_type, "GSSAPI") == 0) { gss_buffer_desc xmit_buf, msg_buf; @@ -745,7 +689,7 @@ int getreply(int expecteof) if(msg_buf.length < sizeof(ibuf) - 2 - 1) { memcpy(ibuf, msg_buf.value, msg_buf.length); - strcpy(&ibuf[msg_buf.length], "\r\n"); + memcpy(&ibuf[msg_buf.length], "\r\n", 3); } else { user_gss_error(maj_stat, min_stat, "reply was too long"); @@ -1661,10 +1605,6 @@ void pswitch(int flag) char *authtype; int clvl; int dlvl; -#ifdef KRB5_KRB4_COMPAT - C_Block session; - Key_schedule schedule; -#endif /* KRB5_KRB4_COMPAT */ } proxstruct, tmpstruct; struct comvars *ip, *op; @@ -1742,12 +1682,6 @@ void pswitch(int flag) clevel = PROT_C; if (!dlevel) dlevel = PROT_C; -#ifdef KRB5_KRB4_COMPAT - memcpy(ip->session, cred.session, sizeof(cred.session)); - memcpy(cred.session, op->session, sizeof(cred.session)); - memcpy(ip->schedule, schedule, sizeof(schedule)); - memcpy(schedule, op->schedule, sizeof(schedule)); -#endif /* KRB5_KRB4_COMPAT */ (void) signal(SIGINT, oldintr); if (abrtflag) { abrtflag = 0; @@ -1953,10 +1887,6 @@ gunique(char *local) return(new); } -#ifdef KRB5_KRB4_COMPAT -char realm[REALM_SZ + 1]; -#endif /* KRB5_KRB4_COMPAT */ - #ifdef GSSAPI static const struct { gss_OID mech_type; @@ -1971,14 +1901,10 @@ static const int n_gss_trials = sizeof(gss_trials)/sizeof(gss_trials[0]); int do_auth() { int oldverbose = verbose; -#ifdef KRB5_KRB4_COMPAT - char *service, inst[INST_SZ]; - KRB4_32 cksum, checksum = getpid(); -#endif /* KRB5_KRB4_COMPAT */ -#if defined(KRB5_KRB4_COMPAT) || defined(GSSAPI) +#ifdef GSSAPI u_char out_buf[FTP_BUFSIZ]; int i; -#endif /* KRB5_KRB4_COMPAT */ +#endif /* GSSAPI */ if (auth_type) return(1); /* auth already succeeded */ @@ -2009,7 +1935,8 @@ int do_auth() for (trial = 0; trial < n_gss_trials; trial++) { /* ftp@hostname first, the host@hostname */ /* the V5 GSSAPI binding canonicalizes this for us... */ - sprintf(stbuf, "%s@%s", gss_trials[trial].service_name, hostname); + snprintf(stbuf, sizeof(stbuf), "%s@%s", + gss_trials[trial].service_name, hostname); if (debug) fprintf(stderr, "Trying to authenticate to <%s>\n", stbuf); @@ -2128,68 +2055,6 @@ int do_auth() } } #endif /* GSSAPI */ -#ifdef KRB5_KRB4_COMPAT - if (command("AUTH %s", "KERBEROS_V4") == CONTINUE) { - if (verbose) - printf("%s accepted as authentication type\n", "KERBEROS_V4"); - - strncpy(inst, (char *) krb_get_phost(hostname), sizeof(inst) - 1); - inst[sizeof(inst) - 1] = '\0'; - if (realm[0] == '\0') - strncpy(realm, (char *) krb_realmofhost(hostname), sizeof(realm) - 1); - realm[sizeof(realm) - 1] = '\0'; - if ((kerror = krb_mk_req(&ticket, service = "ftp", - inst, realm, checksum)) - && (kerror != KDC_PR_UNKNOWN || - (kerror = krb_mk_req(&ticket, service = "rcmd", - inst, realm, checksum)))) - fprintf(stderr, "Kerberos V4 krb_mk_req failed: %s\n", - krb_get_err_text(kerror)); - else if ((kerror = krb_get_cred(service, inst, realm, &cred))) - fprintf(stderr, "Kerberos V4 krb_get_cred failed: %s\n", - krb_get_err_text(kerror)); - else { - key_sched(cred.session, schedule); - reply_parse = "ADAT="; - oldverbose = verbose; - verbose = 0; - i = ticket.length; - if ((kerror = radix_encode(ticket.dat, out_buf, &i, 0))) - fprintf(stderr, "Base 64 encoding failed: %s\n", - radix_error(kerror)); - else if (command("ADAT %s", out_buf) != COMPLETE) - fprintf(stderr, "Kerberos V4 authentication failed\n"); - else if (!reply_parse) - fprintf(stderr, - "No authentication data received from server\n"); - else if ((kerror = radix_encode((unsigned char *)reply_parse, out_buf, &i, 1))) - fprintf(stderr, "Base 64 decoding failed: %s\n", - radix_error(kerror)); - else if ((kerror = krb_rd_safe(out_buf, (unsigned )i, - &cred.session, - &hisctladdr, &myctladdr, - &msg_data))) - fprintf(stderr, "Kerberos V4 krb_rd_safe failed: %s\n", - krb_get_err_text(kerror)); - else { - /* fetch the (modified) checksum */ - (void) memcpy(&cksum, msg_data.app_data, sizeof(cksum)); - if (ntohl(cksum) == checksum + 1) { - verbose = oldverbose; - if (verbose) - printf("Kerberos V4 authentication succeeded\n"); - reply_parse = NULL; - auth_type = "KERBEROS_V4"; - return(1); - } else fprintf(stderr, - "Kerberos V4 mutual authentication failed\n"); - } - verbose = oldverbose; - reply_parse = NULL; - } - } else fprintf(stderr, "%s rejected as an authentication type\n", - "KERBEROS_V4"); -#endif /* KRB5_KRB4_COMPAT */ /* Other auth types go here ... */ @@ -2233,7 +2098,7 @@ static void abort_remote(FILE *din) * send IAC in urgent mode instead of DM because 4.3BSD places oob mark * after urgent byte rather than before as is protocol now */ - sprintf(buf, "%c%c%c", IAC, IP, IAC); + snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC); if (send(SOCKETNO(fileno(cout)), buf, 3, MSG_OOB) != 3) PERROR_SOCKET("abort"); putc(DM, cout); diff --git a/src/appl/gssftp/ftp/glob.c b/src/appl/gssftp/ftp/glob.c index 272e503056..bbbcb4457c 100644 --- a/src/appl/gssftp/ftp/glob.c +++ b/src/appl/gssftp/ftp/glob.c @@ -57,6 +57,8 @@ static char sccsid[] = "@(#)glob.c 5.9 (Berkeley) 2/25/91"; #include #endif +#include + #include "ftp_var.h" #ifdef ARG_MAX @@ -211,7 +213,8 @@ expand(as) *gpathp = 0; if (gethdir(gpath + 1)) globerr = "Unknown user name after ~"; - (void) strcpy(gpath, gpath + 1); + (void) memmove(gpath, gpath + 1, + strlen(gpath)); } else (void) strncpy(gpath, home, FTP_BUFSIZ - 1); gpath[FTP_BUFSIZ - 1] = '\0'; @@ -258,10 +261,7 @@ matchdir(pattern) char *base = *gpath ? gpath : "."; char *buffer = 0; - buffer = malloc(strlen(base) + strlen("\\*") + 1); - if (!buffer) return; - strcpy(buffer, base); - strcat(buffer, "\\*"); + if (asprintf(&buffer, "%s\\*", base) < 0) return; hFile = FindFirstFile(buffer, &file_data); if (hFile == INVALID_HANDLE_VALUE) { if (!globbed) @@ -732,12 +732,10 @@ char * strspl(cp, dp) register char *cp, *dp; { - register char *ep = malloc((unsigned)(strlen(cp) + strlen(dp) + 1)); + char *ep; - if (ep == (char *)0) + if (asprintf(&ep, "%s%s", cp, dp) < 0) fatal("Out of memory"); - (void) strcpy(ep, cp); - (void) strcat(ep, dp); return (ep); } @@ -775,10 +773,12 @@ static int gethdir(mhome) char *mhome; { register struct passwd *pp = getpwnam(mhome); + size_t bufsize = lastgpathp - mhome; - if (!pp || ((mhome + strlen(pp->pw_dir)) >= lastgpathp)) + if (!pp) + return (1); + if (strlcpy(mhome, pp->pw_dir, bufsize) >= bufsize) return (1); - (void) strcpy(mhome, pp->pw_dir); return (0); } #endif diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c index 2e8c2cb8aa..6ec5ee1a87 100644 --- a/src/appl/gssftp/ftp/main.c +++ b/src/appl/gssftp/ftp/main.c @@ -55,11 +55,8 @@ static char sccsid[] = "@(#)main.c 5.18 (Berkeley) 3/1/91"; #include #include "ftp_var.h" #ifndef _WIN32 -#ifndef KRB5_KRB4_COMPAT -/* krb.h gets this, and Ultrix doesn't protect vs multiple inclusion */ #include #include -#endif #include #include #include @@ -90,11 +87,6 @@ uid_t getuid(); sigtype intr (int), lostpeer (int); extern char *home; char *getlogin(); -#ifdef KRB5_KRB4_COMPAT -#include -struct servent staticsp; -extern char realm[]; -#endif /* KRB5_KRB4_COMPAT */ static void cmdscanner (int); static char *slurpstring (void); @@ -126,12 +118,6 @@ main(argc, argv) fprintf(stderr, "ftp: ftp/tcp: unknown service\n"); exit(1); } -#ifdef KRB5_KRB4_COMPAT -/* GDM need to static sp so that the information is not lost - when kerberos calls getservbyname */ - memcpy(&staticsp,sp,sizeof(struct servent)); - sp = &staticsp; -#endif /* KRB5_KRB4_COMPAT */ doglob = 1; interactive = 1; autoauth = 1; @@ -148,19 +134,6 @@ main(argc, argv) debug++; break; -#ifdef KRB5_KRB4_COMPAT - case 'k': - if (*++cp != '\0') - strncpy(realm, ++cp, REALM_SZ); - else if (argc > 1) { - argc--, argv++; - strncpy(realm, *argv, REALM_SZ); - } - else - fprintf(stderr, "ftp: -k expects arguments\n"); - goto nextopt; -#endif - case 'v': verbose++; break; diff --git a/src/appl/gssftp/ftp/ruserpass.c b/src/appl/gssftp/ftp/ruserpass.c index acfabfa2da..6e603e4591 100644 --- a/src/appl/gssftp/ftp/ruserpass.c +++ b/src/appl/gssftp/ftp/ruserpass.c @@ -136,7 +136,7 @@ ruserpass(host, aname, apass, aacct) hdir = getenv("HOME"); if (hdir == NULL) hdir = "."; - (void) sprintf(buf, "%s/.netrc", hdir); + (void) snprintf(buf, sizeof(buf), "%s/.netrc", hdir); cfile = fopen(buf, "r"); if (cfile == NULL) { if (errno != ENOENT) @@ -187,8 +187,7 @@ next: case LOGIN: if (token()) { if (*aname == 0) { - *aname = malloc((unsigned) strlen(tokval) + 1); - (void) strcpy(*aname, tokval); + *aname = strdup(tokval); } else { if (strcmp(*aname, tokval)) goto next; @@ -204,8 +203,7 @@ next: goto bad; } if (token() && *apass == 0) { - *apass = malloc((unsigned) strlen(tokval) + 1); - (void) strcpy(*apass, tokval); + *apass = strdup(tokval); } break; case ACCOUNT: @@ -216,8 +214,7 @@ next: goto bad; } if (token() && *aacct == 0) { - *aacct = malloc((unsigned) strlen(tokval) + 1); - (void) strcpy(*aacct, tokval); + *aacct = strdup(tokval); } break; case MACDEF: diff --git a/src/appl/gssftp/ftp/secure.c b/src/appl/gssftp/ftp/secure.c index b8b963774f..3ed15ee97c 100644 --- a/src/appl/gssftp/ftp/secure.c +++ b/src/appl/gssftp/ftp/secure.c @@ -13,15 +13,6 @@ extern gss_ctx_id_t gcontext; #include /* stuff which is specific to client or server */ -#ifdef KRB5_KRB4_COMPAT -#include - -CRED_DECL -extern KTEXT_ST ticket; -extern MSG_DAT msg_data; -extern Key_schedule schedule; -#endif /* KRB5_KRB4_COMPAT */ - #ifdef _WIN32 #undef ERROR #endif @@ -82,21 +73,6 @@ static unsigned int smaxbuf; /* Internal saved value of maxbuf static unsigned int smaxqueue; /* Maximum allowed to queue before flush buffer. < smaxbuf by fudgefactor */ -#ifdef KRB5_KRB4_COMPAT -#define KRB4_FUDGE_FACTOR 32 /* Amount of growth - * from cleartext to ciphertext. - * krb_mk_priv adds this # bytes. - * Must be defined for each auth type. - */ -#endif /* KRB5_KRB4_COMPAT */ - -#ifdef KRB5_KRB4_COMPAT -/* XXX - The following must be redefined if KERBEROS_V4 is not used - * but some other auth type is. They must have the same properties. */ -#define looping_write krb_net_write -#define looping_read krb_net_read -#endif - /* perhaps use these in general, certainly use them for GSSAPI */ #ifndef looping_write @@ -167,12 +143,6 @@ static int secure_determine_constants() smaxbuf = maxbuf; smaxqueue = maxbuf; -#ifdef KRB5_KRB4_COMPAT - /* For KRB4 - we know the fudge factor to be 32 */ - if (strcmp(auth_type, "KERBEROS_V4") == 0) { - smaxqueue = smaxbuf - KRB4_FUDGE_FACTOR; - } -#endif #ifdef GSSAPI if (strcmp(auth_type, "GSSAPI") == 0) { OM_uint32 maj_stat, min_stat, mlen; @@ -289,31 +259,6 @@ unsigned int nbyte; buffer lengths required */ /* Other auth types go here ... */ -#ifdef KRB5_KRB4_COMPAT - if (bufsize < nbyte + fudge) { - if (outbuf? - (outbuf = realloc(outbuf, (unsigned) (nbyte + fudge))): - (outbuf = malloc((unsigned) (nbyte + fudge)))) { - bufsize = nbyte + fudge; - } else { - bufsize = 0; - secure_error("%s (in malloc of PROT buffer)", - strerror(errno)); - return(ERR); - } - } - - if (strcmp(auth_type, "KERBEROS_V4") == 0) - if ((length = dlevel == PROT_P ? - krb_mk_priv(buf, (unsigned char *) outbuf, nbyte, schedule, - SESSION, &myaddr, &hisaddr) - : krb_mk_safe(buf, (unsigned char *) outbuf, nbyte, SESSION, - &myaddr, &hisaddr)) == -1) { - secure_error("krb_mk_%s failed for KERBEROS_V4", - dlevel == PROT_P ? "priv" : "safe"); - return(ERR); - } -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI if (strcmp(auth_type, "GSSAPI") == 0) { gss_buffer_desc in_buf, out_buf; @@ -392,22 +337,6 @@ int fd; return(ERR); } /* Other auth types go here ... */ -#ifdef KRB5_KRB4_COMPAT - if (strcmp(auth_type, "KERBEROS_V4") == 0) { - if ((kerror = dlevel == PROT_P ? - krb_rd_priv(ucbuf, length, schedule, SESSION, - &hisaddr, &myaddr, &msg_data) - : krb_rd_safe(ucbuf, length, SESSION, - &hisaddr, &myaddr, &msg_data))) { - secure_error("krb_rd_%s failed for KERBEROS_V4 (%s)", - dlevel == PROT_P ? "priv" : "safe", - krb_get_err_text(kerror)); - return(ERR); - } - memmove(ucbuf, msg_data.app_data, msg_data.app_length); - nin = bufp = msg_data.app_length; - } -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI if (strcmp(auth_type, "GSSAPI") == 0) { gss_buffer_desc xmit_buf, msg_buf; diff --git a/src/appl/gssftp/ftpd/Makefile.in b/src/appl/gssftp/ftpd/Makefile.in index 6b184deb25..8e96a32fe4 100644 --- a/src/appl/gssftp/ftpd/Makefile.in +++ b/src/appl/gssftp/ftpd/Makefile.in @@ -25,12 +25,12 @@ SRCS = $(srcdir)/ftpd.c ftpcmd.c $(srcdir)/popen.c \ OBJS = ftpd.o ftpcmd.o glob.o popen.o vers.o radix.o \ secure.o $(LIBOBJS) $(SETENVOBJ) -LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir) @KRB4_INCLUDES@ +LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir) all:: ftpd -ftpd: $(OBJS) $(PTY_DEPLIB) $(GSS_DEPLIBS) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ $(OBJS) $(FTPD_LIBS) $(PTY_LIB) $(UTIL_LIB) $(GSS_LIBS) $(KRB4COMPAT_LIBS) +ftpd: $(OBJS) $(PTY_DEPLIB) $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ $(OBJS) $(FTPD_LIBS) $(PTY_LIB) $(UTIL_LIB) $(GSS_LIBS) $(KRB5_BASE_LIBS) generate-files-mac: ftpcmd.c @@ -76,36 +76,3 @@ popen.o: $(srcdir)/popen.c vers.o: $(srcdir)/vers.c # NOPOSTFIX -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)ftpd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-util.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ - $(srcdir)/../arpa/ftp.h $(srcdir)/../arpa/telnet.h \ - ftpd.c ftpd_var.h pathnames.h secure.h -$(OUTPRE)ftpcmd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssapi/gssapi_generic.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(srcdir)/../arpa/ftp.h \ - $(srcdir)/../arpa/telnet.h ftpcmd.c ftpd_var.h -$(OUTPRE)popen.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssapi/gssapi_generic.h ftpd_var.h \ - popen.c -$(OUTPRE)vers.$(OBJEXT): vers.c -$(OUTPRE)glob.$(OBJEXT): $(srcdir)/../ftp/ftp_var.h \ - $(srcdir)/../ftp/glob.c -$(OUTPRE)radix.$(OBJEXT): $(srcdir)/../ftp/ftp_var.h \ - $(srcdir)/../ftp/radix.c -$(OUTPRE)secure.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(srcdir)/../arpa/ftp.h $(srcdir)/../ftp/secure.c secure.h -$(OUTPRE)getdtablesize.$(OBJEXT): $(srcdir)/../../bsd/getdtablesize.c diff --git a/src/appl/gssftp/ftpd/deps b/src/appl/gssftp/ftpd/deps new file mode 100644 index 0000000000..1d0d3558f4 --- /dev/null +++ b/src/appl/gssftp/ftpd/deps @@ -0,0 +1,29 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)ftpd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \ + $(srcdir)/../arpa/telnet.h ftpd.c ftpd_var.h pathnames.h \ + secure.h +$(OUTPRE)ftpcmd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(SRCTOP)/include/k5-buf.h \ + $(srcdir)/../arpa/ftp.h $(srcdir)/../arpa/telnet.h \ + ftpcmd.c ftpd_var.h +$(OUTPRE)popen.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h ftpd_var.h \ + popen.c +$(OUTPRE)vers.$(OBJEXT): vers.c +$(OUTPRE)glob.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../ftp/ftp_var.h $(srcdir)/../ftp/glob.c +$(OUTPRE)radix.$(OBJEXT): $(srcdir)/../ftp/ftp_var.h \ + $(srcdir)/../ftp/radix.c +$(OUTPRE)secure.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(srcdir)/../arpa/ftp.h $(srcdir)/../ftp/secure.c secure.h +$(OUTPRE)getdtablesize.$(OBJEXT): $(srcdir)/../../bsd/getdtablesize.c diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y index 30bced06a8..a57b435870 100644 --- a/src/appl/gssftp/ftpd/ftpcmd.y +++ b/src/appl/gssftp/ftpd/ftpcmd.y @@ -66,6 +66,7 @@ static char sccsid[] = "@(#)ftpcmd.y 5.24 (Berkeley) 2/25/91"; #include #include #include +#include #include "ftpd_var.h" @@ -75,13 +76,6 @@ unsigned int maxbuf, actualbuf; unsigned char *ucbuf; static int kerror; /* XXX needed for all auth types */ -#ifdef KRB5_KRB4_COMPAT -extern struct sockaddr_in his_addr, ctrl_addr; -#include -extern AUTH_DAT kdata; -extern Key_schedule schedule; -extern MSG_DAT msg_data; -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI #include #include @@ -1089,27 +1083,6 @@ ftpd_getline(s, n, iop) if (debug) syslog(LOG_DEBUG, "getline got %d from %s <%s>\n", len, cs, mic?"MIC":"ENC"); clevel = mic ? PROT_S : PROT_P; -#ifdef KRB5_KRB4_COMPAT - if (strcmp(auth_type, "KERBEROS_V4") == 0) { - if ((kerror = mic ? - krb_rd_safe((unsigned char *)out, len, &kdata.session, - &his_addr, &ctrl_addr, &msg_data) - : krb_rd_priv((unsigned char *)out, len, schedule, - &kdata.session, &his_addr, &ctrl_addr, &msg_data)) - != KSUCCESS) { - reply(535, "%s! (%s)", - mic ? "MIC command modified" : "ENC command garbled", - krb_get_err_text(kerror)); - syslog(LOG_ERR,"%s failed: %s", - mic ? "MIC krb_rd_safe" : "ENC krb_rd_priv", - krb_get_err_text(kerror)); - *s = '\0'; - return(s); - } - (void) memcpy(s, msg_data.app_data, msg_data.app_length); - (void) strcpy(s+msg_data.app_length, "\r\n"); - } -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI /* we know this is a MIC or ENC already, and out/len already has the bits */ if (strcmp(auth_type, "GSSAPI") == 0) { @@ -1139,7 +1112,7 @@ ftpd_getline(s, n, iop) } memcpy(s, msg_buf.value, msg_buf.length); - strcpy(s+msg_buf.length-(s[msg_buf.length-1]?0:1), "\r\n"); + memcpy(s+msg_buf.length-(s[msg_buf.length-1]?0:1), "\r\n", 3); gss_release_buffer(&min_stat, &msg_buf); } #endif /* GSSAPI */ @@ -1157,7 +1130,7 @@ ftpd_getline(s, n, iop) } } -#if defined KRB5_KRB4_COMPAT || defined GSSAPI /* or other auth types */ +#ifdef GSSAPI /* or other auth types */ else { /* !auth_type */ if ( (!(strncmp(s, "ENC", 3))) || (!(strncmp(s, "MIC", 3))) #ifndef NOCONFIDENTIAL @@ -1169,7 +1142,7 @@ ftpd_getline(s, n, iop) return(s); } } -#endif /* KRB5_KRB4_COMPAT || GSSAPI */ +#endif GSSAPI if (debug) { if (!strncmp(s, "PASS ", 5) && !guest) @@ -1438,10 +1411,9 @@ copy(s) { char *p; - p = malloc((unsigned) strlen(s) + 1); + p = strdup(s); if (p == NULL) fatal("Ran out of memory."); - (void) strcpy(p, s); return (p); } @@ -1471,6 +1443,7 @@ help(ctab, s) if (s == 0) { register int i, j, w; int columns, lines; + struct k5buf buf; lreply(214, "The following %scommands are recognized %s.", ftype, "(* =>'s unimplemented)"); @@ -1479,16 +1452,18 @@ help(ctab, s) columns = 1; lines = (NCMDS + columns - 1) / columns; for (i = 0; i < lines; i++) { - strcpy(str, " "); + krb5int_buf_init_fixed(&buf, str, sizeof(str)); + krb5int_buf_add(&buf, " "); for (j = 0; j < columns; j++) { c = ctab + j * lines + i; - sprintf(&str[strlen(str)], "%s%c", c->name, - c->implemented ? ' ' : '*'); + krb5int_buf_add_fmt(&buf, "%s%c", c->name, + c->implemented ? ' ' + : '*'); if (c + lines >= &ctab[NCMDS]) break; w = strlen(c->name) + 1; while (w < width) { - strcat(str, " "); + krb5int_buf_add(&buf, " "); w++; } } diff --git a/src/appl/gssftp/ftpd/ftpd.M b/src/appl/gssftp/ftpd/ftpd.M index b26a4bd946..33fc1d9c78 100644 --- a/src/appl/gssftp/ftpd/ftpd.M +++ b/src/appl/gssftp/ftpd/ftpd.M @@ -128,12 +128,6 @@ Sets the name of the file to use. The default value is normally set by .IR /etc/krb5.conf . .TP -\fB\-s\fP \fIsrvtab\fP -Sets the name of the -.I srvtab -file to use for Kerberos V4 authentication. The default value is normally -.IR /etc/srvtab . -.TP \fB\-w \fP{\fBip\fP|\fImaxhostlen\fP[\fB,\fP{\fBstriplocal\fP|\fBnostriplocal\fP}]} Controls the form of the remote hostname passed to login(1). Specifying \fBip\fP results in the numeric IP address always being diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 9d332608c0..69f7ac392d 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -47,10 +47,7 @@ static char sccsid[] = "@(#)ftpd.c 5.40 (Berkeley) 7/2/91"; #include #include #include -#ifndef KRB5_KRB4_COMPAT -/* krb.h gets this, and Ultrix doesn't protect vs multiple inclusion */ #include -#endif #include #include #include @@ -80,10 +77,7 @@ static char sccsid[] = "@(#)ftpd.c 5.40 (Berkeley) 7/2/91"; #define sigsetjmp(j,s) setjmp(j) #define siglongjmp longjmp #endif -#ifndef KRB5_KRB4_COMPAT -/* krb.h gets this, and Ultrix doesn't protect vs multiple inclusion */ #include -#endif #include #include #include @@ -102,6 +96,8 @@ static char sccsid[] = "@(#)ftpd.c 5.40 (Berkeley) 7/2/91"; #include "pathnames.h" #include +#include + #ifdef NEED_SETENV extern int setenv(char *, char *, int); #endif @@ -127,18 +123,6 @@ extern int yyparse(void); #include #include "port-sockets.h" -#ifdef KRB5_KRB4_COMPAT -#include -#include - -AUTH_DAT kdata; -KTEXT_ST ticket; -MSG_DAT msg_data; -Key_schedule schedule; -char *keyfile; -static char *krb4_services[] = { "ftp", "rcmd", NULL }; -#endif /* KRB5_KRB4_COMPAT */ - #ifdef GSSAPI #include #include @@ -160,7 +144,7 @@ static void log_gss_error(int, OM_uint32, OM_uint32, const char *); char *auth_type; /* Authentication succeeded? If so, what type? */ static char *temp_auth_type; -int authorized; /* Auth succeeded and was accepted by krb4 or gssapi */ +int authorized; /* Auth succeeded and was accepted by gssapi */ int have_creds; /* User has credentials on disk */ /* @@ -292,16 +276,9 @@ main(argc, argv, envp) int addrlen, c, on = 1, tos, port = -1; extern char *optarg; extern int optopt; -#ifdef KRB5_KRB4_COMPAT - char *option_string = "AaCcdElp:r:s:T:t:U:u:vw:"; -#else /* !KRB5_KRB4_COMPAT */ char *option_string = "AaCcdElp:r:T:t:U:u:vw:"; -#endif /* KRB5_KRB4_COMPAT */ ftpusers = _PATH_FTPUSERS_DEFAULT; -#ifdef KRB5_KRB4_COMPAT - keyfile = KEYFILE; -#endif /* KRB5_KRB4_COMPAT */ debug = 0; #ifdef SETPROCTITLE /* @@ -361,12 +338,6 @@ main(argc, argv, envp) setenv("KRB_CONF", optarg, 1); break; -#ifdef KRB5_KRB4_COMPAT - case 's': - keyfile = optarg; - break; -#endif /* KRB5_KRB4_COMPAT */ - case 't': timeout = atoi(optarg); if (maxtimeout < timeout) @@ -572,14 +543,13 @@ static char * sgetsave(s) char *s; { - char *new = malloc((unsigned) strlen(s) + 1); + char *new = strdup(s); if (new == NULL) { perror_reply(421, "Local resource failure: malloc"); dologout(1); /* NOTREACHED */ } - (void) strcpy(new, s); return (new); } @@ -772,36 +742,13 @@ user(name) syslog(LOG_ERR, "user: username too long"); name = "[username too long]"; } - sprintf(buf, "GSSAPI user %s is%s authorized as %s", + snprintf(buf, sizeof(buf), + "GSSAPI user %s is%s authorized as %s", (char *) client_name.value, authorized ? "" : " not", name); } -#ifdef KRB5_KRB4_COMPAT - else -#endif /* KRB5_KRB4_COMPAT */ #endif /* GSSAPI */ -#ifdef KRB5_KRB4_COMPAT - if (auth_type && strcmp(auth_type, "KERBEROS_V4") == 0) { - int len; - - authorized = kuserok(&kdata,name) == 0; - len = sizeof("Kerberos user .@ is not authorized as " - "; Password required.") - + strlen(kdata.pname) - + strlen(kdata.pinst) - + strlen(kdata.prealm) - + strlen(name); - if (len >= sizeof(buf)) { - syslog(LOG_ERR, "user: username too long"); - name = "[username too long]"; - } - sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s", - kdata.pname, *kdata.pinst ? "." : "", - kdata.pinst, kdata.prealm, - authorized ? "" : " not", name); - } -#endif /* KRB5_KRB4_COMPAT */ if (!authorized && authlevel == AUTHLEVEL_AUTHORIZE) { strncat(buf, "; Access denied.", @@ -906,9 +853,6 @@ end_login() if (have_creds) { #ifdef GSSAPI krb5_cc_destroy(kcontext, ccache); -#endif -#ifdef KRB5_KRB4_COMPAT - dest_tkt(); #endif have_creds = 0; } @@ -926,18 +870,6 @@ char *name, *passwd; krb5_creds my_creds; krb5_timestamp now; #endif /* GSSAPI */ -#ifdef KRB5_KRB4_COMPAT - char realm[REALM_SZ]; -#ifndef GSSAPI - char **service; - KTEXT_ST ticket; - AUTH_DAT authdata; - des_cblock key; - char instance[INST_SZ]; - unsigned long faddr; - struct hostent *hp; -#endif /* GSSAPI */ -#endif /* KRB5_KRB4_COMPAT */ char ccname[MAXPATHLEN]; #ifdef GSSAPI @@ -946,7 +878,8 @@ char *name, *passwd; return 0; my_creds.client = me; - sprintf(ccname, "FILE:/tmp/krb5cc_ftpd%ld", (long) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_ftpd%ld", + (long) getpid()); if (krb5_cc_resolve(kcontext, ccname, &ccache)) return(0); if (krb5_cc_initialize(kcontext, ccache, me)) @@ -979,58 +912,10 @@ char *name, *passwd; krb5_cc_destroy(kcontext, ccache); return(1); } -#endif /* GSSAPI */ - -#ifdef KRB5_KRB4_COMPAT - if (krb_get_lrealm(realm, 1) != KSUCCESS) - goto nuke_ccache; - - sprintf(ccname, "%s_ftpd%ld", TKT_ROOT, (long) getpid()); - krb_set_tkt_string(ccname); - if (krb_get_pw_in_tkt(name, "", realm, "krbtgt", realm, 1, passwd)) - goto nuke_ccache; - -#ifndef GSSAPI - /* Verify the ticket since we didn't verify the krb5 one. */ - strncpy(instance, krb_get_phost(hostname), sizeof(instance)); - - if ((hp = gethostbyname(instance)) == NULL) - goto nuke_ccache; - memcpy((char *) &faddr, (char *)hp->h_addr, sizeof(faddr)); - - for (service = krb4_services; *service; service++) { - if (!read_service_key(*service, instance, - realm, 0, keyfile, key)) { - (void) memset(key, 0, sizeof(key)); - if (krb_mk_req(&ticket, *service, - instance, realm, 33) || - krb_rd_req(&ticket, *service, instance, - faddr, &authdata,keyfile) || - kuserok(&authdata, name)) { - dest_tkt(); - goto nuke_ccache; - } else - break; - } - } - - if (!*service) { - dest_tkt(); - goto nuke_ccache; - } - - if (!want_creds) { - dest_tkt(); - return(1); - } -#endif /* GSSAPI */ -#endif /* KRB5_KRB4_COMPAT */ - -#if defined(GSSAPI) || defined(KRB5_KRB4_COMPAT) have_creds = 1; return(1); -#endif /* GSSAPI || KRB5_KRB4_COMPAT */ +#endif /* GSSAPI */ nuke_ccache: #ifdef GSSAPI @@ -1105,9 +990,6 @@ login(passwd, logincode) #ifdef GSSAPI const char *ccname = krb5_cc_get_name(kcontext, ccache); chown(ccname, pw->pw_uid, pw->pw_gid); -#endif -#ifdef KRB5_KRB4_COMPAT - chown(tkt_string(), pw->pw_uid, pw->pw_gid); #endif } @@ -1115,7 +997,7 @@ login(passwd, logincode) (void) initgroups(pw->pw_name, pw->pw_gid); /* open wtmp before chroot */ - (void) sprintf(ttyline, "ftp%ld", (long) getpid()); + (void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid()); pty_logwtmp(ttyline, pw->pw_name, rhost_sane); logged_in = 1; @@ -1167,9 +1049,8 @@ login(passwd, logincode) if (guest) { reply(230, "Guest login ok, access restrictions apply."); #ifdef SETPROCTITLE - sprintf(proctitle, "%s: anonymous/%.*s", rhost_sane, - sizeof(proctitle) - strlen(rhost_sane) - - sizeof(": anonymous/"), passwd); + snprintf(proctitle, sizeof(proctitle), "%s: anonymous/%.*s", + rhost_sane, passwd); setproctitle(proctitle); #endif /* SETPROCTITLE */ if (logging) @@ -1182,7 +1063,8 @@ login(passwd, logincode) reply(230, "User %s logged in.", pw->pw_name); } #ifdef SETPROCTITLE - sprintf(proctitle, "%s: %s", rhost_sane, pw->pw_name); + snprintf(proctitle, sizeof(proctitle), "%s: %s", + rhost_sane, pw->pw_name); setproctitle(proctitle); #endif /* SETPROCTITLE */ if (logging) @@ -1218,7 +1100,7 @@ retrieve(cmd, name) reply(501, "filename too long"); return; } - (void) sprintf(line, cmd, name), name = line; + (void) snprintf(line, sizeof(line), cmd, name), name = line; fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose; st.st_size = -1; #ifndef NOSTBLKSIZE @@ -1400,9 +1282,10 @@ dataconn(name, size, fmode) byte_count = 0; if (size != (off_t) -1) /* cast size to long in case sizeof(off_t) > sizeof(long) */ - (void) sprintf (sizebuf, " (%ld bytes)", (long)size); + (void) snprintf (sizebuf, sizeof(sizebuf), " (%ld bytes)", + (long)size); else - (void) strcpy(sizebuf, ""); + sizebuf[0] = '\0'; if (pdata >= 0) { int s, fromlen = sizeof(data_dest); @@ -1664,7 +1547,7 @@ statfilecmd(filename) reply(501, "filename too long"); return; } - (void) sprintf(line, "/bin/ls -lgA %s", filename); + (void) snprintf(line, sizeof(line), "/bin/ls -lgA %s", filename); fin = ftpd_popen(line, "r"); lreply(211, "status of %s:", filename); p = str; @@ -1713,8 +1596,8 @@ statcmd() lreply(211, "%s FTP server status:", hostname); reply(0, " %s", version); - sprintf(str, " Connected to %s", remotehost[0] ? remotehost : ""); - sprintf(&str[strlen(str)], " (%s)", rhost_addra); + snprintf(str, sizeof(str), " Connected to %s (%s)", + remotehost[0] ? remotehost : "", rhost_addra); reply(0, "%s", str); if (auth_type) reply(0, " Authentication type: %s", auth_type); if (logged_in) { @@ -1729,41 +1612,35 @@ statcmd() else reply(0, " Waiting for user name"); reply(0, " Protection level: %s", levelnames[dlevel]); - sprintf(str, " TYPE: %s", typenames[type]); - if (type == TYPE_A || type == TYPE_E) - sprintf(&str[strlen(str)], ", FORM: %s", formnames[form]); + snprintf(str, sizeof(str), " TYPE: %s", typenames[type]); + if (type == TYPE_A || type == TYPE_E) { + snprintf(&str[strlen(str)], sizeof(str) - strlen(str), + ", FORM: %s", formnames[form]); + } if (type == TYPE_L) -#if 1 strncat(str, " 8", sizeof (str) - strlen(str) - 1); -#else -/* this is silly. -- eichin@cygnus.com */ -#if NBBY == 8 - sprintf(&str[strlen(str)], " %d", NBBY); -#else - sprintf(&str[strlen(str)], " %d", bytesize); /* need definition! */ -#endif -#endif - sprintf(&str[strlen(str)], "; STRUcture: %s; transfer MODE: %s", - strunames[stru], modenames[mode]); + snprintf(&str[strlen(str)], sizeof(str) - strlen(str), + "; STRUcture: %s; transfer MODE: %s", + strunames[stru], modenames[mode]); reply(0, "%s", str); if (data != -1) - strcpy(str, " Data connection open"); + strlcpy(str, " Data connection open", sizeof(str)); else if (pdata != -1) { - strcpy(str, " in Passive mode"); + strlcpy(str, " in Passive mode", sizeof(str)); sin4 = &pasv_addr; goto printaddr; } else if (usedefault == 0) { - strcpy(str, " PORT"); sin4 = &data_dest; printaddr: a = (u_char *) &sin4->sin_addr; p = (u_char *) &sin4->sin_port; #define UC(b) (((int) b) & 0xff) - sprintf(&str[strlen(str)], " (%d,%d,%d,%d,%d,%d)", UC(a[0]), - UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); + snprintf(str, sizeof(str), " PORT (%d,%d,%d,%d,%d,%d)", + UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), + UC(p[1])); #undef UC } else - strcpy(str, " No data connection"); + strlcpy(str, " No data connection", sizeof(str)); reply(0, "%s", str); reply(211, "End of status"); } @@ -1800,10 +1677,10 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); #else - sprintf(buf, fmt, p0, p1, p2, p3, p4, p5); + snprintf(buf, sizeof(buf), fmt, p0, p1, p2, p3, p4, p5); #endif if (auth_type) { @@ -1813,33 +1690,9 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) */ char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2]; int length = 0, kerror; - if (n) sprintf(in, "%d%c", n, cont_char); + if (n) snprintf(in, sizeof(in), "%d%c", n, cont_char); else in[0] = '\0'; strncat(in, buf, sizeof (in) - strlen(in) - 1); -#ifdef KRB5_KRB4_COMPAT - if (strcmp(auth_type, "KERBEROS_V4") == 0) { - if (clevel == PROT_P) - length = krb_mk_priv((unsigned char *)in, - (unsigned char *)out, - strlen(in), - schedule, &kdata.session, - &ctrl_addr, - &his_addr); - else - length = krb_mk_safe((unsigned char *)in, - (unsigned char *)out, - strlen(in), - &kdata.session, - &ctrl_addr, - &his_addr); - if (length == -1) { - syslog(LOG_ERR, - "krb_mk_%s failed for KERBEROS_V4", - clevel == PROT_P ? "priv" : "safe"); - fputs(in,stdout); - } - } else -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI /* reply (based on level) */ if (strcmp(auth_type, "GSSAPI") == 0) { @@ -1918,10 +1771,10 @@ lreply(n, fmt, p0, p1, p2, p3, p4, p5) va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); #else - sprintf(buf, fmt, p0, p1, p2, p3, p4, p5); + snprintf(buf, sizeof(buf), fmt, p0, p1, p2, p3, p4, p5); #endif cont_char = '-'; reply(n, "%s", buf); @@ -2083,7 +1936,7 @@ dolog(sin4) exit(1); } #ifdef SETPROCTITLE - sprintf(proctitle, "%s: connected", rhost_sane); + snprintf(proctitle, sizeof(proctitle), "%s: connected", rhost_sane); setproctitle(proctitle); #endif /* SETPROCTITLE */ @@ -2109,9 +1962,6 @@ dologout(status) if (have_creds) { #ifdef GSSAPI krb5_cc_destroy(kcontext, ccache); -#endif -#ifdef KRB5_KRB4_COMPAT - dest_tkt(); #endif } /* beware of flushing buffers after a SIGPIPE */ @@ -2230,7 +2080,7 @@ gunique(local) cp = new + strlen(new); *cp++ = '.'; for (count = 1; count < 100; count++) { - (void) sprintf(cp, "%d", count); + (void) snprintf(cp, sizeof(new) - (cp - new), "%d", count); if (stat(new, &st) < 0) return(new); } @@ -2272,12 +2122,6 @@ char *atype; if (auth_type) reply(534, "Authentication type already set to %s", auth_type); else -#ifdef KRB5_KRB4_COMPAT - if (strcmp(atype, "KERBEROS_V4") == 0) - reply(334, "Using authentication type %s; ADAT must follow", - temp_auth_type = atype); - else -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI if (strcmp(atype, "GSSAPI") == 0) reply(334, "Using authentication type %s; ADAT must follow", @@ -2293,13 +2137,6 @@ auth_data(adata) char *adata; { int kerror, length; -#ifdef KRB5_KRB4_COMPAT - static char **service=NULL; - char instance[INST_SZ]; - KRB4_32 cksum; - char buf[FTP_BUFSIZ]; - u_char out_buf[sizeof(buf)]; -#endif /* KRB5_KRB4_COMPAT */ if (auth_type) { reply(503, "Authentication already established"); @@ -2309,61 +2146,6 @@ char *adata; reply(503, "Must identify AUTH type before ADAT"); return(0); } -#ifdef KRB5_KRB4_COMPAT - if (strcmp(temp_auth_type, "KERBEROS_V4") == 0) { - kerror = radix_encode(adata, out_buf, &length, 1); - if (kerror) { - reply(501, "Couldn't decode ADAT (%s)", - radix_error(kerror)); - syslog(LOG_ERR, "Couldn't decode ADAT (%s)", - radix_error(kerror)); - return(0); - } - (void) memcpy((char *)ticket.dat, (char *)out_buf, ticket.length = length); - strcpy(instance, "*"); - - kerror = 255; - for (service = krb4_services; *service; service++) { - kerror = krb_rd_req(&ticket, *service, instance, - his_addr.sin_addr.s_addr, - &kdata, keyfile); - /* Success */ - if(!kerror) break; - } - /* rd_req failed.... */ - if(kerror) { - secure_error("ADAT: Kerberos V4 krb_rd_req: %s", - krb_get_err_text(kerror)); - return(0); - } - - /* add one to the (formerly) sealed checksum, and re-seal it */ - cksum = kdata.checksum + 1; - cksum = htonl(cksum); - key_sched(kdata.session,schedule); - if ((length = krb_mk_safe((u_char *)&cksum, out_buf, sizeof(cksum), - &kdata.session,&ctrl_addr, &his_addr)) == -1) { - secure_error("ADAT: krb_mk_safe failed"); - return(0); - } - if (length >= (FTP_BUFSIZ - sizeof("ADAT=")) / 4 * 3) { - secure_error("ADAT: reply too long"); - return(0); - } - - kerror = radix_encode(out_buf, buf, &length, 0); - if (kerror) { - secure_error("Couldn't encode ADAT reply (%s)", - radix_error(kerror)); - return(0); - } - reply(235, "ADAT=%s", buf); - /* Kerberos V4 authentication succeeded */ - auth_type = temp_auth_type; - temp_auth_type = NULL; - return(1); - } -#endif /* KRB5_KRB4_COMPAT */ #ifdef GSSAPI if (strcmp(temp_auth_type, "GSSAPI") == 0) { int replied = 0; @@ -2413,7 +2195,8 @@ char *adata; localname[sizeof(localname) - 1] = '\0'; for (gservice = gss_services; *gservice; gservice++) { - sprintf(service_name, "%s@%s", *gservice, localname); + snprintf(service_name, sizeof(service_name), + "%s@%s", *gservice, localname); name_buf.value = service_name; name_buf.length = strlen(name_buf.value) + 1; if (debug) @@ -2722,7 +2505,8 @@ send_file_list(whichfiles) ret = -2; /* XXX */ goto data_err; } - sprintf(nbuf, "%s/%s", dirname, dir->d_name); + snprintf(nbuf, sizeof(nbuf), "%s/%s", + dirname, dir->d_name); /* * We have to do a stat to insure it's @@ -2918,17 +2702,13 @@ ftpd_gss_convert_creds(name, creds) OM_uint32 major_status, minor_status; krb5_principal me; char ccname[MAXPATHLEN]; -#ifdef KRB5_KRB4_COMPAT - krb5_principal kpcserver; - krb5_creds increds, *v5creds; - CREDENTIALS v4creds; -#endif /* Set up ccache */ if (krb5_parse_name(kcontext, name, &me)) return; - sprintf(ccname, "FILE:/tmp/krb5cc_ftpd%ld", (long) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_ftpd%ld", + (long) getpid()); if (krb5_cc_resolve(kcontext, ccname, &ccache)) return; if (krb5_cc_initialize(kcontext, ccache, me)) @@ -2939,47 +2719,9 @@ ftpd_gss_convert_creds(name, creds) if (major_status != GSS_S_COMPLETE) goto cleanup; -#ifdef KRB5_KRB4_COMPAT - /* Convert krb5 creds to krb4 */ - - if (krb5_build_principal_ext(kcontext, &kpcserver, - krb5_princ_realm(kcontext, me)->length, - krb5_princ_realm(kcontext, me)->data, - 6, "krbtgt", - krb5_princ_realm(kcontext, me)->length, - krb5_princ_realm(kcontext, me)->data, - 0)) - goto cleanup; - - memset((char *) &increds, 0, sizeof(increds)); - increds.client = me; - increds.server = kpcserver; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if (krb5_get_credentials(kcontext, 0, ccache, &increds, &v5creds)) - goto cleanup; - if (krb524_convert_creds_kdc(kcontext, v5creds, &v4creds)) - goto cleanup; - - sprintf(ccname, "%s_ftpd%ld", TKT_ROOT, (long) getpid()); - krb_set_tkt_string(ccname); - - if (in_tkt(v4creds.pname, v4creds.pinst) != KSUCCESS) - goto cleanup; - - if (krb_save_credentials(v4creds.service, v4creds.instance, - v4creds.realm, v4creds.session, - v4creds.lifetime, v4creds.kvno, - &(v4creds.ticket_st), v4creds.issue_date)) - goto cleanup_v4; -#endif /* KRB5_KRB4_COMPAT */ have_creds = 1; return; -#ifdef KRB5_KRB4_COMPAT -cleanup_v4: - dest_tkt(); -#endif cleanup: krb5_cc_destroy(kcontext, ccache); } diff --git a/src/appl/libpty/Makefile.in b/src/appl/libpty/Makefile.in index 92b33f8335..924ef1b9b5 100644 --- a/src/appl/libpty/Makefile.in +++ b/src/appl/libpty/Makefile.in @@ -110,48 +110,3 @@ $(BUILDTOP)/include/autoconf.h: $(SRCTOP)/include/autoconf.h.in @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -pty_err.so pty_err.po $(OUTPRE)pty_err.$(OBJEXT): $(COM_ERR_DEPS) \ - pty_err.c -cleanup.so cleanup.po $(OUTPRE)cleanup.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h cleanup.c \ - libpty.h pty-int.h pty_err.h -getpty.so getpty.po $(OUTPRE)getpty.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h getpty.c \ - libpty.h pty-int.h pty_err.h -init_slave.so init_slave.po $(OUTPRE)init_slave.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ - init_slave.c libpty.h pty-int.h pty_err.h -open_ctty.so open_ctty.po $(OUTPRE)open_ctty.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ - libpty.h open_ctty.c pty-int.h pty_err.h -open_slave.so open_slave.po $(OUTPRE)open_slave.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ - libpty.h open_slave.c pty-int.h pty_err.h -update_utmp.so update_utmp.po $(OUTPRE)update_utmp.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ - libpty.h pty-int.h pty_err.h update_utmp.c -update_wtmp.so update_wtmp.po $(OUTPRE)update_wtmp.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ - libpty.h pty-int.h pty_err.h update_wtmp.c -vhangup.so vhangup.po $(OUTPRE)vhangup.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h libpty.h \ - pty-int.h pty_err.h vhangup.c -void_assoc.so void_assoc.po $(OUTPRE)void_assoc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ - libpty.h pty-int.h pty_err.h void_assoc.c -logwtmp.so logwtmp.po $(OUTPRE)logwtmp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h libpty.h \ - logwtmp.c pty-int.h pty_err.h -init.so init.po $(OUTPRE)init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h init.c \ - libpty.h pty-int.h pty_err.h -sane_hostname.so sane_hostname.po $(OUTPRE)sane_hostname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - libpty.h pty-int.h pty_err.h sane_hostname.c diff --git a/src/appl/libpty/deps b/src/appl/libpty/deps new file mode 100644 index 0000000000..841f6630e2 --- /dev/null +++ b/src/appl/libpty/deps @@ -0,0 +1,45 @@ +# +# Generated makefile dependencies follow. +# +pty_err.so pty_err.po $(OUTPRE)pty_err.$(OBJEXT): $(COM_ERR_DEPS) \ + pty_err.c +cleanup.so cleanup.po $(OUTPRE)cleanup.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h cleanup.c \ + libpty.h pty-int.h pty_err.h +getpty.so getpty.po $(OUTPRE)getpty.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h getpty.c libpty.h \ + pty-int.h pty_err.h +init_slave.so init_slave.po $(OUTPRE)init_slave.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + init_slave.c libpty.h pty-int.h pty_err.h +open_ctty.so open_ctty.po $(OUTPRE)open_ctty.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + libpty.h open_ctty.c pty-int.h pty_err.h +open_slave.so open_slave.po $(OUTPRE)open_slave.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + libpty.h open_slave.c pty-int.h pty_err.h +update_utmp.so update_utmp.po $(OUTPRE)update_utmp.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ + libpty.h pty-int.h pty_err.h update_utmp.c +update_wtmp.so update_wtmp.po $(OUTPRE)update_wtmp.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + libpty.h pty-int.h pty_err.h update_wtmp.c +vhangup.so vhangup.po $(OUTPRE)vhangup.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h libpty.h \ + pty-int.h pty_err.h vhangup.c +void_assoc.so void_assoc.po $(OUTPRE)void_assoc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + libpty.h pty-int.h pty_err.h void_assoc.c +logwtmp.so logwtmp.po $(OUTPRE)logwtmp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h libpty.h \ + logwtmp.c pty-int.h pty_err.h +init.so init.po $(OUTPRE)init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h init.c \ + libpty.h pty-int.h pty_err.h +sane_hostname.so sane_hostname.po $(OUTPRE)sane_hostname.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + libpty.h pty-int.h pty_err.h sane_hostname.c diff --git a/src/appl/libpty/getpty.c b/src/appl/libpty/getpty.c index 610a471e61..e5bf2854bb 100644 --- a/src/appl/libpty/getpty.c +++ b/src/appl/libpty/getpty.c @@ -23,6 +23,7 @@ #include "com_err.h" #include "libpty.h" #include "pty-int.h" +#include "k5-platform.h" long ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) @@ -59,12 +60,11 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) *fd = -1; return PTY_GETPTY_NOPTY; } - if (strlen(slaveret) > slavelength - 1) { + if (strlcpy(slave, slaveret, slavelength) >= slavelength) { close(*fd); *fd = -1; return PTY_GETPTY_SLAVE_TOOLONG; } - else strcpy(slave, slaveret); return 0; #else /*HAVE__GETPTY*/ @@ -92,12 +92,11 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) #endif #endif if (p) { - if (strlen(p) > slavelength - 1) { + if (strlcpy(slave, p, slavelength) >= slavelength) { close (*fd); *fd = -1; return PTY_GETPTY_SLAVE_TOOLONG; } - strcpy(slave, p); return 0; } @@ -106,7 +105,7 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) return PTY_GETPTY_FSTAT; } ptynum = (int)(stb.st_rdev&0xFF); - sprintf(slavebuf, "/dev/ttyp%x", ptynum); + snprintf(slavebuf, sizeof(slavebuf), "/dev/ttyp%x", ptynum); if (strlen(slavebuf) > slavelength - 1) { close(*fd); *fd = -1; @@ -116,7 +115,7 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) return 0; } else { for (cp = "pqrstuvwxyzPQRST";*cp; cp++) { - sprintf(slavebuf,"/dev/ptyXX"); + snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX"); slavebuf[sizeof("/dev/pty") - 1] = *cp; slavebuf[sizeof("/dev/ptyp") - 1] = '0'; if (stat(slavebuf, &stb) < 0) diff --git a/src/appl/libpty/logwtmp.c b/src/appl/libpty/logwtmp.c index 21a35d3a90..03cfab48f8 100644 --- a/src/appl/libpty/logwtmp.c +++ b/src/appl/libpty/logwtmp.c @@ -73,7 +73,7 @@ pty_logwtmp(const char *tty, const char *user, const char *host) cp = tty + len - 2; else cp = tty; - sprintf(utmp_id, "kr%s", cp); + snprintf(utmp_id, sizeof(utmp_id), "kr%s", cp); strncpy(utx.ut_id, utmp_id, sizeof(utx.ut_id)); #ifdef HAVE_SETUTXENT diff --git a/src/appl/libpty/update_utmp.c b/src/appl/libpty/update_utmp.c index 8f3d6a66ca..292a1675b8 100644 --- a/src/appl/libpty/update_utmp.c +++ b/src/appl/libpty/update_utmp.c @@ -319,6 +319,7 @@ #include "com_err.h" #include "libpty.h" #include "pty-int.h" +#include "k5-platform.h" #if !defined(UTMP_FILE) && defined(_PATH_UTMP) #define UTMP_FILE _PATH_UTMP @@ -547,7 +548,7 @@ pty_update_utmp(int process_type, int pid, const char *username, * pain, and would eit cross-compiling. */ #ifdef __hpux - strcpy(utmp_id, cp); + strlcpy(utmp_id, cp, sizeof(utmp_id)); #else if (len > 2 && *(cp - 1) != '/') snprintf(utmp_id, sizeof(utmp_id), "k%s", cp - 1); diff --git a/src/appl/sample/deps b/src/appl/sample/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/sample/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/sample/sclient/deps b/src/appl/sample/sclient/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/sample/sclient/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/sample/sclient/sclient.c b/src/appl/sample/sclient/sclient.c index 6ad305a880..bd9c4e8897 100644 --- a/src/appl/sample/sclient/sclient.c +++ b/src/appl/sample/sclient/sclient.c @@ -159,11 +159,16 @@ main(int argc, char *argv[]) if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf), pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) { memset(abuf, 0, sizeof(abuf)); + memset(pbuf, 0, sizeof(pbuf)); strncpy(abuf, "[error, cannot print address?]", sizeof(abuf)-1); - strcpy(pbuf, "[?]"); + strncpy(pbuf, "[?]", sizeof(pbuf)-1); } - sprintf(mbuf, "error contacting %s port %s", abuf, pbuf); + memset(mbuf, 0, sizeof(mbuf)); + strncpy(mbuf, "error contacting ", sizeof(mbuf)-1); + strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1); + strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1); + strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1); sock = socket(ap->ai_family, SOCK_STREAM, 0); if (sock < 0) { fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno)); diff --git a/src/appl/sample/sserver/deps b/src/appl/sample/sserver/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/sample/sserver/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c index 2cb971bafc..39710fb2bb 100644 --- a/src/appl/sample/sserver/sserver.c +++ b/src/appl/sample/sserver/sserver.c @@ -210,12 +210,15 @@ main(argc, argv) } /* Get client name */ + repbuf[sizeof(repbuf) - 1] = '\0'; retval = krb5_unparse_name(context, ticket->enc_part2->client, &cname); if (retval){ syslog(LOG_ERR, "unparse failed: %s", error_message(retval)); - sprintf(repbuf, "You are \n"); + strncpy(repbuf, "You are \n", sizeof(repbuf) - 1); } else { - sprintf(repbuf, "You are %s\n", cname); + strncpy(repbuf, "You are ", sizeof(repbuf) - 1); + strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf)); + strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf)); free(cname); } xmitlen = htons(strlen(repbuf)); diff --git a/src/appl/simple/client/deps b/src/appl/simple/client/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/simple/client/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c index d5a160793f..4873f89af8 100644 --- a/src/appl/simple/client/sim_client.c +++ b/src/appl/simple/client/sim_client.c @@ -325,6 +325,12 @@ main(argc, argv) printf("Sent encrypted message: %d bytes\n", i); krb5_free_data_contents(context, &packet); + retval = krb5_rc_destroy(context, rcache); + if (retval) { + com_err(progname, retval, "while deleting replay cache"); + exit(1); + } + krb5_auth_con_setrcache(context, auth_context, NULL); krb5_auth_con_free(context, auth_context); krb5_free_context(context); diff --git a/src/appl/simple/deps b/src/appl/simple/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/simple/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/simple/server/deps b/src/appl/simple/server/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/simple/server/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/telnet/configure.in b/src/appl/telnet/configure.in index 7285696bcd..fc91a5a825 100644 --- a/src/appl/telnet/configure.in +++ b/src/appl/telnet/configure.in @@ -18,12 +18,6 @@ fi dnl KRB5_NEED_PROTO([#include ],setenv) AC_C_CONST -if test "$KRB4_LIB" = ''; then - AC_MSG_RESULT(No Kerberos 4 authentication) -else - AC_MSG_RESULT(Kerberos 4 authentication enabled) - AC_DEFINE(KRB4,1,[Define if krb4 authentication is enabled]) -fi KRB5_BUILD_LIBRARY KRB5_BUILD_LIBOBJS dnl @@ -81,12 +75,6 @@ KRB5_NEED_PROTO([#include #include ],herror,1) dnl CHECK_SIGNALS -if test "$KRB4_LIB" = ''; then - AC_MSG_RESULT(No Kerberos 4 authentication) -else - AC_MSG_RESULT(Kerberos 4 authentication enabled) - AC_DEFINE(KRB4) -fi dnl KRB5_BUILD_PROGRAM dnl diff --git a/src/appl/telnet/deps b/src/appl/telnet/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/telnet/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/appl/telnet/libtelnet/Makefile.in b/src/appl/telnet/libtelnet/Makefile.in index a3b401b9e6..2b8aff2205 100644 --- a/src/appl/telnet/libtelnet/Makefile.in +++ b/src/appl/telnet/libtelnet/Makefile.in @@ -25,7 +25,7 @@ BUILDTOP=$(REL)..$(S)..$(S).. # AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -DKRB5 -DFORWARD \ -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN -LOCALINCLUDES=-I.. -I$(srcdir)/.. @KRB4_INCLUDES@ +LOCALINCLUDES=-I.. -I$(srcdir)/.. DEFINES = -DTELNET_BUFSIZE=65535 $(AUTH_DEF) LIBOBJS=@LIBOBJS@ @@ -42,7 +42,6 @@ SRCS= $(srcdir)/auth.c \ $(srcdir)/encrypt.c \ $(srcdir)/genget.c \ $(srcdir)/misc.c \ - $(srcdir)/kerberos.c \ $(srcdir)/kerberos5.c \ $(srcdir)/forward.c \ $(srcdir)/enc_des.c \ @@ -57,7 +56,7 @@ SRCS= $(srcdir)/auth.c \ $(srcdir)/strerror.c STLIBOBJS= auth.o encrypt.o genget.o \ - misc.o kerberos.o kerberos5.o forward.o enc_des.o \ + misc.o kerberos5.o forward.o enc_des.o \ $(LIBOBJS) getent.o $(SETENVOBJ) TELNET_H= $(srcdir)/../arpa/telnet.h @@ -73,10 +72,6 @@ auth.o: misc-proto.h encrypt.o: $(TELNET_H) encrypt.o: encrypt.h encrypt.o: misc.h -kerberos.o: $(TELNET_H) -kerberos.o: encrypt.h -kerberos.o: auth.h -kerberos.o: misc.h kerberos5.o: $(TELNET_H) kerberos5.o: encrypt.h kerberos5.o: auth.h @@ -92,47 +87,3 @@ install:: @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -auth.so auth.po $(OUTPRE)auth.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - auth-proto.h auth.c auth.h enc-proto.h encrypt.h misc-proto.h -encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - enc-proto.h encrypt.c encrypt.h misc-proto.h misc.h -genget.so genget.po $(OUTPRE)genget.$(OBJEXT): genget.c \ - misc-proto.h misc.h -misc.so misc.po $(OUTPRE)misc.$(OBJEXT): auth-proto.h \ - auth.h enc-proto.h encrypt.h misc-proto.h misc.c misc.h -kerberos.so kerberos.po $(OUTPRE)kerberos.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(srcdir)/../arpa/telnet.h auth-proto.h auth.h enc-proto.h \ - encrypt.h kerberos.c misc-proto.h misc.h -kerberos5.so kerberos5.po $(OUTPRE)kerberos5.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ - $(srcdir)/../arpa/telnet.h auth-proto.h auth.h enc-proto.h \ - encrypt.h kerberos5.c krb5forw.h misc-proto.h misc.h -forward.so forward.po $(OUTPRE)forward.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h forward.c \ - krb5forw.h -enc_des.so enc_des.po $(OUTPRE)enc_des.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h $(srcdir)/../arpa/telnet.h \ - enc-proto.h enc_des.c encrypt.h key-proto.h misc-proto.h -setenv.so setenv.po $(OUTPRE)setenv.$(OBJEXT): misc-proto.h \ - setenv.c -getent.so getent.po $(OUTPRE)getent.$(OBJEXT): getent.c \ - gettytab.h -parsetos.so parsetos.po $(OUTPRE)parsetos.$(OBJEXT): \ - misc-proto.h parsetos.c -strdup.so strdup.po $(OUTPRE)strdup.$(OBJEXT): strdup.c -strcasecmp.so strcasecmp.po $(OUTPRE)strcasecmp.$(OBJEXT): \ - strcasecmp.c -strchr.so strchr.po $(OUTPRE)strchr.$(OBJEXT): strchr.c -strrchr.so strrchr.po $(OUTPRE)strrchr.$(OBJEXT): strrchr.c -strftime.so strftime.po $(OUTPRE)strftime.$(OBJEXT): \ - strftime.c -strerror.so strerror.po $(OUTPRE)strerror.$(OBJEXT): \ - strerror.c diff --git a/src/appl/telnet/libtelnet/auth-proto.h b/src/appl/telnet/libtelnet/auth-proto.h index 6b49570329..faf806fad7 100644 --- a/src/appl/telnet/libtelnet/auth-proto.h +++ b/src/appl/telnet/libtelnet/auth-proto.h @@ -86,15 +86,6 @@ void auth_debug (int); void auth_printsub (unsigned char *, int, unsigned char *, unsigned int); -#ifdef KRB4 -int kerberos4_init (Authenticator *, int); -int kerberos4_send (Authenticator *); -void kerberos4_is (Authenticator *, unsigned char *, int); -void kerberos4_reply (Authenticator *, unsigned char *, int); -int kerberos4_status (Authenticator *, char *, int); -void kerberos4_printsub (unsigned char *, int, unsigned char *, unsigned int); -#endif - #ifdef KRB5 int kerberos5_init (Authenticator *, int); int kerberos5_send (Authenticator *); diff --git a/src/appl/telnet/libtelnet/auth.c b/src/appl/telnet/libtelnet/auth.c index 28b8ae8d1b..1a1006605a 100644 --- a/src/appl/telnet/libtelnet/auth.c +++ b/src/appl/telnet/libtelnet/auth.c @@ -141,24 +141,6 @@ Authenticator authenticators[] = { kerberos5_reply, kerberos5_status, kerberos5_printsub }, -#endif -#ifdef KRB4 -# ifdef ENCRYPTION - { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, - kerberos4_init, - kerberos4_send, - kerberos4_is, - kerberos4_reply, - kerberos4_status, - kerberos4_printsub }, -# endif /* ENCRYPTION */ - { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - kerberos4_init, - kerberos4_send, - kerberos4_is, - kerberos4_reply, - kerberos4_status, - kerberos4_printsub }, #endif { 0, }, }; @@ -658,7 +640,7 @@ auth_gen_printsub(data, cnt, buf, buflen) buf[buflen-2] = '*'; buflen -= 2; for (; cnt > 0; cnt--, data++) { - sprintf((char *)tbuf, " %d", *data); + snprintf((char *)tbuf, sizeof(tbuf), " %d", *data); for (cp = tbuf; *cp && buflen > 0; --buflen) *buf++ = *cp++; if (buflen <= 0) diff --git a/src/appl/telnet/libtelnet/deps b/src/appl/telnet/libtelnet/deps new file mode 100644 index 0000000000..09cecf0d42 --- /dev/null +++ b/src/appl/telnet/libtelnet/deps @@ -0,0 +1,38 @@ +# +# Generated makefile dependencies follow. +# +auth.so auth.po $(OUTPRE)auth.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ + auth-proto.h auth.c auth.h enc-proto.h encrypt.h misc-proto.h +encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ + enc-proto.h encrypt.c encrypt.h misc-proto.h misc.h +genget.so genget.po $(OUTPRE)genget.$(OBJEXT): genget.c \ + misc-proto.h misc.h +misc.so misc.po $(OUTPRE)misc.$(OBJEXT): auth-proto.h \ + auth.h enc-proto.h encrypt.h misc-proto.h misc.c misc.h +kerberos5.so kerberos5.po $(OUTPRE)kerberos5.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(srcdir)/../arpa/telnet.h \ + auth-proto.h auth.h enc-proto.h encrypt.h kerberos5.c \ + krb5forw.h misc-proto.h misc.h +forward.so forward.po $(OUTPRE)forward.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h forward.c \ + krb5forw.h +enc_des.so enc_des.po $(OUTPRE)enc_des.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h $(srcdir)/../arpa/telnet.h \ + enc-proto.h enc_des.c encrypt.h key-proto.h misc-proto.h +setenv.so setenv.po $(OUTPRE)setenv.$(OBJEXT): misc-proto.h \ + setenv.c +getent.so getent.po $(OUTPRE)getent.$(OBJEXT): getent.c \ + gettytab.h +parsetos.so parsetos.po $(OUTPRE)parsetos.$(OBJEXT): \ + misc-proto.h parsetos.c +strdup.so strdup.po $(OUTPRE)strdup.$(OBJEXT): strdup.c +strcasecmp.so strcasecmp.po $(OUTPRE)strcasecmp.$(OBJEXT): \ + strcasecmp.c +strchr.so strchr.po $(OUTPRE)strchr.$(OBJEXT): strchr.c +strrchr.so strrchr.po $(OUTPRE)strrchr.$(OBJEXT): strrchr.c +strftime.so strftime.po $(OUTPRE)strftime.$(OBJEXT): \ + strftime.c +strerror.so strerror.po $(OUTPRE)strerror.$(OBJEXT): \ + strerror.c diff --git a/src/appl/telnet/libtelnet/enc_des.c b/src/appl/telnet/libtelnet/enc_des.c index c399d22c70..aa00ae27ec 100644 --- a/src/appl/telnet/libtelnet/enc_des.c +++ b/src/appl/telnet/libtelnet/enc_des.c @@ -550,28 +550,28 @@ fb64_printsub(data, cnt, buf, buflen, type) switch(data[2]) { case FB64_IV: - sprintf(lbuf, "%s_IV", type); + snprintf(lbuf, sizeof(lbuf), "%s_IV", type); cp = lbuf; goto common; case FB64_IV_OK: - sprintf(lbuf, "%s_IV_OK", type); + snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type); cp = lbuf; goto common; case FB64_IV_BAD: - sprintf(lbuf, "%s_IV_BAD", type); + snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type); cp = lbuf; goto common; default: - sprintf(lbuf, " %d (unknown)", data[2]); + snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]); cp = lbuf; common: for (; (buflen > 0) && (*buf = *cp++); buf++) buflen--; for (i = 3; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); + snprintf(lbuf, sizeof(lbuf), " %d", data[i]); for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++) buflen--; } diff --git a/src/appl/telnet/libtelnet/encrypt.c b/src/appl/telnet/libtelnet/encrypt.c index e99f346c4a..6317eceb30 100644 --- a/src/appl/telnet/libtelnet/encrypt.c +++ b/src/appl/telnet/libtelnet/encrypt.c @@ -984,7 +984,7 @@ encrypt_gen_printsub(data, cnt, buf, buflen) buf[buflen-2] = '*'; buflen -= 2;; for (; cnt > 0; cnt--, data++) { - sprintf(tbuf, " %d", *data); + snprintf(tbuf, sizeof(tbuf), " %d", *data); for (cp = tbuf; *cp && buflen > 0; --buflen) *buf++ = *cp++; if (buflen <= 0) diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c index 09d5589065..98dcb78972 100644 --- a/src/appl/telnet/libtelnet/forward.c +++ b/src/appl/telnet/libtelnet/forward.c @@ -57,7 +57,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket) if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL))) return(retval); - sprintf(ccname, "FILE:/tmp/krb5cc_p%ld", (long) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_p%ld", (long) getpid()); setenv("KRB5CCNAME", ccname, 1); if ((retval = krb5_cc_resolve(context, ccname, &ccache))) diff --git a/src/appl/telnet/libtelnet/gettytab.c b/src/appl/telnet/libtelnet/gettytab.c index aaad43aad7..d50f8797eb 100644 --- a/src/appl/telnet/libtelnet/gettytab.c +++ b/src/appl/telnet/libtelnet/gettytab.c @@ -117,7 +117,7 @@ nchktc() write(2, "Gettytab entry too long\n", 24); q[TABBUFSIZ - (p-tbuf)] = 0; } - strcpy(p, q+1); + strlcpy(p, q+1, TABBUFSIZ - (p-tbuf)); tbuf = holdtbuf; return(1); } diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c deleted file mode 100644 index 7e0d7360cb..0000000000 --- a/src/appl/telnet/libtelnet/kerberos.c +++ /dev/null @@ -1,744 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* based on @(#)kerberos.c 8.1 (Berkeley) 6/4/93 */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifdef KRB4 -/* this code must be compiled in the krb5 tree. disgustingly, there - is code in here which declares structures which happen to mirror - the krb4 des structures. I didn't want to rototill this *completely* - so this is how it's going to work. --marc */ -#include -#include -#include -#include -#include -#include /* BSD wont include this in krb.h, so we do it here */ -#include -#ifdef __STDC__ -#include -#endif -#ifdef HAVE_STRING_H -#include -#else -#include -#endif - -#include "encrypt.h" -#include "auth.h" -#include "misc.h" - -extern int auth_debug_mode; -extern krb5_context telnet_context; - -int kerberos4_cksum (unsigned char *, int); - -static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, - AUTHTYPE_KERBEROS_V4, }; -#if 0 -static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, - TELQUAL_NAME, }; -#endif - -#define KRB_AUTH 0 /* Authentication data follows */ -#define KRB_REJECT 1 /* Rejected (reason might follow) */ -#define KRB_ACCEPT 2 /* Accepted */ -#define KRB_CHALLENGE 3 /* Challenge for mutual auth. */ -#define KRB_RESPONSE 4 /* Response for mutual auth. */ - -#define KRB_SERVICE_NAME "rcmd" - -static KTEXT_ST auth; -static char name[ANAME_SZ]; -static AUTH_DAT adat = { 0 }; -#ifdef ENCRYPTION -static Block session_key = { 0 }; -static krb5_keyblock krbkey; -static Block challenge = { 0 }; -#endif /* ENCRYPTION */ - - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - const void *d; - int c; -{ - unsigned char *p = str_data + 4; - const unsigned char *cd = (const unsigned char *)d; - size_t spaceleft = sizeof(str_data) - 4; - if (c == -1) - c = strlen((const char *)cd); - - if (auth_debug_mode) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - spaceleft -= 3; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) { - *p++ = IAC; - spaceleft--; - } - if ((--spaceleft < 4) && c) { - errno = ENOMEM; - return -1; - } - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - (&str_data[2])); - return(net_write(str_data, p - str_data)); -} - - int -kerberos4_init(ap, server) - Authenticator *ap; - int server; -{ - FILE *fp; - - if (server) { - str_data[3] = TELQUAL_REPLY; - if ((fp = fopen(KEYFILE, "r")) == NULL) - return(0); - fclose(fp); - } else { - str_data[3] = TELQUAL_IS; - } - - kerberos5_init(NULL, server); - - return(1); -} - -char dst_realm_buf[REALM_SZ], *dest_realm = NULL; -unsigned int dst_realm_sz = REALM_SZ; - - int -kerberos4_send(ap) - Authenticator *ap; -{ - KTEXT_ST kauth; - char instance[INST_SZ]; - char *realm; - char *krb_realmofhost(); - char *krb_get_phost(); - CREDENTIALS cred; - int r; -#ifdef ENCRYPTION - krb5_data data; - krb5_enc_data encdata; - krb5_error_code code; - krb5_keyblock rand_key; -#endif - - printf("[ Trying KERBEROS4 ... ]\r\n"); - if (!UserNameRequested) { - if (auth_debug_mode) { - printf("Kerberos V4: no user name supplied\r\n"); - } - return(0); - } - - memset(instance, 0, sizeof(instance)); - - if ((realm = krb_get_phost(RemoteHostName))) - strncpy(instance, realm, sizeof(instance)); - - instance[sizeof(instance)-1] = '\0'; - - realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName); - - if (!realm) { - printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); - return(0); - } - if ((r = krb_mk_req(&kauth, KRB_SERVICE_NAME, instance, realm, 0))) { - printf("mk_req failed: %s\r\n", krb_get_err_text(r)); - return(0); - } - if ((r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred))) { - printf("get_cred failed: %s\r\n", krb_get_err_text(r)); - return(0); - } - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { - if (auth_debug_mode) - printf("Not enough room for user name\r\n"); - return(0); - } - if (auth_debug_mode) - printf("Sent %d bytes of authentication data\r\n", kauth.length); - if (!Data(ap, KRB_AUTH, (void *)kauth.dat, kauth.length)) { - if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - return(0); - } -#ifdef ENCRYPTION - /* - * If we are doing mutual authentication, get set up to send - * the challenge, and verify it when the response comes back. - */ - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - register int i; - - data.data = cred.session; - data.length = 8; /* sizeof(cred.session) */; - - if ((code = krb5_c_random_seed(telnet_context, &data))) { - com_err("libtelnet", code, - "while seeding random number generator"); - return(0); - } - - if ((code = krb5_c_make_random_key(telnet_context, - ENCTYPE_DES_CBC_RAW, - &rand_key))) { - com_err("libtelnet", code, - "while creating random session key"); - return(0); - } - - /* the krb4 code uses ecb mode, but on a single block - with a zero ivec, ecb and cbc are the same */ - krbkey.enctype = ENCTYPE_DES_CBC_RAW; - krbkey.length = 8; - krbkey.contents = cred.session; - - encdata.ciphertext.data = rand_key.contents; - encdata.ciphertext.length = rand_key.length; - encdata.enctype = ENCTYPE_UNKNOWN; - - data.data = session_key; - data.length = 8; - - code = krb5_c_decrypt(telnet_context, &krbkey, 0, 0, - &encdata, &data); - - krb5_free_keyblock_contents(telnet_context, &rand_key); - - if (code) { - com_err("libtelnet", code, "while encrypting random key"); - return(0); - } - - encdata.ciphertext.data = session_key; - encdata.ciphertext.length = 8; - encdata.enctype = ENCTYPE_UNKNOWN; - - data.data = challenge; - data.length = 8; - - code = krb5_c_decrypt(telnet_context, &krbkey, 0, 0, - &encdata, &data); - - /* - * Increment the challenge by 1, and encrypt it for - * later comparison. - */ - for (i = 7; i >= 0; --i) { - register int x; - x = (unsigned int)challenge[i] + 1; - challenge[i] = x; /* ignore overflow */ - if (x < 256) /* if no overflow, all done */ - break; - } - - data.data = challenge; - data.length = 8; - - encdata.ciphertext.data = challenge; - encdata.ciphertext.length = 8; - encdata.enctype = ENCTYPE_UNKNOWN; - - if ((code = krb5_c_encrypt(telnet_context, &krbkey, 0, 0, - &data, &encdata))) { - com_err("libtelnet", code, "while encrypting random key"); - return(0); - } - } -#endif /* ENCRYPTION */ - - if (auth_debug_mode) { - printf("CK: %d:", kerberos4_cksum(kauth.dat, kauth.length)); - printd(kauth.dat, kauth.length); - printf("\r\n"); - printf("Sent Kerberos V4 credentials to server\r\n"); - } - return(1); -} - - void -kerberos4_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ -#ifdef ENCRYPTION - Session_Key skey; - Block datablock, tmpkey; - krb5_data kdata; - krb5_enc_data encdata; - krb5_error_code code; -#endif /* ENCRYPTION */ - char realm[REALM_SZ]; - char instance[INST_SZ]; - int r; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_AUTH: - if (krb_get_lrealm(realm, 1) != KSUCCESS) { - Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) - printf("No local realm\r\n"); - return; - } - memcpy((void *)auth.dat, (void *)data, auth.length = cnt); - if (auth_debug_mode) { - printf("Got %d bytes of authentication data\r\n", cnt); - printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); - printd(auth.dat, auth.length); - printf("\r\n"); - } - instance[0] = '*'; instance[1] = 0; - if ((r = krb_rd_req(&auth, KRB_SERVICE_NAME, - instance, 0, &adat, ""))) { - if (auth_debug_mode) - printf("Kerberos failed him as %s\r\n", name); - Data(ap, KRB_REJECT, (const void *)krb_get_err_text(r), -1); - auth_finished(ap, AUTH_REJECT); - return; - } -#ifdef ENCRYPTION - memcpy((void *)session_key, (void *)adat.session, sizeof(Block)); -#endif /* ENCRYPTION */ - krb_kntoln(&adat, name); - - if (UserNameRequested && !kuserok(&adat, UserNameRequested)) - Data(ap, KRB_ACCEPT, (void *)0, 0); - else - Data(ap, KRB_REJECT, - (void *)"user is not authorized", -1); - auth_finished(ap, AUTH_USER); - break; - - case KRB_CHALLENGE: -#ifndef ENCRYPTION - Data(ap, KRB_RESPONSE, (void *)0, 0); -#else /* ENCRYPTION */ - if (!VALIDKEY(session_key)) { - /* - * We don't have a valid session key, so just - * send back a response with an empty session - * key. - */ - Data(ap, KRB_RESPONSE, (void *)0, 0); - break; - } - - /* - * Initialize the random number generator since it's - * used later on by the encryption routine. - */ - - kdata.data = session_key; - kdata.length = 8; - - if ((code = krb5_c_random_seed(telnet_context, &kdata))) { - com_err("libtelnet", code, - "while seeding random number generator"); - return; - } - - memcpy((void *)datablock, (void *)data, sizeof(Block)); - /* - * Take the received encrypted challenge, and encrypt - * it again to get a unique session_key for the - * ENCRYPT option. - */ - krbkey.enctype = ENCTYPE_DES_CBC_RAW; - krbkey.length = 8; - krbkey.contents = session_key; - - kdata.data = datablock; - kdata.length = 8; - - encdata.ciphertext.data = tmpkey; - encdata.ciphertext.length = 8; - encdata.enctype = ENCTYPE_UNKNOWN; - - if ((code = krb5_c_encrypt(telnet_context, &krbkey, 0, 0, - &kdata, &encdata))) { - com_err("libtelnet", code, "while encrypting random key"); - return; - } - - skey.type = SK_DES; - skey.length = 8; - skey.data = tmpkey; - encrypt_session_key(&skey, 1); - /* - * Now decrypt the received encrypted challenge, - * increment by one, re-encrypt it and send it back. - */ - encdata.ciphertext.data = datablock; - encdata.ciphertext.length = 8; - encdata.enctype = ENCTYPE_UNKNOWN; - - kdata.data = challenge; - kdata.length = 8; - - if ((code = krb5_c_decrypt(telnet_context, &krbkey, 0, 0, - &encdata, &kdata))) { - com_err("libtelnet", code, "while decrypting challenge"); - return; - } - - for (r = 7; r >= 0; r--) { - register int t; - t = (unsigned int)challenge[r] + 1; - challenge[r] = t; /* ignore overflow */ - if (t < 256) /* if no overflow, all done */ - break; - } - - kdata.data = challenge; - kdata.length = 8; - - encdata.ciphertext.data = challenge; - encdata.ciphertext.length = 8; - encdata.enctype = ENCTYPE_UNKNOWN; - - if ((code = krb5_c_encrypt(telnet_context, &krbkey, 0, 0, - &kdata, &encdata))) { - com_err("libtelnet", code, "while decrypting challenge"); - return; - } - - Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge)); -#endif /* ENCRYPTION */ - break; - - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); - break; - } -} - - void -kerberos4_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ -#ifdef ENCRYPTION - Session_Key skey; - krb5_data kdata; - krb5_enc_data encdata; - krb5_error_code code; - -#endif /* ENCRYPTION */ - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_REJECT: - if (cnt > 0) { - printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ Kerberos V4 refuses authentication ]\r\n"); - auth_send_retry(); - return; - case KRB_ACCEPT: - printf("[ Kerberos V4 accepts you ]\r\n"); - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* - * Send over the encrypted challenge. - */ -#ifndef ENCRYPTION - Data(ap, KRB_CHALLENGE, (void *)0, 0); -#else /* ENCRYPTION */ - Data(ap, KRB_CHALLENGE, (void *)session_key, - sizeof(session_key)); - - kdata.data = session_key; - kdata.length = 8; - - encdata.ciphertext.data = session_key; - encdata.ciphertext.length = 8; - encdata.enctype = ENCTYPE_UNKNOWN; - - if ((code = krb5_c_encrypt(telnet_context, &krbkey, - 0, 0, &kdata, &encdata))) { - com_err("libtelnet", code, - "while encrypting session_key"); - return; - } - - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 0); -#endif /* ENCRYPTION */ - return; - } - auth_finished(ap, AUTH_USER); - return; - case KRB_RESPONSE: -#ifdef ENCRYPTION - /* - * Verify that the response to the challenge is correct. - */ - if ((cnt != sizeof(Block)) || - (0 != memcmp((void *)data, (void *)challenge, - sizeof(challenge)))) - { -#endif /* ENCRYPTION */ - printf("[ Kerberos V4 challenge failed!!! ]\r\n"); - auth_send_retry(); - return; -#ifdef ENCRYPTION - } - printf("[ Kerberos V4 challenge successful ]\r\n"); - auth_finished(ap, AUTH_USER); -#endif /* ENCRYPTION */ - break; - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - return; - } -} - - int -kerberos4_status(ap, kname, level) - Authenticator *ap; - char *kname; - int level; -{ - if (level < AUTH_USER) - return(level); - - /* - * Always copy in UserNameRequested if the authentication - * is valid, because the higher level routines need it. - */ - if (UserNameRequested) { - /* the name buffer comes from telnetd/telnetd{-ktd}.c */ - strncpy(kname, UserNameRequested, 255); - kname[255] = '\0'; - } - - if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - return(AUTH_VALID); - } else - return(AUTH_USER); -} - -#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} -#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - - void -kerberos4_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt; - unsigned int buflen; -{ - char lbuf[32]; - register int i; - - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ - buflen -= 1; - - switch(data[3]) { - case KRB_REJECT: /* Rejected (reason might follow) */ - strncpy((char *)buf, " REJECT ", buflen); - goto common; - - case KRB_ACCEPT: /* Accepted (name might follow) */ - strncpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; - - case KRB_AUTH: /* Authentication data follows */ - strncpy((char *)buf, " AUTH", buflen); - goto common2; - - case KRB_CHALLENGE: - strncpy((char *)buf, " CHALLENGE", buflen); - goto common2; - - case KRB_RESPONSE: - strncpy((char *)buf, " RESPONSE", buflen); - goto common2; - - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - strncpy((char *)buf, lbuf, buflen); - BUMP(buf, buflen); - } - break; - } -} - - int -kerberos4_cksum(d, n) - unsigned char *d; - int n; -{ - int ck = 0; - - /* - * A comment is probably needed here for those not - * well versed in the "C" language. Yes, this is - * supposed to be a "switch" with the body of the - * "switch" being a "while" statement. The whole - * purpose of the switch is to allow us to jump into - * the middle of the while() loop, and then not have - * to do any more switch()s. - * - * Some compilers will spit out a warning message - * about the loop not being entered at the top. - */ - switch (n&03) - while (n > 0) { - case 0: - ck ^= (int)*d++ << 24; - --n; - case 3: - ck ^= (int)*d++ << 16; - --n; - case 2: - ck ^= (int)*d++ << 8; - --n; - case 1: - ck ^= (int)*d++; - --n; - } - return(ck); -} -#else -#include -#include - -#endif - -#ifdef notdef - -prkey(msg, key) - char *msg; - unsigned char *key; -{ - register int i; - printf("%s:", msg); - for (i = 0; i < 8; i++) - printf(" %3d", key[i]); - printf("\r\n"); -} -#endif diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 1ef6fbacec..40eb184acb 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -66,6 +66,7 @@ #include #include #include "krb5.h" +#include "k5-platform.h" #include "com_err.h" #include @@ -266,12 +267,11 @@ kerberos5_send(ap) rdata.magic = 0; rdata.length = strlen(telnet_krb5_realm); - rdata.data = (char *) malloc(rdata.length + 1); + rdata.data = strdup(telnet_krb5_realm); if (rdata.data == NULL) { fprintf(stderr, "malloc failed\n"); return(0); } - strcpy(rdata.data, telnet_krb5_realm); krb5_princ_set_realm(telnet_context, creds.server, &rdata); } @@ -440,9 +440,9 @@ kerberos5_is(ap, data, cnt) r = krb5_rd_req(telnet_context, &auth_context, &auth, NULL, keytabid, NULL, &ticket); if (r) { - (void) strcpy(errbuf, "krb5_rd_req failed: "); - errbuf[sizeof(errbuf) - 1] = '\0'; - (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); + (void) snprintf(errbuf, sizeof(errbuf), + "krb5_rd_req failed: %s", + error_message(r)); goto errout; } @@ -452,7 +452,8 @@ kerberos5_is(ap, data, cnt) * the default is of length 4. */ if (krb5_princ_size(telnet_context,ticket->server) < 1) { - (void) strcpy(errbuf, "malformed service name"); + (void) strlcpy(errbuf, "malformed service name", + sizeof(errbuf)); goto errout; } if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) { @@ -464,15 +465,16 @@ kerberos5_is(ap, data, cnt) ticket->server,0)->length] = '\0'; if (strcmp("host", princ)) { if(strlen(princ) < sizeof(errbuf) - 39) { - (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"host\"", + (void) snprintf(errbuf, sizeof(errbuf), "incorrect service name: \"%s\" != \"host\"", princ); } else { - (void) sprintf(errbuf, "incorrect service name: principal != \"host\""); + (void) snprintf(errbuf, sizeof(errbuf), "incorrect service name: principal != \"host\""); } goto errout; } } else { - (void) strcpy(errbuf, "service name too long"); + (void) strlcpy(errbuf, "service name too long", + sizeof(errbuf)); goto errout; } @@ -480,16 +482,16 @@ kerberos5_is(ap, data, cnt) auth_context, &authenticator); if (r) { - (void) strcpy(errbuf, - "krb5_auth_con_getauthenticator failed: "); - errbuf[sizeof(errbuf) - 1] = '\0'; - (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); - goto errout; + (void) snprintf(errbuf, sizeof(errbuf), + "krb5_auth_con_getauthenticator failed: %s", + error_message(r)); + goto errout; } if ((ap->way & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON && !authenticator->checksum) { - (void) strcpy(errbuf, - "authenticator is missing required checksum"); + (void) strlcpy(errbuf, + "authenticator is missing required checksum", + sizeof(errbuf)); goto errout; } if (authenticator->checksum) { @@ -503,9 +505,9 @@ kerberos5_is(ap, data, cnt) r = krb5_auth_con_getkey(telnet_context, auth_context, &key); if (r) { - (void) strcpy(errbuf, "krb5_auth_con_getkey failed: "); - errbuf[sizeof(errbuf) - 1] = '\0'; - (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); + (void) snprintf(errbuf, sizeof(errbuf), + "krb5_auth_con_getkey failed: %s", + error_message(r)); goto errout; } r = krb5_verify_checksum(telnet_context, @@ -522,10 +524,9 @@ kerberos5_is(ap, data, cnt) * present at this time. */ if (r) { - (void) strcpy(errbuf, - "checksum verification failed: "); - errbuf[sizeof(errbuf) - 1] = '\0'; - (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); + (void) snprintf(errbuf, sizeof(errbuf), + "checksum verification failed: %s", + error_message(r)); goto errout; } krb5_free_keyblock(telnet_context, key); @@ -535,9 +536,9 @@ kerberos5_is(ap, data, cnt) /* do ap_rep stuff here */ if ((r = krb5_mk_rep(telnet_context, auth_context, &outbuf))) { - (void) strcpy(errbuf, "Make reply failed: "); - errbuf[sizeof(errbuf) - 1] = '\0'; - (void) strncat(errbuf, error_message(r), sizeof(errbuf) - 1 - strlen(errbuf)); + (void) snprintf(errbuf, sizeof(errbuf), + "Make reply failed: %s", + error_message(r)); goto errout; } @@ -589,11 +590,10 @@ kerberos5_is(ap, data, cnt) &inbuf, ticket))) { char kerrbuf[128]; - - (void) strcpy(kerrbuf, "Read forwarded creds failed: "); - kerrbuf[sizeof(kerrbuf) - 1] = '\0'; - (void) strncat(kerrbuf, error_message(r), - sizeof(kerrbuf) - 1 - strlen(kerrbuf)); + + (void) snprintf(kerrbuf, sizeof(kerrbuf), + "Read forwarded creds failed: %s", + error_message(r)); Data(ap, KRB_FORWARD_REJECT, kerrbuf, -1); if (auth_debug_mode) printf( @@ -618,9 +618,7 @@ kerberos5_is(ap, data, cnt) { char eerrbuf[329]; - strcpy(eerrbuf, "telnetd: "); - eerrbuf[sizeof(eerrbuf) - 1] = '\0'; - strncat(eerrbuf, errbuf, sizeof(eerrbuf) - 1 - strlen(eerrbuf)); + snprintf(eerrbuf, sizeof(eerrbuf), "telnetd: %s", errbuf); Data(ap, KRB_REJECT, eerrbuf, -1); } if (auth_debug_mode) @@ -813,12 +811,12 @@ kerberos5_printsub(data, cnt, buf, buflen) #endif /* FORWARD */ default: - sprintf(lbuf, " %d (unknown)", data[3]); + snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); + snprintf(lbuf, sizeof(lbuf), " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } diff --git a/src/appl/telnet/libtelnet/spx.c b/src/appl/telnet/libtelnet/spx.c index b3e0e9dfcc..449ddc4f75 100644 --- a/src/appl/telnet/libtelnet/spx.c +++ b/src/appl/telnet/libtelnet/spx.c @@ -71,6 +71,7 @@ #include #include #include "gssapi_defs.h" +#include "k5-platform.h" #ifdef __STDC__ #include #endif @@ -172,9 +173,8 @@ spx_init(ap, server) if (server) { str_data[3] = TELQUAL_REPLY; gethostname(lhostname, sizeof(lhostname)); - strcpy(targ_printable, "SERVICE:rcmd@"); - strncat(targ_printable, lhostname, sizeof(targ_printable) - 1 - 13); - targ_printable[sizeof(targ_printable) - 1] = '\0'; + snprintf(targ_printable, sizeof(targ_printable), + "SERVICE:rcmd@%s", lhostname); input_name_buffer.length = strlen(targ_printable); input_name_buffer.value = targ_printable; major_status = gss_import_name(&status, @@ -216,9 +216,8 @@ spx_send(ap) char *address; printf("[ Trying SPX ... ]\n"); - strcpy(targ_printable, "SERVICE:rcmd@"); - strncat(targ_printable, RemoteHostName, sizeof(targ_printable) - 1 - 13); - targ_printable[sizeof(targ_printable) - 1] = '\0'; + snprintf(targ_printable, sizeof(targ_printable), "SERVICE:rcmd@%s", + RemoteHostName); input_name_buffer.length = strlen(targ_printable); input_name_buffer.value = targ_printable; @@ -325,9 +324,8 @@ spx_is(ap, data, cnt) gethostname(lhostname, sizeof(lhostname)); - strcpy(targ_printable, "SERVICE:rcmd@"); - strncat(targ_printable, lhostname, sizeof(targ_printable) - 1 - 13); - targ_printable[sizeof(targ_printable) - 1] = '\0'; + snprintf(targ_printable, sizeof(targ_printable), + "SERVICE:rcmd@%s", lhostname); input_name_buffer.length = strlen(targ_printable); input_name_buffer.value = targ_printable; @@ -563,12 +561,12 @@ spx_printsub(data, cnt, buf, buflen) goto common2; default: - sprintf(lbuf, " %d (unknown)", data[3]); + snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); + snprintf(lbuf, sizeof(lbuf), " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } diff --git a/src/appl/telnet/telnet/Makefile.in b/src/appl/telnet/telnet/Makefile.in index 42a0578999..7fae8f7c51 100644 --- a/src/appl/telnet/telnet/Makefile.in +++ b/src/appl/telnet/telnet/Makefile.in @@ -47,8 +47,8 @@ OBJS= authenc.o commands.o main.o network.o ring.o sys_bsd.o \ all:: telnet -telnet: $(OBJS) $(KRB4COMPAT_DEPLIBS) ../libtelnet/libtelnet.a - $(CC_LINK) -o $@ $(OBJS) ../libtelnet/libtelnet.a $(KRB4COMPAT_LIBS) +telnet: $(OBJS) $(KRB5_BASE_DEPLIBS) ../libtelnet/libtelnet.a + $(CC_LINK) -o $@ $(OBJS) ../libtelnet/libtelnet.a $(KRB5_BASE_LIBS) clean:: $(RM) telnet @@ -72,41 +72,3 @@ telnet.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET) terminal.o: externs.h ring.h types.h $(ARPA_TELNET) tn3270.o: defines.h externs.h fdset.h general.h ring.h $(ARPA_TELNET) utilities.o: defines.h externs.h fdset.h general.h ring.h $(ARPA_TELNET) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)authenc.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ - $(srcdir)/../libtelnet/misc-proto.h $(srcdir)/../libtelnet/misc.h \ - authenc.c defines.h externs.h general.h ring.h types.h -$(OUTPRE)commands.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../arpa/telnet.h \ - $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/auth.h \ - $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ - $(srcdir)/../libtelnet/misc-proto.h commands.c defines.h \ - externs.h general.h ring.h types.h -$(OUTPRE)main.$(OBJEXT): $(srcdir)/../libtelnet/auth-proto.h \ - $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ - $(srcdir)/../libtelnet/encrypt.h defines.h externs.h \ - main.c ring.h -$(OUTPRE)network.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - defines.h externs.h fdset.h network.c ring.h -$(OUTPRE)ring.$(OBJEXT): general.h ring.c ring.h -$(OUTPRE)sys_bsd.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - defines.h externs.h fdset.h ring.h sys_bsd.c types.h -$(OUTPRE)telnet.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/auth.h \ - $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ - $(srcdir)/../libtelnet/misc-proto.h defines.h externs.h \ - general.h ring.h telnet.c types.h -$(OUTPRE)terminal.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ - externs.h ring.h terminal.c types.h -$(OUTPRE)utilities.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ - $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/auth.h \ - $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ - defines.h externs.h fdset.h general.h ring.h utilities.c diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c index 57106de7fb..f82f3e6808 100644 --- a/src/appl/telnet/telnet/commands.c +++ b/src/appl/telnet/telnet/commands.c @@ -117,6 +117,8 @@ static unsigned long sourceroute(char *, char **, int *); #include "fake-addrinfo.h" +#include + char *hostname; static char _hostname[MAXDNAME]; static char hostaddrstring[NI_MAXHOST]; @@ -1745,8 +1747,8 @@ env_find(var) env_init() { extern char **environ; - register char **epp, *cp; - register struct env_lst *ep; + char **epp, *cp; + struct env_lst *ep; for (epp = environ; *epp; epp++) { if ((cp = strchr(*epp, '='))) { @@ -1770,8 +1772,7 @@ env_init() gethostname(hbuf, 256); hbuf[256] = '\0'; - cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1); - sprintf((char *)cp, "%s%s", hbuf, cp2); + asprintf(&cp, "%s%s", hbuf, cp2); free(ep->value); ep->value = (unsigned char *)cp; } @@ -2431,7 +2432,7 @@ tn(argc, argv) return 0; } if (argc < 2) { - (void) strcpy(line, "open "); + (void) strlcpy(line, "open ", sizeof(line)); printf("(to) "); (void) fgets(&line[strlen(line)], (int) (sizeof(line) - strlen(line)), stdin); @@ -2580,7 +2581,8 @@ tn(argc, argv) if (error) { fprintf (stderr, "getnameinfo() error printing address: %s\n", gai_strerror (error)); - strcpy (hostaddrstring, "[address unprintable]"); + strlcpy (hostaddrstring, "[address unprintable]", + sizeof(hostaddrstring)); } printf("Trying %s...\r\n", hostaddrstring); #if defined(IP_OPTIONS) && defined(IPPROTO_IP) diff --git a/src/appl/telnet/telnet/deps b/src/appl/telnet/telnet/deps new file mode 100644 index 0000000000..4015479834 --- /dev/null +++ b/src/appl/telnet/telnet/deps @@ -0,0 +1,39 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)authenc.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ + $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ + $(srcdir)/../libtelnet/misc-proto.h $(srcdir)/../libtelnet/misc.h \ + authenc.c defines.h externs.h general.h ring.h types.h +$(OUTPRE)commands.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../arpa/telnet.h \ + $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/auth.h \ + $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ + $(srcdir)/../libtelnet/misc-proto.h commands.c defines.h \ + externs.h general.h ring.h types.h +$(OUTPRE)main.$(OBJEXT): $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/encrypt.h defines.h externs.h \ + main.c ring.h +$(OUTPRE)network.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ + defines.h externs.h fdset.h network.c ring.h +$(OUTPRE)ring.$(OBJEXT): general.h ring.c ring.h +$(OUTPRE)sys_bsd.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ + defines.h externs.h fdset.h ring.h sys_bsd.c types.h +$(OUTPRE)telnet.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/encrypt.h $(srcdir)/../libtelnet/misc-proto.h \ + defines.h externs.h general.h ring.h telnet.c types.h +$(OUTPRE)terminal.$(OBJEXT): $(srcdir)/../arpa/telnet.h \ + $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \ + externs.h ring.h terminal.c types.h +$(OUTPRE)utilities.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/encrypt.h defines.h externs.h \ + fdset.h general.h ring.h utilities.c diff --git a/src/appl/telnet/telnet/main.c b/src/appl/telnet/telnet/main.c index 77832f9127..c1dc2049aa 100644 --- a/src/appl/telnet/telnet/main.c +++ b/src/appl/telnet/telnet/main.c @@ -235,14 +235,6 @@ main(argc, argv) #endif break; case 'k': -#if defined(AUTHENTICATION) && defined(KRB4) - { - extern char *dest_realm, dst_realm_buf[]; - extern unsigned int dst_realm_sz; - dest_realm = dst_realm_buf; - (void)strncpy(dest_realm, optarg, dst_realm_sz); - } -#endif #if defined(AUTHENTICATION) && defined(KRB5) { extern char *telnet_krb5_realm; @@ -250,8 +242,7 @@ main(argc, argv) telnet_krb5_realm = optarg; break; } -#endif -#if !defined(AUTHENTICATION) || (!defined(KRB4) && !defined(KRB5)) +#else fprintf(stderr, "%s: Warning: -k ignored, no Kerberos V4 support.\n", prompt); diff --git a/src/appl/telnet/telnet/telnet.c b/src/appl/telnet/telnet/telnet.c index 3b8a82d744..be00687e77 100644 --- a/src/appl/telnet/telnet/telnet.c +++ b/src/appl/telnet/telnet/telnet.c @@ -79,6 +79,8 @@ #include #endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ +#include + static int is_unique (char *, char **, char **); @@ -867,8 +869,8 @@ suboption() name = gettermname(); len = strlen(name) + 4 + 2; if (len < NETROOM()) { - sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE, - TELQUAL_IS, name, IAC, SE); + snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", + IAC, SB, TELOPT_TTYPE, TELQUAL_IS, name, IAC, SE); ring_supply_data(&netoring, temp, len); printsub('>', &temp[2], len-2); } else { @@ -889,8 +891,8 @@ suboption() TerminalSpeeds(&ispeed, &o_speed); - sprintf((char *)temp, "%c%c%c%c%ld,%ld%c%c", IAC, SB, TELOPT_TSPEED, - TELQUAL_IS, o_speed, ispeed, IAC, SE); + snprintf((char *)temp, sizeof(temp), "%c%c%c%c%ld,%ld%c%c", IAC, + SB, TELOPT_TSPEED, TELQUAL_IS, o_speed, ispeed, IAC, SE); len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ if (len < NETROOM()) { @@ -995,8 +997,8 @@ suboption() send_wont(TELOPT_XDISPLOC, 1); break; } - sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC, - TELQUAL_IS, dp, IAC, SE); + snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", + IAC, SB, TELOPT_XDISPLOC, TELQUAL_IS, dp, IAC, SE); len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ if (len < NETROOM()) { diff --git a/src/appl/telnet/telnet/utilities.c b/src/appl/telnet/telnet/utilities.c index 4b198dabf7..4a076e5309 100644 --- a/src/appl/telnet/telnet/utilities.c +++ b/src/appl/telnet/telnet/utilities.c @@ -61,6 +61,8 @@ #include #endif +#include + FILE *NetTrace = 0; /* Not in bss, since needs to stay */ int prettydump; @@ -646,7 +648,7 @@ printsub(direction, pointer, length) } { char tbuf[64]; - sprintf(tbuf, "%s%s%s%s%s", + snprintf(tbuf, sizeof(tbuf), "%s%s%s%s%s", pointer[2]&MODE_EDIT ? "|EDIT" : "", pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "", pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in index 606bfb69ee..ac27b78e5c 100644 --- a/src/appl/telnet/telnetd/Makefile.in +++ b/src/appl/telnet/telnetd/Makefile.in @@ -30,7 +30,7 @@ LOCALINCLUDES=-I.. -I$(srcdir)/.. DEFINES = -DTELNET_BUFSIZE=65535 $(AUTH_DEF) $(OTHERDEFS) ARPA_TELNET= $(srcdir)/../arpa/telnet.h -PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) +PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) LIBS= @TELNETD_LIBS@ @@ -60,8 +60,8 @@ OBJS= telnetd.o \ all:: telnetd -telnetd: $(OBJS) $(PTY_DEPLIB) $(KRB4COMPAT_DEPLIBS) ../libtelnet/libtelnet.a - $(CC_LINK) -o $@ $(OBJS) ../libtelnet/libtelnet.a $(PTY_LIB) $(UTIL_LIB) $(KRB4COMPAT_LIBS) +telnetd: $(OBJS) $(PTY_DEPLIB) $(KRB5_BASE_DEPLIBS) ../libtelnet/libtelnet.a + $(CC_LINK) -o $@ $(OBJS) ../libtelnet/libtelnet.a $(PTY_LIB) $(UTIL_LIB) $(KRB5_BASE_LIBS) clean:: $(RM) telnetd @@ -82,63 +82,3 @@ sys_term.o: telnetd.h pathnames.h defs.h ext.h $(ARPA_TELNET) telnetd.o: telnetd.h defs.h ext.h $(ARPA_TELNET) termstat.o: telnetd.h defs.h ext.h $(ARPA_TELNET) utility.o: telnetd.h defs.h ext.h $(ARPA_TELNET) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)telnetd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ - $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ - $(srcdir)/../libtelnet/encrypt.h $(srcdir)/../libtelnet/misc-proto.h \ - defs.h ext.h pathnames.h telnetd.c telnetd.h -$(OUTPRE)termio-tn.$(OBJEXT): termio-tn.c -$(OUTPRE)termios-tn.$(OBJEXT): termios-tn.c -$(OUTPRE)state.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ - $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ - $(srcdir)/../libtelnet/encrypt.h defs.h ext.h state.c \ - telnetd.h -$(OUTPRE)termstat.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arpa/telnet.h defs.h ext.h telnetd.h termstat.c -$(OUTPRE)slc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arpa/telnet.h defs.h ext.h slc.c telnetd.h -$(OUTPRE)sys_term.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ - $(srcdir)/../libtelnet/auth.h defs.h ext.h pathnames.h \ - sys_term.c telnetd.h -$(OUTPRE)utility.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ - $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ - $(srcdir)/../libtelnet/encrypt.h defs.h ext.h telnetd.h \ - utility.c -$(OUTPRE)global.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arpa/telnet.h defs.h ext.h global.c -$(OUTPRE)authenc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/misc-proto.h \ - $(srcdir)/../libtelnet/misc.h authenc.c defs.h ext.h \ - telnetd.h diff --git a/src/appl/telnet/telnetd/deps b/src/appl/telnet/telnetd/deps new file mode 100644 index 0000000000..88e768d39e --- /dev/null +++ b/src/appl/telnet/telnetd/deps @@ -0,0 +1,58 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)telnetd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/encrypt.h $(srcdir)/../libtelnet/misc-proto.h \ + defs.h ext.h pathnames.h telnetd.c telnetd.h +$(OUTPRE)termio-tn.$(OBJEXT): termio-tn.c +$(OUTPRE)termios-tn.$(OBJEXT): termios-tn.c +$(OUTPRE)state.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/encrypt.h defs.h ext.h state.c \ + telnetd.h +$(OUTPRE)termstat.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../arpa/telnet.h defs.h ext.h telnetd.h termstat.c +$(OUTPRE)slc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../arpa/telnet.h defs.h ext.h slc.c telnetd.h +$(OUTPRE)sys_term.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../arpa/telnet.h \ + $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/auth.h \ + defs.h ext.h pathnames.h sys_term.c telnetd.h +$(OUTPRE)utility.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/encrypt.h defs.h ext.h telnetd.h \ + utility.c +$(OUTPRE)global.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../arpa/telnet.h defs.h ext.h global.c +$(OUTPRE)authenc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/misc-proto.h \ + $(srcdir)/../libtelnet/misc.h authenc.c defs.h ext.h \ + telnetd.h diff --git a/src/appl/telnet/telnetd/slc.c b/src/appl/telnet/telnetd/slc.c index 613674b018..8f32f433ab 100644 --- a/src/appl/telnet/telnetd/slc.c +++ b/src/appl/telnet/telnetd/slc.c @@ -154,8 +154,8 @@ start_slc(getit) slcchange = 0; if (getit) init_termbuf(); - (void) sprintf((char *)slcbuf, "%c%c%c%c", - IAC, SB, TELOPT_LINEMODE, LM_SLC); + (void) snprintf((char *)slcbuf, sizeof(slcbuf), "%c%c%c%c", + IAC, SB, TELOPT_LINEMODE, LM_SLC); slcptr = slcbuf + 4; } /* end of start_slc */ @@ -195,8 +195,9 @@ end_slc(bufp) *bufp = &slcbuf[4]; return(slcptr - slcbuf - 4); } else { - (void) sprintf((char *)slcptr, "%c%c", IAC, SE); - slcptr += 2; + *slcptr++ = IAC; + *slcptr++ = SE; + *slcptr = 0; len = slcptr - slcbuf; netwrite(slcbuf, len); netflush(); /* force it out immediately */ diff --git a/src/appl/telnet/telnetd/sys_term.c b/src/appl/telnet/telnetd/sys_term.c index d78c2e83de..5c08c76069 100644 --- a/src/appl/telnet/telnetd/sys_term.c +++ b/src/appl/telnet/telnetd/sys_term.c @@ -1133,7 +1133,8 @@ startslave(host, autologin, autoname) */ if ((i = open(INIT_FIFO, O_WRONLY)) < 0) { char tbuf[128]; - (void) sprintf(tbuf, "Can't open %s\n", INIT_FIFO); + (void) snprintf(tbuf, sizeof(tbuf), "Can't open %s\n", + INIT_FIFO); fatalperror(net, tbuf); } memset((char *)&request, 0, sizeof(request)); @@ -1156,7 +1157,8 @@ startslave(host, autologin, autoname) #endif /* BFTPDAEMON */ if (write(i, (char *)&request, sizeof(request)) < 0) { char tbuf[128]; - (void) sprintf(tbuf, "Can't write to %s\n", INIT_FIFO); + (void) snprintf(tbuf, sizeof(tbuf), "Can't write to %s\n", + INIT_FIFO); fatalperror(net, tbuf); } (void) close(i); @@ -1168,7 +1170,7 @@ startslave(host, autologin, autoname) if (i == 3 || n >= 0 || !gotalarm) break; gotalarm = 0; - sprintf(tbuf, "telnetd: waiting for /etc/init to start login process on %s\r\n", line); + snprintf(tbuf, sizeof(tbuf), "telnetd: waiting for /etc/init to start login process on %s\r\n", line); (void) write(net, tbuf, strlen(tbuf)); } if (n < 0 && gotalarm) @@ -1255,9 +1257,7 @@ start_login(host, autologin, name) if (term == NULL || term[0] == 0) { term = "-"; } else { - strcpy(termbuf, "TERM="); - strncat(termbuf, term, sizeof(termbuf) - 6); - termbuf[sizeof(termbuf) - 1] = '\0'; + snprintf(termbuf, sizeof(termbuf), "TERM=%s", term); term = termbuf; } argv = addarg(argv, term); @@ -1357,13 +1357,9 @@ start_login(host, autologin, name) write(xpty, name, len); write(xpty, name, len); memset(speed, 0, sizeof(speed)); - strncpy(speed, - (cp = getenv("TERM")) ? cp : "", - sizeof(speed)-1-(10*sizeof(def_rspeed)/4)-1); - /* 1 for /, () for the number, 1 for trailing 0. */ - sprintf(speed + strlen(speed), - "/%d", - (def_rspeed > 0) ? def_rspeed : 9600); + snprintf(speed, sizeof(speed), "%s/%d", + (cp = getenv("TERM")) ? cp : "", + (def_rspeed > 0) ? def_rspeed : 9600); len = strlen(speed)+1; write(xpty, speed, len); diff --git a/src/appl/user_user/deps b/src/appl/user_user/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/appl/user_user/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/ccapi/common/cci_types.h b/src/ccapi/common/cci_types.h index 20c64701a2..43f7100cee 100644 --- a/src/ccapi/common/cci_types.h +++ b/src/ccapi/common/cci_types.h @@ -39,7 +39,7 @@ enum cci_msg_id_t { /* cc_context_t */ cci_context_first_msg_id, - cci_context_release_msg_id, + cci_context_unused_release_msg_id, /* Unused. Handle for old clients. */ cci_context_sync_msg_id, cci_context_get_change_time_msg_id, cci_context_wait_for_change_msg_id, diff --git a/src/ccapi/lib/ccapi_context.c b/src/ccapi/lib/ccapi_context.c index 0f1712ea48..7ba3db4d26 100644 --- a/src/ccapi/lib/ccapi_context.c +++ b/src/ccapi/lib/ccapi_context.c @@ -198,6 +198,16 @@ cc_int32 cc_initialize (cc_context_t *out_context, #endif /* ------------------------------------------------------------------------ */ +/* + * Currently does not need to talk to the server since the server must + * handle cleaning up resources from crashed clients anyway. + * + * NOTE: if server communication is ever added here, make sure that + * krb5_stdcc_shutdown calls an internal function which does not talk to the + * server. krb5_stdcc_shutdown is called from thread fini functions and may + * crash talking to the server depending on what order the OS calls the fini + * functions (ie: if the ipc layer fini function is called first). + */ cc_int32 ccapi_context_release (cc_context_t in_context) { @@ -206,17 +216,6 @@ cc_int32 ccapi_context_release (cc_context_t in_context) if (!in_context) { err = ccErrBadParam; } - if (!err) { - err = cci_context_sync (context, 0); - } - - if (!err) { - err = cci_ipc_send_no_launch (cci_context_release_msg_id, - context->identifier, - NULL, - NULL); - } - if (!err) { cci_identifier_release (context->identifier); free (context->functions); diff --git a/src/ccapi/lib/ccapi_context.h b/src/ccapi/lib/ccapi_context.h index 7462a056e4..564f49db9d 100644 --- a/src/ccapi/lib/ccapi_context.h +++ b/src/ccapi/lib/ccapi_context.h @@ -29,6 +29,10 @@ #include "cci_common.h" +/* Used for freeing ccapi context in thread fini calls + * Does not tell the server you are exiting. */ +cc_int32 cci_context_destroy (cc_context_t in_context); + cc_int32 ccapi_context_release (cc_context_t in_context); cc_int32 ccapi_context_get_change_time (cc_context_t in_context, diff --git a/src/ccapi/lib/ccapi_string.c b/src/ccapi/lib/ccapi_string.c index 4acd9a89d4..4f4db6f43f 100644 --- a/src/ccapi/lib/ccapi_string.c +++ b/src/ccapi/lib/ccapi_string.c @@ -67,10 +67,8 @@ cc_int32 cci_string_new (cc_string_t *out_string, } if (!err) { - string->data = malloc (strlen (in_cstring) + 1); - if (string->data) { - strcpy ((char *)string->data, in_cstring); - } else { + string->data = strdup (in_cstring); + if (!string->data) { err = cci_check_error (ccErrNoMem); } diff --git a/src/ccapi/server/ccs_cache_collection.c b/src/ccapi/server/ccs_cache_collection.c index b09ae8d8ef..3790a10aac 100644 --- a/src/ccapi/server/ccs_cache_collection.c +++ b/src/ccapi/server/ccs_cache_collection.c @@ -571,25 +571,6 @@ cc_int32 ccs_cache_collection_set_default_ccache (ccs_cache_collection_t io_cac /* ------------------------------------------------------------------------ */ -static cc_int32 ccs_cache_collection_context_release (ccs_cache_collection_t io_cache_collection, - k5_ipc_stream in_request_data, - k5_ipc_stream io_reply_data) -{ - cc_int32 err = ccNoError; - - if (!io_cache_collection) { err = cci_check_error (ccErrBadParam); } - if (!in_request_data ) { err = cci_check_error (ccErrBadParam); } - if (!io_reply_data ) { err = cci_check_error (ccErrBadParam); } - - if (!err) { - /* Currently does nothing */ - } - - return cci_check_error (err); -} - -/* ------------------------------------------------------------------------ */ - static cc_int32 ccs_cache_collection_sync (ccs_cache_collection_t io_cache_collection, k5_ipc_stream in_request_data, k5_ipc_stream io_reply_data) @@ -1051,9 +1032,8 @@ static cc_int32 ccs_cache_collection_unlock (ccs_pipe_t in_client_pi } if (!err) { - if (in_request_name == cci_context_release_msg_id) { - err = ccs_cache_collection_context_release (io_cache_collection, - in_request_data, reply_data); + if (in_request_name == cci_context_unused_release_msg_id) { + /* Old release message. Do nothing. */ } else if (in_request_name == cci_context_sync_msg_id) { err = ccs_cache_collection_sync (io_cache_collection, diff --git a/src/clients/deps b/src/clients/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/clients/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/clients/kcpytkt/Makefile.in b/src/clients/kcpytkt/Makefile.in index a47ac5f8fa..882b93d72d 100644 --- a/src/clients/kcpytkt/Makefile.in +++ b/src/clients/kcpytkt/Makefile.in @@ -20,8 +20,8 @@ all-unix:: kcpytkt ##WIN32##all-windows:: $(KCPYTKT) all-mac:: -kcpytkt: kcpytkt.o $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ kcpytkt.o $(KRB4COMPAT_LIBS) +kcpytkt: kcpytkt.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ kcpytkt.o $(KRB5_BASE_LIBS) ##WIN32##$(KCPYTKT): $(OUTPRE)kcpytkt.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES) ##WIN32## link $(EXE_LINKOPTS) /out:$@ $** diff --git a/src/clients/kdeltkt/Makefile.in b/src/clients/kdeltkt/Makefile.in index dbd4b71165..fece6d8945 100644 --- a/src/clients/kdeltkt/Makefile.in +++ b/src/clients/kdeltkt/Makefile.in @@ -20,8 +20,8 @@ all-unix:: kdeltkt ##WIN32##all-windows:: $(KDELTKT) all-mac:: -kdeltkt: kdeltkt.o $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ kdeltkt.o $(KRB4COMPAT_LIBS) +kdeltkt: kdeltkt.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ kdeltkt.o $(KRB5_BASE_LIBS) ##WIN32##$(KDELTKT): $(OUTPRE)kdeltkt.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES) ##WIN32## link $(EXE_LINKOPTS) /out:$@ $** diff --git a/src/clients/kdestroy/Makefile.in b/src/clients/kdestroy/Makefile.in index 51cf5cf5dc..00b8f5863a 100644 --- a/src/clients/kdestroy/Makefile.in +++ b/src/clients/kdestroy/Makefile.in @@ -22,8 +22,8 @@ PROG_RPATH=$(KRB5_LIBDIR) all-unix:: kdestroy ##WIN32##all-windows:: $(KDESTROY) -kdestroy: kdestroy.o $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ kdestroy.o $(KRB4COMPAT_LIBS) +kdestroy: kdestroy.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ kdestroy.o $(KRB5_BASE_LIBS) ##WIN32##$(KDESTROY): $(OUTPRE)kdestroy.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES) ##WIN32## link $(EXE_LINKOPTS) -out:$@ $** @@ -39,13 +39,3 @@ install-unix:: $(INSTALL_DATA) $(srcdir)/$$f.M \ $(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ done -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kdestroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - kdestroy.c diff --git a/src/clients/kdestroy/deps b/src/clients/kdestroy/deps new file mode 100644 index 0000000000..e0ec42e6a7 --- /dev/null +++ b/src/clients/kdestroy/deps @@ -0,0 +1,6 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kdestroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + kdestroy.c diff --git a/src/clients/kdestroy/kdestroy.M b/src/clients/kdestroy/kdestroy.M index c7d0135b72..ada2ae3dcf 100644 --- a/src/clients/kdestroy/kdestroy.M +++ b/src/clients/kdestroy/kdestroy.M @@ -26,7 +26,7 @@ kdestroy \- destroy Kerberos tickets .SH SYNOPSIS .B kdestroy -[\fB\-5\fP] [\fB\-4\fP] [\fB\-q\fP] [\fB\-c\fP \fIcache_name] +[\fB\-q\fP] [\fB\-c\fP \fIcache_name] .br .SH DESCRIPTION The @@ -35,24 +35,8 @@ utility destroys the user's active Kerberos authorization tickets by writing zeros to the specified credentials cache that contains them. If the credentials cache is not specified, the default credentials cache is destroyed. -If kdestroy was built with Kerberos 4 support, the default behavior is to -destroy both Kerberos 5 and Kerberos 4 credentials. Otherwise, kdestroy -will default to destroying only Kerberos 5 credentials. .SH OPTIONS .TP -.B \-5 -destroy Kerberos 5 credentials. This overrides whatever the default built-in -behavior may be. This option may be used with -.B \-4 -. -.TP -.B \-4 -destroy Kerberos 4 credentials. This overrides whatever the default built-in -behavior may be. This option is only available if kinit was built -with Kerberos 4 compatibility. This option may be used with -.B \-5 -. -.TP .B \-q Run quietly. Normally .B kdestroy @@ -82,18 +66,11 @@ uses the following environment variables: .TP "\w'.SM KRB5CCNAME\ \ 'u" .SM KRB5CCNAME Location of the Kerberos 5 credentials (ticket) cache. -.TP "\w'.SM KRBTKFILE\ \ 'u" -.SM KRBTKFILE -Filename of the Kerberos 4 credentials (ticket) cache. .SH FILES .TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user). -.TP "\w'/tmp/tkt[uid]\ \ 'u" -/tmp/tkt[uid] -default location of Kerberos 4 credentials cache -([uid] is the decimal UID of the user). .SH SEE ALSO kinit(1), klist(1), krb5(3) .SH BUGS diff --git a/src/clients/kdestroy/kdestroy.c b/src/clients/kdestroy/kdestroy.c index f7bcef7cdd..3f2f326823 100644 --- a/src/clients/kdestroy/kdestroy.c +++ b/src/clients/kdestroy/kdestroy.c @@ -36,10 +36,6 @@ #include #endif -#ifdef KRB5_KRB4_COMPAT -#include -#endif - #ifdef __STDC__ #define BELL_CHAR '\a' #else @@ -57,29 +53,12 @@ extern char *optarg; char *progname; -int got_k5 = 0; -int got_k4 = 0; - -int default_k5 = 1; -#ifdef KRB5_KRB4_COMPAT -int default_k4 = 1; -#else -int default_k4 = 0; -#endif - static void usage() { #define KRB_AVAIL_STRING(x) ((x)?"available":"not available") - fprintf(stderr, "Usage: %s [-5] [-4] [-q] [-c cache_name]\n", progname); - fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); - fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); - fprintf(stderr, "\t (Default is %s%s%s%s)\n", - default_k5?"Kerberos 5":"", - (default_k5 && default_k4)?" and ":"", - default_k4?"Kerberos 4":"", - (!default_k5 && !default_k4)?"neither":""); + fprintf(stderr, "Usage: %s [-q] [-c cache_name]\n", progname); fprintf(stderr, "\t-q quiet mode\n"); fprintf(stderr, "\t-c specify name of credentials cache\n"); exit(2); @@ -96,23 +75,11 @@ main(argc, argv) krb5_ccache cache = NULL; char *cache_name = NULL; int code = 0; -#ifdef KRB5_KRB4_COMPAT - int v4code = 0; - int v4 = 1; -#endif int errflg = 0; int quiet = 0; - int use_k5 = 0; - int use_k4 = 0; - progname = GET_PROGNAME(argv[0]); - got_k5 = 1; -#ifdef KRB5_KRB4_COMPAT - got_k4 = 1; -#endif - while ((c = getopt(argc, argv, "54qc:")) != -1) { switch (c) { case 'q': @@ -127,24 +94,10 @@ main(argc, argv) } break; case '4': - if (!got_k4) - { -#ifdef KRB5_KRB4_COMPAT - fprintf(stderr, "Kerberos 4 support could not be loaded\n"); -#else - fprintf(stderr, "This was not built with Kerberos 4 support\n"); -#endif - exit(3); - } - use_k4 = 1; + fprintf(stderr, "Kerberos 4 is no longer supported\n"); + exit(3); break; case '5': - if (!got_k5) - { - fprintf(stderr, "Kerberos 5 support could not be loaded\n"); - exit(3); - } - use_k5 = 1; break; case '?': default: @@ -160,69 +113,38 @@ main(argc, argv) usage(); } - if (!use_k5 && !use_k4) - { - use_k5 = default_k5; - use_k4 = default_k4; + retval = krb5_init_context(&kcontext); + if (retval) { + com_err(progname, retval, "while initializing krb5"); + exit(1); } - if (!use_k5) - got_k5 = 0; - if (!use_k4) - got_k4 = 0; - - if (got_k5) { - retval = krb5_init_context(&kcontext); - if (retval) { - com_err(progname, retval, "while initializing krb5"); + if (cache_name) { + code = krb5_cc_resolve (kcontext, cache_name, &cache); + if (code != 0) { + com_err (progname, code, "while resolving %s", cache_name); exit(1); } - - if (cache_name) { -#ifdef KRB5_KRB4_COMPAT - v4 = 0; /* Don't do v4 if doing v5 and cache name given. */ -#endif - code = krb5_cc_resolve (kcontext, cache_name, &cache); - if (code != 0) { - com_err (progname, code, "while resolving %s", cache_name); - exit(1); - } - } else { - code = krb5_cc_default(kcontext, &cache); - if (code) { - com_err(progname, code, "while getting default ccache"); - exit(1); - } - } - - code = krb5_cc_destroy (kcontext, cache); - if (code != 0) { - com_err (progname, code, "while destroying cache"); - if (code != KRB5_FCC_NOFILE) { - if (quiet) - fprintf(stderr, "Ticket cache NOT destroyed!\n"); - else { - fprintf(stderr, "Ticket cache %cNOT%c destroyed!\n", - BELL_CHAR, BELL_CHAR); - } - errflg = 1; - } + } else { + code = krb5_cc_default(kcontext, &cache); + if (code) { + com_err(progname, code, "while getting default ccache"); + exit(1); } } -#ifdef KRB5_KRB4_COMPAT - if (got_k4 && v4) { - v4code = dest_tkt(); - if (v4code == KSUCCESS && code != 0) - fprintf(stderr, "Kerberos 4 ticket cache destroyed.\n"); - if (v4code != KSUCCESS && v4code != RET_TKFIL) { + + code = krb5_cc_destroy (kcontext, cache); + if (code != 0) { + com_err (progname, code, "while destroying cache"); + if (code != KRB5_FCC_NOFILE) { if (quiet) - fprintf(stderr, "Kerberos 4 ticket cache NOT destroyed!\n"); - else - fprintf(stderr, "Kerberos 4 ticket cache %cNOT%c destroyed!\n", + fprintf(stderr, "Ticket cache NOT destroyed!\n"); + else { + fprintf(stderr, "Ticket cache %cNOT%c destroyed!\n", BELL_CHAR, BELL_CHAR); + } errflg = 1; } } -#endif return errflg; } diff --git a/src/clients/kinit/Makefile.in b/src/clients/kinit/Makefile.in index 8df5012bad..a2b928f344 100644 --- a/src/clients/kinit/Makefile.in +++ b/src/clients/kinit/Makefile.in @@ -25,8 +25,8 @@ SRCS=kinit.c all-unix:: kinit ##WIN32##all-windows:: $(KINIT) -kinit: kinit.o $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ kinit.o $(KRB4COMPAT_LIBS) +kinit: kinit.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ kinit.o $(KRB5_BASE_LIBS) ##WIN32##$(KINIT): $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(KLIB) $(CLIB) $(EXERES) ##WIN32## link $(EXE_LINKOPTS) -out:$@ $** advapi32.lib @@ -42,13 +42,3 @@ install-unix:: $(INSTALL_DATA) $(srcdir)/$$f.M \ $(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ done -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kinit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h kinit.c diff --git a/src/clients/kinit/deps b/src/clients/kinit/deps new file mode 100644 index 0000000000..144fe22a1e --- /dev/null +++ b/src/clients/kinit/deps @@ -0,0 +1,7 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kinit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + kinit.c diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index eca8be3410..60336a24ea 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -28,8 +28,6 @@ kinit \- obtain and cache Kerberos ticket-granting ticket .TP .B kinit .ad l -[\fB\-5\fP] -[\fB\-4\fP] [\fB\-V\fP] [\fB\-l\fP \fIlifetime\fP] [\fB\-s\fP \fIstart_time\fP] [\fB\-r\fP \fIrenewable_life\fP] @@ -48,28 +46,8 @@ kinit \- obtain and cache Kerberos ticket-granting ticket .I kinit obtains and caches an initial ticket-granting ticket for .IR principal . -The typical default behavior is to acquire only -Kerberos 5 tickets. However, if kinit was built with both -Kerberos 4 support and with the default behavior of acquiring both -types of tickets, it will try to acquire both Kerberos 5 and Kerberos 4 -by default. -Any documentation particular to Kerberos 4 does not apply if Kerberos 4 -support was not built into kinit. .SH OPTIONS .TP -.B \-5 -get Kerberos 5 tickets. This overrides whatever the default built-in -behavior may be. This option may be used with -.B \-4 -. -.TP -.B \-4 -get Kerberos 4 tickets. This overrides whatever the default built-in -behavior may be. This option is only available if kinit was built -with Kerberos 4 compatibility. This option may be used with -.B \-5 -. -.TP .B \-V display verbose output. .TP @@ -105,45 +83,43 @@ requests a postdated ticket, valid starting at Postdated tickets are issued with the .I invalid flag set, and need to be fed back to the kdc before use. -(Not applicable to Kerberos 4.) .TP \fB\-r\fP \fIrenewable_life\fP requests renewable tickets, with a total lifetime of .IR renewable_life . The duration is in the same format as the .B \-l -option, with the same delimiters. (Not applicable to Kerberos 4.) +option, with the same delimiters. .TP .B \-f -request forwardable tickets. (Not applicable to Kerberos 4.) +request forwardable tickets. .TP .B \-F -do not request forwardable tickets. (Not applicable to Kerberos 4.) +do not request forwardable tickets. .TP .B \-p -request proxiable tickets. (Not applicable to Kerberos 4.) +request proxiable tickets. .TP .B \-P -do not request proxiable tickets. (Not applicable to Kerberos 4.) +do not request proxiable tickets. .TP .B \-a -request tickets with the local address[es]. (Not applicable to Kerberos 4.) +request tickets with the local address[es]. .TP .B \-A -request address-less tickets. (Not applicable to Kerberos 4.) +request address-less tickets. .TP .B \-v requests that the ticket granting ticket in the cache (with the .I invalid flag set) be passed to the kdc for validation. If the ticket is within its requested time range, the cache is replaced with the validated -ticket. (Not applicable to Kerberos 4.) +ticket. .TP .B \-R requests renewal of the ticket-granting ticket. Note that an expired ticket cannot be renewed, even if the ticket is still within its -renewable life. When using this option with Kerberos 4, the kdc must -support Kerberos 5 to Kerberos 4 ticket conversion. +renewable life. .TP \fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP] requests a host ticket, obtained from a key in the local host's @@ -152,9 +128,7 @@ file. The name and location of the keytab file may be specified with the .B \-t .I keytab_file -option; otherwise the default name and location will be used. When using -this option with Kerberos 4, the kdc must support Kerberos 5 to Kerberos 4 -ticket conversion. +option; otherwise the default name and location will be used. .TP \fB\-c\fP \fIcache_name\fP use @@ -167,15 +141,10 @@ The default credentials cache may vary between systems. If the environment variable is set, its value is used to name the default ticket cache. Any existing contents of the cache are destroyed by .IR kinit . -(Note: The default name for Kerberos 4 comes from the -.B KRBTKFILE -environment variable. This option does not apply to Kerberos 4.) .TP \fB\-S\fP \fIservice_name\fP specify an alternate service name to use when -getting initial tickets. (Applicable to Kerberos 5 or if using both -Kerberos 5 and Kerberos 4 with a kdc that supports Kerberos 5 to Kerberos 4 -ticket conversion.) +getting initial tickets. .TP \fB\-X\fP \fIattribute\fP[=\fIvalue\fP] specify a pre\-authentication attribute and value to be passed to @@ -204,18 +173,11 @@ uses the following environment variables: .TP "\w'.SM KRB5CCNAME\ \ 'u" .SM KRB5CCNAME Location of the Kerberos 5 credentials (ticket) cache. -.TP "\w'.SM KRBTKFILE\ \ 'u" -.SM KRBTKFILE -Filename of the Kerberos 4 credentials (ticket) cache. .SH FILES .TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user). -.TP "\w'/tmp/tkt[uid]\ \ 'u" -/tmp/tkt[uid] -default location of Kerberos 4 credentials cache -([uid] is the decimal UID of the user). .TP /etc/krb5.keytab default location for the local host's diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c index 506f551c19..e2a0f089b3 100644 --- a/src/clients/kinit/kinit.c +++ b/src/clients/kinit/kinit.c @@ -30,12 +30,6 @@ #include "autoconf.h" #include "k5-platform.h" /* for asprintf */ #include -#ifdef KRB5_KRB4_COMPAT -#include -#define HAVE_KRB524 -#else -#undef HAVE_KRB524 -#endif #include #include #include @@ -98,26 +92,7 @@ char * get_name_from_os() #endif /* _WIN32 */ #endif /* HAVE_PWD_H */ -static char* progname_v5 = 0; -#ifdef KRB5_KRB4_COMPAT -static char* progname_v4 = 0; -static char* progname_v524 = 0; -#endif - -static int got_k5 = 0; -static int got_k4 = 0; - -static int default_k5 = 1; -#if defined(KRB5_KRB4_COMPAT) && defined(KINIT_DEFAULT_BOTH) -static int default_k4 = 1; -#else -static int default_k4 = 0; -#endif - -static int authed_k5 = 0; -static int authed_k4 = 0; - -#define KRB4_BACKUP_DEFAULT_LIFE_SECS 24*60*60 /* 1 day */ +static char *progname; typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type; @@ -142,12 +117,14 @@ struct k_opts char* service_name; char* keytab_name; char* k5_cache_name; - char* k4_cache_name; action_type action; int num_pa_opts; krb5_gic_opt_pa_data *pa_opts; + + int canonicalize; + int enterprise; }; struct k5_data @@ -158,17 +135,6 @@ struct k5_data char* name; }; -struct k4_data -{ - krb5_deltat lifetime; -#ifdef KRB5_KRB4_COMPAT - char aname[ANAME_SZ + 1]; - char inst[INST_SZ + 1]; - char realm[REALM_SZ + 1]; - char name[ANAME_SZ + 1 + INST_SZ + 1 + REALM_SZ + 1]; -#endif -}; - #ifdef GETOPT_LONG /* if struct[2] == NULL, then long_getopt acts as if the short flag struct[3] was specified. If struct[2] != NULL, then struct[3] is @@ -182,6 +148,8 @@ struct option long_options[] = { { "forwardable", 0, NULL, 'f' }, { "proxiable", 0, NULL, 'p' }, { "noaddresses", 0, NULL, 'A' }, + { "canonicalize", 0, NULL, 'C' }, + { "enterprise", 0, NULL, 'E' }, { NULL, 0, NULL, 0 } }; @@ -191,24 +159,27 @@ struct option long_options[] = { #endif static void -usage(progname) - char *progname; +usage() { #define USAGE_BREAK "\n\t" #ifdef GETOPT_LONG -#define USAGE_LONG_FORWARDABLE " | --forwardable | --noforwardable" -#define USAGE_LONG_PROXIABLE " | --proxiable | --noproxiable" -#define USAGE_LONG_ADDRESSES " | --addresses | --noaddresses" +#define USAGE_LONG_FORWARDABLE " | --forwardable | --noforwardable" +#define USAGE_LONG_PROXIABLE " | --proxiable | --noproxiable" +#define USAGE_LONG_ADDRESSES " | --addresses | --noaddresses" +#define USAGE_LONG_CANONICALIZE " | --canonicalize" +#define USAGE_LONG_ENTERPRISE " | --enterprise" #define USAGE_BREAK_LONG USAGE_BREAK #else -#define USAGE_LONG_FORWARDABLE "" -#define USAGE_LONG_PROXIABLE "" -#define USAGE_LONG_ADDRESSES "" -#define USAGE_BREAK_LONG "" +#define USAGE_LONG_FORWARDABLE "" +#define USAGE_LONG_PROXIABLE "" +#define USAGE_LONG_ADDRESSES "" +#define USAGE_LONG_CANONICALIZE "" +#define USAGE_LONG_ENTERPRISE "" +#define USAGE_BREAK_LONG "" #endif - fprintf(stderr, "Usage: %s [-5] [-4] [-V] " + fprintf(stderr, "Usage: %s [-V] " "[-l lifetime] [-s start_time] " USAGE_BREAK "[-r renewable_life] " @@ -217,6 +188,10 @@ usage(progname) "[-p | -P" USAGE_LONG_PROXIABLE "] " USAGE_BREAK_LONG "[-a | -A" USAGE_LONG_ADDRESSES "] " + USAGE_BREAK_LONG + "[-C" USAGE_LONG_CANONICALIZE "] " + USAGE_BREAK + "[-E" USAGE_LONG_ENTERPRISE "] " USAGE_BREAK "[-v] [-R] " "[-k [-t keytab_file]] " @@ -227,54 +202,26 @@ usage(progname) "\n\n", progname); -#define KRB_AVAIL_STRING(x) ((x)?"available":"not available") - -#define OPTTYPE_KRB5 "5" -#define OPTTYPE_KRB4 "4" -#define OPTTYPE_EITHER "Either 4 or 5" -#ifdef HAVE_KRB524 -#define OPTTYPE_BOTH "5, or both 5 and 4" -#else -#define OPTTYPE_BOTH "5" -#endif - -#ifdef KRB5_KRB4_COMPAT -#define USAGE_OPT_FMT "%s%-50s%s\n" -#define ULINE(indent, col1, col2) \ -fprintf(stderr, USAGE_OPT_FMT, indent, col1, col2) -#else -#define USAGE_OPT_FMT "%s%s\n" -#define ULINE(indent, col1, col2) \ -fprintf(stderr, USAGE_OPT_FMT, indent, col1) -#endif - - ULINE(" ", "options:", "valid with Kerberos:"); - fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); - fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); - fprintf(stderr, "\t (Default behavior is to try %s%s%s%s)\n", - default_k5?"Kerberos 5":"", - (default_k5 && default_k4)?" and ":"", - default_k4?"Kerberos 4":"", - (!default_k5 && !default_k4)?"neither":""); - ULINE("\t", "-V verbose", OPTTYPE_EITHER); - ULINE("\t", "-l lifetime", OPTTYPE_EITHER); - ULINE("\t", "-s start time", OPTTYPE_KRB5); - ULINE("\t", "-r renewable lifetime", OPTTYPE_KRB5); - ULINE("\t", "-f forwardable", OPTTYPE_KRB5); - ULINE("\t", "-F not forwardable", OPTTYPE_KRB5); - ULINE("\t", "-p proxiable", OPTTYPE_KRB5); - ULINE("\t", "-P not proxiable", OPTTYPE_KRB5); - ULINE("\t", "-a include addresses", OPTTYPE_KRB5); - ULINE("\t", "-A do not include addresses", OPTTYPE_KRB5); - ULINE("\t", "-v validate", OPTTYPE_KRB5); - ULINE("\t", "-R renew", OPTTYPE_BOTH); - ULINE("\t", "-k use keytab", OPTTYPE_BOTH); - ULINE("\t", "-t filename of keytab to use", OPTTYPE_BOTH); - ULINE("\t", "-c Kerberos 5 cache name", OPTTYPE_KRB5); - /* This options is not yet available: */ - /* ULINE("\t", "-C Kerberos 4 cache name", OPTTYPE_KRB4); */ - ULINE("\t", "-S service", OPTTYPE_BOTH); - ULINE("\t", "-X [=]", OPTTYPE_KRB5); + fprintf(stderr, " options:"); + fprintf(stderr, "\t-V verbose\n"); + fprintf(stderr, "\t-l lifetime\n"); + fprintf(stderr, "\t-s start time\n"); + fprintf(stderr, "\t-r renewable lifetime\n"); + fprintf(stderr, "\t-f forwardable\n"); + fprintf(stderr, "\t-F not forwardable\n"); + fprintf(stderr, "\t-p proxiable\n"); + fprintf(stderr, "\t-P not proxiable\n"); + fprintf(stderr, "\t-a include addresses\n"); + fprintf(stderr, "\t-A do not include addresses\n"); + fprintf(stderr, "\t-v validate\n"); + fprintf(stderr, "\t-R renew\n"); + fprintf(stderr, "\t-C canonicalize\n"); + fprintf(stderr, "\t-E client is enterprise principal name\n"); + fprintf(stderr, "\t-k use keytab\n"); + fprintf(stderr, "\t-t filename of keytab to use\n"); + fprintf(stderr, "\t-c Kerberos 5 cache name\n"); + fprintf(stderr, "\t-S service\n"); + fprintf(stderr, "\t-X [=]\n"); exit(2); } @@ -322,19 +269,16 @@ add_preauth_opt(struct k_opts *opts, char *av) } static char * -parse_options(argc, argv, opts, progname) +parse_options(argc, argv, opts) int argc; char **argv; struct k_opts* opts; - char *progname; { krb5_error_code code; int errflg = 0; - int use_k4 = 0; - int use_k5 = 0; int i; - while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:vX:")) + while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:vX:CE")) != -1) { switch (i) { case 'V': @@ -426,40 +370,17 @@ parse_options(argc, argv, opts, progname) errflg++; } break; -#if 0 - /* - A little more work is needed before we can enable this - option. - */ case 'C': - if (opts->k4_cache_name) - { - fprintf(stderr, "Only one -C option allowed\n"); - errflg++; - } else { - opts->k4_cache_name = optarg; - } + opts->canonicalize = 1; + break; + case 'E': + opts->enterprise = 1; break; -#endif case '4': - if (!got_k4) - { -#ifdef KRB5_KRB4_COMPAT - fprintf(stderr, "Kerberos 4 support could not be loaded\n"); -#else - fprintf(stderr, "This was not built with Kerberos 4 support\n"); -#endif - exit(3); - } - use_k4 = 1; + fprintf(stderr, "Kerberos 4 is no longer supported\n"); + exit(3); break; case '5': - if (!got_k5) - { - fprintf(stderr, "Kerberos 5 support could not be loaded\n"); - exit(3); - } - use_k5 = 1; break; default: errflg++; @@ -489,65 +410,21 @@ parse_options(argc, argv, opts, progname) errflg++; } - /* At this point, if errorless, we know we only have one option - selection */ - if (!use_k5 && !use_k4) { - use_k5 = default_k5; - use_k4 = default_k4; - } - - /* Now, we encode the OPTTYPE stuff here... */ - if (!use_k5 && - (opts->starttime || opts->rlife || opts->forwardable || - opts->proxiable || opts->addresses || opts->not_forwardable || - opts->not_proxiable || opts->no_addresses || - (opts->action == VALIDATE) || opts->k5_cache_name)) - { - fprintf(stderr, "Specified option that requires Kerberos 5\n"); - errflg++; - } - if (!use_k4 && - opts->k4_cache_name) - { - fprintf(stderr, "Specified option that require Kerberos 4\n"); - errflg++; - } - if ( -#ifdef HAVE_KRB524 - !use_k5 -#else - use_k4 -#endif - && (opts->service_name || opts->keytab_name || - (opts->action == INIT_KT) || (opts->action == RENEW)) - ) - { - fprintf(stderr, "Specified option that requires Kerberos 5\n"); - errflg++; - } - if (errflg) { - usage(progname); + usage(); } - got_k5 = got_k5 && use_k5; - got_k4 = got_k4 && use_k4; - opts->principal_name = (optind == argc-1) ? argv[optind] : 0; return opts->principal_name; } static int -k5_begin(opts, k5, k4) +k5_begin(opts, k5) struct k_opts* opts; -struct k5_data* k5; -struct k4_data* k4; + struct k5_data* k5; { - char* progname = progname_v5; krb5_error_code code = 0; - - if (!got_k5) - return 0; + int flags = opts->enterprise ? KRB5_PRINCIPAL_PARSE_ENTERPRISE : 0; code = krb5_init_context(&k5->ctx); if (code) { @@ -575,8 +452,8 @@ struct k4_data* k4; if (opts->principal_name) { /* Use specified name */ - if ((code = krb5_parse_name(k5->ctx, opts->principal_name, - &k5->me))) { + if ((code = krb5_parse_name_flags(k5->ctx, opts->principal_name, + flags, &k5->me))) { com_err(progname, code, "when parsing name %s", opts->principal_name); return 0; @@ -606,8 +483,8 @@ struct k4_data* k4; fprintf(stderr, "Unable to identify user\n"); return 0; } - if ((code = krb5_parse_name(k5->ctx, name, - &k5->me))) + if ((code = krb5_parse_name_flags(k5->ctx, name, + flags, &k5->me))) { com_err(progname, code, "when parsing name %s", name); @@ -624,19 +501,6 @@ struct k4_data* k4; } opts->principal_name = k5->name; -#ifdef KRB5_KRB4_COMPAT - if (got_k4) - { - /* Translate to a Kerberos 4 principal */ - code = krb5_524_conv_principal(k5->ctx, k5->me, - k4->aname, k4->inst, k4->realm); - if (code) { - k4->aname[0] = 0; - k4->inst[0] = 0; - k4->realm[0] = 0; - } - } -#endif return 1; } @@ -656,110 +520,6 @@ k5_end(k5) memset(k5, 0, sizeof(*k5)); } -static int -k4_begin(opts, k4) - struct k_opts* opts; - struct k4_data* k4; -{ -#ifdef KRB5_KRB4_COMPAT - char* progname = progname_v4; - int k_errno = 0; -#endif - - if (!got_k4) - return 0; - -#ifdef KRB5_KRB4_COMPAT - if (k4->aname[0]) - goto skip; - - if (opts->principal_name) - { - /* Use specified name */ - k_errno = kname_parse(k4->aname, k4->inst, k4->realm, - opts->principal_name); - if (k_errno) - { - fprintf(stderr, "%s: %s\n", progname, - krb_get_err_text(k_errno)); - return 0; - } - } else { - /* No principal name specified */ - if (opts->action == INIT_KT) { - /* Use the default host/service name */ - /* XXX - need to add this functionality */ - fprintf(stderr, "%s: Kerberos 4 srvtab support is not " - "implemented\n", progname); - return 0; - } else { - /* Get default principal from cache if one exists */ - k_errno = krb_get_tf_fullname(tkt_string(), k4->aname, - k4->inst, k4->realm); - if (k_errno) - { - char *name = get_name_from_os(); - if (!name) - { - fprintf(stderr, "Unable to identify user\n"); - return 0; - } - k_errno = kname_parse(k4->aname, k4->inst, k4->realm, - name); - if (k_errno) - { - fprintf(stderr, "%s: %s\n", progname, - krb_get_err_text(k_errno)); - return 0; - } - } - } - } - - if (!k4->realm[0]) - krb_get_lrealm(k4->realm, 1); - - if (k4->inst[0]) - snprintf(k4->name, sizeof(k4->name), "%s.%s@%s", - k4->aname, k4->inst, k4->realm); - else - snprintf(k4->name, sizeof(k4->name), "%s@%s", k4->aname, k4->realm); - opts->principal_name = k4->name; - - skip: - if (k4->aname[0] && !k_isname(k4->aname)) - { - fprintf(stderr, "%s: bad Kerberos 4 name format\n", progname); - return 0; - } - - if (k4->inst[0] && !k_isinst(k4->inst)) - { - fprintf(stderr, "%s: bad Kerberos 4 instance format\n", progname); - return 0; - } - - if (k4->realm[0] && !k_isrealm(k4->realm)) - { - fprintf(stderr, "%s: bad Kerberos 4 realm format\n", progname); - return 0; - } -#endif /* KRB5_KRB4_COMPAT */ - return 1; -} - -static void -k4_end(k4) - struct k4_data* k4; -{ - memset(k4, 0, sizeof(*k4)); -} - -#ifdef KRB5_KRB4_COMPAT -static char stash_password[1024]; -static int got_password = 0; -#endif /* KRB5_KRB4_COMPAT */ - static krb5_error_code KRB5_CALLCONV kinit_prompter( @@ -771,21 +531,8 @@ kinit_prompter( krb5_prompt prompts[] ) { - int i; - krb5_prompt_type *types; krb5_error_code rc = krb5_prompter_posix(ctx, data, name, banner, num_prompts, prompts); - if (!rc && (types = krb5_get_prompt_types(ctx))) - for (i = 0; i < num_prompts; i++) - if ((types[i] == KRB5_PROMPT_TYPE_PASSWORD) || - (types[i] == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN)) - { -#ifdef KRB5_KRB4_COMPAT - strncpy(stash_password, prompts[i].reply->data, - sizeof(stash_password)); - got_password = 1; -#endif - } return rc; } @@ -794,7 +541,6 @@ k5_kinit(opts, k5) struct k_opts* opts; struct k5_data* k5; { - char* progname = progname_v5; int notix = 1; krb5_keytab keytab = 0; krb5_creds my_creds; @@ -802,9 +548,6 @@ k5_kinit(opts, k5) krb5_get_init_creds_opt *options = NULL; int i; - if (!got_k5) - return 0; - memset(&my_creds, 0, sizeof(my_creds)); code = krb5_get_init_creds_opt_alloc(k5->ctx, &options); @@ -828,6 +571,8 @@ k5_kinit(opts, k5) krb5_get_init_creds_opt_set_proxiable(options, 1); if (opts->not_proxiable) krb5_get_init_creds_opt_set_proxiable(options, 0); + if (opts->canonicalize) + krb5_get_init_creds_opt_set_canonicalize(options, 1); if (opts->addresses) { krb5_address **addresses = NULL; @@ -902,14 +647,7 @@ k5_kinit(opts, k5) break; } - /* If got code == KRB5_AP_ERR_V4_REPLY && got_k4, we should - let the user know that maybe he/she wants -4. */ - if (code == KRB5KRB_AP_ERR_V4_REPLY && got_k4) - com_err(progname, code, "while %s\n" - "The KDC doesn't support v5. " - "You may want the -4 option in the future", - doing); - else if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) + if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) fprintf(stderr, "%s: Password incorrect while %s\n", progname, doing); else @@ -917,12 +655,8 @@ k5_kinit(opts, k5) goto cleanup; } - if (!opts->lifetime) { - /* We need to figure out what lifetime to use for Kerberos 4. */ - opts->lifetime = my_creds.times.endtime - my_creds.times.authtime; - } - - code = krb5_cc_initialize(k5->ctx, k5->cc, k5->me); + code = krb5_cc_initialize(k5->ctx, k5->cc, + opts->canonicalize ? my_creds.client : k5->me); if (code) { com_err(progname, code, "when initializing cache %s", opts->k5_cache_name?opts->k5_cache_name:""); @@ -954,194 +688,6 @@ k5_kinit(opts, k5) return notix?0:1; } -static int -k4_kinit(opts, k4, ctx) - struct k_opts* opts; - struct k4_data* k4; - krb5_context ctx; -{ -#ifdef KRB5_KRB4_COMPAT - char* progname = progname_v4; - int k_errno = 0; -#endif - - if (!got_k4) - return 0; - - if (opts->starttime) - return 0; - -#ifdef KRB5_KRB4_COMPAT - if (!k4->lifetime) - k4->lifetime = opts->lifetime; - if (!k4->lifetime) - k4->lifetime = KRB4_BACKUP_DEFAULT_LIFE_SECS; - - k4->lifetime = krb_time_to_life(0, k4->lifetime); - - switch (opts->action) - { - case INIT_PW: - if (!got_password) { - unsigned int pwsize = sizeof(stash_password); - krb5_error_code code; - char prompt[1024]; - - snprintf(prompt, sizeof(prompt), - "Password for %s", opts->principal_name); - stash_password[0] = 0; - /* - Note: krb5_read_password does not actually look at the - context, so we're ok even if we don't have a context. If - we cannot dynamically load krb5, we can substitute any - decent read password function instead of the krb5 one. - */ - code = krb5_read_password(ctx, prompt, 0, stash_password, &pwsize); - if (code || pwsize == 0) - { - fprintf(stderr, "Error while reading password for '%s'\n", - opts->principal_name); - memset(stash_password, 0, sizeof(stash_password)); - return 0; - } - got_password = 1; - } - k_errno = krb_get_pw_in_tkt(k4->aname, k4->inst, k4->realm, "krbtgt", - k4->realm, k4->lifetime, stash_password); - - if (k_errno) { - fprintf(stderr, "%s: %s\n", progname, - krb_get_err_text(k_errno)); - if (authed_k5) - fprintf(stderr, "Maybe your KDC does not support v4. " - "Try the -5 option next time.\n"); - return 0; - } - return 1; -#ifndef HAVE_KRB524 - case INIT_KT: - fprintf(stderr, "%s: srvtabs are not supported\n", progname); - return 0; - case RENEW: - fprintf(stderr, "%s: renewal of krb4 tickets is not supported\n", - progname); - return 0; -#else - /* These cases are handled by the 524 code - this prevents the compiler - warnings of not using all the enumerated types. - */ - case INIT_KT: - case RENEW: - case VALIDATE: - return 0; -#endif - } -#endif - return 0; -} - -static char* -getvprogname(v, progname) - char *v, *progname; -{ - char *ret; - - if (asprintf(&ret, "%s(v%s)", progname, v) < 0) - return progname; - else - return ret; -} - -#ifdef HAVE_KRB524 -/* Convert krb5 tickets to krb4. */ -static int try_convert524(k5) - struct k5_data* k5; -{ - char * progname = progname_v524; - krb5_error_code code = 0; - int icode = 0; - krb5_principal kpcserver = 0; - krb5_creds *v5creds = 0; - krb5_creds increds; - CREDENTIALS v4creds; - - if (!got_k4 || !got_k5) - return 0; - - memset((char *) &increds, 0, sizeof(increds)); - /* - From this point on, we can goto cleanup because increds is - initialized. - */ - - if ((code = krb5_build_principal(k5->ctx, - &kpcserver, - krb5_princ_realm(k5->ctx, k5->me)->length, - krb5_princ_realm(k5->ctx, k5->me)->data, - "krbtgt", - krb5_princ_realm(k5->ctx, k5->me)->data, - NULL))) { - com_err(progname, code, - "while creating service principal name"); - goto cleanup; - } - - increds.client = k5->me; - increds.server = kpcserver; - /* Prevent duplicate free calls. */ - kpcserver = 0; - - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if ((code = krb5_get_credentials(k5->ctx, 0, - k5->cc, - &increds, - &v5creds))) { - com_err(progname, code, - "getting V5 credentials"); - goto cleanup; - } - if ((icode = krb524_convert_creds_kdc(k5->ctx, - v5creds, - &v4creds))) { - com_err(progname, icode, - "converting to V4 credentials"); - goto cleanup; - } - /* this is stolen from the v4 kinit */ - /* initialize ticket cache */ - if ((icode = in_tkt(v4creds.pname, v4creds.pinst) - != KSUCCESS)) { - com_err(progname, icode, - "trying to create the V4 ticket file"); - goto cleanup; - } - /* stash ticket, session key, etc. for future use */ - if ((icode = krb_save_credentials(v4creds.service, - v4creds.instance, - v4creds.realm, - v4creds.session, - v4creds.lifetime, - v4creds.kvno, - &(v4creds.ticket_st), - v4creds.issue_date))) { - com_err(progname, icode, - "trying to save the V4 ticket"); - goto cleanup; - } - - cleanup: - memset(&v4creds, 0, sizeof(v4creds)); - if (v5creds) - krb5_free_creds(k5->ctx, v5creds); - increds.client = 0; - krb5_free_cred_contents(k5->ctx, &increds); - if (kpcserver) - krb5_free_principal(k5->ctx, kpcserver); - return !(code || icode); -} -#endif /* HAVE_KRB524 */ - int main(argc, argv) int argc; @@ -1149,16 +695,9 @@ main(argc, argv) { struct k_opts opts; struct k5_data k5; - struct k4_data k4; - char *progname; - + int authed_k5 = 0; progname = GET_PROGNAME(argv[0]); - progname_v5 = getvprogname("5", progname); -#ifdef KRB5_KRB4_COMPAT - progname_v4 = getvprogname("4", progname); - progname_v524 = getvprogname("524", progname); -#endif /* Ensure we can be driven from a pipe */ if(!isatty(fileno(stdin))) @@ -1168,49 +707,24 @@ main(argc, argv) if(!isatty(fileno(stderr))) setvbuf(stderr, 0, _IONBF, 0); - /* - This is where we would put in code to dynamically load Kerberos - libraries. Currenlty, we just get them implicitly. - */ - got_k5 = 1; -#ifdef KRB5_KRB4_COMPAT - got_k4 = 1; -#endif - memset(&opts, 0, sizeof(opts)); opts.action = INIT_PW; memset(&k5, 0, sizeof(k5)); - memset(&k4, 0, sizeof(k4)); set_com_err_hook (extended_com_err_fn); - parse_options(argc, argv, &opts, progname); - - got_k5 = k5_begin(&opts, &k5, &k4); - got_k4 = k4_begin(&opts, &k4); + parse_options(argc, argv, &opts); - authed_k5 = k5_kinit(&opts, &k5); -#ifdef HAVE_KRB524 - if (authed_k5) - authed_k4 = try_convert524(&k5); -#endif - if (!authed_k4) - authed_k4 = k4_kinit(&opts, &k4, k5.ctx); -#ifdef KRB5_KRB4_COMPAT - memset(stash_password, 0, sizeof(stash_password)); -#endif + if (k5_begin(&opts, &k5)) + authed_k5 = k5_kinit(&opts, &k5); if (authed_k5 && opts.verbose) fprintf(stderr, "Authenticated to Kerberos v5\n"); - if (authed_k4 && opts.verbose) - fprintf(stderr, "Authenticated to Kerberos v4\n"); k5_end(&k5); - k4_end(&k4); - if ((got_k5 && !authed_k5) || (got_k4 && !authed_k4) || - (!got_k5 && !got_k4)) + if (!authed_k5) exit(1); return 0; } diff --git a/src/clients/klist/Makefile.in b/src/clients/klist/Makefile.in index 66d0c4acd0..56e9b399c0 100644 --- a/src/clients/klist/Makefile.in +++ b/src/clients/klist/Makefile.in @@ -22,8 +22,8 @@ SRCS = klist.c all-unix:: klist ##WIN32##all-windows:: $(KLIST) -klist: klist.o $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ klist.o $(KRB4COMPAT_LIBS) +klist: klist.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ klist.o $(KRB5_BASE_LIBS) ##WIN32##$(KLIST): $(OUTPRE)klist.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(SLIB) $(KLIB) $(CLIB) $(EXERES) ##WIN32## link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib $(SCLIB) @@ -40,15 +40,3 @@ install-unix:: $(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ done -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)klist.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - klist.c diff --git a/src/clients/klist/deps b/src/clients/klist/deps new file mode 100644 index 0000000000..6f211b15f3 --- /dev/null +++ b/src/clients/klist/deps @@ -0,0 +1,8 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)klist.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h klist.c diff --git a/src/clients/klist/klist.M b/src/clients/klist/klist.M index c5f66d5250..b3603fd5f6 100644 --- a/src/clients/klist/klist.M +++ b/src/clients/klist/klist.M @@ -25,7 +25,7 @@ .SH NAME klist \- list cached Kerberos tickets .SH SYNOPSIS -\fBklist\fP [\fB\-5\fP] [\fB\-4\fP] [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] +\fBklist\fP [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] [\fB\-s\fP] [\fB\-a\fP [\fB\-n\fP]]] [\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP]] [\fIcache_name\fP | \fIkeytab_name\fP] @@ -36,24 +36,8 @@ lists the Kerberos principal and Kerberos tickets held in a credentials cache, or the keys held in a .B keytab file. -If klist was built with Kerberos 4 support, the default behavior is to list -both Kerberos 5 and Kerberos 4 credentials. Otherwise, klist will default -to listing only Kerberos 5 credentials. .SH OPTIONS .TP -.B \-5 -list Kerberos 5 credentials. This overrides whatever the default built-in -behavior may be. This option may be used with -.B \-4 -. -.TP -.B \-4 -list Kerberos 4 credentials. This overrides whatever the default built-in -behavior may be. This option is only available if kinit was built -with Kerberos 4 compatibility. This option may be used with -.B \-5 -. -.TP .B \-e displays the encryption types of the session key and the ticket for each credential in the credential cache, or each key in the keytab file. @@ -133,18 +117,11 @@ uses the following environment variables: .TP "\w'.SM KRB5CCNAME\ \ 'u" .SM KRB5CCNAME Location of the Kerberos 5 credentials (ticket) cache. -.TP "\w'.SM KRBTKFILE\ \ 'u" -.SM KRBTKFILE -Filename of the Kerberos 4 credentials (ticket) cache. .SH FILES .TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user). -.TP "\w'/tmp/tkt[uid]\ \ 'u" -/tmp/tkt[uid] -default location of Kerberos 4 credentials cache -([uid] is the decimal UID of the user). .TP /etc/krb5.keytab default location for the local host's diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index f1a251c660..70ca604e51 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -29,9 +29,6 @@ #include "autoconf.h" #include -#ifdef KRB5_KRB4_COMPAT -#include -#endif #include #include #ifdef HAVE_UNISTD_H @@ -76,43 +73,16 @@ void printtime (time_t); void one_addr (krb5_address *); void fillit (FILE *, unsigned int, int); -#ifdef KRB5_KRB4_COMPAT -void do_v4_ccache (char *); -#endif /* KRB5_KRB4_COMPAT */ - #define DEFAULT 0 #define CCACHE 1 #define KEYTAB 2 -/* - * The reason we start out with got_k4 and got_k5 as zero (false) is - * so that we can easily add dynamic loading support for determining - * whether Kerberos 4 and Keberos 5 libraries are available - */ - -static int got_k5 = 0; -static int got_k4 = 0; - -static int default_k5 = 1; -#ifdef KRB5_KRB4_COMPAT -static int default_k4 = 1; -#else -static int default_k4 = 0; -#endif - static void usage() { #define KRB_AVAIL_STRING(x) ((x)?"available":"not available") - fprintf(stderr, "Usage: %s [-5] [-4] [-e] [[-c] [-f] [-s] [-a [-n]]] %s", + fprintf(stderr, "Usage: %s [-e] [[-c] [-f] [-s] [-a [-n]]] %s", progname, "[-k [-t] [-K]] [name]\n"); - fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); - fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); - fprintf(stderr, "\t (Default is %s%s%s%s)\n", - default_k5?"Kerberos 5":"", - (default_k5 && default_k4)?" and ":"", - default_k4?"Kerberos 4":"", - (!default_k5 && !default_k4)?"neither":""); fprintf(stderr, "\t-c specifies credentials cache\n"); fprintf(stderr, "\t-k specifies keytab\n"); fprintf(stderr, "\t (Default is credentials cache)\n"); @@ -136,12 +106,6 @@ main(argc, argv) int c; char *name; int mode; - int use_k5 = 0, use_k4 = 0; - - got_k5 = 1; -#ifdef KRB5_KRB4_COMPAT - got_k4 = 1; -#endif progname = GET_PROGNAME(argv[0]); @@ -179,24 +143,10 @@ main(argc, argv) mode = KEYTAB; break; case '4': - if (!got_k4) - { -#ifdef KRB5_KRB4_COMPAT - fprintf(stderr, "Kerberos 4 support could not be loaded\n"); -#else - fprintf(stderr, "This was not built with Kerberos 4 support\n"); -#endif - exit(3); - } - use_k4 = 1; + fprintf(stderr, "Kerberos 4 is no longer supported\n"); + exit(3); break; case '5': - if (!got_k5) - { - fprintf(stderr, "Kerberos 5 support could not be loaded\n"); - exit(3); - } - use_k5 = 1; break; default: usage(); @@ -224,17 +174,6 @@ main(argc, argv) name = (optind == argc-1) ? argv[optind] : 0; - if (!use_k5 && !use_k4) - { - use_k5 = default_k5; - use_k4 = default_k4; - } - - if (!use_k5) - got_k5 = 0; - if (!use_k4) - got_k4 = 0; - now = time(0); { char tmp[BUFSIZ]; @@ -247,7 +186,6 @@ main(argc, argv) timestamp_width = 15; } - if (got_k5) { krb5_error_code retval; retval = krb5_init_context(&kcontext); @@ -260,18 +198,6 @@ main(argc, argv) do_ccache(name); else do_keytab(name); - } else { -#ifdef KRB5_KRB4_COMPAT - if (mode == DEFAULT || mode == CCACHE) - do_v4_ccache(name); - else { - /* We may want to add v4 srvtab support */ - fprintf(stderr, - "%s: srvtab option not supported for Kerberos 4\n", - progname); - exit(1); - } -#endif /* KRB4_KRB5_COMPAT */ } return 0; @@ -733,105 +659,3 @@ fillit(f, num, c) for (i=0; i #include #include +#include #define TKTTIMELEFT 60*10 /* ten minutes */ @@ -69,14 +70,11 @@ static kbrccache_t userinitcontext( krb5_unparse_name( kcontext, kme, &pName ); if( cachename ) { - pCacheName = malloc( strlen( pName ) + strlen( cachename ) + 1 ); - if( pCacheName == NULL ) + if (asprintf(&pCacheName, "%s%s", cachename, pName) < 0) { kres = KRB5_CC_NOMEM; goto fail; } - strcpy( pCacheName, cachename ); - strcat( pCacheName, pName ); kres = krb5_cc_resolve( kcontext, pCacheName, &kcache ); if( kres ) { diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in index 6c01723d80..e91909857a 100644 --- a/src/clients/ksu/Makefile.in +++ b/src/clients/ksu/Makefile.in @@ -41,70 +41,3 @@ install:: $(INSTALL_DATA) $(srcdir)/$$f.M \ ${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ done -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)krb_auth_su.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - krb_auth_su.c ksu.h -$(OUTPRE)ccache.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ccache.c ksu.h -$(OUTPRE)authorization.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - authorization.c ksu.h -$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ksu.h main.c -$(OUTPRE)heuristic.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - heuristic.c ksu.h -$(OUTPRE)xmalloc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - ksu.h xmalloc.c -$(OUTPRE)setenv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - setenv.c diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c index b5713c103e..0c90d27131 100644 --- a/src/clients/ksu/authorization.c +++ b/src/clients/ksu/authorization.c @@ -365,15 +365,13 @@ krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err) }else{ /* must be either full path or just the cmd name */ if (strchr(fcmd, '/')){ - err = (char *) xcalloc((strlen(fcmd) +200) ,sizeof(char)); - sprintf(err,"Error: bad entry - %s in %s file, must be either full path or just the cmd name\n", fcmd, KRB5_USERS_NAME); + asprintf(&err,"Error: bad entry - %s in %s file, must be either full path or just the cmd name\n", fcmd, KRB5_USERS_NAME); *out_err = err; return FALSE; } #ifndef CMD_PATH - err = (char *) xcalloc(2*(strlen(fcmd) +200) ,sizeof(char)); - sprintf(err,"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH must be defined \n", fcmd, KRB5_USERS_NAME, fcmd); + asprintf(&err,"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH must be defined \n", fcmd, KRB5_USERS_NAME, fcmd); *out_err = err; return FALSE; #else @@ -386,8 +384,7 @@ krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err) tc = get_first_token (path_ptr, &lp); if (! tc){ - err = (char *) xcalloc((strlen(fcmd) +200) ,sizeof(char)); - sprintf(err,"Error: bad entry - %s in %s file, CMD_PATH contains no paths \n", fcmd, KRB5_USERS_NAME); + asprintf(&err,"Error: bad entry - %s in %s file, CMD_PATH contains no paths \n", fcmd, KRB5_USERS_NAME); *out_err = err; return FALSE; } @@ -395,8 +392,7 @@ krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err) i=0; do{ if (*tc != '/'){ /* must be full path */ - err = (char *) xcalloc((strlen(tc) +200) ,sizeof(char)); - sprintf(err,"Error: bad path %s in CMD_PATH for %s must start with '/' \n",tc, KRB5_USERS_NAME ); + asprintf(&err,"Error: bad path %s in CMD_PATH for %s must start with '/' \n",tc, KRB5_USERS_NAME ); *out_err = err; return FALSE; } @@ -498,13 +494,9 @@ krb5_boolean find_first_cmd_that_exists(fcmd_arr, cmd_out, err_out) int i = 0; krb5_boolean retbool= FALSE; int j =0; - char * err; - unsigned int max_ln=0; - unsigned int tln=0; + struct k5buf buf; while(fcmd_arr[i]){ - tln = strlen(fcmd_arr[i]); - if ( tln > max_ln) max_ln = tln; if (!stat (fcmd_arr[i], &st_temp )){ *cmd_out = xstrdup(fcmd_arr[i]); retbool = TRUE; @@ -514,15 +506,16 @@ krb5_boolean find_first_cmd_that_exists(fcmd_arr, cmd_out, err_out) } if (retbool == FALSE ){ - err = (char *) xcalloc((80 + (max_ln+2)*i) ,sizeof(char)); - strcpy(err,"Error: not found -> "); - for(j= 0; j < i; j ++){ - strcat(err, " "); - strcat(err, fcmd_arr[j]); - strcat(err, " "); + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add(&buf, "Error: not found -> "); + for(j= 0; j < i; j ++) + krb5int_buf_add_fmt(&buf, " %s ", fcmd_arr[j]); + krb5int_buf_add(&buf, "\n"); + *err_out = krb5int_buf_data(&buf); + if (*err_out == NULL) { + perror(prog_name); + exit(1); } - strcat(err, "\n"); - *err_out = err; } @@ -710,17 +703,19 @@ static void auth_cleanup(users_fp, login_fp, princname) void init_auth_names(pw_dir) char *pw_dir; { - if (strlen (k5login_path) + 2 + strlen (KRB5_LOGIN_NAME) >= MAXPATHLEN) { + const char *sep; + int r1, r2; + + sep = ((strlen(pw_dir) == 1) && (*pw_dir == '/')) ? "" : "/"; + r1 = snprintf(k5login_path, sizeof(k5login_path), "%s%s%s", + pw_dir, sep, KRB5_LOGIN_NAME); + r2 = snprintf(k5users_path, sizeof(k5users_path), "%s%s%s", + pw_dir, sep, KRB5_USERS_NAME); + if (SNPRINTF_OVERFLOW(r1, sizeof(k5login_path)) || + SNPRINTF_OVERFLOW(r2, sizeof(k5users_path))) { fprintf (stderr, "home directory name `%s' too long, can't search for .k5login\n", pw_dir); exit (1); } - if ((strlen(pw_dir) == 1) && (*pw_dir == '/')){ - sprintf(k5login_path,"%s%s", pw_dir, KRB5_LOGIN_NAME); - sprintf(k5users_path,"%s%s", pw_dir, KRB5_USERS_NAME); - } else { - sprintf(k5login_path,"%s/%s", pw_dir, KRB5_LOGIN_NAME); - sprintf(k5users_path,"%s/%s", pw_dir, KRB5_USERS_NAME); - } } diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c index ec8f2af0e0..8fd11a3c88 100644 --- a/src/clients/ksu/ccache.c +++ b/src/clients/ksu/ccache.c @@ -373,7 +373,7 @@ krb5_get_login_princ(luser, princ_list) FILE *fp; char * linebuf; char *newline; - int gobble; + int gobble, result; char ** buf_out; struct stat st_temp; int count = 0, chunk_count = 1; @@ -383,12 +383,11 @@ krb5_get_login_princ(luser, princ_list) if ((pwd = getpwnam(luser)) == NULL) { return 0; } - if (strlen(pwd->pw_dir) + sizeof("/.k5login") > MAXPATHLEN) { + result = snprintf(pbuf, sizeof(pbuf), "%s/.k5login", pwd->pw_dir); + if (SNPRINTF_OVERFLOW(result, sizeof(pbuf))) { fprintf (stderr, "home directory path for %s too long\n", luser); exit (1); } - (void) strcpy(pbuf, pwd->pw_dir); - (void) strcat(pbuf, "/.k5login"); if (stat(pbuf, &st_temp)) { /* not accessible */ return 0; diff --git a/src/clients/ksu/deps b/src/clients/ksu/deps new file mode 100644 index 0000000000..f1a8c1fae2 --- /dev/null +++ b/src/clients/ksu/deps @@ -0,0 +1,67 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)krb_auth_su.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h krb_auth_su.c ksu.h +$(OUTPRE)ccache.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ccache.c ksu.h +$(OUTPRE)authorization.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h authorization.c ksu.h +$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ksu.h main.c +$(OUTPRE)heuristic.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h heuristic.c ksu.h +$(OUTPRE)xmalloc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ksu.h xmalloc.c +$(OUTPRE)setenv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + setenv.c diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index f19c169249..cd2bc89cbb 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -27,13 +27,6 @@ #include "ksu.h" -static krb5_error_code krb5_verify_tkt_def - (krb5_context, - krb5_principal, - krb5_principal, - krb5_keyblock *, - krb5_data *, - krb5_ticket **); void plain_dump_principal (); @@ -56,6 +49,7 @@ krb5_boolean krb5_auth_check(context, client_pname, hostname, options, int *path_passwd; { krb5_principal client, server; + krb5_verify_init_creds_opt vfy_opts; krb5_creds tgt, tgtq, in_creds, * out_creds; krb5_creds **tgts = NULL; /* list of ticket granting tickets */ @@ -213,9 +207,11 @@ krb5_boolean krb5_auth_check(context, client_pname, hostname, options, krb5_free_tgt_creds(context, tgts); } - retval = krb5_verify_tkt_def(context, client, server, - &out_creds->keyblock, &out_creds->ticket, - &target_tkt); + krb5_verify_init_creds_opt_init(&vfy_opts); + krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1); + retval = krb5_verify_init_creds(context, out_creds, server, NULL /*keytab*/, + NULL /*output ccache*/, + &vfy_opts); if (retval) { com_err(prog_name, retval, "while verifying ticket for server"); return (FALSE); @@ -242,7 +238,7 @@ krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) { krb5_creds tgt, tgtq; - krb5_ticket * target_tkt; + krb5_verify_init_creds_opt vfy_opts; krb5_error_code retval; memset((char *) &tgtq, 0, sizeof(tgtq)); @@ -266,9 +262,12 @@ krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) return (FALSE) ; } - - if ((retval = krb5_verify_tkt_def(context, client, server, &tgt.keyblock, - &tgt.ticket, &target_tkt))){ + krb5_verify_init_creds_opt_init(&vfy_opts); + krb5_verify_init_creds_opt_set_ap_req_nofail( &vfy_opts, 1); + retval = krb5_verify_init_creds(context, &tgt, server, NULL /*keytab*/, + NULL /*output ccache*/, + &vfy_opts); + if (retval){ com_err(prog_name, retval, "while verifing ticket for server"); return (FALSE); } @@ -276,121 +275,6 @@ krb5_boolean krb5_fast_auth(context, client, server, target_user, cc) return TRUE; } -static krb5_error_code -krb5_verify_tkt_def(context, client, server, cred_ses_key, - scr_ticket, clear_ticket) - /* IN */ - krb5_context context; - krb5_principal client; - krb5_principal server; - krb5_keyblock *cred_ses_key; - krb5_data *scr_ticket; - /* OUT */ - krb5_ticket **clear_ticket; -{ - krb5_keytab keytabid; - krb5_enctype enctype; - krb5_keytab_entry ktentry; - krb5_keyblock *tkt_key = NULL; - krb5_ticket * tkt = NULL; - krb5_error_code retval =0; - krb5_keyblock * tkt_ses_key; - - if ((retval = decode_krb5_ticket(scr_ticket, &tkt))){ - return retval; - } - - if (auth_debug){ - fprintf(stderr,"krb5_verify_tkt_def: verifying target server\n"); - dump_principal(context, "server", server); - dump_principal(context, "tkt->server", tkt->server); - } - - if (server && !krb5_principal_compare(context, server, tkt->server)){ - return KRB5KRB_AP_WRONG_PRINC; - } - - /* get the default keytab */ - if ((retval = krb5_kt_default(context, &keytabid))){ - krb5_free_ticket(context, tkt); - return retval; - } - - enctype = tkt->enc_part.enctype; - - if ((retval = krb5_kt_get_entry(context, keytabid, server, - tkt->enc_part.kvno, enctype, &ktentry))){ - krb5_free_ticket(context, tkt); - return retval; - } - - krb5_kt_close(context, keytabid); - - if ((retval = krb5_copy_keyblock(context, &ktentry.key, &tkt_key))){ - krb5_free_ticket(context, tkt); - krb5_kt_free_entry(context, &ktentry); - return retval; - } - - /* decrypt the ticket */ - if ((retval = krb5_decrypt_tkt_part(context, tkt_key, tkt))) { - krb5_free_ticket(context, tkt); - krb5_kt_free_entry(context, &ktentry); - krb5_free_keyblock(context, tkt_key); - return(retval); - } - - /* Check to make sure ticket hasn't expired */ - retval = krb5_check_exp(context, tkt->enc_part2->times); - if (retval) { - if (auth_debug && (retval == KRB5KRB_AP_ERR_TKT_EXPIRED)) { - fprintf(stderr, - "krb5_verify_tkt_def: ticket has expired"); - } - krb5_free_ticket(context, tkt); - krb5_kt_free_entry(context, &ktentry); - krb5_free_keyblock(context, tkt_key); - return KRB5KRB_AP_ERR_TKT_EXPIRED; - } - - if (!krb5_principal_compare(context, client, tkt->enc_part2->client)) { - krb5_free_ticket(context, tkt); - krb5_kt_free_entry(context, &ktentry); - krb5_free_keyblock(context, tkt_key); - return KRB5KRB_AP_ERR_BADMATCH; - } - - if (auth_debug){ - fprintf(stderr, - "krb5_verify_tkt_def: verified client's identity\n"); - dump_principal(context, "client", client); - dump_principal(context, "tkt->enc_part2->client",tkt->enc_part2->client); - } - - tkt_ses_key = tkt->enc_part2->session; - - if (cred_ses_key->enctype != tkt_ses_key->enctype || - cred_ses_key->length != tkt_ses_key->length || - memcmp((char *)cred_ses_key->contents, - (char *)tkt_ses_key->contents, cred_ses_key->length)) { - - krb5_free_ticket(context, tkt); - krb5_kt_free_entry(context, &ktentry); - krb5_free_keyblock(context, tkt_key); - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - } - - if (auth_debug){ - fprintf(stderr, - "krb5_verify_tkt_def: session keys match \n"); - } - - *clear_ticket = tkt; - krb5_kt_free_entry(context, &ktentry); - krb5_free_keyblock(context, tkt_key); - return 0; - -} krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, @@ -407,7 +291,7 @@ krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, krb5_timestamp now; unsigned int pwsize; char password[255], *client_name, prompt[255]; - + int result; *zero_password = FALSE; @@ -442,13 +326,14 @@ krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, } else my_creds.times.renew_till = 0; - if (strlen (client_name) + 80 > sizeof (prompt)) { + result = snprintf(prompt, sizeof(prompt), "Kerberos password for %s: ", + client_name); + if (SNPRINTF_OVERFLOW(result, sizeof(prompt))) { fprintf (stderr, "principal name %s too long for internal buffer space\n", client_name); return FALSE; } - (void) sprintf(prompt,"Kerberos password for %s: ", client_name); pwsize = sizeof(password); diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index 3329bd78ac..0aba56933d 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -425,9 +425,9 @@ main (argc, argv) cache will be created.*/ do { - sprintf(cc_target_tag, "%s%ld.%d", - KRB5_SECONDARY_CACHE, - (long) target_uid, gen_sym()); + snprintf(cc_target_tag, KRB5_SEC_BUFFSIZE, "%s%ld.%d", + KRB5_SECONDARY_CACHE, + (long) target_uid, gen_sym()); cc_target_tag_tmp = strchr(cc_target_tag, ':') + 1; }while ( !stat ( cc_target_tag_tmp, &st_temp)); @@ -855,15 +855,16 @@ char *sh; static char * ontty() { char *p, *ttyname(); - static char buf[MAXPATHLEN + 4]; + static char buf[MAXPATHLEN + 5]; + int result; buf[0] = 0; if ((p = ttyname(STDERR_FILENO))) { - if (strlen (p) > MAXPATHLEN) { + result = snprintf(buf, sizeof(buf), " on %s", p); + if (SNPRINTF_OVERFLOW(result, sizeof(buf))) { fprintf (stderr, "terminal name %s too long\n", p); exit (1); } - sprintf(buf, " on %s", p); } return (buf); } @@ -875,11 +876,7 @@ static int set_env_var(name, value) { char * env_var_buf; - /* allocate extra two spaces, one for the = and one for the \0 */ - env_var_buf = (char *) xcalloc(2 + strlen(name) + strlen(value), - sizeof(char)); - - sprintf(env_var_buf,"%s=%s",name, value); + asprintf(&env_var_buf,"%s=%s",name, value); return putenv(env_var_buf); } diff --git a/src/clients/kvno/Makefile.in b/src/clients/kvno/Makefile.in index 047c25b34c..23841c0f66 100644 --- a/src/clients/kvno/Makefile.in +++ b/src/clients/kvno/Makefile.in @@ -23,8 +23,8 @@ all-unix:: kvno ##WIN32##all-windows:: $(KVNO) -kvno: kvno.o $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ kvno.o $(KRB4COMPAT_LIBS) +kvno: kvno.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ kvno.o $(KRB5_BASE_LIBS) ##WIN32##$(KVNO): $(OUTPRE)kvno.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES) ##WIN32## link $(EXE_LINKOPTS) /out:$@ $** @@ -40,13 +40,3 @@ install-unix:: $(INSTALL_DATA) $(srcdir)/$$f.M \ $(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \ done -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kvno.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - kvno.c diff --git a/src/clients/kvno/deps b/src/clients/kvno/deps new file mode 100644 index 0000000000..60f4595a89 --- /dev/null +++ b/src/clients/kvno/deps @@ -0,0 +1,6 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kvno.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + kvno.c diff --git a/src/clients/kvno/kvno.M b/src/clients/kvno/kvno.M index ad2cb48183..b7e4d46a0d 100644 --- a/src/clients/kvno/kvno.M +++ b/src/clients/kvno/kvno.M @@ -28,7 +28,7 @@ .SH NAME kvno \- print key version numbers of Kerberos principals .SH SYNOPSIS -\fBkvno\fP [\fB\-q\fP] [\fB\-h\fP] [\fB\-4\fP\ |\ [\fB-c ccache\fP]\ [\fB\-e etype\fP]] +\fBkvno\fP [\fB\-q\fP] [\fB\-h\fP] [\fB-c ccache\fP]\ [\fB\-e etype\fP] \fBservice1\fP \fBservice2\fP \fB...\fP .br .SH DESCRIPTION @@ -51,11 +51,6 @@ suppress printing .B \-h prints a usage statement and exits .TP -.B \-4 -specifies that Kerberos version 4 tickets should be acquired and -described. This option is only available if Kerberos 4 support was -enabled at compilation time. -.TP .B \-S sname specifies that krb5_sname_to_principal() will be used to build principal names. If this flag is specified, the @@ -70,16 +65,10 @@ uses the following environment variable: .TP "\w'.SM KRB5CCNAME\ \ 'u" .SM KRB5CCNAME Location of the credentials (ticket) cache. -.TP -.SM KRBTKFILE -Location of the v4 ticket file. .SH FILES .TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] default location of the credentials cache ([uid] is the decimal UID of the user). -.TP -/tmp/tkt[uid] -default location of the v4 ticket file. .SH SEE ALSO kinit(1), kdestroy(1), krb5(3) diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c index 1598bf58fd..d6c24f42b4 100644 --- a/src/clients/kvno/kvno.c +++ b/src/clients/kvno/kvno.c @@ -39,23 +39,16 @@ static char *prog; static void xusage() { -#ifdef KRB5_KRB4_COMPAT - fprintf(stderr, - "usage: %s [-4 | [-c ccache] [-e etype] [-k keytab] [-S sname]] service1 service2 ...\n", + fprintf(stderr, "usage: %s [-C] [-c ccache] [-e etype] [-k keytab] [-S sname] service1 service2 ...\n", prog); -#else - fprintf(stderr, "usage: %s [-c ccache] [-e etype] [-k keytab] [-S sname] service1 service2 ...\n", - prog); -#endif exit(1); } int quiet = 0; -static void do_v4_kvno (int argc, char *argv[]); static void do_v5_kvno (int argc, char *argv[], char *ccachestr, char *etypestr, char *keytab_name, - char *sname); + char *sname, int canon); #include static void extended_com_err_fn (const char *, errcode_t, const char *, @@ -66,15 +59,19 @@ int main(int argc, char *argv[]) int option; char *etypestr = NULL, *ccachestr = NULL, *keytab_name = NULL; char *sname = NULL; - int v4 = 0; + int canon = 0; + set_com_err_hook (extended_com_err_fn); prog = strrchr(argv[0], '/'); prog = prog ? (prog + 1) : argv[0]; - while ((option = getopt(argc, argv, "c:e:hk:q4S:")) != -1) { + while ((option = getopt(argc, argv, "Cc:e:hk:qS:")) != -1) { switch (option) { + case 'C': + canon = 1; + break; case 'c': ccachestr = optarg; break; @@ -90,9 +87,6 @@ int main(int argc, char *argv[]) case 'q': quiet = 1; break; - case '4': - v4 = 1; - break; case 'S': sname = optarg; break; @@ -105,68 +99,11 @@ int main(int argc, char *argv[]) if ((argc - optind) < 1) xusage(); - if ((ccachestr != NULL || etypestr != NULL || keytab_name != NULL) && v4) - xusage(); - - if (sname != NULL && v4) - xusage(); - - if (v4) - do_v4_kvno(argc - optind, argv + optind); - else do_v5_kvno(argc - optind, argv + optind, - ccachestr, etypestr, keytab_name, sname); + ccachestr, etypestr, keytab_name, sname, canon); return 0; } -#ifdef KRB5_KRB4_COMPAT -#include -#endif -static void do_v4_kvno (int count, char *names[]) -{ -#ifdef KRB5_KRB4_COMPAT - int i; - - for (i = 0; i < count; i++) { - int err; - char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - KTEXT_ST req; - CREDENTIALS creds; - *name = *inst = *realm = '\0'; - err = kname_parse (name, inst, realm, names[i]); - if (err) { - fprintf(stderr, "%s: error parsing name '%s': %s\n", - prog, names[i], krb_get_err_text(err)); - exit(1); - } - if (realm[0] == 0) { - err = krb_get_lrealm(realm, 1); - if (err) { - fprintf(stderr, "%s: error looking up local realm: %s\n", - prog, krb_get_err_text(err)); - exit(1); - } - } - err = krb_mk_req(&req, name, inst, realm, 0); - if (err) { - fprintf(stderr, "%s: krb_mk_req error: %s\n", prog, - krb_get_err_text(err)); - exit(1); - } - err = krb_get_cred(name, inst, realm, &creds); - if (err) { - fprintf(stderr, "%s: krb_get_cred error: %s\n", prog, - krb_get_err_text(err)); - exit(1); - } - if (!quiet) - printf("%s: kvno = %d\n", names[i], creds.kvno); - } -#else - xusage(); -#endif -} - #include static krb5_context context; static void extended_com_err_fn (const char *myprog, errcode_t code, @@ -182,7 +119,7 @@ static void extended_com_err_fn (const char *myprog, errcode_t code, static void do_v5_kvno (int count, char *names[], char * ccachestr, char *etypestr, char *keytab_name, - char *sname) + char *sname, int canon) { krb5_error_code ret; int i, errors; @@ -265,7 +202,8 @@ static void do_v5_kvno (int count, char *names[], in_creds.keyblock.enctype = etype; - ret = krb5_get_credentials(context, 0, ccache, &in_creds, &out_creds); + ret = krb5_get_credentials(context, canon ? KRB5_GC_CANONICALIZE : 0, + ccache, &in_creds, &out_creds); krb5_free_principal(context, in_creds.server); diff --git a/src/config-files/deps b/src/config-files/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/config-files/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index 95a3f773a6..1cfb1444ec 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -201,6 +201,16 @@ realm of a host. The default is not to use these records. General flag controlling the use of DNS for Kerberos information. If both of the preceding options are specified, this option has no effect. +.IP realm_try_domains +Indicate whether a host's domain components should be used to +determine the Kerberos realm of the host. The value of this variable +is an integer: -1 means not to search, 0 means to try the host's +domain itself, 1 means to also try the domain's immediate parent, and +so forth. The library's usual mechanism for locating Kerberos realms +is used to determine whether a domain is a valid realm--which may +involve consulting DNS if dns_lookup_kdc is set. The default is not +to search domain components. + .IP extra_addresses This allows a computer to use multiple local addresses, in order to allow Kerberos to work in a network that uses NATs. The addresses should diff --git a/src/config-files/mech b/src/config-files/mech new file mode 100644 index 0000000000..15c9fcd0b4 --- /dev/null +++ b/src/config-files/mech @@ -0,0 +1,3 @@ +#kerberos_v5 1.2.840.48018.1.2.2 mech_krb5.so +#mskrb 1.2.840.113554.1.2.2 mech_krb5.so +#spnego 1.3.6.1.5.5.2 mech_spnego.so diff --git a/src/config/post.in b/src/config/post.in index 5479893b00..6ac10b05ff 100644 --- a/src/config/post.in +++ b/src/config/post.in @@ -88,13 +88,19 @@ depend-dependencies: '$(SRCTOP)' '$(myfulldir)' '$(srcdir)' '$(BUILDTOP)' "$$x" '$(STLIBOBJS)' \ < .d > .depend +# Temporarily keep the rule for removing the dependency line eater +# until we're sure we've gotten everything converted and excised the +# old stuff from Makefile.in files. depend-update-makefile: .depend depend-recurse if test -n "$(SRCS)" ; then \ - sed -e '/^# +++ Dependency line eater +++/,$$d' \ - < $(srcdir)/Makefile.in | cat - .depend \ - > $(srcdir)/Makefile.in.new; \ - $(SRCTOP)/config/move-if-changed $(srcdir)/Makefile.in.new $(srcdir)/Makefile.in ; \ - else :; fi + $(CP) .depend $(srcdir)/deps.new ; \ + else \ + echo "# No dependencies here." > $(srcdir)/deps.new ; \ + fi + $(SRCTOP)/config/move-if-changed $(srcdir)/deps.new $(srcdir)/deps + sed -e '/^# +++ Dependency line eater +++/,$$d' \ + < $(srcdir)/Makefile.in > $(srcdir)/Makefile.in.new + $(SRCTOP)/config/move-if-changed $(srcdir)/Makefile.in.new $(srcdir)/Makefile.in DEPTARGETS = .depend .d .dtmp $(DEP_VERIFY) DEPTARGETS_CLEAN = .depend .d .dtmp $(DEPTARGETS_@srcdir@_@CONFIG_RELTOPDIR@) @@ -141,7 +147,7 @@ Makefiles-prerecurse: Makefile # thisconfigdir = relative path from this Makefile to config.status # mydir = relative path from config.status to this Makefile -Makefile: $(srcdir)/Makefile.in $(thisconfigdir)/config.status \ +Makefile: $(srcdir)/Makefile.in $(srcdir)/deps $(thisconfigdir)/config.status \ $(SRCTOP)/config/pre.in $(SRCTOP)/config/post.in cd $(thisconfigdir) && $(SHELL) config.status $(mydir)/Makefile $(thisconfigdir)/config.status: $(srcdir)/$(thisconfigdir)/configure diff --git a/src/config/pre.in b/src/config/pre.in index c4a5722a33..55ca53b144 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -152,17 +152,20 @@ FAKELIBDIR=$(FAKEPREFIX)/lib # LOCALINCLUDES set by local Makefile.in # CPPFLAGS user override # CFLAGS user override but starts off set by configure +# WARN_CFLAGS user override but starts off set by configure # PTHREAD_CFLAGS set by configure, not included in CFLAGS so that we # don't pull the pthreads library into shared libraries ALL_CFLAGS = $(DEFS) $(DEFINES) $(KRB_INCLUDES) $(LOCALINCLUDES) \ -DKRB5_DEPRECATED=1 \ - $(CPPFLAGS) $(CFLAGS) $(PTHREAD_CFLAGS) + $(CPPFLAGS) $(CFLAGS) $(WARN_CFLAGS) $(PTHREAD_CFLAGS) ALL_CXXFLAGS = $(DEFS) $(DEFINES) $(KRB_INCLUDES) $(LOCALINCLUDES) \ -DKRB5_DEPRECATED=1 \ - $(CPPFLAGS) $(CXXFLAGS) $(PTHREAD_CFLAGS) + $(CPPFLAGS) $(CXXFLAGS) $(WARN_CXXFLAGS) $(PTHREAD_CFLAGS) CFLAGS = @CFLAGS@ CXXFLAGS = @CXXFLAGS@ +WARN_CFLAGS = @WARN_CFLAGS@ +WARN_CXXFLAGS = @WARN_CXXFLAGS@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ THREAD_LINKOPTS = $(PTHREAD_CFLAGS) $(PTHREAD_LIBS) @@ -178,10 +181,6 @@ LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PREFIX@ LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@ LDARGS = @LDARGS@ LIBS = @LIBS@ -SRVLIBS = @SRVLIBS@ -SRVDEPLIBS = @SRVDEPLIBS@ -CLNTLIBS = @CLNTLIBS@ -CLNTDEPLIBS = @CLNTDEPLIBS@ INSTALL=@INSTALL@ INSTALL_STRIP= @@ -218,10 +217,10 @@ KRB5_DB_MODULE_DIR = $(MODULE_DIR)/kdb KRB5_PA_MODULE_DIR = $(MODULE_DIR)/preauth KRB5_AD_MODULE_DIR = $(MODULE_DIR)/authdata KRB5_LIBKRB5_MODULE_DIR = $(MODULE_DIR)/libkrb5 +GSS_MODULE_DIR = @libdir@/gss KRB5_INCSUBDIRS = \ $(KRB5_INCDIR)/krb5 \ $(KRB5_INCDIR)/gssapi \ - $(KRB5_INCDIR)/kerberosIV \ $(KRB5_INCDIR)/gssrpc # @@ -279,7 +278,6 @@ AUTOHEADER = autoheader AUTOHEADERFLAGS = MOVEIFCHANGED = $(SRCTOP)/config/move-if-changed -HOST_TYPE = @HOST_TYPE@ SHEXT = @SHEXT@ STEXT=@STEXT@ VEXT=@VEXT@ @@ -312,6 +310,9 @@ CXX_LINK=@CXX_LINK@ # prefix (with no spaces after) for rpath flag to cc RPATH_FLAG=@RPATH_FLAG@ +# link flags to add PROG_RPATH to the rpath +PROG_RPATH_FLAGS=@PROG_RPATH_FLAGS@ + # this gets set by configure to either $(STLIBEXT) or $(SHLIBEXT), # depending on whether we're building with shared libraries. DEPLIBEXT=@DEPLIBEXT@ @@ -321,8 +322,6 @@ KADMSRV_DEPLIB = $(TOPLIBD)/libkadm5srv$(DEPLIBEXT) KDB5_DEPLIB = $(TOPLIBD)/libkdb5$(DEPLIBEXT) GSSRPC_DEPLIB = $(TOPLIBD)/libgssrpc$(DEPLIBEXT) GSS_DEPLIB = $(TOPLIBD)/libgssapi_krb5$(DEPLIBEXT) -KRB4_DEPLIB = @KRB4_DEPLIB@ # $(TOPLIBD)/libkrb4$(DEPLIBEXT) -DES425_DEPLIB = @DES425_DEPLIB@ # $(TOPLIBD)/libdes425$(DEPLIBEXT) KRB5_DEPLIB = $(TOPLIBD)/libkrb5$(DEPLIBEXT) CRYPTO_DEPLIB = $(TOPLIBD)/libk5crypto$(DEPLIBEXT) COM_ERR_DEPLIB = $(COM_ERR_DEPLIB-@COM_ERR_VERSION@) @@ -340,7 +339,6 @@ PTY_DEPLIB = $(TOPLIBD)/libpty.a APPUTILS_DEPLIB = $(TOPLIBD)/libapputils.a KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) -KRB4COMPAT_DEPLIBS = $(KRB4_DEPLIB) $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS) KDB5_DEPLIBS = $(KDB5_DEPLIB) GSS_DEPLIBS = $(GSS_DEPLIB) GSSRPC_DEPLIBS = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS) @@ -361,11 +359,6 @@ SS_DEPS = $(SS_DEPS-@SS_VERSION@) SS_DEPS-sys = SS_DEPS-k5 = $(BUILDTOP)/include/ss/ss.h $(BUILDTOP)/include/ss/ss_err.h -# Header file dependencies that might depend on whether krb4 support -# is compiled. - -KRB_ERR_H_DEP = @KRB_ERR_H_DEP@ - # LIBS gets substituted in... e.g. -lnsl -lsocket # GEN_LIB is -lgen if needed for regexp @@ -384,19 +377,10 @@ COM_ERR_LIB = -lcom_err GSS_KRB5_LIB = -lgssapi_krb5 SUPPORT_LIB = -l$(SUPPORT_LIBNAME) -# KRB4_LIB is -lkrb4 if building --with-krb4 -# needs fixing if ever used on Mac OS X! -KRB4_LIB = @KRB4_LIB@ - -# DES425_LIB is -ldes425 if building --with-krb4 -# needs fixing if ever used on Mac OS X! -DES425_LIB = @DES425_LIB@ - # HESIOD_LIBS is -lhesiod... HESIOD_LIBS = @HESIOD_LIBS@ KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB) -KRB4COMPAT_LIBS = $(KRB4_LIB) $(DES425_LIB) $(KRB5_BASE_LIBS) KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) GSS_LIBS = $(GSS_KRB5_LIB) # needs fixing if ever used on Mac OS X! @@ -416,11 +400,6 @@ UTIL_LIB = @UTIL_LIB@ # eventually) but which we don't want to install. APPUTILS_LIB = -lapputils -# -# some more stuff for --with-krb4 -KRB4_LIBPATH = @KRB4_LIBPATH@ -KRB4_INCLUDES = @KRB4_INCLUDES@ - # # variables for --with-tcl= TCL_LIBS = @TCL_LIBS@ @@ -547,8 +526,12 @@ SHLIB_EXPORT_FILE_DEP=@SHLIB_EXPORT_FILE_DEP@ # to change to rearrange where the various parameters fit in. MAKE_SHLIB_COMMAND=@MAKE_SHLIB_COMMAND@ +# run path flags for explicit libraries depending on this one, +# e.g. "-R$(SHLIB_RPATH)" +SHLIB_RPATH_FLAGS=@SHLIB_RPATH_FLAGS@ + # flags for explicit libraries depending on this one, -# e.g. "-R$(SHLIB_RPATH) $(SHLIB_SHLIB_DIRFLAGS) $(SHLIB_EXPLIBS)" +# e.g. "$(SHLIB_RPATH_FLAGS) $(SHLIB_SHLIB_DIRFLAGS) $(SHLIB_EXPLIBS)" SHLIB_EXPFLAGS=@SHLIB_EXPFLAGS@ ## Parameters to be set by configure for use in libobj.in: @@ -565,10 +548,6 @@ PFLIBOBJS=$(STLIBOBJS:.o=@PFOBJEXT@) # "$(CC) -G", "$(LD) -Bshareable", etc. LDCOMBINE=@LDCOMBINE@ -# "-h $@", "-h lib$(LIBNAME).$(LIBMAJOR)", etc. -SONAME=@SONAME@ - - # # rules to make various types of object files # diff --git a/src/config/shlib.conf b/src/config/shlib.conf index d4c145d7dc..6972ff0606 100644 --- a/src/config/shlib.conf +++ b/src/config/shlib.conf @@ -65,11 +65,13 @@ alpha*-dec-osf*) use_linker_init_option=yes use_linker_fini_option=yes EXTRA_FILES="$EXTRA_FILES export" - SHLIB_EXPFLAGS='-rpath $(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' PROFFLAGS=-pg RPATH_FLAG='-Wl,-rpath -Wl,' - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(PTHREAD_CFLAGS) $(LDFLAGS)' if test "$ac_cv_c_compiler_gnu" = yes \ && test "$krb5_cv_prog_gnu_ld" = yes; then # Really should check for gnu ld vs system ld, too. @@ -124,16 +126,19 @@ alpha*-dec-osf*) RPATH_FLAG='-Wl,+b,' if test "$ac_cv_c_compiler_gnu" = yes; then PICFLAGS=-fPIC - SHLIB_EXPFLAGS='-Wl,+s -Wl,+b,$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-Wl,+b,$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='-Wl,+s $(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' LDCOMBINE='gcc -fPIC -shared -Wl,+h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -Wl,-c,hpux10.exports' else PICFLAGS=+z - SHLIB_EXPFLAGS='+s +b $(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='+b $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='+s $(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' LDCOMBINE='ld -b +h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) -c hpux10.exports' fi - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -Wl,+s $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -Wl,+s $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) -Wl,+s $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) -Wl,+s $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' RUN_ENV='SHLIB_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export SHLIB_PATH;' SHLIB_EXPORT_FILE_DEP=hpux10.exports @@ -159,13 +164,15 @@ mips-sgi-irix6.3) # This is a Kludge; see below else LDCOMBINE='ld -shared -ignore_unresolved -update_registry $(BUILDTOP)/so_locations -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)' fi - SHLIB_EXPFLAGS='-rpath $(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' # no gprof for Irix... PROFFLAGS=-p RPATH_FLAG='-Wl,-rpath -Wl,' - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' # This grossness is necessary due to the presence of *three* # supported ABIs on Irix, and the precedence of the rpath over @@ -205,13 +212,15 @@ mips-sgi-irix*) opts='' fi LDCOMBINE='$(CC) -shared '$opts' -Wl,-soname -Wl,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $$initfini' - SHLIB_EXPFLAGS='-rpath $(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-rpath $(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' # no gprof for Irix... PROFFLAGS=-p RPATH_FLAG='-Wl,-rpath -Wl,' - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' # This grossness is necessary due to the presence of *three* # supported ABIs on Irix, and the precedence of the rpath over @@ -239,14 +248,16 @@ mips-sni-sysv4) PICFLAGS=-Kpic LDCOMBINE='$(CC) -G -h $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)' fi - SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' SHLIBEXT=.so SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' SHLIBSEXT='.so.$(LIBMAJOR)' RPATH_FLAG=-R - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' PROFFLAGS=-pg @@ -258,11 +269,13 @@ mips-*-netbsd*) SHLIBSEXT='.so.$(LIBMAJOR)' SHLIBEXT=.so LDCOMBINE='ld -shared -soname $(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT)' - SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' RPATH_FLAG='-Wl,-rpath -Wl,' - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' PROFFLAGS=-pg @@ -273,11 +286,13 @@ mips-*-netbsd*) SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' SHLIBEXT=.so LDCOMBINE='$(CC) -shared $(LDFLAGS)' - SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' RPATH_FLAG=-R - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' PROFFLAGS=-pg @@ -297,11 +312,13 @@ mips-*-netbsd*) RPATH_FLAG=-R SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' fi - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' SHLIBEXT=.so LDCOMBINE='ld -Bshareable' - SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' @@ -313,11 +330,13 @@ mips-*-netbsd*) SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' SHLIBEXT=.so LDCOMBINE='ld -Bshareable' - SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' RPATH_FLAG=-R - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' PROFFLAGS=-pg @@ -371,12 +390,14 @@ mips-*-netbsd*) SHLIBVEXT='.so.$(LIBMAJOR).$(LIBMINOR)' SHLIBSEXT='.so.$(LIBMAJOR)' SHLIBEXT=.so - SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' PROFFLAGS=-pg RPATH_FLAG=-R - CC_LINK_SHARED='$(PURE) $(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(PURE) $(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(PURE) $(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(PURE) $(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(PURE) $(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(PURE) $(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' ;; @@ -394,12 +415,14 @@ mips-*-netbsd*) SHLIB_EXPORT_FILE_DEP=binutils.versions # For cases where we do have dependencies on other libraries # built in this tree... - SHLIB_EXPFLAGS='-Wl,-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + SHLIB_RPATH_FLAGS='-Wl,-R$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' PROFFLAGS=-pg RPATH_FLAG='-Wl,-rpath -Wl,' - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH) $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH; ' @@ -420,10 +443,12 @@ mips-*-netbsd*) SHLIBVEXT='.so.$(LIBMAJOR)' SHLIBEXT=.so LDCOMBINE='ld -Bshareable' - SHLIB_EXPFLAGS='-R$(SHLIB_RDIRS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -Wl,-rpath,$(PROG_RPATH)' + SHLIB_RPATH_FLAGS='-R$(SHLIB_RDIRS)' + SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' + PROG_RPATH_FLAGS='-Wl,-rpath,$(PROG_RPATH)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) -Wl,-rpath,$(PROG_RPATH)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH)' RUN_ENV='LD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export LD_LIBRARY_PATH;' @@ -451,9 +476,10 @@ mips-*-netbsd*) use_linker_fini_option=yes MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE}" RPATH_TAIL=:/usr/lib:/lib - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL"' $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL" + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL"' $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' # $(PROG_RPATH) is here to handle things like a shared tcl library RUN_ENV='LIBPATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`:$(PROG_RPATH):/usr/lib:/usr/local/lib; export LIBPATH; ' @@ -487,9 +513,10 @@ mips-*-netbsd*) MAKE_SHLIB_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE}"' && ar cq $@ shr.o.$(LIBMAJOR).$(LIBMINOR) && chmod +x $@ && rm -f shr.o.$(LIBMAJOR).$(LIBMINOR)' MAKE_DYNOBJ_COMMAND="${INIT_FINI_PREP} && ${LDCOMBINE_DYN}" RPATH_TAIL=:/usr/lib:/lib - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL"' $(CFLAGS) $(LDFLAGS)' + PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL" + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' - CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(RPATH_FLAG)$(PROG_RPATH):'"$RPATH_TAIL"' $(CXXFLAGS) $(LDFLAGS)' + CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' # $(PROG_RPATH) is here to handle things like a shared tcl library RUN_ENV='LIBPATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`:$(PROG_RPATH):/usr/lib:/usr/local/lib; export LIBPATH; ' diff --git a/src/config/winexclude.sed b/src/config/winexclude.sed index fd76486ace..199cf44437 100644 --- a/src/config/winexclude.sed +++ b/src/config/winexclude.sed @@ -1,4 +1,3 @@ -/krb5\.saber/d /autoconf.h$/d /t_mddriver$/d /test_parse$/d diff --git a/src/configure.in b/src/configure.in index 4c176d38ca..0f5af410c9 100644 --- a/src/configure.in +++ b/src/configure.in @@ -55,20 +55,6 @@ AC_KRB5_TCL AC_ARG_ENABLE([athena], [ --enable-athena build with MIT Project Athena configuration],,) dnl -if test -z "$KRB4_LIB"; then -kadminv4="" -krb524="" -libkrb4="" -KRB4="" -else -kadminv4=kadmin.v4 -krb524=krb524 -libkrb4=lib/krb4 -KRB4=krb4 -fi -AC_SUBST(KRB4) -AC_SUBST(krb524) -dnl dnl Begin autoconf tests for the Makefiles generated out of the top-level dnl configure.in... dnl @@ -90,6 +76,19 @@ AC_SUBST(LIBUTIL) dnl for kdc AC_CHECK_HEADERS(syslog.h stdarg.h sys/select.h sys/sockio.h ifaddrs.h unistd.h) AC_CHECK_FUNCS(openlog syslog closelog strftime vsprintf vasprintf vsnprintf) +AC_CHECK_FUNCS(strlcpy) +EXTRA_SUPPORT_SYMS= +AC_CHECK_FUNC(strlcpy, [STRLCPY_ST_OBJ= STRLCPY_OBJ=], [STRLCPY_ST_OBJ=strlcpy.o STRLCPY_OBJ='$(OUTPRE)strlcpy.$(OBJEXT)' EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_strlcpy krb5int_strlcat"]) +AC_SUBST(STRLCPY_OBJ) +AC_SUBST(STRLCPY_ST_OBJ) +AC_CHECK_FUNC(vasprintf, +[PRINTF_ST_OBJ= +PRINTF_OBJ=], +[PRINTF_ST_OBJ=printf.o +PRINTF_OBJ='$(OUTPRE)printf.$(OBJEXT)' +EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_asprintf krb5int_vasprintf"]) +AC_SUBST(PRINTF_OBJ) +AC_SUBST(PRINTF_ST_OBJ) KRB5_NEED_PROTO([#include #include ],vasprintf) @@ -100,6 +99,7 @@ KRB5_NEED_PROTO([#include /* Solaris 8 declares swab in stdlib.h. */ #include ],swab,1) +KRB5_NEED_PROTO([#include ],isblank,1) dnl AC_PROG_AWK KRB5_AC_INET6 @@ -144,17 +144,8 @@ if test "$enableval" = yes ; then else AC_DEFINE(NOCACHE,1,[Define if the KDC should use no replay cache]) fi -AC_ARG_ENABLE([fakeka], -AC_HELP_STRING([--enable-fakeka],[build the Fake KA server (emulates an AFS kaserver) @<:@default: don't build@:>@]), , enableval=no)dnl -if test "$enableval" = yes; then - FAKEKA=fakeka -else - FAKEKA= -fi -AC_SUBST(FAKEKA) KRB5_RUN_FLAGS dnl -dnl for krb524 AC_TYPE_SIGNAL dnl dnl from old include/configure.in @@ -169,7 +160,6 @@ AC_C_CONST AC_HEADER_DIRENT AC_CHECK_FUNCS(strdup setvbuf inet_ntoa inet_aton seteuid setresuid setreuid setegid setresgid setregid setsid flock fchmod chmod strftime strptime geteuid setenv unsetenv getenv gethostbyname2 getifaddrs gmtime_r localtime_r pthread_mutex_lock sched_yield bswap16 bswap64 mkstemp getusershell lstat access ftime getcwd srand48 srand srandom stat strchr strerror strerror_r strstr timezone umask waitpid sem_init sem_trywait daemon) dnl -EXTRA_SUPPORT_SYMS= AC_CHECK_FUNC(mkstemp, [MKSTEMP_ST_OBJ= MKSTEMP_OBJ=], @@ -573,15 +563,6 @@ AC_ARG_ENABLE([athena], [ --enable-athena build with MIT Project Athena configuration], AC_DEFINE(KRB5_ATHENA_COMPAT,1,[Define if MIT Project Athena default configuration should be used]),) -if test "$KRB4_LIB" = ''; then - AC_MSG_NOTICE(No Kerberos 4 compatibility) - maybe_kerberosIV= -else - AC_MSG_NOTICE(Kerberos 4 compatibility enabled) - maybe_kerberosIV=kerberosIV - AC_DEFINE(KRB5_KRB4_COMPAT,1,[Define if Kerberos V4 backwards compatibility should be supported]) -fi -AC_SUBST(maybe_kerberosIV) dnl AC_C_INLINE AH_TOP([ @@ -687,11 +668,6 @@ if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; t fi AC_SUBST(DO_TEST) dnl -DO_V4_TEST= -if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != "" -a "$ath_compat" != ""; then - DO_V4_TEST=ok -fi -AC_SUBST(DO_V4_TEST) dnl The following are substituted into kadmin/testing/scripts/env-setup.sh RBUILD=`pwd` AC_SUBST(RBUILD) @@ -713,25 +689,6 @@ dnl for lib/kadm5 AC_CHECK_PROG(RUNTEST,runtest,runtest) AC_CHECK_PROG(PERL,perl,perl) dnl -dnl -dnl for lib/krb4 -case $krb5_cv_host in - *-apple-darwin*) - KRB_ERR_TXT= - KRB_ERR= - KRB_ERR_C=krb_err.c - ;; - *) - KRB_ERR='$(OUTPRE)krb_err.$(OBJEXT)' - KRB_ERR_TXT=krb_err_txt.c - KRB_ERR_C= - ;; -esac -AC_SUBST([KRB_ERR_TXT]) -AC_SUBST([KRB_ERR]) -AC_SUBST([KRB_ERR_C]) -dnl -dnl dnl lib/gssapi AC_CHECK_HEADER(stdint.h,[ include_stdint='awk '\''END{printf("%cinclude \n", 35);}'\'' < /dev/null'], @@ -957,13 +914,6 @@ else HAVE_RUNTEST=no fi AC_SUBST(HAVE_RUNTEST) -if test "$KRB4_LIB" = ''; then - KRB4_DEJAGNU_TEST="KRBIV=0" -else - AC_MSG_RESULT(Kerberos 4 testing enabled) - KRB4_DEJAGNU_TEST="KRBIV=1" -fi -AC_SUBST(KRB4_DEJAGNU_TEST) dnl for plugins/kdb/db2 dnl @@ -1011,9 +961,6 @@ if test "$enable_thread_support" = yes; then fi # tsmissing not empty fi # enable_thread_support dnl -HOST_TYPE=$krb5_cv_host -AC_SUBST(HOST_TYPE) -dnl dnl Sadly, we seem to have accidentally committed ourselves in 1.4 to dnl an ABI that includes the existence of libkrb5support.0 even dnl though random apps should never use anything from it. And on @@ -1039,9 +986,6 @@ fi if test "$SS_VERSION" = k5 ; then K5_GEN_MAKEFILE(util/ss) fi -if test -n "$KRB4_LIB"; then - K5_GEN_MAKEFILE(lib/krb4) -fi dnl dnl ldap_plugin_dir="" @@ -1073,10 +1017,19 @@ if test -n "$OPENLDAP_PLUGIN"; then K5_GEN_MAKEFILE(plugins/kdb/ldap/ldap_util) K5_GEN_MAKEFILE(plugins/kdb/ldap/libkdb_ldap) ldap_plugin_dir=plugins/kdb/ldap + LDAP=yes +else + LDAP=no fi AC_SUBST(ldap_plugin_dir) +AC_SUBST(LDAP) -AC_CHECK_HEADERS(Python.h python2.3/Python.h) +dnl We really should look for and use python-config. +PYTHON_LIB= +AC_CHECK_HEADERS(Python.h python2.3/Python.h python2.5/Python.h) +AC_CHECK_LIB(python2.3,main,[PYTHON_LIB=-lpython2.3], + AC_CHECK_LIB(python2.5,main,[PYTHON_LIB=-lpython2.5])) +AC_SUBST(PYTHON_LIB) dnl dnl Kludge for simple server --- FIXME is this the best way to do this? @@ -1092,7 +1045,7 @@ V5_AC_OUTPUT_MAKEFILE(. util util/support util/profile util/send-pr - lib lib/des425 lib/kdb + lib lib/kdb lib/crypto lib/crypto/crc32 lib/crypto/des lib/crypto/dk lib/crypto/enc_provider lib/crypto/hash_provider @@ -1102,9 +1055,10 @@ V5_AC_OUTPUT_MAKEFILE(. lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache lib/krb5/keytab lib/krb5/krb lib/krb5/rcache lib/krb5/os + lib/krb5/unicode - lib/gssapi lib/gssapi/generic lib/gssapi/krb5 - lib/gssapi/mechglue lib/gssapi/spnego + lib/gssapi lib/gssapi/generic lib/gssapi/krb5 lib/gssapi/spnego + lib/gssapi/mechglue lib/rpc lib/rpc/unit-test @@ -1112,8 +1066,7 @@ V5_AC_OUTPUT_MAKEFILE(. lib/apputils - kdc slave krb524 config-files gen-manpages include - include/kerberosIV + kdc slave config-files gen-manpages include plugins/locate/python plugins/kdb/db2 diff --git a/src/deps b/src/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/gen-manpages/deps b/src/gen-manpages/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/gen-manpages/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 61798d008f..f5482a1716 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -1,7 +1,6 @@ thisconfigdir=.. myfulldir=include mydir=include -SUBDIRS=@maybe_kerberosIV@ BUILDTOP=$(REL).. KRB5RCTMPDIR= @KRB5_RCTMPDIR@ ##DOSBUILDTOP = .. @@ -66,6 +65,7 @@ PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$(KRB5RCTMPDIR)+" \ -e "s+@LIBDIR+$(LIBDIR)+" \ -e "s+@SBINDIR+$(SBINDIR)+" \ -e "s+@MODULEDIR+$(MODULE_DIR)+" \ + -e "s+@GSSMODULEDIR+$(GSS_MODULE_DIR)+" \ -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \ -e 's+@SYSCONFDIR+$(SYSCONFDIR)+' diff --git a/src/include/deps b/src/include/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/include/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/include/k5-buf.h b/src/include/k5-buf.h new file mode 100644 index 0000000000..de869d3479 --- /dev/null +++ b/src/include/k5-buf.h @@ -0,0 +1,125 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* + * include/k5-buf.h + * + * Copyright 2008 Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * k5buf string buffer module interface + */ + +#ifndef K5_BUF_H +#define K5_BUF_H + +#if defined(_MSDOS) || defined(_WIN32) +#include +#endif +#ifndef KRB5_CALLCONV +#define KRB5_CALLCONV +#define KRB5_CALLCONV_C +#endif + +#include +#include +#include + +/* The k5buf module is intended to allow multi-step string + construction in a fixed or dynamic buffer without the need to check + for a failure at each step (and without aborting on malloc + failure). If an allocation failure occurs or if the fixed buffer + runs out of room, the error will be discovered when the caller + retrieves the C string value or checks the length of the resulting + buffer. + + k5buf structures are stack-allocated, but are intended to be + opaque, so do not access the fields directly. This is a tool, not + a way of life, so do not put k5buf structure pointers into the + public API or into significant internal APIs. */ + +/* We must define the k5buf structure here to allow stack allocation. + The structure is intended to be opaque, so the fields have funny + names. */ +struct k5buf { + int xx_buftype; + char *xx_data; + size_t xx_space; + size_t xx_len; +}; + +/* Initialize a k5buf using a fixed-sized, existing buffer. SPACE + must be more than zero, or an assertion failure will result. */ +void krb5int_buf_init_fixed(struct k5buf *buf, char *data, size_t space); + +/* Initialize a k5buf using an internally allocated dynamic buffer. + The buffer contents must be freed with krb5int_free_buf. */ +void krb5int_buf_init_dynamic(struct k5buf *buf); + +/* Add a C string to BUF. */ +void krb5int_buf_add(struct k5buf *buf, const char *data); + +/* Add a counted set of bytes to BUF. If is okay for DATA[0..LEN-1] + to contain null bytes if you are prepared to deal with that in the + output (use krb5int_buf_len to retrieve the length of the output). */ +void krb5int_buf_add_len(struct k5buf *buf, const char *data, size_t len); + +/* Add sprintf-style formatted data to BUF. */ +void krb5int_buf_add_fmt(struct k5buf *buf, const char *fmt, ...) +#if !defined(__cplusplus) && (__GNUC__ > 2) + __attribute__((__format__(__printf__, 2, 3))) +#endif + ; + +/* Truncate BUF. LEN must be between 0 and the existing buffer + length, or an assertion failure will result. */ +void krb5int_buf_truncate(struct k5buf *buf, size_t len); + +/* Retrieve the byte array value of BUF, or NULL if there has been an + allocation failure or the fixed buffer ran out of room. + + The byte array will be a C string unless binary data was added with + krb5int_buf_add_len; it will be null-terminated regardless. + Modifying the byte array does not invalidate the buffer, as long as + its length is not changed. + + For a fixed buffer, the return value will always be equal to the + passed-in value of DATA at initialization time if it is not NULL. + + For a dynamic buffer, any buffer modification operation except + krb5int_buf_truncate may invalidate the byte array address. */ +char *krb5int_buf_data(struct k5buf *buf); + +/* Retrieve the length of BUF, or -1 if there has been an allocation + failure or the fixed buffer ran out of room. The length is equal + to strlen(krb5int_buf_data(buf)) unless binary data was added with + krb5int_buf_add_len. */ +ssize_t krb5int_buf_len(struct k5buf *buf); + +/* Free the storage used in the dynamic buffer BUF. The caller may + choose to take responsibility for freeing the return value of + krb5int_buf_data instead of using this function. If BUF is a fixed + buffer, an assertion failure will result. It is unnecessary + (though harmless) to free a buffer after an error is detected; the + storage will already have been freed in that case. */ +void krb5int_free_buf(struct k5buf *buf); + +#endif /* K5_BUF_H */ diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 177e64d1e7..181ead4f1a 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -176,6 +176,9 @@ typedef INT64_TYPE krb5_int64; /* Get error info support. */ #include "k5-err.h" +/* Get string buffer support. */ +#include "k5-buf.h" + /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table (which allows non-ambiguous error codes between subsystems) */ @@ -210,6 +213,10 @@ typedef INT64_TYPE krb5_int64; /* required */ #define KDC_ERR_SERVER_NOMATCH 26 /* Requested server and */ /* ticket don't match*/ +#define KDC_ERR_MUST_USE_USER2USER 27 /* Server principal valid for */ + /* user2user only */ +#define KDC_ERR_PATH_NOT_ACCEPTED 28 /* KDC policy rejected transited */ + /* path */ #define KDC_ERR_SVC_UNAVAILABLE 29 /* A service is not * available that is * required to process the @@ -248,13 +255,19 @@ typedef INT64_TYPE krb5_int64; /* PKINIT server-reported errors */ #define KDC_ERR_CLIENT_NOT_TRUSTED 62 /* client cert not trusted */ +#define KDC_ERR_KDC_NOT_TRUSTED 63 #define KDC_ERR_INVALID_SIG 64 /* client signature verify failed */ #define KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED 65 /* invalid Diffie-Hellman parameters */ +#define KDC_ERR_CERTIFICATE_MISMATCH 66 +#define KRB_AP_ERR_NO_TGT 67 +#define KDC_ERR_WRONG_REALM 68 +#define KRB_AP_ERR_USER_TO_USER_REQUIRED 69 #define KDC_ERR_CANT_VERIFY_CERTIFICATE 70 /* client cert not verifiable to */ /* trusted root cert */ #define KDC_ERR_INVALID_CERTIFICATE 71 /* client cert had invalid signature */ #define KDC_ERR_REVOKED_CERTIFICATE 72 /* client cert was revoked */ #define KDC_ERR_REVOCATION_STATUS_UNKNOWN 73 /* client cert revoked, reason unknown */ +#define KDC_ERR_REVOCATION_STATUS_UNAVAILABLE 74 #define KDC_ERR_CLIENT_NAME_MISMATCH 75 /* mismatch between client cert and */ /* principal name */ #define KDC_ERR_INCONSISTENT_KEY_PURPOSE 77 /* bad extended key use */ @@ -300,6 +313,12 @@ typedef struct _krb5_etype_info_entry { typedef krb5_etype_info_entry ** krb5_etype_info; +/* RFC 4537 */ +typedef struct _krb5_etype_list { + int length; + krb5_enctype *etypes; +} krb5_etype_list; + /* * a sam_challenge is returned for alternate preauth */ @@ -559,7 +578,19 @@ struct krb5_enc_provider { krb5_error_code (*init_state) (const krb5_keyblock *key, krb5_keyusage keyusage, krb5_data *out_state); krb5_error_code (*free_state) (krb5_data *state); - + + /* In-place encryption/decryption of multiple buffers */ + krb5_error_code (*encrypt_iov) (const krb5_keyblock *key, + const krb5_data *cipher_state, + krb5_crypto_iov *data, + size_t num_data); + + + krb5_error_code (*decrypt_iov) (const krb5_keyblock *key, + const krb5_data *cipher_state, + krb5_crypto_iov *data, + size_t num_data); + }; struct krb5_hash_provider { @@ -585,6 +616,45 @@ struct krb5_keyhash_provider { const krb5_data *input, const krb5_data *hash, krb5_boolean *valid); + + krb5_error_code (*hash_iov) (const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + const krb5_crypto_iov *data, + size_t num_data, + krb5_data *output); + + krb5_error_code (*verify_iov) (const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + const krb5_crypto_iov *data, + size_t num_data, + const krb5_data *hash, + krb5_boolean *valid); +}; + +struct krb5_aead_provider { + krb5_error_code (*crypto_length) (const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_cryptotype type, + unsigned int *length); + krb5_error_code (*encrypt_iov) (const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data); + krb5_error_code (*decrypt_iov) (const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data); }; typedef void (*krb5_encrypt_length_func) (const struct krb5_enc_provider *enc, @@ -612,13 +682,14 @@ struct krb5_keytypes { char *out_string; const struct krb5_enc_provider *enc; const struct krb5_hash_provider *hash; - size_t prf_length; + size_t prf_length; krb5_encrypt_length_func encrypt_len; krb5_crypt_func encrypt; krb5_crypt_func decrypt; krb5_str2key_func str2key; - krb5_prf_func prf; + krb5_prf_func prf; krb5_cksumtype required_ctype; + const struct krb5_aead_provider *aead; }; struct krb5_cksumtypes { @@ -662,6 +733,12 @@ krb5_error_code krb5_hmac const krb5_keyblock *key, unsigned int icount, const krb5_data *input, krb5_data *output); +krb5_error_code krb5int_hmac_iov +(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output); + krb5_error_code krb5int_pbkdf2_hmac_sha1 (const krb5_data *, unsigned long, const krb5_data *, const krb5_data *); @@ -862,6 +939,12 @@ typedef struct _krb5_pa_enc_ts { krb5_int32 pausec; } krb5_pa_enc_ts; +typedef struct _krb5_pa_for_user { + krb5_principal user; + krb5_checksum cksum; + krb5_data auth_package; +} krb5_pa_for_user; + typedef krb5_error_code (*krb5_preauth_obtain_proc) (krb5_context, krb5_pa_data *, @@ -1139,6 +1222,16 @@ void KRB5_CALLCONV krb5_free_enc_sam_response_enc_2_contents void KRB5_CALLCONV krb5_free_pa_enc_ts (krb5_context, krb5_pa_enc_ts *); +void KRB5_CALLCONV krb5_free_pa_for_user + (krb5_context, krb5_pa_for_user * ); +void KRB5_CALLCONV krb5_free_pa_svr_referral_data + (krb5_context, krb5_pa_svr_referral_data * ); +void KRB5_CALLCONV krb5_free_pa_server_referral_data + (krb5_context, krb5_pa_server_referral_data * ); +void KRB5_CALLCONV krb5_free_pa_pac_req + (krb5_context, krb5_pa_pac_req * ); +void KRB5_CALLCONV krb5_free_etype_list + (krb5_context, krb5_etype_list * ); #include "kdb.h" @@ -1381,8 +1474,12 @@ krb5_error_code encode_krb5_kdc_req_body krb5_error_code encode_krb5_safe (const krb5_safe *rep, krb5_data **code); +struct krb5_safe_with_body { + krb5_safe *safe; + krb5_data *body; +}; krb5_error_code encode_krb5_safe_with_body - (const krb5_safe *rep, const krb5_data *body, krb5_data **code); + (const struct krb5_safe_with_body *rep, krb5_data **code); krb5_error_code encode_krb5_priv (const krb5_priv *rep, krb5_data **code); @@ -1400,7 +1497,7 @@ krb5_error_code encode_krb5_error (const krb5_error *rep, krb5_data **code); krb5_error_code encode_krb5_authdata - (const krb5_authdata **rep, krb5_data **code); + (krb5_authdata *const *rep, krb5_data **code); krb5_error_code encode_krb5_authdata_elt (const krb5_authdata *rep, krb5_data **code); @@ -1412,15 +1509,15 @@ krb5_error_code encode_krb5_pwd_data (const krb5_pwd_data *rep, krb5_data **code); krb5_error_code encode_krb5_padata_sequence - (const krb5_pa_data ** rep, krb5_data **code); + (krb5_pa_data *const *rep, krb5_data **code); krb5_error_code encode_krb5_alt_method (const krb5_alt_method *, krb5_data **code); krb5_error_code encode_krb5_etype_info - (const krb5_etype_info_entry **, krb5_data **code); + (krb5_etype_info_entry *const *, krb5_data **code); krb5_error_code encode_krb5_etype_info2 - (const krb5_etype_info_entry **, krb5_data **code); + (krb5_etype_info_entry *const *, krb5_data **code); krb5_error_code encode_krb5_enc_data (const krb5_enc_data *, krb5_data **); @@ -1440,11 +1537,13 @@ krb5_error_code encode_krb5_enc_sam_response_enc krb5_error_code encode_krb5_sam_response (const krb5_sam_response * , krb5_data **); +#if 0 /* currently not compiled because we never use them */ krb5_error_code encode_krb5_sam_challenge_2 (const krb5_sam_challenge_2 * , krb5_data **); krb5_error_code encode_krb5_sam_challenge_2_body (const krb5_sam_challenge_2_body * , krb5_data **); +#endif krb5_error_code encode_krb5_enc_sam_response_enc_2 (const krb5_enc_sam_response_enc_2 * , krb5_data **); @@ -1455,8 +1554,27 @@ krb5_error_code encode_krb5_sam_response_2 krb5_error_code encode_krb5_predicted_sam_response (const krb5_predicted_sam_response * , krb5_data **); +struct krb5_setpw_req { + krb5_principal target; + krb5_data password; +}; krb5_error_code encode_krb5_setpw_req -(const krb5_principal target, char *password, krb5_data **code); + (const struct krb5_setpw_req *rep, krb5_data **code); + +krb5_error_code encode_krb5_pa_for_user + (const krb5_pa_for_user * , krb5_data **); + +krb5_error_code encode_krb5_pa_svr_referral_data + (const krb5_pa_svr_referral_data * , krb5_data **); + +krb5_error_code encode_krb5_pa_server_referral_data + (const krb5_pa_server_referral_data * , krb5_data **); + +krb5_error_code encode_krb5_pa_pac_req + (const krb5_pa_pac_req * , krb5_data **); + +krb5_error_code encode_krb5_etype_list + (const krb5_etype_list * , krb5_data **); /************************************************************************* * End of prototypes for krb5_encode.c @@ -1599,18 +1717,40 @@ krb5_error_code decode_krb5_pa_enc_ts krb5_error_code decode_krb5_sam_key (const krb5_data *, krb5_sam_key **); +krb5_error_code decode_krb5_setpw_req + (const krb5_data *, krb5_data **, krb5_principal *); + +krb5_error_code decode_krb5_pa_for_user + (const krb5_data *, krb5_pa_for_user **); + +krb5_error_code decode_krb5_pa_svr_referral_data + (const krb5_data *, krb5_pa_svr_referral_data **); + +krb5_error_code decode_krb5_pa_server_referral_data + (const krb5_data *, krb5_pa_server_referral_data **); + +krb5_error_code decode_krb5_pa_pac_req + (const krb5_data *, krb5_pa_pac_req **); + +krb5_error_code decode_krb5_etype_list + (const krb5_data *, krb5_etype_list **); + struct _krb5_key_data; /* kdb.h */ + +struct ldap_seqof_key_data { + krb5_int32 mkvno; /* Master key version number */ + struct _krb5_key_data *key_data; + krb5_int16 n_key_data; +}; +typedef struct ldap_seqof_key_data ldap_seqof_key_data; + krb5_error_code -krb5int_ldap_encode_sequence_of_keys (struct _krb5_key_data *key_data, - krb5_int16 n_key_data, - krb5_int32 mkvno, +krb5int_ldap_encode_sequence_of_keys (const ldap_seqof_key_data *val, krb5_data **code); krb5_error_code krb5int_ldap_decode_sequence_of_keys (krb5_data *in, - struct _krb5_key_data **out, - krb5_int16 *n_key_data, - int *mkvno); + ldap_seqof_key_data **rep); /************************************************************************* * End of prototypes for krb5_decode.c @@ -1765,7 +1905,8 @@ void krb5int_set_prompt_types krb5_error_code krb5int_generate_and_save_subkey (krb5_context, krb5_auth_context, - krb5_keyblock * /* Old keyblock, not new! */); + krb5_keyblock * /* Old keyblock, not new! */, + krb5_enctype); /* set and change password helpers */ @@ -1855,6 +1996,7 @@ typedef struct _krb5int_access { struct srv_dns_entry **answers); void (*free_srv_dns_data)(struct srv_dns_entry *); int (*use_dns_kdc)(krb5_context); + krb5_error_code (*clean_hostname)(krb5_context, const char *, char *, size_t); /* krb4 compatibility stuff -- may be null if not enabled */ krb5_int32 (*krb_life_to_time)(krb5_int32, int); @@ -1869,16 +2011,12 @@ typedef struct _krb5int_access { /* Used for KDB LDAP back end. */ krb5_error_code - (*asn1_ldap_encode_sequence_of_keys) (struct _krb5_key_data *key_data, - krb5_int16 n_key_data, - krb5_int32 mkvno, + (*asn1_ldap_encode_sequence_of_keys) (const ldap_seqof_key_data *val, krb5_data **code); krb5_error_code (*asn1_ldap_decode_sequence_of_keys) (krb5_data *in, - struct _krb5_key_data **out, - krb5_int16 *n_key_data, - int *mkvno); + ldap_seqof_key_data **); /* * pkinit asn.1 encode/decode functions @@ -1946,6 +2084,12 @@ typedef struct _krb5int_access { krb5_error_code (*encode_krb5_authdata_elt) (const krb5_authdata *rep, krb5_data **code); + /* Exported for testing only! */ + krb5_error_code (*encode_krb5_sam_response_2) + (const krb5_sam_response_2 *rep, krb5_data **code); + krb5_error_code (*encode_krb5_enc_sam_response_enc_2) + (const krb5_enc_sam_response_enc_2 *rep, krb5_data **code); + } krb5int_access; #define KRB5INT_ACCESS_VERSION \ @@ -1964,20 +2108,6 @@ krb5_error_code KRB5_CALLCONV krb5int_accessor #define KRB524_SERVICE "krb524" #define KRB524_PORT 4444 -/* v4lifetime.c */ -extern krb5_int32 krb5int_krb_life_to_time(krb5_int32, int); -extern int krb5int_krb_time_to_life(krb5_int32, krb5_int32); - -/* conv_creds.c */ -int krb5int_encode_v4tkt - (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); - -/* send524.c */ -int krb5int_524_sendto_kdc - (krb5_context context, const krb5_data * message, - const krb5_data * realm, krb5_data * reply, - struct sockaddr *, socklen_t *); - /* temporary -- this should be under lib/krb5/ccache somewhere */ struct _krb5_ccache { @@ -2047,37 +2177,6 @@ extern const krb5_cc_ops *krb5_cc_dfl_ops; krb5_error_code krb5int_cc_os_default_name(krb5_context context, char **name); -/* reentrant mutex used by krb5_cc_* functions */ -typedef struct _k5_cc_mutex { - k5_mutex_t lock; - krb5_context owner; - krb5_int32 refcount; -} k5_cc_mutex; - -#define K5_CC_MUTEX_PARTIAL_INITIALIZER \ - { K5_MUTEX_PARTIAL_INITIALIZER, NULL, 0 } - -krb5_error_code -k5_cc_mutex_init(k5_cc_mutex *m); - -krb5_error_code -k5_cc_mutex_finish_init(k5_cc_mutex *m); - -#define k5_cc_mutex_destroy(M) \ -k5_mutex_destroy(&(M)->lock); - -void -k5_cc_mutex_assert_locked(krb5_context context, k5_cc_mutex *m); - -void -k5_cc_mutex_assert_unlocked(krb5_context context, k5_cc_mutex *m); - -krb5_error_code -k5_cc_mutex_lock(krb5_context context, k5_cc_mutex *m); - -krb5_error_code -k5_cc_mutex_unlock(krb5_context context, k5_cc_mutex *m); - typedef struct _krb5_donot_replay { krb5_magic magic; krb5_ui_4 hash; @@ -2197,7 +2296,7 @@ extern int krb5int_prng_init(void); /* * Referral definitions, debugging hooks, and subfunctions. */ -#define KRB5_REFERRAL_MAXHOPS 5 +#define KRB5_REFERRAL_MAXHOPS 10 /* #define DEBUG_REFERRALS */ #ifdef DEBUG_REFERRALS @@ -2241,7 +2340,6 @@ krb5_error_code krb5int_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output); -struct _krb5_kt_ops; struct _krb5_kt { /* should move into k5-int.h */ krb5_magic magic; const struct _krb5_kt_ops *ops; @@ -2270,6 +2368,16 @@ void KRB5_CALLCONV krb5_free_ktypes krb5_boolean krb5_is_permitted_enctype (krb5_context, krb5_enctype); +typedef struct +{ + krb5_enctype *etype; + krb5_boolean *etype_ok; + krb5_int32 etype_count; +} krb5_etypes_permitted; + +krb5_boolean krb5_is_permitted_enctype_ext + ( krb5_context, krb5_etypes_permitted *); + krb5_error_code krb5_kdc_rep_decrypt_proc (krb5_context, const krb5_keyblock *, @@ -2321,6 +2429,11 @@ void krb5_free_ets krb5_error_code krb5_generate_subkey (krb5_context, const krb5_keyblock *, krb5_keyblock **); +krb5_error_code krb5_generate_subkey_extended + (krb5_context, + const krb5_keyblock *, + krb5_enctype, + krb5_keyblock **); krb5_error_code krb5_generate_seq_number (krb5_context, const krb5_keyblock *, krb5_ui_4 *); @@ -2523,6 +2636,15 @@ void KRB5_CALLCONV krb5_realm_iterator_free void KRB5_CALLCONV krb5_free_realm_string (krb5_context context, char *str); +/* Internal principal function used by KIM to avoid code duplication */ +krb5_error_code KRB5_CALLCONV +krb5int_build_principal_alloc_va(krb5_context context, + krb5_principal *princ, + unsigned int rlen, + const char *realm, + const char *first, + va_list ap); + /* Some data comparison and conversion functions. */ #if 0 static inline int data_cmp(krb5_data d1, krb5_data d2) @@ -2560,4 +2682,14 @@ static inline int authdata_eq (krb5_authdata a1, krb5_authdata a2) && a1.length == a2.length && !memcmp(a1.contents, a2.contents, a1.length)); } + +krb5_error_code KRB5_CALLCONV +krb5int_pac_sign(krb5_context context, + krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal, + const krb5_keyblock *server_key, + const krb5_keyblock *privsvr_key, + krb5_data *data); + #endif /* _KRB5_INT_H */ diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h index 15d585b340..f4511278e7 100644 --- a/src/include/k5-platform.h +++ b/src/include/k5-platform.h @@ -860,6 +860,14 @@ set_cloexec_file(FILE *f) #define va_copy(dest, src) memcmp(dest, src, sizeof(va_list)) #endif +/* Provide strlcpy/strlcat interfaces. */ +#ifndef HAVE_STRLCPY +#define strlcpy krb5int_strlcpy +#define strlcat krb5int_strlcat +extern size_t krb5int_strlcpy(char *dst, const char *src, size_t siz); +extern size_t krb5int_strlcat(char *dst, const char *src, size_t siz); +#endif + /* Provide [v]asprintf interfaces. */ #ifndef HAVE_VSNPRINTF #ifdef _WIN32 @@ -892,87 +900,18 @@ snprintf(char *str, size_t size, const char *format, ...) #endif /* win32? */ #endif /* no vsnprintf */ -#ifndef HAVE_VASPRINTF - #if !defined(__cplusplus) && (__GNUC__ > 2) -static inline int k5_vasprintf(char **, const char *, va_list) +extern int krb5int_vasprintf(char **, const char *, va_list) __attribute__((__format__(__printf__, 2, 0))); -static inline int k5_asprintf(char **, const char *, ...) +extern int krb5int_asprintf(char **, const char *, ...) __attribute__((__format__(__printf__, 2, 3))); #endif -#define vasprintf k5_vasprintf -/* On error: BSD: Set *ret to NULL. GNU: *ret is undefined. +#ifndef HAVE_VASPRINTF - Since we want to be able to use the GNU version directly, we need - provide only the weaker guarantee in this version. */ -static inline int -vasprintf(char **ret, const char *format, va_list ap) -{ - va_list ap2; - char *str = NULL, *nstr; - size_t len = 80; - int len2; - - while (1) { - if (len >= INT_MAX || len == 0) - goto fail; - nstr = realloc(str, len); - if (nstr == NULL) - goto fail; - str = nstr; - va_copy(ap2, ap); - len2 = vsnprintf(str, len, format, ap2); - va_end(ap2); - /* ISO C vsnprintf returns the needed length. Some old - vsnprintf implementations return -1 on truncation. */ - if (len2 < 0) { - /* Don't know how much space we need, just that we didn't - supply enough; get a bigger buffer and try again. */ - if (len <= SIZE_MAX/2) - len *= 2; - else if (len < SIZE_MAX) - len = SIZE_MAX; - else - goto fail; - } else if ((unsigned int) len2 >= SIZE_MAX) { - /* Need more space than we can request. */ - goto fail; - } else if ((size_t) len2 >= len) { - /* Need more space, but we know how much. */ - len = (size_t) len2 + 1; - } else { - /* Success! */ - break; - } - } - /* We might've allocated more than we need, if we're still using - the initial guess, or we got here by doubling. */ - if ((size_t) len2 < len - 1) { - nstr = realloc(str, (size_t) len2 + 1); - if (nstr) - str = nstr; - } - *ret = str; - return len2; - -fail: - free(str); - return -1; -} +#define vasprintf krb5int_vasprintf /* Assume HAVE_ASPRINTF iff HAVE_VASPRINTF. */ -#define asprintf k5_asprintf -static inline int -k5_asprintf(char **ret, const char *format, ...) -{ - va_list ap; - int n; - - va_start(ap, format); - n = vasprintf(ret, format, ap); - va_end(ap); - return n; -} +#define asprintf krb5int_asprintf #elif defined(NEED_VASPRINTF_PROTO) @@ -989,6 +928,22 @@ extern int asprintf(char **, const char *, ...) #endif /* have vasprintf and prototype? */ +/* Return true if the snprintf return value RESULT reflects a buffer + overflow for the buffer size SIZE. + + We cast the result to unsigned int for two reasons. First, old + implementations of snprintf (such as the one in Solaris 9 and + prior) return -1 on a buffer overflow. Casting the result to -1 + will convert that value to UINT_MAX, which should compare larger + than any reasonable buffer size. Second, comparing signed and + unsigned integers will generate warnings with some compilers, and + can have unpredictable results, particularly when the relative + widths of the types is not known (size_t may be the same width as + int or larger). +*/ +#define SNPRINTF_OVERFLOW(result, size) \ + ((unsigned int)(result) >= (size_t)(size)) + #ifndef HAVE_MKSTEMP extern int krb5int_mkstemp(char *); #define mkstemp krb5int_mkstemp diff --git a/src/include/k5-plugin.h b/src/include/k5-plugin.h index 5bb9be7a00..f5f4f43c21 100644 --- a/src/include/k5-plugin.h +++ b/src/include/k5-plugin.h @@ -45,6 +45,9 @@ So, no krb5 types. */ +#ifndef K5_PLUGIN_H +#define K5_PLUGIN_H + #if defined(_MSDOS) || defined(_WIN32) #include "win-mac.h" #endif @@ -102,3 +105,5 @@ krb5int_get_plugin_dir_func (struct plugin_dir_handle *, const char *, void (***)(void), struct errinfo *); void KRB5_CALLCONV krb5int_free_plugin_dir_func (void (**)(void)); + +#endif /* K5_PLUGIN_H */ diff --git a/src/include/k5-thread.h b/src/include/k5-thread.h index a3fb13dcdd..821fe8457a 100644 --- a/src/include/k5-thread.h +++ b/src/include/k5-thread.h @@ -411,12 +411,7 @@ typedef enum { K5_KEY_GSS_KRB5_ERROR_MESSAGE, K5_KEY_KIM_ERROR_MESSAGE, #if defined(__MACH__) && defined(__APPLE__) - K5_KEY_CCAPI_REQUEST_PORT, - K5_KEY_CCAPI_REPLY_STREAM, - K5_KEY_CCAPI_SERVER_DIED, - K5_KEY_IPC_REQUEST_PORTS, - K5_KEY_IPC_REPLY_STREAM, - K5_KEY_IPC_SERVER_DIED, + K5_KEY_IPC_CONNECTION_INFO, K5_KEY_COM_ERR_REENTER, #endif K5_KEY_MAX diff --git a/src/include/k5-unicode.h b/src/include/k5-unicode.h new file mode 100644 index 0000000000..8955a99443 --- /dev/null +++ b/src/include/k5-unicode.h @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2008 by the Massachusetts Institute of Technology, + * Cambridge, MA, USA. All Rights Reserved. + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for + * distribution: + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to + * preserve same. + * + * Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* This notice applies to changes, created by or for Novell, Inc., + * to preexisting works for which notices appear elsewhere in this file. + * + * Copyright (C) 2000 Novell, Inc. All Rights Reserved. + * + * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES. + * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION + * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT + * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE + * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS + * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC + * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE + * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY. + */ + +#ifndef K5_UNICODE_H +#define K5_UNICODE_H + +#include "autoconf.h" + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_STDLIB_H +#include +#endif + +#include "k5-utf8.h" + +typedef krb5_ucs4 krb5_unicode; + +int krb5int_ucstrncmp( + const krb5_unicode *, + const krb5_unicode *, + size_t); + +int krb5int_ucstrncasecmp( + const krb5_unicode *, + const krb5_unicode *, + size_t); + +krb5_unicode *krb5int_ucstrnchr( + const krb5_unicode *, + size_t, + krb5_unicode); + +krb5_unicode *krb5int_ucstrncasechr( + const krb5_unicode *, + size_t, + krb5_unicode); + +void krb5int_ucstr2upper( + krb5_unicode *, + size_t); + +#define KRB5_UTF8_NOCASEFOLD 0x0U +#define KRB5_UTF8_CASEFOLD 0x1U +#define KRB5_UTF8_ARG1NFC 0x2U +#define KRB5_UTF8_ARG2NFC 0x4U +#define KRB5_UTF8_APPROX 0x8U + +krb5_data * krb5int_utf8_normalize( + krb5_data *, + krb5_data *, + unsigned); + +int krb5int_utf8_normcmp( + const krb5_data *, + const krb5_data *, + unsigned); + +#endif /* K5_UNICODE_H */ diff --git a/src/include/k5-utf8.h b/src/include/k5-utf8.h new file mode 100644 index 0000000000..b5a3945597 --- /dev/null +++ b/src/include/k5-utf8.h @@ -0,0 +1,252 @@ +/* + * Copyright (C) 2008 by the Massachusetts Institute of Technology, + * Cambridge, MA, USA. All Rights Reserved. + * + * This software is being provided to you, the LICENSEE, by the + * Massachusetts Institute of Technology (M.I.T.) under the following + * license. By obtaining, using and/or copying this software, you agree + * that you have read, understood, and will comply with these terms and + * conditions: + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify and distribute + * this software and its documentation for any purpose and without fee or + * royalty is hereby granted, provided that you agree to comply with the + * following copyright notice and statements, including the disclaimer, and + * that the same appear on ALL copies of the software and documentation, + * including modifications that you make for internal use or for + * distribution: + * + * THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO REPRESENTATIONS + * OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not + * limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF + * MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF + * THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY + * PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. + * + * The name of the Massachusetts Institute of Technology or M.I.T. may NOT + * be used in advertising or publicity pertaining to distribution of the + * software. Title to copyright in this software and any associated + * documentation shall at all times remain with M.I.T., and USER agrees to + * preserve same. + * + * Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* This notice applies to changes, created by or for Novell, Inc., + * to preexisting works for which notices appear elsewhere in this file. + * + * Copyright (C) 2000 Novell, Inc. All Rights Reserved. + * + * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND TREATIES. + * USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT TO VERSION + * 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS AVAILABLE AT + * HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" IN THE + * TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION OF THIS + * WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP PUBLIC + * LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT THE + * PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY. + */ + +#ifndef K5_UTF8_H +#define K5_UTF8_H + +#include "autoconf.h" + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_STDLIB_H +#include +#endif + +#if INT_MAX == 0x7fff +typedef int krb5_ucs2; +#elif SHRT_MAX == 0x7fff +typedef short krb5_ucs2; +#else +#error undefined 16 bit type +#endif + +#if INT_MAX == 0x7fffffffL +typedef int krb5_ucs4; +#elif LONG_MAX == 0x7fffffffL +typedef long krb5_ucs4; +#elif SHRT_MAX == 0x7fffffffL +typedef short krb5_ucs4; +#else +#error: undefined 32 bit type +#endif + +#define KRB5_UCS2_INVALID ((krb5_ucs2)0x8000) +#define KRB5_UCS4_INVALID ((krb5_ucs4)0x80000000) + +#define KRB5_MAX_UTF8_LEN (sizeof(krb5_ucs2) * 3/2) + +krb5_ucs2 krb5int_utf8_to_ucs2(const char *p); +size_t krb5int_ucs2_to_utf8(krb5_ucs2 c, char *buf); + +krb5_ucs4 krb5int_utf8_to_ucs4(const char *p); +size_t krb5int_ucs4_to_utf8(krb5_ucs4 c, char *buf); + +int +krb5int_ucs2s_to_utf8s(const krb5_ucs2 *ucs2s, + char **utf8s, + size_t *utf8slen); + +int +krb5int_ucs2cs_to_utf8s(const krb5_ucs2 *ucs2s, + size_t ucs2slen, + char **utf8s, + size_t *utf8slen); + +int +krb5int_ucs2les_to_utf8s(const unsigned char *ucs2les, + char **utf8s, + size_t *utf8slen); + +int +krb5int_ucs2lecs_to_utf8s(const unsigned char *ucs2les, + size_t ucs2leslen, + char **utf8s, + size_t *utf8slen); + +int +krb5int_utf8s_to_ucs2s(const char *utf8s, + krb5_ucs2 **ucs2s, + size_t *ucs2chars); + +int +krb5int_utf8cs_to_ucs2s(const char *utf8s, + size_t utf8slen, + krb5_ucs2 **ucs2s, + size_t *ucs2chars); + +int +krb5int_utf8s_to_ucs2les(const char *utf8s, + unsigned char **ucs2les, + size_t *ucs2leslen); + +int +krb5int_utf8cs_to_ucs2les(const char *utf8s, + size_t utf8slen, + unsigned char **ucs2les, + size_t *ucs2leslen); + +/* returns the number of bytes in the UTF-8 string */ +size_t krb5int_utf8_bytes(const char *); +/* returns the number of UTF-8 characters in the string */ +size_t krb5int_utf8_chars(const char *); +/* returns the number of UTF-8 characters in the counted string */ +size_t krb5int_utf8c_chars(const char *, size_t); +/* returns the length (in bytes) of the UTF-8 character */ +int krb5int_utf8_offset(const char *); +/* returns the length (in bytes) indicated by the UTF-8 character */ +int krb5int_utf8_charlen(const char *); + +/* returns the length (in bytes) indicated by the UTF-8 character + * also checks that shortest possible encoding was used + */ +int krb5int_utf8_charlen2(const char *); + +/* copies a UTF-8 character and returning number of bytes copied */ +int krb5int_utf8_copy(char *, const char *); + +/* returns pointer of next UTF-8 character in string */ +char *krb5int_utf8_next( const char *); +/* returns pointer of previous UTF-8 character in string */ +char *krb5int_utf8_prev( const char *); + +/* primitive ctype routines -- not aware of non-ascii characters */ +int krb5int_utf8_isascii( const char *); +int krb5int_utf8_isalpha( const char *); +int krb5int_utf8_isalnum( const char *); +int krb5int_utf8_isdigit( const char *); +int krb5int_utf8_isxdigit( const char *); +int krb5int_utf8_isspace( const char *); + +/* span characters not in set, return bytes spanned */ +size_t krb5int_utf8_strcspn( const char* str, const char *set); +/* span characters in set, return bytes spanned */ +size_t krb5int_utf8_strspn( const char* str, const char *set); +/* return first occurance of character in string */ +char *krb5int_utf8_strchr( const char* str, const char *chr); +/* return first character of set in string */ +char *krb5int_utf8_strpbrk( const char* str, const char *set); +/* reentrant tokenizer */ +char *krb5int_utf8_strtok( char* sp, const char* sep, char **last); + +/* Optimizations */ +extern const char krb5int_utf8_lentab[128]; +extern const char krb5int_utf8_mintab[32]; + +#define KRB5_UTF8_ISASCII(p) ( !(*(const unsigned char *)(p) & 0x80 ) ) +#define KRB5_UTF8_CHARLEN(p) ( KRB5_UTF8_ISASCII(p) \ + ? 1 : krb5int_utf8_lentab[*(const unsigned char *)(p) ^ 0x80] ) + +/* This is like CHARLEN but additionally validates to make sure + * the char used the shortest possible encoding. + * 'l' is used to temporarily hold the result of CHARLEN. + */ +#define KRB5_UTF8_CHARLEN2(p, l) ( ( ( l = KRB5_UTF8_CHARLEN( p )) < 3 || \ + ( krb5int_utf8_mintab[*(const unsigned char *)(p) & 0x1f] & (p)[1] ) ) ? \ + l : 0 ) + +#define KRB5_UTF8_OFFSET(p) ( KRB5_UTF8_ISASCII(p) \ + ? 1 : krb5int_utf8_offset((p)) ) + +#define KRB5_UTF8_COPY(d,s) ( KRB5_UTF8_ISASCII(s) \ + ? (*(d) = *(s), 1) : krb5int_utf8_copy((d),(s)) ) + +#define KRB5_UTF8_NEXT(p) ( KRB5_UTF8_ISASCII(p) \ + ? (char *)(p)+1 : krb5int_utf8_next((p)) ) + +#define KRB5_UTF8_INCR(p) ((p) = KRB5_UTF8_NEXT(p)) + +/* For symmetry */ +#define KRB5_UTF8_PREV(p) (krb5int_utf8_prev((p))) +#define KRB5_UTF8_DECR(p) ((p)=KRB5_UTF8_PREV((p))) + +/* + * these macros assume 'x' is an ASCII x + * and assume the "C" locale + */ +#define KRB5_ASCII(c) (!((c) & 0x80)) +#define KRB5_SPACE(c) ((c) == ' ' || (c) == '\t' || (c) == '\n') +#define KRB5_DIGIT(c) ((c) >= '0' && (c) <= '9') +#define KRB5_LOWER(c) ((c) >= 'a' && (c) <= 'z') +#define KRB5_UPPER(c) ((c) >= 'A' && (c) <= 'Z') +#define KRB5_ALPHA(c) (KRB5_LOWER(c) || KRB5_UPPER(c)) +#define KRB5_ALNUM(c) (KRB5_ALPHA(c) || KRB5_DIGIT(c)) + +#define KRB5_LDH(c) (KRB5_ALNUM(c) || (c) == '-') + +#define KRB5_HEXLOWER(c) ((c) >= 'a' && (c) <= 'f') +#define KRB5_HEXUPPER(c) ((c) >= 'A' && (c) <= 'F') +#define KRB5_HEX(c) (KRB5_DIGIT(c) || \ + KRB5_HEXLOWER(c) || KRB5_HEXUPPER(c)) + +#endif /* K5_UTF8_H */ diff --git a/src/include/kdb.h b/src/include/kdb.h index 9d3ca38058..a95676b037 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -85,6 +85,8 @@ #define KRB5_KDB_CREATE_BTREE 0x00000001 #define KRB5_KDB_CREATE_HASH 0x00000002 +#if !defined(_WIN32) + /* * Note --- these structures cannot be modified without changing the * database version number in libkdb.a, but should be expandable by @@ -233,6 +235,7 @@ extern char *krb5_mkey_pwd_prompt2; * * Data encoding is little-endian. */ +#ifdef _KRB5_INT_H #include "k5-platform.h" #define krb5_kdb_decode_int16(cp, i16) \ *((krb5_int16 *) &(i16)) = load_16_le(cp) @@ -240,6 +243,7 @@ extern char *krb5_mkey_pwd_prompt2; *((krb5_int32 *) &(i32)) = load_32_le(cp) #define krb5_kdb_encode_int16(i16, cp) store_16_le(i16, cp) #define krb5_kdb_encode_int32(i32, cp) store_32_le(i32, cp) +#endif /* _KRB5_INT_H */ #define KRB5_KDB_OPEN_RW 0 #define KRB5_KDB_OPEN_RO 1 @@ -311,6 +315,13 @@ krb5_error_code krb5_db_set_mkey ( krb5_context context, krb5_keyblock *key); krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, krb5_keyblock **key ); + +krb5_error_code krb5_db_set_mkey_list( krb5_context context, + krb5_keyblock_node * keylist); + +krb5_error_code krb5_db_get_mkey_list( krb5_context kcontext, + krb5_keyblock_node ** keylist); + krb5_error_code krb5_db_free_master_key ( krb5_context kcontext, krb5_keyblock *key ); krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, @@ -587,6 +598,36 @@ krb5_dbe_def_cpw( krb5_context context, krb5_error_code krb5_def_promote_db(krb5_context, char *, char **); +krb5_error_code +krb5_dbekd_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); + +krb5_error_code +krb5_dbekd_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); + +krb5_error_code +krb5_dbekd_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); + +krb5_error_code +krb5_dbekd_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); + krb5_error_code krb5_db_create_policy( krb5_context kcontext, osa_policy_ent_t policy); @@ -615,6 +656,219 @@ void krb5_db_free_policy( krb5_context kcontext, osa_policy_ent_t policy); + + +krb5_error_code +krb5_db_set_context + (krb5_context, void *db_context); + +krb5_error_code +krb5_db_get_context + (krb5_context, void **db_context); + #define KRB5_KDB_DEF_FLAGS 0 +#define KDB_MAX_DB_NAME 128 +#define KDB_REALM_SECTION "realms" +#define KDB_MODULE_POINTER "database_module" +#define KDB_MODULE_DEF_SECTION "dbdefaults" +#define KDB_MODULE_SECTION "dbmodules" +#define KDB_LIB_POINTER "db_library" +#define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH +#define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV + +#define KRB5_KDB_OPEN_RW 0 +#define KRB5_KDB_OPEN_RO 1 + +#define KRB5_KDB_OPT_SET_DB_NAME 0 +#define KRB5_KDB_OPT_SET_LOCK_MODE 1 + +typedef struct _kdb_vftabl { + short int maj_ver; + short int min_ver; + + krb5_error_code (*init_library)(); + krb5_error_code (*fini_library)(); + krb5_error_code (*init_module) ( krb5_context kcontext, + char * conf_section, + char ** db_args, + int mode ); + + krb5_error_code (*fini_module) ( krb5_context kcontext ); + + krb5_error_code (*db_create) ( krb5_context kcontext, + char * conf_section, + char ** db_args ); + + krb5_error_code (*db_destroy) ( krb5_context kcontext, + char *conf_section, + char ** db_args ); + + krb5_error_code (*db_get_age) ( krb5_context kcontext, + char *db_name, + time_t *age ); + + krb5_error_code (*db_set_option) ( krb5_context kcontext, + int option, + void *value ); + + krb5_error_code (*db_lock) ( krb5_context kcontext, + int mode ); + + krb5_error_code (*db_unlock) ( krb5_context kcontext); + + krb5_error_code (*db_get_principal) ( krb5_context kcontext, + krb5_const_principal search_for, + unsigned int flags, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); + + krb5_error_code (*db_free_principal) ( krb5_context kcontext, + krb5_db_entry *entry, + int count ); + + krb5_error_code (*db_put_principal) ( krb5_context kcontext, + krb5_db_entry *entries, + int *nentries, + char **db_args); + + krb5_error_code (*db_delete_principal) ( krb5_context kcontext, + krb5_const_principal search_for, + int *nentries ); + + krb5_error_code (*db_iterate) ( krb5_context kcontext, + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ); + + krb5_error_code (*db_create_policy) ( krb5_context kcontext, + osa_policy_ent_t policy ); + + krb5_error_code (*db_get_policy) ( krb5_context kcontext, + char *name, + osa_policy_ent_t *policy, + int *cnt); + + krb5_error_code (*db_put_policy) ( krb5_context kcontext, + osa_policy_ent_t policy ); + + krb5_error_code (*db_iter_policy) ( krb5_context kcontext, + char *match_entry, + osa_adb_iter_policy_func func, + void *data ); + + + krb5_error_code (*db_delete_policy) ( krb5_context kcontext, + char *policy ); + + void (*db_free_policy) ( krb5_context kcontext, + osa_policy_ent_t val ); + + krb5_error_code (*db_supported_realms) ( krb5_context kcontext, + char **realms ); + + krb5_error_code (*db_free_supported_realms) ( krb5_context kcontext, + char **realms ); + + + const char * (*errcode_2_string) ( krb5_context kcontext, + long err_code ); + + void (*release_errcode_string) (krb5_context kcontext, const char *msg); + + void * (*db_alloc) (krb5_context kcontext, void *ptr, size_t size); + void (*db_free) (krb5_context kcontext, void *ptr); + + + + /* optional functions */ + krb5_error_code (*set_master_key) ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key); + + krb5_error_code (*get_master_key) ( krb5_context kcontext, + krb5_keyblock **key); + + krb5_error_code (*set_master_key_list) ( krb5_context kcontext, + krb5_keyblock_node *keylist); + + krb5_error_code (*get_master_key_list) ( krb5_context kcontext, + krb5_keyblock_node **keylist); + + krb5_error_code (*setup_master_key_name) ( krb5_context kcontext, + char *keyname, + char *realm, + char **fullname, + krb5_principal *principal); + + krb5_error_code (*store_master_key) ( krb5_context kcontext, + char *db_arg, + krb5_principal mname, + krb5_kvno kvno, + krb5_keyblock *key, + char *master_pwd); + + krb5_error_code (*fetch_master_key) ( krb5_context kcontext, + krb5_principal mname, + krb5_keyblock *key, + krb5_kvno *kvno, + char *db_args); + + krb5_error_code (*verify_master_key) ( krb5_context kcontext, + krb5_principal mprinc, + krb5_kvno kvno, + krb5_keyblock *mkey ); + + krb5_error_code (*fetch_master_key_list) (krb5_context kcontext, + krb5_principal mname, + const krb5_keyblock *key, + krb5_kvno kvno, + krb5_keyblock_node **mkeys_list); + + krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); + + + krb5_error_code + (*db_change_pwd) ( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); + + /* Promote a temporary database to be the live one. */ + krb5_error_code (*promote_db) (krb5_context context, + char *conf_section, + char **db_args); + + krb5_error_code (*dbekd_decrypt_key_data) ( krb5_context kcontext, + const krb5_keyblock *mkey, + const krb5_key_data *key_data, + krb5_keyblock *dbkey, + krb5_keysalt *keysalt ); + + krb5_error_code (*dbekd_encrypt_key_data) ( krb5_context kcontext, + const krb5_keyblock *mkey, + const krb5_keyblock *dbkey, + const krb5_keysalt *keyselt, + int keyver, + krb5_key_data *key_data ); + + krb5_error_code + (*db_invoke) ( krb5_context context, + unsigned int method, + const krb5_data *req, + krb5_data *rep ); +} kdb_vftabl; +#endif /* !defined(_WIN32) */ + #endif /* KRB5_KDB5__ */ diff --git a/src/include/kdb_ext.h b/src/include/kdb_ext.h new file mode 100644 index 0000000000..87959538e9 --- /dev/null +++ b/src/include/kdb_ext.h @@ -0,0 +1,171 @@ +/* + * include/krb5/kdb_ext.h + * + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef KRB5_KDB5_EXT__ +#define KRB5_KDB5_EXT__ + +/* Can be delegated as in TicketFlags */ +#define KRB5_KDB_OK_AS_DELEGATE 0x00100000 +/* Allowed to use protocol transition */ +#define KRB5_KDB_OK_TO_AUTH_AS_DELEGATE 0x00200000 +/* Service does not require authorization data */ +#define KRB5_KDB_NO_AUTH_DATA_REQUIRED 0x00400000 +/* Private flag used to indicate principal is local TGS */ +#define KRB5_KDB_TICKET_GRANTING_SERVICE 0x01000000 +/* Private flag used to indicate xrealm relationship is non-transitive */ +#define KRB5_KDB_XREALM_NON_TRANSITIVE 0x02000000 + +/* Entry get flags */ +/* Name canonicalization requested */ +#define KRB5_KDB_FLAG_CANONICALIZE 0x00000010 +/* Include authorization data generated by backend */ +#define KRB5_KDB_FLAG_INCLUDE_PAC 0x00000020 +/* Is AS-REQ (client referrals only) */ +#define KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY 0x00000040 +/* Map cross-realm principals */ +#define KRB5_KDB_FLAG_MAP_PRINCIPALS 0x00000080 +/* Protocol transition */ +#define KRB5_KDB_FLAG_PROTOCOL_TRANSITION 0x00000100 +/* Constrained delegation */ +#define KRB5_KDB_FLAG_CONSTRAINED_DELEGATION 0x00000200 +/* User-to-user */ +#define KRB5_KDB_FLAG_USER_TO_USER 0x00000800 +/* Cross-realm */ +#define KRB5_KDB_FLAG_CROSS_REALM 0x00001000 + +#define KRB5_KDB_FLAGS_S4U ( KRB5_KDB_FLAG_PROTOCOL_TRANSITION | \ + KRB5_KDB_FLAG_CONSTRAINED_DELEGATION ) + +#define KRB5_TL_PAC_LOGON_INFO 0x0100 /* NDR encoded validation info */ +#define KRB5_TL_SERVER_REFERRAL 0x0200 /* ASN.1 encoded ServerReferralInfo */ +#define KRB5_TL_SVR_REFERRAL_DATA 0x0300 /* ASN.1 encoded PA-SVR-REFERRAL-DATA */ +#define KRB5_TL_CONSTRAINED_DELEGATION_ACL 0x0400 /* Each entry is a permitted SPN */ +#define KRB5_TL_LM_KEY 0x0500 /* LM OWF */ +#define KRB5_TL_X509_SUBJECT_ISSUER_NAME 0x0600 /* IssuerDNSubjectDN */ + +krb5_error_code krb5_db_get_principal_ext ( krb5_context kcontext, + krb5_const_principal search_for, + unsigned int flags, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); + +krb5_error_code krb5_db_invoke ( krb5_context kcontext, + unsigned int method, + const krb5_data *req, + krb5_data *rep ); + +/* db_invoke methods */ +#define KRB5_KDB_METHOD_SIGN_AUTH_DATA 0x00000010 +#define KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS 0x00000020 +#define KRB5_KDB_METHOD_CHECK_POLICY_AS 0x00000030 +#define KRB5_KDB_METHOD_CHECK_POLICY_TGS 0x00000040 +#define KRB5_KDB_METHOD_AUDIT_AS 0x00000050 +#define KRB5_KDB_METHOD_AUDIT_TGS 0x00000060 +#define KRB5_KDB_METHOD_REFRESH_POLICY 0x00000070 +#define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE 0x00000080 + +typedef struct _kdb_sign_auth_data_req { + krb5_magic magic; + unsigned int flags; /* KRB5_KDB flags */ + krb5_const_principal client_princ; /* Client name used in ticket */ + krb5_db_entry *client; /* DB entry for client principal */ + krb5_db_entry *server; /* DB entry for server principal */ + krb5_db_entry *krbtgt; /* DB entry for ticket granting service principal */ + krb5_keyblock *client_key; /* Reply key, valid for AS-REQ only */ + krb5_keyblock *server_key; /* Key used to generate server signature */ + krb5_timestamp authtime; /* Authtime of TGT */ + krb5_authdata **auth_data; /* Authorization data from TGT */ +} kdb_sign_auth_data_req; + +typedef struct _kdb_sign_auth_data_rep { + krb5_magic magic; + krb5_authdata **auth_data; /* Signed authorization data */ + krb5_db_entry *entry; /* Optional client principal extracted from auth data */ + int nprincs; /* Non-zero if above contains principal data */ +} kdb_sign_auth_data_rep; + +typedef struct _kdb_check_transited_realms_req { + krb5_magic magic; + const krb5_data *tr_contents; + const krb5_data *client_realm; + const krb5_data *server_realm; +} kdb_check_transited_realms_req; + +typedef struct _kdb_check_policy_as_req { + krb5_magic magic; + krb5_kdc_req *request; + krb5_db_entry *client; + krb5_db_entry *server; + krb5_timestamp kdc_time; +} kdb_check_policy_as_req; + +typedef struct _kdb_check_policy_as_rep { + krb5_magic magic; + const char *status; +} kdb_check_policy_as_rep; + +typedef struct _kdb_check_policy_tgs_req { + krb5_magic magic; + krb5_kdc_req *request; + krb5_db_entry *server; + krb5_ticket *ticket; +} kdb_check_policy_tgs_req; + +typedef struct _kdb_check_policy_tgs_rep { + krb5_magic magic; + const char *status; +} kdb_check_policy_tgs_rep; + +typedef struct _kdb_audit_as_req { + krb5_magic magic; + krb5_kdc_req *request; + krb5_db_entry *client; + krb5_db_entry *server; + krb5_timestamp authtime; + krb5_error_code error_code; +} kdb_audit_as_req; + +typedef struct _kdb_audit_tgs_req { + krb5_magic magic; + krb5_kdc_req *request; + krb5_const_principal client; + krb5_db_entry *server; + krb5_timestamp authtime; + krb5_error_code error_code; +} kdb_audit_tgs_req; + +typedef struct _kdb_check_allowed_to_delegate_req { + krb5_magic magic; + const krb5_db_entry *server; + krb5_const_principal proxy; +} kdb_check_allowed_to_delegate_req; + +#endif /* KRB5_KDB5_EXT__ */ diff --git a/src/include/kerberosIV/Makefile.in b/src/include/kerberosIV/Makefile.in deleted file mode 100644 index a82f5e6cb1..0000000000 --- a/src/include/kerberosIV/Makefile.in +++ /dev/null @@ -1,23 +0,0 @@ -thisconfigdir=./../.. -myfulldir=include/kerberosIV -mydir=include/kerberosIV -BUILDTOP=$(REL)..$(S).. -KRB4_HEADERS=krb.h des.h mit-copyright.h - -all-unix:: krb_err.h kadm_err.h - -krb_err.h: $(SRCTOP)/lib/krb4/krb_err.et -kadm_err.h: $(SRCTOP)/lib/krb4/kadm_err.et -krb_err.h kadm_err.h: rebuild-k4-error-tables; : $@ -rebuild-k4-error-tables: - (cd $(BUILDTOP)/lib/krb4 && $(MAKE) includes) - -clean-unix:: - $(RM) krb_err.h kadm_err.h - -install-headers-unix install:: krb_err.h kadm_err.h - @set -x; for f in $(KRB4_HEADERS) ; \ - do $(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)$(KRB5_INCDIR)/kerberosIV/$$f ; \ - done - $(INSTALL_DATA) krb_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kerberosIV$(S)krb_err.h - $(INSTALL_DATA) kadm_err.h $(DESTDIR)$(KRB5_INCDIR)$(S)kerberosIV$(S)kadm_err.h diff --git a/src/include/kerberosIV/addr_comp.h b/src/include/kerberosIV/addr_comp.h deleted file mode 100644 index ccf3a8d05f..0000000000 --- a/src/include/kerberosIV/addr_comp.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * include/kerberosIV/addr_comp.h - * - * Copyright 1987-1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for address comparison macros. - */ - -#ifndef ADDR_COMP_DEFS -#define ADDR_COMP_DEFS - -/* -** Look boys and girls, a big kludge -** We need to compare the two internet addresses in network byte order, not -** local byte order. This is a *really really slow way of doing that* -** But..... -** .....it works -** so we run with it -** -** long_less_than gets fed two (u_char *)'s.... -*/ - -#define u_char_comp(x,y) \ - (((x)>(y))?(1):(((x)==(y))?(0):(-1))) - -#define long_less_than(x,y) \ - (u_char_comp((x)[0],(y)[0])?u_char_comp((x)[0],(y)[0]): \ - (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \ - (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \ - (u_char_comp((x)[3],(y)[3]))))) - -#endif /* ADDR_COMP_DEFS */ diff --git a/src/include/kerberosIV/admin_server.h b/src/include/kerberosIV/admin_server.h deleted file mode 100644 index 3da4155188..0000000000 --- a/src/include/kerberosIV/admin_server.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * include/kerberosIV/admin_server.h - * - * Copyright 1987-1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#ifndef ADMIN_SERVER_DEFS -#define ADMIN_SERVER_DEFS - -#define PW_SRV_VERSION 2 /* version number */ - -#define INSTALL_NEW_PW (1<<0) /* - * ver, cmd, name, password, - * old_pass, crypt_pass, uid - */ - -#define ADMIN_NEW_PW (2<<1) /* - * ver, cmd, name, passwd, - * old_pass - * (grot), crypt_pass (grot) - */ - -#define ADMIN_SET_KDC_PASSWORD (3<<1) /* ditto */ -#define ADMIN_ADD_NEW_KEY (4<<1) /* ditto */ -#define ADMIN_ADD_NEW_KEY_ATTR (5<<1) /* - * ver, cmd, name, passwd, - * inst, attr (grot) - */ -#define INSTALL_REPLY (1<<1) /* ver, cmd, name, password */ -#define RETRY_LIMIT 1 -#define TIME_OUT 30 -#define USER_TIMEOUT 90 -#define MAX_KPW_LEN 40 - -#define KADM "changepw" /* service name */ - -#endif /* ADMIN_SERVER_DEFS */ diff --git a/src/include/kerberosIV/des.h b/src/include/kerberosIV/des.h deleted file mode 100644 index 9f9d3a85e8..0000000000 --- a/src/include/kerberosIV/des.h +++ /dev/null @@ -1,237 +0,0 @@ -/* - * include/kerberosIV/des.h - * - * Copyright 1987, 1988, 1994, 2002 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for the Data Encryption Standard library. - */ - -#if defined(__MACH__) && defined(__APPLE__) -#include -#include -#if TARGET_RT_MAC_CFM -#error "Use KfM 4.0 SDK headers for CFM compilation." -#endif -#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) -#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#endif -#endif /* defined(__MACH__) && defined(__APPLE__) */ - -/* Macro to add deprecated attribute to DES types and functions */ -/* Currently only defined on Mac OS X 10.5 and later. */ -#ifndef KRB5INT_DES_DEPRECATED -#define KRB5INT_DES_DEPRECATED -#endif - -#ifdef __cplusplus -#ifndef KRBINT_BEGIN_DECLS -#define KRBINT_BEGIN_DECLS extern "C" { -#define KRBINT_END_DECLS } -#endif -#else -#define KRBINT_BEGIN_DECLS -#define KRBINT_END_DECLS -#endif - -#ifndef KRB5INT_DES_TYPES_DEFINED -#define KRB5INT_DES_TYPES_DEFINED - -#include - -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -#if UINT_MAX >= 0xFFFFFFFFUL -#define DES_INT32 int -#define DES_UINT32 unsigned int -#else -#define DES_INT32 long -#define DES_UINT32 unsigned long -#endif - -typedef unsigned char des_cblock[8] /* crypto-block size */ -KRB5INT_DES_DEPRECATED; - -/* - * Key schedule. - * - * This used to be - * - * typedef struct des_ks_struct { - * union { DES_INT32 pad; des_cblock _;} __; - * } des_key_schedule[16]; - * - * but it would cause trouble if DES_INT32 were ever more than 4 - * bytes. The reason is that all the encryption functions cast it to - * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If - * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the - * caller-allocated des_key_schedule will be overflowed by the key - * scheduling functions. We can't assume that every platform will - * have an exact 32-bit int, and nothing should be looking inside a - * des_key_schedule anyway. - */ -typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] -KRB5INT_DES_DEPRECATED; - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB5INT_DES_TYPES_DEFINED */ - -/* only do the whole thing once */ -#ifndef DES_DEFS -/* - * lib/crypto/des/des_int.h defines KRB5INT_CRYPTO_DES_INT temporarily - * to avoid including the defintions and declarations below. The - * reason that the crypto library needs to include this file is that - * it needs to have its types aligned with krb4's types. - */ -#ifndef KRB5INT_CRYPTO_DES_INT -#define DES_DEFS - -#if defined(_WIN32) -#ifndef KRB4 -#define KRB4 1 -#endif -#include -#endif -#include /* need FILE for des_cblock_print_file */ - -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -/* Windows declarations */ -#ifndef KRB5_CALLCONV -#define KRB5_CALLCONV -#define KRB5_CALLCONV_C -#endif - -#define DES_KEY_SZ (sizeof(des_cblock)) -#define DES_ENCRYPT 1 -#define DES_DECRYPT 0 - -#ifndef NCOMPAT -#define C_Block des_cblock -#define Key_schedule des_key_schedule -#define ENCRYPT DES_ENCRYPT -#define DECRYPT DES_DECRYPT -#define KEY_SZ DES_KEY_SZ -#define string_to_key des_string_to_key -#define read_pw_string des_read_pw_string -#define random_key des_random_key -#define pcbc_encrypt des_pcbc_encrypt -#define key_sched des_key_sched -#define cbc_encrypt des_cbc_encrypt -#define cbc_cksum des_cbc_cksum -#define C_Block_print des_cblock_print -#define quad_cksum des_quad_cksum -typedef struct des_ks_struct bit_64; -#endif - -#define des_cblock_print(x) des_cblock_print_file(x, stdout) - -/* - * Function Prototypes - */ - -int KRB5_CALLCONV des_key_sched (C_Block, Key_schedule) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV -des_pcbc_encrypt (C_Block *in, C_Block *out, long length, - const des_key_schedule schedule, C_Block *ivec, - int enc) -KRB5INT_DES_DEPRECATED; - -unsigned long KRB5_CALLCONV -des_quad_cksum (const unsigned char *in, unsigned DES_INT32 *out, - long length, int out_count, C_Block *seed) -KRB5INT_DES_DEPRECATED; - -/* - * XXX ABI change: used to return void; also, cns/kfm have signed long - * instead of unsigned long length. - */ -unsigned long KRB5_CALLCONV -des_cbc_cksum(const des_cblock *, des_cblock *, unsigned long, - const des_key_schedule, const des_cblock *) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_string_to_key (const char *, C_Block) -KRB5INT_DES_DEPRECATED; - -void afs_string_to_key(char *, char *, des_cblock) -KRB5INT_DES_DEPRECATED; - -/* XXX ABI change: used to return krb5_error_code */ -int KRB5_CALLCONV des_read_password(des_cblock *, char *, int) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_ecb_encrypt(des_cblock *, des_cblock *, - const des_key_schedule, int) -KRB5INT_DES_DEPRECATED; - -/* XXX kfm/cns have signed long length */ -int des_cbc_encrypt(des_cblock *, des_cblock *, unsigned long, - const des_key_schedule, const des_cblock *, int) -KRB5INT_DES_DEPRECATED; - -void des_fixup_key_parity(des_cblock) -KRB5INT_DES_DEPRECATED; - -int des_check_key_parity(des_cblock) -KRB5INT_DES_DEPRECATED; - -int KRB5_CALLCONV des_new_random_key(des_cblock) -KRB5INT_DES_DEPRECATED; - -void des_init_random_number_generator(des_cblock) -KRB5INT_DES_DEPRECATED; - -int des_random_key(des_cblock *) -KRB5INT_DES_DEPRECATED; - -int des_is_weak_key(des_cblock) -KRB5INT_DES_DEPRECATED; - -void des_cblock_print_file(des_cblock *, FILE *fp) -KRB5INT_DES_DEPRECATED; - - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB5INT_CRYPTO_DES_INT */ -#endif /* DES_DEFS */ diff --git a/src/include/kerberosIV/kadm.h b/src/include/kerberosIV/kadm.h deleted file mode 100644 index 21bc60e5a4..0000000000 --- a/src/include/kerberosIV/kadm.h +++ /dev/null @@ -1,194 +0,0 @@ -/* - * include/kerberosIV/kadm.h - * - * Copyright 1988, 1994, 2002 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Definitions for Kerberos administration server & client. These - * should be considered private; among other reasons, it leaks all - * over the namespace. - */ - -#ifndef KADM_DEFS -#define KADM_DEFS - -/* - * kadm.h - * Header file for the fourth attempt at an admin server - * Doug Church, December 28, 1989, MIT Project Athena - */ - -#include -#include "port-sockets.h" -#include -#include - -/* for those broken Unixes without this defined... should be in sys/param.h */ -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 64 -#endif - -/* The global structures for the client and server */ -typedef struct { - struct sockaddr_in admin_addr; - struct sockaddr_in my_addr; - int my_addr_len; - int admin_fd; /* file descriptor for link to admin server */ - char sname[ANAME_SZ]; /* the service name */ - char sinst[INST_SZ]; /* the services instance */ - char krbrlm[REALM_SZ]; - /* KfM additions... */ - int default_port; - CREDENTIALS creds; /* The client's credentials (from krb_get_pw_in_tkt_creds)*/ -} Kadm_Client; - -typedef struct { /* status of the server, i.e the parameters */ - int inter; /* Space for command line flags */ - char *sysfile; /* filename of server */ -} admin_params; /* Well... it's the admin's parameters */ - -/* Largest password length to be supported */ -#define MAX_KPW_LEN 128 - -/* Largest packet the admin server will ever allow itself to return */ -#define KADM_RET_MAX 2048 - -/* That's right, versions are 8 byte strings */ -#define KADM_VERSTR "KADM0.0A" -#define KADM_ULOSE "KYOULOSE" /* sent back when server can't - decrypt client's msg */ -#define KADM_VERSIZE strlen(KADM_VERSTR) - -/* the lookups for the server instances */ -#define PWSERV_NAME "changepw" -#define KADM_SNAME "kerberos_master" -#define KADM_SINST "kerberos" - -/* Attributes fields constants and macros */ -#define ALLOC 2 -#define RESERVED 3 -#define DEALLOC 4 -#define DEACTIVATED 5 -#define ACTIVE 6 - -/* Kadm_vals structure for passing db fields into the server routines */ -#define FLDSZ 4 - -typedef struct { - u_char fields[FLDSZ]; /* The active fields in this struct */ - char name[ANAME_SZ]; - char instance[INST_SZ]; - KRB_UINT32 key_low; - KRB_UINT32 key_high; - KRB_UINT32 exp_date; - unsigned short attributes; - unsigned char max_life; -} Kadm_vals; /* The basic values structure in Kadm */ - -/* Kadm_vals structure for passing db fields into the server routines */ -#define FLDSZ 4 - -/* Need to define fields types here */ -#define KADM_NAME 31 -#define KADM_INST 30 -#define KADM_EXPDATE 29 -#define KADM_ATTR 28 -#define KADM_MAXLIFE 27 -#define KADM_DESKEY 26 - -/* To set a field entry f in a fields structure d */ -#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) - -/* To set a field entry f in a fields structure d */ -#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) - -/* Is field f in fields structure d */ -#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) - -/* Various return codes */ -#define KADM_SUCCESS 0 - -#define WILDCARD_STR "*" - -enum acl_types { -ADDACL, -GETACL, -MODACL, -STABACL, -DELACL -}; - -/* Various opcodes for the admin server's functions */ -#define CHANGE_PW 2 -#define ADD_ENT 3 -#define MOD_ENT 4 -#define GET_ENT 5 -#define CHECK_PW 6 -#define CHG_STAB 7 -/* Cygnus principal-deletion support */ -#define KADM_CYGNUS_EXT_BASE 64 -#define DEL_ENT (KADM_CYGNUS_EXT_BASE+1) - -#ifdef POSIX -typedef void sigtype; -#else -typedef int sigtype; -#endif - -/* Avoid stomping on namespace... */ - -#define vals_to_stream kadm_vals_to_stream -#define build_field_header kadm_build_field_header -#define vts_string kadm_vts_string -#define vts_short kadm_vts_short -#define vts_long kadm_vts_long -#define vts_char kadm_vts_char - -#define stream_to_vals kadm_stream_to_vals -#define check_field_header kadm_check_field_header -#define stv_string kadm_stv_string -#define stv_short kadm_stv_short -#define stv_long kadm_stv_long -#define stv_char kadm_stv_char - -int vals_to_stream(Kadm_vals *, u_char **); -int build_field_header(u_char *, u_char **); -int vts_string(char *, u_char **, int); -int vts_short(KRB_UINT32, u_char **, int); -int vts_long(KRB_UINT32, u_char **, int); -int vts_char(KRB_UINT32, u_char **, int); - -int stream_to_vals(u_char *, Kadm_vals *, int); -int check_field_header(u_char *, u_char *, int); -int stv_string(u_char *, char *, int, int, int); -int stv_short(u_char *, u_short *, int, int); -int stv_long(u_char *, KRB_UINT32 *, int, int); -int stv_char(u_char *, u_char *, int, int); - -int kadm_init_link(char *, char *, char *, Kadm_Client *, int); -int kadm_cli_send(Kadm_Client *, u_char *, size_t, u_char **, size_t *); -int kadm_cli_conn(Kadm_Client *); -void kadm_cli_disconn(Kadm_Client *); -int kadm_cli_out(Kadm_Client *, u_char *, int, u_char **, size_t *); -int kadm_cli_keyd(Kadm_Client *, des_cblock, des_key_schedule); - -#endif /* KADM_DEFS */ diff --git a/src/include/kerberosIV/kdc.h b/src/include/kerberosIV/kdc.h deleted file mode 100644 index 095420c28f..0000000000 --- a/src/include/kerberosIV/kdc.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * include/kerberosIV/kdc.h - * - * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for the Kerberos Key Distribution Center. - */ - -#ifndef KDC_DEFS -#define KDC_DEFS - -#define S_AD_SZ sizeof(struct sockaddr_in) - -#ifdef notdef -#define max(a,b) (a>b ? a : b) -#define min(a,b) (a='0') && (CH<='7') ) -#define ISQUOTE(CH) ( (CH=='\"') || (CH=='\'') || (CH=='`') ) -#define ISWHITESPACE(C) ( (C==' ') || (C=='\t') ) -#define ISLINEFEED(C) ( (C=='\n') || (C=='\r') || (C=='\f') ) - -/* - * tokens consist of any printable charcacter except comma, equal, or - * whitespace - */ - -#define ISTOKENCHAR(C) ((C>040) && (C<0177) && (C != ',') && (C != '=')) - -/* - * the parameter table defines the keywords that will be recognized by - * fGetParameterSet, and their default values if not specified. - */ - -typedef struct { - char *keyword; - char *defvalue; - char *value; -} parmtable; - -#define PARMCOUNT(P) (sizeof(P)/sizeof(P[0])) - -int fGetChar (FILE *fp); -int fGetParameterSet (FILE *fp, parmtable parm[], int parmcount); -int ParmCompare (parmtable parm[], int parmcount, char *keyword, char *value); - -void FreeParameterSet (parmtable parm[], int parmcount); - -int fGetKeywordValue (FILE *fp, char *keyword, int klen, char *value, int vlen); - -int fGetToken (FILE *fp, char *dest, int maxlen); - -int fGetLiteral (FILE *fp); - -int fUngetChar (int ch, FILE *fp); - -#endif /* KPARSE_DEFS */ diff --git a/src/include/kerberosIV/krb.h b/src/include/kerberosIV/krb.h deleted file mode 100644 index b11a6b69dd..0000000000 --- a/src/include/kerberosIV/krb.h +++ /dev/null @@ -1,924 +0,0 @@ -/* - * include/kerberosIV/krb.h - * - * Copyright 1987, 1988, 1994, 2001, 2002 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Include file for the Kerberos V4 library. - */ - -/* Only one time, please */ -#ifndef KRB_DEFS -#define KRB_DEFS - -/* - * For MacOS, don't expose prototypes of various private functions. - * Unfortuantely, they've leaked out everywhere else. - */ -#if defined(__MACH__) && defined(__APPLE__) -#include -#include -#if TARGET_RT_MAC_CFM -#error "Use KfM 4.0 SDK headers for CFM compilation." -#endif -#ifndef KRB_PRIVATE -#define KRB_PRIVATE 0 -#endif -#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) -#define KRB5INT_KRB4_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 -#endif -#else -#ifndef KRB_PRIVATE -#define KRB_PRIVATE 1 -#endif -#endif /* defined(__MACH__) && defined(__APPLE__) */ - -/* Macro to add deprecated attribute to KRB4 types and functions */ -/* Currently only defined on Mac OS X 10.5 and later. */ -#ifndef KRB5INT_KRB4_DEPRECATED -#define KRB5INT_KRB4_DEPRECATED -#endif - -/* Define u_char, u_short, u_int, and u_long. */ -/* XXX these typdef names are not standardized! */ -#include - -/* Need some defs from des.h */ -#include -#include -#include - -#ifdef _WIN32 -#include -#endif /* _WIN32 */ - -#ifdef __cplusplus -#ifndef KRBINT_BEGIN_DECLS -#define KRBINT_BEGIN_DECLS extern "C" { -#define KRBINT_END_DECLS } -#endif -#else -#define KRBINT_BEGIN_DECLS -#define KRBINT_END_DECLS -#endif -KRBINT_BEGIN_DECLS - -#if TARGET_OS_MAC -# pragma pack(push,2) -#endif - -#define KRB4_32 DES_INT32 -#define KRB_INT32 DES_INT32 -#define KRB_UINT32 DES_UINT32 - -#define MAX_KRB_ERRORS 256 - -#if TARGET_OS_MAC -/* ABI divergence on Mac for backwards compatibility. */ -extern const char * const * const krb_err_txt -KRB5INT_KRB4_DEPRECATED; -#else -extern const char * const krb_err_txt[MAX_KRB_ERRORS] -KRB5INT_KRB4_DEPRECATED; -#endif - -/* General definitions */ -#define KSUCCESS 0 -#define KFAILURE 255 - -/* - * Kerberos specific definitions - * - * KRBLOG is the log file for the kerberos master server. KRB_CONF is - * the configuration file where different host machines running master - * and slave servers can be found. KRB_MASTER is the name of the - * machine with the master database. The admin_server runs on this - * machine, and all changes to the db (as opposed to read-only - * requests, which can go to slaves) must go to it. KRB_HOST is the - * default machine * when looking for a kerberos slave server. Other - * possibilities are * in the KRB_CONF file. KRB_REALM is the name of - * the realm. - */ - -#define KRB_CONF "/etc/krb.conf" -#define KRB_RLM_TRANS "/etc/krb.realms" -#define KRB_MASTER "kerberos" -#define KRB_HOST KRB_MASTER -#define KRB_REALM "ATHENA.MIT.EDU" - -/* The maximum sizes for aname, realm, sname, and instance +1 */ -#define ANAME_SZ 40 -#define REALM_SZ 40 -#define SNAME_SZ 40 -#define INST_SZ 40 -#define ADDR_SZ 40 -/* - * NB: This overcounts due to NULs. - */ -/* include space for '.' and '@' */ -#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2) -#define KKEY_SZ 100 -#define VERSION_SZ 1 -#define MSG_TYPE_SZ 1 -#define DATE_SZ 26 /* RTI date output */ - -#define MAX_HSTNM 100 - -#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ -#define DEFAULT_TKT_LIFE 120 /* default lifetime for krb_mk_req */ -#endif - -#define KRB_TICKET_GRANTING_TICKET "krbtgt" - -/* Definition of text structure used to pass text around */ -#define MAX_KTXT_LEN 1250 - -struct ktext { - int length; /* Length of the text */ - unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ - unsigned long mbz; /* zero to catch runaway strings */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct ktext *KTEXT KRB5INT_KRB4_DEPRECATED; -typedef struct ktext KTEXT_ST KRB5INT_KRB4_DEPRECATED; - - -/* Definitions for send_to_kdc */ -#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ -#define CLIENT_KRB_RETRY 5 /* retry this many times */ -#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ - -/* Definitions for ticket file utilities */ -#define R_TKT_FIL 0 -#define W_TKT_FIL 1 - -/* Definitions for cl_get_tgt */ -#ifdef PC -#define CL_GTGT_INIT_FILE "\\kerberos\\k_in_tkts" -#else -#define CL_GTGT_INIT_FILE "/etc/k_in_tkts" -#endif /* PC */ - -/* Parameters for rd_ap_req */ -/* Maximum allowable clock skew in seconds */ -#define CLOCK_SKEW 5*60 -/* Filename for readservkey */ -#define KEYFILE ((char*)krb__get_srvtabname("/etc/srvtab")) - -/* Structure definition for rd_ap_req */ - -struct auth_dat { - unsigned char k_flags; /* Flags from ticket */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* His Instance */ - char prealm[REALM_SZ]; /* His Realm */ - unsigned KRB4_32 checksum; /* Data checksum (opt) */ - C_Block session; /* Session Key */ - int life; /* Life of ticket */ - unsigned KRB4_32 time_sec; /* Time ticket issued */ - unsigned KRB4_32 address; /* Address in ticket */ - KTEXT_ST reply; /* Auth reply (opt) */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct auth_dat AUTH_DAT KRB5INT_KRB4_DEPRECATED; - -/* Structure definition for credentials returned by get_cred */ - -struct credentials { - char service[ANAME_SZ]; /* Service name */ - char instance[INST_SZ]; /* Instance */ - char realm[REALM_SZ]; /* Auth domain */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT_ST ticket_st; /* The ticket itself */ - KRB4_32 issue_date; /* The issue time */ - char pname[ANAME_SZ]; /* Principal's name */ - char pinst[INST_SZ]; /* Principal's instance */ -#if TARGET_OS_MAC - KRB_UINT32 address; /* Address in ticket */ - KRB_UINT32 stk_type; /* string_to_key function needed */ -#endif -#ifdef _WIN32 - char address[ADDR_SZ]; /* Address in ticket */ -#endif -} KRB5INT_KRB4_DEPRECATED; - -typedef struct credentials CREDENTIALS KRB5INT_KRB4_DEPRECATED; - -/* Structure definition for rd_private_msg and rd_safe_msg */ - -struct msg_dat { - unsigned char *app_data; /* pointer to appl data */ - unsigned KRB4_32 app_length; /* length of appl data */ - unsigned KRB4_32 hash; /* hash to lookup replay */ - int swap; /* swap bytes? */ - KRB4_32 time_sec; /* msg timestamp seconds */ - unsigned char time_5ms; /* msg timestamp 5ms units */ -} KRB5INT_KRB4_DEPRECATED; - -typedef struct msg_dat MSG_DAT KRB5INT_KRB4_DEPRECATED; - - -/* Location of ticket file for save_cred and get_cred */ -#ifdef _WIN32 -#define TKT_FILE "\\kerberos\\ticket.ses" -#else -#define TKT_FILE tkt_string() -#define TKT_ROOT "/tmp/tkt" -#endif /* _WIN32 */ - -/* - * Error codes are now defined as offsets from com_err (krb_err.et) - * values. - */ -#define KRB_ET(x) ((KRBET_ ## x) - ERROR_TABLE_BASE_krb) - -/* Error codes returned from the KDC */ -#define KDC_OK KRB_ET(KSUCCESS) /* 0 - Request OK */ -#define KDC_NAME_EXP KRB_ET(KDC_NAME_EXP) /* 1 - Principal expired */ -#define KDC_SERVICE_EXP KRB_ET(KDC_SERVICE_EXP) /* 2 - Service expired */ -#define KDC_AUTH_EXP KRB_ET(KDC_AUTH_EXP) /* 3 - Auth expired */ -#define KDC_PKT_VER KRB_ET(KDC_PKT_VER) /* 4 - Prot version unknown */ -#define KDC_P_MKEY_VER KRB_ET(KDC_P_MKEY_VER) /* 5 - Wrong mkey version */ -#define KDC_S_MKEY_VER KRB_ET(KDC_S_MKEY_VER) /* 6 - Wrong mkey version */ -#define KDC_BYTE_ORDER KRB_ET(KDC_BYTE_ORDER) /* 7 - Byte order unknown */ -#define KDC_PR_UNKNOWN KRB_ET(KDC_PR_UNKNOWN) /* 8 - Princ unknown */ -#define KDC_PR_N_UNIQUE KRB_ET(KDC_PR_N_UNIQUE) /* 9 - Princ not unique */ -#define KDC_NULL_KEY KRB_ET(KDC_NULL_KEY) /* 10 - Princ has null key */ -#define KDC_GEN_ERR KRB_ET(KDC_GEN_ERR) /* 20 - Generic err frm KDC */ - -/* Values returned by get_credentials */ -#define GC_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */ -#define RET_OK KRB_ET(KSUCCESS) /* 0 - Retrieve OK */ -#define GC_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */ -#define RET_TKFIL KRB_ET(GC_TKFIL) /* 21 - Can't rd tkt file */ -#define GC_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */ -#define RET_NOTKT KRB_ET(GC_NOTKT) /* 22 - Can't find tkt|TGT */ - -/* Values returned by mk_ap_req */ -#define MK_AP_OK KRB_ET(KSUCCESS) /* 0 - Success */ -#define MK_AP_TGTEXP KRB_ET(MK_AP_TGTEXP) /* 26 - TGT Expired */ - -/* Values returned by rd_ap_req */ -#define RD_AP_OK KRB_ET(KSUCCESS) /* 0 - Request authentic */ -#define RD_AP_UNDEC KRB_ET(RD_AP_UNDEC) /* 31 - Can't decode authent */ -#define RD_AP_EXP KRB_ET(RD_AP_EXP) /* 32 - Ticket expired */ -#define RD_AP_NYV KRB_ET(RD_AP_NYV) /* 33 - Ticket not yet valid */ -#define RD_AP_REPEAT KRB_ET(RD_AP_REPEAT) /* 34 - Repeated request */ -#define RD_AP_NOT_US KRB_ET(RD_AP_NOT_US) /* 35 - Ticket isn't for us */ -#define RD_AP_INCON KRB_ET(RD_AP_INCON) /* 36 - Request inconsistent */ -#define RD_AP_TIME KRB_ET(RD_AP_TIME) /* 37 - delta_t too big */ -#define RD_AP_BADD KRB_ET(RD_AP_BADD) /* 38 - Incorrect net addr */ -#define RD_AP_VERSION KRB_ET(RD_AP_VERSION) /* 39 - prot vers mismatch */ -#define RD_AP_MSG_TYPE KRB_ET(RD_AP_MSG_TYPE) /* 40 - invalid msg type */ -#define RD_AP_MODIFIED KRB_ET(RD_AP_MODIFIED) /* 41 - msg stream modified */ -#define RD_AP_ORDER KRB_ET(RD_AP_ORDER) /* 42 - message out of order */ -#define RD_AP_UNAUTHOR KRB_ET(RD_AP_UNAUTHOR) /* 43 - unauthorized request */ - -/* Values returned by get_pw_tkt */ -#define GT_PW_OK KRB_ET(KSUCCESS) /* 0 - Got passwd chg tkt */ -#define GT_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */ -#define GT_PW_BADPW KRB_ET(GT_PW_BADPW) /* 52 - Wrong passwd */ -#define GT_PW_PROT KRB_ET(GT_PW_PROT) /* 53 - Protocol Error */ -#define GT_PW_KDCERR KRB_ET(GT_PW_KDCERR) /* 54 - Error ret by KDC */ -#define GT_PW_NULLTKT KRB_ET(GT_PW_NULLTKT) /* 55 - Null tkt ret by KDC */ - -/* Values returned by send_to_kdc */ -#define SKDC_OK KRB_ET(KSUCCESS) /* 0 - Response received */ -#define SKDC_RETRY KRB_ET(SKDC_RETRY) /* 56 - Retry count exceeded */ -#define SKDC_CANT KRB_ET(SKDC_CANT) /* 57 - Can't send request */ - -/* - * Values returned by get_intkt - * (can also return SKDC_* and KDC errors) - */ - -#define INTK_OK KRB_ET(KSUCCESS) /* 0 - Ticket obtained */ -#define INTK_PW_NULL KRB_ET(GT_PW_NULL) /* 51 - Current PW is null */ -#define INTK_W_NOTALL KRB_ET(INTK_W_NOTALL) /* 61 - Not ALL tkts retd */ -#define INTK_BADPW KRB_ET(INTK_BADPW) /* 62 - Incorrect password */ -#define INTK_PROT KRB_ET(INTK_PROT) /* 63 - Protocol Error */ -#define INTK_ERR KRB_ET(INTK_ERR) /* 70 - Other error */ - -/* Values returned by get_adtkt */ -#define AD_OK KRB_ET(KSUCCESS) /* 0 - Ticket Obtained */ -#define AD_NOTGT KRB_ET(AD_NOTGT) /* 71 - Don't have tgt */ - -/* Error codes returned by ticket file utilities */ -#define NO_TKT_FIL KRB_ET(NO_TKT_FIL) /* 76 - No ticket file found */ -#define TKT_FIL_ACC KRB_ET(TKT_FIL_ACC) /* 77 - Can't acc tktfile */ -#define TKT_FIL_LCK KRB_ET(TKT_FIL_LCK) /* 78 - Can't lck tkt file */ -#define TKT_FIL_FMT KRB_ET(TKT_FIL_FMT) /* 79 - Bad tkt file format */ -#define TKT_FIL_INI KRB_ET(TKT_FIL_INI) /* 80 - tf_init not called */ - -/* Error code returned by kparse_name */ -#define KNAME_FMT KRB_ET(KNAME_FMT) /* 81 - Bad krb name fmt */ - -/* Error code returned by krb_mk_safe */ -#define SAFE_PRIV_ERROR (-1) /* syscall error */ - -/* Kerberos ticket flag field bit definitions */ -#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ -#define K_FLAG_1 /* reserved */ -#define K_FLAG_2 /* reserved */ -#define K_FLAG_3 /* reserved */ -#define K_FLAG_4 /* reserved */ -#define K_FLAG_5 /* reserved */ -#define K_FLAG_6 /* reserved */ -#define K_FLAG_7 /* reserved, bit 7 --> msb */ - -/* Are these needed anymore? */ -#ifdef OLDNAMES -#define krb_mk_req mk_ap_req -#define krb_rd_req rd_ap_req -#define krb_kntoln an_to_ln -#define krb_set_key set_serv_key -#define krb_get_cred get_credentials -#define krb_mk_priv mk_private_msg -#define krb_rd_priv rd_private_msg -#define krb_mk_safe mk_safe_msg -#define krb_rd_safe rd_safe_msg -#define krb_mk_err mk_appl_err_msg -#define krb_rd_err rd_appl_err_msg -#define krb_ck_repl check_replay -#define krb_get_pw_in_tkt get_in_tkt -#define krb_get_svc_in_tkt get_svc_in_tkt -#define krb_get_pw_tkt get_pw_tkt -#define krb_realmofhost krb_getrealm -#define krb_get_phost get_phost -#define krb_get_krbhst get_krbhst -#define krb_get_lrealm get_krbrlm -#endif /* OLDNAMES */ - -/* Defines for krb_sendauth and krb_recvauth */ - -#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ -#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ -#define KOPT_DONT_CANON 0x00000004 /* don't canonicalize inst as a host */ - -#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ - -#ifdef ATHENA_COMPAT -#define KOPT_DO_OLDSTYLE 0x00000008 /* use the old-style protocol */ -#endif /* ATHENA_COMPAT */ - - -#ifdef _WIN32 -#define TIME_GMT_UNIXSEC win_time_gmt_unixsec((unsigned KRB4_32 *)0) -#define TIME_GMT_UNIXSEC_US(us) win_time_gmt_unixsec((us)) -#define CONVERT_TIME_EPOCH win_time_get_epoch() -#else -/* until we do V4 compat under DOS, just turn this off */ -#define _fmemcpy memcpy -#define _fstrncpy strncpy -#define far_fputs fputs -/* and likewise, just drag in the unix time interface */ -#define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB4_32 *)0) -#define TIME_GMT_UNIXSEC_US(us) unix_time_gmt_unixsec((us)) -#define CONVERT_TIME_EPOCH ((long)0) /* Unix epoch is Krb epoch */ -#endif /* _WIN32 */ - -/* Constants for KerberosProfileLib */ -#define REALMS_V4_PROF_REALMS_SECTION "v4 realms" -#define REALMS_V4_PROF_KDC "kdc" -#define REALMS_V4_PROF_ADMIN_KDC "admin_server" -#define REALMS_V4_PROF_KPASSWD_KDC "kpasswd_server" -#define REALMS_V4_PROF_DOMAIN_SECTION "v4 domain_realm" -#define REALMS_V4_PROF_LIBDEFAULTS_SECTION "libdefaults" -#define REALMS_V4_PROF_LOCAL_REALM "default_realm" -#define REALMS_V4_PROF_STK "string_to_key_type" -#define REALMS_V4_MIT_STK "mit_string_to_key" -#define REALMS_V4_AFS_STK "afs_string_to_key" -#define REALMS_V4_COLUMBIA_STK "columbia_string_to_key" -#define REALMS_V4_DEFAULT_REALM "default_realm" -#define REALMS_V4_NO_ADDRESSES "noaddresses" - -/* ask to disable IP address checking in the library */ -extern int krb_ignore_ip_address; - -/* Debugging printfs shouldn't even be compiled on many systems that don't - support printf! Use it like DEB (("Oops - %s\n", string)); */ - -#ifdef DEBUG -#define DEB(x) if (krb_debug) printf x -extern int krb_debug; -#else -#define DEB(x) /* nothing */ -#endif - -/* Define a couple of function types including parameters. These - are needed on MS-Windows to convert arguments of the function pointers - to the proper types during calls. */ - -typedef int (KRB5_CALLCONV *key_proc_type) - (char *, char *, char *, - char *, C_Block) -KRB5INT_KRB4_DEPRECATED; - -#define KEY_PROC_TYPE_DEFINED - -typedef int (KRB5_CALLCONV *decrypt_tkt_type) - (char *, char *, char *, - char *, key_proc_type, KTEXT *) -KRB5INT_KRB4_DEPRECATED; - -#define DECRYPT_TKT_TYPE_DEFINED - -extern struct _krb5_context * krb5__krb4_context; - -/* - * Function Prototypes for Kerberos V4. - */ - -struct sockaddr_in; - -/* dest_tkt.c */ -int KRB5_CALLCONV dest_tkt - (void) -KRB5INT_KRB4_DEPRECATED; - -/* err_txt.c */ -const char * KRB5_CALLCONV krb_get_err_text - (int errnum) -KRB5INT_KRB4_DEPRECATED; - -/* g_ad_tkt.c */ -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV get_ad_tkt - (char *service, char *sinst, char *realm, int lifetime) -KRB5INT_KRB4_DEPRECATED; - -/* g_admhst.c */ -int KRB5_CALLCONV krb_get_admhst - (char *host, char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_cred.c */ -int KRB5_CALLCONV krb_get_cred - (char *service, char *instance, char *realm, - CREDENTIALS *c) -KRB5INT_KRB4_DEPRECATED; - -/* g_in_tkt.c */ -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV krb_get_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinst, int life, - key_proc_type, decrypt_tkt_type, char *arg) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* Previously not KRB5_CALLCONV */ -int KRB5_CALLCONV krb_get_in_tkt_preauth - (char *k_user, char *instance, char *realm, - char *service, char *sinst, int life, - key_proc_type, decrypt_tkt_type, char *arg, - char *preauth_p, int preauth_len) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* From KfM */ -int KRB5_CALLCONV krb_get_in_tkt_creds(char *, char *, char *, char *, char *, - int, key_proc_type, decrypt_tkt_type, char *, CREDENTIALS *) -KRB5INT_KRB4_DEPRECATED; - - -/* g_krbhst.c */ -int KRB5_CALLCONV krb_get_krbhst - (char *host, const char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_krbrlm.c */ -int KRB5_CALLCONV krb_get_lrealm - (char *realm, int idx) -KRB5INT_KRB4_DEPRECATED; - -/* g_phost.c */ -char * KRB5_CALLCONV krb_get_phost - (char * alias) -KRB5INT_KRB4_DEPRECATED; - -/* get_pw_tkt */ -int KRB5_CALLCONV get_pw_tkt - (char *, char *, char *, char *) -KRB5INT_KRB4_DEPRECATED; - -/* g_pw_in_tkt.c */ -int KRB5_CALLCONV krb_get_pw_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *password) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -int KRB5_CALLCONV krb_get_pw_in_tkt_preauth - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *password) -KRB5INT_KRB4_DEPRECATED; -#endif - -int KRB5_CALLCONV -krb_get_pw_in_tkt_creds(char *, char *, char *, - char *, char *, int, char *, CREDENTIALS *) -KRB5INT_KRB4_DEPRECATED; - -/* g_svc_in_tkt.c */ -int KRB5_CALLCONV krb_get_svc_in_tkt - (char *k_user, char *instance, char *realm, - char *service, char *sinstance, - int life, char *srvtab) -KRB5INT_KRB4_DEPRECATED; - -/* g_tf_fname.c */ -int KRB5_CALLCONV krb_get_tf_fullname - (const char *ticket_file, char *name, char *inst, char *realm) -KRB5INT_KRB4_DEPRECATED; - -/* g_tf_realm.c */ -int KRB5_CALLCONV krb_get_tf_realm - (const char *ticket_file, char *realm) -KRB5INT_KRB4_DEPRECATED; - -/* g_tkt_svc.c */ -int KRB5_CALLCONV krb_get_ticket_for_service - (char *serviceName, - char *buf, unsigned KRB4_32 *buflen, - int checksum, des_cblock, Key_schedule, - char *version, int includeVersion) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* in_tkt.c */ -int KRB5_CALLCONV in_tkt - (char *name, char *inst) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_in_tkt - (char *pname, char *pinst, char *realm) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* kname_parse.c */ -int KRB5_CALLCONV kname_parse - (char *name, char *inst, char *realm, - char *fullname) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV kname_unparse - (char *, const char *, const char *, const char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isname - (char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isinst - (char *) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV k_isrealm - (char *) -KRB5INT_KRB4_DEPRECATED; - - -/* kuserok.c */ -int KRB5_CALLCONV kuserok - (AUTH_DAT *kdata, char *luser) -KRB5INT_KRB4_DEPRECATED; - -/* lifetime.c */ -KRB4_32 KRB5_CALLCONV krb_life_to_time - (KRB4_32 start, int life) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_time_to_life - (KRB4_32 start, KRB4_32 end) -KRB5INT_KRB4_DEPRECATED; - -/* mk_auth.c */ -int KRB5_CALLCONV krb_check_auth - (KTEXT, unsigned KRB4_32 cksum, MSG_DAT *, - C_Block, Key_schedule, - struct sockaddr_in * local_addr, - struct sockaddr_in * foreign_addr) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV krb_mk_auth - (long k4_options, KTEXT ticket, - char *service, char *inst, char *realm, - unsigned KRB4_32 checksum, char *version, KTEXT buf) -KRB5INT_KRB4_DEPRECATED; - -/* mk_err.c */ -long KRB5_CALLCONV krb_mk_err - (u_char *out, KRB4_32 k4_code, char *text) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* mk_preauth.c */ -int krb_mk_preauth - (char **preauth_p, int *preauth_len, key_proc_type, - char *name, char *inst, char *realm, char *password, - C_Block) -KRB5INT_KRB4_DEPRECATED; - -void krb_free_preauth - (char * preauth_p, int len) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* mk_priv.c */ -long KRB5_CALLCONV krb_mk_priv - (u_char *in, u_char *out, - unsigned KRB4_32 length, - Key_schedule, C_Block *, - struct sockaddr_in * sender, - struct sockaddr_in * receiver) -KRB5INT_KRB4_DEPRECATED; - -/* mk_req.c */ -int KRB5_CALLCONV krb_mk_req - (KTEXT authent, - char *service, char *instance, char *realm, - KRB4_32 checksum) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV krb_mk_req_creds(KTEXT, CREDENTIALS *, KRB_INT32) -KRB5INT_KRB4_DEPRECATED; - -/* Added CALLCONV (KfM exports w/o INTERFACE, but KfW doesn't export?) */ -int KRB5_CALLCONV krb_set_lifetime(int newval) -KRB5INT_KRB4_DEPRECATED; - -/* mk_safe.c */ -long KRB5_CALLCONV krb_mk_safe - (u_char *in, u_char *out, unsigned KRB4_32 length, - C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* netread.c */ -int krb_net_read - (int fd, char *buf, int len) -KRB5INT_KRB4_DEPRECATED; - -/* netwrite.c */ -int krb_net_write - (int fd, char *buf, int len) -KRB5INT_KRB4_DEPRECATED; - -/* pkt_clen.c */ -int pkt_clen - (KTEXT) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* put_svc_key.c */ -int KRB5_CALLCONV put_svc_key - (char *sfile, - char *name, char *inst, char *realm, - int newvno, char *key) -KRB5INT_KRB4_DEPRECATED; - -/* rd_err.c */ -int KRB5_CALLCONV krb_rd_err - (u_char *in, u_long in_length, - long *k4_code, MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_priv.c */ -long KRB5_CALLCONV krb_rd_priv - (u_char *in,unsigned KRB4_32 in_length, - Key_schedule, C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver, - MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_req.c */ -int KRB5_CALLCONV krb_rd_req - (KTEXT, char *service, char *inst, - unsigned KRB4_32 from_addr, AUTH_DAT *, - char *srvtab) -KRB5INT_KRB4_DEPRECATED; - -/* Merged from KfM */ -int KRB5_CALLCONV -krb_rd_req_int(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, C_Block) -KRB5INT_KRB4_DEPRECATED; - -/* rd_safe.c */ -long KRB5_CALLCONV krb_rd_safe - (u_char *in, unsigned KRB4_32 in_length, - C_Block *, - struct sockaddr_in *sender, - struct sockaddr_in *receiver, - MSG_DAT *m_data) -KRB5INT_KRB4_DEPRECATED; - -/* rd_svc_key.c */ -int KRB5_CALLCONV read_service_key - (char *service, char *instance, char *realm, - int kvno, char *file, char *key) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV get_service_key - (char *service, char *instance, char *realm, - int *kvno, char *file, char *key) -KRB5INT_KRB4_DEPRECATED; - -/* realmofhost.c */ -char * KRB5_CALLCONV krb_realmofhost - (char *host) -KRB5INT_KRB4_DEPRECATED; - -/* recvauth.c */ -int KRB5_CALLCONV krb_recvauth - (long k4_options, int fd, KTEXT ticket, - char *service, char *instance, - struct sockaddr_in *foreign_addr, - struct sockaddr_in *local_addr, - AUTH_DAT *kdata, char *srvtab, - Key_schedule schedule, char *version) -KRB5INT_KRB4_DEPRECATED; - -/* sendauth.c */ -int KRB5_CALLCONV krb_sendauth - (long k4_options, int fd, KTEXT ticket, - char *service, char *inst, char *realm, - unsigned KRB4_32 checksum, MSG_DAT *msg_data, - CREDENTIALS *cred, Key_schedule schedule, - struct sockaddr_in *laddr, struct sockaddr_in *faddr, - char *version) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* save_creds.c */ -int KRB5_CALLCONV krb_save_credentials - (char *service, char *instance, char *realm, - C_Block session, int lifetime, int kvno, - KTEXT ticket, long issue_date) -KRB5INT_KRB4_DEPRECATED; - -/* send_to_kdc.c */ -/* XXX PRIVATE? KfM doesn't export. */ -int send_to_kdc - (KTEXT pkt, KTEXT rpkt, char *realm) -KRB5INT_KRB4_DEPRECATED; -#endif - -/* tkt_string.c */ -/* Used to return pointer to non-const char */ -const char * KRB5_CALLCONV tkt_string - (void) -KRB5INT_KRB4_DEPRECATED; - -/* Previously not KRB5_CALLCONV, and previously took pointer to non-const. */ -void KRB5_CALLCONV krb_set_tkt_string - (const char *) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE -/* tf_util.c */ -int KRB5_CALLCONV tf_init (const char *tf_name, int rw) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_pname (char *p) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_pinst (char *p) -KRB5INT_KRB4_DEPRECATED; - -int KRB5_CALLCONV tf_get_cred (CREDENTIALS *c) -KRB5INT_KRB4_DEPRECATED; - -void KRB5_CALLCONV tf_close (void) -KRB5INT_KRB4_DEPRECATED; -#endif - -#if KRB_PRIVATE -/* unix_time.c */ -unsigned KRB4_32 KRB5_CALLCONV unix_time_gmt_unixsec - (unsigned KRB4_32 *) -KRB5INT_KRB4_DEPRECATED; - -/* - * Internal prototypes - */ -extern int krb_set_key - (char *key, int cvt) -KRB5INT_KRB4_DEPRECATED; - -/* This is exported by KfM. It was previously not KRB5_CALLCONV. */ -extern int KRB5_CALLCONV decomp_ticket - (KTEXT tkt, unsigned char *flags, char *pname, - char *pinstance, char *prealm, unsigned KRB4_32 *paddress, - C_Block session, int *life, unsigned KRB4_32 *time_sec, - char *sname, char *sinstance, C_Block, - Key_schedule key_s) -KRB5INT_KRB4_DEPRECATED; - - -extern void cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, - u_long time_ws, u_long e, char *e_string) -KRB5INT_KRB4_DEPRECATED; - -extern int create_ciph(KTEXT c, C_Block session, char *service, - char *instance, char *realm, unsigned long life, - int kvno, KTEXT tkt, unsigned long kdc_time, - C_Block key) -KRB5INT_KRB4_DEPRECATED; - - -extern int krb_create_ticket(KTEXT tkt, unsigned int flags, char *pname, - char *pinstance, char *prealm, long paddress, - char *session, int life, long time_sec, - char *sname, char *sinstance, C_Block key) -KRB5INT_KRB4_DEPRECATED; - -#endif /* KRB_PRIVATE */ - -/* This function is used by KEYFILE above. Do not call it directly */ -extern char * krb__get_srvtabname(const char *) -KRB5INT_KRB4_DEPRECATED; - -#if KRB_PRIVATE - -extern int krb_kntoln(AUTH_DAT *, char *) -KRB5INT_KRB4_DEPRECATED; - -#ifdef KRB5_GENERAL__ -extern int krb_cr_tkt_krb5(KTEXT tkt, unsigned int flags, char *pname, - char *pinstance, char *prealm, long paddress, - char *session, int life, long time_sec, - char *sname, char *sinstance, - krb5_keyblock *k5key) -KRB5INT_KRB4_DEPRECATED; - -extern int krb_set_key_krb5(krb5_context ctx, krb5_keyblock *key) -KRB5INT_KRB4_DEPRECATED; - -#endif - -#endif /* KRB_PRIVATE */ - -/* - * krb_change_password -- merged from KfM - */ -/* change_password.c */ -int KRB5_CALLCONV krb_change_password(char *, char *, char *, char *, char *) -KRB5INT_KRB4_DEPRECATED; - -/* - * RealmsConfig-glue.c -- merged from KfM - */ -int KRB5_CALLCONV krb_get_profile(profile_t *) -KRB5INT_KRB4_DEPRECATED; - -#ifdef _WIN32 -HINSTANCE get_lib_instance(void) -KRB5INT_KRB4_DEPRECATED; -unsigned int krb_get_notification_message(void) -KRB5INT_KRB4_DEPRECATED; -char * KRB5_CALLCONV krb_get_default_user(void) -KRB5INT_KRB4_DEPRECATED; -int KRB5_CALLCONV krb_set_default_user(char *) -KRB5INT_KRB4_DEPRECATED; -unsigned KRB4_32 win_time_gmt_unixsec(unsigned KRB4_32 *) -KRB5INT_KRB4_DEPRECATED; -long win_time_get_epoch(void) -KRB5INT_KRB4_DEPRECATED; -#endif - -#if TARGET_OS_MAC -# pragma pack(pop) -#endif - -KRBINT_END_DECLS - -#endif /* KRB_DEFS */ diff --git a/src/include/kerberosIV/krb_db.h b/src/include/kerberosIV/krb_db.h deleted file mode 100644 index 3e3b1dda6a..0000000000 --- a/src/include/kerberosIV/krb_db.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * include/kerberosIV/krb_db.h - * - * Copyright 1987, 1988, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * spm Project Athena 8/85 - * - * This file defines data structures for the kerberos - * authentication/authorization database. - * - * They MUST correspond to those defined in *.rel - */ - -#ifndef KRB_DB_DEFS -#define KRB_DB_DEFS - -#define KERB_M_NAME "K" /* Kerberos */ -#define KERB_M_INST "M" /* Master */ -#define KERB_DEFAULT_NAME "default" -#define KERB_DEFAULT_INST "" -#define DBM_FILE "/kerberos/principal" - -/* this also defines the number of queue headers */ -#define KERB_DB_HASH_MODULO 64 - - -/* Arguments to kerb_dbl_lock() */ - -#define KERB_DBL_EXCLUSIVE 1 -#define KERB_DBL_SHARED 0 - -/* arguments to kerb_db_set_lockmode() */ - -#define KERB_DBL_BLOCKING 0 -#define KERB_DBL_NONBLOCKING 1 - -/* Principal defines the structure of a principal's name */ - -typedef struct { - char name[ANAME_SZ]; - char instance[INST_SZ]; - - unsigned long key_low; - unsigned long key_high; - unsigned long exp_date; - char exp_date_txt[DATE_SZ]; - unsigned long mod_date; - char mod_date_txt[DATE_SZ]; - unsigned short attributes; - unsigned char max_life; - unsigned char kdc_key_ver; - unsigned char key_version; - - char mod_name[ANAME_SZ]; - char mod_instance[INST_SZ]; - char *old; /* cast to (Principal *); not in db, - * ptr to old vals */ -} - Principal; - -typedef struct { - long cpu; - long elapsed; - long dio; - long pfault; - long t_stamp; - long n_retrieve; - long n_replace; - long n_append; - long n_get_stat; - long n_put_stat; -} - DB_stat; - -/* Dba defines the structure of a database administrator */ - -typedef struct { - char name[ANAME_SZ]; - char instance[INST_SZ]; - unsigned short attributes; - unsigned long exp_date; - char exp_date_txt[DATE_SZ]; - char *old; /* - * cast to (Dba *); not in db, ptr to - * old vals - */ -} - Dba; - -#if 0 -extern int kerb_get_principal(); -extern int kerb_put_principal(); -extern int kerb_db_get_stat(); -extern int kerb_db_put_stat(); -extern int kerb_get_dba(); -extern int kerb_db_get_dba(); -#endif - -#endif /* KRB_DB_DEFS */ diff --git a/src/include/kerberosIV/krbports.h b/src/include/kerberosIV/krbports.h deleted file mode 100644 index 5b4dc56413..0000000000 --- a/src/include/kerberosIV/krbports.h +++ /dev/null @@ -1,27 +0,0 @@ -/* krbports.h -- fallback port numbers in case /etc/services isn't changed */ -/* used by: appl/bsd/rcp.c, rlogin.c, rsh.c, knetd.c - kadmin/kadm_ser_wrap.c, lib/kadm/kadm_cli_wrap.c - lib/krb/send_to_kdc.c - movemail/movemail.c, pfrom/popmail.c - server/kerberos.c, slave/kprop.c, kpropd.c -*/ - -#define KRB_SHELL_PORT 544 -#define UCB_SHELL_PORT 514 - -#define KLOGIN_PORT 543 -#define EKLOGIN_PORT 2105 -#define UCB_LOGIN_PORT 513 - -#define KADM_PORT 751 -#define KERBEROS_PORT 750 -#define KERBEROS_SEC_PORT 88 -#define KRB_PROP_PORT 754 - -#define KPOP_PORT 1109 -#define POP3_PORT 110 - -#define KNETD_PORT 2053 - -/* already in rkinit_private.h */ -#define RKINIT_PORT 2108 diff --git a/src/include/kerberosIV/lsb_addr_cmp.h b/src/include/kerberosIV/lsb_addr_cmp.h deleted file mode 100644 index 573f2b46c7..0000000000 --- a/src/include/kerberosIV/lsb_addr_cmp.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * include/kerberosIV/lsb_addr_cmp.h - * - * Copyright 1988, 1995 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Comparison macros to emulate LSBFIRST comparison results of network - * byte-order quantities - */ - -#include "mit-copyright.h" -#ifndef LSB_ADDR_COMP_DEFS -#define LSB_ADDR_COMP_DEFS - -/* #include "osconf.h" */ - -/* note that if we don't explicitly know if we're LSBFIRST, the - alternate code is byte order independent and will give the - right answer. */ -#ifdef LSBFIRST -#define lsb_net_ulong_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0)) -#define lsb_net_ushort_less(x,y) ((x < y) ? -1 : ((x > y) ? 1 : 0)) -#else -/* MSBFIRST */ -#define u_char_comp(x,y) \ - (((x)>(y))?(1):(((x)==(y))?(0):(-1))) -/* This is gross, but... */ -#define lsb_net_ulong_less(x, y) long_less_than((u_char *)&x, (u_char *)&y) -#define lsb_net_ushort_less(x, y) short_less_than((u_char *)&x, (u_char *)&y) - -#define long_less_than(x,y) \ - (u_char_comp((x)[3],(y)[3])?u_char_comp((x)[3],(y)[3]): \ - (u_char_comp((x)[2],(y)[2])?u_char_comp((x)[2],(y)[2]): \ - (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \ - (u_char_comp((x)[0],(y)[0]))))) -#define short_less_than(x,y) \ - (u_char_comp((x)[1],(y)[1])?u_char_comp((x)[1],(y)[1]): \ - (u_char_comp((x)[0],(y)[0]))) - -#endif /* LSBFIRST */ - -/* For krb4 library internal use only. */ -extern int krb4int_address_less (struct sockaddr_in *, struct sockaddr_in *); - -#endif /* LSB_ADDR_COMP_DEFS */ diff --git a/src/include/kerberosIV/mit-copyright.h b/src/include/kerberosIV/mit-copyright.h deleted file mode 100644 index e008657699..0000000000 --- a/src/include/kerberosIV/mit-copyright.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - Copyright (C) 1989 by the Massachusetts Institute of Technology - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - -WITHIN THAT CONSTRAINT, Permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of M.I.T. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. Furthermore if you modify this software you must label -your software as modified software and not distribute it in such a -fashion that it might be confused with the original M.I.T. software. -M.I.T. makes no representations about the suitability of -this software for any purpose. It is provided "as is" without express -or implied warranty. - - */ diff --git a/src/include/kerberosIV/prot.h b/src/include/kerberosIV/prot.h deleted file mode 100644 index ccb028bd72..0000000000 --- a/src/include/kerberosIV/prot.h +++ /dev/null @@ -1,277 +0,0 @@ -/* - * include/kerberosIV/prot.h - * - * Copyright 1985-1994, 2001 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Prototypes for internal functions, mostly related to protocol - * encoding and decoding. - */ - -#ifndef PROT_DEFS -#define PROT_DEFS - -#define KRB_PORT 750 /* PC's don't have - * /etc/services */ -#define KRB_PROT_VERSION 4 -#define MAX_PKT_LEN 1000 -#define MAX_TXT_LEN 1000 - -/* Macro's to obtain various fields from a packet */ - -#define pkt_version(packet) (unsigned int) *(packet->dat) -#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) -#define pkt_a_name(packet) (packet->dat+2) -#define pkt_a_inst(packet) \ - (packet->dat+3+strlen((char *)pkt_a_name(packet))) -#define pkt_a_realm(packet) \ - (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) - -/* Macro to obtain realm from application request */ -#define apreq_realm(auth) (auth->dat + 3) - -#define pkt_time_ws(packet) (char *) \ - (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) - -#define pkt_no_req(packet) (unsigned short) \ - *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) -#define pkt_x_date(packet) (char *) \ - (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) -#define pkt_err_code(packet) ( (char *) \ - (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet)))) -#define pkt_err_text(packet) \ - (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ - strlen((char *)pkt_a_inst(packet)) + \ - strlen((char *)pkt_a_realm(packet))) - -/* - * This remains here for the KDC to use for now, but will go away - * soon. - */ - -#define swap_u_long(x) {\ - unsigned KRB4_32 _krb_swap_tmp[4];\ - swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ - swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ - x = _krb_swap_tmp[0]; \ - } - -/* - * New byte swapping routines, much cleaner. - * - * Should also go away soon though. - */ -#include "k5-platform.h" - -#ifdef SWAP16 -#define krb4_swab16(val) SWAP16(val) -#else -#define krb4_swab16(val) ((((val) >> 8)&0xFF) | ((val) << 8)) -#endif -#ifdef SWAP32 -#define krb4_swap32(val) SWAP32(val) -#else -#define krb4_swab32(val) ((((val)>>24)&0xFF) | (((val)>>8)&0xFF00) | \ - (((val)<<8)&0xFF0000) | ((val)<<24)) -#endif - -/* - * Macros to encode integers into buffers. These take a parameter - * that is a moving pointer of type (unsigned char *) into the buffer, - * and assume that the caller has already bounds-checked. - */ -#define KRB4_PUT32BE(p, val) (store_32_be(val, p), (p) += 4) -#define KRB4_PUT32LE(p, val) (store_32_le(val, p), (p) += 4) -#define KRB4_PUT32(p, val, le) \ -do { \ - if (le) \ - KRB4_PUT32LE((p), (val)); \ - else \ - KRB4_PUT32BE((p), (val)); \ -} while (0) - -#define KRB4_PUT16BE(p, val) (store_16_be(val, p), (p) += 2) -#define KRB4_PUT16LE(p, val) (store_16_le(val, p), (p) += 2) -#define KRB4_PUT16(p, val, le) \ -do { \ - if (le) \ - KRB4_PUT16LE((p), (val)); \ - else \ - KRB4_PUT16BE((p), (val)); \ -} while (0) - -/* - * Macros to get integers from a buffer. These take a parameter that - * is a moving pointer of type (unsigned char *) into the buffer, and - * assume that the caller has already bounds-checked. In addition, - * they assume that val is an unsigned type; ANSI leaves the semantics - * of unsigned -> signed conversion as implementation-defined, so it's - * unwise to depend on such. - */ -#define KRB4_GET32BE(val, p) ((val) = load_32_be(p), (p) += 4) -#define KRB4_GET32LE(val, p) ((val) = load_32_le(p), (p) += 4) -#define KRB4_GET32(val, p, le) \ -do { \ - if (le) \ - KRB4_GET32LE((val), (p)); \ - else \ - KRB4_GET32BE((val), (p)); \ -} while (0) - -#define KRB4_GET16BE(val, p) ((val) = load_16_be(p), (p) += 2) -#define KRB4_GET16LE(val, p) ((val) = load_16_le(p), (p) += 2) -#define KRB4_GET16(val, p, le) \ -do { \ - if (le) \ - KRB4_GET16LE((val), (p)); \ - else \ - KRB4_GET16BE((val), (p)); \ -} while (0) - -/* Routines to create and read packets may be found in prot.c */ - -KTEXT create_auth_reply(char *, char *, char *, long, int, - unsigned long, int, KTEXT); -KTEXT create_death_packet(char *); -KTEXT pkt_cipher(KTEXT); - -/* getst.c */ -int krb4int_getst(int, char *, int); - -/* strnlen.c */ -extern int KRB5_CALLCONV krb4int_strnlen(const char *, int); - -/* prot_client.c */ -extern int KRB5_CALLCONV krb4prot_encode_kdc_request( - char *, char *, char *, - KRB4_32, int, - char *, char *, - char *, int, int, int, - KTEXT); -extern int KRB5_CALLCONV krb4prot_decode_kdc_reply( - KTEXT, - int *, - char *, char *, char *, - long *, int *, unsigned long *, int *, KTEXT); -extern int KRB5_CALLCONV krb4prot_decode_ciph( - KTEXT, int, - C_Block, - char *, char *, char *, - int *, int *, KTEXT, unsigned long *); -extern int KRB5_CALLCONV krb4prot_encode_apreq( - int, char *, - KTEXT, KTEXT, - int, int, KTEXT); -extern int KRB5_CALLCONV krb4prot_encode_authent( - char *, char *, char *, - KRB4_32, - int, long, - int, int le, - KTEXT pkt); -extern int KRB5_CALLCONV krb4prot_decode_error( - KTEXT, int *, - char *, char *, char *, - unsigned long *, unsigned long *, char *); - -/* prot_common.c */ -extern int KRB5_CALLCONV krb4prot_encode_naminstrlm( - char *, char *, char *, - int, KTEXT, unsigned char **); -extern int KRB5_CALLCONV krb4prot_decode_naminstrlm( - KTEXT, unsigned char **, - char *, char *, char *); -extern int KRB5_CALLCONV krb4prot_decode_header( - KTEXT, int *, int *, int *); - -/* prot_kdc.c */ -extern int KRB5_CALLCONV krb4prot_encode_kdc_reply( - char *, char *, char *, - long, int, unsigned long, - int, KTEXT, int, int, KTEXT); -extern int KRB5_CALLCONV krb4prot_encode_ciph( - C_Block, - char *, char *, char *, - unsigned long, int, KTEXT, unsigned long, - int, int, KTEXT); -extern int KRB5_CALLCONV krb4prot_encode_tkt( - unsigned int, - char *, char *, char *, - unsigned long, - char *, int, long, - char *, char *, - int, int, KTEXT tkt); -extern int KRB5_CALLCONV krb4prot_encode_err_reply( - char *, char *, char *, - unsigned long, unsigned long, char *, - int, int, KTEXT); -extern int KRB5_CALLCONV krb4prot_decode_kdc_request( - KTEXT, - int *, char *, char *, char *, - long *, int *, char *sname, char *sinst); - -/* Message types , always leave lsb for byte order */ - -#define AUTH_MSG_KDC_REQUEST 1<<1 -#define AUTH_MSG_KDC_REPLY 2<<1 -#define AUTH_MSG_APPL_REQUEST 3<<1 -#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 -#define AUTH_MSG_ERR_REPLY 5<<1 -#define AUTH_MSG_PRIVATE 6<<1 -#define AUTH_MSG_SAFE 7<<1 -#define AUTH_MSG_APPL_ERR 8<<1 -#define AUTH_MSG_DIE 63<<1 - -/* values for kerb error codes */ - -#define KERB_ERR_OK 0 -#define KERB_ERR_NAME_EXP 1 -#define KERB_ERR_SERVICE_EXP 2 -#define KERB_ERR_AUTH_EXP 3 -#define KERB_ERR_PKT_VER 4 -#define KERB_ERR_NAME_MAST_KEY_VER 5 -#define KERB_ERR_SERV_MAST_KEY_VER 6 -#define KERB_ERR_BYTE_ORDER 7 -#define KERB_ERR_PRINCIPAL_UNKNOWN 8 -#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 -#define KERB_ERR_NULL_KEY 10 -/* Cygnus extensions for Preauthentication */ -#define KERB_ERR_PREAUTH_SHORT 11 -#define KERB_ERR_PREAUTH_MISMATCH 12 - -/* Return codes from krb4prot_ encoders/decoders */ - -#define KRB4PROT_OK 0 -#define KRB4PROT_ERR_UNDERRUN 1 -#define KRB4PROT_ERR_OVERRUN 2 -#define KRB4PROT_ERR_PROT_VERS 3 -#define KRB4PROT_ERR_MSG_TYPE 4 -#define KRB4PROT_ERR_GENERIC 255 - -#endif /* PROT_DEFS */ diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h index d18a5aae4e..a1cba17101 100644 --- a/src/include/kim/kim_ccache.h +++ b/src/include/kim/kim_ccache.h @@ -114,6 +114,12 @@ extern "C" { * It can be trivially implemented using * #kim_ccache_create_from_client_identity() and #kim_ccache_create_new(). * + * For legacy password-based Kerberos environments KIM also provides + * #kim_ccache_create_new_with_password() and + * #kim_ccache_create_new_if_needed_with_password(). You should not use these + * functions unless you know that they will only be used in environments using + * passwords. Otherwise users without passwords may be prompted for them. + * * KIM provides the #kim_ccache_create_from_keytab() to create credentials * using a keytab and store them in the cache collection. A keytab is an * on-disk copy of a client identity's secret key. Typically sites use @@ -301,39 +307,83 @@ void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator); * \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to * allow the user to choose. * \param in_options options to control credential acquisition. - * \note Depending on the kim_options specified, #kim_ccache_create_new() may + * \note #kim_ccache_create_new() may * present a GUI or command line prompt to obtain information from the user. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Acquire a new initial credential and store it in a ccache. */ kim_error kim_ccache_create_new (kim_ccache *out_ccache, - kim_identity in_client_identity, - kim_options in_options); + kim_identity in_client_identity, + kim_options in_options); + +/*! + * \param out_ccache on exit, a new cache object for a ccache containing a newly acquired + * initial credential. Must be freed with kim_ccache_free(). + * \param in_client_identity a client identity to obtain a credential for. Specify KIM_IDENTITY_ANY to + * allow the user to choose. + * \param in_options options to control credential acquisition. + * \param in_password a password to be used while obtaining credentials. + * \note #kim_ccache_create_new_with_password() exists to support + * legacy password-based Kerberos environments. You should not use this + * function unless you know that it will only be used in environments using passwords. + * This function may also present a GUI or command line prompt to obtain + * additional information needed to obtain credentials (eg: SecurID pin). + * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. + * \brief Acquire a new initial credential and store it in a ccache + * using the provided password.. + */ +kim_error kim_ccache_create_new_with_password (kim_ccache *out_ccache, + kim_identity in_client_identity, + kim_options in_options, + kim_string in_password); /*! * \param out_ccache on exit, a ccache object for a ccache containing a newly acquired * initial credential. Must be freed with kim_ccache_free(). * \param in_client_identity a client identity to obtain a credential for. * \param in_options options to control credential acquisition (if a credential is acquired). - * \note Depending on the kim_options specified, #kim_ccache_create_new_if_needed() may + * \note #kim_ccache_create_new_if_needed() may * present a GUI or command line prompt to obtain information from the user. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Find a ccache containing a valid initial credential in the cache collection, or if * unavailable, acquire and store a new initial credential. */ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, - kim_identity in_client_identity, - kim_options in_options); + kim_identity in_client_identity, + kim_options in_options); + +/*! + * \param out_ccache on exit, a ccache object for a ccache containing a newly acquired + * initial credential. Must be freed with kim_ccache_free(). + * \param in_client_identity a client identity to obtain a credential for. + * \param in_options options to control credential acquisition (if a credential is acquired). + * \param in_password a password to be used while obtaining credentials. + * \note #kim_ccache_create_new_if_needed_with_password() exists to support + * legacy password-based Kerberos environments. You should not use this + * function unless you know that it will only be used in environments using passwords. + * This function may also present a GUI or command line prompt to obtain + * additional information needed to obtain credentials (eg: SecurID pin). + * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. + * \brief Find a ccache containing a valid initial credential in the cache collection, or if + * unavailable, acquire and store a new initial credential using the provided password. + */ +kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache *out_ccache, + kim_identity in_client_identity, + kim_options in_options, + kim_string in_password); /*! * \param out_ccache on exit, a ccache object for a ccache containing a TGT * credential. Must be freed with kim_ccache_free(). - * \param in_client_identity a client identity to obtain a credential for. + * \param in_client_identity a client identity to find a ccache for. If + * \a in_client_identity is #KIM_IDENTITY_ANY, this + * function returns the default ccache + * (ie: is equivalent to #kim_ccache_create_from_default()). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Find a ccache for a client identity in the cache collection. */ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, - kim_identity in_client_identity); + kim_identity in_client_identity); /*! * \param out_ccache on exit, a new ccache object containing an initial credential @@ -347,9 +397,9 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, * \brief Acquire a new initial credential from a keytab and store it in a ccache. */ kim_error kim_ccache_create_from_keytab (kim_ccache *out_ccache, - kim_identity in_identity, - kim_options in_options, - kim_string in_keytab); + kim_identity in_identity, + kim_options in_options, + kim_string in_keytab); /*! * \param out_ccache on exit, a ccache object for the default ccache. @@ -381,8 +431,8 @@ kim_error kim_ccache_create_from_display_name (kim_ccache *out_ccache, * \brief Get a ccache for a ccache type and name. */ kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache, - kim_string in_type, - kim_string in_name); + kim_string in_type, + kim_string in_name); /*! * \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache. @@ -393,8 +443,8 @@ kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache, * \brief Get a ccache for a krb5 ccache. */ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache, - krb5_context in_krb5_context, - krb5_ccache in_krb5_ccache); + krb5_context in_krb5_context, + krb5_ccache in_krb5_ccache); /*! * \param out_ccache on exit, the new ccache object which is a copy of in_ccache. @@ -404,7 +454,7 @@ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache, * \brief Copy a ccache. */ kim_error kim_ccache_copy (kim_ccache *out_ccache, - kim_ccache in_ccache); + kim_ccache in_ccache); /*! * \param in_ccache a ccache object. @@ -438,7 +488,7 @@ kim_error kim_ccache_get_krb5_ccache (kim_ccache in_ccache, * \brief Get the name of a ccache. */ kim_error kim_ccache_get_name (kim_ccache in_ccache, - kim_string *out_name); + kim_string *out_name); /*! * \param in_ccache a ccache object. @@ -447,7 +497,7 @@ kim_error kim_ccache_get_name (kim_ccache in_ccache, * \brief Get the type of a ccache. */ kim_error kim_ccache_get_type (kim_ccache in_ccache, - kim_string *out_type); + kim_string *out_type); /*! * \param in_ccache a ccache object. @@ -563,9 +613,9 @@ kim_error kim_ccache_set_default (kim_ccache io_ccache); * \brief Verify the TGT in a ccache. */ kim_error kim_ccache_verify (kim_ccache in_ccache, - kim_identity in_service_identity, - kim_string in_keytab, - kim_boolean in_fail_if_no_service_key); + kim_identity in_service_identity, + kim_string in_keytab, + kim_boolean in_fail_if_no_service_key); /*! * \param in_ccache a ccache object containing a TGT to be renewed. @@ -574,7 +624,7 @@ kim_error kim_ccache_verify (kim_ccache in_ccache, * \brief Renew the TGT in a ccache. */ kim_error kim_ccache_renew (kim_ccache in_ccache, - kim_options in_options); + kim_options in_options); /*! * \param in_ccache a ccache object containing a TGT to be validated. @@ -583,7 +633,7 @@ kim_error kim_ccache_renew (kim_ccache in_ccache, * \brief Validate the TGT in a ccache. */ kim_error kim_ccache_validate (kim_ccache in_ccache, - kim_options in_options); + kim_options in_options); /*! * \param io_ccache a ccache object to be destroyed. Set to NULL on exit. diff --git a/src/include/kim/kim_credential.h b/src/include/kim/kim_credential.h index e1303aeca8..c061f1199b 100644 --- a/src/include/kim/kim_credential.h +++ b/src/include/kim/kim_credential.h @@ -101,6 +101,11 @@ typedef int kim_credential_state; * kim_options specified, #kim_credential_create_new() may present a * GUI or command line prompt to obtain information from the user. * + * For legacy password-based Kerberos environments KIM also provides + * #kim_credential_create_new_with_password(). You should not use this + * function unless you know that it will only be used in environments using + * passwords. Otherwise users without passwords may be prompted for them. + * * KIM provides the #kim_credential_create_from_keytab() to create credentials * using a keytab. A keytab is an on-disk copy of a client identity's secret * key. Typically sites use keytabs for client identities that identify a @@ -324,7 +329,7 @@ void kim_credential_iterator_free (kim_credential_iterator *io_credential_iterat * \param in_client_identity a client identity to obtain a credential for. Specify NULL to * allow the user to choose the identity * \param in_options options to control credential acquisition. - * \note Depending on the kim_options specified, #kim_credential_create_new() may + * \note #kim_credential_create_new() may * present a GUI or command line prompt to obtain information from the user. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Acquire a new initial credential. @@ -334,6 +339,27 @@ kim_error kim_credential_create_new (kim_credential *out_credential, kim_identity in_client_identity, kim_options in_options); +/*! + * \param out_credential on exit, a new credential object containing a newly acquired + * initial credential. Must be freed with kim_credential_free(). + * \param in_client_identity a client identity to obtain a credential for. Specify NULL to + * allow the user to choose the identity + * \param in_options options to control credential acquisition. + * \param in_password a password to be used while obtaining the credential. + * \note #kim_credential_create_new_with_password() exists to support + * legacy password-based Kerberos environments. You should not use this + * function unless you know that it will only be used in environments using passwords. + * This function may also present a GUI or command line prompt to obtain + * additional information needed to obtain credentials (eg: SecurID pin). + * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. + * \brief Acquire a new initial credential using the provided password. + * \sa kim_ccache_create_new + */ +kim_error kim_credential_create_new_with_password (kim_credential *out_credential, + kim_identity in_client_identity, + kim_options in_options, + kim_string in_password); + /*! * \param out_credential on exit, a new credential object containing an initial credential * for \a in_identity obtained using \a in_keytab. diff --git a/src/include/kim/kim_options.h b/src/include/kim/kim_options.h index 2c82b3ef5d..d36aa0c021 100644 --- a/src/include/kim/kim_options.h +++ b/src/include/kim/kim_options.h @@ -185,7 +185,8 @@ kim_error kim_options_create (kim_options *out_options); /*! * \param out_options on exit, a new options object which is a copy of \a in_options. - * Must be freed with kim_options_free(). + * Must be freed with kim_options_free(). If passed KIM_OPTIONS_DEFAULT + * will set \a out_options to KIM_OPTIONS_DEFAULT. * \param in_options a options object. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Copy options. diff --git a/src/include/kim/kim_preferences.h b/src/include/kim/kim_preferences.h index bce010cdd1..d7970ba049 100644 --- a/src/include/kim/kim_preferences.h +++ b/src/include/kim/kim_preferences.h @@ -177,7 +177,8 @@ kim_error kim_preferences_set_options (kim_preferences io_preferences, /*! * \param in_preferences a preferences object. * \param out_options on exit, the options specified in \a in_preferences. - * Must be freed with kim_options_free(). + * May be KIM_OPTIONS_DEFAULT. + * If not, must be freed with kim_options_free(). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Get the user's preferred options. * \sa kim_preferences_set_options() diff --git a/src/include/krb5/authdata_plugin.h b/src/include/krb5/authdata_plugin.h index b2e33f3c45..e8c9fce2dc 100644 --- a/src/include/krb5/authdata_plugin.h +++ b/src/include/krb5/authdata_plugin.h @@ -108,4 +108,53 @@ typedef struct krb5plugin_authdata_ftable_v0 { krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply); } krb5plugin_authdata_ftable_v0; + +typedef struct krb5plugin_authdata_ftable_v1 { + /* Not-usually-visible name. */ + char *name; + + /* + * Per-plugin initialization/cleanup. The init function is called + * by the KDC when the plugin is loaded, and the fini function is + * called before the plugin is unloaded. Both are optional. + */ + krb5_error_code (*init_proc)(krb5_context, void **); + void (*fini_proc)(krb5_context, void *); + /* + * Actual authorization data handling function. If this field + * holds a null pointer, this mechanism will be skipped, and the + * init/fini functions will not be run. + * + * This function should only modify the field + * enc_tkt_reply->authorization_data. All other values should be + * considered inputs only. And, it should *modify* the field, not + * overwrite it and assume that there are no other authdata + * plugins in use. + * + * Memory management: authorization_data is a malloc-allocated, + * null-terminated sequence of malloc-allocated pointers to + * authorization data structures. This plugin code currently + * assumes the libraries, KDC, and plugin all use the same malloc + * pool, which may be a problem if/when we get the KDC code + * running on Windows. + * + * If this function returns a non-zero error code, a message + * is logged, but no other action is taken. Other authdata + * plugins will be called, and a response will be sent to the + * client (barring other problems). + */ + krb5_error_code (*authdata_proc)(krb5_context, + unsigned int flags, + struct _krb5_db_entry_new *client, + struct _krb5_db_entry_new *server, + struct _krb5_db_entry_new *tgs, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); +} krb5plugin_authdata_ftable_v1; + #endif /* KRB5_AUTHDATA_PLUGIN_H_INCLUDED */ diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 32eac93222..913cc55ec3 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -195,6 +195,7 @@ typedef krb5_int32 krb5_enctype; typedef krb5_int32 krb5_cksumtype; typedef krb5_int32 krb5_authdatatype; typedef krb5_int32 krb5_keyusage; +typedef krb5_int32 krb5_cryptotype; typedef krb5_int32 krb5_preauthtype; /* This may change, later on */ typedef krb5_int32 krb5_flags; @@ -243,17 +244,29 @@ typedef krb5_principal_data * krb5_principal; */ /* Name type not known */ -#define KRB5_NT_UNKNOWN 0 +#define KRB5_NT_UNKNOWN 0 /* Just the name of the principal as in DCE, or for users */ -#define KRB5_NT_PRINCIPAL 1 +#define KRB5_NT_PRINCIPAL 1 /* Service and other unique instance (krbtgt) */ -#define KRB5_NT_SRV_INST 2 +#define KRB5_NT_SRV_INST 2 /* Service with host name as instance (telnet, rcommands) */ -#define KRB5_NT_SRV_HST 3 +#define KRB5_NT_SRV_HST 3 /* Service with host as remaining components */ -#define KRB5_NT_SRV_XHST 4 +#define KRB5_NT_SRV_XHST 4 /* Unique ID */ -#define KRB5_NT_UID 5 +#define KRB5_NT_UID 5 +/* PKINIT */ +#define KRB5_NT_X500_PRINCIPAL 6 +/* Name in form of SMTP email name */ +#define KRB5_NT_SMTP_NAME 7 +/* Windows 2000 UPN */ +#define KRB5_NT_ENTERPRISE_PRINCIPAL 10 +/* Windows 2000 UPN and SID */ +#define KRB5_NT_MS_PRINCIPAL -128 +/* NT 4 style name */ +#define KRB5_NT_MS_PRINCIPAL_AND_ID -129 +/* NT 4 style name and SID */ +#define KRB5_NT_ENT_PRINCIPAL_AND_ID -130 /* constant version thereof: */ typedef const krb5_principal_data *krb5_const_principal; @@ -302,6 +315,7 @@ typedef struct _krb5_address { #define ADDRTYPE_XNS 0x0006 #define ADDRTYPE_ISO 0x0007 #define ADDRTYPE_DDP 0x0010 +#define ADDRTYPE_NETBIOS 0x0014 #define ADDRTYPE_INET6 0x0018 /* not yet in the spec... */ #define ADDRTYPE_ADDRPORT 0x0100 @@ -364,6 +378,11 @@ typedef struct _krb5_enc_data { krb5_data ciphertext; } krb5_enc_data; +typedef struct _krb5_crypto_iov { + krb5_cryptotype flags; + krb5_data data; +} krb5_crypto_iov; + /* per Kerberos v5 protocol spec */ #define ENCTYPE_NULL 0x0000 #define ENCTYPE_DES_CBC_CRC 0x0001 /* DES cbc mode with CRC-32 */ @@ -402,6 +421,7 @@ typedef struct _krb5_enc_data { #define CKSUMTYPE_HMAC_SHA1_DES3 0x000c #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 +#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/ #define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/ /* The following are entropy source designations. Whenever @@ -612,6 +632,57 @@ krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum (krb5_cksumtype ctype); +/* AEAD APIs */ +#define KRB5_CRYPTO_TYPE_EMPTY 0 /* [in] ignored */ +#define KRB5_CRYPTO_TYPE_HEADER 1 /* [out] header */ +#define KRB5_CRYPTO_TYPE_DATA 2 /* [in, out] plaintext */ +#define KRB5_CRYPTO_TYPE_SIGN_ONLY 3 /* [in] associated data */ +#define KRB5_CRYPTO_TYPE_PADDING 4 /* [out] padding */ +#define KRB5_CRYPTO_TYPE_TRAILER 5 /* [out] checksum for encrypt */ +#define KRB5_CRYPTO_TYPE_CHECKSUM 6 /* [out] checksum for MIC */ +#define KRB5_CRYPTO_TYPE_STREAM 7 /* [in] entire message */ + +krb5_error_code KRB5_CALLCONV + krb5_c_make_checksum_iov + (krb5_context context, krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV + krb5_c_verify_checksum_iov + (krb5_context context, + krb5_cksumtype cksumtype, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_crypto_iov *data, size_t num_data, + krb5_boolean *valid); + +krb5_error_code KRB5_CALLCONV + krb5_c_encrypt_iov + (krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV + krb5_c_decrypt_iov + (krb5_context context, const krb5_keyblock *key, + krb5_keyusage usage, const krb5_data *cipher_state, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV + krb5_c_crypto_length + (krb5_context context, krb5_enctype enctype, + krb5_cryptotype type, unsigned int *size); + +krb5_error_code KRB5_CALLCONV + krb5_c_crypto_length_iov + (krb5_context context, krb5_enctype enctype, + krb5_crypto_iov *data, size_t num_data); + +krb5_error_code KRB5_CALLCONV + krb5_c_padding_length + (krb5_context context, krb5_enctype enctype, + size_t data_length, unsigned int *size); + #ifdef KRB5_OLD_CRYPTO /* * old cryptosystem routine prototypes. These are now layered @@ -712,6 +783,7 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum /* #define KDC_OPT_RESERVED 0x00080000 */ /* #define KDC_OPT_RESERVED 0x00040000 */ #define KDC_OPT_REQUEST_ANONYMOUS 0x00020000 +#define KDC_OPT_CNAME_IN_ADDL_TKT 0x00020000 #define KDC_OPT_CANONICALIZE 0x00010000 /* #define KDC_OPT_RESERVED 0x00008000 */ /* #define KDC_OPT_RESERVED 0x00004000 */ @@ -772,10 +844,10 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum /* #define AP_OPTS_RESERVED 0x00000010 */ /* #define AP_OPTS_RESERVED 0x00000008 */ /* #define AP_OPTS_RESERVED 0x00000004 */ -/* #define AP_OPTS_RESERVED 0x00000002 */ -#define AP_OPTS_USE_SUBKEY 0x00000001 +#define AP_OPTS_ETYPE_NEGOTIATION 0x00000002 +#define AP_OPTS_USE_SUBKEY 0x00000001 -#define AP_OPTS_WIRE_MASK 0xfffffff0 +#define AP_OPTS_WIRE_MASK 0xfffffff0 /* definitions for ad_type fields. */ #define AD_TYPE_RESERVED 0x8000 @@ -825,13 +897,6 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum #define LR_TYPE_INTERPRETATION_MASK 0x7fff -/* definitions for ad_type fields. */ -#define AD_TYPE_EXTERNAL 0x4000 -#define AD_TYPE_REGISTERED 0x2000 - -#define AD_TYPE_FIELD_TYPE_MASK 0x1fff -#define AD_TYPE_INTERNAL_MASK 0x3fff - /* definitions for msec direction bit for KRB_SAFE, KRB_PRIV */ #define MSEC_DIRBIT 0x8000 #define MSEC_VAL_MASK 0x7fff @@ -899,12 +964,15 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum #define KRB5_PADATA_PK_AS_REP 17 /* PKINIT */ #define KRB5_PADATA_ETYPE_INFO2 19 #define KRB5_PADATA_USE_SPECIFIED_KVNO 20 +#define KRB5_PADATA_SVR_REFERRAL_INFO 20 /* Windows 2000 referrals */ #define KRB5_PADATA_SAM_REDIRECT 21 #define KRB5_PADATA_GET_FROM_TYPED_DATA 22 #define KRB5_PADATA_REFERRAL 25 /* draft referral system */ #define KRB5_PADATA_SAM_CHALLENGE_2 30 /* draft challenge system, updated */ #define KRB5_PADATA_SAM_RESPONSE_2 31 /* draft challenge system, updated */ - +#define KRB5_PADATA_PAC_REQUEST 128 /* include Windows PAC */ +#define KRB5_PADATA_FOR_USER 129 /* username protocol transition request */ +#define KRB5_PADATA_S4U_X509_USER 130 /* certificate protocol transition request */ #define KRB5_SAM_USE_SAD_AS_KEY 0x80000000 #define KRB5_SAM_SEND_ENCRYPTED_SAD 0x40000000 #define KRB5_SAM_MUST_PK_ENCRYPT_SAD 0x20000000 /* currently must be zero */ @@ -926,6 +994,8 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum #define KRB5_AUTHDATA_INITIAL_VERIFIED_CAS 9 #define KRB5_AUTHDATA_OSF_DCE 64 #define KRB5_AUTHDATA_SESAME 65 +#define KRB5_AUTHDATA_WIN2K_PAC 128 +#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */ /* password change constants */ @@ -1078,6 +1148,7 @@ typedef struct _krb5_enc_kdc_rep_part { krb5_principal server; /* server's principal identifier */ krb5_address **caddrs; /* array of ptrs to addresses, optional */ + krb5_pa_data **enc_padata; /* Windows 2000 compat */ } krb5_enc_kdc_rep_part; typedef struct _krb5_kdc_rep { @@ -1179,6 +1250,27 @@ typedef struct _krb5_pwd_data { } krb5_pwd_data; /* these need to be here so the typedefs are available for the prototypes */ +/* + * Note for Windows 2000 compatibility this is encoded + * in the enc_padata field of the krb5_enc_kdc_rep_part. + */ +typedef struct _krb5_pa_svr_referral_data { + /* Referred name, only realm is required */ + krb5_principal principal; +} krb5_pa_svr_referral_data; + +typedef struct _krb5_pa_server_referral_data { + krb5_data *referred_realm; + krb5_principal true_principal_name; + krb5_principal requested_principal_name; + krb5_timestamp referral_valid_until; + krb5_checksum rep_cksum; +} krb5_pa_server_referral_data; + +typedef struct _krb5_pa_pac_req { + /* TRUE if a PAC should be included in TGS-REP */ + krb5_boolean include_pac; +} krb5_pa_pac_req; /* * begin "safepriv.h" @@ -1444,6 +1536,7 @@ void KRB5_CALLCONV krb5_free_tgt_creds #define KRB5_GC_USER_USER 1 /* want user-user ticket */ #define KRB5_GC_CACHED 2 /* want cached ticket only */ +#define KRB5_GC_CANONICALIZE 4 /* set canonicalize KDC option */ krb5_error_code KRB5_CALLCONV krb5_get_credentials (krb5_context, @@ -1483,11 +1576,20 @@ krb5_error_code KRB5_CALLCONV krb5_mk_rep (krb5_context, krb5_auth_context, krb5_data *); +krb5_error_code KRB5_CALLCONV krb5_mk_rep_dce + (krb5_context, + krb5_auth_context, + krb5_data *); krb5_error_code KRB5_CALLCONV krb5_rd_rep (krb5_context, krb5_auth_context, const krb5_data *, krb5_ap_rep_enc_part **); +krb5_error_code KRB5_CALLCONV krb5_rd_rep_dce + (krb5_context, + krb5_auth_context, + const krb5_data *, + krb5_ui_4 *); krb5_error_code KRB5_CALLCONV krb5_mk_error (krb5_context, const krb5_error *, @@ -1512,6 +1614,14 @@ krb5_error_code KRB5_CALLCONV krb5_parse_name (krb5_context, const char *, krb5_principal * ); +#define KRB5_PRINCIPAL_PARSE_NO_REALM 0x1 +#define KRB5_PRINCIPAL_PARSE_REQUIRE_REALM 0x2 +#define KRB5_PRINCIPAL_PARSE_ENTERPRISE 0x4 +krb5_error_code KRB5_CALLCONV krb5_parse_name_flags + (krb5_context, + const char *, + int, + krb5_principal * ); krb5_error_code KRB5_CALLCONV krb5_unparse_name (krb5_context, krb5_const_principal, @@ -1521,6 +1631,20 @@ krb5_error_code KRB5_CALLCONV krb5_unparse_name_ext krb5_const_principal, char **, unsigned int *); +#define KRB5_PRINCIPAL_UNPARSE_SHORT 0x1 +#define KRB5_PRINCIPAL_UNPARSE_NO_REALM 0x2 +#define KRB5_PRINCIPAL_UNPARSE_DISPLAY 0x4 +krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags + (krb5_context, + krb5_const_principal, + int, + char **); +krb5_error_code KRB5_CALLCONV krb5_unparse_name_flags_ext + (krb5_context, + krb5_const_principal, + int, + char **, + unsigned int *); krb5_error_code KRB5_CALLCONV krb5_set_principal_realm (krb5_context, krb5_principal, const char *); @@ -1545,6 +1669,20 @@ krb5_boolean KRB5_CALLCONV krb5_principal_compare (krb5_context, krb5_const_principal, krb5_const_principal); +krb5_boolean KRB5_CALLCONV krb5_principal_compare_any_realm + (krb5_context, + krb5_const_principal, + krb5_const_principal); +#define KRB5_PRINCIPAL_COMPARE_IGNORE_REALM 1 +#define KRB5_PRINCIPAL_COMPARE_ENTERPRISE 2 /* compare UPNs as real principals */ +#define KRB5_PRINCIPAL_COMPARE_CASEFOLD 4 /* case-insensitive comparison */ +#define KRB5_PRINCIPAL_COMPARE_UTF8 8 /* treat principals as UTF-8 */ + +krb5_boolean KRB5_CALLCONV krb5_principal_compare_flags + (krb5_context, + krb5_const_principal, + krb5_const_principal, + int); krb5_error_code KRB5_CALLCONV krb5_init_keyblock (krb5_context, krb5_enctype enctype, size_t length, krb5_keyblock **out); @@ -1605,9 +1743,15 @@ krb5_error_code KRB5_CALLCONV_C krb5_build_principal __attribute__ ((sentinel)) #endif ; -krb5_error_code KRB5_CALLCONV krb5_build_principal_va +#if KRB5_DEPRECATED +KRB5_ATTR_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_build_principal_va (krb5_context, krb5_principal, unsigned int, const char *, va_list); +#endif + +/* Version of krb5_build_principal_va which allocates krb5_principal_data */ +krb5_error_code KRB5_CALLCONV krb5_build_principal_alloc_va + (krb5_context, krb5_principal *, unsigned int, const char *, va_list); krb5_error_code KRB5_CALLCONV krb5_425_conv_principal (krb5_context, @@ -2142,6 +2286,7 @@ typedef struct _krb5_get_init_creds_opt { #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 #define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100 +#define KRB5_GET_INIT_CREDS_OPT_CANONICALIZE 0x0200 krb5_error_code KRB5_CALLCONV @@ -2178,6 +2323,11 @@ krb5_get_init_creds_opt_set_proxiable (krb5_get_init_creds_opt *opt, int proxiable); +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_canonicalize +(krb5_get_init_creds_opt *opt, + int canonicalize); + void KRB5_CALLCONV krb5_get_init_creds_opt_set_etype_list (krb5_get_init_creds_opt *opt, @@ -2355,6 +2505,69 @@ krb5_free_error_message (krb5_context, const char *); void KRB5_CALLCONV krb5_clear_error_message (krb5_context); +krb5_error_code KRB5_CALLCONV +krb5_decode_authdata_container(krb5_context context, + krb5_authdatatype type, + const krb5_authdata *container, + krb5_authdata ***authdata); +krb5_error_code KRB5_CALLCONV +krb5_encode_authdata_container(krb5_context context, + krb5_authdatatype type, + krb5_authdata * const*authdata, + krb5_authdata ***container); + +/* + * Windows PAC + */ +struct krb5_pac_data; +typedef struct krb5_pac_data *krb5_pac; + +krb5_error_code KRB5_CALLCONV +krb5_pac_add_buffer +(krb5_context context, + krb5_pac pac, + krb5_ui_4 type, + const krb5_data *data); + +void KRB5_CALLCONV +krb5_pac_free +(krb5_context context, + krb5_pac pac); + +krb5_error_code KRB5_CALLCONV +krb5_pac_get_buffer +(krb5_context context, + krb5_pac pac, + krb5_ui_4 type, + krb5_data *data); + +krb5_error_code KRB5_CALLCONV +krb5_pac_get_types +(krb5_context context, + krb5_pac pac, + size_t *len, + krb5_ui_4 **types); + +krb5_error_code KRB5_CALLCONV +krb5_pac_init +(krb5_context context, + krb5_pac *pac); + +krb5_error_code KRB5_CALLCONV +krb5_pac_parse +(krb5_context context, + const void *ptr, + size_t len, + krb5_pac *pac); + +krb5_error_code KRB5_CALLCONV +krb5_pac_verify +(krb5_context context, + const krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal, + const krb5_keyblock *server, + const krb5_keyblock *privsvr); #if TARGET_OS_MAC # pragma pack(pop) diff --git a/src/include/osconf.hin b/src/include/osconf.hin index e6a48f87a3..6feb22338a 100644 --- a/src/include/osconf.hin +++ b/src/include/osconf.hin @@ -114,18 +114,6 @@ #define KRB5_ENV_CCNAME "KRB5CCNAME" -/* - * krb4 kadmin stuff follows - */ - -/* the default syslog file */ -#define KADM_SYSLOG "@LOCALSTATEDIR/krb5kdc/admin_server.syslog" - -/* where to find the bad password table */ -#define PW_CHECK_FILE "@LOCALSTATEDIR/krb5kdc/bad_passwd" - -#define DEFAULT_ACL_DIR "@LOCALSTATEDIR/krb5kdc" - /* * krb5 slave support follows */ @@ -138,4 +126,10 @@ #define KPROPD_DEFAULT_KRB_DB DEFAULT_KDB_FILE #define KPROPD_ACL_FILE "@LOCALSTATEDIR/krb5kdc/kpropd.acl" +/* + * GSS mechglue + */ +#define MECH_CONF "@SYSCONFDIR/gss/mech" +#define MECH_LIB_PREFIX "@GSSMODULEDIR/" + #endif /* KRB5_OSCONF__ */ diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in index fdb5a9968d..a13d8599cf 100644 --- a/src/kadmin/cli/Makefile.in +++ b/src/kadmin/cli/Makefile.in @@ -44,45 +44,3 @@ clean-unix:: # for testing getdate.y datetest: getdate.c $(CC) -o datetest $(ALL_CFLAGS) $(LDFLAGS) $(LDARGS) -DTEST getdate.c -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kadmin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h kadmin.c kadmin.h -$(OUTPRE)kadmin_ct.$(OBJEXT): $(COM_ERR_DEPS) $(SS_DEPS) \ - kadmin_ct.c -$(OUTPRE)ss_wrapper.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ - $(SS_DEPS) kadmin.h ss_wrapper.c -$(OUTPRE)getdate.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ - getdate.c kadmin.h -$(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kadmin.h keytab.c diff --git a/src/kadmin/cli/deps b/src/kadmin/cli/deps new file mode 100644 index 0000000000..928af0a38d --- /dev/null +++ b/src/kadmin/cli/deps @@ -0,0 +1,41 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kadmin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h kadmin.c kadmin.h +$(OUTPRE)kadmin_ct.$(OBJEXT): $(COM_ERR_DEPS) $(SS_DEPS) \ + kadmin_ct.c +$(OUTPRE)ss_wrapper.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + $(SS_DEPS) kadmin.h ss_wrapper.c +$(OUTPRE)getdate.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + getdate.c kadmin.h +$(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kadmin.h keytab.c diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index f4c14f4a0f..4955a448fb 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -134,9 +134,9 @@ static char *strdur(duration) minutes = duration / 60; duration %= 60; seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", - days, days == 1 ? "day" : "days", - hours, minutes, seconds); + snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + days, days == 1 ? "day" : "days", + hours, minutes, seconds); return out; } @@ -161,23 +161,22 @@ kadmin_parse_name(name, principal) { char *cp, *fullname; krb5_error_code retval; + int result; /* assumes def_realm is initialized! */ - fullname = (char *)malloc(strlen(name) + 1 + strlen(def_realm) + 1); - if (fullname == NULL) - return ENOMEM; - strcpy(fullname, name); - cp = strchr(fullname, '@'); + cp = strchr(name, '@'); while (cp) { - if (cp - fullname && *(cp - 1) != '\\') + if (cp - name && *(cp - 1) != '\\') break; else cp = strchr(cp + 1, '@'); } - if (cp == NULL) { - strcat(fullname, "@"); - strcat(fullname, def_realm); - } + if (cp == NULL) + result = asprintf(&fullname, "%s@%s", name, def_realm); + else + result = asprintf(&fullname, "%s", name); + if (result < 0) + return ENOMEM; retval = krb5_parse_name(context, fullname, principal); free(fullname); return retval; @@ -279,14 +278,9 @@ char *kadmin_startup(argc, argv) break; case 'd': /* now db_name is not a seperate argument. It has to be passed as part of the db_args */ - if (!db_name) { - db_name = malloc(strlen(optarg) + sizeof("dbname=")); - } else { - db_name = realloc(db_name, strlen(optarg) + sizeof("dbname=")); - } - - strcpy(db_name, "dbname="); - strcat(db_name, optarg); + if (db_name) + free(db_name); + asprintf(&db_name, "dbname=%s", optarg); db_args_size++; { @@ -437,43 +431,27 @@ char *kadmin_startup(argc, argv) } if (cp != NULL) *cp = '\0'; - princstr = (char*)malloc(strlen(canon) + 6 /* "/admin" */ + - (realm ? 1 + strlen(realm) : 0) + 1); - if (princstr == NULL) { + if (asprintf(&princstr, "%s/admin%s%s", canon, + (realm) ? "@" : "", + (realm) ? realm : "") < 0) { fprintf(stderr, "%s: out of memory\n", whoami); exit(1); } - strcpy(princstr, canon); - strcat(princstr, "/admin"); - if (realm) { - strcat(princstr, "@"); - strcat(princstr, realm); - } free(canon); krb5_free_principal(context, princ); freeprinc++; } else if ((luser = getenv("USER"))) { - princstr = (char *) malloc(strlen(luser) + 7 /* "/admin@" */ - + strlen(def_realm) + 1); - if (princstr == NULL) { + if (asprintf(&princstr, "%s/admin@%s", luser, def_realm) < 0) { fprintf(stderr, "%s: out of memory\n", whoami); exit(1); } - strcpy(princstr, luser); - strcat(princstr, "/admin"); - strcat(princstr, "@"); - strcat(princstr, def_realm); freeprinc++; } else if ((pw = getpwuid(getuid()))) { - princstr = (char *) malloc(strlen(pw->pw_name) + 7 /* "/admin@" */ - + strlen(def_realm) + 1); - if (princstr == NULL) { + if (asprintf(&princstr, "%s/admin@%s", pw->pw_name, + def_realm) < 0) { fprintf(stderr, "%s: out of memory\n", whoami); exit(1); } - strcpy(princstr, pw->pw_name); - strcat(princstr, "/admin@"); - strcat(princstr, def_realm); freeprinc++; } else { fprintf(stderr, "%s: unable to figure out a principal name\n", @@ -558,7 +536,7 @@ char *kadmin_startup(argc, argv) krb5_defkeyname = DEFAULT_KEYTAB; } - if ((retval = kadm5_init_iprop(handle)) != 0) { + if ((retval = kadm5_init_iprop(handle, 0)) != 0) { com_err(whoami, retval, _("while mapping update log")); exit(1); } @@ -816,11 +794,12 @@ void kadmin_cpw(argc, argv) } else if (argc == 1) { unsigned int i = sizeof (newpw) - 1; - sprintf(prompt1, "Enter password for principal \"%.900s\"", - *argv); - sprintf(prompt2, - "Re-enter password for principal \"%.900s\"", - *argv); + snprintf(prompt1, sizeof(prompt1), + "Enter password for principal \"%.900s\"", + *argv); + snprintf(prompt2, sizeof(prompt2), + "Re-enter password for principal \"%.900s\"", + *argv); retval = krb5_read_password(context, prompt1, prompt2, newpw, &i); if (retval) { @@ -1250,11 +1229,12 @@ void kadmin_addprinc(argc, argv) } else if (pass == NULL) { unsigned int sz = sizeof (newpw) - 1; - sprintf(prompt1, "Enter password for principal \"%.900s\"", - canon); - sprintf(prompt2, - "Re-enter password for principal \"%.900s\"", - canon); + snprintf(prompt1, sizeof(prompt1), + "Enter password for principal \"%.900s\"", + canon); + snprintf(prompt2, sizeof(prompt2), + "Re-enter password for principal \"%.900s\"", + canon); retval = krb5_read_password(context, prompt1, prompt2, newpw, &sz); if (retval) { @@ -1501,6 +1481,14 @@ void kadmin_getprinc(argc, argv) free(canon); return; } + free(canon); + canon = NULL; + retval = krb5_unparse_name(context, dprinc.principal, &canon); + if (retval) { + com_err("get_principal", retval, "while canonicalizing principal"); + krb5_free_principal(context, princ); + return; + } retval = krb5_unparse_name(context, dprinc.mod_name, &modcanon); if (retval) { com_err("get_principal", retval, "while unparsing modname"); @@ -1535,14 +1523,14 @@ void kadmin_getprinc(argc, argv) if (krb5_enctype_to_string(key_data->key_data_type[0], enctype, sizeof(enctype))) - sprintf(enctype, "", - key_data->key_data_type[0]); + snprintf(enctype, sizeof(enctype), "", + key_data->key_data_type[0]); printf("Key: vno %d, %s, ", key_data->key_data_kvno, enctype); if (key_data->key_data_ver > 1) { if (krb5_salttype_to_string(key_data->key_data_type[1], salttype, sizeof(salttype))) - sprintf(salttype, "", - key_data->key_data_type[1]); + snprintf(salttype, sizeof(salttype), "", + key_data->key_data_type[1]); printf("%s\n", salttype); } else printf("no salt\n"); diff --git a/src/kadmin/dbutil/Makefile.in b/src/kadmin/dbutil/Makefile.in index 7419dcb5a4..e88d8b3239 100644 --- a/src/kadmin/dbutil/Makefile.in +++ b/src/kadmin/dbutil/Makefile.in @@ -2,18 +2,13 @@ thisconfigdir=../.. myfulldir=kadmin/dbutil mydir=kadmin/dbutil BUILDTOP=$(REL)..$(S).. -DEFINES = -DKDB4_DISABLE DEFS= -LOCALINCLUDES = -I. @KRB4_INCLUDES@ -PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) +LOCALINCLUDES = -I. +PROG_LIBPATH=-L$(TOPLIBD) $(KRB5_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR) KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS) PROG = kdb5_util -###OBJS = kdb5_util.o dump.o dumpv4.o loadv4.o \ -### kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \ -### kdb5_destroy.o ovload.o import_err.o strtok.o -### SRCS = kdb5_util.c kdb5_create.c kadm5_create.c string_table.c kdb5_destroy.c \ kdb5_stash.c import_err.c strtok.c dump.c ovload.c kdb5_mkey.c @@ -25,8 +20,8 @@ GETDATE = ../cli/getdate.o all:: $(PROG) -$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(GETDATE) - $(CC_LINK) -o $(PROG) $(OBJS) $(GETDATE) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS) +$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(GETDATE) + $(CC_LINK) -o $(PROG) $(OBJS) $(GETDATE) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) import_err.c import_err.h: $(srcdir)/import_err.et @@ -39,148 +34,3 @@ install:: clean:: $(RM) $(PROG) $(OBJS) import_err.c import_err.h -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kdb5_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdb5_util.c kdb5_util.h -$(OUTPRE)kdb5_create.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdb5_create.c kdb5_util.h -$(OUTPRE)kadm5_create.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kadm5_create.c kdb5_util.h string_table.h -$(OUTPRE)string_table.$(OBJEXT): string_table.c -$(OUTPRE)kdb5_destroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kdb5_destroy.c kdb5_util.h -$(OUTPRE)kdb5_stash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kdb5_stash.c kdb5_util.h -$(OUTPRE)import_err.$(OBJEXT): $(COM_ERR_DEPS) import_err.c -$(OUTPRE)strtok.$(OBJEXT): nstrtok.h strtok.c -$(OUTPRE)dump.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - dump.c kdb5_util.h -$(OUTPRE)ovload.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - import_err.h kdb5_util.h nstrtok.h ovload.c diff --git a/src/kadmin/dbutil/deps b/src/kadmin/dbutil/deps new file mode 100644 index 0000000000..dd398bf7d5 --- /dev/null +++ b/src/kadmin/dbutil/deps @@ -0,0 +1,147 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kdb5_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ + $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kdb5_util.c kdb5_util.h +$(OUTPRE)kdb5_create.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ + $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kdb5_create.c kdb5_util.h +$(OUTPRE)kadm5_create.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kadm5_create.c kdb5_util.h \ + string_table.h +$(OUTPRE)string_table.$(OBJEXT): string_table.c +$(OUTPRE)kdb5_destroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb5_destroy.c kdb5_util.h +$(OUTPRE)kdb5_stash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb5_stash.c kdb5_util.h +$(OUTPRE)import_err.$(OBJEXT): $(COM_ERR_DEPS) import_err.c +$(OUTPRE)strtok.$(OBJEXT): nstrtok.h strtok.c +$(OUTPRE)dump.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h dump.c kdb5_util.h +$(OUTPRE)ovload.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h import_err.h kdb5_util.h \ + nstrtok.h ovload.c diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 226bfa56bf..68a8270a9b 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -331,15 +331,12 @@ void update_ok_file (file_name) int fd; static char ok[]=".dump_ok"; - if ((file_ok = (char *)malloc(strlen(file_name) + strlen(ok) + 1)) - == NULL) { + if (asprintf(&file_ok, "%s%s", file_name, ok) < 0) { com_err(progname, ENOMEM, "while allocating filename for update_ok_file"); exit_status++; return; } - strcpy(file_ok, file_name); - strcat(file_ok, ok); if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { com_err(progname, errno, "while creating 'ok' file, '%s'", file_ok); @@ -2283,14 +2280,11 @@ load_db(argc, argv) } dumpfile = argv[aindex]; - if (!(dbname_tmp = (char *) malloc(strlen(dbname)+ - strlen(dump_tmptrail)+1))) { + if (asprintf(&dbname_tmp, "%s%s", dbname, dump_tmptrail) < 0) { fprintf(stderr, no_name_mem_fmt, progname); exit_status++; return; } - strcpy(dbname_tmp, dbname); - strcat(dbname_tmp, dump_tmptrail); /* * Initialize the Kerberos context and error tables. diff --git a/src/kadmin/dbutil/dumpv4.c b/src/kadmin/dbutil/dumpv4.c deleted file mode 100644 index e6bd1f4074..0000000000 --- a/src/kadmin/dbutil/dumpv4.c +++ /dev/null @@ -1,462 +0,0 @@ -/* - * admin/edit/dumpv4.c - * - * Copyright 1990,1991, 1994 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Dump a KDC database into a V4 slave dump. - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifdef KRB5_KRB4_COMPAT - -#include "k5-int.h" -#include "com_err.h" - -#include -#include -#ifdef HAVE_KRB_DB_H -#include -#endif /*HAVE_KRB_DB_H*/ -#ifdef HAVE_KDC_H -;/* MKEYFILE is now defined in kdc.h */ -#include -#endif /*HAVE_KDC_H*/ -#include -#include -#include "kdb5_util.h" - -struct dump_record { - char *comerr_name; - FILE *f; - krb5_keyblock *v5mkey; - C_Block v4_master_key; - Key_schedule v4_master_key_schedule; - long master_key_version; - char *realm; -}; - - -void update_ok_file(); - -#define ANAME_SZ 40 -#define INST_SZ 40 - -static char *v4_mkeyfile = "/.k"; -static int shortlife; -static krb5_error_code handle_one_key(struct dump_record *arg, - krb5_keyblock *v5mkey, - krb5_key_data *v5key, - des_cblock v4key); -static int handle_keys(struct dump_record *arg); - -static int -v4init(arg, manual) - struct dump_record *arg; - int manual; -{ - int fd; - int ok = 0; - - if (!manual) { - fd = open(v4_mkeyfile, O_RDONLY, 0600); - if (fd >= 0) { - if (read(fd,arg->v4_master_key,sizeof(C_Block)) == sizeof(C_Block)) - ok = 1; - close(fd); - } - } - if (!ok) { - des_read_password(&arg->v4_master_key, "V4 Kerberos master key", 1); - printf("\n"); - } - arg->master_key_version = 1; - key_sched(arg->v4_master_key, arg->v4_master_key_schedule); - - return 0; -} - -static void -v4_print_time(file, timeval) - FILE *file; - unsigned long timeval; -{ - struct tm *tm; - struct tm *gmtime(); - tm = gmtime((time_t *)&timeval); - fprintf(file, " %04d%02d%02d%02d%02d", - tm->tm_year < 1900 ? tm->tm_year + 1900: tm->tm_year, - tm->tm_mon + 1, - tm->tm_mday, - tm->tm_hour, - tm->tm_min); -} - - - -static krb5_error_code -dump_v4_iterator(ptr, entry) - krb5_pointer ptr; - krb5_db_entry *entry; -{ - struct dump_record *arg = (struct dump_record *) ptr; - krb5_principal mod_princ; - krb5_timestamp mod_time; - krb5_error_code retval; - int i, max_kvno, ok_key; - - struct v4princ { - char name[ANAME_SZ+1]; - char instance[INST_SZ+1]; - char realm[REALM_SZ+1]; - int max_life; - int kdc_key_ver, key_version, attributes; - char mod_name[ANAME_SZ+1]; - char mod_instance[INST_SZ+1]; - char mod_realm[REALM_SZ+1]; - } v4princ, *principal; - des_cblock v4key; - - principal = &v4princ; - - if (strcmp(krb5_princ_realm(util_context, entry->princ)->data, arg->realm)) - /* skip this because it's a key for a different realm, probably - * a paired krbtgt key */ - return 0; - - retval = krb5_524_conv_principal(util_context, entry->princ, - principal->name, principal->instance, - principal->realm); - if (retval) - /* Skip invalid V4 principals */ - return 0; - - if (!strcmp(principal->name, "K") && !strcmp(principal->instance, "M")) - /* The V4 master key is handled specially */ - return 0; - - if (! principal->name[0]) - return 0; - if (! principal->instance[0]) - strcpy(principal->instance, "*"); - - /* Now move to mod princ */ - if ((retval = krb5_dbe_lookup_mod_princ_data(util_context,entry, - &mod_time, &mod_princ))){ - com_err(arg->comerr_name, retval, "while unparsing db entry"); - exit_status++; - return retval; - } - retval = krb5_524_conv_principal(util_context, mod_princ, - principal->mod_name, principal->mod_instance, - principal->mod_realm); - if (retval) { - /* Invalid V4 mod principal */ - principal->mod_name[0] = '\0'; - principal->mod_instance[0] = '\0'; - } - - if (! principal->mod_name[0]) - strcpy(principal->mod_name, "*"); - if (! principal->mod_instance[0]) - strcpy(principal->mod_instance, "*"); - - /* OK deal with the key now. */ - for (max_kvno = i = 0; i < entry->n_key_data; i++) { - if (max_kvno < entry->key_data[i].key_data_kvno) { - max_kvno = entry->key_data[i].key_data_kvno; - ok_key = i; - } - } - - i = ok_key; - while (ok_key < entry->n_key_data) { - if (max_kvno == entry->key_data[ok_key].key_data_kvno) { - if (entry->key_data[ok_key].key_data_type[1] - == KRB5_KDB_SALTTYPE_V4) { - goto found_one; - } - } - ok_key++; - } - - /* See if there are any DES keys that may be suitable */ - ok_key = i; - while (ok_key < entry->n_key_data) { - if (max_kvno == entry->key_data[ok_key].key_data_kvno) { - krb5_enctype enctype = entry->key_data[ok_key].key_data_type[0]; - if ((enctype == ENCTYPE_DES_CBC_CRC) || - (enctype == ENCTYPE_DES_CBC_MD5) || - (enctype == ENCTYPE_DES_CBC_RAW)) - goto found_one; - } - ok_key++; - } - /* skip this because it's a new style key and we can't help it */ - return 0; - -found_one:; - principal->key_version = max_kvno; - if (!shortlife) - principal->max_life = krb_time_to_life(0, entry->max_life); - else { - principal->max_life = entry->max_life / (60 * 5); - if (principal->max_life > 255) - principal->max_life = 255; - } - - principal->kdc_key_ver = arg->master_key_version; - principal->attributes = 0; /* ??? not preserved either */ - - fprintf(arg->f, "%s %s %d %d %d %d ", - principal->name, - principal->instance, - principal->max_life, - principal->kdc_key_ver, - principal->key_version, - principal->attributes); - - handle_one_key(arg, arg->v5mkey, &entry->key_data[ok_key], v4key); - - for (i = 0; i < 8; i++) { - fprintf(arg->f, "%02x", ((unsigned char*)v4key)[i]); - if (i == 3) fputc(' ', arg->f); - } - - if (entry->expiration == 0) { - /* 0 means "never" expire. V4 didn't support that, so rather than - having everything appear to have expired in 1970, we nail in the - Cygnus 96q1 default value. The value quoted here is directly - from src/admin/kdb_init.c in Cygnus CNS V4 96q1, and is - roughly 12/31/2009. */ - v4_print_time(arg->f, 946702799+((365*10+3)*24*60*60)); - } else { - v4_print_time(arg->f, entry->expiration); - } - v4_print_time(arg->f, mod_time); - - fprintf(arg->f, " %s %s\n", principal->mod_name, principal->mod_instance); - return 0; -} - -/*ARGSUSED*/ -void dump_v4db(argc, argv) - int argc; - char **argv; -{ - int i; - char *outname = NULL; - FILE *f; - struct dump_record arg; - - for (i = 1; i < argc; i++) { - if (!strcmp(argv[i], "-S")) { - shortlife++; - continue; - } - break; - } - if (argc - i > 1) { - com_err(argv[0], 0, "Usage: %s [-S] filename", argv[0]); - exit_status++; - return; - } - if (!dbactive) { - com_err(argv[0], 0, Err_no_database); - exit_status++; - return; - } - if (argc - i == 1) { - outname = argv[i]; - /* - * Make sure that we don't open and truncate on the fopen, - * since that may hose an on-going kprop process. - * - * We could also control this by opening for read and - * write, doing an flock with LOCK_EX, and then - * truncating the file once we have gotten the lock, - * but that would involve more OS dependancies than I - * want to get into. - */ - unlink(outname); - if (!(f = fopen(outname, "w"))) { - com_err(argv[0], errno, - "While opening file %s for writing", outname); - exit_status++; - return; - } - } else { - f = stdout; - } - - arg.comerr_name = argv[0]; - arg.f = f; - v4init(&arg, 0); - handle_keys(&arg); - - /* special handling for K.M since it isn't preserved */ - { - des_cblock v4key; - int i2; - - /* assume: - max lifetime (255) - key version == 1 (actually, should be whatever the v5 one is) - master key version == key version - args == 0 (none are preserved) - expiration date is the default 2000 - last mod time is near zero (arbitrarily.) - creator is db_creation * - */ - - fprintf(f,"K M 255 1 1 0 "); - -#ifndef KDB4_DISABLE - kdb_encrypt_key (arg.v4_master_key, v4key, - arg.v4_master_key, arg.v4_master_key_schedule, - ENCRYPT); -#else /* KDB4_DISABLE */ - pcbc_encrypt((C_Block *) arg.v4_master_key, - (C_Block *) v4key, - (long) sizeof(C_Block), - arg.v4_master_key_schedule, - (C_Block *) arg.v4_master_key, - ENCRYPT); -#endif /* KDB4_DISABLE */ - - for (i2=0; i2<8; i2++) { - fprintf(f, "%02x", ((unsigned char*)v4key)[i2]); - if (i2 == 3) fputc(' ', f); - } - fprintf(f," 200001010459 197001020000 db_creation *\n"); - } - - (void) krb5_db_iterate(util_context, dump_v4_iterator, - (krb5_pointer) &arg); - if (argc == 2) - fclose(f); - if (outname) - update_ok_file(outname); -} - -static int handle_keys(arg) - struct dump_record *arg; -{ - krb5_error_code retval; - char *defrealm; - char *mkey_name = 0; - char *mkey_fullname; - krb5_principal l_master_princ; - - if ((retval = krb5_get_default_realm(util_context, &defrealm))) { - com_err(arg->comerr_name, retval, - "while retrieving default realm name"); - exit(1); - } - arg->realm = defrealm; - - /* assemble & parse the master key name */ - - if ((retval = krb5_db_setup_mkey_name(util_context, mkey_name, arg->realm, - &mkey_fullname, &l_master_princ))) { - com_err(arg->comerr_name, retval, "while setting up master key name"); - exit(1); - } - - if ((retval = krb5_db_fetch_mkey(util_context, l_master_princ, - master_keyblock.enctype, 0, - 0, global_params.stash_file, 0, - &master_keyblock))) { - com_err(arg->comerr_name, retval, "while reading master key"); - exit(1); - } - arg->v5mkey = &master_keyblock; - return(0); -} - -static krb5_error_code -handle_one_key(arg, v5mkey, v5key, v4key) - struct dump_record *arg; - krb5_keyblock *v5mkey; - krb5_key_data *v5key; - des_cblock v4key; -{ - krb5_error_code retval; - - krb5_keyblock v5plainkey; - /* v4key is the actual v4 key from the file. */ - - retval = krb5_dbekd_decrypt_key_data(util_context, v5mkey, v5key, - &v5plainkey, NULL); - if (retval) - return retval; - - memcpy(v4key, v5plainkey.contents, sizeof(des_cblock)); -#ifndef KDB4_DISABLE - kdb_encrypt_key (v4key, v4key, - arg->v4_master_key, arg->v4_master_key_schedule, - ENCRYPT); -#else /* KDB4_DISABLE */ - pcbc_encrypt((C_Block *) v4key, - (C_Block *) v4key, - (long) sizeof(C_Block), - arg->v4_master_key_schedule, - (C_Block *) arg->v4_master_key, - ENCRYPT); -#endif /* KDB4_DISABLE */ - return 0; -} - -#else /* KRB5_KRB4_COMPAT */ -void dump_v4db(argc, argv) - int argc; - char **argv; -{ - printf("This version of krb5_edit does not support the V4 dump command.\n"); -} -#endif /* KRB5_KRB4_COMPAT */ diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index c02b402876..894edf3640 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -145,8 +145,7 @@ static char *build_name_with_realm(char *name, char *realm) { char *n; - n = (char *) malloc(strlen(name) + strlen(realm) + 2); - sprintf(n, "%s@%s", name, realm); + asprintf(&n, "%s@%s", name, realm); return n; } diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index a0759af4dd..5d7e0ebd23 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -285,9 +285,9 @@ master key name '%s'\n", /* } */ if (log_ctx && log_ctx->iproprole) { - if (retval = ulog_map(util_context, global_params.iprop_logfile, - global_params.iprop_ulogsize, FKCOMMAND, - db5util_db_args)) { + if ((retval = ulog_map(util_context, global_params.iprop_logfile, + global_params.iprop_ulogsize, FKCOMMAND, + db5util_db_args))) { com_err(argv[0], retval, _("while creating update log")); exit_status++; diff --git a/src/kadmin/dbutil/kdb5_util.M b/src/kadmin/dbutil/kdb5_util.M index d58c972aff..dc34bc8ca1 100644 --- a/src/kadmin/dbutil/kdb5_util.M +++ b/src/kadmin/dbutil/kdb5_util.M @@ -213,59 +213,6 @@ is required and overrides the value specified on the command line or the default. .RE .TP -\fBdump_v4\fP [\fB\-S\fP] [\fIfilename\fP] -Dumps the current database into the Kerberos 4 database dump format. -The \-S option specifies the short lifetime algorithm. -.TP -\fBload_v4\fP [\fB\-T\fP] [\fB\-v\fP] [\fB\-h\fP] [\fB\-S\fP] -[\fB\-t\fP] [\fB-n\fP] [\fB\-K\fP] [\fB\-s\fP\ \fIstashfile\fP] -\fIinputfile\fP -.br -Loads a Kerberos 4 database dump file. Options: -.RS -.TP -.B \-K -prompts for the V5 master key instead of using the stashed version. -.TP -.B \-n -prompts for the V4 master key, instead of reading from the stash file. -.TP -.B \-s \fIstashfile -gets the V4 master key out of \fIstashfile\fP instead of /.k -.TP -.B \-T -creates a new \fIkrbtgt\fP instead of converting the V4 one. The V5 server -will thus not recognize outstanding tickets, so this should be used -with caution. -.TP -.B \-v -lists each principal as it is converted or ignored. -.TP -.B \-t -uses a temporary database, then moves that into place, instead of adding -the keys to the current database. -.TP -.B \-S -Uses the short lifetime algorithm for conversion. -.TP -.B \-h -Stores the database as a hash instead of a btree. This option is -not recommended, as databases stored in hash format are known to -corrupt data and lose principals. -.PP -Note: if the Kerberos 4 database had a default expiration date of 12/31/1999 -or 12/31/2009 (the compiled in defaults for older or newer Kerberos -releases) then any entries which have the same expiration date will be -converted to "never" expire in the version 5 database. If the default -did not match either value, all expiration dates will be preserved. -.PP -Also, Kerberos 4 stored a single modification time for any change to a -record; Version 5 stores a seperate modification time and last -password change time. In practice, Version 4 "modifications" were -always password changes. \fIload_v4\fP copies the value into both -fields. -.RE -.TP \fBark\fP Adds a random key. .SH SEE ALSO diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index 92b35c35de..1373310294 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -121,8 +121,6 @@ struct _cmd_table { {"stash", kdb5_stash, 1}, {"dump", dump_db, 1}, {"load", load_db, 0}, -/* {"dump_v4", dump_v4db, 1}, */ -/* {"load_v4", load_v4db, 0}, */ {"ark", add_random_key, 1}, {"add_mkey", kdb5_add_mkey, 1}, /* 1 is opendb */ {"use_mkey", kdb5_use_mkey, 1}, /* 1 is opendb */ @@ -218,16 +216,12 @@ int main(argc, argv) global_params.dbname = koptarg; global_params.mask |= KADM5_CONFIG_DBNAME; - db_name_tmp = malloc( strlen(global_params.dbname) + sizeof("dbname=")); - if( db_name_tmp == NULL ) + if (asprintf(&db_name_tmp, "dbname=%s", global_params.dbname) < 0) { com_err(progname, ENOMEM, "while parsing command arguments"); exit(1); } - strcpy( db_name_tmp, "dbname="); - strcat( db_name_tmp, global_params.dbname ); - if (!add_db_arg(db_name_tmp)) { com_err(progname, ENOMEM, "while parsing command arguments\n"); exit(1); diff --git a/src/kadmin/dbutil/kdb5_util.h b/src/kadmin/dbutil/kdb5_util.h index 62c927a604..cd0ae25b31 100644 --- a/src/kadmin/dbutil/kdb5_util.h +++ b/src/kadmin/dbutil/kdb5_util.h @@ -77,8 +77,6 @@ extern int process_ov_principal (char *fname, krb5_context kcontext, extern void load_db (int argc, char **argv); extern void dump_db (int argc, char **argv); -extern void load_v4db (int argc, char **argv); -extern void dump_v4db (int argc, char **argv); extern void kdb5_create (int argc, char **argv); extern void kdb5_destroy (int argc, char **argv); extern void kdb5_stash (int argc, char **argv); diff --git a/src/kadmin/dbutil/loadv4.c b/src/kadmin/dbutil/loadv4.c deleted file mode 100644 index 4c3591ea0f..0000000000 --- a/src/kadmin/dbutil/loadv4.c +++ /dev/null @@ -1,982 +0,0 @@ -/* - * kadmin/dbutil/loadv4.c - * - * Copyright 1996 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Generate (from scratch) a Kerberos V5 KDC database, filling it in with the - * entries from a V4 database. - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include - -#ifdef KRB5_KRB4_COMPAT - -#include "k5-int.h" -#include "com_err.h" - -#include -#include -#include -/* MKEYFILE is now defined in kdc.h */ -#include - -static C_Block master_key; -static Key_schedule master_key_schedule; - -static char *v4_mkeyfile = "/.k"; - -#include -/* Define to make certain blocks private */ -#define V4_DECLARES_STATIC -#include "kdb5_util.h" -#include "kadm5/adb.h" /* osa_adb_create_policy_db */ -#include /* ntohl */ - -#define PROGNAME argv[0] - -enum ap_op { - NULL_KEY, /* setup null keys */ - MASTER_KEY, /* use master key as new key */ - RANDOM_KEY /* choose a random key */ -}; - -struct realm_info { - krb5_deltat max_life; - krb5_deltat max_rlife; - krb5_timestamp expiration; - krb5_flags flags; - krb5_keyblock *key; -}; - -static struct realm_info rblock = { /* XXX */ - KRB5_KDB_MAX_LIFE, - KRB5_KDB_MAX_RLIFE, - KRB5_KDB_EXPIRATION, - KRB5_KDB_DEF_FLAGS, - 0 -}; - -static int verbose = 0; - -static int shortlife = 0; - -static krb5_error_code add_principal - (krb5_context, - krb5_principal, - enum ap_op, - struct realm_info *); - -static int v4init (char *, int, char *); -static krb5_error_code enter_in_v5_db (krb5_context, - char *, Principal *); -static krb5_error_code process_v4_dump (krb5_context, char *, - char *, long); -static krb5_error_code v4_dump_find_default (krb5_context, char *, - char *, long *); -static krb5_error_code fixup_database (krb5_context, char *); - -static int create_local_tgt = 0; - -static krb5_keyblock master_keyblock; -static krb5_principal master_princ; - -static krb5_data tgt_princ_entries[] = { - {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME}, - {0, 0, 0} }; - -static krb5_data db_creator_entries[] = { - {0, sizeof("db_creation")-1, "db_creation"} }; - -/* XXX knows about contents of krb5_principal, and that tgt names - are of form TGT/REALM@REALM */ -static krb5_principal_data tgt_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - tgt_princ_entries, /* krb5_data *data */ - 2, /* int length */ - KRB5_NT_SRV_INST /* int type */ -}; - -static krb5_principal_data db_create_princ = { - 0, /* magic number */ - {0, 0, 0}, /* krb5_data realm */ - db_creator_entries, /* krb5_data *data */ - 1, /* int length */ - KRB5_NT_SRV_INST /* int type */ -}; - - -void -load_v4db(argc, argv) - int argc; - char *argv[]; -{ - krb5_error_code retval; - /* The kdb library will default to this, but it is convenient to - make it explicit (error reporting and temporary filename generation - use it). */ - char *dbname = DEFAULT_KDB_FILE; - char *v4dumpfile = 0; - char *realm = 0; - char *mkey_name = 0; - char *mkey_fullname; - char *defrealm; - int v4manual = 0; - krb5_boolean read_mkey = 0; - int tempdb = 0; - char *tempdbname; - krb5_context context; - char *stash_file = (char *) NULL; - int persist, op_ind; - kadm5_config_params newparams; - extern kadm5_config_params global_params; - long exp_time = 0; - krb5_int32 crflags = KRB5_KDB_CREATE_BTREE; - krb5_data seed; - - retval = kadm5_init_krb5_context(&context); - if (retval) { - fprintf(stderr, "%s: Could not initialize krb5 context.\n", PROGNAME); - return; - } - - if (strrchr(argv[0], '/')) - argv[0] = strrchr(argv[0], '/')+1; - - persist = 1; - op_ind = 1; - while (persist && (op_ind < argc)) { - if (!strcmp(argv[op_ind], "-T")) { - create_local_tgt = 1; - } - else if (!strcmp(argv[op_ind], "-t")) { - tempdb = 1; - } - else if (!strcmp(argv[op_ind], "-K")) { - read_mkey = 1; - } - else if (!strcmp(argv[op_ind], "-v")) { - verbose = 1; - } - else if (!strcmp(argv[op_ind], "-n")) { - v4manual++; - } - else if (!strcmp(argv[op_ind], "-S")) { - shortlife++; - } - else if (!strcmp(argv[op_ind], "-s")) { - if ((argc - op_ind) >= 1) { - v4_mkeyfile = argv[op_ind+1]; - op_ind++; - } else { - usage(); - } - } - else if (!strcmp(argv[op_ind], "-h")) { - crflags = KRB5_KDB_CREATE_HASH; - } - else if ((argc - op_ind) >= 1) { - v4dumpfile = argv[op_ind]; - op_ind++; - } - else - usage(); - op_ind++; - } - - realm = global_params.realm; - dbname = global_params.dbname; - mkey_name = global_params.mkey_name; - master_keyblock.enctype = global_params.enctype; - if (global_params.stash_file) - stash_file = strdup(global_params.stash_file); - rblock.max_life = global_params.max_life; - rblock.max_rlife = global_params.max_rlife; - rblock.expiration = global_params.expiration; - rblock.flags = global_params.flags; - - if (!v4dumpfile) { - usage(); - krb5_free_context(context); - return; - } - - if (!krb5_c_valid_enctype(master_keyblock.enctype)) { - com_err(PROGNAME, KRB5_PROG_KEYTYPE_NOSUPP, - "while setting up enctype %d", master_keyblock.enctype); - krb5_free_context(context); - return; - } - - /* If the user has not requested locking, don't modify an existing database. */ - if (! tempdb) { - retval = krb5_db_set_name(context, dbname); - if (retval != ENOENT) { - fprintf(stderr, - "%s: The v5 database appears to already exist.\n", - PROGNAME); - krb5_free_context(context); - return; - } - tempdbname = dbname; - } else { - size_t dbnamelen = strlen(dbname); - tempdbname = malloc(dbnamelen + 2); - if (tempdbname == 0) { - com_err(PROGNAME, ENOMEM, "allocating temporary filename"); - krb5_free_context(context); - return; - } - strcpy(tempdbname, dbname); - tempdbname[dbnamelen] = '~'; - tempdbname[dbnamelen+1] = 0; - (void) krb5_db_destroy(context, tempdbname); - } - - - if (!realm) { - retval = krb5_get_default_realm(context, &defrealm); - if (retval) { - com_err(PROGNAME, retval, "while retrieving default realm name"); - krb5_free_context(context); - return; - } - realm = defrealm; - } - - /* assemble & parse the master key name */ - - retval = krb5_db_setup_mkey_name(context, mkey_name, realm, - &mkey_fullname, &master_princ); - if (retval) { - com_err(PROGNAME, retval, "while setting up master key name"); - krb5_free_context(context); - return; - } - - krb5_princ_set_realm_data(context, &db_create_princ, realm); - krb5_princ_set_realm_length(context, &db_create_princ, strlen(realm)); - krb5_princ_set_realm_data(context, &tgt_princ, realm); - krb5_princ_set_realm_length(context, &tgt_princ, strlen(realm)); - krb5_princ_component(context, &tgt_princ,1)->data = realm; - krb5_princ_component(context, &tgt_princ,1)->length = strlen(realm); - - printf("Initializing database '%s' for realm '%s',\n\ -master key name '%s'\n", - dbname, realm, mkey_fullname); - - if (read_mkey) { - puts("You will be prompted for the version 5 database Master Password."); - puts("It is important that you NOT FORGET this password."); - fflush(stdout); - } - - - retval = krb5_db_fetch_mkey(context, master_princ, - master_keyblock.enctype, - read_mkey, read_mkey, stash_file, 0, - &master_keyblock); - if (retval) { - com_err(PROGNAME, retval, "while reading master key"); - krb5_free_context(context); - return; - } - - rblock.key = &master_keyblock; - - seed.length = master_keyblock.length; - seed.data = master_keyblock.contents; - - retval = krb5_c_random_seed(context, &seed); - if (retval) { - com_err(PROGNAME, retval, "while initializing random key generator"); - krb5_free_context(context); - return; - } - - retval = krb5_db_create(context, tempdbname, crflags); - if (retval) { - com_err(PROGNAME, retval, "while creating %sdatabase '%s'", - tempdb ? "temporary " : "", tempdbname); - krb5_free_context(context); - return; - } - - retval = krb5_db_set_name(context, tempdbname); - if (retval) { - (void) krb5_db_destroy(context, tempdbname); - com_err(PROGNAME, retval, "while setting active database to '%s'", - tempdbname); - krb5_free_context(context); - return; - } - if (v4init(PROGNAME, v4manual, v4dumpfile)) { - (void) krb5_db_destroy(context, tempdbname); - krb5_free_context(context); - return; - } - if ((retval = krb5_db_init(context)) || - (retval = krb5_db_open_database(context))) { - (void) krb5_db_destroy(context, tempdbname); - com_err(PROGNAME, retval, "while initializing the database '%s'", - tempdbname); - krb5_free_context(context); - return; - } - - retval = add_principal(context, master_princ, MASTER_KEY, &rblock); - if (retval) { - (void) krb5_db_fini(context); - (void) krb5_db_destroy(context, tempdbname); - com_err(PROGNAME, retval, "while adding K/M to the database"); - krb5_free_context(context); - return; - } - - if (create_local_tgt && - (retval = add_principal(context, &tgt_princ, RANDOM_KEY, &rblock))) { - (void) krb5_db_fini(context); - (void) krb5_db_destroy(context, tempdbname); - com_err(PROGNAME, retval, "while adding TGT service to the database"); - krb5_free_context(context); - return; - } - - retval = v4_dump_find_default(context, v4dumpfile, realm, &exp_time); - if (retval) { - com_err(PROGNAME, retval, "warning: default entry not found"); - } - - retval = process_v4_dump(context, v4dumpfile, realm, exp_time); - putchar('\n'); - if (retval) - com_err(PROGNAME, retval, "while translating entries to the database"); - else { - retval = fixup_database(context, realm); - } - - /* clean up; rename temporary database if there were no errors */ - if (retval == 0) { - retval = krb5_db_fini (context); - if (retval) - com_err(PROGNAME, retval, "while shutting down database"); - else if (tempdb && (retval = krb5_db_rename(context, tempdbname, - dbname))) - com_err(PROGNAME, retval, "while renaming temporary database"); - } else { - (void) krb5_db_fini (context); - if (tempdb) - (void) krb5_db_destroy (context, tempdbname); - } - memset((char *)master_keyblock.contents, 0, master_keyblock.length); - - /* - * Cons up config params for new database; using the global_params - * is just fine. - */ - newparams = global_params; - - /* - * Always create the policy db, even if we are not loading a dump - * file with policy info. - */ - if (!tempdb && (retval = osa_adb_create_policy_db(&newparams))) { - com_err(PROGNAME, retval, "while creating policy database"); - kadm5_free_config_params(context, &newparams); - krb5_free_context(context); - return; - } - /* - * Create the magic principals in the database. - */ - retval = kadm5_create_magic_princs(&newparams, context); - if (retval) { - com_err(PROGNAME, retval, "while creating KADM5 principals"); - krb5_free_context(context); - return; - } - - krb5_free_context(context); - return; -} - -static int -v4init(pname, manual, dumpfile) -char *pname; -int manual; -char *dumpfile; -{ - int fd; - int ok = 0; - - if (!manual) { - fd = open(v4_mkeyfile, O_RDONLY, 0600); - if (fd >= 0) { - if (read(fd, master_key, sizeof(master_key)) == sizeof(master_key)) - ok = 1; - close(fd); - } - } - if (!ok) { - des_read_password(&master_key, "V4 Kerberos master key", 0); - printf("\n"); - } - key_sched(master_key, master_key_schedule); - return 0; -} - -static krb5_error_code -enter_in_v5_db(context, realm, princ) -krb5_context context; -char *realm; -Principal *princ; -{ - krb5_db_entry entry; - krb5_error_code retval; - krb5_keyblock v4v5key; - int nentries = 1; - des_cblock v4key; - char *name; - krb5_timestamp mod_time; - krb5_principal mod_princ; - krb5_keysalt keysalt; - - /* don't convert local TGT if we created a TGT already.... */ - if (create_local_tgt && !strcmp(princ->name, "krbtgt") && - !strcmp(princ->instance, realm)) { - if (verbose) - printf("\nignoring local TGT: '%s.%s' ...", - princ->name, princ->instance); - return 0; - } - if (!strcmp(princ->name, KERB_M_NAME) && - !strcmp(princ->instance, KERB_M_INST)) { - des_cblock key_from_db; - int val; - - /* here's our chance to verify the master key */ - /* - * use the master key to decrypt the key in the db, had better - * be the same! - */ - memcpy(key_from_db, (char *)&princ->key_low, 4); - memcpy(((char *) key_from_db) + 4, (char *)&princ->key_high, 4); - pcbc_encrypt((C_Block *) &key_from_db, - (C_Block *) &key_from_db, - (long) sizeof(C_Block), - master_key_schedule, - (C_Block *) master_key, - DECRYPT); - val = memcmp((char *) master_key, (char *) key_from_db, - sizeof(master_key)); - memset((char *)key_from_db, 0, sizeof(key_from_db)); - if (val) { - return KRB5_KDB_BADMASTERKEY; - } - if (verbose) - printf("\nignoring '%s.%s' ...", princ->name, princ->instance); - return 0; - } - memset((char *) &entry, 0, sizeof(entry)); - retval = krb5_425_conv_principal(context, princ->name, princ->instance, - realm, &entry.princ); - if (retval) - return retval; - if (verbose) { - retval = krb5_unparse_name(context, entry.princ, &name); - if (retval) - name = strdup(""); - if (verbose) - printf("\ntranslating %s...", name); - free(name); - } - - retval = krb5_build_principal(context, &mod_princ, - strlen(realm), realm, princ->mod_name, - princ->mod_instance[0] ? - princ->mod_instance : NULL, - NULL); - if (retval) { - krb5_free_principal(context, entry.princ); - return retval; - } - mod_time = princ->mod_date; - - if (!shortlife) - entry.max_life = krb_life_to_time(0, princ->max_life); - else - entry.max_life = princ->max_life * 60 * 5; - entry.max_renewable_life = rblock.max_rlife; - entry.len = KRB5_KDB_V1_BASE_LENGTH; - entry.expiration = princ->exp_date; - entry.attributes = rblock.flags; /* XXX is there a way to convert - the old attrs? */ - - memcpy((char *)v4key, (char *)&(princ->key_low), 4); - memcpy((char *) (((char *) v4key) + 4), (char *)&(princ->key_high), 4); - pcbc_encrypt((C_Block *) &v4key, - (C_Block *) &v4key, - (long) sizeof(C_Block), - master_key_schedule, - (C_Block *) master_key, - DECRYPT); - - v4v5key.magic = KV5M_KEYBLOCK; - v4v5key.contents = (krb5_octet *)v4key; - v4v5key.enctype = ENCTYPE_DES_CBC_CRC; - v4v5key.length = sizeof(v4key); - - retval = krb5_dbe_create_key_data(context, &entry); - if (retval) { - krb5_free_principal(context, entry.princ); - krb5_free_principal(context, mod_princ); - return retval; - } - - keysalt.type = KRB5_KDB_SALTTYPE_V4; - keysalt.data.length = 0; - keysalt.data.data = (char *) NULL; - retval = krb5_dbekd_encrypt_key_data(context, rblock.key, - &v4v5key, &keysalt, - princ->key_version, - &entry.key_data[0]); - if (!retval) - retval = krb5_dbe_update_mod_princ_data(context, &entry, - mod_time, mod_princ); - if (!retval) - retval = krb5_dbe_update_last_pwd_change(context, &entry, mod_time); - - if (retval) { - krb5_db_free_principal(context, &entry, 1); - krb5_free_principal(context, mod_princ); - return retval; - } - memset((char *)v4key, 0, sizeof(v4key)); - - retval = krb5_db_put_principal(context, &entry, &nentries); - - if (!retval && !strcmp(princ->name, "krbtgt") && - strcmp(princ->instance, realm) && princ->instance[0]) { - krb5_free_principal(context, entry.princ); - retval = krb5_build_principal(context, &entry.princ, - strlen(princ->instance), - princ->instance, - "krbtgt", realm, NULL); - if (retval) - return retval; - retval = krb5_db_put_principal(context, &entry, &nentries); - } - - krb5_db_free_principal(context, &entry, 1); - krb5_free_principal(context, mod_princ); - - return retval; -} - -static krb5_error_code -add_principal(context, princ, op, pblock) -krb5_context context; -krb5_principal princ; -enum ap_op op; -struct realm_info *pblock; -{ - krb5_db_entry entry; - krb5_error_code retval; - krb5_keyblock rkey; - int nentries = 1; - krb5_timestamp mod_time; - - memset((char *) &entry, 0, sizeof(entry)); - retval = krb5_copy_principal(context, princ, &entry.princ); - if (retval) - return(retval); - entry.max_life = pblock->max_life; - entry.max_renewable_life = pblock->max_rlife; - entry.len = KRB5_KDB_V1_BASE_LENGTH; - entry.expiration = pblock->expiration; - - retval = krb5_timeofday(context, &mod_time); - if (retval) { - krb5_db_free_principal(context, &entry, 1); - return retval; - } - entry.attributes = pblock->flags; - - retval = krb5_dbe_create_key_data(context, &entry); - if (retval) { - krb5_db_free_principal(context, &entry, 1); - return(retval); - } - - switch (op) { - case MASTER_KEY: - entry.attributes |= KRB5_KDB_DISALLOW_ALL_TIX; - retval = krb5_dbekd_encrypt_key_data(context, pblock->key, - &master_keyblock, - (krb5_keysalt *) NULL, 1, - &entry.key_data[0]); - if (retval) { - krb5_db_free_principal(context, &entry, 1); - return retval; - } - break; - case RANDOM_KEY: - retval = krb5_c_make_random_key(context, pblock->key->enctype, - &rkey); - if (retval) { - krb5_db_free_principal(context, &entry, 1); - return retval; - } - retval = krb5_dbekd_encrypt_key_data(context, pblock->key, - &rkey, (krb5_keysalt *) NULL, - 1, &entry.key_data[0]); - if (retval) { - krb5_db_free_principal(context, &entry, 1); - return(retval); - } - krb5_free_keyblock_contents(context, &rkey); - break; - case NULL_KEY: - return EOPNOTSUPP; - default: - break; - } - - retval = krb5_dbe_update_mod_princ_data(context, &entry, - mod_time, &db_create_princ); - if (!retval) - retval = krb5_db_put_principal(context, &entry, &nentries); - krb5_db_free_principal(context, &entry, 1); - return retval; -} - -/* - * Convert a struct tm * to a UNIX time. - */ - - -#define daysinyear(y) (((y) % 4) ? 365 : (((y) % 100) ? 366 : (((y) % 400) ? 365 : 366))) - -#define SECSPERDAY 24*60*60 -#define SECSPERHOUR 60*60 -#define SECSPERMIN 60 - -static int cumdays[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, - 365}; - -static int leapyear[] = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; -static int nonleapyear[] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; - -static long -maketime(tp, local) -register struct tm *tp; -int local; -{ - register long retval; - int foo; - int *marray; - - if (tp->tm_mon < 0 || tp->tm_mon > 11 || - tp->tm_hour < 0 || tp->tm_hour > 23 || - tp->tm_min < 0 || tp->tm_min > 59 || - tp->tm_sec < 0 || tp->tm_sec > 59) /* out of range */ - return 0; - - retval = 0; - if (tp->tm_year < 1900) - foo = tp->tm_year + 1900; - else - foo = tp->tm_year; - - if (foo < 1901 || foo > 2038) /* year is too small/large */ - return 0; - - if (daysinyear(foo) == 366) { - if (tp->tm_mon > 1) - retval+= SECSPERDAY; /* add leap day */ - marray = leapyear; - } else - marray = nonleapyear; - - if (tp->tm_mday < 0 || tp->tm_mday > marray[tp->tm_mon]) - return 0; /* out of range */ - - while (--foo >= 1970) - retval += daysinyear(foo) * SECSPERDAY; - - retval += cumdays[tp->tm_mon] * SECSPERDAY; - retval += (tp->tm_mday-1) * SECSPERDAY; - retval += tp->tm_hour * SECSPERHOUR + tp->tm_min * SECSPERMIN + tp->tm_sec; - - if (local) { - /* need to use local time, so we retrieve timezone info */ - struct timezone tz; - struct timeval tv; - if (gettimeofday(&tv, &tz) < 0) { - /* some error--give up? */ - return(retval); - } - retval += tz.tz_minuteswest * SECSPERMIN; - } - return(retval); -} - -static long -time_explode(cp) -register char *cp; -{ - char wbuf[5]; - struct tm tp; - int local; - - memset((char *)&tp, 0, sizeof(tp)); - - if (strlen(cp) > 10) { /* new format */ - (void) strncpy(wbuf, cp, 4); - wbuf[4] = 0; - tp.tm_year = atoi(wbuf); - cp += 4; /* step over the year */ - local = 0; /* GMT */ - } else { /* old format: local time, - year is 2 digits, assuming 19xx */ - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_year = 1900 + atoi(wbuf); - local = 1; /* local */ - } - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - wbuf[2] = 0; - tp.tm_mon = atoi(wbuf)-1; - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_mday = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_hour = atoi(wbuf); - - wbuf[0] = *cp++; - wbuf[1] = *cp++; - tp.tm_min = atoi(wbuf); - - - return(maketime(&tp, local)); -} - -static krb5_error_code -process_v4_dump(context, dumpfile, realm, default_exp_time) -krb5_context context; -char *dumpfile; -char *realm; -long default_exp_time; -{ - krb5_error_code retval; - FILE *input_file; - Principal aprinc; - char exp_date_str[50]; - char mod_date_str[50]; - int temp1, temp2, temp3; - - input_file = fopen(dumpfile, "r"); - if (!input_file) - return errno; - - for (;;) { /* explicit break on eof from fscanf */ - int nread; - - memset((char *)&aprinc, 0, sizeof(aprinc)); - nread = fscanf(input_file, - "%s %s %d %d %d %hd %lx %lx %s %s %s %s\n", - aprinc.name, - aprinc.instance, - &temp1, - &temp2, - &temp3, - &aprinc.attributes, - &aprinc.key_low, - &aprinc.key_high, - exp_date_str, - mod_date_str, - aprinc.mod_name, - aprinc.mod_instance); - if (nread != 12) { - retval = nread == EOF ? 0 : KRB5_KDB_DB_CORRUPT; - break; - } - aprinc.key_low = ntohl (aprinc.key_low); - aprinc.key_high = ntohl (aprinc.key_high); - aprinc.max_life = (unsigned char) temp1; - aprinc.kdc_key_ver = (unsigned char) temp2; - aprinc.key_version = (unsigned char) temp3; - aprinc.exp_date = time_explode(exp_date_str); - if (aprinc.exp_date == default_exp_time) - aprinc.exp_date = 0; - aprinc.mod_date = time_explode(mod_date_str); - if (aprinc.instance[0] == '*') - aprinc.instance[0] = '\0'; - if (aprinc.mod_name[0] == '*') - aprinc.mod_name[0] = '\0'; - if (aprinc.mod_instance[0] == '*') - aprinc.mod_instance[0] = '\0'; - retval = enter_in_v5_db(context, realm, &aprinc); - if (retval) - break; - } - (void) fclose(input_file); - return retval; -} - -static krb5_error_code -v4_dump_find_default(context, dumpfile, realm, exptime) -krb5_context context; -char *dumpfile; -char *realm; -long *exptime; -{ - krb5_error_code retval = 0; - FILE *input_file; - Principal aprinc; - char exp_date_str[50]; - char mod_date_str[50]; - int temp1, temp2, temp3; - long foundtime, guess1, guess2; - - /* kdb_init is usually the only thing to touch the time in the - default entry, and everything else just copies that time. If - the site hasn't changed it, we can assume that "never" is an - appropriate value for V5. There have been two values compiled - in, typically: - - MIT V4 had the code - principal.exp_date = 946702799; - strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ); - - Cygnus CNS V4 had the code - principal.exp_date = 946702799+((365*10+3)*24*60*60); - strncpy(principal.exp_date_txt, "12/31/2009", DATE_SZ); - - However, the dump files only store minutes -- so these values - are 59 seconds high. - - Other values could be added later, but in practice these are - likely to be the only ones. */ - - guess1 = 946702799-59; - guess2 = 946702799+((365*10+3)*24*60*60); - - input_file = fopen(dumpfile, "r"); - if (!input_file) - return errno; - - for (;;) { /* explicit break on eof from fscanf */ - int nread; - - memset((char *)&aprinc, 0, sizeof(aprinc)); - nread = fscanf(input_file, - "%s %s %d %d %d %hd %lx %lx %s %s %s %s\n", - aprinc.name, - aprinc.instance, - &temp1, - &temp2, - &temp3, - &aprinc.attributes, - &aprinc.key_low, - &aprinc.key_high, - exp_date_str, - mod_date_str, - aprinc.mod_name, - aprinc.mod_instance); - if (nread != 12) { - retval = nread == EOF ? 0 : KRB5_KDB_DB_CORRUPT; - break; - } - if (!strcmp(aprinc.name, "default") - && !strcmp(aprinc.instance, "*")) { - foundtime = time_explode(exp_date_str); - if (foundtime == guess1 || foundtime == guess2) - *exptime = foundtime; - if (verbose) { - printf("\ndefault expiration found: "); - if (foundtime == guess1) { - printf("MIT or pre96q1 value (1999)"); - } else if (foundtime == guess2) { - printf("Cygnus CNS post 96q1 value (2009)"); - } else { - printf("non-default start time (%ld,%s)", - foundtime, exp_date_str); - } - } - break; - } - } - (void) fclose(input_file); - return retval; -} - -static krb5_error_code fixup_database(context, realm) - krb5_context context; - char * realm; -{ - return 0; -} - -#else /* KRB5_KRB4_COMPAT */ -void -load_v4db(argc, argv) - int argc; - char *argv[]; -{ - printf("This version of kdb5_util does not support the V4 load command.\n"); -} -#endif /* KRB5_KRB4_COMPAT */ diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c index fd51207363..46036478fe 100644 --- a/src/kadmin/dbutil/ovload.c +++ b/src/kadmin/dbutil/ovload.c @@ -131,11 +131,10 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop) goto done; } else { if(strcmp(cp, "")) { - if((rec->policy = (char *) malloc(strlen(cp)+1)) == NULL) { + if((rec->policy = strdup(cp)) == NULL) { ret = ENOMEM; goto done; } - strcpy(rec->policy, cp); } else rec->policy = NULL; } if((cp = nstrtok((char *) NULL, "\t")) == NULL) { diff --git a/src/kadmin/deps b/src/kadmin/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/kadmin/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/kadmin/ktutil/Makefile.in b/src/kadmin/ktutil/Makefile.in index d1e1b8f177..d44f5eac0f 100644 --- a/src/kadmin/ktutil/Makefile.in +++ b/src/kadmin/ktutil/Makefile.in @@ -2,8 +2,7 @@ thisconfigdir=../.. myfulldir=kadmin/ktutil mydir=kadmin/ktutil BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES = $(KRB4_INCLUDES) -PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) +PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) DEFS= @@ -38,30 +37,3 @@ depend:: ktutil_ct.c clean:: $(RM) ktutil -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)ktutil.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(SS_DEPS) ktutil.c ktutil.h -$(OUTPRE)ktutil_ct.$(OBJEXT): $(COM_ERR_DEPS) $(SS_DEPS) \ - ktutil_ct.c -$(OUTPRE)ktutil_funcs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ktutil.h ktutil_funcs.c diff --git a/src/kadmin/ktutil/deps b/src/kadmin/ktutil/deps new file mode 100644 index 0000000000..6b394b89ff --- /dev/null +++ b/src/kadmin/ktutil/deps @@ -0,0 +1,26 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)ktutil.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SS_DEPS) ktutil.c \ + ktutil.h +$(OUTPRE)ktutil_ct.$(OBJEXT): $(COM_ERR_DEPS) $(SS_DEPS) \ + ktutil_ct.c +$(OUTPRE)ktutil_funcs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ktutil.h ktutil_funcs.c diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c index 1138f0a371..26a2b9ddb3 100644 --- a/src/kadmin/ktutil/ktutil.c +++ b/src/kadmin/ktutil/ktutil.c @@ -98,7 +98,6 @@ void ktutil_read_v4(argc, argv) int argc; char *argv[]; { -#ifdef KRB5_KRB4_COMPAT krb5_error_code retval; if (argc != 2) { @@ -108,9 +107,6 @@ void ktutil_read_v4(argc, argv) retval = ktutil_read_srvtab(kcontext, argv[1], &ktlist); if (retval) com_err(argv[0], retval, "while reading srvtab \"%s\"", argv[1]); -#else - fprintf(stderr, "%s: krb4 support not configured\n", argv[0]); -#endif } void ktutil_write_v5(argc, argv) @@ -132,19 +128,7 @@ void ktutil_write_v4(argc, argv) int argc; char *argv[]; { -#ifdef KRB5_KRB4_COMPAT - krb5_error_code retval; - - if (argc != 2) { - fprintf(stderr, "%s: must specify srvtab to write\n", argv[0]); - return; - } - retval = ktutil_write_srvtab(kcontext, ktlist, argv[1]); - if (retval) - com_err(argv[0], retval, "while writing srvtab \"%s\"", argv[1]); -#else - fprintf(stderr, "%s: krb4 support not configured\n", argv[0]); -#endif + fprintf(stderr, "%s: writing srvtabs is no longer supported\n", argv[0]); } void ktutil_add_entry(argc, argv) diff --git a/src/kadmin/ktutil/ktutil.h b/src/kadmin/ktutil/ktutil.h index d25c8d9988..5ecc7d4adb 100644 --- a/src/kadmin/ktutil/ktutil.h +++ b/src/kadmin/ktutil/ktutil.h @@ -49,14 +49,9 @@ krb5_error_code ktutil_write_keytab (krb5_context, krb5_kt_list, char *); -#ifdef KRB5_KRB4_COMPAT krb5_error_code ktutil_read_srvtab (krb5_context, char *, krb5_kt_list *); -krb5_error_code ktutil_write_srvtab (krb5_context, - krb5_kt_list, - char *); -#endif void ktutil_add_entry (int, char *[]); diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c index 649002e21f..1680875180 100644 --- a/src/kadmin/ktutil/ktutil_funcs.c +++ b/src/kadmin/ktutil/ktutil_funcs.c @@ -28,10 +28,6 @@ #include "k5-int.h" #include "ktutil.h" -#ifdef KRB5_KRB4_COMPAT -#include "kerberosIV/krb.h" -#include -#endif #include #include @@ -161,7 +157,8 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno, goto cleanup; } - sprintf(promptstr, "Password for %.1000s", princ_str); + snprintf(promptstr, sizeof(promptstr), "Password for %.1000s", + princ_str); retval = krb5_read_password(context, promptstr, NULL, password.data, &password.length); if (retval) @@ -317,11 +314,11 @@ krb5_error_code ktutil_write_keytab(context, list, name) krb5_keytab kt; char ktname[MAXPATHLEN+sizeof("WRFILE:")+1]; krb5_error_code retval = 0; + int result; - strcpy(ktname, "WRFILE:"); - if (strlen (name) >= MAXPATHLEN) + result = snprintf(ktname, sizeof(ktname), "WRFILE:%s", name); + if (SNPRINTF_OVERFLOW(result, sizeof(ktname))) return ENAMETOOLONG; - strncat (ktname, name, MAXPATHLEN); retval = krb5_kt_resolve(context, ktname, &kt); if (retval) return retval; @@ -334,30 +331,6 @@ krb5_error_code ktutil_write_keytab(context, list, name) return retval; } -#ifdef KRB5_KRB4_COMPAT -/* - * getstr() takes a file pointer, a string and a count. It reads from - * the file until either it has read "count" characters, or until it - * reads a null byte. When finished, what has been read exists in the - * given string "s". If "count" characters were actually read, the - * last is changed to a null, so the returned string is always null- - * terminated. getstr() returns the number of characters read, - * including the null terminator. - */ - -static int getstr(fp, s, n) - FILE *fp; - register char *s; - int n; -{ - register int count = n; - while (fread(s, 1, 1, fp) > 0 && --count) - if (*s++ == '\0') - return (n - count); - *s = '\0'; - return (n - count); -} - /* * Read in a named krb4 srvtab and append to list. Allocate new list * if needed. @@ -367,190 +340,12 @@ krb5_error_code ktutil_read_srvtab(context, name, list) char *name; krb5_kt_list *list; { - krb5_kt_list lp = NULL, tail = NULL, back = NULL; - krb5_keytab_entry *entry; - krb5_error_code retval = 0; - char sname[SNAME_SZ]; /* name of service */ - char sinst[INST_SZ]; /* instance of service */ - char srealm[REALM_SZ]; /* realm of service */ - unsigned char kvno; /* key version number */ - des_cblock key; - FILE *fp; - - if (*list) { - /* point lp at the tail of the list */ - for (lp = *list; lp->next; lp = lp->next); - back = lp; - } - fp = fopen(name, "r"); - if (!fp) - return EIO; - for (;;) { - entry = (krb5_keytab_entry *)malloc(sizeof (krb5_keytab_entry)); - if (!entry) { - retval = ENOMEM; - break; - } - memset((char *)entry, 0, sizeof (*entry)); - memset(sname, 0, sizeof (sname)); - memset(sinst, 0, sizeof (sinst)); - memset(srealm, 0, sizeof (srealm)); - if (!(getstr(fp, sname, SNAME_SZ) > 0 && - getstr(fp, sinst, INST_SZ) > 0 && - getstr(fp, srealm, REALM_SZ) > 0 && - fread(&kvno, 1, 1, fp) > 0 && - fread((char *)key, sizeof (key), 1, fp) > 0)) - break; - entry->magic = KV5M_KEYTAB_ENTRY; - entry->timestamp = 0; /* XXX */ - entry->vno = kvno; - retval = krb5_425_conv_principal(context, - sname, sinst, srealm, - &entry->principal); - if (retval) - break; - entry->key.magic = KV5M_KEYBLOCK; - entry->key.enctype = ENCTYPE_DES_CBC_CRC; - entry->key.length = sizeof (key); - entry->key.contents = (krb5_octet *)malloc(sizeof (key)); - if (!entry->key.contents) { - retval = ENOMEM; - break; - } - memcpy((char *)entry->key.contents, (char *)key, sizeof (key)); - if (!lp) { /* if list is empty, start one */ - lp = (krb5_kt_list)malloc(sizeof (*lp)); - if (!lp) { - retval = ENOMEM; - break; - } - } else { - lp->next = (krb5_kt_list)malloc(sizeof (*lp)); - if (!lp->next) { - retval = ENOMEM; - break; - } - lp = lp->next; - } - lp->next = NULL; - lp->entry = entry; - if (!tail) - tail = lp; - } - if (entry) { - if (entry->magic == KV5M_KEYTAB_ENTRY) - krb5_kt_free_entry(context, entry); - free((char *)entry); - } - if (retval) { - ktutil_free_kt_list(context, tail); - tail = NULL; - if (back) - back->next = NULL; - } - if (!*list) - *list = tail; - fclose(fp); - return retval; -} - -/* - * Writes a kt_list out to a krb4 srvtab file. Note that it first - * prunes the kt_list so that it won't contain any keys that are not - * the most recent, and ignores keys that are not ENCTYPE_DES. - */ -krb5_error_code ktutil_write_srvtab(context, list, name) - krb5_context context; - krb5_kt_list list; - char *name; -{ - krb5_kt_list lp, lp1, prev, pruned = NULL; - krb5_error_code retval = 0; - FILE *fp; - char sname[SNAME_SZ]; - char sinst[INST_SZ]; - char srealm[REALM_SZ]; - - /* First do heinous stuff to prune the list. */ - for (lp = list; lp; lp = lp->next) { - if ((lp->entry->key.enctype != ENCTYPE_DES_CBC_CRC) && - (lp->entry->key.enctype != ENCTYPE_DES_CBC_MD5) && - (lp->entry->key.enctype != ENCTYPE_DES_CBC_MD4) && - (lp->entry->key.enctype != ENCTYPE_DES_CBC_RAW)) - continue; + char *ktname; + krb5_error_code result; - for (lp1 = pruned; lp1; prev = lp1, lp1 = lp1->next) { - /* Hunt for the current principal in the pruned list */ - if (krb5_principal_compare(context, - lp->entry->principal, - lp1->entry->principal)) - break; - } - if (!lp1) { /* need to add entry to tail of pruned list */ - if (!pruned) { - pruned = (krb5_kt_list) malloc(sizeof (*pruned)); - if (!pruned) - return ENOMEM; - memset((char *) pruned, 0, sizeof(*pruned)); - lp1 = pruned; - } else { - prev->next - = (krb5_kt_list) malloc(sizeof (*pruned)); - if (!prev->next) { - retval = ENOMEM; - goto free_pruned; - } - memset((char *) prev->next, 0, sizeof(*pruned)); - lp1 = prev->next; - } - lp1->entry = lp->entry; - } else { - /* This heuristic should be roughly the same as in the - keytab-reading code in libkrb5. */ - int offset = 0; - if (lp1->entry->vno > 240 || lp->entry->vno > 240) { - offset = 128; - } -#define M(X) (((X) + offset) % 256) - if (M(lp1->entry->vno) < M(lp->entry->vno)) - /* Check if lp->entry is newer kvno; if so, update */ - lp1->entry = lp->entry; - } - } - umask(0077); /*Changing umask for all of ktutil is OK - * We don't ever write out anything that should use - * default umask.*/ - fp = fopen(name, "w"); - if (!fp) { - retval = EIO; - goto free_pruned; - } - for (lp = pruned; lp; lp = lp->next) { - unsigned char kvno; - kvno = (unsigned char) lp->entry->vno; - retval = krb5_524_conv_principal(context, - lp->entry->principal, - sname, sinst, srealm); - if (retval) - break; - fwrite(sname, strlen(sname) + 1, 1, fp); - fwrite(sinst, strlen(sinst) + 1, 1, fp); - fwrite(srealm, strlen(srealm) + 1, 1, fp); - fwrite((char *)&kvno, 1, 1, fp); - fwrite((char *)lp->entry->key.contents, - sizeof (des_cblock), 1, fp); - } - fclose(fp); - free_pruned: - /* - * Loop over and free the pruned list; don't use free_kt_list - * because that kills the entries. - */ - for (lp = pruned; lp;) { - prev = lp; - lp = lp->next; - free((char *)prev); - } - return retval; + if (asprintf(&ktname, "SRVTAB:%s", name) < 0) + return ENOMEM; + result = ktutil_read_keytab(context, ktname, list); + free(ktname); + return result; } -#endif /* KRB5_KRB4_COMPAT */ diff --git a/src/kadmin/passwd/Makefile.in b/src/kadmin/passwd/Makefile.in index 6a7aa1966c..e6469c85d5 100644 --- a/src/kadmin/passwd/Makefile.in +++ b/src/kadmin/passwd/Makefile.in @@ -24,34 +24,3 @@ $(PROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) clean:: $(RM) kpasswd_strings.c kpasswd_strings.h $(PROG) $(OBJS) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)tty_kpasswd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h kpasswd.h \ - kpasswd_strings.h tty_kpasswd.c -$(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h kpasswd.c \ - kpasswd.h kpasswd_strings.h -$(OUTPRE)kpasswd_strings.$(OBJEXT): $(COM_ERR_DEPS) \ - kpasswd_strings.c diff --git a/src/kadmin/passwd/deps b/src/kadmin/passwd/deps new file mode 100644 index 0000000000..ff09f598f5 --- /dev/null +++ b/src/kadmin/passwd/deps @@ -0,0 +1,26 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)tty_kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h kpasswd.h kpasswd_strings.h \ + tty_kpasswd.c +$(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h kpasswd.c kpasswd.h kpasswd_strings.h +$(OUTPRE)kpasswd_strings.$(OBJEXT): $(COM_ERR_DEPS) \ + kpasswd_strings.c diff --git a/src/kadmin/passwd/unit-test/deps b/src/kadmin/passwd/unit-test/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/kadmin/passwd/unit-test/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/kadmin/passwd/xm_kpasswd.c b/src/kadmin/passwd/xm_kpasswd.c index a55b052c37..2f0bdf9c22 100644 --- a/src/kadmin/passwd/xm_kpasswd.c +++ b/src/kadmin/passwd/xm_kpasswd.c @@ -116,7 +116,7 @@ motif_com_err (whoami, code, fmt, args) } if (fmt) { - vsprintf(buf + strlen(buf), fmt, args); + vsnprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), fmt, args); } XtVaSetValues(scroll_text, XmNvalue, buf, NULL); @@ -321,7 +321,7 @@ display_intro_message(fmt_string, arg_string) XmString xmstr; char buf[1024]; - sprintf(buf, fmt_string, arg_string); + snprintf(buf, sizeof(buf), fmt_string, arg_string); xmstr = XmStringCreateLtoR(buf, XmSTRING_DEFAULT_CHARSET); XtVaSetValues(main_lbl, XmNlabelString, xmstr, NULL); diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in index fc1e42cf55..21f3e7aeac 100644 --- a/src/kadmin/server/Makefile.in +++ b/src/kadmin/server/Makefile.in @@ -13,8 +13,8 @@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) PROG = kadmind -OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o ipropd_svc.o -SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c server_glue_v1.c ipropd_svc.c +OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o ipropd_svc.o network.o +SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c server_glue_v1.c ipropd_svc.c network.c all:: $(PROG) @@ -27,127 +27,3 @@ install:: clean:: $(RM) $(PROG) $(OBJS) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kadm_rpc_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h kadm_rpc_svc.c misc.h -$(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - $(BUILDTOP)/include/kadm5/server_acl.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h misc.h \ - server_stubs.c -$(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_acl.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ - $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_kt.h $(SRCTOP)/include/kdb_log.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/gssapi/generic/gssapiP_generic.h \ - $(SRCTOP)/lib/gssapi/generic/gssapi_generic.h $(SRCTOP)/lib/gssapi/krb5/gssapiP_krb5.h \ - misc.h ovsec_kadmd.c -$(OUTPRE)schpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h misc.h schpw.c -$(OUTPRE)misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h misc.c misc.h -$(OUTPRE)server_glue_v1.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h misc.h \ - server_glue_v1.c -$(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/lib/kadm5/srv/server_acl.h ipropd_svc.c misc.h diff --git a/src/kadmin/server/acls.l b/src/kadmin/server/acls.l deleted file mode 100644 index aee4801e99..0000000000 --- a/src/kadmin/server/acls.l +++ /dev/null @@ -1,190 +0,0 @@ -%{ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. - * - * $Id$ - * $Source$ - * - * $Log$ - * Revision 1.3 1996/07/22 20:28:49 marc - * this commit includes all the changes on the OV_9510_INTEGRATION and - * OV_MERGE branches. This includes, but is not limited to, the new openvision - * admin system, and major changes to gssapi to add functionality, and bring - * the implementation in line with rfc1964. before committing, the - * code was built and tested for netbsd and solaris. - * - * Revision 1.2.4.1 1996/07/18 03:03:31 marc - * merged in changes from OV_9510_BP to OV_9510_FINAL1 - * - * Revision 1.2.2.1 1996/06/20 21:56:31 marc - * File added to the repository on a branch - * - * Revision 1.2 1993/11/05 07:47:46 bjaspan - * add and use cmp_gss_names, fix regexp bug - * - * Revision 1.1 1993/11/05 07:08:48 bjaspan - * Initial revision - * - */ - -#if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header$"; -#endif - -enum tokens { - NEWLINE = 257, - COMMA, - SEMI, - - GET = 300, - ADD, - MODIFY, - DELETE, - - ID = 350, -}; - -typedef union { - char *s; -} toktype; - -toktype tokval; -int acl_lineno = 0; - -%} - -%% - -\n acl_lineno++; -[ \t]* ; -[ ]*#.* ; -"," return (COMMA); -";" return (SEMI); -"get" return (GET); -"add" return (ADD); -"modify" return (MODIFY); -"delete" return (DELETE); -^[^ \t\n]+ { tokval.s = yytext; return (ID); } - -%% - -#include -#include -#include -#include -#include - -typedef struct _entry { - gss_name_t gss_name; - char *name; - u_int privs; - struct _entry *next; -} acl_entry; - -static acl_entry *acl_head = NULL; - -static void error(char *msg); - -int parse_aclfile(FILE *acl_file) -{ - OM_uint32 gssstat, minor_stat; - gss_buffer_desc in_buf; - acl_entry *entry; - enum tokens tok; - - yyin = acl_file; - - acl_lineno = 1; - while ((tok = yylex()) != 0) { - if (tok != ID) { - error("expected identifier"); - goto error; - } - - entry = (acl_entry *) malloc(sizeof(acl_entry)); - if (entry == NULL) { - error("out of memory"); - goto error; - } - entry->name = strdup(tokval.s); - entry->privs = 0; - while (1) { - switch (tok = yylex()) { - case GET: - entry->privs |= OVSEC_KADM_PRIV_GET; - break; - case ADD: - entry->privs |= OVSEC_KADM_PRIV_ADD; - break; - case MODIFY: - entry->privs |= OVSEC_KADM_PRIV_MODIFY; - break; - case DELETE: - entry->privs |= OVSEC_KADM_PRIV_DELETE; - break; - default: - error("expected privilege"); - goto error; - } - tok = yylex(); - if (tok == COMMA) - continue; - else if (tok == SEMI) - break; - else { - error("expected comma or semicolon"); - goto error; - } - } - - in_buf.value = entry->name; - in_buf.length = strlen(entry->name) + 1; - gssstat = gss_import_name(&minor_stat, &in_buf, - gss_nt_krb5_name, &entry->gss_name); - if (gssstat != GSS_S_COMPLETE) { - error("invalid name"); - goto error; - } - - if (acl_head == NULL) { - entry->next = NULL; - acl_head = entry; - } else { - entry->next = acl_head; - acl_head = entry; - } - } - return 0; - -error: - return 1; -} - -int acl_check(gss_name_t caller, int priv) -{ - acl_entry *entry; - - entry = acl_head; - while (entry) { - if (cmp_gss_names(entry->gss_name, caller) && entry->privs & priv) - return 1; - entry = entry->next; - } - return 0; -} - -int cmp_gss_names(gss_name_t name1, gss_name_t name2) -{ - OM_uint32 minor_stat; - int eq; - (void) gss_compare_name(&minor_stat, name1, name2, &eq); - return eq; -} - -static void error(char *msg) -{ - syslog(LOG_ERR, "Error while parsing acl file, line %d: %s\n", - acl_lineno, msg); -} - -yywrap() { return(1); } diff --git a/src/kadmin/server/deps b/src/kadmin/server/deps new file mode 100644 index 0000000000..d1303b89cd --- /dev/null +++ b/src/kadmin/server/deps @@ -0,0 +1,143 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kadm_rpc_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h kadm_rpc_svc.c \ + misc.h +$(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_acl.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h misc.h server_stubs.c +$(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/kadm5/server_acl.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ + $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_kt.h \ + $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/lib/gssapi/generic/gssapiP_generic.h $(SRCTOP)/lib/gssapi/generic/gssapi_ext.h \ + $(SRCTOP)/lib/gssapi/generic/gssapi_generic.h $(SRCTOP)/lib/gssapi/krb5/gssapiP_krb5.h \ + misc.h ovsec_kadmd.c +$(OUTPRE)schpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h misc.h schpw.c +$(OUTPRE)misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_acl.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h misc.c misc.h +$(OUTPRE)server_glue_v1.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h misc.h server_glue_v1.c +$(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ + $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/lib/kadm5/srv/server_acl.h ipropd_svc.c misc.h +$(OUTPRE)network.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h misc.h network.c diff --git a/src/kadmin/server/ipropd_svc.c b/src/kadmin/server/ipropd_svc.c index 673d2a9af0..e00701b0ca 100644 --- a/src/kadmin/server/ipropd_svc.c +++ b/src/kadmin/server/ipropd_svc.c @@ -31,16 +31,15 @@ extern gss_name_t rqst2name(struct svc_req *rqstp); -extern int setup_gss_names(struct svc_req *, gss_buffer_desc *, - gss_buffer_desc *); -extern char *client_addr(struct svc_req *, char *); extern void *global_server_handle; extern int nofork; extern short l_port; static char abuf[33]; -char *client_addr(struct svc_req *svc, char *buf) { - return strcpy(buf, inet_ntoa(svc->rq_xprt->xp_raddr.sin_addr)); +/* Result is stored in a static buffer and is invalidated by the next call. */ +static const char *client_addr(struct svc_req *svc) { + strlcpy(abuf, inet_ntoa(svc->rq_xprt->xp_raddr.sin_addr), sizeof(abuf)); + return abuf; } static char *reply_ok_str = "UPDATE_OK"; @@ -51,10 +50,8 @@ static char *reply_nil_str = "UPDATE_NIL"; static char *reply_perm_str = "UPDATE_PERM_DENIED"; static char *reply_unknown_str = ""; -#define LOG_UNAUTH _("Unauthorized request: %s, %s, " \ - "client=%s, service=%s, addr=%s") -#define LOG_DONE _("Request: %s, %s, %s, client=%s, " \ - "service=%s, addr=%s") +#define LOG_UNAUTH _("Unauthorized request: %s, client=%s, service=%s, addr=%s") +#define LOG_DONE _("Request: %s, %s, %s, client=%s, service=%s, addr=%s") #ifdef DPRINT #undef DPRINT @@ -182,8 +179,8 @@ iprop_get_updates_1_svc(kdb_last_t *arg, struct svc_req *rqstp) ret.ret = UPDATE_PERM_DENIED; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami, - "", client_name, service_name, - client_addr(rqstp, abuf)); + client_name, service_name, + client_addr(rqstp)); goto out; } @@ -202,11 +199,13 @@ iprop_get_updates_1_svc(kdb_last_t *arg, struct svc_req *rqstp) (unsigned long)arg->last_sno); } - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, whoami, + krb5_klog_syslog(LOG_NOTICE, + _("Request: %s, %s, %s, client=%s, service=%s, addr=%s"), + whoami, obuf, ((kret == 0) ? "success" : error_message(kret)), client_name, service_name, - client_addr(rqstp, abuf)); + client_addr(rqstp)); out: if (nofork) @@ -222,16 +221,15 @@ out: * Return arg cl str ptr on success, else NULL. */ static char * -getclhoststr(char *clprinc, char *cl, int len) +getclhoststr(char *clprinc, char *cl, size_t len) { char *s; if ((s = strchr(clprinc, '/')) != NULL) { /* XXX "!++s"? */ if (!++s) return NULL; - if (strlen(s) >= len) + if (strlcpy(cl, s, len) >= len) return NULL; - strcpy(cl, s); /* XXX Copy with @REALM first, with bounds check, then chop off the realm?? */ if ((s = strchr(cl, '@')) != NULL) { @@ -301,8 +299,8 @@ iprop_full_resync_1_svc(/* LINTED */ void *argp, struct svc_req *rqstp) ret.ret = UPDATE_PERM_DENIED; krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, whoami, - "", client_name, service_name, - client_addr(rqstp, abuf)); + client_name, service_name, + client_addr(rqstp)); goto out; } @@ -327,8 +325,8 @@ iprop_full_resync_1_svc(/* LINTED */ void *argp, struct svc_req *rqstp) * note the -i; modified version of kdb5_util dump format * to include sno (serial number) */ - if (asprintf(&ubuf, "%s dump -i %s", KPROPD_DEFAULT_KDB5_UTIL, - tmpf) < 0) { + if (asprintf(&ubuf, "%s dump -i %s &1", + KPROPD_DEFAULT_KDB5_UTIL, tmpf) < 0) { krb5_klog_syslog(LOG_ERR, _("%s: cannot construct kdb5 util dump string too long; out of memory"), whoami); @@ -403,11 +401,11 @@ iprop_full_resync_1_svc(/* LINTED */ void *argp, struct svc_req *rqstp) ret.lastentry.last_time.seconds = 0; ret.lastentry.last_time.useconds = 0; - krb5_klog_syslog(LOG_NOTICE, LOG_DONE, whoami, - "", - "success", + krb5_klog_syslog(LOG_NOTICE, + _("Request: %s, spawned resync process %d, client=%s, service=%s, addr=%s"), + whoami, fret, client_name, service_name, - client_addr(rqstp, abuf)); + client_addr(rqstp)); goto out; } @@ -601,12 +599,10 @@ kiprop_get_adm_host_srv_name(krb5_context context, if (ret = kadm5_get_master(context, realm, &host)) return (ret); - name = malloc(strlen(KIPROP_SVC_NAME)+ strlen(host) + 2); - if (name == NULL) { + if (asprintf(&name, "%s@%s", KIPROP_SVC_NAME, host) < 0) { free(host); return (ENOMEM); } - (void) sprintf(name, "%s@%s", KIPROP_SVC_NAME, host); free(host); *host_service_name = name; diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c index c56eedd0b8..cba42a48cd 100644 --- a/src/kadmin/server/kadm_rpc_svc.c +++ b/src/kadmin/server/kadm_rpc_svc.c @@ -25,8 +25,6 @@ extern void *global_server_handle; static int check_rpcsec_auth(struct svc_req *); -void log_badauth(OM_uint32 major, OM_uint32 minor, - struct sockaddr_in *addr, char *data); /* * Function: kadm_1 * diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index 06e3cdb615..1725fbf7d7 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -6,6 +6,7 @@ #include #include #include +#include #include "misc.h" /* @@ -95,19 +96,61 @@ randkey_principal_wrapper_3(void *server_handle, } kadm5_ret_t -schpw_util_wrapper(void *server_handle, krb5_principal princ, +schpw_util_wrapper(void *server_handle, + krb5_principal client, + krb5_principal target, + krb5_boolean initial_flag, char *new_pw, char **ret_pw, char *msg_ret, unsigned int msg_len) { - kadm5_ret_t ret; + kadm5_ret_t ret; + kadm5_server_handle_t handle = server_handle; + krb5_boolean access_granted; + krb5_boolean self; + + /* + * If no target is explicitly provided, then the target principal + * is the client principal. + */ + if (target == NULL) + target = client; + + /* + * A principal can always change its own password, as long as it + * has an initial ticket and meets the minimum password lifetime + * requirement. + */ + self = krb5_principal_compare(handle->context, client, target); + if (self) { + ret = check_min_life(server_handle, target, msg_ret, msg_len); + if (ret != 0) + return ret; - ret = check_min_life(server_handle, princ, msg_ret, msg_len); - if (ret) - return ret; + access_granted = initial_flag; + } else + access_granted = FALSE; + + if (!access_granted && + kadm5int_acl_check_krb(handle->context, client, + ACL_CHANGEPW, target, NULL)) { + /* + * Otherwise, principals with appropriate privileges can change + * any password + */ + access_granted = TRUE; + } + + if (access_granted) { + ret = kadm5_chpass_principal_util(server_handle, + target, + new_pw, ret_pw, + msg_ret, msg_len); + } else { + ret = KADM5_AUTH_CHANGEPW; + strlcpy(msg_ret, "Unauthorized request", msg_len); + } - return kadm5_chpass_principal_util(server_handle, princ, - new_pw, ret_pw, - msg_ret, msg_len); + return ret; } kadm5_ret_t diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h index 74d703c4ad..b8aef57f10 100644 --- a/src/kadmin/server/misc.h +++ b/src/kadmin/server/misc.h @@ -3,6 +3,23 @@ * */ +#ifndef _MISC_H +#define _MISC_H 1 + +typedef struct _krb5_fulladdr { + krb5_address * address; + krb5_ui_4 port; +} krb5_fulladdr; + +void +log_badauth(OM_uint32 major, OM_uint32 minor, + struct sockaddr_in *addr, char *data); + +int +setup_gss_names(struct svc_req *, gss_buffer_desc *, + gss_buffer_desc *); + + kadm5_ret_t chpass_principal_wrapper_3(void *server_handle, krb5_principal principal, @@ -20,7 +37,8 @@ randkey_principal_wrapper_3(void *server_handle, krb5_keyblock **keys, int *n_keys); kadm5_ret_t -schpw_util_wrapper(void *server_handle, krb5_principal princ, +schpw_util_wrapper(void *server_handle, krb5_principal client, + krb5_principal target, krb5_boolean initial_flag, char *new_pw, char **ret_pw, char *msg_ret, unsigned int msg_len); @@ -37,17 +55,43 @@ kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name, krb5_error_code process_chpw_request(krb5_context context, void *server_handle, - char *realm, int s, + char *realm, krb5_keytab keytab, - struct sockaddr_in *sockin, + krb5_fulladdr *local_faddr, + krb5_fulladdr *remote_faddr, krb5_data *req, krb5_data *rep); -#ifdef SVC_GETARGS -void kadm_1(struct svc_req *, SVCXPRT *); -#endif +void kadm_1(struct svc_req *, SVCXPRT *); +void krb5_iprop_prog_1(struct svc_req *, SVCXPRT *); void trunc_name(size_t *len, char **dots); int gss_to_krb5_name_1(struct svc_req *rqstp, krb5_context ctx, gss_name_t gss_name, krb5_principal *princ, gss_buffer_t gss_str); + + +extern volatile int signal_request_exit; +extern volatile int signal_request_hup; + +void reset_db(void); + +void log_badauth(OM_uint32 major, OM_uint32 minor, + struct sockaddr_in *addr, char *data); + +/* network.c */ +krb5_error_code setup_network(void *handle, const char *prog); +krb5_error_code listen_and_process(void *handle, const char *prog); +krb5_error_code closedown_network(void *handle, const char *prog); + + +void +krb5_iprop_prog_1(struct svc_req *rqstp, SVCXPRT *transp); + +kadm5_ret_t +kiprop_get_adm_host_srv_name(krb5_context, + const char *, + char **); + + +#endif /* _MISC_H */ diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c new file mode 100644 index 0000000000..d0f8afab89 --- /dev/null +++ b/src/kadmin/server/network.c @@ -0,0 +1,2020 @@ +/* + * kadmin/server/network.c + * + * Copyright 1990,2000,2007,2008 by the Massachusetts Institute of Technology. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Network code for Kerberos v5 kadmin server (based on KDC code). + */ + +#include "k5-int.h" +#include "com_err.h" +#include "kadm5/admin.h" +#include "kadm5/server_internal.h" +#include "kadm5/kadm_rpc.h" +#include "iprop.h" +#include "adm_proto.h" +#include "misc.h" +#include +#include + +#include +#include +#include "port-sockets.h" +#include "socket-utils.h" + +#ifdef HAVE_NETINET_IN_H +#include +#include +#include +#ifdef HAVE_SYS_SOCKIO_H +/* for SIOCGIFCONF, etc. */ +#include +#endif +#include +#if HAVE_SYS_SELECT_H +#include +#endif +#include + +#ifndef ARPHRD_ETHER /* OpenBSD breaks on multiple inclusions */ +#include +#endif + +#ifdef HAVE_SYS_FILIO_H +#include /* FIONBIO */ +#endif + +#include "fake-addrinfo.h" + +/* XXX */ +#define KDC5_NONET (-1779992062L) + +/* Misc utility routines. */ +static void +set_sa_port(struct sockaddr *addr, int port) +{ + switch (addr->sa_family) { + case AF_INET: + sa2sin(addr)->sin_port = port; + break; +#ifdef KRB5_USE_INET6 + case AF_INET6: + sa2sin6(addr)->sin6_port = port; + break; +#endif + default: + break; + } +} + +static int ipv6_enabled() +{ +#ifdef KRB5_USE_INET6 + static int result = -1; + if (result == -1) { + int s; + s = socket(AF_INET6, SOCK_STREAM, 0); + if (s >= 0) { + result = 1; + close(s); + } else + result = 0; + } + return result; +#else + return 0; +#endif +} + +static int +setreuseaddr(int sock, int value) +{ + return setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &value, sizeof(value)); +} + +#if defined(KRB5_USE_INET6) && defined(IPV6_V6ONLY) +static int +setv6only(int sock, int value) +{ + return setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &value, sizeof(value)); +} +#endif + +/* Use RFC 3542 API below, but fall back from IPV6_RECVPKTINFO to + IPV6_PKTINFO for RFC 2292 implementations. */ +#ifndef IPV6_RECVPKTINFO +#define IPV6_RECVPKTINFO IPV6_PKTINFO +#endif +/* Parallel, though not standardized. */ +#ifndef IP_RECVPKTINFO +#define IP_RECVPKTINFO IP_PKTINFO +#endif + +static int +set_pktinfo(int sock, int family) +{ + int sockopt = 1; + int option = 0, proto = 0; + + switch (family) { +#if defined(IP_PKTINFO) && defined(HAVE_STRUCT_IN_PKTINFO) + case AF_INET: + proto = IPPROTO_IP; + option = IP_RECVPKTINFO; + break; +#endif +#if defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO) + case AF_INET6: + proto = IPPROTO_IPV6; + option = IPV6_RECVPKTINFO; + break; +#endif + default: + return EINVAL; + } + if (setsockopt(sock, proto, option, &sockopt, sizeof(sockopt))) + return errno; + return 0; +} + + +static const char *paddr (struct sockaddr *sa) +{ + static char buf[100]; + char portbuf[10]; + if (getnameinfo(sa, socklen(sa), + buf, sizeof(buf), portbuf, sizeof(portbuf), + NI_NUMERICHOST|NI_NUMERICSERV)) + strlcpy(buf, "", sizeof(buf)); + else { + unsigned int len = sizeof(buf) - strlen(buf); + char *p = buf + strlen(buf); + if (len > 2+strlen(portbuf)) { + *p++ = '.'; + len--; + strncpy(p, portbuf, len); + } + } + return buf; +} + +/* kadmin data. */ + +enum kadm_conn_type { CONN_UDP, CONN_UDP_PKTINFO, CONN_TCP_LISTENER, + CONN_TCP, CONN_ROUTING, CONN_RPC_LISTENER, CONN_RPC }; + +/* Per-connection info. */ +struct connection { + int fd; + enum kadm_conn_type type; + void (*service)(void *handle, struct connection *, const char *, int); + union { + /* Type-specific information. */ + struct { + /* connection */ + struct sockaddr_storage addr_s; + socklen_t addrlen; + char addrbuf[56]; + krb5_fulladdr faddr; + krb5_address kaddr; + /* incoming */ + size_t bufsiz; + size_t offset; + char *buffer; + size_t msglen; + /* outgoing */ + krb5_data *response; + unsigned char lenbuf[4]; + sg_buf sgbuf[2]; + sg_buf *sgp; + int sgnum; + /* crude denial-of-service avoidance support */ + time_t start_time; + } tcp; + struct { + SVCXPRT *transp; + } rpc; + } u; +}; + + +#define SET(TYPE) struct { TYPE *data; int n, max; } + +/* Start at the top and work down -- this should allow for deletions + without disrupting the iteration, since we delete by overwriting + the element to be removed with the last element. */ +#define FOREACH_ELT(set,idx,vvar) \ + for (idx = set.n-1; idx >= 0 && (vvar = set.data[idx], 1); idx--) + +#define GROW_SET(set, incr, tmpptr) \ + (((int)(set.max + incr) < set.max \ + || (((size_t)((int)(set.max + incr) * sizeof(set.data[0])) \ + / sizeof(set.data[0])) \ + != (set.max + incr))) \ + ? 0 /* overflow */ \ + : ((tmpptr = realloc(set.data, \ + (int)(set.max + incr) * sizeof(set.data[0]))) \ + ? (set.data = tmpptr, set.max += incr, 1) \ + : 0)) + +/* 1 = success, 0 = failure */ +#define ADD(set, val, tmpptr) \ + ((set.n < set.max || GROW_SET(set, 10, tmpptr)) \ + ? (set.data[set.n++] = val, 1) \ + : 0) + +#define DEL(set, idx) \ + (set.data[idx] = set.data[--set.n], 0) + +#define FREE_SET_DATA(set) \ + (free(set.data), set.data = 0, set.max = 0, set.n = 0) + + +/* Set connections; */ +static SET(struct connection *) connections; +#define n_sockets connections.n +#define conns connections.data + +/* Set udp_port_data, tcp_port_data; */ +static SET(u_short) udp_port_data, tcp_port_data; + +struct rpc_svc_data { + u_short port; + u_long prognum; + u_long versnum; + void (*dispatch)(); +}; + +static SET(struct rpc_svc_data) rpc_svc_data; + +#include "cm.h" + +static struct select_state sstate; +static fd_set rpc_listenfds; + +static krb5_error_code add_udp_port(int port) +{ + int i; + void *tmp; + u_short val; + u_short s_port = port; + + if (s_port != port) + return EINVAL; + + FOREACH_ELT (udp_port_data, i, val) + if (s_port == val) + return 0; + if (!ADD(udp_port_data, s_port, tmp)) + return ENOMEM; + return 0; +} + +static krb5_error_code add_tcp_port(int port) +{ + int i; + void *tmp; + u_short val; + u_short s_port = port; + + if (s_port != port) + return EINVAL; + + FOREACH_ELT (tcp_port_data, i, val) + if (s_port == val) + return 0; + if (!ADD(tcp_port_data, s_port, tmp)) + return ENOMEM; + return 0; +} + +static krb5_error_code add_rpc_service(int port, u_long prognum, u_long versnum, + void (*dispatch)()) +{ + int i; + void *tmp; + struct rpc_svc_data svc, val; + + svc.port = port; + if (svc.port != port) + return EINVAL; + svc.prognum = prognum; + svc.versnum = versnum; + svc.dispatch = dispatch; + + FOREACH_ELT (rpc_svc_data, i, val) { + if (val.port == port) + return 0; + } + if (!ADD(rpc_svc_data, svc, tmp)) + return ENOMEM; + return 0; +} + + +#define USE_AF AF_INET +#define USE_TYPE SOCK_DGRAM + + +#define USE_AF AF_INET +#define USE_TYPE SOCK_DGRAM +#define USE_PROTO 0 +#define SOCKET_ERRNO errno +#include "foreachaddr.h" + +struct socksetup { + const char *prog; + krb5_error_code retval; + int udp_flags; +#define UDP_DO_IPV4 1 +#define UDP_DO_IPV6 2 +}; + +static struct connection * +add_fd (struct socksetup *data, int sock, enum kadm_conn_type conntype, + void (*service)(void *handle, struct connection *, const char *, int)) +{ + struct connection *newconn; + void *tmp; + +#ifndef _WIN32 + if (sock >= FD_SETSIZE) { + data->retval = EMFILE; /* XXX */ + com_err(data->prog, 0, + "file descriptor number %d too high", sock); + return 0; + } +#endif + newconn = (struct connection *)malloc(sizeof(*newconn)); + if (newconn == NULL) { + data->retval = ENOMEM; + com_err(data->prog, ENOMEM, + "cannot allocate storage for connection info"); + return 0; + } + if (!ADD(connections, newconn, tmp)) { + data->retval = ENOMEM; + com_err(data->prog, ENOMEM, "cannot save socket info"); + free(newconn); + return 0; + } + + memset(newconn, 0, sizeof(*newconn)); + newconn->type = conntype; + newconn->fd = sock; + newconn->service = service; + return newconn; +} + +static void process_packet(void *handle, struct connection *, const char *, int); +static void accept_tcp_connection(void *handle, struct connection *, const char *, int); +static void process_tcp_connection(void *handle, struct connection *, const char *, int); +static void accept_rpc_connection(void *handle, struct connection *, const char *, int); +static void process_rpc_connection(void *handle, struct connection *, const char *, int); + +static struct connection * +add_udp_fd (struct socksetup *data, int sock, int pktinfo) +{ + return add_fd(data, sock, pktinfo ? CONN_UDP_PKTINFO : CONN_UDP, + process_packet); +} + +static struct connection * +add_tcp_listener_fd (struct socksetup *data, int sock) +{ + return add_fd(data, sock, CONN_TCP_LISTENER, accept_tcp_connection); +} + +static struct connection * +add_tcp_data_fd (struct socksetup *data, int sock) +{ + return add_fd(data, sock, CONN_TCP, process_tcp_connection); +} + +static void +delete_fd (struct connection *xconn) +{ + struct connection *conn; + int i; + + FOREACH_ELT(connections, i, conn) + if (conn == xconn) { + DEL(connections, i); + break; + } + free(xconn); +} + +static struct connection * +add_rpc_listener_fd (struct socksetup *data, struct rpc_svc_data *svc, int sock) +{ + struct connection *conn; + + conn = add_fd(data, sock, CONN_RPC_LISTENER, accept_rpc_connection); + if (conn == NULL) + return NULL; + + conn->u.rpc.transp = svctcp_create(sock, 0, 0); + if (conn->u.rpc.transp == NULL) { + krb5_klog_syslog(LOG_ERR, "Cannot create RPC service: %s; continuing", + strerror(errno)); + delete_fd(conn); + return NULL; + } + + if (!svc_register(conn->u.rpc.transp, svc->prognum, svc->versnum, + svc->dispatch, 0)) { + krb5_klog_syslog(LOG_ERR, "Cannot register RPC service: %s; continuing", + strerror(errno)); + delete_fd(conn); + return NULL; + } + + return conn; +} + +static struct connection * +add_rpc_data_fd (struct socksetup *data, int sock) +{ + return add_fd(data, sock, CONN_RPC, process_rpc_connection); +} + +static const int one = 1; + +static int +setnbio(int sock) +{ + return ioctlsocket(sock, FIONBIO, (const void *)&one); +} + +static int +setkeepalive(int sock) +{ + return setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one)); +} + +static int +setnolinger(int s) +{ + static const struct linger ling = { 0, 0 }; + return setsockopt(s, SOL_SOCKET, SO_LINGER, &ling, sizeof(ling)); +} + +/* Returns -1 or socket fd. */ +static int +setup_a_tcp_listener(struct socksetup *data, struct sockaddr *addr) +{ + int sock; + + sock = socket(addr->sa_family, SOCK_STREAM, 0); + if (sock == -1) { + com_err(data->prog, errno, "Cannot create TCP server socket on %s", + paddr(addr)); + return -1; + } + set_cloexec_fd(sock); +#ifndef _WIN32 + if (sock >= FD_SETSIZE) { + close(sock); + com_err(data->prog, 0, "TCP socket fd number %d (for %s) too high", + sock, paddr(addr)); + return -1; + } +#endif + if (setreuseaddr(sock, 1) < 0) + com_err(data->prog, errno, + "Cannot enable SO_REUSEADDR on fd %d", sock); +#ifdef KRB5_USE_INET6 + if (addr->sa_family == AF_INET6) { +#ifdef IPV6_V6ONLY + if (setv6only(sock, 1)) + com_err(data->prog, errno, "setsockopt(%d,IPV6_V6ONLY,1) failed", + sock); + else + com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", + sock); +#else + krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support"); +#endif /* IPV6_V6ONLY */ + } +#endif /* KRB5_USE_INET6 */ + if (bind(sock, addr, socklen(addr)) == -1) { + com_err(data->prog, errno, + "Cannot bind TCP server socket on %s", paddr(addr)); + close(sock); + return -1; + } + if (listen(sock, 5) < 0) { + com_err(data->prog, errno, "Cannot listen on TCP server socket on %s", + paddr(addr)); + close(sock); + return -1; + } + if (setnbio(sock)) { + com_err(data->prog, errno, + "cannot set listening tcp socket on %s non-blocking", + paddr(addr)); + close(sock); + return -1; + } + if (setnolinger(sock)) { + com_err(data->prog, errno, "disabling SO_LINGER on TCP socket on %s", + paddr(addr)); + close(sock); + return -1; + } + return sock; +} + +/* Returns -1 or socket fd. */ +static int +setup_a_rpc_listener(struct socksetup *data, struct sockaddr *addr) +{ + int sock; + + sock = socket(addr->sa_family, SOCK_STREAM, 0); + if (sock == -1) { + com_err(data->prog, errno, "Cannot create RPC server socket on %s", + paddr(addr)); + return -1; + } + set_cloexec_fd(sock); +#ifndef _WIN32 + if (sock >= FD_SETSIZE) { + close(sock); + com_err(data->prog, 0, "RPC socket fd number %d (for %s) too high", + sock, paddr(addr)); + return -1; + } +#endif + if (setreuseaddr(sock, 1) < 0) + com_err(data->prog, errno, + "Cannot enable SO_REUSEADDR on fd %d", sock); + if (bind(sock, addr, socklen(addr)) == -1) { + com_err(data->prog, errno, + "Cannot bind RPC server socket on %s", paddr(addr)); + close(sock); + return -1; + } + return sock; +} + +static int +setup_tcp_listener_ports(struct socksetup *data) +{ + struct sockaddr_in sin4; +#ifdef KRB5_USE_INET6 + struct sockaddr_in6 sin6; +#endif + int i, port; + + memset(&sin4, 0, sizeof(sin4)); + sin4.sin_family = AF_INET; +#ifdef HAVE_SA_LEN + sin4.sin_len = sizeof(sin4); +#endif + sin4.sin_addr.s_addr = INADDR_ANY; + +#ifdef KRB5_USE_INET6 + memset(&sin6, 0, sizeof(sin6)); + sin6.sin6_family = AF_INET6; +#ifdef SIN6_LEN + sin6.sin6_len = sizeof(sin6); +#endif + sin6.sin6_addr = in6addr_any; +#endif + + FOREACH_ELT (tcp_port_data, i, port) { + int s4, s6; + + set_sa_port((struct sockaddr *)&sin4, htons(port)); + if (!ipv6_enabled()) { + s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4); + if (s4 < 0) + return -1; + s6 = -1; + } else { +#ifndef KRB5_USE_INET6 + abort(); +#else + s4 = s6 = -1; + + set_sa_port((struct sockaddr *)&sin6, htons(port)); + + s6 = setup_a_tcp_listener(data, (struct sockaddr *)&sin6); + if (s6 < 0) + return -1; + + s4 = setup_a_tcp_listener(data, (struct sockaddr *)&sin4); +#endif /* KRB5_USE_INET6 */ + } + + /* Sockets are created, prepare to listen on them. */ + if (s4 >= 0) { + if (add_tcp_listener_fd(data, s4) == NULL) + close(s4); + else { + FD_SET(s4, &sstate.rfds); + if (s4 >= sstate.max) + sstate.max = s4 + 1; + krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", + s4, paddr((struct sockaddr *)&sin4)); + } + } +#ifdef KRB5_USE_INET6 + if (s6 >= 0) { + if (add_tcp_listener_fd(data, s6) == NULL) { + close(s6); + s6 = -1; + } else { + FD_SET(s6, &sstate.rfds); + if (s6 >= sstate.max) + sstate.max = s6 + 1; + krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", + s6, paddr((struct sockaddr *)&sin6)); + } + if (s4 < 0) + krb5_klog_syslog(LOG_INFO, + "assuming IPv6 socket accepts IPv4"); + } +#endif + } + return 0; +} + +static int +setup_rpc_listener_ports(struct socksetup *data) +{ + struct sockaddr_in sin4; + int i; + struct rpc_svc_data svc; + + memset(&sin4, 0, sizeof(sin4)); + sin4.sin_family = AF_INET; +#ifdef HAVE_SA_LEN + sin4.sin_len = sizeof(sin4); +#endif + sin4.sin_addr.s_addr = INADDR_ANY; + + FOREACH_ELT (rpc_svc_data, i, svc) { + int s4; + + set_sa_port((struct sockaddr *)&sin4, htons(svc.port)); + s4 = setup_a_rpc_listener(data, (struct sockaddr *)&sin4); + if (s4 < 0) + return -1; + else { + if (add_rpc_listener_fd(data, &svc, s4) == NULL) + close(s4); + else { + FD_SET(s4, &sstate.rfds); + if (s4 >= sstate.max) + sstate.max = s4 + 1; + krb5_klog_syslog(LOG_INFO, "listening on fd %d: rpc %s", + s4, paddr((struct sockaddr *)&sin4)); + } + } + } + FD_ZERO(&rpc_listenfds); + rpc_listenfds = svc_fdset; + return 0; +} + +#if defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) && (defined(IP_PKTINFO) || defined(IPV6_PKTINFO)) +union pktinfo { +#ifdef HAVE_STRUCT_IN6_PKTINFO + struct in6_pktinfo pi6; +#endif +#ifdef HAVE_STRUCT_IN_PKTINFO + struct in_pktinfo pi4; +#endif + char c; +}; + +static int +setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, + char *haddrbuf, int pktinfo); + +static void +setup_udp_pktinfo_ports(struct socksetup *data) +{ +#ifdef IP_PKTINFO + { + struct sockaddr_in sa; + int r; + + memset(&sa, 0, sizeof(sa)); + sa.sin_family = AF_INET; +#ifdef HAVE_SA_LEN + sa.sin_len = sizeof(sa); +#endif + r = setup_udp_port_1(data, (struct sockaddr *) &sa, "0.0.0.0", 4); + if (r == 0) + data->udp_flags &= ~UDP_DO_IPV4; + } +#endif +#ifdef IPV6_PKTINFO + { + struct sockaddr_in6 sa; + int r; + + memset(&sa, 0, sizeof(sa)); + sa.sin6_family = AF_INET6; +#ifdef HAVE_SA_LEN + sa.sin6_len = sizeof(sa); +#endif + r = setup_udp_port_1(data, (struct sockaddr *) &sa, "::", 6); + if (r == 0) + data->udp_flags &= ~UDP_DO_IPV6; + } +#endif +} +#else /* no pktinfo compile-time support */ +static void +setup_udp_pktinfo_ports(struct socksetup *data) +{ +} +#endif + +static int +setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, + char *haddrbuf, int pktinfo) +{ + int sock = -1, i, r; + u_short port; + + FOREACH_ELT (udp_port_data, i, port) { + sock = socket (addr->sa_family, SOCK_DGRAM, 0); + if (sock == -1) { + data->retval = errno; + com_err(data->prog, data->retval, + "Cannot create server socket for port %d address %s", + port, haddrbuf); + return 1; + } + set_cloexec_fd(sock); +#ifdef KRB5_USE_INET6 + if (addr->sa_family == AF_INET6) { +#ifdef IPV6_V6ONLY + if (setv6only(sock, 1)) + com_err(data->prog, errno, + "setsockopt(%d,IPV6_V6ONLY,1) failed", sock); + else + com_err(data->prog, 0, "setsockopt(%d,IPV6_V6ONLY,1) worked", + sock); +#else + krb5_klog_syslog(LOG_INFO, "no IPV6_V6ONLY socket option support"); +#endif /* IPV6_V6ONLY */ + } +#endif + set_sa_port(addr, htons(port)); + if (bind (sock, (struct sockaddr *)addr, socklen (addr)) == -1) { + data->retval = errno; + com_err(data->prog, data->retval, + "Cannot bind server socket to port %d address %s", + port, haddrbuf); + close(sock); + return 1; + } +#if !(defined(CMSG_SPACE) && defined(HAVE_STRUCT_CMSGHDR) && (defined(IP_PKTINFO) || defined(IPV6_PKTINFO))) + assert(pktinfo == 0); +#endif + if (pktinfo) { + r = set_pktinfo(sock, addr->sa_family); + if (r) { + com_err(data->prog, r, + "Cannot request packet info for udp socket address %s port %d", + haddrbuf, port); + close(sock); + return 1; + } + } + krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock, + paddr((struct sockaddr *)addr), + pktinfo ? " (pktinfo)" : ""); + if (add_udp_fd (data, sock, pktinfo) == 0) { + close(sock); + return 1; + } + FD_SET (sock, &sstate.rfds); + if (sock >= sstate.max) + sstate.max = sock + 1; + } + return 0; +} + +static int +setup_udp_port(void *P_data, struct sockaddr *addr) +{ + struct socksetup *data = P_data; + char haddrbuf[NI_MAXHOST]; + int err; + + if (addr->sa_family == AF_INET && !(data->udp_flags & UDP_DO_IPV4)) + return 0; +#ifdef AF_INET6 + if (addr->sa_family == AF_INET6 && !(data->udp_flags & UDP_DO_IPV6)) + return 0; +#endif + err = getnameinfo(addr, socklen(addr), haddrbuf, sizeof(haddrbuf), + 0, 0, NI_NUMERICHOST); + if (err) + strlcpy(haddrbuf, "", sizeof(haddrbuf)); + + switch (addr->sa_family) { + case AF_INET: + break; +#ifdef AF_INET6 + case AF_INET6: +#ifdef KRB5_USE_INET6 + break; +#else + { + static int first = 1; + if (first) { + krb5_klog_syslog (LOG_INFO, "skipping local ipv6 addresses"); + first = 0; + } + return 0; + } +#endif +#endif +#ifdef AF_LINK /* some BSD systems, AIX */ + case AF_LINK: + return 0; +#endif +#ifdef AF_DLI /* Direct Link Interface - DEC Ultrix/OSF1 link layer? */ + case AF_DLI: + return 0; +#endif +#ifdef AF_APPLETALK + case AF_APPLETALK: + return 0; +#endif + default: + krb5_klog_syslog (LOG_INFO, + "skipping unrecognized local address family %d", + addr->sa_family); + return 0; + } + return setup_udp_port_1(data, addr, haddrbuf, 0); +} + +#if 1 +static void klog_handler(const void *data, size_t len) +{ + static char buf[BUFSIZ]; + static int bufoffset; + void *p; + +#define flush_buf() \ + (bufoffset \ + ? (((buf[0] == 0 || buf[0] == '\n') \ + ? (fork()==0?abort():(void)0) \ + : (void)0), \ + krb5_klog_syslog(LOG_INFO, "%s", buf), \ + memset(buf, 0, sizeof(buf)), \ + bufoffset = 0) \ + : 0) + + p = memchr(data, 0, len); + if (p) + len = (const char *)p - (const char *)data; +scan_for_newlines: + if (len == 0) + return; + p = memchr(data, '\n', len); + if (p) { + if (p != data) + klog_handler(data, (size_t)((const char *)p - (const char *)data)); + flush_buf(); + len -= ((const char *)p - (const char *)data) + 1; + data = 1 + (const char *)p; + goto scan_for_newlines; + } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) { + size_t x = sizeof(buf) - len - 1; + klog_handler(data, x); + flush_buf(); + len -= x; + data = (const char *)data + x; + goto scan_for_newlines; + } else { + memcpy(buf + bufoffset, data, len); + bufoffset += len; + } +} +#endif + +static int network_reconfiguration_needed = 0; + +#ifdef HAVE_STRUCT_RT_MSGHDR +#include + +static char *rtm_type_name(int type) +{ + switch (type) { + case RTM_ADD: return "RTM_ADD"; + case RTM_DELETE: return "RTM_DELETE"; + case RTM_NEWADDR: return "RTM_NEWADDR"; + case RTM_DELADDR: return "RTM_DELADDR"; + case RTM_IFINFO: return "RTM_IFINFO"; + case RTM_OLDADD: return "RTM_OLDADD"; + case RTM_OLDDEL: return "RTM_OLDDEL"; + case RTM_RESOLVE: return "RTM_RESOLVE"; +#ifdef RTM_NEWMADDR + case RTM_NEWMADDR: return "RTM_NEWMADDR"; + case RTM_DELMADDR: return "RTM_DELMADDR"; +#endif + case RTM_MISS: return "RTM_MISS"; + case RTM_REDIRECT: return "RTM_REDIRECT"; + case RTM_LOSING: return "RTM_LOSING"; + case RTM_GET: return "RTM_GET"; + default: return "?"; + } +} + +static void process_routing_update(void *handle, struct connection *conn, + const char *prog, int selflags) +{ + int n_read; + struct rt_msghdr rtm; + + krb5_klog_syslog(LOG_INFO, "routing socket readable"); + while ((n_read = read(conn->fd, &rtm, sizeof(rtm))) > 0) { + if (n_read < sizeof(rtm)) { + /* Quick hack to figure out if the interesting + fields are present in a short read. + + A short read seems to be normal for some message types. + Only complain if we don't have the critical initial + header fields. */ +#define RS(FIELD) (offsetof(struct rt_msghdr, FIELD) + sizeof(rtm.FIELD)) + if (n_read < RS(rtm_type) || + n_read < RS(rtm_version) || + n_read < RS(rtm_msglen)) { + krb5_klog_syslog(LOG_ERR, + "short read (%d/%d) from routing socket", + n_read, (int) sizeof(rtm)); + return; + } + } + krb5_klog_syslog(LOG_INFO, + "got routing msg type %d(%s) v%d", + rtm.rtm_type, rtm_type_name(rtm.rtm_type), + rtm.rtm_version); + if (rtm.rtm_msglen > sizeof(rtm)) { + /* It appears we get a partial message and the rest is + thrown away? */ + } else if (rtm.rtm_msglen != n_read) { + krb5_klog_syslog(LOG_ERR, + "read %d from routing socket but msglen is %d", + n_read, rtm.rtm_msglen); + } + switch (rtm.rtm_type) { + case RTM_ADD: + case RTM_DELETE: + case RTM_NEWADDR: + case RTM_DELADDR: + case RTM_IFINFO: + case RTM_OLDADD: + case RTM_OLDDEL: + krb5_klog_syslog(LOG_INFO, "reconfiguration needed"); + network_reconfiguration_needed = 1; + break; + case RTM_RESOLVE: +#ifdef RTM_NEWMADDR + case RTM_NEWMADDR: + case RTM_DELMADDR: +#endif + case RTM_MISS: + case RTM_REDIRECT: + case RTM_LOSING: + case RTM_GET: + /* Not interesting. */ + krb5_klog_syslog(LOG_DEBUG, "routing msg not interesting"); + break; + default: + krb5_klog_syslog(LOG_INFO, "unhandled routing message type, will reconfigure just for the fun of it"); + network_reconfiguration_needed = 1; + break; + } + } +} + +static void +setup_routing_socket(struct socksetup *data) +{ + int sock = socket(PF_ROUTE, SOCK_RAW, 0); + if (sock < 0) { + int e = errno; + krb5_klog_syslog(LOG_INFO, "couldn't set up routing socket: %s", + strerror(e)); + } else { + krb5_klog_syslog(LOG_INFO, "routing socket is fd %d", sock); + add_fd(data, sock, CONN_ROUTING, process_routing_update); + setnbio(sock); + FD_SET(sock, &sstate.rfds); + } +} +#endif + +/* XXX */ +extern int krb5int_debug_sendto_kdc; +extern void (*krb5int_sendtokdc_debug_handler)(const void*, size_t); + +krb5_error_code +setup_network(void *handle, const char *prog) +{ + struct socksetup setup_data; + krb5_error_code retval; + kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; + + FD_ZERO(&sstate.rfds); + FD_ZERO(&sstate.wfds); + FD_ZERO(&sstate.xfds); + sstate.max = 0; + +/* krb5int_debug_sendto_kdc = 1; */ + krb5int_sendtokdc_debug_handler = klog_handler; + + retval = add_udp_port(server_handle->params.kpasswd_port); + if (retval) + return retval; + + retval = add_tcp_port(server_handle->params.kpasswd_port); + if (retval) + return retval; + + retval = add_rpc_service(server_handle->params.kadmind_port, + KADM, KADMVERS, + kadm_1); + if (retval) + return retval; + +#ifndef DISABLE_IPROP + if (server_handle->params.iprop_enabled) { + retval = add_rpc_service(server_handle->params.iprop_port, + KRB5_IPROP_PROG, KRB5_IPROP_VERS, + krb5_iprop_prog_1); + if (retval) + return retval; + } +#endif /* DISABLE_IPROP */ + + setup_data.prog = prog; + setup_data.retval = 0; + krb5_klog_syslog (LOG_INFO, "setting up network..."); +#ifdef HAVE_STRUCT_RT_MSGHDR + setup_routing_socket(&setup_data); +#endif + /* To do: Use RFC 2292 interface (or follow-on) and IPV6_PKTINFO, + so we might need only one UDP socket; fall back to binding + sockets on each address only if IPV6_PKTINFO isn't + supported. */ + setup_data.udp_flags = UDP_DO_IPV4 | UDP_DO_IPV6; + setup_udp_pktinfo_ports(&setup_data); + if (setup_data.udp_flags) { + if (foreach_localaddr (&setup_data, setup_udp_port, 0, 0)) { + return setup_data.retval; + } + } + setup_tcp_listener_ports(&setup_data); + setup_rpc_listener_ports(&setup_data); + krb5_klog_syslog (LOG_INFO, "set up %d sockets", n_sockets); + if (n_sockets == 0) { + com_err(prog, 0, "no sockets set up?"); + exit (1); + } + + return 0; +} + +static void init_addr(krb5_fulladdr *faddr, struct sockaddr *sa) +{ + switch (sa->sa_family) { + case AF_INET: + faddr->address->addrtype = ADDRTYPE_INET; + faddr->address->length = 4; + faddr->address->contents = (krb5_octet *) &sa2sin(sa)->sin_addr; + faddr->port = ntohs(sa2sin(sa)->sin_port); + break; +#ifdef KRB5_USE_INET6 + case AF_INET6: + if (IN6_IS_ADDR_V4MAPPED(&sa2sin6(sa)->sin6_addr)) { + faddr->address->addrtype = ADDRTYPE_INET; + faddr->address->length = 4; + faddr->address->contents = 12 + (krb5_octet *) &sa2sin6(sa)->sin6_addr; + } else { + faddr->address->addrtype = ADDRTYPE_INET6; + faddr->address->length = 16; + faddr->address->contents = (krb5_octet *) &sa2sin6(sa)->sin6_addr; + } + faddr->port = ntohs(sa2sin6(sa)->sin6_port); + break; +#endif + default: + faddr->address->addrtype = -1; + faddr->address->length = 0; + faddr->address->contents = 0; + faddr->port = 0; + break; + } +} + +static int +recv_from_to(int s, void *buf, size_t len, int flags, + struct sockaddr *from, socklen_t *fromlen, + struct sockaddr *to, socklen_t *tolen) +{ +#if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE) + if (to && tolen) + *tolen = 0; + return recvfrom(s, buf, len, flags, from, fromlen); +#else + int r; + struct iovec iov; + char cmsg[CMSG_SPACE(sizeof(union pktinfo))]; + struct cmsghdr *cmsgptr; + struct msghdr msg; + + if (!to || !tolen) + return recvfrom(s, buf, len, flags, from, fromlen); + + iov.iov_base = buf; + iov.iov_len = len; + memset(&msg, 0, sizeof(msg)); + msg.msg_name = from; + msg.msg_namelen = *fromlen; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = cmsg; + msg.msg_controllen = sizeof(cmsg); + + r = recvmsg(s, &msg, flags); + if (r < 0) + return r; + *fromlen = msg.msg_namelen; + + /* On Darwin (and presumably all *BSD with KAME stacks), + CMSG_FIRSTHDR doesn't check for a non-zero controllen. RFC + 3542 recommends making this check, even though the (new) spec + for CMSG_FIRSTHDR says it's supposed to do the check. */ + if (msg.msg_controllen) { + cmsgptr = CMSG_FIRSTHDR(&msg); + while (cmsgptr) { +#ifdef IP_PKTINFO + if (cmsgptr->cmsg_level == IPPROTO_IP + && cmsgptr->cmsg_type == IP_PKTINFO + && *tolen >= sizeof(struct sockaddr_in)) { + struct in_pktinfo *pktinfo; + memset(to, 0, sizeof(struct sockaddr_in)); + pktinfo = (struct in_pktinfo *)CMSG_DATA(cmsgptr); + ((struct sockaddr_in *)to)->sin_addr = pktinfo->ipi_addr; + ((struct sockaddr_in *)to)->sin_family = AF_INET; + *tolen = sizeof(struct sockaddr_in); + return r; + } +#endif +#if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO)&& defined(HAVE_STRUCT_IN6_PKTINFO) + if (cmsgptr->cmsg_level == IPPROTO_IPV6 + && cmsgptr->cmsg_type == IPV6_PKTINFO + && *tolen >= sizeof(struct sockaddr_in6)) { + struct in6_pktinfo *pktinfo; + memset(to, 0, sizeof(struct sockaddr_in6)); + pktinfo = (struct in6_pktinfo *)CMSG_DATA(cmsgptr); + ((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr; + ((struct sockaddr_in6 *)to)->sin6_family = AF_INET6; + *tolen = sizeof(struct sockaddr_in6); + return r; + } +#endif + cmsgptr = CMSG_NXTHDR(&msg, cmsgptr); + } + } + /* No info about destination addr was available. */ + *tolen = 0; + return r; +#endif +} + +static int +send_to_from(int s, void *buf, size_t len, int flags, + const struct sockaddr *to, socklen_t tolen, + const struct sockaddr *from, socklen_t fromlen) +{ +#if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE) + return sendto(s, buf, len, flags, to, tolen); +#else + struct iovec iov; + struct msghdr msg; + struct cmsghdr *cmsgptr; + char cbuf[CMSG_SPACE(sizeof(union pktinfo))]; + + if (from == 0 || fromlen == 0 || from->sa_family != to->sa_family) { + use_sendto: + return sendto(s, buf, len, flags, to, tolen); + } + + iov.iov_base = buf; + iov.iov_len = len; + /* Truncation? */ + if (iov.iov_len != len) + return EINVAL; + memset(cbuf, 0, sizeof(cbuf)); + memset(&msg, 0, sizeof(msg)); + msg.msg_name = (void *) to; + msg.msg_namelen = tolen; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = cbuf; + /* CMSG_FIRSTHDR needs a non-zero controllen, or it'll return NULL + on Linux. */ + msg.msg_controllen = sizeof(cbuf); + cmsgptr = CMSG_FIRSTHDR(&msg); + msg.msg_controllen = 0; + + switch (from->sa_family) { +#if defined(IP_PKTINFO) + case AF_INET: + if (fromlen != sizeof(struct sockaddr_in)) + goto use_sendto; + cmsgptr->cmsg_level = IPPROTO_IP; + cmsgptr->cmsg_type = IP_PKTINFO; + cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); + { + struct in_pktinfo *p = (struct in_pktinfo *)CMSG_DATA(cmsgptr); + const struct sockaddr_in *from4 = (const struct sockaddr_in *)from; + p->ipi_spec_dst = from4->sin_addr; + } + msg.msg_controllen = CMSG_SPACE(sizeof(struct in_pktinfo)); + break; +#endif +#if defined(KRB5_USE_INET6) && defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO) + case AF_INET6: + if (fromlen != sizeof(struct sockaddr_in6)) + goto use_sendto; + cmsgptr->cmsg_level = IPPROTO_IPV6; + cmsgptr->cmsg_type = IPV6_PKTINFO; + cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); + { + struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr); + const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from; + p->ipi6_addr = from6->sin6_addr; + } + msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo)); + break; +#endif + default: + goto use_sendto; + } + return sendmsg(s, &msg, flags); +#endif +} + +/* Dispatch routine for set/change password */ +static krb5_error_code +dispatch(void *handle, + struct sockaddr *local_saddr, krb5_fulladdr *remote_faddr, + krb5_data *request, krb5_data **response) +{ + krb5_error_code ret; + krb5_keytab kt = NULL; + kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; + krb5_fulladdr local_faddr; + krb5_address **local_kaddrs = NULL, local_kaddr_buf; + + *response = NULL; + + if (local_saddr == NULL) { + ret = krb5_os_localaddr(server_handle->context, &local_kaddrs); + if (ret != 0) + goto cleanup; + + local_faddr.address = local_kaddrs[0]; + local_faddr.port = 0; + } else { + local_faddr.address = &local_kaddr_buf; + init_addr(&local_faddr, local_saddr); + } + + ret = krb5_kt_resolve(server_handle->context, "KDB:", &kt); + if (ret != 0) { + krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s", + krb5_get_error_message(server_handle->context, ret)); + goto cleanup; + } + + *response = (krb5_data *)malloc(sizeof(krb5_data)); + if (*response == NULL) { + ret = ENOMEM; + goto cleanup; + } + + ret = process_chpw_request(server_handle->context, + handle, + server_handle->params.realm, + kt, + &local_faddr, + remote_faddr, + request, + *response); + +cleanup: + if (local_kaddrs != NULL) + krb5_free_addresses(server_handle->context, local_kaddrs); + + krb5_kt_close(server_handle->context, kt); + + return ret; +} + +static void process_packet(void *handle, + struct connection *conn, const char *prog, + int selflags) +{ + int cc; + socklen_t saddr_len, daddr_len; + krb5_fulladdr faddr; + krb5_error_code retval; + struct sockaddr_storage saddr, daddr; + krb5_address addr; + krb5_data request; + krb5_data *response; + char pktbuf[MAX_DGRAM_SIZE]; + int port_fd = conn->fd; + kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; + + response = NULL; + saddr_len = sizeof(saddr); + daddr_len = sizeof(daddr); + cc = recv_from_to(port_fd, pktbuf, sizeof(pktbuf), 0, + (struct sockaddr *)&saddr, &saddr_len, + (struct sockaddr *)&daddr, &daddr_len); + if (cc == -1) { + if (errno != EINTR + /* This is how Linux indicates that a previous + transmission was refused, e.g., if the client timed out + before getting the response packet. */ + && errno != ECONNREFUSED + ) + com_err(prog, errno, "while receiving from network"); + return; + } + if (!cc) + return; /* zero-length packet? */ + +#if 0 + if (daddr_len > 0) { + char addrbuf[100]; + if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf), + 0, 0, NI_NUMERICHOST)) + strlcpy(addrbuf, "?", sizeof(addrbuf)); + com_err(prog, 0, "pktinfo says local addr is %s", addrbuf); + } +#endif + + request.length = cc; + request.data = pktbuf; + faddr.address = &addr; + init_addr(&faddr, ss2sa(&saddr)); + /* this address is in net order */ + if ((retval = dispatch(handle, ss2sa(&daddr), &faddr, &request, &response))) { + com_err(prog, retval, "while dispatching (udp)"); + return; + } + if (response == NULL) + return; + cc = send_to_from(port_fd, response->data, (socklen_t) response->length, 0, + (struct sockaddr *)&saddr, saddr_len, + (struct sockaddr *)&daddr, daddr_len); + if (cc == -1) { + char addrbuf[46]; + krb5_free_data(server_handle->context, response); + if (inet_ntop(((struct sockaddr *)&saddr)->sa_family, + addr.contents, addrbuf, sizeof(addrbuf)) == 0) { + strlcpy(addrbuf, "?", sizeof(addrbuf)); + } + com_err(prog, errno, "while sending reply to %s/%d", + addrbuf, faddr.port); + return; + } + if (cc != response->length) { + com_err(prog, 0, "short reply write %d vs %d\n", + response->length, cc); + } + krb5_free_data(server_handle->context, response); + return; +} + +static int tcp_or_rpc_data_counter; +static int max_tcp_or_rpc_data_connections = 45; + +static void kill_tcp_or_rpc_connection(void *, struct connection *, int isForcedClose); + +static int kill_lru_tcp_or_rpc_connection(void *handle, struct connection *newconn) +{ + struct connection *oldest_tcp = NULL; + struct connection *c; + int i, fd = -1; + + krb5_klog_syslog(LOG_INFO, "too many connections"); + + FOREACH_ELT (connections, i, c) { + if (c->type != CONN_TCP && c->type != CONN_RPC) + continue; + if (c == newconn) + continue; +#if 0 + krb5_klog_syslog(LOG_INFO, "fd %d started at %ld", c->fd, + c->u.tcp.start_time); +#endif + if (oldest_tcp == NULL + || oldest_tcp->u.tcp.start_time > c->u.tcp.start_time) + oldest_tcp = c; + } + if (oldest_tcp != NULL) { + krb5_klog_syslog(LOG_INFO, "dropping %s fd %d from %s", + c->type == CONN_RPC ? "rpc" : "tcp", + oldest_tcp->fd, oldest_tcp->u.tcp.addrbuf); + fd = oldest_tcp->fd; + kill_tcp_or_rpc_connection(handle, oldest_tcp, 1); + } + return fd; +} + +static void accept_tcp_connection(void *handle, + struct connection *conn, const char *prog, + int selflags) +{ + int s; + struct sockaddr_storage addr_s; + struct sockaddr *addr = (struct sockaddr *)&addr_s; + socklen_t addrlen = sizeof(addr_s); + struct socksetup sockdata; + struct connection *newconn; + char tmpbuf[10]; + + s = accept(conn->fd, addr, &addrlen); + if (s < 0) + return; + set_cloexec_fd(s); +#ifndef _WIN32 + if (s >= FD_SETSIZE) { + close(s); + return; + } +#endif + setnbio(s), setnolinger(s), setkeepalive(s); + + sockdata.prog = prog; + sockdata.retval = 0; + + newconn = add_tcp_data_fd(&sockdata, s); + if (newconn == NULL) + return; + + if (getnameinfo((struct sockaddr *)&addr_s, addrlen, + newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf), + tmpbuf, sizeof(tmpbuf), + NI_NUMERICHOST | NI_NUMERICSERV)) + strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf)); + else { + char *p, *end; + p = newconn->u.tcp.addrbuf; + end = p + sizeof(newconn->u.tcp.addrbuf); + p += strlen(p); + if (end - p > 2 + strlen(tmpbuf)) { + *p++ = '.'; + strlcpy(p, tmpbuf, end - p); + } + } +#if 0 + krb5_klog_syslog(LOG_INFO, "accepted TCP connection on socket %d from %s", + s, newconn->u.tcp.addrbuf); +#endif + + newconn->u.tcp.addr_s = addr_s; + newconn->u.tcp.addrlen = addrlen; + newconn->u.tcp.bufsiz = 1024 * 1024; + newconn->u.tcp.buffer = malloc(newconn->u.tcp.bufsiz); + newconn->u.tcp.start_time = time(0); + + if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections) + kill_lru_tcp_or_rpc_connection(handle, newconn); + + if (newconn->u.tcp.buffer == 0) { + com_err(prog, errno, "allocating buffer for new TCP session from %s", + newconn->u.tcp.addrbuf); + delete_fd(newconn); + close(s); + tcp_or_rpc_data_counter--; + return; + } + newconn->u.tcp.offset = 0; + newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr; + init_addr(&newconn->u.tcp.faddr, ss2sa(&newconn->u.tcp.addr_s)); + SG_SET(&newconn->u.tcp.sgbuf[0], newconn->u.tcp.lenbuf, 4); + SG_SET(&newconn->u.tcp.sgbuf[1], 0, 0); + + FD_SET(s, &sstate.rfds); + if (sstate.max <= s) + sstate.max = s + 1; +} + +static void +kill_tcp_or_rpc_connection(void *handle, struct connection *conn, int isForcedClose) +{ + kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; + + assert(conn->type == CONN_TCP || conn->type == CONN_RPC); + assert(conn->fd != -1); + + if (conn->u.tcp.response) + krb5_free_data(server_handle->context, conn->u.tcp.response); + if (conn->u.tcp.buffer) + free(conn->u.tcp.buffer); + FD_CLR(conn->fd, &sstate.rfds); + FD_CLR(conn->fd, &sstate.wfds); + if (sstate.max == conn->fd + 1) + while (sstate.max > 0 + && ! FD_ISSET(sstate.max-1, &sstate.rfds) + && ! FD_ISSET(sstate.max-1, &sstate.wfds) + /* && ! FD_ISSET(sstate.max-1, &sstate.xfds) */ + ) + sstate.max--; + + /* In the non-forced case, the RPC runtime will close the descriptor for us */ + if (conn->type == CONN_TCP || isForcedClose) { + close(conn->fd); + } + + /* For RPC connections, call into RPC runtime to flush out any internal state */ + if (conn->type == CONN_RPC && isForcedClose) { + fd_set fds; + + FD_ZERO(&fds); + FD_SET(conn->fd, &fds); + + svc_getreqset(&fds); + + if (FD_ISSET(conn->fd, &svc_fdset)) { + krb5_klog_syslog(LOG_ERR, + "descriptor %d closed but still in svc_fdset", conn->fd); + } + } + + conn->fd = -1; + delete_fd(conn); + tcp_or_rpc_data_counter--; +} + +static krb5_error_code +make_toolong_error (void *handle, krb5_data **out) +{ + krb5_error errpkt; + krb5_error_code retval; + krb5_data *scratch; + kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; + + retval = krb5_us_timeofday(server_handle->context, &errpkt.stime, &errpkt.susec); + if (retval) + return retval; + errpkt.error = KRB_ERR_FIELD_TOOLONG; + retval = krb5_build_principal(server_handle->context, &errpkt.server, + strlen(server_handle->params.realm), + server_handle->params.realm, + "kadmin", "changepw", NULL); + if (retval) + return retval; + errpkt.client = NULL; + errpkt.cusec = 0; + errpkt.ctime = 0; + errpkt.text.length = 0; + errpkt.text.data = 0; + errpkt.e_data.length = 0; + errpkt.e_data.data = 0; + scratch = malloc(sizeof(*scratch)); + if (scratch == NULL) + return ENOMEM; + retval = krb5_mk_error(server_handle->context, &errpkt, scratch); + if (retval) { + free(scratch); + return retval; + } + + *out = scratch; + return 0; +} + +static void +queue_tcp_outgoing_response(struct connection *conn) +{ + store_32_be(conn->u.tcp.response->length, conn->u.tcp.lenbuf); + SG_SET(&conn->u.tcp.sgbuf[1], conn->u.tcp.response->data, + conn->u.tcp.response->length); + conn->u.tcp.sgp = conn->u.tcp.sgbuf; + conn->u.tcp.sgnum = 2; + FD_SET(conn->fd, &sstate.wfds); +} + +static void +process_tcp_connection(void *handle, + struct connection *conn, const char *prog, int selflags) +{ + int isForcedClose = 1; /* not used now, but for completeness */ + + if (selflags & SSF_WRITE) { + ssize_t nwrote; + SOCKET_WRITEV_TEMP tmp; + + nwrote = SOCKET_WRITEV(conn->fd, conn->u.tcp.sgp, conn->u.tcp.sgnum, + tmp); + if (nwrote < 0) { + goto kill_tcp_connection; + } + if (nwrote == 0) { + /* eof */ + isForcedClose = 0; + goto kill_tcp_connection; + } + while (nwrote) { + sg_buf *sgp = conn->u.tcp.sgp; + if (nwrote < SG_LEN(sgp)) { + SG_ADVANCE(sgp, nwrote); + nwrote = 0; + } else { + nwrote -= SG_LEN(sgp); + conn->u.tcp.sgp++; + conn->u.tcp.sgnum--; + if (conn->u.tcp.sgnum == 0 && nwrote != 0) + abort(); + } + } + if (conn->u.tcp.sgnum == 0) { + /* finished sending */ + /* We should go back to reading, though if we sent a + FIELD_TOOLONG error in reply to a length with the high + bit set, RFC 4120 says we have to close the TCP + stream. */ + isForcedClose = 0; + goto kill_tcp_connection; + } + } else if (selflags & SSF_READ) { + /* Read message length and data into one big buffer, already + allocated at connect time. If we have a complete message, + we stop reading, so we should only be here if there is no + data in the buffer, or only an incomplete message. */ + size_t len; + ssize_t nread; + if (conn->u.tcp.offset < 4) { + /* msglen has not been computed */ + /* XXX Doing at least two reads here, letting the kernel + worry about buffering. It'll be faster when we add + code to manage the buffer here. */ + len = 4 - conn->u.tcp.offset; + nread = SOCKET_READ(conn->fd, + conn->u.tcp.buffer + conn->u.tcp.offset, len); + if (nread < 0) + /* error */ + goto kill_tcp_connection; + if (nread == 0) + /* eof */ + goto kill_tcp_connection; + conn->u.tcp.offset += nread; + if (conn->u.tcp.offset == 4) { + unsigned char *p = (unsigned char *)conn->u.tcp.buffer; + conn->u.tcp.msglen = load_32_be(p); + if (conn->u.tcp.msglen > conn->u.tcp.bufsiz - 4) { + krb5_error_code err; + /* message too big */ + krb5_klog_syslog(LOG_ERR, "TCP client %s wants %lu bytes, cap is %lu", + conn->u.tcp.addrbuf, (unsigned long) conn->u.tcp.msglen, + (unsigned long) conn->u.tcp.bufsiz - 4); + /* XXX Should return an error. */ + err = make_toolong_error (handle, &conn->u.tcp.response); + if (err) { + krb5_klog_syslog(LOG_ERR, + "error constructing KRB_ERR_FIELD_TOOLONG error! %s", + error_message(err)); + goto kill_tcp_connection; + } + goto have_response; + } + } + } else { + /* msglen known */ + krb5_data request; + krb5_error_code err; + struct sockaddr_storage local_saddr; + socklen_t local_saddrlen = sizeof(local_saddr); + struct sockaddr *local_saddrp = NULL; + + len = conn->u.tcp.msglen - (conn->u.tcp.offset - 4); + nread = SOCKET_READ(conn->fd, + conn->u.tcp.buffer + conn->u.tcp.offset, len); + if (nread < 0) + /* error */ + goto kill_tcp_connection; + if (nread == 0) + /* eof */ + goto kill_tcp_connection; + conn->u.tcp.offset += nread; + if (conn->u.tcp.offset < conn->u.tcp.msglen + 4) + return; + /* have a complete message, and exactly one message */ + request.length = conn->u.tcp.msglen; + request.data = conn->u.tcp.buffer + 4; + + if (getsockname(conn->fd, ss2sa(&local_saddr), &local_saddrlen) == 0) { + local_saddrp = ss2sa(&local_saddr); + } + + err = dispatch(handle, local_saddrp, &conn->u.tcp.faddr, + &request, &conn->u.tcp.response); + if (err) { + com_err(prog, err, "while dispatching (tcp)"); + goto kill_tcp_connection; + } + have_response: + queue_tcp_outgoing_response(conn); + FD_CLR(conn->fd, &sstate.rfds); + } + } else + abort(); + + return; + +kill_tcp_connection: + kill_tcp_or_rpc_connection(handle, conn, isForcedClose); +} + +static void service_conn(void *handle, + struct connection *conn, const char *prog, + int selflags) +{ + conn->service(handle, conn, prog, selflags); +} + +static int getcurtime(struct timeval *tvp) +{ +#ifdef _WIN32 + struct _timeb tb; + _ftime(&tb); + tvp->tv_sec = tb.time; + tvp->tv_usec = tb.millitm * 1000; + return 0; +#else + return gettimeofday(tvp, 0) ? errno : 0; +#endif +} + +krb5_error_code +listen_and_process(void *handle, const char *prog) +{ + int nfound; + /* This struct contains 3 fd_set objects; on some platforms, they + can be rather large. Making this static avoids putting all + that junk on the stack. */ + static struct select_state sout; + int i, sret, netchanged = 0; + krb5_error_code err; + kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle; + + if (conns == (struct connection **) NULL) + return KDC5_NONET; + + while (!signal_request_exit) { + if (signal_request_hup) { + krb5_klog_reopen(server_handle->context); + reset_db(); + signal_request_hup = 0; + } +#ifdef PURIFY + if (signal_pure_report) { + purify_new_reports(); + signal_pure_report = 0; + } + if (signal_pure_clear) { + purify_clear_new_reports(); + signal_pure_clear = 0; + } +#endif /* PURIFY */ + if (network_reconfiguration_needed) { + krb5_klog_syslog(LOG_INFO, "network reconfiguration needed"); + /* It might be tidier to add a timer-callback interface to + the control loop here, but for this one use, it's not a + big deal. */ + err = getcurtime(&sstate.end_time); + if (err) { + com_err(prog, err, "while getting the time"); + continue; + } + sstate.end_time.tv_sec += 3; + netchanged = 1; + } else + sstate.end_time.tv_sec = sstate.end_time.tv_usec = 0; + + err = krb5int_cm_call_select(&sstate, &sout, &sret); + if (err) { + if (err != EINTR) + com_err(prog, err, "while selecting for network input(1)"); + continue; + } + if (sret == 0 && netchanged) { + network_reconfiguration_needed = 0; + closedown_network(handle, prog); + err = setup_network(handle, prog); + if (err) { + com_err(prog, err, "while reinitializing network"); + return err; + } + netchanged = 0; + } + if (sret == -1) { + if (errno != EINTR) + com_err(prog, errno, "while selecting for network input(2)"); + continue; + } + nfound = sret; + for (i=0; i 0; i++) { + int sflags = 0; + if (conns[i]->fd < 0) + abort(); + if (FD_ISSET(conns[i]->fd, &sout.rfds)) + sflags |= SSF_READ, nfound--; + if (FD_ISSET(conns[i]->fd, &sout.wfds)) + sflags |= SSF_WRITE, nfound--; + if (sflags) + service_conn(handle, conns[i], prog, sflags); + } + } + krb5_klog_syslog(LOG_INFO, "shutdown signal received"); + return 0; +} + +krb5_error_code +closedown_network(void *handle, const char *prog) +{ + int i; + struct connection *conn; + + if (conns == (struct connection **) NULL) + return KDC5_NONET; + + FOREACH_ELT (connections, i, conn) { + if (conn->fd >= 0) { + krb5_klog_syslog(LOG_INFO, "closing down fd %d", conn->fd); + (void) close(conn->fd); + if (conn->type == CONN_RPC) { + fd_set fds; + + FD_ZERO(&fds); + FD_SET(conn->fd, &fds); + + svc_getreqset(&fds); + } + } + if (conn->type == CONN_RPC_LISTENER) { + if (conn->u.rpc.transp != NULL) + svc_destroy(conn->u.rpc.transp); + } + DEL (connections, i); + /* There may also be per-connection data in the tcp structure + (tcp.buffer, tcp.response) that we're not freeing here. + That should only happen if we quit with a connection in + progress. */ + free(conn); + } + FREE_SET_DATA(connections); + FREE_SET_DATA(udp_port_data); + FREE_SET_DATA(tcp_port_data); + FREE_SET_DATA(rpc_svc_data); + + return 0; +} + +static void accept_rpc_connection(void *handle, struct connection *conn, + const char *prog, int selflags) +{ + struct socksetup sockdata; + fd_set fds; + register int s; + + assert(selflags & SSF_READ); + + if ((selflags & SSF_READ) == 0) + return; + + sockdata.prog = prog; + sockdata.retval = 0; + + /* + * Service the woken RPC listener descriptor. + */ + FD_ZERO(&fds); + FD_SET(conn->fd, &fds); + + svc_getreqset(&fds); + + /* + * Scan svc_fdset for any new connections. + */ + for (s = 0; s < FD_SETSIZE; s++) { + /* sstate.rfds |= svc_fdset & ~(rpc_listenfds | sstate.rfds) */ + if (FD_ISSET(s, &svc_fdset) + && !FD_ISSET(s, &rpc_listenfds) + && !FD_ISSET(s, &sstate.rfds)) + { + struct connection *newconn; + struct sockaddr_storage addr_s; + struct sockaddr *addr = (struct sockaddr *)&addr_s; + socklen_t addrlen = sizeof(addr_s); + char tmpbuf[10]; + + newconn = add_rpc_data_fd(&sockdata, s); + if (newconn == NULL) + continue; + + set_cloexec_fd(s); +#if 0 + setnbio(s), setnolinger(s), setkeepalive(s); +#endif + + if (getpeername(s, addr, &addrlen) || + getnameinfo(addr, addrlen, + newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf), + tmpbuf, sizeof(tmpbuf), + NI_NUMERICHOST | NI_NUMERICSERV)) + strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf)); + else { + char *p, *end; + p = newconn->u.tcp.addrbuf; + end = p + sizeof(newconn->u.tcp.addrbuf); + p += strlen(p); + if (end - p > 2 + strlen(tmpbuf)) { + *p++ = '.'; + strlcpy(p, tmpbuf, end - p); + } + } +#if 0 + krb5_klog_syslog(LOG_INFO, "accepted RPC connection on socket %d from %s", + s, newconn->u.tcp.addrbuf); +#endif + + newconn->u.tcp.addr_s = addr_s; + newconn->u.tcp.addrlen = addrlen; + newconn->u.tcp.start_time = time(0); + + if (++tcp_or_rpc_data_counter > max_tcp_or_rpc_data_connections) + kill_lru_tcp_or_rpc_connection(handle, newconn); + + newconn->u.tcp.faddr.address = &newconn->u.tcp.kaddr; + init_addr(&newconn->u.tcp.faddr, ss2sa(&newconn->u.tcp.addr_s)); + + FD_SET(s, &sstate.rfds); + if (sstate.max <= s) + sstate.max = s + 1; + } + } +} + +static void process_rpc_connection(void *handle, struct connection *conn, + const char *prog, int selflags) +{ + fd_set fds; + + assert(selflags & SSF_READ); + + if ((selflags & SSF_READ) == 0) + return; + + FD_ZERO(&fds); + FD_SET(conn->fd, &fds); + + svc_getreqset(&fds); + + if (!FD_ISSET(conn->fd, &svc_fdset)) + kill_tcp_or_rpc_connection(handle, conn, 0); +} + +#endif /* INET */ diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 0e9fcbcb78..c36cb6ef2d 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -77,7 +77,6 @@ void request_exit(int); void request_hup(int); void reset_db(void); void sig_pipe(int); -void kadm_svc_run(kadm5_config_params *params); #ifdef POSIX_SIGNALS static struct sigaction s_action; @@ -124,12 +123,6 @@ int ipropfd; void kadm5_set_use_password_server (void); #endif -extern void krb5_iprop_prog_1(); -extern kadm5_ret_t kiprop_get_adm_host_srv_name( - krb5_context, - const char *, - char **); - /* * Function: usage * @@ -215,15 +208,12 @@ int nofork = 0; int main(int argc, char *argv[]) { - register SVCXPRT *transp, *iproptransp; extern char *optarg; extern int optind, opterr; int ret, oldnames = 0; OM_uint32 OMret, major_status, minor_status; char *whoami; gss_buffer_desc in_buf; - struct sockaddr_in addr; - int s; auth_gssapi_name names[4]; gss_buffer_desc gssbuf; gss_OID nt_krb5_name_oid; @@ -231,8 +221,8 @@ int main(int argc, char *argv[]) char **db_args = NULL; int db_args_size = 0; char *errmsg; + int i; - char *kiprop_name = NULL; /* iprop svc name */ kdb_log_context *log_ctx; setvbuf(stderr, NULL, _IONBF, 0); @@ -359,238 +349,17 @@ int main(int argc, char *argv[]) exit(1); } - memset(&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_addr.s_addr = INADDR_ANY; - addr.sin_port = htons(params.kadmind_port); - - if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - const char *e_txt; - ret = SOCKET_ERRNO; - e_txt = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, "Cannot create TCP socket: %s", - e_txt); - fprintf(stderr, "Cannot create TCP socket: %s", - e_txt); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - set_cloexec_fd(s); - - if ((schpw = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - const char *e_txt; - ret = SOCKET_ERRNO; - e_txt = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, - "cannot create simple chpw socket: %s", - e_txt); - fprintf(stderr, "Cannot create simple chpw socket: %s", - e_txt); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - set_cloexec_fd(schpw); - -#ifndef DISABLE_IPROP - if ((ipropfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { - const char *e_txt; - ret = SOCKET_ERRNO; - e_txt = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, - "cannot create iprop listening socket: %s", - e_txt); - fprintf(stderr, "cannot create iprop listening socket: %s", - e_txt); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - set_cloexec_fd(ipropfd); -#endif - -#ifdef SO_REUSEADDR - /* the old admin server turned on SO_REUSEADDR for non-default - port numbers. this was necessary, on solaris, for the tests - to work. jhawk argues that the debug and production modes - should be the same. I think I agree, so I'm always going to set - SO_REUSEADDR. The other option is to have the unit tests wait - until the port is useable, or use a different port each time. - --marc */ - - { - int allowed; - - allowed = 1; - if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, - (char *) &allowed, sizeof(allowed)) < 0 || - setsockopt(schpw, SOL_SOCKET, SO_REUSEADDR, - (char *) &allowed, sizeof(allowed)) < 0 -#ifndef DISABLE_IPROP - || setsockopt(ipropfd, SOL_SOCKET, SO_REUSEADDR, - (char *) &allowed, sizeof(allowed)) < 0 -#endif - ) { - const char *e_txt; - ret = SOCKET_ERRNO; - e_txt = krb5_get_error_message (context, ret); - krb5_klog_syslog(LOG_ERR, "Cannot set SO_REUSEADDR: %s", - e_txt); - fprintf(stderr, "Cannot set SO_REUSEADDR: %s", e_txt); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - } -#endif /* SO_REUSEADDR */ - memset(&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_addr.s_addr = INADDR_ANY; - addr.sin_port = htons(params.kadmind_port); - - if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) { - int oerrno = errno; - const char *e_txt = krb5_get_error_message (context, errno); - fprintf(stderr, "%s: Cannot bind socket.\n", whoami); - fprintf(stderr, "bind: %s\n", e_txt); - errno = oerrno; - krb5_klog_syslog(LOG_ERR, "Cannot bind socket: %s", e_txt); - if(oerrno == EADDRINUSE) { - char *w = strrchr(whoami, '/'); - if (w) { - w++; - } - else { - w = whoami; - } - fprintf(stderr, -"This probably means that another %s process is already\n" -"running, or that another program is using the server port (number %d)\n" -"after being assigned it by the RPC portmap daemon. If another\n" -"%s is already running, you should kill it before\n" -"restarting the server. If, on the other hand, another program is\n" -"using the server port, you should kill it before running\n" -"%s, and ensure that the conflict does not occur in the\n" -"future by making sure that %s is started on reboot\n" - "before portmap.\n", w, ntohs(addr.sin_port), w, w, w); - krb5_klog_syslog(LOG_ERR, "Check for already-running %s or for " - "another process using port %d", w, - htons(addr.sin_port)); - } + if ((ret = setup_network(global_server_handle, whoami))) { + const char *e_txt = krb5_get_error_message (context, ret); + krb5_klog_syslog(LOG_ERR, "%s: %s while initializing network, aborting", + whoami, e_txt); + fprintf(stderr, "%s: %s while initializing network, aborting\n", + whoami, e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); } - memset(&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_addr.s_addr = INADDR_ANY; - /* XXX */ - addr.sin_port = htons(params.kpasswd_port); - - if (bind(schpw, (struct sockaddr *)&addr, sizeof(addr)) < 0) { - char portbuf[32]; - int oerrno = errno; - const char *e_txt = krb5_get_error_message (context, errno); - fprintf(stderr, "%s: Cannot bind socket.\n", whoami); - fprintf(stderr, "bind: %s\n", e_txt); - errno = oerrno; - snprintf(portbuf, sizeof(portbuf), "%d", ntohs(addr.sin_port)); - krb5_klog_syslog(LOG_ERR, "cannot bind simple chpw socket: %s", - e_txt); - if(oerrno == EADDRINUSE) { - char *w = strrchr(whoami, '/'); - if (w) { - w++; - } - else { - w = whoami; - } - fprintf(stderr, -"This probably means that another %s process is already\n" -"running, or that another program is using the server port (number %d).\n" -"If another %s is already running, you should kill it before\n" -"restarting the server.\n", - w, ntohs(addr.sin_port), w); - } - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - -#ifndef DISABLE_IPROP - memset(&addr, 0, sizeof(addr)); - addr.sin_family = AF_INET; - addr.sin_addr.s_addr = INADDR_ANY; - addr.sin_port = htons(params.iprop_port); - if (bind(ipropfd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { - char portbuf[32]; - int oerrno = errno; - const char *e_txt = krb5_get_error_message (context, errno); - fprintf(stderr, "%s: Cannot bind socket.\n", whoami); - fprintf(stderr, "bind: %s\n", e_txt); - errno = oerrno; - snprintf(portbuf, sizeof(portbuf), "%d", ntohs(addr.sin_port)); - krb5_klog_syslog(LOG_ERR, "cannot bind iprop socket: %s", - e_txt); - if(oerrno == EADDRINUSE) { - char *w = strrchr(whoami, '/'); - if (w) { - w++; - } - else { - w = whoami; - } - fprintf(stderr, -"This probably means that another %s process is already\n" -"running, or that another program is using the server port (number %d).\n" -"If another %s is already running, you should kill it before\n" -"restarting the server.\n", - w, ntohs(addr.sin_port), w); - } - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } -#endif - - transp = svctcp_create(s, 0, 0); - if(transp == NULL) { - fprintf(stderr, "%s: Cannot create RPC service.\n", whoami); - krb5_klog_syslog(LOG_ERR, "Cannot create RPC service: %m"); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - if(!svc_register(transp, KADM, KADMVERS, kadm_1, 0)) { - fprintf(stderr, "%s: Cannot register RPC service.\n", whoami); - krb5_klog_syslog(LOG_ERR, "Cannot register RPC service, failing."); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - -#ifndef DISABLE_IPROP - iproptransp = svctcp_create(ipropfd, 0, 0); - if (iproptransp == NULL) { - fprintf(stderr, "%s: Cannot create RPC service.\n", whoami); - krb5_klog_syslog(LOG_ERR, "Cannot create RPC service: %m"); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - if (!svc_register(iproptransp, KRB5_IPROP_PROG, KRB5_IPROP_VERS, krb5_iprop_prog_1, IPPROTO_TCP)) { - fprintf(stderr, "%s: Cannot register RPC service.\n", whoami); - krb5_klog_syslog(LOG_ERR, "Cannot register RPC service, continuing."); -#if 0 - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); -#endif - } -#endif - names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm); names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm); names[2].name = build_princ_name(OVSEC_KADM_ADMIN_SERVICE, params.realm); @@ -833,13 +602,13 @@ kterr: if (nofork) fprintf(stderr, "%s: starting...\n", whoami); - kadm_svc_run(¶ms); + listen_and_process(global_server_handle, whoami); krb5_klog_syslog(LOG_INFO, "finished, exiting"); /* Clean up memory, etc */ svcauth_gssapi_unset_names(); kadm5_destroy(global_server_handle); - close(s); + closedown_network(global_server_handle, whoami); kadm5int_acl_finish(context, 0); if(gss_changepw_name) { (void) gss_release_name(&OMret, &gss_changepw_name); @@ -847,9 +616,9 @@ kterr: if(gss_oldchangepw_name) { (void) gss_release_name(&OMret, &gss_oldchangepw_name); } - for(s = 0 ; s < 4; s++) { - if (names[s].name) { - free(names[s].name); + for(i = 0 ; i < 4; i++) { + if (names[i].name) { + free(names[i].name); } } @@ -911,68 +680,6 @@ void setup_signal_handlers(iprop_role iproprole) { #endif /* POSIX_SIGNALS */ } -/* - * Function: kadm_svc_run - * - * Purpose: modified version of sunrpc svc_run. - * which closes the database every TIMEOUT seconds. - * - * Arguments: - * Requires: - * Effects: - * Modifies: - */ - -void kadm_svc_run(params) -kadm5_config_params *params; -{ - fd_set rfd; - struct timeval timeout; - - while(signal_request_exit == 0) { - if (signal_request_hup) { - reset_db(); - krb5_klog_reopen(context); - signal_request_hup = 0; - } -#ifdef PURIFY - if (signal_pure_report) /* check to see if a report */ - /* should be dumped... */ - { - purify_new_reports(); - signal_pure_report = 0; - } - if (signal_pure_clear) /* ...before checking whether */ - /* the info should be cleared. */ - { - purify_clear_new_reports(); - signal_pure_clear = 0; - } -#endif /* PURIFY */ - timeout.tv_sec = TIMEOUT; - timeout.tv_usec = 0; - rfd = svc_fdset; - FD_SET(schpw, &rfd); -#define max(a, b) (((a) > (b)) ? (a) : (b)) - switch(select(max(schpw, svc_maxfd) + 1, - (fd_set *) &rfd, NULL, NULL, &timeout)) { - case -1: - if(errno == EINTR) - continue; - perror("select"); - return; - case 0: - reset_db(); - break; - default: - if (FD_ISSET(schpw, &rfd)) - do_schpw(schpw, params); - else - svc_getreqset(&rfd); - } - } -} - #ifdef PURIFY /* * Function: request_pure_report @@ -1344,99 +1051,3 @@ void log_badauth_display_status_1(char *m, OM_uint32 code, int type, } } -void do_schpw(int s1, kadm5_config_params *params) -{ - krb5_error_code ret; - /* XXX buffer = ethernet mtu */ - char req[1500]; - int len; - struct sockaddr_in from; - socklen_t fromlen; - krb5_keytab kt; - krb5_data reqdata, repdata; - int s2; - - fromlen = sizeof(from); - if ((len = recvfrom(s1, req, sizeof(req), 0, (struct sockaddr *)&from, - &fromlen)) < 0) { - krb5_klog_syslog(LOG_ERR, "chpw: Couldn't receive request: %s", - krb5_get_error_message (context, errno)); - return; - } - - if ((ret = krb5_kt_resolve(context, "KDB:", &kt))) { - krb5_klog_syslog(LOG_ERR, "chpw: Couldn't open admin keytab %s", - krb5_get_error_message (context, ret)); - return; - } - - reqdata.length = len; - reqdata.data = req; - - /* this is really obscure. s1 is used for all communications. it - is left unconnected in case the server is multihomed and routes - are asymmetric. s2 is connected to resolve routes and get - addresses. this is the *only* way to get proper addresses for - multihomed hosts if routing is asymmetric. - - A related problem in the server, but not the client, is that - many os's have no way to disconnect a connected udp socket, so - the s2 socket needs to be closed and recreated for each - request. The s1 socket must not be closed, or else queued - requests will be lost. - - A "naive" client implementation (one socket, no connect, - hostname resolution to get the local ip addr) will work and - interoperate if the client is single-homed. */ - - if ((s2 = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - const char *errmsg = krb5_get_error_message (context, errno); - krb5_klog_syslog(LOG_ERR, "cannot create connecting socket: %s", - errmsg); - fprintf(stderr, "Cannot create connecting socket: %s", - errmsg); - svcauth_gssapi_unset_names(); - kadm5_destroy(global_server_handle); - krb5_klog_close(context); - exit(1); - } - set_cloexec_fd(s2); - - if (connect(s2, (struct sockaddr *) &from, sizeof(from)) < 0) { - krb5_klog_syslog(LOG_ERR, "chpw: Couldn't connect to client: %s", - krb5_get_error_message (context, errno)); - goto cleanup; - } - - if ((ret = process_chpw_request(context, global_server_handle, - params->realm, s2, kt, &from, - &reqdata, &repdata))) { - krb5_klog_syslog(LOG_ERR, "chpw: Error processing request: %s", - krb5_get_error_message (context, ret)); - } - - close(s2); - - if (repdata.length == 0) { - /* just return. This means something really bad happened */ - goto cleanup; - } - - len = sendto(s1, repdata.data, (int) repdata.length, 0, - (struct sockaddr *) &from, sizeof(from)); - - if (len < (int) repdata.length) { - krb5_xfree(repdata.data); - - krb5_klog_syslog(LOG_ERR, "chpw: Error sending reply: %s", - krb5_get_error_message (context, errno)); - goto cleanup; - } - - krb5_xfree(repdata.data); - -cleanup: - krb5_kt_close(context, kt); - - return; -} diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index 76aa2ca852..53f2e59baf 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -11,37 +11,40 @@ #define GETSOCKNAME_ARG3_TYPE int #endif +#define RFC3244_VERSION 0xff80 + krb5_error_code -process_chpw_request(context, server_handle, realm, s, keytab, sockin, - req, rep) +process_chpw_request(context, server_handle, realm, keytab, + local_faddr, remote_faddr, req, rep) krb5_context context; void *server_handle; char *realm; - int s; krb5_keytab keytab; - struct sockaddr_in *sockin; + krb5_fulladdr *local_faddr; + krb5_fulladdr *remote_faddr; krb5_data *req; krb5_data *rep; { krb5_error_code ret; char *ptr; int plen, vno; - krb5_address local_kaddr, remote_kaddr; - int allocated_mem = 0; krb5_data ap_req, ap_rep; krb5_auth_context auth_context; krb5_principal changepw; + krb5_principal client, target = NULL; krb5_ticket *ticket; krb5_data cipher, clear; - struct sockaddr local_addr, remote_addr; - GETSOCKNAME_ARG3_TYPE addrlen; krb5_replay_data replay; krb5_error krberror; int numresult; char strresult[1024]; - char *clientstr; + char *clientstr = NULL, *targetstr = NULL; size_t clen; char *cdots; + struct sockaddr_storage ss; + socklen_t salen; + char addrbuf[100]; + krb5_address *addr = remote_faddr->address; ret = 0; rep->length = 0; @@ -58,7 +61,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, or the caller passed in garbage */ ret = KRB5KRB_AP_ERR_MODIFIED; numresult = KRB5_KPASSWD_MALFORMED; - strcpy(strresult, "Request was truncated"); + strlcpy(strresult, "Request was truncated", sizeof(strresult)); goto chpwfail; } @@ -77,7 +80,7 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, vno = (*ptr++ & 0xff) ; vno = (vno<<8) | (*ptr++ & 0xff); - if (vno != 1) { + if (vno != 1 && vno != RFC3244_VERSION) { ret = KRB5KDC_ERR_BAD_PVNO; numresult = KRB5_KPASSWD_BAD_VERSION; snprintf(strresult, sizeof(strresult), @@ -93,7 +96,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, if (ptr + ap_req.length >= req->data + req->length) { ret = KRB5KRB_AP_ERR_MODIFIED; numresult = KRB5_KPASSWD_MALFORMED; - strcpy(strresult, "Request was truncated in AP-REQ"); + strlcpy(strresult, "Request was truncated in AP-REQ", + sizeof(strresult)); goto chpwfail; } @@ -105,7 +109,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, ret = krb5_auth_con_init(context, &auth_context); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed initializing auth context"); + strlcpy(strresult, "Failed initializing auth context", + sizeof(strresult)); goto chpwfail; } @@ -113,7 +118,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, KRB5_AUTH_CONTEXT_DO_SEQUENCE); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed initializing auth context"); + strlcpy(strresult, "Failed initializing auth context", + sizeof(strresult)); goto chpwfail; } @@ -121,7 +127,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, "kadmin", "changepw", NULL); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed building kadmin/changepw principal"); + strlcpy(strresult, "Failed building kadmin/changepw principal", + sizeof(strresult)); goto chpwfail; } @@ -130,63 +137,11 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, if (ret) { numresult = KRB5_KPASSWD_AUTHERROR; - strcpy(strresult, "Failed reading application request"); - goto chpwfail; - } - - /* set up address info */ - - addrlen = sizeof(local_addr); - - if (getsockname(s, &local_addr, &addrlen) < 0) { - ret = errno; - numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed getting server internet address"); + strlcpy(strresult, "Failed reading application request", + sizeof(strresult)); goto chpwfail; } - /* some brain-dead OS's don't return useful information from - * the getsockname call. Namely, windows and solaris. */ - - if (((struct sockaddr_in *)&local_addr)->sin_addr.s_addr != 0) { - local_kaddr.addrtype = ADDRTYPE_INET; - local_kaddr.length = - sizeof(((struct sockaddr_in *) &local_addr)->sin_addr); - local_kaddr.contents = - (krb5_octet *) &(((struct sockaddr_in *) &local_addr)->sin_addr); - } else { - krb5_address **addrs; - - krb5_os_localaddr(context, &addrs); - local_kaddr.magic = addrs[0]->magic; - local_kaddr.addrtype = addrs[0]->addrtype; - local_kaddr.length = addrs[0]->length; - local_kaddr.contents = malloc(addrs[0]->length); - memcpy(local_kaddr.contents, addrs[0]->contents, addrs[0]->length); - allocated_mem++; - - krb5_free_addresses(context, addrs); - } - - addrlen = sizeof(remote_addr); - - if (getpeername(s, &remote_addr, &addrlen) < 0) { - ret = errno; - numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed getting client internet address"); - goto chpwfail; - } - - remote_kaddr.addrtype = ADDRTYPE_INET; - remote_kaddr.length = - sizeof(((struct sockaddr_in *) &remote_addr)->sin_addr); - remote_kaddr.contents = - (krb5_octet *) &(((struct sockaddr_in *) &remote_addr)->sin_addr); - - remote_kaddr.addrtype = ADDRTYPE_INET; - remote_kaddr.length = sizeof(sockin->sin_addr); - remote_kaddr.contents = (krb5_octet *) &sockin->sin_addr; - /* mk_priv requires that the local address be set. getsockname is used for this. rd_priv requires that the remote address be set. recvfrom is used for this. If @@ -202,18 +157,11 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, is specified. Are we having fun yet? */ ret = krb5_auth_con_setaddrs(context, auth_context, NULL, - &remote_kaddr); + remote_faddr->address); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed storing client internet address"); - goto chpwfail; - } - - /* verify that this is an AS_REQ ticket */ - - if (!(ticket->enc_part2->flags & TKT_FLG_INITIAL)) { - numresult = KRB5_KPASSWD_AUTHERROR; - strcpy(strresult, "Ticket must be derived from a password"); + strlcpy(strresult, "Failed storing client internet address", + sizeof(strresult)); goto chpwfail; } @@ -222,11 +170,12 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, ret = krb5_mk_rep(context, auth_context, &ap_rep); if (ret) { numresult = KRB5_KPASSWD_AUTHERROR; - strcpy(strresult, "Failed replying to application request"); + strlcpy(strresult, "Failed replying to application request", + sizeof(strresult)); goto chpwfail; } - /* decrypt the new password */ + /* decrypt the ChangePasswdData */ cipher.length = (req->data + req->length) - ptr; cipher.data = ptr; @@ -234,23 +183,66 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, ret = krb5_rd_priv(context, auth_context, &cipher, &clear, &replay); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed decrypting request"); + strlcpy(strresult, "Failed decrypting request", sizeof(strresult)); goto chpwfail; } - ret = krb5_unparse_name(context, ticket->enc_part2->client, &clientstr); + client = ticket->enc_part2->client; + + /* decode ChangePasswdData for setpw requests */ + if (vno == RFC3244_VERSION) { + krb5_data *clear_data; + + ret = decode_krb5_setpw_req(&clear, &clear_data, &target); + if (ret != 0) { + numresult = KRB5_KPASSWD_MALFORMED; + strlcpy(strresult, "Failed decoding ChangePasswdData", + sizeof(strresult)); + goto chpwfail; + } + + memset(clear.data, 0, clear.length); + free(clear.data); + + clear = *clear_data; + free(clear_data); + + if (target != NULL) { + ret = krb5_unparse_name(context, target, &targetstr); + if (ret != 0) { + numresult = KRB5_KPASSWD_HARDERROR; + strlcpy(strresult, "Failed unparsing target name for log", + sizeof(strresult)); + goto chpwfail; + } + } + } + + ret = krb5_unparse_name(context, client, &clientstr); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed unparsing client name for log"); + strlcpy(strresult, "Failed unparsing client name for log", + sizeof(strresult)); goto chpwfail; } + + /* for cpw, verify that this is an AS_REQ ticket */ + if (vno == 1 && + (ticket->enc_part2->flags & TKT_FLG_INITIAL) == 0) { + numresult = KRB5_KPASSWD_INITIAL_FLAG_NEEDED; + strlcpy(strresult, "Ticket must be derived from a password", + sizeof(strresult)); + goto chpwfail; + } + /* change the password */ ptr = (char *) malloc(clear.length+1); memcpy(ptr, clear.data, clear.length); ptr[clear.length] = '\0'; - ret = schpw_util_wrapper(server_handle, ticket->enc_part2->client, + ret = schpw_util_wrapper(server_handle, client, target, + (ticket->enc_part2->flags & TKT_FLG_INITIAL) != 0, ptr, NULL, strresult, sizeof(strresult)); /* zap the password */ @@ -262,27 +254,85 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, clen = strlen(clientstr); trunc_name(&clen, &cdots); - krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s", - inet_ntoa(((struct sockaddr_in *)&remote_addr)->sin_addr), - (int) clen, clientstr, cdots, - ret ? krb5_get_error_message (context, ret) : "success"); - krb5_free_unparsed_name(context, clientstr); - if (ret) { - if ((ret != KADM5_PASS_Q_TOOSHORT) && - (ret != KADM5_PASS_REUSE) && (ret != KADM5_PASS_Q_CLASS) && - (ret != KADM5_PASS_Q_DICT) && (ret != KADM5_PASS_TOOSOON)) - numresult = KRB5_KPASSWD_HARDERROR; - else - numresult = KRB5_KPASSWD_SOFTERROR; - /* strresult set by kadb5_chpass_principal_util() */ - goto chpwfail; + switch (addr->addrtype) { + case ADDRTYPE_INET: { + struct sockaddr_in *sin = ss2sin(&ss); + + sin->sin_family = AF_INET; + memcpy(&sin->sin_addr, addr->contents, addr->length); + sin->sin_port = htons(remote_faddr->port); + salen = sizeof(*sin); + break; + } + case ADDRTYPE_INET6: { + struct sockaddr_in6 *sin6 = ss2sin6(&ss); + + sin6->sin6_family = AF_INET6; + memcpy(&sin6->sin6_addr, addr->contents, addr->length); + sin6->sin6_port = htons(remote_faddr->port); + salen = sizeof(*sin6); + break; } + default: { + struct sockaddr *sa = ss2sa(&ss); - /* success! */ + sa->sa_family = AF_UNSPEC; + salen = sizeof(*sa); + break; + } + } - numresult = KRB5_KPASSWD_SUCCESS; - strcpy(strresult, ""); + if (getnameinfo(ss2sa(&ss), salen, + addrbuf, sizeof(addrbuf), NULL, 0, + NI_NUMERICHOST | NI_NUMERICSERV) != 0) + strlcpy(addrbuf, "", sizeof(addrbuf)); + + if (vno == RFC3244_VERSION) { + size_t tlen; + char *tdots; + const char *targetp; + + if (target == NULL) { + tlen = clen; + tdots = cdots; + targetp = targetstr; + } else { + tlen = strlen(targetstr); + trunc_name(&tlen, &tdots); + targetp = clientstr; + } + + krb5_klog_syslog(LOG_NOTICE, "setpw request from %s by %.*s%s for %.*s%s: %s", + addrbuf, + (int) clen, clientstr, cdots, + (int) tlen, targetp, tdots, + ret ? krb5_get_error_message (context, ret) : "success"); + } else { + krb5_klog_syslog(LOG_NOTICE, "chpw request from %s for %.*s%s: %s", + addrbuf, + (int) clen, clientstr, cdots, + ret ? krb5_get_error_message (context, ret) : "success"); + } + switch (ret) { + case KADM5_AUTH_CHANGEPW: + numresult = KRB5_KPASSWD_ACCESSDENIED; + break; + case KADM5_PASS_Q_TOOSHORT: + case KADM5_PASS_REUSE: + case KADM5_PASS_Q_CLASS: + case KADM5_PASS_Q_DICT: + case KADM5_PASS_TOOSOON: + numresult = KRB5_KPASSWD_HARDERROR; + break; + case 0: + numresult = KRB5_KPASSWD_SUCCESS; + strlcpy(strresult, "", sizeof(strresult)); + break; + default: + numresult = KRB5_KPASSWD_SOFTERROR; + break; + } chpwfail: @@ -299,18 +349,20 @@ chpwfail: cipher.length = 0; if (ap_rep.length) { - ret = krb5_auth_con_setaddrs(context, auth_context, &local_kaddr, - NULL); + ret = krb5_auth_con_setaddrs(context, auth_context, + local_faddr->address, NULL); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, - "Failed storing client and server internet addresses"); + strlcpy(strresult, + "Failed storing client and server internet addresses", + sizeof(strresult)); } else { ret = krb5_mk_priv(context, auth_context, &clear, &cipher, &replay); if (ret) { numresult = KRB5_KPASSWD_HARDERROR; - strcpy(strresult, "Failed encrypting reply"); + strlcpy(strresult, "Failed encrypting reply", + sizeof(strresult)); } } } @@ -409,8 +461,12 @@ bailout: krb5_xfree(clear.data); if (cipher.length) krb5_xfree(cipher.data); - if (allocated_mem) - krb5_xfree(local_kaddr.contents); + if (target) + krb5_free_principal(context, target); + if (targetstr) + krb5_free_unparsed_name(context, targetstr); + if (clientstr) + krb5_free_unparsed_name(context, clientstr); return(ret); } diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index a6435acf9c..038a4a73ff 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -110,6 +110,8 @@ static kadm5_ret_t new_server_handle(krb5_ui_4 api_version, { kadm5_server_handle_t handle; + *out_handle = NULL; + if (! (handle = (kadm5_server_handle_t) malloc(sizeof(*handle)))) return ENOMEM; @@ -137,6 +139,8 @@ static kadm5_ret_t new_server_handle(krb5_ui_4 api_version, */ static void free_server_handle(kadm5_server_handle_t handle) { + if (!handle) + return; krb5_free_principal(handle->context, handle->current_caller); free(handle); } @@ -303,17 +307,15 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -338,22 +340,23 @@ create_principal_2_svc(cprinc_arg *arg, struct svc_req *rqstp) ret.code = kadm5_create_principal((void *)handle, &arg->rec, arg->mask, arg->passwd); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); - log_done("kadm5_create_principal", prime_arg, errmsg, + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); + + log_done("kadm5_create_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -366,17 +369,15 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -403,21 +404,22 @@ create_principal3_2_svc(cprinc3_arg *arg, struct svc_req *rqstp) arg->n_ks_tuple, arg->ks_tuple, arg->passwd); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_create_principal", prime_arg, errmsg, + log_done("kadm5_create_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); + exit_func: + free_server_handle(handle); return &ret; } @@ -430,17 +432,15 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -461,22 +461,23 @@ delete_principal_2_svc(dprinc_arg *arg, struct svc_req *rqstp) &client_name, &service_name, rqstp); } else { ret.code = kadm5_delete_principal((void *)handle, arg->princ); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_delete_principal", prime_arg, errmsg, + log_done("kadm5_delete_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } free(prime_arg); - free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); - exit_func: +exit_func: + free_server_handle(handle); return &ret; } @@ -490,17 +491,15 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; @@ -522,21 +521,21 @@ modify_principal_2_svc(mprinc_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_modify_principal((void *)handle, &arg->rec, arg->mask); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_modify_principal", prime_arg, errmsg, + log_done("kadm5_modify_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); - /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -551,7 +550,7 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) OM_uint32 minor_stat; kadm5_server_handle_t handle; restriction_t *rp; - const char *errmsg; + const char *errmsg = NULL; size_t tlen1, tlen2, clen, slen; char *tdots1, *tdots2, *cdots, *sdots; @@ -560,10 +559,8 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; @@ -612,10 +609,8 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); /* okay to cast lengths to int because trunc_name limits max value */ krb5_klog_syslog(LOG_NOTICE, @@ -623,17 +618,22 @@ rename_principal_2_svc(rprinc_arg *arg, struct svc_req *rqstp) "%.*s%s to %.*s%s, %s, " "client=%.*s%s, service=%.*s%s, addr=%s", (int)tlen1, prime_arg1, tdots1, - (int)tlen2, prime_arg2, tdots2, errmsg, + (int)tlen2, prime_arg2, tdots2, + errmsg ? errmsg : "success", (int)clen, (char *)client_name.value, cdots, (int)slen, (char *)service_name.value, sdots, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } - free_server_handle(handle); free(prime_arg1); free(prime_arg2); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -647,17 +647,15 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_gprinc_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -696,20 +694,20 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp) arg->mask); } - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done(funcname, prime_arg, errmsg, + log_done(funcname, prime_arg, errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -722,17 +720,15 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_gprincs_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -756,19 +752,21 @@ get_princs_2_svc(gprincs_arg *arg, struct svc_req *rqstp) ret.code = kadm5_get_principals((void *)handle, arg->exp, &ret.princs, &ret.count); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_get_principals", prime_arg, errmsg, + log_done("kadm5_get_principals", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } - free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -781,17 +779,15 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -818,21 +814,23 @@ chpass_principal_2_svc(chpass_arg *arg, struct svc_req *rqstp) ret.code = KADM5_AUTH_CHANGEPW; } - if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if (ret.code != KADM5_AUTH_CHANGEPW) { + if (ret.code != 0) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_chpass_principal", prime_arg, errmsg, + log_done("kadm5_chpass_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -845,17 +843,15 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -889,20 +885,22 @@ chpass_principal3_2_svc(chpass3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_chpass_principal", prime_arg, errmsg, + log_done("kadm5_chpass_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -915,17 +913,15 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -950,20 +946,22 @@ setv4key_principal_2_svc(setv4key_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_setv4key_principal", prime_arg, errmsg, + log_done("kadm5_setv4key_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -976,17 +974,15 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1011,20 +1007,22 @@ setkey_principal_2_svc(setkey_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_setkey_principal", prime_arg, errmsg, + log_done("kadm5_setkey_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1037,17 +1035,15 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1075,20 +1071,22 @@ setkey_principal3_2_svc(setkey3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_setkey_principal", prime_arg, errmsg, + log_done("kadm5_setkey_principal", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1103,7 +1101,7 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_chrand_ret, &ret); @@ -1111,10 +1109,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1123,7 +1119,6 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - free_server_handle(handle); goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { @@ -1156,19 +1151,20 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done(funcname, prime_arg, errmsg, + log_done(funcname, prime_arg, errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1183,17 +1179,15 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_chrand_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1202,7 +1196,6 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - free_server_handle(handle); goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { @@ -1241,19 +1234,20 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done(funcname, prime_arg, errmsg, + log_done(funcname, prime_arg, errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1266,17 +1260,15 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1296,19 +1288,21 @@ create_policy_2_svc(cpol_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_create_policy((void *)handle, &arg->rec, arg->mask); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); log_done("kadm5_create_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, + ((prime_arg == NULL) ? "(null)" : prime_arg), + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1321,17 +1315,15 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1349,19 +1341,21 @@ delete_policy_2_svc(dpol_arg *arg, struct svc_req *rqstp) ret.code = KADM5_AUTH_DELETE; } else { ret.code = kadm5_delete_policy((void *)handle, arg->name); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); log_done("kadm5_delete_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, + ((prime_arg == NULL) ? "(null)" : prime_arg), + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1374,17 +1368,15 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1403,19 +1395,21 @@ modify_policy_2_svc(mpol_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_modify_policy((void *)handle, &arg->rec, arg->mask); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); log_done("kadm5_modify_policy", - ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, + ((prime_arg == NULL) ? "(null)" : prime_arg), + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1431,17 +1425,15 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) kadm5_policy_ent_t e; kadm5_principal_ent_rec caller_ent; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_gpol_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1487,22 +1479,24 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp) &ret.rec); } - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); log_done(funcname, - ((prime_arg == NULL) ? "(null)" : prime_arg), errmsg, + ((prime_arg == NULL) ? "(null)" : prime_arg), + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + } else { log_unauth(funcname, prime_arg, &client_name, &service_name, rqstp); } - free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1516,17 +1510,15 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_gpols_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1548,18 +1540,20 @@ get_pols_2_svc(gpols_arg *arg, struct svc_req *rqstp) ret.code = kadm5_get_policies((void *)handle, arg->exp, &ret.pols, &ret.count); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_get_policies", prime_arg, errmsg, + log_done("kadm5_get_policies", prime_arg, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); + + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); } - free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1569,17 +1563,15 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) gss_buffer_desc client_name, service_name; OM_uint32 minor_stat; kadm5_server_handle_t handle; - const char *errmsg; + const char *errmsg = NULL; xdr_free(xdr_getprivs_ret, &ret); if ((ret.code = new_server_handle(*arg, rqstp, &handle))) goto exit_func; - if ((ret.code = check_handle((void *)handle))) { - free_server_handle(handle); + if ((ret.code = check_handle((void *)handle))) goto exit_func; - } ret.api_version = handle->api_version; @@ -1589,18 +1581,20 @@ getprivs_ret * get_privs_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) } ret.code = kadm5_get_privs((void *)handle, &ret.privs); - if( ret.code == 0 ) - errmsg = "success"; - else - errmsg = krb5_get_error_message(handle ? handle->context : NULL, ret.code); + if( ret.code != 0 ) + errmsg = krb5_get_error_message(handle->context, ret.code); - log_done("kadm5_get_privs", client_name.value, errmsg, + log_done("kadm5_get_privs", client_name.value, + errmsg ? errmsg : "success", &client_name, &service_name, rqstp); - free_server_handle(handle); + if (errmsg != NULL) + krb5_free_error_message(handle->context, errmsg); + gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); exit_func: + free_server_handle(handle); return &ret; } @@ -1611,7 +1605,7 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) service_name; kadm5_server_handle_t handle; OM_uint32 minor_stat; - const char *errmsg = NULL; + const char *errmsg = NULL; size_t clen, slen; char *cdots, *sdots; @@ -1632,8 +1626,6 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) if (ret.code != 0) errmsg = krb5_get_error_message(NULL, ret.code); - else - errmsg = "success"; clen = client_name.length; trunc_name(&clen, &cdots); @@ -1644,11 +1636,14 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp) "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d", (ret.api_version == KADM5_API_VERSION_1 ? "kadm5_init (V1)" : "kadm5_init"), - (int)clen, (char *)client_name.value, cdots, errmsg, + (int)clen, (char *)client_name.value, cdots, + errmsg ? errmsg : "success", (int)clen, (char *)client_name.value, cdots, (int)slen, (char *)service_name.value, sdots, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), rqstp->rq_cred.oa_flavor); + if (errmsg != NULL) + krb5_free_error_message(NULL, errmsg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); diff --git a/src/kadmin/testing/deps b/src/kadmin/testing/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/kadmin/testing/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/kadmin/testing/scripts/deps b/src/kadmin/testing/scripts/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/kadmin/testing/scripts/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/kadmin/testing/util/Makefile.in b/src/kadmin/testing/util/Makefile.in index 2f5760dc5f..ec09047cbb 100644 --- a/src/kadmin/testing/util/Makefile.in +++ b/src/kadmin/testing/util/Makefile.in @@ -42,34 +42,3 @@ bsddb_dump: bsddb_dump.o clean:: $(RM) $(CLNTPROG) $(SRVPROG) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h tcl_kadm5.h tcl_ovsec_kadm.c -$(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h tcl_kadm5.c tcl_kadm5.h -$(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - tcl_kadm5.h test.c diff --git a/src/kadmin/testing/util/deps b/src/kadmin/testing/util/deps new file mode 100644 index 0000000000..c822ad27bb --- /dev/null +++ b/src/kadmin/testing/util/deps @@ -0,0 +1,27 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h tcl_kadm5.h tcl_ovsec_kadm.c +$(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h tcl_kadm5.c tcl_kadm5.h +$(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + tcl_kadm5.h test.c diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index a852f26a51..df57a801f8 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -961,8 +961,7 @@ static int parse_tl_data(Tcl_Interp *interp, const char *list, retcode = TCL_ERROR; goto finished; } - tl->tl_data_contents = (krb5_octet *) malloc(tmp+1); - strcpy((char *) tl->tl_data_contents, argv1[2]); + tl->tl_data_contents = (krb5_octet *) strdup(argv1[2]); Tcl_Free((char *) argv1); argv1 = NULL; diff --git a/src/kdc/.saberinit b/src/kdc/.saberinit deleted file mode 100644 index d79f57ed00..0000000000 --- a/src/kdc/.saberinit +++ /dev/null @@ -1,35 +0,0 @@ -suppress 223 -suppress 285 -suppress 33 on v4_klog -suppress 34 on v4_klog -suppress 36 on sendto -suppress 35 -suppress 287 on usage -suppress 287 on sin -suppress 349 on krb_err_txt -suppress 349 on krbONE -suppress 349 on _ctype_ -suppress 340 -suppress 341 -suppress 346 -suppress 226 on error -load -G main.o kdc5_err.o kdc_util.o network.o policy.o -I../include -load -G do_as_req.o do_tgs_req.o extern.o -I../include -make SRCS=dispatch.c saber -load -G kerberos_v4.c -DBACKWARD_COMPAT -DVARARGS -I../include/kerberosIV -I../include -I../include/stdc-incl -cd /site/Don/krb5/kdc -load -G ../lib/kdb/libkdb.a ../lib/libkrb5.a -load -G ../lib/des/libdes.a ../lib/os-4.3/libos.a ../lib/crc-32/libcrc32.a -load -G /mit/isode/isode-6.0/@sys/lib/libisode.a -load -G -lkrb -ldes -lcom_err -setopt load_flags -I/mit/krb5/vax-cc/include -link -unload /site/Don/krb5/lib/kdb/libkdb.a(decrypt_key.o) -cd /site/Don/krb5/lib/kdb -make SRCS=decrypt_key.c saber -unload /site/Don/krb5/lib/des/libdes.a(enc_dec.o) -unload /site/Don/krb5/lib/des/libdes.a(new_rn_key.o) -cd /site/Don/krb5/lib/des -make SRCS=enc_dec.c saber -make SRCS=new_rn_key.c saber -run diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in index 8e44b25615..83e5f82d92 100644 --- a/src/kdc/Makefile.in +++ b/src/kdc/Makefile.in @@ -12,15 +12,13 @@ RUN_SETUP = @KRB5_RUN_ENV@ PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) KDB5_LIB_DEPS=$(DL_LIB) $(THREAD_LINKOPTS) PROG_RPATH=$(KRB5_LIBDIR) -FAKEKA=@FAKEKA@ DEFS=-DLIBDIR=\"$(KRB5_LIBDIR)\" -EXTRADEPSRCS= fakeka.c -all:: krb5kdc rtest $(FAKEKA) +all:: krb5kdc rtest # DEFINES = -DBACKWARD_COMPAT $(KRB4DEF) -LOCALINCLUDES = @KRB4_INCLUDES@ -I. +LOCALINCLUDES = -I. SRCS= \ kdc5_err.c \ $(srcdir)/dispatch.c \ @@ -33,8 +31,7 @@ SRCS= \ $(srcdir)/policy.c \ $(srcdir)/extern.c \ $(srcdir)/replay.c \ - $(srcdir)/kdc_authdata.c \ - $(srcdir)/kerberos_v4.c + $(srcdir)/kdc_authdata.c OBJS= \ kdc5_err.o \ @@ -48,8 +45,7 @@ OBJS= \ policy.o \ extern.o \ replay.o \ - kdc_authdata.o \ - kerberos_v4.o + kdc_authdata.o RT_OBJS= rtest.o \ kdc_util.o \ @@ -64,15 +60,12 @@ kdc5_err.h: kdc5_err.et kdc5_err.o: kdc5_err.h -krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) +krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) + $(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) rtest: $(RT_OBJS) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS) -fakeka: fakeka.o $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o fakeka fakeka.o $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) - check-unix:: rtest KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;\ $(RUN_SETUP) $(VALGRIND) $(srcdir)/rtscript > test.out @@ -82,163 +75,7 @@ check-unix:: rtest install:: $(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc $(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8 - f=$(FAKEKA); \ - if test -n "$$f" ; then \ - $(INSTALL_PROGRAM) $$f ${DESTDIR}$(SERVER_BINDIR)/$$f; \ - $(INSTALL_DATA) $(srcdir)/fakeka.M ${DESTDIR}$(SERVER_MANDIR)/fakeka.8; \ - fi clean:: - $(RM) kdc5_err.h kdc5_err.c krb5kdc rtest.o rtest fakeka.o fakeka + $(RM) kdc5_err.h kdc5_err.c krb5kdc rtest.o rtest -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kdc5_err.$(OBJEXT): $(COM_ERR_DEPS) kdc5_err.c -$(OUTPRE)dispatch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h dispatch.c extern.h \ - kdc_util.h -$(OUTPRE)do_as_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \ - $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h do_as_req.c extern.h \ - kdc_util.h policy.h -$(OUTPRE)do_tgs_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h do_tgs_req.c extern.h \ - kdc_util.h policy.h -$(OUTPRE)kdc_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \ - $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h extern.h kdc_util.c \ - kdc_util.h -$(OUTPRE)kdc_preauth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h extern.h kdc_preauth.c \ - kdc_util.h -$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \ - $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_kt.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - extern.h kdc5_err.h kdc_util.h main.c -$(OUTPRE)network.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h extern.h kdc5_err.h \ - kdc_util.h network.c -$(OUTPRE)policy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdc_util.h policy.c -$(OUTPRE)extern.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h extern.c extern.h -$(OUTPRE)replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h extern.h kdc_util.h \ - replay.c -$(OUTPRE)kdc_authdata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - extern.h kdc_authdata.c kdc_util.h -$(OUTPRE)kerberos_v4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/krb_db.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - extern.h kdc_util.h kerberos_v4.c -$(OUTPRE)fakeka.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - fakeka.c diff --git a/src/kdc/deps b/src/kdc/deps new file mode 100644 index 0000000000..3133159d0c --- /dev/null +++ b/src/kdc/deps @@ -0,0 +1,134 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kdc5_err.$(OBJEXT): $(COM_ERR_DEPS) kdc5_err.c +$(OUTPRE)dispatch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h dispatch.c extern.h \ + kdc_util.h +$(OUTPRE)do_as_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \ + $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + do_as_req.c extern.h kdc_util.h policy.h +$(OUTPRE)do_tgs_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h do_tgs_req.c extern.h \ + kdc_util.h policy.h +$(OUTPRE)kdc_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \ + $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc_util.c kdc_util.h +$(OUTPRE)kdc_preauth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h extern.h kdc_preauth.c \ + kdc_util.h +$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \ + $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_kt.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h extern.h kdc5_err.h \ + kdc_util.h main.c +$(OUTPRE)network.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc5_err.h kdc_util.h network.c +$(OUTPRE)policy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc_util.h policy.c +$(OUTPRE)extern.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.c extern.h +$(OUTPRE)replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc_util.h replay.c +$(OUTPRE)kdc_authdata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + extern.h kdc_authdata.c kdc_util.h diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c index ac0eb485d8..77415af82d 100644 --- a/src/kdc/dispatch.c +++ b/src/kdc/dispatch.c @@ -99,10 +99,6 @@ dispatch(krb5_data *pkt, const krb5_fulladdr *from, krb5_data **response) krb5_free_kdc_req(kdc_context, as_req); } } -#ifdef KRB5_KRB4_COMPAT - else if (pkt->data[0] == 4) /* old version */ - retval = process_v4(pkt, from, response); -#endif else retval = KRB5KRB_AP_ERR_MSG_TYPE; #ifndef NOCACHE diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index e5c5b0e55b..d0279a0d61 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -2,7 +2,7 @@ * kdc/do_as_req.c * * Portions Copyright (C) 2007 Apple Inc. - * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -27,6 +27,33 @@ * * KDC Routines to deal with AS_REQ's */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include "com_err.h" @@ -56,7 +83,8 @@ #endif /* APPLE_PKINIT */ static krb5_error_code prepare_error_as (krb5_kdc_req *, int, krb5_data *, - krb5_data **, const char *); + krb5_principal, krb5_data **, + const char *); /*ARGSUSED*/ krb5_error_code @@ -73,23 +101,21 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, krb5_boolean more; krb5_timestamp kdc_time, authtime; krb5_keyblock session_key; - krb5_keyblock encrypting_key; const char *status; - krb5_key_data *server_key, *client_key; + krb5_key_data *server_key, *client_key; + krb5_keyblock server_keyblock, client_keyblock; krb5_keyblock *tmp_mkey; krb5_enctype useenctype; -#ifdef KRBCONF_KDC_MODIFIES_KDB krb5_boolean update_client = 0; -#endif /* KRBCONF_KDC_MODIFIES_KDB */ krb5_data e_data; register int i; krb5_timestamp until, rtime; char *cname = 0, *sname = 0; - const char *fromstring = 0; - char ktypestr[128]; - char rep_etypestr[128]; - char fromstringbuf[70]; + unsigned int c_flags = 0, s_flags = 0; + krb5_principal_data client_princ; void *pa_context = NULL; + int did_log = 0; + const char *emsg = 0; #if APPLE_PKINIT asReqDebug("process_as_req top realm %s name %s\n", @@ -98,20 +124,14 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, ticket_reply.enc_part.ciphertext.data = 0; e_data.data = 0; - encrypting_key.contents = 0; + server_keyblock.contents = NULL; + client_keyblock.contents = NULL; reply.padata = 0; + memset(&reply, 0, sizeof(reply)); + session_key.contents = 0; enc_tkt_reply.authorization_data = NULL; - ktypes2str(ktypestr, sizeof(ktypestr), - request->nktypes, request->ktype); - - fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype), - from->address->contents, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; - if (!request->client) { status = "NULL_CLIENT"; errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; @@ -133,13 +153,33 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, } limit_string(sname); + /* + * We set KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY as a hint + * to the backend to return naming information in lieu + * of cross realm TGS entries. + */ + setflag(c_flags, KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY); + /* + * Note that according to the referrals draft we should + * always canonicalize enterprise principal names. + */ + if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE) || + krb5_princ_type(kdc_context, + request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE); + } + if (include_pac_p(kdc_context, request)) { + setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC); + } c_nprincs = 1; - if ((errcode = get_principal(kdc_context, request->client, - &client, &c_nprincs, &more))) { + if ((errcode = krb5_db_get_principal_ext(kdc_context, request->client, + c_flags, &client, &c_nprincs, + &more))) { status = "LOOKING_UP_CLIENT"; c_nprincs = 0; goto errout; } + if (more) { status = "NON-UNIQUE_CLIENT"; errcode = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; @@ -153,12 +193,40 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, #endif goto errout; } - + + /* + * If the backend returned a principal that is not in the local + * realm, then we need to refer the client to that realm. + */ + if (!is_local_principal(client.princ)) { + /* Entry is a referral to another realm */ + status = "REFERRAL"; + errcode = KRB5KDC_ERR_WRONG_REALM; + goto errout; + } + +#if 0 + /* + * Turn off canonicalization if client is marked DES only + * (unless enterprise principal name was requested) + */ + if (isflagset(client.attributes, KRB5_KDB_NON_MS_PRINCIPAL) && + krb5_princ_type(kdc_context, + request->client) != KRB5_NT_ENTERPRISE_PRINCIPAL) { + clear(c_flags, KRB5_KDB_FLAG_CANONICALIZE); + } +#endif + + s_flags = 0; + if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) { + setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE); + } s_nprincs = 1; - if ((errcode = get_principal(kdc_context, request->server, &server, - &s_nprincs, &more))) { - status = "LOOKING_UP_SERVER"; - goto errout; + if ((errcode = krb5_db_get_principal_ext(kdc_context, request->server, + s_flags, &server, + &s_nprincs, &more))) { + status = "LOOKING_UP_SERVER"; + goto errout; } if (more) { status = "NON-UNIQUE_SERVER"; @@ -174,9 +242,10 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, status = "TIMEOFDAY"; goto errout; } + authtime = kdc_time; /* for audit_as_request() */ if ((errcode = validate_as_request(request, client, server, - kdc_time, &status))) { + kdc_time, &status))) { if (!status) status = "UNKNOWN_REASON"; errcode += ERROR_TABLE_BASE_krb5; @@ -201,9 +270,22 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, goto errout; } - ticket_reply.server = request->server; + /* + * Canonicalization is only effective if we are issuing a TGT + * (the intention is to allow support for Windows "short" realm + * aliases, nothing more). + */ + if (isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE) && + krb5_is_tgs_principal(request->server) && + krb5_is_tgs_principal(server.princ)) { + ticket_reply.server = server.princ; + } else { + ticket_reply.server = request->server; + } enc_tkt_reply.flags = 0; + enc_tkt_reply.times.authtime = authtime; + setflag(enc_tkt_reply.flags, TKT_FLG_INITIAL); /* It should be noted that local policy may affect the */ @@ -220,12 +302,17 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, setflag(enc_tkt_reply.flags, TKT_FLG_MAY_POSTDATE); enc_tkt_reply.session = &session_key; - enc_tkt_reply.client = request->client; + if (isflagset(c_flags, KRB5_KDB_FLAG_CANONICALIZE)) { + client_princ = *(client.princ); + } else { + client_princ = *(request->client); + /* The realm is always canonicalized */ + client_princ.realm = *(krb5_princ_realm(context, client.princ)); + } + enc_tkt_reply.client = &client_princ; enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS; enc_tkt_reply.transited.tr_contents = empty_string; /* equivalent of "" */ - enc_tkt_reply.times.authtime = kdc_time; - if (isflagset(request->kdc_options, KDC_OPT_POSTDATED)) { setflag(enc_tkt_reply.flags, TKT_FLG_POSTDATED); setflag(enc_tkt_reply.flags, TKT_FLG_INVALID); @@ -281,6 +368,9 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, errcode = check_padata(kdc_context, &client, req_pkt, request, &enc_tkt_reply, &pa_context, &e_data); if (errcode) { + if (errcode == KRB5KDC_ERR_PREAUTH_FAILED) + get_preauth_hint_list(request, &client, &server, &e_data); + #ifdef KRBCONF_KDC_MODIFIES_KDB /* * Note: this doesn't work if you're using slave servers!!! @@ -294,8 +384,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, } } client.last_failed = kdc_time; - update_client = 1; #endif + update_client = 1; status = "PREAUTH_FAILED"; #ifdef KRBCONF_VAGUE_ERRORS errcode = KRB5KRB_ERR_GENERIC; @@ -316,9 +406,10 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, goto errout; } - errcode = handle_authdata(kdc_context, &client, req_pkt, request, &enc_tkt_reply); - if (errcode) { - krb5_klog_syslog(LOG_INFO, "AS_REQ : handle_authdata (%d)", errcode); + if ((errcode = validate_forwardable(request, client, server, + kdc_time, &status))) { + errcode += ERROR_TABLE_BASE_krb5; + goto errout; } ticket_reply.enc_part2 = &enc_tkt_reply; @@ -343,21 +434,13 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, /* convert server.key into a real key (it may be encrypted in the database) */ if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, tmp_mkey, - server_key, &encrypting_key, + /* server_keyblock is later used to generate auth data signatures */ + server_key, &server_keyblock, NULL))) { status = "DECRYPT_SERVER_KEY"; goto errout; } - errcode = krb5_encrypt_tkt_part(kdc_context, &encrypting_key, &ticket_reply); - krb5_free_keyblock_contents(kdc_context, &encrypting_key); - encrypting_key.contents = 0; - if (errcode) { - status = "ENCRYPTING_TICKET"; - goto errout; - } - ticket_reply.enc_part.kvno = server_key->key_data_kvno; - /* * Find the appropriate client key. We search in the order specified * by request keytype list. @@ -386,16 +469,16 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, /* convert client.key_data into a real key */ if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, tmp_mkey, - client_key, &encrypting_key, + client_key, &client_keyblock, NULL))) { status = "DECRYPT_CLIENT_KEY"; goto errout; } - encrypting_key.enctype = useenctype; + client_keyblock.enctype = useenctype; /* Start assembling the response */ reply.msg_type = KRB5_AS_REP; - reply.client = request->client; + reply.client = enc_tkt_reply.client; /* post canonicalization */ reply.ticket = &ticket_reply; reply_encpart.session = &session_key; if ((errcode = fetch_last_req_info(&client, &reply_encpart.last_req))) { @@ -413,10 +496,12 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, reply_encpart.times.authtime = authtime = kdc_time; reply_encpart.caddrs = enc_tkt_reply.caddrs; + reply_encpart.enc_padata = NULL; - /* Fetch the padata info to be returned */ + /* Fetch the padata info to be returned (do this before + authdata to handle possible replacement of reply key */ errcode = return_padata(kdc_context, &client, req_pkt, request, - &reply, client_key, &encrypting_key, &pa_context); + &reply, client_key, &client_keyblock, &pa_context); if (errcode) { status = "KDC_RETURN_PADATA"; goto errout; @@ -427,16 +512,45 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, reply.client->realm.data, reply.client->data->data); #endif /* APPLE_PKINIT */ + errcode = return_svr_referral_data(kdc_context, + &server, &reply_encpart); + if (errcode) { + status = "KDC_RETURN_ENC_PADATA"; + goto errout; + } + + errcode = handle_authdata(kdc_context, + c_flags, + &client, + &server, + &server, + &client_keyblock, + &server_keyblock, + req_pkt, + request, + NULL, /* for_user_princ */ + NULL, /* enc_tkt_request */ + &enc_tkt_reply); + if (errcode) { + krb5_klog_syslog(LOG_INFO, "AS_REQ : handle_authdata (%d)", errcode); + status = "HANDLE_AUTHDATA"; + goto errout; + } + + errcode = krb5_encrypt_tkt_part(kdc_context, &server_keyblock, &ticket_reply); + if (errcode) { + status = "ENCRYPTING_TICKET"; + goto errout; + } + ticket_reply.enc_part.kvno = server_key->key_data_kvno; + /* now encode/encrypt the response */ - reply.enc_part.enctype = encrypting_key.enctype; + reply.enc_part.enctype = client_keyblock.enctype; errcode = krb5_encode_kdc_rep(kdc_context, KRB5_AS_REP, &reply_encpart, - 0, &encrypting_key, &reply, response); - krb5_free_keyblock_contents(kdc_context, &encrypting_key); - encrypting_key.contents = 0; + 0, &client_keyblock, &reply, response); reply.enc_part.kvno = client_key->key_data_kvno; - if (errcode) { status = "ENCODE_KDC_REP"; goto errout; @@ -447,14 +561,8 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length); free(reply.enc_part.ciphertext.data); - rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply); - krb5_klog_syslog(LOG_INFO, - "AS_REQ (%s) %s: ISSUE: authtime %d, " - "%s, %s for %s", - ktypestr, - fromstring, authtime, - rep_etypestr, - cname, sname); + log_as_req(from, request, &reply, cname, sname, authtime, 0, 0, 0); + did_log = 1; #ifdef KRBCONF_KDC_MODIFIES_KDB /* @@ -462,56 +570,59 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt, */ client.last_success = kdc_time; client.fail_auth_count = 0; - update_client = 1; #endif /* KRBCONF_KDC_MODIFIES_KDB */ + update_client = 1; + + goto egress; errout: + assert (status != 0); + /* fall through */ + +egress: + if (update_client) { + audit_as_request(request, &client, &server, authtime, errcode); + } + if (pa_context) free_padata_context(kdc_context, &pa_context); + if (errcode) + emsg = krb5_get_error_message(kdc_context, errcode); + if (status) { - const char * emsg = 0; - if (errcode) - emsg = krb5_get_error_message (kdc_context, errcode); - - krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s", - ktypestr, - fromstring, status, - cname ? cname : "", - sname ? sname : "", - errcode ? ", " : "", - errcode ? emsg : ""); - if (errcode) - krb5_free_error_message (kdc_context, emsg); + log_as_req(from, request, &reply, cname, sname, 0, + status, errcode, emsg); + did_log = 1; } if (errcode) { - int got_err = 0; if (status == 0) { - status = krb5_get_error_message (kdc_context, errcode); - got_err = 1; + status = emsg; } errcode -= ERROR_TABLE_BASE_krb5; if (errcode < 0 || errcode > 128) errcode = KRB_ERR_GENERIC; - errcode = prepare_error_as(request, errcode, &e_data, response, - status); - if (got_err) { - krb5_free_error_message (kdc_context, status); - status = 0; - } + errcode = prepare_error_as(request, errcode, &e_data, + c_nprincs ? client.princ : NULL, + response, status); + status = 0; } + if (emsg) + krb5_free_error_message(kdc_context, emsg); if (enc_tkt_reply.authorization_data != NULL) krb5_free_authdata(kdc_context, enc_tkt_reply.authorization_data); - if (encrypting_key.contents) - krb5_free_keyblock_contents(kdc_context, &encrypting_key); - if (reply.padata) + if (server_keyblock.contents != NULL) + krb5_free_keyblock_contents(kdc_context, &server_keyblock); + if (client_keyblock.contents != NULL) + krb5_free_keyblock_contents(kdc_context, &client_keyblock); + if (reply.padata != NULL) krb5_free_pa_data(kdc_context, reply.padata); - if (cname) + if (cname != NULL) free(cname); - if (sname) + if (sname != NULL) free(sname); if (c_nprincs) { #ifdef KRBCONF_KDC_MODIFIES_KDB @@ -533,22 +644,23 @@ errout: } if (s_nprincs) krb5_db_free_principal(kdc_context, &server, s_nprincs); - if (session_key.contents) + if (session_key.contents != NULL) krb5_free_keyblock_contents(kdc_context, &session_key); - if (ticket_reply.enc_part.ciphertext.data) { + if (ticket_reply.enc_part.ciphertext.data != NULL) { memset(ticket_reply.enc_part.ciphertext.data , 0, ticket_reply.enc_part.ciphertext.length); free(ticket_reply.enc_part.ciphertext.data); } krb5_free_data_contents(kdc_context, &e_data); - + assert(did_log != 0); return errcode; } static krb5_error_code prepare_error_as (krb5_kdc_req *request, int error, krb5_data *e_data, - krb5_data **response, const char *status) + krb5_principal canon_client, krb5_data **response, + const char *status) { krb5_error errpkt; krb5_error_code retval; @@ -562,21 +674,24 @@ prepare_error_as (krb5_kdc_req *request, int error, krb5_data *e_data, return(retval); errpkt.error = error; errpkt.server = request->server; - errpkt.client = request->client; - errpkt.text.length = strlen(status)+1; - if (!(errpkt.text.data = malloc(errpkt.text.length))) + + if (error == KRB5KDC_ERR_WRONG_REALM) + errpkt.client = canon_client; + else + errpkt.client = request->client; + errpkt.text.length = strlen(status) + 1; + if (!(errpkt.text.data = strdup(status))) return ENOMEM; - (void) strcpy(errpkt.text.data, status); if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) { free(errpkt.text.data); return ENOMEM; } - if (e_data && e_data->data) { + if (e_data != NULL&& e_data->data != NULL) { errpkt.e_data = *e_data; } else { errpkt.e_data.length = 0; - errpkt.e_data.data = 0; + errpkt.e_data.data = NULL; } retval = krb5_mk_error(kdc_context, &errpkt, scratch); diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index f1fbfb6dad..24136c374f 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -1,7 +1,7 @@ /* * kdc/do_tgs_req.c * - * Copyright 1990,1991,2001,2007 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2001,2007,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -26,6 +26,33 @@ * * KDC Routines to deal with TGS_REQ's */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include "com_err.h" @@ -49,8 +76,8 @@ static void find_alternate_tgs (krb5_kdc_req *, krb5_db_entry *, krb5_boolean *, int *); static krb5_error_code prepare_error_tgs (krb5_kdc_req *, krb5_ticket *, - int, const char *, krb5_data **, - const char *); + int, krb5_principal, + krb5_data **, const char *); /*ARGSUSED*/ krb5_error_code @@ -75,8 +102,7 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, krb5_timestamp until, rtime; krb5_keyblock encrypting_key; krb5_key_data *server_key; - char *cname = 0, *sname = 0, *tmp = 0; - const char *fromstring = 0; + char *cname = 0, *sname = 0, *altcname = 0; krb5_last_req_entry *nolrarray[2], nolrentry; /* krb5_address *noaddrarray[1]; */ krb5_enctype useenctype; @@ -84,18 +110,22 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, register int i; int firstpass = 1; const char *status = 0; - char ktypestr[128]; - char rep_etypestr[128]; - char fromstringbuf[70]; - - session_key.contents = 0; + krb5_enc_tkt_part *header_enc_tkt = NULL; /* ticket granting or evidence ticket */ + krb5_db_entry client, krbtgt; + int c_nprincs = 0, k_nprincs = 0; + krb5_pa_for_user *for_user = NULL; /* protocol transition request */ + krb5_authdata **kdc_issued_auth_data = NULL; /* auth data issued by KDC */ + unsigned int c_flags = 0, s_flags = 0; /* client/server KDB flags */ + char *s4u_name = NULL; + krb5_boolean is_referral; + const char *emsg = NULL; + + session_key.contents = NULL; retval = decode_krb5_tgs_req(pkt, &request); if (retval) return retval; - ktypes2str(ktypestr, sizeof(ktypestr), - request->nktypes, request->ktype); /* * setup_server_realm() sets up the global realm-specific data pointer. */ @@ -104,12 +134,6 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, return retval; } - fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype), - from->address->contents, - fromstringbuf, sizeof(fromstringbuf)); - if (!fromstring) - fromstring = ""; - if ((errcode = krb5_unparse_name(kdc_context, request->server, &sname))) { status = "UNPARSING SERVER"; goto cleanup; @@ -117,8 +141,8 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, limit_string(sname); /* errcode = kdc_process_tgs_req(request, from, pkt, &req_authdat); */ - errcode = kdc_process_tgs_req(request, from, pkt, &header_ticket, &subkey); - + errcode = kdc_process_tgs_req(request, from, pkt, &header_ticket, + &krbtgt, &k_nprincs, &subkey); if (header_ticket && header_ticket->enc_part2 && (errcode2 = krb5_unparse_name(kdc_context, header_ticket->enc_part2->client, @@ -139,6 +163,14 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, status="UNEXPECTED NULL in header_ticket"; goto cleanup; } + + /* + * Pointer to the encrypted part of the header ticket, which may be + * replaced to point to the encrypted part of the evidence ticket + * if constrained delegation is used. This simplifies the number of + * special cases for constrained delegation. + */ + header_enc_tkt = header_ticket->enc_part2; /* * We've already dealt with the AP_REQ authentication, so we can @@ -146,14 +178,22 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from, * decrypted with the session key. */ - authtime = header_ticket->enc_part2->times.authtime; - /* XXX make sure server here has the proper realm...taken from AP_REQ header? */ nprincs = 1; - if ((errcode = get_principal(kdc_context, request->server, &server, - &nprincs, &more))) { + if (isflagset(request->kdc_options, KDC_OPT_CANONICALIZE)) { + setflag(c_flags, KRB5_KDB_FLAG_CANONICALIZE); + setflag(s_flags, KRB5_KDB_FLAG_CANONICALIZE); + } + + errcode = krb5_db_get_principal_ext(kdc_context, + request->server, + s_flags, + &server, + &nprincs, + &more); + if (errcode) { status = "LOOKING_UP_SERVER"; nprincs = 0; goto cleanup; @@ -195,13 +235,28 @@ tgt_again: } if ((retval = validate_tgs_request(request, server, header_ticket, - kdc_time, &status))) { + kdc_time, &status))) { if (!status) status = "UNKNOWN_REASON"; errcode = retval + ERROR_TABLE_BASE_krb5; goto cleanup; } + if (!is_local_principal(header_enc_tkt->client)) + setflag(c_flags, KRB5_KDB_FLAG_CROSS_REALM); + + is_referral = krb5_is_tgs_principal(server.princ) && + !krb5_principal_compare(kdc_context, tgs_server, server.princ); + + /* Check for protocol transition */ + errcode = kdc_process_s4u2self_req(kdc_context, request, header_enc_tkt->client, + &server, header_enc_tkt->session, kdc_time, + &for_user, &client, &c_nprincs, &status); + if (errcode) + goto cleanup; + if (for_user != NULL) + setflag(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION); + /* * We pick the session keytype here.... * @@ -214,17 +269,23 @@ tgt_again: * to anything else. */ useenctype = 0; - if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) { + if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY | + KDC_OPT_CNAME_IN_ADDL_TKT)) { krb5_keyblock * st_sealing_key; krb5_kvno st_srv_kvno; krb5_enctype etype; + krb5_db_entry st_client; + int st_nprincs = 0; /* * Get the key for the second ticket, and decrypt it. */ if ((errcode = kdc_get_server_key(request->second_ticket[st_idx], - &st_sealing_key, - &st_srv_kvno))) { + c_flags, + &st_client, + &st_nprincs, + &st_sealing_key, + &st_srv_kvno))) { status = "2ND_TKT_SERVER"; goto cleanup; } @@ -233,6 +294,7 @@ tgt_again: krb5_free_keyblock(kdc_context, st_sealing_key); if (errcode) { status = "2ND_TKT_DECRYPT"; + krb5_db_free_principal(kdc_context, &st_client, st_nprincs); goto cleanup; } @@ -240,6 +302,7 @@ tgt_again: if (!krb5_c_valid_enctype(etype)) { status = "BAD_ETYPE_IN_2ND_TKT"; errcode = KRB5KDC_ERR_ETYPE_NOSUPP; + krb5_db_free_principal(kdc_context, &st_client, st_nprincs); goto cleanup; } @@ -249,6 +312,34 @@ tgt_again: break; } } + + if (isflagset(request->kdc_options, KDC_OPT_CNAME_IN_ADDL_TKT)) { + /* Do constrained delegation protocol and authorization checks */ + errcode = kdc_process_s4u2proxy_req(kdc_context, + request, + request->second_ticket[st_idx]->enc_part2, + &st_client, + header_ticket->enc_part2->client, + request->server, + &status); + if (errcode) + goto cleanup; + + setflag(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION); + + assert(krb5_is_tgs_principal(header_ticket->server)); + + /* From now on, use evidence ticket as header ticket */ + header_enc_tkt = request->second_ticket[st_idx]->enc_part2; + + assert(c_nprincs == 0); /* assured by kdc_process_s4u2self_req() */ + + client = st_client; + c_nprincs = st_nprincs; + } else { + /* "client" is not used for user2user */ + krb5_db_free_principal(kdc_context, &st_client, st_nprincs); + } } /* @@ -272,24 +363,35 @@ tgt_again: goto cleanup; } - ticket_reply.server = request->server; /* XXX careful for realm... */ + authtime = header_enc_tkt->times.authtime; + + if (is_referral) + ticket_reply.server = server.princ; + else + ticket_reply.server = request->server; /* XXX careful for realm... */ enc_tkt_reply.flags = 0; enc_tkt_reply.times.starttime = 0; + if (isflagset(server.attributes, KRB5_KDB_OK_AS_DELEGATE) && + !is_referral) { + /* Ensure that we are not returning a referral */ + setflag(enc_tkt_reply.flags, TKT_FLG_OK_AS_DELEGATE); + } + /* * Fix header_ticket's starttime; if it's zero, fill in the * authtime's value. */ - if (!(header_ticket->enc_part2->times.starttime)) - header_ticket->enc_part2->times.starttime = - header_ticket->enc_part2->times.authtime; + if (!(header_enc_tkt->times.starttime)) + header_enc_tkt->times.starttime = header_enc_tkt->times.authtime; /* don't use new addresses unless forwarded, see below */ - enc_tkt_reply.caddrs = header_ticket->enc_part2->caddrs; + enc_tkt_reply.caddrs = header_enc_tkt->caddrs; /* noaddrarray[0] = 0; */ reply_encpart.caddrs = 0; /* optional...don't put it in */ + reply_encpart.enc_padata = NULL; /* It should be noted that local policy may affect the */ /* processing of any of these flags. For example, some */ @@ -297,7 +399,17 @@ tgt_again: if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE)) setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); - + if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) { + if (!krb5_is_tgs_principal(server.princ) && + is_local_principal(server.princ)) { + if (isflagset(server.attributes, KRB5_KDB_OK_TO_AUTH_AS_DELEGATE)) + setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); + else + clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); + } + if (isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE)) + clear(enc_tkt_reply.flags, TKT_FLG_FORWARDABLE); + } if (isflagset(request->kdc_options, KDC_OPT_FORWARDED)) { setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDED); @@ -306,7 +418,7 @@ tgt_again: enc_tkt_reply.caddrs = request->addresses; reply_encpart.caddrs = request->addresses; } - if (isflagset(header_ticket->enc_part2->flags, TKT_FLG_FORWARDED)) + if (isflagset(header_enc_tkt->flags, TKT_FLG_FORWARDED)) setflag(enc_tkt_reply.flags, TKT_FLG_FORWARDED); if (isflagset(request->kdc_options, KDC_OPT_PROXIABLE)) @@ -332,6 +444,7 @@ tgt_again: enc_tkt_reply.times.starttime = kdc_time; if (isflagset(request->kdc_options, KDC_OPT_VALIDATE)) { + assert(isflagset(c_flags, KRB5_KDB_FLAGS_S4U) == 0); /* BEWARE of allocation hanging off of ticket & enc_part2, it belongs to the caller */ ticket_reply = *(header_ticket); @@ -342,6 +455,7 @@ tgt_again: if (isflagset(request->kdc_options, KDC_OPT_RENEW)) { krb5_deltat old_life; + assert(isflagset(c_flags, KRB5_KDB_FLAGS_S4U) == 0); /* BEWARE of allocation hanging off of ticket & enc_part2, it belongs to the caller */ ticket_reply = *(header_ticket); @@ -360,15 +474,13 @@ tgt_again: enc_tkt_reply.times.endtime = min(until, min(enc_tkt_reply.times.starttime + server.max_life, min(enc_tkt_reply.times.starttime + max_life_for_realm, - header_ticket->enc_part2->times.endtime))); + header_enc_tkt->times.endtime))); if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE_OK) && (enc_tkt_reply.times.endtime < request->till) && - isflagset(header_ticket->enc_part2->flags, - TKT_FLG_RENEWABLE)) { + isflagset(header_enc_tkt->flags, TKT_FLG_RENEWABLE)) { setflag(request->kdc_options, KDC_OPT_RENEWABLE); request->rtime = - min(request->till, - header_ticket->enc_part2->times.renew_till); + min(request->till, header_enc_tkt->times.renew_till); } } rtime = (request->rtime == 0) ? kdc_infinity : request->rtime; @@ -379,7 +491,7 @@ tgt_again: setflag(enc_tkt_reply.flags, TKT_FLG_RENEWABLE); enc_tkt_reply.times.renew_till = min(rtime, - min(header_ticket->enc_part2->times.renew_till, + min(header_enc_tkt->times.renew_till, enc_tkt_reply.times.starttime + min(server.max_renewable_life, max_renewable_life_for_realm))); @@ -390,15 +502,15 @@ tgt_again: /* * Set authtime to be the same as header_ticket's */ - enc_tkt_reply.times.authtime = header_ticket->enc_part2->times.authtime; + enc_tkt_reply.times.authtime = header_enc_tkt->times.authtime; /* * Propagate the preauthentication flags through to the returned ticket. */ - if (isflagset(header_ticket->enc_part2->flags, TKT_FLG_PRE_AUTH)) + if (isflagset(header_enc_tkt->flags, TKT_FLG_PRE_AUTH)) setflag(enc_tkt_reply.flags, TKT_FLG_PRE_AUTH); - if (isflagset(header_ticket->enc_part2->flags, TKT_FLG_HW_AUTH)) + if (isflagset(header_enc_tkt->flags, TKT_FLG_HW_AUTH)) setflag(enc_tkt_reply.flags, TKT_FLG_HW_AUTH); /* starttime is optional, and treated as authtime if not present. @@ -406,49 +518,130 @@ tgt_again: if (enc_tkt_reply.times.starttime == enc_tkt_reply.times.authtime) enc_tkt_reply.times.starttime = 0; - /* assemble any authorization data */ - if (request->authorization_data.ciphertext.data) { - krb5_data scratch; + if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) { + errcode = krb5_unparse_name(kdc_context, for_user->user, &s4u_name); + } else if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) { + errcode = krb5_unparse_name(kdc_context, header_enc_tkt->client, &s4u_name); + } else { + errcode = 0; + } + if (errcode) { + status = "UNPARSING S4U CLIENT"; + goto cleanup; + } - scratch.length = request->authorization_data.ciphertext.length; - if (!(scratch.data = - malloc(request->authorization_data.ciphertext.length))) { - status = "AUTH_NOMEM"; - errcode = ENOMEM; + if (isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) { + krb5_enc_tkt_part *t2enc = request->second_ticket[st_idx]->enc_part2; + encrypting_key = *(t2enc->session); + } else { + /* + * Find the server key + */ + if ((errcode = krb5_dbe_find_enctype(kdc_context, &server, + -1, /* ignore keytype */ + -1, /* Ignore salttype */ + 0, /* Get highest kvno */ + &server_key))) { + status = "FINDING_SERVER_KEY"; goto cleanup; } - - if ((errcode = krb5_c_decrypt(kdc_context, - header_ticket->enc_part2->session, - KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY, - 0, &request->authorization_data, - &scratch))) { - status = "AUTH_ENCRYPT_FAIL"; - free(scratch.data); + /* convert server.key into a real key (it may be encrypted + * in the database) */ + if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, + &master_keyblock, + server_key, &encrypting_key, + NULL))) { + status = "DECRYPT_SERVER_KEY"; goto cleanup; } + } - /* scratch now has the authorization data, so we decode it */ - errcode = decode_krb5_authdata(&scratch, &(request->unenc_authdata)); - free(scratch.data); - if (errcode) { - status = "AUTH_DECODE"; - goto cleanup; + if (isflagset(c_flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) { + /* + * Don't allow authorization data to be disabled if constrained + * delegation is requested. We don't want to deny the server + * the ability to validate that delegation was used. + */ + clear(server.attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED); + } + if (isflagset(server.attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED) == 0) { + /* + * If we are not doing protocol transition/constrained delegation + * and there was no authorization data included, try to lookup + * the client principal as it may be mapped to a local account. + * + * Always validate authorization data for constrained delegation + * because we must validate the KDC signatures. + */ + if (!isflagset(c_flags, KRB5_KDB_FLAGS_S4U) && + header_enc_tkt->authorization_data == NULL) { + + /* Generate authorization data so we can include it in ticket */ + setflag(c_flags, KRB5_KDB_FLAG_INCLUDE_PAC); + /* Map principals from foreign (possibly non-AD) realms */ + setflag(c_flags, KRB5_KDB_FLAG_MAP_PRINCIPALS); + + assert(c_nprincs == 0); /* should not have been looked up already */ + + c_nprincs = 1; + errcode = krb5_db_get_principal_ext(kdc_context, + header_enc_tkt->client, + c_flags, + &client, + &c_nprincs, + &more); + /* + * We can ignore errors because the principal may be a + * valid cross-realm principal for which we have no local + * mapping. But we do want to check that at most one entry + * was returned. + */ + if (errcode == 0 && (more || c_nprincs > 1)) { + errcode = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; + goto cleanup; + } else if (errcode) { + c_nprincs = 0; + } } + } - if ((errcode = - concat_authorization_data(request->unenc_authdata, - header_ticket->enc_part2->authorization_data, - &enc_tkt_reply.authorization_data))) { - status = "CONCAT_AUTH"; + enc_tkt_reply.authorization_data = NULL; + + if (isflagset(c_flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) && + is_local_principal(header_enc_tkt->client)) + enc_tkt_reply.client = for_user->user; + else + enc_tkt_reply.client = header_enc_tkt->client; + + errcode = handle_authdata(kdc_context, + c_flags, + (c_nprincs != 0) ? &client : NULL, + &server, + (k_nprincs != 0) ? &krbtgt : NULL, + subkey != NULL ? subkey : + header_ticket->enc_part2->session, + &encrypting_key, /* U2U or server key */ + pkt, + request, + for_user ? for_user->user : NULL, + header_enc_tkt, + &enc_tkt_reply); + if (errcode) { + krb5_klog_syslog(LOG_INFO, "TGS_REQ : handle_authdata (%d)", errcode); + status = "HANDLE_AUTHDATA"; + goto cleanup; + } + + if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) { + errcode = return_svr_referral_data(kdc_context, + &server, &reply_encpart); + if (errcode) { + status = "KDC_RETURN_ENC_PADATA"; goto cleanup; } - } else - enc_tkt_reply.authorization_data = - header_ticket->enc_part2->authorization_data; + } enc_tkt_reply.session = &session_key; - enc_tkt_reply.client = header_ticket->enc_part2->client; enc_tkt_reply.transited.tr_type = KRB5_DOMAIN_X500_COMPRESS; enc_tkt_reply.transited.tr_contents = empty_string; /* equivalent of "" */ @@ -464,11 +657,11 @@ tgt_again: if (realm_compare(header_ticket->server, tgs_server) || realm_compare(header_ticket->server, enc_tkt_reply.client)) { /* tgt issued by local realm or issued by realm of client */ - enc_tkt_reply.transited = header_ticket->enc_part2->transited; + enc_tkt_reply.transited = header_enc_tkt->transited; } else { /* tgt issued by some other realm and not the realm of the client */ /* assemble new transited field into allocated storage */ - if (header_ticket->enc_part2->transited.tr_type != + if (header_enc_tkt->transited.tr_type != KRB5_DOMAIN_X500_COMPRESS) { status = "BAD_TRTYPE"; errcode = KRB5KDC_ERR_TRTYPE_NOSUPP; @@ -481,7 +674,7 @@ tgt_again: enc_tkt_transited.tr_contents.length = 0; enc_tkt_reply.transited = enc_tkt_transited; if ((errcode = - add_to_transited(&header_ticket->enc_part2->transited.tr_contents, + add_to_transited(&header_enc_tkt->transited.tr_contents, &enc_tkt_reply.transited.tr_contents, header_ticket->server, enc_tkt_reply.client, @@ -491,14 +684,23 @@ tgt_again: } newtransited = 1; } + if (isflagset(c_flags, KRB5_KDB_FLAG_CROSS_REALM)) { + errcode = validate_transit_path(kdc_context, header_enc_tkt->client, + &server, + (k_nprincs != 0) ? &krbtgt : NULL); + if (errcode) { + status = "NON_TRANSITIVE"; + goto cleanup; + } + } if (!isflagset (request->kdc_options, KDC_OPT_DISABLE_TRANSITED_CHECK)) { unsigned int tlen; char *tdots; - errcode = krb5_check_transited_list (kdc_context, - &enc_tkt_reply.transited.tr_contents, - krb5_princ_realm (kdc_context, header_ticket->enc_part2->client), - krb5_princ_realm (kdc_context, request->server)); + errcode = kdc_check_transited_list (kdc_context, + &enc_tkt_reply.transited.tr_contents, + krb5_princ_realm (kdc_context, header_enc_tkt->client), + krb5_princ_realm (kdc_context, request->server)); tlen = enc_tkt_reply.transited.tr_contents.length; tdots = tlen > 125 ? "..." : ""; tlen = tlen > 125 ? 125 : tlen; @@ -515,7 +717,7 @@ tgt_again: enc_tkt_reply.transited.tr_contents.data, tdots); else { - const char *emsg = krb5_get_error_message(kdc_context, errcode); + emsg = krb5_get_error_message(kdc_context, errcode); krb5_klog_syslog (LOG_ERR, "unexpected error checking transit from " "'%s' to '%s' via '%.*s%s': %s", @@ -525,6 +727,7 @@ tgt_again: enc_tkt_reply.transited.tr_contents.data, tdots, emsg); krb5_free_error_message(kdc_context, emsg); + emsg = NULL; } } else krb5_klog_syslog (LOG_INFO, "not checking transit path"); @@ -551,71 +754,36 @@ tgt_again: krb5_enc_tkt_part *t2enc = request->second_ticket[st_idx]->enc_part2; krb5_principal client2 = t2enc->client; if (!krb5_principal_compare(kdc_context, request->server, client2)) { - if ((errcode = krb5_unparse_name(kdc_context, client2, &tmp))) - tmp = 0; - if (tmp != NULL) - limit_string(tmp); - - krb5_klog_syslog(LOG_INFO, - "TGS_REQ %s: 2ND_TKT_MISMATCH: " - "authtime %d, %s for %s, 2nd tkt client %s", - fromstring, authtime, - cname ? cname : "", - sname ? sname : "", - tmp ? tmp : ""); + if ((errcode = krb5_unparse_name(kdc_context, client2, &altcname))) + altcname = 0; + if (altcname != NULL) + limit_string(altcname); + errcode = KRB5KDC_ERR_SERVER_NOMATCH; + status = "2ND_TKT_MISMATCH"; goto cleanup; } ticket_reply.enc_part.kvno = 0; ticket_reply.enc_part.enctype = t2enc->session->enctype; - if ((errcode = krb5_encrypt_tkt_part(kdc_context, t2enc->session, - &ticket_reply))) { - status = "2ND_TKT_ENCRYPT"; - goto cleanup; - } st_idx++; } else { - /* - * Find the server key - */ - if ((errcode = krb5_dbe_find_enctype(kdc_context, &server, - -1, /* ignore keytype */ - -1, /* Ignore salttype */ - 0, /* Get highest kvno */ - &server_key))) { - status = "FINDING_SERVER_KEY"; - goto cleanup; - } - - if ((errcode = krb5_dbe_find_mkey(kdc_context, master_keylist, &server, &tmp_mkey))) { - status = "FINDING_MASTER_KEY"; - goto cleanup; - } + ticket_reply.enc_part.kvno = server_key->key_data_kvno; + } - /* convert server.key into a real key (it may be encrypted - * in the database) */ - if ((errcode = krb5_dbekd_decrypt_key_data(kdc_context, - tmp_mkey, - server_key, &encrypting_key, - NULL))) { - status = "DECRYPT_SERVER_KEY"; - goto cleanup; - } - errcode = krb5_encrypt_tkt_part(kdc_context, &encrypting_key, - &ticket_reply); + errcode = krb5_encrypt_tkt_part(kdc_context, &encrypting_key, + &ticket_reply); + if (!isflagset(request->kdc_options, KDC_OPT_ENC_TKT_IN_SKEY)) krb5_free_keyblock_contents(kdc_context, &encrypting_key); - if (errcode) { - status = "TKT_ENCRYPT"; - goto cleanup; - } - ticket_reply.enc_part.kvno = server_key->key_data_kvno; + if (errcode) { + status = "TKT_ENCRYPT"; + goto cleanup; } /* Start assembling the response */ reply.msg_type = KRB5_TGS_REP; reply.padata = 0; /* always */ - reply.client = header_ticket->enc_part2->client; + reply.client = enc_tkt_reply.client; reply.enc_part.kvno = 0; /* We are using the session key */ reply.ticket = &ticket_reply; @@ -625,7 +793,7 @@ tgt_again: /* copy the time fields EXCEPT for authtime; its location is used for ktime */ reply_encpart.times = enc_tkt_reply.times; - reply_encpart.times.authtime = header_ticket->enc_part2->times.authtime; + reply_encpart.times.authtime = header_enc_tkt->times.authtime; /* starttime is optional, and treated as authtime if not present. so we can nuke it if it matches */ @@ -667,27 +835,16 @@ tgt_again: free(reply.enc_part.ciphertext.data); cleanup: - if (status) { - const char * emsg = NULL; - if (!errcode) - rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply); - if (errcode) - emsg = krb5_get_error_message (kdc_context, errcode); - krb5_klog_syslog(LOG_INFO, - "TGS_REQ (%s) %s: %s: authtime %d, " - "%s%s %s for %s%s%s", - ktypestr, - fromstring, status, authtime, - !errcode ? rep_etypestr : "", - !errcode ? "," : "", - cname ? cname : "", - sname ? sname : "", - errcode ? ", " : "", - errcode ? emsg : ""); - if (errcode) - krb5_free_error_message (kdc_context, emsg); + assert(status != NULL); + if (errcode) + emsg = krb5_get_error_message (kdc_context, errcode); + log_tgs_req(from, request, &reply, cname, sname, altcname, authtime, + status, errcode, emsg); + if (errcode) { + krb5_free_error_message (kdc_context, emsg); + emsg = NULL; } - + if (errcode) { int got_err = 0; if (status == 0) { @@ -699,28 +856,39 @@ cleanup: errcode = KRB_ERR_GENERIC; retval = prepare_error_tgs(request, header_ticket, errcode, - fromstring, response, status); + nprincs ? server.princ : NULL, + response, status); if (got_err) { krb5_free_error_message (kdc_context, status); status = 0; } } - if (header_ticket) + if (header_ticket != NULL) krb5_free_ticket(kdc_context, header_ticket); - if (request) + if (request != NULL) krb5_free_kdc_req(kdc_context, request); - if (cname) + if (cname != NULL) free(cname); - if (sname) + if (sname != NULL) free(sname); - if (nprincs) + if (nprincs != 0) krb5_db_free_principal(kdc_context, &server, 1); - if (session_key.contents) + if (session_key.contents != NULL) krb5_free_keyblock_contents(kdc_context, &session_key); if (newtransited) free(enc_tkt_reply.transited.tr_contents.data); - if (subkey) + if (k_nprincs) + krb5_db_free_principal(kdc_context, &krbtgt, k_nprincs); + if (c_nprincs) + krb5_db_free_principal(kdc_context, &client, c_nprincs); + if (for_user != NULL) + krb5_free_pa_for_user(kdc_context, for_user); + if (kdc_issued_auth_data != NULL) + krb5_free_authdata(kdc_context, kdc_issued_auth_data); + if (s4u_name != NULL) + free(s4u_name); + if (subkey != NULL) krb5_free_keyblock(kdc_context, subkey); return retval; @@ -728,7 +896,8 @@ cleanup: static krb5_error_code prepare_error_tgs (krb5_kdc_req *request, krb5_ticket *ticket, int error, - const char *ident, krb5_data **response, const char *status) + krb5_principal canon_server, + krb5_data **response, const char *status) { krb5_error errpkt; krb5_error_code retval; @@ -745,18 +914,17 @@ prepare_error_tgs (krb5_kdc_req *request, krb5_ticket *ticket, int error, if (ticket && ticket->enc_part2) errpkt.client = ticket->enc_part2->client; else - errpkt.client = 0; + errpkt.client = NULL; errpkt.text.length = strlen(status) + 1; - if (!(errpkt.text.data = malloc(errpkt.text.length))) + if (!(errpkt.text.data = strdup(status))) return ENOMEM; - (void) strcpy(errpkt.text.data, status); if (!(scratch = (krb5_data *)malloc(sizeof(*scratch)))) { free(errpkt.text.data); return ENOMEM; } errpkt.e_data.length = 0; - errpkt.e_data.data = 0; + errpkt.e_data.data = NULL; retval = krb5_mk_error(kdc_context, &errpkt, scratch); free(errpkt.text.data); @@ -820,7 +988,6 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server, } else if (*nprincs == 1) { /* Found it! */ krb5_principal tmpprinc; - char *sname; tmp = *krb5_princ_realm(kdc_context, *pl2); krb5_princ_set_realm(kdc_context, *pl2, @@ -834,15 +1001,7 @@ find_alternate_tgs(krb5_kdc_req *request, krb5_db_entry *server, krb5_free_principal(kdc_context, request->server); request->server = tmpprinc; - if (krb5_unparse_name(kdc_context, request->server, &sname)) { - krb5_klog_syslog(LOG_INFO, - "TGS_REQ: issuing alternate TGT"); - } else { - limit_string(sname); - krb5_klog_syslog(LOG_INFO, - "TGS_REQ: issuing TGT %s", sname); - free(sname); - } + log_tgs_alt_tgt(request->server); krb5_free_realm_tree(kdc_context, plist); return; } diff --git a/src/kdc/extern.c b/src/kdc/extern.c index fa3e0af43b..2a2c1ae22e 100644 --- a/src/kdc/extern.c +++ b/src/kdc/extern.c @@ -37,6 +37,7 @@ krb5_data empty_string = {0, 0, ""}; krb5_timestamp kdc_infinity = KRB5_INT32_MAX; /* XXX */ krb5_rcache kdc_rcache = (krb5_rcache) NULL; krb5_keyblock psr_key; +krb5_int32 max_dgram_reply_size = MAX_DGRAM_SIZE; volatile int signal_requests_exit = 0; /* gets set when signal hits */ volatile int signal_requests_hup = 0; /* ditto */ diff --git a/src/kdc/extern.h b/src/kdc/extern.h index b0e7fb7127..5727fbee36 100644 --- a/src/kdc/extern.h +++ b/src/kdc/extern.h @@ -98,6 +98,7 @@ extern krb5_data empty_string; /* an empty string */ extern krb5_timestamp kdc_infinity; /* greater than all other timestamps */ extern krb5_rcache kdc_rcache; /* replay cache */ extern krb5_keyblock psr_key; /* key for predicted sam response */ +extern krb5_int32 max_dgram_reply_size; /* maximum datagram size */ extern volatile int signal_requests_exit; extern volatile int signal_requests_hup; diff --git a/src/kdc/fakeka.M b/src/kdc/fakeka.M deleted file mode 100644 index 80ea0153aa..0000000000 --- a/src/kdc/fakeka.M +++ /dev/null @@ -1,111 +0,0 @@ -.\" kdc/fakeka.M -.\" -.\" Copyright 2005 by the Massachusetts Institute of Technology. -.\" -.\" Export of this software from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -.\" distribute this software and its documentation for any purpose and -.\" without fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright notice and -.\" this permission notice appear in supporting documentation, and that -.\" the name of M.I.T. not be used in advertising or publicity pertaining -.\" to distribution of the software without specific, written prior -.\" permission. Furthermore if you modify this software you must label -.\" your software as modified software and not distribute it in such a -.\" fashion that it might be confused with the original M.I.T. software. -.\" M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" without express -.\" or implied warranty. -.\" " -.TH FAKEKA 8 -.SH NAME -fakeka \- Fake kaserver for AFS clients -.SH SYNOPSIS -\fBfakeka\fP [\fB\-dm\fP] [\fB\-c\fP \fIcell\fP] [\fB\-f\fP \fIforwarder\fP] -[\fB\-l\fP \fBfacility\fP] [\fB\-p\fP \fBport\fP] [\fB\-r\fP \fIrealm\fP] -.br -.SH DESCRIPTION -.I fakeka -is a fake kaserver that speaks just enough of the AFS RX protocol to make -klog work. It is used in conjunction with a Kerberos V5 KDC to support -existing AFS clients, and is usually used with ka-forwarder. -.I fakeka -must run on the same host as your Kerberos V5 KDC, since it needs access -to the KDC database. ka-forwarder should run on each of your AFS database -servers, pointing to your Kerberos V5 KDCs. -.I fakeka -should then be running on each of the KDCs, with the AFS database servers -listed as arguments to the -.B -f -option. -.PP -Note that principals you wish to use -.I fakeka -with must have either a V4-style key (des:v4) or an AFS-style key -(des:afs3). V5 enctypes won't work. -.SH OPTIONS -.TP -\fB\-c\fP \fIcell\fP -The AFS cell for which -.I fakeka -will be handling requests. If not given, this defaults to the same as the -Kerberos V5 realm (see -.B \-r -below). -.TP -.B \-d -Enables debugging. When this flag is given, -.I fakeka -will run in the foreground and print debugging information to standard -error. Overrides -.BR \-m . -.TP -\fB\-f\fP \fIforwarder\fP -Allows forwarded requests from -.IR forwarder , -which is generally an AFS database server running ka-forwarder. This -option can be given multiple times (up to 10). Each system running -ka-forwarder should be specified with the -.B \-f -flag or forwarded requests from that host will not be answered. (The -forwarders append their own address to the packet. -.TP -\fB\-l\fP \fIfacility\fP -Log actions via syslog with the given -.I facility -rather than the default of LOG_DAEMON. -.I facility -must be one of KERN, USER, MAIL, DAEMON, AUTH, LPR, NEWS, UUCP, CRON, -LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, or LOCAL7. This -option is case-sensitive. Not all of these facilities may be available, -depending on what pre-defined syslog facilities your system provides. -.TP -.B \-m -Fork and background when starting. You will usually always want to give -this flag. -.TP -\fB\-p\fP \fIport\fP -Listen on the specified port rather than the default of 7004 (which is -what klog expects). -.I port -may be a number or a service name from -.IR /etc/services . -.TP -\fB\-r\fP \fIrealm\fP -The Kerberos V5 realm to which the requests are being translated. The -default is the local default realm. -.SH EXAMPLES -Handle requests for a local cell whose name matches the local realm, -accepting forwarded queries from afs1.example.com and afs2.example.com: -.IP "" 4 -fakeka -m -f afs1.example.com -f afs2.example.com -.PP -If the cell name doesn't match the realm name, -.B \-c -would need to be added, specifying the cell name. -.SH SEE ALSO -ka-forwarder(8) diff --git a/src/kdc/fakeka.c b/src/kdc/fakeka.c deleted file mode 100644 index 21344596e4..0000000000 --- a/src/kdc/fakeka.c +++ /dev/null @@ -1,1396 +0,0 @@ -/* - * COPYRIGHT NOTICE - * Copyright (c) 1994 Carnegie Mellon University - * All Rights Reserved. - * - * Permission to use, copy, modify and distribute this software and its - * documentation is hereby granted, provided that both the copyright - * notice and this permission notice appear in all copies of the - * software, derivative works or modified versions, and any portions - * thereof, and that both notices appear in supporting documentation. - * - * CARNEGIE MELLON ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" - * CONDITION. CARNEGIE MELLON DISCLAIMS ANY LIABILITY OF ANY KIND FOR - * ANY DAMAGES WHATSOEVER RESULTING FROM THE USE OF THIS SOFTWARE. - * - * Carnegie Mellon requests users of this software to return to - * - * Software Distribution Coordinator or Software_Distribution@CS.CMU.EDU - * School of Computer Science - * Carnegie Mellon University - * Pittsburgh PA 15213-3890 - * - * any improvements or extensions that they make and grant Carnegie Mellon - * the rights to redistribute these changes. - * - * Converted to Kerberos 5 by Ken Hornstein - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef HAVE_STDLIB_H -#include -#endif -#ifdef HAVE_MEMORY_H -#include -#endif - -#include -#include -#include -#include -#include - -#ifndef LINT -static char rcsid[]= - "$Id$"; -#endif - -/* - * Misc macros - */ - -#define PAD_TO(x, a) (((u_long)(x) + (a) - 1) & ~((a) - 1)) -#define min(a, b) ((a) < (b) ? (a) : (b)) -#define MAXFORWARDERS 10 -#define HEADER_LEN 8 - -/* - * Error values from kautils.h - * - * The security errors are: - * KABADTICKET, KABADSERVER, KABADUSER, and KACLOCKSKEW - */ - -#define KADATABASEINCONSISTENT (180480L) -#define KANOENT (180484L) -#define KABADREQUEST (180490L) -#define KABADTICKET (180504L) -#define KABADSERVER (180507L) -#define KABADUSER (180508L) -#define KACLOCKSKEW (180514L) -#define KAINTERNALERROR (180518L) - - -/* - * Type definitions - */ - -typedef struct packet { - char *base; - int len; - char data[1024]; -} *packet_t; - -typedef struct rx_header { - u_int rx_epoch; - u_int rx_cid; - u_int rx_callnum; - u_int rx_seq; - u_int rx_serial; - u_char rx_type; - u_char rx_flags; - u_char rx_userstatus; - u_char rx_securityindex; - u_short rx_spare; - u_short rx_service; - u_int rx_request; -} *rx_t; - - -/* - * Global vars - */ - -char *progname = "fakeka"; /* needed by libkdb.a */ -char *localrealm = NULL; -char *localcell = NULL; -krb5_timestamp req_time; -kadm5_config_params realm_params; -int debug = 0; - - -/* - * This is a table for the "infamous" CMU ticket lifetime conversion. If - * the lifetime is greater than 128, use this table - */ -#define MAX_TICKET_LIFETIME 2592000 -static long cmu_seconds[] = -{ - 38400, 41055, 43894, 46929, 50174, 53643, 57352, 61318, - 65558, 70091, 74937, 80119, 85658, 91581, 97914, 104684, - 111922, 119661, 127935, 136781, 146239, 156350, 167161, 178720, - 191077, 204289, 218415, 233517, 249663, 266926, 285383, 305116, - 326213, 348769, 372885, 398668, 426233, 455705, 487215, 520903, - 556921, 595430, 636600, 680618, 727679, 777995, 831789, 889303, - 950794, 1016536, 1086825, 1161973, 1242317, 1328217, 1420057, 1518246, - 1623225, 1735463, 1855462, 1983757, 2120924, 2267575, 2424366, 2591999, - 0 -}; - -#if __STDC__ -/* - * Prototypes for all the functions we define - */ - -void perrorexit(char *); -void pexit(char *); -char *kaerror(int); -int get_princ_key(krb5_context, void *, kadm5_principal_ent_t, des_cblock, - des_key_schedule); -int check_princ(krb5_context, void *, char *, char *, kadm5_principal_ent_t); - -int make_reply_packet(krb5_context, void *, packet_t, int, int, int, - char *, char *, char *, char *, - des_cblock, des_key_schedule, char *); - -int Authenticate(krb5_context, void *, char *, packet_t, packet_t); -int GetTicket(krb5_context, void *, char *, packet_t, packet_t); -void process(krb5_context, void *, char *, packet_t, packet_t); -#endif - - -/* - * Helpers for exiting with errors - */ - -void perrorexit(str) -char *str; -{ - perror(str); - exit(1); -} - -void pexit(str) -char *str; -{ - printf("%s\n", str); - exit(1); -} - - -/* - * Translate error codes into strings. - */ - -char *kaerror(e) -int e; -{ - static char buf[1024]; - - switch (e) { - case KADATABASEINCONSISTENT: - return "database is inconsistent"; - case KANOENT: - return "principal does not exist"; - case KABADREQUEST: - return "request was malformed (bad password)"; - case KABADTICKET: - return "ticket was malformed, invalid, or expired"; - case KABADSERVER: - return "cannot issue tickets for this service"; - case KABADUSER: - return "principal expired"; - case KACLOCKSKEW: - return "client time is too far skewed"; - case KAINTERNALERROR: - return "internal error in fakeka, help!"; - default: - sprintf(buf, "impossible error code %d, help!", e); - return buf; - } - /*NOTREACHED*/ -} - -/* - * Syslog facilities - */ -typedef struct { - int num; - char *string; -} facility_mapping; - -static facility_mapping mappings[] = { -#ifdef LOG_KERN - { LOG_KERN, "KERN" }, -#endif -#ifdef LOG_USER - { LOG_USER, "USER" }, -#endif -#ifdef LOG_MAIL - { LOG_MAIL, "MAIL" }, -#endif -#ifdef LOG_DAEMON - { LOG_DAEMON, "DAEMON" }, -#endif -#ifdef LOG_AUTH - { LOG_AUTH, "AUTH" }, -#endif -#ifdef LOG_LPR - { LOG_LPR, "LPR" }, -#endif -#ifdef LOG_NEWS - { LOG_NEWS, "NEWS" }, -#endif -#ifdef LOG_UUCP - { LOG_UUCP, "UUCP" }, -#endif -#ifdef LOG_CRON - { LOG_CRON, "CRON" }, -#endif -#ifdef LOG_LOCAL0 - { LOG_LOCAL0, "LOCAL0" }, -#endif -#ifdef LOG_LOCAL1 - { LOG_LOCAL1, "LOCAL1" }, -#endif -#ifdef LOG_LOCAL2 - { LOG_LOCAL2, "LOCAL2" }, -#endif -#ifdef LOG_LOCAL3 - { LOG_LOCAL3, "LOCAL3" }, -#endif -#ifdef LOG_LOCAL4 - { LOG_LOCAL4, "LOCAL4" }, -#endif -#ifdef LOG_LOCAL5 - { LOG_LOCAL5, "LOCAL5" }, -#endif -#ifdef LOG_LOCAL6 - { LOG_LOCAL6, "LOCAL6" }, -#endif -#ifdef LOG_LOCAL7 - { LOG_LOCAL7, "LOCAL7" }, -#endif - { 0, NULL } -}; - - -/* - * Get the principal's key and key schedule from the db record. - * - * Life is more complicated in the V5 world. Since we can have different - * encryption types, we have to make sure that we get back a DES key. - * Also, we have to try to get back a AFS3 or V4 salted key, since AFS - * doesn't know about a V5 style salt. - */ - -int get_princ_key(context, handle, p, k, s) -krb5_context context; -void *handle; -kadm5_principal_ent_t p; -des_cblock k; -des_key_schedule s; -{ - int rv; - krb5_keyblock kb; - kadm5_ret_t retval; - - /* - * We need to call kadm5_decrypt_key to decrypt the key data - * from the principal record. We _must_ have a encryption type - * of DES_CBC_CRC, and we prefer having a salt type of AFS 3 (but - * a V4 salt will work as well). If that fails, then return any - * type of key we can find. - * - * Note that since this uses kadm5_decrypt_key, it means it has to - * be compiled with the kadm5srv library. - */ - - if ((retval = kadm5_decrypt_key(handle, p, ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_AFS3, 0, &kb, - NULL, NULL))) - if ((retval = kadm5_decrypt_key(handle, p, ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_V4, 0, &kb, - NULL, NULL))) - if ((retval = kadm5_decrypt_key(handle, p, ENCTYPE_DES_CBC_CRC, - -1, 0, &kb, NULL, NULL))) { - syslog(LOG_ERR, "Couldn't find any matching key: %s", - error_message(retval)); - return KAINTERNALERROR; - } - - /* - * Copy the data from our krb5_keyblock to the des_cblock. Make sure - * the size of our key matches the V4/AFS des_cblock. - */ - - if (kb.length != sizeof(des_cblock)) { - krb5_free_keyblock_contents(context, &kb); - syslog(LOG_ERR, "Principal key size of %d didn't match C_Block size" - " %d", kb.length, sizeof(des_cblock)); - return KAINTERNALERROR; - } - - memcpy((char *) k, (char *) kb.contents, sizeof(des_cblock)); - - krb5_free_keyblock_contents(context, &kb); - - /* - * Calculate the des key schedule - */ - - rv = des_key_sched(k, s); - if (rv) { - memset((void *) k, 0, sizeof(k)); - memset((void *)s, 0, sizeof(s)); - return KAINTERNALERROR; - } - return 0; -} - - -/* - * Fetch principal from db and validate it. - * - * Note that this always fetches the key data from the principal (but it - * doesn't decrypt it). - */ - -int check_princ(context, handle, name, inst, p) -krb5_context context; -void *handle; -char *name, *inst; -kadm5_principal_ent_t p; -{ - krb5_principal princ; - krb5_error_code code; - kadm5_ret_t retcode; - - /* - * Screen out null principals. They are causing crashes here - * under HPUX-10.20. - vwelch@ncsa.uiuc.edu 1/6/98 - */ - if (!name || (name[0] == '\0')) { - syslog(LOG_ERR, "screening out null principal"); - return KANOENT; - } - - /* - * Build a principal from the name and instance (the realm is always - * the same). - */ - - if ((code = krb5_build_principal_ext(context, &princ, strlen(localrealm), - localrealm, strlen(name), name, - strlen(inst), inst, 0))) { - syslog(LOG_ERR, "could not build principal: %s", error_message(code)); - return KAINTERNALERROR; - } - - /* - * Fetch the principal from the database -- also fetch the key data. - * Note that since this retrieves the key data, it has to be linked with - * the kadm5srv library. - */ - - if ((retcode = kadm5_get_principal(handle, princ, p, - KADM5_PRINCIPAL_NORMAL_MASK | - KADM5_KEY_DATA))) { - if (retcode == KADM5_UNK_PRINC) { - krb5_free_principal(context, princ); - syslog(LOG_INFO, "principal %s.%s does not exist", name, inst); - return KANOENT; - } else { - krb5_free_principal(context, princ); - syslog(LOG_ERR, "kadm5_get_principal failed: %s", - error_message(retcode)); - return KAINTERNALERROR; - } - } - - krb5_free_principal(context, princ); - - /* - * Check various things - taken from the KDC code. - * - * Since we're essentially bypassing the KDC, we need to make sure - * that we don't give out a ticket that we shouldn't. - */ - - /* - * Has the principal expired? - */ - - if (p->princ_expire_time && p->princ_expire_time < req_time) { - kadm5_free_principal_ent(handle, p); - return KABADUSER; - } - - /* - * Has the principal's password expired? Note that we don't - * check for the PWCHANGE_SERVICE flag here, since we don't - * support password changing. We do support the REQUIRES_PWCHANGE - * flag, though. - */ - - if ((p->pw_expiration && p->pw_expiration < req_time) || - (p->attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { - kadm5_free_principal_ent(handle, p); - return KABADUSER; - } - - /* - * See if the principal is locked out - */ - - if (p->attributes & KRB5_KDB_DISALLOW_ALL_TIX) { - kadm5_free_principal_ent(handle, p); - return KABADUSER; - } - - /* - * There's no way we can handle hardware preauth, so - * disallow tickets with this flag set. - */ - - if (p->attributes & KRB5_KDB_REQUIRES_HW_AUTH) { - kadm5_free_principal_ent(handle, p); - return KABADUSER; - } - - /* - * Must be okay, then - */ - - return 0; -} - - -/* - * Create an rx reply packet in "packet" using the provided data. - * The caller is responsible for zeroing key and sched. - */ - -int make_reply_packet(context, handle, reply, challenge_response, start_time, - end_time, cname, cinst, sname, sinst, key, sched, label) -krb5_context context; -void *handle; -packet_t reply; -int challenge_response, start_time, end_time; -char *cname, *cinst, *sname, *sinst; -des_cblock key; -des_key_schedule sched; -char *label; -{ - int rv, n, maxn, v4life, *enclenp, *ticklenp; - u_char *p, *enc, *ticket; - kadm5_principal_ent_rec cprinc, sprinc; - des_cblock skey, new_session_key; - des_key_schedule ssched; - krb5_deltat lifetime; - - rv = 0; - - rv = check_princ(context, handle, cname, cinst, &cprinc); - if (rv) - return rv; - - rv = check_princ(context, handle, sname, sinst, &sprinc); - if (rv) { - kadm5_free_principal_ent(handle, &cprinc); - return rv; - } - - /* - * Bound ticket lifetime by max lifetimes of user and service. - * - * Since V5 already stores everything in Unix epoch timestamps like - * AFS, these calculations are much simpler. - */ - - lifetime = end_time - start_time; - lifetime = min(lifetime, cprinc.max_life); - lifetime = min(lifetime, sprinc.max_life); - lifetime = min(lifetime, realm_params.max_life); - - end_time = start_time + lifetime; - - /* - * But we have to convert back to V4-style lifetimes - */ - - v4life = lifetime / 300; - if (v4life > 127) { - /* - * Use the CMU algorithm instead - */ - long *clist = cmu_seconds; - while (*clist && *clist < lifetime) clist++; - v4life = 128 + (clist - cmu_seconds); - } - - /* - * If this is for afs and the instance is the local cell name - * then we assume we added the instance in GetTickets to - * identify the afs key in the kerberos database. This is for - * cases where the afs cell name is different from the kerberos - * realm name. We now want to remove the instance so it doesn't - * cause klog to barf. - */ - if (!strcmp(sname, "afs") && (strcasecmp(sinst, localcell) == 0)) - sinst[0] = '\0'; - - /* - * All the data needed to construct the ticket is ready, so do it. - */ - - p = (unsigned char *) reply->base; - maxn = reply->len; - n = 0; - -#define ERR(x) do { rv = x ; goto error; } while (0) -#define ADVANCE(x) { if ((n += x) > maxn) ERR(KAINTERNALERROR); else p += x;} -#define PUT_CHAR(x) { *p = (x); ADVANCE(1); } -#define PUT_INT(x) { int q = ntohl(x); memcpy(p, (char *)&q, 4); ADVANCE(4); } -#define PUT_STR(x) { strcpy((char *) p, x); ADVANCE(strlen(x) + 1); } - - ADVANCE(28); - PUT_INT(0x2bc); - - enclenp = (int *)p; - PUT_INT(0); /* filled in later */ - - enc = p; - PUT_INT(0); - PUT_INT(challenge_response); - - /* - * new_session_key is created here, and remains in the clear - * until just before we return. - */ - des_new_random_key(new_session_key); - memcpy(p, new_session_key, 8); - - ADVANCE(8); - PUT_INT(start_time); - PUT_INT(end_time); - PUT_INT(sprinc.kvno); - - ticklenp = (int *)p; - PUT_INT(0); /* filled in later */ - - PUT_STR(cname); - PUT_STR(cinst); - PUT_STR(""); - PUT_STR(sname); - PUT_STR(sinst); - - ticket = p; - PUT_CHAR(0); /* flags, always 0 */ - PUT_STR(cname); - PUT_STR(cinst); - PUT_STR(""); - PUT_INT(0); /* would be ip address */ - - memcpy(p, new_session_key, 8); - - ADVANCE(8); - - PUT_CHAR(v4life); - PUT_INT(start_time); - PUT_STR(sname); - PUT_STR(sinst); - - ADVANCE(PAD_TO(p - ticket, 8) - (p - ticket)); - - *ticklenp = ntohl(p - ticket); - - rv = get_princ_key(context, handle, &sprinc, skey, ssched); - if (rv) - return rv; - des_pcbc_encrypt((C_Block *) ticket, (C_Block *) ticket, p - ticket, - ssched, (C_Block *) skey, ENCRYPT); - memset(skey, 0, sizeof(skey)); - memset(ssched, 0, sizeof(ssched)); - - PUT_STR(label); /* "tgsT" or "gtkt" */ - ADVANCE(-1); /* back up over string terminator */ - - ADVANCE(PAD_TO(p - enc, 8) - (p - enc)); -#undef ERR -#undef ADVANCE -#undef PUT_CHAR -#undef PUT_INT -#undef PUT_STR - - *enclenp = ntohl(p - enc); - des_pcbc_encrypt((C_Block *) enc, (C_Block *) enc, p - enc, sched, - (C_Block *) key, ENCRYPT); - reply->len = n; - - error: - memset(new_session_key, 0, sizeof(new_session_key)); - kadm5_free_principal_ent(handle, &cprinc); - kadm5_free_principal_ent(handle, &sprinc); - - return rv; -} - -#define ERR(x) do { rv = x; goto error; } while (0) -#define ADVANCE(x) { if ((n += x) > maxn) ERR(KABADREQUEST); else p += x; } -#define GET_INT(x) { int q; memcpy((char *)&q, p, 4); x = ntohl(q); ADVANCE(4); } -#define GET_CHAR(x) { x = *p; ADVANCE(1); } -#define GET_PSTR(x) \ - { \ - GET_INT(len); \ - if (len > sizeof(x) - 1) ERR(KABADREQUEST); \ - memcpy(x, p, len); \ - x[len] = 0; \ - ADVANCE(PAD_TO(len, 4)); \ - } - -#define GET_STR(x) \ - { \ - len = strlen(p); \ - if (len > sizeof(x) - 1) ERR(KABADREQUEST); \ - strcpy(x, p); \ - ADVANCE(len + 1); \ - } - - -/* - * Process an Authenticate request. - */ - -int Authenticate(context, handle, from, req, reply) -krb5_context context; -void *handle; -char *from; -packet_t req, reply; -{ - int rv, n, maxn; - int len, start_time, end_time, challenge; - char name[ANAME_SZ+1], inst[INST_SZ+1], *p; - kadm5_principal_ent_rec cprinc; - des_cblock ckey; - des_key_schedule csched; - int free_princ_ent = 0; - - rv = 0; - - p = req->base; - maxn = req->len; - n = 0; - - ADVANCE(32); - - GET_PSTR(name); - GET_PSTR(inst); - - if (debug) - fprintf(stderr, "Authenticating %s.%s\n", name, inst); - - rv = check_princ(context, handle, name, inst, &cprinc); - if (rv) - ERR(rv); - - free_princ_ent = 1; - - GET_INT(start_time); - GET_INT(end_time); - - GET_INT(len); - if (len != 8) - ERR(KABADREQUEST); - - /* - * ckey and csched are set here and remain in the clear - * until just before we return. - */ - - rv = get_princ_key(context, handle, &cprinc, ckey, csched); - if (rv) - ERR(rv); - des_pcbc_encrypt((C_Block *) p, (C_Block *) p, 8, csched, - (C_Block *) ckey, DECRYPT); - - GET_INT(challenge); - - rv = memcmp(p, "gTGS", 4); - if (rv) - ERR(KABADREQUEST); - ADVANCE(4); - - /* ignore the rest */ - ADVANCE(8); - - /* - * We have all the data from the request, now generate the reply. - */ - - rv = make_reply_packet(context, handle, reply, challenge + 1, start_time, - end_time, name, inst, "krbtgt", localcell, - ckey, csched, "tgsT"); - error: - memset(ckey, 0, sizeof(ckey)); - memset(csched, 0, sizeof(csched)); - - syslog(LOG_INFO, "authenticate: %s.%s from %s", name, inst, from); - if (rv) { - syslog(LOG_INFO, "... failed due to %s", kaerror(rv)); - } - if (free_princ_ent) - kadm5_free_principal_ent(handle, &cprinc); - return rv; -} - - -/* - * Process a GetTicket rpc. - */ - -int GetTicket(context, handle, from, req, reply) -krb5_context context; -void *handle; -char *from; -packet_t req, reply; -{ - int rv, n, maxn, len, ticketlen; - char *p; - u_int kvno, start_time, end_time, times[2], flags, ipaddr; - u_int tgt_start_time, tgt_end_time, lifetime; - char rname[ANAME_SZ+1], rinst[INST_SZ+1]; /* requested principal */ - char sname[ANAME_SZ+1], sinst[INST_SZ+1]; /* service principal (TGT) */ - char cname[ANAME_SZ+1], cinst[INST_SZ+1]; /* client principal */ - char cell[REALM_SZ+1], realm[REALM_SZ+1]; - char enctimes[8 + 1], ticket[1024]; - u_char tgt_lifetime; - kadm5_principal_ent_rec cprinc; - des_cblock ckey, session_key; - des_key_schedule csched, session_sched; - int free_princ_ent = 0; - - rv = 0; - - /* - * Initialize these so we don't crash trying to print them in - * case they don't get filled in. - */ - strcpy(rname, "Unknown"); - strcpy(rinst, "Unknown"); - strcpy(sname, "Unknown"); - strcpy(sinst, "Unknown"); - strcpy(cname, "Unknown"); - strcpy(cinst, "Unknown"); - strcpy(cell, "Unknown"); - strcpy(realm, "Unknown"); - - p = req->base; - maxn = req->len; - n = 0; - - ADVANCE(32); - - GET_INT(kvno); - - GET_PSTR(cell); - if (!cell[0]) - strcpy(cell, localcell); - - if (debug) - fprintf(stderr, "Cell is %s\n", cell); - - memset(ticket, 0, sizeof(ticket)); - GET_PSTR(ticket); - ticketlen = len; /* hacky hack hack */ - GET_PSTR(rname); - GET_PSTR(rinst); - - if (debug) - fprintf(stderr, "Request for %s/%s\n", rname, rinst); - - GET_PSTR(enctimes); /* still encrypted */ - if (len != 8) /* hack and hack again */ - ERR(KABADREQUEST); - - /* ignore the rest */ - ADVANCE(8); - - /* - * That's it for the packet, now decode the embedded ticket. - */ - - rv = check_princ(context, handle, "krbtgt", cell, &cprinc); - if (rv) - ERR(rv); - - free_princ_ent = 1; - - rv = get_princ_key(context, handle, &cprinc, ckey, csched); - if (rv) - ERR(rv); - des_pcbc_encrypt((C_Block *) ticket, (C_Block *) ticket, ticketlen, csched, - (C_Block *) ckey, DECRYPT); - memset(ckey, 0, sizeof(ckey)); - memset(csched, 0, sizeof(csched)); - - /* - * The ticket's session key is now in the clear in the ticket buffer. - * We zero it just before returning. - */ - - p = ticket; - maxn = ticketlen; - n = 0; - - GET_CHAR(flags); - GET_STR(cname); - GET_STR(cinst); - GET_STR(realm); - GET_INT(ipaddr); - memcpy(session_key, p, 8); - ADVANCE(8); - - GET_CHAR(tgt_lifetime); - GET_INT(tgt_start_time); - GET_STR(sname); - GET_STR(sinst); - - if (debug) - fprintf(stderr, - "ticket: %s.%s@%s for %s.%s\n", - cname, cinst, realm, sname, sinst); - - /* - * ok, we've got the ticket unpacked. - * now decrypt the start and end times. - */ - - rv = des_key_sched(session_key, session_sched); - if (rv) - ERR(KABADTICKET); - - des_ecb_encrypt((C_Block *) enctimes, (C_Block *) times, session_sched, - DECRYPT); - start_time = ntohl(times[0]); - end_time = ntohl(times[1]); - - /* - * All the info we need is now available. - * Now validate the request. - */ - - /* - * This translator requires that the flags and IP address - * in the ticket be zero, because we always set them that way, - * and we want to accept only tickets that we generated. - * - * Are the flags and IP address fields 0? - */ - if (flags || ipaddr) { - if (debug) - fprintf(stderr, "ERROR: flags or ipaddr field non-zero\n"); - ERR(KABADTICKET); - } - /* - * Is the supplied ticket a tgt? - */ - if (strcmp(sname, "krbtgt")) { - if (debug) - fprintf(stderr, "ERROR: not for krbtgt service\n"); - ERR(KABADTICKET); - } - - /* - * This translator does not allow MIT-style cross-realm access. - * Is this a cross-realm ticket? - */ - if (strcasecmp(sinst, localcell)) { - if (debug) - fprintf(stderr, - "ERROR: Service instance (%s) differs from local cell\n", - sinst); - ERR(KABADTICKET); - } - - /* - * This translator does not issue cross-realm tickets, - * since klog doesn't use this feature. - * Is the request for a cross-realm ticket? - */ - if (strcasecmp(cell, localcell)) { - if (debug) - fprintf(stderr, "ERROR: Cell %s != local cell", cell); - ERR(KABADTICKET); - } - - /* - * Even if we later decide to issue cross-realm tickets, - * we should not permit "realm hopping". - * This means that the client's realm should match - * the realm of the tgt with whose key we are supposed - * to decrypt the ticket. I think. - */ - if (*realm && strcasecmp(realm, cell)) { - if (debug) - fprintf(stderr, "ERROR: Realm %s != cell %s\n", realm, cell); - ERR(KABADTICKET); - } - - /* - * This translator issues service tickets only for afs, - * since klog is the only client that should be using it. - * Is the requested service afs? - * - * Note: to make EMT work, we're allowing tickets for emt/admin and - * adm/admin. - */ - if (! ((strcmp(rname, "afs") == 0 && ! *rinst) || - (strcmp(rname, "emt") == 0 && strcmp(rinst, "admin") == 0) || - (strcmp(rname, "adm") == 0 && strcmp(rinst, "admin") == 0))) - ERR(KABADSERVER); - - /* - * If the local realm name and cell name differ and the user - * is in the local cell and has requested a ticket of afs. (no - * instance, then we actually want to get a ticket for - * afs/@ - */ - if ((strcmp(rname, "afs") == 0) && !*rinst && - strcmp(localrealm, localcell) && - (strcasecmp(cell, localcell) == 0)) { - char *c; - - strcpy(rinst, localcell); - - for (c = rinst; *c != NULL; c++) - *c = (char) tolower( (int) *c); - - if (debug) - fprintf(stderr, "Getting ticket for afs/%s\n", localcell); - } - - /* - * Even if we later decide to issue service tickets for - * services other than afs, we should still disallow - * the "changepw" and "krbtgt" services. - */ - if (!strcmp(rname, "changepw") || !strcmp(rname, "krbtgt")) - ERR(KABADSERVER); - - /* - * Is the tgt valid yet? (ie. is the start time in the future) - */ - if (req_time < tgt_start_time - CLOCK_SKEW) { - if (debug) - fprintf(stderr, "ERROR: Ticket not yet valid\n"); - ERR(KABADTICKET); - } - - /* - * Has the tgt expired? (ie. is the end time in the past) - * - * Sigh, convert from V4 lifetimes back to Unix epoch times. - */ - - if (tgt_lifetime < 128) - tgt_end_time = tgt_start_time + tgt_lifetime * 300; - else if (tgt_lifetime < 192) - tgt_end_time = tgt_start_time + cmu_seconds[tgt_lifetime - 128]; - else - tgt_end_time = tgt_start_time + MAX_TICKET_LIFETIME; - - if (tgt_end_time < req_time) { - if (debug) - fprintf(stderr, "ERROR: Ticket expired\n"); - ERR(KABADTICKET); - } - - /* - * This translator uses the requested start time as a cheesy - * authenticator, since the KA protocol does not have an - * explicit authenticator. We can do this since klog always - * requests a start time equal to the current time. - * - * Is the requested start time approximately now? - */ - if (abs(req_time - start_time) > CLOCK_SKEW) - ERR(KACLOCKSKEW); - - /* - * The new ticket's lifetime is the minimum of: - * 1. remainder of tgt's lifetime - * 2. requested lifetime - * - * This is further limited by the client and service's max lifetime - * in make_reply_packet(). - */ - - lifetime = tgt_end_time - req_time; - lifetime = min(lifetime, end_time - start_time); - end_time = req_time + lifetime; - - /* - * We have all the data from the request, now generate the reply. - */ - - rv = make_reply_packet(context, handle, reply, 0, start_time, end_time, - cname, cinst, rname, rinst, - session_key, session_sched, "gtkt"); - error: - memset(ticket, 0, sizeof(ticket)); - memset(session_key, 0, sizeof(session_key)); - memset(session_sched, 0, sizeof(session_sched)); - - if (free_princ_ent) - kadm5_free_principal_ent(handle, &cprinc); - - syslog(LOG_INFO, "getticket: %s.%s from %s for %s.%s", - cname, cinst, from, rname, rinst); - if (rv) { - syslog(LOG_INFO, "... failed due to %s", kaerror(rv)); - } - return rv; -} - - -#undef ERR -#undef ADVANCE -#undef GET_INT -#undef GET_PSTR -#undef GET_STR - -/* - * Convert the request into a reply. - * Returns 0 on success. - */ - -void process(context, handle, from, req, reply) -krb5_context context; -void *handle; -char *from; -packet_t req, reply; -{ - int rv; - rx_t req_rx = (rx_t)req->base; - rx_t reply_rx = (rx_t)reply->base; - int service, request; - - service = ntohs(req_rx->rx_service); - request = ntohl(req_rx->rx_request); - - /* ignore everything but type 1 */ - if (req_rx->rx_type != 1) { - reply->len = 0; - return; - } - - /* copy the rx header and change the flags */ - *reply_rx = *req_rx; - reply_rx->rx_flags = 4; - - rv = -1; - - if (service == 0x2db && (request == 0x15 || request == 0x16)) { - if (debug) - fprintf(stderr, "Handling Authenticate request\n"); - rv = Authenticate(context, handle, from, req, reply); - } - if (service == 0x2dc && request == 0x17) { - if (debug) - fprintf(stderr, "Handling GetTicket request\n"); - rv = GetTicket(context, handle, from, req, reply); - } -/* - if (service == 0x2db && request == 0x1) { - rv = Authenticate_old(from, req, reply); - } - if (service == 0x2dc && request == 0x3) { - rv = GetTicket_old(from, req, reply); - } - */ - if (rv == -1) { - syslog(LOG_INFO, "bogus request %d/%d", service, request); - rv = KABADREQUEST; - } - - if (rv) { - /* send the error back to rx */ - reply->len = sizeof (*reply_rx); - - reply_rx->rx_type = 4; - reply_rx->rx_flags = 0; - reply_rx->rx_request = ntohl(rv); - } -} - - -int main(argc, argv) -int argc; -char **argv; -{ - int s, rv, ch, mflag = 0; - u_short port; - struct sockaddr_in sin; - int forwarders[MAXFORWARDERS], num_forwarders; - krb5_context context; - krb5_error_code code; - krb5_keyblock mkey; - krb5_principal master_princ; - kadm5_principal_ent_rec master_princ_rec; - void *handle; - facility_mapping *mapping; - int facility = LOG_DAEMON; - - extern char *optarg; - - port = 7004; - num_forwarders = 0; - - /* - * Parse args. - */ - while ((ch = getopt(argc, argv, "c:df:l:mp:r:")) != -1) { - switch (ch) { - case 'c': - localcell = optarg; - break; - case 'd': - debug++; - break; - case 'f': { - struct hostent *hp; - - if (num_forwarders++ >= MAXFORWARDERS) - pexit("too many forwarders\n"); - - hp = gethostbyname(optarg); - if (!hp) { - printf("unknown host %s\n", optarg); - exit(1); - } - forwarders[num_forwarders - 1] = *(int *)hp->h_addr; - - break; - } - case 'l': - for (mapping = mappings; mapping->string != NULL; mapping++) - if (strcmp(mapping->string, optarg) == 0) - break; - - if (mapping->string == NULL) { - printf("Unknown facility \"%s\"\n", optarg); - exit(1); - } - - facility = mapping->num; - break; - case 'm': - mflag = 1; - break; - case 'p': - if (isdigit(*optarg)) { - port = atoi(optarg); - } - else { - struct servent *sp; - - sp = getservbyname(optarg, "udp"); - if (!sp) { - printf("unknown service %s\n", optarg); - exit(1); - } - port = sp->s_port; - } - break; - case 'r': - localrealm = optarg; - break; - default: - printf("usage: %s [-c cell] [-d] [-f forwarder-host] [-l facility ] [-p port] [-r realm]\n", - argv[0]); - exit(1); - } - } - - openlog("fakeka", LOG_PID, facility); - - port = htons(port); - - /* - * Set up the socket. - */ - - s = socket(AF_INET, SOCK_DGRAM, 0); - if (s < 0) - perrorexit("Couldn't create socket"); - set_cloexec_fd(s); - - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = 0; - sin.sin_port = port; - - rv = bind(s, (struct sockaddr *)&sin, sizeof(sin)); - if (rv < 0) - perrorexit("Couldn't bind socket"); - - /* - * Initialize kerberos stuff and kadm5 stuff. - */ - - if ((code = krb5int_init_context_kdc(&context))) { - com_err(argv[0], code, "while initializing Kerberos"); - exit(1); - } - - if (!localrealm && (code = krb5_get_default_realm(context, &localrealm))) { - com_err(argv[0], code, "while getting local realm"); - exit(1); - } - - if (!localcell) - localcell = localrealm; - - if ((code = kadm5_init_with_password(progname, NULL, KADM5_ADMIN_SERVICE, - NULL, KADM5_STRUCT_VERSION, - KADM5_API_VERSION_2, - (char **) NULL, /* db_args */ - &handle))) { - com_err(argv[0], code, "while initializing Kadm5"); - exit(1); - } - - if ((code = kadm5_get_config_params(context, 1, NULL, - &realm_params))) { - com_err(argv[0], code, "while getting realm parameters"); - exit(1); - } - - if (! (realm_params.mask & KADM5_CONFIG_MAX_LIFE)) { - fprintf(stderr, "Cannot determine maximum ticket lifetime\n"); - exit(1); - } - - /* - * We need to initialize the random number generator for DES. Use - * the master key to do this. - */ - - if ((code = krb5_parse_name(context, realm_params.mask & - KADM5_CONFIG_MKEY_NAME ? - realm_params.mkey_name : "K/M", - &master_princ))) { - com_err(argv[0], code, "while parsing master key name"); - exit(1); - } - - if ((code = kadm5_get_principal(handle, master_princ, &master_princ_rec, - KADM5_KEY_DATA))) { - com_err(argv[0], code, "while getting master key data"); - exit(1); - } - - if ((code = kadm5_decrypt_key(handle, &master_princ_rec, - ENCTYPE_DES_CBC_CRC, -1, 0, &mkey, NULL, - NULL))) { - com_err(argv[0], code, "while decrypting the master key"); - exit(1); - } - - des_init_random_number_generator(mkey.contents); - - krb5_free_keyblock_contents(context, &mkey); - - kadm5_free_principal_ent(handle, &master_princ_rec); - - krb5_free_principal(context, master_princ); - - /* - * Fork and go into the background, if requested - */ - - if (!debug && mflag && daemon(0, 0)) { - com_err(argv[0], errno, "while detaching from tty"); - } - - /* - * rpc server loop. - */ - - for (;;) { - struct packet req, reply; - int sinlen, packetlen, i, forwarded; - char *from; - - sinlen = sizeof(sin); - forwarded = 0; - - memset(req.data, 0, sizeof(req.data)); - rv = recvfrom(s, req.data, sizeof(req.data), - 0, (struct sockaddr *)&sin, &sinlen); - - if (rv < 0) { - syslog(LOG_ERR, "recvfrom failed: %m"); - sleep(1); - continue; - } - packetlen = rv; - - for (i = 0; i < num_forwarders; i++) { - if (sin.sin_addr.s_addr == forwarders[i]) { - forwarded = 1; - break; - } - } - - if ((code = krb5_timeofday(context, &req_time))) { - syslog(LOG_ERR, "krb5_timeofday failed: %s", - error_message(code)); - continue; - } - - memset(reply.data, 0, sizeof(reply.data)); - req.len = packetlen; - req.base = req.data; - reply.base = reply.data; - reply.len = sizeof(reply.data); - - if (forwarded) { - struct in_addr ia; - - memcpy(&ia.s_addr, req.data, 4); - from = inet_ntoa(ia); - /* - * copy the forwarder header and adjust the bases and lengths. - */ - memcpy(reply.data, req.data, HEADER_LEN); - req.base += HEADER_LEN; - req.len -= HEADER_LEN; - reply.base += HEADER_LEN; - reply.len -= HEADER_LEN; - } - else { - from = inet_ntoa(sin.sin_addr); - } - - process(context, handle, from, &req, &reply); - - if (reply.len == 0) - continue; - - if (forwarded) { - /* re-adjust the length to account for the forwarder header */ - reply.len += HEADER_LEN; - } - - rv = sendto(s, reply.data, reply.len, - 0, (struct sockaddr *)&sin, sinlen); - if (rv < 0) { - syslog(LOG_ERR, "sendto failed: %m"); - sleep(1); - } - } - /*NOTREACHED*/ -} diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index a1acdfd1a0..315269c2af 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -2,6 +2,7 @@ * kdc/kdc_authdata.c * * Copyright (C) 2007 Apple Inc. All Rights Reserved. + * Copyright (C) 2008 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -42,140 +43,141 @@ static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/ static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL }; #endif -typedef krb5_error_code (*authdata_proc) +/* MIT Kerberos 1.6 (V0) authdata plugin callback */ +typedef krb5_error_code (*authdata_proc_0) (krb5_context, krb5_db_entry *client, krb5_data *req_pkt, krb5_kdc_req *request, krb5_enc_tkt_part * enc_tkt_reply); - +/* MIT Kerberos 1.7 (V1) authdata plugin callback */ +typedef krb5_error_code (*authdata_proc_1) + (krb5_context, unsigned int flags, + krb5_db_entry *client, krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); typedef krb5_error_code (*init_proc) (krb5_context, void **); typedef void (*fini_proc) (krb5_context, void *); +/* Internal authdata system for copying TGS-REQ authdata to ticket */ +static krb5_error_code handle_request_authdata + (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); + +/* Internal authdata system for handling KDC-issued authdata */ +static krb5_error_code handle_tgt_authdata + (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); + typedef struct _krb5_authdata_systems { const char *name; +#define AUTHDATA_SYSTEM_UNKNOWN -1 +#define AUTHDATA_SYSTEM_V0 0 +#define AUTHDATA_SYSTEM_V1 1 int type; +#define AUTHDATA_FLAG_CRITICAL 0x1 int flags; void *plugin_context; init_proc init; fini_proc fini; - authdata_proc handle_authdata; + union { + authdata_proc_1 v1; + authdata_proc_0 v0; + } handle_authdata; } krb5_authdata_systems; -#undef GREET_PREAUTH - -#ifdef GREET_PREAUTH -static krb5_error_code -greet_init(krb5_context ctx, void **blob) -{ - *blob = "hello"; - return 0; -} - -static void -greet_fini(krb5_context ctx, void *blob) -{ -} - -static krb5_error_code -greet_authdata(krb5_context ctx, krb5_db_entry *client, - krb5_data *req_pkt, - krb5_kdc_req *request, - krb5_enc_tkt_part * enc_tkt_reply) -{ -#define GREET_SIZE (20) - - char *p; - krb5_authdata *a; - size_t count; - krb5_authdata **new_ad; - - krb5_klog_syslog (LOG_DEBUG, "in greet_authdata"); - - p = calloc(1, GREET_SIZE); - a = calloc(1, sizeof(*a)); - - if (p == NULL || a == NULL) { - free(p); - free(a); - return ENOMEM; - } - strcpy(p, "hello"); - a->magic = KV5M_AUTHDATA; - a->ad_type = -42; - a->length = GREET_SIZE; - a->contents = p; - if (enc_tkt_reply->authorization_data == 0) { - count = 0; - } else { - for (count = 0; enc_tkt_reply->authorization_data[count] != 0; count++) - ; - } - new_ad = realloc(enc_tkt_reply->authorization_data, - (count+2) * sizeof(krb5_authdata *)); - if (new_ad == NULL) { - free(p); - free(a); - return ENOMEM; - } - enc_tkt_reply->authorization_data = new_ad; - new_ad[count] = a; - new_ad[count+1] = NULL; - return 0; -} -#endif - static krb5_authdata_systems static_authdata_systems[] = { -#ifdef GREET_PREAUTH - { "greeting", 0, 0, 0, greet_init, greet_fini, greet_authdata }, -#endif - { "[end]", -1,} + { "tgs_req", AUTHDATA_SYSTEM_V1, AUTHDATA_FLAG_CRITICAL, NULL, NULL, NULL, { handle_request_authdata } }, + { "tgt", AUTHDATA_SYSTEM_V1, AUTHDATA_FLAG_CRITICAL, NULL, NULL, NULL, { handle_tgt_authdata } }, }; static krb5_authdata_systems *authdata_systems; static int n_authdata_systems; static struct plugin_dir_handle authdata_plugins; +/* Load both v0 and v1 authdata plugins */ krb5_error_code load_authdata_plugins(krb5_context context) { - struct errinfo err; - void **authdata_plugins_ftables = NULL; - struct krb5plugin_authdata_ftable_v0 *ftable = NULL; + void **authdata_plugins_ftables_v0 = NULL; + void **authdata_plugins_ftables_v1 = NULL; size_t module_count; - int i, k; + size_t i, k; init_proc server_init_proc = NULL; - - memset(&err, 0, sizeof(err)); + krb5_error_code code; /* Attempt to load all of the authdata plugins we can find. */ PLUGIN_DIR_INIT(&authdata_plugins); if (PLUGIN_DIR_OPEN(&authdata_plugins) == 0) { if (krb5int_open_plugin_dirs(objdirs, NULL, - &authdata_plugins, &err) != 0) { + &authdata_plugins, &context->err) != 0) { return KRB5_PLUGIN_NO_HANDLE; } } /* Get the method tables provided by the loaded plugins. */ - authdata_plugins_ftables = NULL; + authdata_plugins_ftables_v0 = NULL; + authdata_plugins_ftables_v1 = NULL; n_authdata_systems = 0; + if (krb5int_get_plugin_dir_data(&authdata_plugins, + "authdata_server_1", + &authdata_plugins_ftables_v1, &context->err) != 0 || + krb5int_get_plugin_dir_data(&authdata_plugins, "authdata_server_0", - &authdata_plugins_ftables, &err) != 0) { - return KRB5_PLUGIN_NO_HANDLE; + &authdata_plugins_ftables_v0, &context->err) != 0) { + code = KRB5_PLUGIN_NO_HANDLE; + goto cleanup; } /* Count the valid modules. */ module_count = sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]); - if (authdata_plugins_ftables != NULL) { - for (i = 0; authdata_plugins_ftables[i] != NULL; i++) { - ftable = authdata_plugins_ftables[i]; - if ((ftable->authdata_proc != NULL)) { + + if (authdata_plugins_ftables_v1 != NULL) { + struct krb5plugin_authdata_ftable_v1 *ftable; + + for (i = 0; authdata_plugins_ftables_v1[i] != NULL; i++) { + ftable = authdata_plugins_ftables_v1[i]; + if (ftable->authdata_proc != NULL) + module_count++; + } + } + + if (authdata_plugins_ftables_v0 != NULL) { + struct krb5plugin_authdata_ftable_v0 *ftable; + + for (i = 0; authdata_plugins_ftables_v0[i] != NULL; i++) { + ftable = authdata_plugins_ftables_v0[i]; + if (ftable->authdata_proc != NULL) module_count++; - } } } @@ -183,16 +185,14 @@ load_authdata_plugins(krb5_context context) * leave room for a terminator entry. */ authdata_systems = calloc(module_count + 1, sizeof(krb5_authdata_systems)); if (authdata_systems == NULL) { - krb5int_free_plugin_dir_data(authdata_plugins_ftables); - return ENOMEM; + code = ENOMEM; + goto cleanup; } /* Add the locally-supplied mechanisms to the dynamic list first. */ for (i = 0, k = 0; i < sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]); i++) { - if (static_authdata_systems[i].type == -1) - break; authdata_systems[k] = static_authdata_systems[i]; /* Try to initialize the authdata system. If it fails, we'll remove it * from the list of systems we'll be using. */ @@ -205,13 +205,53 @@ load_authdata_plugins(krb5_context context) k++; } - /* Now add the dynamically-loaded mechanisms to the list. */ - if (authdata_plugins_ftables != NULL) { - for (i = 0; authdata_plugins_ftables[i] != NULL; i++) { + /* Add dynamically loaded V1 plugins */ + if (authdata_plugins_ftables_v1 != NULL) { + struct krb5plugin_authdata_ftable_v1 *ftable; + + for (i = 0; authdata_plugins_ftables_v1[i] != NULL; i++) { + krb5_error_code initerr; + void *pctx = NULL; + + ftable = authdata_plugins_ftables_v1[i]; + if ((ftable->authdata_proc == NULL)) { + continue; + } + server_init_proc = ftable->init_proc; + if ((server_init_proc != NULL) && + ((initerr = (*server_init_proc)(context, &pctx)) != 0)) { + const char *emsg; + emsg = krb5_get_error_message(context, initerr); + if (emsg) { + krb5_klog_syslog(LOG_ERR, + "authdata %s failed to initialize: %s", + ftable->name, emsg); + krb5_free_error_message(context, emsg); + } + memset(&authdata_systems[k], 0, sizeof(authdata_systems[k])); + + continue; + } + + authdata_systems[k].name = ftable->name; + authdata_systems[k].type = AUTHDATA_SYSTEM_V1; + authdata_systems[k].init = server_init_proc; + authdata_systems[k].fini = ftable->fini_proc; + authdata_systems[k].handle_authdata.v1 = ftable->authdata_proc; + authdata_systems[k].plugin_context = pctx; + k++; + } + } + + /* Add dynamically loaded V0 plugins */ + if (authdata_plugins_ftables_v0 != NULL) { + struct krb5plugin_authdata_ftable_v0 *ftable; + + for (i = 0; authdata_plugins_ftables_v0[i] != NULL; i++) { krb5_error_code initerr; void *pctx = NULL; - ftable = authdata_plugins_ftables[i]; + ftable = authdata_plugins_ftables_v0[i]; if ((ftable->authdata_proc == NULL)) { continue; } @@ -232,19 +272,28 @@ load_authdata_plugins(krb5_context context) } authdata_systems[k].name = ftable->name; + authdata_systems[k].type = AUTHDATA_SYSTEM_V0; authdata_systems[k].init = server_init_proc; authdata_systems[k].fini = ftable->fini_proc; - authdata_systems[k].handle_authdata = ftable->authdata_proc; + authdata_systems[k].handle_authdata.v0 = ftable->authdata_proc; authdata_systems[k].plugin_context = pctx; k++; } - krb5int_free_plugin_dir_data(authdata_plugins_ftables); } + n_authdata_systems = k; /* Add the end-of-list marker. */ authdata_systems[k].name = "[end]"; - authdata_systems[k].type = -1; - return 0; + authdata_systems[k].type = AUTHDATA_SYSTEM_UNKNOWN; + code = 0; + +cleanup: + if (authdata_plugins_ftables_v1 != NULL) + krb5int_free_plugin_dir_data(authdata_plugins_ftables_v1); + if (authdata_plugins_ftables_v0 != NULL) + krb5int_free_plugin_dir_data(authdata_plugins_ftables_v0); + + return code; } krb5_error_code @@ -267,33 +316,296 @@ unload_authdata_plugins(krb5_context context) return 0; } +/* Merge authdata. If copy == 0, in_authdata is invalid on return */ +static krb5_error_code +merge_authdata (krb5_context context, + krb5_authdata **in_authdata, + krb5_authdata ***out_authdata, + krb5_boolean copy) +{ + size_t i, nadata = 0; + krb5_authdata **authdata = *out_authdata; + + if (in_authdata == NULL || in_authdata[0] == NULL) + return 0; + + if (authdata != NULL) { + for (nadata = 0; authdata[nadata] != NULL; nadata++) + ; + } + + for (i = 0; in_authdata[i] != NULL; i++) + ; + + if (authdata == NULL) { + authdata = (krb5_authdata **)calloc(i + 1, sizeof(krb5_authdata *)); + } else { + authdata = (krb5_authdata **)realloc(authdata, + ((nadata + i + 1) * sizeof(krb5_authdata *))); + } + if (authdata == NULL) + return ENOMEM; + + if (copy) { + krb5_error_code code; + krb5_authdata **tmp; + + code = krb5_copy_authdata(context, in_authdata, &tmp); + if (code != 0) + return code; + + in_authdata = tmp; + } + + for (i = 0; in_authdata[i] != NULL; i++) + authdata[nadata + i] = in_authdata[i]; + + authdata[nadata + i] = NULL; + + free(in_authdata); + + *out_authdata = authdata; + + return 0; +} + +/* Handle copying TGS-REQ authorization data into reply */ +static krb5_error_code +handle_request_authdata (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply) +{ + krb5_error_code code; + krb5_data scratch; + + if (request->msg_type != KRB5_TGS_REQ || + request->authorization_data.ciphertext.data == NULL) + return 0; + + assert(enc_tkt_request != NULL); + + scratch.length = request->authorization_data.ciphertext.length; + scratch.data = malloc(scratch.length); + if (scratch.data == NULL) + return ENOMEM; + + code = krb5_c_decrypt(context, + enc_tkt_request->session, + KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY, + 0, &request->authorization_data, + &scratch); + if (code != 0) { + free(scratch.data); + return code; + } + + /* scratch now has the authorization data, so we decode it, and make + * it available to subsequent authdata plugins */ + code = decode_krb5_authdata(&scratch, &request->unenc_authdata); + if (code != 0) { + free(scratch.data); + return code; + } + + free(scratch.data); + + code = merge_authdata(context, request->unenc_authdata, + &enc_tkt_reply->authorization_data, TRUE /* copy */); + + return code; +} + +/* Handle backend-managed authorization data */ +static krb5_error_code +handle_tgt_authdata (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply) +{ + krb5_error_code code; + krb5_authdata **db_authdata = NULL; + krb5_db_entry ad_entry; + int ad_nprincs = 0; + krb5_boolean tgs_req = (request->msg_type == KRB5_TGS_REQ); + krb5_const_principal actual_client; + + /* + * Check whether KDC issued authorization data should be included. + * A server can explicitly disable the inclusion of authorization + * data by setting the KRB5_KDB_NO_AUTH_DATA_REQUIRED flag on its + * principal entry. Otherwise authorization data will be included + * if it was present in the TGT, the client is from another realm + * or protocol transition/constrained delegation was used, or, in + * the AS-REQ case, if the pre-auth data indicated the PAC should + * be present. + * + * We permit sign_authorization_data() to return a krb5_db_entry + * representing the principal associated with the authorization + * data, in case that principal is not local to our realm and we + * need to perform additional checks (such as disabling delegation + * for cross-realm protocol transition below). + */ + if (tgs_req) { + assert(enc_tkt_request != NULL); + + if (isflagset(server->attributes, KRB5_KDB_NO_AUTH_DATA_REQUIRED)) + return 0; + + if (enc_tkt_request->authorization_data == NULL && + !isflagset(flags, KRB5_KDB_FLAG_CROSS_REALM | KRB5_KDB_FLAGS_S4U)) + return 0; + + assert(enc_tkt_reply->times.authtime == enc_tkt_request->times.authtime); + } else { + if (!isflagset(flags, KRB5_KDB_FLAG_INCLUDE_PAC)) + return 0; + } + + /* + * We have this special case for protocol transition, because for + * cross-realm protocol transition the ticket reply client will + * not be changed until the final hop. + */ + if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION)) + actual_client = for_user_princ; + else + actual_client = enc_tkt_reply->client; + + /* + * If the backend does not implement the sign authdata method, then + * just copy the TGT authorization data into the reply, except for + * the constrained delegation case (which requires special handling + * because it will promote untrusted auth data to KDC issued auth + * data; this requires backend-specific code) + * + * Presently this interface does not support using request auth data + * to influence (eg. possibly restrict) the reply auth data. + */ + code = sign_db_authdata(context, + flags, + actual_client, + client, + server, + krbtgt, + client_key, + server_key, /* U2U or server key */ + enc_tkt_reply->times.authtime, + tgs_req ? enc_tkt_request->authorization_data : NULL, + &db_authdata, + &ad_entry, + &ad_nprincs); + if (code == KRB5_KDB_DBTYPE_NOSUP) { + assert(ad_nprincs == 0); + assert(db_authdata == NULL); + + if (isflagset(flags, KRB5_KDB_FLAG_CONSTRAINED_DELEGATION)) + return KRB5KDC_ERR_POLICY; + + if (tgs_req) + return merge_authdata(context, enc_tkt_request->authorization_data, + &enc_tkt_reply->authorization_data, TRUE); + else + return 0; + } + + if (ad_nprincs != 0) { + if (isflagset(flags, KRB5_KDB_FLAG_PROTOCOL_TRANSITION) && + isflagset(ad_entry.attributes, KRB5_KDB_DISALLOW_FORWARDABLE)) + clear(enc_tkt_reply->flags, TKT_FLG_FORWARDABLE); + + krb5_db_free_principal(context, &ad_entry, ad_nprincs); + + if (ad_nprincs != 1) { + if (db_authdata != NULL) + krb5_free_authdata(context, db_authdata); + return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; + } + } + + if (db_authdata != NULL) { + code = merge_authdata(context, db_authdata, + &enc_tkt_reply->authorization_data, + FALSE); + if (code != 0) + krb5_free_authdata(context, db_authdata); + } + + return code; +} + krb5_error_code -handle_authdata (krb5_context context, krb5_db_entry *client, - krb5_data *req_pkt, krb5_kdc_req *request, +handle_authdata (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, krb5_enc_tkt_part *enc_tkt_reply) { - krb5_error_code retval = 0; + krb5_error_code code = 0; int i; - const char *emsg; - - krb5_klog_syslog (LOG_DEBUG, "handling authdata"); + assert(enc_tkt_reply->authorization_data == NULL); for (i = 0; i < n_authdata_systems; i++) { const krb5_authdata_systems *asys = &authdata_systems[i]; - if (asys->handle_authdata && asys->type != -1) { - retval = asys->handle_authdata(context, client, req_pkt, - request, enc_tkt_reply); - if (retval) { - emsg = krb5_get_error_message (context, retval); - krb5_klog_syslog (LOG_INFO, - "authdata (%s) handling failure: %s", - asys->name, emsg); - krb5_free_error_message (context, emsg); - } else { - krb5_klog_syslog (LOG_DEBUG, ".. .. ok"); - } + + switch (asys->type) { + case AUTHDATA_SYSTEM_V0: + /* V0 was only in AS-REQ code path */ + if (request->msg_type != KRB5_AS_REQ) + continue; + + code = (*asys->handle_authdata.v0)(context, client, req_pkt, + request, enc_tkt_reply); + break; + case AUTHDATA_SYSTEM_V1: + code = (*asys->handle_authdata.v1)(context, flags, + client, server, krbtgt, + client_key, server_key, + req_pkt, request, for_user_princ, + enc_tkt_request, + enc_tkt_reply); + break; + default: + code = 0; + break; + } + if (code != 0) { + const char *emsg; + + emsg = krb5_get_error_message (context, code); + krb5_klog_syslog (LOG_INFO, + "authdata (%s) handling failure: %s", + asys->name, emsg); + krb5_free_error_message (context, emsg); + + if (asys->flags & AUTHDATA_FLAG_CRITICAL) + break; } } - return 0; + return code; } + diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index ce2dbfc013..1f23b716a7 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -51,6 +51,33 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include "kdc_util.h" @@ -236,13 +263,13 @@ static krb5_preauth_systems static_preauth_systems[] = { "pkinit", KRB5_PADATA_PK_AS_REQ, PA_SUFFICIENT, - NULL, // pa_sys_context - NULL, // init - NULL, // fini + NULL, /* pa_sys_context */ + NULL, /* init */ + NULL, /* fini */ get_pkinit_edata, verify_pkinit_request, return_pkinit_response, - NULL // free_pa_request_context + NULL /* free_pa_request_context */ }, #endif /* APPLE_PKINIT */ { @@ -311,6 +338,27 @@ static krb5_preauth_systems static_preauth_systems[] = { 0, 0 }, + { + "pac-request", + KRB5_PADATA_PAC_REQUEST, + PA_PSEUDO, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL + }, +#if 0 + { + "server-referral", + KRB5_PADATA_SERVER_REFERRAL, + PA_PSEUDO, + 0, + 0, + return_server_referral + }, +#endif { "[end]", -1,} }; @@ -321,21 +369,18 @@ static struct plugin_dir_handle preauth_plugins; krb5_error_code load_preauth_plugins(krb5_context context) { - struct errinfo err; void **preauth_plugins_ftables; struct krb5plugin_preauth_server_ftable_v1 *ftable; - int module_count, i, j, k; + size_t module_count, i, j, k; void *plugin_context; preauth_server_init_proc server_init_proc = NULL; char **kdc_realm_names = NULL; - memset(&err, 0, sizeof(err)); - /* Attempt to load all of the preauth plugins we can find. */ PLUGIN_DIR_INIT(&preauth_plugins); if (PLUGIN_DIR_OPEN(&preauth_plugins) == 0) { if (krb5int_open_plugin_dirs(objdirs, NULL, - &preauth_plugins, &err) != 0) { + &preauth_plugins, &context->err) != 0) { return KRB5_PLUGIN_NO_HANDLE; } } @@ -344,7 +389,7 @@ load_preauth_plugins(krb5_context context) preauth_plugins_ftables = NULL; if (krb5int_get_plugin_dir_data(&preauth_plugins, "preauthentication_server_1", - &preauth_plugins_ftables, &err) != 0) { + &preauth_plugins_ftables, &context->err) != 0) { return KRB5_PLUGIN_NO_HANDLE; } @@ -384,7 +429,7 @@ load_preauth_plugins(krb5_context context) krb5int_free_plugin_dir_data(preauth_plugins_ftables); return ENOMEM; } - for (i = 0; i < kdc_numrealms; i++) { + for (i = 0; i < (size_t)kdc_numrealms; i++) { kdc_realm_names[i] = kdc_realmlist[i]->realm_name; } kdc_realm_names[i] = NULL; @@ -901,8 +946,7 @@ void get_preauth_hint_list(krb5_kdc_req *request, krb5_db_entry *client, "%spreauth required but hint list is empty", hw_only ? "hw" : ""); } - retval = encode_krb5_padata_sequence((const krb5_pa_data **) pa_data, - &edat); + retval = encode_krb5_padata_sequence(pa_data, &edat); if (retval) goto errout; *e_data = *edat; @@ -1108,11 +1152,12 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt, krb5_klog_syslog (LOG_INFO, "no valid preauth type found: %s", emsg); krb5_free_error_message(context, emsg); } + /* The following switch statement allows us * to return some preauth system errors back to the client. */ switch(retval) { - case KRB5KRB_AP_ERR_BAD_INTEGRITY: + case 0: /* in case of PA-PAC-REQUEST with no PA-ENC-TIMESTAMP */ case KRB5KRB_AP_ERR_SKEW: case KRB5KDC_ERR_ETYPE_NOSUPP: /* rfc 4556 */ @@ -1136,6 +1181,7 @@ check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt, /* This value is shared with KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED. */ /* case KRB5KDC_ERR_KEY_TOO_WEAK: */ return retval; + case KRB5KRB_AP_ERR_BAD_INTEGRITY: default: return KRB5KDC_ERR_PREAUTH_FAILED; } @@ -1299,7 +1345,7 @@ verify_enc_timestamp(krb5_context context, krb5_db_entry *client, krb5_timestamp timenow; krb5_error_code decrypt_err = 0; - scratch.data = pa->contents; + scratch.data = (char *)pa->contents; scratch.length = pa->length; enc_ts_data.data = 0; @@ -1508,10 +1554,9 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request, } } if (etype_info2) - retval = encode_krb5_etype_info2((const krb5_etype_info_entry **) entry, - &scratch); - else retval = encode_krb5_etype_info((const krb5_etype_info_entry **) entry, - &scratch); + retval = encode_krb5_etype_info2(entry, &scratch); + else + retval = encode_krb5_etype_info(entry, &scratch); if (retval) goto cleanup; pa_data->contents = (unsigned char *)scratch->data; @@ -1603,13 +1648,13 @@ etype_info_as_rep_helper(krb5_context context, krb5_pa_data * padata, goto cleanup; if (etype_info2) - retval = encode_krb5_etype_info2((const krb5_etype_info_entry **) entry, &scratch); + retval = encode_krb5_etype_info2(entry, &scratch); else - retval = encode_krb5_etype_info((const krb5_etype_info_entry **) entry, &scratch); + retval = encode_krb5_etype_info(entry, &scratch); if (retval) goto cleanup; - tmp_padata->contents = scratch->data; + tmp_padata->contents = (krb5_octet *)scratch->data; tmp_padata->length = scratch->length; *send_pa = tmp_padata; @@ -1779,7 +1824,7 @@ return_sam_data(krb5_context context, krb5_pa_data *in_padata, * all this once. */ - scratch.data = in_padata->contents; + scratch.data = (char *)in_padata->contents; scratch.length = in_padata->length; if ((retval = decode_krb5_sam_response(&scratch, &sr))) { @@ -2092,7 +2137,7 @@ get_sam_edata(krb5_context context, krb5_kdc_req *request, if (retval) goto cleanup; pa_data->magic = KV5M_PA_DATA; pa_data->pa_type = KRB5_PADATA_SAM_CHALLENGE; - pa_data->contents = scratch->data; + pa_data->contents = (krb5_octet *)scratch->data; pa_data->length = scratch->length; retval = 0; @@ -2260,7 +2305,7 @@ sc.sam_challenge_label.length = strlen(sc.sam_challenge_label.data); if (retval) goto cleanup; pa_data->magic = KV5M_PA_DATA; pa_data->pa_type = KRB5_PADATA_SAM_CHALLENGE; - pa_data->contents = scratch->data; + pa_data->contents = (krb5_octet *)scratch->data; pa_data->length = scratch->length; retval = 0; @@ -2291,7 +2336,7 @@ verify_sam_response(krb5_context context, krb5_db_entry *client, krb5_timestamp timenow; char *princ_req = 0, *princ_psr = 0; - scratch.data = pa->contents; + scratch.data = (char *)pa->contents; scratch.length = pa->length; if ((retval = decode_krb5_sam_response(&scratch, &sr))) { @@ -2862,3 +2907,146 @@ cleanup: } #endif /* APPLE_PKINIT */ + +/* + * Returns TRUE if the PAC should be included + */ +krb5_boolean +include_pac_p(krb5_context context, krb5_kdc_req *request) +{ + krb5_error_code code; + krb5_pa_data **padata; + krb5_boolean retval = TRUE; /* default is to return PAC */ + krb5_data data; + krb5_pa_pac_req *req = NULL; + + if (request->padata == NULL) { + return retval; + } + + for (padata = request->padata; *padata != NULL; padata++) { + if ((*padata)->pa_type == KRB5_PADATA_PAC_REQUEST) { + data.data = (char *)(*padata)->contents; + data.length = (*padata)->length; + + code = decode_krb5_pa_pac_req(&data, &req); + if (code == 0) { + retval = req->include_pac; + krb5_free_pa_pac_req(context, req); + req = NULL; + } + break; + } + } + + return retval; +} + +krb5_error_code +return_svr_referral_data(krb5_context context, + krb5_db_entry *server, + krb5_enc_kdc_rep_part *reply_encpart) +{ + krb5_error_code code; + krb5_tl_data tl_data; + krb5_pa_data *pa_data; + + /* This should be initialized and only used for Win2K compat */ + assert(reply_encpart->enc_padata == NULL); + + tl_data.tl_data_type = KRB5_TL_SVR_REFERRAL_DATA; + + code = krb5_dbe_lookup_tl_data(context, server, &tl_data); + if (code || tl_data.tl_data_length == 0) + return 0; /* no server referrals to return */ + + pa_data = (krb5_pa_data *)malloc(sizeof(*pa_data)); + if (pa_data == NULL) + return ENOMEM; + + pa_data->magic = KV5M_PA_DATA; + pa_data->pa_type = KRB5_PADATA_SVR_REFERRAL_INFO; + pa_data->length = tl_data.tl_data_length; + pa_data->contents = malloc(pa_data->length); + if (pa_data->contents == NULL) { + free(pa_data); + return ENOMEM; + } + memcpy(pa_data->contents, tl_data.tl_data_contents, tl_data.tl_data_length); + + reply_encpart->enc_padata = (krb5_pa_data **)calloc(2, sizeof(krb5_pa_data *)); + if (reply_encpart->enc_padata == NULL) { + free(pa_data->contents); + free(pa_data); + return ENOMEM; + } + + reply_encpart->enc_padata[0] = pa_data; + reply_encpart->enc_padata[1] = NULL; + + return 0; +} + +#if 0 +static krb5_error_code return_server_referral(krb5_context context, + krb5_pa_data * padata, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_kdc_req *request, krb5_kdc_rep *reply, + krb5_key_data *client_key, + krb5_keyblock *encrypting_key, + krb5_pa_data **send_pa) +{ + krb5_error_code code; + krb5_tl_data tl_data; + krb5_pa_data *pa_data; + krb5_enc_data enc_data; + krb5_data plain; + krb5_data *enc_pa_data; + + *send_pa = NULL; + + tl_data.tl_data_type = KRB5_TL_SERVER_REFERRAL; + + code = krb5_dbe_lookup_tl_data(context, server, &tl_data); + if (code || tl_data.tl_data_length == 0) + return 0; /* no server referrals to return */ + + plain.length = tl_data.tl_data_length; + plain.data = tl_data.tl_data_contents; + + /* Encrypt ServerReferralData */ + code = krb5_encrypt_helper(context, encrypting_key, + KRB5_KEYUSAGE_PA_SERVER_REFERRAL_DATA, + &plain, &enc_data); + if (code) + return code; + + /* Encode ServerReferralData into PA-SERVER-REFERRAL-DATA */ + code = encode_krb5_enc_data(&enc_data, &enc_pa_data); + if (code) { + krb5_free_data_contents(context, &enc_data.ciphertext); + return code; + } + + krb5_free_data_contents(context, &enc_data.ciphertext); + + /* Return PA-SERVER-REFERRAL-DATA */ + pa_data = (krb5_pa_data *)malloc(sizeof(*pa_data)); + if (pa_data == NULL) { + krb5_free_data(context, enc_pa_data); + return ENOMEM; + } + + pa_data->magic = KV5M_PA_DATA; + pa_data->pa_type = KRB5_PADATA_SVR_REFERRAL_INFO; + pa_data->length = enc_pa_data->length; + pa_data->contents = enc_pa_data->data; + + free(enc_pa_data); /* don't free contents */ + + *send_pa = pa_data; + + return 0; +} +#endif diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index f26ef24931..c1bdd6351c 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -26,6 +26,33 @@ * * Utility functions for the KDC implementation. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include "kdc_util.h" @@ -135,19 +162,22 @@ concat_authorization_data(krb5_authdata **first, krb5_authdata **second, } krb5_boolean -realm_compare(krb5_principal princ1, krb5_principal princ2) +realm_compare(krb5_const_principal princ1, krb5_const_principal princ2) { - krb5_data *realm1 = krb5_princ_realm(kdc_context, princ1); - krb5_data *realm2 = krb5_princ_realm(kdc_context, princ2); + return krb5_realm_compare(kdc_context, princ1, princ2); +} - return data_eq(*realm1, *realm2); +krb5_boolean +is_local_principal(krb5_const_principal princ1) +{ + return krb5_realm_compare(kdc_context, princ1, tgs_server); } /* * Returns TRUE if the kerberos principal is the name of a Kerberos ticket * service. */ -krb5_boolean krb5_is_tgs_principal(krb5_principal principal) +krb5_boolean krb5_is_tgs_principal(krb5_const_principal principal) { if ((krb5_princ_size(kdc_context, principal) > 0) && data_eq_string (*krb5_princ_component(kdc_context, principal, 0), @@ -186,12 +216,29 @@ comp_cksum(krb5_context kcontext, krb5_data *source, krb5_ticket *ticket, return(0); } +krb5_pa_data * +find_pa_data(krb5_pa_data **padata, krb5_preauthtype pa_type) +{ + krb5_pa_data **tmppa; + + if (padata == NULL) + return NULL; + + for (tmppa = padata; *tmppa != NULL; tmppa++) { + if ((*tmppa)->pa_type == pa_type) + break; + } + + return *tmppa; +} + krb5_error_code kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, krb5_data *pkt, krb5_ticket **ticket, + krb5_db_entry *krbtgt, int *nprincs, krb5_keyblock **subkey) { - krb5_pa_data ** tmppa; + krb5_pa_data * tmppa; krb5_ap_req * apreq; krb5_error_code retval; krb5_data scratch1; @@ -200,23 +247,20 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, krb5_auth_context auth_context = NULL; krb5_authenticator * authenticator = NULL; krb5_checksum * his_cksum = NULL; -/* krb5_keyblock * key = NULL;*/ -/* krb5_kvno kvno = 0;*/ + krb5_keyblock * key = NULL; + krb5_kvno kvno = 0; - if (!request->padata) - return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - for (tmppa = request->padata; *tmppa; tmppa++) { - if ((*tmppa)->pa_type == KRB5_PADATA_AP_REQ) - break; - } - if (!*tmppa) /* cannot find any AP_REQ */ + *nprincs = 0; + + tmppa = find_pa_data(request->padata, KRB5_PADATA_AP_REQ); + if (!tmppa) return KRB5KDC_ERR_PADATA_TYPE_NOSUPP; - scratch1.length = (*tmppa)->length; - scratch1.data = (char *)(*tmppa)->contents; + scratch1.length = tmppa->length; + scratch1.data = (char *)tmppa->contents; if ((retval = decode_krb5_ap_req(&scratch1, &apreq))) return retval; - + if (isflagset(apreq->ap_options, AP_OPTS_USE_SESSION_KEY) || isflagset(apreq->ap_options, AP_OPTS_MUTUAL_REQUIRED)) { krb5_klog_syslog(LOG_INFO, "TGS_REQ: SESSION KEY or MUTUAL"); @@ -234,9 +278,7 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, we set a flag here for checking below. */ - if (!data_eq(*krb5_princ_realm(kdc_context, apreq->ticket->server), - *krb5_princ_realm(kdc_context, tgs_server))) - foreign_server = TRUE; + foreign_server = !is_local_principal(apreq->ticket->server); if ((retval = krb5_auth_con_init(kdc_context, &auth_context))) goto cleanup; @@ -250,21 +292,15 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, goto cleanup_auth_context; #endif -/* - if ((retval = kdc_get_server_key(apreq->ticket, &key, &kvno))) + if ((retval = kdc_get_server_key(apreq->ticket, 0, krbtgt, nprincs, &key, &kvno))) goto cleanup_auth_context; -*/ - /* - * XXX This is currently wrong but to fix it will require making a - * new keytab for groveling over the kdb. + * We do not use the KDB keytab because other parts of the TGS need the TGT key. */ -/* retval = krb5_auth_con_setuseruserkey(kdc_context, auth_context, key); krb5_free_keyblock(kdc_context, key); if (retval) goto cleanup_auth_context; -*/ if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq, apreq->ticket->server, @@ -322,11 +358,8 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, } /* make sure the client is of proper lineage (see above) */ - if (foreign_server) { - krb5_data *tkt_realm = krb5_princ_realm(kdc_context, - (*ticket)->enc_part2->client); - krb5_data *tgs_realm = krb5_princ_realm(kdc_context, tgs_server); - if (data_eq(*tkt_realm, *tgs_realm)) { + if (foreign_server && !find_pa_data(request->padata, KRB5_PADATA_FOR_USER)) { + if (is_local_principal((*ticket)->enc_part2->client)) { /* someone in a foreign realm claiming to be local */ krb5_klog_syslog(LOG_INFO, "PROCESS_TGS: failed lineage check"); retval = KRB5KDC_ERR_POLICY; @@ -374,31 +407,32 @@ cleanup: * much else. -- tlyu */ krb5_error_code -kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno) +kdc_get_server_key(krb5_ticket *ticket, unsigned int flags, + krb5_db_entry *server, + int *nprincs, krb5_keyblock **key, krb5_kvno *kvno) { krb5_error_code retval; - krb5_db_entry server; krb5_boolean more; - int nprincs; krb5_key_data * server_key; krb5_keyblock * tmp_mkey; - nprincs = 1; + *nprincs = 1; - if ((retval = get_principal(kdc_context, ticket->server, - &server, &nprincs, - &more))) { + retval = krb5_db_get_principal_ext(kdc_context, + ticket->server, + flags, + server, + nprincs, + &more); + if (retval) { return(retval); } if (more) { - krb5_db_free_principal(kdc_context, &server, nprincs); return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); - } else if (nprincs != 1) { + } else if (*nprincs != 1) { char *sname; - krb5_db_free_principal(kdc_context, &server, nprincs); if (!krb5_unparse_name(kdc_context, ticket->server, &sname)) { - limit_string(sname); krb5_klog_syslog(LOG_ERR,"TGS_REQ: UNKNOWN SERVER: server='%s'", sname); free(sname); @@ -412,7 +446,7 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno) retval = krb5_dbe_find_enctype(kdc_context, &server, ticket->enc_part.enctype, -1, - ticket->enc_part.kvno, &server_key); + (krb5_int32)ticket->enc_part.kvno, &server_key); if (retval) goto errout; if (!server_key) { @@ -424,14 +458,9 @@ kdc_get_server_key(krb5_ticket *ticket, krb5_keyblock **key, krb5_kvno *kvno) retval = krb5_dbekd_decrypt_key_data(kdc_context, tmp_mkey, server_key, *key, NULL); - if (retval) { - free(*key); - *key = NULL; - } } else retval = ENOMEM; errout: - krb5_db_free_principal(kdc_context, &server, nprincs); return retval; } @@ -573,6 +602,7 @@ add_to_transited(krb5_data *tgt_trans, krb5_data *new_trans, char *realm; char *trans; char *otrans, *otrans_ptr; + size_t bufsize; /* The following are for stepping through the transited field */ @@ -601,7 +631,10 @@ add_to_transited(krb5_data *tgt_trans, krb5_data *new_trans, /* +1 for null, +1 for extra comma which may be added between +1 for potential space when leading slash in realm */ - if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 3))) { + bufsize = strlen(realm) + strlen(otrans) + 3; + if (bufsize > MAX_REALM_LN) + bufsize = MAX_REALM_LN; + if (!(trans = (char *) malloc(bufsize))) { retval = ENOMEM; goto fail; } @@ -713,7 +746,7 @@ add_to_transited(krb5_data *tgt_trans, krb5_data *new_trans, /* Note that the second test here is an unsigned comparison, so the first half (or a cast) is also required. */ - assert(nlst < 0 || nlst < sizeof(next)); + assert(nlst < 0 || nlst < (int)sizeof(next)); if ((nlst < 0 || next[nlst] != '.') && (next[0] != '/') && (pl = subrealm(exp, realm))) { @@ -789,17 +822,15 @@ add_to_transited(krb5_data *tgt_trans, krb5_data *new_trans, } if (new_trans->length != 0) { - if (strlen(trans) + 2 >= MAX_REALM_LN) { + if (strlcat(trans, ",", bufsize) >= bufsize) { retval = KRB5KRB_AP_ERR_ILL_CR_TKT; goto fail; } - strcat(trans, ","); } - if (strlen(trans) + strlen(current) + 1 >= MAX_REALM_LN) { + if (strlcat(trans, current, bufsize) >= bufsize) { retval = KRB5KRB_AP_ERR_ILL_CR_TKT; goto fail; } - strcat(trans, current); new_trans->length = strlen(trans); strncpy(prev, exp, sizeof(prev) - 1); @@ -810,24 +841,21 @@ add_to_transited(krb5_data *tgt_trans, krb5_data *new_trans, if (!added) { if (new_trans->length != 0) { - if (strlen(trans) + 2 >= MAX_REALM_LN) { + if (strlcat(trans, ",", bufsize) >= bufsize) { retval = KRB5KRB_AP_ERR_ILL_CR_TKT; goto fail; } - strcat(trans, ","); } if((realm[0] == '/') && trans[0]) { - if (strlen(trans) + 2 >= MAX_REALM_LN) { + if (strlcat(trans, " ", bufsize) >= bufsize) { retval = KRB5KRB_AP_ERR_ILL_CR_TKT; goto fail; } - strcat(trans, " "); } - if (strlen(trans) + strlen(realm) + 1 >= MAX_REALM_LN) { + if (strlcat(trans, realm, bufsize) >= bufsize) { retval = KRB5KRB_AP_ERR_ILL_CR_TKT; goto fail; } - strcat(trans, realm); new_trans->length = strlen(trans); } @@ -907,7 +935,21 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, *status = "POSTDATE NOT ALLOWED"; return(KDC_ERR_CANNOT_POSTDATE); } - + + /* + * A Windows KDC will return KDC_ERR_PREAUTH_REQUIRED instead of + * KDC_ERR_POLICY in the following case: + * + * - KDC_OPT_FORWARDABLE is set in KDCOptions but local + * policy has KRB5_KDB_DISALLOW_FORWARDABLE set for the + * client, and; + * - KRB5_KDB_REQUIRES_PRE_AUTH is set for the client but + * preauthentication data is absent in the request. + * + * Hence, this check most be done after the check for preauth + * data, and is now performed by validate_forwardable(). + */ +#if 0 /* Client and server must allow forwardable tickets */ if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE) && (isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE) || @@ -915,6 +957,7 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, *status = "FORWARDABLE NOT ALLOWED"; return(KDC_ERR_POLICY); } +#endif /* Client and server must allow renewable tickets */ if (isflagset(request->kdc_options, KDC_OPT_RENEWABLE) && @@ -935,7 +978,7 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, /* Check to see if client is locked out */ if (isflagset(client.attributes, KRB5_KDB_DISALLOW_ALL_TIX)) { *status = "CLIENT LOCKED OUT"; - return(KDC_ERR_C_PRINCIPAL_UNKNOWN); + return(KDC_ERR_CLIENT_REVOKED); } /* Check to see if server is locked out */ @@ -947,13 +990,13 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, /* Check to see if server is allowed to be a service */ if (isflagset(server.attributes, KRB5_KDB_DISALLOW_SVR)) { *status = "SERVICE NOT ALLOWED"; - return(KDC_ERR_S_PRINCIPAL_UNKNOWN); + return(KDC_ERR_MUST_USE_USER2USER); } /* * Check against local policy */ - errcode = against_local_policy_as(request, server, client, + errcode = against_local_policy_as(request, client, server, kdc_time, status); if (errcode) return errcode; @@ -961,6 +1004,21 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, return 0; } +int +validate_forwardable(krb5_kdc_req *request, krb5_db_entry client, + krb5_db_entry server, krb5_timestamp kdc_time, + const char **status) +{ + *status = NULL; + if (isflagset(request->kdc_options, KDC_OPT_FORWARDABLE) && + (isflagset(client.attributes, KRB5_KDB_DISALLOW_FORWARDABLE) || + isflagset(server.attributes, KRB5_KDB_DISALLOW_FORWARDABLE))) { + *status = "FORWARDABLE NOT ALLOWED"; + return(KDC_ERR_POLICY); + } else + return 0; +} + #define ASN1_ID_CLASS (0xc0) #define ASN1_ID_TYPE (0x20) #define ASN1_ID_TAG (0x1f) @@ -1068,7 +1126,7 @@ fetch_asn1_field(unsigned char *astream, unsigned int level, lastlevel = tag; if (levels == level) { /* in our context-dependent class, is this the one we're looking for ? */ - if (tag == field) { + if (tag == (int)field) { /* return length and data */ astream++; savelen = *astream; @@ -1115,8 +1173,7 @@ fetch_asn1_field(unsigned char *astream, unsigned int level, KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED | \ KDC_OPT_RENEWABLE | KDC_OPT_RENEWABLE_OK | \ KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_RENEW | \ - KDC_OPT_VALIDATE) - + KDC_OPT_VALIDATE | KDC_OPT_CANONICALIZE | KDC_OPT_CNAME_IN_ADDL_TKT) #define NO_TGT_OPTION (KDC_OPT_FORWARDED | KDC_OPT_PROXY | KDC_OPT_RENEW | \ KDC_OPT_VALIDATE) @@ -1284,7 +1341,7 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server, /* Server must be allowed to be a service */ if (isflagset(server.attributes, KRB5_KDB_DISALLOW_SVR)) { *status = "SERVER NOT ALLOWED"; - return(KDC_ERR_S_PRINCIPAL_UNKNOWN); + return(KDC_ERR_MUST_USE_USER2USER); } /* Check the hot list */ @@ -1330,6 +1387,14 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server, } st_idx++; } + if (isflagset(request->kdc_options, KDC_OPT_CNAME_IN_ADDL_TKT)) { + if (!request->second_ticket || + !request->second_ticket[st_idx]) { + *status = "NO_2ND_TKT"; + return(KDC_ERR_BADOPTION); + } + st_idx++; + } /* Check for hardware preauthentication */ if (isflagset(server.attributes, KRB5_KDB_REQUIRES_HW_AUTH) && @@ -1538,7 +1603,7 @@ ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype) snprintf(stmp, sizeof(stmp), "%s%ld", i ? " " : "", (long)ktype[i]); if (strlen(s) + strlen(stmp) + sizeof("}") > len) break; - strcat(s, stmp); + strlcat(s, stmp, len); } if (i < nktypes) { /* @@ -1553,9 +1618,9 @@ ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype) continue; } } - strcat(s, "..."); + strlcat(s, "...", len); } - strcat(s, "}"); + strlcat(s, "}", len); return; } @@ -1575,7 +1640,7 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep) if (rep->ticket != NULL) { snprintf(stmp, sizeof(stmp), " tkt=%ld", (long)rep->ticket->enc_part.enctype); - strcat(s, stmp); + strlcat(s, stmp, len); } if (rep->ticket != NULL @@ -1583,9 +1648,9 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep) && rep->ticket->enc_part2->session != NULL) { snprintf(stmp, sizeof(stmp), " ses=%ld", (long)rep->ticket->enc_part2->session->enctype); - strcat(s, stmp); + strlcat(s, stmp, len); } - strcat(s, "}"); + strlcat(s, "}", len); return; } @@ -1609,3 +1674,652 @@ get_principal (krb5_context kcontext, return get_principal_locked (kcontext, search_for, entries, nentries, more); } + + +krb5_error_code +sign_db_authdata (krb5_context context, + unsigned int flags, + krb5_const_principal client_princ, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_timestamp authtime, + krb5_authdata **tgs_authdata, + krb5_authdata ***ret_authdata, + krb5_db_entry *ad_entry, + int *ad_nprincs) +{ + krb5_error_code code; + kdb_sign_auth_data_req req; + kdb_sign_auth_data_rep rep; + krb5_data req_data; + krb5_data rep_data; + + *ret_authdata = NULL; + if (ad_entry != NULL) { + assert(ad_nprincs != NULL); + memset(ad_entry, 0, sizeof(*ad_entry)); + *ad_nprincs = 0; + } + + memset(&req, 0, sizeof(req)); + memset(&rep, 0, sizeof(rep)); + + req.flags = flags; + req.client_princ = client_princ; + req.client = client; + req.server = server; + req.krbtgt = krbtgt; + req.client_key = client_key; + req.server_key = server_key; + req.authtime = authtime; + req.auth_data = tgs_authdata; + + rep.entry = ad_entry; + rep.nprincs = 0; + + req_data.data = (void *)&req; + req_data.length = sizeof(req); + + rep_data.data = (void *)&rep; + rep_data.length = sizeof(rep); + + code = krb5_db_invoke(context, + KRB5_KDB_METHOD_SIGN_AUTH_DATA, + &req_data, + &rep_data); + + *ret_authdata = rep.auth_data; + *ad_nprincs = rep.nprincs; + + return code; +} + +static krb5_error_code +verify_s4u2self_checksum(krb5_context context, + krb5_keyblock *key, + krb5_pa_for_user *req) +{ + krb5_error_code code; + int i; + krb5_int32 name_type; + char *p; + krb5_data data; + krb5_boolean valid = FALSE; + + if (!krb5_c_is_keyed_cksum(req->cksum.checksum_type)) { + return KRB5KRB_AP_ERR_INAPP_CKSUM; + } + + /* + * Checksum is over name type and string components of + * client principal name and auth_package. + */ + data.length = 4; + for (i = 0; i < krb5_princ_size(context, req->user); i++) { + data.length += krb5_princ_component(context, req->user, i)->length; + } + data.length += krb5_princ_realm(context, req->user)->length; + data.length += req->auth_package.length; + + p = data.data = malloc(data.length); + if (data.data == NULL) { + return ENOMEM; + } + + name_type = krb5_princ_type(context, req->user); + p[0] = (name_type >> 0 ) & 0xFF; + p[1] = (name_type >> 8 ) & 0xFF; + p[2] = (name_type >> 16) & 0xFF; + p[3] = (name_type >> 24) & 0xFF; + p += 4; + + for (i = 0; i < krb5_princ_size(context, req->user); i++) { + memcpy(p, krb5_princ_component(context, req->user, i)->data, + krb5_princ_component(context, req->user, i)->length); + p += krb5_princ_component(context, req->user, i)->length; + } + + memcpy(p, krb5_princ_realm(context, req->user)->data, + krb5_princ_realm(context, req->user)->length); + p += krb5_princ_realm(context, req->user)->length; + + memcpy(p, req->auth_package.data, req->auth_package.length); + p += req->auth_package.length; + + code = krb5_c_verify_checksum(context, + key, + KRB5_KEYUSAGE_APP_DATA_CKSUM, + &data, + &req->cksum, + &valid); + + if (code == 0 && valid == FALSE) + code = KRB5KRB_AP_ERR_BAD_INTEGRITY; + + free(data.data); + + return code; +} + +/* + * Protocol transition validation code based on AS-REQ + * validation code + */ +static int +validate_s4u2self_request(krb5_kdc_req *request, + const krb5_db_entry *client, + krb5_timestamp kdc_time, + const char **status) +{ + int errcode; + krb5_db_entry server = { 0 }; + + /* The client's password must not be expired, unless the server is + a KRB5_KDC_PWCHANGE_SERVICE. */ + if (client->pw_expiration && client->pw_expiration < kdc_time) { + *status = "CLIENT KEY EXPIRED"; + return KDC_ERR_KEY_EXP; + } + + /* The client must not be expired */ + if (client->expiration && client->expiration < kdc_time) { + *status = "CLIENT EXPIRED"; + return KDC_ERR_NAME_EXP; + } + + /* + * If the client requires password changing, then return an + * error; S4U2Self cannot be used to change a password. + */ + if (isflagset(client->attributes, KRB5_KDB_REQUIRES_PWCHANGE)) { + *status = "REQUIRED PWCHANGE"; + return KDC_ERR_KEY_EXP; + } + + /* Check to see if client is locked out */ + if (isflagset(client->attributes, KRB5_KDB_DISALLOW_ALL_TIX)) { + *status = "CLIENT LOCKED OUT"; + return KDC_ERR_C_PRINCIPAL_UNKNOWN; + } + + /* + * Check against local policy + */ + errcode = against_local_policy_as(request, *client, server, + kdc_time, status); + if (errcode) + return errcode; + + return 0; +} + +/* + * Protocol transition (S4U2Self) + */ +krb5_error_code +kdc_process_s4u2self_req(krb5_context context, + krb5_kdc_req *request, + krb5_const_principal client_princ, + const krb5_db_entry *server, + krb5_keyblock *subkey, + krb5_timestamp kdc_time, + krb5_pa_for_user **for_user, + krb5_db_entry *princ, + int *nprincs, + const char **status) +{ + krb5_error_code code; + krb5_pa_data **pa_data; + krb5_data req_data; + krb5_boolean more; + + *nprincs = 0; + memset(princ, 0, sizeof(*princ)); + + if (request->padata == NULL) { + return 0; + } + + for (pa_data = request->padata; *pa_data != NULL; pa_data++) { + if ((*pa_data)->pa_type == KRB5_PADATA_FOR_USER) + break; + } + if (*pa_data == NULL) { + return 0; + } + +#if 0 + /* + * Ignore request if the server principal is a TGS, not so much + * to avoid unconstrained tickets being issued (as that would + * require knowing the TGS key anyway) but so that we do not + * block the server referral path. + */ + if (krb5_is_tgs_principal(server->princ)) { + return 0; + } +#endif + + *status = "PROCESS_S4U2SELF_REQUEST"; + + req_data.length = (*pa_data)->length; + req_data.data = (char *)(*pa_data)->contents; + + code = decode_krb5_pa_for_user(&req_data, for_user); + if (code) { + return code; + } + + if (krb5_princ_type(context, (*for_user)->user) != + KRB5_NT_ENTERPRISE_PRINCIPAL) { + *status = "INVALID_S4U2SELF_REQUEST"; + return KRB5KDC_ERR_POLICY; + } + + code = verify_s4u2self_checksum(context, subkey, *for_user); + if (code) { + *status = "INVALID_S4U2SELF_CHECKSUM"; + krb5_free_pa_for_user(kdc_context, *for_user); + *for_user = NULL; + return code; + } + if (!krb5_principal_compare_flags(context, request->server, client_princ, + KRB5_PRINCIPAL_COMPARE_ENTERPRISE)) { + *status = "INVALID_S4U2SELF_REQUEST"; + return KRB5KDC_ERR_POLICY; + } + + /* + * Protocol transition is mutually exclusive with renew/forward/etc + * as well as user-to-user and constrained delegation. + * + * We can assert from this check that the header ticket was a TGT, as + * that is validated previously in validate_tgs_request(). + */ + if (request->kdc_options & (NO_TGT_OPTION | KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) { + return KRB5KDC_ERR_BADOPTION; + } + + /* + * Do not attempt to lookup principals in foreign realms. + */ + if (is_local_principal((*for_user)->user)) { + *nprincs = 1; + code = krb5_db_get_principal_ext(kdc_context, + (*for_user)->user, + KRB5_KDB_FLAG_INCLUDE_PAC, + princ, nprincs, &more); + if (code) { + *status = "LOOKING_UP_S4U2SELF_PRINCIPAL"; + *nprincs = 0; + return code; /* caller can free for_user */ + } + + if (more) { + *status = "NON_UNIQUE_S4U2SELF_PRINCIPAL"; + return KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; + } else if (*nprincs != 1) { + *status = "UNKNOWN_S4U2SELF_PRINCIPAL"; + return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN; + } + + code = validate_s4u2self_request(request, princ, kdc_time, status); + if (code) { + return code; + } + } + + *status = NULL; + + return 0; +} + +static krb5_error_code +check_allowed_to_delegate_to(krb5_context context, + const krb5_db_entry *server, + krb5_const_principal proxy) +{ + kdb_check_allowed_to_delegate_req req; + krb5_data req_data; + krb5_data rep_data; + krb5_error_code code; + + /* Can't get a TGT (otherwise it would be unconstrained delegation) */ + if (krb5_is_tgs_principal(proxy)) { + return KRB5KDC_ERR_POLICY; + } + + /* Must be in same realm */ + if (!krb5_realm_compare(context, server->princ, proxy)) { + return KRB5_IN_TKT_REALM_MISMATCH; /* XXX */ + } + + req.server = server; + req.proxy = proxy; + + req_data.data = (void *)&req; + req_data.length = sizeof(req); + + rep_data.data = NULL; + rep_data.length = 0; + + code = krb5_db_invoke(context, + KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE, + &req_data, + &rep_data); + if (code == KRB5_KDB_DBTYPE_NOSUP) { + code = KRB5KDC_ERR_POLICY; + } + + assert(rep_data.length == 0); + + return code; +} + +krb5_error_code +kdc_process_s4u2proxy_req(krb5_context context, + krb5_kdc_req *request, + const krb5_enc_tkt_part *t2enc, + const krb5_db_entry *server, + krb5_const_principal server_princ, + krb5_const_principal proxy_princ, + const char **status) +{ + krb5_error_code errcode; + + /* + * Constrained delegation is mutually exclusive with renew/forward/etc. + * We can assert from this check that the header ticket was a TGT, as + * that is validated previously in validate_tgs_request(). + */ + if (request->kdc_options & (NO_TGT_OPTION | KDC_OPT_ENC_TKT_IN_SKEY)) { + return KRB5KDC_ERR_BADOPTION; + } + + /* Ensure that evidence ticket server matches TGT client */ + if (!krb5_principal_compare(kdc_context, + server->princ, /* after canon */ + server_princ)) { + return KRB5KDC_ERR_SERVER_NOMATCH; + } + + if (!isflagset(t2enc->flags, TKT_FLG_FORWARDABLE)) { + *status = "EVIDENCE_TKT_NOT_FORWARDABLE"; + return KRB5_TKT_NOT_FORWARDABLE; + } + + /* Backend policy check */ + errcode = check_allowed_to_delegate_to(kdc_context, + server, proxy_princ); + if (errcode) { + *status = "NOT_ALLOWED_TO_DELEGATE"; + return errcode; + } + + return 0; +} + +krb5_error_code +kdc_check_transited_list(krb5_context context, + const krb5_data *trans, + const krb5_data *realm1, + const krb5_data *realm2) +{ + krb5_error_code code; + kdb_check_transited_realms_req req; + krb5_data req_data; + krb5_data rep_data; + + /* First check using krb5.conf */ + code = krb5_check_transited_list(kdc_context, trans, realm1, realm2); + if (code) + return code; + + memset(&req, 0, sizeof(req)); + + req.tr_contents = trans; + req.client_realm = realm1; + req.server_realm = realm2; + + req_data.data = (void *)&req; + req_data.length = sizeof(req); + + rep_data.data = NULL; + rep_data.length = 0; + + code = krb5_db_invoke(context, + KRB5_KDB_METHOD_CHECK_TRANSITED_REALMS, + &req_data, + &rep_data); + if (code == KRB5_KDB_DBTYPE_NOSUP) { + code = 0; + } + + assert(rep_data.length == 0); + + return code; +} + +krb5_error_code +audit_as_request(krb5_kdc_req *request, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode) +{ + krb5_error_code code; + kdb_audit_as_req req; + krb5_data req_data; + krb5_data rep_data; + + memset(&req, 0, sizeof(req)); + + req.request = request; + req.client = client; + req.server = server; + req.authtime = authtime; + req.error_code = errcode; + + req_data.data = (void *)&req; + req_data.length = sizeof(req); + + rep_data.data = NULL; + rep_data.length = 0; + + code = krb5_db_invoke(kdc_context, + KRB5_KDB_METHOD_AUDIT_AS, + &req_data, + &rep_data); + if (code == KRB5_KDB_DBTYPE_NOSUP) { + return 0; + } + + assert(rep_data.length == 0); + + return code; +} + +krb5_error_code +audit_tgs_request(krb5_kdc_req *request, + krb5_const_principal client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode) +{ + krb5_error_code code; + kdb_audit_tgs_req req; + krb5_data req_data; + krb5_data rep_data; + + memset(&req, 0, sizeof(req)); + + req.request = request; + req.client = client; + req.server = server; + req.authtime = authtime; + req.error_code = errcode; + + req_data.data = (void *)&req; + req_data.length = sizeof(req); + + rep_data.data = NULL; + rep_data.length = 0; + + code = krb5_db_invoke(kdc_context, + KRB5_KDB_METHOD_AUDIT_TGS, + &req_data, + &rep_data); + if (code == KRB5_KDB_DBTYPE_NOSUP) { + return 0; + } + + assert(rep_data.length == 0); + + return code; +} + +krb5_error_code +validate_transit_path(krb5_context context, + krb5_const_principal client, + krb5_db_entry *server, + krb5_db_entry *krbtgt) +{ + /* Incoming */ + if (isflagset(server->attributes, KRB5_KDB_XREALM_NON_TRANSITIVE)) { + return KRB5KDC_ERR_PATH_NOT_ACCEPTED; + } + + /* Outgoing */ + if (isflagset(krbtgt->attributes, KRB5_KDB_XREALM_NON_TRANSITIVE) && + (!krb5_principal_compare(context, server->princ, krbtgt->princ) || + !krb5_realm_compare(context, client, krbtgt->princ))) { + return KRB5KDC_ERR_PATH_NOT_ACCEPTED; + } + + return 0; +} + + +/* Main logging routines for ticket requests. + + There are a few simple cases -- unparseable requests mainly -- + where messages are logged otherwise, but once a ticket request can + be decoded in some basic way, these routines are used for logging + the details. */ + +/* "status" is null to indicate success. */ +/* Someday, pass local address/port as well. */ +void +log_as_req(const krb5_fulladdr *from, + krb5_kdc_req *request, krb5_kdc_rep *reply, + const char *cname, const char *sname, + krb5_timestamp authtime, + const char *status, krb5_error_code errcode, const char *emsg) +{ + const char *fromstring = 0; + char fromstringbuf[70]; + char ktypestr[128]; + const char *cname2 = cname ? cname : ""; + const char *sname2 = sname ? sname : ""; + + fromstring = inet_ntop(ADDRTYPE2FAMILY (from->address->addrtype), + from->address->contents, + fromstringbuf, sizeof(fromstringbuf)); + if (!fromstring) + fromstring = ""; + ktypes2str(ktypestr, sizeof(ktypestr), + request->nktypes, request->ktype); + + if (status == NULL) { + /* success */ + char rep_etypestr[128]; + rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); + krb5_klog_syslog(LOG_INFO, + "AS_REQ (%s) %s: ISSUE: authtime %d, %s, %s for %s", + ktypestr, fromstring, authtime, + rep_etypestr, cname2, sname2); + } else { + /* fail */ + krb5_klog_syslog(LOG_INFO, "AS_REQ (%s) %s: %s: %s for %s%s%s", + ktypestr, fromstring, status, + cname2, sname2, emsg ? ", " : "", emsg ? emsg : ""); + } +#if 0 + /* Sun (OpenSolaris) version would probably something like this. + The client and server names passed can be null, unlike in the + logging routines used above. Note that a struct in_addr is + used, but the real address could be an IPv6 address. */ + audit_krb5kdc_as_req(some in_addr *, (in_port_t)from->port, 0, + cname, sname, errcode); +#endif +} + +/* Here "status" must be non-null. Error code + KRB5KDC_ERR_SERVER_NOMATCH is handled specially. */ +void +log_tgs_req(const krb5_fulladdr *from, + krb5_kdc_req *request, krb5_kdc_rep *reply, + const char *cname, const char *sname, const char *altcname, + krb5_timestamp authtime, + const char *status, krb5_error_code errcode, const char *emsg) +{ + char ktypestr[128]; + const char *fromstring = 0; + char fromstringbuf[70]; + char rep_etypestr[128]; + + fromstring = inet_ntop(ADDRTYPE2FAMILY(from->address->addrtype), + from->address->contents, + fromstringbuf, sizeof(fromstringbuf)); + if (!fromstring) + fromstring = ""; + ktypes2str(ktypestr, sizeof(ktypestr), request->nktypes, request->ktype); + if (!errcode) + rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), reply); + else + rep_etypestr[0] = 0; + + /* Differences: server-nomatch message logs 2nd ticket's client + name (useful), and doesn't log ktypestr (probably not + important). */ + if (errcode != KRB5KDC_ERR_SERVER_NOMATCH) + krb5_klog_syslog(LOG_INFO, + "TGS_REQ (%s) %s: %s: authtime %d, %s%s %s for %s%s%s", + ktypestr, + fromstring, status, authtime, + rep_etypestr, + !errcode ? "," : "", + cname ? cname : "", + sname ? sname : "", + errcode ? ", " : "", + errcode ? emsg : ""); + else + krb5_klog_syslog(LOG_INFO, + "TGS_REQ %s: %s: authtime %d, %s for %s, 2nd tkt client %s", + fromstring, status, authtime, + cname ? cname : "", + sname ? sname : "", + altcname ? altcname : ""); + + /* OpenSolaris: audit_krb5kdc_tgs_req(...) or + audit_krb5kdc_tgs_req_2ndtktmm(...) */ +} + +void +log_tgs_alt_tgt(krb5_principal p) +{ + char *sname; + if (krb5_unparse_name(kdc_context, p, &sname)) { + krb5_klog_syslog(LOG_INFO, + "TGS_REQ: issuing alternate TGT"); + } else { + limit_string(sname); + krb5_klog_syslog(LOG_INFO, "TGS_REQ: issuing TGT %s", sname); + free(sname); + } + /* OpenSolaris: audit_krb5kdc_tgs_req_alt_tgt(...) */ +} + diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index b535acd819..0d8e36bfd2 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -31,6 +31,7 @@ #define __KRB5_KDC_UTIL__ #include "kdb.h" +#include "kdb_ext.h" typedef struct _krb5_fulladdr { krb5_address * address; @@ -38,8 +39,9 @@ typedef struct _krb5_fulladdr { } krb5_fulladdr; krb5_error_code check_hot_list (krb5_ticket *); -krb5_boolean realm_compare (krb5_principal, krb5_principal); -krb5_boolean krb5_is_tgs_principal (krb5_principal); +krb5_boolean realm_compare (krb5_const_principal, krb5_const_principal); +krb5_boolean is_local_principal(krb5_const_principal princ1); +krb5_boolean krb5_is_tgs_principal (krb5_const_principal); krb5_error_code add_to_transited (krb5_data *, krb5_data *, krb5_principal, @@ -62,16 +64,22 @@ krb5_error_code kdc_process_tgs_req const krb5_fulladdr *, krb5_data *, krb5_ticket **, + krb5_db_entry *krbtgt, + int *nprincs, krb5_keyblock **); -krb5_error_code kdc_get_server_key (krb5_ticket *, - krb5_keyblock **, - krb5_kvno *); +krb5_error_code kdc_get_server_key (krb5_ticket *, unsigned int, + krb5_db_entry *, int *, + krb5_keyblock **, krb5_kvno *); int validate_as_request (krb5_kdc_req *, krb5_db_entry, krb5_db_entry, krb5_timestamp, const char **); +int validate_forwardable(krb5_kdc_req *, krb5_db_entry, + krb5_db_entry, krb5_timestamp, + const char **); + int validate_tgs_request (krb5_kdc_req *, krb5_db_entry, krb5_ticket *, krb5_timestamp, const char **); @@ -164,13 +172,26 @@ krb5_error_code return_padata krb5_error_code free_padata_context (krb5_context context, void **padata_context); +krb5_pa_data *find_pa_data + (krb5_pa_data **padata, krb5_preauthtype pa_type); + /* kdc_authdata.c */ krb5_error_code load_authdata_plugins(krb5_context context); krb5_error_code unload_authdata_plugins(krb5_context context); -krb5_error_code handle_authdata (krb5_context context, krb5_db_entry *client, - krb5_data *req_pkt, krb5_kdc_req *request, - krb5_enc_tkt_part *enc_tkt_reply); +krb5_error_code +handle_authdata (krb5_context context, + unsigned int flags, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_const_principal for_user_princ, + krb5_enc_tkt_part *enc_tkt_request, + krb5_enc_tkt_part *enc_tkt_reply); /* replay.c */ krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **); @@ -188,20 +209,97 @@ get_principal (krb5_context kcontext, krb5_const_principal search_for, krb5_db_entry *entries, int *nentries, krb5_boolean *more); +krb5_boolean +include_pac_p(krb5_context context, krb5_kdc_req *request); + +krb5_error_code return_svr_referral_data + (krb5_context context, + krb5_db_entry *server, + krb5_enc_kdc_rep_part *reply_encpart); + +krb5_error_code sign_db_authdata + (krb5_context context, + unsigned int flags, + krb5_const_principal client_princ, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_db_entry *krbtgt, + krb5_keyblock *client_key, + krb5_keyblock *server_key, + krb5_timestamp authtime, + krb5_authdata **tgs_authdata, + krb5_authdata ***ret_authdata, + krb5_db_entry *ad_entry, + int *ad_nprincs); + +krb5_error_code kdc_process_s4u2self_req + (krb5_context context, + krb5_kdc_req *request, + krb5_const_principal client_princ, + const krb5_db_entry *server, + krb5_keyblock *subkey, + krb5_timestamp kdc_time, + krb5_pa_for_user **s4u2_req, + krb5_db_entry *princ, + int *nprincs, + const char **status); + +krb5_error_code kdc_process_s4u2proxy_req + (krb5_context context, + krb5_kdc_req *request, + const krb5_enc_tkt_part *t2enc, + const krb5_db_entry *server, + krb5_const_principal server_princ, + krb5_const_principal proxy_princ, + const char **status); + +krb5_error_code kdc_check_transited_list + (krb5_context context, + const krb5_data *trans, + const krb5_data *realm1, + const krb5_data *realm2); + +krb5_error_code audit_as_request + (krb5_kdc_req *request, + krb5_db_entry *client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode); + +krb5_error_code audit_tgs_request + (krb5_kdc_req *request, + krb5_const_principal client, + krb5_db_entry *server, + krb5_timestamp authtime, + krb5_error_code errcode); + +krb5_error_code +validate_transit_path(krb5_context context, + krb5_const_principal client, + krb5_db_entry *server, + krb5_db_entry *krbtgt); + + +void +log_as_req(const krb5_fulladdr *from, + krb5_kdc_req *request, krb5_kdc_rep *reply, + const char *cname, const char *sname, + krb5_timestamp authtime, + const char *status, krb5_error_code errcode, const char *emsg); +void +log_tgs_req(const krb5_fulladdr *from, + krb5_kdc_req *request, krb5_kdc_rep *reply, + const char *cname, const char *sname, const char *altcname, + krb5_timestamp authtime, + const char *status, krb5_error_code errcode, const char *emsg); +void log_tgs_alt_tgt(krb5_principal p); + + + #define isflagset(flagfield, flag) (flagfield & (flag)) #define setflag(flagfield, flag) (flagfield |= (flag)) #define clear(flagfield, flag) (flagfield &= ~(flag)) -#ifdef KRB5_KRB4_COMPAT -krb5_error_code process_v4 (const krb5_data *, - const krb5_fulladdr *, - krb5_data **); -void process_v4_mode (const char *, const char *); -void enable_v4_crossrealm(char *); -#else -#define process_v4(foo,bar,quux,foobar) KRB5KRB_AP_ERR_BADVERSION -#endif - #ifndef min #define min(a, b) ((a) < (b) ? (a) : (b)) #define max(a, b) ((a) > (b) ? (a) : (b)) diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c deleted file mode 100644 index b2bfa4b54a..0000000000 --- a/src/kdc/kerberos_v4.c +++ /dev/null @@ -1,1189 +0,0 @@ -/* - * kdc/kerberos_v4.c - * - * Copyright 1985, 1986, 1987, 1988,1991,2007 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "autoconf.h" -#ifdef KRB5_KRB4_COMPAT -#define BACKWARD_COMPAT - -#include "k5-int.h" -#include "kdc_util.h" -#include "adm_proto.h" - -#include - -#include -#include -#include -#include -#include -#ifdef HAVE_SYS_TIME_H -#include -#ifdef TIME_WITH_SYS_TIME -#include -#endif -#else -#include -#endif -#include -#include -#include -#include -#include - -/* v4 include files: - */ -#include -#include -#include -#include -#include - -#ifdef NEED_SWAB_PROTO -extern void swab(const void *, void *, size_t ); -#endif - -static int compat_decrypt_key (krb5_key_data *, C_Block, - krb5_keyblock *, int); -static int kerb_get_principal (char *, char *, Principal *, - int *, krb5_keyblock *, krb5_kvno, - int, krb5_deltat *); -static int check_princ (char *, char *, int, Principal *, - krb5_keyblock *, int, krb5_deltat *); - -static char * v4_klog (int, const char *, ...) -#if !defined(__cplusplus) && (__GNUC__ > 2) - __attribute__((__format__(__printf__, 2, 3))) -#endif - ; -#define klog v4_klog - -/* Byte ordering */ -/*#define MSB_FIRST 0 / * 68000, IBM RT/PC */ -/*#define LSB_FIRST 1 / * Vax, PC8086 */ -#if defined K5_LE -# define HOST_BYTE_ORDER 1 -#elif defined K5_BE -# define HOST_BYTE_ORDER 0 -#else -static int krbONE = 1; -# define HOST_BYTE_ORDER (* (char *) &krbONE) -#endif - -#ifndef BACKWARD_COMPAT -static Key_schedule master_key_schedule; -static C_Block master_key; -#endif - -static struct timeval kerb_time; -static Principal a_name_data; /* for requesting user */ -static Principal s_name_data; /* for services requested */ -static C_Block session_key; - -static char log_text[512]; -static char *lt; - -/* fields within the received request packet */ -static u_char req_msg_type; -static u_char req_version; -static char *req_name_ptr; -static char *req_inst_ptr; -static char *req_realm_ptr; - -static krb5_ui_4 req_time_ws; - -static char local_realm[REALM_SZ]; - -static long n_auth_req; -static long n_appl_req; - -static long pause_int = -1; - -static void hang(void); - - -/* v4/v5 backwards-compatibility stub routines, - * which allow the v5 server to handle v4 packets - * by invoking substantially-unaltered v4 server code. - * this is only necessary during the installation's conversion to v5. - * process_v4() is invoked by v5's dispatch() routine; - * when the v4 server needs to access the v5 database, - * it calls the other stubs. - * - * until all kerberized application-programs are updated, - * this approach inflates the v5 server's code size, - * but it's easier to debug than a concurrent, subordinate v4 server would be. - */ - -/* - * v5 include files: - */ -#include "com_err.h" -#include "extern.h" /* to pick up master_princ */ - -static krb5_data *kerberos_v4 (struct sockaddr_in *, KTEXT); -static krb5_data *kerb_err_reply (struct sockaddr_in *, KTEXT, long, char *); -static int set_tgtkey (char *, krb5_kvno, krb5_boolean); - -/* Attributes converted from V5 to V4 - internal representation */ -#define V4_KDB_REQUIRES_PREAUTH 0x1 -#define V4_KDB_DISALLOW_ALL_TIX 0x2 -#define V4_KDB_REQUIRES_PWCHANGE 0x4 -#define V4_KDB_DISALLOW_SVR 0x8 - -/* v4 compatibitly mode switch */ -#define KDC_V4_NONE 0 /* Don't even respond to packets */ -#define KDC_V4_DISABLE 1 /* V4 requests return an error */ -#define KDC_V4_FULL 2 /* Preauth required go through */ -#define KDC_V4_NOPREAUTH 3 /* Preauth required disallowed */ - -#define KDC_V4_DEFAULT_MODE KDC_V4_NONE -/* Flag on how to handle v4 */ -static int kdc_v4; - -struct v4mode_lookup_entry { - int mode; /* Mode setting */ - const char * v4_specifier; /* How to recognize it */ -}; - -static const struct v4mode_lookup_entry v4mode_table[] = { -/* mode input specifier */ -{ KDC_V4_NONE, "none" }, -{ KDC_V4_DISABLE, "disable" }, -{ KDC_V4_FULL, "full" }, -{ KDC_V4_NOPREAUTH, "nopreauth" } -}; - -static const int v4mode_table_nents = sizeof(v4mode_table)/ - sizeof(v4mode_table[0]); - -static int allow_v4_crossrealm = 0; - -void process_v4_mode(const char *program_name, const char *string) -{ - int i, found; - - found = 0; - kdc_v4 = KDC_V4_DEFAULT_MODE; - - if(!string) return; /* Set to default mode */ - - for (i=0; iaddress; - krb5_error_code retval; - krb5_timestamp now; - KTEXT_ST v4_pkt; - char *lrealm; - - /* Check if disabled completely */ - if (kdc_v4 == KDC_V4_NONE) { - (void) klog(L_KRB_PERR, "Disabled KRB V4 request"); - return KRB5KDC_ERR_BAD_PVNO; - } - - - if ((retval = krb5_timeofday(kdc_context, &now))) - return(retval); - kerb_time.tv_sec = now; - - if (!*local_realm) { /* local-realm name already set up */ - lrealm = master_princ->realm.data; - if (master_princ->realm.length < sizeof(local_realm)) { - memcpy(local_realm, lrealm, master_princ->realm.length); - local_realm[master_princ->realm.length] = '\0'; - } else - retval = KRB5_CONFIG_NOTENUFSPACE; - } - /* convert client_fulladdr to client_sockaddr: - */ - client_sockaddr.sin_family = AF_INET; - client_sockaddr.sin_port = client_fulladdr->port; - if (client_fulladdr->address->addrtype != ADDRTYPE_INET) { - klog(L_KRB_PERR, "got krb4 request from non-ipv4 address"); - client_sockaddr.sin_addr.s_addr = 0; - } else - memcpy(&client_sockaddr.sin_addr, addr->contents, - sizeof client_sockaddr.sin_addr); - memset( client_sockaddr.sin_zero, 0, sizeof client_sockaddr.sin_zero); - - /* convert v5 packet structure to v4's. - * this copy is gross, but necessary: - */ - if (pkt->length > MAX_KTXT_LEN) { - (void) klog(L_KRB_PERR, "V4 request too long."); - return KRB5KRB_ERR_FIELD_TOOLONG; - } - memset( &v4_pkt, 0, sizeof(v4_pkt)); - v4_pkt.length = pkt->length; - v4_pkt.mbz = 0; - memcpy( v4_pkt.dat, pkt->data, pkt->length); - - *resp = kerberos_v4( &client_sockaddr, &v4_pkt); - return(retval); -} - -static char * v4_klog( int type, const char *format, ...) -{ - int logpri = LOG_INFO; - va_list pvar; - va_start(pvar, format); - - switch (type) { - case L_ERR_SEXP: - case L_ERR_NKY: - case L_ERR_NUN: - case L_ERR_UNK: - case L_KRB_PERR: - logpri = LOG_ERR; - case L_INI_REQ: - case L_NTGT_INTK: - case L_TKT_REQ: - case L_APPL_REQ: - strcpy(log_text, "PROCESS_V4:"); - vsnprintf(log_text+strlen(log_text), - sizeof(log_text) - strlen(log_text), - format, pvar); - krb5_klog_syslog(logpri, "%s", log_text); - default: - /* ignore the other types... */ - ; - } - va_end(pvar); - return(log_text); -} - -static -krb5_data *make_response(const char *msg, int len) -{ - krb5_data *response; - - if ( !(response = (krb5_data *) malloc( sizeof *response))) { - return 0; - } - if ( !(response->data = (char *) malloc( len))) { - krb5_free_data(kdc_context, response); - return 0; - } - response->length = len; - memcpy( response->data, msg, len); - return response; -} -static void -hang(void) -{ - if (pause_int == -1) { - klog(L_KRB_PERR, "Kerberos will pause so as not to loop init"); - /* for (;;) - pause(); */ - } else { - char buf[256]; - snprintf(buf, sizeof(buf), - "Kerberos will wait %d seconds before dying so as not to loop init", - (int) pause_int); - klog(L_KRB_PERR, buf); - sleep((unsigned) pause_int); - klog(L_KRB_PERR, "Do svedania....\n"); - /* exit(1); */ - } -} -#define kdb_encrypt_key( in, out, mk, mks, e_d_flag) -#define LONGLEN 4 -#define K4KDC_ENCTYPE_OK(e) \ -((e) == ENCTYPE_DES_CBC_CRC \ - || (e) == ENCTYPE_DES_CBC_MD4 \ - || (e) == ENCTYPE_DES_CBC_MD5 \ - || (e) == ENCTYPE_DES_CBC_RAW) - -/* take a v5 keyblock, masquerading as a v4 key, - * decrypt it, and convert the resulting v5 keyblock - * to a real v4 key. - * this is ugly, but it saves changing more v4 code. - * - * Also, keep old krb5_keyblock around in case we want to use it later. - */ -static int -compat_decrypt_key (krb5_key_data *in5, unsigned char *out4, - krb5_keyblock *out5, int issrv) -{ - krb5_error_code retval; - - out5->contents = NULL; - memset(out4, 0, sizeof(out4)); - retval = krb5_dbekd_decrypt_key_data(kdc_context, &master_keyblock, - in5, out5, NULL); - if (retval) { - lt = klog(L_DEATH_REQ, "KDC can't decrypt principal's key."); - out5->contents = NULL; - return(retval); - } - if (K4KDC_ENCTYPE_OK(out5->enctype)) { - if (out5->length == KRB5_MIT_DES_KEYSIZE) - memcpy(out4, out5->contents, out5->length); - else { - lt = klog(L_DEATH_REQ, "internal keysize error in kdc"); - krb5_free_keyblock_contents(kdc_context, out5); - out5->contents = NULL; - retval = -1; - } - } else { - if (!issrv) { - lt = klog(L_DEATH_REQ, "incompatible principal key type."); - krb5_free_keyblock_contents(kdc_context, out5); - out5->contents = NULL; - retval = -1; - } else { - /* KLUDGE! If it's a non-raw des3 key, bash its enctype */ - if (out5->enctype == ENCTYPE_DES3_CBC_SHA1 ) - out5->enctype = ENCTYPE_DES3_CBC_RAW; - } - } - return(retval); -} - -/* array of name-components + NULL ptr - */ - -/* - * Previously this code returned either a v4 key or a v5 key and you - * could tell from the enctype of the v5 key whether the v4 key was - * useful. Now we return both keys so the code can try both des3 and - * des decryption. We fail if the ticket doesn't have a v4 key. - * Also, note as a side effect, the v5 key is basically useless in - * the client case. It is still returned so the caller can free it. - */ -static int -kerb_get_principal(char *name, char *inst, /* could have wild cards */ - Principal *principal, - int *more, /* more tuples than room for */ - krb5_keyblock *k5key, krb5_kvno kvno, - int issrv, /* true if retrieving a service key */ - krb5_deltat *k5life) -{ - /* Note that this structure should not be passed to the - krb5_free* functions, because the pointers within it point - to data with other references. */ - krb5_principal search; - - krb5_db_entry entries; /* filled in by krb5_db_get_principal() */ - int nprinc; /* how many found */ - krb5_boolean more5; /* are there more? */ - C_Block k; - short toggle = 0; - unsigned long *date; - char* text; - struct tm *tp; - krb5_key_data *pkey; - krb5_error_code retval; - - *more = 0; - /* begin setting up the principal structure - * with the first info we have: - */ - memcpy( principal->name, name, 1 + strlen( name)); - memcpy( principal->instance, inst, 1 + strlen( inst)); - - /* the principal-name format changed between v4 & v5: - * v4: name.instance@realm - * v5: realm/name/instance - * in v5, null instance means the null-component doesn't exist. - */ - - if ((retval = krb5_425_conv_principal(kdc_context, name, inst, - local_realm, &search))) - return(0); - - /* The krb4 support in the KDC is not thread-safe yet, so maintain - the global lock until that gets fixed. */ - if ((retval = get_principal_locked(kdc_context, search, &entries, - &nprinc, &more5))) { - krb5_free_principal(kdc_context, search); - return(0); - } - principal->key_low = principal->key_high = 0; - krb5_free_principal(kdc_context, search); - - if (nprinc < 1) { - *more = (int)more5 || (nprinc > 1); - return(nprinc); - } - - if (!issrv) { - if (krb5_dbe_find_enctype(kdc_context, - &entries, - ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_V4, - kvno, - &pkey) && - krb5_dbe_find_enctype(kdc_context, - &entries, - ENCTYPE_DES_CBC_CRC, - -1, - kvno, - &pkey)) { - lt = klog(L_KRB_PERR, - "KDC V4: principal %s.%s isn't V4 compatible", - name, inst); - krb5_db_free_principal(kdc_context, &entries, nprinc); - return(0); - } - } else { - if ( krb5_dbe_find_enctype(kdc_context, &entries, - ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_V4, kvno, &pkey) && - krb5_dbe_find_enctype(kdc_context, &entries, - ENCTYPE_DES_CBC_CRC, - -1, kvno, &pkey)) { - lt = klog(L_KRB_PERR, - "KDC V4: failed to find key for %s.%s #%d", - name, inst, kvno); - krb5_db_free_principal(kdc_context, &entries, nprinc); - return(0); - } - } - - if (!compat_decrypt_key(pkey, k, k5key, issrv)) { - memcpy( &principal->key_low, k, LONGLEN); - memcpy( &principal->key_high, (krb5_ui_4 *) k + 1, LONGLEN); - } - memset(k, 0, sizeof k); - if (issrv) { - krb5_free_keyblock_contents (kdc_context, k5key); - if (krb5_dbe_find_enctype(kdc_context, &entries, - ENCTYPE_DES3_CBC_RAW, - -1, kvno, &pkey) && - krb5_dbe_find_enctype(kdc_context, &entries, - ENCTYPE_DES3_CBC_SHA1, - -1, kvno, &pkey) && - krb5_dbe_find_enctype(kdc_context, &entries, - ENCTYPE_DES_CBC_CRC, - KRB5_KDB_SALTTYPE_V4, kvno, &pkey) && - krb5_dbe_find_enctype(kdc_context, &entries, - ENCTYPE_DES_CBC_CRC, - -1, kvno, &pkey)) { - lt = klog(L_KRB_PERR, - "KDC V4: failed to find key for %s.%s #%d (after having found it once)", - name, inst, kvno); - krb5_db_free_principal(kdc_context, &entries, nprinc); - return(0); - } - compat_decrypt_key(pkey, k, k5key, issrv); - memset (k, 0, sizeof k); - } - - - /* - * Convert v5's entries struct to v4's Principal struct: - * v5's time-unit for lifetimes is 1 sec, while v4 uses 5 minutes, - * and gets weirder above (128 * 300) seconds. - */ - principal->max_life = krb_time_to_life(0, entries.max_life); - if (k5life != NULL) - *k5life = entries.max_life; - /* - * This is weird, but the intent is that the expiration is the minimum - * of the principal expiration and key expiration - */ - principal->exp_date = (unsigned long) - entries.expiration && entries.pw_expiration ? - min(entries.expiration, entries.pw_expiration) : - (entries.pw_expiration ? entries.pw_expiration : - entries.expiration); -/* principal->mod_date = (unsigned long) entries.mod_date; */ -/* Set the master key version to 1. It's not really useful because all keys - * will be encrypted in the same master key version, and digging out the - * actual key version will be harder than it's worth --proven */ -/* principal->kdc_key_ver = entries.mkvno; */ - principal->kdc_key_ver = 1; - principal->key_version = pkey->key_data_kvno; - /* We overload the attributes with the relevant v5 ones */ - principal->attributes = 0; - if (isflagset(entries.attributes, KRB5_KDB_REQUIRES_HW_AUTH) || - isflagset(entries.attributes, KRB5_KDB_REQUIRES_PRE_AUTH)) { - principal->attributes |= V4_KDB_REQUIRES_PREAUTH; - } - if (isflagset(entries.attributes, KRB5_KDB_DISALLOW_ALL_TIX)) { - principal->attributes |= V4_KDB_DISALLOW_ALL_TIX; - } - if (issrv && isflagset(entries.attributes, KRB5_KDB_DISALLOW_SVR)) { - principal->attributes |= V4_KDB_DISALLOW_SVR; - } - if (isflagset(entries.attributes, KRB5_KDB_REQUIRES_PWCHANGE)) { - principal->attributes |= V4_KDB_REQUIRES_PWCHANGE; - } - - /* set up v4 format of each date's text: */ - for ( date = &principal->exp_date, text = principal->exp_date_txt; - toggle ^= 1; - date = &principal->mod_date, text = principal->mod_date_txt) { - tp = localtime( (time_t *) date); - snprintf(text, sizeof(principal->mod_date_txt), "%4d-%02d-%02d", - tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900, - tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ - } - /* - * free the storage held by the v5 entry struct, - * which was allocated by krb5_db_get_principal(). - * this routine clears the keyblock's contents for us. - */ - krb5_db_free_principal(kdc_context, &entries, nprinc); - *more = (int) more5 || (nprinc > 1); - return( nprinc); -} - -static void str_length_check(char *str, int max_size) -{ - int i; - char *cp; - - for (i=0, cp = str; i < max_size-1; i++, cp++) { - if (*cp == 0) - return; - } - *cp = 0; -} - -static krb5_data * -kerberos_v4(struct sockaddr_in *client, KTEXT pkt) -{ - static KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; - static KTEXT_ST ciph_st; - KTEXT ciph = &ciph_st; - static KTEXT_ST tk_st; - KTEXT tk = &tk_st; - static KTEXT_ST auth_st; - KTEXT auth = &auth_st; - AUTH_DAT ad_st; - AUTH_DAT *ad = &ad_st; - krb5_data *response = 0; - - static struct in_addr client_host; - static int msg_byte_order; - static int swap_bytes; - static u_char k_flags; - /* char *p_name, *instance; */ - int lifetime = 0; - int i; - C_Block key; - Key_schedule key_s; - char *ptr; - - krb5_keyblock k5key; - krb5_kvno kvno; - krb5_deltat sk5life, ck5life; - KRB4_32 v4endtime, v4req_end; - - k5key.contents = NULL; /* in case we have to free it */ - - ciph->length = 0; - - client_host = client->sin_addr; - - /* eval macros and correct the byte order and alignment as needed */ - req_version = pkt_version(pkt); /* 1 byte, version */ - req_msg_type = pkt_msg_type(pkt); /* 1 byte, Kerberos msg type */ - - /* set these to point to something safe */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; - - /* check if disabled, but we tell client */ - if (kdc_v4 == KDC_V4_DISABLE) { - lt = klog(L_KRB_PERR, - "KRB will not handle v4 request from %s", - inet_ntoa(client_host)); - /* send an error reply */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; - return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - } - - /* check packet version */ - if (req_version != KRB_PROT_VERSION) { - lt = klog(L_KRB_PERR, - "KRB prot version mismatch: KRB =%d request = %d", - KRB_PROT_VERSION, req_version); - /* send an error reply */ - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; - return kerb_err_reply(client, pkt, KERB_ERR_PKT_VER, lt); - } - msg_byte_order = req_msg_type & 1; - - swap_bytes = 0; - if (msg_byte_order != HOST_BYTE_ORDER) { - swap_bytes++; - } - klog(L_KRB_PINFO, - "Prot version: %d, Byte order: %d, Message type: %d", - (int) req_version, msg_byte_order, req_msg_type); - - switch (req_msg_type & ~1) { - - case AUTH_MSG_KDC_REQUEST: - { - int req_life; /* Requested liftime */ - unsigned int request_backdate = 0; /*How far to backdate - in seconds.*/ - char *service; /* Service name */ - char *instance; /* Service instance */ -#ifdef notdef - int kerno; /* Kerberos error number */ -#endif - n_auth_req++; - tk->length = 0; - k_flags = 0; /* various kerberos flags */ - - - /* set up and correct for byte order and alignment */ - req_name_ptr = (char *) pkt_a_name(pkt); - str_length_check(req_name_ptr, ANAME_SZ); - req_inst_ptr = (char *) pkt_a_inst(pkt); - str_length_check(req_inst_ptr, INST_SZ); - req_realm_ptr = (char *) pkt_a_realm(pkt); - str_length_check(req_realm_ptr, REALM_SZ); - memcpy(&req_time_ws, pkt_time_ws(pkt), sizeof(req_time_ws)); - /* time has to be diddled */ - if (swap_bytes) { - swap_u_long(req_time_ws); - } - ptr = (char *) pkt_time_ws(pkt) + 4; - - req_life = (*ptr++) & 0xff; - - service = ptr; - str_length_check(service, SNAME_SZ); - instance = ptr + strlen(service) + 1; - str_length_check(instance, INST_SZ); - - rpkt = &rpkt_st; - - klog(L_INI_REQ, - "Initial ticket request Host: %s User: \"%s\" \"%s\"", - inet_ntoa(client_host), req_name_ptr, req_inst_ptr); - - if ((i = check_princ(req_name_ptr, req_inst_ptr, 0, - &a_name_data, &k5key, 0, &ck5life))) { - response = kerb_err_reply(client, pkt, i, "check_princ failed"); - a_name_data.key_low = a_name_data.key_high = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); - return response; - } - /* don't use k5key for client */ - krb5_free_keyblock_contents(kdc_context, &k5key); - tk->length = 0; /* init */ - if (strcmp(service, "krbtgt")) - klog(L_NTGT_INTK, - "INITIAL request from %s.%s for %s.%s", req_name_ptr, - req_inst_ptr, service, instance); - /* this does all the checking */ - if ((i = check_princ(service, instance, lifetime, - &s_name_data, &k5key, 1, &sk5life))) { - response = kerb_err_reply(client, pkt, i, "check_princ failed"); - a_name_data.key_high = a_name_data.key_low = 0; - s_name_data.key_high = s_name_data.key_low = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); - return response; - } - /* Bound requested lifetime with service and user */ - v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life); - v4req_end = min(v4req_end, kerb_time.tv_sec + ck5life); - v4req_end = min(v4req_end, kerb_time.tv_sec + sk5life); - lifetime = krb_time_to_life(kerb_time.tv_sec, v4req_end); - v4endtime = krb_life_to_time(kerb_time.tv_sec, lifetime); - /* - * Adjust issue time backwards if necessary, due to - * roundup in krb_time_to_life(). - */ - if (v4endtime > v4req_end) - request_backdate = v4endtime - v4req_end; - -#ifdef NOENCRYPTION - memset(session_key, 0, sizeof(C_Block)); -#else - /* random session key */ - des_new_random_key(session_key); -#endif - - /* unseal server's key from master key */ - memcpy( key, &s_name_data.key_low, 4); - memcpy( ((krb5_ui_4 *) key) + 1, &s_name_data.key_high, 4); - - s_name_data.key_low = s_name_data.key_high = 0; - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - /* construct and seal the ticket */ - /* We always issue des tickets; the 3des tickets are a broken hack*/ - krb_create_ticket(tk, k_flags, a_name_data.name, - a_name_data.instance, local_realm, - client_host.s_addr, (char *) session_key, - lifetime, kerb_time.tv_sec - request_backdate, - s_name_data.name, s_name_data.instance, - key); - - krb5_free_keyblock_contents(kdc_context, &k5key); - memset(key, 0, sizeof(key)); - memset(key_s, 0, sizeof(key_s)); - - /* - * get the user's key, unseal it from the server's key, and - * use it to seal the cipher - */ - - /* a_name_data.key_low a_name_data.key_high */ - memcpy( key, &a_name_data.key_low, 4); - memcpy( ((krb5_ui_4 *) key) + 1, &a_name_data.key_high, 4); - a_name_data.key_low= a_name_data.key_high = 0; - - /* unseal the a_name key from the master key */ - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - - create_ciph(ciph, session_key, s_name_data.name, - s_name_data.instance, local_realm, lifetime, - s_name_data.key_version, tk, kerb_time.tv_sec, key); - - /* clear session key */ - memset(session_key, 0, sizeof(session_key)); - - memset(key, 0, sizeof(key)); - - - - /* always send a reply packet */ - rpkt = create_auth_reply(req_name_ptr, req_inst_ptr, - req_realm_ptr, req_time_ws, 0, a_name_data.exp_date, - a_name_data.key_version, ciph); - response = make_response((char *) rpkt->dat, rpkt->length); - memset(&a_name_data, 0, sizeof(a_name_data)); - memset(&s_name_data, 0, sizeof(s_name_data)); - break; - } - case AUTH_MSG_APPL_REQUEST: - { - krb5_ui_4 time_ws; /* Workstation time */ - int req_life; /* Requested liftime */ - char *service; /* Service name */ - char *instance; /* Service instance */ - int kerno = 0; /* Kerberos error number */ - unsigned int request_backdate = 0; /*How far to backdate - in seconds.*/ - char tktrlm[REALM_SZ]; - - n_appl_req++; - tk->length = 0; - k_flags = 0; /* various kerberos flags */ - - auth->mbz = 0; /* pkt->mbz already zeroed */ - auth->length = 4 + strlen((char *)pkt->dat + 3); - if (auth->length + 1 >= MAX_KTXT_LEN) { - lt = klog(L_KRB_PERR, - "APPL request with realm length too long from %s", - inet_ntoa(client_host)); - return kerb_err_reply(client, pkt, RD_AP_INCON, - "realm length too long"); - } - - auth->length += (int) *(pkt->dat + auth->length) + - (int) *(pkt->dat + auth->length + 1) + 2; - if (auth->length > MAX_KTXT_LEN) { - lt = klog(L_KRB_PERR, - "APPL request with funky tkt or req_id length from %s", - inet_ntoa(client_host)); - return kerb_err_reply(client, pkt, RD_AP_INCON, - "funky tkt or req_id length"); - } - - memcpy(auth->dat, pkt->dat, auth->length); - - strncpy(tktrlm, (char *)auth->dat + 3, REALM_SZ); - tktrlm[REALM_SZ-1] = '\0'; - kvno = (krb5_kvno)auth->dat[2]; - if ((!allow_v4_crossrealm)&&strcmp(tktrlm, local_realm) != 0) { - lt = klog(L_ERR_UNK, - "Cross realm ticket from %s denied by policy,", tktrlm); - return kerb_err_reply(client, pkt, - KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - if (set_tgtkey(tktrlm, kvno, 0)) { - lt = klog(L_ERR_UNK, - "FAILED set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ - return kerb_err_reply(client, pkt, - KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); - if (kerno) { - if (set_tgtkey(tktrlm, kvno, 1)) { - lt = klog(L_ERR_UNK, - "FAILED 3des set_tgtkey realm %s, kvno %d. Host: %s ", - tktrlm, kvno, inet_ntoa(client_host)); - /* no better error code */ - return kerb_err_reply(client, pkt, - KERB_ERR_PRINCIPAL_UNKNOWN, lt); - } - kerno = krb_rd_req(auth, "krbtgt", tktrlm, client_host.s_addr, - ad, 0); - } - - if (kerno) { - klog(L_ERR_UNK, "FAILED krb_rd_req from %s: %s", - inet_ntoa(client_host), krb_get_err_text(kerno)); - req_name_ptr = req_inst_ptr = req_realm_ptr = ""; - return kerb_err_reply(client, pkt, kerno, "krb_rd_req failed"); - } - ptr = (char *) pkt->dat + auth->length; - - memcpy(&time_ws, ptr, 4); - ptr += 4; - - req_life = (*ptr++) & 0xff; - - service = ptr; - str_length_check(service, SNAME_SZ); - instance = ptr + strlen(service) + 1; - str_length_check(instance, INST_SZ); - - klog(L_APPL_REQ, "APPL Request %s.%s@%s on %s for %s.%s", - ad->pname, ad->pinst, ad->prealm, - inet_ntoa(client_host), service, instance); - req_name_ptr = ad->pname; - req_inst_ptr = ad->pinst; - req_realm_ptr = ad->prealm; - - if (strcmp(ad->prealm, tktrlm)) { - return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, - "Can't hop realms"); - } - if (!strcmp(service, "changepw")) { - return kerb_err_reply(client, pkt, KERB_ERR_PRINCIPAL_UNKNOWN, - "Can't authorize password changed based on TGT"); - } - kerno = check_princ(service, instance, req_life, - &s_name_data, &k5key, 1, &sk5life); - if (kerno) { - response = kerb_err_reply(client, pkt, kerno, - "check_princ failed"); - s_name_data.key_high = s_name_data.key_low = 0; - krb5_free_keyblock_contents(kdc_context, &k5key); - return response; - } - /* Bound requested lifetime with service and user */ - v4endtime = krb_life_to_time((KRB4_32)ad->time_sec, ad->life); - v4req_end = krb_life_to_time(kerb_time.tv_sec, req_life); - v4req_end = min(v4endtime, v4req_end); - v4req_end = min(v4req_end, kerb_time.tv_sec + sk5life); - - lifetime = krb_time_to_life(kerb_time.tv_sec, v4req_end); - v4endtime = krb_life_to_time(kerb_time.tv_sec, lifetime); - /* - * Adjust issue time backwards if necessary, due to - * roundup in krb_time_to_life(). - */ - if (v4endtime > v4req_end) - request_backdate = v4endtime - v4req_end; - - /* unseal server's key from master key */ - memcpy(key, &s_name_data.key_low, 4); - memcpy(((krb5_ui_4 *) key) + 1, &s_name_data.key_high, 4); - s_name_data.key_low = s_name_data.key_high = 0; - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - /* construct and seal the ticket */ - -#ifdef NOENCRYPTION - memset(session_key, 0, sizeof(C_Block)); -#else - /* random session key */ - des_new_random_key(session_key); -#endif - - /* ALways issue des tickets*/ - krb_create_ticket(tk, k_flags, ad->pname, ad->pinst, - ad->prealm, client_host.s_addr, - (char *) session_key, lifetime, - kerb_time.tv_sec - request_backdate, - s_name_data.name, s_name_data.instance, - key); - krb5_free_keyblock_contents(kdc_context, &k5key); - memset(key, 0, sizeof(key)); - memset(key_s, 0, sizeof(key_s)); - - create_ciph(ciph, session_key, service, instance, - local_realm, - lifetime, s_name_data.key_version, tk, - kerb_time.tv_sec, ad->session); - - /* clear session key */ - memset(session_key, 0, sizeof(session_key)); - - memset(ad->session, 0, sizeof(ad->session)); - - rpkt = create_auth_reply(ad->pname, ad->pinst, - ad->prealm, time_ws, - 0, 0, 0, ciph); - response = make_response((char *) rpkt->dat, rpkt->length); - memset(&s_name_data, 0, sizeof(s_name_data)); - break; - } - - -#ifdef notdef_DIE - case AUTH_MSG_DIE: - { - lt = klog(L_DEATH_REQ, - "Host: %s User: \"%s\" \"%s\" Kerberos killed", - inet_ntoa(client_host), req_name_ptr, req_inst_ptr, 0); - exit(0); - } -#endif /* notdef_DIE */ - - default: - { - lt = klog(L_KRB_PERR, - "Unknown message type: %d from %s port %u", - req_msg_type, inet_ntoa(client_host), - ntohs(client->sin_port)); - break; - } - } - return response; -} - - - -/* - * kerb_er_reply creates an error reply packet and sends it to the - * client. - */ - -static krb5_data * -kerb_err_reply(struct sockaddr_in *client, KTEXT pkt, long int err, char *string) -{ - static KTEXT_ST e_pkt_st; - KTEXT e_pkt = &e_pkt_st; - static char e_msg[128]; - - strcpy(e_msg, "\nKerberos error -- "); - strncat(e_msg, string, sizeof(e_msg) - 1 - 19); - cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, - req_time_ws, err, e_msg); - return make_response((char *) e_pkt->dat, e_pkt->length); -} - -static int -check_princ(char *p_name, char *instance, int lifetime, Principal *p, - krb5_keyblock *k5key, int issrv, krb5_deltat *k5life) -{ - static int n; - static int more; - /* long trans; */ - - n = kerb_get_principal(p_name, instance, p, &more, k5key, 0, - issrv, k5life); - klog(L_ALL_REQ, - "Principal: \"%s\", Instance: \"%s\" Lifetime = %d n = %d", - p_name, instance, lifetime, n); - - if (n < 0) { - lt = klog(L_KRB_PERR, "Database unavailable!"); - p->key_high = p->key_low = 0; - hang(); - } - - /* - * if more than one p_name, pick one, randomly create a session key, - * compute maximum lifetime, lookup authorizations if applicable, - * and stuff into cipher. - */ - if (n == 0) { - /* service unknown, log error, skip to next request */ - lt = klog(L_ERR_UNK, "UNKNOWN \"%s\" \"%s\"", p_name, instance); - return KERB_ERR_PRINCIPAL_UNKNOWN; - } - if (more) { - /* not unique, log error */ - lt = klog(L_ERR_NUN, "Principal NOT UNIQUE \"%s\" \"%s\"", - p_name, instance); - return KERB_ERR_PRINCIPAL_NOT_UNIQUE; - } - - /* - * Check our V5 stuff first. - */ - - /* - * Does the principal have REQUIRES_PWCHANGE set? - */ - if (isflagset(p->attributes, V4_KDB_REQUIRES_PWCHANGE)) { - lt = klog(L_ERR_SEXP, "V5 REQUIRES_PWCHANGE set " - "\"%s\" \"%s\"", p_name, instance); - return KERB_ERR_NAME_EXP; - } - - /* - * Does the principal have DISALLOW_ALL_TIX set? - */ - if (isflagset(p->attributes, V4_KDB_DISALLOW_ALL_TIX)) { - lt = klog(L_ERR_SEXP, "V5 DISALLOW_ALL_TIX set: " - "\"%s\" \"%s\"", p_name, instance); - /* Not sure of a better error to return */ - return KERB_ERR_NAME_EXP; - } - - if (isflagset(p->attributes, V4_KDB_DISALLOW_SVR)) { - lt = klog(L_ERR_SEXP, "V5 DISALLOW_SVR set: " - "\"%s\" \"%s\"", p_name, instance); - /* Not sure of a better error to return */ - return KERB_ERR_NAME_EXP; - } - - /* - * Does the principal require preauthentication? - */ - if ((kdc_v4 == KDC_V4_NOPREAUTH) && - isflagset(p->attributes, V4_KDB_REQUIRES_PREAUTH)) { - lt = klog(L_ERR_SEXP, "V5 REQUIRES_PREAUTH set: " - "\"%s\" \"%s\"", p_name, instance); - /* Not sure of a better error to return */ - return KERB_ERR_AUTH_EXP; -/* return KERB_ERR_NAME_EXP;*/ - } - - /* If the user's key is null, we want to return an error */ - if (k5key->contents != NULL && K4KDC_ENCTYPE_OK(k5key->enctype)) { - if ((p->key_low == 0) && (p->key_high == 0)) { - /* User has a null key */ - lt = klog(L_ERR_NKY, "Null key \"%s\" \"%s\"", p_name, instance); - return KERB_ERR_NULL_KEY; - } - } - /* make sure the service hasn't expired */ - if (((u_long) p->exp_date != 0)&& - ((u_long) p->exp_date <(u_long) kerb_time.tv_sec)) { - /* service did expire, log it */ - char timestr[40]; - struct tm *tm; - time_t t = p->exp_date; - - tm = localtime(&t); - if (!strftime(timestr, sizeof(timestr), "%Y-%m-%d %H:%M:%S", tm)) - timestr[0] = '\0'; - lt = klog(L_ERR_SEXP, - "EXPIRED \"%s\" \"%s\" %s", p->name, p->instance, timestr); - return KERB_ERR_NAME_EXP; - } - /* ok is zero */ - return 0; -} - - -/* Set the key for krb_rd_req so we can check tgt */ -static int -set_tgtkey(char *r, krb5_kvno kvno, krb5_boolean use_3des) -{ - int n; - static char lastrealm[REALM_SZ] = ""; - static int last_kvno = 0; - static krb5_boolean last_use_3des = 0; - static int more; - Principal p_st; - Principal *p = &p_st; - C_Block key; - krb5_keyblock k5key; - - k5key.contents = NULL; - if (!strcmp(lastrealm, r) && last_kvno == kvno && last_use_3des == use_3des) - return (KSUCCESS); - -/* log("Getting key for %s", r); */ - - n = kerb_get_principal("krbtgt", r, p, &more, &k5key, kvno, 1, NULL); - if (n == 0) - return (KFAILURE); - - if (isflagset(p->attributes, V4_KDB_DISALLOW_ALL_TIX)) { - lt = klog(L_ERR_SEXP, - "V5 DISALLOW_ALL_TIX set: \"krbtgt\" \"%s\"", r); - krb5_free_keyblock_contents(kdc_context, &k5key); - return KFAILURE; - } - - if (isflagset(p->attributes, V4_KDB_DISALLOW_SVR)) { - lt = klog(L_ERR_SEXP, "V5 DISALLOW_SVR set: \"krbtgt\" \"%s\"", r); - krb5_free_keyblock_contents(kdc_context, &k5key); - return KFAILURE; - } - - if (use_3des&&!K4KDC_ENCTYPE_OK(k5key.enctype)) { - krb_set_key_krb5(kdc_context, &k5key); - strncpy(lastrealm, r, sizeof(lastrealm) - 1); - lastrealm[sizeof(lastrealm) - 1] = '\0'; - last_kvno = kvno; - last_use_3des = use_3des; - } else { - /* unseal tgt key from master key */ - memcpy(key, &p->key_low, 4); - memcpy(((krb5_ui_4 *) key) + 1, &p->key_high, 4); - kdb_encrypt_key(key, key, master_key, - master_key_schedule, DECRYPT); - krb_set_key((char *) key, 0); - strncpy(lastrealm, r, sizeof(lastrealm) - 1); - lastrealm[sizeof(lastrealm) - 1] = '\0'; - last_kvno = kvno; - } - krb5_free_keyblock_contents(kdc_context, &k5key); - return (KSUCCESS); -} - -#else /* KRB5_KRB4_COMPAT */ -#include "k5-int.h" -#endif /* KRB5_KRB4_COMPAT */ diff --git a/src/kdc/krb5kdc.M b/src/kdc/krb5kdc.M index e8758dade3..80e232023e 100644 --- a/src/kdc/krb5kdc.M +++ b/src/kdc/krb5kdc.M @@ -47,9 +47,6 @@ krb5kdc \- Kerberos V5 KDC .B \-r .I realm ] [ -.B \-4 -.I v4mode -] [ .B \-n ] .br @@ -131,23 +128,6 @@ option specifies that the master database password should be fetched from the keyboard rather than from a file on disk. .PP The -.B \-4 -option specifies how the KDC responds to kerberos IV requests for -tickets. The command line option overrides the value in the KDC -profile. The possible values are -.I none, -.I disable, -.I full -or -.I nopreauth. -These instruct the KDC to not respond to V4 packets, to -respond with a version skew error, to issue tickets for all database -entries, and to issue tickets for all but preauthentication required -database entries respectively. The default behaviour is as if -.I none -was specified. -.PP -The .B \-n option specifies that the KDC does not put itself in the background and does not disassociate itself from the terminal. In normal diff --git a/src/kdc/main.c b/src/kdc/main.c index 4af80e559e..7a7413905a 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -1,7 +1,6 @@ /* * kdc/main.c * - * Portions Copyright (C) 2007 Apple Inc. * Copyright 1990,2001,2008 by the Massachusetts Institute of Technology. * * Export of this software from the United States of America may @@ -26,6 +25,33 @@ * * Main procedure body for the KDC server process. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include #include @@ -45,10 +71,6 @@ #include #endif -#ifdef KRB5_KRB4_COMPAT -#include -#endif - #if defined(NEED_DAEMON_PROTO) extern int daemon(int, int); #endif @@ -326,32 +348,18 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, if (!rkey_init_done) { krb5_data seed; -#ifdef KRB5_KRB4_COMPAT - krb5_keyblock temp_key; -#endif /* * If all that worked, then initialize the random key * generators. */ seed.length = rdp->realm_mkey.length; - seed.data = rdp->realm_mkey.contents; + seed.data = (char *)rdp->realm_mkey.contents; if ((kret = krb5_c_random_add_entropy(rdp->realm_context, KRB5_C_RANDSOURCE_TRUSTEDPARTY, &seed))) goto whoops; -#ifdef KRB5_KRB4_COMPAT - if ((kret = krb5_c_make_random_key(rdp->realm_context, - ENCTYPE_DES_CBC_CRC, &temp_key))) { - com_err(progname, kret, - "while initializing V4 random key generator"); - goto whoops; - } - - (void) des_init_random_number_generator(temp_key.contents); - krb5_free_keyblock_contents(rdp->realm_context, &temp_key); -#endif rkey_init_done = 1; } whoops: @@ -421,7 +429,7 @@ setup_sam(void) void usage(char *name) { - fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [-4 v4mode] [-X] [-n]\n" + fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname]\n\t\t[-R replaycachename] [-m] [-k masterenctype] [-M masterkeyname]\n\t\t[-p port] [-n]\n" "\nwhere,\n\t[-x db_args]* - Any number of database specific arguments. Look at\n" "\t\t\teach database module documentation for supported\n\t\t\targuments\n", name); @@ -447,9 +455,6 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) char **db_args = NULL; int db_args_size = 0; -#ifdef KRB5_KRB4_COMPAT - char *v4mode = 0; -#endif extern char *optarg; if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) { @@ -461,11 +466,10 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) hierarchy[1] = "kdc_tcp_ports"; if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_tcp_ports)) default_tcp_ports = 0; -#ifdef KRB5_KRB4_COMPAT - hierarchy[1] = "v4_mode"; - if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &v4mode)) - v4mode = 0; -#endif + hierarchy[1] = "kdc_max_dgram_reply_size"; + if (krb5_aprof_get_int32(aprof, hierarchy, TRUE, &max_dgram_reply_size)) + max_dgram_reply_size = MAX_DGRAM_SIZE; + /* aprof_init can return 0 with aprof == NULL */ if (aprof) krb5_aprof_finish(aprof); @@ -575,17 +579,9 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) #endif break; case '4': -#ifdef KRB5_KRB4_COMPAT - if (v4mode) - free(v4mode); - v4mode = strdup(optarg); -#endif break; case 'X': -#ifdef KRB5_KRB4_COMPAT - enable_v4_crossrealm(argv[0]); -#endif - break; + break; case '?': default: usage(argv[0]); @@ -593,14 +589,6 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) } } -#ifdef KRB5_KRB4_COMPAT - /* - * Setup the v4 mode - */ - process_v4_mode(argv[0], v4mode); - free(v4mode); -#endif - /* * Check to see if we processed any realms. */ diff --git a/src/kdc/network.c b/src/kdc/network.c index 3bad9650c4..98f074cce7 100644 --- a/src/kdc/network.c +++ b/src/kdc/network.c @@ -160,7 +160,7 @@ static const char *paddr (struct sockaddr *sa) if (getnameinfo(sa, socklen(sa), buf, sizeof(buf), portbuf, sizeof(portbuf), NI_NUMERICHOST|NI_NUMERICSERV)) - strcpy(buf, ""); + strlcpy(buf, "", sizeof(buf)); else { unsigned int len = sizeof(buf) - strlen(buf); char *p = buf + strlen(buf); @@ -527,26 +527,28 @@ setup_tcp_listener_ports(struct socksetup *data) /* Sockets are created, prepare to listen on them. */ if (s4 >= 0) { - FD_SET(s4, &sstate.rfds); - if (s4 >= sstate.max) - sstate.max = s4 + 1; if (add_tcp_listener_fd(data, s4) == 0) close(s4); - else + else { + FD_SET(s4, &sstate.rfds); + if (s4 >= sstate.max) + sstate.max = s4 + 1; krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", s4, paddr((struct sockaddr *)&sin4)); + } } #ifdef KRB5_USE_INET6 if (s6 >= 0) { - FD_SET(s6, &sstate.rfds); - if (s6 >= sstate.max) - sstate.max = s6 + 1; if (add_tcp_listener_fd(data, s6) == 0) { close(s6); s6 = -1; - } else + } else { + FD_SET(s6, &sstate.rfds); + if (s6 >= sstate.max) + sstate.max = s6 + 1; krb5_klog_syslog(LOG_INFO, "listening on fd %d: tcp %s", s6, paddr((struct sockaddr *)&sin6)); + } if (s4 < 0) krb5_klog_syslog(LOG_INFO, "assuming IPv6 socket accepts IPv4"); @@ -665,9 +667,6 @@ setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, return 1; } } - FD_SET (sock, &sstate.rfds); - if (sock >= sstate.max) - sstate.max = sock + 1; krb5_klog_syslog (LOG_INFO, "listening on fd %d: udp %s%s", sock, paddr((struct sockaddr *)addr), pktinfo ? " (pktinfo)" : ""); @@ -675,6 +674,9 @@ setup_udp_port_1(struct socksetup *data, struct sockaddr *addr, close(sock); return 1; } + FD_SET (sock, &sstate.rfds); + if (sock >= sstate.max) + sstate.max = sock + 1; } return 0; } @@ -695,7 +697,7 @@ setup_udp_port(void *P_data, struct sockaddr *addr) err = getnameinfo(addr, socklen(addr), haddrbuf, sizeof(haddrbuf), 0, 0, NI_NUMERICHOST); if (err) - strcpy(haddrbuf, ""); + strlcpy(haddrbuf, "", sizeof(haddrbuf)); switch (addr->sa_family) { case AF_INET: @@ -1154,6 +1156,38 @@ send_to_from(int s, void *buf, size_t len, int flags, #endif } +static krb5_error_code +make_too_big_error (krb5_data **out) +{ + krb5_error errpkt; + krb5_error_code retval; + krb5_data *scratch; + + memset(&errpkt, 0, sizeof(errpkt)); + + retval = krb5_us_timeofday(kdc_context, &errpkt.stime, &errpkt.susec); + if (retval) + return retval; + errpkt.error = KRB_ERR_RESPONSE_TOO_BIG; + errpkt.server = tgs_server; + errpkt.client = NULL; + errpkt.text.length = 0; + errpkt.text.data = 0; + errpkt.e_data.length = 0; + errpkt.e_data.data = 0; + scratch = malloc(sizeof(*scratch)); + if (scratch == NULL) + return ENOMEM; + retval = krb5_mk_error(kdc_context, &errpkt, scratch); + if (retval) { + free(scratch); + return retval; + } + + *out = scratch; + return 0; +} + static void process_packet(struct connection *conn, const char *prog, int selflags) { @@ -1192,7 +1226,7 @@ static void process_packet(struct connection *conn, const char *prog, char addrbuf[100]; if (getnameinfo(ss2sa(&daddr), daddr_len, addrbuf, sizeof(addrbuf), 0, 0, NI_NUMERICHOST)) - strcpy(addrbuf, "?"); + strlcpy(addrbuf, "?", sizeof(addrbuf)); com_err(prog, 0, "pktinfo says local addr is %s", addrbuf); } #endif @@ -1208,6 +1242,16 @@ static void process_packet(struct connection *conn, const char *prog, } if (response == NULL) return; + if (response->length > max_dgram_reply_size) { + krb5_free_data(kdc_context, response); + retval = make_too_big_error(&response); + if (retval) { + krb5_klog_syslog(LOG_ERR, + "error constructing KRB_ERR_RESPONSE_TOO_BIG error: %s", + error_message(retval)); + return; + } + } cc = send_to_from(port_fd, response->data, (socklen_t) response->length, 0, (struct sockaddr *)&saddr, saddr_len, (struct sockaddr *)&daddr, daddr_len); @@ -1216,7 +1260,7 @@ static void process_packet(struct connection *conn, const char *prog, krb5_free_data(kdc_context, response); if (inet_ntop(((struct sockaddr *)&saddr)->sa_family, addr.contents, addrbuf, sizeof(addrbuf)) == 0) { - strcpy(addrbuf, "?"); + strlcpy(addrbuf, "?", sizeof(addrbuf)); } com_err(prog, errno, "while sending reply to %s/%d", addrbuf, faddr.port); @@ -1269,7 +1313,7 @@ static void accept_tcp_connection(struct connection *conn, const char *prog, newconn->u.tcp.addrbuf, sizeof(newconn->u.tcp.addrbuf), tmpbuf, sizeof(tmpbuf), NI_NUMERICHOST | NI_NUMERICSERV)) - strcpy(newconn->u.tcp.addrbuf, "???"); + strlcpy(newconn->u.tcp.addrbuf, "???", sizeof(newconn->u.tcp.addrbuf)); else { char *p, *end; p = newconn->u.tcp.addrbuf; @@ -1277,7 +1321,7 @@ static void accept_tcp_connection(struct connection *conn, const char *prog, p += strlen(p); if (end - p > 2 + strlen(tmpbuf)) { *p++ = '.'; - strcpy(p, tmpbuf); + strlcpy(p, tmpbuf, end - p); } } #if 0 @@ -1554,7 +1598,13 @@ listen_and_process(const char *prog) while (!signal_requests_exit) { if (signal_requests_hup) { + int k; + krb5_klog_reopen(kdc_context); + for (k = 0; k < kdc_numrealms; k++) + krb5_db_invoke(kdc_realmlist[k]->realm_context, + KRB5_KDB_METHOD_REFRESH_POLICY, + NULL, NULL); signal_requests_hup = 0; } diff --git a/src/kdc/policy.c b/src/kdc/policy.c index 8c0b692724..58b26f73d0 100644 --- a/src/kdc/policy.c +++ b/src/kdc/policy.c @@ -25,15 +25,49 @@ * * Policy decision routines for KDC. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include "kdc_util.h" +#include "extern.h" int against_local_policy_as(register krb5_kdc_req *request, krb5_db_entry client, krb5_db_entry server, krb5_timestamp kdc_time, const char **status) { + krb5_error_code code; + kdb_check_policy_as_req req; + kdb_check_policy_as_rep rep; + krb5_data req_data; + krb5_data rep_data; + #if 0 /* An AS request must include the addresses field */ if (request->addresses == 0) { @@ -41,8 +75,37 @@ against_local_policy_as(register krb5_kdc_req *request, krb5_db_entry client, return KRB5KDC_ERR_POLICY; } #endif - - return 0; /* not against policy */ + + memset(&req, 0, sizeof(req)); + memset(&rep, 0, sizeof(rep)); + + req.request = request; + req.client = &client; + req.server = &server; + req.kdc_time = kdc_time; + + req_data.data = (void *)&req; + req_data.length = sizeof(req); + + rep_data.data = (void *)&rep; + rep_data.length = sizeof(rep); + + code = krb5_db_invoke(kdc_context, + KRB5_KDB_METHOD_CHECK_POLICY_AS, + &req_data, + &rep_data); + if (code == KRB5_KDB_DBTYPE_NOSUP) + return 0; + + *status = rep.status; + + if (code != 0) { + code -= ERROR_TABLE_BASE_krb5; + if (code < 0 || code > 128) + code = KRB_ERR_GENERIC; + } + + return code; } /* @@ -52,6 +115,12 @@ krb5_error_code against_local_policy_tgs(register krb5_kdc_req *request, krb5_db_entry server, krb5_ticket *ticket, const char **status) { + krb5_error_code code; + kdb_check_policy_tgs_req req; + kdb_check_policy_tgs_rep rep; + krb5_data req_data; + krb5_data rep_data; + #if 0 /* * For example, if your site wants to disallow ticket forwarding, @@ -63,13 +132,35 @@ against_local_policy_tgs(register krb5_kdc_req *request, krb5_db_entry server, return KRB5KDC_ERR_POLICY; } #endif - - return 0; /* not against policy */ -} + memset(&req, 0, sizeof(req)); + memset(&rep, 0, sizeof(rep)); + + req.request = request; + req.server = &server; + req.ticket = ticket; + req_data.data = (void *)&req; + req_data.length = sizeof(req); + rep_data.data = (void *)&rep; + rep_data.length = sizeof(rep); + code = krb5_db_invoke(kdc_context, + KRB5_KDB_METHOD_CHECK_POLICY_TGS, + &req_data, + &rep_data); + if (code == KRB5_KDB_DBTYPE_NOSUP) + return 0; + *status = rep.status; + if (code != 0) { + code -= ERROR_TABLE_BASE_krb5; + if (code < 0 || code > 128) + code = KRB_ERR_GENERIC; + } + + return code; +} diff --git a/src/kim/agent/mac/AuthenticationController.h b/src/kim/agent/mac/AuthenticationController.h index 3d382c117b..ba0b21223d 100644 --- a/src/kim/agent/mac/AuthenticationController.h +++ b/src/kim/agent/mac/AuthenticationController.h @@ -65,6 +65,7 @@ IBOutlet NSWindow *ticketOptionsSheet; IBOutlet NSObjectController *ticketOptionsController; + BOOL visibleAsSheet; IBOutlet NSSlider *validLifetimeSlider; IBOutlet NSSlider *renewableLifetimeSlider; @@ -79,12 +80,12 @@ - (void) setContent: (NSMutableDictionary *) newContent; -- (void) showEnterIdentity; -- (void) showAuthPrompt; -- (void) showEnterPassword; -- (void) showSAM; -- (void) showChangePassword; -- (void) showError; +- (void) showEnterIdentity: (NSWindow *) parentWindow; +- (void) showAuthPrompt: (NSWindow *) parentWindow; +- (void) showEnterPassword: (NSWindow *) parentWindow; +- (void) showSAM: (NSWindow *) parentWindow; +- (void) showChangePassword: (NSWindow *) parentWindow; +- (void) showError: (NSWindow *) parentWindow; - (IBAction) cancel: (id) sender; - (IBAction) enterIdentity: (id) sender; @@ -92,18 +93,28 @@ - (IBAction) changePassword: (id) sender; - (IBAction) showedError: (id) sender; +- (IBAction) checkboxDidChange: (id) sender; - (IBAction) sliderDidChange: (id) sender; - (IBAction) showTicketOptions: (id) sender; - (IBAction) cancelTicketOptions: (id) sender; - (IBAction) saveTicketOptions: (id) sender; -- (void) sheetDidEnd: (NSWindow *) sheet +- (IBAction) cancelAuthSheet: (id) sender; + +- (void) authSheetDidEnd: (NSWindow *) sheet + returnCode: (int) returnCode + contextInfo: (void *) contextInfo; +- (void) ticketOptionsSheetDidEnd: (NSWindow *) sheet returnCode: (int) returnCode contextInfo: (void *) contextInfo; - (IBAction) changePasswordGearAction: (id) sender; - (void) swapView: (NSView *) aView; +- (void) showSpinny; +- (void) hideSpinny; +- (void) clearSensitiveInputs; +- (void) clearAllInputs; @end diff --git a/src/kim/agent/mac/AuthenticationController.m b/src/kim/agent/mac/AuthenticationController.m index 1b91175946..5a9c8b6f19 100644 --- a/src/kim/agent/mac/AuthenticationController.m +++ b/src/kim/agent/mac/AuthenticationController.m @@ -75,7 +75,9 @@ { [[self window] center]; // We need to float over the loginwindow and SecurityAgent so use its hardcoded level. - [[self window] setLevel:NSScreenSaverWindowLevel]; + [[self window] setLevel:NSModalPanelWindowLevel]; + + visibleAsSheet = NO; lifetimeFormatter.displaySeconds = NO; lifetimeFormatter.displayShortFormat = NO; @@ -136,6 +138,9 @@ [glueController setValue:[NSNumber numberWithBool:valid] forKeyPath:change_password_ok_keypath]; } + else { + [super observeValueForKeyPath:keyPath ofObject:object change:change context:context]; + } } else { [super observeValueForKeyPath:keyPath ofObject:object change:change context:context]; @@ -148,13 +153,97 @@ [super showWindow:sender]; } +- (void) showWithParent: (NSWindow *) parentWindow +{ + // attach as sheet if given a parentWindow + if (parentWindow && !visibleAsSheet) { + [NSApp beginSheet:[self window] + modalForWindow:parentWindow + modalDelegate:self + didEndSelector:@selector(authSheetDidEnd:returnCode:contextInfo:) + contextInfo:NULL]; + } + // else, display as normal + else { + [self showWindow:nil]; + } +} + +- (void) windowWillBeginSheet: (NSNotification *) notification +{ + visibleAsSheet = YES; +} + +- (void) windowDidEndSheet: (NSNotification *) notification +{ + visibleAsSheet = NO; +} + - (void) setContent: (NSMutableDictionary *) newContent { [self window]; // wake up the nib connections [glueController setContent:newContent]; } -- (void) showEnterIdentity +- (void) swapView: (NSView *) aView +{ + NSWindow *theWindow = [self window]; + NSRect windowFrame; + NSRect viewFrame; + + [[containerView subviews] makeObjectsPerformSelector:@selector(removeFromSuperview)]; + + windowFrame = [theWindow frame]; + viewFrame = [theWindow frameRectForContentRect:[aView frame]]; + windowFrame.origin.y -= viewFrame.size.height - windowFrame.size.height; + + windowFrame.size.width = viewFrame.size.width; + windowFrame.size.height = viewFrame.size.height; + + [theWindow setFrame:windowFrame display:YES animate:YES]; + + [containerView addSubview:aView]; + +} + +- (void) showSpinny +{ + [enterSpinny startAnimation: nil]; + [passwordSpinny startAnimation: nil]; + [samSpinny startAnimation: nil]; + [changePasswordSpinny startAnimation: nil]; + [glueController setValue:[NSNumber numberWithBool:NO] + forKeyPath:accepting_input_keypath]; +} + +- (void) hideSpinny +{ + [enterSpinny stopAnimation: nil]; + [passwordSpinny stopAnimation: nil]; + [samSpinny stopAnimation: nil]; + [changePasswordSpinny stopAnimation: nil]; + [glueController setValue:[NSNumber numberWithBool:YES] + forKeyPath:accepting_input_keypath]; +} + +- (void) clearSensitiveInputs +{ + [glueController setValue:@"" + forKeyPath:prompt_response_keypath]; +} + +- (void) clearAllInputs +{ + [glueController setValue:@"" + forKeyPath:old_password_keypath]; + [glueController setValue:@"" + forKeyPath:new_password_keypath]; + [glueController setValue:@"" + forKeyPath:verify_password_keypath]; + [self clearSensitiveInputs]; +} + +- (void) showEnterIdentity: (NSWindow *) parentWindow { kim_error err = KIM_NO_ERROR; NSWindow *theWindow = [self window]; @@ -218,32 +307,34 @@ [glueController setValue:message forKeyPath:message_keypath]; - [enterSpinny stopAnimation:nil]; + [self hideSpinny]; + [self clearAllInputs]; [self swapView:identityView]; [theWindow makeFirstResponder:identityField]; - [[self window] makeKeyAndOrderFront:nil]; + [self showWithParent: parentWindow]; } -- (void) showAuthPrompt +- (void) showAuthPrompt: (NSWindow *) parentWindow { uint32_t type = [[glueController valueForKeyPath:@"content.prompt_type"] unsignedIntegerValue]; - [passwordSpinny stopAnimation:nil]; - [samSpinny stopAnimation:nil]; + [self hideSpinny]; + + [self clearSensitiveInputs]; switch (type) { case kim_prompt_type_password : - [self showEnterPassword]; break; + [self showEnterPassword: parentWindow]; break; case kim_prompt_type_preauth : default : - [self showSAM]; break; + [self showSAM: parentWindow]; break; } } -- (void) showEnterPassword +- (void) showEnterPassword: (NSWindow *) parentWindow { CGFloat shrinkBy; NSRect frame; @@ -283,31 +374,10 @@ [self swapView:passwordView]; [theWindow makeFirstResponder:passwordField]; - [self showWindow:nil]; -} - -- (void) swapView: (NSView *) aView -{ - NSWindow *theWindow = [self window]; - NSRect windowFrame; - NSRect viewFrame; - - [[containerView subviews] makeObjectsPerformSelector:@selector(removeFromSuperview)]; - - windowFrame = [theWindow frame]; - viewFrame = [theWindow frameRectForContentRect:[aView frame]]; - windowFrame.origin.y -= viewFrame.size.height - windowFrame.size.height; - - windowFrame.size.width = viewFrame.size.width; - windowFrame.size.height = viewFrame.size.height; - - [theWindow setFrame:windowFrame display:YES animate:YES]; - - [containerView addSubview:aView]; - + [self showWithParent:parentWindow]; } -- (void) showSAM +- (void) showSAM: (NSWindow *) parentWindow { // set badge [samBadge setBadgePath:associatedClient.path]; @@ -317,11 +387,11 @@ [self swapView:samView]; - [self showWindow:nil]; [[self window] makeFirstResponder:samPromptField]; + [self showWithParent:parentWindow]; } -- (void) showChangePassword +- (void) showChangePassword: (NSWindow *) parentWindow { NSString *key = ([glueController valueForKeyPath:password_expired_keypath]) ? ACAppPrincReqKey : ACPrincReqKey; NSString *message = [NSString stringWithFormat: @@ -358,24 +428,43 @@ // set badge [changePasswordBadge setBadgePath:associatedClient.path]; - [changePasswordSpinny stopAnimation:nil]; + [self hideSpinny]; - [self swapView:changePasswordView]; + if (![[self window] isVisible]) { + [self clearAllInputs]; + } - [self showWindow:nil]; + [self swapView:changePasswordView]; + + [self showWithParent:parentWindow]; + [theWindow makeFirstResponder:oldPasswordField]; } -- (void) showError +- (void) showError: (NSWindow *) parentWindow { // wake up the nib connections and adjust window size [self window]; // set badge [errorBadge setBadgePath:associatedClient.path]; + [self hideSpinny]; [self swapView:errorView]; - [self showWindow:nil]; + [self showWithParent:parentWindow]; +} + +- (IBAction) checkboxDidChange: (id) sender +{ + if ([[ticketOptionsController valueForKeyPath:uses_default_options_keypath] boolValue]) { + // merge defaults onto current options + NSMutableDictionary *currentOptions = [ticketOptionsController content]; + NSDictionary *defaultOptions = [KIMUtilities dictionaryForKimOptions:NULL]; + [currentOptions addEntriesFromDictionary:defaultOptions]; + // update the sliders, since their values aren't bound + [validLifetimeSlider setDoubleValue:[[ticketOptionsController valueForKeyPath:valid_lifetime_keypath] doubleValue]]; + [renewableLifetimeSlider setDoubleValue:[[ticketOptionsController valueForKeyPath:renewal_lifetime_keypath] doubleValue]]; + } } - (IBAction) sliderDidChange: (id) sender @@ -412,13 +501,12 @@ options = [favoriteOptions objectForKey:expandedString]; } - // else fallback to options passed from client - // use a copy of the current options + // else, it's not a favorite identity. use default options if (!options) { - options = [[[glueController valueForKeyPath:options_keypath] mutableCopy] autorelease]; + options = [KIMUtilities dictionaryForKimOptions:KIM_OPTIONS_DEFAULT]; } - [ticketOptionsController setContent:options]; + [ticketOptionsController setContent:[[options mutableCopy] autorelease]]; [ticketOptionsController setValue:[NSNumber numberWithInteger:[KIMUtilities minValidLifetime]] forKeyPath:min_valid_keypath]; @@ -439,7 +527,7 @@ [NSApp beginSheet:ticketOptionsSheet modalForWindow:[self window] modalDelegate:self - didEndSelector:@selector(sheetDidEnd:returnCode:contextInfo:) + didEndSelector:@selector(ticketOptionsSheetDidEnd:returnCode:contextInfo:) contextInfo:NULL]; } @@ -453,9 +541,22 @@ [NSApp endSheet:ticketOptionsSheet]; } -- (void) sheetDidEnd: (NSWindow *) sheet - returnCode: (int) returnCode - contextInfo: (void *) contextInfo +- (IBAction) cancelAuthSheet: (id) sender +{ + [NSApp endSheet:[self window]]; +} + +- (void) authSheetDidEnd: (NSWindow *) sheet + returnCode: (int) returnCode + contextInfo: (void *) contextInfo +{ + [sheet orderOut:nil]; +} + + +- (void) ticketOptionsSheetDidEnd: (NSWindow *) sheet + returnCode: (int) returnCode + contextInfo: (void *) contextInfo { if (returnCode == NSUserCancelledError) { // discard new options @@ -487,12 +588,11 @@ } if (!identity) { err = KIM_BAD_PRINCIPAL_STRING_ERR; } - if (!options) { err = KIM_BAD_OPTIONS_ERR; } - if (!err && identity) { + if (!err) { err = kim_preferences_remove_favorite_identity(prefs, identity); } - if (!err && identity && options) { + if (!err) { err = kim_preferences_add_favorite_identity(prefs, identity, options); } if (!err) { @@ -515,7 +615,7 @@ options = [glueController valueForKeyPath:options_keypath]; } - [enterSpinny startAnimation:nil]; + [self showSpinny]; // the principal must already be valid to get this far [associatedClient didEnterIdentity:expandedString options:options wantsChangePassword:YES]; @@ -523,6 +623,7 @@ - (IBAction) cancel: (id) sender { + [NSApp endSheet:[self window]]; [associatedClient didCancel]; } @@ -535,7 +636,7 @@ options = [glueController valueForKeyPath:options_keypath]; } - [enterSpinny startAnimation:nil]; + [self showSpinny]; // the principal must already be valid to get this far [associatedClient didEnterIdentity:expandedString options:options wantsChangePassword:NO]; @@ -549,8 +650,8 @@ if (!saveResponse) { saveResponse = [NSNumber numberWithBool:NO]; } - [passwordSpinny startAnimation:nil]; - [samSpinny startAnimation:nil]; + + [self showSpinny]; [associatedClient didPromptForAuth:responseString saveResponse:saveResponse]; } @@ -561,11 +662,12 @@ NSString *newString = [glueController valueForKeyPath:new_password_keypath]; NSString *verifyString = [glueController valueForKeyPath:verify_password_keypath]; - [changePasswordSpinny startAnimation:nil]; + [self showSpinny]; [associatedClient didChangePassword:oldString newPassword:newString verifyPassword:verifyString]; + [NSApp endSheet:[self window]]; } - (IBAction) showedError: (id) sender diff --git a/src/kim/agent/mac/IPCClient.h b/src/kim/agent/mac/IPCClient.h index 361c4283aa..0bea6000b1 100644 --- a/src/kim/agent/mac/IPCClient.h +++ b/src/kim/agent/mac/IPCClient.h @@ -28,6 +28,7 @@ @class SelectIdentityController; @class AuthenticationController; +@class Identities; @interface IPCClient : NSObject { mach_port_t port; @@ -49,6 +50,7 @@ @property (readonly, retain) AuthenticationController *authController; - (void) cleanup; +- (void) saveIdentityToFavoritesIfSuccessful; - (kim_error) selectIdentity: (NSDictionary *) info; - (kim_error) enterIdentity: (NSDictionary *) info; diff --git a/src/kim/agent/mac/IPCClient.m b/src/kim/agent/mac/IPCClient.m index c271740a75..d4ac8a699a 100644 --- a/src/kim/agent/mac/IPCClient.m +++ b/src/kim/agent/mac/IPCClient.m @@ -27,6 +27,7 @@ #import "SelectIdentityController.h" #import "AuthenticationController.h" #import "KerberosAgentListener.h" +#import "Identities.h" enum krb_agent_client_state { ipc_client_state_idle, @@ -71,19 +72,67 @@ enum krb_agent_client_state { { self = [super init]; if (self != nil) { + kim_error err = KIM_NO_ERROR; + kim_preferences prefs = NULL; + kim_identity identity = NULL; + kim_string identity_string = NULL; + self.state = ipc_client_state_init; self.selectController = [[[SelectIdentityController alloc] init] autorelease]; self.authController = [[[AuthenticationController alloc] init] autorelease]; self.selectController.associatedClient = self; self.authController.associatedClient = self; + self.currentInfo = [NSMutableDictionary dictionary]; + + // pre-populate the identity_string if there's a default identity + err = kim_preferences_create(&prefs); + if (!err && prefs) { + err = kim_preferences_get_client_identity(prefs, &identity); + } + if (!err && identity) { + err = kim_identity_get_display_string(identity, &identity_string); + } + if (!err && identity_string) { + [self.currentInfo setObject:[NSString stringWithUTF8String:identity_string] + forKey:@"identity_string"]; + } + + kim_string_free(&identity_string); + kim_identity_free(&identity); + kim_preferences_free(&prefs); } return self; } - (void) cleanup { + if (![[self.selectController window] isVisible]) { + [self saveIdentityToFavoritesIfSuccessful]; + } [self.selectController close]; [self.authController close]; + self.selectController = nil; + self.authController = nil; + self.currentInfo = nil; +} + +- (void) saveIdentityToFavoritesIfSuccessful +{ + NSString *identityString = [self.currentInfo valueForKeyPath:@"identity_string"]; + NSDictionary *options = [self.currentInfo valueForKeyPath:@"options"]; + + Identities *identities = [[Identities alloc] init]; + Identity *theIdentity = [[Identity alloc] initWithIdentity:identityString + options:options]; + for (Identity *anIdentity in [identities identities]) { + if ([anIdentity isEqual:theIdentity]) { + if (!anIdentity.favorite) { + anIdentity.favorite = YES; + [identities synchronizePreferences]; + } + break; + } + } } - (void) didCancel @@ -104,14 +153,24 @@ enum krb_agent_client_state { else if (self.state == ipc_client_state_change_password) { [KerberosAgentListener didChangePassword:self.currentInfo error:err]; } - self.state = ipc_client_state_idle; + + if ([[self.selectController window] isVisible]) { + self.state = ipc_client_state_select; + } + else { + self.state = ipc_client_state_idle; + } } - (kim_error) selectIdentity: (NSDictionary *) info { - self.currentInfo = [[info mutableCopy] autorelease]; + [self.currentInfo addEntriesFromDictionary:info]; self.state = ipc_client_state_select; + if ([[self.authController window] isVisible]) { + [self.authController cancelAuthSheet:nil]; + } + [self.selectController setContent:self.currentInfo]; [self.selectController showWindow:nil]; @@ -137,17 +196,25 @@ enum krb_agent_client_state { [KerberosAgentListener didSelectIdentity:self.currentInfo error:0]; // clean up state - self.currentInfo = nil; - self.state = ipc_client_state_idle; + if (!wantsChangePassword) { + self.state = ipc_client_state_idle; + } } - (kim_error) enterIdentity: (NSDictionary *) info { - self.currentInfo = [[info mutableCopy] autorelease]; + NSWindow *parentWindow = nil; + + [self.currentInfo addEntriesFromDictionary:info]; + + if ([[self.selectController window] isVisible]) { + parentWindow = [selectController window]; + } + self.state = ipc_client_state_enter; [self.authController setContent:self.currentInfo]; - [self.authController showEnterIdentity]; + [self.authController showEnterIdentity:parentWindow]; return 0; } @@ -160,15 +227,29 @@ enum krb_agent_client_state { [self.currentInfo setObject:options forKey:@"options"]; [self.currentInfo setObject:[NSNumber numberWithBool:wantsChangePassword] forKey:@"wants_change_password"]; [KerberosAgentListener didEnterIdentity:self.currentInfo error:0]; + + if ([[self.selectController window] isVisible]) { + self.state = ipc_client_state_select; + } + else { + self.state = ipc_client_state_idle; + } } - (kim_error) promptForAuth: (NSDictionary *) info { - self.currentInfo = [[info mutableCopy] autorelease]; + NSWindow *parentWindow = nil; + + [self.currentInfo addEntriesFromDictionary:info]; + + if ([[self.selectController window] isVisible]) { + parentWindow = [selectController window]; + } + self.state = ipc_client_state_auth_prompt; [self.authController setContent:self.currentInfo]; - [self.authController showAuthPrompt]; + [self.authController showAuthPrompt:parentWindow]; return 0; } @@ -178,15 +259,29 @@ enum krb_agent_client_state { [self.currentInfo setObject:responseString forKey:@"prompt_response"]; [self.currentInfo setObject:saveResponse forKey:@"save_response"]; [KerberosAgentListener didPromptForAuth:self.currentInfo error:0]; + + if ([[self.selectController window] isVisible]) { + self.state = ipc_client_state_select; + } + else { + self.state = ipc_client_state_idle; + } } - (kim_error) changePassword: (NSDictionary *) info { - self.currentInfo = [[info mutableCopy] autorelease]; + NSWindow *parentWindow = nil; + + [self.currentInfo addEntriesFromDictionary:info]; + + if ([[self.selectController window] isVisible]) { + parentWindow = [selectController window]; + } + self.state = ipc_client_state_change_password; [self.authController setContent:self.currentInfo]; - [self.authController showChangePassword]; + [self.authController showChangePassword:parentWindow]; return 0; } @@ -198,23 +293,45 @@ enum krb_agent_client_state { [self.currentInfo setObject:oldPassword forKey:@"old_password"]; [self.currentInfo setObject:newPassword forKey:@"new_password"]; [self.currentInfo setObject:verifyPassword forKey:@"verify_password"]; + + if ([[self.selectController window] isVisible]) { + self.state = ipc_client_state_select; + } + else { + self.state = ipc_client_state_idle; + } + [KerberosAgentListener didChangePassword:self.currentInfo error:0]; } - (kim_error) handleError: (NSDictionary *) info { - self.currentInfo = [[info mutableCopy] autorelease]; + NSWindow *parentWindow = nil; + + [self.currentInfo addEntriesFromDictionary:info]; + + if ([[self.selectController window] isVisible]) { + parentWindow = [selectController window]; + } + self.state = ipc_client_state_handle_error; [self.authController setContent:self.currentInfo]; - [self.authController showError]; + [self.authController showError:parentWindow]; return 0; } - (void) didHandleError { + if ([[self.selectController window] isVisible]) { + self.state = ipc_client_state_select; + } + else { + self.state = ipc_client_state_idle; + } + [KerberosAgentListener didHandleError:self.currentInfo error:0]; } diff --git a/src/kim/agent/mac/Identities.m b/src/kim/agent/mac/Identities.m index ae9cea86b0..1fa7e6ef4e 100644 --- a/src/kim/agent/mac/Identities.m +++ b/src/kim/agent/mac/Identities.m @@ -48,41 +48,7 @@ { NSMutableSet *result = [[super keyPathsForValuesAffectingValueForKey:key] mutableCopy]; NSSet *otherKeys = nil; - -// if ([key isEqualToString:@"principalString"]) { -// otherKeys = [NSSet setWithObjects:@"kimIdentity", nil]; -// } -// else if ([key isEqualToString:@"expirationDate"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", @"state", @"expirationTime", nil]; -// } -// else if ([key isEqualToString:@"expirationString"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", @"state", @"expirationTime", nil]; -// } -// else if ([key isEqualToString:@"isProxiable"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", nil]; -// } -// else if ([key isEqualToString:@"isForwardable"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", nil]; -// } -// else if ([key isEqualToString:@"isAddressless"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", nil]; -// } -// else if ([key isEqualToString:@"isRenewable"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", nil]; -// } -// else if ([key isEqualToString:@"validLifetime"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", nil]; -// } -// else if ([key isEqualToString:@"renewableLifetime"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", nil]; -// } -// else if ([key isEqualToString:@"validLifetimeString"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", @"validLifetime", nil]; -// } -// else if ([key isEqualToString:@"renewableLifetimeString"]) { -// otherKeys = [NSSet setWithObjects:@"kimOptions", @"renewableLifetime", nil]; -// } - + [result unionSet:otherKeys]; return [result autorelease]; @@ -511,7 +477,7 @@ } //NSLog(@"waited %@", [[NSThread currentThread] description]); - [(Identities *) [connection rootProxy] update]; + [(Identities *) [connection rootProxy] reload]; sleep (1); } diff --git a/src/kim/agent/mac/KIMUtilities.h b/src/kim/agent/mac/KIMUtilities.h index b3b201456a..6575ca7124 100644 --- a/src/kim/agent/mac/KIMUtilities.h +++ b/src/kim/agent/mac/KIMUtilities.h @@ -53,6 +53,7 @@ #define options_keypath @"content.options" +#define uses_default_options_keypath @"content.usesDefaultTicketOptions" #define valid_lifetime_keypath @"content.valid_lifetime" #define renewal_lifetime_keypath @"content.renewal_lifetime" #define renewable_keypath @"content.renewable" @@ -65,6 +66,7 @@ #define max_renewable_keypath @"content.maxRenewableLifetime" #define wants_change_password_keypath @"content.wants_change_password" +#define accepting_input_keypath @"content.acceptingInput" #define ACKVOContext @"authenticationController" diff --git a/src/kim/agent/mac/KIMUtilities.m b/src/kim/agent/mac/KIMUtilities.m index 34ff38e7f6..320ccdd8e3 100644 --- a/src/kim/agent/mac/KIMUtilities.m +++ b/src/kim/agent/mac/KIMUtilities.m @@ -109,6 +109,7 @@ + (NSDictionary *) dictionaryForKimOptions: (kim_options) options { kim_error err = KIM_NO_ERROR; + kim_preferences prefs = NULL; NSMutableDictionary *newDict = [NSMutableDictionary dictionaryWithCapacity:8]; kim_boolean addressless = FALSE; kim_boolean forwardable = FALSE; @@ -119,6 +120,15 @@ kim_string service_name = NULL; kim_time start_time = 0; + if (options == KIM_OPTIONS_DEFAULT) { + [newDict setObject:[NSNumber numberWithBool:YES] + forKey:@"usesDefaultTicketOptions"]; + err = kim_preferences_create(&prefs); + if (!err) { + err = kim_preferences_get_options(prefs, &options); + } + } + if (!err) { err = kim_options_get_addressless(options, &addressless); } @@ -177,6 +187,12 @@ forKey:@"start_time"]; } + // only free options if it was allocated by this method + if (prefs) { + kim_options_free(&options); + kim_preferences_free(&prefs); + } + return newDict; } @@ -184,15 +200,28 @@ { kim_error err = KIM_NO_ERROR; kim_options options = NULL; - kim_boolean addressless = [[aDict valueForKey:@"addressless"] boolValue]; - kim_boolean forwardable = [[aDict valueForKey:@"forwardable"] boolValue]; - kim_boolean proxiable = [[aDict valueForKey:@"proxiable"] boolValue]; - kim_boolean renewable = [[aDict valueForKey:@"renewable"] boolValue]; - kim_lifetime valid_lifetime = [[aDict valueForKey:@"valid_lifetime"] integerValue]; - kim_lifetime renewal_lifetime = [[aDict valueForKey:@"renewal_lifetime"] integerValue]; - kim_string service_name = ([[aDict valueForKey:@"service_name"] length] > 0) ? - [[aDict valueForKey:@"service_name"] UTF8String] : NULL; - kim_time start_time = [[aDict valueForKey:@"start_time"] integerValue]; + kim_boolean addressless; + kim_boolean forwardable; + kim_boolean proxiable; + kim_boolean renewable; + kim_lifetime valid_lifetime; + kim_lifetime renewal_lifetime; + kim_string service_name; + kim_time start_time; + + if (!aDict || [[aDict objectForKey:@"usesDefaultTicketOptions"] boolValue]) { + return KIM_OPTIONS_DEFAULT; + } + + addressless = [[aDict valueForKey:@"addressless"] boolValue]; + forwardable = [[aDict valueForKey:@"forwardable"] boolValue]; + proxiable = [[aDict valueForKey:@"proxiable"] boolValue]; + renewable = [[aDict valueForKey:@"renewable"] boolValue]; + valid_lifetime = [[aDict valueForKey:@"valid_lifetime"] integerValue]; + renewal_lifetime = [[aDict valueForKey:@"renewal_lifetime"] integerValue]; + service_name = ([[aDict valueForKey:@"service_name"] length] > 0) ? + [[aDict valueForKey:@"service_name"] UTF8String] : NULL; + start_time = [[aDict valueForKey:@"start_time"] integerValue]; if (!err) { err = kim_options_create (&options); diff --git a/src/kim/agent/mac/KerberosAgent-Info.plist b/src/kim/agent/mac/KerberosAgent-Info.plist index 6f851e91de..ee304e6d5b 100644 --- a/src/kim/agent/mac/KerberosAgent-Info.plist +++ b/src/kim/agent/mac/KerberosAgent-Info.plist @@ -12,10 +12,14 @@ edu.mit.Kerberos.KerberosAgent CFBundleInfoDictionaryVersion 6.0 + CFBundleName + KerberosAgent CFBundlePackageType APPL CFBundleSignature KrbA + CFBundleShortVersionString + 1.0 CFBundleVersion 1.0 NSMainNibFile diff --git a/src/kim/agent/mac/KerberosAgentController.m b/src/kim/agent/mac/KerberosAgentController.m index b392dd40a2..e2314fcd6c 100644 --- a/src/kim/agent/mac/KerberosAgentController.m +++ b/src/kim/agent/mac/KerberosAgentController.m @@ -64,7 +64,6 @@ - (void) quitIfIdle: (NSTimer *) timer { if ([self.clients count] == 0) { - NSLog(@"No active clients. Terminating."); [NSApp terminate:nil]; } autoQuitTimer = nil; @@ -120,6 +119,7 @@ } [autoQuitTimer invalidate]; + autoQuitTimer = nil; [KerberosAgentListener didAddClient:info error:err]; [info release]; @@ -213,6 +213,7 @@ if ([self.clients count] == 0) { // the client removes itself after select identity, // but might come back shortly afterward in need of an auth prompt + [autoQuitTimer invalidate]; autoQuitTimer = [NSTimer scheduledTimerWithTimeInterval:SECONDS_BEFORE_AUTO_QUIT_ON_NO_CLIENTS target:self selector:@selector(quitIfIdle:) diff --git a/src/kim/agent/mac/KerberosAgentPrefix.pch b/src/kim/agent/mac/KerberosAgentPrefix.pch index 9ee9b62e84..d919a4f0b7 100644 --- a/src/kim/agent/mac/KerberosAgentPrefix.pch +++ b/src/kim/agent/mac/KerberosAgentPrefix.pch @@ -4,8 +4,6 @@ #define CacheCollectionDidChangeNotification @"CacheCollectionDidChange" #endif -#define BIND_8_COMPAT - #include #include #include diff --git a/src/kim/agent/mac/SelectIdentityController.h b/src/kim/agent/mac/SelectIdentityController.h index 29b3c0dd4c..4d744ba08e 100644 --- a/src/kim/agent/mac/SelectIdentityController.h +++ b/src/kim/agent/mac/SelectIdentityController.h @@ -42,6 +42,7 @@ IBOutlet NSTextField *headerTextField; IBOutlet NSTextField *explanationTextField; + IBOutlet NSScrollView *identityTableScrollView; IBOutlet NSTableView *identityTableView; IBOutlet NSButton *addIdentityButton; IBOutlet NSPopUpButton *actionPopupButton; @@ -53,7 +54,7 @@ IBOutlet NSObjectController *glueController; - IBOutlet NSWindow *identityOptionsWindow; + IBOutlet NSWindow *ticketOptionsWindow; IBOutlet NSObjectController *identityOptionsController; IBOutlet NSTextField *identityField; IBOutlet NSTextField *staticIdentityField; @@ -61,7 +62,10 @@ IBOutlet NSSlider *validLifetimeSlider; IBOutlet NSSlider *renewableLifetimeSlider; + IBOutlet NSBox *ticketOptionsBox; IBOutlet NSButton *ticketOptionsOkButton; + IBOutlet NSButton *ticketOptionsToggleButton; + CGFloat optionsBoxHeight; } @property (readwrite, retain) IPCClient *associatedClient; @@ -73,7 +77,6 @@ - (IBAction) removeFromFavorites: (id) sender; - (IBAction) editOptions: (id) sender; -- (IBAction) resetOptions: (id) sender; - (IBAction) cancelOptions: (id) sender; - (IBAction) doneOptions: (id) sender; @@ -82,11 +85,13 @@ - (IBAction) select: (id) sender; - (IBAction) cancel: (id) sender; +- (IBAction) checkboxDidChange: (id) sender; - (IBAction) sliderDidChange: (id) sender; - (void) showOptions: (NSString *) contextInfo; - (void) didEndSheet: (NSWindow *) sheet returnCode: (int) returnCode contextInfo: (void *) contextInfo; - (void) saveOptions; +- (IBAction) toggleOptionsVisibility: (id) sender; - (void) timedRefresh:(NSTimer *)timer; diff --git a/src/kim/agent/mac/SelectIdentityController.m b/src/kim/agent/mac/SelectIdentityController.m index 4ad47c93ec..757848ab13 100644 --- a/src/kim/agent/mac/SelectIdentityController.m +++ b/src/kim/agent/mac/SelectIdentityController.m @@ -26,8 +26,6 @@ #import "IPCClient.h" #import "KerberosFormatters.h" -#define identities_key_path @"identities" - @implementation SelectIdentityController @synthesize associatedClient; @@ -55,14 +53,13 @@ { NSString *key = nil; NSString *message = nil; - - // We need to float over the loginwindow and SecurityAgent so use its hardcoded level. + [[self window] center]; - [[self window] setLevel:NSScreenSaverWindowLevel]; + [[self window] setLevel:NSModalPanelWindowLevel]; longTimeFormatter.displaySeconds = NO; longTimeFormatter.displayShortFormat = NO; - + [identityTableView setDoubleAction:@selector(select:)]; identities = [[Identities alloc] init]; [identitiesController setContent:identities]; @@ -82,6 +79,9 @@ } [headerTextField setStringValue:message]; + optionsBoxHeight = [ticketOptionsBox frame].size.height + [ticketOptionsBox frame].origin.y - [ticketOptionsToggleButton frame].origin.y - [ticketOptionsToggleButton frame].size.height; + [self toggleOptionsVisibility:nil]; + [identityOptionsController addObserver:self forKeyPath:identity_string_keypath options:NSKeyValueObservingOptionNew @@ -90,11 +90,30 @@ - (void) observeValueForKeyPath:(NSString *) keyPath ofObject: (id) object change: (NSDictionary *) change context:(void *) context { - if ([keyPath isEqualToString:identity_string_keypath]) { + if (object == identityOptionsController && [keyPath isEqualToString:identity_string_keypath]) { BOOL enabled = [KIMUtilities validateIdentity:[identityOptionsController valueForKeyPath:identity_string_keypath]]; [identityOptionsController setValue:[NSNumber numberWithBool:enabled] forKeyPath:@"content.canClickOK"]; } + else { + [super observeValueForKeyPath:keyPath ofObject:object change:change context:context]; + } +} + +// --------------------------------------------------------------------------- + +- (NSRect) windowWillUseStandardFrame: (NSWindow *) window defaultFrame: (NSRect) defaultFrame +{ + NSRect newFrame = [window frame]; + CGFloat oldHeight = [[identityTableScrollView contentView] frame].size.height; + CGFloat newHeight = [identityTableView numberOfRows] * + ([identityTableView rowHeight] + [identityTableView intercellSpacing].height); + CGFloat yDelta = newHeight - oldHeight; + + newFrame.origin.y -= yDelta; + newFrame.size.height += yDelta; + + return newFrame; } // --------------------------------------------------------------------------- @@ -169,7 +188,7 @@ selectedIdentity = [[identityArrayController selectedObjects] lastObject]; [associatedClient didSelectIdentity: selectedIdentity.identity - options: [identityOptionsController valueForKeyPath:@"content.options"] + options: [identityOptionsController content] wantsChangePassword: NO]; } @@ -194,18 +213,10 @@ // --------------------------------------------------------------------------- -- (IBAction) resetOptions: (id) sender -{ - Identity *anIdentity = [identityArrayController.selectedObjects lastObject]; - [identityOptionsController setContent:anIdentity.options]; -} - -// --------------------------------------------------------------------------- - - (IBAction) cancelOptions: (id) sender { identityOptionsController.content = nil; - [NSApp endSheet:identityOptionsWindow returnCode:NSUserCancelledError]; + [NSApp endSheet:ticketOptionsWindow returnCode:NSUserCancelledError]; // dump changed settings [identities reload]; @@ -218,7 +229,23 @@ // Identity *anIdentity = identityOptionsController.content; - [NSApp endSheet: identityOptionsWindow]; + [NSApp endSheet: ticketOptionsWindow]; +} + +// --------------------------------------------------------------------------- + +- (IBAction) checkboxDidChange: (id) sender +{ + if ([[identityOptionsController valueForKeyPath:uses_default_options_keypath] boolValue]) { + // merge defaults onto current options + NSMutableDictionary *currentOptions = [identityOptionsController content]; + NSDictionary *defaultOptions = [KIMUtilities dictionaryForKimOptions:NULL]; + NSLog(@"using default ticket options"); + [currentOptions addEntriesFromDictionary:defaultOptions]; + // update the sliders, since their values aren't bound + [validLifetimeSlider setDoubleValue:[[identityOptionsController valueForKeyPath:valid_lifetime_keypath] doubleValue]]; + [renewableLifetimeSlider setDoubleValue:[[identityOptionsController valueForKeyPath:renewal_lifetime_keypath] doubleValue]]; + } } // --------------------------------------------------------------------------- @@ -272,7 +299,7 @@ [self sliderDidChange:validLifetimeSlider]; [self sliderDidChange:renewableLifetimeSlider]; - [NSApp beginSheet: identityOptionsWindow + [NSApp beginSheet: ticketOptionsWindow modalForWindow: [self window] modalDelegate: self didEndSelector: @selector(didEndSheet:returnCode:contextInfo:) @@ -343,6 +370,37 @@ // --------------------------------------------------------------------------- +- (IBAction) toggleOptionsVisibility: (id) sender +{ + NSRect newFrame = [NSWindow contentRectForFrameRect:[ticketOptionsWindow frame] styleMask:[ticketOptionsWindow styleMask]]; + CGFloat newHeight; + + if ([ticketOptionsBox isHidden]) { + newHeight = newFrame.size.height + optionsBoxHeight; + newFrame.origin.y += newFrame.size.height; + newFrame.origin.y -= newHeight; + newFrame.size.height = newHeight; + newFrame = [NSWindow frameRectForContentRect:newFrame styleMask:[ticketOptionsWindow styleMask]]; + + [ticketOptionsWindow setFrame:newFrame display:YES animate:YES]; + [ticketOptionsBox setHidden:NO]; + [sender setTitle:NSLocalizedStringFromTable(@"SelectIdentityHideOptions", @"SelectIdentity", NULL)]; + } + else { + newHeight = newFrame.size.height - optionsBoxHeight; + newFrame.origin.y += newFrame.size.height; + newFrame.origin.y -= newHeight; + newFrame.size.height = newHeight; + newFrame = [NSWindow frameRectForContentRect:newFrame styleMask:[ticketOptionsWindow styleMask]]; + + [ticketOptionsBox setHidden:YES]; + [ticketOptionsWindow setFrame:newFrame display:YES animate:YES]; + [sender setTitle:NSLocalizedStringFromTable(@"SelectIdentityShowOptions", @"SelectIdentity", NULL)]; + } +} + +// --------------------------------------------------------------------------- + - (void) timedRefresh:(NSTimer *)timer { // refetch data to update expiration times diff --git a/src/kim/agent/mac/resources/English.lproj/Authentication.xib b/src/kim/agent/mac/resources/English.lproj/Authentication.xib index aac2d7fa82..a58f670490 100644 --- a/src/kim/agent/mac/resources/English.lproj/Authentication.xib +++ b/src/kim/agent/mac/resources/English.lproj/Authentication.xib @@ -8,10 +8,7 @@ 352.00 YES - - - YES @@ -60,6 +57,7 @@ identity_string favorite_identity_strings isBusy + acceptingInput YES @@ -75,6 +73,7 @@ maxRenewableLifetime renewa renewal_lifetime + usesDefaultTicketOptions YES @@ -376,7 +375,7 @@ NSView - + 274 YES @@ -522,7 +521,6 @@ {500, 208} - NSView @@ -667,7 +665,7 @@ NSView - + 286 YES @@ -847,7 +845,6 @@ {500, 230} - NSView @@ -950,7 +947,7 @@ 1 2 - {{21, 50}, {430, 283}} + {{21, 28}, {430, 305}} 1886912512 Kerberos Ticket Options NSWindow @@ -960,7 +957,7 @@ {3.40282e+38, 3.40282e+38} {430, 283} - + 256 YES @@ -1172,9 +1169,30 @@ 25 + + + 268 + {{18, 269}, {184, 18}} + + YES + + -2080244224 + 0 + Use default ticket options + + + 1211912703 + 130 + + + + + 200 + 25 + + - {430, 283} - + {430, 305} {{0, 0}, {1440, 878}} {430, 305} @@ -1320,7 +1338,7 @@ enabled: selection.isPrincipalValid - + enabled: selection.isPrincipalValid @@ -1384,7 +1402,7 @@ enabled: selection.isPromptValid - + enabled: selection.isPromptValid @@ -1472,7 +1490,7 @@ enabled: selection.isPromptValid - + enabled: selection.isPromptValid @@ -1592,7 +1610,7 @@ enabled: selection.isChangePasswordValid - + enabled: selection.isChangePasswordValid @@ -1822,7 +1840,7 @@ enabled: selection.renewable - + enabled: selection.renewable @@ -2106,6 +2124,474 @@ 300540 + + + value: selection.usesDefaultTicketOptions + + + + + + value: selection.usesDefaultTicketOptions + value + selection.usesDefaultTicketOptions + 2 + + + 300545 + + + + enabled: selection.usesDefaultTicketOptions + + + + + + enabled: selection.usesDefaultTicketOptions + enabled + selection.usesDefaultTicketOptions + + NSValueTransformerName + NSNegateBoolean + + 2 + + + 300547 + + + + enabled: selection.usesDefaultTicketOptions + + + + + + enabled: selection.usesDefaultTicketOptions + enabled + selection.usesDefaultTicketOptions + + NSValueTransformerName + NSNegateBoolean + + 2 + + + 300549 + + + + enabled: selection.usesDefaultTicketOptions + + + + + + enabled: selection.usesDefaultTicketOptions + enabled + selection.usesDefaultTicketOptions + + NSValueTransformerName + NSNegateBoolean + + 2 + + + 300551 + + + + enabled: selection.usesDefaultTicketOptions + + + + + + enabled: selection.usesDefaultTicketOptions + enabled + selection.usesDefaultTicketOptions + + NSValueTransformerName + NSNegateBoolean + + 2 + + + 300553 + + + + enabled2: selection.usesDefaultTicketOptions + + + + + + enabled2: selection.usesDefaultTicketOptions + enabled2 + selection.usesDefaultTicketOptions + + YES + + YES + NSMultipleValuesPlaceholder + NSNoSelectionPlaceholder + NSNotApplicablePlaceholder + NSNullPlaceholder + NSValueTransformerName + + + YES + + + + + NSNegateBoolean + + + + 2 + + + 300555 + + + + checkboxDidChange: + + + + 300556 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300560 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300561 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300562 + + + + enabled2: selection.acceptingInput + + + + + + enabled2: selection.acceptingInput + enabled2 + selection.acceptingInput + + YES + + YES + NSMultipleValuesPlaceholder + NSNoSelectionPlaceholder + NSNotApplicablePlaceholder + NSNullPlaceholder + + + YES + + + + + + + + 2 + + + 300563 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300564 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300565 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300566 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300567 + + + + enabled2: selection.acceptingInput + + + + + + enabled2: selection.acceptingInput + enabled2 + selection.acceptingInput + + YES + + YES + NSMultipleValuesPlaceholder + NSNoSelectionPlaceholder + NSNotApplicablePlaceholder + NSNullPlaceholder + + + YES + + + + + + + + 2 + + + 300568 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300569 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300570 + + + + enabled2: selection.acceptingInput + + + + + + enabled2: selection.acceptingInput + enabled2 + selection.acceptingInput + + YES + + YES + NSMultipleValuesPlaceholder + NSNoSelectionPlaceholder + NSNotApplicablePlaceholder + NSNullPlaceholder + + + YES + + + + + + + + 2 + + + 300571 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300572 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300573 + + + + enabled: selection.acceptingInput + + + + + + enabled: selection.acceptingInput + enabled + selection.acceptingInput + 2 + + + 300574 + + + + enabled2: selection.acceptingInput + + + + + + enabled2: selection.acceptingInput + enabled2 + selection.acceptingInput + + YES + + YES + NSMultipleValuesPlaceholder + NSNoSelectionPlaceholder + NSNotApplicablePlaceholder + NSNullPlaceholder + + + YES + + + + + + + + 2 + + + 300575 + @@ -2710,16 +3196,17 @@ YES - - - - - - - - + + + + + + + + + @@ -2918,6 +3405,20 @@ + + 300543 + + + YES + + + + + + 300544 + + + @@ -3060,6 +3561,8 @@ 300533.IBPluginDependency 300534.IBPluginDependency 300536.IBPluginDependency + 300543.IBPluginDependency + 300544.IBPluginDependency YES @@ -3069,7 +3572,7 @@ com.apple.InterfaceBuilder.CocoaPlugin {{628, 646}, {500, 210}} - + {{932, 664}, {484, 199}} @@ -3159,9 +3662,9 @@ com.apple.InterfaceBuilder.CocoaPlugin - {{647, 412}, {430, 283}} + {{647, 390}, {430, 305}} com.apple.InterfaceBuilder.CocoaPlugin - {{647, 412}, {430, 283}} + {{647, 390}, {430, 305}} @@ -3199,6 +3702,8 @@ com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin @@ -3221,7 +3726,7 @@ - 300540 + 300575 @@ -3238,6 +3743,7 @@ cancelTicketOptions: changePassword: changePasswordGearAction: + checkboxDidChange: enterIdentity: saveTicketOptions: showTicketOptions: @@ -3256,6 +3762,7 @@ id id id + id diff --git a/src/kim/agent/mac/resources/English.lproj/SelectIdentity.strings b/src/kim/agent/mac/resources/English.lproj/SelectIdentity.strings index 6eb2109b23..db20365e90 100644 Binary files a/src/kim/agent/mac/resources/English.lproj/SelectIdentity.strings and b/src/kim/agent/mac/resources/English.lproj/SelectIdentity.strings differ diff --git a/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib b/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib index 0bc7669144..8be14fb6cf 100644 --- a/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib +++ b/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib @@ -8,7 +8,7 @@ 352.00 YES - + YES @@ -40,7 +40,7 @@ {800, 800} {400, 273} - + 256 YES @@ -472,7 +472,6 @@ - 3 YES 2 YES @@ -482,7 +481,6 @@ {500, 273} - {{0, 0}, {1440, 878}} {400, 295} @@ -515,7 +513,7 @@ 7 2 - {{196, 162}, {427, 348}} + {{196, 142}, {427, 368}} 603979776 Window NSWindow @@ -529,9 +527,8 @@ 266 - {{78, 306}, {329, 22}} + {{78, 326}, {329, 22}} - YES -1804468671 @@ -558,14 +555,13 @@ 268 - {{17, 308}, {60, 17}} + {{17, 328}, {56, 17}} - YES 68288064 - 71304192 - Identity: + 4195328 + Identity: @@ -585,9 +581,8 @@ 266 - {{24, 179}, {337, 25}} + {{22, 181}, {347, 25}} - YES 67501824 @@ -610,9 +605,8 @@ 268 - {{13, 211}, {185, 17}} + {{11, 213}, {185, 17}} - YES 67239424 @@ -627,9 +621,8 @@ 266 - {{23, 157}, {339, 14}} + {{21, 159}, {349, 14}} - YES 67239424 @@ -644,9 +637,8 @@ 268 - {{13, 132}, {133, 17}} + {{11, 134}, {133, 17}} - YES 67239424 @@ -661,9 +653,8 @@ 266 - {{42, 34}, {301, 25}} + {{40, 36}, {311, 25}} - YES 67501824 @@ -690,9 +681,8 @@ 268 - {{24, 86}, {303, 18}} + {{22, 88}, {303, 18}} - YES 67239424 @@ -714,9 +704,8 @@ 268 - {{24, 108}, {351, 18}} + {{22, 110}, {351, 18}} - YES 67239424 @@ -736,9 +725,8 @@ 268 - {{24, 64}, {248, 18}} + {{22, 66}, {248, 18}} - YES 67239424 @@ -758,9 +746,8 @@ 266 - {{41, 12}, {303, 14}} + {{39, 14}, {313, 14}} - YES 67239424 @@ -773,14 +760,12 @@ - {{3, 3}, {387, 238}} + {{1, 1}, {391, 242}} - - {{17, 56}, {393, 244}} + {{17, 48}, {393, 244}} - {0, 0} 67239424 @@ -794,7 +779,7 @@ - 2 + 1 1 0 NO @@ -804,7 +789,6 @@ 289 {{331, 12}, {82, 32}} - YES 67239424 @@ -825,7 +809,6 @@ 289 {{249, 12}, {82, 32}} - YES 67239424 @@ -841,48 +824,70 @@ 25 - + - 289 - {{129, 12}, {120, 32}} + -2147483382 + {{73, 328}, {337, 17}} - YES - - 67239424 - 134217728 - Use Defaults + + 68288064 + 272630784 + Label - - -2038284033 - 129 + + + + + + + + 268 + {{18, 300}, {184, 18}} + + YES + + -2080244224 + 0 + Use default ticket options + + + 1211912703 + 130 + + NSImage + NSSwitch + + 200 25 - + - -2147483380 - {{75, 308}, {335, 17}} + 292 + {{14, 12}, {127, 32}} - YES - - 68288064 - 272630784 - Label + + 67239424 + 134217728 + Show Options - - - + + -2038284033 + 129 + + Gw + 200 + 25 - {427, 348} + {427, 368} - {{0, 0}, {1280, 778}} {3.40282e+38, 3.40282e+38} @@ -909,8 +914,10 @@ renewal_lifetime identity_string canClickOK + usesDefaultTicketOptions YES + YES @@ -931,6 +938,7 @@ favorite identities minRenewableLifetime + content.identities Identities @@ -1284,22 +1292,6 @@ 300442 - - - contentArray: selection.identities - - - - - - contentArray: selection.identities - contentArray - selection.identities - 2 - - - 300444 - newIdentity: @@ -1308,14 +1300,6 @@ 300450 - - - identityOptionsWindow - - - - 300451 - editOptions: @@ -1332,14 +1316,6 @@ 300453 - - - resetOptions: - - - - 300454 - doneOptions: @@ -1599,7 +1575,7 @@ enabled: selection.renewable - + enabled: selection.renewable @@ -1671,7 +1647,7 @@ arrangedObjects.identity NSConditionallySetsEditable - + 2 @@ -1707,13 +1683,209 @@ selection.identity_string NSContinuouslyUpdatesValue - + 2 300509 + + + identityTableScrollView + + + + 300511 + + + + ticketOptionsBox + + + + 300520 + + + + toggleOptionsVisibility: + + + + 300521 + + + + ticketOptionsWindow + + + + 300522 + + + + ticketOptionsToggleButton + + + + 300523 + + + + value: selection.usesDefaultTicketOptions + + + + + + value: selection.usesDefaultTicketOptions + value + selection.usesDefaultTicketOptions + 2 + + + 300525 + + + + enabled: selection.usesDefaultTicketOptions + + + + + + enabled: selection.usesDefaultTicketOptions + enabled + selection.usesDefaultTicketOptions + + NSValueTransformerName + NSNegateBoolean + + 2 + + + 300527 + + + + enabled: selection.usesDefaultTicketOptions + + + + + + enabled: selection.usesDefaultTicketOptions + enabled + selection.usesDefaultTicketOptions + + NSValueTransformerName + NSNegateBoolean + + 2 + + + 300529 + + + + enabled: selection.usesDefaultTicketOptions + + + + + + enabled: selection.usesDefaultTicketOptions + enabled + selection.usesDefaultTicketOptions + + NSValueTransformerName + NSNegateBoolean + + 2 + + + 300531 + + + + enabled: selection.usesDefaultTicketOptions + + + + + + enabled: selection.usesDefaultTicketOptions + enabled + selection.usesDefaultTicketOptions + + NSValueTransformerName + NSNegateBoolean + + 2 + + + 300533 + + + + enabled2: selection.usesDefaultTicketOptions + + + + + + enabled2: selection.usesDefaultTicketOptions + enabled2 + selection.usesDefaultTicketOptions + + YES + + YES + NSMultipleValuesPlaceholder + NSNoSelectionPlaceholder + NSNotApplicablePlaceholder + NSNullPlaceholder + NSValueTransformerName + + + YES + + + + + NSNegateBoolean + + + + 2 + + + 300535 + + + + checkboxDidChange: + + + + 300536 + + + + contentArray: content.identities + + + + + + contentArray: content.identities + contentArray + content.identities + 2 + + + 300539 + enabled: selection.canClickOK @@ -1725,10 +1897,29 @@ enabled: selection.canClickOK enabled selection.canClickOK + + YES + + YES + NSMultipleValuesPlaceholder + NSNoSelectionPlaceholder + NSNotApplicablePlaceholder + NSNullPlaceholder + NSRaisesForNotApplicableKeys + + + YES + + + + + + + 2 - 300510 + 300546 @@ -1976,11 +2167,12 @@ YES - - + + + @@ -1989,15 +2181,15 @@ YES - + - - + - + + @@ -2029,132 +2221,6 @@ - - 300307 - - - YES - - - - - - 300308 - - - YES - - - - - - 300309 - - - YES - - - - - - 300310 - - - YES - - - - - - 300311 - - - YES - - - - - - 300312 - - - YES - - - - - - 300313 - - - YES - - - - - - 300314 - - - YES - - - - - - 300315 - - - YES - - - - - - 300316 - - - - - 300317 - - - - - 300318 - - - - - 300319 - - - - - 300320 - - - - - 300321 - - - - - 300322 - - - - - 300323 - - - - - 300324 - - - 300329 @@ -2189,20 +2255,6 @@ - - 300358 - - - YES - - - - - - 300359 - - - 300370 @@ -2291,6 +2343,160 @@ Long Time Formatter + + 300308 + + + YES + + + + + + 300323 + + + + + 300309 + + + YES + + + + + + 300322 + + + + + 300310 + + + YES + + + + + + 300321 + + + + + 300311 + + + YES + + + + + + 300320 + + + + + 300307 + + + YES + + + + + + 300324 + + + + + 300315 + + + YES + + + + + + 300316 + + + + + 300312 + + + YES + + + + + + 300319 + + + + + 300314 + + + YES + + + + + + 300317 + + + + + 300313 + + + YES + + + + + + 300318 + + + + + 300514 + + + YES + + + + + + 300515 + + + + + 300518 + + + YES + + + + + + 300519 + + + @@ -2360,8 +2566,6 @@ 300331.IBPluginDependency 300334.IBPluginDependency 300335.IBPluginDependency - 300358.IBPluginDependency - 300359.IBPluginDependency 300370.IBPluginDependency 300402.IBPluginDependency 300403.IBPluginDependency @@ -2376,6 +2580,10 @@ 300462.IBPluginDependency 300485.IBPluginDependency 300498.IBPluginDependency + 300514.IBPluginDependency + 300515.IBPluginDependency + 300518.IBPluginDependency + 300519.IBPluginDependency 5.IBEditorWindowLastContentRect 5.IBPluginDependency 5.IBWindowTemplateEditedContentRect @@ -2420,9 +2628,9 @@ com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin - {{553, 335}, {427, 348}} + {{704, 346}, {427, 368}} com.apple.InterfaceBuilder.CocoaPlugin - {{553, 335}, {427, 348}} + {{704, 346}, {427, 368}} {10000, 354} @@ -2461,9 +2669,11 @@ com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin + {{610, 271}, {203, 103}} + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin - {{610, 271}, {203, 103}} com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin @@ -2476,10 +2686,10 @@ com.apple.InterfaceBuilder.CocoaPlugin {{495, 457}, {500, 273}} - + {{503, 256}, {419, 465}} - + {800, 800} {400, 273} com.apple.InterfaceBuilder.CocoaPlugin @@ -2508,7 +2718,7 @@ - 300510 + 300546 @@ -2553,13 +2763,14 @@ cancel: cancelOptions: changePassword: + checkboxDidChange: doneOptions: editOptions: newIdentity: removeFromFavorites: - resetOptions: select: sliderDidChange: + toggleOptionsVisibility: YES @@ -2574,6 +2785,7 @@ id id id + id @@ -2590,7 +2802,7 @@ identityArrayController identityField identityOptionsController - identityOptionsWindow + identityTableScrollView identityTableView kerberosIconImageView longTimeFormatter @@ -2598,7 +2810,10 @@ selectIdentityButton shortTimeFormatter staticIdentityField + ticketOptionsBox ticketOptionsOkButton + ticketOptionsToggleButton + ticketOptionsWindow validLifetimeSlider @@ -2613,7 +2828,7 @@ NSArrayController NSTextField NSObjectController - NSWindow + NSScrollView NSTableView BadgedImageView KerberosTimeFormatter @@ -2621,7 +2836,10 @@ NSButton KerberosTimeFormatter NSTextField + NSBox + NSButton NSButton + NSWindow NSSlider diff --git a/src/kim/lib/kim.exports b/src/kim/lib/kim.exports index ca96d04a2d..0216e4be39 100644 --- a/src/kim/lib/kim.exports +++ b/src/kim/lib/kim.exports @@ -93,6 +93,7 @@ kim_credential_iterator_next kim_credential_iterator_free kim_credential_create_new +kim_credential_create_new_with_password kim_credential_create_from_keytab kim_credential_create_from_krb5_creds kim_credential_copy @@ -116,7 +117,9 @@ kim_ccache_iterator_next kim_ccache_iterator_free kim_ccache_create_new +kim_ccache_create_new_with_password kim_ccache_create_new_if_needed +kim_ccache_create_new_if_needed_with_password kim_ccache_create_from_client_identity kim_ccache_create_from_keytab kim_ccache_create_from_default diff --git a/src/kim/lib/kim_ccache.c b/src/kim/lib/kim_ccache.c index 43da3f29b5..cf6a18315e 100644 --- a/src/kim/lib/kim_ccache.c +++ b/src/kim/lib/kim_ccache.c @@ -108,6 +108,9 @@ kim_error kim_ccache_iterator_next (kim_ccache_iterator in_ccache_iterator, ccache = NULL; err = KIM_NO_ERROR; } + + if (principal) { krb5_free_principal (in_ccache_iterator->context, + principal); } } if (!err) { @@ -253,6 +256,19 @@ kim_error kim_ccache_create_new_with_password (kim_ccache *out_ccache, kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, kim_identity in_client_identity, kim_options in_options) +{ + return check_error (kim_ccache_create_new_if_needed_with_password (out_ccache, + in_client_identity, + in_options, + NULL)); +} + +/* ------------------------------------------------------------------------ */ + +kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache *out_ccache, + kim_identity in_client_identity, + kim_options in_options, + kim_string in_password) { kim_error err = KIM_NO_ERROR; kim_ccache ccache = NULL; @@ -263,7 +279,8 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, if (!err) { kim_credential_state state; - err = kim_ccache_create_from_client_identity (&ccache, in_client_identity); + err = kim_ccache_create_from_client_identity (&ccache, + in_client_identity); if (!err) { err = kim_ccache_get_state (ccache, &state); @@ -280,7 +297,10 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, if (!ccache) { /* ccache does not already exist, create a new one */ - err = kim_ccache_create_new (&ccache, in_client_identity, in_options); + err = kim_ccache_create_new_with_password (&ccache, + in_client_identity, + in_options, + in_password); } } @@ -300,56 +320,62 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, kim_identity in_client_identity) { kim_error err = KIM_NO_ERROR; - kim_ccache_iterator iterator = NULL; - kim_boolean found = FALSE; - if (!err && !out_ccache ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !in_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err) { + if (!err && in_client_identity) { + kim_ccache_iterator iterator = NULL; + kim_boolean found = FALSE; + err = kim_ccache_iterator_create (&iterator); - } - - while (!err && !found) { - kim_ccache ccache = NULL; - kim_identity identity = NULL; - kim_comparison comparison; - err = kim_ccache_iterator_next (iterator, &ccache); - - if (!err && !ccache) { - kim_string string = NULL; + while (!err && !found) { + kim_ccache ccache = NULL; + kim_identity identity = NULL; + kim_comparison comparison; - err = kim_identity_get_display_string (in_client_identity, &string); + err = kim_ccache_iterator_next (iterator, &ccache); + + if (!err && !ccache) { + kim_string string = NULL; + + err = kim_identity_get_display_string (in_client_identity, + &string); + + if (!err) { + err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR, + string); + } + + kim_string_free (&string); + } if (!err) { - err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR, - string); + err = kim_ccache_get_client_identity (ccache, &identity); } - kim_string_free (&string); - } - - if (!err) { - err = kim_ccache_get_client_identity (ccache, &identity); - } - - if (!err) { - err = kim_identity_compare (in_client_identity, identity, &comparison); + if (!err) { + err = kim_identity_compare (in_client_identity, identity, + &comparison); + } + + if (!err && kim_comparison_is_equal_to (comparison)) { + found = 1; + *out_ccache = ccache; + ccache = NULL; + } + + kim_identity_free (&identity); + kim_ccache_free (&ccache); } - if (!err && kim_comparison_is_equal_to (comparison)) { - found = 1; - *out_ccache = ccache; - ccache = NULL; - } + kim_ccache_iterator_free (&iterator); - kim_identity_free (&identity); - kim_ccache_free (&ccache); + } else if (!err) { + /* in_client_identity is NULL, get default ccache */ + err = kim_ccache_create_from_default (out_ccache); } - kim_ccache_iterator_free (&iterator); - return check_error (err); } diff --git a/src/kim/lib/kim_ccache_private.h b/src/kim/lib/kim_ccache_private.h deleted file mode 100644 index 42f048455b..0000000000 --- a/src/kim/lib/kim_ccache_private.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * $Header$ - * - * Copyright 2006 Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef KIM_CCACHE_PRIVATE_H -#define KIM_CCACHE_PRIVATE_H - -#include - -kim_error kim_ccache_create_new_with_password (kim_ccache *out_ccache, - kim_identity in_client_identity, - kim_options in_options, - kim_string in_password); - -#endif /* KIM_CCACHE_PRIVATE_H */ diff --git a/src/kim/lib/kim_credential.c b/src/kim/lib/kim_credential.c index 50e9e9b8cd..8d2c1ee608 100644 --- a/src/kim/lib/kim_credential.c +++ b/src/kim/lib/kim_credential.c @@ -213,6 +213,46 @@ kim_error kim_credential_create_new (kim_credential *out_credential, /* ------------------------------------------------------------------------ */ +static void kim_credential_remember_prefs (kim_identity in_identity, + kim_options in_options) +{ + kim_error err = KIM_NO_ERROR; + kim_preferences prefs = NULL; + kim_boolean remember_identity = 0; + kim_boolean remember_options = 0; + + err = kim_preferences_create (&prefs); + + if (!err && in_options) { + err = kim_preferences_get_remember_options (prefs, + &remember_options); + } + + if (!err && in_identity) { + err = kim_preferences_get_remember_client_identity (prefs, + &remember_identity); + } + + if (!err && remember_options) { + err = kim_preferences_set_options (prefs, in_options); + } + + if (!err && remember_identity) { + err = kim_preferences_set_client_identity (prefs, in_identity); + + } + + if (!err && (remember_options || remember_identity)) { + err = kim_preferences_synchronize (prefs); + } + + kim_preferences_free (&prefs); + + check_error (err); +} + +/* ------------------------------------------------------------------------ */ + kim_error kim_credential_create_new_with_password (kim_credential *out_credential, kim_identity in_identity, kim_options in_options, @@ -269,7 +309,11 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia /* reenter enter_identity so just forget this identity * even if we got an error */ - if (err == KIM_USER_CANCELED_ERR) { err = KIM_NO_ERROR; } + if (err == KIM_USER_CANCELED_ERR || + err == KIM_DUPLICATE_UI_REQUEST_ERR) { + err = KIM_NO_ERROR; + } + kim_identity_free (&identity); } @@ -290,6 +334,7 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia /* set counter to zero so we can tell if we got prompted */ context.prompt_count = 0; + context.password_to_save = NULL; err = krb5_error (credential->context, krb5_get_init_creds_password (credential->context, @@ -356,21 +401,47 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia kim_string_free (&new_password); } - if (!err || err == KIM_USER_CANCELED_ERR) { + if (!err || err == KIM_USER_CANCELED_ERR || + err == KIM_DUPLICATE_UI_REQUEST_ERR) { /* new creds obtained or the user gave up */ done_with_credentials = 1; - } else { - /* new creds failed, report error to user */ - kim_error terr = kim_ui_handle_kim_error (&context, identity, - kim_ui_error_type_authentication, - err); - - if (prompt_count) { - /* User was prompted and might have entered bad info - * so let them try again. */ - err = terr; + if (!err) { + /* remember identity and options if the user wanted to */ + kim_credential_remember_prefs (identity, options); } + + if (err == KIM_DUPLICATE_UI_REQUEST_ERR) { + kim_ccache ccache = NULL; + /* credential for this identity was obtained, but via a different + * dialog. Find it. */ + + err = kim_ccache_create_from_client_identity (&ccache, + identity); + + if (!err) { + err = kim_ccache_get_valid_credential (ccache, + &credential); + } + + kim_ccache_free (&ccache); + } + + } else if (prompt_count) { + /* User was prompted and might have entered bad info + * so report error and try again. */ + + err = kim_ui_handle_kim_error (&context, identity, + kim_ui_error_type_authentication, + err); + } + + if (err == KRB5KRB_AP_ERR_BAD_INTEGRITY || + err == KRB5KDC_ERR_PREAUTH_FAILED || + err == KIM_BAD_PASSWORD_ERR || err == KIM_PREAUTH_FAILED_ERR) { + /* if the password could have failed, remove any saved ones + * or the user will get stuck. */ + kim_os_identity_remove_saved_password (identity); } if (free_creds) { krb5_free_cred_contents (credential->context, &creds); } @@ -380,16 +451,11 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia /* identity obtained or the user gave up */ done_with_identity = 1; - } else { - /* new creds failed, report error to user */ - kim_error terr = kim_ui_handle_kim_error (&context, identity, - kim_ui_error_type_authentication, - err); - - if (!in_identity) { - /* User entered an identity so let them try again */ - err = terr; - } + } else if (!in_identity) { + /* User entered an identity so report error and try again */ + err = kim_ui_handle_kim_error (&context, identity, + kim_ui_error_type_authentication, + err); } if (identity != in_identity) { kim_identity_free (&identity); } @@ -399,13 +465,13 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia kim_error fini_err = kim_ui_fini (&context); if (!err) { err = check_error (fini_err); } } - + if (!err) { *out_credential = credential; credential = NULL; } - if (options != in_options ) { kim_options_free (&options); } + if (options != in_options) { kim_options_free (&options); } kim_credential_free (&credential); return check_error (err); @@ -513,6 +579,7 @@ kim_error kim_credential_create_from_keytab (kim_credential *out_credential, } if (principal ) { krb5_free_principal (credential->context, principal); } + if (free_creds) { krb5_free_cred_contents (credential->context, &creds); } if (!err) { *out_credential = credential; @@ -520,7 +587,6 @@ kim_error kim_credential_create_from_keytab (kim_credential *out_credential, } if (options != in_options) { kim_options_free (&options); } - if (free_creds) { krb5_free_cred_contents (credential->context, &creds); } kim_credential_free (&credential); return check_error (err); @@ -614,6 +680,7 @@ kim_error kim_credential_create_for_change_password (kim_credential *out_creden /* set counter to zero so we can tell if we got prompted */ in_ui_context->prompt_count = 0; + in_ui_context->identity = in_identity; err = krb5_error (credential->context, krb5_get_init_creds_password (credential->context, diff --git a/src/kim/lib/kim_credential_private.h b/src/kim/lib/kim_credential_private.h index c9a975d59e..3f30d6c738 100644 --- a/src/kim/lib/kim_credential_private.h +++ b/src/kim/lib/kim_credential_private.h @@ -36,9 +36,4 @@ kim_error kim_credential_create_for_change_password (kim_credential *out_creden kim_ui_context *in_ui_context, kim_boolean *out_user_was_prompted); -kim_error kim_credential_create_new_with_password (kim_credential *out_credential, - kim_identity in_identity, - kim_options in_options, - kim_string in_password); - #endif /* KIM_CREDENTIAL_PRIVATE_H */ diff --git a/src/kim/lib/kim_error_message.c b/src/kim/lib/kim_error_message.c index b292505c4c..6a891aa482 100644 --- a/src/kim/lib/kim_error_message.c +++ b/src/kim/lib/kim_error_message.c @@ -38,7 +38,7 @@ MAKE_FINI_FUNCTION(kim_error_terminate); typedef struct kim_last_error { kim_error code; - char message[1024]; + char message[2048]; } *kim_last_error; /* ------------------------------------------------------------------------ */ @@ -91,6 +91,36 @@ static void kim_error_free_message (void *io_error) } } +#pragma mark - + +/* ------------------------------------------------------------------------ */ + +static kim_boolean kim_error_is_builtin (kim_error in_error) +{ + return (in_error == KIM_NO_ERROR || + in_error == KIM_OUT_OF_MEMORY_ERR); +} + +/* ------------------------------------------------------------------------ */ +/* Warning: only remap to error strings with the same format! */ + +static kim_error kim_error_remap (kim_error in_error) +{ + /* some krb5 errors are confusing. remap to better ones */ + switch (in_error) { + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + return KIM_BAD_PASSWORD_ERR; + + case KRB5KDC_ERR_PREAUTH_FAILED: + return KIM_PREAUTH_FAILED_ERR; + + case KRB5KRB_AP_ERR_SKEW: + return KIM_CLOCK_SKEW_ERR; + } + + return in_error; +} + /* ------------------------------------------------------------------------ */ kim_string kim_error_message (kim_error in_error) @@ -110,15 +140,7 @@ kim_string kim_error_message (kim_error in_error) if (!lock_err) { k5_mutex_unlock (&kim_error_lock); } - return message ? message : error_message (in_error); -} - -/* ------------------------------------------------------------------------ */ - -static kim_boolean kim_error_is_builtin (kim_error in_error) -{ - return (in_error == KIM_NO_ERROR || - in_error == KIM_OUT_OF_MEMORY_ERR); + return message ? message : error_message (kim_error_remap (in_error)); } #pragma mark -- Generic Functions -- @@ -140,26 +162,27 @@ kim_error kim_error_set_message_for_code (kim_error in_error, /* ------------------------------------------------------------------------ */ -kim_error kim_error_set_message_for_code_va (kim_error in_error, +kim_error kim_error_set_message_for_code_va (kim_error in_code, va_list in_args) { kim_error err = KIM_NO_ERROR; - - if (!err && !kim_error_is_builtin (in_error)) { - kim_string message = NULL; + kim_error code = kim_error_remap (in_code); + if (!kim_error_is_builtin (code)) { + kim_string message = NULL; + err = kim_string_create_from_format_va_retcode (&message, - error_message (in_error), + error_message (code), in_args); if (!err) { - err = kim_error_set_message (in_error, message); + err = kim_error_set_message (code, message); } kim_string_free (&message); } - return err ? err : in_error; + return err ? err : code; } @@ -169,14 +192,23 @@ kim_error kim_error_set_message_for_krb5_error (krb5_context in_context, krb5_error_code in_code) { kim_error err = KIM_NO_ERROR; + krb5_error_code code = kim_error_remap (in_code); - if (!err && !kim_error_is_builtin (in_code)) { - const char *message = krb5_get_error_message (in_context, in_code); + if (code != in_code) { + /* error was remapped to a KIM error */ + err = kim_error_set_message (code, error_message (code)); + + } else if (!kim_error_is_builtin (code)) { + const char *message = krb5_get_error_message (in_context, code); - err = kim_error_set_message (in_code, message); + if (message) { + err = kim_error_set_message (code, message); + + krb5_free_error_message (in_context, message); + } } - return err ? err : in_code; + return err ? err : code; } #pragma mark -- Debugging Functions -- diff --git a/src/kim/lib/kim_errors.et b/src/kim/lib/kim_errors.et index 5082a1b807..15f07be035 100644 --- a/src/kim/lib/kim_errors.et +++ b/src/kim/lib/kim_errors.et @@ -29,6 +29,7 @@ error_code KIM_KRB5_INIT_FAILED_ERR, "Unable to initialize Kerberos error_code KIM_NO_REALMS_ERR, "There are no Kerberos realms configured" error_code KIM_NO_SUCH_REALM_ERR, "The realm '%s' is not in your configuration file or does not exist" error_code KIM_UNSUPPORTED_HINT_ERR, "The hint '%s' is not supported by this version of KIM" +error_code KIM_CLOCK_SKEW_ERR, "Clock skew too big: please check your time, time zone and daylight savings settings" index 25 # Principal Errors @@ -37,6 +38,8 @@ error_code KIM_BAD_COMPONENT_INDEX_ERR, "Principal does not have a com error_code KIM_PASSWORD_MISMATCH_ERR, "New and verify passwords do not match" error_code KIM_INSECURE_PASSWORD_ERR, "Your new password for '%s' is insecure; please pick another one" error_code KIM_PASSWORD_CHANGE_FAILED_ERR, "Unable to change password for %s" +error_code KIM_BAD_PASSWORD_ERR, "Password incorrect" +error_code KIM_PREAUTH_FAILED_ERR, "Password incorrect or preauthentication failed" index 50 # Options Errors @@ -49,6 +52,7 @@ error_code KIM_CAPS_LOCK_ERR, "Password Incorrect (check you error_code KIM_USER_CANCELED_ERR, "The user cancelled the operation" error_code KIM_NO_SERVER_ERR, "KerberosAgent is not responding" error_code KIM_NO_UI_ERR, "Unable to display a user interface from this environment" +error_code KIM_DUPLICATE_UI_REQUEST_ERR, "UI just handled this request" index 100 # Preferences Errors diff --git a/src/kim/lib/kim_identity.c b/src/kim/lib/kim_identity.c index a7edc8c38f..2a1ad5e3ff 100644 --- a/src/kim/lib/kim_identity.c +++ b/src/kim/lib/kim_identity.c @@ -24,8 +24,8 @@ * or implied warranty. */ +#include "k5-int.h" #include -#include #include "kim_private.h" /* ------------------------------------------------------------------------ */ @@ -110,7 +110,6 @@ kim_error kim_identity_create_from_components (kim_identity *out_identity, { kim_error err = KIM_NO_ERROR; kim_identity identity = NULL; - krb5_principal_data principal_data; /* allocated by KIM so can't be returned */ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_realm ) { err = check_error (KIM_NULL_PARAMETER_ERR); } @@ -126,64 +125,23 @@ kim_error kim_identity_create_from_components (kim_identity *out_identity, if (!err) { va_list args; - kim_count component_count = 1; - + va_start (args, in_1st_component); - while (va_arg (args, kim_string)) { component_count++; } + err = krb5_error (identity->context, + krb5int_build_principal_alloc_va (identity->context, + &identity->principal, + strlen(in_realm), + in_realm, + in_1st_component, + args)); va_end (args); - - principal_data.length = component_count; - principal_data.data = (krb5_data *) malloc (component_count * sizeof (krb5_data)); - if (!principal_data.data) { err = KIM_OUT_OF_MEMORY_ERR; } } - - if (!err) { - va_list args; - krb5_int32 i; - - krb5_princ_set_realm_length (context, &principal_data, strlen (in_realm)); - krb5_princ_set_realm_data (context, &principal_data, (char *) in_realm); - - va_start (args, in_1st_component); - for (i = 0; !err && (i < principal_data.length); i++) { - kim_string component = NULL; - if (i == 0) { - err = kim_string_copy (&component, in_1st_component); - } else { - err = kim_string_copy (&component, va_arg (args, kim_string)); - } - - if (!err) { - principal_data.data[i].data = (char *) component; - principal_data.data[i].length = strlen (component); - } - } - va_end (args); - } - - if (!err) { - /* make a copy that has actually been allocated by the krb5 - * library so krb5_free_principal can be called on it */ - err = krb5_error (identity->context, - krb5_copy_principal (identity->context, - &principal_data, - &identity->principal)); - } - + if (!err) { *out_identity = identity; identity = NULL; } - if (principal_data.data) { - krb5_int32 i; - - for (i = 0; i < principal_data.length; i++) { - kim_string component = principal_data.data[i].data; - kim_string_free (&component); - } - free (principal_data.data); - } kim_identity_free (&identity); return check_error (err); @@ -569,6 +527,7 @@ kim_error kim_identity_change_password_with_credential (kim_identity in_ident krb5_data message_data; krb5_data description_data; + if (!err && !in_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_credential ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_new_password ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_ui_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } @@ -666,6 +625,8 @@ kim_error kim_identity_change_password_with_credential (kim_identity in_ident *out_rejected_err = rejected_err; } + if (creds) { krb5_free_creds (in_identity->context, creds); } + return check_error (err); } @@ -689,7 +650,7 @@ kim_error kim_identity_change_password_common (kim_identity in_identity, kim_error rejected_err = KIM_NO_ERROR; kim_string rejected_message = NULL; kim_string rejected_description = NULL; - kim_boolean was_prompted = 0; + kim_boolean was_prompted = 0; /* ignore because we always prompt */ err = kim_ui_change_password (in_ui_context, in_identity, @@ -746,18 +707,14 @@ kim_error kim_identity_change_password_common (kim_identity in_identity, rejected_message, rejected_description); - } else if (err && err != KIM_USER_CANCELED_ERR) { - /* new creds failed, report error to user */ - kim_error terr = KIM_NO_ERROR; - - terr = kim_ui_handle_kim_error (in_ui_context, in_identity, - kim_ui_error_type_change_password, - err); - - if (was_prompted || err == KIM_PASSWORD_MISMATCH_ERR) { - /* User could have entered bad info so let them try again. */ - err = terr; - } + } else if (err && err != KIM_USER_CANCELED_ERR && + err != KIM_DUPLICATE_UI_REQUEST_ERR) { + /* New creds failed, report error to user. + * Overwrite error so we loop and let the user try again. + * The user always gets prompted so we always loop. */ + err = kim_ui_handle_kim_error (in_ui_context, in_identity, + kim_ui_error_type_change_password, + err); } else { /* password change succeeded or the user gave up */ @@ -782,10 +739,13 @@ kim_error kim_identity_change_password_common (kim_identity in_identity, kim_string_free (&saved_password); } + + if (err == KIM_DUPLICATE_UI_REQUEST_ERR) { err = KIM_NO_ERROR; } } kim_string_free (&rejected_message); kim_string_free (&rejected_description); + kim_ui_free_string (in_ui_context, &old_password); kim_ui_free_string (in_ui_context, &new_password); kim_ui_free_string (in_ui_context, &verify_password); diff --git a/src/kim/lib/kim_library.c b/src/kim/lib/kim_library.c index 8096ec6b1f..0272aa7fd1 100644 --- a/src/kim/lib/kim_library.c +++ b/src/kim/lib/kim_library.c @@ -34,6 +34,9 @@ #include "kim_private.h" #include "kim_os_private.h" +#if KIM_TO_KLL_SHIM +#include "KerberosLoginErrors.h" +#endif MAKE_INIT_FUNCTION(kim_error_init); MAKE_FINI_FUNCTION(kim_error_fini); @@ -42,7 +45,10 @@ MAKE_FINI_FUNCTION(kim_error_fini); static int kim_error_init (void) { - add_error_table (&et_KIM_error_table); + add_error_table (&et_KIM_error_table); +#if KIM_TO_KLL_SHIM + add_error_table (&et_KLL_error_table); +#endif return 0; } @@ -55,6 +61,9 @@ static void kim_error_fini (void) } remove_error_table (&et_KIM_error_table); +#if KIM_TO_KLL_SHIM + remove_error_table (&et_KLL_error_table); +#endif } /* ------------------------------------------------------------------------ */ @@ -235,6 +244,11 @@ kim_boolean kim_library_allow_automatic_prompting (void) kim_debug_printf ("KIM_NEVER_PROMPT is set."); allow_automatic_prompting = FALSE; } + + if (allow_automatic_prompting && !kim_os_library_caller_uses_gui ()) { + kim_debug_printf ("Caller is not using gui."); + allow_automatic_prompting = FALSE; + } if (allow_automatic_prompting) { /* Make sure there is at least 1 config file. We don't support DNS diff --git a/src/kim/lib/kim_library_private.h b/src/kim/lib/kim_library_private.h index 160fba3a57..146474b0e8 100644 --- a/src/kim/lib/kim_library_private.h +++ b/src/kim/lib/kim_library_private.h @@ -32,6 +32,8 @@ kim_error kim_library_init (void); +kim_boolean kim_os_library_caller_uses_gui (void); + kim_ui_environment kim_os_library_get_ui_environment (void); kim_ui_environment kim_library_ui_environment (void); diff --git a/src/kim/lib/kim_options.c b/src/kim/lib/kim_options.c index 06c25ae881..5d7e58ae5f 100644 --- a/src/kim/lib/kim_options.c +++ b/src/kim/lib/kim_options.c @@ -91,6 +91,7 @@ kim_error kim_options_create (kim_options *out_options) { kim_error err = KIM_NO_ERROR; kim_preferences preferences = NULL; + kim_options options = KIM_OPTIONS_DEFAULT; if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); } @@ -99,9 +100,19 @@ kim_error kim_options_create (kim_options *out_options) } if (!err) { - err = kim_preferences_get_options (preferences, out_options); + err = kim_preferences_get_options (preferences, &options); } + if (!err && !options) { + err = kim_options_allocate (&options); + } + + if (!err) { + *out_options = options; + options = NULL; /* caller takes ownership */ + } + + kim_options_free (&options); kim_preferences_free (&preferences); return check_error (err); @@ -116,7 +127,6 @@ kim_error kim_options_copy (kim_options *out_options, kim_options options = KIM_OPTIONS_DEFAULT; if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !in_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && in_options != KIM_OPTIONS_DEFAULT) { err = kim_options_allocate (&options); diff --git a/src/kim/lib/kim_preferences.c b/src/kim/lib/kim_preferences.c index 29f37cd9a3..a9bd6ce559 100644 --- a/src/kim/lib/kim_preferences.c +++ b/src/kim/lib/kim_preferences.c @@ -230,7 +230,7 @@ kim_error kim_favorites_add_identity (kim_favorites io_favorites, { kim_error err = KIM_NO_ERROR; kim_identity identity = NULL; - kim_options options = NULL; + kim_options options = KIM_OPTIONS_DEFAULT; kim_count insert_at = 0; if (!err && !io_favorites) { err = check_error (KIM_NULL_PARAMETER_ERR); } @@ -437,16 +437,24 @@ static kim_error kim_preferences_read (kim_preferences in_preferences) if (!err) { kim_identity default_identity = kim_default_client_identity; + kim_identity identity = NULL; err = kim_os_identity_create_for_username (&default_identity); if (!err) { err = kim_os_preferences_get_identity_for_key (kim_preference_key_client_identity, default_identity, - &in_preferences->client_identity); + &identity); + } + + if (!err) { + kim_identity_free (&in_preferences->client_identity); + in_preferences->client_identity = identity; + identity = NULL; } kim_identity_free (&default_identity); + kim_identity_free (&identity); } if (!err) { @@ -502,7 +510,7 @@ static kim_error kim_preferences_write (kim_preferences in_preferences) if (!err && !in_preferences) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && in_preferences->remember_options && in_preferences->options_changed) { + if (!err && in_preferences->options_changed) { err = kim_os_preferences_set_options_for_key (kim_preference_key_options, in_preferences->options); } @@ -512,7 +520,7 @@ static kim_error kim_preferences_write (kim_preferences in_preferences) in_preferences->remember_options); } - if (!err && in_preferences->remember_client_identity && in_preferences->client_identity_changed) { + if (!err && in_preferences->client_identity_changed) { kim_identity default_identity = kim_default_client_identity; err = kim_os_identity_create_for_username (&default_identity); diff --git a/src/kim/lib/kim_private.h b/src/kim/lib/kim_private.h index 7a86d7e0a9..939279f77c 100644 --- a/src/kim/lib/kim_private.h +++ b/src/kim/lib/kim_private.h @@ -39,7 +39,6 @@ #include "kim_debug_private.h" #include "kim_error_private.h" #include "kim_identity_private.h" -#include "kim_ccache_private.h" #include "kim_credential_private.h" #include "kim_options_private.h" #include "kim_preferences_private.h" diff --git a/src/kim/lib/kim_selection_hints.c b/src/kim/lib/kim_selection_hints.c index 580191ded0..2b57428300 100644 --- a/src/kim/lib/kim_selection_hints.c +++ b/src/kim/lib/kim_selection_hints.c @@ -372,11 +372,7 @@ kim_error kim_selection_hints_get_options (kim_selection_hints in_selection_hin if (!err && !out_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { - if (in_selection_hints->options) { - err = kim_options_copy (out_options, in_selection_hints->options); - } else { - *out_options = KIM_OPTIONS_DEFAULT; - } + err = kim_options_copy (out_options, in_selection_hints->options); } return check_error (err); @@ -484,7 +480,8 @@ kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hi /* reenter select_identity so just forget this identity * even if we got an error */ - if (err == KIM_USER_CANCELED_ERR) { err = KIM_NO_ERROR; } + if (err == KIM_USER_CANCELED_ERR || + err == KIM_DUPLICATE_UI_REQUEST_ERR) { err = KIM_NO_ERROR; } kim_identity_free (&identity); } diff --git a/src/kim/lib/kim_ui.c b/src/kim/lib/kim_ui.c index ccc59f4407..0bac3d8190 100644 --- a/src/kim/lib/kim_ui.c +++ b/src/kim/lib/kim_ui.c @@ -51,15 +51,15 @@ static kim_error kim_ui_init_lazy (kim_ui_context *io_context) if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !io_context->initialized) { -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI kim_ui_environment environment = kim_library_ui_environment (); if (environment == KIM_UI_ENVIRONMENT_GUI) { -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ io_context->type = kim_ui_type_gui_plugin; err = kim_ui_plugin_init (io_context); -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI if (err) { io_context->type = kim_ui_type_gui_builtin; @@ -76,7 +76,7 @@ static kim_error kim_ui_init_lazy (kim_ui_context *io_context) err = check_error (KIM_NO_UI_ERR); } -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ if (!err) { io_context->initialized = 1; @@ -133,7 +133,7 @@ kim_error kim_ui_enter_identity (kim_ui_context *in_context, out_identity, out_change_password); -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI } else if (in_context->type == kim_ui_type_gui_builtin) { err = kim_os_ui_gui_enter_identity (in_context, io_options, @@ -146,7 +146,7 @@ kim_error kim_ui_enter_identity (kim_ui_context *in_context, out_identity, out_change_password); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ } else { err = check_error (KIM_NO_UI_ERR); @@ -181,7 +181,7 @@ kim_error kim_ui_select_identity (kim_ui_context *in_context, out_identity, out_change_password); -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI } else if (in_context->type == kim_ui_type_gui_builtin) { err = kim_os_ui_gui_select_identity (in_context, io_hints, @@ -194,7 +194,7 @@ kim_error kim_ui_select_identity (kim_ui_context *in_context, out_identity, out_change_password); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ } else { err = check_error (KIM_NO_UI_ERR); @@ -263,7 +263,7 @@ krb5_error_code kim_ui_prompter (krb5_context in_krb5_context, &reply, &save_reply); -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI } else if (context->type == kim_ui_type_gui_builtin) { err = kim_os_ui_gui_auth_prompt (context, context->identity, @@ -287,7 +287,7 @@ krb5_error_code kim_ui_prompter (krb5_context in_krb5_context, in_prompts[i].prompt, &reply, &save_reply); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ } else { err = check_error (KIM_NO_UI_ERR); @@ -319,9 +319,9 @@ krb5_error_code kim_ui_prompter (krb5_context in_krb5_context, /* Clean up reply buffer. Saved passwords are allocated by KIM. */ if (reply) { - memset (reply, '\0', strlen (reply)); - if (got_saved_password) { - kim_string_free ((kim_string *) &reply); + if (got_saved_password) { + memset (reply, '\0', strlen (reply)); + kim_string_free ((kim_string *) &reply); } else { kim_ui_free_string (context, &reply); } @@ -361,7 +361,7 @@ kim_error kim_ui_change_password (kim_ui_context *in_context, out_new_password, out_verify_password); -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI } else if (in_context->type == kim_ui_type_gui_builtin) { err = kim_os_ui_gui_change_password (in_context, in_identity, @@ -377,7 +377,7 @@ kim_error kim_ui_change_password (kim_ui_context *in_context, out_old_password, out_new_password, out_verify_password); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ } else { err = check_error (KIM_NO_UI_ERR); @@ -413,7 +413,7 @@ kim_error kim_ui_handle_error (kim_ui_context *in_context, in_error_message, in_error_description); -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI } else if (in_context->type == kim_ui_type_gui_builtin) { err = kim_os_ui_gui_handle_error (in_context, in_identity, @@ -427,7 +427,7 @@ kim_error kim_ui_handle_error (kim_ui_context *in_context, in_error, in_error_message, in_error_description); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ } else { err = check_error (KIM_NO_UI_ERR); @@ -445,11 +445,14 @@ void kim_ui_free_string (kim_ui_context *in_context, kim_error err = kim_ui_init_lazy (in_context); if (!err && in_context && io_string && *io_string) { + /* most ui strings are auth information so zero before freeing */ + memset (*io_string, '\0', strlen (*io_string)); + if (in_context->type == kim_ui_type_gui_plugin) { kim_ui_plugin_free_string (in_context, io_string); -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI } else if (in_context->type == kim_ui_type_gui_builtin) { kim_os_ui_gui_free_string (in_context, io_string); @@ -457,7 +460,7 @@ void kim_ui_free_string (kim_ui_context *in_context, } else if (in_context->type == kim_ui_type_cli) { kim_ui_cli_free_string (in_context, io_string); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ } } } @@ -474,13 +477,13 @@ kim_error kim_ui_fini (kim_ui_context *io_context) if (io_context->type == kim_ui_type_gui_plugin) { err = kim_ui_plugin_fini (io_context); -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI } else if (io_context->type == kim_ui_type_gui_builtin) { err = kim_os_ui_gui_fini (io_context); } else if (io_context->type == kim_ui_type_cli) { err = kim_ui_cli_fini (io_context); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ } else { err = check_error (KIM_NO_UI_ERR); diff --git a/src/kim/lib/kim_ui_cli.c b/src/kim/lib/kim_ui_cli.c index a595a3f4df..0bb5eebbba 100644 --- a/src/kim/lib/kim_ui_cli.c +++ b/src/kim/lib/kim_ui_cli.c @@ -24,7 +24,7 @@ * or implied warranty. */ -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI #include "kim_private.h" @@ -73,7 +73,9 @@ static kim_error kim_ui_cli_read_string (kim_string *out_string, prompts[0].reply->length = sizeof (reply_string); err = krb5_prompter_posix (k5context, NULL, NULL, NULL, 1, prompts); - if (err == KRB5_LIBOS_PWDINTR) { err = check_error (KIM_USER_CANCELED_ERR); } + if (err == KRB5_LIBOS_PWDINTR || err == KRB5_LIBOS_CANTREADPWD) { + err = check_error (KIM_USER_CANCELED_ERR); + } } if (!err) { @@ -228,7 +230,9 @@ kim_error kim_ui_cli_auth_prompt (kim_ui_context *in_context, if (!err) { err = krb5_prompter_posix (k5context, in_context, in_title, in_message, 1, prompts); - if (err == KRB5_LIBOS_PWDINTR) { err = check_error (KIM_USER_CANCELED_ERR); } + if (err == KRB5_LIBOS_PWDINTR || err == KRB5_LIBOS_CANTREADPWD) { + err = check_error (KIM_USER_CANCELED_ERR); + } } if (!err) { @@ -255,7 +259,6 @@ static kim_error kim_ui_cli_ask_change_password (kim_string in_identity_string) { kim_error err = KIM_NO_ERROR; kim_string ask_change_password = NULL; - kim_string answer_options = NULL; kim_string yes = NULL; kim_string no = NULL; kim_string unknown_response = NULL; @@ -314,7 +317,6 @@ static kim_error kim_ui_cli_ask_change_password (kim_string in_identity_string) } kim_string_free (&ask_change_password); - kim_string_free (&answer_options); kim_string_free (&yes); kim_string_free (&no); kim_string_free (&unknown_response); @@ -378,6 +380,11 @@ kim_error kim_ui_cli_change_password (kim_ui_context *in_context, 1, enter_old_password_format, identity_string); + if (!err && strlen (old_password) < 1) { + /* Empty password: Synthesize bad password err */ + err = KRB5KRB_AP_ERR_BAD_INTEGRITY; + } + if (!err) { err = kim_credential_create_for_change_password ((kim_credential *) &in_context->tcontext, in_identity, @@ -389,7 +396,7 @@ kim_error kim_ui_cli_change_password (kim_ui_context *in_context, if (err && err != KIM_USER_CANCELED_ERR) { /* new creds failed, report error to user */ err = kim_ui_handle_kim_error (in_context, in_identity, - kim_ui_error_type_authentication, + kim_ui_error_type_change_password, err); } else { @@ -468,4 +475,4 @@ kim_error kim_ui_cli_fini (kim_ui_context *io_context) return KIM_NO_ERROR; } -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ diff --git a/src/kim/lib/kim_ui_cli_private.h b/src/kim/lib/kim_ui_cli_private.h index f11a665b90..26970cf793 100644 --- a/src/kim/lib/kim_ui_cli_private.h +++ b/src/kim/lib/kim_ui_cli_private.h @@ -27,7 +27,7 @@ #ifndef KIM_UI_CLI_PRIVATE_H #define KIM_UI_CLI_PRIVATE_H -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI #include @@ -75,6 +75,6 @@ void kim_ui_cli_free_string (kim_ui_context *in_context, kim_error kim_ui_cli_fini (kim_ui_context *in_context); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ #endif /* KIM_UI_CLI_PRIVATE_H */ diff --git a/src/kim/lib/kim_ui_gui_private.h b/src/kim/lib/kim_ui_gui_private.h index faf4e1596f..ecb324339e 100644 --- a/src/kim/lib/kim_ui_gui_private.h +++ b/src/kim/lib/kim_ui_gui_private.h @@ -27,7 +27,7 @@ #ifndef KIM_UI_GUI_PRIVATE_H #define KIM_UI_GUI_PRIVATE_H -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI #include @@ -75,6 +75,6 @@ void kim_os_ui_gui_free_string (kim_ui_context *in_context, kim_error kim_os_ui_gui_fini (kim_ui_context *in_context); -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ #endif /* KIM_UI_GUI_PRIVATE_H */ diff --git a/src/kim/lib/kim_ui_plugin.c b/src/kim/lib/kim_ui_plugin.c index a19ae7535d..c307dd1899 100644 --- a/src/kim/lib/kim_ui_plugin.c +++ b/src/kim/lib/kim_ui_plugin.c @@ -29,16 +29,16 @@ #include "kim_private.h" +const char * const *kim_ui_plugin_files = NULL; #if TARGET_OS_MAC -const char * const kim_ui_plugin_files[] = { "KerberosUI", NULL }; static const char *kim_ui_plugin_dirs[] = { KRB5_KIM_UI_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/kimui", NULL }; #else -const char * const *kim_ui_plugin_files = NULL; static const char *kim_ui_plugin_dirs[] = { LIBDIR "/krb5/plugins/kimui", NULL }; #endif struct kim_ui_plugin_context { + krb5_context kcontext; struct plugin_dir_handle plugins; struct kim_ui_plugin_ftable_v0 *ftable; void **ftables; @@ -57,6 +57,9 @@ static void kim_ui_plugin_context_free (kim_ui_plugin_context *io_context) if (PLUGIN_DIR_OPEN (&(*io_context)->plugins)) { krb5int_close_plugin_dirs (&(*io_context)->plugins); } + if ((*io_context)->kcontext) { + krb5_free_context ((*io_context)->kcontext); + } free (*io_context); *io_context = NULL; } @@ -76,6 +79,10 @@ static kim_error kim_ui_plugin_context_allocate (kim_ui_plugin_context *out_cont if (!context) { err = KIM_OUT_OF_MEMORY_ERR; } } + if (!err) { + err = krb5_error (NULL, krb5_init_context (&context->kcontext)); + } + if (!err) { PLUGIN_DIR_INIT(&context->plugins); context->ftable = NULL; @@ -99,7 +106,6 @@ kim_error kim_ui_plugin_init (kim_ui_context *io_context) { kim_error err = KIM_NO_ERROR; kim_ui_plugin_context context = NULL; - struct errinfo einfo; if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); } @@ -110,16 +116,19 @@ kim_error kim_ui_plugin_init (kim_ui_context *io_context) if (!err) { PLUGIN_DIR_INIT(&context->plugins); - err = krb5int_open_plugin_dirs (kim_ui_plugin_dirs, - kim_ui_plugin_files, - &context->plugins, &einfo); + err = krb5_error (context->kcontext, + krb5int_open_plugin_dirs (kim_ui_plugin_dirs, + kim_ui_plugin_files, + &context->plugins, + &context->kcontext->err)); } if (!err) { - err = krb5int_get_plugin_dir_data (&context->plugins, - "kim_ui_0", - &context->ftables, - &einfo); + err = krb5_error (context->kcontext, + krb5int_get_plugin_dir_data (&context->plugins, + "kim_ui_0", + &context->ftables, + &context->kcontext->err)); } if (!err && context->ftables) { @@ -332,7 +341,7 @@ kim_error kim_ui_plugin_fini (kim_ui_context *io_context) kim_ui_plugin_context context = (kim_ui_plugin_context) io_context->tcontext; if (context) { - err = context->ftable->fini (&context->plugin_context); + err = context->ftable->fini (context->plugin_context); } if (!err) { diff --git a/src/kim/lib/mac/KerberosLogin.c b/src/kim/lib/mac/KerberosLogin.c index b97128ccf0..de05e57ddb 100644 --- a/src/kim/lib/mac/KerberosLogin.c +++ b/src/kim/lib/mac/KerberosLogin.c @@ -24,20 +24,34 @@ * or implied warranty. */ -#ifndef LEAN_CLIENT - -#define KERBEROSLOGIN_DEPRECATED +#ifdef KIM_TO_KLL_SHIM #include "CredentialsCache.h" #include "KerberosLogin.h" #include "KerberosLoginPrivate.h" #include #include "kim_private.h" +#include "k5-thread.h" +#include + +/* + * Deprecated Error codes + */ +enum { + /* Carbon Dialog errors */ + klDialogDoesNotExistErr = 19676, + klDialogAlreadyExistsErr, + klNotInForegroundErr, + klNoAppearanceErr, + klFatalDialogErr, + klCarbonUnavailableErr +}; krb5_get_init_creds_opt *__KLLoginOptionsGetKerberos5Options (KLLoginOptions ioOptions); KLTime __KLLoginOptionsGetStartTime (KLLoginOptions ioOptions); char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions); + /* ------------------------------------------------------------------------ */ static KLStatus kl_check_error_ (kim_error inError, const char *function, const char *file, int line) @@ -158,7 +172,7 @@ KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal inPrincipal, /* ------------------------------------------------------------------------ */ -KLStatus KLSetApplicationOptions (const KLApplicationOptions *inAppOptions) +KLStatus KLSetApplicationOptions (const void *inAppOptions) { /* Deprecated */ return kl_check_error (klNoErr); @@ -166,10 +180,14 @@ KLStatus KLSetApplicationOptions (const KLApplicationOptions *inAppOptions) /* ------------------------------------------------------------------------ */ -KLStatus KLGetApplicationOptions (KLApplicationOptions *outAppOptions) +KLStatus KLGetApplicationOptions (void *outAppOptions) { - /* Deprecated */ - return kl_check_error (klNoErr); + /* Deprecated -- this function took a struct declared on the caller's + * stack. It used to fill in the struct with information about the + * Mac OS 9 dialog used for automatic prompting. Since there is no + * way for us provide valid values, just leave the struct untouched + * and return a reasonable error. */ + return kl_check_error (klDialogDoesNotExistErr); } /* ------------------------------------------------------------------------ */ @@ -185,13 +203,9 @@ KLStatus KLAcquireInitialTickets (KLPrincipal inPrincipal, kim_identity identity = NULL; if (!err) { - err = kim_ccache_create_from_client_identity (&ccache, - inPrincipal); - - if (err) { - /* ccache does not already exist, create a new one */ - err = kim_ccache_create_new (&ccache, inPrincipal, inLoginOptions); - } + err = kim_ccache_create_new_if_needed (&ccache, + inPrincipal, + inLoginOptions); } if (!err && outPrincipal) { @@ -267,7 +281,9 @@ KLStatus KLDestroyTickets (KLPrincipal inPrincipal) kim_error err = KIM_NO_ERROR; kim_ccache ccache = NULL; - err = kim_ccache_create_from_client_identity (&ccache, inPrincipal); + if (!err) { + err = kim_ccache_create_from_client_identity (&ccache, inPrincipal); + } if (!err) { err = kim_ccache_destroy (&ccache); @@ -285,9 +301,6 @@ KLStatus KLChangePassword (KLPrincipal inPrincipal) /* ------------------------------------------------------------------------ */ - -/* Kerberos Login dialog low level functions */ - KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, @@ -297,16 +310,10 @@ KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal inPrincipal, kim_ccache ccache = NULL; if (!err) { - err = kim_ccache_create_from_client_identity (&ccache, - inPrincipal); - - if (err) { - /* ccache does not already exist, create a new one */ - err = kim_ccache_create_new_with_password (&ccache, - inPrincipal, - inLoginOptions, - inPassword); - } + err = kim_ccache_create_new_if_needed_with_password (&ccache, + inPrincipal, + inLoginOptions, + inPassword); } if (!err && outCredCacheName) { @@ -567,17 +574,49 @@ KLStatus KLValidateInitialTickets (KLPrincipal inPrincipal, return kl_check_error (err); } +static cc_time_t g_cc_change_time = 0; +static KLTime g_kl_change_time = 0; +static k5_mutex_t g_change_time_mutex = K5_MUTEX_PARTIAL_INITIALIZER; + +MAKE_INIT_FUNCTION(kim_change_time_init); +MAKE_FINI_FUNCTION(kim_change_time_fini); + +/* ------------------------------------------------------------------------ */ + +static int kim_change_time_init (void) +{ + g_kl_change_time = time (NULL); + + return k5_mutex_finish_init(&g_change_time_mutex); +} + +/* ------------------------------------------------------------------------ */ + +static void kim_change_time_fini (void) +{ + if (!INITIALIZER_RAN (kim_change_time_init) || PROGRAM_EXITING ()) { + return; + } + + k5_mutex_destroy(&g_change_time_mutex); +} /* ------------------------------------------------------------------------ */ KLStatus KLLastChangedTime (KLTime *outLastChangedTime) { - KLStatus err = klNoErr; + KLStatus err = CALL_INIT_FUNCTION (kim_change_time_init); + kim_error mutex_err = KIM_NO_ERROR; cc_context_t context = NULL; cc_time_t ccChangeTime = 0; - if (!outLastChangedTime) { err = kl_check_error (klParameterErr); } - + if (!err && !outLastChangedTime) { err = kl_check_error (klParameterErr); } + + if (!err) { + mutex_err = k5_mutex_lock (&g_change_time_mutex); + if (mutex_err) { err = mutex_err; } + } + if (!err) { err = cc_initialize (&context, ccapi_version_4, NULL, NULL); } @@ -587,10 +626,24 @@ KLStatus KLLastChangedTime (KLTime *outLastChangedTime) } if (!err) { - *outLastChangedTime = ccChangeTime; + /* cc_context_get_change_time returns 0 if there are no tickets + * but KLLastChangedTime always returned the current time. So + * fake the current time if cc_context_get_change_time returns 0. */ + if (ccChangeTime > g_cc_change_time) { + /* changed, make sure g_kl_change_time increases in value */ + if (ccChangeTime > g_kl_change_time) { + g_kl_change_time = ccChangeTime; + } else { + g_kl_change_time++; /* we got ahead of the ccapi, just increment */ + } + g_cc_change_time = ccChangeTime; + } + + *outLastChangedTime = g_kl_change_time; } - if (context) { cc_context_release (context); } + if (context ) { cc_context_release (context); } + if (!mutex_err) { k5_mutex_unlock (&g_change_time_mutex); } return kl_check_error (err); } @@ -612,11 +665,7 @@ KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal, if (!outFoundValidTickets) { err = kl_check_error (klParameterErr); } if (!err) { - if (inPrincipal) { - err = kim_ccache_create_from_client_identity (&ccache, inPrincipal); - } else { - err = kim_ccache_create_from_default (&ccache); - } + err = kim_ccache_create_from_client_identity (&ccache, inPrincipal); } if (!err) { @@ -625,6 +674,10 @@ KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal, if (!err && outPrincipal) { err = kim_ccache_get_client_identity (ccache, &identity); + if (err) { + err = KIM_NO_ERROR; + identity = NULL; + } } if (!err && outCredCacheName) { @@ -886,6 +939,8 @@ enum { }; +/* ------------------------------------------------------------------------ */ + KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption inOption, void *ioBuffer, KLSize *ioBufferSize) @@ -927,11 +982,11 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption inOption, } else if (!err && inOption == loginOption_LoginInstance) { targetSize = 0; /* Deprecated */ - } else if (!err && (inOption == loginOption_ShowOptions && - inOption == loginOption_RememberShowOptions && - inOption == loginOption_LongTicketLifetimeDisplay && - inOption == loginOption_RememberPrincipal && - inOption == loginOption_RememberExtras && + } else if (!err && (inOption == loginOption_ShowOptions || + inOption == loginOption_RememberShowOptions || + inOption == loginOption_LongTicketLifetimeDisplay || + inOption == loginOption_RememberPrincipal || + inOption == loginOption_RememberExtras || inOption == loginOption_RememberPassword)) { targetSize = sizeof(KLBoolean); @@ -962,11 +1017,10 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption inOption, } } - } else if (!err && (inOption == loginOption_MinimalTicketLifetime && - inOption == loginOption_MaximalTicketLifetime && - inOption == loginOption_LongTicketLifetimeDisplay && - inOption == loginOption_RememberPrincipal && - inOption == loginOption_RememberExtras)) { + } else if (!err && (inOption == loginOption_MinimalTicketLifetime || + inOption == loginOption_MaximalTicketLifetime || + inOption == loginOption_MinimalRenewableLifetime || + inOption == loginOption_MaximalRenewableLifetime)) { targetSize = sizeof(KLLifetime); if (!returnSizeOnly) { @@ -994,9 +1048,9 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption inOption, } } - } else if (!err && (inOption == loginOption_DefaultRenewableTicket && - inOption == loginOption_DefaultForwardableTicket && - inOption == loginOption_DefaultProxiableTicket && + } else if (!err && (inOption == loginOption_DefaultRenewableTicket || + inOption == loginOption_DefaultForwardableTicket || + inOption == loginOption_DefaultProxiableTicket || inOption == loginOption_DefaultAddresslessTicket)) { targetSize = sizeof(KLBoolean); @@ -1031,7 +1085,7 @@ KLStatus KLGetDefaultLoginOption (const KLDefaultLoginOption inOption, } - } else if (!err && (inOption == loginOption_DefaultTicketLifetime && + } else if (!err && (inOption == loginOption_DefaultTicketLifetime || inOption == loginOption_DefaultRenewableLifetime)) { targetSize = sizeof(KLLifetime); @@ -1128,11 +1182,11 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, } else if (!err && inOption == loginOption_LoginInstance) { /* Ignored */ - } else if (!err && (inOption == loginOption_ShowOptions && - inOption == loginOption_RememberShowOptions && - inOption == loginOption_LongTicketLifetimeDisplay && - inOption == loginOption_RememberPrincipal && - inOption == loginOption_RememberExtras && + } else if (!err && (inOption == loginOption_ShowOptions || + inOption == loginOption_RememberShowOptions || + inOption == loginOption_LongTicketLifetimeDisplay || + inOption == loginOption_RememberPrincipal || + inOption == loginOption_RememberExtras || inOption == loginOption_RememberPassword)) { if (inBufferSize > sizeof (KLBoolean)) { err = kl_check_error (klBufferTooLargeErr); @@ -1141,17 +1195,16 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, } if (!err && inOption == loginOption_RememberPrincipal) { - err = kim_preferences_set_remember_client_identity (prefs, *(kim_boolean *)inBuffer); + err = kim_preferences_set_remember_client_identity (prefs, *(KLBoolean *)inBuffer); } else if (!err && inOption == loginOption_RememberExtras) { - err = kim_preferences_set_remember_options (prefs, *(kim_boolean *)inBuffer); + err = kim_preferences_set_remember_options (prefs, *(KLBoolean *)inBuffer); } - } else if (!err && (inOption == loginOption_MinimalTicketLifetime && - inOption == loginOption_MaximalTicketLifetime && - inOption == loginOption_LongTicketLifetimeDisplay && - inOption == loginOption_RememberPrincipal && - inOption == loginOption_RememberExtras)) { + } else if (!err && (inOption == loginOption_MinimalTicketLifetime || + inOption == loginOption_MaximalTicketLifetime || + inOption == loginOption_MinimalRenewableLifetime || + inOption == loginOption_MaximalRenewableLifetime)) { if (inBufferSize > sizeof (KLLifetime)) { err = kl_check_error (klBufferTooLargeErr); } else if (inBufferSize < sizeof (KLLifetime)) { @@ -1159,21 +1212,21 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, } if (!err && inOption == loginOption_MinimalTicketLifetime) { - err = kim_preferences_set_minimum_lifetime (prefs, *(kim_lifetime *)inBuffer); + err = kim_preferences_set_minimum_lifetime (prefs, *(KLLifetime *)inBuffer); } else if (!err && inOption == loginOption_MaximalTicketLifetime) { - err = kim_preferences_set_maximum_lifetime (prefs, *(kim_lifetime *)inBuffer); + err = kim_preferences_set_maximum_lifetime (prefs, *(KLLifetime *)inBuffer); } else if (!err && inOption == loginOption_MinimalRenewableLifetime) { - err = kim_preferences_set_minimum_renewal_lifetime (prefs, *(kim_lifetime *)inBuffer); + err = kim_preferences_set_minimum_renewal_lifetime (prefs, *(KLLifetime *)inBuffer); } else if (!err && inOption == loginOption_MaximalRenewableLifetime) { - err = kim_preferences_set_maximum_renewal_lifetime (prefs, *(kim_lifetime *)inBuffer); + err = kim_preferences_set_maximum_renewal_lifetime (prefs, *(KLLifetime *)inBuffer); } - } else if (!err && (inOption == loginOption_DefaultRenewableTicket && - inOption == loginOption_DefaultForwardableTicket && - inOption == loginOption_DefaultProxiableTicket && + } else if (!err && (inOption == loginOption_DefaultRenewableTicket || + inOption == loginOption_DefaultForwardableTicket || + inOption == loginOption_DefaultProxiableTicket || inOption == loginOption_DefaultAddresslessTicket)) { kim_options options = NULL; @@ -1188,16 +1241,16 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, } if (!err && inOption == loginOption_DefaultRenewableTicket) { - err = kim_options_set_renewable (options, *(kim_boolean *)inBuffer); + err = kim_options_set_renewable (options, *(KLBoolean *)inBuffer); } else if (!err && inOption == loginOption_DefaultForwardableTicket) { - err = kim_options_set_forwardable (options, *(kim_boolean *)inBuffer); + err = kim_options_set_forwardable (options, *(KLBoolean *)inBuffer); } else if (!err && inOption == loginOption_DefaultProxiableTicket) { - err = kim_options_set_proxiable (options, *(kim_boolean *)inBuffer); + err = kim_options_set_proxiable (options, *(KLBoolean *)inBuffer); } else if (!err && inOption == loginOption_DefaultAddresslessTicket) { - err = kim_options_set_addressless (options, *(kim_boolean *)inBuffer); + err = kim_options_set_addressless (options, *(KLBoolean *)inBuffer); } if (!err) { @@ -1206,7 +1259,7 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, kim_options_free (&options); - } else if (!err && (inOption == loginOption_DefaultTicketLifetime && + } else if (!err && (inOption == loginOption_DefaultTicketLifetime || inOption == loginOption_DefaultRenewableLifetime)) { kim_options options = NULL; @@ -1221,10 +1274,10 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, } if (!err && inOption == loginOption_DefaultTicketLifetime) { - err = kim_options_set_lifetime (options, *(kim_lifetime *)inBuffer); + err = kim_options_set_lifetime (options, *(KLLifetime *)inBuffer); } else if (!err && inOption == loginOption_DefaultRenewableLifetime) { - err = kim_options_set_renewal_lifetime (options, *(kim_lifetime *)inBuffer); + err = kim_options_set_renewal_lifetime (options, *(KLLifetime *)inBuffer); } if (!err) { @@ -1393,11 +1446,18 @@ KLStatus KLCreatePrincipalFromTriplet (const char *inName, const char *inRealm, KLPrincipal *outPrincipal) { - return kl_check_error (kim_identity_create_from_components (outPrincipal, - inRealm, - inName, - inInstance, - NULL)); + if (inInstance && strlen (inInstance) > 0) { + return kl_check_error (kim_identity_create_from_components (outPrincipal, + inRealm, + inName, + inInstance, + NULL)); + } else { + return kl_check_error (kim_identity_create_from_components (outPrincipal, + inRealm, + inName, + NULL)); + } } /* ------------------------------------------------------------------------ */ @@ -1797,4 +1857,4 @@ char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions) -#endif /* LEAN_CLIENT */ +#endif /* KIM_TO_KLL_SHIM */ diff --git a/src/kim/lib/mac/KerberosLogin.h b/src/kim/lib/mac/KerberosLogin.h index b9c8262fb8..8dc49e18d5 100644 --- a/src/kim/lib/mac/KerberosLogin.h +++ b/src/kim/lib/mac/KerberosLogin.h @@ -34,6 +34,12 @@ # endif #endif +#if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) >= 30203 +# define KERBEROSLOGIN_DEPRECATED __attribute__((deprecated)) +#else +# define KERBEROSLOGIN_DEPRECATED +#endif + #include #include @@ -152,16 +158,6 @@ enum { klInsecurePasswordErr, klPasswordChangeFailedErr, -#ifdef KERBEROSLOGIN_DEPRECATED - /* Dialog errors -- deprecated */ - klDialogDoesNotExistErr = 19676, - klDialogAlreadyExistsErr, - klNotInForegroundErr, - klNoAppearanceErr, - klFatalDialogErr, - klCarbonUnavailableErr, -#endif - /* Login IPC errors */ klCantContactServerErr = 19776, klCantDisplayUIErr, @@ -191,18 +187,6 @@ typedef int16_t KLSInt16; /* used for Darwin-compat for KLApplic typedef void (*KLIdleCallback) (KLRefCon appData); #define CallKLIdleCallback(userRoutine, appData) ((userRoutine) (appData)) -#ifdef KERBEROSLOGIN_DEPRECATED - -/* Application options */ -typedef struct { - void * deprecatedEventFilter; - KLRefCon deprecatedEventFilterAppData; - KLSInt16 deprecatedRealmsPopupMenuID; - KLSInt16 deprecatedLoginModeMenuID; -} KLApplicationOptions; - -#endif - /* Principal information */ typedef kim_identity KLPrincipal; @@ -216,31 +200,35 @@ typedef kim_options KLLoginOptions; */ /* Deprecated functions -- provided for compatibility with KfM 4.0 */ -#ifdef KERBEROSLOGIN_DEPRECATED KLStatus KLAcquireTickets (KLPrincipal inPrincipal, KLPrincipal *outPrincipal, - char **outCredCacheName); + char **outCredCacheName) + KERBEROSLOGIN_DEPRECATED; KLStatus KLAcquireNewTickets (KLPrincipal inPrincipal, KLPrincipal *outPrincipal, - char **outCredCacheName); + char **outCredCacheName) + KERBEROSLOGIN_DEPRECATED; KLStatus KLAcquireTicketsWithPassword (KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, - char **outCredCacheName); + char **outCredCacheName) + KERBEROSLOGIN_DEPRECATED; KLStatus KLAcquireNewTicketsWithPassword (KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, - char **outCredCacheName); + char **outCredCacheName) + KERBEROSLOGIN_DEPRECATED; -KLStatus KLSetApplicationOptions (const KLApplicationOptions *inAppOptions); +KLStatus KLSetApplicationOptions (const void *inAppOptions) + KERBEROSLOGIN_DEPRECATED; -KLStatus KLGetApplicationOptions (KLApplicationOptions *outAppOptions); +KLStatus KLGetApplicationOptions (void *outAppOptions) + KERBEROSLOGIN_DEPRECATED; -#endif /* Kerberos Login high-level API */ KLStatus KLAcquireInitialTickets (KLPrincipal inPrincipal, diff --git a/src/kim/lib/mac/KerberosLoginErrors.et b/src/kim/lib/mac/KerberosLoginErrors.et new file mode 100755 index 0000000000..22ee35274c --- /dev/null +++ b/src/kim/lib/mac/KerberosLoginErrors.et @@ -0,0 +1,88 @@ +# $Copyright: +# +# Copyrigh 1998-2008 by the Massachusetts Institute of Technology. +# +# All rights reserved. +# +# Permission to use, copy, modify, and distribute this software and its +# documentation for any purpose and without fee is hereby granted, +# provided that the above copyright notice appear in all copies and that +# both that copyright notice and this permission notice appear in +# supporting documentation, and that the name of M.I.T. not be used in +# advertising or publicity pertaining to distribution of the software +# without specific, written prior permission. Furthermore if you modify +# this software you must label your software as modified software and not +# distribute it in such a fashion that it might be confused with the +# original MIT software. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF +# MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. +# +# Individual source code files are copyright MIT, Cygnus Support, +# OpenVision, Oracle, Sun Soft, FundsXpress, and others. +# +# Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, +# and Zephyr are trademarks of the Massachusetts Institute of Technology +# (MIT). No commercial use of these trademarks may be made without prior +# written permission of MIT. +# +# "Commercial use" means use of a name in a product or other for-profit +# manner. It does NOT prevent a commercial firm from referring to the MIT +# trademarks in order to convey information (although in doing so, +# recognition of their trademark status should be given). +# $ + +# $Header$ + +error_table_base 19276 +error_table_manager "Kerberos Login" +error_table KLL + +# 19276 +error_code klParameterErr, "Invalid argument" +error_code klBadPrincipalErr, "Invalid principal" +error_code klBadPasswordErr, "Invalid password argument" +error_code klBadLoginOptionsErr, "Invalid login options argument" +error_code klInvalidVersionErr, "Invalid Kerberos version (not 4 or 5)" +error_code klCapsLockErr, "Password Incorrect (check your Caps Lock)" +error_code klBadV5ContextErr, "Invalid Kerberos 5 context" + +# 19376 +index 100 +error_code klBufferTooSmallErr, "Kerberos default login option buffer too small" +error_code klBufferTooLargeErr, "Kerberos default login option buffer too large" +error_code klInvalidOptionErr, "Invalid Kerberos default login option" +error_code klBadOptionValueErr, "Invalid value for Kerberos default login option" + +# 19476 +index 200 +error_code klUserCanceledErr, "The user cancelled the operation" +error_code klMemFullErr, "Out of memory" +error_code klPreferencesReadErr, "Unable to read Kerberos Login preferences. The file may be missing, inaccessible or corrupted." +error_code klPreferencesWriteErr, "Unable to write Kerberos Login preferences. The file may be inaccessible." +error_code klV5InitializationFailedErr, "Unable to initialize Kerberos v5" +error_code klPrincipalDoesNotExistErr, "Principal does not exist" +error_code klSystemDefaultDoesNotExistErr, "The system default cache does not exist yet" +error_code klCredentialsExpiredErr, "Your tickets have expired" +error_code klNoRealmsErr, "There are no realms" +error_code klRealmDoesNotExistErr, "The specified realm is not in your configuration file or does not exist" +error_code klNoCredentialsErr, "You do not have tickets for this principal and Kerberos version" +error_code klCredentialsBadAddressErr, "The IP address(es) in your tickets do not match your computer's IP address" +error_code klCacheDoesNotExistErr, "The specified cache does not exist" +error_code klNoHostnameErr, "Unable to get local hostname or address information" +error_code klCredentialsNeedValidationErr, "Your tickets need to be validated." +# 19576 +index 300 +error_code klPasswordMismatchErr, "Password mismatch" +error_code klInsecurePasswordErr, "Your new password is insecure; please pick another one" +error_code klPasswordChangeFailedErr, "Kerberos password change failed." +# 19776 +index 500 +error_code klCantContactServerErr, "Can't find KerberosLoginServer" +error_code klCantDisplayUIErr, "Can't display user interface from this environment" +error_code klServerInsecureErr, "Fatal security error. Client/server effective uid mismatch!" + +end diff --git a/src/kim/lib/mac/kim_os_identity.c b/src/kim/lib/mac/kim_os_identity.c index 063b9231ff..a9c92d73ab 100644 --- a/src/kim/lib/mac/kim_os_identity.c +++ b/src/kim/lib/mac/kim_os_identity.c @@ -85,12 +85,14 @@ kim_error kim_os_identity_get_saved_password (kim_identity in_identity, if (!err && !in_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !out_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } - /* Short circuit if password saving is disabled */ + if (!err && !kim_library_allow_home_directory_access ()) { + err = check_error (ENOENT); /* simulate no password found */ + } + if (!err && !kim_os_identity_allow_save_password ()) { err = kim_os_identity_remove_saved_password (in_identity); if (!err) { - /* simulate no password found */ - err = check_error (ENOENT); + err = check_error (ENOENT); /* simulate no password found */ } } @@ -116,8 +118,8 @@ kim_error kim_os_identity_get_saved_password (kim_identity in_identity, err = kim_string_create_from_buffer (out_password, buffer, length); } - if (name ) { kim_string_free (&name); } - if (realm ) { kim_string_free (&realm); } + kim_string_free (&name); + kim_string_free (&realm); if (buffer) { SecKeychainItemFreeContent (NULL, buffer); } return check_error (err); @@ -135,7 +137,10 @@ kim_error kim_os_identity_set_saved_password (kim_identity in_identity, if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } - /* Short circuit if password saving is disabled */ + if (!err && !kim_library_allow_home_directory_access ()) { + return KIM_NO_ERROR; /* simulate no error */ + } + if (!err && !kim_os_identity_allow_save_password ()) { return kim_os_identity_remove_saved_password (in_identity); } @@ -153,7 +158,7 @@ kim_error kim_os_identity_set_saved_password (kim_identity in_identity, UInt32 namelen = strlen (name); UInt32 realmlen = strlen (realm); - // Add the password to the keychain + /* Add the password to the keychain */ err = SecKeychainAddGenericPassword (nil, realmlen, realm, namelen, name, @@ -161,8 +166,8 @@ kim_error kim_os_identity_set_saved_password (kim_identity in_identity, &itemRef); if (err == errSecDuplicateItem) { - // We've already stored a password for this principal - // but it might have changed so update it + /* We've already stored a password for this principal + * but it might have changed so update it */ void *buffer = NULL; UInt32 length = 0; @@ -186,7 +191,7 @@ kim_error kim_os_identity_set_saved_password (kim_identity in_identity, } } else if (!err) { - // We added a new entry, add a descriptive label + /* We added a new entry, add a descriptive label */ SecKeychainAttributeList *copiedAttrs = NULL; SecKeychainAttributeInfo attrInfo; UInt32 tag = 7; @@ -231,8 +236,8 @@ kim_error kim_os_identity_set_saved_password (kim_identity in_identity, if (itemRef) { CFRelease (itemRef); } } - if (name ) { kim_string_free (&name); } - if (realm) { kim_string_free (&realm); } + kim_string_free (&name); + kim_string_free (&realm); return check_error (err); } @@ -247,6 +252,10 @@ kim_error kim_os_identity_remove_saved_password (kim_identity in_identity) if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !kim_library_allow_home_directory_access ()) { + return KIM_NO_ERROR; /* simulate no error */ + } + if (!err) { err = kim_identity_get_components_string (in_identity, &name); } @@ -278,8 +287,8 @@ kim_error kim_os_identity_remove_saved_password (kim_identity in_identity) if (itemRef) { CFRelease (itemRef); } } - if (name ) { kim_string_free (&name); } - if (realm) { kim_string_free (&realm); } + kim_string_free (&name); + kim_string_free (&realm); return check_error (err); } diff --git a/src/kim/lib/mac/kim_os_library.c b/src/kim/lib/mac/kim_os_library.c index b0781bbf21..f3b2690843 100644 --- a/src/kim/lib/mac/kim_os_library.c +++ b/src/kim/lib/mac/kim_os_library.c @@ -25,9 +25,8 @@ */ #include -#include +#include #include -#include #include "k5-int.h" #include "k5-thread.h" #include @@ -95,16 +94,56 @@ kim_error kim_os_library_unlock_for_bundle_lookup (void) /* ------------------------------------------------------------------------ */ +kim_boolean kim_os_library_caller_uses_gui (void) +{ + kim_boolean caller_uses_gui = 0; + + /* Check for the HIToolbox (Carbon) or AppKit (Cocoa). + * If either is loaded, we are a GUI app! */ + CFBundleRef appKitBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.AppKit")); + CFBundleRef hiToolBoxBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.HIToolbox")); + + if (hiToolBoxBundle && CFBundleIsExecutableLoaded (hiToolBoxBundle)) { + caller_uses_gui = 1; /* Using Carbon */ + } + + if (appKitBundle && CFBundleIsExecutableLoaded (appKitBundle)) { + caller_uses_gui = 1; /* Using Cocoa */ + } + + return caller_uses_gui; +} + +/* ------------------------------------------------------------------------ */ + kim_ui_environment kim_os_library_get_ui_environment (void) { -#ifndef LEAN_CLIENT - kipc_session_attributes_t attributes = kipc_session_get_attributes (); +#ifdef KIM_BUILTIN_UI + kim_boolean has_gui_access = 0; + SessionAttributeBits sattrs = 0L; - if (attributes & kkipc_session_caller_uses_gui) { + has_gui_access = ((SessionGetInfo (callerSecuritySession, + NULL, &sattrs) == noErr) && + (sattrs & sessionHasGraphicAccess)); + + if (has_gui_access && kim_os_library_caller_uses_gui ()) { return KIM_UI_ENVIRONMENT_GUI; - } else if (attributes & kkipc_session_has_cli_access) { - return KIM_UI_ENVIRONMENT_CLI; - } else if (attributes & kkipc_session_has_gui_access) { + } + + { + int fd_stdin = fileno (stdin); + int fd_stdout = fileno (stdout); + char *fd_stdin_name = ttyname (fd_stdin); + + /* Session info isn't reliable for remote sessions. + * Check manually for terminal access with file descriptors */ + if (isatty (fd_stdin) && isatty (fd_stdout) && fd_stdin_name) { + return KIM_UI_ENVIRONMENT_CLI; + } + } + + /* If we don't have a CLI but can talk to the GUI, use that */ + if (has_gui_access) { return KIM_UI_ENVIRONMENT_GUI; } @@ -169,7 +208,7 @@ kim_error kim_os_library_get_application_path (kim_string *out_path) } if (cfpath ) { CFRelease (cfpath); } - if (absolute_url ) { CFRelease (bundle_url); } + if (absolute_url ) { CFRelease (absolute_url); } if (bundle_url ) { CFRelease (bundle_url); } if (resources_url ) { CFRelease (resources_url); } if (executable_url) { CFRelease (executable_url); } @@ -233,14 +272,17 @@ kim_error kim_os_library_get_caller_name (kim_string *out_application_name) if (!err && !out_application_name) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && bundle) { - CFURLRef bundle_url = CFBundleCopyBundleURL (bundle); + cfname = CFBundleGetValueForInfoDictionaryKey (bundle, + kCFBundleNameKey); - if (bundle_url) { - err = LSCopyDisplayNameForURL (bundle_url, &cfname); - check_error (err); + if (!cfname || CFGetTypeID (cfname) != CFStringGetTypeID ()) { + cfname = CFBundleGetValueForInfoDictionaryKey (bundle, + kCFBundleExecutableKey); } - if (bundle_url) { CFRelease (bundle_url); } + if (cfname) { + cfname = CFStringCreateCopy (kCFAllocatorDefault, cfname); + } } if (!err && !cfname) { @@ -270,6 +312,7 @@ kim_error kim_os_library_get_caller_name (kim_string *out_application_name) if (cfpathnoext) { CFRelease (cfpathnoext); } if (cfpath ) { CFRelease (cfpath); } + kim_string_free (&path); } if (!err && cfname) { diff --git a/src/kim/lib/mac/kim_os_preferences.c b/src/kim/lib/mac/kim_os_preferences.c index 152132c049..87700ef89f 100644 --- a/src/kim/lib/mac/kim_os_preferences.c +++ b/src/kim/lib/mac/kim_os_preferences.c @@ -226,7 +226,7 @@ static kim_error kim_os_preferences_set_value (kim_preference_key in_key, kim_error err = KIM_NO_ERROR; CFStringRef key = NULL; - if (!err && !in_value) { err = check_error (KIM_NULL_PARAMETER_ERR); } + /* in_value may be NULL if removing the key */ if (!err) { key = kim_os_preferences_cfstring_for_key (in_key); @@ -888,20 +888,21 @@ kim_error kim_os_preferences_set_options_for_key (kim_preference_key in_key, kim_error err = KIM_NO_ERROR; CFMutableDictionaryRef dictionary = NULL; - if (!err && !in_options) { err = check_error (KIM_NULL_PARAMETER_ERR); } + /* in_options may be KIM_OPTIONS_DEFAULT, in which case we empty the dict */ - if (!err) { + if (!err && in_options) { dictionary = CFDictionaryCreateMutable (kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); if (!dictionary) { err = check_error (KIM_OUT_OF_MEMORY_ERR); } + + if (!err) { + err = kim_os_preferences_options_to_dictionary (in_options, dictionary); + } } if (!err) { - err = kim_os_preferences_options_to_dictionary (in_options, dictionary); - } - - if (!err) { + /* NULL dictioray will remove any entry for this key */ err = kim_os_preferences_set_value (in_key, dictionary); } @@ -937,7 +938,6 @@ kim_error kim_os_preferences_get_favorites_for_key (kim_preference_key in_key, for (i = 0; !err && i < count; i++) { CFDictionaryRef dictionary = NULL; - kim_options options = KIM_OPTIONS_DEFAULT; CFStringRef cfstring = NULL; dictionary = (CFDictionaryRef) CFArrayGetValueAtIndex (value, i); @@ -955,6 +955,7 @@ kim_error kim_os_preferences_get_favorites_for_key (kim_preference_key in_key, if (!err && cfstring) { kim_string string = NULL; kim_identity identity = NULL; + kim_options options = KIM_OPTIONS_DEFAULT; err = kim_os_string_create_from_cfstring (&string, cfstring); diff --git a/src/kim/lib/mac/kim_os_string.c b/src/kim/lib/mac/kim_os_string.c index 0529f39207..96573eec9e 100644 --- a/src/kim/lib/mac/kim_os_string.c +++ b/src/kim/lib/mac/kim_os_string.c @@ -67,6 +67,8 @@ kim_error kim_os_string_create_localized (kim_string *out_string, if (!err && cfstring) { err = kim_os_string_create_from_cfstring (&string, cfstring); } + + if (cfstring) { CFRelease (cfstring); } } if (!err && !string) { @@ -99,21 +101,34 @@ kim_error kim_os_string_create_from_cfstring (kim_string *out_string, if (!err && !in_cfstring) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { - length = CFStringGetMaximumSizeForEncoding (CFStringGetLength (in_cfstring), - kCFStringEncodingUTF8) + 1; + char *ptr = NULL; + + /* check if in_cfstring is a C string internally so we can + * avoid using CFStringGetMaximumSizeForEncoding which is wasteful */ + ptr = (char *) CFStringGetCStringPtr(in_cfstring, + kCFStringEncodingUTF8); + if (ptr) { + string = strdup (ptr); + if (!string) { err = check_error (KIM_OUT_OF_MEMORY_ERR); } + + } else { + length = CFStringGetMaximumSizeForEncoding (CFStringGetLength (in_cfstring), + kCFStringEncodingUTF8) + 1; + + string = (char *) calloc (length, sizeof (char)); + if (!string) { err = check_error (KIM_OUT_OF_MEMORY_ERR); } - string = (char *) calloc (length, sizeof (char)); - if (!string) { err = check_error (KIM_OUT_OF_MEMORY_ERR); } + if (!err) { + if (!CFStringGetCString (in_cfstring, + (char *) string, + length, + kCFStringEncodingUTF8)) { + err = KIM_OUT_OF_MEMORY_ERR; + } + } + } } - if (!err) { - if (!CFStringGetCString (in_cfstring, - (char *) string, - length, - kCFStringEncodingUTF8)) { - err = KIM_OUT_OF_MEMORY_ERR; - } - } if (!err) { *out_string = string; diff --git a/src/kim/lib/mac/kim_os_ui_gui.c b/src/kim/lib/mac/kim_os_ui_gui.c index 0b8096fcbb..6e1c5cef1e 100644 --- a/src/kim/lib/mac/kim_os_ui_gui.c +++ b/src/kim/lib/mac/kim_os_ui_gui.c @@ -24,13 +24,12 @@ * or implied warranty. */ -#ifndef LEAN_CLIENT +#ifdef KIM_BUILTIN_UI #include "kim_os_private.h" #include "k5_mig_client.h" -#include #include #include #include @@ -561,4 +560,4 @@ kim_error kim_os_ui_gui_fini (kim_ui_context *io_context) return check_error (err); } -#endif /* LEAN_CLIENT */ +#endif /* KIM_BUILTIN_UI */ diff --git a/src/kim/test/main.c b/src/kim/test/main.c index 4ba1844dd7..e3efbd7f6a 100644 --- a/src/kim/test/main.c +++ b/src/kim/test/main.c @@ -40,6 +40,8 @@ int main (int argc, const char * argv[]) test_kim_identity_create_from_string (state); + test_kim_identity_create_from_components (state); + test_kim_identity_copy (state); test_kim_identity_compare (state); diff --git a/src/kim/test/test_kim_common.c b/src/kim/test/test_kim_common.c index c5b4382087..802d41564e 100644 --- a/src/kim/test/test_kim_common.c +++ b/src/kim/test/test_kim_common.c @@ -100,7 +100,7 @@ void fail_if_error (kim_test_state_t in_state, va_list args; kim_string message = NULL; - kim_error err = kim_string_create_for_last_error (&message, err); + kim_error err = kim_string_create_for_last_error (&message, in_err); printf ("\tFAILURE: "); printf ("%s() got %d (%s) ", diff --git a/src/kim/test/test_kim_identity.c b/src/kim/test/test_kim_identity.c index e799aade24..2f1ac089f3 100644 --- a/src/kim/test/test_kim_identity.c +++ b/src/kim/test/test_kim_identity.c @@ -159,6 +159,56 @@ void test_kim_identity_create_from_string (kim_test_state_t state) } +/* ------------------------------------------------------------------------ */ + +void test_kim_identity_create_from_components (kim_test_state_t state) +{ + kim_count i = 0; + + start_test (state, "kim_identity_create_from_components"); + + for (i = 0; test_identities[i].string; i++) { + kim_error err = KIM_NO_ERROR; + kim_identity identity = NULL; + kim_string string = NULL; + + printf ("."); + + if (!err) { + err = kim_identity_create_from_components (&identity, + test_identities[i].realm, + test_identities[i].components[0], + test_identities[i].components[1], + test_identities[i].components[2], + test_identities[i].components[3], + test_identities[i].components[4], + NULL); + fail_if_error (state, "kim_identity_create_from_components", err, + "while creating the identity for %s", + test_identities[i].string); + } + + if (!err) { + err = kim_identity_get_string (identity, &string); + fail_if_error (state, "kim_identity_get_string", err, + "while getting the string for %s", + test_identities[i].string); + } + + if (!err && strcmp (string, test_identities[i].string)) { + log_failure (state, "Unexpected string (got '%s', expected '%s')", + string, test_identities[i].string); + } + + kim_string_free (&string); + kim_identity_free (&identity); + } + + printf ("\n"); + + end_test (state); +} + /* ------------------------------------------------------------------------ */ void test_kim_identity_copy (kim_test_state_t state) diff --git a/src/kim/test/test_kim_identity.h b/src/kim/test/test_kim_identity.h index a294c2c3d6..cb7b29055f 100644 --- a/src/kim/test/test_kim_identity.h +++ b/src/kim/test/test_kim_identity.h @@ -33,6 +33,8 @@ void test_kim_identity_create_from_krb5_principal (kim_test_state_t state); void test_kim_identity_create_from_string (kim_test_state_t state); +void test_kim_identity_create_from_components (kim_test_state_t state); + void test_kim_identity_copy (kim_test_state_t state); void test_kim_identity_compare (kim_test_state_t state); diff --git a/src/kim/test/test_kim_preferences.c b/src/kim/test/test_kim_preferences.c index c364fc6fb3..2766ad4d19 100644 --- a/src/kim/test/test_kim_preferences.c +++ b/src/kim/test/test_kim_preferences.c @@ -658,6 +658,8 @@ void test_kim_preferences_add_favorite_identity (kim_test_state_t state) log_failure (state, "Favorite identity %s not found in favorite identities list", fids[i].identity); } + + kim_identity_free (&identity); } if (!err && i != count) { @@ -841,6 +843,8 @@ void test_kim_preferences_remove_favorite_identity (kim_test_state_t state) log_failure (state, "Favorite identity %s not found in favorite identities list", fids[i].identity); } + + kim_identity_free (&identity); } if (!err && i != count) { @@ -855,7 +859,6 @@ void test_kim_preferences_remove_favorite_identity (kim_test_state_t state) if (!err) { kim_preferences prefs = NULL; kim_count count, j; - kim_string string; err = kim_preferences_create (&prefs); fail_if_error (state, "kim_preferences_create", err, @@ -870,6 +873,7 @@ void test_kim_preferences_remove_favorite_identity (kim_test_state_t state) for (j = 0; j < count; j++) { kim_identity compare_identity = NULL; kim_options compare_options = NULL; + kim_string string = NULL; err = kim_preferences_get_favorite_identity_at_index (prefs, 0, &compare_identity, @@ -878,7 +882,12 @@ void test_kim_preferences_remove_favorite_identity (kim_test_state_t state) "while getting favorite identity %d", (int) j); if (!err) { - kim_identity_get_display_string(compare_identity, &string); + err = kim_identity_get_display_string(compare_identity, &string); + fail_if_error (state, "kim_identity_get_display_string", err, + "while getting the display string for identity %d", (int) j); + } + + if (!err) { err = kim_preferences_remove_favorite_identity(prefs, compare_identity); fail_if_error (state, "kim_preferences_remove_favorite_identity", err, "while removing favorite identity %d \"%s\"", (int) j, string); @@ -897,6 +906,7 @@ void test_kim_preferences_remove_favorite_identity (kim_test_state_t state) display_string); } + kim_string_free (&string); kim_identity_free (&compare_identity); kim_options_free (&compare_options); } diff --git a/src/kim/test/test_kll.c b/src/kim/test/test_kll.c new file mode 100644 index 0000000000..d1773ae30f --- /dev/null +++ b/src/kim/test/test_kll.c @@ -0,0 +1,556 @@ +#include +#include +#include +#include +#include + +/* Prototypes */ +void Initialize(void); +void TestErrorHandling (void); +void TestHighLevelAPI (void); +void TestKLPrincipal (void); +void TestKerberosRealms (void); +void TestLoginOptions (void); +char* TimeToString (char* timeString, long t); +void TestApplicationOptions (void); +void MyKerberosLoginIdleCallback ( + KLRefCon inAppData); + +int main(void) +{ + KLTime t; + KLStatus err; + KLPrincipal principal; + + /* force use of UI */ + fclose (stdin); + + err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &principal); + printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); + if (err == klNoErr) { + err = KLChangePassword (principal); + printf ("KLChangePassword() (err = %d)\n", err); + KLDisposePrincipal (principal); + } + + err = KLLastChangedTime(&t); + printf ("KLLastChangedTime returned %d (err = %d)\n", t, err); + + TestKLPrincipal (); + TestLoginOptions (); + TestApplicationOptions (); + TestErrorHandling (); + TestKerberosRealms (); + TestHighLevelAPI (); + + err = KLLastChangedTime(&t); + printf ("KLLastChangedTime returned %d (err = %d)\n", t, err); + + return 0; +} + +void TestErrorHandling (void) +{ + long err; + char* errorString; + + err = KLGetErrorString (KRB5KRB_AP_ERR_BAD_INTEGRITY, &errorString); + printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); + if (!err) { KLDisposeString (errorString); } + + err = KLGetErrorString (klCredentialsBadAddressErr, &errorString); + printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); + if (!err) { KLDisposeString (errorString); } + + err = KLGetErrorString (klCacheDoesNotExistErr, &errorString); + printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); + if (!err) { KLDisposeString (errorString); } + + err = KLGetErrorString (klPasswordMismatchErr, &errorString); + printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); + if (!err) { KLDisposeString (errorString); } + + err = KLGetErrorString (klInsecurePasswordErr, &errorString); + printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); + if (!err) { KLDisposeString (errorString); } + + err = KLGetErrorString (klPasswordChangeFailedErr, &errorString); + printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); + if (!err) { KLDisposeString (errorString); } + + err = KLGetErrorString (klCantContactServerErr, &errorString); + printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); + if (!err) { KLDisposeString (errorString); } + + err = KLGetErrorString (klCantDisplayUIErr, &errorString); + printf ("KLGetErrorString() returned %s (err = %ld)\n", errorString, err); + if (!err) { KLDisposeString (errorString); } +} + +void TestHighLevelAPI (void) +{ + KLStatus err; + KLPrincipal inPrincipal, outPrincipal, outPrincipal2; + char *outCredCacheName, *outCredCacheName2; + KLTime expirationTime; + char* principalString; + char timeString[256]; + KLBoolean valid; + + err = KLCreatePrincipalFromTriplet ("grail", "", "TESTV5-KERBEROS-1.3.1", &inPrincipal); + printf ("KLCreatePrincipalFromTriplet(grail@TESTV5-KERBEROS-1.3.1) (err = %d)\n", err); + if (err == klNoErr) { + err = KLAcquireNewInitialTicketsWithPassword (inPrincipal, NULL, "liarg", &outCredCacheName); + if (err != klNoErr) { + printf ("KLAcquireNewInitialTicketsWithPassword() returned err = %d\n", err); + } else { + printf ("KLAcquireNewInitialTicketsWithPassword() returned '%s'\n", outCredCacheName); + KLDisposeString (outCredCacheName); + } + KLDisposePrincipal (inPrincipal); + } + + err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal); + printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); + if (err == klNoErr) { + err = KLAcquireNewInitialTicketsWithPassword (inPrincipal, NULL, "ydobon", &outCredCacheName); + if (err != klNoErr) { + printf ("KLAcquireNewInitialTicketsWithPassword() returned err = %d\n", err); + } else { + printf ("KLAcquireNewInitialTicketsWithPassword() returned '%s'\n", outCredCacheName); + KLDisposeString (outCredCacheName); + } + KLDisposePrincipal (inPrincipal); + } + + err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName); + printf ("KLAcquireNewInitialTickets() (err = %d)\n", err); + if (err == klNoErr) { + KLDisposeString (outCredCacheName); + err = KLAcquireInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName); + printf ("KLAcquireInitialTickets() (err = %d)\n", err); + if (err == klNoErr) { + KLDisposeString (outCredCacheName); + KLDisposePrincipal (outPrincipal); + } + KLDisposePrincipal (inPrincipal); + } + + err = KLSetDefaultLoginOption (loginOption_LoginName, "testname", 3); + printf ("KLSetDefaultLoginOption(loginOption_LoginName) to testname (err = %d)\n", err); + if (err == klNoErr) { + err = KLSetDefaultLoginOption (loginOption_LoginInstance, "testinstance", 6); + printf ("KLSetDefaultLoginOption(loginOption_LoginInstance) to testinstance (err = %d)\n", err); + } + + err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName); + printf ("KLAcquireNewInitialTickets() (err = %d)\n", err); + if (err == klNoErr) { + KLDisposeString (outCredCacheName); + KLDisposePrincipal (inPrincipal); + } + + // Principal == NULL + while (KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName) == klNoErr) { + err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime); + err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, &outPrincipal2, &outCredCacheName2); + if (err == klNoErr) { + err = KLGetStringFromPrincipal (outPrincipal2, kerberosVersion_V4, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal returned string '%s'\n", principalString); + KLDisposeString (principalString); + } + KLDisposePrincipal (outPrincipal2); + KLDisposeString (outCredCacheName2); + err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, NULL, NULL); + if (err != klNoErr) { + printf ("KLCacheHasValidTickets returned error = %d\n", err); + } + } + err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, NULL, NULL); + KLDisposeString (outCredCacheName); + KLDisposePrincipal (outPrincipal); + } + + err = KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName); + if (err == klNoErr) { + KLDisposeString (outCredCacheName); + KLDisposePrincipal (outPrincipal); + } + + + err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal); + printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); + if (err == klNoErr) { + err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName); + printf ("KLAcquireNewInitialTickets(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); + if (err == klNoErr) { + KLDisposeString (outCredCacheName); + KLDisposePrincipal (outPrincipal); + } + err = KLDestroyTickets (inPrincipal); + + KLDisposePrincipal (inPrincipal); + } + + err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal); + printf ("KLCreatePrincipalFromTriplet(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); + if (err == klNoErr) { + err = KLAcquireInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName); + printf ("KLAcquireInitialTickets(nobody@TEST-KERBEROS-1.3.1) (err = %d)\n", err); + if (err == klNoErr) { + KLDisposeString (outCredCacheName); + KLDisposePrincipal (outPrincipal); + } + + err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName); + if (err == klNoErr) { + err = KLGetStringFromPrincipal (outPrincipal, kerberosVersion_V5, &principalString); + if (err == klNoErr) { + err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime); + printf ("Tickets for principal '%s' expire on %s\n", + principalString, TimeToString(timeString, expirationTime)); + + KLDisposeString (principalString); + } + KLDisposeString (outCredCacheName); + KLDisposePrincipal (outPrincipal); + } + + err = KLChangePassword (inPrincipal); + printf ("KLChangePassword() (err = %d)\n", err); + + err = KLDestroyTickets (inPrincipal); + printf ("KLDestroyTickets() (err = %d)\n", err); + + KLDisposePrincipal (inPrincipal); + } + +} + + +void TestKLPrincipal (void) +{ + KLStatus err = klNoErr; + KLPrincipal extraLongPrincipal = NULL; + KLPrincipal principal = NULL; + KLPrincipal adminPrincipal = NULL; + KLPrincipal adminPrincipalV4 = NULL; + KLPrincipal adminPrincipalV5 = NULL; + char *principalString = NULL; + char *user = NULL; + char *instance = NULL; + char *realm = NULL; + + printf ("Entering TestKLPrincipal()\n"); + printf ("----------------------------------------------------------------\n"); + + err = KLCreatePrincipalFromString ("thisprincipalnameislongerthanissupportedbyKerberos4@TEST-KERBEROS-1.3.1", + kerberosVersion_V5, &extraLongPrincipal); + printf ("KLCreatePrincipalFromString " + "('thisprincipalnameislongerthanissupportedbyKerberos4@TEST-KERBEROS-1.3.1') " + "(err = %s)\n", error_message(err)); + + printf ("----------------------------------------------------------------\n"); + + err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &principal); + printf ("KLCreatePrincipalFromTriplet ('nobody' '' 'TEST-KERBEROS-1.3.1') (err = %s)\n", + error_message(err)); + + if (err == klNoErr) { + err = KLGetStringFromPrincipal (principal, kerberosVersion_V5, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal (nobody@TEST-KERBEROS-1.3.1, v5) returned string '%s'\n", principalString); + KLDisposeString (principalString); + } else { + printf ("KLGetStringFromPrincipal(nobody@TEST-KERBEROS-1.3.1, v5) returned (err = %s)\n", error_message(err)); + } + + err = KLGetStringFromPrincipal (principal, kerberosVersion_V4, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal (nobody@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString); + KLDisposeString (principalString); + } else { + printf ("KLGetStringFromPrincipal(nobody@TEST-KERBEROS-1.3.1, v4) returned (err = %s)\n", error_message(err)); + } + + err = KLGetTripletFromPrincipal (principal, &user, &instance, &realm); + if (err == klNoErr) { + printf ("KLGetTripletFromPrincipal (nobody@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n", + user, instance, realm); + KLDisposeString (user); + KLDisposeString (instance); + KLDisposeString (realm); + } else { + printf ("KLGetTripletFromPrincipal(nobody@TEST-KERBEROS-1.3.1) returned (err = %s)\n", error_message(err)); + } + } + + printf ("----------------------------------------------------------------\n"); + + err = KLCreatePrincipalFromTriplet ("nobody", "admin", "TEST-KERBEROS-1.3.1", &adminPrincipal); + printf ("KLCreatePrincipalFromTriplet ('nobody' 'admin' 'TEST-KERBEROS-1.3.1') (err = %d)\n", err); + + if (err == klNoErr) { + err = KLGetStringFromPrincipal (adminPrincipal, kerberosVersion_V5, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1, v5) returned string '%s'\n", principalString); + KLDisposeString (principalString); + } else { + printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err); + } + + err = KLGetStringFromPrincipal (adminPrincipal, kerberosVersion_V4, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString); + KLDisposeString (principalString); + } else { + printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err); + } + + err = KLGetTripletFromPrincipal (adminPrincipal, &user, &instance, &realm); + if (err == klNoErr) { + printf ("KLGetTripletFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n", + user, instance, realm); + KLDisposeString (user); + KLDisposeString (instance); + KLDisposeString (realm); + } else { + printf ("KLGetTripletFromPrincipal(lxs/admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err); + } + } + + printf ("----------------------------------------------------------------\n"); + + err = KLCreatePrincipalFromString ("nobody/root@TEST-KERBEROS-1.3.1", kerberosVersion_V5, &adminPrincipalV5); + printf ("KLCreatePrincipalFromString ('nobody/root@TEST-KERBEROS-1.3.1', v5) (err = %d)\n", err); + if (err == klNoErr) { + err = KLGetStringFromPrincipal (adminPrincipalV5, kerberosVersion_V5, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal (nobody/root@TEST-KERBEROS-1.3.1, v5) returned string '%s'\n", principalString); + KLDisposeString (principalString); + } else { + printf ("KLGetStringFromPrincipal(nobody/root@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err); + } + + err = KLGetStringFromPrincipal (adminPrincipalV5, kerberosVersion_V4, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString); + KLDisposeString (principalString); + } else { + printf ("KLGetStringFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err); + } + + err = KLGetTripletFromPrincipal (adminPrincipalV5, &user, &instance, &realm); + if (err == klNoErr) { + printf ("KLGetTripletFromPrincipal (nobody/admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n", + user, instance, realm); + KLDisposeString (user); + KLDisposeString (instance); + KLDisposeString (realm); + } else { + printf ("KLGetTripletFromPrincipal(nobody/admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err); + } + } + + printf ("----------------------------------------------------------------\n"); + + err = KLCreatePrincipalFromString ("nobody.admin@TEST-KERBEROS-1.3.1", kerberosVersion_V4, &adminPrincipalV4); + printf ("KLCreatePrincipalFromString ('nobody.admin@TEST-KERBEROS-1.3.1') (err = %d)\n", err); + if (err == klNoErr) { + err = KLGetStringFromPrincipal (adminPrincipalV4, kerberosVersion_V5, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal (nobody.admin@TEST-KERBEROS-1.3.1, v5) returned string '%s'\n", principalString); + KLDisposeString (principalString); + } else { + printf ("KLGetStringFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1, v5) returned (err = %d)\n", err); + } + + err = KLGetStringFromPrincipal (adminPrincipalV4, kerberosVersion_V4, &principalString); + if (err == klNoErr) { + printf ("KLGetStringFromPrincipal (nobody.admin@TEST-KERBEROS-1.3.1, v4) returned string '%s'\n", principalString); + KLDisposeString (principalString); + } else { + printf ("KLGetStringFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1, v4) returned (err = %d)\n", err); + } + + err = KLGetTripletFromPrincipal (adminPrincipalV4, &user, &instance, &realm); + if (err == klNoErr) { + printf ("KLGetTripletFromPrincipal (nobody.admin@TEST-KERBEROS-1.3.1) returned triplet %s' '%s' '%s'\n", + user, instance, realm); + KLDisposeString (user); + KLDisposeString (instance); + KLDisposeString (realm); + } else { + printf ("KLGetTripletFromPrincipal(nobody.admin@TEST-KERBEROS-1.3.1) returned (err = %d)\n", err); + } + } + + printf ("----------------------------------------------------------------\n"); + + if (adminPrincipalV4 != NULL && adminPrincipalV5 != NULL) { + KLBoolean equivalent; + + err = KLComparePrincipal (adminPrincipalV5, adminPrincipalV4, &equivalent); + if (err == klNoErr) { + printf ("KLComparePrincipal %s comparing nobody/admin@TEST-KERBEROS-1.3.1 and nobody.admin@TEST-KERBEROS-1.3.1\n", + equivalent ? "passed" : "FAILED"); + } else { + printf ("KLComparePrincipal returned (err = %d)\n", err); + } + } + + if (principal != NULL && adminPrincipalV5 != NULL) { + KLBoolean equivalent; + + err = KLComparePrincipal (principal, adminPrincipalV4, &equivalent); + if (err == klNoErr) { + printf ("KLComparePrincipal %s comparing nobody@TEST-KERBEROS-1.3.1 and nobody.admin@TEST-KERBEROS-1.3.1\n", + equivalent ? "FAILED" : "passed"); + } else { + printf ("KLComparePrincipal returned (err = %d)\n", err); + } + } + + if (principal != NULL && adminPrincipalV5 != NULL) { + KLBoolean equivalent; + + err = KLComparePrincipal (principal, adminPrincipalV5, &equivalent); + if (err == klNoErr) { + printf ("KLComparePrincipal %s comparing nobody@TEST-KERBEROS-1.3.1 and nobody/admin@TEST-KERBEROS-1.3.1\n", + equivalent ? "FAILED" : "passed"); + } else { + printf ("KLComparePrincipal returned (err = %d)\n", err); + } + } + + if (adminPrincipal != NULL && adminPrincipalV5 != NULL) { + KLBoolean equivalent; + + err = KLComparePrincipal (adminPrincipalV5, principal, &equivalent); + if (err == klNoErr) { + printf ("KLComparePrincipal %s comparing nobody/admin@TEST-KERBEROS-1.3.1 and nobody@TEST-KERBEROS-1.3.1\n", + equivalent ? "FAILED" : "passed"); + } else { + printf ("KLComparePrincipal returned (err = %d)\n", err); + } + } + + printf ("----------------------------------------------------------------\n\n"); + + if (extraLongPrincipal != NULL) KLDisposePrincipal (extraLongPrincipal); + if (adminPrincipalV5 != NULL) KLDisposePrincipal (adminPrincipalV5); + if (adminPrincipalV4 != NULL) KLDisposePrincipal (adminPrincipalV4); + if (adminPrincipal != NULL) KLDisposePrincipal (adminPrincipal); + if (principal != NULL) KLDisposePrincipal (principal); +} + + +void TestApplicationOptions (void) +{ + KLSetIdleCallback (MyKerberosLoginIdleCallback, 101); +} + +void TestKerberosRealms (void) +{ + printf ("About to test Kerberos realms\n"); + KLRemoveAllKerberosRealms (); + KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); + + KLInsertKerberosRealm (realmList_End, "FOO"); + KLInsertKerberosRealm (realmList_End, "BAR"); + KLInsertKerberosRealm (realmList_End, "BAZ"); + KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); + + KLInsertKerberosRealm (realmList_End, "FOO"); + KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); + + KLSetKerberosRealm (0, "QUUX"); + KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); + + KLRemoveKerberosRealm (0); + KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); + + KLSetKerberosRealm (2, "TEST-KERBEROS-1.3.1"); + KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); + + KLRemoveAllKerberosRealms (); + KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.3.1"); + KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.0.6"); + KLInsertKerberosRealm (realmList_End, "TESTV5-KERBEROS-1.0.6"); + KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.1.1"); + KLInsertKerberosRealm (realmList_End, "TESTV5-KERBEROS-1.1.1"); + KLInsertKerberosRealm (realmList_End, "TEST-KERBEROS-1.2.0"); + KLInsertKerberosRealm (realmList_End, "TESTV5-KERBEROS-1.2.0"); + KLInsertKerberosRealm (realmList_End, "TEST-HEIMDAL-0.3D"); + KLInsertKerberosRealm (realmList_End, "TESTV5-HEIMDAL-0.3D"); + KLInsertKerberosRealm (realmList_End, "TEST-KTH-KRB-1.1"); +} + + +void TestLoginOptions (void) +{ + KLBoolean optionSetting; + KLStatus err = klNoErr; + KLLifetime lifetime; + + lifetime = 10*60; + KLSetDefaultLoginOption(loginOption_MinimalTicketLifetime, &lifetime, sizeof(KLLifetime)); + + lifetime = 8*60*60; + KLSetDefaultLoginOption(loginOption_MaximalTicketLifetime, &lifetime, sizeof(KLLifetime)); + + lifetime = 8*60*60; + KLSetDefaultLoginOption(loginOption_DefaultTicketLifetime, &lifetime, sizeof(KLLifetime)); + + optionSetting = FALSE; + KLSetDefaultLoginOption(loginOption_DefaultForwardableTicket, &optionSetting, sizeof(optionSetting)); + + optionSetting = TRUE; + KLSetDefaultLoginOption(loginOption_RememberPrincipal, &optionSetting, sizeof(optionSetting)); + + optionSetting = TRUE; + err = KLSetDefaultLoginOption(loginOption_RememberExtras, &optionSetting, sizeof(optionSetting)); + + if (err == klNoErr) { + KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); + optionSetting = TRUE; + KLAcquireNewInitialTickets (NULL, NULL, NULL, NULL); + } +} + + +/* Lame date formatting stolen from CCacheDump, like ctime but with no \n */ + +static const char *day_name[] = {"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"}; + +static const char *month_name[] = {"January", "February", "March","April","May","June", +"July", "August", "September", "October", "November","December"}; + +char* TimeToString (char* timeString, long t) +{ + /* we come in in 1970 time */ + time_t timer = (time_t) t; + struct tm tm; + + tm = *localtime (&timer); + + sprintf(timeString, "%.3s %.3s%3d %.2d:%.2d:%.2d %d", + day_name[tm.tm_wday], + month_name[tm.tm_mon], + tm.tm_mday, + tm.tm_hour, + tm.tm_min, + tm.tm_sec, + tm.tm_year + 1900); + + return timeString; +} + + +void MyKerberosLoginIdleCallback (KLRefCon inAppData) +{ + syslog (LOG_ALERT, "App got callback while waiting for Mach IPC (appData == %d)\n", inAppData); + // KLCancelAllDialogs (); +} + diff --git a/src/kim/test/test_kll_terminal.c b/src/kim/test/test_kll_terminal.c new file mode 100644 index 0000000000..9c22625bf6 --- /dev/null +++ b/src/kim/test/test_kll_terminal.c @@ -0,0 +1,39 @@ +#include + + + +int main (void) +{ + KLStatus err; + KLPrincipal principal; + char *principalName; + char *cacheName; + + printf ("Testing KLAcquireNewTickets (nil)...\n"); + + err = KLAcquireNewTickets (nil, &principal, &cacheName); + if (err == klNoErr) { + err = KLGetStringFromPrincipal (principal, kerberosVersion_V5, &principalName); + if (err == klNoErr) { + printf ("Got tickets for '%s' in cache '%s'\n", principalName, cacheName); + KLDisposeString (principalName); + } else { + printf ("KLGetStringFromPrincipal() returned (err = %ld)\n", err); + } + KLDisposeString (cacheName); + + printf ("Testing KLChangePassword (principal)...\n"); + + err = KLChangePassword (principal); + if (err != klNoErr) { + printf ("KLChangePassword() returned (err = %ld)\n", err); + } + + KLDisposePrincipal (principal); + } else { + printf ("KLAcquireNewTickets() returned (err = %ld)\n", err); + } + + printf ("All done testing!\n"); + return 0; +} \ No newline at end of file diff --git a/src/kim/test/test_ui_plugin.c b/src/kim/test/test_ui_plugin.c new file mode 100644 index 0000000000..9a6e3761d9 --- /dev/null +++ b/src/kim/test/test_ui_plugin.c @@ -0,0 +1,472 @@ +/* + * $Header$ + * + * Copyright 2008 Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include +#include +#include +#include +#include +#include + + +typedef struct { + const char *magic; + aslclient asl_context; + int got_error; +} *test_ui_context; + +const char *magic = "test_ui_context_magic"; + +/* ------------------------------------------------------------------------ */ + +static void test_ui_vlog (test_ui_context in_context, + const char *in_format, + va_list in_args) +{ + if (!in_context) { + asl_log (NULL, NULL, ASL_LEVEL_ERR, "NULL context!"); + + } else if (strcmp (in_context->magic, magic)) { + asl_log (NULL, NULL, ASL_LEVEL_ERR, + "Magic mismatch. Context corrupted!"); + + } else { + asl_vlog (in_context->asl_context, NULL, ASL_LEVEL_NOTICE, + in_format, in_args); + } +} + +/* ------------------------------------------------------------------------ */ + +static void test_ui_log_ (void *in_context, + const char *in_function, + const char *in_format, ...) +{ + test_ui_context context = in_context; + char *format = NULL; + va_list args; + + asprintf (&format, "%s: %s", in_function, in_format); + + va_start (args, in_format); + test_ui_vlog (context, format, args); + va_end (args); + + free (format); +} + +#define test_ui_log(context, format, ...) test_ui_log_(context, __FUNCTION__, format, ## __VA_ARGS__) + +#pragma mark - + +/* ------------------------------------------------------------------------ */ + +static kim_error test_ui_init (void **out_context) +{ + kim_error err = KIM_NO_ERROR; + test_ui_context context = NULL; + + if (!err) { + context = malloc (sizeof (*context)); + if (!context) { err = KIM_OUT_OF_MEMORY_ERR; } + } + + if (!err) { + context->got_error = 0; + context->magic = magic; + context->asl_context = asl_open (NULL, + "com.apple.console", + ASL_OPT_NO_DELAY | ASL_OPT_STDERR); + if (!context->asl_context) { err = KIM_OUT_OF_MEMORY_ERR; } + } + + if (!err) { + test_ui_log (context, "returning with no error."); + } else { + kim_string estring = NULL; + + kim_string_create_for_last_error (&estring, err); + test_ui_log (NULL, "returning %d: %s", err, estring); + kim_string_free (&estring); + } + + if (!err) { + *out_context = context; + context = NULL; + } + + free (context); + + return err; +} + +/* ------------------------------------------------------------------------ */ + +static kim_error test_ui_enter_identity (void *in_context, + kim_options io_options, + kim_identity *out_identity, + kim_boolean *out_change_password) +{ + kim_error err = KIM_NO_ERROR; + kim_identity identity = NULL; + + test_ui_log (in_context, "entering..."); + + if (!err) { + test_ui_context context = in_context; + if (context->got_error > 1) { + test_ui_log (in_context, "\tfailed twice, giving up..."); + context->got_error = 0; + err = KIM_USER_CANCELED_ERR; + } + } + + if (!err) { + err = kim_options_set_lifetime (io_options, 1800); + } + + if (!err) { + err = kim_options_set_renewal_lifetime (io_options, 3600); + } + + if (!err) { + err = kim_identity_create_from_string (&identity, + "nobody@TEST-KERBEROS-1.5"); + } + + if (!err) { + *out_identity = identity; + identity = NULL; + *out_change_password = 0; + } + + kim_identity_free (&identity); + + if (!err) { + test_ui_log (in_context, "returning with no error."); + } else { + kim_string estring = NULL; + + kim_string_create_for_last_error (&estring, err); + test_ui_log (in_context, "returning %d: %s", err, estring); + kim_string_free (&estring); + } + + return err; +} + +/* ------------------------------------------------------------------------ */ + +static kim_error test_ui_select_identity (void *in_context, + kim_selection_hints io_hints, + kim_identity *out_identity, + kim_boolean *out_change_password) +{ + kim_error err = KIM_NO_ERROR; + kim_identity identity = NULL; + kim_options options = NULL; + + test_ui_log (in_context, "entering..."); + + if (!err) { + test_ui_context context = in_context; + if (context->got_error > 1) { + test_ui_log (in_context, "\tfailed twice, giving up..."); + context->got_error = 0; + err = KIM_USER_CANCELED_ERR; + } + } + + if (!err) { + err = kim_selection_hints_get_options (io_hints, &options); + } + + if (!err && !options) { + err = kim_options_create (&options); + } + + if (!err) { + err = kim_options_set_lifetime (options, 1800); + } + + if (!err) { + err = kim_options_set_renewal_lifetime (options, 3600); + } + + if (!err) { + err = kim_selection_hints_set_options (io_hints, options); + } + + if (!err) { + err = kim_identity_create_from_string (&identity, + "nobody@TEST-KERBEROS-1.5"); + } + + if (!err) { + *out_identity = identity; + identity = NULL; + *out_change_password = 0; + } + + kim_options_free (&options); + kim_identity_free (&identity); + + if (!err) { + test_ui_log (in_context, "returning with no error."); + } else { + kim_string estring = NULL; + + kim_string_create_for_last_error (&estring, err); + test_ui_log (in_context, "returning %d: %s", err, estring); + kim_string_free (&estring); + } + + return err; +} + +/* ------------------------------------------------------------------------ */ + +static kim_error test_ui_auth_prompt (void *in_context, + kim_identity in_identity, + kim_prompt_type in_type, + kim_boolean in_allow_save_reply, + kim_boolean in_hide_reply, + kim_string in_title, + kim_string in_message, + kim_string in_description, + char **out_reply, + kim_boolean *out_save_reply) +{ + kim_error err = KIM_NO_ERROR; + kim_string string = NULL; + char *reply = NULL; + + test_ui_log (in_context, "entering..."); + + if (!err) { + err = kim_identity_get_display_string (in_identity, &string); + } + + if (!err) { + test_ui_log (in_context, "\tidentity = %s", string); + test_ui_log (in_context, "\ttype = %d", in_type); + test_ui_log (in_context, "\tallow_save_reply = %d", in_allow_save_reply); + test_ui_log (in_context, "\thide_reply = %d", in_hide_reply); + test_ui_log (in_context, "\ttitle = %s", in_title); + test_ui_log (in_context, "\tmessage = %s", in_message); + test_ui_log (in_context, "\tdescription = %s", in_description); + + reply = strdup ("ydobon"); + if (!reply) { err = KIM_OUT_OF_MEMORY_ERR; } + } + + if (!err) { + test_ui_context context = in_context; + if (context->got_error > 1) { + test_ui_log (in_context, "\tfailed twice, giving up..."); + context->got_error = 0; + err = KIM_USER_CANCELED_ERR; + } + } + + if (!err) { + *out_reply = reply; + reply = NULL; + *out_save_reply = 0; + } + + free (reply); + kim_string_free (&string); + + if (!err) { + test_ui_log (in_context, "returning with no error."); + } else { + kim_string estring = NULL; + + kim_string_create_for_last_error (&estring, err); + test_ui_log (in_context, "returning %d: %s", err, estring); + kim_string_free (&estring); + } + + return err; +} + +/* ------------------------------------------------------------------------ */ + +static kim_error test_ui_change_password (void *in_context, + kim_identity in_identity, + kim_boolean in_old_password_expired, + char **out_old_password, + char **out_new_password, + char **out_verify_password) +{ + kim_error err = KIM_NO_ERROR; + kim_string string = NULL; + char *old_password = NULL; + char *new_password = NULL; + char *vfy_password = NULL; + + test_ui_log (in_context, "entering..."); + + if (!err) { + err = kim_identity_get_display_string (in_identity, &string); + } + + if (!err) { + test_ui_log (in_context, "\tidentity = %s", string); + test_ui_log (in_context, "\told_password_expired = %d", + in_old_password_expired); + + old_password = strdup ("ydobon"); + new_password = strdup ("foo"); + vfy_password = strdup ("foo"); + if (!old_password || !new_password || !vfy_password) { + err = KIM_OUT_OF_MEMORY_ERR; + } + } + + if (!err) { + test_ui_context context = in_context; + if (context->got_error > 1) { + test_ui_log (in_context, "\tfailed twice, giving up..."); + context->got_error = 0; + err = KIM_USER_CANCELED_ERR; + } + } + + if (!err) { + *out_old_password = old_password; + old_password = NULL; + *out_new_password = new_password; + new_password = NULL; + *out_verify_password = vfy_password; + vfy_password = NULL; + } + + free (old_password); + free (new_password); + free (vfy_password); + kim_string_free (&string); + + if (!err) { + test_ui_log (in_context, "returning with no error."); + } else { + kim_string estring = NULL; + + kim_string_create_for_last_error (&estring, err); + test_ui_log (in_context, "returning %d: %s", err, estring); + kim_string_free (&estring); + } + + return err; +} + +/* ------------------------------------------------------------------------ */ + +static kim_error test_ui_handle_error (void *in_context, + kim_identity in_identity, + kim_error in_error, + kim_string in_error_message, + kim_string in_error_description) +{ + kim_error err = KIM_NO_ERROR; + kim_string string = NULL; + + test_ui_log (in_context, "entering..."); + + if (!err) { + err = kim_identity_get_display_string (in_identity, &string); + } + + if (!err) { + test_ui_context context = in_context; + + test_ui_log (in_context, "\tidentity = %s", string); + test_ui_log (in_context, "\terror = %d", in_error); + test_ui_log (in_context, "\tmessage = %s", in_error_message); + test_ui_log (in_context, "\tdescription = %s", in_error_description); + + context->got_error++; + } + + kim_string_free (&string); + + if (!err) { + test_ui_log (in_context, "returning with no error."); + } else { + kim_string estring = NULL; + + kim_string_create_for_last_error (&estring, err); + test_ui_log (in_context, "returning %d: %s", err, estring); + kim_string_free (&estring); + } + + return err; +} + +/* ------------------------------------------------------------------------ */ + +static void test_ui_free_string (void *in_context, + char **io_string) +{ + /* strings zeroed by caller so just print pointer value */ + test_ui_log (in_context, "freeing string %p", *io_string); + + free (*io_string); + *io_string = NULL; +} + +/* ------------------------------------------------------------------------ */ + +static kim_error test_ui_fini (void *io_context) +{ + kim_error err = KIM_NO_ERROR; + + test_ui_log (io_context, "deallocating..."); + + if (io_context) { + test_ui_context context = io_context; + + asl_close (context->asl_context); + free (context); + } + + return err; +} + +/* ------------------------------------------------------------------------ */ + +kim_ui_plugin_ftable_v0 kim_ui_0 = { + 0, + test_ui_init, + test_ui_enter_identity, + test_ui_select_identity, + test_ui_auth_prompt, + test_ui_change_password, + test_ui_handle_error, + test_ui_free_string, + test_ui_fini +}; diff --git a/src/krb5-config.M b/src/krb5-config.M index c0a0fa140e..56661aee7e 100644 --- a/src/krb5-config.M +++ b/src/krb5-config.M @@ -64,7 +64,6 @@ values for \fIlibraries\fP are: .in +.5i krb5 Kerberos 5 application gssapi GSSAPI application with Kerberos 5 bindings -krb4 Kerberos 4 application kadm-client Kadmin client kadm-server Kadmin server kdb Application that accesses the kerberos database diff --git a/src/krb5-config.in b/src/krb5-config.in index 9b55e808b8..1952ccb5c8 100755 --- a/src/krb5-config.in +++ b/src/krb5-config.in @@ -32,11 +32,10 @@ exec_prefix=@exec_prefix@ includedir=@includedir@ libdir=@libdir@ CC_LINK='@CC_LINK@' -KRB4_LIB=@KRB4_LIB@ -DES425_LIB=@DES425_LIB@ KDB5_DB_LIB=@KDB5_DB_LIB@ LDFLAGS='@LDFLAGS@' RPATH_FLAG='@RPATH_FLAG@' +PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@' PTHREAD_CFLAGS='@PTHREAD_CFLAGS@' DL_LIB='@DL_LIB@' @@ -86,9 +85,6 @@ while test $# != 0; do gssapi) library=gssapi ;; - krb4) - library=krb4 - ;; kadm-client) library=kadm_client ;; @@ -125,7 +121,6 @@ if test -n "$do_help"; then echo "Libraries:" echo " krb5 Kerberos 5 application" echo " gssapi GSSAPI application with Kerberos 5 bindings" - echo " krb4 Kerberos 4 application" echo " kadm-client Kadmin client" echo " kadm-server Kadmin server" echo " kdb Application that accesses the kerberos database" @@ -185,6 +180,7 @@ if test -n "$do_libs"; then # Ugly gross hack for our build tree lib_flags=`echo $CC_LINK | sed -e 's/\$(CC)//' \ -e 's/\$(PURE)//' \ + -e 's#\$(PROG_RPATH_FLAGS)#'"$PROG_RPATH_FLAGS"'#' \ -e 's#\$(PROG_RPATH)#'$libdir'#' \ -e 's#\$(PROG_LIBPATH)#'$libdirarg'#' \ -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \ @@ -217,11 +213,6 @@ if test -n "$do_libs"; then library=krb5 fi - if test $library = 'krb4'; then - lib_flags="$lib_flags $KRB4_LIB $DES425_LIB" - library=krb5 - fi - if test $library = 'krb5'; then lib_flags="$lib_flags -lkrb5 -lk5crypto -lcom_err $GEN_LIB $LIBS $DL_LIB" fi diff --git a/src/krb524/Makefile.in b/src/krb524/Makefile.in deleted file mode 100644 index e832733f2a..0000000000 --- a/src/krb524/Makefile.in +++ /dev/null @@ -1,175 +0,0 @@ -thisconfigdir=.. -myfulldir=krb524 -mydir=krb524 -BUILDTOP=$(REL).. -KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS) -DEFS= - -# Copyright 1994 by OpenVision Technologies, Inc. -# -# Permission to use, copy, modify, distribute, and sell this software -# and its documentation for any purpose is hereby granted without fee, -# provided that the above copyright notice appears in all copies and -# that both that copyright notice and this permission notice appear in -# supporting documentation, and that the name of OpenVision not be used -# in advertising or publicity pertaining to distribution of the software -# without specific, written prior permission. OpenVision makes no -# representations about the suitability of this software for any -# purpose. It is provided "as is" without express or implied warranty. -# -# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO -# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR -# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF -# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -# PERFORMANCE OF THIS SOFTWARE. -# - -DEFINES = -DUSE_MASTER -DKRB524_PRIVATE=1 -PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) -PROG_RPATH=$(KRB5_LIBDIR) - -##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_INCLUDES) -##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES) -##WIN32##!endif - -##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_LIB) -##WIN32##K4LIB=$(USE_ALTERNATE_KRB4_LIB) -##WIN32##!endif - -K524EXE = $(OUTPRE)k524init.exe -K524LIB = $(OUTPRE)krb524.lib -K524DEP = $(K524LIB) -K524DEF = krb524.def -WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \ - version.lib advapi32.lib gdi32.lib - -LOCALINCLUDES= $(KRB4_INCLUDES) -I. -I$(srcdir) - -# Library sources -SRCS = \ - $(srcdir)/cnv_tkt_skey.c \ - $(srcdir)/libinit.c \ - $(srcdir)/krb524.c - -EXTRADEPSRCS = \ - $(srcdir)/test.c \ - $(srcdir)/k524init.c \ - $(srcdir)/krb524d.c - -##WIN32##!ifdef KRB524_STATIC_HACK -##WIN32##LPREFIX=..\lib -##WIN32##K5_GLUE=$(LPREFIX)\$(OUTPRE)k5_glue.obj -##WIN32##KLIBS = $(LPREFIX)\krb5\$(OUTPRE)krb5.lib \ -##WIN32## $(LPREFIX)\crypto\$(OUTPRE)crypto.lib \ -##WIN32## $(BUILDTOP)\util\profile\$(OUTPRE)profile.lib \ -##WIN32## $(LPREFIX)\des425\$(OUTPRE)des425.lib -##WIN32##KLIB=$(KLIBS) $(DNSLIBS) $(K5_GLUE) $(CLIB) -##WIN32##STLIBOBJS=$(STLIBOBJS:libinit=globals) -##WIN32##K524DEP=$(STLIBOBJS) -##WIN32##!endif - -##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc -##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY - -##WIN32##EXERES=$(K524EXE:.exe=.res) -##WIN32##LIBRES=$(K524LIB:.lib=.res) - -##WIN32##$(EXERES): $(VERSIONRC) -##WIN32## $(RC) $(RCFLAGS) -DKRB524_INIT -fo $@ -r $** -##WIN32##$(LIBRES): $(VERSIONRC) -##WIN32## $(RC) $(RCFLAGS) -DKRB524_LIB -fo $@ -r $** - -all-unix:: krb524d krb524test k524init - -##WIN32##all-windows:: $(K524EXE) $(K524LIB) - -krb524test: test.o $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o krb524test test.o $(KRB5_LIB) $(KRB4COMPAT_LIBS) - -SERVER_OBJS= krb524d.o cnv_tkt_skey.o -CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT) - -krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) - -k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS) - -##WIN32##$(K524LIB): $(OUTPRE)krb524.$(OBJEXT) $(OUTPRE)libinit.$(OBJEXT) $(KLIB) $(CLIB) $(LIBRES) -##WIN32## link $(DLL_LINKOPTS) -def:$(K524DEF) -out:$*.dll $** $(WINLIBS) -##WIN32## $(_VC_MANIFEST_EMBED_DLL) - -##WIN32##$(K524EXE): $(OUTPRE)k524init.$(OBJEXT) $(KLIB) $(K4LIB) $(CLIB) $(EXERES) $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib -##WIN32## link $(EXE_LINKOPTS) -out:$@ $** $(WINLIBS) $(SCLIB) -##WIN32## $(_VC_MANIFEST_EMBED_EXE) - -install-unix:: - $(INSTALL_PROGRAM) krb524d $(DESTDIR)$(SERVER_BINDIR)/krb524d - $(INSTALL_PROGRAM) k524init $(DESTDIR)$(CLIENT_BINDIR)/krb524init - $(INSTALL_DATA) $(srcdir)/krb524d.M $(DESTDIR)$(SERVER_MANDIR)/krb524d.8 - $(INSTALL_DATA) $(srcdir)/k524init.M \ - $(DESTDIR)$(CLIENT_MANDIR)/krb524init.1 - -clean-unix:: - $(RM) $(OBJS) core *~ *.bak #* - $(RM) krb524test krb524d k524init test.o $(CLIENT_OBJS) $(SERVER_OBJS) - - -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)cnv_tkt_skey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h cnv_tkt_skey.c krb524d.h -$(OUTPRE)libinit.$(OBJEXT): libinit.c -$(OUTPRE)krb524.$(OBJEXT): krb524.c -$(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h test.c -$(OUTPRE)k524init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h k524init.c -$(OUTPRE)krb524d.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h krb524d.c krb524d.h diff --git a/src/krb524/README b/src/krb524/README deleted file mode 100644 index dd7ca9c239..0000000000 --- a/src/krb524/README +++ /dev/null @@ -1,154 +0,0 @@ -Copyright 1994 by OpenVision Technologies, Inc. - -Permission to use, copy, modify, distribute, and sell this software -and its documentation for any purpose is hereby granted without fee, -provided that the above copyright notice appears in all copies and -that both that copyright notice and this permission notice appear in -supporting documentation, and that the name of OpenVision not be used -in advertising or publicity pertaining to distribution of the software -without specific, written prior permission. OpenVision makes no -representations about the suitability of this software for any -purpose. It is provided "as is" without express or implied warranty. - -OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO -EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR -CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF -USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THIS SOFTWARE. - - -Kerberos V5 to Kerberos V4 Credentials Converting Service, ALPHA RELEASE -======================================================================== - -krb524 is a service that converts Kerberos V5 credentials into -Kerberos V4 credentials suitable for use with applications that for -whatever reason do not use V5 directly. The service consists of a -server that has access to the secret key of the Kerberos service for -which credentials will be converted, and a library for use by client -programs that wish to use the server. - -The protocol is simple. Suppose that a client C wishes to obtain V4 -credentials for a V5 service S by using the krb524 server. The -notation {C,S}_n represents a Vn service ticket for S for use by C. - -(1) C obtains V5 credentials, including a ticket {C,S}_5, for S by the -normal V5 means. - -(2) C transmits {C,S}_5 to KRB524. - -(3) KRB524 converts {C,S}_5 into {C,S}_4. - -(4) KRB524 transmits {C,S}_4 to C. - -(5) C creates a V4 credentials strucuture from the plaintext -information in the V5 credential and {C,S}_4. - -Steps (2) through (4) are encapsulated in a single function call in -the krb524 library. - -An alternate conversion is provided for AFS servers that support the -encrypted part of a krb5 ticket as an AFS token. If the krb524d is -converting a principal whose first component is afs and if the -encrypted part of the ticket fits in 344 bytes, then it will default -to simply returning the encrypted part of the ticket as a token. If -it turns out that the AFS server does not support the ticket, then -users will get an unknown key version error and the krb524d must be -configured to use v4 tickets for this AFS service. - - -Obviously, not all V5 credentials can be completely converted to V4 -credentials, since the former is a superset of the latter. The -precise semantics of the conversion function are still undecided. -UTSL. - -Programs contained in this release -====================================================================== - -krb524d [-m[aster]] [-k[eytab]] - -The krb524 server. It accepts UDP requests on the krb524 service -port, specified in /etc/services, or on port 4444 by default. (A -request for an official port assignment is underway.) The -m argument -causes krb524d to access the KDC master database directly; the -k -argument causes krb524d to use the default keytab (and therefore only -be able to convert tickets for services in the keytab). Only one of --m or -k can be specified. - -test -remote server client service - -A test program that obtains a V5 credential for {client,service}, -converts it to a V4 credential, and prints out the entire contents of -both versions. It prompts for service's secret key, which it needs to -decrypt both tickets in order to print them out. Enter it as an eight -digit ASCII hex number. - -k524init [-n] [-p principal] - -Convert a V5 credential into a V4 credential and store it in a V4 -ticket file. The client is 'principal', or krbtgt at the V5 ccache's -default principal's realm if not specified. The -n argument causes -the new ticket to be added to the existing ticket file; otherwise, the -ticket file is initialized. - -Configuring krb524d AFS Conversion -====================================================================== - -The krb524d looks in the appdefaults section of krb5.conf for an -application called afs_krb5 to determine whether afs principals -support encrypted ticket parts as tokens. The following configuration -fragment says that afs/sipb.mit.edu@ATHENA.MIT.EDU supports the new -token format but afs@ATHENA.MIT.EDU and -afs/athena.mit.edu@ATHENA.MIT.EDU do not. Note that the default is to -assume afs servers support the new format. - -[appdefaults] -afs_krb5 = { - ATHENA.MIT.EDU = { - # This stanza describes principals in the - #ATHENA.MIT.EDU realm - afs = false - afs/athena.mit.edu = false - afs/sipb.mit.edu = true - } -} - - -Using libkrb524.a -====================================================================== - -To use libkrb524.a, #include "krb524.h", link against libkrb524.a, -call krb524_init_ets() at the beginning of your program, and call one -of the following two functions: - -int krb524_convert_creds_addr(krb5_creds *v5creds, CREDENTIALS *v4creds, - struct sockaddr *saddr) - -int krb524_convert_creds_kdc(krb5_creds *v5creds, CREDENTIALS *v4creds) - -Both convert the V5 credential in v5creds into a V4 credential in -v4creds. One assumes krb524d is running on the KDC, the other uses an -explicit host. You only need to specify the address for saddr; the -port is filled in automatically. - -Unresolved issues / Bugs -====================================================================== - -o krb524d requires access to the secret key of any service to be -converted. Should krb524d run on the KDC or on individual server -machines? The latter is more paranoid, since it prevents bugs in -krb524d from provided unauthorized access to the master database. -However, it also requires the client to provide the address of the -server to be used. The client will usually have this information -(since presumably it will be sending the converted V4 credentials to -the same server) but it may not be in a convenient form. It seems -"cleaner" to have krb524d run on the KDC. - -o Even if krb524d uses keytabs on server machines, it needs to be more -flexible. You only want to run one krb524d per host, so it has to be -able to scan multiple keytabs. This might get logistically messy. - -o This code is of alpha quality. Bugs, omissions, memory leaks, and -perhaps security holes still remain. Do not use it (yet) in a -production environment. diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c deleted file mode 100644 index 217eb40a80..0000000000 --- a/src/krb524/cnv_tkt_skey.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright 2003 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include "k5-int.h" /* we need krb5_context::clockskew */ -#include -#include - -#ifdef _WIN32 -#include "port-sockets.h" -#else -#include -#include -#endif -#include -#include "krb524d.h" - -static int krb524d_debug = 0; - -static int -krb524_convert_princs(context, client, server, pname, pinst, prealm, - sname, sinst, srealm) - krb5_context context; - krb5_principal client, server; - char *pname, *pinst, *prealm, *sname, *sinst, *srealm; -{ - int ret; - - if ((ret = krb5_524_conv_principal(context, client, pname, pinst, - prealm))) - return ret; - - return krb5_524_conv_principal(context, server, sname, sinst, srealm); -} -/* - * Convert a v5 ticket for server to a v4 ticket, using service key - * skey for both. - */ -int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey, - saddr) - krb5_context context; - krb5_ticket *v5tkt; - KTEXT_ST *v4tkt; - krb5_keyblock *v5_skey, *v4_skey; - struct sockaddr_in *saddr; -{ - char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; - char sname[ANAME_SZ], sinst[INST_SZ], srealm[REALM_SZ]; - krb5_enc_tkt_part *v5etkt; - int ret, lifetime, v4endtime; - krb5_timestamp server_time; - struct sockaddr_in *sinp = (struct sockaddr_in *)saddr; - krb5_address kaddr; - - v5tkt->enc_part2 = NULL; - if ((ret = krb5_decrypt_tkt_part(context, v5_skey, v5tkt))) { - return ret; - } - v5etkt = v5tkt->enc_part2; - - if (v5etkt->transited.tr_contents.length != 0) { - /* Some intermediate realms transited -- do we accept them? - - Simple answer: No. - - More complicated answer: Check our local config file to - see if the path is correct, and base the answer on that. - This denies the krb4 application server any ability to do - its own validation as krb5 servers can. - - Fast answer: Not right now. */ - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return KRB5KRB_AP_ERR_ILL_CR_TKT; - } - /* We could also encounter a case where luser@R1 gets a ticket - for krbtgt/R3@R2, and then tries to convert it. But the - converted ticket would be one the v4 KDC code should reject - anyways. So we don't need to worry about it here. */ - - if ((ret = krb524_convert_princs(context, v5etkt->client, v5tkt->server, - pname, pinst, prealm, sname, - sinst, srealm))) { - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return ret; - } - if ((v5etkt->session->enctype != ENCTYPE_DES_CBC_CRC && - v5etkt->session->enctype != ENCTYPE_DES_CBC_MD4 && - v5etkt->session->enctype != ENCTYPE_DES_CBC_MD5) || - v5etkt->session->length != sizeof(C_Block)) { - if (krb524d_debug) - fprintf(stderr, "v5 session keyblock type %d length %d != C_Block size %d\n", - v5etkt->session->enctype, - v5etkt->session->length, - (int) sizeof(C_Block)); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return KRB524_BADKEY; - } - - /* V4 has no concept of authtime or renew_till, so ignore them */ - if (v5etkt->times.starttime == 0) - v5etkt->times.starttime = v5etkt->times.authtime; - /* rather than apply fit an extended v5 lifetime into a v4 range, - give out a v4 ticket with as much of the v5 lifetime is available - "now" instead. */ - if ((ret = krb5_timeofday(context, &server_time))) { - if (krb524d_debug) - fprintf(stderr, "krb5_timeofday failed!\n"); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return ret; - } - if ((server_time + context->clockskew >= v5etkt->times.starttime) - && (server_time - context->clockskew <= v5etkt->times.endtime)) { - lifetime = krb_time_to_life(server_time, v5etkt->times.endtime); - v4endtime = krb_life_to_time(server_time, lifetime); - /* - * Adjust start time backwards if the lifetime value - * returned by krb_time_to_life() maps to a longer lifetime - * than that of the original krb5 ticket. - */ - if (v4endtime > v5etkt->times.endtime) - server_time -= v4endtime - v5etkt->times.endtime; - } else { - if (krb524d_debug) - fprintf(stderr, "v5 ticket time out of bounds\n"); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - if (server_time+context->clockskew < v5etkt->times.starttime) - return KRB5KRB_AP_ERR_TKT_NYV; - else if (server_time-context->clockskew > v5etkt->times.endtime) - return KRB5KRB_AP_ERR_TKT_EXPIRED; - else /* shouldn't happen, but just in case... */ - return KRB5KRB_AP_ERR_TKT_NYV; - } - - kaddr.addrtype = ADDRTYPE_INET; - kaddr.length = sizeof(sinp->sin_addr); - kaddr.contents = (krb5_octet *)&sinp->sin_addr; - - if (!krb5_address_search(context, &kaddr, v5etkt->caddrs)) { - if (krb524d_debug) - fprintf(stderr, "Invalid v5creds address information.\n"); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - return KRB524_BADADDR; - } - - if (krb524d_debug) - printf("startime = %ld, authtime = %ld, lifetime = %ld\n", - (long) v5etkt->times.starttime, - (long) v5etkt->times.authtime, - (long) lifetime); - - /* XXX are there V5 flags we should map to V4 equivalents? */ - if (v4_skey->enctype == ENCTYPE_DES_CBC_CRC) { - ret = krb_create_ticket(v4tkt, - 0, /* flags */ - pname, - pinst, - prealm, - sinp->sin_addr.s_addr, - (char *) v5etkt->session->contents, - lifetime, - /* issue_data */ - server_time, - sname, - sinst, - v4_skey->contents); - } - else abort(); - krb5_free_enc_tkt_part(context, v5etkt); - v5tkt->enc_part2 = NULL; - if (ret == KSUCCESS) - return 0; - else - return KRB524_V4ERR; -} diff --git a/src/krb524/k524init.M b/src/krb524/k524init.M deleted file mode 100644 index f480767a0e..0000000000 --- a/src/krb524/k524init.M +++ /dev/null @@ -1,47 +0,0 @@ -.\" krb524/k524init.M -.\" -.\" Copyright 2005 by the Massachusetts Institute of Technology. -.\" -.\" Export of this software from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -.\" distribute this software and its documentation for any purpose and -.\" without fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright notice and -.\" this permission notice appear in supporting documentation, and that -.\" the name of M.I.T. not be used in advertising or publicity pertaining -.\" to distribution of the software without specific, written prior -.\" permission. Furthermore if you modify this software you must label -.\" your software as modified software and not distribute it in such a -.\" fashion that it might be confused with the original M.I.T. software. -.\" M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" without express -.\" or implied warranty. -.\" " -.TH KRB524INIT 1 -.SH NAME -krb524init \- Obtain Kerberos V4 tickets from Kerberos V5 tickets -.SH SYNOPSIS -\fBkrb524init\fP [\fB\-n\fP] [\fB\-p\fP \fIprincipal\fP] -.SH DESCRIPTION -.I krb524init -converts a V5 credential to a V4 credential by querying a remote krb524d -server and stores it in a V4 ticket cache. The credential is -.I principal -or "krbtgt" at the V5 ticket cache's default principal's realm if not -specified. -.SH OPTIONS -.TP -.B \-n -By default, the V4 ticket cache is initialized. If this option is given, -the converted credential is instead added to the existing ticket cache. -.TP -\fB\-p\fP \fIprincipal\fP -Convert -.I principal -rather than krbtgt. -.SH SEE ALSO -kinit(1), krb524d(8) diff --git a/src/krb524/k524init.c b/src/krb524/k524init.c deleted file mode 100644 index c611b2e5c1..0000000000 --- a/src/krb524/k524init.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include "autoconf.h" -#include "k5-int.h" /* for data_eq */ -#include -#include "com_err.h" - -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#include -#include -#include -#ifndef _WIN32 -#include -#include -#include -#endif - -#include - -extern int optind; -extern char *optarg; -char *prog = "k524init"; - -int main(argc, argv) - int argc; - char **argv; -{ - krb5_principal client, server; - krb5_ccache cc; - krb5_creds increds, *v5creds; - CREDENTIALS v4creds; - int code; - int option; - char *princ = NULL; - int nodelete = 0; - int lose = 0; - krb5_context context; - krb5_error_code retval; - - if (argv[0]) { - prog = strrchr (argv[0], '/'); - if (prog) - prog++; - else - prog = argv[0]; - } - - retval = krb5_init_context(&context); - if (retval) { - com_err(prog, retval, "while initializing krb5"); - exit(1); - } - - while(((option = getopt(argc, argv, "p:n")) != -1)) { - switch(option) { - case 'p': - princ = optarg; - break; - case 'n': - nodelete++; - break; - default: - lose++; - break; - } - } - - if (lose || (argc - optind > 1)) { - fprintf(stderr, "Usage: %s [-p principal] [-n]\n", prog); - exit(1); - } - - if ((code = krb5_cc_default(context, &cc))) { - com_err(prog, code, "opening default credentials cache"); - exit(1); - } - - if ((code = krb5_cc_get_principal(context, cc, &client))) { - com_err(prog, code, "while retrieving user principal name"); - exit(1); - } - - if (princ) { - if ((code = krb5_parse_name(context, princ, &server))) { - com_err(prog, code, "while parsing service principal name"); - exit(1); - } - } else { - if ((code = krb5_build_principal(context, &server, - krb5_princ_realm(context, client)->length, - krb5_princ_realm(context, client)->data, - "krbtgt", - krb5_princ_realm(context, client)->data, - NULL))) { - com_err(prog, code, "while creating service principal name"); - exit(1); - } - } - - if (!nodelete) { - krb5_data *crealm = krb5_princ_realm (context, client); - krb5_data *srealm = krb5_princ_realm (context, server); - if (!data_eq(*crealm, *srealm)) { - /* Since krb4 ticket files don't store the realm name - separately, and the client realm is assumed to be the - realm of the first ticket, let's not store an initial - ticket with the wrong realm name, since it'll confuse - other programs. */ - fprintf (stderr, - "%s: Client and server principals' realm names are different;\n" - "\tbecause of limitations in the krb4 ticket file implementation,\n" - "\tthis doesn't work for an initial ticket. Try `%s -n'\n" - "\tif you already have other krb4 tickets, or convert the\n" - "\tticket-granting ticket from your home realm.\n", - prog, prog); - exit (1); - } - } - - memset((char *) &increds, 0, sizeof(increds)); - increds.client = client; - increds.server = server; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if ((code = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) { - com_err(prog, code, "getting V5 credentials"); - exit(1); - } - - if ((code = krb5_524_convert_creds(context, v5creds, &v4creds))) { - com_err(prog, code, "converting to V4 credentials"); - exit(1); - } - - /* this is stolen from the v4 kinit */ - - if (!nodelete) { - /* initialize ticket cache */ - code = krb_in_tkt(v4creds.pname,v4creds.pinst,v4creds.realm); - if (code != KSUCCESS) { - fprintf (stderr, "%s: %s trying to create the V4 ticket file", - prog, krb_get_err_text (code)); - exit(1); - } - } - - /* stash ticket, session key, etc. for future use */ - /* This routine does *NOT* return one of the usual com_err codes. */ - if ((code = krb_save_credentials(v4creds.service, v4creds.instance, - v4creds.realm, v4creds.session, - v4creds.lifetime, v4creds.kvno, - &(v4creds.ticket_st), - v4creds.issue_date))) { - fprintf (stderr, "%s: %s trying to save the V4 ticket\n", - prog, krb_get_err_text (code)); - exit(1); - } - - exit(0); -} diff --git a/src/krb524/krb524.def b/src/krb524/krb524.def deleted file mode 100644 index 67d2050453..0000000000 --- a/src/krb524/krb524.def +++ /dev/null @@ -1,13 +0,0 @@ -;---------------------------------------------------- -; KRB524.DEF - KRB524.DLL module definition file -;---------------------------------------------------- - -; **************************************************************************** -; Do not add any function to this file until you make sure the calling -; convention for the exported function is KRB5_CALLCONV -; **************************************************************************** - - -EXPORTS - krb524_convert_creds_kdc @1 - krb524_init_ets @2 diff --git a/src/krb524/krb524_prot b/src/krb524/krb524_prot deleted file mode 100644 index f83854d77f..0000000000 --- a/src/krb524/krb524_prot +++ /dev/null @@ -1,11 +0,0 @@ -Protocol: - - -> ASN.1 encoded V5 ticket - <- int status_code, [int kvno, encode_v4tkt encoded KTEXT_ST] - -kvno and V4 ticket are only included if status_code is zero. - -The kvno for the converted ticket is sent explicitly because the field -is ASN.1 encoded in the krb5_creds structure; the client would have to -decode (but not decrypt) the entire krb5_ticket structure to get it, -which would be inefficient. diff --git a/src/krb524/krb524d.M b/src/krb524/krb524d.M deleted file mode 100644 index dee00cf817..0000000000 --- a/src/krb524/krb524d.M +++ /dev/null @@ -1,74 +0,0 @@ -.\" krb524/krb524d.M -.\" -.\" Copyright 1990 by the Massachusetts Institute of Technology. -.\" -.\" Export of this software from the United States of America may -.\" require a specific license from the United States Government. -.\" It is the responsibility of any person or organization contemplating -.\" export to obtain such a license before exporting. -.\" -.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -.\" distribute this software and its documentation for any purpose and -.\" without fee is hereby granted, provided that the above copyright -.\" notice appear in all copies and that both that copyright notice and -.\" this permission notice appear in supporting documentation, and that -.\" the name of M.I.T. not be used in advertising or publicity pertaining -.\" to distribution of the software without specific, written prior -.\" permission. Furthermore if you modify this software you must label -.\" your software as modified software and not distribute it in such a -.\" fashion that it might be confused with the original M.I.T. software. -.\" M.I.T. makes no representations about the suitability of -.\" this software for any purpose. It is provided "as is" without express -.\" or implied warranty. -.\" " -.TH KRB524D 8 -.SH NAME -krb524d \- Version 5 to Version 4 Credentials Conversion Daemon -.SH SYNOPSIS -.B krb524d -[ -.B \-m[aster] -| -.B \-k[eytab] -] [ -.B \-r -.I realm -] [ -.B \-nofork -] [ -.B \-p -.I portnum -] -.br -.SH DESCRIPTION -.I krb524d -is the Kerberos Version 5 to Version 4 Credentials Conversion daemon. -It works in conjuction with a krb5kdc to allow clients to acquire Kerberos -version 4 tickets from Kerberos version 5 tickets without specifying a password. -.SH OPTIONS -.TP -\fB\-m[aster]\fP -Use the KDC database to convert credentials. This option cannot be combined with -\fB\-k[eytab]\fP. -.TP -\fB\-k[eytab]\fP -Use the default keytab to convert credentials. This option cannot be combined with -\fB\-m[aster]\fP. -.TP -\fB\-r\fP \fIrealm\fP -Convert credentials for \fIrealm\fP; by default the realm returned by -.IR krb5_default_local_realm (3) -is used. -.TP -\fB\-nofork\fP -specifies that krb524d not fork on launch. Useful for debugging purposes. -.TP -\fB\-p\fP \fIportnum\fP -specifies the default UDP port number which krb524d should listen on for -Kerberos 524 requests. This value is used when no port is specified in -the KDC profile and when no port is specified in the Kerberos configuration -file. -If no value is available, then the value in /etc/services for service -"krb524" is used. -.SH SEE ALSO -kerberos(1), krb5kdc(8), kdb5_util(8), kdc.conf(5) diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c deleted file mode 100644 index 202cda920c..0000000000 --- a/src/krb524/krb524d.c +++ /dev/null @@ -1,637 +0,0 @@ -/* - * Copyright (C) 2002, 2007, 2008 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include - -#include -#include -#ifdef HAVE_SYS_SELECT_H -#include -#endif -#include -#include -#include -#include -#include -#include - -#include -#include "krb524d.h" - -#if defined(NEED_DAEMON_PROTO) -extern int daemon(int, int); -#endif - -#define TIMEOUT 60 -#define TKT_BUFSIZ 2048 -#define MSGSIZE 8192 - -char *whoami; -int signalled = 0; -static int debug = 0; -void *handle = NULL; - -int use_keytab, use_master; -int allow_v4_crossrealm = 0; -char *keytab = NULL; -krb5_keytab kt; - -void init_keytab(krb5_context), - init_master(krb5_context, kadm5_config_params *), - cleanup_and_exit(int, krb5_context); -krb5_error_code do_connection(int, krb5_context); -krb5_error_code lookup_service_key(krb5_context, krb5_principal, - krb5_enctype, krb5_kvno, - krb5_keyblock *, krb5_kvno *); -krb5_error_code kdc_get_server_key(krb5_context, krb5_principal, - krb5_keyblock *, krb5_kvno *, - krb5_enctype, krb5_kvno); - -static krb5_error_code -handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt, - struct sockaddr_in *saddr, - krb5_data *tktdata, krb5_kvno *v4kvno); -static krb5_error_code -afs_return_v4(krb5_context, const krb5_principal , int *use_v5); - -static void usage(context) - krb5_context context; -{ - fprintf(stderr, "Usage: %s [-k[eytab]] [-m[aster] [-r realm]] [-nofork] [-p portnum]\n", whoami); - cleanup_and_exit(1, context); -} - -static RETSIGTYPE request_exit(signo) - int signo; -{ - signalled = 1; -} - -int (*encode_v4tkt)(KTEXT, char *, unsigned int *) = 0; - -int main(argc, argv) - int argc; - char **argv; -{ - struct servent *serv; - struct sockaddr_in saddr; - struct timeval timeout; - int ret, s, nofork; - fd_set rfds; - krb5_context context; - krb5_error_code retval; - kadm5_config_params config_params; - unsigned long port = 0; - - whoami = ((whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0]); - - retval = krb5int_init_context_kdc(&context); - if (retval) { - com_err(whoami, retval, "while initializing krb5"); - exit(1); - } - - { - krb5int_access k5int; - retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION); - if (retval != 0) { - com_err(whoami, retval, - "while accessing krb5 library internal support"); - exit(1); - } - encode_v4tkt = k5int.krb524_encode_v4tkt; - if (encode_v4tkt == NULL) { - com_err(whoami, 0, - "krb4 support disabled in krb5 support library"); - exit(1); - } - } - - argv++; argc--; - use_master = use_keytab = nofork = 0; - config_params.mask = 0; - - while (argc) { - if (strncmp(*argv, "-X", 2) == 0) { - allow_v4_crossrealm = 1; - } - else if (strncmp(*argv, "-k", 2) == 0) - use_keytab = 1; - else if (strncmp(*argv, "-m", 2) == 0) - use_master = 1; - else if (strcmp(*argv, "-nofork") == 0) - nofork = 1; - else if (strcmp(*argv, "-r") == 0) { - argv++; argc--; - if (argc == 0 || !use_master) - usage(context); - config_params.mask |= KADM5_CONFIG_REALM; - config_params.realm = *argv; - } - else if (strcmp(*argv, "-p") == 0) { - char *endptr = 0; - argv++; argc--; - if (argc == 0) - usage (context); - if (port != 0) { - com_err (whoami, 0, - "port number may only be specified once"); - exit (1); - } - port = strtoul (*argv, &endptr, 0); - if (*endptr != '\0' || port > 65535 || port == 0) { - com_err (whoami, 0, - "invalid port number %s, must be 1..65535\n", - *argv); - exit (1); - } - } - else - break; - argv++; argc--; - } - if (argc || use_keytab + use_master > 1 || - use_keytab + use_master == 0) { - use_keytab = use_master = 0; - usage(context); - } - - signal(SIGINT, request_exit); - signal(SIGHUP, SIG_IGN); - signal(SIGTERM, request_exit); - - krb5_klog_init(context, "krb524d", whoami, !nofork); - - if (use_keytab) - init_keytab(context); - if (use_master) - init_master(context, &config_params); - - memset((char *) &saddr, 0, sizeof(struct sockaddr_in)); - saddr.sin_family = AF_INET; - saddr.sin_addr.s_addr = INADDR_ANY; - if (port == 0) { - serv = getservbyname(KRB524_SERVICE, "udp"); - if (serv == NULL) { - com_err(whoami, 0, "service entry `%s' not found, using %d", - KRB524_SERVICE, KRB524_PORT); - saddr.sin_port = htons(KRB524_PORT); - } else - saddr.sin_port = serv->s_port; - } else - saddr.sin_port = htons(port); - - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - com_err(whoami, errno, "creating main socket"); - cleanup_and_exit(1, context); - } - set_cloexec_fd(s); - if ((ret = bind(s, (struct sockaddr *) &saddr, - sizeof(struct sockaddr_in))) < 0) { - com_err(whoami, errno, "binding main socket"); - cleanup_and_exit(1, context); - } - if (!nofork && daemon(0, 0)) { - com_err(whoami, errno, "while detaching from tty"); - cleanup_and_exit(1, context); - } - - while (1) { - FD_ZERO(&rfds); - FD_SET(s, &rfds); - timeout.tv_sec = TIMEOUT; - timeout.tv_usec = 0; - - ret = select(s+1, &rfds, NULL, NULL, &timeout); - if (signalled) - cleanup_and_exit(0, context); - else if (ret == 0) { - if (use_master) { - ret = kadm5_flush(handle); - if (ret && ret != KRB5_KDB_DBNOTINITED) { - com_err(whoami, ret, "closing kerberos database"); - cleanup_and_exit(1, context); - } - } - } else if (ret < 0 && errno != EINTR) { - com_err(whoami, errno, "in select"); - cleanup_and_exit(1, context); - } else if (FD_ISSET(s, &rfds)) { - if (debug) - printf("received packet\n"); - if ((ret = do_connection(s, context))) { - com_err(whoami, ret, "handling packet"); - } - } else - com_err(whoami, 0, "impossible situation occurred!"); - } - - cleanup_and_exit(0, context); -} - -void cleanup_and_exit(ret, context) - int ret; - krb5_context context; -{ - if (use_master && handle) { - (void) kadm5_destroy(handle); - } - if (use_keytab && kt) krb5_kt_close(context, kt); - krb5_klog_close(context); - krb5_free_context(context); - exit(ret); -} - -void init_keytab(context) - krb5_context context; -{ - int ret; - use_keytab = 0; - if (keytab == NULL) { - if ((ret = krb5_kt_default(context, &kt))) { - com_err(whoami, ret, "while opening default keytab"); - cleanup_and_exit(1, context); - } - } else { - if ((ret = krb5_kt_resolve(context, keytab, &kt))) { - com_err(whoami, ret, "while resolving keytab %s", - keytab); - cleanup_and_exit(1, context); - } - } - use_keytab = 1; /* now safe to close keytab */ -} - -void init_master(context, params) - krb5_context context; - kadm5_config_params *params; -{ - int ret; - - use_master = 0; - if ((ret = kadm5_init(whoami, NULL, KADM5_ADMIN_SERVICE, params, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, - &handle))) { - com_err(whoami, ret, "initializing kadm5 library"); - cleanup_and_exit(1, context); - } - use_master = 1; /* now safe to close kadm5 */ -} - -krb5_error_code do_connection(s, context) - int s; - krb5_context context; -{ - struct sockaddr saddr; - krb5_ticket *v5tkt = 0; - krb5_data msgdata, tktdata; - char msgbuf[MSGSIZE], tktbuf[TKT_BUFSIZ], *p; - int ret; - socklen_t saddrlen; - krb5_int32 n; /* Must be 4 bytes */ - krb5_kvno v4kvno; - - msgdata.data = msgbuf; - msgdata.length = MSGSIZE; - tktdata.data = tktbuf; - tktdata.length = TKT_BUFSIZ; - saddrlen = sizeof(struct sockaddr); - ret = recvfrom(s, msgdata.data, (int) msgdata.length, 0, &saddr, &saddrlen); - if (ret < 0) { - /* if recvfrom fails, we probably don't have a valid saddr to - use for the reply, so don't even try to respond. */ - return errno; - } - if (debug) - printf("message received\n"); - - if ((ret = decode_krb5_ticket(&msgdata, &v5tkt))) { - switch (ret) { - case KRB5KDC_ERR_BAD_PVNO: - case ASN1_MISPLACED_FIELD: - case ASN1_MISSING_FIELD: - case ASN1_BAD_ID: - case KRB5_BADMSGTYPE: - /* don't even answer parse errors */ - return ret; - break; - default: - /* try and recognize our own error packet */ - if (msgdata.length == sizeof(krb5_int32)) - return KRB5_BADMSGTYPE; - else - goto error; - } - } - if (debug) - printf("V5 ticket decoded\n"); - - if (krb5_princ_size(context, v5tkt->server) >= 1 - && krb5_princ_component(context, v5tkt->server, 0)->length == 3 - && strncmp(krb5_princ_component(context, v5tkt->server, 0)->data, - "afs", 3) == 0) { - krb5_data *enc_part; - int use_v5; - if ((ret = afs_return_v4(context, v5tkt->server, - &use_v5)) != 0) - goto error; - if ((ret = encode_krb5_enc_data(&v5tkt->enc_part, &enc_part)) != 0) - goto error; - if (!(use_v5)|| enc_part->length >= 344) { - krb5_free_data(context, enc_part); - if ((ret = handle_classic_v4(context, v5tkt, - (struct sockaddr_in *) &saddr, &tktdata, - &v4kvno)) != 0) - goto error; - } else { - KTEXT_ST fake_v4tkt; - memset(&fake_v4tkt, 0x11, sizeof(fake_v4tkt)); - fake_v4tkt.mbz = 0; - fake_v4tkt.length = enc_part->length; - memcpy(fake_v4tkt.dat, enc_part->data, enc_part->length); - v4kvno = (0x100-0x2b); /*protocol constant indicating v5 - * enc part only*/ - krb5_free_data(context, enc_part); - ret = encode_v4tkt(&fake_v4tkt, tktdata.data, &tktdata.length); - } - } else { - if ((ret = handle_classic_v4(context, v5tkt, - (struct sockaddr_in *) &saddr, &tktdata, - &v4kvno)) != 0) - goto error; - } - -error: - /* create the reply */ - p = msgdata.data; - msgdata.length = 0; - - n = htonl(ret); - memcpy(p, (char *) &n, sizeof(krb5_int32)); - p += sizeof(krb5_int32); - msgdata.length += sizeof(krb5_int32); - - if (ret) - goto write_msg; - - n = htonl(v4kvno); - memcpy(p, (char *) &n, sizeof(krb5_int32)); - p += sizeof(krb5_int32); - msgdata.length += sizeof(krb5_int32); - - memcpy(p, tktdata.data, tktdata.length); - p += tktdata.length; - msgdata.length += tktdata.length; - -write_msg: - if (ret) - (void) sendto(s, msgdata.data, (int) msgdata.length, 0, &saddr, saddrlen); - else - if (sendto(s, msgdata.data, msgdata.length, 0, &saddr, saddrlen)<0) - ret = errno; - if (debug) - printf("reply written\n"); - if (v5tkt) - krb5_free_ticket(context, v5tkt); - - - return ret; -} - -krb5_error_code lookup_service_key(context, p, ktype, kvno, key, kvnop) - krb5_context context; - krb5_principal p; - krb5_enctype ktype; - krb5_kvno kvno; - krb5_keyblock *key; - krb5_kvno *kvnop; -{ - int ret; - krb5_keytab_entry entry; - - if (use_keytab) { - if ((ret = krb5_kt_get_entry(context, kt, p, kvno, ktype, &entry))) - return ret; - *key = entry.key; - key->contents = malloc(key->length); - if (key->contents) - memcpy(key->contents, entry.key.contents, key->length); - else if (key->length) { - /* out of memory? */ - ret = ENOMEM; - memset (key, 0, sizeof (*key)); - return ret; - } - - krb5_kt_free_entry(context, &entry); - return 0; - } else if (use_master) { - return kdc_get_server_key(context, p, key, kvnop, ktype, kvno); - } - return 0; -} - -krb5_error_code kdc_get_server_key(context, service, key, kvnop, ktype, kvno) - krb5_context context; - krb5_principal service; - krb5_keyblock *key; - krb5_kvno *kvnop; - krb5_enctype ktype; - krb5_kvno kvno; -{ - krb5_error_code ret; - kadm5_principal_ent_rec server; - - if ((ret = kadm5_get_principal(handle, service, &server, - KADM5_KEY_DATA|KADM5_ATTRIBUTES))) - return ret; - - if (server.attributes & KRB5_KDB_DISALLOW_ALL_TIX - || server.attributes & KRB5_KDB_DISALLOW_SVR) { - kadm5_free_principal_ent(handle, &server); - return KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; - } - - /* - * We try kadm5_decrypt_key twice because in the case of a - * ENCTYPE_DES_CBC_CRC key, we prefer to find a krb4 salt type - * over a normal key. Note this may create a problem if the - * server key is passworded and has both a normal and v4 salt. - * There is no good solution to this. - */ - if ((ret = kadm5_decrypt_key(handle, - &server, - ktype, - (ktype == ENCTYPE_DES_CBC_CRC) ? - KRB5_KDB_SALTTYPE_V4 : -1, - kvno, - key, NULL, kvnop)) && - (ret = kadm5_decrypt_key(handle, - &server, - ktype, - -1, - kvno, - key, NULL, kvnop))) { - kadm5_free_principal_ent(handle, &server); - return (KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN); - } - - kadm5_free_principal_ent(handle, &server); - return ret; -} - -/* - * We support two kinds of v4 credentials. There are real v4 - * credentials, and a Kerberos v5 enc part masquerading as a krb4 - * credential to be used by modern AFS implementations; this function - * handles the classic v4 case. - */ - -static krb5_error_code -handle_classic_v4 (krb5_context context, krb5_ticket *v5tkt, - struct sockaddr_in *saddr, - krb5_data *tktdata, krb5_kvno *v4kvno) -{ - krb5_error_code ret; - krb5_keyblock v5_service_key, v4_service_key; - KTEXT_ST v4tkt; - - v5_service_key.contents = NULL; - v4_service_key.contents = NULL; - - if ((ret = lookup_service_key(context, v5tkt->server, - v5tkt->enc_part.enctype, - v5tkt->enc_part.kvno, - &v5_service_key, NULL))) - goto error; - - if ((ret = lookup_service_key(context, v5tkt->server, - ENCTYPE_DES_CBC_CRC, - 0, - &v4_service_key, v4kvno))) - goto error; - - if (debug) - printf("service key retrieved\n"); - if ((ret = krb5_decrypt_tkt_part(context, &v5_service_key, v5tkt))) { - goto error; - } - - if (!(allow_v4_crossrealm || krb5_realm_compare(context, v5tkt->server, - v5tkt->enc_part2->client))) { - ret = KRB5KDC_ERR_POLICY; - goto error; - } - krb5_free_enc_tkt_part(context, v5tkt->enc_part2); - v5tkt->enc_part2= NULL; - - memset(&v4tkt, 0x33, sizeof(v4tkt)); - ret = krb524_convert_tkt_skey(context, v5tkt, &v4tkt, &v5_service_key, - &v4_service_key, - (struct sockaddr_in *)saddr); - if (ret) - goto error; - - if (debug) - printf("credentials converted\n"); - - ret = encode_v4tkt(&v4tkt, tktdata->data, &tktdata->length); - if (ret) - goto error; - if (debug) - printf("v4 credentials encoded\n"); - -error: - if (v5tkt->enc_part2) { - krb5_free_enc_tkt_part(context, v5tkt->enc_part2); - v5tkt->enc_part2 = NULL; - } - - if (v5_service_key.contents) - krb5_free_keyblock_contents(context, &v5_service_key); - if (v4_service_key.contents) - krb5_free_keyblock_contents(context, &v4_service_key); - return ret; -} - -/* - * afs_return_v4: a predicate to determine whether we want to try - * using the afs krb5 encrypted part encoding or whether we just - * return krb4. Takes a principal, and checks the configuration file. - */ -static krb5_error_code -afs_return_v4 (krb5_context context, const krb5_principal princ, - int *use_v5) -{ - krb5_error_code ret; - char *unparsed_name; - char *cp; - krb5_data realm; - assert(use_v5 != NULL); - ret = krb5_unparse_name(context, princ, &unparsed_name); - if (ret != 0) - return ret; -/* Trim out trailing realm component into separate string.*/ - for (cp = unparsed_name; *cp != '\0'; cp++) { - if (*cp == '\\') { - cp++; /* We trust unparse_name not to leave a singleton - * backslash*/ - continue; - } - if (*cp == '@') { - *cp = '\0'; - realm.data = cp+1; - realm.length = strlen((char *) realm.data); - break; - } - } - krb5_appdefault_boolean(context, "afs_krb5", - &realm, unparsed_name, 1, - use_v5); - krb5_free_unparsed_name(context, unparsed_name); - return ret; -} diff --git a/src/krb524/krb524d.h b/src/krb524/krb524d.h deleted file mode 100644 index b40e3aec52..0000000000 --- a/src/krb524/krb524d.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef KRB524INT_H -#define KRB524INT_H - -#include "port-sockets.h" -#include "kerberosIV/krb.h" - -#ifndef KRB524INT_BEGIN_DECLS -#ifdef __cplusplus -#define KRB524INT_BEGIN_DECLS extern "C" { -#define KRB524INT_END_DECLS } -#else -#define KRB524INT_BEGIN_DECLS -#define KRB524INT_END_DECLS -#endif -#endif - -KRB524INT_BEGIN_DECLS - -int krb524_convert_tkt_skey - (krb5_context context, krb5_ticket *v5tkt, KTEXT_ST *v4tkt, - krb5_keyblock *v5_skey, krb5_keyblock *v4_skey, - struct sockaddr_in *saddr); - -KRB524INT_END_DECLS - -#endif /* KRB524INT_H */ diff --git a/src/krb524/libinit.c b/src/krb524/libinit.c deleted file mode 100644 index 22aeea9f8e..0000000000 --- a/src/krb524/libinit.c +++ /dev/null @@ -1,27 +0,0 @@ -#ifdef _WIN32 -#include - -BOOL -WINAPI -DllMain( - HANDLE hModule, - DWORD fdwReason, - LPVOID lpReserved - ) -{ - switch (fdwReason) - { - case DLL_PROCESS_ATTACH: - break; - case DLL_THREAD_ATTACH: - break; - case DLL_THREAD_DETACH: - break; - case DLL_PROCESS_DETACH: - break; - default: - return FALSE; - } - return TRUE; -} -#endif diff --git a/src/krb524/test.c b/src/krb524/test.c deleted file mode 100644 index d0cb92181b..0000000000 --- a/src/krb524/test.c +++ /dev/null @@ -1,353 +0,0 @@ -/* - * Copyright 1994 by OpenVision Technologies, Inc. - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appears in all copies and - * that both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of OpenVision not be used - * in advertising or publicity pertaining to distribution of the software - * without specific, written prior permission. OpenVision makes no - * representations about the suitability of this software for any - * purpose. It is provided "as is" without express or implied warranty. - * - * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO - * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#include "k5-int.h" - -#include -#include -#include - -#ifndef _WIN32 -#include -#endif - -#include -#include -#include "com_err.h" - -#define KEYSIZE 8 -#define CRED_BUFSIZ 2048 - -#define krb5_print_addrs - -void do_local (krb5_creds *, krb5_keyblock *), - do_remote (krb5_context, krb5_creds *, char *, krb5_keyblock *); - -static -void print_key(msg, key) - char *msg; - des_cblock *key; -{ - printf("%s: ", msg); - C_Block_print(key); - printf("\n"); -} - -static -void print_time(msg, t) - char *msg; - int t; -{ - printf("%s: %d, %s", msg, t, ctime((time_t *) &t)); -} - -static -void krb5_print_times(msg, t) - char *msg; - krb5_ticket_times *t; -{ - printf("%s: Start: %d, %s", msg, t->starttime, - ctime((time_t *) &t->starttime)); - printf("%s: End: %d, %s", msg, t->endtime, - ctime((time_t *) &t->endtime)); - printf("%s: Auth: %d, %s", msg, t->authtime, - ctime((time_t *) &t->authtime)); - printf("%s: Renew: %d, %s", msg, t->renew_till, - ctime((time_t *) &t->renew_till)); -} - -static -void krb5_print_keyblock(msg, key) - char *msg; - krb5_keyblock *key; -{ - printf("%s: Keytype: %d\n", msg, key->enctype); - printf("%s: Length: %d\n", msg, key->length); - printf("%s: Key: ", msg); - C_Block_print((des_cblock *) key->contents); - printf("\n"); -} - -static -void krb5_print_ticket(context, ticket_data, key) - krb5_context context; - krb5_data *ticket_data; - krb5_keyblock *key; -{ - char *p; - krb5_ticket *tkt; - int ret; - - if ((ret = decode_krb5_ticket(ticket_data, &tkt))) { - com_err("test", ret, "decoding ticket"); - exit(1); - } - if ((ret = krb5_decrypt_tkt_part(context, key, tkt))) { - com_err("test", ret, "decrypting V5 ticket for print"); - exit(1); - } - - krb5_unparse_name(context, tkt->server, &p); - printf("Ticket: Server: %s\n", p); - free(p); - printf("Ticket: kvno: %d\n", tkt->enc_part.kvno); - printf("Ticket: Flags: 0x%08x\n", tkt->enc_part2->flags); - krb5_print_keyblock("Ticket: Session Keyblock", - tkt->enc_part2->session); - krb5_unparse_name(context, tkt->enc_part2->client, &p); - printf("Ticket: Client: %s\n", p); - free(p); - krb5_print_times("Ticket: Times", &tkt->enc_part2->times); - printf("Ticket: Address 0: %08lx\n", - *((unsigned long *) tkt->enc_part2->caddrs[0]->contents)); - - krb5_free_ticket(context, tkt); -} - -static -void krb5_print_creds(context, creds, secret_key) - krb5_context context; - krb5_creds *creds; - krb5_keyblock *secret_key; -{ - char *p; - - krb5_unparse_name(context, creds->client, &p); - printf("Client: %s\n", p); - free(p); - krb5_unparse_name(context, creds->server, &p); - printf("Server: %s\n", p); - free(p); - krb5_print_keyblock("Session key", &creds->keyblock); - krb5_print_times("Times", &creds->times); - printf("is_skey: %s\n", creds->is_skey ? "True" : "False"); - printf("Flags: 0x%08x\n", creds->ticket_flags); -#if 0 - krb5_print_addrs(creds->addresses); -#endif - krb5_print_ticket(context, &creds->ticket, secret_key); - /* krb5_print_ticket(context, &creds->second_ticket, secret_key); */ -} - -static -void krb4_print_ticket(ticket, secret_key) - KTEXT ticket; - krb5_keyblock *secret_key; -{ - char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ]; - char sname[ANAME_SZ], sinst[INST_SZ]; - unsigned char flags; - krb5_ui_4 addr; - krb5_ui_4 issue_time; - C_Block session_key; - int life; - Key_schedule keysched; - - int ret; - - if (des_key_sched(secret_key->contents, keysched)) { - fprintf(stderr, "Bug in DES key somewhere.\n"); - exit(1); - } - - ret = decomp_ticket(ticket, &flags, pname, pinst, prealm, &addr, - session_key, &life, &issue_time, sname, - sinst, secret_key->contents, keysched); - if (ret != KSUCCESS) { - fprintf(stderr, "krb4 decomp_ticket failed\n"); - exit(1); - } - printf("Ticket: Client: %s.%s@%s\n", pname, pinst, prealm); - printf("Ticket: Service: %s.%s\n", sname, sinst); - printf("Ticket: Address: %08lx\n", (long) addr); - print_key("Ticket: Session Key", (char *) session_key); - printf("Ticket: Lifetime: %d\n", life); - printf("Ticket: Issue Date: %ld, %s", (long) issue_time, - ctime((time_t *) &issue_time)); -} - -static -void krb4_print_creds(creds, secret_key) - CREDENTIALS *creds; - krb5_keyblock *secret_key; -{ - printf("Client: %s.%s@%s\n", creds->pname, creds->pinst, - creds->realm); - printf("Service: %s.%s@%s\n", creds->service, creds->instance, - creds->realm); - print_key("Session key", (char *) creds->session); - printf("Lifetime: %d\n", creds->lifetime); - printf("Key Version: %d\n", creds->kvno); - print_time("Issue Date", creds->issue_date); - krb4_print_ticket(&creds->ticket_st, secret_key); -} - -static -void usage() -{ - fprintf(stderr, "Usage: test [-remote server] client service\n"); - exit(1); -} - -int main(argc, argv) - int argc; - char **argv; -{ - krb5_principal client, server; - krb5_ccache cc; - krb5_creds increds, *v5creds; - krb5_keyblock key; - char keybuf[KEYSIZE], buf[BUFSIZ]; - int i, ret, local; - char *remote; - krb5_context context; - krb5_error_code retval; - -#if 0 - krb524_debug = 1; -#endif - - retval = krb5_init_context(&context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } - - local = 0; - remote = NULL; - argc--; argv++; - while (argc) { - if (strcmp(*argv, "-local") == 0) - local++; -#if 0 - else if (strcmp(*argv, "-remote") == 0) { - argc--; argv++; - if (!argc) - usage(); - remote = *argv; - } -#endif - else - break; - argc--; argv++; - } - if (argc != 2) - usage(); - - if ((ret = krb5_parse_name(context, argv[0], &client))) { - com_err("test", ret, "parsing client name"); - exit(1); - } - if ((ret = krb5_parse_name(context, argv[1], &server))) { - com_err("test", ret, "parsing server name"); - exit(1); - } - if ((ret = krb5_cc_default(context, &cc))) { - com_err("test", ret, "opening default credentials cache"); - exit(1); - } - - memset((char *) &increds, 0, sizeof(increds)); - increds.client = client; - increds.server = server; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_MD5; - if ((ret = krb5_get_credentials(context, 0, cc, &increds, &v5creds))) { - com_err("test", ret, "getting V5 credentials"); - exit(1); - } - - /* We need the service key in order to locally decrypt both */ - /* tickets for testing */ - printf("Service's key: "); - fflush(stdout); - fgets(buf, BUFSIZ, stdin); - for (i = 0; i < 8; i++) { - unsigned char c; - c = buf[2*i]; - if (c >= '0' && c <= '9') - c -= '0'; - else if (c >= 'a' && c <= 'z') - c = c - 'a' + 0xa; - keybuf[i] = c << 4; - c = buf[2*i+1]; - if (c >= '0' && c <= '9') - c -= '0'; - else if (c >= 'a' && c <= 'z') - c = c - 'a' + 0xa; - keybuf[i] += c; - } - - key.enctype = ENCTYPE_DES_CBC_MD5; - key.length = KEYSIZE; /* presumably */ - key.contents = (krb5_octet *) keybuf; - - do_remote(context, v5creds, remote, &key); - exit(0); -} - -void do_remote(context, v5creds, server, key) - krb5_context context; - krb5_creds *v5creds; - char *server; - krb5_keyblock *key; -{ -#if 0 - struct sockaddr_in saddr; - struct hostent *hp; -#endif - CREDENTIALS v4creds; - int ret; - - printf("\nV5 credentials:\n"); - krb5_print_creds(context, v5creds, key); - -#if 0 - if (strcmp(server, "kdc") != 0) { - hp = gethostbyname(server); - if (hp == NULL) { - fprintf(stderr, "test: host %s does not exist.\n", server); - exit(1); - } - memset((char *) &saddr, 0, sizeof(struct sockaddr_in)); - saddr.sin_family = AF_INET; - memcpy((char *) &saddr.sin_addr.s_addr, hp->h_addr, - sizeof(struct in_addr)); - - if ((ret = krb524_convert_creds_addr(context, v5creds, &v4creds, - (struct sockaddr *) &saddr))) { - com_err("test", ret, "converting credentials on %s", - server); - exit(1); - } - } else -#endif - { - if ((ret = krb524_convert_creds_kdc(context, v5creds, &v4creds))) { - com_err("test", ret, "converting credentials via kdc"); - exit(1); - } - } - - printf("\nV4 credentials:\n"); - krb4_print_creds(&v4creds, key); -} diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 9d139a744e..f5180d7c29 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -1,15 +1,14 @@ thisconfigdir=./.. myfulldir=lib mydir=lib -SUBDIRS=crypto krb5 des425 @KRB4@ gssapi rpc kdb kadm5 apputils +SUBDIRS=crypto krb5 gssapi rpc kdb kadm5 apputils BUILDTOP=$(REL).. all-unix:: -CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libdes425.a \ - libkrb425.a libkadm.a libkrb4.a libcom_err.a libpty.a \ - libss.a libgssapi.a libapputils.a \ - libkrb5.so libcrypto.so libkrb4.so libdes425.so +CLEANLIBS = libkrb5.a libkdb5.a libcrypto.a libgssapi_krb5.a libkadm.a \ + libcom_err.a libpty.a ibss.a libgssapi.a libapputils.a libkrb5.so \ + libcrypto.so clean-unix:: diff --git a/src/lib/apputils/Makefile.in b/src/lib/apputils/Makefile.in index 77beb1f756..07d7aa3c49 100644 --- a/src/lib/apputils/Makefile.in +++ b/src/lib/apputils/Makefile.in @@ -36,18 +36,3 @@ SRCS= $(srcdir)/daemon.c \ @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -daemon.so daemon.po $(OUTPRE)daemon.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h daemon.c -dummy.so dummy.po $(OUTPRE)dummy.$(OBJEXT): dummy.c diff --git a/src/lib/apputils/deps b/src/lib/apputils/deps new file mode 100644 index 0000000000..93b7a2f044 --- /dev/null +++ b/src/lib/apputils/deps @@ -0,0 +1,14 @@ +# +# Generated makefile dependencies follow. +# +daemon.so daemon.po $(OUTPRE)daemon.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + daemon.c +dummy.so dummy.po $(OUTPRE)dummy.$(OBJEXT): dummy.c diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in index fe434fa12b..a822e932c5 100644 --- a/src/lib/crypto/Makefile.in +++ b/src/lib/crypto/Makefile.in @@ -8,7 +8,7 @@ LOCALINCLUDES = -I$(srcdir)/enc_provider \ -I$(srcdir)/hash_provider -I$(srcdir)/keyhash_provider \ -I$(srcdir)/aes \ -I$(srcdir)/old -I$(srcdir)/raw -I$(srcdir)/dk -I$(srcdir)/arcfour \ - -I$(srcdir)/yarrow -I$(srcdir)/sha1 + -I$(srcdir)/yarrow -I$(srcdir)/sha1 -I$(srcdir)/md5 RUN_SETUP = @KRB5_RUN_ENV@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) @@ -34,16 +34,20 @@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) STLIBOBJS=\ + aead.o \ block_size.o \ checksum_length.o \ cksumtype_to_string.o \ cksumtypes.o \ coll_proof_cksum.o \ combine_keys.o \ + crypto_length.o \ crypto_libinit.o \ default_state.o \ decrypt.o \ + decrypt_iov.o \ encrypt.o \ + encrypt_iov.o \ encrypt_length.o \ enctype_compare.o \ enctype_to_string.o \ @@ -54,6 +58,7 @@ STLIBOBJS=\ keyed_checksum_types.o \ keylengths.o \ make_checksum.o \ + make_checksum_iov.o \ make_random_key.o \ mandatory_sumtype.o \ nfold.o \ @@ -68,19 +73,24 @@ STLIBOBJS=\ string_to_key.o \ valid_cksumtype.o \ valid_enctype.o \ - verify_checksum.o + verify_checksum.o \ + verify_checksum_iov.o OBJS=\ + $(OUTPRE)aead.$(OBJEXT) \ $(OUTPRE)block_size.$(OBJEXT) \ $(OUTPRE)checksum_length.$(OBJEXT) \ $(OUTPRE)cksumtype_to_string.$(OBJEXT) \ $(OUTPRE)cksumtypes.$(OBJEXT) \ $(OUTPRE)coll_proof_cksum.$(OBJEXT) \ $(OUTPRE)combine_keys.$(OBJEXT) \ + $(OUTPRE)crypto_length.$(OBJEXT) \ $(OUTPRE)crypto_libinit.$(OBJEXT) \ $(OUTPRE)default_state.$(OBJEXT) \ $(OUTPRE)decrypt.$(OBJEXT) \ + $(OUTPRE)decrypt_iov.$(OBJEXT) \ $(OUTPRE)encrypt.$(OBJEXT) \ + $(OUTPRE)encrypt_iov.$(OBJEXT) \ $(OUTPRE)encrypt_length.$(OBJEXT) \ $(OUTPRE)enctype_compare.$(OBJEXT) \ $(OUTPRE)enctype_to_string.$(OBJEXT) \ @@ -91,6 +101,7 @@ OBJS=\ $(OUTPRE)keyed_checksum_types.$(OBJEXT) \ $(OUTPRE)keylengths.$(OBJEXT) \ $(OUTPRE)make_checksum.$(OBJEXT) \ + $(OUTPRE)make_checksum_iov.$(OBJEXT) \ $(OUTPRE)make_random_key.$(OBJEXT) \ $(OUTPRE)mandatory_sumtype.$(OBJEXT) \ $(OUTPRE)nfold.$(OBJEXT) \ @@ -105,19 +116,24 @@ OBJS=\ $(OUTPRE)string_to_key.$(OBJEXT) \ $(OUTPRE)valid_cksumtype.$(OBJEXT) \ $(OUTPRE)valid_enctype.$(OBJEXT) \ - $(OUTPRE)verify_checksum.$(OBJEXT) + $(OUTPRE)verify_checksum.$(OBJEXT) \ + $(OUTPRE)verify_checksum_iov.$(OBJEXT) SRCS=\ + $(srcdir)/aead.c \ $(srcdir)/block_size.c \ $(srcdir)/checksum_length.c \ $(srcdir)/cksumtype_to_string.c \ $(srcdir)/cksumtypes.c \ $(srcdir)/coll_proof_cksum.c \ $(srcdir)/combine_keys.c \ + $(srcdir)/crypto_length.c \ $(srcdir)/crypto_libinit.c \ $(srcdir)/default_state.c \ $(srcdir)/decrypt.c \ + $(srcdir)/decrypt_iov.c \ $(srcdir)/encrypt.c \ + $(srcdir)/encrypt_iov.c \ $(srcdir)/encrypt_length.c \ $(srcdir)/enctype_compare.c \ $(srcdir)/enctype_to_string.c \ @@ -128,6 +144,7 @@ SRCS=\ $(srcdir)/keyed_checksum_types.c\ $(srcdir)/keylengths.c \ $(srcdir)/make_checksum.c \ + $(srcdir)/make_checksum_iov.c \ $(srcdir)/make_random_key.c \ $(srcdir)/mandatory_sumtype.c \ $(srcdir)/nfold.c \ @@ -142,7 +159,8 @@ SRCS=\ $(srcdir)/string_to_key.c \ $(srcdir)/valid_cksumtype.c \ $(srcdir)/valid_enctype.c \ - $(srcdir)/verify_checksum.c + $(srcdir)/verify_checksum.c \ + $(srcdir)/verify_checksum_iov.c LIBBASE=k5crypto @@ -363,433 +381,3 @@ check-windows:: @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -block_size.so block_size.po $(OUTPRE)block_size.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - block_size.c etypes.h -checksum_length.so checksum_length.po $(OUTPRE)checksum_length.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - checksum_length.c cksumtypes.h -cksumtype_to_string.so cksumtype_to_string.po $(OUTPRE)cksumtype_to_string.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cksumtype_to_string.c cksumtypes.h -cksumtypes.so cksumtypes.po $(OUTPRE)cksumtypes.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/hash_provider/hash_provider.h $(srcdir)/keyhash_provider/keyhash_provider.h \ - cksumtypes.c cksumtypes.h -coll_proof_cksum.so coll_proof_cksum.po $(OUTPRE)coll_proof_cksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cksumtypes.h coll_proof_cksum.c -combine_keys.so combine_keys.po $(OUTPRE)combine_keys.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/dk/dk.h combine_keys.c etypes.h -crypto_libinit.so crypto_libinit.po $(OUTPRE)crypto_libinit.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - crypto_libinit.c -default_state.so default_state.po $(OUTPRE)default_state.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - default_state.c -decrypt.so decrypt.po $(OUTPRE)decrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h decrypt.c etypes.h -encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h encrypt.c etypes.h -encrypt_length.so encrypt_length.po $(OUTPRE)encrypt_length.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - encrypt_length.c etypes.h -enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - enctype_compare.c etypes.h -enctype_to_string.so enctype_to_string.po $(OUTPRE)enctype_to_string.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - enctype_to_string.c etypes.h -etypes.so etypes.po $(OUTPRE)etypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/aes/aes_s2k.h \ - $(srcdir)/arcfour/arcfour.h $(srcdir)/dk/dk.h $(srcdir)/enc_provider/enc_provider.h \ - $(srcdir)/hash_provider/hash_provider.h $(srcdir)/old/old.h \ - $(srcdir)/raw/raw.h etypes.c etypes.h -hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h hmac.c -keyblocks.so keyblocks.po $(OUTPRE)keyblocks.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - keyblocks.c -keyed_cksum.so keyed_cksum.po $(OUTPRE)keyed_cksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cksumtypes.h keyed_cksum.c -keyed_checksum_types.so keyed_checksum_types.po $(OUTPRE)keyed_checksum_types.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cksumtypes.h etypes.h keyed_checksum_types.c -keylengths.so keylengths.po $(OUTPRE)keylengths.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - etypes.h keylengths.c -make_checksum.so make_checksum.po $(OUTPRE)make_checksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/dk/dk.h cksumtypes.h etypes.h make_checksum.c -make_random_key.so make_random_key.po $(OUTPRE)make_random_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - etypes.h make_random_key.c -mandatory_sumtype.so mandatory_sumtype.po $(OUTPRE)mandatory_sumtype.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - etypes.h mandatory_sumtype.c -nfold.so nfold.po $(OUTPRE)nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h nfold.c -old_api_glue.so old_api_glue.po $(OUTPRE)old_api_glue.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - old_api_glue.c -pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \ - pbkdf2.c -prf.so prf.po $(OUTPRE)prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h etypes.h prf.c -prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/enc_provider/enc_provider.h \ - $(srcdir)/sha1/shs.h $(srcdir)/yarrow/yarrow.h $(srcdir)/yarrow/ycipher.h \ - $(srcdir)/yarrow/yhash.h $(srcdir)/yarrow/ytypes.h \ - prng.c -random_to_key.so random_to_key.po $(OUTPRE)random_to_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - etypes.h random_to_key.c -state.so state.po $(OUTPRE)state.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h etypes.h state.c -string_to_cksumtype.so string_to_cksumtype.po $(OUTPRE)string_to_cksumtype.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cksumtypes.h string_to_cksumtype.c -string_to_enctype.so string_to_enctype.po $(OUTPRE)string_to_enctype.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - etypes.h string_to_enctype.c -string_to_key.so string_to_key.po $(OUTPRE)string_to_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - etypes.h string_to_key.c -valid_cksumtype.so valid_cksumtype.po $(OUTPRE)valid_cksumtype.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cksumtypes.h valid_cksumtype.c -valid_enctype.so valid_enctype.po $(OUTPRE)valid_enctype.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - etypes.h valid_enctype.c -verify_checksum.so verify_checksum.po $(OUTPRE)verify_checksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cksumtypes.h verify_checksum.c -t_nfold.so t_nfold.po $(OUTPRE)t_nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h t_nfold.c -t_encrypt.so t_encrypt.po $(OUTPRE)t_encrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - etypes.h t_encrypt.c -t_prf.so t_prf.po $(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h t_prf.c -t_prng.so t_prng.po $(OUTPRE)t_prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h t_prng.c -t_hmac.so t_hmac.po $(OUTPRE)t_hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \ - t_hmac.c -t_pkcs5.so t_pkcs5.po $(OUTPRE)t_pkcs5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h t_pkcs5.c -t_cts.so t_cts.po $(OUTPRE)t_cts.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \ - t_cts.c -vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \ - vectors.c diff --git a/src/lib/crypto/aead.c b/src/lib/crypto/aead.c new file mode 100644 index 0000000000..2d9a8353af --- /dev/null +++ b/src/lib/crypto/aead.c @@ -0,0 +1,573 @@ +/* + * lib/crypto/aead.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "k5-int.h" +#include "etypes.h" +#include "cksumtypes.h" +#include "dk.h" +#include "aead.h" + +krb5_crypto_iov * +krb5int_c_locate_iov(krb5_crypto_iov *data, + size_t num_data, + krb5_cryptotype type) +{ + size_t i; + krb5_crypto_iov *iov = NULL; + + if (data == NULL) + return NULL; + + for (i = 0; i < num_data; i++) { + if (data[i].flags == type) { + if (iov == NULL) + iov = &data[i]; + else + return NULL; /* can't appear twice */ + } + } + + return iov; +} + +static krb5_error_code +make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider, + const krb5_crypto_iov *data, + size_t num_data, + krb5_data *output) +{ + krb5_data *sign_data; + size_t num_sign_data; + krb5_error_code ret; + size_t i, j; + + /* Create a checksum over all the data to be signed */ + for (i = 0, num_sign_data = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) + num_sign_data++; + } + + /* XXX cleanup to avoid alloc */ + sign_data = (krb5_data *)calloc(num_sign_data, sizeof(krb5_data)); + if (sign_data == NULL) + return ENOMEM; + + for (i = 0, j = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) + sign_data[j++] = iov->data; + } + + ret = hash_provider->hash(num_sign_data, sign_data, output); + + free(sign_data); + + return ret; +} + +krb5_error_code +krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum_type, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_crypto_iov *data, + size_t num_data, + krb5_data *cksum_data) +{ + int e1, e2; + krb5_error_code ret; + + if (cksum_type->keyhash != NULL) { + /* check if key is compatible */ + + if (cksum_type->keyed_etype) { + for (e1=0; e1keyed_etype) + break; + + for (e2=0; e2enctype) + break; + + if ((e1 == krb5_enctypes_length) || + (e2 == krb5_enctypes_length) || + (krb5_enctypes_list[e1].enc != krb5_enctypes_list[e2].enc)) { + ret = KRB5_BAD_ENCTYPE; + goto cleanup; + } + } + + if (cksum_type->keyhash->hash_iov == NULL) { + return KRB5_BAD_ENCTYPE; + } + + ret = (*(cksum_type->keyhash->hash_iov))(key, usage, 0, + data, num_data, cksum_data); + } else if (cksum_type->flags & KRB5_CKSUMFLAG_DERIVE) { + ret = krb5int_dk_make_checksum_iov(cksum_type->hash, + key, usage, data, num_data, + cksum_data); + } else { + ret = make_unkeyed_checksum_iov(cksum_type->hash, data, num_data, + cksum_data); + } + + if (ret == 0) { + if (cksum_type->trunc_size) { + cksum_data->length = cksum_type->trunc_size; + } + } + +cleanup: + if (ret != 0) { + memset(cksum_data->data, 0, cksum_data->length); + } + + return ret; +} + +const struct krb5_cksumtypes * +krb5int_c_find_checksum_type(krb5_cksumtype cksumtype) +{ + size_t i; + + for (i = 0; i < krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == cksumtype) + break; + } + + if (i == krb5_cksumtypes_length) + return NULL; + + return &krb5_cksumtypes_list[i]; +} + +#ifdef DEBUG_IOV +static void +dump_block(const char *tag, + size_t i, + size_t j, + unsigned char *block, + size_t block_size) +{ + size_t k; + + printf("[%s: %d.%d] ", tag, i, j); + + for (k = 0; k < block_size; k++) + printf("%02x ", block[k] & 0xFF); + + printf("\n"); +} +#endif + +static int +process_block_p(const krb5_crypto_iov *data, + size_t num_data, + struct iov_block_state *iov_state, + size_t i) +{ + const krb5_crypto_iov *iov = &data[i]; + int process_block; + + switch (iov->flags) { + case KRB5_CRYPTO_TYPE_SIGN_ONLY: + process_block = iov_state->include_sign_only; + break; + case KRB5_CRYPTO_TYPE_PADDING: + process_block = (iov_state->pad_to_boundary == 0); + break; + case KRB5_CRYPTO_TYPE_HEADER: + process_block = (iov_state->ignore_header == 0); + break; + case KRB5_CRYPTO_TYPE_DATA: + process_block = 1; + break; + default: + process_block = 0; + break; + } + + return process_block; +} + +/* + * Returns TRUE if, having reached the end of the current buffer, + * we should pad the rest of the block with zeros. + */ +static int +pad_to_boundary_p(const krb5_crypto_iov *data, + size_t num_data, + struct iov_block_state *iov_state, + size_t i, + size_t j) +{ + /* If the pad_to_boundary flag is unset, return FALSE */ + if (iov_state->pad_to_boundary == 0) + return 0; + + /* If we haven't got any data, we need to get some */ + if (j == 0) + return 0; + + /* No boundary between adjacent buffers marked for processing */ + if (data[iov_state->iov_pos].flags == data[i].flags) + return 0; + + return 1; +} + +krb5_boolean +krb5int_c_iov_get_block(unsigned char *block, + size_t block_size, + const krb5_crypto_iov *data, + size_t num_data, + struct iov_block_state *iov_state) +{ + size_t i, j = 0; + + for (i = iov_state->iov_pos; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + size_t nbytes; + + if (!process_block_p(data, num_data, iov_state, i)) + continue; + + if (pad_to_boundary_p(data, num_data, iov_state, i, j)) + break; + + iov_state->iov_pos = i; + + nbytes = iov->data.length - iov_state->data_pos; + if (nbytes > block_size - j) + nbytes = block_size - j; + + memcpy(block + j, iov->data.data + iov_state->data_pos, nbytes); + + iov_state->data_pos += nbytes; + j += nbytes; + + assert(j <= block_size); + + if (j == block_size) + break; + + assert(iov_state->data_pos == iov->data.length); + + iov_state->data_pos = 0; + } + + iov_state->iov_pos = i; + + if (j != block_size) + memset(block + j, 0, block_size - j); + +#ifdef DEBUG_IOV + dump_block("get_block", i, j, block, block_size); +#endif + + return (iov_state->iov_pos < num_data); +} + +krb5_boolean +krb5int_c_iov_put_block(const krb5_crypto_iov *data, + size_t num_data, + unsigned char *block, + size_t block_size, + struct iov_block_state *iov_state) +{ + size_t i, j = 0; + + for (i = iov_state->iov_pos; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + size_t nbytes; + + if (!process_block_p(data, num_data, iov_state, i)) + continue; + + if (pad_to_boundary_p(data, num_data, iov_state, i, j)) + break; + + iov_state->iov_pos = i; + + nbytes = iov->data.length - iov_state->data_pos; + if (nbytes > block_size - j) + nbytes = block_size - j; + + memcpy(iov->data.data + iov_state->data_pos, block + j, nbytes); + + iov_state->data_pos += nbytes; + j += nbytes; + + assert(j <= block_size); + + if (j == block_size) + break; + + assert(iov_state->data_pos == iov->data.length); + + iov_state->data_pos = 0; + } + + iov_state->iov_pos = i; + +#ifdef DEBUG_IOV + dump_block("put_block", i, j, block, block_size); +#endif + + return (iov_state->iov_pos < num_data); +} + +krb5_error_code +krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + krb5_error_code ret; + unsigned int header_len, trailer_len, padding_len; + krb5_crypto_iov *iov; + krb5_crypto_iov *stream; + size_t i, j; + int got_data = 0; + + stream = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM); + assert(stream != NULL); + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER, &header_len); + if (ret != 0) + return ret; + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &trailer_len); + if (ret != 0) + return ret; + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &padding_len); + if (ret != 0) + return ret; + + if (stream->data.length < header_len + trailer_len) + return KRB5_BAD_MSIZE; + + iov = (krb5_crypto_iov *)calloc(num_data + 2, sizeof(krb5_crypto_iov)); + if (iov == NULL) + return ENOMEM; + + i = 0; + + iov[i].flags = KRB5_CRYPTO_TYPE_HEADER; /* takes place of STREAM */ + iov[i].data.data = stream->data.data; + iov[i].data.length = header_len; + i++; + + for (j = 0; j < num_data; j++) { + if (data[j].flags == KRB5_CRYPTO_TYPE_DATA) { + if (got_data) { + free(iov); + return KRB5_BAD_MSIZE; + } + + got_data++; + + data[j].data.data = stream->data.data + header_len; + data[j].data.length = stream->data.length - header_len - trailer_len; + } + if (data[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY || + data[j].flags == KRB5_CRYPTO_TYPE_DATA) + iov[i++] = data[j]; + } + + /* XXX not self-describing with respect to length, this is the best we can do */ + iov[i].flags = KRB5_CRYPTO_TYPE_PADDING; + iov[i].data.data = NULL; + iov[i].data.length = 0; + i++; + + iov[i].flags = KRB5_CRYPTO_TYPE_TRAILER; + iov[i].data.data = stream->data.data + stream->data.length - trailer_len; + iov[i].data.length = trailer_len; + i++; + + assert(i <= num_data + 2); + + ret = aead->decrypt_iov(aead, enc, hash, key, keyusage, ivec, iov, i); + + free(iov); + + return ret; +} + +krb5_error_code +krb5int_c_padding_length(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + size_t data_length, + unsigned int *pad_length) +{ + unsigned int padding; + krb5_error_code ret; + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &padding); + if (ret != 0) + return ret; + + if (padding == 0 || (data_length % padding) == 0) + *pad_length = 0; + else + *pad_length = padding - (data_length % padding); + + return 0; +} + +krb5_error_code +krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *output) +{ + krb5_crypto_iov iov[4]; + krb5_error_code ret; + unsigned int header_len = 0; + unsigned int padding_len = 0; + unsigned int trailer_len = 0; + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER, + &header_len); + if (ret != 0) + return ret; + + ret = krb5int_c_padding_length(aead, enc, hash, input->length, &padding_len); + if (ret != 0) + return ret; + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, + &trailer_len); + if (ret != 0) + return ret; + + if (output->length < header_len + input->length + padding_len + trailer_len) + return KRB5_BAD_MSIZE; + + iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; + iov[0].data.data = output->data; + iov[0].data.length = header_len; + + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[1].data.data = iov[0].data.data + iov[0].data.length; + iov[1].data.length = input->length; + memcpy(iov[1].data.data, input->data, input->length); + + iov[2].flags = KRB5_CRYPTO_TYPE_PADDING; + iov[2].data.data = iov[1].data.data + iov[1].data.length; + iov[2].data.length = padding_len; + + iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER; + iov[3].data.data = iov[2].data.data + iov[2].data.length; + iov[3].data.length = trailer_len; + + ret = aead->encrypt_iov(aead, enc, hash, key, + usage, ivec, + iov, sizeof(iov)/sizeof(iov[0])); + + if (ret != 0) + zap(iov[1].data.data, iov[1].data.length); + + output->length = iov[0].data.length + iov[1].data.length + + iov[2].data.length + iov[3].data.length; + + return ret; +} + +krb5_error_code +krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *output) +{ + krb5_crypto_iov iov[2]; + krb5_error_code ret; + + iov[0].flags = KRB5_CRYPTO_TYPE_STREAM; + iov[0].data.data = malloc(input->length); + if (iov[0].data.data == NULL) + return ENOMEM; + + memcpy(iov[0].data.data, input->data, input->length); + iov[0].data.length = input->length; + + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[1].data.data = NULL; + iov[1].data.length = 0; + + ret = krb5int_c_iov_decrypt_stream(aead, enc, hash, key, + usage, ivec, + iov, sizeof(iov)/sizeof(iov[0])); + if (ret != 0) + goto cleanup; + + if (output->length < iov[1].data.length) { + ret = KRB5_BAD_MSIZE; + goto cleanup; + } + + memcpy(output->data, iov[1].data.data, iov[1].data.length); + output->length = iov[1].data.length; + +cleanup: + zap(iov[0].data.data, iov[0].data.length); + free(iov[0].data.data); + + return ret; +} + +void +krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + size_t inputlen, size_t *length) +{ + unsigned int header_len = 0; + unsigned int padding_len = 0; + unsigned int trailer_len = 0; + + aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER, &header_len); + krb5int_c_padding_length(aead, enc, hash, inputlen, &padding_len); + aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &trailer_len); + + *length = header_len + inputlen + padding_len + trailer_len; +} + diff --git a/src/lib/crypto/aead.h b/src/lib/crypto/aead.h new file mode 100644 index 0000000000..d266ee65c4 --- /dev/null +++ b/src/lib/crypto/aead.h @@ -0,0 +1,122 @@ +/* + * lib/crypto/aead.h + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "k5-int.h" + +/* AEAD helpers */ + +krb5_crypto_iov * +krb5int_c_locate_iov(krb5_crypto_iov *data, + size_t num_data, + krb5_cryptotype type); + +krb5_error_code +krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_crypto_iov *data, + size_t num_data, + krb5_data *cksum_data); + +const struct krb5_cksumtypes * +krb5int_c_find_checksum_type(krb5_cksumtype cksumtype); + +#define ENCRYPT_CONF_IOV(_iov) ((_iov)->flags == KRB5_CRYPTO_TYPE_HEADER) + +#define ENCRYPT_DATA_IOV(_iov) ((_iov)->flags == KRB5_CRYPTO_TYPE_DATA || \ + (_iov)->flags == KRB5_CRYPTO_TYPE_PADDING) + +#define ENCRYPT_IOV(_iov) (ENCRYPT_CONF_IOV(_iov) || ENCRYPT_DATA_IOV(_iov)) + +#define SIGN_IOV(_iov) (ENCRYPT_IOV(_iov) || \ + (_iov)->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY ) + +struct iov_block_state { + size_t iov_pos; /* index into iov array */ + size_t data_pos; /* index into iov contents */ + unsigned int ignore_header : 1; /* have/should we process HEADER */ + unsigned int include_sign_only : 1; /* should we process SIGN_ONLY blocks */ + unsigned int pad_to_boundary : 1; /* should we zero fill blocks until next buffer */ +}; + +#define IOV_BLOCK_STATE_INIT(_state) ((_state)->iov_pos = \ + (_state)->data_pos = \ + (_state)->ignore_header = \ + (_state)->include_sign_only = \ + (_state)->pad_to_boundary = 0) + +krb5_boolean +krb5int_c_iov_get_block(unsigned char *block, + size_t block_size, + const krb5_crypto_iov *data, + size_t num_data, + struct iov_block_state *iov_state); + +krb5_boolean +krb5int_c_iov_put_block(const krb5_crypto_iov *data, + size_t num_data, + unsigned char *block, + size_t block_size, + struct iov_block_state *iov_state); + +krb5_error_code +krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage keyusage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data); + +krb5_error_code +krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *output); + +krb5_error_code +krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *output); + +void +krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + size_t inputlen, size_t *length); + +krb5_error_code +krb5int_c_padding_length(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + size_t data_length, + unsigned int *pad_length); diff --git a/src/lib/crypto/aes/Makefile.in b/src/lib/crypto/aes/Makefile.in index 8407bad10e..4ed8ef7bff 100644 --- a/src/lib/crypto/aes/Makefile.in +++ b/src/lib/crypto/aes/Makefile.in @@ -70,25 +70,3 @@ clean:: @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -aescrypt.so aescrypt.po $(OUTPRE)aescrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h aes.h aescrypt.c aesopt.h \ - uitypes.h -aestab.so aestab.po $(OUTPRE)aestab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - aes.h aesopt.h aestab.c uitypes.h -aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - aes.h aeskey.c aesopt.h uitypes.h -aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../dk/dk.h \ - aes_s2k.c aes_s2k.h diff --git a/src/lib/crypto/aes/deps b/src/lib/crypto/aes/deps new file mode 100644 index 0000000000..4434425fd9 --- /dev/null +++ b/src/lib/crypto/aes/deps @@ -0,0 +1,20 @@ +# +# Generated makefile dependencies follow. +# +aescrypt.so aescrypt.po $(OUTPRE)aescrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h aes.h aescrypt.c aesopt.h \ + uitypes.h +aestab.so aestab.po $(OUTPRE)aestab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + aes.h aesopt.h aestab.c uitypes.h +aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + aes.h aeskey.c aesopt.h uitypes.h +aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../dk/dk.h aes_s2k.c aes_s2k.h diff --git a/src/lib/crypto/arcfour/Makefile.in b/src/lib/crypto/arcfour/Makefile.in index 1ad8c89707..d56deb85f1 100644 --- a/src/lib/crypto/arcfour/Makefile.in +++ b/src/lib/crypto/arcfour/Makefile.in @@ -16,14 +16,17 @@ RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf STLIBOBJS=\ arcfour.o \ + arcfour_aead.o \ arcfour_s2k.o OBJS=\ $(OUTPRE)arcfour.$(OBJEXT) \ + $(OUTPRE)arcfour_aead.$(OBJEXT) \ $(OUTPRE)arcfour_s2k.$(OBJEXT) SRCS=\ $(srcdir)/arcfour.c \ + $(srcdir)/arcfour_aead.c\ $(srcdir)/arcfour_s2k.c ##DOS##LIBOBJS = $(OBJS) @@ -38,29 +41,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h arcfour-int.h arcfour.c \ - arcfour.h -arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../md4/rsa-md4.h arcfour-int.h arcfour.h \ - arcfour_s2k.c diff --git a/src/lib/crypto/arcfour/arcfour-int.h b/src/lib/crypto/arcfour/arcfour-int.h index 398fe57a1d..efd7a02829 100644 --- a/src/lib/crypto/arcfour/arcfour-int.h +++ b/src/lib/crypto/arcfour/arcfour-int.h @@ -27,5 +27,6 @@ typedef struct { krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage); +extern const char *const krb5int_arcfour_l40; #endif /* ARCFOUR_INT_H */ diff --git a/src/lib/crypto/arcfour/arcfour.c b/src/lib/crypto/arcfour/arcfour.c index a2df5ddf59..8c9e8e1a4e 100644 --- a/src/lib/crypto/arcfour/arcfour.c +++ b/src/lib/crypto/arcfour/arcfour.c @@ -8,7 +8,7 @@ of RSA Data Security) */ #include "k5-int.h" #include "arcfour-int.h" -static const char *const l40 = "fortybits"; +const char *const krb5int_arcfour_l40 = "fortybits"; void krb5_arcfour_encrypt_length(const struct krb5_enc_provider *enc, @@ -139,7 +139,7 @@ krb5_arcfour_encrypt(const struct krb5_enc_provider *enc, /* begin the encryption, computer K1 */ ms_usage=krb5int_arcfour_translate_usage(usage); if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { - strncpy(salt.data, l40, salt.length); + strncpy(salt.data, krb5int_arcfour_l40, salt.length); store_32_le(ms_usage, salt.data+10); } else { salt.length=4; @@ -253,7 +253,7 @@ krb5_arcfour_decrypt(const struct krb5_enc_provider *enc, /* compute the salt */ ms_usage=krb5int_arcfour_translate_usage(usage); if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { - strncpy(salt.data, l40, salt.length); + strncpy(salt.data, krb5int_arcfour_l40, salt.length); salt.data[10]=ms_usage & 0xff; salt.data[11]=(ms_usage>>8) & 0xff; salt.data[12]=(ms_usage>>16) & 0xff; diff --git a/src/lib/crypto/arcfour/arcfour.h b/src/lib/crypto/arcfour/arcfour.h index c6e4353348..e8ff203ca1 100644 --- a/src/lib/crypto/arcfour/arcfour.h +++ b/src/lib/crypto/arcfour/arcfour.h @@ -33,4 +33,6 @@ extern krb5_error_code krb5int_arcfour_string_to_key( krb5_keyblock *); extern const struct krb5_enc_provider krb5int_enc_arcfour; +extern const struct krb5_aead_provider krb5int_aead_arcfour; + #endif /* ARCFOUR_H */ diff --git a/src/lib/crypto/arcfour/arcfour_aead.c b/src/lib/crypto/arcfour/arcfour_aead.c new file mode 100644 index 0000000000..025118ed7d --- /dev/null +++ b/src/lib/crypto/arcfour/arcfour_aead.c @@ -0,0 +1,325 @@ +/* + * lib/crypto/arcfour/arcfour_aead.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + + +#include "k5-int.h" +#include "arcfour.h" +#include "arcfour-int.h" +#include "aead.h" + +/* AEAD */ + +static krb5_error_code +krb5int_arcfour_crypto_length(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_cryptotype type, + unsigned int *length) +{ + switch (type) { + case KRB5_CRYPTO_TYPE_HEADER: + *length = hash->hashsize + CONFOUNDERLENGTH; + break; + case KRB5_CRYPTO_TYPE_PADDING: + *length = 0; + break; + case KRB5_CRYPTO_TYPE_TRAILER: + *length = 0; + break; + case KRB5_CRYPTO_TYPE_CHECKSUM: + *length = hash->hashsize; + break; + default: + assert(0 && "invalid cryptotype passed to krb5int_arcfour_crypto_length"); + break; + } + + return 0; +} + +static krb5_error_code +alloc_derived_key(const struct krb5_enc_provider *enc, + krb5_keyblock *dst, + krb5_data *data, + const krb5_keyblock *src) +{ + data->length = enc->keybytes; + data->data = malloc(data->length); + if (data->data == NULL) + return ENOMEM; + + *dst = *src; + dst->length = data->length; + dst->contents = (void *)data->data; + + return 0; +} + +static krb5_error_code +krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + krb5_error_code ret; + krb5_crypto_iov *header, *trailer; + krb5_keyblock k1, k2, k3; + krb5_data d1, d2, d3; + krb5_data checksum, confounder, header_data; + krb5_keyusage ms_usage; + char salt_data[14]; + krb5_data salt; + size_t i; + + d1.length = d2.length = d3.length = 0; + d1.data = d2.data = d3.data = NULL; + + /* + * Caller must have provided space for the header, padding + * and trailer; per RFC 4757 we will arrange it as: + * + * Checksum | E(Confounder | Plaintext) + */ + + header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (header == NULL || + header->data.length < hash->hashsize + CONFOUNDERLENGTH) + return KRB5_BAD_MSIZE; + + header_data = header->data; + + /* Trailer may be absent */ + trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (trailer != NULL) + trailer->data.length = 0; + + /* Ensure that there is no padding */ + for (i = 0; i < num_data; i++) { + if (data[i].flags == KRB5_CRYPTO_TYPE_PADDING) + data[i].data.length = 0; + } + + ret = alloc_derived_key(enc, &k1, &d1, key); + if (ret != 0) + goto cleanup; + + ret = alloc_derived_key(enc, &k2, &d2, key); + if (ret != 0) + goto cleanup; + + ret = alloc_derived_key(enc, &k3, &d3, key); + if (ret != 0) + goto cleanup; + + /* Begin the encryption, compute K1 */ + salt.data = salt_data; + salt.length = sizeof(salt_data); + + ms_usage = krb5int_arcfour_translate_usage(usage); + + if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { + strncpy(salt.data, krb5int_arcfour_l40, salt.length); + store_32_le(ms_usage, (unsigned char *)salt.data + 10); + } else { + salt.length = 4; + store_32_le(ms_usage, (unsigned char *)salt.data); + } + ret = krb5_hmac(hash, key, 1, &salt, &d1); + if (ret != 0) + goto cleanup; + + memcpy(k2.contents, k1.contents, k2.length); + + if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) + memset(k1.contents + 7, 0xAB, 9); + + header->data.length = hash->hashsize + CONFOUNDERLENGTH; + + confounder.data = header->data.data + hash->hashsize; + confounder.length = CONFOUNDERLENGTH; + + ret = krb5_c_random_make_octets(0, &confounder); + if (ret != 0) + goto cleanup; + + checksum.data = header->data.data; + checksum.length = hash->hashsize; + + /* Adjust pointers so confounder is at start of header */ + header->data.length -= hash->hashsize; + header->data.data += hash->hashsize; + + ret = krb5int_hmac_iov(hash, &k2, data, num_data, &checksum); + if (ret != 0) + goto cleanup; + + ret = krb5_hmac(hash, &k1, 1, &checksum, &d3); + if (ret != 0) + goto cleanup; + + ret = enc->encrypt_iov(&k3, ivec, data, num_data); + if (ret != 0) + goto cleanup; + +cleanup: + header->data = header_data; /* restore header pointers */ + + if (d1.data != NULL) { + memset(d1.data, 0, d1.length); + free(d1.data); + } + if (d2.data != NULL) { + memset(d2.data, 0, d2.length); + free(d2.data); + } + if (d3.data != NULL) { + memset(d3.data, 0, d3.length); + free(d3.data); + } + + return ret; +} + +static krb5_error_code +krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + krb5_error_code ret; + krb5_crypto_iov *header, *trailer; + krb5_keyblock k1, k2, k3; + krb5_data d1, d2, d3; + krb5_data checksum, header_data; + krb5_keyusage ms_usage; + char salt_data[14]; + krb5_data salt; + + d1.length = d2.length = d3.length = 0; + d1.data = d2.data = d3.data = NULL; + + header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (header == NULL || + header->data.length != hash->hashsize + CONFOUNDERLENGTH) + return KRB5_BAD_MSIZE; + + header_data = header->data; + + trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (trailer != NULL && trailer->data.length != 0) + return KRB5_BAD_MSIZE; + + ret = alloc_derived_key(enc, &k1, &d1, key); + if (ret != 0) + goto cleanup; + + ret = alloc_derived_key(enc, &k2, &d2, key); + if (ret != 0) + goto cleanup; + + ret = alloc_derived_key(enc, &k3, &d3, key); + if (ret != 0) + goto cleanup; + + /* Begin the decryption, compute K1 */ + salt.data = salt_data; + salt.length = sizeof(salt_data); + + ms_usage = krb5int_arcfour_translate_usage(usage); + + if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { + strncpy(salt.data, krb5int_arcfour_l40, salt.length); + store_32_le(ms_usage, (unsigned char *)salt.data + 10); + } else { + salt.length = 4; + store_32_le(ms_usage, (unsigned char *)salt.data); + } + ret = krb5_hmac(hash, key, 1, &salt, &d1); + if (ret != 0) + goto cleanup; + + memcpy(k2.contents, k1.contents, k2.length); + + if (key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) + memset(k1.contents + 7, 0xAB, 9); + + checksum.data = header->data.data; + checksum.length = hash->hashsize; + + /* Adjust pointers so confounder is at start of header */ + header->data.length -= hash->hashsize; + header->data.data += hash->hashsize; + + ret = krb5_hmac(hash, &k1, 1, &checksum, &d3); + if (ret != 0) + goto cleanup; + + ret = enc->decrypt_iov(&k3, ivec, data, num_data); + if (ret != 0) + goto cleanup; + + ret = krb5int_hmac_iov(hash, &k2, data, num_data, &d1); + if (ret != 0) + goto cleanup; + + if (memcmp(checksum.data, d1.data, hash->hashsize) != 0) { + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + goto cleanup; + } + +cleanup: + header->data = header_data; /* restore header pointers */ + + if (d1.data != NULL) { + memset(d1.data, 0, d1.length); + free(d1.data); + } + if (d2.data != NULL) { + memset(d2.data, 0, d2.length); + free(d2.data); + } + if (d3.data != NULL) { + memset(d3.data, 0, d3.length); + free(d3.data); + } + + return ret; +} + +const struct krb5_aead_provider krb5int_aead_arcfour = { + krb5int_arcfour_crypto_length, + krb5int_arcfour_encrypt_iov, + krb5int_arcfour_decrypt_iov +}; + diff --git a/src/lib/crypto/arcfour/arcfour_s2k.c b/src/lib/crypto/arcfour/arcfour_s2k.c index 75bdd2a09d..41053ed17d 100644 --- a/src/lib/crypto/arcfour/arcfour_s2k.c +++ b/src/lib/crypto/arcfour/arcfour_s2k.c @@ -1,4 +1,5 @@ #include "k5-int.h" +#include "k5-utf8.h" #include "rsa-md4.h" #include "arcfour-int.h" @@ -6,58 +7,15 @@ #include #endif -static krb5_error_code -utf8to16(unsigned char *utf16_buf, const char *utf8_str, size_t *len) -{ - krb5_error_code err = 0; - -#if TARGET_OS_MAC && !defined(DEPEND) - CFStringRef string = NULL; - CFIndex length = *len; - - string = CFStringCreateWithCString (kCFAllocatorDefault, - utf8_str, kCFStringEncodingUTF8); - if (!string) { err = ENOMEM; } - - if (!err) { - CFIndex copied = 0; - CFRange range = CFRangeMake (0, CFStringGetLength (string)); - - copied = CFStringGetBytes (string, range, kCFStringEncodingUTF16LE, - 0, false, utf16_buf, length, &length); - if (copied != range.length) { err = ENOMEM; } - } - - if (!err) { - *len = length; - } - - if (string) { CFRelease (string); } - -#else - /* - * This should be re-evaluated in the future, it makes the assumption that - * the user's password is in ascii, not utf-8. Use iconv? - */ - size_t counter; - for (counter=0;counter<*len;counter++) { - utf16_buf[2*counter]=utf8_str[counter]; - utf16_buf[2*counter + 1]=0x00; - } -#endif - - return err; -} - krb5_error_code krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, const krb5_data *string, const krb5_data *salt, const krb5_data *params, krb5_keyblock *key) { krb5_error_code err = 0; - size_t len; - unsigned char *copystr; krb5_MD4_CTX md4_context; + unsigned char *copystr; + size_t copystrlen; if (params != NULL) return KRB5_ERR_BAD_S2K_PARAMS; @@ -71,22 +29,14 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, Since the password must be stored in unicode, we need to increase that number by 2x. */ - if (string->length > (SIZE_MAX/2)) - return (KRB5_BAD_MSIZE); - len= string->length * 2; - - copystr = malloc(len); - if (copystr == NULL) - return ENOMEM; - - /* make the string. start by creating the unicode version of the password*/ - err = utf8to16(copystr, string->data, &len); - if (err) goto cleanup; + err = krb5int_utf8cs_to_ucs2les(string->data, string->length, ©str, ©strlen); + if (err) + return err; /* the actual MD4 hash of the data */ krb5_MD4Init(&md4_context); - krb5_MD4Update(&md4_context, (unsigned char *)copystr, len); + krb5_MD4Update(&md4_context, copystr, copystrlen); krb5_MD4Final(&md4_context); memcpy(key->contents, md4_context.digest, 16); @@ -101,9 +51,8 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, } #endif /* 0 */ -cleanup: /* Zero out the data behind us */ - memset (copystr, 0, len); + memset(copystr, 0, copystrlen); memset(&md4_context, 0, sizeof(md4_context)); free(copystr); return err; diff --git a/src/lib/crypto/arcfour/deps b/src/lib/crypto/arcfour/deps new file mode 100644 index 0000000000..b28d598137 --- /dev/null +++ b/src/lib/crypto/arcfour/deps @@ -0,0 +1,36 @@ +# +# Generated makefile dependencies follow. +# +arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + arcfour-int.h arcfour.c arcfour.h +arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \ + arcfour-int.h arcfour.h arcfour_aead.c +arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../md4/rsa-md4.h arcfour-int.h arcfour.h \ + arcfour_s2k.c diff --git a/src/lib/crypto/cksumtype_to_string.c b/src/lib/crypto/cksumtype_to_string.c index 54a0f3aec5..ee1d50ba5b 100644 --- a/src/lib/crypto/cksumtype_to_string.c +++ b/src/lib/crypto/cksumtype_to_string.c @@ -34,10 +34,9 @@ krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen) for (i=0; i buflen) + if (strlcpy(buffer, krb5_cksumtypes_list[i].out_string, + buflen) >= buflen) return(ENOMEM); - - strcpy(buffer, krb5_cksumtypes_list[i].out_string); return(0); } } diff --git a/src/lib/crypto/cksumtypes.c b/src/lib/crypto/cksumtypes.c index f30d1b034c..fca48e29a5 100644 --- a/src/lib/crypto/cksumtypes.c +++ b/src/lib/crypto/cksumtypes.c @@ -92,6 +92,10 @@ const struct krb5_cksumtypes krb5_cksumtypes_list[] = { "hmac-sha1-96-aes256", "HMAC-SHA1 AES256 key", 0, NULL, &krb5int_hash_sha1, 12 }, + { CKSUMTYPE_MD5_HMAC_ARCFOUR, 0, + "md5-hmac-rc4", "Microsoft MD5 HMAC (RC4 key)", + ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_md5_hmac, + NULL } }; const unsigned int krb5_cksumtypes_length = diff --git a/src/lib/crypto/crc32/Makefile.in b/src/lib/crypto/crc32/Makefile.in index 35c1abfcc7..11df8607cf 100644 --- a/src/lib/crypto/crc32/Makefile.in +++ b/src/lib/crypto/crc32/Makefile.in @@ -39,17 +39,3 @@ t_crc: t_crc.o crc32.o $(SUPPORT_DEPLIB) @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -crc32.so crc32.po $(OUTPRE)crc32.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h crc-32.h crc32.c diff --git a/src/lib/crypto/crc32/deps b/src/lib/crypto/crc32/deps new file mode 100644 index 0000000000..9dc702d6e7 --- /dev/null +++ b/src/lib/crypto/crc32/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +crc32.so crc32.po $(OUTPRE)crc32.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + crc-32.h crc32.c diff --git a/src/lib/crypto/crypto_length.c b/src/lib/crypto/crypto_length.c new file mode 100644 index 0000000000..d99d18b276 --- /dev/null +++ b/src/lib/crypto/crypto_length.c @@ -0,0 +1,170 @@ +/* + * lib/crypto/crypto_length.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "k5-int.h" +#include "etypes.h" +#include "aead.h" + +krb5_error_code KRB5_CALLCONV +krb5_c_crypto_length(krb5_context context, + krb5_enctype enctype, + krb5_cryptotype type, + unsigned int *size) +{ + int i; + const struct krb5_keytypes *ktp = NULL; + krb5_error_code ret; + + for (i = 0; i < krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) { + ktp = &krb5_enctypes_list[i]; + break; + } + } + + if (ktp == NULL || ktp->aead == NULL) { + return KRB5_BAD_ENCTYPE; + } + + switch (type) { + case KRB5_CRYPTO_TYPE_EMPTY: + case KRB5_CRYPTO_TYPE_SIGN_ONLY: + *size = 0; + ret = 0; + break; + case KRB5_CRYPTO_TYPE_DATA: + *size = (size_t)~0; /* match Heimdal */ + ret = 0; + break; + case KRB5_CRYPTO_TYPE_HEADER: + case KRB5_CRYPTO_TYPE_PADDING: + case KRB5_CRYPTO_TYPE_TRAILER: + case KRB5_CRYPTO_TYPE_CHECKSUM: + ret = ktp->aead->crypto_length(ktp->aead, ktp->enc, ktp->hash, type, size); + break; + default: + ret = EINVAL; + break; + } + + return ret; +} + +krb5_error_code KRB5_CALLCONV +krb5_c_padding_length(krb5_context context, + krb5_enctype enctype, + size_t data_length, + unsigned int *pad_length) +{ + int i; + const struct krb5_keytypes *ktp = NULL; + + for (i = 0; i < krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) { + ktp = &krb5_enctypes_list[i]; + break; + } + } + + if (ktp == NULL || ktp->aead == NULL) { + return KRB5_BAD_ENCTYPE; + } + + return krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash, data_length, pad_length); +} + +krb5_error_code KRB5_CALLCONV +krb5_c_crypto_length_iov(krb5_context context, + krb5_enctype enctype, + krb5_crypto_iov *data, + size_t num_data) +{ + krb5_error_code ret = 0; + size_t i; + const struct krb5_keytypes *ktp = NULL; + unsigned int data_length = 0, pad_length; + krb5_crypto_iov *padding = NULL; + + /* + * XXX need to rejig internal interface so we can accurately + * report variable header lengths + */ + + for (i = 0; i < (size_t)krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == enctype) { + ktp = &krb5_enctypes_list[i]; + break; + } + } + + if (ktp == NULL || ktp->aead == NULL) { + return KRB5_BAD_ENCTYPE; + } + + for (i = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + switch (iov->flags) { + case KRB5_CRYPTO_TYPE_DATA: + data_length += iov->data.length; + break; + case KRB5_CRYPTO_TYPE_PADDING: + if (padding != NULL) + return EINVAL; + + padding = iov; + break; + case KRB5_CRYPTO_TYPE_HEADER: + case KRB5_CRYPTO_TYPE_TRAILER: + case KRB5_CRYPTO_TYPE_CHECKSUM: + ret = ktp->aead->crypto_length(ktp->aead, ktp->enc, ktp->hash, iov->flags, &iov->data.length); + break; + case KRB5_CRYPTO_TYPE_EMPTY: + case KRB5_CRYPTO_TYPE_SIGN_ONLY: + default: + break; + } + + if (ret != 0) + break; + } + + if (ret != 0) + return ret; + + ret = krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash, data_length, &pad_length); + if (ret != 0) + return ret; + + if (pad_length != 0 && padding == NULL) + return EINVAL; + + if (padding != NULL) + padding->data.length = pad_length; + + return 0; +} + diff --git a/src/lib/crypto/decrypt.c b/src/lib/crypto/decrypt.c index 96861bda16..74c38f6aa8 100644 --- a/src/lib/crypto/decrypt.c +++ b/src/lib/crypto/decrypt.c @@ -26,6 +26,7 @@ #include "k5-int.h" #include "etypes.h" +#include "aead.h" krb5_error_code KRB5_CALLCONV krb5_c_decrypt(krb5_context context, const krb5_keyblock *key, @@ -50,6 +51,16 @@ krb5_c_decrypt(krb5_context context, const krb5_keyblock *key, (krb5_enctypes_list[i].etype != input->enctype)) return(KRB5_BAD_ENCTYPE); + if (krb5_enctypes_list[i].decrypt == NULL) { + assert(krb5_enctypes_list[i].aead != NULL); + + return krb5int_c_decrypt_aead_compat(krb5_enctypes_list[i].aead, + krb5_enctypes_list[i].enc, + krb5_enctypes_list[i].hash, + key, usage, ivec, + &input->ciphertext, output); + } + return((*(krb5_enctypes_list[i].decrypt)) (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, key, usage, ivec, &input->ciphertext, output)); diff --git a/src/lib/krb4/lifetime.c b/src/lib/crypto/decrypt_iov.c similarity index 55% rename from src/lib/krb4/lifetime.c rename to src/lib/crypto/decrypt_iov.c index 826e090df1..1a98b06570 100644 --- a/src/lib/krb4/lifetime.c +++ b/src/lib/crypto/decrypt_iov.c @@ -1,5 +1,7 @@ /* - * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology. + * lib/crypto/encrypt_iov.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -20,43 +22,40 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * */ -#include "krb.h" #include "k5-int.h" +#include "etypes.h" +#include "aead.h" -/* - * krb_life_to_time - * - * Given a start date and a lifetime byte, compute the expiration - * date. - */ -KRB4_32 KRB5_CALLCONV -krb_life_to_time(KRB4_32 start, int life) +krb5_error_code KRB5_CALLCONV +krb5_c_decrypt_iov(krb5_context context, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *cipher_state, + krb5_crypto_iov *data, + size_t num_data) { - krb5int_access k5internals; + int i; + const struct krb5_keytypes *ktp = NULL; - if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION) - || k5internals.krb_life_to_time == NULL) - return start; - return k5internals.krb_life_to_time(start, life); -} + for (i = 0; i < krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == key->enctype) { + ktp = &krb5_enctypes_list[i]; + break; + } + } -/* - * krb_time_to_life - * - * Given the start date and the end date, compute the lifetime byte. - * Round up, since we can adjust the start date backwards if we are - * issuing the ticket to cause it to expire at the correct time. - */ -int KRB5_CALLCONV -krb_time_to_life(KRB4_32 start, KRB4_32 end) -{ - krb5int_access k5internals; + if (ktp == NULL || ktp->aead == NULL) { + return KRB5_BAD_ENCTYPE; + } + + if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) { + return krb5int_c_iov_decrypt_stream(ktp->aead, ktp->enc, ktp->hash, + key, usage, cipher_state, data, num_data); + } - if (krb5int_accessor(&k5internals, KRB5INT_ACCESS_VERSION) - || k5internals.krb_time_to_life == NULL) - return 0; - return k5internals.krb_time_to_life(start, end); + return ktp->aead->decrypt_iov(ktp->aead, ktp->enc, ktp->hash, + key, usage, cipher_state, data, num_data); } + diff --git a/src/lib/crypto/deps b/src/lib/crypto/deps new file mode 100644 index 0000000000..9fc065e76f --- /dev/null +++ b/src/lib/crypto/deps @@ -0,0 +1,513 @@ +# +# Generated makefile dependencies follow. +# +aead.so aead.po $(OUTPRE)aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/dk/dk.h aead.c aead.h cksumtypes.h etypes.h +block_size.so block_size.po $(OUTPRE)block_size.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h block_size.c etypes.h +checksum_length.so checksum_length.po $(OUTPRE)checksum_length.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h checksum_length.c \ + cksumtypes.h +cksumtype_to_string.so cksumtype_to_string.po $(OUTPRE)cksumtype_to_string.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cksumtype_to_string.c \ + cksumtypes.h +cksumtypes.so cksumtypes.po $(OUTPRE)cksumtypes.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \ + $(srcdir)/keyhash_provider/keyhash_provider.h cksumtypes.c \ + cksumtypes.h +coll_proof_cksum.so coll_proof_cksum.po $(OUTPRE)coll_proof_cksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cksumtypes.h coll_proof_cksum.c +combine_keys.so combine_keys.po $(OUTPRE)combine_keys.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/dk/dk.h \ + combine_keys.c etypes.h +crypto_length.so crypto_length.po $(OUTPRE)crypto_length.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h crypto_length.c \ + etypes.h +crypto_libinit.so crypto_libinit.po $(OUTPRE)crypto_libinit.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h crypto_libinit.c +default_state.so default_state.po $(OUTPRE)default_state.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h default_state.c +decrypt.so decrypt.po $(OUTPRE)decrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + aead.h decrypt.c etypes.h +decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h decrypt_iov.c \ + etypes.h +encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + aead.h encrypt.c etypes.h +encrypt_iov.so encrypt_iov.po $(OUTPRE)encrypt_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h encrypt_iov.c etypes.h +encrypt_length.so encrypt_length.po $(OUTPRE)encrypt_length.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h encrypt_length.c \ + etypes.h +enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h enctype_compare.c \ + etypes.h +enctype_to_string.so enctype_to_string.po $(OUTPRE)enctype_to_string.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h enctype_to_string.c \ + etypes.h +etypes.so etypes.po $(OUTPRE)etypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/aes/aes_s2k.h $(srcdir)/arcfour/arcfour.h \ + $(srcdir)/dk/dk.h $(srcdir)/enc_provider/enc_provider.h \ + $(srcdir)/hash_provider/hash_provider.h $(srcdir)/old/old.h \ + $(srcdir)/raw/raw.h etypes.c etypes.h +hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + aead.h hmac.c +keyblocks.so keyblocks.po $(OUTPRE)keyblocks.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h keyblocks.c +keyed_cksum.so keyed_cksum.po $(OUTPRE)keyed_cksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cksumtypes.h keyed_cksum.c +keyed_checksum_types.so keyed_checksum_types.po $(OUTPRE)keyed_checksum_types.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cksumtypes.h etypes.h \ + keyed_checksum_types.c +keylengths.so keylengths.po $(OUTPRE)keylengths.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h etypes.h keylengths.c +make_checksum.so make_checksum.po $(OUTPRE)make_checksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/dk/dk.h \ + cksumtypes.h etypes.h make_checksum.c +make_checksum_iov.so make_checksum_iov.po $(OUTPRE)make_checksum_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \ + make_checksum_iov.c +make_random_key.so make_random_key.po $(OUTPRE)make_random_key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h etypes.h make_random_key.c +mandatory_sumtype.so mandatory_sumtype.po $(OUTPRE)mandatory_sumtype.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h etypes.h mandatory_sumtype.c +nfold.so nfold.po $(OUTPRE)nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + nfold.c +old_api_glue.so old_api_glue.po $(OUTPRE)old_api_glue.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h old_api_glue.c +pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/hash_provider/hash_provider.h pbkdf2.c +prf.so prf.po $(OUTPRE)prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + etypes.h prf.c +prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/enc_provider/enc_provider.h $(srcdir)/sha1/shs.h \ + $(srcdir)/yarrow/yarrow.h $(srcdir)/yarrow/ycipher.h \ + $(srcdir)/yarrow/yhash.h $(srcdir)/yarrow/ytypes.h \ + prng.c +random_to_key.so random_to_key.po $(OUTPRE)random_to_key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h etypes.h random_to_key.c +state.so state.po $(OUTPRE)state.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + etypes.h state.c +string_to_cksumtype.so string_to_cksumtype.po $(OUTPRE)string_to_cksumtype.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cksumtypes.h string_to_cksumtype.c +string_to_enctype.so string_to_enctype.po $(OUTPRE)string_to_enctype.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h etypes.h string_to_enctype.c +string_to_key.so string_to_key.po $(OUTPRE)string_to_key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h etypes.h string_to_key.c +valid_cksumtype.so valid_cksumtype.po $(OUTPRE)valid_cksumtype.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cksumtypes.h valid_cksumtype.c +valid_enctype.so valid_enctype.po $(OUTPRE)valid_enctype.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h etypes.h valid_enctype.c +verify_checksum.so verify_checksum.po $(OUTPRE)verify_checksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cksumtypes.h verify_checksum.c +verify_checksum_iov.so verify_checksum_iov.po $(OUTPRE)verify_checksum_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \ + verify_checksum_iov.c +t_nfold.so t_nfold.po $(OUTPRE)t_nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + t_nfold.c +t_encrypt.so t_encrypt.po $(OUTPRE)t_encrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h etypes.h t_encrypt.c +t_prf.so t_prf.po $(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + t_prf.c +t_prng.so t_prng.po $(OUTPRE)t_prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + t_prng.c +t_hmac.so t_hmac.po $(OUTPRE)t_hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/hash_provider/hash_provider.h t_hmac.c +t_pkcs5.so t_pkcs5.po $(OUTPRE)t_pkcs5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + t_pkcs5.c +t_cts.so t_cts.po $(OUTPRE)t_cts.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/hash_provider/hash_provider.h t_cts.c +vectors.so vectors.po $(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/hash_provider/hash_provider.h vectors.c diff --git a/src/lib/crypto/des/Makefile.in b/src/lib/crypto/des/Makefile.in index ae8acf0ab5..d9e8d15f3e 100644 --- a/src/lib/crypto/des/Makefile.in +++ b/src/lib/crypto/des/Makefile.in @@ -16,7 +16,9 @@ RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf STLIBOBJS=\ afsstring2key.o \ d3_cbc.o \ + d3_aead.o \ d3_kysched.o \ + f_aead.o \ f_cbc.o \ f_cksum.o \ f_parity.o \ @@ -28,7 +30,9 @@ STLIBOBJS=\ OBJS= $(OUTPRE)afsstring2key.$(OBJEXT) \ $(OUTPRE)d3_cbc.$(OBJEXT) \ + $(OUTPRE)d3_aead.$(OBJEXT) \ $(OUTPRE)d3_kysched.$(OBJEXT) \ + $(OUTPRE)f_aead.$(OBJEXT) \ $(OUTPRE)f_cbc.$(OBJEXT) \ $(OUTPRE)f_cksum.$(OBJEXT) \ $(OUTPRE)f_parity.$(OBJEXT) \ @@ -40,7 +44,9 @@ OBJS= $(OUTPRE)afsstring2key.$(OBJEXT) \ SRCS= $(srcdir)/afsstring2key.c \ $(srcdir)/d3_cbc.c \ + $(srcdir)/d3_aead.c \ $(srcdir)/d3_kysched.c \ + $(srcdir)/f_aead.c \ $(srcdir)/f_cbc.c \ $(srcdir)/f_cksum.c \ $(srcdir)/f_parity.c \ @@ -93,119 +99,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -afsstring2key.so afsstring2key.po $(OUTPRE)afsstring2key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h afsstring2key.c des_int.h -d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - d3_cbc.c des_int.h f_tables.h -d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h d3_kysched.c des_int.h -f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - des_int.h f_cbc.c f_tables.h -f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - des_int.h f_cksum.c f_tables.h -f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h f_parity.c -f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - des_int.h f_sched.c -f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h f_tables.c \ - f_tables.h -key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h key_sched.c -weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h weak_key.c -string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h des_int.h string2key.c diff --git a/src/lib/crypto/des/d3_aead.c b/src/lib/crypto/des/d3_aead.c new file mode 100644 index 0000000000..42ac395f31 --- /dev/null +++ b/src/lib/crypto/des/d3_aead.c @@ -0,0 +1,207 @@ +/* + * Copyright (C) 2008 by the Massachusetts Institute of Technology. + * Copyright 1995 by Richard P. Basch. All Rights Reserved. + * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Richard P. Basch, + * Lehman Brothers and M.I.T. make no representations about the suitability + * of this software for any purpose. It is provided "as is" without + * express or implied warranty. + */ + +#include "des_int.h" +#include "f_tables.h" +#include "../aead.h" + +void +krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp1, *kp2, *kp3; + const unsigned char *ip; + unsigned char *op; + struct iov_block_state input_pos, output_pos; + unsigned char iblock[MIT_DES_BLOCK_LENGTH]; + unsigned char oblock[MIT_DES_BLOCK_LENGTH]; + + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); + + /* + * Get key pointer here. This won't need to be reinitialized + */ + kp1 = (const unsigned DES_INT32 *)ks1; + kp2 = (const unsigned DES_INT32 *)ks2; + kp3 = (const unsigned DES_INT32 *)ks3; + + /* + * Initialize left and right with the contents of the initial + * vector. + */ + if (ivec != NULL) + ip = ivec; + else + ip = mit_des_zeroblock; + GET_HALF_BLOCK(left, ip); + GET_HALF_BLOCK(right, ip); + + /* + * Suitably initialized, now work the length down 8 bytes + * at a time. + */ + for (;;) { + unsigned DES_INT32 temp; + + ip = iblock; + op = oblock; + + if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos)) + break; + + if (input_pos.iov_pos == num_data) + break; + + GET_HALF_BLOCK(temp, ip); + left ^= temp; + GET_HALF_BLOCK(temp, ip); + right ^= temp; + + /* + * Encrypt what we have + */ + DES_DO_ENCRYPT(left, right, kp1); + DES_DO_DECRYPT(left, right, kp2); + DES_DO_ENCRYPT(left, right, kp3); + + /* + * Copy the results out + */ + PUT_HALF_BLOCK(left, op); + PUT_HALF_BLOCK(right, op); + + krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos); + } + + if (ivec != NULL) + memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH); +} + +void +krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp1, *kp2, *kp3; + const unsigned char *ip; + unsigned DES_INT32 ocipherl, ocipherr; + unsigned DES_INT32 cipherl, cipherr; + unsigned char *op; + struct iov_block_state input_pos, output_pos; + unsigned char iblock[MIT_DES_BLOCK_LENGTH]; + unsigned char oblock[MIT_DES_BLOCK_LENGTH]; + + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); + + /* + * Get key pointer here. This won't need to be reinitialized + */ + kp1 = (const unsigned DES_INT32 *)ks1; + kp2 = (const unsigned DES_INT32 *)ks2; + kp3 = (const unsigned DES_INT32 *)ks3; + + /* + * Decrypting is harder than encrypting because of + * the necessity of remembering a lot more things. + * Should think about this a little more... + */ + + if (num_data == 0) + return; + + /* + * Prime the old cipher with ivec. + */ + if (ivec != NULL) + ip = ivec; + else + ip = mit_des_zeroblock; + GET_HALF_BLOCK(ocipherl, ip); + GET_HALF_BLOCK(ocipherr, ip); + + /* + * Now do this in earnest until we run out of length. + */ + for (;;) { + /* + * Read a block from the input into left and + * right. Save this cipher block for later. + */ + + if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos)) + break; + + if (input_pos.iov_pos == num_data) + break; + + ip = iblock; + op = oblock; + + GET_HALF_BLOCK(left, ip); + GET_HALF_BLOCK(right, ip); + cipherl = left; + cipherr = right; + + /* + * Decrypt this. + */ + DES_DO_DECRYPT(left, right, kp3); + DES_DO_ENCRYPT(left, right, kp2); + DES_DO_DECRYPT(left, right, kp1); + + /* + * Xor with the old cipher to get plain + * text. Output 8 or less bytes of this. + */ + left ^= ocipherl; + right ^= ocipherr; + + PUT_HALF_BLOCK(left, op); + PUT_HALF_BLOCK(right, op); + + /* + * Save current cipher block here + */ + ocipherl = cipherl; + ocipherr = cipherr; + + krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos); + } + + if (ivec != NULL) { + op = ivec; + PUT_HALF_BLOCK(ocipherl,op); + PUT_HALF_BLOCK(ocipherr, op); + } +} diff --git a/src/lib/crypto/des/deps b/src/lib/crypto/des/deps new file mode 100644 index 0000000000..ed08da8696 --- /dev/null +++ b/src/lib/crypto/des/deps @@ -0,0 +1,134 @@ +# +# Generated makefile dependencies follow. +# +afsstring2key.so afsstring2key.po $(OUTPRE)afsstring2key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h afsstring2key.c des_int.h +d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + d3_cbc.c des_int.h f_tables.h +d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h d3_aead.c des_int.h f_tables.h +d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h d3_kysched.c des_int.h +f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h des_int.h f_aead.c f_tables.h +f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + des_int.h f_cbc.c f_tables.h +f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + des_int.h f_cksum.c f_tables.h +f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h f_parity.c +f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + des_int.h f_sched.c +f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h f_tables.c \ + f_tables.h +key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h key_sched.c +weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h weak_key.c +string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h des_int.h string2key.c diff --git a/src/lib/crypto/des/des_int.h b/src/lib/crypto/des/des_int.h index c330a935ad..db0e6765a0 100644 --- a/src/lib/crypto/des/des_int.h +++ b/src/lib/crypto/des/des_int.h @@ -64,9 +64,56 @@ #ifndef KRB5_MIT_DES__ #define KRB5_MIT_DES__ -#define KRB5INT_CRYPTO_DES_INT /* skip krb4-specific DES stuff */ -#include "kerberosIV/des.h" /* for des_key_schedule, etc. */ -#undef KRB5INT_CRYPTO_DES_INT /* don't screw other inclusions of des.h */ +#if defined(__MACH__) && defined(__APPLE__) +#include +#include +#if TARGET_RT_MAC_CFM +#error "Use KfM 4.0 SDK headers for CFM compilation." +#endif +#if defined(DEPRECATED_IN_MAC_OS_X_VERSION_10_5) && !defined(KRB5_SUPRESS_DEPRECATED_WARNINGS) +#define KRB5INT_DES_DEPRECATED DEPRECATED_IN_MAC_OS_X_VERSION_10_5 +#endif +#endif /* defined(__MACH__) && defined(__APPLE__) */ + +/* Macro to add deprecated attribute to DES types and functions */ +/* Currently only defined on Mac OS X 10.5 and later. */ +#ifndef KRB5INT_DES_DEPRECATED +#define KRB5INT_DES_DEPRECATED +#endif + +#include + +#if UINT_MAX >= 0xFFFFFFFFUL +#define DES_INT32 int +#define DES_UINT32 unsigned int +#else +#define DES_INT32 long +#define DES_UINT32 unsigned long +#endif + +typedef unsigned char des_cblock[8] /* crypto-block size */ +KRB5INT_DES_DEPRECATED; + +/* + * Key schedule. + * + * This used to be + * + * typedef struct des_ks_struct { + * union { DES_INT32 pad; des_cblock _;} __; + * } des_key_schedule[16]; + * + * but it would cause trouble if DES_INT32 were ever more than 4 + * bytes. The reason is that all the encryption functions cast it to + * (DES_INT32 *), and treat it as if it were DES_INT32[32]. If + * 2*sizeof(DES_INT32) is ever more than sizeof(des_cblock), the + * caller-allocated des_key_schedule will be overflowed by the key + * scheduling functions. We can't assume that every platform will + * have an exact 32-bit int, and nothing should be looking inside a + * des_key_schedule anyway. + */ +typedef struct des_ks_struct { DES_INT32 _[2]; } des_key_schedule[16] +KRB5INT_DES_DEPRECATED; typedef des_cblock mit_des_cblock; typedef des_key_schedule mit_des_key_schedule; @@ -240,6 +287,21 @@ krb5int_des3_cbc_decrypt(const mit_des_cblock *in, const mit_des_key_schedule ks3, const mit_des_cblock ivec); +void +krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec); + +void +krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule ks1, + const mit_des_key_schedule ks2, + const mit_des_key_schedule ks3, + mit_des_cblock ivec); #define mit_des3_cbc_encrypt(in,out,length,ks1,ks2,ks3,ivec,enc) \ ((enc ? krb5int_des3_cbc_encrypt : krb5int_des3_cbc_decrypt) \ @@ -262,6 +324,17 @@ krb5int_des_cbc_decrypt(const mit_des_cblock *in, ((enc ? krb5int_des_cbc_encrypt : krb5int_des_cbc_decrypt) \ (in, out, length, schedule, ivec), 0) +void +krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec); + +void +krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec); /* d3_procky.c */ extern krb5_error_code mit_des3_process_key diff --git a/src/lib/crypto/des/f_aead.c b/src/lib/crypto/des/f_aead.c new file mode 100644 index 0000000000..f7c2fd3916 --- /dev/null +++ b/src/lib/crypto/des/f_aead.c @@ -0,0 +1,192 @@ +/* + * Copyright (C) 2008 by the Massachusetts Institute of Technology. + * Copyright 1995 by Richard P. Basch. All Rights Reserved. + * Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Richard P. Basch, + * Lehman Brothers and M.I.T. make no representations about the suitability + * of this software for any purpose. It is provided "as is" without + * express or implied warranty. + */ + +#include "des_int.h" +#include "f_tables.h" +#include "../aead.h" + +void +krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp; + const unsigned char *ip; + unsigned char *op; + struct iov_block_state input_pos, output_pos; + unsigned char iblock[MIT_DES_BLOCK_LENGTH]; + unsigned char oblock[MIT_DES_BLOCK_LENGTH]; + + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); + + /* + * Get key pointer here. This won't need to be reinitialized + */ + kp = (const unsigned DES_INT32 *)schedule; + + /* + * Initialize left and right with the contents of the initial + * vector. + */ + if (ivec != NULL) + ip = ivec; + else + ip = mit_des_zeroblock; + GET_HALF_BLOCK(left, ip); + GET_HALF_BLOCK(right, ip); + + /* + * Suitably initialized, now work the length down 8 bytes + * at a time. + */ + for (;;) { + unsigned DES_INT32 temp; + + ip = iblock; + op = oblock; + + if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos)) + break; + + if (input_pos.iov_pos == num_data) + break; + + GET_HALF_BLOCK(temp, ip); + left ^= temp; + GET_HALF_BLOCK(temp, ip); + right ^= temp; + + /* + * Encrypt what we have + */ + DES_DO_ENCRYPT(left, right, kp); + + /* + * Copy the results out + */ + PUT_HALF_BLOCK(left, op); + PUT_HALF_BLOCK(right, op); + + krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos); + } + + if (ivec != NULL) + memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH); +} + +void +krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data, + unsigned long num_data, + const mit_des_key_schedule schedule, + mit_des_cblock ivec) +{ + unsigned DES_INT32 left, right; + const unsigned DES_INT32 *kp; + const unsigned char *ip; + unsigned DES_INT32 ocipherl, ocipherr; + unsigned DES_INT32 cipherl, cipherr; + unsigned char *op; + struct iov_block_state input_pos, output_pos; + unsigned char iblock[MIT_DES_BLOCK_LENGTH]; + unsigned char oblock[MIT_DES_BLOCK_LENGTH]; + + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); + + /* + * Get key pointer here. This won't need to be reinitialized + */ + kp = (const unsigned DES_INT32 *)schedule; + + /* + * Decrypting is harder than encrypting because of + * the necessity of remembering a lot more things. + * Should think about this a little more... + */ + + if (num_data == 0) + return; + + /* + * Prime the old cipher with ivec. + */ + if (ivec != NULL) + ip = ivec; + else + ip = mit_des_zeroblock; + GET_HALF_BLOCK(ocipherl, ip); + GET_HALF_BLOCK(ocipherr, ip); + + /* + * Now do this in earnest until we run out of length. + */ + for (;;) { + /* + * Read a block from the input into left and + * right. Save this cipher block for later. + */ + + if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos)) + break; + + if (input_pos.iov_pos == num_data) + break; + + ip = iblock; + op = oblock; + + GET_HALF_BLOCK(left, ip); + GET_HALF_BLOCK(right, ip); + cipherl = left; + cipherr = right; + + /* + * Decrypt this. + */ + DES_DO_DECRYPT(left, right, kp); + + /* + * Xor with the old cipher to get plain + * text. Output 8 or less bytes of this. + */ + left ^= ocipherl; + right ^= ocipherr; + + PUT_HALF_BLOCK(left, op); + PUT_HALF_BLOCK(right, op); + + /* + * Save current cipher block here + */ + ocipherl = cipherl; + ocipherr = cipherr; + + krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos); + } + + if (ivec != NULL) + memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH); +} diff --git a/src/lib/crypto/dk/Makefile.in b/src/lib/crypto/dk/Makefile.in index e11b0b4887..c15978e401 100644 --- a/src/lib/crypto/dk/Makefile.in +++ b/src/lib/crypto/dk/Makefile.in @@ -16,6 +16,7 @@ RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf STLIBOBJS=\ checksum.o \ + dk_aead.o \ dk_decrypt.o \ dk_encrypt.o \ derive.o \ @@ -24,6 +25,7 @@ STLIBOBJS=\ OBJS=\ $(OUTPRE)checksum.$(OBJEXT) \ + $(OUTPRE)dk_aead.$(OBJEXT) \ $(OUTPRE)dk_decrypt.$(OBJEXT) \ $(OUTPRE)dk_encrypt.$(OBJEXT) \ $(OUTPRE)derive.$(OBJEXT) \ @@ -32,6 +34,7 @@ OBJS=\ SRCS=\ $(srcdir)/checksum.c \ + $(srcdir)/dk_aead.c \ $(srcdir)/dk_decrypt.c \ $(srcdir)/dk_encrypt.c \ $(srcdir)/dk_prf.c \ @@ -50,66 +53,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -checksum.so checksum.po $(OUTPRE)checksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../etypes.h checksum.c dk.h -dk_decrypt.so dk_decrypt.po $(OUTPRE)dk_decrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - dk.h dk_decrypt.c -dk_encrypt.so dk_encrypt.po $(OUTPRE)dk_encrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - dk.h dk_encrypt.c -dk_prf.so dk_prf.po $(OUTPRE)dk_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h dk.h dk_prf.c -derive.so derive.po $(OUTPRE)derive.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h derive.c dk.h -stringtokey.so stringtokey.po $(OUTPRE)stringtokey.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - dk.h stringtokey.c diff --git a/src/lib/crypto/dk/checksum.c b/src/lib/crypto/dk/checksum.c index 2f30cb740d..b51319b2ea 100644 --- a/src/lib/crypto/dk/checksum.c +++ b/src/lib/crypto/dk/checksum.c @@ -27,6 +27,7 @@ #include "k5-int.h" #include "etypes.h" #include "dk.h" +#include "aead.h" #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */ @@ -101,3 +102,73 @@ cleanup: return(ret); } +krb5_error_code +krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) +{ + int i; + const struct krb5_enc_provider *enc; + size_t blocksize, keybytes, keylength; + krb5_error_code ret; + unsigned char constantdata[K5CLENGTH]; + krb5_data datain; + unsigned char *kcdata; + krb5_keyblock kc; + + for (i=0; ienctype) + break; + } + + if (i == krb5_enctypes_length) + return(KRB5_BAD_ENCTYPE); + + enc = krb5_enctypes_list[i].enc; + + /* allocate and set to-be-derived keys */ + + blocksize = enc->block_size; + keybytes = enc->keybytes; + keylength = enc->keylength; + + /* key->length will be tested in enc->encrypt + output->length will be tested in krb5_hmac */ + + if ((kcdata = (unsigned char *) malloc(keylength)) == NULL) + return(ENOMEM); + + kc.contents = kcdata; + kc.length = keylength; + + /* derive the key */ + + datain.data = (char *) constantdata; + datain.length = K5CLENGTH; + + datain.data[0] = (usage>>24)&0xff; + datain.data[1] = (usage>>16)&0xff; + datain.data[2] = (usage>>8)&0xff; + datain.data[3] = usage&0xff; + + datain.data[4] = (char) 0x99; + + if ((ret = krb5_derive_key(enc, key, &kc, &datain)) != 0) + goto cleanup; + + /* hash the data */ + + if ((ret = krb5int_hmac_iov(hash, &kc, data, num_data, output)) != 0) + memset(output->data, 0, output->length); + + /* ret is set correctly by the prior call */ + +cleanup: + memset(kcdata, 0, keylength); + + free(kcdata); + + return(ret); +} + diff --git a/src/lib/crypto/dk/deps b/src/lib/crypto/dk/deps new file mode 100644 index 0000000000..843adb3b29 --- /dev/null +++ b/src/lib/crypto/dk/deps @@ -0,0 +1,74 @@ +# +# Generated makefile dependencies follow. +# +checksum.so checksum.po $(OUTPRE)checksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \ + $(srcdir)/../etypes.h checksum.c dk.h +dk_aead.so dk_aead.po $(OUTPRE)dk_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h dk.h dk_aead.c +dk_decrypt.so dk_decrypt.po $(OUTPRE)dk_decrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h dk.h dk_decrypt.c +dk_encrypt.so dk_encrypt.po $(OUTPRE)dk_encrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h dk.h dk_encrypt.c +dk_prf.so dk_prf.po $(OUTPRE)dk_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + dk.h dk_prf.c +derive.so derive.po $(OUTPRE)derive.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + derive.c dk.h +stringtokey.so stringtokey.po $(OUTPRE)stringtokey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h dk.h stringtokey.c diff --git a/src/lib/crypto/dk/dk.h b/src/lib/crypto/dk/dk.h index 47bda6ebf2..bc40134eff 100644 --- a/src/lib/crypto/dk/dk.h +++ b/src/lib/crypto/dk/dk.h @@ -84,7 +84,41 @@ krb5_error_code krb5_dk_make_checksum const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *input, krb5_data *output); +krb5_error_code +krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output); + krb5_error_code krb5_derive_random(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey, krb5_data *outrnd, const krb5_data *in_constant); + +/* AEAD */ + +extern const struct krb5_aead_provider krb5int_aead_dk; +extern const struct krb5_aead_provider krb5int_aead_aes; + +/* CCM */ + +void +krb5int_ccm_encrypt_length(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + size_t inputlen, size_t *length); + +extern const struct krb5_aead_provider krb5int_aead_ccm; + +krb5_error_code krb5int_ccm_encrypt +(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *arg_output); + +krb5_error_code krb5int_ccm_decrypt +(const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *ivec, const krb5_data *input, + krb5_data *arg_output); diff --git a/src/lib/crypto/dk/dk_aead.c b/src/lib/crypto/dk/dk_aead.c new file mode 100644 index 0000000000..8abf5af5f4 --- /dev/null +++ b/src/lib/crypto/dk/dk_aead.c @@ -0,0 +1,392 @@ +/* + * lib/crypto/dk/dk_aead.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + + +#include "k5-int.h" +#include "dk.h" +#include "aead.h" + +#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */ + +/* AEAD */ + +static krb5_error_code +krb5int_dk_crypto_length(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_cryptotype type, + unsigned int *length) +{ + switch (type) { + case KRB5_CRYPTO_TYPE_HEADER: + case KRB5_CRYPTO_TYPE_PADDING: + *length = enc->block_size; + break; + case KRB5_CRYPTO_TYPE_TRAILER: + case KRB5_CRYPTO_TYPE_CHECKSUM: + *length = hash->hashsize; + break; + default: + assert(0 && "invalid cryptotype passed to krb5int_dk_crypto_length"); + break; + } + + return 0; +} + +static krb5_error_code +krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + krb5_error_code ret; + unsigned char constantdata[K5CLENGTH]; + krb5_data d1, d2; + krb5_crypto_iov *header, *trailer, *padding; + krb5_keyblock ke, ki; + size_t i; + unsigned int blocksize = 0; + unsigned int plainlen = 0; + unsigned int hmacsize = 0; + unsigned int padsize = 0; + unsigned char *cksum = NULL; + + ke.contents = ki.contents = NULL; + ke.length = ki.length = 0; + + /* E(Confounder | Plaintext | Pad) | Checksum */ + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize); + if (ret != 0) + return ret; + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &hmacsize); + if (ret != 0) + return ret; + + for (i = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (iov->flags == KRB5_CRYPTO_TYPE_DATA) + plainlen += iov->data.length; + } + + /* Validate header and trailer lengths. */ + + header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (header == NULL || header->data.length < enc->block_size) + return KRB5_BAD_MSIZE; + + trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (trailer == NULL || trailer->data.length < hmacsize) + return KRB5_BAD_MSIZE; + + if (blocksize != 0) { + /* Check that the input data is correctly padded */ + if (plainlen % blocksize) + padsize = blocksize - (plainlen % blocksize); + } + + padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING); + if (padsize && (padding == NULL || padding->data.length < padsize)) + return KRB5_BAD_MSIZE; + + if (padding != NULL) { + memset(padding->data.data, 0, padsize); + padding->data.length = padsize; + } + + ke.length = enc->keylength; + ke.contents = malloc(ke.length); + if (ke.contents == NULL) { + ret = ENOMEM; + goto cleanup; + } + ki.length = enc->keylength; + ki.contents = malloc(ki.length); + if (ki.contents == NULL) { + ret = ENOMEM; + goto cleanup; + } + cksum = (unsigned char *)malloc(hash->hashsize); + if (cksum == NULL) { + ret = ENOMEM; + goto cleanup; + } + + /* derive the keys */ + + d1.data = (char *)constantdata; + d1.length = K5CLENGTH; + + d1.data[0] = (usage >> 24) & 0xFF; + d1.data[1] = (usage >> 16) & 0xFF; + d1.data[2] = (usage >> 8 ) & 0xFF; + d1.data[3] = (usage ) & 0xFF; + + d1.data[4] = 0xAA; + + ret = krb5_derive_key(enc, key, &ke, &d1); + if (ret != 0) + goto cleanup; + + d1.data[4] = 0x55; + + ret = krb5_derive_key(enc, key, &ki, &d1); + if (ret != 0) + goto cleanup; + + /* generate confounder */ + + header->data.length = enc->block_size; + + ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data); + if (ret != 0) + goto cleanup; + + /* hash the plaintext */ + d2.length = hash->hashsize; + d2.data = (char *)cksum; + + ret = krb5int_hmac_iov(hash, &ki, data, num_data, &d2); + if (ret != 0) + goto cleanup; + + /* encrypt the plaintext (header | data | padding) */ + assert(enc->encrypt_iov != NULL); + + ret = enc->encrypt_iov(&ke, ivec, data, num_data); /* will update ivec */ + if (ret != 0) + goto cleanup; + + /* possibly truncate the hash */ + assert(hmacsize <= d2.length); + + memcpy(trailer->data.data, cksum, hmacsize); + trailer->data.length = hmacsize; + +cleanup: + if (ke.contents != NULL) { + memset(ke.contents, 0, ke.length); + free(ke.contents); + } + if (ki.contents != NULL) { + memset(ki.contents, 0, ki.length); + free(ki.contents); + } + if (cksum != NULL) { + free(cksum); + } + + return ret; +} + +static krb5_error_code +krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + krb5_error_code ret; + unsigned char constantdata[K5CLENGTH]; + krb5_data d1; + krb5_crypto_iov *header, *trailer; + krb5_keyblock ke, ki; + size_t i; + unsigned int blocksize = 0; /* careful, this is enc block size not confounder len */ + unsigned int cipherlen = 0; + unsigned int hmacsize = 0; + unsigned char *cksum = NULL; + + if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) { + return krb5int_c_iov_decrypt_stream(aead, enc, hash, key, + usage, ivec, data, num_data); + } + + ke.contents = ki.contents = NULL; + ke.length = ki.length = 0; + + /* E(Confounder | Plaintext | Pad) | Checksum */ + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize); + if (ret != 0) + return ret; + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER, &hmacsize); + if (ret != 0) + return ret; + + for (i = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_DATA_IOV(iov)) + cipherlen += iov->data.length; + } + + if (blocksize == 0) { + /* Check for correct input length in CTS mode */ + if (enc->block_size != 0 && cipherlen < enc->block_size) + return KRB5_BAD_MSIZE; + } else { + /* Check that the input data is correctly padded */ + if ((cipherlen % blocksize) != 0) + return KRB5_BAD_MSIZE; + } + + /* Validate header and trailer lengths */ + + header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER); + if (header == NULL || header->data.length != enc->block_size) + return KRB5_BAD_MSIZE; + + trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER); + if (trailer == NULL || trailer->data.length != hmacsize) + return KRB5_BAD_MSIZE; + + ke.length = enc->keylength; + ke.contents = malloc(ke.length); + if (ke.contents == NULL) { + ret = ENOMEM; + goto cleanup; + } + ki.length = enc->keylength; + ki.contents = malloc(ki.length); + if (ki.contents == NULL) { + ret = ENOMEM; + goto cleanup; + } + cksum = (unsigned char *)malloc(hash->hashsize); + if (cksum == NULL) { + ret = ENOMEM; + goto cleanup; + } + + /* derive the keys */ + + d1.data = (char *)constantdata; + d1.length = K5CLENGTH; + + d1.data[0] = (usage >> 24) & 0xFF; + d1.data[1] = (usage >> 16) & 0xFF; + d1.data[2] = (usage >> 8 ) & 0xFF; + d1.data[3] = (usage ) & 0xFF; + + d1.data[4] = 0xAA; + + ret = krb5_derive_key(enc, key, &ke, &d1); + if (ret != 0) + goto cleanup; + + d1.data[4] = 0x55; + + ret = krb5_derive_key(enc, key, &ki, &d1); + if (ret != 0) + goto cleanup; + + /* decrypt the plaintext (header | data | padding) */ + assert(enc->decrypt_iov != NULL); + + ret = enc->decrypt_iov(&ke, ivec, data, num_data); /* will update ivec */ + if (ret != 0) + goto cleanup; + + /* verify the hash */ + d1.length = hash->hashsize; /* non-truncated length */ + d1.data = (char *)cksum; + + ret = krb5int_hmac_iov(hash, &ki, data, num_data, &d1); + if (ret != 0) + goto cleanup; + + /* compare only the possibly truncated length */ + if (memcmp(cksum, trailer->data.data, hmacsize) != 0) { + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + goto cleanup; + } + +cleanup: + if (ke.contents != NULL) { + memset(ke.contents, 0, ke.length); + free(ke.contents); + } + if (ki.contents != NULL) { + memset(ki.contents, 0, ki.length); + free(ki.contents); + } + if (cksum != NULL) { + free(cksum); + } + + return ret; +} + +const struct krb5_aead_provider krb5int_aead_dk = { + krb5int_dk_crypto_length, + krb5int_dk_encrypt_iov, + krb5int_dk_decrypt_iov +}; + +static krb5_error_code +krb5int_aes_crypto_length(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_cryptotype type, + unsigned int *length) +{ + switch (type) { + case KRB5_CRYPTO_TYPE_HEADER: + *length = enc->block_size; + break; + case KRB5_CRYPTO_TYPE_PADDING: + *length = 0; + break; + case KRB5_CRYPTO_TYPE_TRAILER: + case KRB5_CRYPTO_TYPE_CHECKSUM: + *length = 96 / 8; + break; + default: + assert(0 && "invalid cryptotype passed to krb5int_aes_crypto_length"); + break; + } + + return 0; +} + +const struct krb5_aead_provider krb5int_aead_aes = { + krb5int_aes_crypto_length, + krb5int_dk_encrypt_iov, + krb5int_dk_decrypt_iov +}; + diff --git a/src/lib/crypto/enc_provider/Makefile.in b/src/lib/crypto/enc_provider/Makefile.in index ab45f0d4d3..bb15ecf6e5 100644 --- a/src/lib/crypto/enc_provider/Makefile.in +++ b/src/lib/crypto/enc_provider/Makefile.in @@ -2,7 +2,7 @@ thisconfigdir=../../.. myfulldir=lib/crypto/enc_provider mydir=lib/crypto/enc_provider BUILDTOP=$(REL)..$(S)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../arcfour -I$(srcdir)/../aes +LOCALINCLUDES = -I$(srcdir)/../des -I$(srcdir)/../arcfour -I$(srcdir)/../aes -I$(srcdir)/.. DEFS= ##DOS##BUILDTOP = ..\..\.. @@ -14,7 +14,7 @@ PROG_RPATH=$(KRB5_LIBDIR) RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf -STLIBOBJS= des.o des3.o rc4.o aes.o +STLIBOBJS= des.o des3.o rc4.o aes.o OBJS= \ $(OUTPRE)des.$(OBJEXT) \ @@ -40,48 +40,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../des/des_int.h des.c enc_provider.h -des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../des/des_int.h des3.c -aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../aes/aes.h \ - $(srcdir)/../aes/uitypes.h aes.c enc_provider.h -rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../arcfour/arcfour-int.h \ - $(srcdir)/../arcfour/arcfour.h enc_provider.h rc4.c diff --git a/src/lib/crypto/enc_provider/aes.c b/src/lib/crypto/enc_provider/aes.c index fde1a81f0e..d821cf4614 100644 --- a/src/lib/crypto/enc_provider/aes.c +++ b/src/lib/crypto/enc_provider/aes.c @@ -1,7 +1,7 @@ /* - * lib/crypto/enc_provider/aes.h + * lib/crypto/enc_provider/aes.c * - * Copyright (C) 2003, 2007 by the Massachusetts Institute of Technology. + * Copyright (C) 2003, 2007, 2008 by the Massachusetts Institute of Technology. * All rights reserved. * * Export of this software from the United States of America may @@ -27,6 +27,7 @@ #include "k5-int.h" #include "enc_provider.h" #include "aes.h" +#include "../aead.h" #if 0 aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]); @@ -197,6 +198,170 @@ krb5int_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec, return 0; } +static krb5_error_code +krb5int_aes_encrypt_iov(const krb5_keyblock *key, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + aes_ctx ctx; + char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE]; + int nblocks = 0, blockno; + size_t input_length, i; + + if (aes_enc_key(key->contents, key->length, &ctx) != aes_good) + abort(); + + if (ivec != NULL) + memcpy(tmp, ivec->data, BLOCK_SIZE); + else + memset(tmp, 0, BLOCK_SIZE); + + for (i = 0, input_length = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_IOV(iov)) + input_length += iov->data.length; + } + + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + + assert(nblocks > 1); + + { + char blockN2[BLOCK_SIZE]; /* second last */ + char blockN1[BLOCK_SIZE]; /* last block */ + struct iov_block_state input_pos, output_pos; + + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); + + for (blockno = 0; blockno < nblocks - 2; blockno++) { + char blockN[BLOCK_SIZE]; + + krb5int_c_iov_get_block((unsigned char *)blockN, BLOCK_SIZE, data, num_data, &input_pos); + xorblock(tmp, blockN); + enc(tmp2, tmp, &ctx); + krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, BLOCK_SIZE, &output_pos); + + /* Set up for next block. */ + memcpy(tmp, tmp2, BLOCK_SIZE); + } + + /* Do final CTS step for last two blocks (the second of which + may or may not be incomplete). */ + + /* First, get the last two blocks */ + memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */ + krb5int_c_iov_get_block((unsigned char *)blockN2, BLOCK_SIZE, data, num_data, &input_pos); + krb5int_c_iov_get_block((unsigned char *)blockN1, BLOCK_SIZE, data, num_data, &input_pos); + + /* Encrypt second last block */ + xorblock(tmp, blockN2); + enc(tmp2, tmp, &ctx); + memcpy(blockN2, tmp2, BLOCK_SIZE); /* blockN2 now contains first block */ + memcpy(tmp, tmp2, BLOCK_SIZE); + + /* Encrypt last block */ + xorblock(tmp, blockN1); + enc(tmp2, tmp, &ctx); + memcpy(blockN1, tmp2, BLOCK_SIZE); + + /* Put the last two blocks back into the iovec (reverse order) */ + krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN1, BLOCK_SIZE, &output_pos); + krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN2, BLOCK_SIZE, &output_pos); + + if (ivec != NULL) + memcpy(ivec->data, blockN1, BLOCK_SIZE); + } + + return 0; +} + +static krb5_error_code +krb5int_aes_decrypt_iov(const krb5_keyblock *key, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + aes_ctx ctx; + char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE]; + int nblocks = 0, blockno, i; + size_t input_length; + + CHECK_SIZES; + + if (aes_dec_key(key->contents, key->length, &ctx) != aes_good) + abort(); + + if (ivec != NULL) + memcpy(tmp, ivec->data, BLOCK_SIZE); + else + memset(tmp, 0, BLOCK_SIZE); + + for (i = 0, input_length = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_IOV(iov)) + input_length += iov->data.length; + } + + nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE; + + assert(nblocks > 1); + + { + char blockN2[BLOCK_SIZE]; /* second last */ + char blockN1[BLOCK_SIZE]; /* last block */ + struct iov_block_state input_pos, output_pos; + + IOV_BLOCK_STATE_INIT(&input_pos); + IOV_BLOCK_STATE_INIT(&output_pos); + + for (blockno = 0; blockno < nblocks - 2; blockno++) { + char blockN[BLOCK_SIZE]; + + krb5int_c_iov_get_block((unsigned char *)blockN, BLOCK_SIZE, data, num_data, &input_pos); + dec(tmp2, blockN, &ctx); + xorblock(tmp2, tmp); + krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, BLOCK_SIZE, &output_pos); + memcpy(tmp, blockN, BLOCK_SIZE); + } + + /* Do last two blocks, the second of which (next-to-last block + of plaintext) may be incomplete. */ + + /* First, get the last two encrypted blocks */ + memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */ + krb5int_c_iov_get_block((unsigned char *)blockN2, BLOCK_SIZE, data, num_data, &input_pos); + krb5int_c_iov_get_block((unsigned char *)blockN1, BLOCK_SIZE, data, num_data, &input_pos); + + /* Decrypt second last block */ + dec(tmp2, blockN2, &ctx); + /* Set tmp2 to last (possibly partial) plaintext block, and + save it. */ + xorblock(tmp2, blockN1); + memcpy(blockN2, tmp2, BLOCK_SIZE); + + /* Maybe keep the trailing part, and copy in the last + ciphertext block. */ + input_length %= BLOCK_SIZE; + memcpy(tmp2, blockN1, input_length ? input_length : BLOCK_SIZE); + dec(tmp3, tmp2, &ctx); + xorblock(tmp3, tmp); + /* Copy out ivec first before we clobber blockN1 with plaintext */ + if (ivec != NULL) + memcpy(ivec->data, blockN1, BLOCK_SIZE); + memcpy(blockN1, tmp3, BLOCK_SIZE); + + /* Put the last two blocks back into the iovec */ + krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN1, BLOCK_SIZE, &output_pos); + krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN2, BLOCK_SIZE, &output_pos); + } + + return 0; +} + static krb5_error_code k5_aes_make_key(const krb5_data *randombits, krb5_keyblock *key) { @@ -230,7 +395,9 @@ const struct krb5_enc_provider krb5int_enc_aes128 = { krb5int_aes_decrypt, k5_aes_make_key, krb5int_aes_init_state, - krb5int_default_free_state + krb5int_default_free_state, + krb5int_aes_encrypt_iov, + krb5int_aes_decrypt_iov }; const struct krb5_enc_provider krb5int_enc_aes256 = { @@ -240,5 +407,8 @@ const struct krb5_enc_provider krb5int_enc_aes256 = { krb5int_aes_decrypt, k5_aes_make_key, krb5int_aes_init_state, - krb5int_default_free_state + krb5int_default_free_state, + krb5int_aes_encrypt_iov, + krb5int_aes_decrypt_iov }; + diff --git a/src/lib/crypto/enc_provider/deps b/src/lib/crypto/enc_provider/deps new file mode 100644 index 0000000000..22d4cc4fdd --- /dev/null +++ b/src/lib/crypto/enc_provider/deps @@ -0,0 +1,46 @@ +# +# Generated makefile dependencies follow. +# +des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des.c \ + enc_provider.h +des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h $(srcdir)/../des/des_int.h des3.c +aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h $(srcdir)/../aes/aes.h $(srcdir)/../aes/uitypes.h \ + aes.c enc_provider.h +rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../aead.h $(srcdir)/../arcfour/arcfour-int.h \ + $(srcdir)/../arcfour/arcfour.h enc_provider.h rc4.c diff --git a/src/lib/crypto/enc_provider/des.c b/src/lib/crypto/enc_provider/des.c index 6c1e6064c2..63c43517eb 100644 --- a/src/lib/crypto/enc_provider/des.c +++ b/src/lib/crypto/enc_provider/des.c @@ -27,6 +27,7 @@ #include "k5-int.h" #include "des_int.h" #include "enc_provider.h" +#include "aead.h" static krb5_error_code k5_des_docrypt(const krb5_keyblock *key, const krb5_data *ivec, @@ -106,6 +107,67 @@ k5_des_make_key(const krb5_data *randombits, krb5_keyblock *key) return(0); } +static krb5_error_code +k5_des_docrypt_iov(const krb5_keyblock *key, const krb5_data *ivec, + krb5_crypto_iov *data, size_t num_data, int enc) +{ + mit_des_key_schedule schedule; + size_t input_length = 0; + int i; + + /* key->enctype was checked by the caller */ + + if (key->length != 8) + return(KRB5_BAD_KEYSIZE); + + for (i = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_DATA_IOV(iov)) + input_length += iov->data.length; + } + + if ((input_length % 8) != 0) + return(KRB5_BAD_MSIZE); + if (ivec && (ivec->length != 8)) + return(KRB5_BAD_MSIZE); + + switch (mit_des_key_sched(key->contents, schedule)) { + case -1: + return(KRB5DES_BAD_KEYPAR); + case -2: + return(KRB5DES_WEAK_KEY); + } + + /* this has a return value, but the code always returns zero */ + if (enc) + krb5int_des_cbc_encrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL); + else + krb5int_des_cbc_decrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL); + + memset(schedule, 0, sizeof(schedule)); + + return(0); +} + +static krb5_error_code +k5_des_encrypt_iov(const krb5_keyblock *key, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + return k5_des_docrypt_iov(key, ivec, data, num_data, 1); +} + +static krb5_error_code +k5_des_decrypt_iov(const krb5_keyblock *key, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + return k5_des_docrypt_iov(key, ivec, data, num_data, 0); +} + const struct krb5_enc_provider krb5int_enc_des = { 8, 7, 8, @@ -113,5 +175,7 @@ const struct krb5_enc_provider krb5int_enc_des = { k5_des_decrypt, k5_des_make_key, krb5int_des_init_state, - krb5int_default_free_state + krb5int_default_free_state, + k5_des_encrypt_iov, + k5_des_decrypt_iov }; diff --git a/src/lib/crypto/enc_provider/des3.c b/src/lib/crypto/enc_provider/des3.c index 51e4ce7967..e7a07f64cc 100644 --- a/src/lib/crypto/enc_provider/des3.c +++ b/src/lib/crypto/enc_provider/des3.c @@ -26,6 +26,7 @@ #include "k5-int.h" #include "des_int.h" +#include "../aead.h" static krb5_error_code validate_and_schedule(const krb5_keyblock *key, const krb5_data *ivec, @@ -53,6 +54,37 @@ validate_and_schedule(const krb5_keyblock *key, const krb5_data *ivec, return 0; } +static krb5_error_code +validate_and_schedule_iov(const krb5_keyblock *key, const krb5_data *ivec, + const krb5_crypto_iov *data, size_t num_data, + mit_des3_key_schedule *schedule) +{ + size_t i, input_length; + + for (i = 0, input_length = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_IOV(iov)) + input_length += iov->data.length; + } + + if (key->length != 24) + return(KRB5_BAD_KEYSIZE); + if ((input_length%8) != 0) + return(KRB5_BAD_MSIZE); + if (ivec && (ivec->length != 8)) + return(KRB5_BAD_MSIZE); + + switch (mit_des3_key_sched(*(mit_des3_cblock *)key->contents, + *schedule)) { + case -1: + return(KRB5DES_BAD_KEYPAR); + case -2: + return(KRB5DES_WEAK_KEY); + } + return 0; +} + static krb5_error_code k5_des3_encrypt(const krb5_keyblock *key, const krb5_data *ivec, const krb5_data *input, krb5_data *output) @@ -129,6 +161,52 @@ k5_des3_make_key(const krb5_data *randombits, krb5_keyblock *key) return(0); } +static krb5_error_code +k5_des3_encrypt_iov(const krb5_keyblock *key, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + mit_des3_key_schedule schedule; + krb5_error_code err; + + err = validate_and_schedule_iov(key, ivec, data, num_data, &schedule); + if (err) + return err; + + /* this has a return value, but the code always returns zero */ + krb5int_des3_cbc_encrypt_iov(data, num_data, + schedule[0], schedule[1], schedule[2], + ivec != NULL ? (const unsigned char *) ivec->data : NULL); + + zap(schedule, sizeof(schedule)); + + return(0); +} + +static krb5_error_code +k5_des3_decrypt_iov(const krb5_keyblock *key, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + mit_des3_key_schedule schedule; + krb5_error_code err; + + err = validate_and_schedule_iov(key, ivec, data, num_data, &schedule); + if (err) + return err; + + /* this has a return value, but the code always returns zero */ + krb5int_des3_cbc_decrypt_iov(data, num_data, + schedule[0], schedule[1], schedule[2], + ivec != NULL ? (const unsigned char *) ivec->data : NULL); + + zap(schedule, sizeof(schedule)); + + return(0); +} + const struct krb5_enc_provider krb5int_enc_des3 = { 8, 21, 24, @@ -136,5 +214,8 @@ const struct krb5_enc_provider krb5int_enc_des3 = { k5_des3_decrypt, k5_des3_make_key, krb5int_des_init_state, - krb5int_default_free_state + krb5int_default_free_state, + k5_des3_encrypt_iov, + k5_des3_decrypt_iov }; + diff --git a/src/lib/crypto/enc_provider/enc_provider.h b/src/lib/crypto/enc_provider/enc_provider.h index 5754d1a2d5..92022b3c81 100644 --- a/src/lib/crypto/enc_provider/enc_provider.h +++ b/src/lib/crypto/enc_provider/enc_provider.h @@ -31,3 +31,6 @@ extern const struct krb5_enc_provider krb5int_enc_des3; extern const struct krb5_enc_provider krb5int_enc_arcfour; extern const struct krb5_enc_provider krb5int_enc_aes128; extern const struct krb5_enc_provider krb5int_enc_aes256; +extern const struct krb5_enc_provider krb5int_enc_aes128_ctr; +extern const struct krb5_enc_provider krb5int_enc_aes256_ctr; + diff --git a/src/lib/crypto/enc_provider/rc4.c b/src/lib/crypto/enc_provider/rc4.c index a88ad79376..b950a605b8 100644 --- a/src/lib/crypto/enc_provider/rc4.c +++ b/src/lib/crypto/enc_provider/rc4.c @@ -9,6 +9,7 @@ #include "k5-int.h" #include "arcfour-int.h" #include "enc_provider.h" +#include "../aead.h" /* gets the next byte from the PRNG */ #if ((__GNUC__ >= 2) ) static __inline__ unsigned int k5_arcfour_byte(ArcfourContext *); @@ -156,6 +157,61 @@ k5_arcfour_docrypt(const krb5_keyblock *key, const krb5_data *state, return 0; } +/* In-place encryption */ +static krb5_error_code +k5_arcfour_docrypt_iov(const krb5_keyblock *key, + const krb5_data *state, + krb5_crypto_iov *data, + size_t num_data) +{ + ArcfourContext *arcfour_ctx = NULL; + ArcFourCipherState *cipher_state = NULL; + krb5_error_code ret; + size_t i; + + if (key->length != 16) + return KRB5_BAD_KEYSIZE; + if (state != NULL && (state->length != sizeof(ArcFourCipherState))) + return KRB5_BAD_MSIZE; + + if (state != NULL) { + cipher_state = (ArcFourCipherState *)state->data; + arcfour_ctx = &cipher_state->ctx; + if (cipher_state->initialized == 0) { + ret = k5_arcfour_init(arcfour_ctx, key->contents, key->length); + if (ret != 0) + return ret; + + cipher_state->initialized = 1; + } + } else { + arcfour_ctx = (ArcfourContext *)malloc(sizeof(ArcfourContext)); + if (arcfour_ctx == NULL) + return ENOMEM; + + ret = k5_arcfour_init(arcfour_ctx, key->contents, key->length); + if (ret != 0) { + free(arcfour_ctx); + return ret; + } + } + + for (i = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_IOV(iov)) + k5_arcfour_crypt(arcfour_ctx, (unsigned char *)iov->data.data, + (const unsigned char *)iov->data.data, iov->data.length); + } + + if (state == NULL) { + memset(arcfour_ctx, 0, sizeof(ArcfourContext)); + free(arcfour_ctx); + } + + return 0; +} + static krb5_error_code k5_arcfour_make_key(const krb5_data *randombits, krb5_keyblock *key) { @@ -208,5 +264,8 @@ const struct krb5_enc_provider krb5int_enc_arcfour = { k5_arcfour_docrypt, k5_arcfour_make_key, k5_arcfour_init_state, /*xxx not implemented yet*/ - krb5int_default_free_state + krb5int_default_free_state, + k5_arcfour_docrypt_iov, + k5_arcfour_docrypt_iov }; + diff --git a/src/lib/crypto/encrypt.c b/src/lib/crypto/encrypt.c index c215dc4293..a9a38aa77d 100644 --- a/src/lib/crypto/encrypt.c +++ b/src/lib/crypto/encrypt.c @@ -26,6 +26,7 @@ #include "k5-int.h" #include "etypes.h" +#include "aead.h" krb5_error_code KRB5_CALLCONV krb5_c_encrypt(krb5_context context, const krb5_keyblock *key, @@ -46,6 +47,16 @@ krb5_c_encrypt(krb5_context context, const krb5_keyblock *key, output->kvno = 0; output->enctype = key->enctype; + if (krb5_enctypes_list[i].encrypt == NULL) { + assert(krb5_enctypes_list[i].aead != NULL); + + return krb5int_c_encrypt_aead_compat(krb5_enctypes_list[i].aead, + krb5_enctypes_list[i].enc, + krb5_enctypes_list[i].hash, + key, usage, ivec, + input, &output->ciphertext); + } + return((*(krb5_enctypes_list[i].encrypt)) (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, key, usage, ivec, input, &output->ciphertext)); diff --git a/src/lib/krb4/strnlen.c b/src/lib/crypto/encrypt_iov.c similarity index 61% rename from src/lib/krb4/strnlen.c rename to src/lib/crypto/encrypt_iov.c index 5dc80115cc..a35c5b5770 100644 --- a/src/lib/krb4/strnlen.c +++ b/src/lib/crypto/encrypt_iov.c @@ -1,7 +1,7 @@ /* - * lib/krb4/strnlen.c + * lib/crypto/encrypt_iov.c * - * Copyright 2000, 2001 by the Massachusetts Institute of Technology. + * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -22,29 +22,34 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * */ -#include -#include "krb.h" -#include "prot.h" - -/* - * krb4int_strnlen() - * - * Return the length of the string if a NUL is found in the first n - * bytes, otherwise, -1. - */ +#include "k5-int.h" +#include "etypes.h" -int KRB5_CALLCONV -krb4int_strnlen(const char *s, int n) +krb5_error_code KRB5_CALLCONV +krb5_c_encrypt_iov(krb5_context context, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *cipher_state, + krb5_crypto_iov *data, + size_t num_data) { - int i = 0; + int i; + const struct krb5_keytypes *ktp = NULL; - for (i = 0; i < n; i++) { - if (s[i] == '\0') { - return i; + for (i = 0; i < krb5_enctypes_length; i++) { + if (krb5_enctypes_list[i].etype == key->enctype) { + ktp = &krb5_enctypes_list[i]; + break; } } - return -1; + + if (ktp == NULL || ktp->aead == NULL) { + return KRB5_BAD_ENCTYPE; + } + + return ktp->aead->encrypt_iov(ktp->aead, ktp->enc, ktp->hash, + key, usage, cipher_state, data, num_data); } + diff --git a/src/lib/crypto/encrypt_length.c b/src/lib/crypto/encrypt_length.c index 71c25e7353..a934b2a210 100644 --- a/src/lib/crypto/encrypt_length.c +++ b/src/lib/crypto/encrypt_length.c @@ -26,6 +26,7 @@ #include "k5-int.h" #include "etypes.h" +#include "aead.h" krb5_error_code KRB5_CALLCONV krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, @@ -41,9 +42,18 @@ krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, if (i == krb5_enctypes_length) return(KRB5_BAD_ENCTYPE); - (*(krb5_enctypes_list[i].encrypt_len)) - (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, - inputlen, length); + if (krb5_enctypes_list[i].encrypt_len == NULL) { + assert(krb5_enctypes_list[i].aead != NULL); + + krb5int_c_encrypt_length_aead_compat(krb5_enctypes_list[i].aead, + krb5_enctypes_list[i].enc, + krb5_enctypes_list[i].hash, + inputlen, length); + } else { + (*(krb5_enctypes_list[i].encrypt_len)) + (krb5_enctypes_list[i].enc, krb5_enctypes_list[i].hash, + inputlen, length); + } return(0); } diff --git a/src/lib/crypto/enctype_to_string.c b/src/lib/crypto/enctype_to_string.c index f77dbff1cd..28fa63ee15 100644 --- a/src/lib/crypto/enctype_to_string.c +++ b/src/lib/crypto/enctype_to_string.c @@ -34,10 +34,9 @@ krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen) for (i=0; i buflen) + if (strlcpy(buffer, krb5_enctypes_list[i].out_string, + buflen) >= buflen) return(ENOMEM); - - strcpy(buffer, krb5_enctypes_list[i].out_string); return(0); } } diff --git a/src/lib/crypto/etypes.c b/src/lib/crypto/etypes.c index 4273e2826e..de11787d14 100644 --- a/src/lib/crypto/etypes.c +++ b/src/lib/crypto/etypes.c @@ -48,7 +48,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, krb5int_des_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_RSA_MD5 }, + CKSUMTYPE_RSA_MD5, + NULL /*AEAD*/ }, { ENCTYPE_DES_CBC_MD4, "des-cbc-md4", "DES cbc mode with RSA-MD4", &krb5int_enc_des, &krb5int_hash_md4, @@ -56,7 +57,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, krb5int_des_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_RSA_MD4 }, + CKSUMTYPE_RSA_MD4, + NULL /*AEAD*/ }, { ENCTYPE_DES_CBC_MD5, "des-cbc-md5", "DES cbc mode with RSA-MD5", &krb5int_enc_des, &krb5int_hash_md5, @@ -64,7 +66,8 @@ const struct krb5_keytypes krb5_enctypes_list[] = { krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, krb5int_des_string_to_key, NULL, /*PRF*/ -CKSUMTYPE_RSA_MD5 }, + CKSUMTYPE_RSA_MD5, + NULL /*AEAD*/ }, { ENCTYPE_DES_CBC_MD5, "des", "DES cbc mode with RSA-MD5", /* alias */ &krb5int_enc_des, &krb5int_hash_md5, @@ -72,7 +75,8 @@ CKSUMTYPE_RSA_MD5 }, krb5_old_encrypt_length, krb5_old_encrypt, krb5_old_decrypt, krb5int_des_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_RSA_MD5 }, + CKSUMTYPE_RSA_MD5, + NULL /*AEAD*/ }, { ENCTYPE_DES_CBC_RAW, "des-cbc-raw", "DES cbc mode raw", @@ -81,7 +85,8 @@ CKSUMTYPE_RSA_MD5 }, krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, krb5int_des_string_to_key, NULL, /*PRF*/ - 0 }, + 0, + &krb5int_aead_raw }, { ENCTYPE_DES3_CBC_RAW, "des3-cbc-raw", "Triple DES cbc mode raw", &krb5int_enc_des3, NULL, @@ -89,7 +94,8 @@ CKSUMTYPE_RSA_MD5 }, krb5_raw_encrypt_length, krb5_raw_encrypt, krb5_raw_decrypt, krb5int_dk_string_to_key, NULL, /*PRF*/ - 0 }, + 0, + &krb5int_aead_raw }, { ENCTYPE_DES3_CBC_SHA1, "des3-cbc-sha1", "Triple DES cbc mode with HMAC/sha1", @@ -98,7 +104,8 @@ CKSUMTYPE_RSA_MD5 }, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, krb5int_dk_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_SHA1_DES3 }, + CKSUMTYPE_HMAC_SHA1_DES3, + &krb5int_aead_dk }, { ENCTYPE_DES3_CBC_SHA1, /* alias */ "des3-hmac-sha1", "Triple DES cbc mode with HMAC/sha1", &krb5int_enc_des3, &krb5int_hash_sha1, @@ -106,7 +113,8 @@ CKSUMTYPE_RSA_MD5 }, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, krb5int_dk_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_SHA1_DES3 }, + CKSUMTYPE_HMAC_SHA1_DES3, + &krb5int_aead_dk }, { ENCTYPE_DES3_CBC_SHA1, /* alias */ "des3-cbc-sha1-kd", "Triple DES cbc mode with HMAC/sha1", &krb5int_enc_des3, &krb5int_hash_sha1, @@ -114,7 +122,8 @@ CKSUMTYPE_RSA_MD5 }, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, krb5int_dk_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_SHA1_DES3 }, + CKSUMTYPE_HMAC_SHA1_DES3, + &krb5int_aead_dk }, { ENCTYPE_DES_HMAC_SHA1, "des-hmac-sha1", "DES with HMAC/sha1", @@ -123,7 +132,8 @@ CKSUMTYPE_RSA_MD5 }, krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt, krb5int_dk_string_to_key, NULL, /*PRF*/ - 0 }, + 0, + NULL }, { ENCTYPE_ARCFOUR_HMAC, "arcfour-hmac","ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, @@ -131,7 +141,8 @@ CKSUMTYPE_RSA_MD5 }, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_MD5_ARCFOUR }, + CKSUMTYPE_HMAC_MD5_ARCFOUR, + &krb5int_aead_arcfour }, { ENCTYPE_ARCFOUR_HMAC, /* alias */ "rc4-hmac", "ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, @@ -139,7 +150,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_MD5_ARCFOUR }, + CKSUMTYPE_HMAC_MD5_ARCFOUR, + &krb5int_aead_arcfour }, { ENCTYPE_ARCFOUR_HMAC, /* alias */ "arcfour-hmac-md5", "ArcFour with HMAC/md5", &krb5int_enc_arcfour, &krb5int_hash_md5, @@ -147,7 +159,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_MD5_ARCFOUR }, + CKSUMTYPE_HMAC_MD5_ARCFOUR, + &krb5int_aead_arcfour }, { ENCTYPE_ARCFOUR_HMAC_EXP, "arcfour-hmac-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, @@ -156,7 +169,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_MD5_ARCFOUR }, + CKSUMTYPE_HMAC_MD5_ARCFOUR, + &krb5int_aead_arcfour }, { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */ "rc4-hmac-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, @@ -165,7 +179,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_MD5_ARCFOUR }, + CKSUMTYPE_HMAC_MD5_ARCFOUR, + &krb5int_aead_arcfour }, { ENCTYPE_ARCFOUR_HMAC_EXP, /* alias */ "arcfour-hmac-md5-exp", "Exportable ArcFour with HMAC/md5", &krb5int_enc_arcfour, @@ -174,7 +189,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5_arcfour_decrypt, krb5int_arcfour_string_to_key, NULL, /*PRF*/ - CKSUMTYPE_HMAC_MD5_ARCFOUR }, + CKSUMTYPE_HMAC_MD5_ARCFOUR, + &krb5int_aead_arcfour }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, "aes128-cts-hmac-sha1-96", "AES-128 CTS mode with 96-bit SHA-1 HMAC", @@ -183,7 +199,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt, krb5int_aes_string_to_key, krb5int_dk_prf, - CKSUMTYPE_HMAC_SHA1_96_AES128 }, + CKSUMTYPE_HMAC_SHA1_96_AES128, + &krb5int_aead_aes }, { ENCTYPE_AES128_CTS_HMAC_SHA1_96, /* alias */ "aes128-cts", "AES-128 CTS mode with 96-bit SHA-1 HMAC", &krb5int_enc_aes128, &krb5int_hash_sha1, @@ -191,7 +208,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt, krb5int_aes_string_to_key, krb5int_dk_prf, - CKSUMTYPE_HMAC_SHA1_96_AES128 }, + CKSUMTYPE_HMAC_SHA1_96_AES128, + &krb5int_aead_aes }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, "aes256-cts-hmac-sha1-96", "AES-256 CTS mode with 96-bit SHA-1 HMAC", &krb5int_enc_aes256, &krb5int_hash_sha1, @@ -199,7 +217,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt, krb5int_aes_string_to_key, krb5int_dk_prf, - CKSUMTYPE_HMAC_SHA1_96_AES256 }, + CKSUMTYPE_HMAC_SHA1_96_AES256, + &krb5int_aead_aes }, { ENCTYPE_AES256_CTS_HMAC_SHA1_96, /* alias */ "aes256-cts", "AES-256 CTS mode with 96-bit SHA-1 HMAC", &krb5int_enc_aes256, &krb5int_hash_sha1, @@ -207,7 +226,8 @@ krb5_arcfour_encrypt_length, krb5_arcfour_encrypt, krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt, krb5int_aes_string_to_key, krb5int_dk_prf, - CKSUMTYPE_HMAC_SHA1_96_AES256 }, + CKSUMTYPE_HMAC_SHA1_96_AES256, + &krb5int_aead_aes }, }; const int krb5_enctypes_length = diff --git a/src/lib/crypto/hash_provider/Makefile.in b/src/lib/crypto/hash_provider/Makefile.in index 313d9330ea..a2e32e21c4 100644 --- a/src/lib/crypto/hash_provider/Makefile.in +++ b/src/lib/crypto/hash_provider/Makefile.in @@ -35,48 +35,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crc32/crc-32.h hash_crc32.c hash_provider.h -hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../md4/rsa-md4.h hash_md4.c hash_provider.h -hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../md5/rsa-md5.h hash_md5.c hash_provider.h -hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../sha1/shs.h hash_provider.h hash_sha1.c diff --git a/src/lib/crypto/hash_provider/deps b/src/lib/crypto/hash_provider/deps new file mode 100644 index 0000000000..b736bf40a1 --- /dev/null +++ b/src/lib/crypto/hash_provider/deps @@ -0,0 +1,47 @@ +# +# Generated makefile dependencies follow. +# +hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../crc32/crc-32.h \ + hash_crc32.c hash_provider.h +hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../md4/rsa-md4.h \ + hash_md4.c hash_provider.h +hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../md5/rsa-md5.h \ + hash_md5.c hash_provider.h +hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../sha1/shs.h \ + hash_provider.h hash_sha1.c diff --git a/src/lib/crypto/hmac.c b/src/lib/crypto/hmac.c index 3c02726455..c2ff3341c2 100644 --- a/src/lib/crypto/hmac.c +++ b/src/lib/crypto/hmac.c @@ -25,6 +25,7 @@ */ #include "k5-int.h" +#include "aead.h" /* * the HMAC transform looks like: @@ -125,3 +126,41 @@ cleanup: return(ret); } + +krb5_error_code +krb5int_hmac_iov(const struct krb5_hash_provider *hash, const krb5_keyblock *key, + const krb5_crypto_iov *data, size_t num_data, krb5_data *output) +{ + krb5_data *sign_data; + size_t num_sign_data; + krb5_error_code ret; + size_t i, j; + + /* Create a checksum over all the data to be signed */ + for (i = 0, num_sign_data = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) + num_sign_data++; + } + + /* XXX cleanup to avoid alloc */ + sign_data = (krb5_data *)calloc(num_sign_data, sizeof(krb5_data)); + if (sign_data == NULL) + return ENOMEM; + + for (i = 0, j = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) + sign_data[j++] = iov->data; + } + + /* caller must store checksum in iov as it may be TYPE_TRAILER or TYPE_CHECKSUM */ + ret = krb5_hmac(hash, key, num_sign_data, sign_data, output); + + free(sign_data); + + return ret; +} + diff --git a/src/lib/crypto/keyhash_provider/Makefile.in b/src/lib/crypto/keyhash_provider/Makefile.in index 0be3f04339..542dfe3298 100644 --- a/src/lib/crypto/keyhash_provider/Makefile.in +++ b/src/lib/crypto/keyhash_provider/Makefile.in @@ -16,11 +16,11 @@ PROG_RPATH=$(KRB5_LIBDIR) RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf -STLIBOBJS= descbc.o k5_md4des.o k5_md5des.o hmac_md5.o +STLIBOBJS= descbc.o k5_md4des.o k5_md5des.o hmac_md5.o md5_hmac.o -OBJS= $(OUTPRE)descbc.$(OBJEXT) $(OUTPRE)k5_md4des.$(OBJEXT) $(OUTPRE)k5_md5des.$(OBJEXT) $(OUTPRE)hmac_md5.$(OBJEXT) +OBJS= $(OUTPRE)descbc.$(OBJEXT) $(OUTPRE)k5_md4des.$(OBJEXT) $(OUTPRE)k5_md5des.$(OBJEXT) $(OUTPRE)hmac_md5.$(OBJEXT) $(OUTPRE)md5_hmac.$(OBJEXT) -SRCS= $(srcdir)/descbc.c $(srcdir)/k5_md4des.c $(srcdir)/k5_md5des.c $(srcdir)/hmac_md5.c +SRCS= $(srcdir)/descbc.c $(srcdir)/k5_md4des.c $(srcdir)/k5_md5des.c $(srcdir)/hmac_md5.c $(srcdir)/md5_hmac.c ##DOS##LIBOBJS = $(OBJS) @@ -54,52 +54,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -descbc.so descbc.po $(OUTPRE)descbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../des/des_int.h descbc.c keyhash_provider.h -k5_md4des.so k5_md4des.po $(OUTPRE)k5_md4des.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ - $(srcdir)/../md4/rsa-md4.h k5_md4des.c keyhash_provider.h -k5_md5des.so k5_md5des.po $(OUTPRE)k5_md5des.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ - $(srcdir)/../md5/rsa-md5.h k5_md5des.c keyhash_provider.h -hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \ - $(srcdir)/../hash_provider/hash_provider.h $(srcdir)/../md5/rsa-md5.h \ - hmac_md5.c keyhash_provider.h diff --git a/src/lib/crypto/keyhash_provider/deps b/src/lib/crypto/keyhash_provider/deps new file mode 100644 index 0000000000..5354756c82 --- /dev/null +++ b/src/lib/crypto/keyhash_provider/deps @@ -0,0 +1,60 @@ +# +# Generated makefile dependencies follow. +# +descbc.so descbc.po $(OUTPRE)descbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../des/des_int.h descbc.c keyhash_provider.h +k5_md4des.so k5_md4des.po $(OUTPRE)k5_md4des.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ + $(srcdir)/../md4/rsa-md4.h k5_md4des.c keyhash_provider.h +k5_md5des.so k5_md5des.po $(OUTPRE)k5_md5des.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ + $(srcdir)/../md5/rsa-md5.h k5_md5des.c keyhash_provider.h +hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \ + $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \ + $(srcdir)/../hash_provider/hash_provider.h $(srcdir)/../md5/rsa-md5.h \ + hmac_md5.c keyhash_provider.h +md5_hmac.so md5_hmac.po $(OUTPRE)md5_hmac.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../arcfour/arcfour-int.h \ + $(srcdir)/../arcfour/arcfour.h $(srcdir)/../hash_provider/hash_provider.h \ + $(srcdir)/../md5/rsa-md5.h keyhash_provider.h md5_hmac.c diff --git a/src/lib/crypto/keyhash_provider/descbc.c b/src/lib/crypto/keyhash_provider/descbc.c index 23b33fc07d..bf68e324ce 100644 --- a/src/lib/crypto/keyhash_provider/descbc.c +++ b/src/lib/crypto/keyhash_provider/descbc.c @@ -66,5 +66,7 @@ k5_descbc_hash(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *i const struct krb5_keyhash_provider krb5int_keyhash_descbc = { 8, k5_descbc_hash, + NULL, + NULL, NULL }; diff --git a/src/lib/crypto/keyhash_provider/hmac_md5.c b/src/lib/crypto/keyhash_provider/hmac_md5.c index a2472a8329..53da03ad41 100644 --- a/src/lib/crypto/keyhash_provider/hmac_md5.c +++ b/src/lib/crypto/keyhash_provider/hmac_md5.c @@ -1,9 +1,7 @@ /* * lib/crypto/keyhash_provider/hmac_md5.c * -(I don't know) -. - * Copyright2001 by the Massachusetts Institute of Technology. + * Copyright 2001 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -26,8 +24,8 @@ * or implied warranty. * * -* Implementation of the Microsoft hmac-md5 checksum type. -* Implemented based on draft-brezak-win2k-krb-rc4-hmac-03 + * Implementation of the Microsoft hmac-md5 checksum type. + * Implemented based on draft-brezak-win2k-krb-rc4-hmac-03 */ #include "k5-int.h" @@ -35,6 +33,7 @@ #include "arcfour-int.h" #include "rsa-md5.h" #include "hash_provider.h" +#include "../aead.h" static krb5_error_code k5_hmac_md5_hash (const krb5_keyblock *key, krb5_keyusage usage, @@ -86,11 +85,67 @@ k5_hmac_md5_hash (const krb5_keyblock *key, krb5_keyusage usage, return ret; } - +static krb5_error_code +k5_hmac_md5_hash_iov (const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *iv, + const krb5_crypto_iov *data, size_t num_data, + krb5_data *output) +{ + krb5_keyusage ms_usage; + krb5_error_code ret; + krb5_keyblock ks; + krb5_data ds, ks_constant, md5tmp; + krb5_MD5_CTX ctx; + char t[4]; + size_t i; + + ds.length = key->length; + ks.length = key->length; + ds.data = malloc(ds.length); + if (ds.data == NULL) + return ENOMEM; + ks.contents = (void *) ds.data; + + ks_constant.data = "signaturekey"; + ks_constant.length = strlen(ks_constant.data)+1; /* Including null*/ + + ret = krb5_hmac( &krb5int_hash_md5, key, 1, + &ks_constant, &ds); + if (ret) + goto cleanup; + + krb5_MD5Init (&ctx); + ms_usage = krb5int_arcfour_translate_usage (usage); + t[0] = (ms_usage) & 0xff; + t[1] = (ms_usage>>8) & 0xff; + t[2] = (ms_usage >>16) & 0xff; + t[3] = (ms_usage>>24) & 0XFF; + krb5_MD5Update (&ctx, (unsigned char * ) &t, 4); + for (i = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (SIGN_IOV(iov)) + krb5_MD5Update (&ctx, (unsigned char *)iov->data.data, + (unsigned int)iov->data.length); + } + krb5_MD5Final(&ctx); + md5tmp.data = (void *) ctx.digest; + md5tmp.length = 16; + ret = krb5_hmac ( &krb5int_hash_md5, &ks, 1, &md5tmp, + output); + + cleanup: + memset(&ctx, 0, sizeof(ctx)); + memset (ks.contents, 0, ks.length); + free (ks.contents); + return ret; +} const struct krb5_keyhash_provider krb5int_keyhash_hmac_md5 = { 16, k5_hmac_md5_hash, - NULL /*checksum again*/ + NULL, /*checksum again*/ + k5_hmac_md5_hash_iov, + NULL /*checksum again */ }; diff --git a/src/lib/crypto/keyhash_provider/k5_md4des.c b/src/lib/crypto/keyhash_provider/k5_md4des.c index 9f19f4f968..fceb58ebd4 100644 --- a/src/lib/crypto/keyhash_provider/k5_md4des.c +++ b/src/lib/crypto/keyhash_provider/k5_md4des.c @@ -188,5 +188,7 @@ k5_md4des_verify(const krb5_keyblock *key, krb5_keyusage usage, const struct krb5_keyhash_provider krb5int_keyhash_md4des = { CONFLENGTH+RSA_MD4_CKSUM_LENGTH, k5_md4des_hash, - k5_md4des_verify + k5_md4des_verify, + NULL, + NULL }; diff --git a/src/lib/crypto/keyhash_provider/k5_md5des.c b/src/lib/crypto/keyhash_provider/k5_md5des.c index e70965b791..0175c68ab7 100644 --- a/src/lib/crypto/keyhash_provider/k5_md5des.c +++ b/src/lib/crypto/keyhash_provider/k5_md5des.c @@ -185,5 +185,7 @@ k5_md5des_verify(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data const struct krb5_keyhash_provider krb5int_keyhash_md5des = { CONFLENGTH+RSA_MD5_CKSUM_LENGTH, k5_md5des_hash, - k5_md5des_verify + k5_md5des_verify, + NULL, + NULL }; diff --git a/src/lib/crypto/keyhash_provider/keyhash_provider.h b/src/lib/crypto/keyhash_provider/keyhash_provider.h index 6a96faf8ff..8ac91e19db 100644 --- a/src/lib/crypto/keyhash_provider/keyhash_provider.h +++ b/src/lib/crypto/keyhash_provider/keyhash_provider.h @@ -30,3 +30,6 @@ extern const struct krb5_keyhash_provider krb5int_keyhash_descbc; extern const struct krb5_keyhash_provider krb5int_keyhash_md4des; extern const struct krb5_keyhash_provider krb5int_keyhash_md5des; extern const struct krb5_keyhash_provider krb5int_keyhash_hmac_md5; +extern const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac; +extern const struct krb5_keyhash_provider krb5int_keyhash_aescbc_128; +extern const struct krb5_keyhash_provider krb5int_keyhash_aescbc_256; diff --git a/src/lib/des425/key_parity.c b/src/lib/crypto/keyhash_provider/md5_hmac.c similarity index 51% rename from src/lib/des425/key_parity.c rename to src/lib/crypto/keyhash_provider/md5_hmac.c index 96e13e2f47..8c2591588a 100644 --- a/src/lib/des425/key_parity.c +++ b/src/lib/crypto/keyhash_provider/md5_hmac.c @@ -1,7 +1,7 @@ /* - * lib/des425/key_parity.c + * lib/crypto/keyhash_provider/md5_hmac.c * - * Copyright 1989, 1990 by the Massachusetts Institute of Technology. + * Copyright2001 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -23,30 +23,46 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. * + * Implementation of Microsoft KERB_CHECKSUM_MD5_HMAC */ -#include "des_int.h" -#include "des.h" +#include "k5-int.h" +#include "keyhash_provider.h" +#include "arcfour-int.h" +#include "rsa-md5.h" +#include "hash_provider.h" -/* - * des_fixup_key_parity: Forces odd parity per byte; parity is bits - * 8,16,...64 in des order, implies 0, 8, 16, ... - * vax order. - */ -void -des_fixup_key_parity(key) - register mit_des_cblock key; +static krb5_error_code +k5_md5_hmac_hash (const krb5_keyblock *key, krb5_keyusage usage, + const krb5_data *iv, + const krb5_data *input, krb5_data *output) { - mit_des_fixup_key_parity(key); -} + krb5_keyusage ms_usage; + krb5_MD5_CTX ctx; + unsigned char t[4]; + krb5_data ds; -/* - * des_check_key_parity: returns true iff key has the correct des parity. - */ -int -des_check_key_parity(key) - register mit_des_cblock key; -{ - return(mit_des_check_key_parity(key)); + krb5_MD5Init(&ctx); + + ms_usage = krb5int_arcfour_translate_usage (usage); + t[0] = (ms_usage >> 0) & 0xff; + t[1] = (ms_usage >> 8) & 0xff; + t[2] = (ms_usage >> 16) & 0xff; + t[3] = (ms_usage >> 24) & 0xff; + + krb5_MD5Update(&ctx, t, sizeof(t)); + krb5_MD5Update(&ctx, (unsigned char *)input->data, input->length); + krb5_MD5Final(&ctx); + + ds.length = 16; + ds.data = (char *)ctx.digest; + + return krb5_hmac ( &krb5int_hash_md5, key, 1, &ds, output); } +const struct krb5_keyhash_provider krb5int_keyhash_md5_hmac = { + 16, + k5_md5_hmac_hash, + NULL /*checksum again*/ +}; + diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index d705a6b5f3..867d9a2329 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -14,8 +14,12 @@ krb5_arcfour_encrypt krb5_arcfour_encrypt_length krb5_c_block_size krb5_c_checksum_length +krb5_c_crypto_length +krb5_c_crypto_length_iov krb5_c_decrypt +krb5_c_decrypt_iov krb5_c_encrypt +krb5_c_encrypt_iov krb5_c_encrypt_length krb5_c_enctype_compare krb5_c_free_state @@ -25,7 +29,9 @@ krb5_c_is_keyed_cksum krb5_c_keyed_checksum_types krb5_c_keylengths krb5_c_make_checksum +krb5_c_make_checksum_iov krb5_c_make_random_key +krb5_c_padding_length krb5_c_prf krb5_c_prf_length krb5_c_random_add_entropy @@ -38,6 +44,7 @@ krb5_c_string_to_key_with_params krb5_c_valid_cksumtype krb5_c_valid_enctype krb5_c_verify_checksum +krb5_c_verify_checksum_iov krb5_calculate_checksum krb5_checksum_size krb5_cksumtype_to_string diff --git a/src/lib/crypto/make_checksum.c b/src/lib/crypto/make_checksum.c index c729c1d23e..ad532b27dd 100644 --- a/src/lib/crypto/make_checksum.c +++ b/src/lib/crypto/make_checksum.c @@ -63,6 +63,9 @@ krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, if (krb5_cksumtypes_list[i].keyhash) { /* check if key is compatible */ + const struct krb5_keyhash_provider *keyhash; + + keyhash = krb5_cksumtypes_list[i].keyhash; if (krb5_cksumtypes_list[i].keyed_etype) { for (e1=0; e1hash))(key, usage, 0, input, &data); + if (keyhash->hash == NULL) { + krb5_crypto_iov iov[1]; + + iov[0].flags = KRB5_CRYPTO_TYPE_DATA; + iov[0].data = *input; + + assert(keyhash->hash_iov != NULL); + + ret = (*keyhash->hash_iov)(key, usage, 0, iov, 1, &data); + } else { + ret = (*keyhash->hash)(key, usage, 0, input, &data); + } } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) { ret = krb5_dk_make_checksum(krb5_cksumtypes_list[i].hash, key, usage, input, &data); diff --git a/src/lib/crypto/make_checksum_iov.c b/src/lib/crypto/make_checksum_iov.c new file mode 100644 index 0000000000..3cf4af6052 --- /dev/null +++ b/src/lib/crypto/make_checksum_iov.c @@ -0,0 +1,82 @@ +/* + * lib/crypto/make_checksum_iov.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "k5-int.h" +#include "cksumtypes.h" +#include "aead.h" + +krb5_error_code KRB5_CALLCONV +krb5_c_make_checksum_iov(krb5_context context, + krb5_cksumtype cksumtype, + const krb5_keyblock *key, + krb5_keyusage usage, + krb5_crypto_iov *data, + size_t num_data) +{ + unsigned int i; + size_t cksumlen; + krb5_error_code ret; + krb5_data cksum_data; + krb5_crypto_iov *checksum; + + for (i = 0; i < krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == cksumtype) + break; + } + + if (i == krb5_cksumtypes_length) + return(KRB5_BAD_ENCTYPE); + + if (krb5_cksumtypes_list[i].keyhash != NULL) + cksum_data.length = krb5_cksumtypes_list[i].keyhash->hashsize; + else + cksum_data.length = krb5_cksumtypes_list[i].hash->hashsize; + + if (krb5_cksumtypes_list[i].trunc_size != 0) + cksumlen = krb5_cksumtypes_list[i].trunc_size; + else + cksumlen = cksum_data.length; + + checksum = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM); + if (checksum == NULL || checksum->data.length < cksumlen) + return(KRB5_BAD_MSIZE); + + cksum_data.data = malloc(cksum_data.length); + if (cksum_data.data == NULL) + return(ENOMEM); + + ret = krb5int_c_make_checksum_iov(&krb5_cksumtypes_list[i], + key, usage, data, num_data, + &cksum_data); + if (ret == 0) { + memcpy(checksum->data.data, cksum_data.data, cksumlen); + checksum->data.length = cksumlen; + } + + free(cksum_data.data); + + return(ret); +} diff --git a/src/lib/crypto/md4/Makefile.in b/src/lib/crypto/md4/Makefile.in index f32ef48eb7..f7d65b818a 100644 --- a/src/lib/crypto/md4/Makefile.in +++ b/src/lib/crypto/md4/Makefile.in @@ -56,17 +56,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -md4.so md4.po $(OUTPRE)md4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h md4.c rsa-md4.h diff --git a/src/lib/crypto/md4/deps b/src/lib/crypto/md4/deps new file mode 100644 index 0000000000..775a8b446c --- /dev/null +++ b/src/lib/crypto/md4/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +md4.so md4.po $(OUTPRE)md4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + md4.c rsa-md4.h diff --git a/src/lib/crypto/md5/Makefile.in b/src/lib/crypto/md5/Makefile.in index 0447d598d4..73a4ceaee0 100644 --- a/src/lib/crypto/md5/Makefile.in +++ b/src/lib/crypto/md5/Makefile.in @@ -46,17 +46,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -md5.so md5.po $(OUTPRE)md5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h md5.c rsa-md5.h diff --git a/src/lib/crypto/md5/deps b/src/lib/crypto/md5/deps new file mode 100644 index 0000000000..131185443e --- /dev/null +++ b/src/lib/crypto/md5/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +md5.so md5.po $(OUTPRE)md5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + md5.c rsa-md5.h diff --git a/src/lib/crypto/old/Makefile.in b/src/lib/crypto/old/Makefile.in index 90418c46cc..7e68315f2a 100644 --- a/src/lib/crypto/old/Makefile.in +++ b/src/lib/crypto/old/Makefile.in @@ -33,39 +33,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -des_stringtokey.so des_stringtokey.po $(OUTPRE)des_stringtokey.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ - des_stringtokey.c old.h -old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - old.h old_decrypt.c -old_encrypt.so old_encrypt.po $(OUTPRE)old_encrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - old.h old_encrypt.c diff --git a/src/lib/crypto/old/deps b/src/lib/crypto/old/deps new file mode 100644 index 0000000000..38a00ddf6c --- /dev/null +++ b/src/lib/crypto/old/deps @@ -0,0 +1,34 @@ +# +# Generated makefile dependencies follow. +# +des_stringtokey.so des_stringtokey.po $(OUTPRE)des_stringtokey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \ + des_stringtokey.c old.h +old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h old.h old_decrypt.c +old_encrypt.so old_encrypt.po $(OUTPRE)old_encrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h old.h old_encrypt.c diff --git a/src/lib/crypto/raw/Makefile.in b/src/lib/crypto/raw/Makefile.in index a719060950..4a1d0376cb 100644 --- a/src/lib/crypto/raw/Makefile.in +++ b/src/lib/crypto/raw/Makefile.in @@ -2,6 +2,7 @@ thisconfigdir=../../.. myfulldir=lib/crypto/raw mydir=lib/crypto/raw BUILDTOP=$(REL)..$(S)..$(S).. +LOCALINCLUDES = -I$(srcdir)/.. DEFS= ##DOS##BUILDTOP = ..\..\.. @@ -13,11 +14,11 @@ PROG_RPATH=$(KRB5_LIBDIR) RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf -STLIBOBJS= raw_decrypt.o raw_encrypt.o +STLIBOBJS= raw_decrypt.o raw_encrypt.o raw_aead.o -OBJS= $(OUTPRE)raw_decrypt.$(OBJEXT) $(OUTPRE)raw_encrypt.$(OBJEXT) +OBJS= $(OUTPRE)raw_decrypt.$(OBJEXT) $(OUTPRE)raw_encrypt.$(OBJEXT) $(OUTPRE)raw_aead.$(OBJEXT) -SRCS= $(srcdir)/raw_decrypt.c $(srcdir)/raw_encrypt.c +SRCS= $(srcdir)/raw_decrypt.c $(srcdir)/raw_encrypt.c $(srcdir)/raw_aead.c ##DOS##LIBOBJS = $(OBJS) @@ -31,28 +32,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -raw_decrypt.so raw_decrypt.po $(OUTPRE)raw_decrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - raw.h raw_decrypt.c -raw_encrypt.so raw_encrypt.po $(OUTPRE)raw_encrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - raw.h raw_encrypt.c diff --git a/src/lib/crypto/raw/deps b/src/lib/crypto/raw/deps new file mode 100644 index 0000000000..c457915590 --- /dev/null +++ b/src/lib/crypto/raw/deps @@ -0,0 +1,34 @@ +# +# Generated makefile dependencies follow. +# +raw_decrypt.so raw_decrypt.po $(OUTPRE)raw_decrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h raw.h raw_decrypt.c +raw_encrypt.so raw_encrypt.po $(OUTPRE)raw_encrypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h raw.h raw_encrypt.c +raw_aead.so raw_aead.po $(OUTPRE)raw_aead.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \ + raw.h raw_aead.c diff --git a/src/lib/crypto/raw/raw.h b/src/lib/crypto/raw/raw.h index d3f7dd835e..f4b7d5f0b7 100644 --- a/src/lib/crypto/raw/raw.h +++ b/src/lib/crypto/raw/raw.h @@ -44,3 +44,6 @@ krb5_error_code krb5_raw_decrypt const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *ivec, const krb5_data *input, krb5_data *arg_output); + +extern const struct krb5_aead_provider krb5int_aead_raw; + diff --git a/src/lib/crypto/raw/raw_aead.c b/src/lib/crypto/raw/raw_aead.c new file mode 100644 index 0000000000..f52fe000d1 --- /dev/null +++ b/src/lib/crypto/raw/raw_aead.c @@ -0,0 +1,163 @@ +/* + * lib/crypto/raw/raw_aead.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + + +#include "k5-int.h" +#include "raw.h" +#include "aead.h" + +/* AEAD */ + +static krb5_error_code +krb5int_raw_crypto_length(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + krb5_cryptotype type, + unsigned int *length) +{ + switch (type) { + case KRB5_CRYPTO_TYPE_PADDING: + *length = enc->block_size; + break; + default: + *length = 0; + break; + } + + return 0; +} + +static krb5_error_code +krb5int_raw_encrypt_iov(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + krb5_error_code ret; + krb5_crypto_iov *padding; + size_t i; + unsigned int blocksize = 0; + unsigned int plainlen = 0; + unsigned int padsize = 0; + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize); + if (ret != 0) + return ret; + + for (i = 0; i < num_data; i++) { + krb5_crypto_iov *iov = &data[i]; + + if (iov->flags == KRB5_CRYPTO_TYPE_DATA) + plainlen += iov->data.length; + } + + if (blocksize != 0) { + /* Check that the input data is correctly padded */ + if (plainlen % blocksize) + padsize = blocksize - (plainlen % blocksize); + } + + padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING); + if (padsize && (padding == NULL || padding->data.length < padsize)) + return KRB5_BAD_MSIZE; + + if (padding != NULL) { + memset(padding->data.data, 0, padsize); + padding->data.length = padsize; + } + + assert(enc->encrypt_iov != NULL); + + ret = enc->encrypt_iov(key, ivec, data, num_data); /* will update ivec */ + + return ret; +} + +static krb5_error_code +krb5int_raw_decrypt_iov(const struct krb5_aead_provider *aead, + const struct krb5_enc_provider *enc, + const struct krb5_hash_provider *hash, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_data *ivec, + krb5_crypto_iov *data, + size_t num_data) +{ + krb5_error_code ret; + size_t i; + unsigned int blocksize = 0; /* careful, this is enc block size not confounder len */ + unsigned int cipherlen = 0; + + if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) { + return krb5int_c_iov_decrypt_stream(aead, enc, hash, key, + usage, ivec, data, num_data); + } + + + /* E(Confounder | Plaintext | Pad) | Checksum */ + + ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize); + if (ret != 0) + return ret; + + for (i = 0; i < num_data; i++) { + const krb5_crypto_iov *iov = &data[i]; + + if (ENCRYPT_DATA_IOV(iov)) + cipherlen += iov->data.length; + } + + if (blocksize == 0) { + /* Check for correct input length in CTS mode */ + if (enc->block_size != 0 && cipherlen < enc->block_size) + return KRB5_BAD_MSIZE; + } else { + /* Check that the input data is correctly padded */ + if ((cipherlen % blocksize) != 0) + return KRB5_BAD_MSIZE; + } + + /* Validate header and trailer lengths */ + + /* derive the keys */ + + /* decrypt the plaintext (header | data | padding) */ + assert(enc->decrypt_iov != NULL); + + ret = enc->decrypt_iov(key, ivec, data, num_data); /* will update ivec */ + + return ret; +} + +const struct krb5_aead_provider krb5int_aead_raw = { + krb5int_raw_crypto_length, + krb5int_raw_encrypt_iov, + krb5int_raw_decrypt_iov +}; diff --git a/src/lib/crypto/sha1/Makefile.in b/src/lib/crypto/sha1/Makefile.in index bdc3a4e66f..ffa314d1fc 100644 --- a/src/lib/crypto/sha1/Makefile.in +++ b/src/lib/crypto/sha1/Makefile.in @@ -51,17 +51,3 @@ t_shs3: t_shs3.o shs.o $(SUPPORT_DEPLIB) @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -shs.so shs.po $(OUTPRE)shs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h shs.c shs.h diff --git a/src/lib/crypto/sha1/deps b/src/lib/crypto/sha1/deps new file mode 100644 index 0000000000..e8f519a9e6 --- /dev/null +++ b/src/lib/crypto/sha1/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +shs.so shs.po $(OUTPRE)shs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + shs.c shs.h diff --git a/src/lib/crypto/string_to_key.c b/src/lib/crypto/string_to_key.c index 03165ab25d..71d9db6501 100644 --- a/src/lib/crypto/string_to_key.c +++ b/src/lib/crypto/string_to_key.c @@ -93,6 +93,8 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype, if (ret) { memset(key->contents, 0, keylength); free(key->contents); + key->length = 0; + key->contents = NULL; } return(ret); diff --git a/src/lib/crypto/t_encrypt.c b/src/lib/crypto/t_encrypt.c index eb2378b5e5..c4ecbdecfb 100644 --- a/src/lib/crypto/t_encrypt.c +++ b/src/lib/crypto/t_encrypt.c @@ -1,7 +1,7 @@ /* -main * lib/crypto/t_encrypt.c + * lib/crypto/t_encrypt.c * - * Copyright2001 by the Massachusetts Institute of Technology. + * Copyright 2001, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -76,12 +76,15 @@ main () { krb5_context context = 0; krb5_data in, in2, out, out2, check, check2, state; + krb5_crypto_iov iov[5]; int i; size_t len; krb5_enc_data enc_out, enc_out2; krb5_error_code retval; krb5_keyblock *key; + memset(iov, 0, sizeof(iov)); + in.data = "This is a test.\n"; in.length = strlen (in.data); in2.data = "This is another test.\n"; @@ -118,6 +121,46 @@ main () test ("Decrypting", krb5_c_decrypt (context, key, 7, 0, &enc_out, &check)); test ("Comparing", compare_results (&in, &check)); + if ( krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &len) == 0 ){ + /* We support iov/aead*/ + int j, pos; + krb5_data signdata; + signdata.data = (char *) "This should be signed"; + signdata.length = strlen(signdata.data); + iov[0].flags= KRB5_CRYPTO_TYPE_STREAM; + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[0].data = enc_out.ciphertext; + iov[1].data = out; + test("IOV stream decrypting", + krb5_c_decrypt_iov( context, key, 7, 0, iov, 2)); + test("Comparing results", + compare_results(&in, &iov[1].data)); + iov[0].flags = KRB5_CRYPTO_TYPE_HEADER; + iov[1].flags = KRB5_CRYPTO_TYPE_DATA; + iov[1].data = in; /*We'll need to copy memory before encrypt*/ + iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + iov[2].data = signdata; + iov[3].flags = KRB5_CRYPTO_TYPE_PADDING; + iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER; + test("Setting up iov lengths", + krb5_c_crypto_length_iov(context, key->enctype, iov, 5)); + for (j=0,pos=0; j <= 4; j++ ){ + if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY) + continue; + iov[j].data.data = &out.data[pos]; + pos += iov[j].data.length; + } + assert (iov[1].data.length == in.length); + memcpy(iov[1].data.data, in.data, in.length); + test("iov encrypting", + krb5_c_encrypt_iov(context, key, 7, 0, iov, 5)); + assert(iov[1].data.length == in.length); + test("iov decrypting", + krb5_c_decrypt_iov(context, key, 7, 0, iov, 5)); + test("Comparing results", + compare_results(&in, &iov[1].data)); + + } enc_out.ciphertext.length = out.length; check.length = 2048; test ("init_state", diff --git a/src/lib/crypto/t_hmac.c b/src/lib/crypto/t_hmac.c index 000e64b855..bf629c359f 100644 --- a/src/lib/crypto/t_hmac.c +++ b/src/lib/crypto/t_hmac.c @@ -135,6 +135,7 @@ static void test_hmac() krb5_error_code err; int i, j; int lose = 0; + struct k5buf buf; /* RFC 2202 test vector. */ static const struct hmac_test md5tests[] = { @@ -240,11 +241,12 @@ static void test_hmac() exit(1); } - if (sizeof(stroutbuf) - 3 < 2 * out.length) - abort(); - strcpy(stroutbuf, "0x"); + krb5int_buf_init_fixed(&buf, stroutbuf, sizeof(stroutbuf)); + krb5int_buf_add(&buf, "0x"); for (j = 0; j < out.length; j++) - sprintf(stroutbuf + strlen(stroutbuf), "%02x", 0xff & outbuf[j]); + krb5int_buf_add_fmt(&buf, "%02x", 0xff & outbuf[j]); + if (krb5int_buf_data(&buf) == NULL) + abort(); if (strcmp(stroutbuf, md5tests[i].hexdigest)) { printf("*** CHECK FAILED!\n" "\tReturned: %s.\n" diff --git a/src/lib/crypto/vectors.c b/src/lib/crypto/vectors.c index 27b6206c96..64a5071c07 100644 --- a/src/lib/crypto/vectors.c +++ b/src/lib/crypto/vectors.c @@ -129,10 +129,10 @@ test_mit_des_s2k () sd.data = (char *) s; assert (strlen (s) + 4 < sizeof (buf)); - sprintf (buf, "\"%s\"", s); + snprintf (buf, sizeof (buf), "\"%s\"", s); printf ( "salt: %-25s", buf); printhex (strlen(s), s); - sprintf (buf, "\"%s\"", p); + snprintf (buf, sizeof (buf), "\"%s\"", p); printf ("\npassword: %-25s", buf); printhex (strlen(p), p); printf ("\n"); @@ -174,10 +174,10 @@ test_s2k (krb5_enctype enctype) key.contents = key_contents; assert (strlen (s) + 4 < sizeof (buf)); - sprintf (buf, "\"%s\"", s); + snprintf (buf, sizeof(buf), "\"%s\"", s); printf ( "salt:\t%s\n\t", buf); printhex (strlen(s), s); - sprintf (buf, "\"%s\"", p); + snprintf (buf, sizeof(buf), "\"%s\"", p); printf ("\npasswd:\t%s\n\t", buf); printhex (strlen(p), p); printf ("\n"); diff --git a/src/lib/crypto/verify_checksum.c b/src/lib/crypto/verify_checksum.c index f531ee1639..72b5595de6 100644 --- a/src/lib/crypto/verify_checksum.c +++ b/src/lib/crypto/verify_checksum.c @@ -51,10 +51,22 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, indata.length = cksum->length; indata.data = (char *) cksum->contents; - if (krb5_cksumtypes_list[i].keyhash && - krb5_cksumtypes_list[i].keyhash->verify) - return((*(krb5_cksumtypes_list[i].keyhash->verify))(key, usage, 0, data, - &indata, valid)); + if (krb5_cksumtypes_list[i].keyhash) { + const struct krb5_keyhash_provider *keyhash; + + keyhash = krb5_cksumtypes_list[i].keyhash; + + if (keyhash->verify == NULL && keyhash->verify_iov != NULL) { + krb5_crypto_iov iov[1]; + + iov[0].flags = KRB5_CRYPTO_TYPE_DATA; + iov[0].data = *data; + + return (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata, valid); + } else if (keyhash->verify != NULL) { + return (*keyhash->verify)(key, usage, 0, data, &indata, valid); + } + } /* otherwise, make the checksum again, and compare */ diff --git a/src/lib/crypto/verify_checksum_iov.c b/src/lib/crypto/verify_checksum_iov.c new file mode 100644 index 0000000000..08c0a5c7bd --- /dev/null +++ b/src/lib/crypto/verify_checksum_iov.c @@ -0,0 +1,98 @@ +/* + * lib/crypto/verify_checksum_iov.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#include "k5-int.h" +#include "cksumtypes.h" +#include "aead.h" + +krb5_error_code KRB5_CALLCONV +krb5_c_verify_checksum_iov(krb5_context context, + krb5_cksumtype checksum_type, + const krb5_keyblock *key, + krb5_keyusage usage, + const krb5_crypto_iov *data, + size_t num_data, + krb5_boolean *valid) +{ + unsigned int i; + size_t cksumlen; + krb5_error_code ret; + krb5_data computed; + krb5_crypto_iov *checksum; + + for (i = 0; i < krb5_cksumtypes_length; i++) { + if (krb5_cksumtypes_list[i].ctype == checksum_type) + break; + } + + if (i == krb5_cksumtypes_length) + return(KRB5_BAD_ENCTYPE); + + checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM); + if (checksum == NULL) + return(KRB5_BAD_MSIZE); + + /* if there's actually a verify function, call it */ + + if (krb5_cksumtypes_list[i].keyhash && + krb5_cksumtypes_list[i].keyhash->verify_iov) + return((*(krb5_cksumtypes_list[i].keyhash->verify_iov))(key, usage, 0, + data, num_data, + &checksum->data, + valid)); + + /* otherwise, make the checksum again, and compare */ + + if (krb5_cksumtypes_list[i].keyhash != NULL) + computed.length = krb5_cksumtypes_list[i].keyhash->hashsize; + else + computed.length = krb5_cksumtypes_list[i].hash->hashsize; + + if (krb5_cksumtypes_list[i].trunc_size != 0) + cksumlen = krb5_cksumtypes_list[i].trunc_size; + else + cksumlen = computed.length; + + if (checksum->data.length != cksumlen) + return(KRB5_BAD_MSIZE); + + computed.data = malloc(computed.length); + if (computed.data == NULL) + return(ENOMEM); + + if ((ret = krb5int_c_make_checksum_iov(&krb5_cksumtypes_list[i], key, usage, + data, num_data, &computed))) { + free(computed.data); + return(ret); + } + + *valid = (computed.length == cksumlen) && + (memcmp(computed.data, checksum->data.data, cksumlen) == 0); + + free(computed.data); + + return(0); +} diff --git a/src/lib/crypto/yarrow/Makefile.in b/src/lib/crypto/yarrow/Makefile.in index 239645ccb7..12d95860b8 100644 --- a/src/lib/crypto/yarrow/Makefile.in +++ b/src/lib/crypto/yarrow/Makefile.in @@ -37,30 +37,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../sha1/shs.h \ - yarrow.c yarrow.h ycipher.h yexcep.h yhash.h ylock.h \ - ystate.h ytypes.h -ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../enc_provider/enc_provider.h \ - $(srcdir)/../sha1/shs.h yarrow.h ycipher.c ycipher.h \ - yhash.h ytypes.h diff --git a/src/lib/crypto/yarrow/deps b/src/lib/crypto/yarrow/deps new file mode 100644 index 0000000000..182fa52d85 --- /dev/null +++ b/src/lib/crypto/yarrow/deps @@ -0,0 +1,25 @@ +# +# Generated makefile dependencies follow. +# +yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../sha1/shs.h yarrow.c yarrow.h ycipher.h \ + yexcep.h yhash.h ylock.h ystate.h ytypes.h +ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../enc_provider/enc_provider.h $(srcdir)/../sha1/shs.h \ + yarrow.h ycipher.c ycipher.h yhash.h ytypes.h diff --git a/src/lib/deps b/src/lib/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/lib/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/lib/des425/ISSUES b/src/lib/des425/ISSUES deleted file mode 100644 index ec5ce0087c..0000000000 --- a/src/lib/des425/ISSUES +++ /dev/null @@ -1,28 +0,0 @@ --*- text -*- - -* unix_time.c also exists in ../krb4, and they're different; both - should probably call into the krb5 support anyways to avoid - duplicating code. - -* namespace intrusions - -* Check include/kerberosIV/des.h and see if all the prototyped - functions really are necessary to retain; if not, delete some of - these source files. - -* Much of this code requires that DES_INT32 be *exactly* 32 bits, and - 4 bytes. - -* Array types are used in function call signatures, which is unclean. - It makes trying to add "const" qualifications in the right places - really, um, interesting. But we're probably stuck with them. - -* quad_cksum is totally broken. I have no idea whether the author - actually believed it implemented the documented algorithm, but I'm - certain it doesn't. The only question is, is it still reasonably - secure, when the plaintext and checksum are visible to an attacker - as in the mk_safe message? - -* des_read_password and des_read_pw_string are not thread-safe. Also, - they should be calling into the k5crypto library instead of - duplicating functionality. diff --git a/src/lib/des425/Makefile.in b/src/lib/des425/Makefile.in deleted file mode 100644 index d5998c9bf9..0000000000 --- a/src/lib/des425/Makefile.in +++ /dev/null @@ -1,268 +0,0 @@ -thisconfigdir=../.. -myfulldir=lib/des425 -mydir=lib/des425 -BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES = -I$(srcdir)/../crypto/des -I$(srcdir)/../../include/kerberosIV -DEFS= - -##DOS##BUILDTOP = ..\.. -##DOS##LIBNAME=$(OUTPRE)des425.lib -##DOS##OBJFILE=$(OUTPRE)des425.lst -##DOS##OBJFILEDEP=$(OUTPRE)des425.lst -##DOS##OBJFILELIST=@$(OUTPRE)des425.lst - -PROG_LIBPATH=-L$(TOPLIBD) -PROG_RPATH=$(KRB5_LIBDIR) - -RUN_SETUP=@KRB5_RUN_ENV@ - -LIBBASE=des425 -LIBMAJOR=3 -LIBMINOR=0 -RELDIR=des425 -# Depends on libk5crypto and libkrb5 -SHLIB_EXPDEPS = \ - $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(TOPLIBD)/libkrb5$(SHLIBEXT) -SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto -SHLIB_DIRS=-L$(TOPLIBD) -SHLIB_RDIRS=$(KRB5_LIBDIR) - -STOBJLISTS=OBJS.ST -STLIBOBJS=cksum.o \ - des.o \ - enc_dec.o \ - key_parity.o \ - key_sched.o \ - new_rnd_key.o \ - pcbc_encrypt.o \ - quad_cksum.o \ - random_key.o \ - read_passwd.o \ - str_to_key.o \ - unix_time.o \ - util.o \ - weak_key.o - - -OBJS= $(OUTPRE)cksum.$(OBJEXT) \ - $(OUTPRE)des.$(OBJEXT) \ - $(OUTPRE)enc_dec.$(OBJEXT) \ - $(OUTPRE)key_parity.$(OBJEXT) \ - $(OUTPRE)key_sched.$(OBJEXT) \ - $(OUTPRE)new_rnd_key.$(OBJEXT) \ - $(OUTPRE)pcbc_encrypt.$(OBJEXT) \ - $(OUTPRE)quad_cksum.$(OBJEXT) \ - $(OUTPRE)random_key.$(OBJEXT) \ - $(OUTPRE)read_passwd.$(OBJEXT) \ - $(OUTPRE)str_to_key.$(OBJEXT) \ - $(OUTPRE)unix_time.$(OBJEXT) \ - $(OUTPRE)util.$(OBJEXT) \ - $(OUTPRE)weak_key.$(OBJEXT) - -SRCS= $(srcdir)/cksum.c \ - $(srcdir)/des.c \ - $(srcdir)/enc_dec.c \ - $(srcdir)/key_parity.c \ - $(srcdir)/key_sched.c \ - $(srcdir)/new_rnd_key.c \ - $(srcdir)/pcbc_encrypt.c \ - $(srcdir)/quad_cksum.c \ - $(srcdir)/random_key.c \ - $(srcdir)/read_passwd.c \ - $(srcdir)/str_to_key.c \ - $(srcdir)/unix_time.c \ - $(srcdir)/util.c \ - $(srcdir)/weak_key.c - -all-unix:: all-liblinks - -##DOS##LIBOBJS = $(OBJS) - -shared: - mkdir shared - -verify: verify.o $(DES425_DEPLIB) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ verify.o $(DES425_LIB) $(KRB5_BASE_LIBS) - -t_quad: t_quad.o quad_cksum.o $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ t_quad.o quad_cksum.o $(SUPPORT_LIB) - -t_pcbc: t_pcbc.o pcbc_encrypt.o key_sched.o $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $@ t_pcbc.o pcbc_encrypt.o key_sched.o $(KRB5_BASE_LIBS) - -check-unix:: verify t_quad t_pcbc - $(RUN_SETUP) $(VALGRIND) ./verify -z - $(RUN_SETUP) $(VALGRIND) ./verify -m - $(RUN_SETUP) $(VALGRIND) ./verify - $(RUN_SETUP) $(VALGRIND) ./t_quad - $(RUN_SETUP) $(VALGRIND) ./t_pcbc - -check-windows:: - -clean:: - $(RM) $(OUTPRE)verify$(EXEEXT) $(OUTPRE)verify.$(OBJEXT) \ - $(OUTPRE)t_quad$(EXEEXT) $(OUTPRE)t_quad.$(OBJEXT) \ - $(OUTPRE)t_pcbc$(EXEEXT) $(OUTPRE)t_pcbc.$(OBJEXT) - -clean-unix:: clean-liblinks clean-libs clean-libobjs - -install-unix:: install-libs - -@lib_frag@ -@libobj_frag@ - -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -cksum.so cksum.po $(OUTPRE)cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h cksum.c -des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h des.c -enc_dec.so enc_dec.po $(OUTPRE)enc_dec.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h enc_dec.c -key_parity.so key_parity.po $(OUTPRE)key_parity.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - key_parity.c -key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - key_sched.c -new_rnd_key.so new_rnd_key.po $(OUTPRE)new_rnd_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - new_rnd_key.c -pcbc_encrypt.so pcbc_encrypt.po $(OUTPRE)pcbc_encrypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - $(srcdir)/../crypto/des/f_tables.h pcbc_encrypt.c -quad_cksum.so quad_cksum.po $(OUTPRE)quad_cksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - quad_cksum.c -random_key.so random_key.po $(OUTPRE)random_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - random_key.c -read_passwd.so read_passwd.po $(OUTPRE)read_passwd.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - read_passwd.c -str_to_key.so str_to_key.po $(OUTPRE)str_to_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - str_to_key.c -unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - unix_time.c -util.so util.po $(OUTPRE)util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../crypto/des/des_int.h util.c -weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../crypto/des/des_int.h \ - weak_key.c diff --git a/src/lib/des425/cksum.c b/src/lib/des425/cksum.c deleted file mode 100644 index 33b5322ac1..0000000000 --- a/src/lib/des425/cksum.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * lib/des425/cksum.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * These routines perform encryption and decryption using the DES - * private key algorithm, or else a subset of it-- fewer inner loops. - * (AUTH_DES_ITER defaults to 16, may be less.) - * - * Under U.S. law, this software may not be exported outside the US - * without license from the U.S. Commerce department. - * - * These routines form the library interface to the DES facilities. - * - * spm 8/85 MIT project athena - */ - -#include "des_int.h" -#include "des.h" - -/* - * This routine performs DES cipher-block-chaining checksum operation, - * a.k.a. Message Authentication Code. It ALWAYS encrypts from input - * to a single 64 bit output MAC checksum. - * - * The key schedule is passed as an arg, as well as the cleartext or - * ciphertext. The cleartext and ciphertext should be in host order. - * - * NOTE-- the output is ALWAYS 8 bytes long. If not enough space was - * provided, your program will get trashed. - * - * The input is null padded, at the end (highest addr), to an integral - * multiple of eight bytes. - */ - -unsigned long KRB5_CALLCONV -des_cbc_cksum(in,out,length,key,iv) - const des_cblock *in; /* >= length bytes of inputtext */ - des_cblock *out; /* >= length bytes of outputtext */ - register unsigned long length; /* in bytes */ - const mit_des_key_schedule key; /* precomputed key schedule */ - const des_cblock *iv; /* 8 bytes of ivec */ -{ - return mit_des_cbc_cksum((const krb5_octet *)in, (krb5_octet *)out, - length, key, (krb5_octet *)iv); -} diff --git a/src/lib/des425/des.c b/src/lib/des425/des.c deleted file mode 100644 index 745b4bed5f..0000000000 --- a/src/lib/des425/des.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * lib/des425/des.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "des_int.h" -#include "des.h" -#undef mit_des_cbc_encrypt - -int KRB5_CALLCONV -des_ecb_encrypt(clear, cipher, schedule, enc) - des_cblock *clear; - des_cblock *cipher; - const mit_des_key_schedule schedule; - int enc; /* 0 ==> decrypt, else encrypt */ -{ - static const des_cblock iv; - - return (mit_des_cbc_encrypt((const des_cblock *)clear, cipher, - 8, schedule, iv, enc)); -} diff --git a/src/lib/des425/enc_dec.c b/src/lib/des425/enc_dec.c deleted file mode 100644 index b75a63e205..0000000000 --- a/src/lib/des425/enc_dec.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * lib/des425/enc_dec.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - -#include "des_int.h" -#include "des.h" -#undef mit_des_cbc_encrypt - -int -des_cbc_encrypt(in,out,length,key,iv,enc) - des_cblock *in; /* >= length bytes of input text */ - des_cblock *out; /* >= length bytes of output text */ - register unsigned long length; /* in bytes */ - const mit_des_key_schedule key; /* precomputed key schedule */ - const des_cblock *iv; /* 8 bytes of ivec */ - int enc; /* 0 ==> decrypt, else encrypt */ -{ - return (mit_des_cbc_encrypt((const des_cblock *) in, - out, length, key, - (const unsigned char *)iv, /* YUCK! */ - enc)); -} diff --git a/src/lib/des425/key_sched.c b/src/lib/des425/key_sched.c deleted file mode 100644 index 70f61ce5ee..0000000000 --- a/src/lib/des425/key_sched.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * lib/des425/key_sched.c - * - * Copyright 1985, 1986, 1987, 1988, 1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - - -#include -#include "des_int.h" -#include "des.h" - -int KRB5_CALLCONV -des_key_sched(k,schedule) - des_cblock k; - des_key_schedule schedule; -{ - return (mit_des_key_sched(k, schedule)); -} diff --git a/src/lib/des425/libdes425.exports b/src/lib/des425/libdes425.exports deleted file mode 100644 index 5753a6e967..0000000000 --- a/src/lib/des425/libdes425.exports +++ /dev/null @@ -1,18 +0,0 @@ -afs_string_to_key -des_cbc_cksum -des_cbc_encrypt -des_cblock_print_file -des_check_key_parity -des_ecb_encrypt -des_fixup_key_parity -des_init_random_number_generator -des_is_weak_key -des_key_sched -des_new_random_key -des_pcbc_encrypt -des_quad_cksum -des_random_key -des_read_password -des_read_pw_string -des_string_to_key -unix_time_gmt_unixsec diff --git a/src/lib/des425/mac_des_glue.c b/src/lib/des425/mac_des_glue.c deleted file mode 100644 index b7f3a6af81..0000000000 --- a/src/lib/des425/mac_des_glue.c +++ /dev/null @@ -1,104 +0,0 @@ -#include "des_int.h" -#include "des.h" -#undef mit_des3_cbc_encrypt - -/* These functions are exported on KfM for ABI compatibility with - * older versions of the library. They have been pulled from the headers - * in the hope that someday we can remove them. - * - * Do not change the ABIs of any of these functions! - */ - -//int des_read_pw_string(char *, int, char *, int); -char *des_crypt(const char *, const char *); -char *des_fcrypt(const char *, const char *, char *); - -int make_key_sched(des_cblock *, des_key_schedule); -int des_set_key(des_cblock *, des_key_schedule); - -void des_3cbc_encrypt(des_cblock *, des_cblock *, long, - des_key_schedule, des_key_schedule, des_key_schedule, - des_cblock *, int); -void des_3ecb_encrypt(des_cblock *, des_cblock *, - des_key_schedule, des_key_schedule, des_key_schedule, - int); - -void des_generate_random_block(des_cblock); -void des_set_random_generator_seed(des_cblock); -void des_set_sequence_number(des_cblock); - -#pragma mark - - -/* Why was this exported on KfM? Who knows... */ -int des_debug = 0; - -char *des_crypt(const char *str, const char *salt) -{ - char afs_buf[16]; - - return des_fcrypt(str, salt, afs_buf); -} - - -char *des_fcrypt(const char *str, const char *salt, char *buf) -{ - return mit_afs_crypt(str, salt, buf); -} - - -int make_key_sched(des_cblock *k, des_key_schedule schedule) -{ - return mit_des_key_sched((unsigned char *)k, schedule); /* YUCK! */ -} - - -int des_set_key(des_cblock *key, des_key_schedule schedule) -{ - return make_key_sched(key, schedule); -} - - -void des_3cbc_encrypt(des_cblock *in, des_cblock *out, long length, - des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, - des_cblock *iv, int enc) -{ - mit_des3_cbc_encrypt((const des_cblock *)in, out, (unsigned long)length, - ks1, ks2, ks3, - (const unsigned char *)iv, /* YUCK! */ - enc); -} - - -void des_3ecb_encrypt(des_cblock *clear, des_cblock *cipher, - des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, - int enc) -{ - static const des_cblock iv; - - mit_des3_cbc_encrypt((const des_cblock *)clear, cipher, 8, ks1, ks2, ks3, iv, enc); -} - - -void des_generate_random_block(des_cblock block) -{ - krb5_data data; - - data.length = sizeof(des_cblock); - data.data = (char *)block; - - /* This function can return an error, however we must ignore it. */ - /* The worst that happens is that the resulting block is non-random */ - krb5_c_random_make_octets(/* XXX */ 0, &data); -} - - -void des_set_random_generator_seed(des_cblock block) -{ - des_init_random_number_generator(block); /* XXX */ -} - - -void des_set_sequence_number(des_cblock block) -{ - des_init_random_number_generator(block); /* XXX */ -} diff --git a/src/lib/des425/new_rnd_key.c b/src/lib/des425/new_rnd_key.c deleted file mode 100644 index 126ddf5003..0000000000 --- a/src/lib/des425/new_rnd_key.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * lib/des425/new_rnd_key.c - * - * Copyright 1988,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "des_int.h" -#include "des.h" -#include "k5-int.h" - -void -des_init_random_number_generator(key) - mit_des_cblock key; -{ - krb5_data seed; - - seed.length = sizeof(key); - seed.data = (char *) key; - - if (krb5_c_random_seed(/* XXX */ 0, &seed)) - /* XXX */ abort(); -} - -/* - * des_new_random_key: create a random des key - * - * Requires: des_set_random_number_generater_seed must be at called least - * once before this routine is called. - * - * Notes: the returned key has correct parity and is guarenteed not - * to be a weak des key. Des_generate_random_block is used to - * provide the random bits. - */ -int KRB5_CALLCONV -des_new_random_key(key) - mit_des_cblock key; -{ - krb5_keyblock keyblock; - krb5_error_code kret; - - kret = krb5_c_make_random_key(/* XXX */ 0, ENCTYPE_DES_CBC_CRC, &keyblock); - if (kret) return kret; - - memcpy(key, keyblock.contents, sizeof(mit_des_cblock)); - krb5_free_keyblock_contents(/* XXX */ 0, &keyblock); - - return 0; -} diff --git a/src/lib/des425/pcbc_encrypt.c b/src/lib/des425/pcbc_encrypt.c deleted file mode 100644 index 130fd20f69..0000000000 --- a/src/lib/des425/pcbc_encrypt.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - * lib/des425/pcbc_encrypt.c - * - * Copyright (C) 1990 by the Massachusetts Institute of Technology. - * All rights reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * DES implementation donated by Dennis Ferguson - */ - -/* - * des_pcbc_encrypt.c - encrypt a string of characters in error propagation mode - */ - -#include "autoconf.h" /* in case this defines CONFIG_SMALL */ -#undef CONFIG_SMALL /* XXX needs non-exported crypto symbols */ -#include "des_int.h" -#include "des.h" -#include - -/* - * des_pcbc_encrypt - {en,de}crypt a stream in PCBC mode - */ -int KRB5_CALLCONV -des_pcbc_encrypt(in, out, length, schedule, ivec, enc) - des_cblock *in; - des_cblock *out; - long length; - const des_key_schedule schedule; - des_cblock *ivec; - int enc; -{ - unsigned DES_INT32 left, right; - const unsigned DES_INT32 *kp; - const unsigned char *ip; - unsigned char *op; - - /* - * Copy the key pointer, just once - */ - kp = (const unsigned DES_INT32 *)schedule; - - /* - * Deal with encryption and decryption separately. - */ - if (enc) { - /* Initialization isn't really needed here, but gcc - complains because it doesn't understand that the - only case where these can be used uninitialized is - to compute values that'll in turn be ignored - because we won't go around the loop again. */ - unsigned DES_INT32 plainl = 42; - unsigned DES_INT32 plainr = 17; - - /* - * Initialize left and right with the contents of the initial - * vector. - */ - ip = *ivec; - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - - /* - * Suitably initialized, now work the length down 8 bytes - * at a time. - */ - ip = *in; - op = *out; - while (length > 0) { - /* - * Get block of input. If the length is - * greater than 8 this is straight - * forward. Otherwise we have to fart around. - */ - if (length > 8) { - GET_HALF_BLOCK(plainl, ip); - GET_HALF_BLOCK(plainr, ip); - left ^= plainl; - right ^= plainr; - length -= 8; - } else { - /* - * Oh, shoot. We need to pad the - * end with zeroes. Work backwards - * to do this. We know this is the - * last block, though, so we don't have - * to save the plain text. - */ - ip += (int) length; - switch(length) { - case 8: - right ^= *(--ip) & 0xff; - case 7: - right ^= (*(--ip) & 0xff) << 8; - case 6: - right ^= (*(--ip) & 0xff) << 16; - case 5: - right ^= (*(--ip) & 0xff) << 24; - case 4: - left ^= *(--ip) & 0xff; - case 3: - left ^= (*(--ip) & 0xff) << 8; - case 2: - left ^= (*(--ip) & 0xff) << 16; - case 1: - left ^= (*(--ip) & 0xff) << 24; - break; - } - length = 0; - } - - /* - * Encrypt what we have - */ - DES_DO_ENCRYPT(left, right, kp); - - /* - * Copy the results out - */ - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - - /* - * Xor with the old plain text - */ - left ^= plainl; - right ^= plainr; - } - } else { - /* - * Decrypting is harder than encrypting because of - * the necessity of remembering a lot more things. - * Should think about this a little more... - */ - unsigned DES_INT32 ocipherl, ocipherr; - unsigned DES_INT32 cipherl, cipherr; - - if (length <= 0) - return 0; - - /* - * Prime the old cipher with ivec. - */ - ip = *ivec; - GET_HALF_BLOCK(ocipherl, ip); - GET_HALF_BLOCK(ocipherr, ip); - - /* - * Now do this in earnest until we run out of length. - */ - ip = *in; - op = *out; - for (;;) { /* check done inside loop */ - /* - * Read a block from the input into left and - * right. Save this cipher block for later. - */ - GET_HALF_BLOCK(left, ip); - GET_HALF_BLOCK(right, ip); - cipherl = left; - cipherr = right; - - /* - * Decrypt this. - */ - DES_DO_DECRYPT(left, right, kp); - - /* - * Xor with the old cipher to get plain - * text. Output 8 or less bytes of this. - */ - left ^= ocipherl; - right ^= ocipherr; - if (length > 8) { - length -= 8; - PUT_HALF_BLOCK(left, op); - PUT_HALF_BLOCK(right, op); - /* - * Save current cipher block here - */ - ocipherl = cipherl ^ left; - ocipherr = cipherr ^ right; - } else { - /* - * Trouble here. Start at end of output, - * work backwards. - */ - op += (int) length; - switch(length) { - case 8: - *(--op) = (unsigned char) (right & 0xff); - case 7: - *(--op) = (unsigned char) ((right >> 8) & 0xff); - case 6: - *(--op) = (unsigned char) ((right >> 16) & 0xff); - case 5: - *(--op) = (unsigned char) ((right >> 24) & 0xff); - case 4: - *(--op) = (unsigned char) (left & 0xff); - case 3: - *(--op) = (unsigned char) ((left >> 8) & 0xff); - case 2: - *(--op) = (unsigned char) ((left >> 16) & 0xff); - case 1: - *(--op) = (unsigned char) ((left >> 24) & 0xff); - break; - } - break; /* we're done */ - } - } - } - - /* - * Done, return nothing. - */ - return 0; -} diff --git a/src/lib/des425/quad_cksum.c b/src/lib/des425/quad_cksum.c deleted file mode 100644 index 2a7b78cfdd..0000000000 --- a/src/lib/des425/quad_cksum.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - * lib/des425/quad_cksum.c - * - * Copyright 1985, 1986, 1987, 1988,1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * This routine does not implement: - * - * - * Quadratic Congruential Manipulation Dectection Code - * - * ref: "Message Authentication" - * R.R. Jueneman, S. M. Matyas, C.H. Meyer - * IEEE Communications Magazine, - * Sept 1985 Vol 23 No 9 p 29-40 - * - * This routine, part of the Athena DES library built for the Kerberos - * authentication system, calculates a manipulation detection code for - * a message. It is a much faster alternative to the DES-checksum - * method. No guarantees are offered for its security. - * - * Implementation for 4.2bsd - * by S.P. Miller Project Athena/MIT - */ - -/* - * Algorithm (per paper): - * define: - * message to be composed of n m-bit blocks X1,...,Xn - * optional secret seed S in block X1 - * MDC in block Xn+1 - * prime modulus N - * accumulator Z - * initial (secret) value of accumulator C - * N, C, and S are known at both ends - * C and , optionally, S, are hidden from the end users - * then - * (read array references as subscripts over time) - * Z[0] = c; - * for i = 1...n - * Z[i] = (Z[i+1] + X[i])**2 modulo N - * X[n+1] = Z[n] = MDC - * - * Then pick - * N = 2**31 -1 - * m = 16 - * iterate 4 times over plaintext, also use Zn - * from iteration j as seed for iteration j+1, - * total MDC is then a 128 bit array of the four - * Zn; - * - * return the last Zn and optionally, all - * four as output args. - * - * Modifications: - * To inhibit brute force searches of the seed space, this - * implementation is modified to have - * Z = 64 bit accumulator - * C = 64 bit C seed - * N = 2**63 - 1 - * S = S seed is not implemented here - * arithmetic is not quite real double integer precision, since we - * cant get at the carry or high order results from multiply, - * but nontheless is 64 bit arithmetic. - */ -/* - * This code purports to implement the above algorithm, but fails. - * - * First of all, there was an implicit mod 2**32 being done on the - * machines where this was developed because of their word sizes, and - * for compabitility this has to be done on machines with 64-bit - * words, so we make it explicit. - * - * Second, in the squaring operation, I really doubt the carry-over - * from the low 31-bit half of the accumulator is being done right, - * and using a modulus of 0x7fffffff on the low half of the - * accumulator seems completely wrong. And I challenge anyone to - * explain where the number 83653421 comes from. - * - * --Ken Raeburn 2001-04-06 - */ - - -/* System include files */ -#include -#include - -#include "des_int.h" -#include "des.h" - -/* Definitions for byte swapping */ - -/* vax byte order is LSB first. This is not performance critical, and - is far more readable this way. */ -#define four_bytes_vax_to_nets(x) ((((((x[3]<<8)|x[2])<<8)|x[1])<<8)|x[0]) -#define vaxtohl(x) four_bytes_vax_to_nets(((const unsigned char *)(x))) -#define two_bytes_vax_to_nets(x) ((x[1]<<8)|x[0]) -#define vaxtohs(x) two_bytes_vax_to_nets(((const unsigned char *)(x))) - -/* Externals */ -extern int des_debug; - -/*** Routines ***************************************************** */ - -unsigned long KRB5_CALLCONV -des_quad_cksum(in,out,length,out_count,c_seed) - const unsigned char *in; /* input block */ - unsigned DES_INT32 *out; /* optional longer output */ - long length; /* original length in bytes */ - int out_count; /* number of iterations */ - mit_des_cblock *c_seed; /* secret seed, 8 bytes */ -{ - - /* - * this routine both returns the low order of the final (last in - * time) 32bits of the checksum, and if "out" is not a null - * pointer, a longer version, up to entire 32 bytes of the - * checksum is written unto the address pointed to. - */ - - register unsigned DES_INT32 z; - register unsigned DES_INT32 z2; - register unsigned DES_INT32 x; - register unsigned DES_INT32 x2; - const unsigned char *p; - register DES_INT32 len; - register int i; - - /* use all 8 bytes of seed */ - - z = vaxtohl(c_seed); - z2 = vaxtohl((const char *)c_seed+4); - if (out == NULL) - out_count = 1; /* default */ - - /* This is repeated n times!! */ - for (i = 1; i <=4 && i<= out_count; i++) { - len = length; - p = in; - while (len) { - /* - * X = Z + Input ... sort of. Carry out from low half - * isn't done, so we're using all 32 bits of x now. - */ - if (len > 1) { - x = (z + vaxtohs(p)); - p += 2; - len -= 2; - } - else { - x = (z + *(const unsigned char *)p++); - len = 0; - } - x2 = z2; - /* - * I think this is supposed to be a squaring operation. - * What it really is, I haven't figured out yet. - * - * Explicit mod 2**32 is for backwards compatibility. Why - * mod 0x7fffffff and not 0x80000000 on the low half of - * the (supposed) accumulator? And where does the number - * 83653421 come from?? - */ - z = (((x * x) + (x2 * x2)) & 0xffffffff) % 0x7fffffff; - z2 = ((x * (x2+83653421)) & 0xffffffff) % 0x7fffffff; /* modulo */ -#ifdef DEBUG - if (des_debug & 8) - printf("%d %d\n",z,z2); -#endif - } - - if (out != NULL) { - *out++ = z; - *out++ = z2; - } - } - /* return final z value as 32 bit version of checksum */ - return z; -} diff --git a/src/lib/des425/random_key.c b/src/lib/des425/random_key.c deleted file mode 100644 index f367fc8175..0000000000 --- a/src/lib/des425/random_key.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * lib/des425/random_key.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "des_int.h" -#include "des.h" - -/* random_key */ -int -des_random_key(key) - mit_des_cblock *key; -{ - krb5_keyblock keyblock; - krb5_error_code kret; - - if ((kret = krb5_c_make_random_key(/* XXX */ 0, ENCTYPE_DES_CBC_CRC, - &keyblock))) - return(kret); - - memcpy(key, keyblock.contents, sizeof(mit_des_cblock)); - - return(0); -} - diff --git a/src/lib/des425/read_passwd.c b/src/lib/des425/read_passwd.c deleted file mode 100644 index e1b4c713ce..0000000000 --- a/src/lib/des425/read_passwd.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * lib/des425/read_passwd.c - * - * Copyright 1985,1986,1987,1988,1991 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * This routine prints the supplied string to standard - * output as a prompt, and reads a password string without - * echoing. - */ - -#if !defined(_WIN32) - -#include "des_int.h" -#include "des.h" -#include -#include -#include -/* This is re-declared here because des.h might not declare it. */ -int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int); -static int des_rd_pwstr_2prompt(char *, int, char *, char *); - - -/*** Routines ****************************************************** */ -static int -des_rd_pwstr_2prompt(return_pwd, bufsize_in, prompt, prompt2) - char *return_pwd; - int bufsize_in; - char *prompt; - char *prompt2; -{ - krb5_data reply_data; - krb5_prompt k5prompt; - krb5_error_code retval; - reply_data.length = bufsize_in; - reply_data.data = return_pwd; - k5prompt.prompt = prompt; - k5prompt.hidden = 1; - k5prompt.reply = &reply_data; - retval = krb5_prompter_posix(NULL, - NULL, NULL, NULL, 1, &k5prompt); - - if ((retval==0) && prompt2) { - krb5_data verify_data; - verify_data.data = malloc(bufsize_in); - verify_data.length = bufsize_in; - k5prompt.prompt = prompt2; - k5prompt.reply = &verify_data; - if (!verify_data.data) - return ENOMEM; - retval = krb5_prompter_posix(NULL, - NULL,NULL, NULL, 1, &k5prompt); - if (retval) { - free(verify_data.data); - } else { - /* compare */ - if (strncmp(return_pwd, (char *)verify_data.data, bufsize_in)) { - retval = KRB5_LIBOS_BADPWDMATCH; - free(verify_data.data); - } - } - } - return retval; -} - - -int KRB5_CALLCONV -des_read_password(k,prompt,verify) - mit_des_cblock *k; - char *prompt; - int verify; -{ - int ok; - char key_string[BUFSIZ]; - - ok = des_read_pw_string(key_string, sizeof(key_string), prompt, verify); - if (ok == 0) - des_string_to_key(key_string, *k); - - memset(key_string, 0, sizeof (key_string)); - return ok; -} - -/* Note: this function is exported on KfM. Do not change its ABI. */ -int KRB5_CALLCONV -des_read_pw_string(s, max, prompt, verify) - char *s; - int max; - char *prompt; - int verify; -{ - int ok; - char prompt2[BUFSIZ]; - - if (verify) { - strcpy(prompt2, "Verifying, please re-enter "); - strncat(prompt2, prompt, sizeof(prompt2)-(strlen(prompt2)+1)); - prompt2[sizeof(prompt2)-1] = '\0'; - } - ok = des_rd_pwstr_2prompt(s, max, prompt, verify ? prompt2 : 0); - return ok; -} - -#else /* !unix */ -/* - * These are all just dummy functions to make the rest of the library happy... - */ -#endif /* _WINDOWS */ diff --git a/src/lib/des425/str_to_key.c b/src/lib/des425/str_to_key.c deleted file mode 100644 index 4ddcaed4a7..0000000000 --- a/src/lib/des425/str_to_key.c +++ /dev/null @@ -1,168 +0,0 @@ -/* - * lib/des425/str_to_key.c - * - * Copyright 1985, 1986, 1987, 1988, 1989,1990 by the Massachusetts Institute - * of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * These routines perform encryption and decryption using the DES - * private key algorithm, or else a subset of it-- fewer inner loops. - * (AUTH_DES_ITER defaults to 16, may be less.) - * - * Under U.S. law, this software may not be exported outside the US - * without license from the U.S. Commerce department. - * - * The key schedule is passed as an arg, as well as the cleartext or - * ciphertext. The cleartext and ciphertext should be in host order. - * - * These routines form the library interface to the DES facilities. - * - * spm 8/85 MIT project athena - */ - - -#include -#include -#include "des_int.h" -#include "des.h" - -extern int mit_des_debug; - -/* - * Convert an arbitrary length string to a DES key. - */ - -/* - * For krb5, a change was made to this algorithm: When each key is - * generated, after fixing parity, a check for weak and semi-weak keys - * is done. If the key is weak or semi-weak, we XOR the last byte - * with 0xF0. (In the case of the intermediate key, the weakness is - * probably irrelevant, but there it is.) The odds that this will - * generate a different key for a random input string are pretty low, - * but non-zero. So we need this different function for krb4 to use. - */ -int KRB5_CALLCONV -des_string_to_key(str,key) - const char *str; - register mit_des_cblock key; -{ - const char *in_str; - register unsigned temp; - register int j; - unsigned long i, length; - unsigned char *k_p; - int forward; - register char *p_char; - char k_char[64]; - mit_des_key_schedule key_sked; - - in_str = str; - forward = 1; - p_char = k_char; - length = strlen(str); - - /* init key array for bits */ - memset(k_char, 0,sizeof(k_char)); - -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout, - "\n\ninput str length = %ld string = %s\nstring = 0x ", - length,str); -#endif - - /* get next 8 bytes, strip parity, xor */ - for (i = 1; i <= length; i++) { - /* get next input key byte */ - temp = (unsigned int) *str++; -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout,"%02x ",temp & 0xff); -#endif - /* loop through bits within byte, ignore parity */ - for (j = 0; j <= 6; j++) { - if (forward) - *p_char++ ^= (int) temp & 01; - else - *--p_char ^= (int) temp & 01; - temp = temp >> 1; - } - - /* check and flip direction */ - if ((i%8) == 0) - forward = !forward; - } - - /* now stuff into the key des_cblock, and force odd parity */ - p_char = k_char; - k_p = (unsigned char *) key; - - for (i = 0; i <= 7; i++) { - temp = 0; - for (j = 0; j <= 6; j++) - temp |= *p_char++ << (1+j); - *k_p++ = (unsigned char) temp; - } - - /* fix key parity */ - des_fixup_key_parity(key); - - /* Now one-way encrypt it with the folded key */ - (void) des_key_sched(key, key_sked); - (void) des_cbc_cksum((const des_cblock *)in_str, (des_cblock *)key, - length, key_sked, (const des_cblock *)key); - /* erase key_sked */ - memset(key_sked, 0,sizeof(key_sked)); - - /* now fix up key parity again */ - des_fixup_key_parity(key); - -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout, - "\nResulting string_to_key = 0x%x 0x%x\n", - *((unsigned long *) key), - *((unsigned long *) key+1)); -#endif /* DEBUG */ - return 0; /* Really should be returning void, */ - /* but the original spec was for it to */ - /* return an int, and ANSI compilers */ - /* can do dumb things sometimes */ -} - -void afs_string_to_key(char *str, char *cell, des_cblock key) -{ - krb5_data str_data; - krb5_data cell_data; - krb5_keyblock keyblock; - - str_data.data = str; - str_data.length = strlen(str); - cell_data.data = cell; - cell_data.length = strlen(cell); - keyblock.enctype = ENCTYPE_DES_CBC_CRC; - keyblock.length = sizeof(des_cblock); - keyblock.contents = key; - - mit_afs_string_to_key(&keyblock, &str_data, &cell_data); -} diff --git a/src/lib/des425/string2key.c b/src/lib/des425/string2key.c deleted file mode 100644 index 8756787a1a..0000000000 --- a/src/lib/des425/string2key.c +++ /dev/null @@ -1,174 +0,0 @@ -/* THIS FILE DOES NOT GET COMPILED. AUDIT BEFORE USE. */ -/* - * lib/des425/string2key.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Wrapper for the V4 libdes for use with kerberos V5. - */ - - -#include "des.h" -#include "des_int.h" - -#ifdef DEBUG -#include -extern int des_debug; -#endif - -/* - converts the string pointed to by "data" into an encryption key - of type "enctype". *keyblock is filled in with the key info; - in particular, keyblock->contents is to be set to allocated storage. - It is the responsibility of the caller to release this storage - when the generated key no longer needed. - - The routine may use "princ" to seed or alter the conversion - algorithm. - - If the particular function called does not know how to make a - key of type "enctype", an error may be returned. - - returns: errors - */ - -krb5_error_code mit_des_string_to_key (enctype, keyblock, data, princ) - const krb5_enctype enctype; - krb5_keyblock * keyblock; - const krb5_data * data; - krb5_const_principal princ; -{ - char copystr[512]; - - register char *str = copystr; - register krb5_octet *key; - - register unsigned temp,i; - register int j; - register long length; - unsigned char *k_p; - int forward; - register char *p_char; - char k_char[64]; - mit_des_key_schedule key_sked; - -#define min(A, B) ((A) < (B) ? (A): (B)) - - if ( enctype != ENCTYPE_DES ) - return (KRB5_PROG_ENCTYPE_NOSUPP); - - if ( !(keyblock->contents = (krb5_octet *)malloc(sizeof(mit_des_cblock))) ) - return(ENOMEM); - -#define cleanup() {memset(keyblock->contents, 0, sizeof(mit_des_cblock));\ - krb5_xfree(keyblock->contents);} - - keyblock->enctype = ENCTYPE_DES; - keyblock->length = sizeof(mit_des_cblock); - key = keyblock->contents; - - memset(copystr, 0, sizeof(copystr)); - j = min(data->length, 511); - (void) strncpy(copystr, data->data, j); - if ( princ != 0 ) - for (i=0; princ[i] != 0 && j < 511; i++) { - (void) strncpy(copystr+j, princ[i]->data, - min(princ[i]->length, 511-j)); - j += min(princ[i]->length, 511-j); - } - - /* convert copystr to des key */ - forward = 1; - p_char = k_char; - length = strlen(str); - - /* init key array for bits */ - memset(k_char,0,sizeof(k_char)); - -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout, - "\n\ninput str length = %d string = %s\nstring = 0x ", - length,str); -#endif - - /* get next 8 bytes, strip parity, xor */ - for (i = 1; i <= length; i++) { - /* get next input key byte */ - temp = (unsigned int) *str++; -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout,"%02x ",temp & 0xff); -#endif - /* loop through bits within byte, ignore parity */ - for (j = 0; j <= 6; j++) { - if (forward) - *p_char++ ^= (int) temp & 01; - else - *--p_char ^= (int) temp & 01; - temp = temp >> 1; - } - - /* check and flip direction */ - if ((i%8) == 0) - forward = !forward; - } - - /* now stuff into the key mit_des_cblock, and force odd parity */ - p_char = k_char; - k_p = (unsigned char *) key; - - for (i = 0; i <= 7; i++) { - temp = 0; - for (j = 0; j <= 6; j++) - temp |= *p_char++ << (1+j); - *k_p++ = (unsigned char) temp; - } - - /* fix key parity */ - mit_des_fixup_key_parity(key); - - /* Now one-way encrypt it with the folded key */ - (void) mit_des_key_sched(key, key_sked); - (void) mit_des_cbc_cksum((krb5_octet *)copystr, key, length, key_sked, key); - /* erase key_sked */ - memset((char *)key_sked, 0, sizeof(key_sked)); - - /* now fix up key parity again */ - mit_des_fixup_key_parity(key); - -#ifdef DEBUG - if (mit_des_debug) - fprintf(stdout, - "\nResulting string_to_key = 0x%x 0x%x\n", - *((unsigned long *) key), - *((unsigned long *) key+1)); -#endif - - return 0; -} - - - - diff --git a/src/lib/des425/t_pcbc.c b/src/lib/des425/t_pcbc.c deleted file mode 100644 index 2932148b7e..0000000000 --- a/src/lib/des425/t_pcbc.c +++ /dev/null @@ -1,123 +0,0 @@ -/* - * lib/des425/t_quad.c - * - * Copyright 2001 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include -#include -#include "des_int.h" -#include "des.h" - -char *progname; -int des_debug; - -/* These test values were constructed by experimentation, because I - couldn't be bothered to look up the spec for the encryption mode - and see if any test vector is defined. But really, the thing we - need to test is that the operation we use doesn't changed. Like - with quad_cksum, compatibility is more important than strict - adherence to the spec, if we have to choose. In any case, if you - have a useful test vector, send it in.... */ -struct { - unsigned char text[32]; - des_cblock out[4]; -} tests[] = { - { - "Now is the time for all ", - { - { 0x7f, 0x81, 0x65, 0x41, 0x21, 0xdb, 0xd4, 0xcf, }, - { 0xf8, 0xaa, 0x09, 0x90, 0xeb, 0xc7, 0x60, 0x2b, }, - { 0x45, 0x3e, 0x4e, 0x65, 0x83, 0x6c, 0xf1, 0x98, }, - { 0x4c, 0xfc, 0x69, 0x72, 0x23, 0xdb, 0x48, 0x78, } - } - }, { - "7654321 Now is the time for ", - { - { 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4, }, - { 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15, }, - { 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f, }, - { 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88, } - } - }, { - "hi", - { { 0x76, 0x61, 0x0e, 0x8b, 0x23, 0xa4, 0x5f, 0x34, } } - }, -}; - -/* 0x0123456789abcdef */ -unsigned char default_key[8] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; -des_cblock ivec = { - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10 -}; - -int -main(argc,argv) - int argc; - char *argv[]; -{ - int i; - int fail=0; - des_cblock out[32/8]; - des_cblock out2[32/8]; - des_key_schedule sked; - - progname=argv[0]; /* salt away invoking program */ - - /* use known input and key */ - - for (i = 0; i < 3; i++) { - int wrong = 0, j, jmax; - des_key_sched (default_key, sked); - /* This could lose on alignment... */ - des_pcbc_encrypt ((des_cblock *)&tests[i].text, out, - strlen(tests[i].text) + 1, sked, &ivec, 1); - printf ("pcbc_encrypt(\"%s\") = {", tests[i].text); - jmax = (strlen (tests[i].text) + 8) & ~7U; - for (j = 0; j < jmax; j++) { - if (j % 8 == 0) - printf ("\n\t"); - printf (" 0x%02x,", out[j/8][j%8]); - if (out[j/8][j%8] != tests[i].out[j/8][j%8]) - wrong = 1; - } - printf ("\n}\n"); - - /* reverse it */ - des_pcbc_encrypt (out, out2, jmax, sked, &ivec, 0); - if (strcmp ((char *)out2, tests[i].text)) { - printf ("decrypt failed\n"); - wrong = 1; - } else - printf ("decrypt worked\n"); - - if (wrong) { - printf ("wrong result!\n"); - fail = 1; - } - } - return fail; -} diff --git a/src/lib/des425/t_quad.c b/src/lib/des425/t_quad.c deleted file mode 100644 index b9299fd200..0000000000 --- a/src/lib/des425/t_quad.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * lib/des425/t_quad.c - * - * Copyright 2001 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#include -#include -#include "des_int.h" -#include "des.h" - -extern unsigned long quad_cksum(); -char *progname; -int des_debug; -unsigned DES_INT32 out[8]; -struct { - unsigned char text[64]; - unsigned DES_INT32 out[8]; -} tests[] = { - { - "Now is the time for all ", - { - 0x6c6240c5, 0x77db9b1c, 0x7991d316, 0x4e688989, - 0x27a0ae6a, 0x13be2da4, 0x4a2fdfc6, 0x7dfc494c, - } - }, { - "7654321 Now is the time for ", - { - 0x36839db5, 0x4d7be717, 0x15b0f5b6, 0x2304ff9c, - 0x75472d26, 0x6a5f833c, 0x7399a4ee, 0x1170fdfb, - } - }, { - {2,0,0,0, 1,0,0,0}, - { - 0x7c81f205, 0x63d38e38, 0x314ece44, 0x05d3a4f8, - 0x6e10db76, 0x3eda7685, 0x2e841332, 0x1bdc7fd3, - } - }, -}; - -/* 0x0123456789abcdef */ -unsigned char default_key[8] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; - -int -main(argc,argv) - int argc; - char *argv[]; -{ - int i; - int fail=0; - - progname=argv[0]; /* salt away invoking program */ - - /* use known input and key */ - - for (i = 0; i < 3; i++) { - int wrong = 0, j; - des_quad_cksum (tests[i].text, out, 64L, 4, - (mit_des_cblock *) &default_key); - if (tests[i].text[0] == 2) - printf ("quad_cksum() = {"); - else - printf ("quad_cksum(\"%s\"...zero fill...) = {", tests[i].text); - for (j = 0; j < 8; j++) { - if (j == 0 || j == 4) - printf ("\n\t"); - printf (" 0x%lx,", (unsigned long) out[j]); - if (out[j] != tests[i].out[j]) - wrong = 1; - } - printf ("\n}\n"); - if (wrong) { - printf ("wrong result!\n"); - fail = 1; - } - } - return fail; -} diff --git a/src/lib/des425/unix_time.c b/src/lib/des425/unix_time.c deleted file mode 100644 index 53ce03b686..0000000000 --- a/src/lib/des425/unix_time.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * unix_time.c - * - * Glue code for pasting Kerberos into the Unix environment. - * - * Originally written by John Gilmore, Cygnus Support, May '94. - * Public Domain. - * - * Required for use by the Cygnus krb.a. - */ - - -#include "k5-int.h" - -#if !defined(_WIN32) -#include - -krb5_ui_4 -unix_time_gmt_unixsec (usecptr) - krb5_ui_4 *usecptr; -{ - struct timeval now; - - (void) gettimeofday (&now, (struct timezone *)0); - if (usecptr) - *usecptr = now.tv_usec; - return now.tv_sec; -} - -#endif /* !_WIN32 */ - -#ifdef _WIN32 -#include - -krb5_ui_4 -unix_time_gmt_unixsec (usecptr) - krb5_ui_4 *usecptr; -{ - time_t gmt; - - time(&gmt); - if (usecptr) - *usecptr = gmt; - return gmt; -} -#endif /* _WIN32 */ diff --git a/src/lib/des425/util.c b/src/lib/des425/util.c deleted file mode 100644 index 2c5ef9216c..0000000000 --- a/src/lib/des425/util.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * lib/des425/util.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Miscellaneous debug printing utilities - */ - -#include - -/* Application include files */ -#include "k5-int.h" -#include "des_int.h" -#include "des.h" - -void des_cblock_print_file(x, fp) - des_cblock *x; - FILE *fp; -{ - unsigned char *y = *x; - register int i = 0; - fprintf(fp," 0x { "); - - while (i++ < 8) { - fprintf(fp,"%x",*y++); - if (i < 8) - fprintf(fp,", "); - } - fprintf(fp," }"); -} diff --git a/src/lib/des425/verify.c b/src/lib/des425/verify.c deleted file mode 100644 index 653730a2f0..0000000000 --- a/src/lib/des425/verify.c +++ /dev/null @@ -1,317 +0,0 @@ -/* - * lib/des425/verify.c - * - * Copyright 1988,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * Program to test the correctness of the DES library - * implementation. - * - * exit returns 0 ==> success - * -1 ==> error - */ - - -#include -#include -#include "des_int.h" -#include "des.h" - -char *progname; -int nflag = 2; -int vflag; -int mflag; -int zflag; -int pid; -int des_debug; -des_key_schedule KS; -unsigned char cipher_text[64]; -unsigned char clear_text[64] = "Now is the time for all " ; -unsigned char clear_text2[64] = "7654321 Now is the time for "; -unsigned char clear_text3[64] = {2,0,0,0, 1,0,0,0}; -unsigned char output[64]; -unsigned char zero_text[8] = {0x0,0,0,0,0,0,0,0}; -unsigned char msb_text[8] = {0x0,0,0,0, 0,0,0,0x40}; /* to ANSI MSB */ -unsigned char *input; - -/* 0x0123456789abcdef */ -unsigned char default_key[8] = { - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef -}; -unsigned char key2[8] = { 0x08,0x19,0x2a,0x3b,0x4c,0x5d,0x6e,0x7f }; -unsigned char key3[8] = { 0x80,1,1,1,1,1,1,1 }; -des_cblock s_key; -unsigned char default_ivec[8] = { - 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef -}; -unsigned char *ivec; -unsigned char zero_key[8] = {1,1,1,1,1,1,1,1}; /* just parity bits */ -int i,j; - -unsigned char cipher1[8] = { - 0x25,0xdd,0xac,0x3e,0x96,0x17,0x64,0x67 -}; -unsigned char cipher2[8] = { - 0x3f,0xa4,0x0e,0x8a,0x98,0x4d,0x48,0x15 -}; -unsigned char cipher3[64] = { - 0xe5,0xc7,0xcd,0xde,0x87,0x2b,0xf2,0x7c, - 0x43,0xe9,0x34,0x00,0x8c,0x38,0x9c,0x0f, - 0x68,0x37,0x88,0x49,0x9a,0x7c,0x05,0xf6 -}; -unsigned char checksum[8] = { - 0x58,0xd2,0xe7,0x7e,0x86,0x06,0x27,0x33 -}; - -unsigned char zresult[8] = { - 0x8c, 0xa6, 0x4d, 0xe9, 0xc1, 0xb1, 0x23, 0xa7 -}; - -unsigned char mresult[8] = { - 0xa3, 0x80, 0xe0, 0x2a, 0x6b, 0xe5, 0x46, 0x96 -}; - - -/* - * Can also add : - * plaintext = 0, key = 0, cipher = 0x8ca64de9c1b123a7 (or is it a 1?) - */ - -void do_encrypt (unsigned char *, unsigned char *); -void do_decrypt (unsigned char *, unsigned char *); - -int -main(argc,argv) - int argc; - char *argv[]; -{ - /* Local Declarations */ - unsigned long in_length; - - progname=argv[0]; /* salt away invoking program */ - - while (--argc > 0 && (*++argv)[0] == '-') - for (i=1; argv[0][i] != '\0'; i++) { - switch (argv[0][i]) { - - /* debug flag */ - case 'd': - des_debug=3; - continue; - - case 'z': - zflag = 1; - continue; - - case 'm': - mflag = 1; - continue; - - default: - printf("%s: illegal flag \"%c\" ", - progname,argv[0][i]); - exit(1); - } - }; - - if (argc) { - fprintf(stderr, "Usage: %s [-dmz]\n", progname); - exit(1); - } - - /* use known input and key */ - - /* ECB zero text zero key */ - if (zflag) { - input = zero_text; - des_key_sched(zero_key,KS); - printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n"); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) { - printf("verify: error in zero key test\n"); - exit(-1); - } - exit(0); - } - - if (mflag) { - input = msb_text; - des_key_sched(key3,KS); - printf("plaintext = 0x00 00 00 00 00 00 00 40, "); - printf("key = 0, cipher = 0x??\n"); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) { - printf("%02x ",cipher_text[j]); - } - printf("\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) { - printf("verify: error in msb test\n"); - exit(-1); - } - exit(0); - } - - /* ECB mode Davies and Price */ - { - input = zero_text; - des_key_sched(key2,KS); - printf("Examples per FIPS publication 81, keys ivs and cipher\n"); - printf("in hex. These are the correct answers, see below for\n"); - printf("the actual answers.\n\n"); - printf("Examples per Davies and Price.\n\n"); - printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n"); - printf("\tclear = 0\n"); - printf("\tcipher = 25 dd ac 3e 96 17 64 67\n"); - printf("ACTUAL ECB\n"); - printf("\tclear \"%s\"\n", input); - do_encrypt(input,cipher_text); - printf("\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) { - printf("verify: error in ECB encryption\n"); - exit(-1); - } - else - printf("verify: ECB encription is correct\n\n"); - } - - /* ECB mode */ - { - des_key_sched(default_key,KS); - input = clear_text; - ivec = default_ivec; - printf("EXAMPLE ECB\tkey = 0123456789abcdef\n"); - printf("\tclear = \"Now is the time for all \"\n"); - printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n"); - printf("ACTUAL ECB\n\tclear \"%s\"",input); - do_encrypt(input,cipher_text); - printf("\n\tcipher = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) { - printf("%02x ",cipher_text[j]); - } - printf("\n\n"); - do_decrypt(output,cipher_text); - if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) { - printf("verify: error in ECB encryption\n"); - exit(-1); - } - else - printf("verify: ECB encription is correct\n\n"); - } - - /* CBC mode */ - printf("EXAMPLE CBC\tkey = 0123456789abcdef"); - printf("\tiv = 1234567890abcdef\n"); - printf("\tclear = \"Now is the time for all \"\n"); - printf("\tcipher =\te5 c7 cd de 87 2b f2 7c\n"); - printf("\t\t\t43 e9 34 00 8c 38 9c 0f\n"); - printf("\t\t\t68 37 88 49 9a 7c 05 f6\n"); - - printf("ACTUAL CBC\n\tclear \"%s\"\n",input); - in_length = strlen((char *) input); - des_cbc_encrypt(input,cipher_text, in_length,KS,ivec,1); - printf("\tciphertext = (low to high bytes)\n"); - for (i = 0; i <= 7; i++) { - printf("\t\t"); - for (j = 0; j <= 7; j++) { - printf("%02x ",cipher_text[i*8+j]); - } - printf("\n"); - } - des_cbc_encrypt(cipher_text,clear_text,in_length,KS,ivec,0); - printf("\tdecrypted clear_text = \"%s\"\n",clear_text); - - if ( memcmp(cipher_text, cipher3, (size_t) in_length) ) { - printf("verify: error in CBC encryption\n"); - exit(-1); - } - else - printf("verify: CBC encription is correct\n\n"); - - printf("EXAMPLE CBC checksum"); - printf("\tkey = 0123456789abcdef\tiv = 1234567890abcdef\n"); - printf("\tclear =\t\t\"7654321 Now is the time for \"\n"); - printf("\tchecksum\t58 d2 e7 7e 86 06 27 33, "); - printf("or some part thereof\n"); - input = clear_text2; - des_cbc_cksum(input,cipher_text,(long) strlen((char *) input),KS,ivec); - printf("ACTUAL CBC checksum\n"); - printf("\t\tencrypted cksum = (low to high bytes)\n\t\t"); - for (j = 0; j<=7; j++) - printf("%02x ",cipher_text[j]); - printf("\n\n"); - if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) { - printf("verify: error in CBC cheksum\n"); - exit(-1); - } - else - printf("verify: CBC checksum is correct\n\n"); - exit(0); -} - -void -do_encrypt(in,out) - unsigned char *in; - unsigned char *out; -{ - for (i =1; i<=nflag; i++) { - des_ecb_encrypt((unsigned long *) in, (unsigned long *)out, KS, 1); - if (des_debug) { - printf("\nclear %s\n",in); - for (j = 0; j<=7; j++) - printf("%02X ",in[j] & 0xff); - printf("\tcipher "); - for (j = 0; j<=7; j++) - printf("%02X ",out[j] & 0xff); - } - } -} - -void -do_decrypt(in,out) - unsigned char *out; - unsigned char *in; - /* try to invert it */ -{ - for (i =1; i<=nflag; i++) { - des_ecb_encrypt((unsigned long *) out, (unsigned long *)in,KS,0); - if (des_debug) { - printf("clear %s\n",in); - for (j = 0; j<=7; j++) - printf("%02X ",in[j] & 0xff); - printf("\tcipher "); - for (j = 0; j<=7; j++) - printf("%02X ",out[j] & 0xff); - } - } -} diff --git a/src/lib/gssapi/Makefile.in b/src/lib/gssapi/Makefile.in index 398d7ebdaf..f72a0d3863 100644 --- a/src/lib/gssapi/Makefile.in +++ b/src/lib/gssapi/Makefile.in @@ -2,8 +2,8 @@ thisconfigdir=../.. myfulldir=lib/gssapi mydir=lib/gssapi BUILDTOP=$(REL)..$(S).. -SUBDIRS= generic mechglue krb5 spnego -DEFS= +SUBDIRS= generic krb5 spnego mechglue +DEFS=-D_GSS_STATIC_LINK=1 ##DOSLIBNAME=$(OUTPRE)gssapi.lib ##DOSOBJFILELIST=@$(OUTPRE)mechglue.lst @$(OUTPRE)spnego.lst @$(OUTPRE)generic.lst @$(OUTPRE)krb5.lst @$(OUTPRE)gssapi.lst @@ -15,20 +15,16 @@ DEFS= ##DOS##DLL_EXP_TYPE=GSS LOCALINCLUDES = -Igeneric -I$(srcdir)/generic -Ikrb5 -I$(srcdir)/krb5 -I$(srcdir)/mechglue -STLIBOBJS=\ - gss_libinit.o +STLIBOBJS= -OBJS=\ - $(OUTPRE)gss_libinit.$(OBJEXT) - -SRCS=\ - $(srcdir)/gss_libinit.c +OBJS= +SRCS= LIBBASE=gssapi_krb5 LIBMAJOR=2 LIBMINOR=2 -LIBINITFUNC=gssint_lib_init -LIBFINIFUNC=gssint_lib_fini +#LIBINITFUNC=gssint_lib_init +#LIBFINIFUNC=gssint_lib_fini STOBJLISTS=OBJS.ST generic/OBJS.ST mechglue/OBJS.ST krb5/OBJS.ST spnego/OBJS.ST SUBDIROBJLISTS=generic/OBJS.ST mechglue/OBJS.ST krb5/OBJS.ST spnego/OBJS.ST SHLIB_EXPDEPS=\ @@ -139,23 +135,3 @@ $(EXPORTED_HEADERS) generic/gssapi.h krb5/gssapi_err_krb5.h generic/gssapi_err_g @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -gss_libinit.so gss_libinit.po $(OUTPRE)gss_libinit.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/generic/gssapiP_generic.h $(srcdir)/generic/gssapi_generic.h \ - $(srcdir)/krb5/gssapiP_krb5.h $(srcdir)/mechglue/mechglue.h \ - $(srcdir)/mechglue/mglueP.h generic/gssapi_err_generic.h \ - gss_libinit.c gss_libinit.h krb5/gssapi_err_krb5.h \ - krb5/gssapi_krb5.h diff --git a/src/lib/gssapi/deps b/src/lib/gssapi/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/lib/gssapi/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in index d09a67860a..c35bd1abba 100644 --- a/src/lib/gssapi/generic/Makefile.in +++ b/src/lib/gssapi/generic/Makefile.in @@ -18,7 +18,8 @@ ETHDRS= gssapi_err_generic.h EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi HDRS= $(EHDRDIR)$(S)gssapi.h \ - $(EHDRDIR)$(S)gssapi_generic.h + $(EHDRDIR)$(S)gssapi_generic.h \ + $(EHDRDIR)$(S)gssapi_ext.h MK_EHDRDIR=if test -d $(EHDRDIR); then :; else (set -x; mkdir $(EHDRDIR)); fi ##DOS##MK_EHDRDIR=rem @@ -29,6 +30,8 @@ $(EHDRDIR)$(S)gssapi.h: $(EHDRDIR)$(S)timestamp gssapi.h $(CP) gssapi.h $@ $(EHDRDIR)$(S)gssapi_generic.h: $(EHDRDIR)$(S)timestamp $(srcdir)$(S)gssapi_generic.h $(CP) $(srcdir)$(S)gssapi_generic.h $@ +$(EHDRDIR)$(S)gssapi_ext.h: $(EHDRDIR)$(S)timestamp $(srcdir)$(S)gssapi_ext.h + $(CP) $(srcdir)$(S)gssapi_ext.h $@ $(EHDRDIR)$(S)timestamp: $(MK_EHDRDIR) @@ -67,9 +70,11 @@ SRCS = \ $(srcdir)/disp_com_err_status.c \ $(srcdir)/disp_major_status.c \ $(srcdir)/gssapi_generic.c \ + $(srcdir)/oid_ops.c \ $(srcdir)/rel_buffer.c \ $(srcdir)/rel_oid_set.c \ $(srcdir)/util_buffer.c \ + $(srcdir)/util_buffer_set.c \ $(srcdir)/util_errmap.c \ $(srcdir)/util_ordering.c \ $(srcdir)/util_set.c \ @@ -81,9 +86,11 @@ OBJS = \ $(OUTPRE)disp_com_err_status.$(OBJEXT) \ $(OUTPRE)disp_major_status.$(OBJEXT) \ $(OUTPRE)gssapi_generic.$(OBJEXT) \ + $(OUTPRE)oid_ops.$(OBJEXT) \ $(OUTPRE)rel_buffer.$(OBJEXT) \ $(OUTPRE)rel_oid_set.$(OBJEXT) \ $(OUTPRE)util_buffer.$(OBJEXT) \ + $(OUTPRE)util_buffer_set.$(OBJEXT) \ $(OUTPRE)util_errmap.$(OBJEXT) \ $(OUTPRE)util_ordering.$(OBJEXT) \ $(OUTPRE)util_set.$(OBJEXT) \ @@ -95,9 +102,11 @@ STLIBOBJS = \ disp_com_err_status.o \ disp_major_status.o \ gssapi_generic.o \ + oid_ops.o \ rel_buffer.o \ rel_oid_set.o \ util_buffer.o \ + util_buffer_set.o \ util_errmap.o \ util_ordering.o \ util_set.o \ @@ -105,7 +114,7 @@ STLIBOBJS = \ util_validate.o \ gssapi_err_generic.o -EXPORTED_HEADERS= gssapi_generic.h +EXPORTED_HEADERS= gssapi_generic.h gssapi_ext.h EXPORTED_BUILT_HEADERS= gssapi.h $(OBJS): $(EXPORTED_HEADERS) $(ETHDRS) @@ -162,68 +171,3 @@ depend:: $(ETSRCS) @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -disp_com_err_status.so disp_com_err_status.po $(OUTPRE)disp_com_err_status.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(srcdir)/../gss_libinit.h \ - disp_com_err_status.c gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h -disp_major_status.so disp_major_status.po $(OUTPRE)disp_major_status.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - disp_major_status.c gssapiP_generic.h gssapi_err_generic.h \ - gssapi_generic.h -gssapi_generic.so gssapi_generic.po $(OUTPRE)gssapi_generic.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - gssapiP_generic.h gssapi_err_generic.h gssapi_generic.c \ - gssapi_generic.h -rel_buffer.so rel_buffer.po $(OUTPRE)rel_buffer.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - gssapiP_generic.h gssapi_err_generic.h gssapi_generic.h \ - rel_buffer.c -rel_oid_set.so rel_oid_set.po $(OUTPRE)rel_oid_set.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - gssapiP_generic.h gssapi_err_generic.h gssapi_generic.h \ - rel_oid_set.c -util_buffer.so util_buffer.po $(OUTPRE)util_buffer.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - gssapiP_generic.h gssapi_err_generic.h gssapi_generic.h \ - util_buffer.c -util_errmap.so util_errmap.po $(OUTPRE)util_errmap.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - errmap.h gssapiP_generic.h gssapi_err_generic.h gssapi_generic.h \ - util_errmap.c -util_ordering.so util_ordering.po $(OUTPRE)util_ordering.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - gssapiP_generic.h gssapi_err_generic.h gssapi_generic.h \ - util_ordering.c -util_set.so util_set.po $(OUTPRE)util_set.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - gssapiP_generic.h gssapi_err_generic.h gssapi_generic.h \ - util_set.c -util_token.so util_token.po $(OUTPRE)util_token.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - gssapiP_generic.h gssapi_err_generic.h gssapi_generic.h \ - util_token.c -util_validate.so util_validate.po $(OUTPRE)util_validate.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(srcdir)/../gss_libinit.h \ - gssapiP_generic.h gssapi_err_generic.h gssapi_generic.h \ - util_validate.c -gssapi_err_generic.so gssapi_err_generic.po $(OUTPRE)gssapi_err_generic.$(OBJEXT): \ - $(COM_ERR_DEPS) gssapi_err_generic.c diff --git a/src/lib/gssapi/generic/deps b/src/lib/gssapi/generic/deps new file mode 100644 index 0000000000..652f80871f --- /dev/null +++ b/src/lib/gssapi/generic/deps @@ -0,0 +1,73 @@ +# +# Generated makefile dependencies follow. +# +disp_com_err_status.so disp_com_err_status.po $(OUTPRE)disp_com_err_status.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h disp_com_err_status.c \ + gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \ + gssapi_generic.h +disp_major_status.so disp_major_status.po $(OUTPRE)disp_major_status.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h disp_major_status.c gssapiP_generic.h \ + gssapi_err_generic.h gssapi_ext.h gssapi_generic.h +gssapi_generic.so gssapi_generic.po $(OUTPRE)gssapi_generic.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.c gssapi_generic.h +oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h oid_ops.c +rel_buffer.so rel_buffer.po $(OUTPRE)rel_buffer.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h rel_buffer.c +rel_oid_set.so rel_oid_set.po $(OUTPRE)rel_oid_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h rel_oid_set.c +util_buffer.so util_buffer.po $(OUTPRE)util_buffer.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h util_buffer.c +util_buffer_set.so util_buffer_set.po $(OUTPRE)util_buffer_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h util_buffer_set.c +util_errmap.so util_errmap.po $(OUTPRE)util_errmap.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h errmap.h gssapiP_generic.h \ + gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \ + util_errmap.c +util_ordering.so util_ordering.po $(OUTPRE)util_ordering.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h util_ordering.c +util_set.so util_set.po $(OUTPRE)util_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h util_set.c +util_token.so util_token.po $(OUTPRE)util_token.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h util_token.c +util_validate.so util_validate.po $(OUTPRE)util_validate.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \ + gssapi_ext.h gssapi_generic.h util_validate.c +gssapi_err_generic.so gssapi_err_generic.po $(OUTPRE)gssapi_err_generic.$(OBJEXT): \ + $(COM_ERR_DEPS) gssapi_err_generic.c diff --git a/src/lib/gssapi/generic/disp_com_err_status.c b/src/lib/gssapi/generic/disp_com_err_status.c index c04b67265e..d7a2e1d85c 100644 --- a/src/lib/gssapi/generic/disp_com_err_status.c +++ b/src/lib/gssapi/generic/disp_com_err_status.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -25,7 +26,6 @@ */ #include "gssapiP_generic.h" -#include "gss_libinit.h" #include "com_err.h" /* XXXX internationalization!! */ @@ -37,30 +37,28 @@ static const char * const no_error = "No error"; /**/ /* if status_type == GSS_C_GSS_CODE, return up to three error messages, - for routine errors, call error, and status, in that order. - message_context == 0 : print the routine error - message_context == 1 : print the calling error - message_context > 2 : print supplementary info bit (message_context-2) + for routine errors, call error, and status, in that order. + message_context == 0 : print the routine error + message_context == 1 : print the calling error + message_context > 2 : print supplementary info bit (message_context-2) if status_type == GSS_C_MECH_CODE, return the output from error_message() - */ +*/ OM_uint32 g_display_com_err_status(minor_status, status_value, status_string) - OM_uint32 *minor_status; - OM_uint32 status_value; - gss_buffer_t status_string; + OM_uint32 *minor_status; + OM_uint32 status_value; + gss_buffer_t status_string; { - status_string->length = 0; - status_string->value = NULL; + status_string->length = 0; + status_string->value = NULL; - (void) gssint_initialize_library(); - - if (! g_make_string_buffer(((status_value == 0)?no_error: - error_message(status_value)), - status_string)) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - *minor_status = 0; - return(GSS_S_COMPLETE); + if (! g_make_string_buffer(((status_value == 0)?no_error: + error_message(status_value)), + status_string)) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + *minor_status = 0; + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/generic/disp_major_status.c b/src/lib/gssapi/generic/disp_major_status.c index 0648192a19..f9ff281477 100644 --- a/src/lib/gssapi/generic/disp_major_status.c +++ b/src/lib/gssapi/generic/disp_major_status.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -38,57 +39,57 @@ /**/ static const char * const calling_error_string[] = { - NULL, - "A required input parameter could not be read", - "A required input parameter could not be written", - "A parameter was malformed", + NULL, + "A required input parameter could not be read", + "A required input parameter could not be written", + "A parameter was malformed", }; - + static const char * const calling_error = "calling error"; #define GSS_CALLING_ERROR_STR(x) \ GSS_ERROR_STR((x), calling_error_string, GSS_CALLING_ERROR, \ - GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \ - GSS_CALLING_ERROR_FIELD) + GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \ + GSS_CALLING_ERROR_FIELD) /**/ static const char * const routine_error_string[] = { - NULL, - "An unsupported mechanism was requested", - "An invalid name was supplied", - "A supplied name was of an unsupported type", - "Incorrect channel bindings were supplied", - "An invalid status code was supplied", - "A token had an invalid signature", - "No credentials were supplied", - "No context has been established", - "A token was invalid", - "A credential was invalid", - "The referenced credentials have expired", - "The context has expired", - "Miscellaneous failure", - "The quality-of-protection requested could not be provided", - "The operation is forbidden by the local security policy", - "The operation or option is not available", -}; + NULL, + "An unsupported mechanism was requested", + "An invalid name was supplied", + "A supplied name was of an unsupported type", + "Incorrect channel bindings were supplied", + "An invalid status code was supplied", + "A token had an invalid signature", + "No credentials were supplied", + "No context has been established", + "A token was invalid", + "A credential was invalid", + "The referenced credentials have expired", + "The context has expired", + "Miscellaneous failure", + "The quality-of-protection requested could not be provided", + "The operation is forbidden by the local security policy", + "The operation or option is not available", +}; static const char * const routine_error = "routine error"; #define GSS_ROUTINE_ERROR_STR(x) \ GSS_ERROR_STR((x), routine_error_string, GSS_ROUTINE_ERROR, \ - GSS_S_BAD_MECH, GSS_S_FAILURE, \ - GSS_ROUTINE_ERROR_FIELD) + GSS_S_BAD_MECH, GSS_S_FAILURE, \ + GSS_ROUTINE_ERROR_FIELD) /**/ /* this becomes overly gross after about 4 strings */ static const char * const sinfo_string[] = { - "The routine must be called again to complete its function", - "The token was a duplicate of an earlier token", - "The token's validity period has expired", - "A later token has already been processed", + "The routine must be called again to complete its function", + "The token was a duplicate of an earlier token", + "The token's validity period has expired", + "A later token has already been processed", }; static const char * const sinfo_code = "supplementary info code"; @@ -107,203 +108,203 @@ static const char * const unknown_error = "Unknown %s (field = %d)"; /**/ -static int +static int display_unknown(kind, value, buffer) - const char *kind; - OM_uint32 value; - gss_buffer_t buffer; + const char *kind; + OM_uint32 value; + gss_buffer_t buffer; { - char *str; + char *str; - if (asprintf(&str, unknown_error, kind, value) < 0) - return(0); + if (asprintf(&str, unknown_error, kind, value) < 0) + return(0); - buffer->length = strlen(str); - buffer->value = str; + buffer->length = strlen(str); + buffer->value = str; - return(1); + return(1); } /* code should be set to the calling error field */ static OM_uint32 display_calling(minor_status, code, status_string) - OM_uint32 *minor_status; - OM_uint32 code; - gss_buffer_t status_string; + OM_uint32 *minor_status; + OM_uint32 code; + gss_buffer_t status_string; { - const char *str; - - if ((str = GSS_CALLING_ERROR_STR(code))) { - if (! g_make_string_buffer(str, status_string)) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - } else { - if (! display_unknown(calling_error, GSS_CALLING_ERROR_FIELD(code), - status_string)) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - } - *minor_status = 0; - return(GSS_S_COMPLETE); + const char *str; + + if ((str = GSS_CALLING_ERROR_STR(code))) { + if (! g_make_string_buffer(str, status_string)) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + } else { + if (! display_unknown(calling_error, GSS_CALLING_ERROR_FIELD(code), + status_string)) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + } + *minor_status = 0; + return(GSS_S_COMPLETE); } /* code should be set to the routine error field */ static OM_uint32 display_routine(minor_status, code, status_string) - OM_uint32 *minor_status; - OM_uint32 code; - gss_buffer_t status_string; + OM_uint32 *minor_status; + OM_uint32 code; + gss_buffer_t status_string; { - const char *str; - - if ((str = GSS_ROUTINE_ERROR_STR(code))) { - if (! g_make_string_buffer(str, status_string)) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - } else { - if (! display_unknown(routine_error, GSS_ROUTINE_ERROR_FIELD(code), - status_string)) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - } - *minor_status = 0; - return(GSS_S_COMPLETE); + const char *str; + + if ((str = GSS_ROUTINE_ERROR_STR(code))) { + if (! g_make_string_buffer(str, status_string)) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + } else { + if (! display_unknown(routine_error, GSS_ROUTINE_ERROR_FIELD(code), + status_string)) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + } + *minor_status = 0; + return(GSS_S_COMPLETE); } /* code should be set to the bit offset (log_2) of a supplementary info bit */ static OM_uint32 display_bit(minor_status, code, status_string) - OM_uint32 *minor_status; - OM_uint32 code; - gss_buffer_t status_string; + OM_uint32 *minor_status; + OM_uint32 code; + gss_buffer_t status_string; { - const char *str; - - if ((str = GSS_SINFO_STR(code))) { - if (! g_make_string_buffer(str, status_string)) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - } else { - if (! display_unknown(sinfo_code, 1< 2 : print supplementary info bit (message_context-2) - */ - -OM_uint32 g_display_major_status(minor_status, status_value, - message_context, status_string) - OM_uint32 *minor_status; - OM_uint32 status_value; - OM_uint32 *message_context; - gss_buffer_t status_string; + message_context == 0 : print the routine error + message_context == 1 : print the calling error + message_context > 2 : print supplementary info bit (message_context-2) +*/ + +OM_uint32 g_display_major_status(minor_status, status_value, + message_context, status_string) + OM_uint32 *minor_status; + OM_uint32 status_value; + OM_uint32 *message_context; + gss_buffer_t status_string; { - OM_uint32 ret, tmp; - int bit; - - /*** deal with no error at all specially */ - - if (status_value == 0) { - if (! g_make_string_buffer(no_error, status_string)) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - *message_context = 0; - *minor_status = 0; - return(GSS_S_COMPLETE); - } - - /*** do routine error */ - - if (*message_context == 0) { - if ((tmp = GSS_ROUTINE_ERROR(status_value))) { - status_value -= tmp; - if ((ret = display_routine(minor_status, tmp, status_string))) - return(ret); - *minor_status = 0; - if (status_value) { - (*message_context)++; - return(GSS_S_COMPLETE); - } else { - *message_context = 0; - return(GSS_S_COMPLETE); - } - } else { - (*message_context)++; - } - } else { - status_value -= GSS_ROUTINE_ERROR(status_value); - } - - /*** do calling error */ - - if (*message_context == 1) { - if ((tmp = GSS_CALLING_ERROR(status_value))) { - status_value -= tmp; - if ((ret = display_calling(minor_status, tmp, status_string))) - return(ret); - *minor_status = 0; - if (status_value) { - (*message_context)++; - return(GSS_S_COMPLETE); - } else { - *message_context = 0; - return(GSS_S_COMPLETE); - } - } else { - (*message_context)++; - } - } else { - status_value -= GSS_CALLING_ERROR(status_value); - } - - /*** do sinfo bits (*message_context == 2 + number of bits done) */ - - tmp = GSS_SUPPLEMENTARY_INFO_FIELD(status_value); - /* mask off the bits which have been done */ - if (*message_context > 2) { - tmp &= ~LSBMASK(*message_context-3); - status_value &= ~LSBMASK(*message_context-3); - } - - if (!tmp) { - /* bogon input - there should be something left */ - *minor_status = (OM_uint32) G_BAD_MSG_CTX; - return(GSS_S_FAILURE); - } - - /* compute the bit offset */ - /*SUPPRESS 570*/ - for (bit=0; (((OM_uint32) 1)< 2) { + tmp &= ~LSBMASK(*message_context-3); + status_value &= ~LSBMASK(*message_context-3); + } + + if (!tmp) { + /* bogon input - there should be something left */ + *minor_status = (OM_uint32) G_BAD_MSG_CTX; + return(GSS_S_FAILURE); + } + + /* compute the bit offset */ + /*SUPPRESS 570*/ + for (bit=0; (((OM_uint32) 1)< -# if TARGET_RT_MAC_CFM -# error "Use KfM 4.0 SDK headers for CFM compilation." -# endif +# include +# if TARGET_RT_MAC_CFM +# error "Use KfM 4.0 SDK headers for CFM compilation." +# endif #endif #ifdef __cplusplus @@ -85,73 +86,73 @@ typedef struct gss_ctx_id_struct * gss_ctx_id_t; typedef uint32_t gss_uint32; typedef int32_t gss_int32; -#ifdef OM_STRING +#ifdef OM_STRING /* * We have included the xom.h header file. Use the definition for * OM_object identifier. */ -typedef OM_object_identifier gss_OID_desc, *gss_OID; -#else /* OM_STRING */ +typedef OM_object_identifier gss_OID_desc, *gss_OID; +#else /* OM_STRING */ /* * We can't use X/Open definitions, so roll our own. */ -typedef gss_uint32 OM_uint32; +typedef gss_uint32 OM_uint32; typedef struct gss_OID_desc_struct { - OM_uint32 length; - void *elements; + OM_uint32 length; + void *elements; } gss_OID_desc, *gss_OID; -#endif /* OM_STRING */ +#endif /* OM_STRING */ typedef struct gss_OID_set_desc_struct { - size_t count; - gss_OID elements; + size_t count; + gss_OID elements; } gss_OID_set_desc, *gss_OID_set; typedef struct gss_buffer_desc_struct { - size_t length; - void *value; + size_t length; + void *value; } gss_buffer_desc, *gss_buffer_t; typedef struct gss_channel_bindings_struct { - OM_uint32 initiator_addrtype; - gss_buffer_desc initiator_address; - OM_uint32 acceptor_addrtype; - gss_buffer_desc acceptor_address; - gss_buffer_desc application_data; + OM_uint32 initiator_addrtype; + gss_buffer_desc initiator_address; + OM_uint32 acceptor_addrtype; + gss_buffer_desc acceptor_address; + gss_buffer_desc application_data; } *gss_channel_bindings_t; /* * For now, define a QOP-type as an OM_uint32 (pending resolution of ongoing * discussions). */ -typedef OM_uint32 gss_qop_t; -typedef int gss_cred_usage_t; +typedef OM_uint32 gss_qop_t; +typedef int gss_cred_usage_t; /* * Flag bits for context-level services. */ -#define GSS_C_DELEG_FLAG 1 -#define GSS_C_MUTUAL_FLAG 2 -#define GSS_C_REPLAY_FLAG 4 -#define GSS_C_SEQUENCE_FLAG 8 -#define GSS_C_CONF_FLAG 16 -#define GSS_C_INTEG_FLAG 32 -#define GSS_C_ANON_FLAG 64 -#define GSS_C_PROT_READY_FLAG 128 -#define GSS_C_TRANS_FLAG 256 +#define GSS_C_DELEG_FLAG 1 +#define GSS_C_MUTUAL_FLAG 2 +#define GSS_C_REPLAY_FLAG 4 +#define GSS_C_SEQUENCE_FLAG 8 +#define GSS_C_CONF_FLAG 16 +#define GSS_C_INTEG_FLAG 32 +#define GSS_C_ANON_FLAG 64 +#define GSS_C_PROT_READY_FLAG 128 +#define GSS_C_TRANS_FLAG 256 /* * Credential usage options */ -#define GSS_C_BOTH 0 -#define GSS_C_INITIATE 1 -#define GSS_C_ACCEPT 2 +#define GSS_C_BOTH 0 +#define GSS_C_INITIATE 1 +#define GSS_C_ACCEPT 2 /* * Status code types for gss_display_status */ -#define GSS_C_GSS_CODE 1 +#define GSS_C_GSS_CODE 1 #define GSS_C_MECH_CODE 2 /* @@ -177,6 +178,7 @@ typedef int gss_cred_usage_t; #define GSS_C_AF_BSC 17 #define GSS_C_AF_DSS 18 #define GSS_C_AF_OSI 19 +#define GSS_C_AF_NETBIOS 20 #define GSS_C_AF_X25 21 #define GSS_C_AF_NULLADDR 255 @@ -197,8 +199,8 @@ typedef int gss_cred_usage_t; * Some alternate names for a couple of the above values. These are defined * for V1 compatibility. */ -#define GSS_C_NULL_OID GSS_C_NO_OID -#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET +#define GSS_C_NULL_OID GSS_C_NO_OID +#define GSS_C_NULL_OID_SET GSS_C_NO_OID_SET /* * Define the default Quality of Protection for per-message services. Note @@ -244,7 +246,7 @@ typedef int gss_cred_usage_t; ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET)) #define GSS_ERROR(x) \ ((x) & ((GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET) | \ - (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) + (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))) /* * Now the actual status code definitions @@ -407,301 +409,311 @@ GSS_DLLIMP extern gss_OID GSS_C_NT_EXPORT_NAME; /* Function Prototypes */ -OM_uint32 KRB5_CALLCONV gss_acquire_cred -(OM_uint32 *, /* minor_status */ - gss_name_t, /* desired_name */ - OM_uint32, /* time_req */ - gss_OID_set, /* desired_mechs */ - gss_cred_usage_t, /* cred_usage */ - gss_cred_id_t *, /* output_cred_handle */ - gss_OID_set *, /* actual_mechs */ - OM_uint32 * /* time_rec */ - ); - -OM_uint32 KRB5_CALLCONV gss_release_cred -(OM_uint32 *, /* minor_status */ - gss_cred_id_t * /* cred_handle */ - ); - -OM_uint32 KRB5_CALLCONV gss_init_sec_context -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* claimant_cred_handle */ - gss_ctx_id_t *, /* context_handle */ - gss_name_t, /* target_name */ - gss_OID, /* mech_type (used to be const) */ - OM_uint32, /* req_flags */ - OM_uint32, /* time_req */ - gss_channel_bindings_t, /* input_chan_bindings */ - gss_buffer_t, /* input_token */ - gss_OID *, /* actual_mech_type */ - gss_buffer_t, /* output_token */ - OM_uint32 *, /* ret_flags */ - OM_uint32 * /* time_rec */ - ); - -OM_uint32 KRB5_CALLCONV gss_accept_sec_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t *, /* context_handle */ - gss_cred_id_t, /* acceptor_cred_handle */ - gss_buffer_t, /* input_token_buffer */ - gss_channel_bindings_t, /* input_chan_bindings */ - gss_name_t *, /* src_name */ - gss_OID *, /* mech_type */ - gss_buffer_t, /* output_token */ - OM_uint32 *, /* ret_flags */ - OM_uint32 *, /* time_rec */ - gss_cred_id_t * /* delegated_cred_handle */ - ); - -OM_uint32 KRB5_CALLCONV gss_process_context_token -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t /* token_buffer */ - ); - -OM_uint32 KRB5_CALLCONV gss_delete_sec_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t *, /* context_handle */ - gss_buffer_t /* output_token */ - ); - -OM_uint32 KRB5_CALLCONV gss_context_time -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - OM_uint32 * /* time_rec */ - ); +OM_uint32 KRB5_CALLCONV +gss_acquire_cred( + OM_uint32 *, /* minor_status */ + gss_name_t, /* desired_name */ + OM_uint32, /* time_req */ + gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *); /* time_rec */ + +OM_uint32 KRB5_CALLCONV +gss_release_cred( + OM_uint32 *, /* minor_status */ + gss_cred_id_t *); /* cred_handle */ + +OM_uint32 KRB5_CALLCONV +gss_init_sec_context( + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* claimant_cred_handle */ + gss_ctx_id_t *, /* context_handle */ + gss_name_t, /* target_name */ + gss_OID, /* mech_type (used to be const) */ + OM_uint32, /* req_flags */ + OM_uint32, /* time_req */ + gss_channel_bindings_t, /* input_chan_bindings */ + gss_buffer_t, /* input_token */ + gss_OID *, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 *, /* ret_flags */ + OM_uint32 *); /* time_rec */ + +OM_uint32 KRB5_CALLCONV +gss_accept_sec_context( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_cred_id_t, /* acceptor_cred_handle */ + gss_buffer_t, /* input_token_buffer */ + gss_channel_bindings_t, /* input_chan_bindings */ + gss_name_t *, /* src_name */ + gss_OID *, /* mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32 *, /* ret_flags */ + OM_uint32 *, /* time_rec */ + gss_cred_id_t *); /* delegated_cred_handle */ + +OM_uint32 KRB5_CALLCONV +gss_process_context_token( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t); /* token_buffer */ + + +OM_uint32 KRB5_CALLCONV +gss_delete_sec_context( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t); /* output_token */ + + +OM_uint32 KRB5_CALLCONV +gss_context_time( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + OM_uint32 *); /* time_rec */ + /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_get_mic -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_qop_t, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ - ); +OM_uint32 KRB5_CALLCONV +gss_get_mic( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t); /* message_token */ + /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_verify_mic -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* message_token */ - gss_qop_t * /* qop_state */ - ); +OM_uint32 KRB5_CALLCONV +gss_verify_mic(OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* message_token */ + gss_qop_t * /* qop_state */ +); /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_wrap -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - gss_qop_t, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ - int *, /* conf_state */ - gss_buffer_t /* output_message_buffer */ - ); +OM_uint32 KRB5_CALLCONV +gss_wrap( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int *, /* conf_state */ + gss_buffer_t); /* output_message_buffer */ + /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_unwrap -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ - gss_buffer_t, /* output_message_buffer */ - int *, /* conf_state */ - gss_qop_t * /* qop_state */ - ); - -OM_uint32 KRB5_CALLCONV gss_display_status -(OM_uint32 *, /* minor_status */ - OM_uint32, /* status_value */ - int, /* status_type */ - gss_OID, /* mech_type (used to be const) */ - OM_uint32 *, /* message_context */ - gss_buffer_t /* status_string */ - ); - -OM_uint32 KRB5_CALLCONV gss_indicate_mechs -(OM_uint32 *, /* minor_status */ - gss_OID_set * /* mech_set */ - ); - -OM_uint32 KRB5_CALLCONV gss_compare_name -(OM_uint32 *, /* minor_status */ - gss_name_t, /* name1 */ - gss_name_t, /* name2 */ - int * /* name_equal */ - ); - -OM_uint32 KRB5_CALLCONV gss_display_name -(OM_uint32 *, /* minor_status */ - gss_name_t, /* input_name */ - gss_buffer_t, /* output_name_buffer */ - gss_OID * /* output_name_type */ - ); - -OM_uint32 KRB5_CALLCONV gss_import_name -(OM_uint32 *, /* minor_status */ - gss_buffer_t, /* input_name_buffer */ - gss_OID, /* input_name_type(used to be const) */ - gss_name_t * /* output_name */ - ); - -OM_uint32 KRB5_CALLCONV gss_release_name -(OM_uint32 *, /* minor_status */ - gss_name_t * /* input_name */ - ); - -OM_uint32 KRB5_CALLCONV gss_release_buffer -(OM_uint32 *, /* minor_status */ - gss_buffer_t /* buffer */ - ); - -OM_uint32 KRB5_CALLCONV gss_release_oid_set -(OM_uint32 *, /* minor_status */ - gss_OID_set * /* set */ - ); - -OM_uint32 KRB5_CALLCONV gss_inquire_cred -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_name_t *, /* name */ - OM_uint32 *, /* lifetime */ - gss_cred_usage_t *, /* cred_usage */ - gss_OID_set * /* mechanisms */ - ); +OM_uint32 KRB5_CALLCONV +gss_unwrap( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int *, /* conf_state */ + gss_qop_t *); /* qop_state */ + + +OM_uint32 KRB5_CALLCONV +gss_display_status( + OM_uint32 *, /* minor_status */ + OM_uint32, /* status_value */ + int, /* status_type */ + gss_OID, /* mech_type (used to be const) */ + OM_uint32 *, /* message_context */ + gss_buffer_t); /* status_string */ + + +OM_uint32 KRB5_CALLCONV +gss_indicate_mechs( + OM_uint32 *, /* minor_status */ + gss_OID_set *); /* mech_set */ + + +OM_uint32 KRB5_CALLCONV +gss_compare_name( + OM_uint32 *, /* minor_status */ + gss_name_t, /* name1 */ + gss_name_t, /* name2 */ + int *); /* name_equal */ + + +OM_uint32 KRB5_CALLCONV +gss_display_name( + OM_uint32 *, /* minor_status */ + gss_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID *); /* output_name_type */ + + +OM_uint32 KRB5_CALLCONV +gss_import_name( + OM_uint32 *, /* minor_status */ + gss_buffer_t, /* input_name_buffer */ + gss_OID, /* input_name_type(used to be const) */ + gss_name_t *); /* output_name */ + +OM_uint32 KRB5_CALLCONV +gss_release_name( + OM_uint32 *, /* minor_status */ + gss_name_t *); /* input_name */ + +OM_uint32 KRB5_CALLCONV +gss_release_buffer( + OM_uint32 *, /* minor_status */ + gss_buffer_t); /* buffer */ + +OM_uint32 KRB5_CALLCONV +gss_release_oid_set( + OM_uint32 *, /* minor_status */ + gss_OID_set *); /* set */ + +OM_uint32 KRB5_CALLCONV +gss_inquire_cred( + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_name_t *, /* name */ + OM_uint32 *, /* lifetime */ + gss_cred_usage_t *, /* cred_usage */ + gss_OID_set *); /* mechanisms */ /* Last argument new for V2 */ -OM_uint32 KRB5_CALLCONV gss_inquire_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_name_t *, /* src_name */ - gss_name_t *, /* targ_name */ - OM_uint32 *, /* lifetime_rec */ - gss_OID *, /* mech_type */ - OM_uint32 *, /* ctx_flags */ - int *, /* locally_initiated */ - int * /* open */ - ); +OM_uint32 KRB5_CALLCONV +gss_inquire_context( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_name_t *, /* src_name */ + gss_name_t *, /* targ_name */ + OM_uint32 *, /* lifetime_rec */ + gss_OID *, /* mech_type */ + OM_uint32 *, /* ctx_flags */ + int *, /* locally_initiated */ + int *); /* open */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_wrap_size_limit -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - gss_qop_t, /* qop_req */ - OM_uint32, /* req_output_size */ - OM_uint32 * /* max_input_size */ - ); +OM_uint32 KRB5_CALLCONV +gss_wrap_size_limit( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + OM_uint32, /* req_output_size */ + OM_uint32 *); /* max_input_size */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_import_name_object -(OM_uint32 *, /* minor_status */ - void *, /* input_name */ - gss_OID, /* input_name_type */ - gss_name_t * /* output_name */ - ); +OM_uint32 KRB5_CALLCONV +gss_import_name_object( + OM_uint32 *, /* minor_status */ + void *, /* input_name */ + gss_OID, /* input_name_type */ + gss_name_t *); /* output_name */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_export_name_object -(OM_uint32 *, /* minor_status */ - gss_name_t, /* input_name */ - gss_OID, /* desired_name_type */ - void ** /* output_name */ - ); +OM_uint32 KRB5_CALLCONV +gss_export_name_object( + OM_uint32 *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID, /* desired_name_type */ + void **); /* output_name */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_add_cred -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* input_cred_handle */ - gss_name_t, /* desired_name */ - gss_OID, /* desired_mech */ - gss_cred_usage_t, /* cred_usage */ - OM_uint32, /* initiator_time_req */ - OM_uint32, /* acceptor_time_req */ - gss_cred_id_t *, /* output_cred_handle */ - gss_OID_set *, /* actual_mechs */ - OM_uint32 *, /* initiator_time_rec */ - OM_uint32 * /* acceptor_time_rec */ - ); +OM_uint32 KRB5_CALLCONV +gss_add_cred( + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* input_cred_handle */ + gss_name_t, /* desired_name */ + gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 *); /* acceptor_time_rec */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_mech -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_OID, /* mech_type */ - gss_name_t *, /* name */ - OM_uint32 *, /* initiator_lifetime */ - OM_uint32 *, /* acceptor_lifetime */ - gss_cred_usage_t * /* cred_usage */ - ); +OM_uint32 KRB5_CALLCONV +gss_inquire_cred_by_mech( + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_OID, /* mech_type */ + gss_name_t *, /* name */ + OM_uint32 *, /* initiator_lifetime */ + OM_uint32 *, /* acceptor_lifetime */ + gss_cred_usage_t *); /* cred_usage */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_export_sec_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t *, /* context_handle */ - gss_buffer_t /* interprocess_token */ - ); +OM_uint32 KRB5_CALLCONV +gss_export_sec_context( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t); /* interprocess_token */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_import_sec_context -(OM_uint32 *, /* minor_status */ - gss_buffer_t, /* interprocess_token */ - gss_ctx_id_t * /* context_handle */ - ); +OM_uint32 KRB5_CALLCONV +gss_import_sec_context( + OM_uint32 *, /* minor_status */ + gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t *); /* context_handle */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_release_oid -(OM_uint32 *, /* minor_status */ - gss_OID * /* oid */ - ); +OM_uint32 KRB5_CALLCONV +gss_release_oid( + OM_uint32 *, /* minor_status */ + gss_OID *); /* oid */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_create_empty_oid_set -(OM_uint32 *, /* minor_status */ - gss_OID_set * /* oid_set */ - ); +OM_uint32 KRB5_CALLCONV +gss_create_empty_oid_set( + OM_uint32 *, /* minor_status */ + gss_OID_set *); /* oid_set */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_add_oid_set_member -(OM_uint32 *, /* minor_status */ - gss_OID, /* member_oid */ - gss_OID_set * /* oid_set */ - ); +OM_uint32 KRB5_CALLCONV +gss_add_oid_set_member( + OM_uint32 *, /* minor_status */ + gss_OID, /* member_oid */ + gss_OID_set *); /* oid_set */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_test_oid_set_member -(OM_uint32 *, /* minor_status */ - gss_OID, /* member */ - gss_OID_set, /* set */ - int * /* present */ - ); +OM_uint32 KRB5_CALLCONV +gss_test_oid_set_member( + OM_uint32 *, /* minor_status */ + gss_OID, /* member */ + gss_OID_set, /* set */ + int *); /* present */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_str_to_oid -(OM_uint32 *, /* minor_status */ - gss_buffer_t, /* oid_str */ - gss_OID * /* oid */ - ); +OM_uint32 KRB5_CALLCONV +gss_str_to_oid( + OM_uint32 *, /* minor_status */ + gss_buffer_t, /* oid_str */ + gss_OID *); /* oid */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_oid_to_str -(OM_uint32 *, /* minor_status */ - gss_OID, /* oid */ - gss_buffer_t /* oid_str */ - ); +OM_uint32 KRB5_CALLCONV +gss_oid_to_str( + OM_uint32 *, /* minor_status */ + gss_OID, /* oid */ + gss_buffer_t); /* oid_str */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_inquire_names_for_mech -(OM_uint32 *, /* minor_status */ - gss_OID, /* mechanism */ - gss_OID_set * /* name_types */ - ); +OM_uint32 KRB5_CALLCONV +gss_inquire_names_for_mech( + OM_uint32 *, /* minor_status */ + gss_OID, /* mechanism */ + gss_OID_set *); /* name_types */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_inquire_mechs_for_name( - OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_OID_set * /* mech_types */ -); +OM_uint32 KRB5_CALLCONV +gss_inquire_mechs_for_name( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_OID_set *); /* mech_types */ /* * The following routines are obsolete variants of gss_get_mic, gss_wrap, @@ -710,62 +722,62 @@ OM_uint32 KRB5_CALLCONV gss_inquire_mechs_for_name( * entrypoints (as opposed to #defines) should be provided, to allow GSSAPI * V1 applications to link against GSSAPI V2 implementations. */ -OM_uint32 KRB5_CALLCONV gss_sign -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ - ); - -OM_uint32 KRB5_CALLCONV gss_verify -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* token_buffer */ - int * /* qop_state */ - ); - -OM_uint32 KRB5_CALLCONV gss_seal -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - int, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ - int *, /* conf_state */ - gss_buffer_t /* output_message_buffer */ - ); - -OM_uint32 KRB5_CALLCONV gss_unseal -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ - gss_buffer_t, /* output_message_buffer */ - int *, /* conf_state */ - int * /* qop_state */ - ); +OM_uint32 KRB5_CALLCONV +gss_sign( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t); /* message_token */ + +OM_uint32 KRB5_CALLCONV +gss_verify( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* token_buffer */ + int *); /* qop_state */ + +OM_uint32 KRB5_CALLCONV +gss_seal( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + int, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int *, /* conf_state */ + gss_buffer_t); /* output_message_buffer */ + +OM_uint32 KRB5_CALLCONV +gss_unseal( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int *, /* conf_state */ + int *); /* qop_state */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_export_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_buffer_t /* exported_name */ - ); +OM_uint32 KRB5_CALLCONV +gss_export_name( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_buffer_t); /* exported_name */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_duplicate_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_name_t * /* dest_name */ - ); +OM_uint32 KRB5_CALLCONV +gss_duplicate_name( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_name_t *); /* dest_name */ /* New for V2 */ -OM_uint32 KRB5_CALLCONV gss_canonicalize_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - const gss_OID, /* mech_type */ - gss_name_t * /* output_name */ - ); +OM_uint32 KRB5_CALLCONV +gss_canonicalize_name( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + const gss_OID, /* mech_type */ + gss_name_t *); /* output_name */ #if TARGET_OS_MAC # pragma pack(pop) diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h index c4a030d186..894899b95c 100644 --- a/src/lib/gssapi/generic/gssapiP_generic.h +++ b/src/lib/gssapi/generic/gssapiP_generic.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -39,57 +40,58 @@ #include "k5-thread.h" #include "gssapi_generic.h" - +#include "gssapi_ext.h" #include "gssapi_err_generic.h" #include #include "k5-platform.h" +#include "k5-buf.h" typedef UINT64_TYPE gssint_uint64; /** helper macros **/ -#define g_OID_equal(o1, o2) \ - (((o1)->length == (o2)->length) && \ - (memcmp((o1)->elements, (o2)->elements, (o1)->length) == 0)) +#define g_OID_equal(o1, o2) \ + (((o1)->length == (o2)->length) && \ + (memcmp((o1)->elements, (o2)->elements, (o1)->length) == 0)) /* this code knows that an int on the wire is 32 bits. The type of num should be at least this big, or the extra shifts may do weird things */ -#define TWRITE_INT(ptr, num, bigend) \ - (ptr)[0] = (char) ((bigend)?((num)>>24):((num)&0xff)); \ - (ptr)[1] = (char) ((bigend)?(((num)>>16)&0xff):(((num)>>8)&0xff)); \ - (ptr)[2] = (char) ((bigend)?(((num)>>8)&0xff):(((num)>>16)&0xff)); \ - (ptr)[3] = (char) ((bigend)?((num)&0xff):((num)>>24)); \ +#define TWRITE_INT(ptr, num, bigend) \ + (ptr)[0] = (char) ((bigend)?((num)>>24):((num)&0xff)); \ + (ptr)[1] = (char) ((bigend)?(((num)>>16)&0xff):(((num)>>8)&0xff)); \ + (ptr)[2] = (char) ((bigend)?(((num)>>8)&0xff):(((num)>>16)&0xff)); \ + (ptr)[3] = (char) ((bigend)?((num)&0xff):((num)>>24)); \ (ptr) += 4; -#define TWRITE_INT16(ptr, num, bigend) \ - (ptr)[0] = (char) ((bigend)?((num)>>24):((num)&0xff)); \ - (ptr)[1] = (char) ((bigend)?(((num)>>16)&0xff):(((num)>>8)&0xff)); \ +#define TWRITE_INT16(ptr, num, bigend) \ + (ptr)[0] = (char) ((bigend)?((num)>>24):((num)&0xff)); \ + (ptr)[1] = (char) ((bigend)?(((num)>>16)&0xff):(((num)>>8)&0xff)); \ (ptr) += 2; -#define TREAD_INT(ptr, num, bigend) \ - (num) = (((ptr)[0]<<((bigend)?24: 0)) | \ - ((ptr)[1]<<((bigend)?16: 8)) | \ - ((ptr)[2]<<((bigend)? 8:16)) | \ - ((ptr)[3]<<((bigend)? 0:24))); \ +#define TREAD_INT(ptr, num, bigend) \ + (num) = (((ptr)[0]<<((bigend)?24: 0)) | \ + ((ptr)[1]<<((bigend)?16: 8)) | \ + ((ptr)[2]<<((bigend)? 8:16)) | \ + ((ptr)[3]<<((bigend)? 0:24))); \ (ptr) += 4; -#define TREAD_INT16(ptr, num, bigend) \ - (num) = (((ptr)[0]<<((bigend)?24: 0)) | \ - ((ptr)[1]<<((bigend)?16: 8))); \ +#define TREAD_INT16(ptr, num, bigend) \ + (num) = (((ptr)[0]<<((bigend)?24: 0)) | \ + ((ptr)[1]<<((bigend)?16: 8))); \ (ptr) += 2; -#define TWRITE_STR(ptr, str, len) \ - memcpy((ptr), (char *) (str), (len)); \ +#define TWRITE_STR(ptr, str, len) \ + memcpy((ptr), (char *) (str), (len)); \ (ptr) += (len); -#define TREAD_STR(ptr, str, len) \ - (str) = (ptr); \ +#define TREAD_STR(ptr, str, len) \ + (str) = (ptr); \ (ptr) += (len); -#define TWRITE_BUF(ptr, buf, bigend) \ - TWRITE_INT((ptr), (buf).length, (bigend)); \ +#define TWRITE_BUF(ptr, buf, bigend) \ + TWRITE_INT((ptr), (buf).length, (bigend)); \ TWRITE_STR((ptr), (buf).value, (buf).length); /** malloc wrappers; these may actually do something later */ @@ -104,38 +106,38 @@ typedef UINT64_TYPE gssint_uint64; /** helper functions **/ /* hide names from applications, especially glib applications */ -#define g_set_init gssint_g_set_init -#define g_set_destroy gssint_g_set_destroy -#define g_set_entry_add gssint_g_set_entry_add -#define g_set_entry_delete gssint_g_set_entry_delete -#define g_set_entry_get gssint_g_set_entry_get -#define g_save_name gssint_g_save_name -#define g_save_cred_id gssint_g_save_cred_id -#define g_save_ctx_id gssint_g_save_ctx_id -#define g_save_lucidctx_id gssint_g_save_lucidctx_id -#define g_validate_name gssint_g_validate_name -#define g_validate_cred_id gssint_g_validate_cred_id -#define g_validate_ctx_id gssint_g_validate_ctx_id -#define g_validate_lucidctx_id gssint_g_validate_lucidctx_id -#define g_delete_name gssint_g_delete_name -#define g_delete_cred_id gssint_g_delete_cred_id -#define g_delete_ctx_id gssint_g_delete_ctx_id -#define g_delete_lucidctx_id gssint_g_delete_lucidctx_id -#define g_make_string_buffer gssint_g_make_string_buffer -#define g_token_size gssint_g_token_size -#define g_make_token_header gssint_g_make_token_header -#define g_verify_token_header gssint_g_verify_token_header -#define g_display_major_status gssint_g_display_major_status -#define g_display_com_err_status gssint_g_display_com_err_status -#define g_order_init gssint_g_order_init -#define g_order_check gssint_g_order_check -#define g_order_free gssint_g_order_free -#define g_queue_size gssint_g_queue_size -#define g_queue_externalize gssint_g_queue_externalize -#define g_queue_internalize gssint_g_queue_internalize -#define g_canonicalize_host gssint_g_canonicalize_host -#define g_local_host_name gssint_g_local_host_name -#define g_strdup gssint_g_strdup +#define g_set_init gssint_g_set_init +#define g_set_destroy gssint_g_set_destroy +#define g_set_entry_add gssint_g_set_entry_add +#define g_set_entry_delete gssint_g_set_entry_delete +#define g_set_entry_get gssint_g_set_entry_get +#define g_save_name gssint_g_save_name +#define g_save_cred_id gssint_g_save_cred_id +#define g_save_ctx_id gssint_g_save_ctx_id +#define g_save_lucidctx_id gssint_g_save_lucidctx_id +#define g_validate_name gssint_g_validate_name +#define g_validate_cred_id gssint_g_validate_cred_id +#define g_validate_ctx_id gssint_g_validate_ctx_id +#define g_validate_lucidctx_id gssint_g_validate_lucidctx_id +#define g_delete_name gssint_g_delete_name +#define g_delete_cred_id gssint_g_delete_cred_id +#define g_delete_ctx_id gssint_g_delete_ctx_id +#define g_delete_lucidctx_id gssint_g_delete_lucidctx_id +#define g_make_string_buffer gssint_g_make_string_buffer +#define g_token_size gssint_g_token_size +#define g_make_token_header gssint_g_make_token_header +#define g_verify_token_header gssint_g_verify_token_header +#define g_display_major_status gssint_g_display_major_status +#define g_display_com_err_status gssint_g_display_com_err_status +#define g_order_init gssint_g_order_init +#define g_order_check gssint_g_order_check +#define g_order_free gssint_g_order_free +#define g_queue_size gssint_g_queue_size +#define g_queue_externalize gssint_g_queue_externalize +#define g_queue_internalize gssint_g_queue_internalize +#define g_canonicalize_host gssint_g_canonicalize_host +#define g_local_host_name gssint_g_local_host_name +#define g_strdup gssint_g_strdup typedef struct _g_set_elt *g_set_elt; typedef struct { @@ -170,25 +172,29 @@ int g_make_string_buffer (const char *str, gss_buffer_t buffer); unsigned int g_token_size (const gss_OID_desc * mech, unsigned int body_size); void g_make_token_header (const gss_OID_desc * mech, unsigned int body_size, - unsigned char **buf, int tok_type); + unsigned char **buf, int tok_type); + +/* flags for g_verify_token_header() */ +#define G_VFY_TOKEN_HDR_WRAPPER_REQUIRED 0x01 +#define G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE 0x02 -gss_int32 g_verify_token_header (const gss_OID_desc * mech, - unsigned int *body_size, - unsigned char **buf, int tok_type, - unsigned int toksize_in, - int wrapper_required); +gss_int32 g_verify_token_header (const gss_OID_desc * mech, + unsigned int *body_size, + unsigned char **buf, int tok_type, + unsigned int toksize_in, + int flags); OM_uint32 g_display_major_status (OM_uint32 *minor_status, - OM_uint32 status_value, - OM_uint32 *message_context, - gss_buffer_t status_string); + OM_uint32 status_value, + OM_uint32 *message_context, + gss_buffer_t status_string); OM_uint32 g_display_com_err_status (OM_uint32 *minor_status, - OM_uint32 status_value, - gss_buffer_t status_string); + OM_uint32 status_value, + gss_buffer_t status_string); gss_int32 g_order_init (void **queue, gssint_uint64 seqnum, - int do_replay, int do_sequence, int wide); + int do_replay, int do_sequence, int wide); gss_int32 g_order_check (void **queue, gssint_uint64 seqnum); @@ -196,70 +202,104 @@ void g_order_free (void **queue); gss_uint32 g_queue_size(void *vqueue, size_t *sizep); gss_uint32 g_queue_externalize(void *vqueue, unsigned char **buf, - size_t *lenremain); + size_t *lenremain); gss_uint32 g_queue_internalize(void **vqueue, unsigned char **buf, - size_t *lenremain); + size_t *lenremain); char *g_strdup (char *str); /** declarations of internal name mechanism functions **/ -OM_uint32 generic_gss_release_buffer -(OM_uint32*, /* minor_status */ - gss_buffer_t /* buffer */ - ); - -OM_uint32 generic_gss_release_oid_set -(OM_uint32*, /* minor_status */ - gss_OID_set* /* set */ - ); - -OM_uint32 generic_gss_release_oid -(OM_uint32*, /* minor_status */ - gss_OID* /* set */ - ); - -OM_uint32 generic_gss_copy_oid -(OM_uint32 *, /* minor_status */ - const gss_OID_desc * const, /* oid */ - gss_OID * /* new_oid */ - ); - -OM_uint32 generic_gss_create_empty_oid_set -(OM_uint32 *, /* minor_status */ - gss_OID_set * /* oid_set */ - ); - -OM_uint32 generic_gss_add_oid_set_member -(OM_uint32 *, /* minor_status */ - const gss_OID_desc * const, /* member_oid */ - gss_OID_set * /* oid_set */ - ); - -OM_uint32 generic_gss_test_oid_set_member -(OM_uint32 *, /* minor_status */ - const gss_OID_desc * const, /* member */ - gss_OID_set, /* set */ - int * /* present */ - ); - -OM_uint32 generic_gss_oid_to_str -(OM_uint32 *, /* minor_status */ - const gss_OID_desc * const, /* oid */ - gss_buffer_t /* oid_str */ - ); - -OM_uint32 generic_gss_str_to_oid -(OM_uint32 *, /* minor_status */ - gss_buffer_t, /* oid_str */ - gss_OID * /* oid */ - ); +OM_uint32 +generic_gss_release_buffer( + OM_uint32 *, /* minor_status */ + gss_buffer_t); /* buffer */ + +OM_uint32 +generic_gss_release_oid_set( + OM_uint32 *, /* minor_status */ + gss_OID_set *); /* set */ + +OM_uint32 +generic_gss_release_oid( + OM_uint32 *, /* minor_status */ + gss_OID *); /* set */ + +OM_uint32 +generic_gss_copy_oid( + OM_uint32 *, /* minor_status */ + const gss_OID_desc * const, /* oid */ + gss_OID *); /* new_oid */ + +OM_uint32 +generic_gss_create_empty_oid_set( + OM_uint32 *, /* minor_status */ + gss_OID_set *); /* oid_set */ + +OM_uint32 +generic_gss_add_oid_set_member( + OM_uint32 *, /* minor_status */ + const gss_OID_desc * const, /* member_oid */ + gss_OID_set *); /* oid_set */ + +OM_uint32 +generic_gss_test_oid_set_member( + OM_uint32 *, /* minor_status */ + const gss_OID_desc * const, /* member */ + gss_OID_set, /* set */ + int *); /* present */ + +OM_uint32 +generic_gss_oid_to_str( + OM_uint32 *, /* minor_status */ + const gss_OID_desc * const, /* oid */ + gss_buffer_t); /* oid_str */ + +OM_uint32 +generic_gss_str_to_oid( + OM_uint32 *, /* minor_status */ + gss_buffer_t, /* oid_str */ + gss_OID *); /* oid */ + +OM_uint32 +generic_gss_oid_compose( + OM_uint32 *, /* minor_status */ + const char *, /* prefix */ + size_t, /* prefix_len */ + int, /* suffix */ + gss_OID_desc *); /* oid */ + +OM_uint32 +generic_gss_oid_decompose( + OM_uint32 *, /* minor_status */ + const char *, /*prefix */ + size_t, /* prefix_len */ + gss_OID_desc *, /* oid */ + int *); /* suffix */ int gssint_mecherrmap_init(void); void gssint_mecherrmap_destroy(void); OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc *oid); int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid, - OM_uint32 *mech_minor); + OM_uint32 *mech_minor); OM_uint32 gssint_mecherrmap_map_errcode(OM_uint32 errcode); +OM_uint32 generic_gss_create_empty_buffer_set +(OM_uint32 * /*minor_status*/, + gss_buffer_set_t * /*buffer_set*/); + +OM_uint32 generic_gss_add_buffer_set_member +(OM_uint32 * /*minor_status*/, + const gss_buffer_t /*member_buffer*/, + gss_buffer_set_t * /*buffer_set*/); + +OM_uint32 generic_gss_release_buffer_set +(OM_uint32 * /*minor_status*/, + gss_buffer_set_t * /*buffer_set*/); + +OM_uint32 generic_gss_copy_oid_set +(OM_uint32 *, /* minor_status */ + const gss_OID_set_desc *, /* const oidset*/ + gss_OID_set * /*new_oidset*/); + #endif /* _GSSAPIP_GENERIC_H_ */ diff --git a/src/lib/gssapi/generic/gssapi_ext.h b/src/lib/gssapi/generic/gssapi_ext.h new file mode 100644 index 0000000000..40f5ab8093 --- /dev/null +++ b/src/lib/gssapi/generic/gssapi_ext.h @@ -0,0 +1,261 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#ifndef GSSAPI_EXT_H_ +#define GSSAPI_EXT_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#if 0 +/* + * Solaris extensions + */ +int KRB5_CALLCONV gssd_pname_to_uid + (char *, + gss_OID, + gss_OID, + uid_t *); + +int KRB5_CALLCONV __gss_userok + (const gss_name_t /*name*/, + const char * /*username*/); +#endif + +/* + * GGF extensions + */ +typedef struct gss_buffer_set_desc_struct { + size_t count; + gss_buffer_desc *elements; +} gss_buffer_set_desc, *gss_buffer_set_t; + +#define GSS_C_NO_BUFFER_SET ((gss_buffer_set_t) 0) + +OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set + (OM_uint32 * /*minor_status*/, + gss_buffer_set_t * /*buffer_set*/); + +OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member + (OM_uint32 * /*minor_status*/, + const gss_buffer_t /*member_buffer*/, + gss_buffer_set_t * /*buffer_set*/); + +OM_uint32 KRB5_CALLCONV gss_release_buffer_set + (OM_uint32 * /*minor_status*/, + gss_buffer_set_t * /*buffer_set*/); + +OM_uint32 KRB5_CALLCONV gss_inquire_sec_context_by_oid + (OM_uint32 * /*minor_status*/, + const gss_ctx_id_t /*context_handle*/, + const gss_OID /*desired_object*/, + gss_buffer_set_t * /*data_set*/); + +OM_uint32 KRB5_CALLCONV gss_inquire_cred_by_oid + (OM_uint32 * /*minor_status*/, + const gss_cred_id_t /*cred_handle*/, + const gss_OID /*desired_object*/, + gss_buffer_set_t * /*data_set*/); + +OM_uint32 KRB5_CALLCONV gss_set_sec_context_option + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t * /*cred_handle*/, + const gss_OID /*desired_object*/, + const gss_buffer_t /*value*/); + +/* XXX do these really belong in this header? */ +OM_uint32 KRB5_CALLCONV gssspi_set_cred_option + (OM_uint32 * /*minor_status*/, + gss_cred_id_t /*cred*/, + const gss_OID /*desired_object*/, + const gss_buffer_t /*value*/); + +OM_uint32 KRB5_CALLCONV gssspi_mech_invoke + (OM_uint32 * /*minor_status*/, + const gss_OID /*desired_mech*/, + const gss_OID /*desired_object*/, + gss_buffer_t /*value*/); + +/* + * AEAD extensions + */ + +OM_uint32 KRB5_CALLCONV gss_wrap_aead + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + int /*conf_req_flag*/, + gss_qop_t /*qop_req*/, + gss_buffer_t /*input_assoc_buffer*/, + gss_buffer_t /*input_payload_buffer*/, + int * /*conf_state*/, + gss_buffer_t /*output_message_buffer*/); + +OM_uint32 KRB5_CALLCONV gss_unwrap_aead + (OM_uint32 * /*minor_status*/, + gss_ctx_id_t /*context_handle*/, + gss_buffer_t /*input_message_buffer*/, + gss_buffer_t /*input_assoc_buffer*/, + gss_buffer_t /*output_payload_buffer*/, + int * /*conf_state*/, + gss_qop_t * /*qop_state*/); + +/* + * SSPI extensions + */ +#define GSS_C_DCE_STYLE 0x1000 +#define GSS_C_IDENTIFY_FLAG 0x2000 +#define GSS_C_EXTENDED_ERROR_FLAG 0x4000 + +/* + * Returns a buffer set with the first member containing the + * session key for SSPI compatibility. The optional second + * member contains an OID identifying the session key type. + */ +GSS_DLLIMP extern gss_OID GSS_C_INQ_SSPI_SESSION_KEY; + +OM_uint32 KRB5_CALLCONV gss_complete_auth_token + (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer); + +typedef struct gss_iov_buffer_desc_struct { + OM_uint32 type; + gss_buffer_desc buffer; +} gss_iov_buffer_desc, *gss_iov_buffer_t; + +#define GSS_C_NO_IOV_BUFFER ((gss_iov_buffer_t)0) + +#define GSS_IOV_BUFFER_TYPE_EMPTY 0 +#define GSS_IOV_BUFFER_TYPE_DATA 1 /* Packet data */ +#define GSS_IOV_BUFFER_TYPE_HEADER 2 /* Mechanism header */ +#define GSS_IOV_BUFFER_TYPE_MECH_PARAMS 3 /* Mechanism specific parameters */ +#define GSS_IOV_BUFFER_TYPE_TRAILER 7 /* Mechanism trailer */ +#define GSS_IOV_BUFFER_TYPE_PADDING 9 /* Padding */ +#define GSS_IOV_BUFFER_TYPE_STREAM 10 /* Complete wrap token */ +#define GSS_IOV_BUFFER_TYPE_SIGN_ONLY 11 /* Sign only packet data */ + +#define GSS_IOV_BUFFER_FLAG_MASK 0xFFFF0000 +#define GSS_IOV_BUFFER_FLAG_ALLOCATE 0x00010000 /* indicates GSS should allocate */ +#define GSS_IOV_BUFFER_FLAG_ALLOCATED 0x00020000 /* indicates caller should free */ + +#define GSS_IOV_BUFFER_TYPE(_type) ((_type) & ~(GSS_IOV_BUFFER_FLAG_MASK)) +#define GSS_IOV_BUFFER_FLAGS(_type) ((_type) & GSS_IOV_BUFFER_FLAG_MASK) + +/* + * Sign and optionally encrypt a sequence of buffers. The buffers + * shall be ordered HEADER | DATA | PADDING | TRAILER. Suitable + * space for the header, padding and trailer should be provided + * by calling gss_wrap_iov_length(), or the ALLOCATE flag should + * be set on those buffers. + * + * Encryption is in-place. SIGN_ONLY buffers are untouched. Only + * a single PADDING buffer should be provided. The order of the + * buffers in memory does not matter. Buffers in the IOV should + * be arranged in the order above, and in the case of multiple + * DATA buffers the sender and receiver should agree on the + * order. + * + * With GSS_C_DCE_STYLE it is acceptable to not provide PADDING + * and TRAILER, but the caller must guarantee the plaintext data + * being encrypted is correctly padded, otherwise an error will + * be returned. + * + * While applications that have knowledge of the underlying + * cryptosystem may request a specific configuration of data + * buffers, the only generally supported configurations are: + * + * HEADER | DATA | PADDING | TRAILER + * + * which will emit GSS_Wrap() compatible tokens, and: + * + * HEADER | SIGN_ONLY | DATA | PADDING | TRAILER + * + * for AEAD. + * + * The typical (special cased) usage for DCE is as follows: + * + * SIGN_ONLY_1 | DATA | SIGN_ONLY_2 | HEADER + */ +OM_uint32 KRB5_CALLCONV gss_wrap_iov +( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + int *, /* conf_state */ + gss_iov_buffer_desc *, /* iov */ + int); /* iov_count */ + +/* + * Verify and optionally decrypt a sequence of buffers. To process + * a GSS-API message without separate buffer, pass STREAM | DATA. + * Upon return DATA will contain the decrypted or integrity + * protected message. Only a single DATA buffer may be provided + * with this usage. DATA by default will point into STREAM, but if + * the ALLOCATE flag is set a copy will be returned. + * + * Otherwise, decryption is in-place. SIGN_ONLY buffers are + * untouched. + */ +OM_uint32 KRB5_CALLCONV gss_unwrap_iov +( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int *, /* conf_state */ + gss_qop_t *, /* qop_state */ + gss_iov_buffer_desc *, /* iov */ + int); /* iov_count */ + +/* + * Query HEADER, PADDING and TRAILER buffer lengths. DATA buffers + * should be provided so the correct padding length can be determined. + */ +OM_uint32 KRB5_CALLCONV gss_wrap_iov_length +( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + int *, /* conf_state */ + gss_iov_buffer_desc *, /* iov */ + int); /* iov_count */ + +/* + * Release buffers that have the ALLOCATED flag set. + */ +OM_uint32 KRB5_CALLCONV gss_release_iov_buffer +( + OM_uint32 *, /* minor_status */ + gss_iov_buffer_desc *, /* iov */ + int); /* iov_count */ + +#ifdef __cplusplus +} +#endif + +#endif /* GSSAPI_EXT_H_ */ diff --git a/src/lib/gssapi/generic/gssapi_generic.c b/src/lib/gssapi/generic/gssapi_generic.c index db92abb96b..9497c3dc31 100644 --- a/src/lib/gssapi/generic/gssapi_generic.c +++ b/src/lib/gssapi/generic/gssapi_generic.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -37,37 +38,37 @@ static const gss_OID_desc const_oids[] = { /* * The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ + * gss_OID_desc object containing the value */ {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"}, /* corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant - * GSS_C_NT_USER_NAME should be initialized to point - * to that gss_OID_desc. - */ - + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) user_name(1)}. The constant + * GSS_C_NT_USER_NAME should be initialized to point + * to that gss_OID_desc. + */ + /* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x02"}, /* corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. - * The constant GSS_C_NT_MACHINE_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ - + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) machine_uid_name(2)}. + * The constant GSS_C_NT_MACHINE_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ + /* - * The implementation must reserve static storage for a - * gss_OID_desc object containing the value */ + * The implementation must reserve static storage for a + * gss_OID_desc object containing the value */ {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x03"}, /* corresponding to an object-identifier value of - * {iso(1) member-body(2) United States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. - * The constant GSS_C_NT_STRING_UID_NAME should be - * initialized to point to that gss_OID_desc. - */ - + * {iso(1) member-body(2) United States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) string_uid_name(3)}. + * The constant GSS_C_NT_STRING_UID_NAME should be + * initialized to point to that gss_OID_desc. + */ + /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ @@ -85,15 +86,15 @@ static const gss_OID_desc const_oids[] = { * parameter, but should not be emitted by GSS-API * implementations */ - + /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ - {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}, - /* corresponding to an object-identifier value of - * {iso(1) member-body(2) Unites States(840) mit(113554) - * infosys(1) gssapi(2) generic(1) service_name(4)}. - * The constant GSS_C_NT_HOSTBASED_SERVICE should be + {10, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"}, + /* corresponding to an object-identifier value of + * {iso(1) member-body(2) Unites States(840) mit(113554) + * infosys(1) gssapi(2) generic(1) service_name(4)}. + * The constant GSS_C_NT_HOSTBASED_SERVICE should be * initialized to point to that gss_OID_desc. */ @@ -107,7 +108,7 @@ static const gss_OID_desc const_oids[] = { * and GSS_C_NT_ANONYMOUS should be initialized to point * to that gss_OID_desc. */ - + /* * The implementation must reserve static storage for a * gss_OID_desc object containing the value */ @@ -118,14 +119,17 @@ static const gss_OID_desc const_oids[] = { * GSS_C_NT_EXPORT_NAME should be initialized to point * to that gss_OID_desc. */ + + /* GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5 */ + {11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05"}, }; /* Here are the constants which point to the static structure above. * * Constants of the form GSS_C_NT_* are specified by rfc 2744. * - * Constants of the form gss_nt_* are the original MIT krb5 names - * found in gssapi_generic.h. They are provided for compatibility. */ + * Constants of the form gss_nt_* are the original MIT krb5 names + * found in gssapi_generic.h. They are provided for compatibility. */ GSS_DLLIMP gss_OID GSS_C_NT_USER_NAME = oids+0; GSS_DLLIMP gss_OID gss_nt_user_name = oids+0; @@ -137,7 +141,7 @@ GSS_DLLIMP gss_OID GSS_C_NT_STRING_UID_NAME = oids+2; GSS_DLLIMP gss_OID gss_nt_string_uid_name = oids+2; GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE_X = oids+3; -gss_OID gss_nt_service_name_v2 = oids+3; +gss_OID gss_nt_service_name_v2 = oids+3; GSS_DLLIMP gss_OID GSS_C_NT_HOSTBASED_SERVICE = oids+4; GSS_DLLIMP gss_OID gss_nt_service_name = oids+4; @@ -145,4 +149,7 @@ GSS_DLLIMP gss_OID gss_nt_service_name = oids+4; GSS_DLLIMP gss_OID GSS_C_NT_ANONYMOUS = oids+5; GSS_DLLIMP gss_OID GSS_C_NT_EXPORT_NAME = oids+6; -gss_OID gss_nt_exported_name = oids+6; +gss_OID gss_nt_exported_name = oids+6; + +GSS_DLLIMP gss_OID GSS_C_INQ_SSPI_SESSION_KEY = oids+7; + diff --git a/src/lib/gssapi/generic/gssapi_generic.h b/src/lib/gssapi/generic/gssapi_generic.h index bf3c2af59c..cd872e6edb 100644 --- a/src/lib/gssapi/generic/gssapi_generic.h +++ b/src/lib/gssapi/generic/gssapi_generic.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -30,17 +31,20 @@ #include #if defined(__cplusplus) && !defined(GSSAPIGENERIC_BEGIN_DECLS) -#define GSSAPIGENERIC_BEGIN_DECLS extern "C" { -#define GSSAPIGENERIC_END_DECLS } +#define GSSAPIGENERIC_BEGIN_DECLS extern "C" { +#define GSSAPIGENERIC_END_DECLS } #else #define GSSAPIGENERIC_BEGIN_DECLS #define GSSAPIGENERIC_END_DECLS #endif +#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ + (buf)->value == NULL || (buf)->length == 0) + GSSAPIGENERIC_BEGIN_DECLS /* Deprecated MIT krb5 oid names provided for compatibility. - * The correct oids (GSS_C_NT_USER_NAME, etc) from rfc 2744 + * The correct oids (GSS_C_NT_USER_NAME, etc) from rfc 2744 * are defined in gssapi.h. */ GSS_DLLIMP extern gss_OID gss_nt_user_name; diff --git a/src/lib/gssapi/generic/maptest.c b/src/lib/gssapi/generic/maptest.c index 28b4b06337..ce594218d2 100644 --- a/src/lib/gssapi/generic/maptest.c +++ b/src/lib/gssapi/generic/maptest.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ #include #include #include @@ -11,13 +12,13 @@ static int eltcp(elt *dest, elt src) static int eltcmp(elt left, elt right) { if (left.a < right.a) - return -1; + return -1; if (left.a > right.a) - return 1; + return 1; if (left.b < right.b) - return -1; + return -1; if (left.b > right.b) - return 1; + return 1; return 0; } static void eltprt(elt v, FILE *f) @@ -27,9 +28,9 @@ static void eltprt(elt v, FILE *f) static int intcmp(int left, int right) { if (left < right) - return -1; + return -1; if (left > right) - return 1; + return 1; return 0; } static void intprt(int v, FILE *f) diff --git a/src/lib/gssapi/mechglue/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c similarity index 83% rename from src/lib/gssapi/mechglue/oid_ops.c rename to src/lib/gssapi/generic/oid_ops.c index 11a5099847..bd78e262b3 100644 --- a/src/lib/gssapi/mechglue/oid_ops.c +++ b/src/lib/gssapi/generic/oid_ops.c @@ -30,7 +30,7 @@ * oid_ops.c - GSS-API V2 interfaces to manipulate OIDs */ -#include "mglueP.h" +#include "gssapiP_generic.h" #ifdef HAVE_UNISTD_H #include #endif @@ -219,13 +219,11 @@ generic_gss_oid_to_str(minor_status, oid, oid_str) const gss_OID_desc * const oid; gss_buffer_t oid_str; { - char numstr[128]; OM_uint32 number; - int numshift; - OM_uint32 string_length; OM_uint32 i; unsigned char *cp; char *bp; + struct k5buf buf; if (minor_status != NULL) *minor_status = 0; @@ -243,60 +241,29 @@ generic_gss_oid_to_str(minor_status, oid, oid_str) /* Decoded according to krb5/gssapi_krb5.c */ - /* First determine the size of the string */ - string_length = 0; - number = 0; - numshift = 0; cp = (unsigned char *) oid->elements; number = (unsigned long) cp[0]; - snprintf(numstr, sizeof(numstr), "%lu ", (unsigned long)number/40); - string_length += strlen(numstr); - snprintf(numstr, sizeof(numstr), "%lu ", (unsigned long)number%40); - string_length += strlen(numstr); + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add_fmt(&buf, "{ %lu %lu ", (unsigned long)number/40, + (unsigned long)number%40); + number = 0; + cp = (unsigned char *) oid->elements; for (i=1; ilength; i++) { - if ((OM_uint32) (numshift+7) < (sizeof (OM_uint32)*8)) {/* XXX */ - number = (number << 7) | (cp[i] & 0x7f); - numshift += 7; - } - else { - return(GSS_S_FAILURE); - } + number = (number << 7) | (cp[i] & 0x7f); if ((cp[i] & 0x80) == 0) { - snprintf(numstr, sizeof(numstr), "%lu ", (unsigned long)number); - string_length += strlen(numstr); + krb5int_buf_add_fmt(&buf, "%lu ", (unsigned long)number); number = 0; - numshift = 0; } } - /* - * If we get here, we've calculated the length of "n n n ... n ". Add 4 - * here for "{ " and "}\0". - */ - string_length += 4; - if ((bp = (char *) malloc(string_length))) { - strcpy(bp, "{ "); - number = (OM_uint32) cp[0]; - snprintf(numstr, sizeof(numstr), "%lu ", (unsigned long)number/40); - strcat(bp, numstr); - snprintf(numstr, sizeof(numstr), "%lu ", (unsigned long)number%40); - strcat(bp, numstr); - number = 0; - cp = (unsigned char *) oid->elements; - for (i=1; ilength; i++) { - number = (number << 7) | (cp[i] & 0x7f); - if ((cp[i] & 0x80) == 0) { - snprintf(numstr, sizeof(numstr), "%lu ", (unsigned long)number); - strcat(bp, numstr); - number = 0; - } - } - strcat(bp, "}"); - oid_str->length = strlen(bp)+1; - oid_str->value = (void *) bp; - return(GSS_S_COMPLETE); + krb5int_buf_add(&buf, "}"); + bp = krb5int_buf_data(&buf); + if (bp == NULL) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); } - *minor_status = ENOMEM; - return(GSS_S_FAILURE); + oid_str->length = krb5int_buf_len(&buf)+1; + oid_str->value = (void *) bp; + return(GSS_S_COMPLETE); } OM_uint32 @@ -349,7 +316,8 @@ generic_gss_str_to_oid(minor_status, oid_str, oid) } while ((bp < &cp[oid_str->length]) && isdigit(*bp)) bp++; - while ((bp < &cp[oid_str->length]) && isspace(*bp)) + while ((bp < &cp[oid_str->length]) && + (isspace(*bp) || *bp == '.')) bp++; if (sscanf((char *)bp, "%ld", &numbuf) != 1) { *minor_status = EINVAL; @@ -435,6 +403,92 @@ generic_gss_str_to_oid(minor_status, oid_str, oid) return(GSS_S_FAILURE); } +/* Compose an OID of a prefix and an integer suffix */ +OM_uint32 +generic_gss_oid_compose( + OM_uint32 *minor_status, + const char *prefix, + size_t prefix_len, + int suffix, + gss_OID_desc *oid) +{ + int osuffix, i; + size_t nbytes; + unsigned char *op; + + if (oid == GSS_C_NO_OID) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + if (oid->length < prefix_len) { + *minor_status = ERANGE; + return GSS_S_FAILURE; + } + + memcpy(oid->elements, prefix, prefix_len); + + nbytes = 0; + osuffix = suffix; + while (suffix) { + nbytes++; + suffix >>= 7; + } + suffix = osuffix; + + if (oid->length < prefix_len + nbytes) { + *minor_status = ERANGE; + return GSS_S_FAILURE; + } + + op = oid->elements + prefix_len + nbytes; + i = -1; + while (suffix) { + op[i] = (unsigned char)suffix & 0x7f; + if (i != -1) + op[i] |= 0x80; + i--; + suffix >>= 7; + } + + oid->length = prefix_len + nbytes; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 +generic_gss_oid_decompose( + OM_uint32 *minor_status, + const char *prefix, + size_t prefix_len, + gss_OID_desc *oid, + int *suffix) +{ + size_t i, slen; + unsigned char *op; + + if (oid->length < prefix_len || + memcmp(oid->elements, prefix, prefix_len) != 0) { + return GSS_S_BAD_MECH; + } + + op = oid->elements + prefix_len; + + *suffix = 0; + + slen = oid->length - prefix_len; + + for (i = 0; i < slen; i++) { + *suffix = (*suffix << 7) | (op[i] & 0x7f); + if (i + 1 != slen && (op[i] & 0x80) == 0) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + } + + return GSS_S_COMPLETE; +} + /* * Copyright 1993 by OpenVision Technologies, Inc. * @@ -457,7 +511,7 @@ generic_gss_str_to_oid(minor_status, oid_str, oid) * PERFORMANCE OF THIS SOFTWARE. */ OM_uint32 -gssint_copy_oid_set( +generic_gss_copy_oid_set( OM_uint32 *minor_status, const gss_OID_set_desc * const oidset, gss_OID_set *new_oidset @@ -512,3 +566,4 @@ done: return (major); } + diff --git a/src/lib/gssapi/generic/rel_buffer.c b/src/lib/gssapi/generic/rel_buffer.c index 5558881845..8b35e80371 100644 --- a/src/lib/gssapi/generic/rel_buffer.c +++ b/src/lib/gssapi/generic/rel_buffer.c @@ -1,8 +1,9 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* #ident "@(#)g_rel_buffer.c 1.2 96/02/06 SMI" */ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +13,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -34,23 +35,22 @@ #endif OM_uint32 -generic_gss_release_buffer (minor_status, - buffer) - OM_uint32 * minor_status; - gss_buffer_t buffer; +generic_gss_release_buffer( + OM_uint32 *minor_status, + gss_buffer_t buffer) { if (minor_status) - *minor_status = 0; + *minor_status = 0; /* if buffer is NULL, return */ if (buffer == GSS_C_NO_BUFFER) - return(GSS_S_COMPLETE); + return(GSS_S_COMPLETE); if (buffer->value) { - free(buffer->value); - buffer->length = 0; - buffer->value = NULL; + free(buffer->value); + buffer->length = 0; + buffer->value = NULL; } return (GSS_S_COMPLETE); diff --git a/src/lib/gssapi/generic/rel_oid_set.c b/src/lib/gssapi/generic/rel_oid_set.c index bd7f3cb2cf..137a513a0f 100644 --- a/src/lib/gssapi/generic/rel_oid_set.c +++ b/src/lib/gssapi/generic/rel_oid_set.c @@ -1,8 +1,9 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* #ident "@(#)gss_release_oid_set.c 1.12 95/08/23 SMI" */ /* * Copyright 1996 by Sun Microsystems, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -12,7 +13,7 @@ * without specific, written prior permission. Sun Microsystems makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -34,28 +35,27 @@ #endif OM_uint32 -generic_gss_release_oid_set (minor_status, - set) - OM_uint32 * minor_status; - gss_OID_set * set; +generic_gss_release_oid_set( + OM_uint32 *minor_status, + gss_OID_set *set) { size_t i; if (minor_status) - *minor_status = 0; + *minor_status = 0; if (set == NULL) - return(GSS_S_COMPLETE); + return(GSS_S_COMPLETE); if (*set == GSS_C_NULL_OID_SET) - return(GSS_S_COMPLETE); + return(GSS_S_COMPLETE); for (i=0; i<(*set)->count; i++) - free((*set)->elements[i].elements); + free((*set)->elements[i].elements); free((*set)->elements); free(*set); *set = GSS_C_NULL_OID_SET; - + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/generic/util_buffer.c b/src/lib/gssapi/generic/util_buffer.c index 1ce9f89471..b707d15fbe 100644 --- a/src/lib/gssapi/generic/util_buffer.c +++ b/src/lib/gssapi/generic/util_buffer.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -33,12 +34,12 @@ int g_make_string_buffer(const char *str, gss_buffer_t buffer) { - buffer->length = strlen(str); + buffer->length = strlen(str); - if ((buffer->value = strdup(str)) == NULL) { - buffer->length = 0; - return(0); - } + if ((buffer->value = strdup(str)) == NULL) { + buffer->length = 0; + return(0); + } - return(1); + return(1); } diff --git a/src/lib/gssapi/generic/util_buffer_set.c b/src/lib/gssapi/generic/util_buffer_set.c new file mode 100644 index 0000000000..edb61b80f5 --- /dev/null +++ b/src/lib/gssapi/generic/util_buffer_set.c @@ -0,0 +1,126 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include "gssapiP_generic.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +OM_uint32 generic_gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + gss_buffer_set_t set; + + set = (gss_buffer_set_desc *) malloc(sizeof(*set)); + if (set == GSS_C_NO_BUFFER_SET) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + set->count = 0; + set->elements = NULL; + + *buffer_set = set; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 generic_gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set) +{ + gss_buffer_set_t set; + gss_buffer_t p; + OM_uint32 ret; + + if (*buffer_set == GSS_C_NO_BUFFER_SET) { + ret = generic_gss_create_empty_buffer_set(minor_status, + buffer_set); + if (ret) { + return ret; + } + } + + set = *buffer_set; + set->elements = (gss_buffer_desc *)realloc(set->elements, + (set->count + 1) * + sizeof(gss_buffer_desc)); + if (set->elements == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + p = &set->elements[set->count]; + + p->value = malloc(member_buffer->length); + if (p->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + memcpy(p->value, member_buffer->value, member_buffer->length); + p->length = member_buffer->length; + + set->count++; + + *minor_status = 0; + return GSS_S_COMPLETE; +} + +OM_uint32 generic_gss_release_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + int i; + OM_uint32 minor; + + *minor_status = 0; + + if (*buffer_set == GSS_C_NO_BUFFER_SET) { + return GSS_S_COMPLETE; + } + + for (i = 0; i < (*buffer_set)->count; i++) { + generic_gss_release_buffer(&minor, &((*buffer_set)->elements[i])); + } + + if ((*buffer_set)->elements != NULL) { + free((*buffer_set)->elements); + (*buffer_set)->elements = NULL; + } + + (*buffer_set)->count = 0; + + free(*buffer_set); + *buffer_set = GSS_C_NO_BUFFER_SET; + + return GSS_S_COMPLETE; +} + diff --git a/src/lib/gssapi/generic/util_canonhost.c b/src/lib/gssapi/generic/util_canonhost.c index 829311db9d..ef093e621f 100644 --- a/src/lib/gssapi/generic/util_canonhost.c +++ b/src/lib/gssapi/generic/util_canonhost.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -37,35 +38,32 @@ #include char * -g_canonicalize_host(hostname) - char *hostname; +g_canonicalize_host(char *hostname) { - struct hostent *hent; - char *haddr; - char *canon, *str; + struct hostent *hent; + char *haddr; + char *canon, *str; - if ((hent = gethostbyname(hostname)) == NULL) - return(NULL); + if ((hent = gethostbyname(hostname)) == NULL) + return(NULL); - if (! (haddr = (char *) xmalloc(hent->h_length))) { + if (! (haddr = (char *) xmalloc(hent->h_length))) { return(NULL); - } + } - memcpy(haddr, hent->h_addr_list[0], hent->h_length); + memcpy(haddr, hent->h_addr_list[0], hent->h_length); - if (! (hent = gethostbyaddr(haddr, hent->h_length, hent->h_addrtype))) { + if (! (hent = gethostbyaddr(haddr, hent->h_length, hent->h_addrtype))) { return(NULL); - } - - xfree(haddr); + } - if ((canon = (char *) xmalloc(strlen(hent->h_name)+1)) == NULL) - return(NULL); + xfree(haddr); - strcpy(canon, hent->h_name); + if ((canon = (char *) strdup(hent->h_name)) == NULL) + return(NULL); - for (str = canon; *str; str++) - if (isupper(*str)) *str = tolower(*str); + for (str = canon; *str; str++) + if (isupper(*str)) *str = tolower(*str); - return(canon); + return(canon); } diff --git a/src/lib/gssapi/generic/util_errmap.c b/src/lib/gssapi/generic/util_errmap.c index 9e2f7e9b3d..2634e667b5 100644 --- a/src/lib/gssapi/generic/util_errmap.c +++ b/src/lib/gssapi/generic/util_errmap.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,7 +21,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include "gssapiP_generic.h" @@ -45,26 +46,26 @@ static inline int cmp_OM_uint32(OM_uint32 m1, OM_uint32 m2) { if (m1 < m2) - return -1; + return -1; else if (m1 > m2) - return 1; + return 1; else - return 0; + return 0; } static inline int mecherror_cmp(struct mecherror m1, struct mecherror m2) { if (m1.code < m2.code) - return -1; + return -1; if (m1.code > m2.code) - return 1; + return 1; if (m1.mech.length < m2.mech.length) - return -1; + return -1; if (m1.mech.length > m2.mech.length) - return 1; + return 1; if (m1.mech.length == 0) - return 0; + return 0; return memcmp(m1.mech.elements, m2.mech.elements, m1.mech.length); } @@ -80,10 +81,10 @@ mecherror_copy(struct mecherror *dest, struct mecherror src) *dest = src; dest->mech.elements = malloc(src.mech.length); if (dest->mech.elements == NULL) { - if (src.mech.length) - return ENOMEM; - else - return 0; + if (src.mech.length) + return ENOMEM; + else + return 0; } memcpy(dest->mech.elements, src.mech.elements, src.mech.length); return 0; @@ -95,40 +96,40 @@ mecherror_print(struct mecherror value, FILE *f) OM_uint32 minor; gss_buffer_desc str; static const struct { - const char *oidstr, *name; + const char *oidstr, *name; } mechnames[] = { - { "{ 1 2 840 113554 1 2 2 }", "krb5-new" }, - { "{ 1 3 5 1 5 2 }", "krb5-old" }, - { "{ 1 2 840 48018 1 2 2 }", "krb5-microsoft" }, - { "{ 1 3 6 1 5 5 2 }", "spnego" }, + { "{ 1 2 840 113554 1 2 2 }", "krb5-new" }, + { "{ 1 3 5 1 5 2 }", "krb5-old" }, + { "{ 1 2 840 48018 1 2 2 }", "krb5-microsoft" }, + { "{ 1 3 6 1 5 5 2 }", "spnego" }, }; unsigned int i; fprintf(f, "%lu@", (unsigned long) value.code); if (value.mech.length == 0) { - fprintf(f, "(com_err)"); - return; + fprintf(f, "(com_err)"); + return; } fprintf(f, "%p=", value.mech.elements); if (generic_gss_oid_to_str(&minor, &value.mech, &str)) { - fprintf(f, "(error in conversion)"); - return; + fprintf(f, "(error in conversion)"); + return; } /* Note: generic_gss_oid_to_str returns a null-terminated string. */ for (i = 0; i < sizeof(mechnames)/sizeof(mechnames[0]); i++) { - if (!strcmp(str.value, mechnames[i].oidstr) && mechnames[i].name != 0) { - fprintf(f, "%s", mechnames[i].name); - break; - } + if (!strcmp(str.value, mechnames[i].oidstr) && mechnames[i].name != 0) { + fprintf(f, "%s", mechnames[i].name); + break; + } } if (i == sizeof(mechnames)/sizeof(mechnames[0])) - fprintf(f, "%s", (char *) str.value); + fprintf(f, "%s", (char *) str.value); generic_gss_release_buffer(&minor, &str); } #include "errmap.h" -#include "krb5.h" /* for KRB5KRB_AP_WRONG_PRINC */ +#include "krb5.h" /* for KRB5KRB_AP_WRONG_PRINC */ static mecherrmap m; static k5_mutex_t mutex = K5_MUTEX_PARTIAL_INITIALIZER; @@ -140,11 +141,11 @@ int gssint_mecherrmap_init(void) err = mecherrmap_init(&m); if (err) - return err; + return err; err = k5_mutex_finish_init(&mutex); if (err) { - mecherrmap_destroy(&m); - return err; + mecherrmap_destroy(&m); + return err; } return 0; @@ -155,7 +156,7 @@ int gssint_mecherrmap_init(void) static int free_one(OM_uint32 i, struct mecherror value, void *p) { if (value.mech.length && value.mech.elements) - free(value.mech.elements); + free(value.mech.elements); return 0; } @@ -178,7 +179,7 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid) FILE *f; f = fopen("/dev/pts/9", "w+"); if (f == NULL) - f = stderr; + f = stderr; #endif me.code = minor; @@ -186,51 +187,51 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid) err = k5_mutex_lock(&mutex); if (err) { #ifdef DEBUG - if (f != stderr) fclose(f); + if (f != stderr) fclose(f); #endif - return 0; + return 0; } /* Is this status+oid already mapped? */ p = mecherrmap_findright(&m, me); if (p != NULL) { - k5_mutex_unlock(&mutex); + k5_mutex_unlock(&mutex); #ifdef DEBUG - fprintf(f, "%s: found ", __func__); - mecherror_print(me, f); - fprintf(f, " in map as %lu\n", (unsigned long) *p); - if (f != stderr) fclose(f); + fprintf(f, "%s: found ", __func__); + mecherror_print(me, f); + fprintf(f, " in map as %lu\n", (unsigned long) *p); + if (f != stderr) fclose(f); #endif - return *p; + return *p; } /* Is this status code already mapped to something else mech-specific? */ mep = mecherrmap_findleft(&m, minor); if (mep == NULL) { - /* Map it to itself plus this mech-oid. */ - new_status = minor; + /* Map it to itself plus this mech-oid. */ + new_status = minor; } else { - /* Already assigned. Pick a fake new value and map it. */ - /* There's a theoretical infinite loop risk here, if we fill - in 2**32 values. Also, returning 0 has a special - meaning. */ - do { - next_fake++; - new_status = next_fake; - if (new_status == 0) - /* ??? */; - } while (mecherrmap_findleft(&m, new_status) != NULL); + /* Already assigned. Pick a fake new value and map it. */ + /* There's a theoretical infinite loop risk here, if we fill + in 2**32 values. Also, returning 0 has a special + meaning. */ + do { + next_fake++; + new_status = next_fake; + if (new_status == 0) + /* ??? */; + } while (mecherrmap_findleft(&m, new_status) != NULL); } err = mecherror_copy(&me_copy, me); if (err) { - k5_mutex_unlock(&mutex); - return err; + k5_mutex_unlock(&mutex); + return err; } err = mecherrmap_add(&m, new_status, me_copy); k5_mutex_unlock(&mutex); if (err) { - if (me_copy.mech.length) - free(me_copy.mech.elements); + if (me_copy.mech.length) + free(me_copy.mech.elements); } #ifdef DEBUG fprintf(f, "%s: mapping ", __func__); @@ -241,9 +242,9 @@ OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc * oid) if (f != stderr) fclose(f); #endif if (err) - return 0; + return 0; else - return new_status; + return new_status; } static gss_OID_desc no_oid = { 0, 0 }; @@ -253,21 +254,21 @@ OM_uint32 gssint_mecherrmap_map_errcode(OM_uint32 errcode) } int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid, - OM_uint32 *mech_minor) + OM_uint32 *mech_minor) { const struct mecherror *p; int err; if (minor == 0) { - return EINVAL; + return EINVAL; } err = k5_mutex_lock(&mutex); if (err) - return err; + return err; p = mecherrmap_findleft(&m, minor); k5_mutex_unlock(&mutex); if (!p) { - return EINVAL; + return EINVAL; } *mech_oid = p->mech; *mech_minor = p->code; diff --git a/src/lib/gssapi/generic/util_localhost.c b/src/lib/gssapi/generic/util_localhost.c index 13856e3206..c014400fb8 100644 --- a/src/lib/gssapi/generic/util_localhost.c +++ b/src/lib/gssapi/generic/util_localhost.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -34,17 +35,15 @@ #define MAXHOSTNAMELEN 64 #endif -char *g_local_host_name() +char * +g_local_host_name(void) { - char buf[MAXHOSTNAMELEN+1], *ptr; + char buf[MAXHOSTNAMELEN+1], *ptr; - if (gethostname(buf, sizeof(buf)) < 0) - return 0; + if (gethostname(buf, sizeof(buf)) < 0) + return 0; - buf[sizeof(buf)-1] = '\0'; + buf[sizeof(buf)-1] = '\0'; - if (! (ptr = xmalloc(strlen(buf) + 1))) - return 0; - - return strcpy(ptr, buf); + return strdup(buf); } diff --git a/src/lib/gssapi/generic/util_ordering.c b/src/lib/gssapi/generic/util_ordering.c index 218462bb0c..274790e4e0 100644 --- a/src/lib/gssapi/generic/util_ordering.c +++ b/src/lib/gssapi/generic/util_ordering.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -34,18 +35,18 @@ #define QUEUE_LENGTH 20 typedef struct _queue { - int do_replay; - int do_sequence; - int start; - int length; - gssint_uint64 firstnum; - /* Stored as deltas from firstnum. This way, the high bit won't - overflow unless we've actually gone through 2**n messages, or - gotten something *way* out of sequence. */ - gssint_uint64 elem[QUEUE_LENGTH]; - /* All ones for 64-bit sequence numbers; 32 ones for 32-bit - sequence numbers. */ - gssint_uint64 mask; + int do_replay; + int do_sequence; + int start; + int length; + gssint_uint64 firstnum; + /* Stored as deltas from firstnum. This way, the high bit won't + overflow unless we've actually gone through 2**n messages, or + gotten something *way* out of sequence. */ + gssint_uint64 elem[QUEUE_LENGTH]; + /* All ones for 64-bit sequence numbers; 32 ones for 32-bit + sequence numbers. */ + gssint_uint64 mask; } queue; /* rep invariant: @@ -59,157 +60,157 @@ typedef struct _queue { static void queue_insert(queue *q, int after, gssint_uint64 seqnum) { - /* insert. this is not the fastest way, but it's easy, and it's - optimized for insert at end, which is the common case */ - int i; + /* insert. this is not the fastest way, but it's easy, and it's + optimized for insert at end, which is the common case */ + int i; - /* common case: at end, after == q->start+q->length-1 */ + /* common case: at end, after == q->start+q->length-1 */ - /* move all the elements (after,last] up one slot */ + /* move all the elements (after,last] up one slot */ - for (i=q->start+q->length-1; i>after; i--) - QELEM(q,i+1) = QELEM(q,i); + for (i=q->start+q->length-1; i>after; i--) + QELEM(q,i+1) = QELEM(q,i); - /* fill in slot after+1 */ + /* fill in slot after+1 */ - QELEM(q,after+1) = seqnum; + QELEM(q,after+1) = seqnum; - /* Either increase the length by one, or move the starting point up - one (deleting the first element, which got bashed above), as - appropriate. */ + /* Either increase the length by one, or move the starting point up + one (deleting the first element, which got bashed above), as + appropriate. */ - if (q->length == QSIZE(q)) { - q->start++; - if (q->start == QSIZE(q)) - q->start = 0; - } else { - q->length++; - } + if (q->length == QSIZE(q)) { + q->start++; + if (q->start == QSIZE(q)) + q->start = 0; + } else { + q->length++; + } } gss_int32 g_order_init(void **vqueue, gssint_uint64 seqnum, - int do_replay, int do_sequence, int wide_nums) + int do_replay, int do_sequence, int wide_nums) { - queue *q; + queue *q; - if ((q = (queue *) malloc(sizeof(queue))) == NULL) - return(ENOMEM); + if ((q = (queue *) malloc(sizeof(queue))) == NULL) + return(ENOMEM); - /* This stops valgrind from complaining about writing uninitialized - data if the caller exports the context and writes it to a file. - We don't actually use those bytes at all, but valgrind still - complains. */ - memset(q, 0xfe, sizeof(*q)); + /* This stops valgrind from complaining about writing uninitialized + data if the caller exports the context and writes it to a file. + We don't actually use those bytes at all, but valgrind still + complains. */ + memset(q, 0xfe, sizeof(*q)); - q->do_replay = do_replay; - q->do_sequence = do_sequence; - q->mask = wide_nums ? ~(gssint_uint64)0 : 0xffffffffUL; + q->do_replay = do_replay; + q->do_sequence = do_sequence; + q->mask = wide_nums ? ~(gssint_uint64)0 : 0xffffffffUL; - q->start = 0; - q->length = 1; - q->firstnum = seqnum; - q->elem[q->start] = ((gssint_uint64)0 - 1) & q->mask; + q->start = 0; + q->length = 1; + q->firstnum = seqnum; + q->elem[q->start] = ((gssint_uint64)0 - 1) & q->mask; - *vqueue = (void *) q; - return(0); + *vqueue = (void *) q; + return(0); } gss_int32 g_order_check(void **vqueue, gssint_uint64 seqnum) { - queue *q; - int i; - gssint_uint64 expected; - - q = (queue *) (*vqueue); - - if (!q->do_replay && !q->do_sequence) - return(GSS_S_COMPLETE); - - /* All checks are done relative to the initial sequence number, to - avoid (or at least put off) the pain of wrapping. */ - seqnum -= q->firstnum; - /* If we're only doing 32-bit values, adjust for that again. - - Note that this will probably be the wrong thing to if we get - 2**32 messages sent with 32-bit sequence numbers. */ - seqnum &= q->mask; - - /* rule 1: expected sequence number */ - - expected = (QELEM(q,q->start+q->length-1)+1) & q->mask; - if (seqnum == expected) { - queue_insert(q, q->start+q->length-1, seqnum); - return(GSS_S_COMPLETE); - } - - /* rule 2: > expected sequence number */ - - if ((seqnum > expected)) { - queue_insert(q, q->start+q->length-1, seqnum); - if (q->do_replay && !q->do_sequence) - return(GSS_S_COMPLETE); - else - return(GSS_S_GAP_TOKEN); - } - - /* rule 3: seqnum < seqnum(first) */ - - if ((seqnum < QELEM(q,q->start)) && - /* Is top bit of whatever width we're using set? - - We used to check for greater than or equal to firstnum, but - (1) we've since switched to compute values relative to - firstnum, so the lowest we can have is 0, and (2) the effect - of the original scheme was highly dependent on whether - firstnum was close to either side of 0. (Consider - firstnum==0xFFFFFFFE and we miss three packets; the next - packet is *new* but would look old.) - - This check should give us 2**31 or 2**63 messages "new", and - just as many "old". That's not quite right either. */ - (seqnum & (1 + (q->mask >> 1))) - ) { - if (q->do_replay && !q->do_sequence) - return(GSS_S_OLD_TOKEN); - else - return(GSS_S_UNSEQ_TOKEN); - } - - /* rule 4+5: seqnum in [seqnum(first),seqnum(last)] */ - - else { - if (seqnum == QELEM(q,q->start+q->length-1)) - return(GSS_S_DUPLICATE_TOKEN); - - for (i=q->start; istart+q->length-1; i++) { - if (seqnum == QELEM(q,i)) - return(GSS_S_DUPLICATE_TOKEN); - if ((seqnum > QELEM(q,i)) && (seqnum < QELEM(q,i+1))) { - queue_insert(q, i, seqnum); - if (q->do_replay && !q->do_sequence) - return(GSS_S_COMPLETE); - else - return(GSS_S_UNSEQ_TOKEN); - } - } - } - - /* this should never happen */ - return(GSS_S_FAILURE); + queue *q; + int i; + gssint_uint64 expected; + + q = (queue *) (*vqueue); + + if (!q->do_replay && !q->do_sequence) + return(GSS_S_COMPLETE); + + /* All checks are done relative to the initial sequence number, to + avoid (or at least put off) the pain of wrapping. */ + seqnum -= q->firstnum; + /* If we're only doing 32-bit values, adjust for that again. + + Note that this will probably be the wrong thing to if we get + 2**32 messages sent with 32-bit sequence numbers. */ + seqnum &= q->mask; + + /* rule 1: expected sequence number */ + + expected = (QELEM(q,q->start+q->length-1)+1) & q->mask; + if (seqnum == expected) { + queue_insert(q, q->start+q->length-1, seqnum); + return(GSS_S_COMPLETE); + } + + /* rule 2: > expected sequence number */ + + if ((seqnum > expected)) { + queue_insert(q, q->start+q->length-1, seqnum); + if (q->do_replay && !q->do_sequence) + return(GSS_S_COMPLETE); + else + return(GSS_S_GAP_TOKEN); + } + + /* rule 3: seqnum < seqnum(first) */ + + if ((seqnum < QELEM(q,q->start)) && + /* Is top bit of whatever width we're using set? + + We used to check for greater than or equal to firstnum, but + (1) we've since switched to compute values relative to + firstnum, so the lowest we can have is 0, and (2) the effect + of the original scheme was highly dependent on whether + firstnum was close to either side of 0. (Consider + firstnum==0xFFFFFFFE and we miss three packets; the next + packet is *new* but would look old.) + + This check should give us 2**31 or 2**63 messages "new", and + just as many "old". That's not quite right either. */ + (seqnum & (1 + (q->mask >> 1))) + ) { + if (q->do_replay && !q->do_sequence) + return(GSS_S_OLD_TOKEN); + else + return(GSS_S_UNSEQ_TOKEN); + } + + /* rule 4+5: seqnum in [seqnum(first),seqnum(last)] */ + + else { + if (seqnum == QELEM(q,q->start+q->length-1)) + return(GSS_S_DUPLICATE_TOKEN); + + for (i=q->start; istart+q->length-1; i++) { + if (seqnum == QELEM(q,i)) + return(GSS_S_DUPLICATE_TOKEN); + if ((seqnum > QELEM(q,i)) && (seqnum < QELEM(q,i+1))) { + queue_insert(q, i, seqnum); + if (q->do_replay && !q->do_sequence) + return(GSS_S_COMPLETE); + else + return(GSS_S_UNSEQ_TOKEN); + } + } + } + + /* this should never happen */ + return(GSS_S_FAILURE); } void g_order_free(void **vqueue) { - queue *q; - - q = (queue *) (*vqueue); + queue *q; - free(q); + q = (queue *) (*vqueue); - *vqueue = NULL; + free(q); + + *vqueue = NULL; } /* @@ -226,11 +227,11 @@ gss_uint32 g_queue_externalize(void *vqueue, unsigned char **buf, size_t *lenremain) { if (*lenremain < sizeof(queue)) - return ENOMEM; + return ENOMEM; memcpy(*buf, vqueue, sizeof(queue)); *buf += sizeof(queue); *lenremain -= sizeof(queue); - + return 0; } @@ -240,9 +241,9 @@ g_queue_internalize(void **vqueue, unsigned char **buf, size_t *lenremain) void *q; if (*lenremain < sizeof(queue)) - return EINVAL; + return EINVAL; if ((q = malloc(sizeof(queue))) == 0) - return ENOMEM; + return ENOMEM; memcpy(q, *buf, sizeof(queue)); *buf += sizeof(queue); *lenremain -= sizeof(queue); diff --git a/src/lib/gssapi/generic/util_set.c b/src/lib/gssapi/generic/util_set.c index fea810852c..d437f1ea78 100644 --- a/src/lib/gssapi/generic/util_set.c +++ b/src/lib/gssapi/generic/util_set.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1995 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -27,79 +28,79 @@ #include "gssapiP_generic.h" struct _g_set_elt { - void *key; - void *value; - struct _g_set_elt *next; + void *key; + void *value; + struct _g_set_elt *next; }; int g_set_init(g_set_elt *s) { - *s = NULL; + *s = NULL; - return(0); + return(0); } #if 0 int g_set_destroy(g_set_elt *s) { - g_set next; + g_set next; - while (*s) { - next = (*s)->next; - free(*s); - *s = next; - } + while (*s) { + next = (*s)->next; + free(*s); + *s = next; + } - return(0); + return(0); } #endif int g_set_entry_add(g_set_elt *s, void *key, void *value) { - g_set_elt first; + g_set_elt first; - if ((first = (struct _g_set_elt *) malloc(sizeof(struct _g_set_elt))) == NULL) - return(ENOMEM); + if ((first = (struct _g_set_elt *) malloc(sizeof(struct _g_set_elt))) == NULL) + return(ENOMEM); - first->key = key; - first->value = value; - first->next = *s; + first->key = key; + first->value = value; + first->next = *s; - *s = first; + *s = first; - return(0); + return(0); } int g_set_entry_delete(g_set_elt *s, void *key) { - g_set_elt *p; + g_set_elt *p; - for (p=s; *p; p = &((*p)->next)) { - if ((*p)->key == key) { - g_set_elt next = (*p)->next; - free(*p); - *p = next; + for (p=s; *p; p = &((*p)->next)) { + if ((*p)->key == key) { + g_set_elt next = (*p)->next; + free(*p); + *p = next; - return(0); - } - } + return(0); + } + } - return(-1); + return(-1); } int g_set_entry_get(g_set_elt *s, void *key, void **value) { - g_set_elt p; + g_set_elt p; - for (p = *s; p; p = p->next) { - if (p->key == key) { - *value = p->value; + for (p = *s; p; p = p->next) { + if (p->key == key) { + *value = p->value; - return(0); - } - } + return(0); + } + } - *value = NULL; + *value = NULL; - return(-1); + return(-1); } diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c index 7b8dfed223..24d5325483 100644 --- a/src/lib/gssapi/generic/util_token.c +++ b/src/lib/gssapi/generic/util_token.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -35,130 +36,126 @@ the interfaces, so the code can be fixed if the OSI namespace balloons unexpectedly. */ -/* Each token looks like this: - -0x60 tag for APPLICATION 0, SEQUENCE - (constructed, definite-length) - possible multiple bytes, need to parse/generate - 0x06 tag for OBJECT IDENTIFIER - compile-time constant string (assume 1 byte) - compile-time constant string - the ANY containing the application token - bytes 0,1 are the token type - bytes 2,n are the token data - -Note that the token type field is a feature of RFC 1964 mechanisms and -is not used by other GSSAPI mechanisms. As such, a token type of -1 -is interpreted to mean that no token type should be expected or -generated. - -For the purposes of this abstraction, the token "header" consists of -the sequence tag and length octets, the mech OID DER encoding, and the -first two inner bytes, which indicate the token type. The token -"body" consists of everything else. - -*/ - -static unsigned int der_length_size(length) - int length; +/* + * Each token looks like this: + * 0x60 tag for APPLICATION 0, SEQUENCE + * (constructed, definite-length) + * possible multiple bytes, need to parse/generate + * 0x06 tag for OBJECT IDENTIFIER + * compile-time constant string (assume 1 byte) + * compile-time constant string + * the ANY containing the application token + * bytes 0,1 are the token type + * bytes 2,n are the token data + * + * Note that the token type field is a feature of RFC 1964 mechanisms and + * is not used by other GSSAPI mechanisms. As such, a token type of -1 + * is interpreted to mean that no token type should be expected or + * generated. + * + * For the purposes of this abstraction, the token "header" consists of + * the sequence tag and length octets, the mech OID DER encoding, and the + * first two inner bytes, which indicate the token type. The token + * "body" consists of everything else. + */ +static unsigned int +der_length_size(int length) { - if (length < (1<<7)) - return(1); - else if (length < (1<<8)) - return(2); + if (length < (1<<7)) + return(1); + else if (length < (1<<8)) + return(2); #if INT_MAX == 0x7fff - else - return(3); + else + return(3); #else - else if (length < (1<<16)) - return(3); - else if (length < (1<<24)) - return(4); - else - return(5); + else if (length < (1<<16)) + return(3); + else if (length < (1<<24)) + return(4); + else + return(5); #endif } -static void der_write_length(buf, length) - unsigned char **buf; - int length; +static void +der_write_length(unsigned char **buf, int length) { - if (length < (1<<7)) { - *(*buf)++ = (unsigned char) length; - } else { - *(*buf)++ = (unsigned char) (der_length_size(length)+127); + if (length < (1<<7)) { + *(*buf)++ = (unsigned char) length; + } else { + *(*buf)++ = (unsigned char) (der_length_size(length)+127); #if INT_MAX > 0x7fff - if (length >= (1<<24)) - *(*buf)++ = (unsigned char) (length>>24); - if (length >= (1<<16)) - *(*buf)++ = (unsigned char) ((length>>16)&0xff); + if (length >= (1<<24)) + *(*buf)++ = (unsigned char) (length>>24); + if (length >= (1<<16)) + *(*buf)++ = (unsigned char) ((length>>16)&0xff); #endif - if (length >= (1<<8)) - *(*buf)++ = (unsigned char) ((length>>8)&0xff); - *(*buf)++ = (unsigned char) (length&0xff); - } + if (length >= (1<<8)) + *(*buf)++ = (unsigned char) ((length>>8)&0xff); + *(*buf)++ = (unsigned char) (length&0xff); + } } /* returns decoded length, or < 0 on failure. Advances buf and decrements bufsize */ -static int der_read_length(buf, bufsize) - unsigned char **buf; - int *bufsize; +static int +der_read_length(unsigned char **buf, int *bufsize) { - unsigned char sf; - int ret; - - if (*bufsize < 1) - return(-1); - sf = *(*buf)++; - (*bufsize)--; - if (sf & 0x80) { - if ((sf &= 0x7f) > ((*bufsize)-1)) - return(-1); - if (sf > sizeof(int)) - return (-1); - ret = 0; - for (; sf; sf--) { - ret = (ret<<8) + (*(*buf)++); - (*bufsize)--; - } - } else { - ret = sf; - } - - return(ret); + unsigned char sf; + int ret; + + if (*bufsize < 1) + return(-1); + sf = *(*buf)++; + (*bufsize)--; + if (sf & 0x80) { + if ((sf &= 0x7f) > ((*bufsize)-1)) + return(-1); + if (sf > sizeof(int)) + return (-1); + ret = 0; + for (; sf; sf--) { + ret = (ret<<8) + (*(*buf)++); + (*bufsize)--; + } + } else { + ret = sf; + } + + return(ret); } /* returns the length of a token, given the mech oid and the body size */ -unsigned int g_token_size(mech, body_size) - const gss_OID_desc * mech; - unsigned int body_size; +unsigned int +g_token_size(const gss_OID_desc * mech, unsigned int body_size) { - /* set body_size to sequence contents size */ - body_size += 4 + (int) mech->length; /* NEED overflow check */ - return(1 + der_length_size(body_size) + body_size); + /* set body_size to sequence contents size */ + body_size += 4 + (int) mech->length; /* NEED overflow check */ + return(1 + der_length_size(body_size) + body_size); } /* fills in a buffer with the token header. The buffer is assumed to be the right size. buf is advanced past the token header */ -void g_make_token_header(mech, body_size, buf, tok_type) - const gss_OID_desc * mech; - unsigned int body_size; - unsigned char **buf; - int tok_type; +void +g_make_token_header( + const gss_OID_desc * mech, + unsigned int body_size, + unsigned char **buf, + int tok_type) { - *(*buf)++ = 0x60; - der_write_length(buf, (tok_type == -1) ?2:4 + mech->length + body_size); - *(*buf)++ = 0x06; - *(*buf)++ = (unsigned char) mech->length; - TWRITE_STR(*buf, mech->elements, mech->length); - if (tok_type != -1) { - *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff); - *(*buf)++ = (unsigned char) (tok_type&0xff); - } + *(*buf)++ = 0x60; + der_write_length(buf, (tok_type == -1) ?2:4 + mech->length + body_size); + *(*buf)++ = 0x06; + *(*buf)++ = (unsigned char) mech->length; + TWRITE_STR(*buf, mech->elements, mech->length); + if (tok_type != -1) { + *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff); + *(*buf)++ = (unsigned char) (tok_type&0xff); + } } /* @@ -170,63 +167,64 @@ void g_make_token_header(mech, body_size, buf, tok_type) * *body_size are left unmodified on error. */ -gss_int32 g_verify_token_header(mech, body_size, buf_in, tok_type, toksize_in, - wrapper_required) - const gss_OID_desc * mech; - unsigned int *body_size; - unsigned char **buf_in; - int tok_type; - unsigned int toksize_in; - int wrapper_required; +gss_int32 +g_verify_token_header( + const gss_OID_desc * mech, + unsigned int *body_size, + unsigned char **buf_in, + int tok_type, + unsigned int toksize_in, + int flags) { - unsigned char *buf = *buf_in; - int seqsize; - gss_OID_desc toid; - int toksize = toksize_in; - - if ((toksize-=1) < 0) - return(G_BAD_TOK_HEADER); - if (*buf++ != 0x60) { - if (wrapper_required) - return(G_BAD_TOK_HEADER); - buf--; - toksize++; - goto skip_wrapper; - } - - if ((seqsize = der_read_length(&buf, &toksize)) < 0) - return(G_BAD_TOK_HEADER); - - if (seqsize != toksize) - return(G_BAD_TOK_HEADER); - - if ((toksize-=1) < 0) - return(G_BAD_TOK_HEADER); - if (*buf++ != 0x06) - return(G_BAD_TOK_HEADER); - - if ((toksize-=1) < 0) - return(G_BAD_TOK_HEADER); - toid.length = *buf++; - - if ((toksize-=toid.length) < 0) - return(G_BAD_TOK_HEADER); - toid.elements = buf; - buf+=toid.length; - - if (! g_OID_equal(&toid, mech)) - return G_WRONG_MECH; + unsigned char *buf = *buf_in; + int seqsize; + gss_OID_desc toid; + int toksize = toksize_in; + + if ((toksize-=1) < 0) + return(G_BAD_TOK_HEADER); + if (*buf++ != 0x60) { + if (flags & G_VFY_TOKEN_HDR_WRAPPER_REQUIRED) + return(G_BAD_TOK_HEADER); + buf--; + toksize++; + goto skip_wrapper; + } + + if ((seqsize = der_read_length(&buf, &toksize)) < 0) + return(G_BAD_TOK_HEADER); + + if ((flags & G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE) == 0 && + seqsize != toksize) + return(G_BAD_TOK_HEADER); + + if ((toksize-=1) < 0) + return(G_BAD_TOK_HEADER); + if (*buf++ != 0x06) + return(G_BAD_TOK_HEADER); + + if ((toksize-=1) < 0) + return(G_BAD_TOK_HEADER); + toid.length = *buf++; + + if ((toksize-=toid.length) < 0) + return(G_BAD_TOK_HEADER); + toid.elements = buf; + buf+=toid.length; + + if (! g_OID_equal(&toid, mech)) + return G_WRONG_MECH; skip_wrapper: - if (tok_type != -1) { - if ((toksize-=2) < 0) - return(G_BAD_TOK_HEADER); - - if ((*buf++ != ((tok_type>>8)&0xff)) || - (*buf++ != (tok_type&0xff))) - return(G_WRONG_TOKID); - } - *buf_in = buf; - *body_size = toksize; - - return 0; + if (tok_type != -1) { + if ((toksize-=2) < 0) + return(G_BAD_TOK_HEADER); + + if ((*buf++ != ((tok_type>>8)&0xff)) || + (*buf++ != (tok_type&0xff))) + return(G_WRONG_TOKID); + } + *buf_in = buf; + *body_size = toksize; + + return 0; } diff --git a/src/lib/gssapi/generic/util_validate.c b/src/lib/gssapi/generic/util_validate.c index bb9d0d2ecf..00dac321c3 100644 --- a/src/lib/gssapi/generic/util_validate.c +++ b/src/lib/gssapi/generic/util_validate.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -29,7 +30,6 @@ */ #include "gssapiP_generic.h" -#include "gss_libinit.h" #ifdef HAVE_SYS_TYPES_H #include @@ -45,193 +45,187 @@ static const int one = 1; static const DBT dbtone = { (void *) &one, sizeof(one) }; typedef struct _vkey { - int type; - void *ptr; + int type; + void *ptr; } vkey; #endif -#define V_NAME 1 -#define V_CRED_ID 2 -#define V_CTX_ID 3 -#define V_LCTX_ID 4 +#define V_NAME 1 +#define V_CRED_ID 2 +#define V_CTX_ID 3 +#define V_LCTX_ID 4 /* All these functions return 0 on failure, and non-zero on success */ static int g_save(db, type, ptr) - g_set *db; + g_set *db; #ifdef HAVE_BSD_DB - int type; + int type; #else - void *type; + void *type; #endif - void *ptr; + void *ptr; { - int ret; + int ret; #ifdef HAVE_BSD_DB - DB **vdb; - vkey vk; - DBT key; + DB **vdb; + vkey vk; + DBT key; - ret = gssint_initialize_library(); - if (ret) - return 0; - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; + ret = k5_mutex_lock(&db->mutex); + if (ret) + return 0; - vdb = (DB **) &db->data; + vdb = (DB **) &db->data; - if (!*vdb) - *vdb = dbopen(NULL, O_CREAT|O_RDWR, O_CREAT|O_RDWR, DB_HASH, NULL); + if (!*vdb) + *vdb = dbopen(NULL, O_CREAT|O_RDWR, O_CREAT|O_RDWR, DB_HASH, NULL); - vk.type = type; - vk.ptr = ptr; + vk.type = type; + vk.ptr = ptr; - key.data = &vk; - key.size = sizeof(vk); + key.data = &vk; + key.size = sizeof(vk); - ret = ((*((*vdb)->put))(*vdb, &key, &dbtone, 0) == 0); - k5_mutex_unlock(&db->mutex); - return ret; + ret = ((*((*vdb)->put))(*vdb, &key, &dbtone, 0) == 0); + k5_mutex_unlock(&db->mutex); + return ret; #else - g_set_elt *gs; - - ret = gssint_initialize_library(); - if (ret) - return 0; - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - gs = (g_set_elt *) &db->data; - - if (!*gs) - if (g_set_init(gs)) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - ret = (g_set_entry_add(gs, ptr, type) == 0); - k5_mutex_unlock(&db->mutex); - return ret; + g_set_elt *gs; + + ret = k5_mutex_lock(&db->mutex); + if (ret) + return 0; + + gs = (g_set_elt *) &db->data; + + if (!*gs) + if (g_set_init(gs)) { + k5_mutex_unlock(&db->mutex); + return(0); + } + + ret = (g_set_entry_add(gs, ptr, type) == 0); + k5_mutex_unlock(&db->mutex); + return ret; #endif } static int g_validate(db, type, ptr) - g_set *db; + g_set *db; #ifdef HAVE_BSD_DB - int type; + int type; #else - void *type; + void *type; #endif - void *ptr; + void *ptr; { - int ret; + int ret; #ifdef HAVE_BSD_DB - DB **vdb; - vkey vk; - DBT key, value; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - vdb = (DB **) &db->data; - if (!*vdb) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - vk.type = type; - vk.ptr = ptr; - - key.data = &vk; - key.size = sizeof(vk); - - if ((*((*vdb)->get))(*vdb, &key, &value, 0)) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - k5_mutex_unlock(&db->mutex); - return((value.size == sizeof(one)) && - (*((int *) value.data) == one)); + DB **vdb; + vkey vk; + DBT key, value; + + ret = k5_mutex_lock(&db->mutex); + if (ret) + return 0; + + vdb = (DB **) &db->data; + if (!*vdb) { + k5_mutex_unlock(&db->mutex); + return(0); + } + + vk.type = type; + vk.ptr = ptr; + + key.data = &vk; + key.size = sizeof(vk); + + if ((*((*vdb)->get))(*vdb, &key, &value, 0)) { + k5_mutex_unlock(&db->mutex); + return(0); + } + + k5_mutex_unlock(&db->mutex); + return((value.size == sizeof(one)) && + (*((int *) value.data) == one)); #else - g_set_elt *gs; - void *value; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - gs = (g_set_elt *) &db->data; - if (!*gs) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - if (g_set_entry_get(gs, ptr, (void **) &value)) { - k5_mutex_unlock(&db->mutex); - return(0); - } - k5_mutex_unlock(&db->mutex); - return(value == type); + g_set_elt *gs; + void *value; + + ret = k5_mutex_lock(&db->mutex); + if (ret) + return 0; + + gs = (g_set_elt *) &db->data; + if (!*gs) { + k5_mutex_unlock(&db->mutex); + return(0); + } + + if (g_set_entry_get(gs, ptr, (void **) &value)) { + k5_mutex_unlock(&db->mutex); + return(0); + } + k5_mutex_unlock(&db->mutex); + return(value == type); #endif } static int g_delete(db, type, ptr) - g_set *db; + g_set *db; #ifdef HAVE_BSD_DB - int type; + int type; #else - void *type; + void *type; #endif - void *ptr; + void *ptr; { - int ret; + int ret; #ifdef HAVE_BSD_DB - DB **vdb; - vkey vk; - DBT key; + DB **vdb; + vkey vk; + DBT key; - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; + ret = k5_mutex_lock(&db->mutex); + if (ret) + return 0; - vdb = (DB **) &db->data; - if (!*vdb) { - k5_mutex_unlock(&db->mutex); - return(0); - } + vdb = (DB **) &db->data; + if (!*vdb) { + k5_mutex_unlock(&db->mutex); + return(0); + } - vk.type = type; - vk.ptr = ptr; + vk.type = type; + vk.ptr = ptr; - key.data = &vk; - key.size = sizeof(vk); + key.data = &vk; + key.size = sizeof(vk); - ret = ((*((*vdb)->del))(*vdb, &key, 0) == 0); - k5_mutex_unlock(&db->mutex); - return ret; + ret = ((*((*vdb)->del))(*vdb, &key, 0) == 0); + k5_mutex_unlock(&db->mutex); + return ret; #else - g_set_elt *gs; - - ret = k5_mutex_lock(&db->mutex); - if (ret) - return 0; - - gs = (g_set_elt *) &db->data; - if (!*gs) { - k5_mutex_unlock(&db->mutex); - return(0); - } - - if (g_set_entry_delete(gs, ptr)) { - k5_mutex_unlock(&db->mutex); - return(0); - } - k5_mutex_unlock(&db->mutex); - return(1); + g_set_elt *gs; + + ret = k5_mutex_lock(&db->mutex); + if (ret) + return 0; + + gs = (g_set_elt *) &db->data; + if (!*gs) { + k5_mutex_unlock(&db->mutex); + return(0); + } + + if (g_set_entry_delete(gs, ptr)) { + k5_mutex_unlock(&db->mutex); + return(0); + } + k5_mutex_unlock(&db->mutex); + return(1); #endif } @@ -240,82 +234,81 @@ static int g_delete(db, type, ptr) /* save */ int g_save_name(vdb, name) - g_set *vdb; - gss_name_t name; + g_set *vdb; + gss_name_t name; { - return(g_save(vdb, V_NAME, (void *) name)); + return(g_save(vdb, V_NAME, (void *) name)); } int g_save_cred_id(vdb, cred) - g_set *vdb; - gss_cred_id_t cred; + g_set *vdb; + gss_cred_id_t cred; { - return(g_save(vdb, V_CRED_ID, (void *) cred)); + return(g_save(vdb, V_CRED_ID, (void *) cred)); } int g_save_ctx_id(vdb, ctx) - g_set *vdb; - gss_ctx_id_t ctx; + g_set *vdb; + gss_ctx_id_t ctx; { - return(g_save(vdb, V_CTX_ID, (void *) ctx)); + return(g_save(vdb, V_CTX_ID, (void *) ctx)); } int g_save_lucidctx_id(vdb, lctx) - g_set *vdb; - void *lctx; + g_set *vdb; + void *lctx; { - return(g_save(vdb, V_LCTX_ID, (void *) lctx)); + return(g_save(vdb, V_LCTX_ID, (void *) lctx)); } /* validate */ int g_validate_name(vdb, name) - g_set *vdb; - gss_name_t name; + g_set *vdb; + gss_name_t name; { - return(g_validate(vdb, V_NAME, (void *) name)); + return(g_validate(vdb, V_NAME, (void *) name)); } int g_validate_cred_id(vdb, cred) - g_set *vdb; - gss_cred_id_t cred; + g_set *vdb; + gss_cred_id_t cred; { - return(g_validate(vdb, V_CRED_ID, (void *) cred)); + return(g_validate(vdb, V_CRED_ID, (void *) cred)); } int g_validate_ctx_id(vdb, ctx) - g_set *vdb; - gss_ctx_id_t ctx; + g_set *vdb; + gss_ctx_id_t ctx; { - return(g_validate(vdb, V_CTX_ID, (void *) ctx)); + return(g_validate(vdb, V_CTX_ID, (void *) ctx)); } int g_validate_lucidctx_id(vdb, lctx) - g_set *vdb; - void *lctx; + g_set *vdb; + void *lctx; { - return(g_validate(vdb, V_LCTX_ID, (void *) lctx)); + return(g_validate(vdb, V_LCTX_ID, (void *) lctx)); } /* delete */ int g_delete_name(vdb, name) - g_set *vdb; - gss_name_t name; + g_set *vdb; + gss_name_t name; { - return(g_delete(vdb, V_NAME, (void *) name)); + return(g_delete(vdb, V_NAME, (void *) name)); } int g_delete_cred_id(vdb, cred) - g_set *vdb; - gss_cred_id_t cred; + g_set *vdb; + gss_cred_id_t cred; { - return(g_delete(vdb, V_CRED_ID, (void *) cred)); + return(g_delete(vdb, V_CRED_ID, (void *) cred)); } int g_delete_ctx_id(vdb, ctx) - g_set *vdb; - gss_ctx_id_t ctx; + g_set *vdb; + gss_ctx_id_t ctx; { - return(g_delete(vdb, V_CTX_ID, (void *) ctx)); + return(g_delete(vdb, V_CTX_ID, (void *) ctx)); } int g_delete_lucidctx_id(vdb, lctx) - g_set *vdb; - void *lctx; + g_set *vdb; + void *lctx; { - return(g_delete(vdb, V_LCTX_ID, (void *) lctx)); + return(g_delete(vdb, V_LCTX_ID, (void *) lctx)); } - diff --git a/src/lib/gssapi/generic/utl_nohash_validate.c b/src/lib/gssapi/generic/utl_nohash_validate.c index da20b71d6f..d221b3722e 100644 --- a/src/lib/gssapi/generic/utl_nohash_validate.c +++ b/src/lib/gssapi/generic/utl_nohash_validate.c @@ -1,7 +1,8 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1990,1994 by the Massachusetts Institute of Technology. * All Rights Reserved. - * + * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating @@ -20,7 +21,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* @@ -41,81 +42,80 @@ /* save */ int g_save_name(vdb, name) - void **vdb; - gss_name_t *name; + void **vdb; + gss_name_t *name; { - return 1; + return 1; } int g_save_cred_id(vdb, cred) - void **vdb; - gss_cred_id_t *cred; + void **vdb; + gss_cred_id_t *cred; { - return 1; + return 1; } int g_save_ctx_id(vdb, ctx) - void **vdb; - gss_ctx_id_t *ctx; + void **vdb; + gss_ctx_id_t *ctx; { - return 1; + return 1; } int g_save_lucidctx_id(vdb, lctx) - void **vdb; - void *lctx; + void **vdb; + void *lctx; { - return 1; + return 1; } /* validate */ int g_validate_name(vdb, name) - void **vdb; - gss_name_t *name; + void **vdb; + gss_name_t *name; { - return 1; + return 1; } int g_validate_cred_id(vdb, cred) - void **vdb; - gss_cred_id_t *cred; + void **vdb; + gss_cred_id_t *cred; { - return 1; + return 1; } int g_validate_ctx_id(vdb, ctx) - void **vdb; - gss_ctx_id_t *ctx; + void **vdb; + gss_ctx_id_t *ctx; { - return 1; + return 1; } int g_validate_lucidctx_id(vdb, lctx) - void **vdb; - void *lctx; + void **vdb; + void *lctx; { - return 1; + return 1; } /* delete */ int g_delete_name(vdb, name) - void **vdb; - gss_name_t *name; + void **vdb; + gss_name_t *name; { - return 1; + return 1; } int g_delete_cred_id(vdb, cred) - void **vdb; - gss_cred_id_t *cred; + void **vdb; + gss_cred_id_t *cred; { - return 1; + return 1; } int g_delete_ctx_id(vdb, ctx) - void **vdb; - gss_ctx_id_t *ctx; + void **vdb; + gss_ctx_id_t *ctx; { - return 1; + return 1; } int g_delete_lucidctx_id(vdb, lctx) - void **vdb; - void *lctx; + void **vdb; + void *lctx; { - return 1; + return 1; } - diff --git a/src/lib/gssapi/gss_libinit.c b/src/lib/gssapi/gss_libinit.c deleted file mode 100644 index cdffb77290..0000000000 --- a/src/lib/gssapi/gss_libinit.c +++ /dev/null @@ -1,90 +0,0 @@ -#include - -#include "gssapi_err_generic.h" -#include "gssapi_err_krb5.h" -#include "gssapiP_krb5.h" -#include "gssapiP_generic.h" - -#include "gss_libinit.h" -#include "k5-platform.h" - -#include "mglueP.h" - -/* - * Initialize the GSSAPI library. - */ - -MAKE_INIT_FUNCTION(gssint_lib_init); -MAKE_FINI_FUNCTION(gssint_lib_fini); - -int gssint_lib_init(void) -{ - int err; - -#ifdef SHOW_INITFINI_FUNCS - printf("gssint_lib_init\n"); -#endif - - add_error_table(&et_k5g_error_table); - add_error_table(&et_ggss_error_table); - - err = gssint_mechglue_init(); - if (err) - return err; -#ifndef LEAN_CLIENT - err = k5_mutex_finish_init(&gssint_krb5_keytab_lock); - if (err) - return err; -#endif /* LEAN_CLIENT */ - err = k5_key_register(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, free); - if (err) - return err; - err = k5_key_register(K5_KEY_GSS_KRB5_CCACHE_NAME, free); - if (err) - return err; - err = k5_key_register(K5_KEY_GSS_KRB5_ERROR_MESSAGE, - krb5_gss_delete_error_info); - if (err) - return err; - err = gssint_mecherrmap_init(); - if (err) - return err; -#ifndef _WIN32 - err = k5_mutex_finish_init(&kg_kdc_flag_mutex); - if (err) - return err; -#endif - return k5_mutex_finish_init(&kg_vdb.mutex); -} - -void gssint_lib_fini(void) -{ - if (!INITIALIZER_RAN(gssint_lib_init) || PROGRAM_EXITING()) { -#ifdef SHOW_INITFINI_FUNCS - printf("gssint_lib_fini: skipping\n"); -#endif - return; - } -#ifdef SHOW_INITFINI_FUNCS - printf("gssint_lib_fini\n"); -#endif - remove_error_table(&et_k5g_error_table); - remove_error_table(&et_ggss_error_table); - - k5_key_delete(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME); - k5_key_delete(K5_KEY_GSS_KRB5_CCACHE_NAME); - k5_mutex_destroy(&kg_vdb.mutex); -#ifndef _WIN32 - k5_mutex_destroy(&kg_kdc_flag_mutex); -#endif -#ifndef LEAN_CLIENT - k5_mutex_destroy(&gssint_krb5_keytab_lock); -#endif /* LEAN_CLIENT */ - gssint_mecherrmap_destroy(); - gssint_mechglue_fini(); -} - -OM_uint32 gssint_initialize_library (void) -{ - return CALL_INIT_FUNCTION(gssint_lib_init); -} diff --git a/src/lib/gssapi/gss_libinit.h b/src/lib/gssapi/gss_libinit.h deleted file mode 100644 index 5a36604263..0000000000 --- a/src/lib/gssapi/gss_libinit.h +++ /dev/null @@ -1,9 +0,0 @@ -#ifndef GSSAPI_LIBINIT_H -#define GSSAPI_LIBINIT_H - -#include "gssapi.h" - -OM_uint32 gssint_initialize_library (void); -void gssint_cleanup_library (void); - -#endif /* GSSAPI_LIBINIT_H */ diff --git a/src/lib/gssapi/krb5/Makefile.in b/src/lib/gssapi/krb5/Makefile.in index 5a761a1663..530d527c2a 100644 --- a/src/lib/gssapi/krb5/Makefile.in +++ b/src/lib/gssapi/krb5/Makefile.in @@ -3,7 +3,24 @@ myfulldir=lib/gssapi/krb5 mydir=lib/gssapi/krb5 BUILDTOP=$(REL)..$(S)..$(S).. LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../mechglue -I$(srcdir)/../mechglue -DEFS= +DEFS=-D_GSS_STATIC_LINK=1 + +#PROG_LIBPATH=-L$(TOPLIBD) +#PROG_RPATH=$(KRB5_LIBDIR) +#MODULE_INSTALL_DIR = $(GSS_MODULE_DIR) +#LIBBASE=mech_krb5 +#LIBMAJOR=0 +#LIBMINOR=0 +#SO_EXT=.so +#LIBINITFUNC=gss_krb5int_init +#LIBFINIFUNC=gss_krb5int_fini +#STOBJLISTS=../generic/OBJS.ST OBJS.ST +#SUBDIROBJLISTS=../generic/OBJS.ST +#SHLIB_EXPDEPS=$(KRB5_DEPLIB) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) $(COM_ERR_DEPLIB) +#SHLIB_EXPLIBS=-lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) $(DL_LIB) $(LIBS) +#SHLIB_DIRS=-L$(TOPLIBD) +#SHLIB_RDIRS=$(KRB5_LIBDIR) +#RELDIR=gssapi/krb5 ##DOS##BUILDTOP = ..\..\.. ##DOS##PREFIXDIR=krb5 @@ -45,8 +62,11 @@ SRCS = \ $(srcdir)/inq_cred.c \ $(srcdir)/inq_names.c \ $(srcdir)/k5seal.c \ + $(srcdir)/k5sealiov.c \ $(srcdir)/k5sealv3.c \ + $(srcdir)/k5sealv3iov.c \ $(srcdir)/k5unseal.c \ + $(srcdir)/k5unsealiov.c \ $(srcdir)/krb5_gss_glue.c \ $(srcdir)/lucid_context.c \ $(srcdir)/process_context_token.c \ @@ -65,11 +85,8 @@ SRCS = \ $(srcdir)/util_seqnum.c \ $(srcdir)/val_cred.c \ $(srcdir)/verify.c \ - $(srcdir)/wrap_size_limit.c \ - gssapi_err_krb5.c + $(srcdir)/wrap_size_limit.c -# $(srcdir)/pname_to_uid.c \ -# $(srcdir)/k5mech.c OBJS = \ $(OUTPRE)accept_sec_context.$(OBJEXT) \ @@ -95,8 +112,11 @@ OBJS = \ $(OUTPRE)inq_cred.$(OBJEXT) \ $(OUTPRE)inq_names.$(OBJEXT) \ $(OUTPRE)k5seal.$(OBJEXT) \ + $(OUTPRE)k5sealiov.$(OBJEXT) \ $(OUTPRE)k5sealv3.$(OBJEXT) \ + $(OUTPRE)k5sealv3iov.$(OBJEXT) \ $(OUTPRE)k5unseal.$(OBJEXT) \ + $(OUTPRE)k5unsealiov.$(OBJEXT) \ $(OUTPRE)krb5_gss_glue.$(OBJEXT) \ $(OUTPRE)lucid_context.$(OBJEXT) \ $(OUTPRE)process_context_token.$(OBJEXT) \ @@ -145,8 +165,11 @@ STLIBOBJS = \ inq_cred.o \ inq_names.o \ k5seal.o \ + k5sealiov.o \ k5sealv3.o \ + k5sealv3iov.o \ k5unseal.o \ + k5unsealiov.o \ krb5_gss_glue.o \ lucid_context.o \ process_context_token.o \ @@ -248,549 +271,3 @@ install:: @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -accept_sec_context.so accept_sec_context.po $(OUTPRE)accept_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - accept_sec_context.c gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h -acquire_cred.so acquire_cred.po $(OUTPRE)acquire_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - $(srcdir)/../gss_libinit.h ../generic/gssapi_err_generic.h \ - acquire_cred.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -add_cred.so add_cred.po $(OUTPRE)add_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - add_cred.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -canon_name.so canon_name.po $(OUTPRE)canon_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - canon_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -compare_name.so compare_name.po $(OUTPRE)compare_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - compare_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -context_time.so context_time.po $(OUTPRE)context_time.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - context_time.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -copy_ccache.so copy_ccache.po $(OUTPRE)copy_ccache.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - copy_ccache.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -delete_sec_context.so delete_sec_context.po $(OUTPRE)delete_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - delete_sec_context.c gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h -disp_name.so disp_name.po $(OUTPRE)disp_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - disp_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -disp_status.so disp_status.po $(OUTPRE)disp_status.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - $(srcdir)/../gss_libinit.h ../generic/gssapi_err_generic.h \ - disp_status.c error_map.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h -duplicate_name.so duplicate_name.po $(OUTPRE)duplicate_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - duplicate_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -export_name.so export_name.po $(OUTPRE)export_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - export_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -export_sec_context.so export_sec_context.po $(OUTPRE)export_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - export_sec_context.c gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h -get_tkt_flags.so get_tkt_flags.po $(OUTPRE)get_tkt_flags.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - get_tkt_flags.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h -gssapi_krb5.so gssapi_krb5.po $(OUTPRE)gssapi_krb5.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.c gssapi_krb5.h -import_name.so import_name.po $(OUTPRE)import_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h import_name.c -import_sec_context.so import_sec_context.po $(OUTPRE)import_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h import_sec_context.c -indicate_mechs.so indicate_mechs.po $(OUTPRE)indicate_mechs.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../mechglue/mechglue.h \ - $(srcdir)/../mechglue/mglueP.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h indicate_mechs.c -init_sec_context.so init_sec_context.po $(OUTPRE)init_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - $(srcdir)/../gss_libinit.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h init_sec_context.c -inq_context.so inq_context.po $(OUTPRE)inq_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h inq_context.c -inq_cred.so inq_cred.po $(OUTPRE)inq_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h inq_cred.c -inq_names.so inq_names.po $(OUTPRE)inq_names.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h inq_names.c -k5seal.so k5seal.po $(OUTPRE)k5seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h k5seal.c -k5sealv3.so k5sealv3.po $(OUTPRE)k5sealv3.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5sealv3.c -k5unseal.so k5unseal.po $(OUTPRE)k5unseal.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5unseal.c -krb5_gss_glue.so krb5_gss_glue.po $(OUTPRE)krb5_gss_glue.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../mechglue/mechglue.h \ - $(srcdir)/../mechglue/mglueP.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h krb5_gss_glue.c -lucid_context.so lucid_context.po $(OUTPRE)lucid_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h lucid_context.c -process_context_token.so process_context_token.po $(OUTPRE)process_context_token.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h process_context_token.c -rel_cred.so rel_cred.po $(OUTPRE)rel_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h rel_cred.c -rel_oid.so rel_oid.po $(OUTPRE)rel_oid.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h rel_oid.c -rel_name.so rel_name.po $(OUTPRE)rel_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h rel_name.c -seal.so seal.po $(OUTPRE)seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h seal.c -set_allowable_enctypes.so set_allowable_enctypes.po \ - $(OUTPRE)set_allowable_enctypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h set_allowable_enctypes.c -ser_sctx.so ser_sctx.po $(OUTPRE)ser_sctx.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h ser_sctx.c -set_ccache.so set_ccache.po $(OUTPRE)set_ccache.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - $(srcdir)/../gss_libinit.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h set_ccache.c -sign.so sign.po $(OUTPRE)sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h sign.c -unseal.so unseal.po $(OUTPRE)unseal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h unseal.c -util_cksum.so util_cksum.po $(OUTPRE)util_cksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h util_cksum.c -util_crypt.so util_crypt.po $(OUTPRE)util_crypt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h util_crypt.c -util_seed.so util_seed.po $(OUTPRE)util_seed.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h util_seed.c -util_seqnum.so util_seqnum.po $(OUTPRE)util_seqnum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h util_seqnum.c -val_cred.so val_cred.po $(OUTPRE)val_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h val_cred.c -verify.so verify.po $(OUTPRE)verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ - gssapi_krb5.h verify.c -wrap_size_limit.so wrap_size_limit.po $(OUTPRE)wrap_size_limit.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ - gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h wrap_size_limit.c -gssapi_err_krb5.so gssapi_err_krb5.po $(OUTPRE)gssapi_err_krb5.$(OBJEXT): \ - $(COM_ERR_DEPS) gssapi_err_krb5.c diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 3ae460e1fb..2e2433a2a0 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 2000, 2004, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,11 +21,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -34,7 +35,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -46,14 +47,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -64,11 +65,38 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include "gssapiP_krb5.h" @@ -84,7 +112,7 @@ #define CFX_ACCEPTOR_SUBKEY 1 #endif -#ifndef LEAN_CLIENT +#ifndef LEAN_CLIENT /* Decode, decrypt and store the forwarded creds in the local ccache. */ static krb5_error_code @@ -99,91 +127,91 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred) krb5_ccache ccache = NULL; krb5_gss_cred_id_t cred = NULL; krb5_auth_context new_auth_ctx = NULL; - krb5_int32 flags_org; - - if ((retval = krb5_auth_con_getflags(context, auth_context, &flags_org))) - return retval; - krb5_auth_con_setflags(context, auth_context, - 0); - - /* - * By the time krb5_rd_cred is called here (after krb5_rd_req has been - * called in krb5_gss_accept_sec_context), the "keyblock" field of - * auth_context contains a pointer to the session key, and the - * "recv_subkey" field might contain a session subkey. Either of - * these (the "recv_subkey" if it isn't NULL, otherwise the - * "keyblock") might have been used to encrypt the encrypted part of - * the KRB_CRED message that contains the forwarded credentials. (The - * Java Crypto and Security Implementation from the DSTC in Australia - * always uses the session key. But apparently it never negotiates a - * subkey, so this code works fine against a JCSI client.) Up to the - * present, though, GSSAPI clients linked against the MIT code (which - * is almost all GSSAPI clients) don't encrypt the KRB_CRED message at - * all -- at this level. So if the first call to krb5_rd_cred fails, - * we should call it a second time with another auth context freshly - * created by krb5_auth_con_init. All of its keyblock fields will be - * NULL, so krb5_rd_cred will assume that the KRB_CRED message is - * unencrypted. (The MIT code doesn't actually send the KRB_CRED - * message in the clear -- the "authenticator" whose "checksum" ends up - * containing the KRB_CRED message does get encrypted.) - */ - if (krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)) { - if ((retval = krb5_auth_con_init(context, &new_auth_ctx))) - goto cleanup; - krb5_auth_con_setflags(context, new_auth_ctx, 0); - if ((retval = krb5_rd_cred(context, new_auth_ctx, inbuf, - &creds, NULL))) - goto cleanup; - } + krb5_int32 flags_org; + + if ((retval = krb5_auth_con_getflags(context, auth_context, &flags_org))) + return retval; + krb5_auth_con_setflags(context, auth_context, + 0); + + /* + * By the time krb5_rd_cred is called here (after krb5_rd_req has been + * called in krb5_gss_accept_sec_context), the "keyblock" field of + * auth_context contains a pointer to the session key, and the + * "recv_subkey" field might contain a session subkey. Either of + * these (the "recv_subkey" if it isn't NULL, otherwise the + * "keyblock") might have been used to encrypt the encrypted part of + * the KRB_CRED message that contains the forwarded credentials. (The + * Java Crypto and Security Implementation from the DSTC in Australia + * always uses the session key. But apparently it never negotiates a + * subkey, so this code works fine against a JCSI client.) Up to the + * present, though, GSSAPI clients linked against the MIT code (which + * is almost all GSSAPI clients) don't encrypt the KRB_CRED message at + * all -- at this level. So if the first call to krb5_rd_cred fails, + * we should call it a second time with another auth context freshly + * created by krb5_auth_con_init. All of its keyblock fields will be + * NULL, so krb5_rd_cred will assume that the KRB_CRED message is + * unencrypted. (The MIT code doesn't actually send the KRB_CRED + * message in the clear -- the "authenticator" whose "checksum" ends up + * containing the KRB_CRED message does get encrypted.) + */ + if (krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)) { + if ((retval = krb5_auth_con_init(context, &new_auth_ctx))) + goto cleanup; + krb5_auth_con_setflags(context, new_auth_ctx, 0); + if ((retval = krb5_rd_cred(context, new_auth_ctx, inbuf, + &creds, NULL))) + goto cleanup; + } if ((retval = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache))) { - ccache = NULL; + ccache = NULL; goto cleanup; } if ((retval = krb5_cc_initialize(context, ccache, creds[0]->client))) - goto cleanup; + goto cleanup; if ((retval = krb5_cc_store_cred(context, ccache, creds[0]))) - goto cleanup; + goto cleanup; /* generate a delegated credential handle */ if (out_cred) { - /* allocate memory for a cred_t... */ - if (!(cred = - (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec)))) { - retval = ENOMEM; /* out of memory? */ - goto cleanup; - } - - /* zero it out... */ - memset(cred, 0, sizeof(krb5_gss_cred_id_rec)); - - retval = k5_mutex_init(&cred->lock); - if (retval) { - xfree(cred); - cred = NULL; - goto cleanup; - } - - /* copy the client principle into it... */ - if ((retval = - krb5_copy_principal(context, creds[0]->client, &(cred->princ)))) { - k5_mutex_destroy(&cred->lock); - retval = ENOMEM; /* out of memory? */ - xfree(cred); /* clean up memory on failure */ - cred = NULL; - goto cleanup; - } - - cred->usage = GSS_C_INITIATE; /* we can't accept with this */ - /* cred->princ already set */ - cred->prerfc_mech = 1; /* this cred will work with all three mechs */ - cred->rfc_mech = 1; - cred->keytab = NULL; /* no keytab associated with this... */ - cred->tgt_expire = creds[0]->times.endtime; /* store the end time */ - cred->ccache = ccache; /* the ccache containing the credential */ - ccache = NULL; /* cred takes ownership so don't destroy */ + /* allocate memory for a cred_t... */ + if (!(cred = + (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec)))) { + retval = ENOMEM; /* out of memory? */ + goto cleanup; + } + + /* zero it out... */ + memset(cred, 0, sizeof(krb5_gss_cred_id_rec)); + + retval = k5_mutex_init(&cred->lock); + if (retval) { + xfree(cred); + cred = NULL; + goto cleanup; + } + + /* copy the client principle into it... */ + if ((retval = + krb5_copy_principal(context, creds[0]->client, &(cred->princ)))) { + k5_mutex_destroy(&cred->lock); + retval = ENOMEM; /* out of memory? */ + xfree(cred); /* clean up memory on failure */ + cred = NULL; + goto cleanup; + } + + cred->usage = GSS_C_INITIATE; /* we can't accept with this */ + /* cred->princ already set */ + cred->prerfc_mech = 1; /* this cred will work with all three mechs */ + cred->rfc_mech = 1; + cred->keytab = NULL; /* no keytab associated with this... */ + cred->tgt_expire = creds[0]->times.endtime; /* store the end time */ + cred->ccache = ccache; /* the ccache containing the credential */ + ccache = NULL; /* cred takes ownership so don't destroy */ } /* If there were errors, there might have been a memory leak @@ -193,16 +221,16 @@ rd_and_store_for_creds(context, auth_context, inbuf, out_cred) */ cleanup: if (creds) - krb5_free_tgt_creds(context, creds); + krb5_free_tgt_creds(context, creds); if (ccache) - (void)krb5_cc_destroy(context, ccache); + (void)krb5_cc_destroy(context, ccache); if (out_cred) - *out_cred = cred; /* return credential */ + *out_cred = cred; /* return credential */ if (new_auth_ctx) - krb5_auth_con_free(context, new_auth_ctx); + krb5_auth_con_free(context, new_auth_ctx); krb5_auth_con_setflags(context, auth_context, flags_org); @@ -210,12 +238,13 @@ cleanup: } -OM_uint32 -krb5_gss_accept_sec_context(minor_status, context_handle, - verifier_cred_handle, input_token, - input_chan_bindings, src_name, mech_type, - output_token, ret_flags, time_rec, - delegated_cred_handle) +/* + * Performs third leg of DCE authentication + */ +static OM_uint32 +kg_accept_dce(minor_status, context_handle, verifier_cred_handle, + input_token, input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, delegated_cred_handle) OM_uint32 *minor_status; gss_ctx_id_t *context_handle; gss_cred_id_t verifier_cred_handle; @@ -228,269 +257,400 @@ krb5_gss_accept_sec_context(minor_status, context_handle, OM_uint32 *time_rec; gss_cred_id_t *delegated_cred_handle; { - krb5_context context; - unsigned char *ptr, *ptr2; - char *sptr; - long tmp; - size_t md5len; - int bigend; - krb5_gss_cred_id_t cred = 0; - krb5_data ap_rep, ap_req; - unsigned int i; krb5_error_code code; - krb5_address addr, *paddr; - krb5_authenticator *authdat = 0; - krb5_checksum reqcksum; - krb5_principal name = NULL; - krb5_ui_4 gss_flags = 0; - int decode_req_message = 0; krb5_gss_ctx_id_rec *ctx = 0; krb5_timestamp now; - gss_buffer_desc token; - krb5_auth_context auth_context = NULL; - krb5_ticket * ticket = NULL; - int option_id; - krb5_data option; - const gss_OID_desc *mech_used = NULL; + krb5_principal name = NULL; + krb5_ui_4 nonce = 0; + krb5_data ap_rep; OM_uint32 major_status = GSS_S_FAILURE; - OM_uint32 tmp_minor_status; - krb5_error krb_error_data; - krb5_data scratch; - gss_cred_id_t cred_handle = NULL; - krb5_gss_cred_id_t deleg_cred = NULL; - krb5int_access kaccess; - int cred_rcache = 0; - - code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); - if (code) { - *minor_status = code; - return(GSS_S_FAILURE); - } - code = krb5_gss_init_context(&context); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } - - /* set up returns to be freeable */ - - if (src_name) - *src_name = (gss_name_t) NULL; output_token->length = 0; output_token->value = NULL; - token.value = 0; - reqcksum.contents = 0; - ap_req.data = 0; - ap_rep.data = 0; - + if (mech_type) *mech_type = GSS_C_NULL_OID; /* return a bogus cred handle */ if (delegated_cred_handle) *delegated_cred_handle = GSS_C_NO_CREDENTIAL; - /* - * Context handle must be unspecified. Actually, it must be - * non-established, but currently, accept_sec_context never returns - * a non-established context handle. - */ - /*SUPPRESS 29*/ - if (*context_handle != GSS_C_NO_CONTEXT) { - *minor_status = EINVAL; - save_error_string(EINVAL, "accept_sec_context called with existing context handle"); - krb5_free_context(context); - return(GSS_S_FAILURE); + ctx = (krb5_gss_ctx_id_rec *)*context_handle; + + code = krb5_timeofday(ctx->k5_context, &now); + if (code != 0) { + major_status = GSS_S_FAILURE; + goto fail; + } + + if (ctx->krb_times.endtime < now) { + code = 0; + major_status = GSS_S_CREDENTIALS_EXPIRED; + goto fail; } - /* handle default cred handle */ - if (verifier_cred_handle == GSS_C_NO_CREDENTIAL) { - major_status = krb5_gss_acquire_cred(minor_status, GSS_C_NO_NAME, - GSS_C_INDEFINITE, GSS_C_NO_OID_SET, - GSS_C_ACCEPT, &cred_handle, - NULL, NULL); - if (major_status != GSS_S_COMPLETE) { - code = *minor_status; + ap_rep.data = input_token->value; + ap_rep.length = input_token->length; + + code = krb5_rd_rep_dce(ctx->k5_context, + ctx->auth_context, + &ap_rep, + &nonce); + if (code != 0) { + major_status = GSS_S_FAILURE; + goto fail; + } + + ctx->established = 1; + + if (src_name) { + if ((code = krb5_copy_principal(ctx->k5_context, ctx->there, &name))) { + major_status = GSS_S_FAILURE; goto fail; } - } else { - major_status = krb5_gss_validate_cred(minor_status, - verifier_cred_handle); - if (GSS_ERROR(major_status)) { - code = *minor_status; + /* intern the src_name */ + if (! kg_save_name((gss_name_t) name)) { + code = G_VALIDATE_FAILED; + major_status = GSS_S_FAILURE; goto fail; } - cred_handle = verifier_cred_handle; + *src_name = (gss_name_t) name; } - cred = (krb5_gss_cred_id_t) cred_handle; + if (mech_type) + *mech_type = ctx->mech_used; - /* make sure the supplied credentials are valid for accept */ + if (time_rec) + *time_rec = ctx->krb_times.endtime - now; - if ((cred->usage != GSS_C_ACCEPT) && - (cred->usage != GSS_C_BOTH)) { - code = 0; - major_status = GSS_S_NO_CRED; - goto fail; - } + if (ret_flags) + *ret_flags = ctx->gss_flags; - /* verify the token's integrity, and leave the token in ap_req. - figure out which mech oid was used, and save it */ - - ptr = (unsigned char *) input_token->value; - - if (!(code = g_verify_token_header(gss_mech_krb5, - &(ap_req.length), - &ptr, KG_TOK_CTX_AP_REQ, - input_token->length, 1))) { - mech_used = gss_mech_krb5; - } else if ((code == G_WRONG_MECH) - &&!(code = g_verify_token_header((gss_OID) gss_mech_krb5_wrong, - &(ap_req.length), - &ptr, KG_TOK_CTX_AP_REQ, - input_token->length, 1))) { - mech_used = gss_mech_krb5_wrong; - } else if ((code == G_WRONG_MECH) && - !(code = g_verify_token_header(gss_mech_krb5_old, - &(ap_req.length), - &ptr, KG_TOK_CTX_AP_REQ, - input_token->length, 1))) { - /* - * Previous versions of this library used the old mech_id - * and some broken behavior (wrong IV on checksum - * encryption). We support the old mech_id for - * compatibility, and use it to decide when to use the - * old behavior. - */ - mech_used = gss_mech_krb5_old; - } else if (code == G_WRONG_TOKID) { - major_status = GSS_S_CONTINUE_NEEDED; - code = KRB5KRB_AP_ERR_MSG_TYPE; - mech_used = gss_mech_krb5; - goto fail; - } else { - major_status = GSS_S_DEFECTIVE_TOKEN; - goto fail; - } + /* XXX no support for delegated credentials yet */ - sptr = (char *) ptr; - TREAD_STR(sptr, ap_req.data, ap_req.length); - decode_req_message = 1; + *minor_status = 0; - /* construct the sender_addr */ + return GSS_S_COMPLETE; - if ((input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) && - (input_chan_bindings->initiator_addrtype == GSS_C_AF_INET)) { - /* XXX is this right? */ - addr.addrtype = ADDRTYPE_INET; - addr.length = input_chan_bindings->initiator_address.length; - addr.contents = input_chan_bindings->initiator_address.value; + fail: + /* real failure code follows */ - paddr = &addr; - } else { - paddr = NULL; - } + if (ctx) + (void) krb5_gss_delete_sec_context(minor_status, + (gss_ctx_id_t *) &ctx, NULL); + *context_handle = GSS_C_NO_CONTEXT; + *minor_status = code; - /* decode the AP_REQ message */ + return major_status; +} - /* decode the message */ +static OM_uint32 +kg_accept_krb5(minor_status, context_handle, + verifier_cred_handle, input_token, + input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, + delegated_cred_handle) + OM_uint32 *minor_status; + gss_ctx_id_t *context_handle; + gss_cred_id_t verifier_cred_handle; + gss_buffer_t input_token; + gss_channel_bindings_t input_chan_bindings; + gss_name_t *src_name; + gss_OID *mech_type; + gss_buffer_t output_token; + OM_uint32 *ret_flags; + OM_uint32 *time_rec; + gss_cred_id_t *delegated_cred_handle; +{ + krb5_context context; + unsigned char *ptr, *ptr2; + char *sptr; + OM_uint32 tmp; + size_t md5len; + int bigend; + krb5_gss_cred_id_t cred = 0; + krb5_data ap_rep, ap_req; + unsigned int i; + krb5_error_code code; + krb5_address addr, *paddr; + krb5_authenticator *authdat = 0; + krb5_checksum reqcksum; + krb5_principal name = NULL; + krb5_ui_4 gss_flags = 0; + int decode_req_message = 0; + krb5_gss_ctx_id_rec *ctx = NULL; + krb5_timestamp now; + gss_buffer_desc token; + krb5_auth_context auth_context = NULL; + krb5_ticket * ticket = NULL; + int option_id; + krb5_data option; + const gss_OID_desc *mech_used = NULL; + OM_uint32 major_status = GSS_S_FAILURE; + OM_uint32 tmp_minor_status; + krb5_error krb_error_data; + krb5_data scratch; + gss_cred_id_t cred_handle = NULL; + krb5_gss_cred_id_t deleg_cred = NULL; + krb5int_access kaccess; + int cred_rcache = 0; + int no_encap = 0; + krb5_flags ap_req_options = 0; + + code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); + if (code) { + *minor_status = code; + return(GSS_S_FAILURE); + } - if ((code = krb5_auth_con_init(context, &auth_context))) { - major_status = GSS_S_FAILURE; - save_error_info(code, context); - goto fail; - } - if (cred->rcache) { - cred_rcache = 1; - if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) { - major_status = GSS_S_FAILURE; - goto fail; - } - } - if ((code = krb5_auth_con_setaddrs(context, auth_context, NULL, paddr))) { - major_status = GSS_S_FAILURE; - goto fail; - } + code = krb5_gss_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } - if ((code = krb5_rd_req(context, &auth_context, &ap_req, cred->princ, - cred->keytab, NULL, &ticket))) { - major_status = GSS_S_FAILURE; - goto fail; - } - krb5_auth_con_setflags(context, auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); + /* set up returns to be freeable */ + + if (src_name) + *src_name = (gss_name_t) NULL; + output_token->length = 0; + output_token->value = NULL; + token.value = 0; + reqcksum.contents = 0; + ap_req.data = 0; + ap_rep.data = 0; + + if (mech_type) + *mech_type = GSS_C_NULL_OID; + /* return a bogus cred handle */ + if (delegated_cred_handle) + *delegated_cred_handle = GSS_C_NO_CREDENTIAL; + + /* handle default cred handle */ + if (verifier_cred_handle == GSS_C_NO_CREDENTIAL) { + major_status = krb5_gss_acquire_cred(minor_status, GSS_C_NO_NAME, + GSS_C_INDEFINITE, GSS_C_NO_OID_SET, + GSS_C_ACCEPT, &cred_handle, + NULL, NULL); + if (major_status != GSS_S_COMPLETE) { + code = *minor_status; + goto fail; + } + } else { + major_status = krb5_gss_validate_cred(minor_status, + verifier_cred_handle); + if (GSS_ERROR(major_status)) { + code = *minor_status; + goto fail; + } + cred_handle = verifier_cred_handle; + } + + cred = (krb5_gss_cred_id_t) cred_handle; + + /* make sure the supplied credentials are valid for accept */ + + if ((cred->usage != GSS_C_ACCEPT) && + (cred->usage != GSS_C_BOTH)) { + code = 0; + major_status = GSS_S_NO_CRED; + goto fail; + } + + /* verify the token's integrity, and leave the token in ap_req. + figure out which mech oid was used, and save it */ + + ptr = (unsigned char *) input_token->value; + + if (!(code = g_verify_token_header(gss_mech_krb5, + &(ap_req.length), + &ptr, KG_TOK_CTX_AP_REQ, + input_token->length, 1))) { + mech_used = gss_mech_krb5; + } else if ((code == G_WRONG_MECH) + &&!(code = g_verify_token_header((gss_OID) gss_mech_krb5_wrong, + &(ap_req.length), + &ptr, KG_TOK_CTX_AP_REQ, + input_token->length, 1))) { + mech_used = gss_mech_krb5_wrong; + } else if ((code == G_WRONG_MECH) && + !(code = g_verify_token_header(gss_mech_krb5_old, + &(ap_req.length), + &ptr, KG_TOK_CTX_AP_REQ, + input_token->length, 1))) { + /* + * Previous versions of this library used the old mech_id + * and some broken behavior (wrong IV on checksum + * encryption). We support the old mech_id for + * compatibility, and use it to decide when to use the + * old behavior. + */ + mech_used = gss_mech_krb5_old; + } else if (code == G_WRONG_TOKID) { + major_status = GSS_S_CONTINUE_NEEDED; + code = KRB5KRB_AP_ERR_MSG_TYPE; + mech_used = gss_mech_krb5; + goto fail; + } else if (code == G_BAD_TOK_HEADER) { + /* DCE style not encapsulated */ + ap_req.length = input_token->length; + ap_req.data = input_token->value; + mech_used = gss_mech_krb5; + no_encap = 1; + } else { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto fail; + } - krb5_auth_con_getauthenticator(context, auth_context, &authdat); + sptr = (char *) ptr; + TREAD_STR(sptr, ap_req.data, ap_req.length); + decode_req_message = 1; + + /* construct the sender_addr */ + + if ((input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) && + (input_chan_bindings->initiator_addrtype == GSS_C_AF_INET)) { + /* XXX is this right? */ + addr.addrtype = ADDRTYPE_INET; + addr.length = input_chan_bindings->initiator_address.length; + addr.contents = input_chan_bindings->initiator_address.value; + + paddr = &addr; + } else { + paddr = NULL; + } + + /* decode the AP_REQ message */ + + /* decode the message */ + + if ((code = krb5_auth_con_init(context, &auth_context))) { + major_status = GSS_S_FAILURE; + save_error_info((OM_uint32)code, context); + goto fail; + } + if (cred->rcache) { + cred_rcache = 1; + if ((code = krb5_auth_con_setrcache(context, auth_context, cred->rcache))) { + major_status = GSS_S_FAILURE; + goto fail; + } + } + if ((code = krb5_auth_con_setaddrs(context, auth_context, NULL, paddr))) { + major_status = GSS_S_FAILURE; + goto fail; + } + + if ((code = krb5_rd_req(context, &auth_context, &ap_req, cred->princ, + cred->keytab, &ap_req_options, &ticket))) { + major_status = GSS_S_FAILURE; + goto fail; + } + krb5_auth_con_setflags(context, auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + + krb5_auth_con_getauthenticator(context, auth_context, &authdat); #if 0 - /* make sure the necessary parts of the authdat are present */ + /* make sure the necessary parts of the authdat are present */ - if ((authdat->authenticator->subkey == NULL) || - (authdat->ticket->enc_part2 == NULL)) { - code = KG_NO_SUBKEY; - major_status = GSS_S_FAILURE; - goto fail; - } + if ((authdat->authenticator->subkey == NULL) || + (authdat->ticket->enc_part2 == NULL)) { + code = KG_NO_SUBKEY; + major_status = GSS_S_FAILURE; + goto fail; + } #endif - { - /* gss krb5 v1 */ + if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) { + /* Samba does not send 0x8003 GSS-API checksums */ + krb5_boolean valid; + krb5_keyblock *subkey; + krb5_data zero; - /* stash this now, for later. */ - code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len); - if (code) { - major_status = GSS_S_FAILURE; - goto fail; - } + code = krb5_auth_con_getkey(context, auth_context, &subkey); + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } + + zero.length = 0; + zero.data = ""; + + code = krb5_c_verify_checksum(context, + subkey, + KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM, + &zero, + authdat->checksum, + &valid); + if (code || !valid) { + major_status = GSS_S_BAD_SIG; + krb5_free_keyblock(context, subkey); + goto fail; + } + + gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; + bigend = 0; + decode_req_message = 0; + + krb5_free_keyblock(context, subkey); + } else { + /* gss krb5 v1 */ - /* verify that the checksum is correct */ + /* stash this now, for later. */ + code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &md5len); + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } - /* - The checksum may be either exactly 24 bytes, in which case - no options are specified, or greater than 24 bytes, in which case - one or more options are specified. Currently, the only valid - option is KRB5_GSS_FOR_CREDS_OPTION ( = 1 ). - */ + /* verify that the checksum is correct */ - if ((authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) || - (authdat->checksum->length < 24)) { - code = 0; - major_status = GSS_S_BAD_BINDINGS; - goto fail; - } + /* + The checksum may be either exactly 24 bytes, in which case + no options are specified, or greater than 24 bytes, in which case + one or more options are specified. Currently, the only valid + option is KRB5_GSS_FOR_CREDS_OPTION ( = 1 ). + */ - /* - "Be liberal in what you accept, and - conservative in what you send" - -- rfc1123 + if ((authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) || + (authdat->checksum->length < 24)) { + code = 0; + major_status = GSS_S_BAD_BINDINGS; + goto fail; + } - This code will let this acceptor interoperate with an initiator - using little-endian or big-endian integer encoding. - */ + /* + "Be liberal in what you accept, and + conservative in what you send" + -- rfc1123 - ptr = (unsigned char *) authdat->checksum->contents; - bigend = 0; + This code will let this acceptor interoperate with an initiator + using little-endian or big-endian integer encoding. + */ - TREAD_INT(ptr, tmp, bigend); + ptr = (unsigned char *) authdat->checksum->contents; + bigend = 0; - if (tmp != md5len) { - ptr = (unsigned char *) authdat->checksum->contents; - bigend = 1; + TREAD_INT(ptr, tmp, bigend); - TREAD_INT(ptr, tmp, bigend); + if (tmp != md5len) { + ptr = (unsigned char *) authdat->checksum->contents; + bigend = 1; - if (tmp != md5len) { - code = KG_BAD_LENGTH; - major_status = GSS_S_FAILURE; - goto fail; - } - } + TREAD_INT(ptr, tmp, bigend); - /* at this point, bigend is set according to the initiator's - byte order */ + if (tmp != md5len) { + code = KG_BAD_LENGTH; + major_status = GSS_S_FAILURE; + goto fail; + } + } + /* at this point, bigend is set according to the initiator's + byte order */ - /* + + /* The following section of code attempts to implement the optional channel binding facility as described in RFC2743. @@ -503,507 +663,542 @@ krb5_gss_accept_sec_context(minor_status, context_handle, a checksum and compare against those provided by the client. */ - if ((code = kg_checksum_channel_bindings(context, - input_chan_bindings, - &reqcksum, bigend))) { - major_status = GSS_S_BAD_BINDINGS; - goto fail; - } + if ((code = kg_checksum_channel_bindings(context, + input_chan_bindings, + &reqcksum, bigend))) { + major_status = GSS_S_BAD_BINDINGS; + goto fail; + } - /* Always read the clients bindings - eventhough we might ignore them */ - TREAD_STR(ptr, ptr2, reqcksum.length); - - if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) { - if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) { - xfree(reqcksum.contents); - reqcksum.contents = 0; - code = 0; - major_status = GSS_S_BAD_BINDINGS; - goto fail; - } - - } + /* Always read the clients bindings - eventhough we might ignore them */ + TREAD_STR(ptr, ptr2, reqcksum.length); - xfree(reqcksum.contents); - reqcksum.contents = 0; + if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS ) { + if (memcmp(ptr2, reqcksum.contents, reqcksum.length) != 0) { + xfree(reqcksum.contents); + reqcksum.contents = 0; + code = 0; + major_status = GSS_S_BAD_BINDINGS; + goto fail; + } - TREAD_INT(ptr, gss_flags, bigend); + } + + xfree(reqcksum.contents); + reqcksum.contents = 0; + + TREAD_INT(ptr, gss_flags, bigend); #if 0 - gss_flags &= ~GSS_C_DELEG_FLAG; /* mask out the delegation flag; if - there's a delegation, we'll set - it below */ + gss_flags &= ~GSS_C_DELEG_FLAG; /* mask out the delegation flag; if + there's a delegation, we'll set + it below */ #endif - decode_req_message = 0; + decode_req_message = 0; - /* if the checksum length > 24, there are options to process */ + /* if the checksum length > 24, there are options to process */ - if(authdat->checksum->length > 24 && (gss_flags & GSS_C_DELEG_FLAG)) { + if(authdat->checksum->length > 24 && (gss_flags & GSS_C_DELEG_FLAG)) { - i = authdat->checksum->length - 24; + i = authdat->checksum->length - 24; - if (i >= 4) { + if (i >= 4) { - TREAD_INT16(ptr, option_id, bigend); + TREAD_INT16(ptr, option_id, bigend); - TREAD_INT16(ptr, option.length, bigend); + TREAD_INT16(ptr, option.length, bigend); - i -= 4; + i -= 4; - if (i < option.length || option.length < 0) { - code = KG_BAD_LENGTH; - major_status = GSS_S_FAILURE; - goto fail; - } + if (i < option.length || option.length < 0) { + code = KG_BAD_LENGTH; + major_status = GSS_S_FAILURE; + goto fail; + } - /* have to use ptr2, since option.data is wrong type and - macro uses ptr as both lvalue and rvalue */ + /* have to use ptr2, since option.data is wrong type and + macro uses ptr as both lvalue and rvalue */ - TREAD_STR(ptr, ptr2, option.length); - option.data = (char *) ptr2; + TREAD_STR(ptr, ptr2, option.length); + option.data = (char *) ptr2; - i -= option.length; + i -= option.length; - if (option_id != KRB5_GSS_FOR_CREDS_OPTION) { - major_status = GSS_S_FAILURE; - goto fail; - } + if (option_id != KRB5_GSS_FOR_CREDS_OPTION) { + major_status = GSS_S_FAILURE; + goto fail; + } - /* store the delegated credential */ + /* store the delegated credential */ - code = rd_and_store_for_creds(context, auth_context, &option, - (delegated_cred_handle) ? - &deleg_cred : NULL); - if (code) { - major_status = GSS_S_FAILURE; - goto fail; - } + code = rd_and_store_for_creds(context, auth_context, &option, + (delegated_cred_handle) ? + &deleg_cred : NULL); + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } - } /* if i >= 4 */ - /* ignore any additional trailing data, for now */ + } /* if i >= 4 */ + /* ignore any additional trailing data, for now */ #ifdef CFX_EXERCISE - { - FILE *f = fopen("/tmp/gsslog", "a"); - if (f) { - fprintf(f, - "initial context token with delegation, %d extra bytes\n", - i); - fclose(f); - } - } + { + FILE *f = fopen("/tmp/gsslog", "a"); + if (f) { + fprintf(f, + "initial context token with delegation, %d extra bytes\n", + i); + fclose(f); + } + } #endif - } else { + } else { #ifdef CFX_EXERCISE - { - FILE *f = fopen("/tmp/gsslog", "a"); - if (f) { - if (gss_flags & GSS_C_DELEG_FLAG) - fprintf(f, - "initial context token, delegation flag but too small\n"); - else - /* no deleg flag, length might still be too big */ - fprintf(f, - "initial context token, %d extra bytes\n", - authdat->checksum->length - 24); - fclose(f); - } - } + { + FILE *f = fopen("/tmp/gsslog", "a"); + if (f) { + if (gss_flags & GSS_C_DELEG_FLAG) + fprintf(f, + "initial context token, delegation flag but too small\n"); + else + /* no deleg flag, length might still be too big */ + fprintf(f, + "initial context token, %d extra bytes\n", + authdat->checksum->length - 24); + fclose(f); + } + } #endif - } - } - - /* create the ctx struct and start filling it in */ - - if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec))) - == NULL) { - code = ENOMEM; - major_status = GSS_S_FAILURE; - goto fail; - } - - memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec)); - ctx->mech_used = (gss_OID) mech_used; - ctx->auth_context = auth_context; - ctx->initiate = 0; - ctx->gss_flags = (GSS_C_TRANS_FLAG | - ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | - GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG))); - ctx->seed_init = 0; - ctx->big_endian = bigend; - ctx->cred_rcache = cred_rcache; - - /* Intern the ctx pointer so that delete_sec_context works */ - if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { - xfree(ctx); - ctx = 0; - - code = G_VALIDATE_FAILED; - major_status = GSS_S_FAILURE; - goto fail; - } - - if ((code = krb5_copy_principal(context, ticket->server, &ctx->here))) { - major_status = GSS_S_FAILURE; - goto fail; - } - - if ((code = krb5_copy_principal(context, authdat->client, &ctx->there))) { - major_status = GSS_S_FAILURE; - goto fail; - } - - if ((code = krb5_auth_con_getrecvsubkey(context, auth_context, - &ctx->subkey))) { - major_status = GSS_S_FAILURE; - goto fail; - } - - /* use the session key if the subkey isn't present */ - - if (ctx->subkey == NULL) { - if ((code = krb5_auth_con_getkey(context, auth_context, - &ctx->subkey))) { - major_status = GSS_S_FAILURE; - goto fail; - } - } - - if (ctx->subkey == NULL) { - /* this isn't a very good error, but it's not clear to me this - can actually happen */ - major_status = GSS_S_FAILURE; - code = KRB5KDC_ERR_NULL_KEY; - goto fail; - } - - ctx->proto = 0; - switch(ctx->subkey->enctype) { - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_CRC: - ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW; - ctx->signalg = SGN_ALG_DES_MAC_MD5; - ctx->cksum_size = 8; - ctx->sealalg = SEAL_ALG_DES; - - /* fill in the encryption descriptors */ - - if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) { - major_status = GSS_S_FAILURE; - goto fail; - } - - for (i=0; ienc->length; i++) - /*SUPPRESS 113*/ - ctx->enc->contents[i] ^= 0xf0; + } + } - goto copy_subkey_to_seq; + /* only DCE_STYLE clients are allowed to send raw AP-REQs */ + if (no_encap != ((gss_flags & GSS_C_DCE_STYLE) != 0)) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto fail; + } - case ENCTYPE_DES3_CBC_SHA1: - ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW; - ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD; - ctx->cksum_size = 20; - ctx->sealalg = SEAL_ALG_DES3KD; + /* create the ctx struct and start filling it in */ - /* fill in the encryption descriptors */ - copy_subkey: - if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) { - major_status = GSS_S_FAILURE; - goto fail; - } - copy_subkey_to_seq: - if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->seq))) { - major_status = GSS_S_FAILURE; - goto fail; - } - break; - - case ENCTYPE_ARCFOUR_HMAC: - ctx->signalg = SGN_ALG_HMAC_MD5 ; - ctx->cksum_size = 8; - ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ; - goto copy_subkey; - - default: - ctx->signalg = -1; - ctx->sealalg = -1; - ctx->proto = 1; - code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype, - &ctx->cksumtype); - if (code) - goto fail; - code = krb5_c_checksum_length(context, ctx->cksumtype, - &ctx->cksum_size); - if (code) - goto fail; - ctx->have_acceptor_subkey = 0; - goto copy_subkey; - } - - ctx->endtime = ticket->enc_part2->times.endtime; - ctx->krb_flags = ticket->enc_part2->flags; + if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec))) + == NULL) { + code = ENOMEM; + major_status = GSS_S_FAILURE; + goto fail; + } - krb5_free_ticket(context, ticket); /* Done with ticket */ + memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec)); + ctx->mech_used = (gss_OID) mech_used; + ctx->auth_context = auth_context; + ctx->initiate = 0; + ctx->gss_flags = (GSS_C_TRANS_FLAG | + ((gss_flags) & (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | + GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | + GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG | + GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG | + GSS_C_EXTENDED_ERROR_FLAG))); + ctx->seed_init = 0; + ctx->big_endian = bigend; + ctx->cred_rcache = cred_rcache; + + /* Intern the ctx pointer so that delete_sec_context works */ + if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { + xfree(ctx); + ctx = 0; + + code = G_VALIDATE_FAILED; + major_status = GSS_S_FAILURE; + goto fail; + } - { - krb5_ui_4 seq_temp; - krb5_auth_con_getremoteseqnumber(context, auth_context, &seq_temp); - ctx->seq_recv = seq_temp; - } + /* XXX move this into gss_name_t */ + if (ticket->enc_part2->authorization_data != NULL && + (code = krb5_copy_authdata(context, + ticket->enc_part2->authorization_data, + &ctx->authdata))) { + major_status = GSS_S_FAILURE; + goto fail; + } + if ((code = krb5_copy_principal(context, ticket->server, &ctx->here))) { + major_status = GSS_S_FAILURE; + goto fail; + } - if ((code = krb5_timeofday(context, &now))) { - major_status = GSS_S_FAILURE; - goto fail; - } + if ((code = krb5_copy_principal(context, authdat->client, &ctx->there))) { + major_status = GSS_S_FAILURE; + goto fail; + } - if (ctx->endtime < now) { - code = 0; - major_status = GSS_S_CREDENTIALS_EXPIRED; - goto fail; - } + if ((code = krb5_auth_con_getrecvsubkey(context, auth_context, + &ctx->subkey))) { + major_status = GSS_S_FAILURE; + goto fail; + } - g_order_init(&(ctx->seqstate), ctx->seq_recv, - (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, - (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto); - - /* at this point, the entire context structure is filled in, - so it can be released. */ - - /* generate an AP_REP if necessary */ - - if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) { - unsigned char * ptr3; - krb5_ui_4 seq_temp; - int cfx_generate_subkey; - - if (ctx->proto == 1) - cfx_generate_subkey = CFX_ACCEPTOR_SUBKEY; - else - cfx_generate_subkey = 0; - - if (cfx_generate_subkey) { - krb5_int32 acflags; - code = krb5_auth_con_getflags(context, auth_context, &acflags); - if (code == 0) { - acflags |= KRB5_AUTH_CONTEXT_USE_SUBKEY; - code = krb5_auth_con_setflags(context, auth_context, acflags); - } - if (code) { - major_status = GSS_S_FAILURE; - goto fail; - } - } + /* use the session key if the subkey isn't present */ - if ((code = krb5_mk_rep(context, auth_context, &ap_rep))) { - major_status = GSS_S_FAILURE; - goto fail; - } + if (ctx->subkey == NULL) { + if ((code = krb5_auth_con_getkey(context, auth_context, + &ctx->subkey))) { + major_status = GSS_S_FAILURE; + goto fail; + } + } - krb5_auth_con_getlocalseqnumber(context, auth_context, &seq_temp); - ctx->seq_send = seq_temp & 0xffffffffL; - - if (cfx_generate_subkey) { - /* Get the new acceptor subkey. With the code above, there - should always be one if we make it to this point. */ - code = krb5_auth_con_getsendsubkey(context, auth_context, - &ctx->acceptor_subkey); - if (code != 0) { - major_status = GSS_S_FAILURE; - goto fail; - } - code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, - ctx->acceptor_subkey->enctype, - &ctx->acceptor_subkey_cksumtype); - if (code) { - major_status = GSS_S_FAILURE; - goto fail; - } - ctx->have_acceptor_subkey = 1; - } + if (ctx->subkey == NULL) { + /* this isn't a very good error, but it's not clear to me this + can actually happen */ + major_status = GSS_S_FAILURE; + code = KRB5KDC_ERR_NULL_KEY; + goto fail; + } - /* the reply token hasn't been sent yet, but that's ok. */ - ctx->gss_flags |= GSS_C_PROT_READY_FLAG; - ctx->established = 1; + ctx->enc = NULL; + ctx->seq = NULL; + ctx->have_acceptor_subkey = 0; + /* DCE_STYLE implies acceptor_subkey */ + if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0) { + code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype); + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } + } + ctx->krb_times = ticket->enc_part2->times; /* struct copy */ + ctx->krb_flags = ticket->enc_part2->flags; - token.length = g_token_size(mech_used, ap_rep.length); + krb5_free_ticket(context, ticket); /* Done with ticket */ - if ((token.value = (unsigned char *) xmalloc(token.length)) - == NULL) { - major_status = GSS_S_FAILURE; - code = ENOMEM; - goto fail; - } - ptr3 = token.value; - g_make_token_header(mech_used, ap_rep.length, - &ptr3, KG_TOK_CTX_AP_REP); + { + krb5_int32 seq_temp; + krb5_auth_con_getremoteseqnumber(context, auth_context, &seq_temp); + ctx->seq_recv = seq_temp; + } - TWRITE_STR(ptr3, ap_rep.data, ap_rep.length); + if ((code = krb5_timeofday(context, &now))) { + major_status = GSS_S_FAILURE; + goto fail; + } - ctx->established = 1; + if (ctx->krb_times.endtime < now) { + code = 0; + major_status = GSS_S_CREDENTIALS_EXPIRED; + goto fail; + } - } else { - token.length = 0; - token.value = NULL; - ctx->seq_send = ctx->seq_recv; + g_order_init(&(ctx->seqstate), ctx->seq_recv, + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto); + + /* DCE_STYLE implies mutual authentication */ + if (ctx->gss_flags & GSS_C_DCE_STYLE) + ctx->gss_flags |= GSS_C_MUTUAL_FLAG; + + /* at this point, the entire context structure is filled in, + so it can be released. */ + + /* generate an AP_REP if necessary */ + + if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) { + unsigned char * ptr3; + krb5_int32 seq_temp; + int cfx_generate_subkey; + + if (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) || + (ap_req_options & AP_OPTS_USE_SUBKEY)) + cfx_generate_subkey = CFX_ACCEPTOR_SUBKEY; + else + cfx_generate_subkey = 0; + + if (cfx_generate_subkey) { + krb5_int32 acflags; + code = krb5_auth_con_getflags(context, auth_context, &acflags); + if (code == 0) { + acflags |= KRB5_AUTH_CONTEXT_USE_SUBKEY; + code = krb5_auth_con_setflags(context, auth_context, acflags); + } + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } + } + + if ((code = krb5_mk_rep(context, auth_context, &ap_rep))) { + major_status = GSS_S_FAILURE; + goto fail; + } + + krb5_auth_con_getlocalseqnumber(context, auth_context, &seq_temp); + ctx->seq_send = seq_temp & 0xffffffffL; + + if (cfx_generate_subkey) { + /* Get the new acceptor subkey. With the code above, there + should always be one if we make it to this point. */ + code = krb5_auth_con_getsendsubkey(context, auth_context, + &ctx->acceptor_subkey); + if (code != 0) { + major_status = GSS_S_FAILURE; + goto fail; + } + ctx->have_acceptor_subkey = 1; + + code = kg_setup_keys(context, ctx, ctx->acceptor_subkey, + &ctx->acceptor_subkey_cksumtype); + if (code) { + major_status = GSS_S_FAILURE; + goto fail; + } + } + + /* the reply token hasn't been sent yet, but that's ok. */ + if (ctx->gss_flags & GSS_C_DCE_STYLE) { + assert(ctx->have_acceptor_subkey); + + /* in order to force acceptor subkey to be used, don't set PROT_READY */ + + /* Raw AP-REP is returned */ + output_token->length = ap_rep.length; + output_token->value = ap_rep.data; + ap_rep.data = NULL; /* don't double free */ + + ctx->established = 0; + + *context_handle = (gss_ctx_id_t)ctx; + *minor_status = 0; + major_status = GSS_S_CONTINUE_NEEDED; + + /* Only last leg should set return arguments */ + goto fail; + } else + ctx->gss_flags |= GSS_C_PROT_READY_FLAG; + + ctx->established = 1; + + token.length = g_token_size(mech_used, ap_rep.length); + + if ((token.value = (unsigned char *) xmalloc(token.length)) + == NULL) { + major_status = GSS_S_FAILURE; + code = ENOMEM; + goto fail; + } + ptr3 = token.value; + g_make_token_header(mech_used, ap_rep.length, + &ptr3, KG_TOK_CTX_AP_REP); + + TWRITE_STR(ptr3, ap_rep.data, ap_rep.length); + + ctx->established = 1; + + } else { + token.length = 0; + token.value = NULL; + ctx->seq_send = ctx->seq_recv; + + ctx->established = 1; + } - ctx->established = 1; - } + /* set the return arguments */ + + if (src_name) { + if ((code = krb5_copy_principal(context, ctx->there, &name))) { + major_status = GSS_S_FAILURE; + goto fail; + } + /* intern the src_name */ + if (! kg_save_name((gss_name_t) name)) { + code = G_VALIDATE_FAILED; + major_status = GSS_S_FAILURE; + goto fail; + } + } - /* set the return arguments */ + if (mech_type) + *mech_type = (gss_OID) mech_used; - if (src_name) { - if ((code = krb5_copy_principal(context, ctx->there, &name))) { - major_status = GSS_S_FAILURE; - goto fail; - } - /* intern the src_name */ - if (! kg_save_name((gss_name_t) name)) { - code = G_VALIDATE_FAILED; - major_status = GSS_S_FAILURE; - goto fail; - } - } + if (time_rec) + *time_rec = ctx->krb_times.endtime - now; - if (mech_type) - *mech_type = (gss_OID) mech_used; + if (ret_flags) + *ret_flags = ctx->gss_flags; - if (time_rec) - *time_rec = ctx->endtime - now; + *context_handle = (gss_ctx_id_t)ctx; + *output_token = token; - if (ret_flags) - *ret_flags = ctx->gss_flags; + if (src_name) + *src_name = (gss_name_t) name; - *context_handle = (gss_ctx_id_t)ctx; - *output_token = token; + if (delegated_cred_handle && deleg_cred) { + if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) { + major_status = GSS_S_FAILURE; + code = G_VALIDATE_FAILED; + goto fail; + } - if (src_name) - *src_name = (gss_name_t) name; + *delegated_cred_handle = (gss_cred_id_t) deleg_cred; + } - if (delegated_cred_handle && deleg_cred) { - if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) { - major_status = GSS_S_FAILURE; - code = G_VALIDATE_FAILED; - goto fail; - } + /* finally! */ - *delegated_cred_handle = (gss_cred_id_t) deleg_cred; - } + *minor_status = 0; + major_status = GSS_S_COMPLETE; - /* finally! */ +fail: + if (authdat) + krb5_free_authenticator(context, authdat); + /* The ctx structure has the handle of the auth_context */ + if (auth_context && !ctx) { + if (cred_rcache) + (void)krb5_auth_con_setrcache(context, auth_context, NULL); - *minor_status = 0; - major_status = GSS_S_COMPLETE; + krb5_auth_con_free(context, auth_context); + } + if (reqcksum.contents) + xfree(reqcksum.contents); + if (ap_rep.data) + krb5_free_data_contents(context, &ap_rep); + if (major_status == GSS_S_COMPLETE || + (major_status == GSS_S_CONTINUE_NEEDED && code != KRB5KRB_AP_ERR_MSG_TYPE)) { + ctx->k5_context = context; + context = NULL; + goto done; + } - fail: - if (authdat) - krb5_free_authenticator(context, authdat); - /* The ctx structure has the handle of the auth_context */ - if (auth_context && !ctx) { - if (cred_rcache) - (void)krb5_auth_con_setrcache(context, auth_context, NULL); - - krb5_auth_con_free(context, auth_context); - } - if (reqcksum.contents) - xfree(reqcksum.contents); - if (ap_rep.data) - krb5_free_data_contents(context, &ap_rep); - - if (!GSS_ERROR(major_status) && major_status != GSS_S_CONTINUE_NEEDED) { - ctx->k5_context = context; - context = NULL; - goto done; - } + /* from here on is the real "fail" code */ + + if (ctx) + (void) krb5_gss_delete_sec_context(&tmp_minor_status, + (gss_ctx_id_t *) &ctx, NULL); + if (deleg_cred) { /* free memory associated with the deleg credential */ + if (deleg_cred->ccache) + (void)krb5_cc_close(context, deleg_cred->ccache); + if (deleg_cred->princ) + krb5_free_principal(context, deleg_cred->princ); + xfree(deleg_cred); + } + if (token.value) + xfree(token.value); + if (name) { + (void) kg_delete_name((gss_name_t) name); + krb5_free_principal(context, name); + } - /* from here on is the real "fail" code */ + *minor_status = code; - if (ctx) - (void) krb5_gss_delete_sec_context(&tmp_minor_status, - (gss_ctx_id_t *) &ctx, NULL); - if (deleg_cred) { /* free memory associated with the deleg credential */ - if (deleg_cred->ccache) - (void)krb5_cc_close(context, deleg_cred->ccache); - if (deleg_cred->princ) - krb5_free_principal(context, deleg_cred->princ); - xfree(deleg_cred); - } - if (token.value) - xfree(token.value); - if (name) { - (void) kg_delete_name((gss_name_t) name); - krb5_free_principal(context, name); - } + /* + * If decode_req_message is set, then we need to decode the ap_req + * message to determine whether or not to send a response token. + * We need to do this because for some errors we won't be able to + * decode the authenticator to read out the gss_flags field. + */ + if (decode_req_message) { + krb5_ap_req * request; - *minor_status = code; + if (decode_krb5_ap_req(&ap_req, &request)) + goto done; - /* - * If decode_req_message is set, then we need to decode the ap_req - * message to determine whether or not to send a response token. - * We need to do this because for some errors we won't be able to - * decode the authenticator to read out the gss_flags field. - */ - if (decode_req_message) { - krb5_ap_req * request; - - if (decode_krb5_ap_req(&ap_req, &request)) - goto done; - - if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED) - gss_flags |= GSS_C_MUTUAL_FLAG; - krb5_free_ap_req(context, request); - } + if (request->ap_options & AP_OPTS_MUTUAL_REQUIRED) + gss_flags |= GSS_C_MUTUAL_FLAG; + krb5_free_ap_req(context, request); + } - if (cred - && ((gss_flags & GSS_C_MUTUAL_FLAG) - || (major_status == GSS_S_CONTINUE_NEEDED))) { - unsigned int tmsglen; - int toktype; + if (cred + && ((gss_flags & GSS_C_MUTUAL_FLAG) + || (major_status == GSS_S_CONTINUE_NEEDED))) { + unsigned int tmsglen; + int toktype; - /* - * The client is expecting a response, so we can send an - * error token back - */ - memset(&krb_error_data, 0, sizeof(krb_error_data)); + /* + * The client is expecting a response, so we can send an + * error token back + */ + memset(&krb_error_data, 0, sizeof(krb_error_data)); - code -= ERROR_TABLE_BASE_krb5; - if (code < 0 || code > 128) - code = 60 /* KRB_ERR_GENERIC */; + code -= ERROR_TABLE_BASE_krb5; + if (code < 0 || code > 128) + code = 60 /* KRB_ERR_GENERIC */; - krb_error_data.error = code; - (void) krb5_us_timeofday(context, &krb_error_data.stime, - &krb_error_data.susec); - krb_error_data.server = cred->princ; + krb_error_data.error = code; + (void) krb5_us_timeofday(context, &krb_error_data.stime, + &krb_error_data.susec); + krb_error_data.server = cred->princ; - code = krb5_mk_error(context, &krb_error_data, &scratch); - if (code) - goto done; + code = krb5_mk_error(context, &krb_error_data, &scratch); + if (code) + goto done; - tmsglen = scratch.length; - toktype = KG_TOK_CTX_ERROR; + tmsglen = scratch.length; + toktype = KG_TOK_CTX_ERROR; - token.length = g_token_size(mech_used, tmsglen); - token.value = (unsigned char *) xmalloc(token.length); - if (!token.value) - goto done; + token.length = g_token_size(mech_used, tmsglen); + token.value = (unsigned char *) xmalloc(token.length); + if (!token.value) + goto done; - ptr = token.value; - g_make_token_header(mech_used, tmsglen, &ptr, toktype); + ptr = token.value; + g_make_token_header(mech_used, tmsglen, &ptr, toktype); - TWRITE_STR(ptr, scratch.data, scratch.length); - krb5_free_data_contents(context, &scratch); + TWRITE_STR(ptr, scratch.data, scratch.length); + krb5_free_data_contents(context, &scratch); - *output_token = token; - } + *output_token = token; + } - done: - if (!verifier_cred_handle && cred_handle) { - krb5_gss_release_cred(&tmp_minor_status, &cred_handle); - } - if (context) { - if (major_status && *minor_status) - save_error_info(*minor_status, context); - krb5_free_context(context); - } - return (major_status); +done: + if (!verifier_cred_handle && cred_handle) { + krb5_gss_release_cred(&tmp_minor_status, &cred_handle); + } + if (context) { + if (major_status && *minor_status) + save_error_info(*minor_status, context); + krb5_free_context(context); + } + return (major_status); } #endif /* LEAN_CLIENT */ +OM_uint32 +krb5_gss_accept_sec_context(minor_status, context_handle, + verifier_cred_handle, input_token, + input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, + delegated_cred_handle) + OM_uint32 *minor_status; + gss_ctx_id_t *context_handle; + gss_cred_id_t verifier_cred_handle; + gss_buffer_t input_token; + gss_channel_bindings_t input_chan_bindings; + gss_name_t *src_name; + gss_OID *mech_type; + gss_buffer_t output_token; + OM_uint32 *ret_flags; + OM_uint32 *time_rec; + gss_cred_id_t *delegated_cred_handle; +{ + krb5_gss_ctx_id_rec *ctx = (krb5_gss_ctx_id_rec *)*context_handle; + + /* + * Context handle must be unspecified. Actually, it must be + * non-established, but currently, accept_sec_context never returns + * a non-established context handle. + */ + /*SUPPRESS 29*/ + if (ctx != NULL) { + if (ctx->established == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) { + return kg_accept_dce(minor_status, context_handle, + verifier_cred_handle, input_token, + input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, + delegated_cred_handle); + } else { + *minor_status = EINVAL; + save_error_string(EINVAL, "accept_sec_context called with existing context handle"); + return GSS_S_FAILURE; + } + } + + return kg_accept_krb5(minor_status, context_handle, + verifier_cred_handle, input_token, + input_chan_bindings, src_name, mech_type, + output_token, ret_flags, time_rec, + delegated_cred_handle); +} diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index a36dfe060f..98617d570f 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,11 +21,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -34,7 +35,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -46,14 +47,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -64,14 +65,13 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ #include "k5-int.h" -#include "gss_libinit.h" #include "gssapiP_krb5.h" #ifdef HAVE_STRING_H #include @@ -81,6 +81,7 @@ #if defined(USE_KIM) #include +#include "kim_library_private.h" #elif defined(USE_LEASH) #ifdef _WIN64 #define LEASH_DLL "leashw64.dll" @@ -96,598 +97,665 @@ k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER; static char *krb5_gss_keytab = NULL; /* Heimdal calls this gsskrb5_register_acceptor_identity. */ -OM_uint32 KRB5_CALLCONV -krb5_gss_register_acceptor_identity(const char *keytab) +OM_uint32 +gss_krb5int_register_acceptor_identity(OM_uint32 *minor_status, + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value) { char *new, *old; int err; - err = gssint_initialize_library(); + err = gss_krb5int_initialize_library(); if (err != 0) - return GSS_S_FAILURE; + return GSS_S_FAILURE; - if (keytab == NULL) - return GSS_S_FAILURE; + if (value->value == NULL) + return GSS_S_FAILURE; - new = strdup(keytab); + new = strdup((char *)value->value); if (new == NULL) - return GSS_S_FAILURE; + return GSS_S_FAILURE; err = k5_mutex_lock(&gssint_krb5_keytab_lock); if (err) { - free(new); - return GSS_S_FAILURE; + free(new); + return GSS_S_FAILURE; } old = krb5_gss_keytab; krb5_gss_keytab = new; k5_mutex_unlock(&gssint_krb5_keytab_lock); if (old != NULL) - free(old); + free(old); return GSS_S_COMPLETE; } /* get credentials corresponding to a key in the krb5 keytab. If the default name is requested, return the name in output_princ. - If output_princ is non-NULL, the caller will use or free it, regardless - of the return value. + If output_princ is non-NULL, the caller will use or free it, regardless + of the return value. If successful, set the keytab-specific fields in cred - */ +*/ -static OM_uint32 +static OM_uint32 acquire_accept_cred(context, minor_status, desired_name, output_princ, cred) - krb5_context context; - OM_uint32 *minor_status; - gss_name_t desired_name; - krb5_principal *output_princ; - krb5_gss_cred_id_rec *cred; + krb5_context context; + OM_uint32 *minor_status; + gss_name_t desired_name; + krb5_principal *output_princ; + krb5_gss_cred_id_rec *cred; { - krb5_error_code code; - krb5_principal princ; - krb5_keytab kt; - krb5_keytab_entry entry; + krb5_error_code code; + krb5_principal princ; + krb5_keytab kt; + krb5_keytab_entry entry; - *output_princ = NULL; - cred->keytab = NULL; + *output_princ = NULL; + cred->keytab = NULL; - /* open the default keytab */ + /* open the default keytab */ - code = gssint_initialize_library(); - if (code != 0) { - *minor_status = code; - return GSS_S_FAILURE; - } - code = k5_mutex_lock(&gssint_krb5_keytab_lock); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } - if (krb5_gss_keytab != NULL) { - code = krb5_kt_resolve(context, krb5_gss_keytab, &kt); - k5_mutex_unlock(&gssint_krb5_keytab_lock); - } else { - k5_mutex_unlock(&gssint_krb5_keytab_lock); - code = krb5_kt_default(context, &kt); - } + code = gss_krb5int_initialize_library(); + if (code != 0) { + *minor_status = code; + return GSS_S_FAILURE; + } + code = k5_mutex_lock(&gssint_krb5_keytab_lock); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } + if (krb5_gss_keytab != NULL) { + code = krb5_kt_resolve(context, krb5_gss_keytab, &kt); + k5_mutex_unlock(&gssint_krb5_keytab_lock); + } else { + k5_mutex_unlock(&gssint_krb5_keytab_lock); + code = krb5_kt_default(context, &kt); + } - if (code) { - *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } + if (code) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } - if (desired_name != GSS_C_NO_NAME) { - princ = (krb5_principal) desired_name; - if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) { - (void) krb5_kt_close(context, kt); - if (code == KRB5_KT_NOTFOUND) { - char *errstr = krb5_get_error_message(context, code); - krb5_set_error_message(context, KG_KEYTAB_NOMATCH, "%s", errstr); - krb5_free_error_message(context, errstr); - *minor_status = KG_KEYTAB_NOMATCH; - } else - *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } - krb5_kt_free_entry(context, &entry); + if (desired_name != GSS_C_NO_NAME) { + princ = (krb5_principal) desired_name; + if ((code = krb5_kt_get_entry(context, kt, princ, 0, 0, &entry))) { + (void) krb5_kt_close(context, kt); + if (code == KRB5_KT_NOTFOUND) { + char *errstr = (char *)krb5_get_error_message(context, code); + krb5_set_error_message(context, KG_KEYTAB_NOMATCH, "%s", errstr); + krb5_free_error_message(context, errstr); + *minor_status = KG_KEYTAB_NOMATCH; + } else + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + krb5_kt_free_entry(context, &entry); + + /* Open the replay cache for this principal. */ + if ((code = krb5_get_server_rcache(context, + krb5_princ_component(context, princ, 0), + &cred->rcache))) { + *minor_status = code; + return(GSS_S_FAILURE); + } - /* Open the replay cache for this principal. */ - if ((code = krb5_get_server_rcache(context, - krb5_princ_component(context, princ, 0), - &cred->rcache))) { - *minor_status = code; - return(GSS_S_FAILURE); - } - - } + } /* hooray. we made it */ - cred->keytab = kt; + cred->keytab = kt; - return(GSS_S_COMPLETE); + return(GSS_S_COMPLETE); } #endif /* LEAN_CLIENT */ /* get credentials corresponding to the default credential cache. If the default name is requested, return the name in output_princ. - If output_princ is non-NULL, the caller will use or free it, regardless - of the return value. + If output_princ is non-NULL, the caller will use or free it, regardless + of the return value. If successful, set the ccache-specific fields in cred. - */ +*/ -static OM_uint32 +static OM_uint32 acquire_init_cred(context, minor_status, desired_name, output_princ, cred) - krb5_context context; - OM_uint32 *minor_status; - gss_name_t desired_name; - krb5_principal *output_princ; - krb5_gss_cred_id_rec *cred; + krb5_context context; + OM_uint32 *minor_status; + gss_name_t desired_name; + krb5_principal *output_princ; + krb5_gss_cred_id_rec *cred; { - krb5_error_code code; - krb5_ccache ccache; - krb5_principal princ, tmp_princ; - krb5_flags flags; - krb5_cc_cursor cur; - krb5_creds creds; - int got_endtime; - int caller_provided_ccache_name = 0; - - cred->ccache = NULL; - - /* load the GSS ccache name into the kg_context */ - - if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) - return(GSS_S_FAILURE); - - /* check to see if the caller provided a ccache name if so - * we will just use that and not search the cache collection */ - if (GSS_ERROR(kg_caller_provided_ccache_name (minor_status, &caller_provided_ccache_name))) { - return(GSS_S_FAILURE); - } + krb5_error_code code; + krb5_ccache ccache; + krb5_principal princ, tmp_princ; + krb5_flags flags; + krb5_cc_cursor cur; + krb5_creds creds; + int got_endtime; + int caller_provided_ccache_name = 0; + + cred->ccache = NULL; + + /* load the GSS ccache name into the kg_context */ + + if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) + return(GSS_S_FAILURE); + + /* check to see if the caller provided a ccache name if so + * we will just use that and not search the cache collection */ + if (GSS_ERROR(kg_caller_provided_ccache_name (minor_status, &caller_provided_ccache_name))) { + return(GSS_S_FAILURE); + } #if defined(USE_KIM) || defined(USE_LEASH) - if (desired_name && !caller_provided_ccache_name) { + if (desired_name && !caller_provided_ccache_name) { #if defined(USE_KIM) - kim_error err = KIM_NO_ERROR; - kim_ccache kimccache = NULL; - kim_identity identity = NULL; - - err = kim_identity_create_from_krb5_principal (&identity, - context, - (krb5_principal) desired_name); - - if (!err) { - err = kim_ccache_create_new_if_needed (&kimccache, - identity, - KIM_OPTIONS_DEFAULT); - } - - if (!err) { - err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache); - } - - kim_ccache_free (&kimccache); - kim_identity_free (&identity); - - if (err) { - *minor_status = err; - return(GSS_S_CRED_UNAVAIL); - } - + kim_error err = KIM_NO_ERROR; + kim_ccache kimccache = NULL; + kim_identity identity = NULL; + kim_credential_state state; + krb5_principal desired_princ = (krb5_principal) desired_name; + + err = kim_identity_create_from_krb5_principal (&identity, + context, + desired_princ); + + if (!err) { + err = kim_ccache_create_from_client_identity (&kimccache, identity); + } + + if (!err) { + err = kim_ccache_get_state (kimccache, &state); + } + + if (!err && state != kim_credentials_state_valid) { + if (state == kim_credentials_state_needs_validation) { + err = kim_ccache_validate (kimccache, KIM_OPTIONS_DEFAULT); + } else { + kim_ccache_free (&kimccache); + ccache = NULL; + } + } + + if (!kimccache && kim_library_allow_automatic_prompting ()) { + /* ccache does not already exist, create a new one */ + err = kim_ccache_create_new (&kimccache, identity, + KIM_OPTIONS_DEFAULT); + } + + if (!err) { + err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache); + } + + kim_ccache_free (&kimccache); + kim_identity_free (&identity); + + if (err) { + *minor_status = err; + return(GSS_S_CRED_UNAVAIL); + } + #elif defined(USE_LEASH) - if ( hLeashDLL == INVALID_HANDLE_VALUE ) { - hLeashDLL = LoadLibrary(LEASH_DLL); - if ( hLeashDLL != INVALID_HANDLE_VALUE ) { - (FARPROC) pLeash_AcquireInitialTicketsIfNeeded = - GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded"); - } - } - - if ( pLeash_AcquireInitialTicketsIfNeeded ) { - char ccname[256]=""; - pLeash_AcquireInitialTicketsIfNeeded(context, (krb5_principal) desired_name, ccname, sizeof(ccname)); - if (!ccname[0]) { - *minor_status = KRB5_CC_NOTFOUND; - return(GSS_S_CRED_UNAVAIL); - } - - if ((code = krb5_cc_resolve (context, ccname, &ccache))) { - *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } - } else { - /* leash dll not available, open the default credential cache */ - - if ((code = krb5int_cc_default(context, &ccache))) { - *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } - } + if ( hLeashDLL == INVALID_HANDLE_VALUE ) { + hLeashDLL = LoadLibrary(LEASH_DLL); + if ( hLeashDLL != INVALID_HANDLE_VALUE ) { + (FARPROC) pLeash_AcquireInitialTicketsIfNeeded = + GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded"); + } + } + + if ( pLeash_AcquireInitialTicketsIfNeeded ) { + char ccname[256]=""; + pLeash_AcquireInitialTicketsIfNeeded(context, (krb5_principal) desired_name, ccname, sizeof(ccname)); + if (!ccname[0]) { + *minor_status = KRB5_CC_NOTFOUND; + return(GSS_S_CRED_UNAVAIL); + } + + if ((code = krb5_cc_resolve (context, ccname, &ccache))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + } else { + /* leash dll not available, open the default credential cache */ + + if ((code = krb5int_cc_default(context, &ccache))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + } #endif /* USE_LEASH */ - } else + } else #endif /* USE_KIM || USE_LEASH */ - { - /* open the default credential cache */ - - if ((code = krb5int_cc_default(context, &ccache))) { - *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } - } + { + /* open the default credential cache */ - /* turn off OPENCLOSE mode while extensive frobbing is going on */ + if ((code = krb5int_cc_default(context, &ccache))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + } - flags = 0; /* turns off OPENCLOSE mode */ - if ((code = krb5_cc_set_flags(context, ccache, flags))) { - (void)krb5_cc_close(context, ccache); - *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } + /* turn off OPENCLOSE mode while extensive frobbing is going on */ - /* get out the principal name and see if it matches */ + flags = 0; /* turns off OPENCLOSE mode */ + if ((code = krb5_cc_set_flags(context, ccache, flags))) { + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } - if ((code = krb5_cc_get_principal(context, ccache, &princ))) { - (void)krb5_cc_close(context, ccache); - *minor_status = code; - return(GSS_S_FAILURE); - } + /* get out the principal name and see if it matches */ - if (desired_name != (gss_name_t) NULL) { - if (! krb5_principal_compare(context, princ, (krb5_principal) desired_name)) { - (void)krb5_free_principal(context, princ); - (void)krb5_cc_close(context, ccache); - *minor_status = KG_CCACHE_NOMATCH; - return(GSS_S_CRED_UNAVAIL); - } - (void)krb5_free_principal(context, princ); - princ = (krb5_principal) desired_name; - } else { - *output_princ = princ; - } - - /* iterate over the ccache, find the tgt */ + if ((code = krb5_cc_get_principal(context, ccache, &princ))) { + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_FAILURE); + } - if ((code = krb5_cc_start_seq_get(context, ccache, &cur))) { - (void)krb5_cc_close(context, ccache); - *minor_status = code; - return(GSS_S_FAILURE); - } + if (desired_name != (gss_name_t) NULL) { + if (! krb5_principal_compare(context, princ, (krb5_principal) desired_name)) { + (void)krb5_free_principal(context, princ); + (void)krb5_cc_close(context, ccache); + *minor_status = KG_CCACHE_NOMATCH; + return(GSS_S_CRED_UNAVAIL); + } + (void)krb5_free_principal(context, princ); + princ = (krb5_principal) desired_name; + } else { + *output_princ = princ; + } - /* this is hairy. If there's a tgt for the principal's local realm - in here, that's what we want for the expire time. But if - there's not, then we want to use the first key. */ + /* iterate over the ccache, find the tgt */ - got_endtime = 0; + if ((code = krb5_cc_start_seq_get(context, ccache, &cur))) { + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_FAILURE); + } - code = krb5_build_principal_ext(context, &tmp_princ, - krb5_princ_realm(context, princ)->length, - krb5_princ_realm(context, princ)->data, - 6, "krbtgt", - krb5_princ_realm(context, princ)->length, - krb5_princ_realm(context, princ)->data, - 0); - if (code) { - (void)krb5_cc_close(context, ccache); - *minor_status = code; - return(GSS_S_FAILURE); - } - while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) { - if (krb5_principal_compare(context, tmp_princ, creds.server)) { - cred->tgt_expire = creds.times.endtime; - got_endtime = 1; - *minor_status = 0; - code = 0; - krb5_free_cred_contents(context, &creds); - break; - } - if (got_endtime == 0) { - cred->tgt_expire = creds.times.endtime; - got_endtime = 1; - } - krb5_free_cred_contents(context, &creds); - } - krb5_free_principal(context, tmp_princ); - - if (code && code != KRB5_CC_END) { - /* this means some error occurred reading the ccache */ - (void)krb5_cc_end_seq_get(context, ccache, &cur); - (void)krb5_cc_close(context, ccache); - *minor_status = code; - return(GSS_S_FAILURE); - } else if (! got_endtime) { - /* this means the ccache was entirely empty */ - (void)krb5_cc_end_seq_get(context, ccache, &cur); - (void)krb5_cc_close(context, ccache); - *minor_status = KG_EMPTY_CCACHE; - return(GSS_S_FAILURE); - } else { - /* this means that we found an endtime to use. */ - if ((code = krb5_cc_end_seq_get(context, ccache, &cur))) { - (void)krb5_cc_close(context, ccache); - *minor_status = code; - return(GSS_S_FAILURE); - } - flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ - if ((code = krb5_cc_set_flags(context, ccache, flags))) { - (void)krb5_cc_close(context, ccache); - *minor_status = code; - return(GSS_S_FAILURE); - } - } + /* this is hairy. If there's a tgt for the principal's local realm + in here, that's what we want for the expire time. But if + there's not, then we want to use the first key. */ + + got_endtime = 0; + + code = krb5_build_principal_ext(context, &tmp_princ, + krb5_princ_realm(context, princ)->length, + krb5_princ_realm(context, princ)->data, + 6, "krbtgt", + krb5_princ_realm(context, princ)->length, + krb5_princ_realm(context, princ)->data, + 0); + if (code) { + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_FAILURE); + } + while (!(code = krb5_cc_next_cred(context, ccache, &cur, &creds))) { + if (krb5_principal_compare(context, tmp_princ, creds.server)) { + cred->tgt_expire = creds.times.endtime; + got_endtime = 1; + *minor_status = 0; + code = 0; + krb5_free_cred_contents(context, &creds); + break; + } + if (got_endtime == 0) { + cred->tgt_expire = creds.times.endtime; + got_endtime = 1; + } + krb5_free_cred_contents(context, &creds); + } + krb5_free_principal(context, tmp_princ); + + if (code && code != KRB5_CC_END) { + /* this means some error occurred reading the ccache */ + (void)krb5_cc_end_seq_get(context, ccache, &cur); + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_FAILURE); + } else if (! got_endtime) { + /* this means the ccache was entirely empty */ + (void)krb5_cc_end_seq_get(context, ccache, &cur); + (void)krb5_cc_close(context, ccache); + *minor_status = KG_EMPTY_CCACHE; + return(GSS_S_FAILURE); + } else { + /* this means that we found an endtime to use. */ + if ((code = krb5_cc_end_seq_get(context, ccache, &cur))) { + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_FAILURE); + } + flags = KRB5_TC_OPENCLOSE; /* turns on OPENCLOSE mode */ + if ((code = krb5_cc_set_flags(context, ccache, flags))) { + (void)krb5_cc_close(context, ccache); + *minor_status = code; + return(GSS_S_FAILURE); + } + } - /* the credentials match and are valid */ + /* the credentials match and are valid */ - cred->ccache = ccache; - /* minor_status is set while we are iterating over the ccache */ - return(GSS_S_COMPLETE); + cred->ccache = ccache; + /* minor_status is set while we are iterating over the ccache */ + return(GSS_S_COMPLETE); } - + /*ARGSUSED*/ OM_uint32 krb5_gss_acquire_cred(minor_status, desired_name, time_req, - desired_mechs, cred_usage, output_cred_handle, - actual_mechs, time_rec) - OM_uint32 *minor_status; - gss_name_t desired_name; - OM_uint32 time_req; - gss_OID_set desired_mechs; - gss_cred_usage_t cred_usage; - gss_cred_id_t *output_cred_handle; - gss_OID_set *actual_mechs; - OM_uint32 *time_rec; + desired_mechs, cred_usage, output_cred_handle, + actual_mechs, time_rec) + OM_uint32 *minor_status; + gss_name_t desired_name; + OM_uint32 time_req; + gss_OID_set desired_mechs; + gss_cred_usage_t cred_usage; + gss_cred_id_t *output_cred_handle; + gss_OID_set *actual_mechs; + OM_uint32 *time_rec; { - krb5_context context; - size_t i; - krb5_gss_cred_id_t cred; - gss_OID_set ret_mechs; - int req_old, req_new; - OM_uint32 ret; - krb5_error_code code; + krb5_context context; + size_t i; + krb5_gss_cred_id_t cred; + gss_OID_set ret_mechs; + int req_old, req_new; + OM_uint32 ret; + krb5_error_code code; + + code = gss_krb5int_initialize_library(); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } - code = gssint_initialize_library(); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } + code = krb5_gss_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } - code = krb5_gss_init_context(&context); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } + /* make sure all outputs are valid */ - /* make sure all outputs are valid */ + *output_cred_handle = NULL; + if (actual_mechs) + *actual_mechs = NULL; + if (time_rec) + *time_rec = 0; - *output_cred_handle = NULL; - if (actual_mechs) - *actual_mechs = NULL; - if (time_rec) - *time_rec = 0; + /* validate the name */ - /* validate the name */ + /*SUPPRESS 29*/ + if ((desired_name != (gss_name_t) NULL) && + (! kg_validate_name(desired_name))) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + } - /*SUPPRESS 29*/ - if ((desired_name != (gss_name_t) NULL) && - (! kg_validate_name(desired_name))) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } + /* verify that the requested mechanism set is the default, or + contains krb5 */ + + if (desired_mechs == GSS_C_NULL_OID_SET) { + req_old = 1; + req_new = 1; + } else { + req_old = 0; + req_new = 0; + + for (i=0; icount; i++) { + if (g_OID_equal(gss_mech_krb5_old, &(desired_mechs->elements[i]))) + req_old++; + if (g_OID_equal(gss_mech_krb5, &(desired_mechs->elements[i]))) + req_new++; + } + + if (!req_old && !req_new) { + *minor_status = 0; + krb5_free_context(context); + return(GSS_S_BAD_MECH); + } + } - /* verify that the requested mechanism set is the default, or - contains krb5 */ - - if (desired_mechs == GSS_C_NULL_OID_SET) { - req_old = 1; - req_new = 1; - } else { - req_old = 0; - req_new = 0; - - for (i=0; icount; i++) { - if (g_OID_equal(gss_mech_krb5_old, &(desired_mechs->elements[i]))) - req_old++; - if (g_OID_equal(gss_mech_krb5, &(desired_mechs->elements[i]))) - req_new++; - } + /* create the gss cred structure */ - if (!req_old && !req_new) { - *minor_status = 0; - krb5_free_context(context); - return(GSS_S_BAD_MECH); - } - } + if ((cred = + (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) == NULL) { + *minor_status = ENOMEM; + krb5_free_context(context); + return(GSS_S_FAILURE); + } + memset(cred, 0, sizeof(krb5_gss_cred_id_rec)); - /* create the gss cred structure */ + cred->usage = cred_usage; + cred->princ = NULL; + cred->prerfc_mech = req_old; + cred->rfc_mech = req_new; - if ((cred = - (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) == NULL) { - *minor_status = ENOMEM; - krb5_free_context(context); - return(GSS_S_FAILURE); - } - memset(cred, 0, sizeof(krb5_gss_cred_id_rec)); +#ifndef LEAN_CLIENT + cred->keytab = NULL; +#endif /* LEAN_CLIENT */ + cred->ccache = NULL; - cred->usage = cred_usage; - cred->princ = NULL; - cred->prerfc_mech = req_old; - cred->rfc_mech = req_new; + code = k5_mutex_init(&cred->lock); + if (code) { + *minor_status = code; + krb5_free_context(context); + return GSS_S_FAILURE; + } + /* Note that we don't need to lock this GSSAPI credential record + here, because no other thread can gain access to it until we + return it. */ + + if ((cred_usage != GSS_C_INITIATE) && + (cred_usage != GSS_C_ACCEPT) && + (cred_usage != GSS_C_BOTH)) { + k5_mutex_destroy(&cred->lock); + xfree(cred); + *minor_status = (OM_uint32) G_BAD_USAGE; + krb5_free_context(context); + return(GSS_S_FAILURE); + } + /* if requested, acquire credentials for accepting */ + /* this will fill in cred->princ if the desired_name is not specified */ #ifndef LEAN_CLIENT - cred->keytab = NULL; + if ((cred_usage == GSS_C_ACCEPT) || + (cred_usage == GSS_C_BOTH)) + if ((ret = acquire_accept_cred(context, minor_status, desired_name, + &(cred->princ), cred)) + != GSS_S_COMPLETE) { + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); + /* minor_status set by acquire_accept_cred() */ + save_error_info(*minor_status, context); + krb5_free_context(context); + return(ret); + } #endif /* LEAN_CLIENT */ - cred->ccache = NULL; - code = k5_mutex_init(&cred->lock); - if (code) { - *minor_status = code; - krb5_free_context(context); - return GSS_S_FAILURE; - } - /* Note that we don't need to lock this GSSAPI credential record - here, because no other thread can gain access to it until we - return it. */ - - if ((cred_usage != GSS_C_INITIATE) && - (cred_usage != GSS_C_ACCEPT) && - (cred_usage != GSS_C_BOTH)) { - k5_mutex_destroy(&cred->lock); - xfree(cred); - *minor_status = (OM_uint32) G_BAD_USAGE; - krb5_free_context(context); - return(GSS_S_FAILURE); - } - - /* if requested, acquire credentials for accepting */ - /* this will fill in cred->princ if the desired_name is not specified */ + /* if requested, acquire credentials for initiation */ + /* this will fill in cred->princ if it wasn't set above, and + the desired_name is not specified */ + + if ((cred_usage == GSS_C_INITIATE) || + (cred_usage == GSS_C_BOTH)) + if ((ret = + acquire_init_cred(context, minor_status, + cred->princ?(gss_name_t)cred->princ:desired_name, + &(cred->princ), cred)) + != GSS_S_COMPLETE) { #ifndef LEAN_CLIENT - if ((cred_usage == GSS_C_ACCEPT) || - (cred_usage == GSS_C_BOTH)) - if ((ret = acquire_accept_cred(context, minor_status, desired_name, - &(cred->princ), cred)) - != GSS_S_COMPLETE) { - if (cred->princ) - krb5_free_principal(context, cred->princ); - k5_mutex_destroy(&cred->lock); - xfree(cred); - /* minor_status set by acquire_accept_cred() */ - save_error_info(*minor_status, context); - krb5_free_context(context); - return(ret); - } + if (cred->keytab) + krb5_kt_close(context, cred->keytab); #endif /* LEAN_CLIENT */ + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); + /* minor_status set by acquire_init_cred() */ + save_error_info(*minor_status, context); + krb5_free_context(context); + return(ret); + } + + /* if the princ wasn't filled in already, fill it in now */ + + if (!cred->princ && (desired_name != GSS_C_NO_NAME)) + if ((code = krb5_copy_principal(context, (krb5_principal) desired_name, + &(cred->princ)))) { + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ + k5_mutex_destroy(&cred->lock); + xfree(cred); + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + + /*** at this point, the cred structure has been completely created */ + + /* compute time_rec */ + + if (cred_usage == GSS_C_ACCEPT) { + if (time_rec) + *time_rec = GSS_C_INDEFINITE; + } else { + krb5_timestamp now; + + if ((code = krb5_timeofday(context, &now))) { + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); +#ifndef LEAN_CLIENT + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); +#endif /* LEAN_CLIENT */ + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + + if (time_rec) + *time_rec = (cred->tgt_expire > now) ? (cred->tgt_expire - now) : 0; + } - /* if requested, acquire credentials for initiation */ - /* this will fill in cred->princ if it wasn't set above, and - the desired_name is not specified */ - - if ((cred_usage == GSS_C_INITIATE) || - (cred_usage == GSS_C_BOTH)) - if ((ret = - acquire_init_cred(context, minor_status, - cred->princ?(gss_name_t)cred->princ:desired_name, - &(cred->princ), cred)) - != GSS_S_COMPLETE) { + /* create mechs */ + + if (actual_mechs) { + if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status, + &ret_mechs)) || + (cred->prerfc_mech && + GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, + gss_mech_krb5_old, + &ret_mechs))) || + (cred->rfc_mech && + GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, + gss_mech_krb5, + &ret_mechs)))) { + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); #ifndef LEAN_CLIENT - if (cred->keytab) - krb5_kt_close(context, cred->keytab); + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); #endif /* LEAN_CLIENT */ - if (cred->princ) - krb5_free_principal(context, cred->princ); - k5_mutex_destroy(&cred->lock); - xfree(cred); - /* minor_status set by acquire_init_cred() */ - save_error_info(*minor_status, context); - krb5_free_context(context); - return(ret); - } + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); + /* *minor_status set above */ + krb5_free_context(context); + return(ret); + } + } - /* if the princ wasn't filled in already, fill it in now */ + /* intern the credential handle */ - if (!cred->princ && (desired_name != GSS_C_NO_NAME)) - if ((code = krb5_copy_principal(context, (krb5_principal) desired_name, - &(cred->princ)))) { - if (cred->ccache) - (void)krb5_cc_close(context, cred->ccache); + if (! kg_save_cred_id((gss_cred_id_t) cred)) { + free(ret_mechs->elements); + free(ret_mechs); + if (cred->ccache) + (void)krb5_cc_close(context, cred->ccache); #ifndef LEAN_CLIENT - if (cred->keytab) - (void)krb5_kt_close(context, cred->keytab); + if (cred->keytab) + (void)krb5_kt_close(context, cred->keytab); #endif /* LEAN_CLIENT */ - k5_mutex_destroy(&cred->lock); - xfree(cred); - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } + if (cred->princ) + krb5_free_principal(context, cred->princ); + k5_mutex_destroy(&cred->lock); + xfree(cred); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + save_error_string(*minor_status, "error saving credentials"); + krb5_free_context(context); + return(GSS_S_FAILURE); + } - /*** at this point, the cred structure has been completely created */ + /* return success */ - /* compute time_rec */ + *minor_status = 0; + *output_cred_handle = (gss_cred_id_t) cred; + if (actual_mechs) + *actual_mechs = ret_mechs; - if (cred_usage == GSS_C_ACCEPT) { - if (time_rec) - *time_rec = GSS_C_INDEFINITE; - } else { - krb5_timestamp now; + krb5_free_context(context); + return(GSS_S_COMPLETE); +} - if ((code = krb5_timeofday(context, &now))) { - if (cred->ccache) - (void)krb5_cc_close(context, cred->ccache); -#ifndef LEAN_CLIENT - if (cred->keytab) - (void)krb5_kt_close(context, cred->keytab); -#endif /* LEAN_CLIENT */ - if (cred->princ) - krb5_free_principal(context, cred->princ); - k5_mutex_destroy(&cred->lock); - xfree(cred); - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } +OM_uint32 +gss_krb5int_set_cred_rcache(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID desired_oid, + const gss_buffer_t value) +{ + krb5_gss_cred_id_t cred; + krb5_error_code code; + krb5_context context; + krb5_rcache rcache; - if (time_rec) - *time_rec = (cred->tgt_expire > now) ? (cred->tgt_expire - now) : 0; - } + assert(value->length == sizeof(rcache)); - /* create mechs */ - - if (actual_mechs) { - if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status, - &ret_mechs)) || - (cred->prerfc_mech && - GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, - gss_mech_krb5_old, - &ret_mechs))) || - (cred->rfc_mech && - GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, - gss_mech_krb5, - &ret_mechs)))) { - if (cred->ccache) - (void)krb5_cc_close(context, cred->ccache); -#ifndef LEAN_CLIENT - if (cred->keytab) - (void)krb5_kt_close(context, cred->keytab); -#endif /* LEAN_CLIENT */ - if (cred->princ) - krb5_free_principal(context, cred->princ); - k5_mutex_destroy(&cred->lock); - xfree(cred); - /* *minor_status set above */ - krb5_free_context(context); - return(ret); - } - } + if (value->length != sizeof(rcache)) + return GSS_S_FAILURE; - /* intern the credential handle */ + rcache = (krb5_rcache)value->value; - if (! kg_save_cred_id((gss_cred_id_t) cred)) { - free(ret_mechs->elements); - free(ret_mechs); - if (cred->ccache) - (void)krb5_cc_close(context, cred->ccache); -#ifndef LEAN_CLIENT - if (cred->keytab) - (void)krb5_kt_close(context, cred->keytab); -#endif /* LEAN_CLIENT */ - if (cred->princ) - krb5_free_principal(context, cred->princ); - k5_mutex_destroy(&cred->lock); - xfree(cred); - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - save_error_string(*minor_status, "error saving credentials"); - krb5_free_context(context); - return(GSS_S_FAILURE); - } + if (cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_NO_CRED; - /* return success */ + cred = (krb5_gss_cred_id_t)cred_handle; - *minor_status = 0; - *output_cred_handle = (gss_cred_id_t) cred; - if (actual_mechs) - *actual_mechs = ret_mechs; + code = krb5_gss_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } + if (cred->rcache != NULL) { + code = krb5_rc_close(context, cred->rcache); + if (code) { + *minor_status = code; + krb5_free_context(context); + return GSS_S_FAILURE; + } + } + + cred->rcache = rcache; krb5_free_context(context); - return(GSS_S_COMPLETE); + + *minor_status = 0; + return GSS_S_COMPLETE; } diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c index fdcd9c0d33..3652f918b7 100644 --- a/src/lib/gssapi/krb5/add_cred.c +++ b/src/lib/gssapi/krb5/add_cred.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 2000, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,18 +21,18 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -42,7 +43,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -62,26 +63,26 @@ /* V2 interface */ OM_uint32 krb5_gss_add_cred(minor_status, input_cred_handle, - desired_name, desired_mech, cred_usage, - initiator_time_req, acceptor_time_req, - output_cred_handle, actual_mechs, - initiator_time_rec, acceptor_time_rec) - OM_uint32 *minor_status; - gss_cred_id_t input_cred_handle; - gss_name_t desired_name; - gss_OID desired_mech; - gss_cred_usage_t cred_usage; - OM_uint32 initiator_time_req; - OM_uint32 acceptor_time_req; - gss_cred_id_t *output_cred_handle; - gss_OID_set *actual_mechs; - OM_uint32 *initiator_time_rec; - OM_uint32 *acceptor_time_rec; + desired_name, desired_mech, cred_usage, + initiator_time_req, acceptor_time_req, + output_cred_handle, actual_mechs, + initiator_time_rec, acceptor_time_rec) + OM_uint32 *minor_status; + gss_cred_id_t input_cred_handle; + gss_name_t desired_name; + gss_OID desired_mech; + gss_cred_usage_t cred_usage; + OM_uint32 initiator_time_req; + OM_uint32 acceptor_time_req; + gss_cred_id_t *output_cred_handle; + gss_OID_set *actual_mechs; + OM_uint32 *initiator_time_rec; + OM_uint32 *acceptor_time_rec; { - krb5_context context; - OM_uint32 major_status, lifetime; - krb5_gss_cred_id_t cred; - krb5_error_code code; + krb5_context context; + OM_uint32 major_status, lifetime; + krb5_gss_cred_id_t cred; + krb5_error_code code; /* this is pretty simple, since there's not really any difference between the underlying mechanisms. The main hair is in copying @@ -90,18 +91,18 @@ krb5_gss_add_cred(minor_status, input_cred_handle, /* check if the desired_mech is bogus */ if (!g_OID_equal(desired_mech, gss_mech_krb5) && - !g_OID_equal(desired_mech, gss_mech_krb5_old)) { - *minor_status = 0; - return(GSS_S_BAD_MECH); + !g_OID_equal(desired_mech, gss_mech_krb5_old)) { + *minor_status = 0; + return(GSS_S_BAD_MECH); } /* check if the desired_mech is bogus */ if ((cred_usage != GSS_C_INITIATE) && - (cred_usage != GSS_C_ACCEPT) && - (cred_usage != GSS_C_BOTH)) { - *minor_status = (OM_uint32) G_BAD_USAGE; - return(GSS_S_FAILURE); + (cred_usage != GSS_C_ACCEPT) && + (cred_usage != GSS_C_BOTH)) { + *minor_status = (OM_uint32) G_BAD_USAGE; + return(GSS_S_FAILURE); } /* since the default credential includes all the mechanisms, @@ -109,22 +110,22 @@ krb5_gss_add_cred(minor_status, input_cred_handle, /*SUPPRESS 29*/ if (input_cred_handle == GSS_C_NO_CREDENTIAL) { - *minor_status = 0; - return(GSS_S_DUPLICATE_ELEMENT); + *minor_status = 0; + return(GSS_S_DUPLICATE_ELEMENT); } code = krb5_gss_init_context(&context); if (code) { - *minor_status = code; - return GSS_S_FAILURE; + *minor_status = code; + return GSS_S_FAILURE; } major_status = krb5_gss_validate_cred_1(minor_status, input_cred_handle, - context); + context); if (GSS_ERROR(major_status)) { - save_error_info(*minor_status, context); - krb5_free_context(context); - return major_status; + save_error_info(*minor_status, context); + krb5_free_context(context); + return major_status; } cred = (krb5_gss_cred_id_t) input_cred_handle; @@ -134,252 +135,252 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if copying */ if (!((cred->usage == cred_usage) || - ((cred->usage == GSS_C_BOTH) && - (output_cred_handle != NULL)))) { - *minor_status = (OM_uint32) G_BAD_USAGE; - krb5_free_context(context); - return(GSS_S_FAILURE); + ((cred->usage == GSS_C_BOTH) && + (output_cred_handle != NULL)))) { + *minor_status = (OM_uint32) G_BAD_USAGE; + krb5_free_context(context); + return(GSS_S_FAILURE); } /* check that desired_mech isn't already in the credential */ if ((g_OID_equal(desired_mech, gss_mech_krb5_old) && cred->prerfc_mech) || - (g_OID_equal(desired_mech, gss_mech_krb5) && cred->rfc_mech)) { - *minor_status = 0; - krb5_free_context(context); - return(GSS_S_DUPLICATE_ELEMENT); + (g_OID_equal(desired_mech, gss_mech_krb5) && cred->rfc_mech)) { + *minor_status = 0; + krb5_free_context(context); + return(GSS_S_DUPLICATE_ELEMENT); } if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) { - save_error_info(*minor_status, context); - krb5_free_context(context); - return GSS_S_FAILURE; + save_error_info(*minor_status, context); + krb5_free_context(context); + return GSS_S_FAILURE; } /* verify the desired_name */ /*SUPPRESS 29*/ if ((desired_name != (gss_name_t) NULL) && - (! kg_validate_name(desired_name))) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + (! kg_validate_name(desired_name))) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } /* make sure the desired_name is the same as the existing one */ if (desired_name && - !krb5_principal_compare(context, (krb5_principal) desired_name, - cred->princ)) { - *minor_status = 0; - krb5_free_context(context); - return(GSS_S_BAD_NAME); + !krb5_principal_compare(context, (krb5_principal) desired_name, + cred->princ)) { + *minor_status = 0; + krb5_free_context(context); + return(GSS_S_BAD_NAME); } /* copy the cred if necessary */ if (output_cred_handle) { - /* make a copy */ - krb5_gss_cred_id_t new_cred; - char ktboth[1024]; - const char *kttype, *cctype, *ccname; - char ccboth[1024]; - - if ((new_cred = - (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) - == NULL) { - *minor_status = ENOMEM; - krb5_free_context(context); - return(GSS_S_FAILURE); - } - memset(new_cred, 0, sizeof(krb5_gss_cred_id_rec)); - - new_cred->usage = cred_usage; - new_cred->prerfc_mech = cred->prerfc_mech; - new_cred->rfc_mech = cred->rfc_mech; - new_cred->tgt_expire = cred->tgt_expire; - - if (cred->princ) - code = krb5_copy_principal(context, cred->princ, &new_cred->princ); - if (code) { - xfree(new_cred); - - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } -#ifndef LEAN_CLIENT - if (cred->keytab) { - kttype = krb5_kt_get_type(context, cred->keytab); - if ((strlen(kttype)+2) > sizeof(ktboth)) { - if (new_cred->princ) - krb5_free_principal(context, new_cred->princ); - xfree(new_cred); - - *minor_status = ENOMEM; - krb5_free_context(context); - return(GSS_S_FAILURE); - } - - strncpy(ktboth, kttype, sizeof(ktboth) - 1); - ktboth[sizeof(ktboth) - 1] = '\0'; - strncat(ktboth, ":", sizeof(ktboth) - 1 - strlen(ktboth)); - - code = krb5_kt_get_name(context, cred->keytab, - ktboth+strlen(ktboth), - sizeof(ktboth)-strlen(ktboth)); - if (code) { - if(new_cred->princ) - krb5_free_principal(context, new_cred->princ); - xfree(new_cred); - - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } - - code = krb5_kt_resolve(context, ktboth, &new_cred->keytab); - if (code) { - if (new_cred->princ) - krb5_free_principal(context, new_cred->princ); - xfree(new_cred); - - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } - } else { + /* make a copy */ + krb5_gss_cred_id_t new_cred; + char ktboth[1024]; + const char *kttype, *cctype, *ccname; + char ccboth[1024]; + + if ((new_cred = + (krb5_gss_cred_id_t) xmalloc(sizeof(krb5_gss_cred_id_rec))) + == NULL) { + *minor_status = ENOMEM; + krb5_free_context(context); + return(GSS_S_FAILURE); + } + memset(new_cred, 0, sizeof(krb5_gss_cred_id_rec)); + + new_cred->usage = cred_usage; + new_cred->prerfc_mech = cred->prerfc_mech; + new_cred->rfc_mech = cred->rfc_mech; + new_cred->tgt_expire = cred->tgt_expire; + + if (cred->princ) + code = krb5_copy_principal(context, cred->princ, &new_cred->princ); + if (code) { + xfree(new_cred); + + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } +#ifndef LEAN_CLIENT + if (cred->keytab) { + kttype = krb5_kt_get_type(context, cred->keytab); + if ((strlen(kttype)+2) > sizeof(ktboth)) { + if (new_cred->princ) + krb5_free_principal(context, new_cred->princ); + xfree(new_cred); + + *minor_status = ENOMEM; + krb5_free_context(context); + return(GSS_S_FAILURE); + } + + strncpy(ktboth, kttype, sizeof(ktboth) - 1); + ktboth[sizeof(ktboth) - 1] = '\0'; + strncat(ktboth, ":", sizeof(ktboth) - 1 - strlen(ktboth)); + + code = krb5_kt_get_name(context, cred->keytab, + ktboth+strlen(ktboth), + sizeof(ktboth)-strlen(ktboth)); + if (code) { + if(new_cred->princ) + krb5_free_principal(context, new_cred->princ); + xfree(new_cred); + + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + + code = krb5_kt_resolve(context, ktboth, &new_cred->keytab); + if (code) { + if (new_cred->princ) + krb5_free_principal(context, new_cred->princ); + xfree(new_cred); + + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + } else { #endif /* LEAN_CLIENT */ - new_cred->keytab = NULL; -#ifndef LEAN_CLIENT - } + new_cred->keytab = NULL; +#ifndef LEAN_CLIENT + } #endif /* LEAN_CLIENT */ - - if (cred->rcache) { - /* Open the replay cache for this principal. */ - if ((code = krb5_get_server_rcache(context, - krb5_princ_component(context, cred->princ, 0), - &new_cred->rcache))) { -#ifndef LEAN_CLIENT - if (new_cred->keytab) - krb5_kt_close(context, new_cred->keytab); + + if (cred->rcache) { + /* Open the replay cache for this principal. */ + if ((code = krb5_get_server_rcache(context, + krb5_princ_component(context, cred->princ, 0), + &new_cred->rcache))) { +#ifndef LEAN_CLIENT + if (new_cred->keytab) + krb5_kt_close(context, new_cred->keytab); #endif /* LEAN_CLIENT */ - if (new_cred->princ) - krb5_free_principal(context, new_cred->princ); - xfree(new_cred); - - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } - } else { - new_cred->rcache = NULL; - } - - if (cred->ccache) { - cctype = krb5_cc_get_type(context, cred->ccache); - ccname = krb5_cc_get_name(context, cred->ccache); - - if ((strlen(cctype)+strlen(ccname)+2) > sizeof(ccboth)) { - if (new_cred->rcache) - krb5_rc_close(context, new_cred->rcache); -#ifndef LEAN_CLIENT - if (new_cred->keytab) - krb5_kt_close(context, new_cred->keytab); + if (new_cred->princ) + krb5_free_principal(context, new_cred->princ); + xfree(new_cred); + + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + } else { + new_cred->rcache = NULL; + } + + if (cred->ccache) { + cctype = krb5_cc_get_type(context, cred->ccache); + ccname = krb5_cc_get_name(context, cred->ccache); + + if ((strlen(cctype)+strlen(ccname)+2) > sizeof(ccboth)) { + if (new_cred->rcache) + krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT + if (new_cred->keytab) + krb5_kt_close(context, new_cred->keytab); #endif /* LEAN_CLIENT */ - if (new_cred->princ) - krb5_free_principal(context, new_cred->princ); - xfree(new_cred); - - krb5_free_context(context); - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - - strncpy(ccboth, cctype, sizeof(ccboth) - 1); - ccboth[sizeof(ccboth) - 1] = '\0'; - strncat(ccboth, ":", sizeof(ccboth) - 1 - strlen(ccboth)); - strncat(ccboth, ccname, sizeof(ccboth) - 1 - strlen(ccboth)); - - code = krb5_cc_resolve(context, ccboth, &new_cred->ccache); - if (code) { - if (new_cred->rcache) - krb5_rc_close(context, new_cred->rcache); -#ifndef LEAN_CLIENT - if (new_cred->keytab) - krb5_kt_close(context, new_cred->keytab); + if (new_cred->princ) + krb5_free_principal(context, new_cred->princ); + xfree(new_cred); + + krb5_free_context(context); + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + + strncpy(ccboth, cctype, sizeof(ccboth) - 1); + ccboth[sizeof(ccboth) - 1] = '\0'; + strncat(ccboth, ":", sizeof(ccboth) - 1 - strlen(ccboth)); + strncat(ccboth, ccname, sizeof(ccboth) - 1 - strlen(ccboth)); + + code = krb5_cc_resolve(context, ccboth, &new_cred->ccache); + if (code) { + if (new_cred->rcache) + krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT + if (new_cred->keytab) + krb5_kt_close(context, new_cred->keytab); #endif /* LEAN_CLIENT */ - if (new_cred->princ) - krb5_free_principal(context, new_cred->princ); - xfree(new_cred); - - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } - } else { - new_cred->ccache = NULL; - } - - /* intern the credential handle */ - - if (! kg_save_cred_id((gss_cred_id_t) new_cred)) { - if (new_cred->ccache) - krb5_cc_close(context, new_cred->ccache); - if (new_cred->rcache) - krb5_rc_close(context, new_cred->rcache); -#ifndef LEAN_CLIENT - if (new_cred->keytab) - krb5_kt_close(context, new_cred->keytab); + if (new_cred->princ) + krb5_free_principal(context, new_cred->princ); + xfree(new_cred); + + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + } else { + new_cred->ccache = NULL; + } + + /* intern the credential handle */ + + if (! kg_save_cred_id((gss_cred_id_t) new_cred)) { + if (new_cred->ccache) + krb5_cc_close(context, new_cred->ccache); + if (new_cred->rcache) + krb5_rc_close(context, new_cred->rcache); +#ifndef LEAN_CLIENT + if (new_cred->keytab) + krb5_kt_close(context, new_cred->keytab); #endif /* LEAN_CLIENT */ - if (new_cred->princ) - krb5_free_principal(context, new_cred->princ); - xfree(new_cred); - krb5_free_context(context); + if (new_cred->princ) + krb5_free_principal(context, new_cred->princ); + xfree(new_cred); + krb5_free_context(context); - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_FAILURE); - } + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_FAILURE); + } - /* modify new_cred */ + /* modify new_cred */ - cred = new_cred; + cred = new_cred; } - + /* set the flag for the new mechanism */ if (g_OID_equal(desired_mech, gss_mech_krb5_old)) - cred->prerfc_mech = 1; + cred->prerfc_mech = 1; else if (g_OID_equal(desired_mech, gss_mech_krb5)) - cred->rfc_mech = 1; + cred->rfc_mech = 1; /* set the outputs */ - if (GSS_ERROR(major_status = krb5_gss_inquire_cred(minor_status, - (gss_cred_id_t)cred, - NULL, &lifetime, - NULL, actual_mechs))) { - OM_uint32 dummy; - - if (output_cred_handle) - (void) krb5_gss_release_cred(&dummy, (gss_cred_id_t *) &cred); - krb5_free_context(context); - - return(major_status); + if (GSS_ERROR(major_status = krb5_gss_inquire_cred(minor_status, + (gss_cred_id_t)cred, + NULL, &lifetime, + NULL, actual_mechs))) { + OM_uint32 dummy; + + if (output_cred_handle) + (void) krb5_gss_release_cred(&dummy, (gss_cred_id_t *) &cred); + krb5_free_context(context); + + return(major_status); } if (initiator_time_rec) - *initiator_time_rec = lifetime; + *initiator_time_rec = lifetime; if (acceptor_time_rec) - *acceptor_time_rec = lifetime; + *acceptor_time_rec = lifetime; if (output_cred_handle) - *output_cred_handle = (gss_cred_id_t)cred; + *output_cred_handle = (gss_cred_id_t)cred; krb5_free_context(context); *minor_status = 0; diff --git a/src/lib/gssapi/krb5/canon_name.c b/src/lib/gssapi/krb5/canon_name.c index 0f7c9cd9c0..b4f4d4bc17 100644 --- a/src/lib/gssapi/krb5/canon_name.c +++ b/src/lib/gssapi/krb5/canon_name.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/canon_name.c * @@ -30,16 +31,16 @@ /* This is trivial since we're a single mechanism implementation */ OM_uint32 krb5_gss_canonicalize_name(OM_uint32 *minor_status, - const gss_name_t input_name, - const gss_OID mech_type, - gss_name_t *output_name) + const gss_name_t input_name, + const gss_OID mech_type, + gss_name_t *output_name) { if ((mech_type != GSS_C_NULL_OID) && - !g_OID_equal(gss_mech_krb5, mech_type) && - !g_OID_equal(gss_mech_krb5_old, mech_type)) { - *minor_status = 0; - return(GSS_S_BAD_MECH); + !g_OID_equal(gss_mech_krb5, mech_type) && + !g_OID_equal(gss_mech_krb5_old, mech_type)) { + *minor_status = 0; + return(GSS_S_BAD_MECH); } - return(gss_duplicate_name(minor_status, input_name, output_name)); + return(krb5_gss_duplicate_name(minor_status, input_name, output_name)); } diff --git a/src/lib/gssapi/krb5/compare_name.c b/src/lib/gssapi/krb5/compare_name.c index 805f9f1d70..e456ed50a1 100644 --- a/src/lib/gssapi/krb5/compare_name.c +++ b/src/lib/gssapi/krb5/compare_name.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -28,33 +29,33 @@ OM_uint32 krb5_gss_compare_name(minor_status, name1, name2, name_equal) - OM_uint32 *minor_status; - gss_name_t name1; - gss_name_t name2; - int *name_equal; -{ - krb5_context context; - krb5_error_code code; + OM_uint32 *minor_status; + gss_name_t name1; + gss_name_t name2; + int *name_equal; +{ + krb5_context context; + krb5_error_code code; - if (! kg_validate_name(name1)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } + if (! kg_validate_name(name1)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + } - if (! kg_validate_name(name2)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } + if (! kg_validate_name(name2)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + } - code = krb5_gss_init_context(&context); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } + code = krb5_gss_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } - *minor_status = 0; - *name_equal = krb5_principal_compare(context, (krb5_principal) name1, - (krb5_principal) name2); - krb5_free_context(context); - return(GSS_S_COMPLETE); + *minor_status = 0; + *name_equal = krb5_principal_compare(context, (krb5_principal) name1, + (krb5_principal) name2); + krb5_free_context(context); + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c index adaa625069..b263b50e65 100644 --- a/src/lib/gssapi/krb5/context_time.c +++ b/src/lib/gssapi/krb5/context_time.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -28,41 +29,41 @@ OM_uint32 krb5_gss_context_time(minor_status, context_handle, time_rec) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - OM_uint32 *time_rec; + OM_uint32 *minor_status; + gss_ctx_id_t context_handle; + OM_uint32 *time_rec; { - krb5_error_code code; - krb5_gss_ctx_id_rec *ctx; - krb5_timestamp now; - krb5_deltat lifetime; + krb5_error_code code; + krb5_gss_ctx_id_rec *ctx; + krb5_timestamp now; + krb5_deltat lifetime; - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } - ctx = (krb5_gss_ctx_id_rec *) context_handle; + ctx = (krb5_gss_ctx_id_rec *) context_handle; - if (! ctx->established) { - *minor_status = KG_CTX_INCOMPLETE; - return(GSS_S_NO_CONTEXT); - } + if (! ctx->established) { + *minor_status = KG_CTX_INCOMPLETE; + return(GSS_S_NO_CONTEXT); + } - if ((code = krb5_timeofday(ctx->k5_context, &now))) { - *minor_status = code; - save_error_info(*minor_status, ctx->k5_context); - return(GSS_S_FAILURE); - } + if ((code = krb5_timeofday(ctx->k5_context, &now))) { + *minor_status = code; + save_error_info(*minor_status, ctx->k5_context); + return(GSS_S_FAILURE); + } - if ((lifetime = ctx->endtime - now) <= 0) { - *time_rec = 0; - *minor_status = 0; - return(GSS_S_CONTEXT_EXPIRED); - } else { - *time_rec = lifetime; - *minor_status = 0; - return(GSS_S_COMPLETE); - } + if ((lifetime = ctx->krb_times.endtime - now) <= 0) { + *time_rec = 0; + *minor_status = 0; + return(GSS_S_CONTEXT_EXPIRED); + } else { + *time_rec = lifetime; + *minor_status = 0; + return(GSS_S_COMPLETE); + } } diff --git a/src/lib/gssapi/krb5/copy_ccache.c b/src/lib/gssapi/krb5/copy_ccache.c index 8553d92dba..430b50d282 100644 --- a/src/lib/gssapi/krb5/copy_ccache.c +++ b/src/lib/gssapi/krb5/copy_ccache.c @@ -1,57 +1,62 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ #include "gssapiP_krb5.h" -OM_uint32 KRB5_CALLCONV -gss_krb5int_copy_ccache(minor_status, cred_handle, out_ccache) - OM_uint32 *minor_status; - gss_cred_id_t cred_handle; - krb5_ccache out_ccache; +OM_uint32 KRB5_CALLCONV +gss_krb5int_copy_ccache(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID desired_object, + const gss_buffer_t value) { - OM_uint32 major_status; - krb5_gss_cred_id_t k5creds; - krb5_cc_cursor cursor; - krb5_creds creds; - krb5_error_code code; - krb5_context context; + krb5_gss_cred_id_t k5creds; + krb5_cc_cursor cursor; + krb5_creds creds; + krb5_error_code code; + krb5_context context; + krb5_ccache out_ccache; + + assert(value->length == sizeof(out_ccache)); - /* validate the cred handle */ - major_status = krb5_gss_validate_cred(minor_status, cred_handle); - if (major_status) - return(major_status); - - k5creds = (krb5_gss_cred_id_t) cred_handle; - code = k5_mutex_lock(&k5creds->lock); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } - if (k5creds->usage == GSS_C_ACCEPT) { - k5_mutex_unlock(&k5creds->lock); - *minor_status = (OM_uint32) G_BAD_USAGE; - return(GSS_S_FAILURE); - } + if (value->length != sizeof(out_ccache)) + return GSS_S_FAILURE; - code = krb5_gss_init_context(&context); - if (code) { - k5_mutex_unlock(&k5creds->lock); - *minor_status = code; - return GSS_S_FAILURE; - } + out_ccache = (krb5_ccache)value->value; - code = krb5_cc_start_seq_get(context, k5creds->ccache, &cursor); - if (code) { - k5_mutex_unlock(&k5creds->lock); - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } - while (!code && !krb5_cc_next_cred(context, k5creds->ccache, &cursor, &creds)) - code = krb5_cc_store_cred(context, out_ccache, &creds); - krb5_cc_end_seq_get(context, k5creds->ccache, &cursor); - k5_mutex_unlock(&k5creds->lock); - *minor_status = code; - if (code) - save_error_info(*minor_status, context); - krb5_free_context(context); - return code ? GSS_S_FAILURE : GSS_S_COMPLETE; + /* cred handle will have been validated by gssspi_set_cred_option() */ + + k5creds = (krb5_gss_cred_id_t) cred_handle; + code = k5_mutex_lock(&k5creds->lock); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } + if (k5creds->usage == GSS_C_ACCEPT) { + k5_mutex_unlock(&k5creds->lock); + *minor_status = (OM_uint32) G_BAD_USAGE; + return(GSS_S_FAILURE); + } + + code = krb5_gss_init_context(&context); + if (code) { + k5_mutex_unlock(&k5creds->lock); + *minor_status = code; + return GSS_S_FAILURE; + } + + code = krb5_cc_start_seq_get(context, k5creds->ccache, &cursor); + if (code) { + k5_mutex_unlock(&k5creds->lock); + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + while (!code && !krb5_cc_next_cred(context, k5creds->ccache, &cursor, &creds)) + code = krb5_cc_store_cred(context, out_ccache, &creds); + krb5_cc_end_seq_get(context, k5creds->ccache, &cursor); + k5_mutex_unlock(&k5creds->lock); + *minor_status = code; + if (code) + save_error_info(*minor_status, context); + krb5_free_context(context); + return code ? GSS_S_FAILURE : GSS_S_COMPLETE; } diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c index 60755d2519..9544524d30 100644 --- a/src/lib/gssapi/krb5/delete_sec_context.c +++ b/src/lib/gssapi/krb5/delete_sec_context.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -28,94 +29,97 @@ OM_uint32 krb5_gss_delete_sec_context(minor_status, context_handle, output_token) - OM_uint32 *minor_status; - gss_ctx_id_t *context_handle; - gss_buffer_t output_token; + OM_uint32 *minor_status; + gss_ctx_id_t *context_handle; + gss_buffer_t output_token; { - krb5_context context; - krb5_gss_ctx_id_rec *ctx; + krb5_context context; + krb5_gss_ctx_id_rec *ctx; - if (output_token) { - output_token->length = 0; - output_token->value = NULL; - } + if (output_token) { + output_token->length = 0; + output_token->value = NULL; + } - /*SUPPRESS 29*/ - if (*context_handle == GSS_C_NO_CONTEXT) { - *minor_status = 0; - return(GSS_S_COMPLETE); - } + /*SUPPRESS 29*/ + if (*context_handle == GSS_C_NO_CONTEXT) { + *minor_status = 0; + return(GSS_S_COMPLETE); + } - /*SUPPRESS 29*/ - /* validate the context handle */ - if (! kg_validate_ctx_id(*context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } + /*SUPPRESS 29*/ + /* validate the context handle */ + if (! kg_validate_ctx_id(*context_handle)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } - ctx = (krb5_gss_ctx_id_t) *context_handle; - context = ctx->k5_context; + ctx = (krb5_gss_ctx_id_t) *context_handle; + context = ctx->k5_context; - /* construct a delete context token if necessary */ + /* construct a delete context token if necessary */ - if (output_token) { - OM_uint32 major; - gss_buffer_desc empty; - empty.length = 0; empty.value = NULL; + if (output_token) { + OM_uint32 major; + gss_buffer_desc empty; + empty.length = 0; empty.value = NULL; - if ((major = kg_seal(minor_status, *context_handle, 0, - GSS_C_QOP_DEFAULT, - &empty, NULL, output_token, KG_TOK_DEL_CTX))) { - save_error_info(*minor_status, context); - return(major); - } - } + if ((major = kg_seal(minor_status, *context_handle, 0, + GSS_C_QOP_DEFAULT, + &empty, NULL, output_token, KG_TOK_DEL_CTX))) { + save_error_info(*minor_status, context); + return(major); + } + } - /* invalidate the context handle */ + /* invalidate the context handle */ - (void)kg_delete_ctx_id(*context_handle); + (void)kg_delete_ctx_id(*context_handle); - /* free all the context state */ + /* free all the context state */ - if (ctx->seqstate) - g_order_free(&(ctx->seqstate)); + if (ctx->seqstate) + g_order_free(&(ctx->seqstate)); - if (ctx->enc) - krb5_free_keyblock(context, ctx->enc); + if (ctx->enc) + krb5_free_keyblock(context, ctx->enc); - if (ctx->seq) - krb5_free_keyblock(context, ctx->seq); + if (ctx->seq) + krb5_free_keyblock(context, ctx->seq); - if (ctx->here) - krb5_free_principal(context, ctx->here); - if (ctx->there) - krb5_free_principal(context, ctx->there); - if (ctx->subkey) - krb5_free_keyblock(context, ctx->subkey); - if (ctx->acceptor_subkey) - krb5_free_keyblock(context, ctx->acceptor_subkey); + if (ctx->here) + krb5_free_principal(context, ctx->here); + if (ctx->there) + krb5_free_principal(context, ctx->there); + if (ctx->subkey) + krb5_free_keyblock(context, ctx->subkey); + if (ctx->acceptor_subkey) + krb5_free_keyblock(context, ctx->acceptor_subkey); - if (ctx->auth_context) { - if (ctx->cred_rcache) - (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL); + if (ctx->auth_context) { + if (ctx->cred_rcache) + (void)krb5_auth_con_setrcache(context, ctx->auth_context, NULL); - krb5_auth_con_free(context, ctx->auth_context); - } + krb5_auth_con_free(context, ctx->auth_context); + } - if (ctx->mech_used) - gss_release_oid(minor_status, &ctx->mech_used); - - if (ctx->k5_context) - krb5_free_context(ctx->k5_context); + if (ctx->mech_used) + krb5_gss_release_oid(minor_status, &ctx->mech_used); - /* Zero out context */ - memset(ctx, 0, sizeof(*ctx)); - xfree(ctx); + if (ctx->authdata) + krb5_free_authdata(context, ctx->authdata); - /* zero the handle itself */ + if (ctx->k5_context) + krb5_free_context(ctx->k5_context); - *context_handle = GSS_C_NO_CONTEXT; + /* Zero out context */ + memset(ctx, 0, sizeof(*ctx)); + xfree(ctx); - *minor_status = 0; - return(GSS_S_COMPLETE); + /* zero the handle itself */ + + *context_handle = GSS_C_NO_CONTEXT; + + *minor_status = 0; + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/deps b/src/lib/gssapi/krb5/deps new file mode 100644 index 0000000000..b2a19f9560 --- /dev/null +++ b/src/lib/gssapi/krb5/deps @@ -0,0 +1,657 @@ +# +# Generated makefile dependencies follow. +# +accept_sec_context.so accept_sec_context.po $(OUTPRE)accept_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h accept_sec_context.c \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h +acquire_cred.so acquire_cred.po $(OUTPRE)acquire_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h acquire_cred.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +add_cred.so add_cred.po $(OUTPRE)add_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h add_cred.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +canon_name.so canon_name.po $(OUTPRE)canon_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h canon_name.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +compare_name.so compare_name.po $(OUTPRE)compare_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h compare_name.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +context_time.so context_time.po $(OUTPRE)context_time.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h context_time.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +copy_ccache.so copy_ccache.po $(OUTPRE)copy_ccache.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h copy_ccache.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +delete_sec_context.so delete_sec_context.po $(OUTPRE)delete_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h delete_sec_context.c \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h +disp_name.so disp_name.po $(OUTPRE)disp_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h disp_name.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +disp_status.so disp_status.po $(OUTPRE)disp_status.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h disp_status.c error_map.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h +duplicate_name.so duplicate_name.po $(OUTPRE)duplicate_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h duplicate_name.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +export_name.so export_name.po $(OUTPRE)export_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h export_name.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +export_sec_context.so export_sec_context.po $(OUTPRE)export_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h export_sec_context.c \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h +get_tkt_flags.so get_tkt_flags.po $(OUTPRE)get_tkt_flags.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h get_tkt_flags.c gssapiP_krb5.h \ + gssapi_err_krb5.h gssapi_krb5.h +gssapi_krb5.so gssapi_krb5.po $(OUTPRE)gssapi_krb5.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.c gssapi_krb5.h +import_name.so import_name.po $(OUTPRE)import_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h import_name.c +import_sec_context.so import_sec_context.po $(OUTPRE)import_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h import_sec_context.c +indicate_mechs.so indicate_mechs.po $(OUTPRE)indicate_mechs.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h indicate_mechs.c +init_sec_context.so init_sec_context.po $(OUTPRE)init_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h init_sec_context.c +inq_context.so inq_context.po $(OUTPRE)inq_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h inq_context.c +inq_cred.so inq_cred.po $(OUTPRE)inq_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h inq_cred.c +inq_names.so inq_names.po $(OUTPRE)inq_names.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h inq_names.c +k5seal.so k5seal.po $(OUTPRE)k5seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5seal.c +k5sealiov.so k5sealiov.po $(OUTPRE)k5sealiov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h k5sealiov.c +k5sealv3.so k5sealv3.po $(OUTPRE)k5sealv3.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h k5sealv3.c +k5sealv3iov.so k5sealv3iov.po $(OUTPRE)k5sealv3iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h k5sealv3iov.c +k5unseal.so k5unseal.po $(OUTPRE)k5unseal.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h k5unseal.c +k5unsealiov.so k5unsealiov.po $(OUTPRE)k5unsealiov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h k5unsealiov.c +krb5_gss_glue.so krb5_gss_glue.po $(OUTPRE)krb5_gss_glue.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h krb5_gss_glue.c +lucid_context.so lucid_context.po $(OUTPRE)lucid_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h lucid_context.c +process_context_token.so process_context_token.po $(OUTPRE)process_context_token.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h process_context_token.c +rel_cred.so rel_cred.po $(OUTPRE)rel_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h rel_cred.c +rel_oid.so rel_oid.po $(OUTPRE)rel_oid.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h rel_oid.c +rel_name.so rel_name.po $(OUTPRE)rel_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h rel_name.c +seal.so seal.po $(OUTPRE)seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h seal.c +set_allowable_enctypes.so set_allowable_enctypes.po \ + $(OUTPRE)set_allowable_enctypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h set_allowable_enctypes.c +ser_sctx.so ser_sctx.po $(OUTPRE)ser_sctx.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h ser_sctx.c +set_ccache.so set_ccache.po $(OUTPRE)set_ccache.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h set_ccache.c +sign.so sign.po $(OUTPRE)sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h sign.c +unseal.so unseal.po $(OUTPRE)unseal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h unseal.c +util_cksum.so util_cksum.po $(OUTPRE)util_cksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h util_cksum.c +util_crypt.so util_crypt.po $(OUTPRE)util_crypt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h util_crypt.c +util_seed.so util_seed.po $(OUTPRE)util_seed.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h util_seed.c +util_seqnum.so util_seqnum.po $(OUTPRE)util_seqnum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h util_seqnum.c +val_cred.so val_cred.po $(OUTPRE)val_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h val_cred.c +verify.so verify.po $(OUTPRE)verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \ + $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \ + gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h verify.c +wrap_size_limit.so wrap_size_limit.po $(OUTPRE)wrap_size_limit.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \ + gssapi_krb5.h wrap_size_limit.c diff --git a/src/lib/gssapi/krb5/disp_name.c b/src/lib/gssapi/krb5/disp_name.c index 1f67d51299..d6bf0f7bac 100644 --- a/src/lib/gssapi/krb5/disp_name.c +++ b/src/lib/gssapi/krb5/disp_name.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -23,53 +24,53 @@ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_display_name(minor_status, input_name, output_name_buffer, - output_name_type) - OM_uint32 *minor_status; - gss_name_t input_name; - gss_buffer_t output_name_buffer; - gss_OID *output_name_type; +krb5_gss_display_name(minor_status, input_name, output_name_buffer, + output_name_type) + OM_uint32 *minor_status; + gss_name_t input_name; + gss_buffer_t output_name_buffer; + gss_OID *output_name_type; { - krb5_context context; - krb5_error_code code; - char *str; + krb5_context context; + krb5_error_code code; + char *str; - code = krb5_gss_init_context(&context); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } + code = krb5_gss_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } - output_name_buffer->length = 0; - output_name_buffer->value = NULL; + output_name_buffer->length = 0; + output_name_buffer->value = NULL; - if (! kg_validate_name(input_name)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } + if (! kg_validate_name(input_name)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + } - if ((code = krb5_unparse_name(context, - (krb5_principal) input_name, &str))) { - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } + if ((code = krb5_unparse_name(context, + (krb5_principal) input_name, &str))) { + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } - if (! g_make_string_buffer(str, output_name_buffer)) { - krb5_free_unparsed_name(context, str); - krb5_free_context(context); + if (! g_make_string_buffer(str, output_name_buffer)) { + krb5_free_unparsed_name(context, str); + krb5_free_context(context); - *minor_status = (OM_uint32) G_BUFFER_ALLOC; - return(GSS_S_FAILURE); - } + *minor_status = (OM_uint32) G_BUFFER_ALLOC; + return(GSS_S_FAILURE); + } - krb5_free_unparsed_name(context, str); - krb5_free_context(context); + krb5_free_unparsed_name(context, str); + krb5_free_context(context); - *minor_status = 0; - if (output_name_type) - *output_name_type = (gss_OID) gss_nt_krb5_name; - return(GSS_S_COMPLETE); + *minor_status = 0; + if (output_name_type) + *output_name_type = (gss_OID) gss_nt_krb5_name; + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/disp_status.c b/src/lib/gssapi/krb5/disp_status.c index 9a0399d78b..6cc1bc144c 100644 --- a/src/lib/gssapi/krb5/disp_status.c +++ b/src/lib/gssapi/krb5/disp_status.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -21,7 +22,6 @@ */ #include "gssapiP_krb5.h" -#include "gss_libinit.h" #include "com_err.h" /* XXXX internationalization!! */ @@ -30,11 +30,11 @@ static inline int compare_OM_uint32 (OM_uint32 a, OM_uint32 b) { if (a < b) - return -1; + return -1; else if (a == b) - return 0; + return 0; else - return 1; + return 1; } static inline void free_string (char *s) @@ -46,22 +46,22 @@ free_string (char *s) char *get_error_message(OM_uint32 minor_code) { gsserrmap *p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE); - char *msg = 0; + char *msg = NULL; #ifdef DEBUG fprintf(stderr, "%s(%lu, p=%p)", __func__, (unsigned long) minor_code, - (void *) p); + (void *) p); #endif if (p) { - char **v = gsserrmap_find(p, minor_code); - if (v) { - msg = *v; + char **v = gsserrmap_find(p, minor_code); + if (v) { + msg = *v; #ifdef DEBUG - fprintf(stderr, " FOUND!"); + fprintf(stderr, " FOUND!"); #endif - } + } } if (msg == 0) - msg = error_message(minor_code); + msg = (char *)error_message((krb5_error_code)minor_code); #ifdef DEBUG fprintf(stderr, " -> %p/%s\n", (void *) msg, msg); #endif @@ -78,24 +78,24 @@ static int save_error_string_nocopy(OM_uint32 minor_code, char *msg) #endif p = k5_getspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE); if (!p) { - p = malloc(sizeof(*p)); - if (p == NULL) { - ret = 1; - goto fail; - } - if (gsserrmap_init(p) != 0) { - free(p); - p = NULL; - ret = 1; - goto fail; - } - if (k5_setspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE, p) != 0) { - gsserrmap_destroy(p); - free(p); - p = NULL; - ret = 1; - goto fail; - } + p = malloc(sizeof(*p)); + if (p == NULL) { + ret = 1; + goto fail; + } + if (gsserrmap_init(p) != 0) { + free(p); + p = NULL; + ret = 1; + goto fail; + } + if (k5_setspecific(K5_KEY_GSS_KRB5_ERROR_MESSAGE, p) != 0) { + gsserrmap_destroy(p); + free(p); + p = NULL; + ret = 1; + goto fail; + } } ret = gsserrmap_replace_or_insert(p, minor_code, msg); fail: @@ -108,8 +108,8 @@ void save_error_string(OM_uint32 minor_code, char *msg) { char *s = strdup(msg); if (s) { - if (save_error_string_nocopy(minor_code, s) != 0) - free(s); + if (save_error_string_nocopy(minor_code, s) != 0) + free(s); } } void save_error_message(OM_uint32 minor_code, const char *format, ...) @@ -122,8 +122,8 @@ void save_error_message(OM_uint32 minor_code, const char *format, ...) n = vasprintf(&s, format, ap); va_end(ap); if (n >= 0) { - if (save_error_string_nocopy(minor_code, s) != 0) - free(s); + if (save_error_string_nocopy(minor_code, s) != 0) + free(s); } } void krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx) @@ -132,17 +132,17 @@ void krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx) #ifdef DEBUG fprintf(stderr, "%s(%lu, ctx=%p)\n", __func__, - (unsigned long) minor_code, (void *)ctx); + (unsigned long) minor_code, (void *)ctx); #endif - s = krb5_get_error_message(ctx, minor_code); + s = (char *)krb5_get_error_message(ctx, (krb5_error_code)minor_code); #ifdef DEBUG fprintf(stderr, "%s(%lu, ctx=%p) saving: %s\n", __func__, - (unsigned long) minor_code, (void *)ctx, s); + (unsigned long) minor_code, (void *)ctx, s); #endif save_error_string(minor_code, s); /* The get_error_message call above resets the error message in ctx. Put it back, in case we make this call again *sigh*. */ - krb5_set_error_message(ctx, minor_code, "%s", s); + krb5_set_error_message(ctx, (krb5_error_code)minor_code, "%s", s); krb5_free_error_message(ctx, s); } void krb5_gss_delete_error_info(void *p) @@ -154,44 +154,44 @@ void krb5_gss_delete_error_info(void *p) OM_uint32 krb5_gss_display_status(minor_status, status_value, status_type, - mech_type, message_context, status_string) - OM_uint32 *minor_status; - OM_uint32 status_value; - int status_type; - gss_OID mech_type; - OM_uint32 *message_context; - gss_buffer_t status_string; + mech_type, message_context, status_string) + OM_uint32 *minor_status; + OM_uint32 status_value; + int status_type; + gss_OID mech_type; + OM_uint32 *message_context; + gss_buffer_t status_string; { - status_string->length = 0; - status_string->value = NULL; + status_string->length = 0; + status_string->value = NULL; - if ((mech_type != GSS_C_NULL_OID) && - !g_OID_equal(gss_mech_krb5, mech_type) && - !g_OID_equal(gss_mech_krb5_old, mech_type)) { - *minor_status = 0; - return(GSS_S_BAD_MECH); + if ((mech_type != GSS_C_NULL_OID) && + !g_OID_equal(gss_mech_krb5, mech_type) && + !g_OID_equal(gss_mech_krb5_old, mech_type)) { + *minor_status = 0; + return(GSS_S_BAD_MECH); } - if (status_type == GSS_C_GSS_CODE) { - return(g_display_major_status(minor_status, status_value, - message_context, status_string)); - } else if (status_type == GSS_C_MECH_CODE) { - (void) gssint_initialize_library(); + if (status_type == GSS_C_GSS_CODE) { + return(g_display_major_status(minor_status, status_value, + message_context, status_string)); + } else if (status_type == GSS_C_MECH_CODE) { + (void) gss_krb5int_initialize_library(); - if (*message_context) { - *minor_status = (OM_uint32) G_BAD_MSG_CTX; - return(GSS_S_FAILURE); - } + if (*message_context) { + *minor_status = (OM_uint32) G_BAD_MSG_CTX; + return(GSS_S_FAILURE); + } - /* If this fails, there's not much we can do... */ - if (g_make_string_buffer(krb5_gss_get_error_message(status_value), - status_string) != 0) - *minor_status = ENOMEM; - else - *minor_status = 0; - return 0; - } else { - *minor_status = 0; - return(GSS_S_BAD_STATUS); - } + /* If this fails, there's not much we can do... */ + if (g_make_string_buffer(krb5_gss_get_error_message(status_value), + status_string) != 0) + *minor_status = ENOMEM; + else + *minor_status = 0; + return 0; + } else { + *minor_status = 0; + return(GSS_S_BAD_STATUS); + } } diff --git a/src/lib/gssapi/krb5/duplicate_name.c b/src/lib/gssapi/krb5/duplicate_name.c index 5d352bdf36..add3a2ed03 100644 --- a/src/lib/gssapi/krb5/duplicate_name.c +++ b/src/lib/gssapi/krb5/duplicate_name.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/duplicate_name.c * @@ -28,53 +29,47 @@ #include "gssapiP_krb5.h" OM_uint32 krb5_gss_duplicate_name(OM_uint32 *minor_status, - const gss_name_t input_name, - gss_name_t *dest_name) + const gss_name_t input_name, + gss_name_t *dest_name) { - krb5_context context; - krb5_error_code code; - krb5_principal princ, outprinc; + krb5_context context; + krb5_error_code code; + krb5_principal princ, outprinc; - if (minor_status) - *minor_status = 0; - - code = krb5_gss_init_context(&context); - if (code) { - if (minor_status) - *minor_status = code; - return GSS_S_FAILURE; - } - - if (! kg_validate_name(input_name)) { - if (minor_status) - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } - - princ = (krb5_principal)input_name; - if ((code = krb5_copy_principal(context, princ, &outprinc))) { - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } - - if (! kg_save_name((gss_name_t) outprinc)) { - krb5_free_principal(context, outprinc); - krb5_free_context(context); - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_FAILURE); - } - - krb5_free_context(context); - *dest_name = (gss_name_t) outprinc; - return(GSS_S_COMPLETE); - -} + if (minor_status) + *minor_status = 0; + code = krb5_gss_init_context(&context); + if (code) { + if (minor_status) + *minor_status = code; + return GSS_S_FAILURE; + } + if (! kg_validate_name(input_name)) { + if (minor_status) + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + } + princ = (krb5_principal)input_name; + if ((code = krb5_copy_principal(context, princ, &outprinc))) { + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + if (! kg_save_name((gss_name_t) outprinc)) { + krb5_free_principal(context, outprinc); + krb5_free_context(context); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_FAILURE); + } + krb5_free_context(context); + *dest_name = (gss_name_t) outprinc; + return(GSS_S_COMPLETE); +} diff --git a/src/lib/gssapi/krb5/export_name.c b/src/lib/gssapi/krb5/export_name.c index 9a54032b1d..46664e5a06 100644 --- a/src/lib/gssapi/krb5/export_name.c +++ b/src/lib/gssapi/krb5/export_name.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/export_name.c * @@ -28,68 +29,69 @@ #include "gssapiP_krb5.h" OM_uint32 krb5_gss_export_name(OM_uint32 *minor_status, - const gss_name_t input_name, - gss_buffer_t exported_name) + const gss_name_t input_name, + gss_buffer_t exported_name) { - krb5_context context; - krb5_error_code code; - size_t length; - char *str, *cp; + krb5_context context; + krb5_error_code code; + size_t length; + char *str; + unsigned char *cp; - if (minor_status) - *minor_status = 0; + if (minor_status) + *minor_status = 0; - code = krb5_gss_init_context(&context); - if (code) { - if (minor_status) - *minor_status = code; - return GSS_S_FAILURE; - } + code = krb5_gss_init_context(&context); + if (code) { + if (minor_status) + *minor_status = code; + return GSS_S_FAILURE; + } - exported_name->length = 0; - exported_name->value = NULL; - - if (! kg_validate_name(input_name)) { - if (minor_status) - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } + exported_name->length = 0; + exported_name->value = NULL; - if ((code = krb5_unparse_name(context, (krb5_principal) input_name, - &str))) { - if (minor_status) - *minor_status = code; - save_error_info(code, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } + if (! kg_validate_name(input_name)) { + if (minor_status) + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + } - krb5_free_context(context); - length = strlen(str); - exported_name->length = 10 + length + gss_mech_krb5->length; - exported_name->value = malloc(exported_name->length); - if (!exported_name->value) { - free(str); - if (minor_status) - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - cp = exported_name->value; + if ((code = krb5_unparse_name(context, (krb5_principal) input_name, + &str))) { + if (minor_status) + *minor_status = code; + save_error_info((OM_uint32)code, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } - /* Note: we assume the OID will be less than 128 bytes... */ - *cp++ = 0x04; *cp++ = 0x01; - store_16_be(gss_mech_krb5->length+2, cp); - cp += 2; - *cp++ = 0x06; - *cp++ = (gss_mech_krb5->length) & 0xFF; - memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length); - cp += gss_mech_krb5->length; - store_32_be(length, cp); - cp += 4; - memcpy(cp, str, length); + krb5_free_context(context); + length = strlen(str); + exported_name->length = 10 + length + gss_mech_krb5->length; + exported_name->value = malloc(exported_name->length); + if (!exported_name->value) { + free(str); + if (minor_status) + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + cp = exported_name->value; - free(str); + /* Note: we assume the OID will be less than 128 bytes... */ + *cp++ = 0x04; *cp++ = 0x01; + store_16_be(gss_mech_krb5->length+2, cp); + cp += 2; + *cp++ = 0x06; + *cp++ = (gss_mech_krb5->length) & 0xFF; + memcpy(cp, gss_mech_krb5->elements, gss_mech_krb5->length); + cp += gss_mech_krb5->length; + store_32_be(length, cp); + cp += 4; + memcpy(cp, str, length); - return(GSS_S_COMPLETE); + free(str); + + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c index f20d853d05..f408d09ff3 100644 --- a/src/lib/gssapi/krb5/export_sec_context.c +++ b/src/lib/gssapi/krb5/export_sec_context.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/export_sec_context.c * @@ -26,22 +27,22 @@ */ /* - * export_sec_context.c - Externalize the security context. + * export_sec_context.c - Externalize the security context. */ #include "gssapiP_krb5.h" #ifndef LEAN_CLIENT OM_uint32 krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token) - OM_uint32 *minor_status; - gss_ctx_id_t *context_handle; - gss_buffer_t interprocess_token; + OM_uint32 *minor_status; + gss_ctx_id_t *context_handle; + gss_buffer_t interprocess_token; { - krb5_context context = NULL; - krb5_error_code kret; - OM_uint32 retval; - size_t bufsize, blen; - krb5_gss_ctx_id_t ctx; - krb5_octet *obuffer, *obp; + krb5_context context = NULL; + krb5_error_code kret; + OM_uint32 retval; + size_t bufsize, blen; + krb5_gss_ctx_id_t ctx; + krb5_octet *obuffer, *obp; /* Assume a tragic failure */ obuffer = (krb5_octet *) NULL; @@ -49,35 +50,35 @@ krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token) *minor_status = 0; if (!kg_validate_ctx_id(*context_handle)) { - kret = (OM_uint32) G_VALIDATE_FAILED; - retval = GSS_S_NO_CONTEXT; - goto error_out; + kret = (OM_uint32) G_VALIDATE_FAILED; + retval = GSS_S_NO_CONTEXT; + goto error_out; } ctx = (krb5_gss_ctx_id_t) *context_handle; context = ctx->k5_context; kret = krb5_gss_ser_init(context); if (kret) - goto error_out; + goto error_out; /* Determine size needed for externalization of context */ bufsize = 0; if ((kret = kg_ctx_size(context, (krb5_pointer) ctx, - &bufsize))) - goto error_out; + &bufsize))) + goto error_out; /* Allocate the buffer */ if ((obuffer = (krb5_octet *) xmalloc(bufsize)) == NULL) { - kret = ENOMEM; - goto error_out; + kret = ENOMEM; + goto error_out; } obp = obuffer; blen = bufsize; /* Externalize the context */ if ((kret = kg_ctx_externalize(context, - (krb5_pointer) ctx, &obp, &blen))) - goto error_out; + (krb5_pointer) ctx, &obp, &blen))) + goto error_out; /* Success! Return the buffer */ interprocess_token->length = bufsize - blen; @@ -93,14 +94,14 @@ krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token) error_out: if (retval != GSS_S_COMPLETE) - if (kret != 0 && context != 0) - save_error_info(kret, context); + if (kret != 0 && context != 0) + save_error_info((OM_uint32)kret, context); if (obuffer && bufsize) { - memset(obuffer, 0, bufsize); - xfree(obuffer); + memset(obuffer, 0, bufsize); + xfree(obuffer); } - if (*minor_status == 0) - *minor_status = (OM_uint32) kret; + if (*minor_status == 0) + *minor_status = (OM_uint32) kret; return(retval); } #endif /* LEAN_CLIENT */ diff --git a/src/lib/gssapi/krb5/get_tkt_flags.c b/src/lib/gssapi/krb5/get_tkt_flags.c index 19841a086d..2c12080bb1 100644 --- a/src/lib/gssapi/krb5/get_tkt_flags.c +++ b/src/lib/gssapi/krb5/get_tkt_flags.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -26,30 +27,19 @@ * $Id$ */ -OM_uint32 KRB5_CALLCONV -gss_krb5int_get_tkt_flags(minor_status, context_handle, ticket_flags) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - krb5_flags *ticket_flags; +OM_uint32 KRB5_CALLCONV +gss_krb5int_get_tkt_flags(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) { - krb5_gss_ctx_id_rec *ctx; + krb5_gss_ctx_id_rec *ctx; + gss_buffer_desc rep; - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } + ctx = (krb5_gss_ctx_id_rec *) context_handle; - ctx = (krb5_gss_ctx_id_rec *) context_handle; + rep.value = &ctx->krb_flags; + rep.length = sizeof(ctx->krb_flags); - if (! ctx->established) { - *minor_status = KG_CTX_INCOMPLETE; - return(GSS_S_NO_CONTEXT); - } - - if (ticket_flags) - *ticket_flags = ctx->krb_flags; - - *minor_status = 0; - return(GSS_S_COMPLETE); + return generic_gss_add_buffer_set_member(minor_status, &rep, data_set); } diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 33036fc534..76dfd4429a 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 2000, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,11 +21,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -34,7 +35,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -68,6 +69,7 @@ */ #include "gssapi_krb5.h" #include "gssapi_err_krb5.h" +#include "gssapi_ext.h" /* for debugging */ #undef CFX_EXERCISE @@ -85,44 +87,46 @@ #define GSS_MECH_KRB5_WRONG_OID "\052\206\110\202\367\022\001\002\002" -#define CKSUMTYPE_KG_CB 0x8003 - -#define KG_TOK_CTX_AP_REQ 0x0100 -#define KG_TOK_CTX_AP_REP 0x0200 -#define KG_TOK_CTX_ERROR 0x0300 -#define KG_TOK_SIGN_MSG 0x0101 -#define KG_TOK_SEAL_MSG 0x0201 -#define KG_TOK_MIC_MSG 0x0101 -#define KG_TOK_WRAP_MSG 0x0201 -#define KG_TOK_DEL_CTX 0x0102 +#define CKSUMTYPE_KG_CB 0x8003 -#define KG2_TOK_INITIAL 0x0101 -#define KG2_TOK_RESPONSE 0x0202 -#define KG2_TOK_MIC 0x0303 -#define KG2_TOK_WRAP_INTEG 0x0404 -#define KG2_TOK_WRAP_PRIV 0x0505 +#define KG_TOK_CTX_AP_REQ 0x0100 +#define KG_TOK_CTX_AP_REP 0x0200 +#define KG_TOK_CTX_ERROR 0x0300 +#define KG_TOK_SIGN_MSG 0x0101 +#define KG_TOK_SEAL_MSG 0x0201 +#define KG_TOK_MIC_MSG 0x0101 +#define KG_TOK_WRAP_MSG 0x0201 +#define KG_TOK_DEL_CTX 0x0102 +#define KG2_TOK_MIC_MSG 0x0404 +#define KG2_TOK_WRAP_MSG 0x0504 +#define KG2_TOK_DEL_CTX 0x0405 #define KRB5_GSS_FOR_CREDS_OPTION 1 -#define KG2_RESP_FLAG_ERROR 0x0001 -#define KG2_RESP_FLAG_DELEG_OK 0x0002 +#define KG2_RESP_FLAG_ERROR 0x0001 +#define KG2_RESP_FLAG_DELEG_OK 0x0002 + +/** CFX flags **/ +#define FLAG_SENDER_IS_ACCEPTOR 0x01 +#define FLAG_WRAP_CONFIDENTIAL 0x02 +#define FLAG_ACCEPTOR_SUBKEY 0x04 /* These are to be stored in little-endian order, i.e., des-mac is stored as 02 00. */ enum sgn_alg { - SGN_ALG_DES_MAC_MD5 = 0x0000, - SGN_ALG_MD2_5 = 0x0001, - SGN_ALG_DES_MAC = 0x0002, - SGN_ALG_3 = 0x0003, /* not published */ - SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ - SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 + SGN_ALG_DES_MAC_MD5 = 0x0000, + SGN_ALG_MD2_5 = 0x0001, + SGN_ALG_DES_MAC = 0x0002, + SGN_ALG_3 = 0x0003, /* not published */ + SGN_ALG_HMAC_MD5 = 0x0011, /* microsoft w2k; */ + SGN_ALG_HMAC_SHA1_DES3_KD = 0x0004 }; enum seal_alg { - SEAL_ALG_NONE = 0xffff, - SEAL_ALG_DES = 0x0000, - SEAL_ALG_1 = 0x0001, /* not published */ - SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ - SEAL_ALG_DES3KD = 0x0002 + SEAL_ALG_NONE = 0xffff, + SEAL_ALG_DES = 0x0000, + SEAL_ALG_1 = 0x0001, /* not published */ + SEAL_ALG_MICROSOFT_RC4 = 0x0010, /* microsoft w2k; */ + SEAL_ALG_DES3KD = 0x0002 }; /* for 3DES */ @@ -131,20 +135,20 @@ enum seal_alg { #define KG_USAGE_SEQ 24 /* for draft-ietf-krb-wg-gssapi-cfx-01 */ -#define KG_USAGE_ACCEPTOR_SEAL 22 -#define KG_USAGE_ACCEPTOR_SIGN 23 -#define KG_USAGE_INITIATOR_SEAL 24 -#define KG_USAGE_INITIATOR_SIGN 25 +#define KG_USAGE_ACCEPTOR_SEAL 22 +#define KG_USAGE_ACCEPTOR_SIGN 23 +#define KG_USAGE_INITIATOR_SEAL 24 +#define KG_USAGE_INITIATOR_SIGN 25 enum qop { - GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* *partial* MD5 = "MD2.5" */ - GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002, - GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003, - GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, - GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, - GSS_KRB5_CONF_C_QOP_DES = 0x0100, - GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, - GSS_KRB5_CONF_C_QOP_MASK = 0xff00 + GSS_KRB5_INTEG_C_QOP_MD5 = 0x0001, /* *partial* MD5 = "MD2.5" */ + GSS_KRB5_INTEG_C_QOP_DES_MD5 = 0x0002, + GSS_KRB5_INTEG_C_QOP_DES_MAC = 0x0003, + GSS_KRB5_INTEG_C_QOP_HMAC_SHA1 = 0x0004, + GSS_KRB5_INTEG_C_QOP_MASK = 0x00ff, + GSS_KRB5_CONF_C_QOP_DES = 0x0100, + GSS_KRB5_CONF_C_QOP_DES3_KD = 0x0200, + GSS_KRB5_CONF_C_QOP_MASK = 0xff00 }; /** internal types **/ @@ -152,61 +156,62 @@ enum qop { typedef krb5_principal krb5_gss_name_t; typedef struct _krb5_gss_cred_id_rec { - /* protect against simultaneous accesses */ - k5_mutex_t lock; + /* protect against simultaneous accesses */ + k5_mutex_t lock; - /* name/type of credential */ - gss_cred_usage_t usage; - krb5_principal princ; /* this is not interned as a gss_name_t */ - int prerfc_mech; - int rfc_mech; + /* name/type of credential */ + gss_cred_usage_t usage; + krb5_principal princ; /* this is not interned as a gss_name_t */ + int prerfc_mech; + int rfc_mech; - /* keytab (accept) data */ - krb5_keytab keytab; - krb5_rcache rcache; + /* keytab (accept) data */ + krb5_keytab keytab; + krb5_rcache rcache; - /* ccache (init) data */ - krb5_ccache ccache; - krb5_timestamp tgt_expire; - krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */ -} krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; + /* ccache (init) data */ + krb5_ccache ccache; + krb5_timestamp tgt_expire; + krb5_enctype *req_enctypes; /* limit negotiated enctypes to this list */ +} krb5_gss_cred_id_rec, *krb5_gss_cred_id_t; typedef struct _krb5_gss_ctx_id_rec { - unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */ - unsigned int established : 1; - unsigned int big_endian : 1; - unsigned int have_acceptor_subkey : 1; - unsigned int seed_init : 1; /* XXX tested but never actually set */ - OM_uint32 gss_flags; - unsigned char seed[16]; - krb5_principal here; - krb5_principal there; - krb5_keyblock *subkey; - int signalg; - size_t cksum_size; - int sealalg; - krb5_keyblock *enc; - krb5_keyblock *seq; - krb5_timestamp endtime; - krb5_flags krb_flags; - /* XXX these used to be signed. the old spec is inspecific, and - the new spec specifies unsigned. I don't believe that the change - affects the wire encoding. */ - gssint_uint64 seq_send; - gssint_uint64 seq_recv; - void *seqstate; - krb5_context k5_context; - krb5_auth_context auth_context; - gss_OID_desc *mech_used; + unsigned int initiate : 1; /* nonzero if initiating, zero if accepting */ + unsigned int established : 1; + unsigned int big_endian : 1; + unsigned int have_acceptor_subkey : 1; + unsigned int seed_init : 1; /* XXX tested but never actually set */ + OM_uint32 gss_flags; + unsigned char seed[16]; + krb5_principal here; + krb5_principal there; + krb5_keyblock *subkey; + int signalg; + size_t cksum_size; + int sealalg; + krb5_keyblock *enc; + krb5_keyblock *seq; + krb5_ticket_times krb_times; + krb5_flags krb_flags; + /* XXX these used to be signed. the old spec is inspecific, and + the new spec specifies unsigned. I don't believe that the change + affects the wire encoding. */ + gssint_uint64 seq_send; + gssint_uint64 seq_recv; + void *seqstate; + krb5_context k5_context; + krb5_auth_context auth_context; + gss_OID_desc *mech_used; /* Protocol spec revision 0 => RFC 1964 with 3DES and RC4 enhancements 1 => draft-ietf-krb-wg-gssapi-cfx-01 No others defined so far. */ - int proto; - krb5_cksumtype cksumtype; /* for "main" subkey */ - krb5_keyblock *acceptor_subkey; /* CFX only */ - krb5_cksumtype acceptor_subkey_cksumtype; - int cred_rcache; /* did we get rcache from creds? */ + int proto; + krb5_cksumtype cksumtype; /* for "main" subkey */ + krb5_keyblock *acceptor_subkey; /* CFX only */ + krb5_cksumtype acceptor_subkey_cksumtype; + int cred_rcache; /* did we get rcache from creds? */ + krb5_authdata **authdata; } krb5_gss_ctx_id_rec, *krb5_gss_ctx_id_t; extern g_set kg_vdb; @@ -217,478 +222,690 @@ extern k5_mutex_t gssint_krb5_keytab_lock; /* helper macros */ -#define kg_save_name(name) g_save_name(&kg_vdb,name) -#define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred) -#define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx) -#define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx) +#define kg_save_name(name) g_save_name(&kg_vdb,name) +#define kg_save_cred_id(cred) g_save_cred_id(&kg_vdb,cred) +#define kg_save_ctx_id(ctx) g_save_ctx_id(&kg_vdb,ctx) +#define kg_save_lucidctx_id(lctx) g_save_lucidctx_id(&kg_vdb,lctx) -#define kg_validate_name(name) g_validate_name(&kg_vdb,name) -#define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred) -#define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx) -#define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx) +#define kg_validate_name(name) g_validate_name(&kg_vdb,name) +#define kg_validate_cred_id(cred) g_validate_cred_id(&kg_vdb,cred) +#define kg_validate_ctx_id(ctx) g_validate_ctx_id(&kg_vdb,ctx) +#define kg_validate_lucidctx_id(lctx) g_validate_lucidctx_id(&kg_vdb,lctx) -#define kg_delete_name(name) g_delete_name(&kg_vdb,name) -#define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred) -#define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx) -#define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx) +#define kg_delete_name(name) g_delete_name(&kg_vdb,name) +#define kg_delete_cred_id(cred) g_delete_cred_id(&kg_vdb,cred) +#define kg_delete_ctx_id(ctx) g_delete_ctx_id(&kg_vdb,ctx) +#define kg_delete_lucidctx_id(lctx) g_delete_lucidctx_id(&kg_vdb,lctx) /** helper functions **/ -OM_uint32 kg_get_defcred - (OM_uint32 *minor_status, - gss_cred_id_t *cred); +OM_uint32 kg_get_defcred +(OM_uint32 *minor_status, + gss_cred_id_t *cred); krb5_error_code kg_checksum_channel_bindings - (krb5_context context, gss_channel_bindings_t cb, - krb5_checksum *cksum, - int bigend); +(krb5_context context, gss_channel_bindings_t cb, + krb5_checksum *cksum, + int bigend); krb5_error_code kg_make_seq_num (krb5_context context, - krb5_keyblock *key, - int direction, krb5_ui_4 seqnum, unsigned char *cksum, - unsigned char *buf); + krb5_keyblock *key, + int direction, krb5_ui_4 seqnum, unsigned char *cksum, + unsigned char *buf); krb5_error_code kg_get_seq_num (krb5_context context, - krb5_keyblock *key, - unsigned char *cksum, unsigned char *buf, int *direction, - krb5_ui_4 *seqnum); + krb5_keyblock *key, + unsigned char *cksum, unsigned char *buf, int *direction, + krb5_ui_4 *seqnum); krb5_error_code kg_make_seed (krb5_context context, - krb5_keyblock *key, - unsigned char *seed); + krb5_keyblock *key, + unsigned char *seed); + +krb5_error_code +kg_setup_keys(krb5_context context, + krb5_gss_ctx_id_rec *ctx, + krb5_keyblock *subkey, + krb5_cksumtype *cksumtype); int kg_confounder_size (krb5_context context, krb5_keyblock *key); -krb5_error_code kg_make_confounder (krb5_context context, - krb5_keyblock *key, unsigned char *buf); +krb5_error_code kg_make_confounder (krb5_context context, + krb5_keyblock *key, unsigned char *buf); + +krb5_error_code kg_encrypt (krb5_context context, + krb5_keyblock *key, int usage, + krb5_pointer iv, + krb5_const_pointer in, + krb5_pointer out, + unsigned int length); + +krb5_error_code kg_encrypt_iov (krb5_context context, + int proto, int dce_style, + size_t ec, size_t rrc, + krb5_keyblock *key, int usage, + krb5_pointer iv, + gss_iov_buffer_desc *iov, + int iov_count); -krb5_error_code kg_encrypt (krb5_context context, - krb5_keyblock *key, int usage, - krb5_pointer iv, - krb5_const_pointer in, - krb5_pointer out, - unsigned int length); krb5_error_code kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage, - const unsigned char *kd_data, size_t kd_data_len, - const unsigned char *input_buf, size_t input_len, - unsigned char *output_buf); + const unsigned char *kd_data, size_t kd_data_len, + const unsigned char *input_buf, size_t input_len, + unsigned char *output_buf); + +krb5_error_code +kg_arcfour_docrypt_iov (krb5_context context, + const krb5_keyblock *longterm_key , int ms_usage, + const unsigned char *kd_data, size_t kd_data_len, + gss_iov_buffer_desc *iov, + int iov_count); krb5_error_code kg_decrypt (krb5_context context, - krb5_keyblock *key, int usage, - krb5_pointer iv, - krb5_const_pointer in, - krb5_pointer out, - unsigned int length); + krb5_keyblock *key, int usage, + krb5_pointer iv, + krb5_const_pointer in, + krb5_pointer out, + unsigned int length); + +krb5_error_code kg_decrypt_iov (krb5_context context, + int proto, int dce_style, + size_t ec, size_t rrc, + krb5_keyblock *key, int usage, + krb5_pointer iv, + gss_iov_buffer_desc *iov, + int iov_count); OM_uint32 kg_seal (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - int qop_req, - gss_buffer_t input_message_buffer, - int *conf_state, - gss_buffer_t output_message_buffer, - int toktype); + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer, + int toktype); OM_uint32 kg_unseal (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_token_buffer, - gss_buffer_t message_buffer, - int *conf_state, - int *qop_state, - int toktype); + gss_ctx_id_t context_handle, + gss_buffer_t input_token_buffer, + gss_buffer_t message_buffer, + int *conf_state, + gss_qop_t *qop_state, + int toktype); OM_uint32 kg_seal_size (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, - OM_uint32 output_size, - OM_uint32 *input_size); + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 output_size, + OM_uint32 *input_size); krb5_error_code kg_ctx_size (krb5_context kcontext, - krb5_pointer arg, - size_t *sizep); + krb5_pointer arg, + size_t *sizep); krb5_error_code kg_ctx_externalize (krb5_context kcontext, - krb5_pointer arg, - krb5_octet **buffer, - size_t *lenremain); + krb5_pointer arg, + krb5_octet **buffer, + size_t *lenremain); krb5_error_code kg_ctx_internalize (krb5_context kcontext, - krb5_pointer *argp, - krb5_octet **buffer, - size_t *lenremain); + krb5_pointer *argp, + krb5_octet **buffer, + size_t *lenremain); OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status); -OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status, +OM_uint32 kg_caller_provided_ccache_name (OM_uint32 *minor_status, int *out_caller_provided_name); -OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, +OM_uint32 kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name); -OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status, +OM_uint32 kg_set_ccache_name (OM_uint32 *minor_status, const char *name); +/* AEAD */ + +krb5_error_code gss_krb5int_make_seal_token_v3_iov(krb5_context context, + krb5_gss_ctx_id_rec *ctx, + int conf_req_flag, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype); + +OM_uint32 gss_krb5int_unseal_v3_iov(krb5_context context, + OM_uint32 *minor_status, + krb5_gss_ctx_id_rec *ctx, + gss_iov_buffer_desc *iov, + int iov_count, + int *conf_state, + gss_qop_t *qop_state, + int toktype); + +gss_iov_buffer_t kg_locate_iov (gss_iov_buffer_desc *iov, + int iov_count, + OM_uint32 type); + +void kg_iov_msglen(gss_iov_buffer_desc *iov, + int iov_count, + size_t *data_length, + size_t *assoc_data_length); + +void kg_release_iov(gss_iov_buffer_desc *iov, + int iov_count); + +krb5_error_code kg_make_checksum_iov_v1(krb5_context context, + krb5_cksumtype type, + size_t token_cksum_len, + krb5_keyblock *seq, + krb5_keyblock *enc, /* for conf len */ + krb5_keyusage sign_usage, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype, + krb5_checksum *checksum); + +krb5_error_code kg_make_checksum_iov_v3(krb5_context context, + krb5_cksumtype type, + size_t rrc, + krb5_keyblock *key, + krb5_keyusage sign_usage, + gss_iov_buffer_desc *iov, + int iov_count); + +krb5_error_code kg_verify_checksum_iov_v3(krb5_context context, + krb5_cksumtype type, + size_t rrc, + krb5_keyblock *key, + krb5_keyusage sign_usage, + gss_iov_buffer_desc *iov, + int iov_count, + krb5_boolean *valid); + +OM_uint32 kg_seal_iov (OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype); + +OM_uint32 kg_unseal_iov (OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype); + +OM_uint32 kg_seal_iov_length(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count); + +krb5_cryptotype kg_translate_flag_iov(OM_uint32 type); + +OM_uint32 kg_fixup_padding_iov(OM_uint32 *minor_status, + gss_iov_buffer_desc *iov, + int iov_count); + +int kg_map_toktype(int proto, int toktype); + +krb5_boolean kg_integ_only_iov(gss_iov_buffer_desc *iov, int iov_count); + +krb5_error_code kg_allocate_iov(gss_iov_buffer_t iov, size_t size); + /** declarations of internal name mechanism functions **/ OM_uint32 krb5_gss_acquire_cred (OM_uint32*, /* minor_status */ - gss_name_t, /* desired_name */ - OM_uint32, /* time_req */ - gss_OID_set, /* desired_mechs */ - gss_cred_usage_t, /* cred_usage */ - gss_cred_id_t*, /* output_cred_handle */ - gss_OID_set*, /* actual_mechs */ - OM_uint32* /* time_rec */ - ); + gss_name_t, /* desired_name */ + OM_uint32, /* time_req */ + gss_OID_set, /* desired_mechs */ + gss_cred_usage_t, /* cred_usage */ + gss_cred_id_t*, /* output_cred_handle */ + gss_OID_set*, /* actual_mechs */ + OM_uint32* /* time_rec */ +); OM_uint32 krb5_gss_release_cred (OM_uint32*, /* minor_status */ - gss_cred_id_t* /* cred_handle */ - ); + gss_cred_id_t* /* cred_handle */ +); OM_uint32 krb5_gss_init_sec_context (OM_uint32*, /* minor_status */ - gss_cred_id_t, /* claimant_cred_handle */ - gss_ctx_id_t*, /* context_handle */ - gss_name_t, /* target_name */ - gss_OID, /* mech_type */ - OM_uint32, /* req_flags */ - OM_uint32, /* time_req */ - gss_channel_bindings_t, - /* input_chan_bindings */ - gss_buffer_t, /* input_token */ - gss_OID*, /* actual_mech_type */ - gss_buffer_t, /* output_token */ - OM_uint32*, /* ret_flags */ - OM_uint32* /* time_rec */ - ); + gss_cred_id_t, /* claimant_cred_handle */ + gss_ctx_id_t*, /* context_handle */ + gss_name_t, /* target_name */ + gss_OID, /* mech_type */ + OM_uint32, /* req_flags */ + OM_uint32, /* time_req */ + gss_channel_bindings_t, + /* input_chan_bindings */ + gss_buffer_t, /* input_token */ + gss_OID*, /* actual_mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32*, /* ret_flags */ + OM_uint32* /* time_rec */ +); #ifndef LEAN_CLIENT OM_uint32 krb5_gss_accept_sec_context (OM_uint32*, /* minor_status */ - gss_ctx_id_t*, /* context_handle */ - gss_cred_id_t, /* verifier_cred_handle */ - gss_buffer_t, /* input_token_buffer */ - gss_channel_bindings_t, - /* input_chan_bindings */ - gss_name_t*, /* src_name */ - gss_OID*, /* mech_type */ - gss_buffer_t, /* output_token */ - OM_uint32*, /* ret_flags */ - OM_uint32*, /* time_rec */ - gss_cred_id_t* /* delegated_cred_handle */ - ); + gss_ctx_id_t*, /* context_handle */ + gss_cred_id_t, /* verifier_cred_handle */ + gss_buffer_t, /* input_token_buffer */ + gss_channel_bindings_t, + /* input_chan_bindings */ + gss_name_t*, /* src_name */ + gss_OID*, /* mech_type */ + gss_buffer_t, /* output_token */ + OM_uint32*, /* ret_flags */ + OM_uint32*, /* time_rec */ + gss_cred_id_t* /* delegated_cred_handle */ +); #endif /* LEAN_CLIENT */ OM_uint32 krb5_gss_process_context_token (OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t /* token_buffer */ - ); + gss_ctx_id_t, /* context_handle */ + gss_buffer_t /* token_buffer */ +); OM_uint32 krb5_gss_delete_sec_context (OM_uint32*, /* minor_status */ - gss_ctx_id_t*, /* context_handle */ - gss_buffer_t /* output_token */ - ); + gss_ctx_id_t*, /* context_handle */ + gss_buffer_t /* output_token */ +); OM_uint32 krb5_gss_context_time (OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - OM_uint32* /* time_rec */ - ); - -OM_uint32 krb5_gss_sign -(OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ - ); - -OM_uint32 krb5_gss_verify -(OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* token_buffer */ - int* /* qop_state */ - ); - -OM_uint32 krb5_gss_seal -(OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - int, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ - int*, /* conf_state */ - gss_buffer_t /* output_message_buffer */ - ); - -OM_uint32 krb5_gss_unseal -(OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ - gss_buffer_t, /* output_message_buffer */ - int*, /* conf_state */ - int* /* qop_state */ - ); + gss_ctx_id_t, /* context_handle */ + OM_uint32* /* time_rec */ +); OM_uint32 krb5_gss_display_status (OM_uint32*, /* minor_status */ - OM_uint32, /* status_value */ - int, /* status_type */ - gss_OID, /* mech_type */ - OM_uint32*, /* message_context */ - gss_buffer_t /* status_string */ - ); + OM_uint32, /* status_value */ + int, /* status_type */ + gss_OID, /* mech_type */ + OM_uint32*, /* message_context */ + gss_buffer_t /* status_string */ +); OM_uint32 krb5_gss_indicate_mechs (OM_uint32*, /* minor_status */ - gss_OID_set* /* mech_set */ - ); + gss_OID_set* /* mech_set */ +); OM_uint32 krb5_gss_compare_name (OM_uint32*, /* minor_status */ - gss_name_t, /* name1 */ - gss_name_t, /* name2 */ - int* /* name_equal */ - ); + gss_name_t, /* name1 */ + gss_name_t, /* name2 */ + int* /* name_equal */ +); OM_uint32 krb5_gss_display_name (OM_uint32*, /* minor_status */ - gss_name_t, /* input_name */ - gss_buffer_t, /* output_name_buffer */ - gss_OID* /* output_name_type */ - ); + gss_name_t, /* input_name */ + gss_buffer_t, /* output_name_buffer */ + gss_OID* /* output_name_type */ +); OM_uint32 krb5_gss_import_name (OM_uint32*, /* minor_status */ - gss_buffer_t, /* input_name_buffer */ - gss_OID, /* input_name_type */ - gss_name_t* /* output_name */ - ); + gss_buffer_t, /* input_name_buffer */ + gss_OID, /* input_name_type */ + gss_name_t* /* output_name */ +); OM_uint32 krb5_gss_release_name (OM_uint32*, /* minor_status */ - gss_name_t* /* input_name */ - ); + gss_name_t* /* input_name */ +); OM_uint32 krb5_gss_inquire_cred (OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_name_t *, /* name */ - OM_uint32 *, /* lifetime */ - gss_cred_usage_t*,/* cred_usage */ - gss_OID_set * /* mechanisms */ - ); + gss_cred_id_t, /* cred_handle */ + gss_name_t *, /* name */ + OM_uint32 *, /* lifetime */ + gss_cred_usage_t*,/* cred_usage */ + gss_OID_set * /* mechanisms */ +); OM_uint32 krb5_gss_inquire_context (OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_name_t*, /* initiator_name */ - gss_name_t*, /* acceptor_name */ - OM_uint32*, /* lifetime_rec */ - gss_OID*, /* mech_type */ - OM_uint32*, /* ret_flags */ - int*, /* locally_initiated */ - int* /* open */ - ); + gss_ctx_id_t, /* context_handle */ + gss_name_t*, /* initiator_name */ + gss_name_t*, /* acceptor_name */ + OM_uint32*, /* lifetime_rec */ + gss_OID*, /* mech_type */ + OM_uint32*, /* ret_flags */ + int*, /* locally_initiated */ + int* /* open */ +); /* New V2 entry points */ OM_uint32 krb5_gss_get_mic -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_qop_t, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ - ); +(OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t /* message_token */ +); OM_uint32 krb5_gss_verify_mic -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* message_token */ - gss_qop_t * /* qop_state */ - ); +(OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* message_buffer */ + gss_buffer_t, /* message_token */ + gss_qop_t * /* qop_state */ +); OM_uint32 krb5_gss_wrap +(OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* input_message_buffer */ + int *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ +); + +OM_uint32 krb5_gss_wrap_iov (OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - gss_qop_t, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ - int *, /* conf_state */ - gss_buffer_t /* output_message_buffer */ - ); + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + int *, /* conf_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ +); + +OM_uint32 +krb5_gss_wrap_iov_length +(OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + int *, /* conf_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ +); OM_uint32 krb5_gss_unwrap +(OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* output_message_buffer */ + int *, /* conf_state */ + gss_qop_t * /* qop_state */ +); + +OM_uint32 krb5_gss_unwrap_iov (OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ - gss_buffer_t, /* output_message_buffer */ - int *, /* conf_state */ - gss_qop_t * /* qop_state */ - ); + gss_ctx_id_t, /* context_handle */ + int *, /* conf_state */ + gss_qop_t *, /* qop_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ +); OM_uint32 krb5_gss_wrap_size_limit -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - gss_qop_t, /* qop_req */ - OM_uint32, /* req_output_size */ - OM_uint32 * /* max_input_size */ - ); +(OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + OM_uint32, /* req_output_size */ + OM_uint32 * /* max_input_size */ +); OM_uint32 krb5_gss_import_name_object -(OM_uint32 *, /* minor_status */ - void *, /* input_name */ - gss_OID, /* input_name_type */ - gss_name_t * /* output_name */ - ); +(OM_uint32 *, /* minor_status */ + void *, /* input_name */ + gss_OID, /* input_name_type */ + gss_name_t * /* output_name */ +); OM_uint32 krb5_gss_export_name_object -(OM_uint32 *, /* minor_status */ - gss_name_t, /* input_name */ - gss_OID, /* desired_name_type */ - void * * /* output_name */ - ); +(OM_uint32 *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID, /* desired_name_type */ + void * * /* output_name */ +); OM_uint32 krb5_gss_add_cred -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* input_cred_handle */ - gss_name_t, /* desired_name */ - gss_OID, /* desired_mech */ - gss_cred_usage_t, /* cred_usage */ - OM_uint32, /* initiator_time_req */ - OM_uint32, /* acceptor_time_req */ - gss_cred_id_t *, /* output_cred_handle */ - gss_OID_set *, /* actual_mechs */ - OM_uint32 *, /* initiator_time_rec */ - OM_uint32 * /* acceptor_time_rec */ - ); +(OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* input_cred_handle */ + gss_name_t, /* desired_name */ + gss_OID, /* desired_mech */ + gss_cred_usage_t, /* cred_usage */ + OM_uint32, /* initiator_time_req */ + OM_uint32, /* acceptor_time_req */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 *, /* initiator_time_rec */ + OM_uint32 * /* acceptor_time_rec */ +); OM_uint32 krb5_gss_inquire_cred_by_mech -(OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_OID, /* mech_type */ - gss_name_t *, /* name */ - OM_uint32 *, /* initiator_lifetime */ - OM_uint32 *, /* acceptor_lifetime */ - gss_cred_usage_t * /* cred_usage */ - ); +(OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + gss_OID, /* mech_type */ + gss_name_t *, /* name */ + OM_uint32 *, /* initiator_lifetime */ + OM_uint32 *, /* acceptor_lifetime */ + gss_cred_usage_t * /* cred_usage */ +); #ifndef LEAN_CLIENT OM_uint32 krb5_gss_export_sec_context -(OM_uint32 *, /* minor_status */ - gss_ctx_id_t *, /* context_handle */ - gss_buffer_t /* interprocess_token */ - ); +(OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + gss_buffer_t /* interprocess_token */ +); OM_uint32 krb5_gss_import_sec_context -(OM_uint32 *, /* minor_status */ - gss_buffer_t, /* interprocess_token */ - gss_ctx_id_t * /* context_handle */ - ); +(OM_uint32 *, /* minor_status */ + gss_buffer_t, /* interprocess_token */ + gss_ctx_id_t * /* context_handle */ +); #endif /* LEAN_CLIENT */ krb5_error_code krb5_gss_ser_init(krb5_context); OM_uint32 krb5_gss_release_oid -(OM_uint32 *, /* minor_status */ - gss_OID * /* oid */ - ); +(OM_uint32 *, /* minor_status */ + gss_OID * /* oid */ +); OM_uint32 krb5_gss_internal_release_oid -(OM_uint32 *, /* minor_status */ - gss_OID * /* oid */ - ); +(OM_uint32 *, /* minor_status */ + gss_OID * /* oid */ +); OM_uint32 krb5_gss_inquire_names_for_mech -(OM_uint32 *, /* minor_status */ - gss_OID, /* mechanism */ - gss_OID_set * /* name_types */ - ); +(OM_uint32 *, /* minor_status */ + gss_OID, /* mechanism */ + gss_OID_set * /* name_types */ +); OM_uint32 krb5_gss_canonicalize_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - const gss_OID, /* mech_type */ - gss_name_t * /* output_name */ - ); - +(OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + const gss_OID, /* mech_type */ + gss_name_t * /* output_name */ +); + OM_uint32 krb5_gss_export_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_buffer_t /* exported_name */ - ); +(OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_buffer_t /* exported_name */ +); OM_uint32 krb5_gss_duplicate_name -(OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_name_t * /* dest_name */ - ); +(OM_uint32 *, /* minor_status */ + const gss_name_t, /* input_name */ + gss_name_t * /* dest_name */ +); OM_uint32 krb5_gss_validate_cred -(OM_uint32 *, /* minor_status */ - gss_cred_id_t /* cred */ - ); +(OM_uint32 *, /* minor_status */ + gss_cred_id_t /* cred */ +); OM_uint32 krb5_gss_validate_cred_1(OM_uint32 * /* minor_status */, - gss_cred_id_t /* cred_handle */, - krb5_context /* context */); + gss_cred_id_t /* cred_handle */, + krb5_context /* context */); gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid); - + krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context, - krb5_gss_ctx_id_rec *, - const gss_buffer_desc *, - gss_buffer_t, - int, int); + krb5_gss_ctx_id_rec *, + const gss_buffer_desc *, + gss_buffer_t, + int, int); OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, - OM_uint32 *minor_status, - krb5_gss_ctx_id_rec *ctx, - unsigned char *ptr, - unsigned int bodysize, - gss_buffer_t message_buffer, - int *conf_state, int *qop_state, - int toktype); + OM_uint32 *minor_status, + krb5_gss_ctx_id_rec *ctx, + unsigned char *ptr, + unsigned int bodysize, + gss_buffer_t message_buffer, + int *conf_state, gss_qop_t *qop_state, + int toktype); + +int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc); /* * These take unglued krb5-mech-specific contexts. */ -OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags - (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_flags *ticket_flags); +#define GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH 11 +#define GSS_KRB5_GET_TKT_FLAGS_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x01" + +OM_uint32 KRB5_CALLCONV gss_krb5int_get_tkt_flags +(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); + +#define GSS_KRB5_COPY_CCACHE_OID_LENGTH 11 +#define GSS_KRB5_COPY_CCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x02" OM_uint32 KRB5_CALLCONV gss_krb5int_copy_ccache - (OM_uint32 *minor_status, - gss_cred_id_t cred_handle, - krb5_ccache out_ccache); +(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID desired_oid, + const gss_buffer_t value); -OM_uint32 KRB5_CALLCONV -gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, - gss_cred_id_t cred, - OM_uint32 num_ktypes, - krb5_enctype *ktypes); +#define GSS_KRB5_CCACHE_NAME_OID_LENGTH 11 +#define GSS_KRB5_CCACHE_NAME_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x03" + +struct krb5_gss_ccache_name_req { + const char *name; + const char **out_name; +}; + +OM_uint32 KRB5_CALLCONV gss_krb5int_ccache_name + (OM_uint32 *minor_status, + const gss_OID, + const gss_OID, + const gss_buffer_t); + +#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH 11 +#define GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x04" + +struct krb5_gss_set_allowable_enctypes_req { + OM_uint32 num_ktypes; + krb5_enctype *ktypes; +}; + +#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH 11 +#define GSS_KRB5_INQ_SSPI_SESSION_KEY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" + +OM_uint32 +gss_krb5int_inq_session_key(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); OM_uint32 KRB5_CALLCONV +gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + const gss_OID desired_oid, + const gss_buffer_t value); + +#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH 11 +#define GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x06" + +OM_uint32 gss_krb5int_export_lucid_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t *context_handle, - OM_uint32 version, - void **kctx); + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set); +#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH 11 +#define GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x07" + +OM_uint32 +gss_krb5int_free_lucid_sec_context(OM_uint32 *, const gss_OID, + const gss_OID, gss_buffer_t); extern k5_mutex_t kg_kdc_flag_mutex; krb5_error_code krb5_gss_init_context (krb5_context *ctxp); +#define GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH 11 +#define GSS_KRB5_USE_KDC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x08" + +OM_uint32 krb5int_gss_use_kdc_context(OM_uint32 *, const gss_OID, + const gss_OID, gss_buffer_t); + krb5_error_code krb5_gss_use_kdc_context(void); +#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH 11 +#define GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x09" + +OM_uint32 +gss_krb5int_register_acceptor_identity(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t); + +#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 11 +#define GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0a" + +OM_uint32 +gss_krb5int_extract_authz_data_from_sec_context(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *ad_data); + +#define GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH 11 +#define GSS_KRB5_SET_CRED_RCACHE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0b" + +OM_uint32 +gss_krb5int_set_cred_rcache(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t); + +#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH 11 +#define GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x0c" + +OM_uint32 +gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *, + const gss_ctx_id_t, + const gss_OID, + gss_buffer_set_t *); + +#ifdef _GSS_STATIC_LINK +int gss_krb5int_lib_init(void); +void gss_krb5int_lib_fini(void); +#endif /* _GSS_STATIC_LINK */ + +OM_uint32 gss_krb5int_initialize_library(void); +void gss_krb5int_cleanup_library(void); + /* For error message handling. */ /* Returns a shared string, not a private copy! */ extern char * @@ -701,12 +918,16 @@ krb5_gss_save_error_message(OM_uint32 minor_code, const char *format, ...) __attribute__((__format__(__printf__, 2, 3))) #endif ; -extern void -krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx); + extern void + krb5_gss_save_error_info(OM_uint32 minor_code, krb5_context ctx); #define get_error_message krb5_gss_get_error_message #define save_error_string krb5_gss_save_error_string #define save_error_message krb5_gss_save_error_message #define save_error_info krb5_gss_save_error_info extern void krb5_gss_delete_error_info(void *p); +/* Prefix concatenated with Kerberos encryption type */ +#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH 10 +#define GSS_KRB5_SESSION_KEY_ENCTYPE_OID "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04" + #endif /* _GSSAPIP_KRB5_H_ */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 95a8763711..16ab581a9b 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -22,14 +23,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -40,11 +41,38 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ /* * $Id$ @@ -54,6 +82,7 @@ /* For declaration of krb5_ser_context_init */ #include "k5-int.h" #include "gssapiP_krb5.h" +#include "mglueP.h" /** exported constants defined in gssapi_krb5{,_nx}.h **/ @@ -61,21 +90,27 @@ /* * The OID of the draft krb5 mechanism, assigned by IETF, is: - * iso(1) org(3) dod(5) internet(1) security(5) - * kerberosv5(2) = 1.3.5.1.5.2 + * iso(1) org(3) dod(5) internet(1) security(5) + * kerberosv5(2) = 1.3.5.1.5.2 * The OID of the krb5_name type is: - * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) - * krb5(2) krb5_name(1) = 1.2.840.113554.1.2.2.1 + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * krb5(2) krb5_name(1) = 1.2.840.113554.1.2.2.1 * The OID of the krb5_principal type is: - * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) - * krb5(2) krb5_principal(2) = 1.2.840.113554.1.2.2.2 + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * krb5(2) krb5_principal(2) = 1.2.840.113554.1.2.2.2 * The OID of the proposed standard krb5 mechanism is: - * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) - * krb5(2) = 1.2.840.113554.1.2.2 + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * krb5(2) = 1.2.840.113554.1.2.2 * The OID of the proposed standard krb5 v2 mechanism is: - * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) - * krb5v2(3) = 1.2.840.113554.1.2.3 - * + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * krb5v2(3) = 1.2.840.113554.1.2.3 + * Provisionally reserved for Kerberos session key algorithm + * identifiers is: + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * krb5(2) krb5_enctype(4) = 1.2.840.113554.1.2.2.4 + * Provisionally reserved for Kerberos mechanism-specific APIs: + * iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) + * krb5(2) krb5_gssapi_ext(5) = 1.2.840.113554.1.2.2.5 */ /* @@ -86,26 +121,26 @@ */ const gss_OID_desc krb5_gss_oid_array[] = { - /* this is the official, rfc-specified OID */ - {GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID}, - /* this pre-RFC mech OID */ - {GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID}, - /* this is the unofficial, incorrect mech OID emitted by MS */ - {GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID}, - /* this is the v2 assigned OID */ - {9, "\052\206\110\206\367\022\001\002\003"}, - /* these two are name type OID's */ + /* this is the official, rfc-specified OID */ + {GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID}, + /* this pre-RFC mech OID */ + {GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID}, + /* this is the unofficial, incorrect mech OID emitted by MS */ + {GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID}, + /* this is the v2 assigned OID */ + {9, "\052\206\110\206\367\022\001\002\003"}, + /* these two are name type OID's */ /* 2.1.1. Kerberos Principal Name Form: (rfc 1964) * This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * krb5(2) krb5_name(1)}. The recommended symbolic name for this type * is "GSS_KRB5_NT_PRINCIPAL_NAME". */ - {10, "\052\206\110\206\367\022\001\002\002\001"}, + {10, "\052\206\110\206\367\022\001\002\002\001"}, - /* gss_nt_krb5_principal. Object identifier for a krb5_principal. Do not use. */ - {10, "\052\206\110\206\367\022\001\002\002\002"}, - { 0, 0 } + /* gss_nt_krb5_principal. Object identifier for a krb5_principal. Do not use. */ + {10, "\052\206\110\206\367\022\001\002\002\002"}, + { 0, 0 } }; const gss_OID_desc * const gss_mech_krb5 = krb5_gss_oid_array+0; @@ -116,11 +151,11 @@ const gss_OID_desc * const gss_nt_krb5_principal = krb5_gss_oid_array+5; const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME = krb5_gss_oid_array+4; static const gss_OID_set_desc oidsets[] = { - {1, (gss_OID) krb5_gss_oid_array+0}, - {1, (gss_OID) krb5_gss_oid_array+1}, - {3, (gss_OID) krb5_gss_oid_array+0}, - {1, (gss_OID) krb5_gss_oid_array+2}, - {3, (gss_OID) krb5_gss_oid_array+0}, + {1, (gss_OID) krb5_gss_oid_array+0}, + {1, (gss_OID) krb5_gss_oid_array+1}, + {3, (gss_OID) krb5_gss_oid_array+0}, + {1, (gss_OID) krb5_gss_oid_array+2}, + {3, (gss_OID) krb5_gss_oid_array+0}, }; const gss_OID_set_desc * const gss_mech_set_krb5 = oidsets+0; @@ -137,54 +172,54 @@ g_set kg_vdb = G_SET_INIT; */ OM_uint32 kg_get_defcred(minor_status, cred) - OM_uint32 *minor_status; - gss_cred_id_t *cred; + OM_uint32 *minor_status; + gss_cred_id_t *cred; { OM_uint32 major; - - if ((major = krb5_gss_acquire_cred(minor_status, - (gss_name_t) NULL, GSS_C_INDEFINITE, - GSS_C_NULL_OID_SET, GSS_C_INITIATE, - cred, NULL, NULL)) && GSS_ERROR(major)) { - return(major); - } - *minor_status = 0; - return(GSS_S_COMPLETE); + + if ((major = krb5_gss_acquire_cred(minor_status, + (gss_name_t) NULL, GSS_C_INDEFINITE, + GSS_C_NULL_OID_SET, GSS_C_INITIATE, + cred, NULL, NULL)) && GSS_ERROR(major)) { + return(major); + } + *minor_status = 0; + return(GSS_S_COMPLETE); } OM_uint32 kg_sync_ccache_name (krb5_context context, OM_uint32 *minor_status) { OM_uint32 err = 0; - - /* + + /* * Sync up the context ccache name with the GSSAPI ccache name. - * If kg_ccache_name is NULL -- normal unless someone has called - * gss_krb5_ccache_name() -- then the system default ccache will + * If kg_ccache_name is NULL -- normal unless someone has called + * gss_krb5_ccache_name() -- then the system default ccache will * be picked up and used by resetting the context default ccache. * This is needed for platforms which support multiple ccaches. */ - + if (!err) { /* if NULL, resets the context default ccache */ err = krb5_cc_set_default_name(context, - (char *) k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME)); + (char *) k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME)); } - + *minor_status = err; return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } /* This function returns whether or not the caller set a cccache name. Used by - * gss_acquire_cred to figure out if the caller wants to only look at this + * gss_acquire_cred to figure out if the caller wants to only look at this * ccache or search the cache collection for the desired name */ OM_uint32 -kg_caller_provided_ccache_name (OM_uint32 *minor_status, -int *out_caller_provided_name) +kg_caller_provided_ccache_name (OM_uint32 *minor_status, + int *out_caller_provided_name) { if (out_caller_provided_name) { - *out_caller_provided_name = - (k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME) != NULL); + *out_caller_provided_name = + (k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME) != NULL); } *minor_status = 0; @@ -199,31 +234,31 @@ kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name) char *kg_ccache_name; kg_ccache_name = k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME); - + if (kg_ccache_name != NULL) { - name = strdup(kg_ccache_name); - if (name == NULL) - err = ENOMEM; + name = strdup(kg_ccache_name); + if (name == NULL) + err = ENOMEM; } else { - krb5_context context = NULL; - - /* Reset the context default ccache (see text above), and then - retrieve it. */ - err = krb5_gss_init_context(&context); - if (!err) - err = krb5_cc_set_default_name (context, NULL); - if (!err) { - name = krb5_cc_default_name(context); - if (name) { - name = strdup(name); - if (name == NULL) - err = ENOMEM; - } - } - if (err && context) - save_error_info(err, context); - if (context) - krb5_free_context(context); + krb5_context context = NULL; + + /* Reset the context default ccache (see text above), and then + retrieve it. */ + err = krb5_gss_init_context(&context); + if (!err) + err = krb5_cc_set_default_name (context, NULL); + if (!err) { + name = krb5_cc_default_name(context); + if (name) { + name = strdup(name); + if (name == NULL) + err = ENOMEM; + } + } + if (err && context) + save_error_info(err, context); + if (context) + krb5_free_context(context); } if (!err) { @@ -231,7 +266,7 @@ kg_get_ccache_name (OM_uint32 *minor_status, const char **out_name) *out_name = name; } } - + *minor_status = err; return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } @@ -245,12 +280,11 @@ kg_set_ccache_name (OM_uint32 *minor_status, const char *name) krb5_error_code kerr; if (name) { - new_name = malloc(strlen(name) + 1); - if (new_name == NULL) { - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - strcpy(new_name, name); + new_name = strdup(name); + if (new_name == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } } kg_ccache_name = k5_getspecific(K5_KEY_GSS_KRB5_CCACHE_NAME); @@ -259,14 +293,502 @@ kg_set_ccache_name (OM_uint32 *minor_status, const char *name) new_name = swap; kerr = k5_setspecific(K5_KEY_GSS_KRB5_CCACHE_NAME, kg_ccache_name); if (kerr != 0) { - /* Can't store, so free up the storage. */ - free(kg_ccache_name); - /* ??? free(new_name); */ - *minor_status = kerr; - return GSS_S_FAILURE; + /* Can't store, so free up the storage. */ + free(kg_ccache_name); + /* ??? free(new_name); */ + *minor_status = kerr; + return GSS_S_FAILURE; } free (new_name); *minor_status = 0; return GSS_S_COMPLETE; } + +#define g_OID_prefix_equal(o1, o2) \ + (((o1)->length >= (o2)->length) && \ + (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0)) + +/* + * gss_inquire_sec_context_by_oid() methods + */ +static struct { + gss_OID_desc oid; + OM_uint32 (*func)(OM_uint32 *, const gss_ctx_id_t, const gss_OID, gss_buffer_set_t *); +} krb5_gss_inquire_sec_context_by_oid_ops[] = { + { + {GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, GSS_KRB5_GET_TKT_FLAGS_OID}, + gss_krb5int_get_tkt_flags + }, + { + {GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID}, + gss_krb5int_extract_authz_data_from_sec_context + }, + { + {GSS_KRB5_INQ_SSPI_SESSION_KEY_OID_LENGTH, GSS_KRB5_INQ_SSPI_SESSION_KEY_OID}, + gss_krb5int_inq_session_key + }, + { + {GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID}, + gss_krb5int_export_lucid_sec_context + }, + { + {GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID}, + gss_krb5int_extract_authtime_from_sec_context + } +}; + +static OM_uint32 +krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + krb5_gss_ctx_id_rec *ctx; + size_t i; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + if (desired_object == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ; + + if (data_set == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *data_set = GSS_C_NO_BUFFER_SET; + + if (!kg_validate_ctx_id(context_handle)) + return GSS_S_NO_CONTEXT; + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + if (!ctx->established) + return GSS_S_NO_CONTEXT; + + for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/ + sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) { + if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) { + return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status, + context_handle, + desired_object, + data_set); + } + } + + *minor_status = EINVAL; + + return GSS_S_UNAVAILABLE; +} + +/* + * gss_inquire_cred_by_oid() methods + */ +static struct { + gss_OID_desc oid; + OM_uint32 (*func)(OM_uint32 *, const gss_cred_id_t, const gss_OID, gss_buffer_set_t *); +} krb5_gss_inquire_cred_by_oid_ops[] = { +}; + +static OM_uint32 +krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + OM_uint32 major_status = GSS_S_FAILURE; + krb5_gss_cred_id_t cred; + size_t i; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + if (desired_object == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ; + + if (data_set == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *data_set = GSS_C_NO_BUFFER_SET; + if (cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED; + return GSS_S_NO_CRED; + } + + major_status = krb5_gss_validate_cred(minor_status, cred_handle); + if (GSS_ERROR(major_status)) + return major_status; + + cred = (krb5_gss_cred_id_t) cred_handle; + + for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/ + sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) { + if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_cred_by_oid_ops[i].oid)) { + return (*krb5_gss_inquire_cred_by_oid_ops[i].func)(minor_status, + cred_handle, + desired_object, + data_set); + } + } + + *minor_status = EINVAL; + + return GSS_S_UNAVAILABLE; +} + +/* + * gss_set_sec_context_option() methods + */ +static struct { + gss_OID_desc oid; + OM_uint32 (*func)(OM_uint32 *, gss_ctx_id_t *, const gss_OID, const gss_buffer_t); +} krb5_gss_set_sec_context_option_ops[] = { +}; + +static OM_uint32 +krb5_gss_set_sec_context_option (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + size_t i; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + if (context_handle == NULL) + return GSS_S_CALL_INACCESSIBLE_READ; + + if (desired_object == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ; + + if (*context_handle != GSS_C_NO_CONTEXT) { + krb5_gss_ctx_id_rec *ctx; + + if (!kg_validate_ctx_id(*context_handle)) + return GSS_S_NO_CONTEXT; + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + if (!ctx->established) + return GSS_S_NO_CONTEXT; + } + + for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/ + sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) { + if (g_OID_prefix_equal(desired_object, &krb5_gss_set_sec_context_option_ops[i].oid)) { + return (*krb5_gss_set_sec_context_option_ops[i].func)(minor_status, + context_handle, + desired_object, + value); + } + } + + *minor_status = EINVAL; + + return GSS_S_UNAVAILABLE; +} + +/* + * gssspi_set_cred_option() methods + */ +static struct { + gss_OID_desc oid; + OM_uint32 (*func)(OM_uint32 *, gss_cred_id_t, const gss_OID, const gss_buffer_t); +} krb5_gssspi_set_cred_option_ops[] = { + { + {GSS_KRB5_COPY_CCACHE_OID_LENGTH, GSS_KRB5_COPY_CCACHE_OID}, + gss_krb5int_copy_ccache + }, + { + {GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID}, + gss_krb5int_set_allowable_enctypes + }, + { + {GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, GSS_KRB5_SET_CRED_RCACHE_OID}, + gss_krb5int_set_cred_rcache + } +}; + +static OM_uint32 +krb5_gssspi_set_cred_option(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + OM_uint32 major_status = GSS_S_FAILURE; + size_t i; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + if (cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = (OM_uint32)KRB5_NOCREDS_SUPPLIED; + return GSS_S_NO_CRED; + } + + if (desired_object == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ; + + major_status = krb5_gss_validate_cred(minor_status, cred_handle); + if (GSS_ERROR(major_status)) + return major_status; + + for (i = 0; i < sizeof(krb5_gssspi_set_cred_option_ops)/ + sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) { + if (g_OID_prefix_equal(desired_object, &krb5_gssspi_set_cred_option_ops[i].oid)) { + return (*krb5_gssspi_set_cred_option_ops[i].func)(minor_status, + cred_handle, + desired_object, + value); + } + } + + *minor_status = EINVAL; + + return GSS_S_UNAVAILABLE; +} + +/* + * gssspi_mech_invoke() methods + */ +static struct { + gss_OID_desc oid; + OM_uint32 (*func)(OM_uint32 *, const gss_OID, const gss_OID, gss_buffer_t); +} krb5_gssspi_mech_invoke_ops[] = { + { + {GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID}, + gss_krb5int_register_acceptor_identity + }, + { + {GSS_KRB5_CCACHE_NAME_OID_LENGTH, GSS_KRB5_CCACHE_NAME_OID}, + gss_krb5int_ccache_name + }, + { + {GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID}, + gss_krb5int_free_lucid_sec_context + }, + { + {GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, GSS_KRB5_USE_KDC_CONTEXT_OID}, + krb5int_gss_use_kdc_context + } +}; + +static OM_uint32 +krb5_gssspi_mech_invoke (OM_uint32 *minor_status, + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value) +{ + size_t i; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + if (desired_mech == GSS_C_NO_OID) + return GSS_S_BAD_MECH; + + if (desired_object == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ; + + for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/ + sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) { + if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) { + return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status, + desired_mech, + desired_object, + value); + } + } + + *minor_status = EINVAL; + + return GSS_S_UNAVAILABLE; +} + +static struct gss_config krb5_mechanism = { + { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, + NULL, + krb5_gss_acquire_cred, + krb5_gss_release_cred, + krb5_gss_init_sec_context, +#ifdef LEAN_CLIENT + NULL, +#else + krb5_gss_accept_sec_context, +#endif + krb5_gss_process_context_token, + krb5_gss_delete_sec_context, + krb5_gss_context_time, + krb5_gss_get_mic, + krb5_gss_verify_mic, +#ifdef IOV_SHIM_EXERCISE + NULL, + NULL, +#else + krb5_gss_wrap, + krb5_gss_unwrap, +#endif + krb5_gss_display_status, + krb5_gss_indicate_mechs, + krb5_gss_compare_name, + krb5_gss_display_name, + krb5_gss_import_name, + krb5_gss_release_name, + krb5_gss_inquire_cred, + krb5_gss_add_cred, +#ifdef LEAN_CLIENT + NULL, + NULL, +#else + krb5_gss_export_sec_context, + krb5_gss_import_sec_context, +#endif + krb5_gss_inquire_cred_by_mech, + krb5_gss_inquire_names_for_mech, + krb5_gss_inquire_context, + krb5_gss_internal_release_oid, + krb5_gss_wrap_size_limit, + krb5_gss_export_name, + NULL, /* store_cred */ + NULL, /* import_name_object */ + NULL, /* export_name_object */ + krb5_gss_inquire_sec_context_by_oid, + krb5_gss_inquire_cred_by_oid, + krb5_gss_set_sec_context_option, + krb5_gssspi_set_cred_option, + krb5_gssspi_mech_invoke, + NULL, /* wrap_aead */ + NULL, /* unwrap_aead */ + krb5_gss_wrap_iov, + krb5_gss_unwrap_iov, + krb5_gss_wrap_iov_length, + NULL, /* complete_auth_token */ +}; + + +#ifdef _GSS_STATIC_LINK +#include "mglueP.h" +static int gss_krb5mechglue_init(void) +{ + struct gss_mech_config mech_krb5; + + memset(&mech_krb5, 0, sizeof(mech_krb5)); + mech_krb5.mech = &krb5_mechanism; + mech_krb5.mechNameStr = "kerberos_v5"; + mech_krb5.mech_type = (gss_OID)gss_mech_krb5; + + gssint_register_mechinfo(&mech_krb5); + + mech_krb5.mechNameStr = "kerberos_v5_old"; + mech_krb5.mech_type = (gss_OID)gss_mech_krb5_old; + gssint_register_mechinfo(&mech_krb5); + + mech_krb5.mechNameStr = "mskrb"; + mech_krb5.mech_type = (gss_OID)gss_mech_krb5_wrong; + gssint_register_mechinfo(&mech_krb5); + + return 0; +} +#else +MAKE_INIT_FUNCTION(gss_krb5int_lib_init); +MAKE_FINI_FUNCTION(gss_krb5int_lib_fini); + +gss_mechanism KRB5_CALLCONV +gss_mech_initialize(void) +{ + return &krb5_mechanism; +} +#endif /* _GSS_STATIC_LINK */ + +int gss_krb5int_lib_init(void) +{ + int err; + +#ifdef SHOW_INITFINI_FUNCS + printf("gss_krb5int_lib_init\n"); +#endif + + add_error_table(&et_ggss_error_table); + +#ifndef LEAN_CLIENT + err = k5_mutex_finish_init(&gssint_krb5_keytab_lock); + if (err) + return err; +#endif /* LEAN_CLIENT */ + err = k5_key_register(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, free); + if (err) + return err; + err = k5_key_register(K5_KEY_GSS_KRB5_CCACHE_NAME, free); + if (err) + return err; + err = k5_key_register(K5_KEY_GSS_KRB5_ERROR_MESSAGE, + krb5_gss_delete_error_info); + if (err) + return err; +#ifndef _WIN32 + err = k5_mutex_finish_init(&kg_kdc_flag_mutex); + if (err) + return err; + err = k5_mutex_finish_init(&kg_vdb.mutex); + if (err) + return err; +#endif +#ifdef _GSS_STATIC_LINK + err = gss_krb5mechglue_init(); + if (err) + return err; +#endif + + return 0; +} + +void gss_krb5int_lib_fini(void) +{ +#ifndef _GSS_STATIC_LINK + if (!INITIALIZER_RAN(gss_krb5int_lib_init) || PROGRAM_EXITING()) { +# ifdef SHOW_INITFINI_FUNCS + printf("gss_krb5int_lib_fini: skipping\n"); +# endif + return; + } +#endif +#ifdef SHOW_INITFINI_FUNCS + printf("gss_krb5int_lib_fini\n"); +#endif + remove_error_table(&et_k5g_error_table); + + k5_key_delete(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME); + k5_key_delete(K5_KEY_GSS_KRB5_CCACHE_NAME); + k5_mutex_destroy(&kg_vdb.mutex); +#ifndef _WIN32 + k5_mutex_destroy(&kg_kdc_flag_mutex); +#endif +#ifndef LEAN_CLIENT + k5_mutex_destroy(&gssint_krb5_keytab_lock); +#endif /* LEAN_CLIENT */ +} + +#ifdef _GSS_STATIC_LINK +extern OM_uint32 gssint_lib_init(void); +#endif + +OM_uint32 gss_krb5int_initialize_library (void) +{ +#ifdef _GSS_STATIC_LINK + return gssint_mechglue_initialize_library(); +#else + return CALL_INIT_FUNCTION(gss_krb5int_lib_init); +#endif +} + diff --git a/src/lib/gssapi/krb5/gssapi_krb5.hin b/src/lib/gssapi/krb5/gssapi_krb5.hin index b9660e5b35..bf74fe9d04 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.hin +++ b/src/lib/gssapi/krb5/gssapi_krb5.hin @@ -1,6 +1,7 @@ -/* -*- c -*- +/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -24,6 +25,7 @@ #define _GSSAPI_KRB5_H_ #include +#include #include /* C++ friendlyness */ @@ -50,7 +52,7 @@ GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME; * "GSS_C_NT_HOSTBASED_SERVICE". */ /* 2.2.1. User Name Form */ -#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME +#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) user_name(1)}. The recommended symbolic name for this @@ -68,7 +70,7 @@ GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME; /* This name form shall be represented by the Object Identifier {iso(1) * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2) * generic(1) string_uid_name(3)}. The recommended symbolic name for - * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ + * this type is "GSS_KRB5_NT_STRING_UID_NAME". */ GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5; GSS_DLLIMP extern const gss_OID_desc * const gss_mech_krb5_old; @@ -82,12 +84,12 @@ GSS_DLLIMP extern const gss_OID_desc * const gss_nt_krb5_principal; GSS_DLLIMP extern const gss_OID_desc krb5_gss_oid_array[]; -#define gss_krb5_nt_general_name gss_nt_krb5_name -#define gss_krb5_nt_principal gss_nt_krb5_principal -#define gss_krb5_nt_service_name gss_nt_service_name -#define gss_krb5_nt_user_name gss_nt_user_name -#define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name -#define gss_krb5_nt_string_uid_name gss_nt_string_uid_name +#define gss_krb5_nt_general_name gss_nt_krb5_name +#define gss_krb5_nt_principal gss_nt_krb5_principal +#define gss_krb5_nt_service_name gss_nt_service_name +#define gss_krb5_nt_user_name gss_nt_user_name +#define gss_krb5_nt_machine_uid_name gss_nt_machine_uid_name +#define gss_krb5_nt_string_uid_name gss_nt_string_uid_name #if defined(_WIN32) @@ -99,48 +101,48 @@ typedef uint64_t gss_uint64; typedef struct gss_krb5_lucid_key { - OM_uint32 type; /* key encryption type */ - OM_uint32 length; /* length of key data */ - void * data; /* actual key data */ + OM_uint32 type; /* key encryption type */ + OM_uint32 length; /* length of key data */ + void * data; /* actual key data */ } gss_krb5_lucid_key_t; typedef struct gss_krb5_rfc1964_keydata { - OM_uint32 sign_alg; /* signing algorthm */ - OM_uint32 seal_alg; /* seal/encrypt algorthm */ - gss_krb5_lucid_key_t ctx_key; - /* Context key - (Kerberos session key or subkey) */ + OM_uint32 sign_alg; /* signing algorthm */ + OM_uint32 seal_alg; /* seal/encrypt algorthm */ + gss_krb5_lucid_key_t ctx_key; + /* Context key + (Kerberos session key or subkey) */ } gss_krb5_rfc1964_keydata_t; typedef struct gss_krb5_cfx_keydata { - OM_uint32 have_acceptor_subkey; - /* 1 if there is an acceptor_subkey - present, 0 otherwise */ - gss_krb5_lucid_key_t ctx_key; - /* Context key - (Kerberos session key or subkey) */ - gss_krb5_lucid_key_t acceptor_subkey; - /* acceptor-asserted subkey or - 0's if no acceptor subkey */ + OM_uint32 have_acceptor_subkey; + /* 1 if there is an acceptor_subkey + present, 0 otherwise */ + gss_krb5_lucid_key_t ctx_key; + /* Context key + (Kerberos session key or subkey) */ + gss_krb5_lucid_key_t acceptor_subkey; + /* acceptor-asserted subkey or + 0's if no acceptor subkey */ } gss_krb5_cfx_keydata_t; typedef struct gss_krb5_lucid_context_v1 { - OM_uint32 version; /* Structure version number (1) - MUST be at beginning of struct! */ - OM_uint32 initiate; /* Are we the initiator? */ - OM_uint32 endtime; /* expiration time of context */ - gss_uint64 send_seq; /* sender sequence number */ - gss_uint64 recv_seq; /* receive sequence number */ - OM_uint32 protocol; /* 0: rfc1964, - 1: draft-ietf-krb-wg-gssapi-cfx-07 */ - /* - * if (protocol == 0) rfc1964_kd should be used - * and cfx_kd contents are invalid and should be zero - * if (protocol == 1) cfx_kd should be used - * and rfc1964_kd contents are invalid and should be zero - */ - gss_krb5_rfc1964_keydata_t rfc1964_kd; - gss_krb5_cfx_keydata_t cfx_kd; + OM_uint32 version; /* Structure version number (1) + MUST be at beginning of struct! */ + OM_uint32 initiate; /* Are we the initiator? */ + OM_uint32 endtime; /* expiration time of context */ + gss_uint64 send_seq; /* sender sequence number */ + gss_uint64 recv_seq; /* receive sequence number */ + OM_uint32 protocol; /* 0: rfc1964, + 1: draft-ietf-krb-wg-gssapi-cfx-07 */ + /* + * if (protocol == 0) rfc1964_kd should be used + * and cfx_kd contents are invalid and should be zero + * if (protocol == 1) cfx_kd should be used + * and rfc1964_kd contents are invalid and should be zero + */ + gss_krb5_rfc1964_keydata_t rfc1964_kd; + gss_krb5_cfx_keydata_t cfx_kd; } gss_krb5_lucid_context_v1_t; /* @@ -148,7 +150,7 @@ typedef struct gss_krb5_lucid_context_v1 { * See example below for usage. */ typedef struct gss_krb5_lucid_context_version { - OM_uint32 version; /* Structure version number */ + OM_uint32 version; /* Structure version number */ } gss_krb5_lucid_context_version_t; @@ -159,19 +161,19 @@ typedef struct gss_krb5_lucid_context_version { OM_uint32 KRB5_CALLCONV krb5_gss_register_acceptor_identity(const char *); -OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags - (OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_flags *ticket_flags); +OM_uint32 KRB5_CALLCONV gss_krb5_get_tkt_flags( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_flags *ticket_flags); -OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache - (OM_uint32 *minor_status, - gss_cred_id_t cred_handle, - krb5_ccache out_ccache); +OM_uint32 KRB5_CALLCONV gss_krb5_copy_ccache( + OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + krb5_ccache out_ccache); -OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name - (OM_uint32 *minor_status, const char *name, - const char **out_name); +OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name( + OM_uint32 *minor_status, const char *name, + const char **out_name); /* * gss_krb5_set_allowable_enctypes @@ -197,14 +199,14 @@ OM_uint32 KRB5_CALLCONV gss_krb5_ccache_name * */ OM_uint32 KRB5_CALLCONV -gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, - gss_cred_id_t cred, - OM_uint32 num_ktypes, - krb5_enctype *ktypes); +gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_ktypes, + krb5_enctype *ktypes); /* * Returns a non-opaque (lucid) version of the internal context - * information. + * information. * * Note that context_handle must not be used again by the caller * after this call. The GSS implementation is free to release any @@ -212,7 +214,7 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, * GSS implementation whether it returns pointers to existing data, * or copies of the data. The caller should treat the returned * lucid context as read-only. - * + * * The caller must call gss_krb5_free_lucid_context() to free * the context and allocated resources when it is finished with it. * @@ -228,33 +230,33 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, * (XXX Need error definition(s)) * * For example: - * void *return_ctx; - * gss_krb5_lucid_context_v1_t *ctx; - * OM_uint32 min_stat, maj_stat; - * OM_uint32 vers; - * gss_ctx_id_t *ctx_handle; + * void *return_ctx; + * gss_krb5_lucid_context_v1_t *ctx; + * OM_uint32 min_stat, maj_stat; + * OM_uint32 vers; + * gss_ctx_id_t *ctx_handle; * - * maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, - * ctx_handle, 1, &return_ctx); - * // Verify success + * maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, + * ctx_handle, 1, &return_ctx); + * // Verify success * - * vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version; - * switch (vers) { - * case 1: - * ctx = (gss_krb5_lucid_context_v1_t *) return_ctx; - * break; - * default: - * // Error, unknown version returned - * break; - * } + * vers = ((gss_krb5_lucid_context_version_t *)return_ctx)->version; + * switch (vers) { + * case 1: + * ctx = (gss_krb5_lucid_context_v1_t *) return_ctx; + * break; + * default: + * // Error, unknown version returned + * break; + * } * */ OM_uint32 KRB5_CALLCONV gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, - gss_ctx_id_t *context_handle, - OM_uint32 version, - void **kctx); + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **kctx); /* * Frees the allocated storage associated with an @@ -262,8 +264,22 @@ gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status, */ OM_uint32 KRB5_CALLCONV gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, - void *kctx); + void *kctx); + +OM_uint32 KRB5_CALLCONV +gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + int ad_type, + gss_buffer_t ad_data); + +OM_uint32 KRB5_CALLCONV +gss_krb5_set_cred_rcache(OM_uint32 *minor_status, + gss_cred_id_t cred, + krb5_rcache rcache); + +OM_uint32 KRB5_CALLCONV +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *, gss_ctx_id_t, krb5_timestamp *); #ifdef __cplusplus } diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c index 58bc19f918..6879c766fa 100644 --- a/src/lib/gssapi/krb5/import_name.c +++ b/src/lib/gssapi/krb5/import_name.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -39,201 +40,201 @@ /* * errors: - * GSS_S_BAD_NAMETYPE if the type is bogus - * GSS_S_BAD_NAME if the type is good but the name is bogus - * GSS_S_FAILURE if memory allocation fails + * GSS_S_BAD_NAMETYPE if the type is bogus + * GSS_S_BAD_NAME if the type is good but the name is bogus + * GSS_S_FAILURE if memory allocation fails */ OM_uint32 -krb5_gss_import_name(minor_status, input_name_buffer, - input_name_type, output_name) - OM_uint32 *minor_status; - gss_buffer_t input_name_buffer; - gss_OID input_name_type; - gss_name_t *output_name; +krb5_gss_import_name(minor_status, input_name_buffer, + input_name_type, output_name) + OM_uint32 *minor_status; + gss_buffer_t input_name_buffer; + gss_OID input_name_type; + gss_name_t *output_name; { - krb5_context context; - krb5_principal princ; - krb5_error_code code; - char *stringrep, *tmp, *tmp2, *cp; - OM_uint32 length; + krb5_context context; + krb5_principal princ; + krb5_error_code code; + char *stringrep, *tmp, *tmp2, *cp; + OM_uint32 length; #ifndef NO_PASSWORD - struct passwd *pw; + struct passwd *pw; #endif - code = krb5_gss_init_context(&context); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } - - /* set up default returns */ - - *output_name = NULL; - *minor_status = 0; - - /* Go find the appropriate string rep to pass into parse_name */ - - if ((input_name_type != GSS_C_NULL_OID) && - (g_OID_equal(input_name_type, gss_nt_service_name) || - g_OID_equal(input_name_type, gss_nt_service_name_v2))) { - char *service, *host; - - if ((tmp = - (char *) xmalloc(input_name_buffer->length + 1)) == NULL) { - *minor_status = ENOMEM; - krb5_free_context(context); - return(GSS_S_FAILURE); - } - - memcpy(tmp, input_name_buffer->value, input_name_buffer->length); - tmp[input_name_buffer->length] = 0; - - service = tmp; - if ((host = strchr(tmp, '@'))) { - *host = '\0'; - host++; - } - - code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST, - &princ); - - xfree(tmp); - } else if ((input_name_type != GSS_C_NULL_OID) && - (g_OID_equal(input_name_type, gss_nt_krb5_principal))) { - krb5_principal input; - - if (input_name_buffer->length != sizeof(krb5_principal)) { - *minor_status = (OM_uint32) G_WRONG_SIZE; - krb5_free_context(context); - return(GSS_S_BAD_NAME); - } - - input = *((krb5_principal *) input_name_buffer->value); - - if ((code = krb5_copy_principal(context, input, &princ))) { - *minor_status = code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_FAILURE); - } - } else { + code = krb5_gss_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } + + /* set up default returns */ + + *output_name = NULL; + *minor_status = 0; + + /* Go find the appropriate string rep to pass into parse_name */ + + if ((input_name_type != GSS_C_NULL_OID) && + (g_OID_equal(input_name_type, gss_nt_service_name) || + g_OID_equal(input_name_type, gss_nt_service_name_v2))) { + char *service, *host; + + if ((tmp = + (char *) xmalloc(input_name_buffer->length + 1)) == NULL) { + *minor_status = ENOMEM; + krb5_free_context(context); + return(GSS_S_FAILURE); + } + + memcpy(tmp, input_name_buffer->value, input_name_buffer->length); + tmp[input_name_buffer->length] = 0; + + service = tmp; + if ((host = strchr(tmp, '@'))) { + *host = '\0'; + host++; + } + + code = krb5_sname_to_principal(context, host, service, KRB5_NT_SRV_HST, + &princ); + + xfree(tmp); + } else if ((input_name_type != GSS_C_NULL_OID) && + (g_OID_equal(input_name_type, gss_nt_krb5_principal))) { + krb5_principal input; + + if (input_name_buffer->length != sizeof(krb5_principal)) { + *minor_status = (OM_uint32) G_WRONG_SIZE; + krb5_free_context(context); + return(GSS_S_BAD_NAME); + } + + input = *((krb5_principal *) input_name_buffer->value); + + if ((code = krb5_copy_principal(context, input, &princ))) { + *minor_status = code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_FAILURE); + } + } else { #ifndef NO_PASSWORD - uid_t uid; - struct passwd pwx; - char pwbuf[BUFSIZ]; + uid_t uid; + struct passwd pwx; + char pwbuf[BUFSIZ]; #endif - stringrep = NULL; + stringrep = NULL; - if ((tmp = - (char *) xmalloc(input_name_buffer->length + 1)) == NULL) { - *minor_status = ENOMEM; - krb5_free_context(context); - return(GSS_S_FAILURE); - } - tmp2 = 0; + if ((tmp = + (char *) xmalloc(input_name_buffer->length + 1)) == NULL) { + *minor_status = ENOMEM; + krb5_free_context(context); + return(GSS_S_FAILURE); + } + tmp2 = 0; - memcpy(tmp, input_name_buffer->value, input_name_buffer->length); - tmp[input_name_buffer->length] = 0; + memcpy(tmp, input_name_buffer->value, input_name_buffer->length); + tmp[input_name_buffer->length] = 0; - if ((input_name_type == GSS_C_NULL_OID) || - g_OID_equal(input_name_type, gss_nt_krb5_name) || - g_OID_equal(input_name_type, gss_nt_user_name)) { - stringrep = (char *) tmp; + if ((input_name_type == GSS_C_NULL_OID) || + g_OID_equal(input_name_type, gss_nt_krb5_name) || + g_OID_equal(input_name_type, gss_nt_user_name)) { + stringrep = (char *) tmp; #ifndef NO_PASSWORD - } else if (g_OID_equal(input_name_type, gss_nt_machine_uid_name)) { - uid = *(uid_t *) input_name_buffer->value; - do_getpwuid: - if (k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw) == 0) - stringrep = pw->pw_name; - else - *minor_status = (OM_uint32) G_NOUSER; - } else if (g_OID_equal(input_name_type, gss_nt_string_uid_name)) { - uid = atoi(tmp); - goto do_getpwuid; + } else if (g_OID_equal(input_name_type, gss_nt_machine_uid_name)) { + uid = *(uid_t *) input_name_buffer->value; + do_getpwuid: + if (k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw) == 0) + stringrep = pw->pw_name; + else + *minor_status = (OM_uint32) G_NOUSER; + } else if (g_OID_equal(input_name_type, gss_nt_string_uid_name)) { + uid = atoi(tmp); + goto do_getpwuid; #endif - } else if (g_OID_equal(input_name_type, gss_nt_exported_name)) { - cp = tmp; - if (*cp++ != 0x04) - goto fail_name; - if (*cp++ != 0x01) - goto fail_name; - if (*cp++ != 0x00) - goto fail_name; - length = *cp++; - if (length != gss_mech_krb5->length+2) - goto fail_name; - if (*cp++ != 0x06) - goto fail_name; - length = *cp++; - if (length != gss_mech_krb5->length) - goto fail_name; - if (memcmp(cp, gss_mech_krb5->elements, length) != 0) - goto fail_name; - cp += length; - length = *cp++; - length = (length << 8) | *cp++; - length = (length << 8) | *cp++; - length = (length << 8) | *cp++; - tmp2 = malloc(length+1); - if (tmp2 == NULL) { - xfree(tmp); - *minor_status = ENOMEM; - krb5_free_context(context); - return GSS_S_FAILURE; - } - strncpy(tmp2, cp, length); - tmp2[length] = 0; - - stringrep = tmp2; - } else { - xfree(tmp); - krb5_free_context(context); - return(GSS_S_BAD_NAMETYPE); - } - - /* at this point, stringrep is set, or if not, *minor_status is. */ - - if (stringrep) - code = krb5_parse_name(context, (char *) stringrep, &princ); - else { - fail_name: - xfree(tmp); - if (tmp2) - xfree(tmp2); - krb5_free_context(context); - return(GSS_S_BAD_NAME); - } - - if (tmp2) - xfree(tmp2); - xfree(tmp); - } - - /* at this point, a krb5 function has been called to set princ. code - contains the return status */ - - if (code) { - *minor_status = (OM_uint32) code; - save_error_info(*minor_status, context); - krb5_free_context(context); - return(GSS_S_BAD_NAME); - } - - /* save the name in the validation database */ - - if (! kg_save_name((gss_name_t) princ)) { - krb5_free_principal(context, princ); - krb5_free_context(context); - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_FAILURE); - } - - krb5_free_context(context); - - /* return it */ - - *output_name = (gss_name_t) princ; - return(GSS_S_COMPLETE); + } else if (g_OID_equal(input_name_type, gss_nt_exported_name)) { + cp = tmp; + if (*cp++ != 0x04) + goto fail_name; + if (*cp++ != 0x01) + goto fail_name; + if (*cp++ != 0x00) + goto fail_name; + length = *cp++; + if (length != gss_mech_krb5->length+2) + goto fail_name; + if (*cp++ != 0x06) + goto fail_name; + length = *cp++; + if (length != gss_mech_krb5->length) + goto fail_name; + if (memcmp(cp, gss_mech_krb5->elements, length) != 0) + goto fail_name; + cp += length; + length = *cp++; + length = (length << 8) | *cp++; + length = (length << 8) | *cp++; + length = (length << 8) | *cp++; + tmp2 = malloc(length+1); + if (tmp2 == NULL) { + xfree(tmp); + *minor_status = ENOMEM; + krb5_free_context(context); + return GSS_S_FAILURE; + } + strncpy(tmp2, cp, length); + tmp2[length] = 0; + + stringrep = tmp2; + } else { + xfree(tmp); + krb5_free_context(context); + return(GSS_S_BAD_NAMETYPE); + } + + /* at this point, stringrep is set, or if not, *minor_status is. */ + + if (stringrep) + code = krb5_parse_name(context, (char *) stringrep, &princ); + else { + fail_name: + xfree(tmp); + if (tmp2) + xfree(tmp2); + krb5_free_context(context); + return(GSS_S_BAD_NAME); + } + + if (tmp2) + xfree(tmp2); + xfree(tmp); + } + + /* at this point, a krb5 function has been called to set princ. code + contains the return status */ + + if (code) { + *minor_status = (OM_uint32) code; + save_error_info(*minor_status, context); + krb5_free_context(context); + return(GSS_S_BAD_NAME); + } + + /* save the name in the validation database */ + + if (! kg_save_name((gss_name_t) princ)) { + krb5_free_principal(context, princ); + krb5_free_context(context); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_FAILURE); + } + + krb5_free_context(context); + + /* return it */ + + *output_name = (gss_name_t) princ; + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c index b0d71c883f..b31d7acf13 100644 --- a/src/lib/gssapi/krb5/import_sec_context.c +++ b/src/lib/gssapi/krb5/import_sec_context.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/import_sec_context.c * @@ -26,7 +27,7 @@ */ /* - * import_sec_context.c - Internalize the security context. + * import_sec_context.c - Internalize the security context. */ #include "gssapiP_krb5.h" /* for serialization initialization functions */ @@ -37,19 +38,19 @@ * the OID if possible. */ gss_OID krb5_gss_convert_static_mech_oid(oid) - gss_OID oid; + gss_OID oid; { - const gss_OID_desc *p; - OM_uint32 minor_status; - - for (p = krb5_gss_oid_array; p->length; p++) { - if ((oid->length == p->length) && - (memcmp(oid->elements, p->elements, p->length) == 0)) { - gss_release_oid(&minor_status, &oid); - return (gss_OID) p; - } - } - return oid; + const gss_OID_desc *p; + OM_uint32 minor_status; + + for (p = krb5_gss_oid_array; p->length; p++) { + if ((oid->length == p->length) && + (memcmp(oid->elements, p->elements, p->length) == 0)) { + generic_gss_release_oid(&minor_status, &oid); + return (gss_OID) p; + } + } + return oid; } krb5_error_code @@ -57,28 +58,28 @@ krb5_gss_ser_init (krb5_context context) { krb5_error_code code; static krb5_error_code (KRB5_CALLCONV *const fns[])(krb5_context) = { - krb5_ser_context_init, krb5_ser_auth_context_init, - krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init, + krb5_ser_context_init, krb5_ser_auth_context_init, + krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init, }; unsigned int i; for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++) - if ((code = (fns[i])(context)) != 0) - return code; + if ((code = (fns[i])(context)) != 0) + return code; return 0; } OM_uint32 krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) - OM_uint32 *minor_status; - gss_buffer_t interprocess_token; - gss_ctx_id_t *context_handle; + OM_uint32 *minor_status; + gss_buffer_t interprocess_token; + gss_ctx_id_t *context_handle; { - krb5_context context; - krb5_error_code kret = 0; - size_t blen; - krb5_gss_ctx_id_t ctx; - krb5_octet *ibp; + krb5_context context; + krb5_error_code kret = 0; + size_t blen; + krb5_gss_ctx_id_t ctx; + krb5_octet *ibp; /* This is a bit screwy. We create a krb5 context because we need one when calling the serialization code. However, one of the @@ -86,15 +87,15 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) we can throw this one away. */ kret = krb5_gss_init_context(&context); if (kret) { - *minor_status = kret; - return GSS_S_FAILURE; + *minor_status = kret; + return GSS_S_FAILURE; } kret = krb5_gss_ser_init(context); if (kret) { - *minor_status = kret; - save_error_info(*minor_status, context); - krb5_free_context(context); - return GSS_S_FAILURE; + *minor_status = kret; + save_error_info(*minor_status, context); + krb5_free_context(context); + return GSS_S_FAILURE; } /* Assume a tragic failure */ @@ -107,20 +108,20 @@ krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) kret = kg_ctx_internalize(context, (krb5_pointer *) &ctx, &ibp, &blen); krb5_free_context(context); if (kret) { - *minor_status = (OM_uint32) kret; - save_error_info(*minor_status, context); - return(GSS_S_FAILURE); + *minor_status = (OM_uint32) kret; + save_error_info(*minor_status, context); + return(GSS_S_FAILURE); } /* intern the context handle */ if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { - (void)krb5_gss_delete_sec_context(minor_status, - (gss_ctx_id_t *) &ctx, NULL); - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_FAILURE); + (void)krb5_gss_delete_sec_context(minor_status, + (gss_ctx_id_t *) &ctx, NULL); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_FAILURE); } ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used); - + *context_handle = (gss_ctx_id_t) ctx; *minor_status = 0; diff --git a/src/lib/gssapi/krb5/indicate_mechs.c b/src/lib/gssapi/krb5/indicate_mechs.c index c7ee4746fd..d744af724a 100644 --- a/src/lib/gssapi/krb5/indicate_mechs.c +++ b/src/lib/gssapi/krb5/indicate_mechs.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -29,16 +30,8 @@ OM_uint32 krb5_gss_indicate_mechs(minor_status, mech_set) - OM_uint32 *minor_status; - gss_OID_set *mech_set; + OM_uint32 *minor_status; + gss_OID_set *mech_set; { - *minor_status = 0; - - if (gssint_copy_oid_set(minor_status, gss_mech_set_krb5_both, mech_set)) { - *mech_set = GSS_C_NO_OID_SET; - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - - return(GSS_S_COMPLETE); + return generic_gss_copy_oid_set(minor_status, gss_mech_set_krb5_both, mech_set); } diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 3e3f0192ab..8744590e1c 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -1,12 +1,13 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* - * Copyright 2000,2002, 2003, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2002, 2003, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,11 +21,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -34,7 +35,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -46,14 +47,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -64,14 +65,40 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" -#include "gss_libinit.h" #include "gssapiP_krb5.h" #ifdef HAVE_MEMORY_H #include @@ -92,7 +119,7 @@ int krb5_gss_dbg_client_expcreds = 0; * ccache. */ static krb5_error_code get_credentials(context, cred, server, now, - endtime, out_creds) + endtime, out_creds) krb5_context context; krb5_gss_cred_id_t cred; krb5_principal server; @@ -100,24 +127,24 @@ static krb5_error_code get_credentials(context, cred, server, now, krb5_timestamp endtime; krb5_creds **out_creds; { - krb5_error_code code; - krb5_creds in_creds; + krb5_error_code code; + krb5_creds in_creds; k5_mutex_assert_locked(&cred->lock); memset((char *) &in_creds, 0, sizeof(krb5_creds)); if ((code = krb5_copy_principal(context, cred->princ, &in_creds.client))) - goto cleanup; + goto cleanup; if ((code = krb5_copy_principal(context, server, &in_creds.server))) - goto cleanup; + goto cleanup; in_creds.times.endtime = endtime; in_creds.keyblock.enctype = 0; code = krb5_get_credentials(context, 0, cred->ccache, - &in_creds, out_creds); + &in_creds, out_creds); if (code) - goto cleanup; + goto cleanup; /* * Enforce a stricter limit (without timeskew forgiveness at the @@ -125,16 +152,16 @@ static krb5_error_code get_credentials(context, cred, server, now, * non-forgiving. */ if (!krb5_gss_dbg_client_expcreds && *out_creds != NULL && - (*out_creds)->times.endtime < now) { - code = KRB5KRB_AP_ERR_TKT_EXPIRED; - goto cleanup; + (*out_creds)->times.endtime < now) { + code = KRB5KRB_AP_ERR_TKT_EXPIRED; + goto cleanup; } - + cleanup: if (in_creds.client) - krb5_free_principal(context, in_creds.client); + krb5_free_principal(context, in_creds.client); if (in_creds.server) - krb5_free_principal(context, in_creds.server); + krb5_free_principal(context, in_creds.server); return code; } struct gss_checksum_data { @@ -149,7 +176,7 @@ struct gss_checksum_data { #endif static krb5_error_code KRB5_CALLCONV make_gss_checksum (krb5_context context, krb5_auth_context auth_context, - void *cksum_data, krb5_data **out) + void *cksum_data, krb5_data **out) { krb5_error_code code; krb5_int32 con_flags; @@ -163,48 +190,48 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context, /* build the checksum field */ if (data->ctx->gss_flags & GSS_C_DELEG_FLAG) { - /* first get KRB_CRED message, so we know its length */ + /* first get KRB_CRED message, so we know its length */ - /* clear the time check flag that was set in krb5_auth_con_init() */ - krb5_auth_con_getflags(context, auth_context, &con_flags); - krb5_auth_con_setflags(context, auth_context, - con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); + /* clear the time check flag that was set in krb5_auth_con_init() */ + krb5_auth_con_getflags(context, auth_context, &con_flags); + krb5_auth_con_setflags(context, auth_context, + con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); - code = krb5_fwd_tgt_creds(context, auth_context, 0, - data->cred->princ, data->ctx->there, - data->cred->ccache, 1, - &credmsg); + code = krb5_fwd_tgt_creds(context, auth_context, 0, + data->cred->princ, data->ctx->there, + data->cred->ccache, 1, + &credmsg); - /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */ - krb5_auth_con_setflags(context, auth_context, con_flags); + /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */ + krb5_auth_con_setflags(context, auth_context, con_flags); - if (code) { - /* don't fail here; just don't accept/do the delegation + if (code) { + /* don't fail here; just don't accept/do the delegation request */ - data->ctx->gss_flags &= ~GSS_C_DELEG_FLAG; + data->ctx->gss_flags &= ~GSS_C_DELEG_FLAG; - data->checksum_data.length = 24; - } else { - if (credmsg.length+28 > KRB5_INT16_MAX) { - krb5_free_data_contents(context, &credmsg); - return(KRB5KRB_ERR_FIELD_TOOLONG); - } + data->checksum_data.length = 24; + } else { + if (credmsg.length+28 > KRB5_INT16_MAX) { + krb5_free_data_contents(context, &credmsg); + return(KRB5KRB_ERR_FIELD_TOOLONG); + } - data->checksum_data.length = 28+credmsg.length; - } + data->checksum_data.length = 28+credmsg.length; + } } else { - data->checksum_data.length = 24; + data->checksum_data.length = 24; } #ifdef CFX_EXERCISE if (data->ctx->auth_context->keyblock != NULL - && data->ctx->auth_context->keyblock->enctype == 18) { - srand(time(0) ^ getpid()); - /* Our ftp client code stupidly assumes a base64-encoded - version of the token will fit in 10K, so don't make this - too big. */ - junk = rand() & 0xff; + && data->ctx->auth_context->keyblock->enctype == 18) { + srand(time(0) ^ getpid()); + /* Our ftp client code stupidly assumes a base64-encoded + version of the token will fit in 10K, so don't make this + too big. */ + junk = rand() & 0xff; } else - junk = 0; + junk = 0; #else junk = 0; #endif @@ -215,13 +242,13 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context, (maybe) KRB_CRED msg */ if ((data->checksum_data.data = - (char *) xmalloc(data->checksum_data.length)) == NULL) { - if (credmsg.data) - krb5_free_data_contents(context, &credmsg); - return(ENOMEM); + (char *) xmalloc(data->checksum_data.length)) == NULL) { + if (credmsg.data) + krb5_free_data_contents(context, &credmsg); + return(ENOMEM); } - ptr = data->checksum_data.data; + ptr = (unsigned char *)data->checksum_data.data; TWRITE_INT(ptr, data->md5.length, 0); TWRITE_STR(ptr, (unsigned char *) data->md5.contents, data->md5.length); @@ -231,19 +258,19 @@ make_gss_checksum (krb5_context context, krb5_auth_context auth_context, xfree(data->md5.contents); if (credmsg.data) { - TWRITE_INT16(ptr, KRB5_GSS_FOR_CREDS_OPTION, 0); - TWRITE_INT16(ptr, credmsg.length, 0); - TWRITE_STR(ptr, (unsigned char *) credmsg.data, credmsg.length); + TWRITE_INT16(ptr, KRB5_GSS_FOR_CREDS_OPTION, 0); + TWRITE_INT16(ptr, credmsg.length, 0); + TWRITE_STR(ptr, (unsigned char *) credmsg.data, credmsg.length); - /* free credmsg data */ - krb5_free_data_contents(context, &credmsg); + /* free credmsg data */ + krb5_free_data_contents(context, &credmsg); } if (junk) - memset(ptr, 'i', junk); + memset(ptr, 'i', junk); *out = &data->checksum_data; return 0; } - + static krb5_error_code make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token) krb5_context context; @@ -273,7 +300,7 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token) return(code); krb5_auth_con_set_req_cksumtype(context, ctx->auth_context, - CKSUMTYPE_KG_CB); + CKSUMTYPE_KG_CB); cksum_struct.md5 = md5; cksum_struct.ctx = ctx; cksum_struct.cred = cred; @@ -283,15 +310,15 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token) case ENCTYPE_DES_CBC_MD4: case ENCTYPE_DES_CBC_MD5: case ENCTYPE_DES3_CBC_SHA1: - code = make_gss_checksum(context, ctx->auth_context, &cksum_struct, - &checksum_data); - if (code) - goto cleanup; - break; + code = make_gss_checksum(context, ctx->auth_context, &cksum_struct, + &checksum_data); + if (code) + goto cleanup; + break; default: - krb5_auth_con_set_checksum_func(context, ctx->auth_context, - make_gss_checksum, &cksum_struct); - break; + krb5_auth_con_set_checksum_func(context, ctx->auth_context, + make_gss_checksum, &cksum_struct); + break; } @@ -300,141 +327,60 @@ make_ap_req_v1(context, ctx, cred, k_cred, chan_bindings, mech_type, token) mk_req_flags = AP_OPTS_USE_SUBKEY; if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) - mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED; + mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_ETYPE_NEGOTIATION; code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags, - checksum_data, k_cred, &ap_req); + checksum_data, k_cred, &ap_req); krb5_free_data_contents(context, &cksum_struct.checksum_data); if (code) - goto cleanup; - - /* store the interesting stuff from creds and authent */ - ctx->endtime = k_cred->times.endtime; - ctx->krb_flags = k_cred->ticket_flags; - - /* build up the token */ - - /* allocate space for the token */ - tlen = g_token_size((gss_OID) mech_type, ap_req.length); + goto cleanup; + + /* store the interesting stuff from creds and authent */ + ctx->krb_times = k_cred->times; + ctx->krb_flags = k_cred->ticket_flags; + + /* build up the token */ + if (ctx->gss_flags & GSS_C_DCE_STYLE) { + /* + * For DCE RPC, do not encapsulate the AP-REQ in the + * typical GSS wrapping. + */ + token->length = ap_req.length; + token->value = ap_req.data; + + ap_req.data = NULL; /* don't double free */ + } else { + /* allocate space for the token */ + tlen = g_token_size((gss_OID) mech_type, ap_req.length); - if ((t = (unsigned char *) xmalloc(tlen)) == NULL) { - code = ENOMEM; - goto cleanup; - } + if ((t = (unsigned char *) xmalloc(tlen)) == NULL) { + code = ENOMEM; + goto cleanup; + } - /* fill in the buffer */ + /* fill in the buffer */ + ptr = t; - ptr = t; + g_make_token_header(mech_type, ap_req.length, + &ptr, KG_TOK_CTX_AP_REQ); - g_make_token_header(mech_type, ap_req.length, - &ptr, KG_TOK_CTX_AP_REQ); + TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length); - TWRITE_STR(ptr, (unsigned char *) ap_req.data, ap_req.length); + /* pass it back */ - /* pass it back */ + token->length = tlen; + token->value = (void *) t; + } - token->length = tlen; - token->value = (void *) t; + code = 0; - code = 0; - - cleanup: - if (checksum_data && checksum_data->data) - krb5_free_data_contents(context, checksum_data); - if (ap_req.data) - krb5_free_data_contents(context, &ap_req); +cleanup: + if (checksum_data && checksum_data->data) + krb5_free_data_contents(context, checksum_data); + if (ap_req.data) + krb5_free_data_contents(context, &ap_req); - return (code); -} - -/* - * setup_enc - * - * Fill in the encryption descriptors. Called after AP-REQ is made. - */ -static OM_uint32 -setup_enc( - OM_uint32 *minor_status, - krb5_gss_ctx_id_rec *ctx, - krb5_context context) -{ - krb5_error_code code; - unsigned int i; - krb5int_access kaccess; - - code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); - if (code) - goto fail; - - ctx->have_acceptor_subkey = 0; - ctx->proto = 0; - ctx->cksumtype = 0; - switch(ctx->subkey->enctype) { - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_MD4: - case ENCTYPE_DES_CBC_CRC: - ctx->subkey->enctype = ENCTYPE_DES_CBC_RAW; - ctx->signalg = SGN_ALG_DES_MAC_MD5; - ctx->cksum_size = 8; - ctx->sealalg = SEAL_ALG_DES; - - /* The encryption key is the session key XOR - 0xf0f0f0f0f0f0f0f0. */ - if ((code = krb5_copy_keyblock(context, ctx->subkey, &ctx->enc))) - goto fail; - - for (i=0; ienc->length; i++) - ctx->enc->contents[i] ^= 0xf0; - - goto copy_subkey_to_seq; - - case ENCTYPE_DES3_CBC_SHA1: - /* MIT extension */ - ctx->subkey->enctype = ENCTYPE_DES3_CBC_RAW; - ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD; - ctx->cksum_size = 20; - ctx->sealalg = SEAL_ALG_DES3KD; - - copy_subkey: - code = krb5_copy_keyblock (context, ctx->subkey, &ctx->enc); - if (code) - goto fail; - copy_subkey_to_seq: - code = krb5_copy_keyblock (context, ctx->subkey, &ctx->seq); - if (code) { - krb5_free_keyblock (context, ctx->enc); - goto fail; - } - break; - - case ENCTYPE_ARCFOUR_HMAC: - /* Microsoft extension */ - ctx->signalg = SGN_ALG_HMAC_MD5 ; - ctx->cksum_size = 8; - ctx->sealalg = SEAL_ALG_MICROSOFT_RC4 ; - - goto copy_subkey; - - default: - /* Fill some fields we shouldn't be using on this path - with garbage. */ - ctx->signalg = -10; - ctx->sealalg = -10; - - ctx->proto = 1; - code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, ctx->subkey->enctype, - &ctx->cksumtype); - if (code) - goto fail; - code = krb5_c_checksum_length(context, ctx->cksumtype, - &ctx->cksum_size); - if (code) - goto fail; - goto copy_subkey; - } -fail: - *minor_status = code; - return GSS_S_FAILURE; + return (code); } /* @@ -444,204 +390,215 @@ fail: */ static OM_uint32 new_connection( - OM_uint32 *minor_status, - krb5_gss_cred_id_t cred, - gss_ctx_id_t *context_handle, - gss_name_t target_name, - gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - gss_channel_bindings_t input_chan_bindings, - gss_buffer_t input_token, - gss_OID *actual_mech_type, - gss_buffer_t output_token, - OM_uint32 *ret_flags, - OM_uint32 *time_rec, - krb5_context context, - int default_mech) + OM_uint32 *minor_status, + krb5_gss_cred_id_t cred, + gss_ctx_id_t *context_handle, + gss_name_t target_name, + gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + gss_channel_bindings_t input_chan_bindings, + gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + krb5_context context, + int default_mech) { - OM_uint32 major_status; - krb5_error_code code; - krb5_creds *k_cred; - krb5_gss_ctx_id_rec *ctx, *ctx_free; - krb5_timestamp now; - gss_buffer_desc token; - - k5_mutex_assert_locked(&cred->lock); - major_status = GSS_S_FAILURE; - token.length = 0; - token.value = NULL; - - /* make sure the cred is usable for init */ - - if ((cred->usage != GSS_C_INITIATE) && - (cred->usage != GSS_C_BOTH)) { - *minor_status = 0; - return(GSS_S_NO_CRED); - } - - /* complain if the input token is non-null */ - - if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) { - *minor_status = 0; - return(GSS_S_DEFECTIVE_TOKEN); - } - - /* create the ctx */ - - if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec))) - == NULL) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - - /* fill in the ctx */ - memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec)); - ctx_free = ctx; - if ((code = krb5_auth_con_init(context, &ctx->auth_context))) - goto fail; - krb5_auth_con_setflags(context, ctx->auth_context, - KRB5_AUTH_CONTEXT_DO_SEQUENCE); - - /* limit the encryption types negotiated (if requested) */ - if (cred->req_enctypes) { - if ((code = krb5_set_default_tgs_enctypes(context, - cred->req_enctypes))) { - goto fail; - } - } - - ctx->initiate = 1; - ctx->gss_flags = (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | - GSS_C_TRANS_FLAG | - ((req_flags) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | - GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG))); - ctx->seed_init = 0; - ctx->big_endian = 0; /* all initiators do little-endian, as per spec */ - ctx->seqstate = 0; - - if ((code = krb5_timeofday(context, &now))) - goto fail; - - if (time_req == 0 || time_req == GSS_C_INDEFINITE) { - ctx->endtime = 0; - } else { - ctx->endtime = now + time_req; - } - - if ((code = krb5_copy_principal(context, cred->princ, &ctx->here))) - goto fail; - - if ((code = krb5_copy_principal(context, (krb5_principal) target_name, - &ctx->there))) - goto fail; - - code = get_credentials(context, cred, ctx->there, now, - ctx->endtime, &k_cred); - if (code) - goto fail; - - if (default_mech) { - mech_type = (gss_OID) gss_mech_krb5; - } - - if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used) - != GSS_S_COMPLETE) { - code = *minor_status; - goto fail; - } - /* - * Now try to make it static if at all possible.... - */ - ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used); - - { - /* gsskrb5 v1 */ - krb5_ui_4 seq_temp; - if ((code = make_ap_req_v1(context, ctx, - cred, k_cred, input_chan_bindings, - mech_type, &token))) { - if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) || - (code == KG_EMPTY_CCACHE)) - major_status = GSS_S_NO_CRED; - if (code == KRB5KRB_AP_ERR_TKT_EXPIRED) - major_status = GSS_S_CREDENTIALS_EXPIRED; - goto fail; - } - - krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &seq_temp); - ctx->seq_send = seq_temp; - krb5_auth_con_getsendsubkey(context, ctx->auth_context, - &ctx->subkey); - } - - major_status = setup_enc(minor_status, ctx, context); - - if (k_cred) { - krb5_free_creds(context, k_cred); - k_cred = 0; - } - - /* at this point, the context is constructed and valid, - hence, releaseable */ - - /* intern the context handle */ - - if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { - code = G_VALIDATE_FAILED; - goto fail; - } - *context_handle = (gss_ctx_id_t) ctx; - ctx_free = 0; - - /* compute time_rec */ - if (time_rec) { - if ((code = krb5_timeofday(context, &now))) - goto fail; - *time_rec = ctx->endtime - now; - } - - /* set the other returns */ - *output_token = token; - - if (ret_flags) - *ret_flags = ctx->gss_flags; - - if (actual_mech_type) - *actual_mech_type = mech_type; - - /* return successfully */ - - *minor_status = 0; - if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) { - ctx->established = 0; - return(GSS_S_CONTINUE_NEEDED); - } else { - ctx->seq_recv = ctx->seq_send; - g_order_init(&(ctx->seqstate), ctx->seq_recv, - (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, - (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto); - ctx->gss_flags |= GSS_C_PROT_READY_FLAG; - ctx->established = 1; - return(GSS_S_COMPLETE); - } + OM_uint32 major_status; + krb5_error_code code; + krb5_creds *k_cred; + krb5_gss_ctx_id_rec *ctx, *ctx_free; + krb5_timestamp now; + gss_buffer_desc token; + + k5_mutex_assert_locked(&cred->lock); + major_status = GSS_S_FAILURE; + token.length = 0; + token.value = NULL; + + /* make sure the cred is usable for init */ + + if ((cred->usage != GSS_C_INITIATE) && + (cred->usage != GSS_C_BOTH)) { + *minor_status = 0; + return(GSS_S_NO_CRED); + } + + /* complain if the input token is non-null */ + + if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) { + *minor_status = 0; + return(GSS_S_DEFECTIVE_TOKEN); + } + + /* create the ctx */ + + if ((ctx = (krb5_gss_ctx_id_rec *) xmalloc(sizeof(krb5_gss_ctx_id_rec))) + == NULL) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + + /* fill in the ctx */ + memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec)); + ctx_free = ctx; + if ((code = krb5_auth_con_init(context, &ctx->auth_context))) + goto fail; + krb5_auth_con_setflags(context, ctx->auth_context, + KRB5_AUTH_CONTEXT_DO_SEQUENCE); + + /* limit the encryption types negotiated (if requested) */ + if (cred->req_enctypes) { + if ((code = krb5_set_default_tgs_enctypes(context, + cred->req_enctypes))) { + goto fail; + } + } + + ctx->initiate = 1; + ctx->gss_flags = (GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG | + GSS_C_TRANS_FLAG | + ((req_flags) & (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | + GSS_C_SEQUENCE_FLAG | GSS_C_DELEG_FLAG | + GSS_C_DCE_STYLE | GSS_C_IDENTIFY_FLAG | + GSS_C_EXTENDED_ERROR_FLAG))); + ctx->seed_init = 0; + ctx->big_endian = 0; /* all initiators do little-endian, as per spec */ + ctx->seqstate = 0; + + if (req_flags & GSS_C_DCE_STYLE) + ctx->gss_flags |= GSS_C_MUTUAL_FLAG; + + if ((code = krb5_timeofday(context, &now))) + goto fail; + + if (time_req == 0 || time_req == GSS_C_INDEFINITE) { + ctx->krb_times.endtime = 0; + } else { + ctx->krb_times.endtime = now + time_req; + } + + if ((code = krb5_copy_principal(context, cred->princ, &ctx->here))) + goto fail; + + if ((code = krb5_copy_principal(context, (krb5_principal) target_name, + &ctx->there))) + goto fail; + + code = get_credentials(context, cred, ctx->there, now, + ctx->krb_times.endtime, &k_cred); + if (code) + goto fail; + + ctx->krb_times = k_cred->times; + + if (default_mech) { + mech_type = (gss_OID) gss_mech_krb5; + } + + if (generic_gss_copy_oid(minor_status, mech_type, &ctx->mech_used) + != GSS_S_COMPLETE) { + code = *minor_status; + goto fail; + } + /* + * Now try to make it static if at all possible.... + */ + ctx->mech_used = krb5_gss_convert_static_mech_oid(ctx->mech_used); + + { + /* gsskrb5 v1 */ + krb5_int32 seq_temp; + if ((code = make_ap_req_v1(context, ctx, + cred, k_cred, input_chan_bindings, + mech_type, &token))) { + if ((code == KRB5_FCC_NOFILE) || (code == KRB5_CC_NOTFOUND) || + (code == KG_EMPTY_CCACHE)) + major_status = GSS_S_NO_CRED; + if (code == KRB5KRB_AP_ERR_TKT_EXPIRED) + major_status = GSS_S_CREDENTIALS_EXPIRED; + goto fail; + } + + krb5_auth_con_getlocalseqnumber(context, ctx->auth_context, &seq_temp); + ctx->seq_send = seq_temp; + krb5_auth_con_getsendsubkey(context, ctx->auth_context, + &ctx->subkey); + } + + if (k_cred) { + krb5_free_creds(context, k_cred); + k_cred = NULL; + } + ctx->enc = NULL; + ctx->seq = NULL; + ctx->have_acceptor_subkey = 0; + code = kg_setup_keys(context, ctx, ctx->subkey, &ctx->cksumtype); + if (code != 0) + goto fail; + + /* at this point, the context is constructed and valid, + hence, releaseable */ + + /* intern the context handle */ + + if (! kg_save_ctx_id((gss_ctx_id_t) ctx)) { + code = G_VALIDATE_FAILED; + goto fail; + } + *context_handle = (gss_ctx_id_t) ctx; + ctx_free = 0; + + /* compute time_rec */ + if (time_rec) { + if ((code = krb5_timeofday(context, &now))) + goto fail; + *time_rec = ctx->krb_times.endtime - now; + } + + /* set the other returns */ + *output_token = token; + + if (ret_flags) + *ret_flags = ctx->gss_flags; + + if (actual_mech_type) + *actual_mech_type = mech_type; + + /* return successfully */ + + *minor_status = 0; + if (ctx->gss_flags & GSS_C_MUTUAL_FLAG) { + ctx->established = 0; + return(GSS_S_CONTINUE_NEEDED); + } else { + ctx->seq_recv = ctx->seq_send; + g_order_init(&(ctx->seqstate), ctx->seq_recv, + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0, ctx->proto); + ctx->gss_flags |= GSS_C_PROT_READY_FLAG; + ctx->established = 1; + return(GSS_S_COMPLETE); + } fail: - if (ctx_free) { - if (ctx_free->auth_context) - krb5_auth_con_free(context, ctx_free->auth_context); - if (ctx_free->here) - krb5_free_principal(context, ctx_free->here); - if (ctx_free->there) - krb5_free_principal(context, ctx_free->there); - if (ctx_free->subkey) - krb5_free_keyblock(context, ctx_free->subkey); - xfree(ctx_free); - } else - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); - - *minor_status = code; - return (major_status); + if (ctx_free) { + if (ctx_free->auth_context) + krb5_auth_con_free(context, ctx_free->auth_context); + if (ctx_free->here) + krb5_free_principal(context, ctx_free->here); + if (ctx_free->there) + krb5_free_principal(context, ctx_free->there); + if (ctx_free->subkey) + krb5_free_keyblock(context, ctx_free->subkey); + xfree(ctx_free); + } else + (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + + *minor_status = code; + return (major_status); } /* @@ -651,180 +608,199 @@ fail: */ static OM_uint32 mutual_auth( - OM_uint32 *minor_status, - gss_ctx_id_t *context_handle, - gss_name_t target_name, - gss_OID mech_type, - OM_uint32 req_flags, - OM_uint32 time_req, - gss_channel_bindings_t input_chan_bindings, - gss_buffer_t input_token, - gss_OID *actual_mech_type, - gss_buffer_t output_token, - OM_uint32 *ret_flags, - OM_uint32 *time_rec, - krb5_context context) + OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + gss_name_t target_name, + gss_OID mech_type, + OM_uint32 req_flags, + OM_uint32 time_req, + gss_channel_bindings_t input_chan_bindings, + gss_buffer_t input_token, + gss_OID *actual_mech_type, + gss_buffer_t output_token, + OM_uint32 *ret_flags, + OM_uint32 *time_rec, + krb5_context context) { - OM_uint32 major_status; - unsigned char *ptr; - char *sptr; - krb5_data ap_rep; - krb5_ap_rep_enc_part *ap_rep_data; - krb5_timestamp now; - krb5_gss_ctx_id_rec *ctx; - krb5_error *krb_error; - krb5_error_code code; - krb5int_access kaccess; - - major_status = GSS_S_FAILURE; - - code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); - if (code) - goto fail; - - /* validate the context handle */ - /*SUPPRESS 29*/ - if (! kg_validate_ctx_id(*context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - - ctx = (krb5_gss_ctx_id_t) *context_handle; - - /* make sure the context is non-established, and that certain - arguments are unchanged */ - - if ((ctx->established) || - ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) { - code = KG_CONTEXT_ESTABLISHED; - goto fail; - } - - if (! krb5_principal_compare(context, ctx->there, - (krb5_principal) target_name)) { - (void)krb5_gss_delete_sec_context(minor_status, - context_handle, NULL); - code = 0; - major_status = GSS_S_BAD_NAME; - goto fail; - } - - /* verify the token and leave the AP_REP message in ap_rep */ - - if (input_token == GSS_C_NO_BUFFER) { - (void)krb5_gss_delete_sec_context(minor_status, - context_handle, NULL); - code = 0; - major_status = GSS_S_DEFECTIVE_TOKEN; - goto fail; - } - - ptr = (unsigned char *) input_token->value; - - if (g_verify_token_header(ctx->mech_used, - &(ap_rep.length), - &ptr, KG_TOK_CTX_AP_REP, - input_token->length, 1)) { - if (g_verify_token_header((gss_OID) ctx->mech_used, - &(ap_rep.length), - &ptr, KG_TOK_CTX_ERROR, - input_token->length, 1) == 0) { - - /* Handle a KRB_ERROR message from the server */ - - sptr = (char *) ptr; /* PC compiler bug */ - TREAD_STR(sptr, ap_rep.data, ap_rep.length); - - code = krb5_rd_error(context, &ap_rep, &krb_error); - if (code) + OM_uint32 major_status; + unsigned char *ptr; + char *sptr; + krb5_data ap_rep; + krb5_ap_rep_enc_part *ap_rep_data; + krb5_timestamp now; + krb5_gss_ctx_id_rec *ctx; + krb5_error *krb_error; + krb5_error_code code; + krb5int_access kaccess; + + major_status = GSS_S_FAILURE; + + code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); + if (code) + goto fail; + + /* validate the context handle */ + /*SUPPRESS 29*/ + if (! kg_validate_ctx_id(*context_handle)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_t) *context_handle; + + /* make sure the context is non-established, and that certain + arguments are unchanged */ + + if ((ctx->established) || + ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) { + code = KG_CONTEXT_ESTABLISHED; + goto fail; + } + + if (! krb5_principal_compare(context, ctx->there, + (krb5_principal) target_name)) { + (void)krb5_gss_delete_sec_context(minor_status, + context_handle, NULL); + code = 0; + major_status = GSS_S_BAD_NAME; + goto fail; + } + + /* verify the token and leave the AP_REP message in ap_rep */ + + if (input_token == GSS_C_NO_BUFFER) { + (void)krb5_gss_delete_sec_context(minor_status, + context_handle, NULL); + code = 0; + major_status = GSS_S_DEFECTIVE_TOKEN; + goto fail; + } + + ptr = (unsigned char *) input_token->value; + + if (ctx->gss_flags & GSS_C_DCE_STYLE) { + /* Raw AP-REP */ + ap_rep.length = input_token->length; + ap_rep.data = (char *)input_token->value; + } else if (g_verify_token_header(ctx->mech_used, + &(ap_rep.length), + &ptr, KG_TOK_CTX_AP_REP, + input_token->length, 1)) { + if (g_verify_token_header((gss_OID) ctx->mech_used, + &(ap_rep.length), + &ptr, KG_TOK_CTX_ERROR, + input_token->length, 1) == 0) { + + /* Handle a KRB_ERROR message from the server */ + + sptr = (char *) ptr; /* PC compiler bug */ + TREAD_STR(sptr, ap_rep.data, ap_rep.length); + + code = krb5_rd_error(context, &ap_rep, &krb_error); + if (code) + goto fail; + if (krb_error->error) + code = (krb5_error_code)krb_error->error + ERROR_TABLE_BASE_krb5; + else + code = 0; + krb5_free_error(context, krb_error); + goto fail; + } else { + *minor_status = 0; + return(GSS_S_DEFECTIVE_TOKEN); + } + } + + sptr = (char *) ptr; /* PC compiler bug */ + TREAD_STR(sptr, ap_rep.data, ap_rep.length); + + /* decode the ap_rep */ + if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep, + &ap_rep_data))) { + /* + * XXX A hack for backwards compatiblity. + * To be removed in 1999 -- proven + */ + krb5_auth_con_setuseruserkey(context, ctx->auth_context, + ctx->subkey); + if ((krb5_rd_rep(context, ctx->auth_context, &ap_rep, + &ap_rep_data))) + goto fail; + } + + /* store away the sequence number */ + ctx->seq_recv = ap_rep_data->seq_number; + g_order_init(&(ctx->seqstate), ctx->seq_recv, + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0, ctx->proto); + + if (ap_rep_data->subkey != NULL && + (ctx->proto == 1 || (ctx->gss_flags & GSS_C_DCE_STYLE) || + ap_rep_data->subkey->enctype != ctx->subkey->enctype)) { + /* Keep acceptor's subkey. */ + ctx->have_acceptor_subkey = 1; + code = krb5_copy_keyblock(context, ap_rep_data->subkey, + &ctx->acceptor_subkey); + if (code) { + krb5_free_ap_rep_enc_part(context, ap_rep_data); + goto fail; + } + code = kg_setup_keys(context, ctx, ctx->acceptor_subkey, + &ctx->acceptor_subkey_cksumtype); + if (code) { + krb5_free_ap_rep_enc_part(context, ap_rep_data); goto fail; - if (krb_error->error) - code = krb_error->error + ERROR_TABLE_BASE_krb5; - else - code = 0; - krb5_free_error(context, krb_error); - goto fail; - } else { - *minor_status = 0; - return(GSS_S_DEFECTIVE_TOKEN); - } - } - - sptr = (char *) ptr; /* PC compiler bug */ - TREAD_STR(sptr, ap_rep.data, ap_rep.length); - - /* decode the ap_rep */ - if ((code = krb5_rd_rep(context, ctx->auth_context, &ap_rep, - &ap_rep_data))) { - /* - * XXX A hack for backwards compatiblity. - * To be removed in 1999 -- proven - */ - krb5_auth_con_setuseruserkey(context, ctx->auth_context, - ctx->subkey); - if ((krb5_rd_rep(context, ctx->auth_context, &ap_rep, - &ap_rep_data))) - goto fail; - } - - /* store away the sequence number */ - ctx->seq_recv = ap_rep_data->seq_number; - g_order_init(&(ctx->seqstate), ctx->seq_recv, - (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, - (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0, ctx->proto); - - if (ctx->proto == 1 && ap_rep_data->subkey) { - /* Keep acceptor's subkey. */ - ctx->have_acceptor_subkey = 1; - code = krb5_copy_keyblock(context, ap_rep_data->subkey, - &ctx->acceptor_subkey); - if (code) - goto fail; - code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, - ctx->acceptor_subkey->enctype, - &ctx->acceptor_subkey_cksumtype); - if (code) - goto fail; - } - - /* free the ap_rep_data */ - krb5_free_ap_rep_enc_part(context, ap_rep_data); - - /* set established */ - ctx->established = 1; - - /* set returns */ - - if (time_rec) { - if ((code = krb5_timeofday(context, &now))) - goto fail; - *time_rec = ctx->endtime - now; - } - - if (ret_flags) - *ret_flags = ctx->gss_flags; - - if (actual_mech_type) - *actual_mech_type = mech_type; - - /* success */ - - *minor_status = 0; - return GSS_S_COMPLETE; + } + } + /* free the ap_rep_data */ + krb5_free_ap_rep_enc_part(context, ap_rep_data); + + if (ctx->gss_flags & GSS_C_DCE_STYLE) { + krb5_data outbuf; + + code = krb5_mk_rep_dce(context, ctx->auth_context, &outbuf); + if (code) + goto fail; + + output_token->value = outbuf.data; + output_token->length = outbuf.length; + } + + /* set established */ + ctx->established = 1; + + /* set returns */ + + if (time_rec) { + if ((code = krb5_timeofday(context, &now))) + goto fail; + *time_rec = ctx->krb_times.endtime - now; + } + + if (ret_flags) + *ret_flags = ctx->gss_flags; + + if (actual_mech_type) + *actual_mech_type = mech_type; + + /* success */ + + *minor_status = 0; + return GSS_S_COMPLETE; fail: - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); - *minor_status = code; - return (major_status); + *minor_status = code; + return (major_status); } OM_uint32 krb5_gss_init_sec_context(minor_status, claimant_cred_handle, - context_handle, target_name, mech_type, - req_flags, time_req, input_chan_bindings, - input_token, actual_mech_type, output_token, - ret_flags, time_rec) + context_handle, target_name, mech_type, + req_flags, time_req, input_chan_bindings, + input_token, actual_mech_type, output_token, + ret_flags, time_rec) OM_uint32 *minor_status; gss_cred_id_t claimant_cred_handle; gss_ctx_id_t *context_handle; @@ -839,142 +815,144 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, OM_uint32 *ret_flags; OM_uint32 *time_rec; { - krb5_context context; - krb5_gss_cred_id_t cred; - int err; - krb5_error_code kerr; - int default_mech = 0; - OM_uint32 major_status; - OM_uint32 tmp_min_stat; - - if (*context_handle == GSS_C_NO_CONTEXT) { - kerr = krb5_gss_init_context(&context); - if (kerr) { - *minor_status = kerr; - return GSS_S_FAILURE; - } - if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) { - save_error_info(*minor_status, context); - krb5_free_context(context); - return GSS_S_FAILURE; - } - } else { - context = ((krb5_gss_ctx_id_rec *)*context_handle)->k5_context; - } - - /* set up return values so they can be "freed" successfully */ - - major_status = GSS_S_FAILURE; /* Default major code */ - output_token->length = 0; - output_token->value = NULL; - if (actual_mech_type) - *actual_mech_type = NULL; - - /* verify that the target_name is valid and usable */ - - if (! kg_validate_name(target_name)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - save_error_info(*minor_status, context); - if (*context_handle == GSS_C_NO_CONTEXT) - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } - - /* verify the credential, or use the default */ - /*SUPPRESS 29*/ - if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) { - major_status = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred); - if (major_status && GSS_ERROR(major_status)) { - if (*context_handle == GSS_C_NO_CONTEXT) - krb5_free_context(context); - return(major_status); - } - } else { - major_status = krb5_gss_validate_cred(minor_status, claimant_cred_handle); - if (GSS_ERROR(major_status)) { - save_error_info(*minor_status, context); - if (*context_handle == GSS_C_NO_CONTEXT) - krb5_free_context(context); - return(major_status); - } - cred = (krb5_gss_cred_id_t) claimant_cred_handle; - } - kerr = k5_mutex_lock(&cred->lock); - if (kerr) { - krb5_free_context(context); - *minor_status = kerr; - return GSS_S_FAILURE; - } - - /* verify the mech_type */ - - err = 0; - if (mech_type == GSS_C_NULL_OID) { - default_mech = 1; - if (cred->rfc_mech) { - mech_type = (gss_OID) gss_mech_krb5; - } else if (cred->prerfc_mech) { - mech_type = (gss_OID) gss_mech_krb5_old; - } else { - err = 1; - } - } else if (g_OID_equal(mech_type, gss_mech_krb5)) { - if (!cred->rfc_mech) - err = 1; - } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { - if (!cred->prerfc_mech) - err = 1; - } else if (g_OID_equal(mech_type, gss_mech_krb5_wrong)) { - if (!cred->rfc_mech) - err = 1; - } else { - err = 1; - } - - if (err) { - k5_mutex_unlock(&cred->lock); - if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) - krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); - *minor_status = 0; - if (*context_handle == GSS_C_NO_CONTEXT) - krb5_free_context(context); - return(GSS_S_BAD_MECH); - } - - /* is this a new connection or not? */ - - /*SUPPRESS 29*/ - if (*context_handle == GSS_C_NO_CONTEXT) { - major_status = new_connection(minor_status, cred, context_handle, - target_name, mech_type, req_flags, - time_req, input_chan_bindings, - input_token, actual_mech_type, - output_token, ret_flags, time_rec, - context, default_mech); - k5_mutex_unlock(&cred->lock); - if (*context_handle == GSS_C_NO_CONTEXT) { - save_error_info (*minor_status, context); - krb5_free_context(context); - } else - ((krb5_gss_ctx_id_rec *) *context_handle)->k5_context = context; - } else { - /* mutual_auth doesn't care about the credentials */ - k5_mutex_unlock(&cred->lock); - major_status = mutual_auth(minor_status, context_handle, - target_name, mech_type, req_flags, - time_req, input_chan_bindings, - input_token, actual_mech_type, - output_token, ret_flags, time_rec, - context); - /* If context_handle is now NO_CONTEXT, mutual_auth called - delete_sec_context, which would've zapped the krb5 context - too. */ - } - - if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) - krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred); - - return(major_status); + krb5_context context; + krb5_gss_cred_id_t cred; + int err; + krb5_error_code kerr; + int default_mech = 0; + OM_uint32 major_status; + OM_uint32 tmp_min_stat; + + if (*context_handle == GSS_C_NO_CONTEXT) { + kerr = krb5_gss_init_context(&context); + if (kerr) { + *minor_status = kerr; + return GSS_S_FAILURE; + } + if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) { + save_error_info(*minor_status, context); + krb5_free_context(context); + return GSS_S_FAILURE; + } + } else { + context = ((krb5_gss_ctx_id_rec *)*context_handle)->k5_context; + } + + /* set up return values so they can be "freed" successfully */ + + major_status = GSS_S_FAILURE; /* Default major code */ + output_token->length = 0; + output_token->value = NULL; + if (actual_mech_type) + *actual_mech_type = NULL; + + /* verify that the target_name is valid and usable */ + + if (! kg_validate_name(target_name)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + save_error_info(*minor_status, context); + if (*context_handle == GSS_C_NO_CONTEXT) + krb5_free_context(context); + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + } + + /* verify the credential, or use the default */ + /*SUPPRESS 29*/ + if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) { + major_status = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred); + if (major_status && GSS_ERROR(major_status)) { + if (*context_handle == GSS_C_NO_CONTEXT) + krb5_free_context(context); + return(major_status); + } + } else { + major_status = krb5_gss_validate_cred(minor_status, claimant_cred_handle); + if (GSS_ERROR(major_status)) { + save_error_info(*minor_status, context); + if (*context_handle == GSS_C_NO_CONTEXT) + krb5_free_context(context); + return(major_status); + } + cred = (krb5_gss_cred_id_t) claimant_cred_handle; + } + kerr = k5_mutex_lock(&cred->lock); + if (kerr) { + if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) + krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); + krb5_free_context(context); + *minor_status = kerr; + return GSS_S_FAILURE; + } + + /* verify the mech_type */ + + err = 0; + if (mech_type == GSS_C_NULL_OID) { + default_mech = 1; + if (cred->rfc_mech) { + mech_type = (gss_OID) gss_mech_krb5; + } else if (cred->prerfc_mech) { + mech_type = (gss_OID) gss_mech_krb5_old; + } else { + err = 1; + } + } else if (g_OID_equal(mech_type, gss_mech_krb5)) { + if (!cred->rfc_mech) + err = 1; + } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { + if (!cred->prerfc_mech) + err = 1; + } else if (g_OID_equal(mech_type, gss_mech_krb5_wrong)) { + if (!cred->rfc_mech) + err = 1; + } else { + err = 1; + } + + if (err) { + k5_mutex_unlock(&cred->lock); + if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) + krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); + *minor_status = 0; + if (*context_handle == GSS_C_NO_CONTEXT) + krb5_free_context(context); + return(GSS_S_BAD_MECH); + } + + /* is this a new connection or not? */ + + /*SUPPRESS 29*/ + if (*context_handle == GSS_C_NO_CONTEXT) { + major_status = new_connection(minor_status, cred, context_handle, + target_name, mech_type, req_flags, + time_req, input_chan_bindings, + input_token, actual_mech_type, + output_token, ret_flags, time_rec, + context, default_mech); + k5_mutex_unlock(&cred->lock); + if (*context_handle == GSS_C_NO_CONTEXT) { + save_error_info (*minor_status, context); + krb5_free_context(context); + } else + ((krb5_gss_ctx_id_rec *) *context_handle)->k5_context = context; + } else { + /* mutual_auth doesn't care about the credentials */ + k5_mutex_unlock(&cred->lock); + major_status = mutual_auth(minor_status, context_handle, + target_name, mech_type, req_flags, + time_req, input_chan_bindings, + input_token, actual_mech_type, + output_token, ret_flags, time_rec, + context); + /* If context_handle is now NO_CONTEXT, mutual_auth called + delete_sec_context, which would've zapped the krb5 context + too. */ + } + + if (claimant_cred_handle == GSS_C_NO_CREDENTIAL) + krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred); + + return(major_status); } #ifndef _WIN32 @@ -990,38 +968,43 @@ krb5_gss_init_context (krb5_context *ctxp) int is_kdc; #endif - err = gssint_initialize_library(); + err = gss_krb5int_initialize_library(); if (err) - return err; + return err; #ifndef _WIN32 err = k5_mutex_lock(&kg_kdc_flag_mutex); if (err) - return err; + return err; is_kdc = kdc_flag; k5_mutex_unlock(&kg_kdc_flag_mutex); if (is_kdc) - return krb5int_init_context_kdc(ctxp); + return krb5int_init_context_kdc(ctxp); #endif return krb5_init_context(ctxp); } #ifndef _WIN32 -krb5_error_code -krb5_gss_use_kdc_context() +OM_uint32 +krb5int_gss_use_kdc_context(OM_uint32 *minor_status, + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value) { - krb5_error_code err; + OM_uint32 err; - err = gssint_initialize_library(); - if (err) - return err; - err = k5_mutex_lock(&kg_kdc_flag_mutex); + *minor_status = 0; + + err = gss_krb5int_initialize_library(); if (err) - return err; + return err; + *minor_status = k5_mutex_lock(&kg_kdc_flag_mutex); + if (*minor_status) { + return GSS_S_FAILURE; + } kdc_flag = 1; k5_mutex_unlock(&kg_kdc_flag_mutex); - return 0; + return GSS_S_COMPLETE; } #endif - diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c index ab9d81a4fc..ed46d9d51a 100644 --- a/src/lib/gssapi/krb5/inq_context.c +++ b/src/lib/gssapi/krb5/inq_context.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -19,117 +20,294 @@ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "gssapiP_krb5.h" OM_uint32 -krb5_gss_inquire_context(minor_status, context_handle, initiator_name, - acceptor_name, lifetime_rec, mech_type, ret_flags, - locally_initiated, opened) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_name_t *initiator_name; - gss_name_t *acceptor_name; - OM_uint32 *lifetime_rec; - gss_OID *mech_type; - OM_uint32 *ret_flags; - int *locally_initiated; - int *opened; +krb5_gss_inquire_context(minor_status, context_handle, initiator_name, + acceptor_name, lifetime_rec, mech_type, ret_flags, + locally_initiated, opened) + OM_uint32 *minor_status; + gss_ctx_id_t context_handle; + gss_name_t *initiator_name; + gss_name_t *acceptor_name; + OM_uint32 *lifetime_rec; + gss_OID *mech_type; + OM_uint32 *ret_flags; + int *locally_initiated; + int *opened; +{ + krb5_context context; + krb5_error_code code; + krb5_gss_ctx_id_rec *ctx; + krb5_principal initiator, acceptor; + krb5_timestamp now; + krb5_deltat lifetime; + + if (initiator_name) + *initiator_name = (gss_name_t) NULL; + if (acceptor_name) + *acceptor_name = (gss_name_t) NULL; + + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + if (! ctx->established) { + *minor_status = KG_CTX_INCOMPLETE; + return(GSS_S_NO_CONTEXT); + } + + initiator = NULL; + acceptor = NULL; + context = ctx->k5_context; + + if ((code = krb5_timeofday(context, &now))) { + *minor_status = code; + save_error_info(*minor_status, context); + return(GSS_S_FAILURE); + } + + if ((lifetime = ctx->krb_times.endtime - now) < 0) + lifetime = 0; + + if (initiator_name) { + if ((code = krb5_copy_principal(context, + ctx->initiate?ctx->here:ctx->there, + &initiator))) { + *minor_status = code; + save_error_info(*minor_status, context); + return(GSS_S_FAILURE); + } + if (! kg_save_name((gss_name_t) initiator)) { + krb5_free_principal(context, initiator); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_FAILURE); + } + } + + if (acceptor_name) { + if ((code = krb5_copy_principal(context, + ctx->initiate?ctx->there:ctx->here, + &acceptor))) { + if (initiator) krb5_free_principal(context, initiator); + *minor_status = code; + save_error_info(*minor_status, context); + return(GSS_S_FAILURE); + } + if (! kg_save_name((gss_name_t) acceptor)) { + krb5_free_principal(context, acceptor); + if (initiator) { + kg_delete_name((gss_name_t) initiator); + krb5_free_principal(context, initiator); + } + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_FAILURE); + } + } + + if (initiator_name) + *initiator_name = (gss_name_t) initiator; + + if (acceptor_name) + *acceptor_name = (gss_name_t) acceptor; + + if (lifetime_rec) + *lifetime_rec = lifetime; + + if (mech_type) + *mech_type = (gss_OID) ctx->mech_used; + + if (ret_flags) + *ret_flags = ctx->gss_flags; + + if (locally_initiated) + *locally_initiated = ctx->initiate; + + if (opened) + *opened = ctx->established; + + *minor_status = 0; + return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE); +} + +OM_uint32 +gss_krb5int_inq_session_key( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + krb5_gss_ctx_id_rec *ctx; + krb5_keyblock *key; + gss_buffer_desc keyvalue, keyinfo; + OM_uint32 major_status, minor; + unsigned char oid_buf[GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH + 6]; + gss_OID_desc oid; + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey : ctx->subkey; + + keyvalue.value = key->contents; + keyvalue.length = key->length; + + major_status = generic_gss_add_buffer_set_member(minor_status, &keyvalue, data_set); + if (GSS_ERROR(major_status)) + goto cleanup; + + oid.elements = oid_buf; + oid.length = sizeof(oid_buf); + + major_status = generic_gss_oid_compose(minor_status, + GSS_KRB5_SESSION_KEY_ENCTYPE_OID, + GSS_KRB5_SESSION_KEY_ENCTYPE_OID_LENGTH, + key->enctype, + &oid); + if (GSS_ERROR(major_status)) + goto cleanup; + + keyinfo.value = oid.elements; + keyinfo.length = oid.length; + + major_status = generic_gss_add_buffer_set_member(minor_status, &keyinfo, data_set); + if (GSS_ERROR(major_status)) + goto cleanup; + + return GSS_S_COMPLETE; + +cleanup: + if (*data_set != GSS_C_NO_BUFFER_SET) { + if ((*data_set)->count != 0) + memset((*data_set)->elements[0].value, 0, (*data_set)->elements[0].length); + gss_release_buffer_set(&minor, data_set); + } + + return major_status; +} + +OM_uint32 +gss_krb5int_extract_authz_data_from_sec_context( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + OM_uint32 major_status; + krb5_gss_ctx_id_rec *ctx; + int ad_type = 0; + size_t i; + + *data_set = GSS_C_NO_BUFFER_SET; + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + major_status = generic_gss_oid_decompose(minor_status, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, + desired_object, + &ad_type); + if (major_status != GSS_S_COMPLETE || ad_type == 0) { + *minor_status = ENOENT; + return GSS_S_FAILURE; + } + + if (ctx->authdata != NULL) { + for (i = 0; ctx->authdata[i] != NULL; i++) { + if (ctx->authdata[i]->ad_type == ad_type) { + gss_buffer_desc ad_data; + + ad_data.length = ctx->authdata[i]->length; + ad_data.value = ctx->authdata[i]->contents; + + major_status = generic_gss_add_buffer_set_member(minor_status, + &ad_data, data_set); + if (GSS_ERROR(major_status)) + break; + } + } + } + + if (GSS_ERROR(major_status)) { + OM_uint32 tmp; + + generic_gss_release_buffer_set(&tmp, data_set); + } + + return major_status; +} + +OM_uint32 +gss_krb5int_extract_authtime_from_sec_context(OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_oid, + gss_buffer_set_t *data_set) { - krb5_context context; - krb5_error_code code; - krb5_gss_ctx_id_rec *ctx; - krb5_principal initiator, acceptor; - krb5_timestamp now; - krb5_deltat lifetime; - - if (initiator_name) - *initiator_name = (gss_name_t) NULL; - if (acceptor_name) - *acceptor_name = (gss_name_t) NULL; - - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } - - ctx = (krb5_gss_ctx_id_rec *) context_handle; - - if (! ctx->established) { - *minor_status = KG_CTX_INCOMPLETE; - return(GSS_S_NO_CONTEXT); - } - - initiator = NULL; - acceptor = NULL; - context = ctx->k5_context; - - if ((code = krb5_timeofday(context, &now))) { - *minor_status = code; - save_error_info(*minor_status, context); - return(GSS_S_FAILURE); - } - - if ((lifetime = ctx->endtime - now) < 0) - lifetime = 0; - - if (initiator_name) { - if ((code = krb5_copy_principal(context, - ctx->initiate?ctx->here:ctx->there, - &initiator))) { - *minor_status = code; - save_error_info(*minor_status, context); - return(GSS_S_FAILURE); - } - if (! kg_save_name((gss_name_t) initiator)) { - krb5_free_principal(context, initiator); - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_FAILURE); - } - } - - if (acceptor_name) { - if ((code = krb5_copy_principal(context, - ctx->initiate?ctx->there:ctx->here, - &acceptor))) { - if (initiator) krb5_free_principal(context, initiator); - *minor_status = code; - save_error_info(*minor_status, context); - return(GSS_S_FAILURE); - } - if (! kg_save_name((gss_name_t) acceptor)) { - krb5_free_principal(context, acceptor); - if (initiator) { - kg_delete_name((gss_name_t) initiator); - krb5_free_principal(context, initiator); - } - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_FAILURE); - } - } - - if (initiator_name) - *initiator_name = (gss_name_t) initiator; - - if (acceptor_name) - *acceptor_name = (gss_name_t) acceptor; - - if (lifetime_rec) - *lifetime_rec = lifetime; - - if (mech_type) - *mech_type = (gss_OID) ctx->mech_used; - - if (ret_flags) - *ret_flags = ctx->gss_flags; - - if (locally_initiated) - *locally_initiated = ctx->initiate; - - if (opened) - *opened = ctx->established; - - *minor_status = 0; - return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE); + krb5_gss_ctx_id_rec *ctx; + gss_buffer_desc rep; + + ctx = (krb5_gss_ctx_id_rec *) context_handle; + + rep.value = &ctx->krb_times.authtime; + rep.length = sizeof(ctx->krb_times.authtime); + + return generic_gss_add_buffer_set_member(minor_status, &rep, data_set); } + diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c index aa50d12313..8560135abe 100644 --- a/src/lib/gssapi/krb5/inq_cred.c +++ b/src/lib/gssapi/krb5/inq_cred.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 2000, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,11 +21,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -34,7 +35,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -46,14 +47,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -64,7 +65,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -74,195 +75,194 @@ OM_uint32 krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, - cred_usage, mechanisms) - OM_uint32 *minor_status; - gss_cred_id_t cred_handle; - gss_name_t *name; - OM_uint32 *lifetime_ret; - gss_cred_usage_t *cred_usage; - gss_OID_set *mechanisms; + cred_usage, mechanisms) + OM_uint32 *minor_status; + gss_cred_id_t cred_handle; + gss_name_t *name; + OM_uint32 *lifetime_ret; + gss_cred_usage_t *cred_usage; + gss_OID_set *mechanisms; { - krb5_context context; - krb5_gss_cred_id_t cred; - krb5_error_code code; - krb5_timestamp now; - krb5_deltat lifetime; - krb5_principal ret_name; - gss_OID_set mechs; - OM_uint32 ret; + krb5_context context; + krb5_gss_cred_id_t cred; + krb5_error_code code; + krb5_timestamp now; + krb5_deltat lifetime; + krb5_principal ret_name; + gss_OID_set mechs; + OM_uint32 ret; + + ret = GSS_S_FAILURE; + ret_name = NULL; - ret = GSS_S_FAILURE; - ret_name = NULL; + code = krb5_gss_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } - code = krb5_gss_init_context(&context); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } + if (name) *name = NULL; + if (mechanisms) *mechanisms = NULL; - if (name) *name = NULL; - if (mechanisms) *mechanisms = NULL; + /* check for default credential */ + /*SUPPRESS 29*/ + if (cred_handle == GSS_C_NO_CREDENTIAL) { + OM_uint32 major; - /* check for default credential */ - /*SUPPRESS 29*/ - if (cred_handle == GSS_C_NO_CREDENTIAL) { - OM_uint32 major; + if ((major = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred)) && + GSS_ERROR(major)) { + krb5_free_context(context); + return(major); + } + } else { + OM_uint32 major; - if ((major = kg_get_defcred(minor_status, (gss_cred_id_t *)&cred)) && - GSS_ERROR(major)) { - krb5_free_context(context); - return(major); - } - } else { - OM_uint32 major; - - major = krb5_gss_validate_cred(minor_status, cred_handle); - if (GSS_ERROR(major)) { - krb5_free_context(context); - return(major); - } - cred = (krb5_gss_cred_id_t) cred_handle; - } + major = krb5_gss_validate_cred(minor_status, cred_handle); + if (GSS_ERROR(major)) { + krb5_free_context(context); + return(major); + } + cred = (krb5_gss_cred_id_t) cred_handle; + } - if ((code = krb5_timeofday(context, &now))) { - *minor_status = code; - ret = GSS_S_FAILURE; - goto fail; - } + if ((code = krb5_timeofday(context, &now))) { + *minor_status = code; + ret = GSS_S_FAILURE; + goto fail; + } - code = k5_mutex_lock(&cred->lock); - if (code != 0) { - *minor_status = code; - ret = GSS_S_FAILURE; - goto fail; - } - if (cred->tgt_expire > 0) { - if ((lifetime = cred->tgt_expire - now) < 0) - lifetime = 0; - } - else - lifetime = GSS_C_INDEFINITE; + code = k5_mutex_lock(&cred->lock); + if (code != 0) { + *minor_status = code; + ret = GSS_S_FAILURE; + goto fail; + } + if (cred->tgt_expire > 0) { + if ((lifetime = cred->tgt_expire - now) < 0) + lifetime = 0; + } + else + lifetime = GSS_C_INDEFINITE; - if (name) { - if (cred->princ && - (code = krb5_copy_principal(context, cred->princ, &ret_name))) { - k5_mutex_unlock(&cred->lock); - *minor_status = code; - save_error_info(*minor_status, context); - ret = GSS_S_FAILURE; - goto fail; - } - } + if (name) { + if (cred->princ && + (code = krb5_copy_principal(context, cred->princ, &ret_name))) { + k5_mutex_unlock(&cred->lock); + *minor_status = code; + save_error_info(*minor_status, context); + ret = GSS_S_FAILURE; + goto fail; + } + } - if (mechanisms) { - if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status, - &mechs)) || - (cred->prerfc_mech && - GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, - gss_mech_krb5_old, - &mechs))) || - (cred->rfc_mech && - GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, - gss_mech_krb5, - &mechs)))) { - k5_mutex_unlock(&cred->lock); - if (ret_name) - krb5_free_principal(context, ret_name); - /* *minor_status set above */ - goto fail; - } - } + if (mechanisms) { + if (GSS_ERROR(ret = generic_gss_create_empty_oid_set(minor_status, + &mechs)) || + (cred->prerfc_mech && + GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, + gss_mech_krb5_old, + &mechs))) || + (cred->rfc_mech && + GSS_ERROR(ret = generic_gss_add_oid_set_member(minor_status, + gss_mech_krb5, + &mechs)))) { + k5_mutex_unlock(&cred->lock); + if (ret_name) + krb5_free_principal(context, ret_name); + /* *minor_status set above */ + goto fail; + } + } - if (name) { - if (ret_name != NULL && ! kg_save_name((gss_name_t) ret_name)) { - k5_mutex_unlock(&cred->lock); - if (cred_handle == GSS_C_NO_CREDENTIAL) - krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); + if (name) { + if (ret_name != NULL && ! kg_save_name((gss_name_t) ret_name)) { + k5_mutex_unlock(&cred->lock); + if (cred_handle == GSS_C_NO_CREDENTIAL) + krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); - (void) gss_release_oid_set(minor_status, &mechs); - krb5_free_principal(context, ret_name); - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_FAILURE); - } - if (ret_name != NULL) - *name = (gss_name_t) ret_name; - else - *name = GSS_C_NO_NAME; - } + (void) generic_gss_release_oid_set(minor_status, &mechs); + krb5_free_principal(context, ret_name); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); + return(GSS_S_FAILURE); + } + if (ret_name != NULL) + *name = (gss_name_t) ret_name; + else + *name = GSS_C_NO_NAME; + } - if (lifetime_ret) - *lifetime_ret = lifetime; + if (lifetime_ret) + *lifetime_ret = lifetime; - if (cred_usage) - *cred_usage = cred->usage; - k5_mutex_unlock(&cred->lock); + if (cred_usage) + *cred_usage = cred->usage; + k5_mutex_unlock(&cred->lock); - if (mechanisms) - *mechanisms = mechs; + if (mechanisms) + *mechanisms = mechs; - if (cred_handle == GSS_C_NO_CREDENTIAL) - krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); + if (cred_handle == GSS_C_NO_CREDENTIAL) + krb5_gss_release_cred(minor_status, (gss_cred_id_t *)&cred); - krb5_free_context(context); - *minor_status = 0; - return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE); + krb5_free_context(context); + *minor_status = 0; + return((lifetime == 0)?GSS_S_CREDENTIALS_EXPIRED:GSS_S_COMPLETE); fail: - if (cred_handle == GSS_C_NO_CREDENTIAL) { - OM_uint32 tmp_min_stat; + if (cred_handle == GSS_C_NO_CREDENTIAL) { + OM_uint32 tmp_min_stat; - krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred); - } - krb5_free_context(context); - return ret; + krb5_gss_release_cred(&tmp_min_stat, (gss_cred_id_t *)&cred); + } + krb5_free_context(context); + return ret; } /* V2 interface */ OM_uint32 krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, - mech_type, name, initiator_lifetime, - acceptor_lifetime, cred_usage) - OM_uint32 *minor_status; - gss_cred_id_t cred_handle; - gss_OID mech_type; - gss_name_t *name; - OM_uint32 *initiator_lifetime; - OM_uint32 *acceptor_lifetime; + mech_type, name, initiator_lifetime, + acceptor_lifetime, cred_usage) + OM_uint32 *minor_status; + gss_cred_id_t cred_handle; + gss_OID mech_type; + gss_name_t *name; + OM_uint32 *initiator_lifetime; + OM_uint32 *acceptor_lifetime; gss_cred_usage_t *cred_usage; { - krb5_gss_cred_id_t cred; - OM_uint32 lifetime; - OM_uint32 mstat; + krb5_gss_cred_id_t cred; + OM_uint32 lifetime; + OM_uint32 mstat; /* * We only know how to handle our own creds. */ if ((mech_type != GSS_C_NULL_OID) && - !g_OID_equal(gss_mech_krb5_old, mech_type) && - !g_OID_equal(gss_mech_krb5, mech_type)) { - *minor_status = 0; - return(GSS_S_NO_CRED); + !g_OID_equal(gss_mech_krb5_old, mech_type) && + !g_OID_equal(gss_mech_krb5, mech_type)) { + *minor_status = 0; + return(GSS_S_NO_CRED); } cred = (krb5_gss_cred_id_t) cred_handle; mstat = krb5_gss_inquire_cred(minor_status, - cred_handle, - name, - &lifetime, - cred_usage, - (gss_OID_set *) NULL); + cred_handle, + name, + &lifetime, + cred_usage, + (gss_OID_set *) NULL); if (mstat == GSS_S_COMPLETE) { - if (cred && - ((cred->usage == GSS_C_INITIATE) || - (cred->usage == GSS_C_BOTH)) && - initiator_lifetime) - *initiator_lifetime = lifetime; - if (cred && - ((cred->usage == GSS_C_ACCEPT) || - (cred->usage == GSS_C_BOTH)) && - acceptor_lifetime) - *acceptor_lifetime = lifetime; + if (cred && + ((cred->usage == GSS_C_INITIATE) || + (cred->usage == GSS_C_BOTH)) && + initiator_lifetime) + *initiator_lifetime = lifetime; + if (cred && + ((cred->usage == GSS_C_ACCEPT) || + (cred->usage == GSS_C_BOTH)) && + acceptor_lifetime) + *acceptor_lifetime = lifetime; } return(mstat); } - diff --git a/src/lib/gssapi/krb5/inq_names.c b/src/lib/gssapi/krb5/inq_names.c index c9e3dc9ad0..5db0ae0ee9 100644 --- a/src/lib/gssapi/krb5/inq_names.c +++ b/src/lib/gssapi/krb5/inq_names.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/inq_names.c * @@ -32,68 +33,67 @@ OM_uint32 krb5_gss_inquire_names_for_mech(minor_status, mechanism, name_types) - OM_uint32 *minor_status; - gss_OID mechanism; - gss_OID_set *name_types; + OM_uint32 *minor_status; + gss_OID mechanism; + gss_OID_set *name_types; { - OM_uint32 major, minor; + OM_uint32 major, minor; /* * We only know how to handle our own mechanism. */ if ((mechanism != GSS_C_NULL_OID) && - !g_OID_equal(gss_mech_krb5, mechanism) && - !g_OID_equal(gss_mech_krb5_old, mechanism)) { - *minor_status = 0; - return(GSS_S_BAD_MECH); + !g_OID_equal(gss_mech_krb5, mechanism) && + !g_OID_equal(gss_mech_krb5_old, mechanism)) { + *minor_status = 0; + return(GSS_S_BAD_MECH); } /* We're okay. Create an empty OID set */ - major = gss_create_empty_oid_set(minor_status, name_types); + major = generic_gss_create_empty_oid_set(minor_status, name_types); if (major == GSS_S_COMPLETE) { - /* Now add our members. */ - if ( - ((major = generic_gss_add_oid_set_member(minor_status, - gss_nt_user_name, - name_types) - ) == GSS_S_COMPLETE) && - ((major = generic_gss_add_oid_set_member(minor_status, - gss_nt_machine_uid_name, - name_types) - ) == GSS_S_COMPLETE) && - ((major = generic_gss_add_oid_set_member(minor_status, - gss_nt_string_uid_name, - name_types) - ) == GSS_S_COMPLETE) && - ((major = generic_gss_add_oid_set_member(minor_status, - gss_nt_service_name, - name_types) - ) == GSS_S_COMPLETE) && - ((major = generic_gss_add_oid_set_member(minor_status, - gss_nt_service_name_v2, - name_types) - ) == GSS_S_COMPLETE) && - ((major = generic_gss_add_oid_set_member(minor_status, - gss_nt_exported_name, - name_types) - ) == GSS_S_COMPLETE) && - ((major = generic_gss_add_oid_set_member(minor_status, - gss_nt_krb5_name, - name_types) - ) == GSS_S_COMPLETE) - ) { - major = generic_gss_add_oid_set_member(minor_status, - gss_nt_krb5_principal, - name_types); - } + /* Now add our members. */ + if ( + ((major = generic_gss_add_oid_set_member(minor_status, + gss_nt_user_name, + name_types) + ) == GSS_S_COMPLETE) && + ((major = generic_gss_add_oid_set_member(minor_status, + gss_nt_machine_uid_name, + name_types) + ) == GSS_S_COMPLETE) && + ((major = generic_gss_add_oid_set_member(minor_status, + gss_nt_string_uid_name, + name_types) + ) == GSS_S_COMPLETE) && + ((major = generic_gss_add_oid_set_member(minor_status, + gss_nt_service_name, + name_types) + ) == GSS_S_COMPLETE) && + ((major = generic_gss_add_oid_set_member(minor_status, + gss_nt_service_name_v2, + name_types) + ) == GSS_S_COMPLETE) && + ((major = generic_gss_add_oid_set_member(minor_status, + gss_nt_exported_name, + name_types) + ) == GSS_S_COMPLETE) && + ((major = generic_gss_add_oid_set_member(minor_status, + gss_nt_krb5_name, + name_types) + ) == GSS_S_COMPLETE) + ) { + major = generic_gss_add_oid_set_member(minor_status, + gss_nt_krb5_principal, + name_types); + } - /* - * If we choked, then release the set, but don't overwrite the minor - * status with the release call. - */ - if (major != GSS_S_COMPLETE) - (void) gss_release_oid_set(&minor, - name_types); + /* + * If we choked, then release the set, but don't overwrite the minor + * status with the release call. + */ + if (major != GSS_S_COMPLETE) + (void) generic_gss_release_oid_set(&minor, name_types); } return(major); } diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index e019e1b13f..dd3603b269 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. * @@ -52,19 +53,19 @@ static krb5_error_code make_seal_token_v1 (krb5_context context, - krb5_keyblock *enc, - krb5_keyblock *seq, - gssint_uint64 *seqnum, - int direction, - gss_buffer_t text, - gss_buffer_t token, - int signalg, - size_t cksum_size, - int sealalg, - int do_encrypt, - int toktype, - int bigend, - gss_OID oid) + krb5_keyblock *enc, + krb5_keyblock *seq, + gssint_uint64 *seqnum, + int direction, + gss_buffer_t text, + gss_buffer_t token, + int signalg, + size_t cksum_size, + int sealalg, + int do_encrypt, + int toktype, + int bigend, + gss_OID oid) { krb5_error_code code; size_t sumlen; @@ -72,13 +73,13 @@ make_seal_token_v1 (krb5_context context, krb5_data plaind; krb5_checksum md5cksum; krb5_checksum cksum; - /* msglen contains the message length - * we are signing/encrypting. tmsglen - * contains the length of the message - * we plan to write out to the token. - * tlen is the length of the token - * including header. */ - unsigned conflen=0, tmsglen, tlen, msglen; + /* msglen contains the message length + * we are signing/encrypting. tmsglen + * contains the length of the message + * we plan to write out to the token. + * tlen is the length of the token + * including header. */ + unsigned int conflen=0, tmsglen, tlen, msglen; unsigned char *t, *ptr; unsigned char *plain; unsigned char pad; @@ -89,30 +90,30 @@ make_seal_token_v1 (krb5_context context, /* create the token buffer */ /* Do we need confounder? */ if (do_encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG))) - conflen = kg_confounder_size(context, enc); + conflen = kg_confounder_size(context, enc); else conflen = 0; if (toktype == KG_TOK_SEAL_MSG) { - switch (sealalg) { - case SEAL_ALG_MICROSOFT_RC4: - msglen = conflen + text->length+1; - pad = 1; - break; - default: - /* XXX knows that des block size is 8 */ - msglen = (conflen+text->length+8)&(~7); - pad = 8-(text->length%8); - } - tmsglen = msglen; + switch (sealalg) { + case SEAL_ALG_MICROSOFT_RC4: + msglen = conflen + text->length+1; + pad = 1; + break; + default: + /* XXX knows that des block size is 8 */ + msglen = (conflen+text->length+8)&(~7); + pad = 8-(text->length%8); + } + tmsglen = msglen; } else { - tmsglen = 0; - msglen = text->length; - pad = 0; + tmsglen = 0; + msglen = text->length; + pad = 0; } tlen = g_token_size((gss_OID) oid, 14+cksum_size+tmsglen); if ((t = (unsigned char *) xmalloc(tlen)) == NULL) - return(ENOMEM); + return(ENOMEM); /*** fill in the token */ @@ -125,12 +126,12 @@ make_seal_token_v1 (krb5_context context, /* 2..3 SEAL_ALG or Filler */ if ((toktype == KG_TOK_SEAL_MSG) && do_encrypt) { - ptr[2] = sealalg & 0xff; - ptr[3] = (sealalg >> 8) & 0xff; + ptr[2] = sealalg & 0xff; + ptr[3] = (sealalg >> 8) & 0xff; } else { - /* No seal */ - ptr[2] = 0xff; - ptr[3] = 0xff; + /* No seal */ + ptr[2] = 0xff; + ptr[3] = 0xff; } /* 4..5 Filler */ @@ -143,40 +144,40 @@ make_seal_token_v1 (krb5_context context, switch (signalg) { case SGN_ALG_DES_MAC_MD5: case SGN_ALG_MD2_5: - md5cksum.checksum_type = CKSUMTYPE_RSA_MD5; - break; + md5cksum.checksum_type = CKSUMTYPE_RSA_MD5; + break; case SGN_ALG_HMAC_SHA1_DES3_KD: - md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; - break; + md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; + break; case SGN_ALG_HMAC_MD5: - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; - if (toktype != KG_TOK_SEAL_MSG) - sign_usage = 15; - break; + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + if (toktype != KG_TOK_SEAL_MSG) + sign_usage = 15; + break; default: case SGN_ALG_DES_MAC: - abort (); + abort (); } code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code) { - xfree(t); - return(code); + xfree(t); + return(code); } md5cksum.length = sumlen; if ((plain = (unsigned char *) xmalloc(msglen ? msglen : 1)) == NULL) { - xfree(t); - return(ENOMEM); + xfree(t); + return(ENOMEM); } if (conflen) { - if ((code = kg_make_confounder(context, enc, plain))) { - xfree(plain); - xfree(t); - return(code); - } + if ((code = kg_make_confounder(context, enc, plain))) { + xfree(plain); + xfree(t); + return(code); + } } memcpy(plain+conflen, text->value, text->length); @@ -186,121 +187,121 @@ make_seal_token_v1 (krb5_context context, /* 8 = head of token body as specified by mech spec */ if (! (data_ptr = - (char *) xmalloc(8 + (bigend ? text->length : msglen)))) { - xfree(plain); - xfree(t); - return(ENOMEM); + (char *) xmalloc(8 + (bigend ? text->length : msglen)))) { + xfree(plain); + xfree(t); + return(ENOMEM); } (void) memcpy(data_ptr, ptr-2, 8); if (bigend) - (void) memcpy(data_ptr+8, text->value, text->length); + (void) memcpy(data_ptr+8, text->value, text->length); else - (void) memcpy(data_ptr+8, plain, msglen); + (void) memcpy(data_ptr+8, plain, msglen); plaind.length = 8 + (bigend ? text->length : msglen); plaind.data = data_ptr; code = krb5_c_make_checksum(context, md5cksum.checksum_type, seq, - sign_usage, &plaind, &md5cksum); + sign_usage, &plaind, &md5cksum); xfree(data_ptr); if (code) { - xfree(plain); - xfree(t); - return(code); + xfree(plain); + xfree(t); + return(code); } switch(signalg) { case SGN_ALG_DES_MAC_MD5: case 3: - if ((code = kg_encrypt(context, seq, KG_USAGE_SEAL, - (g_OID_equal(oid, gss_mech_krb5_old) ? - seq->contents : NULL), - md5cksum.contents, md5cksum.contents, 16))) { - krb5_free_checksum_contents(context, &md5cksum); - xfree (plain); - xfree(t); - return code; - } + if ((code = kg_encrypt(context, seq, KG_USAGE_SEAL, + (g_OID_equal(oid, gss_mech_krb5_old) ? + seq->contents : NULL), + md5cksum.contents, md5cksum.contents, 16))) { + krb5_free_checksum_contents(context, &md5cksum); + xfree (plain); + xfree(t); + return code; + } - cksum.length = cksum_size; - cksum.contents = md5cksum.contents + 16 - cksum.length; + cksum.length = cksum_size; + cksum.contents = md5cksum.contents + 16 - cksum.length; - memcpy(ptr+14, cksum.contents, cksum.length); - break; + memcpy(ptr+14, cksum.contents, cksum.length); + break; case SGN_ALG_HMAC_SHA1_DES3_KD: - /* - * Using key derivation, the call to krb5_c_make_checksum - * already dealt with encrypting. - */ - if (md5cksum.length != cksum_size) - abort (); - memcpy (ptr+14, md5cksum.contents, md5cksum.length); - break; + /* + * Using key derivation, the call to krb5_c_make_checksum + * already dealt with encrypting. + */ + if (md5cksum.length != cksum_size) + abort (); + memcpy (ptr+14, md5cksum.contents, md5cksum.length); + break; case SGN_ALG_HMAC_MD5: - memcpy (ptr+14, md5cksum.contents, cksum_size); - break; + memcpy (ptr+14, md5cksum.contents, cksum_size); + break; } krb5_free_checksum_contents(context, &md5cksum); /* create the seq_num */ - if ((code = kg_make_seq_num(context, seq, direction?0:0xff, *seqnum, - ptr+14, ptr+6))) { - xfree (plain); - xfree(t); - return(code); + if ((code = kg_make_seq_num(context, seq, direction?0:0xff, + (krb5_ui_4)*seqnum, ptr+14, ptr+6))) { + xfree (plain); + xfree(t); + return(code); } if (do_encrypt) { - switch(sealalg) { - case SEAL_ALG_MICROSOFT_RC4: - { - unsigned char bigend_seqnum[4]; - krb5_keyblock *enc_key; - int i; - bigend_seqnum[0] = (*seqnum>>24) & 0xff; - bigend_seqnum[1] = (*seqnum>>16) & 0xff; - bigend_seqnum[2] = (*seqnum>>8) & 0xff; - bigend_seqnum[3] = *seqnum & 0xff; - code = krb5_copy_keyblock (context, enc, &enc_key); - if (code) - { - xfree(plain); - xfree(t); - return(code); - } - assert (enc_key->length == 16); - for (i = 0; i <= 15; i++) - ((char *) enc_key->contents)[i] ^=0xf0; - code = kg_arcfour_docrypt (enc_key, 0, - bigend_seqnum, 4, - plain, tmsglen, - ptr+14+cksum_size); - krb5_free_keyblock (context, enc_key); - if (code) - { - xfree(plain); - xfree(t); - return(code); - } - } - break; - default: - if ((code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL, - (krb5_pointer) plain, - (krb5_pointer) (ptr+cksum_size+14), - tmsglen))) { - xfree(plain); - xfree(t); - return(code); - } - } + switch(sealalg) { + case SEAL_ALG_MICROSOFT_RC4: + { + unsigned char bigend_seqnum[4]; + krb5_keyblock *enc_key; + int i; + bigend_seqnum[0] = (*seqnum>>24) & 0xff; + bigend_seqnum[1] = (*seqnum>>16) & 0xff; + bigend_seqnum[2] = (*seqnum>>8) & 0xff; + bigend_seqnum[3] = *seqnum & 0xff; + code = krb5_copy_keyblock (context, enc, &enc_key); + if (code) + { + xfree(plain); + xfree(t); + return(code); + } + assert (enc_key->length == 16); + for (i = 0; i <= 15; i++) + ((char *) enc_key->contents)[i] ^=0xf0; + code = kg_arcfour_docrypt (enc_key, 0, + bigend_seqnum, 4, + plain, tmsglen, + ptr+14+cksum_size); + krb5_free_keyblock (context, enc_key); + if (code) + { + xfree(plain); + xfree(t); + return(code); + } + } + break; + default: + if ((code = kg_encrypt(context, enc, KG_USAGE_SEAL, NULL, + (krb5_pointer) plain, + (krb5_pointer) (ptr+cksum_size+14), + tmsglen))) { + xfree(plain); + xfree(t); + return(code); + } + } }else { - if (tmsglen) - memcpy(ptr+14+cksum_size, plain, tmsglen); + if (tmsglen) + memcpy(ptr+14+cksum_size, plain, tmsglen); } - xfree(plain); + xfree(plain); /* that's it. return the token */ @@ -319,11 +320,11 @@ make_seal_token_v1 (krb5_context context, OM_uint32 kg_seal(minor_status, context_handle, conf_req_flag, qop_req, - input_message_buffer, conf_state, output_message_buffer, toktype) + input_message_buffer, conf_state, output_message_buffer, toktype) OM_uint32 *minor_status; gss_ctx_id_t context_handle; int conf_req_flag; - int qop_req; + gss_qop_t qop_req; gss_buffer_t input_message_buffer; int *conf_state; gss_buffer_t output_message_buffer; @@ -339,65 +340,65 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req, /* Only default qop or matching established cryptosystem is allowed. - There are NO EXTENSIONS to this set for AES and friends! The - new spec says "just use 0". The old spec plus extensions would - actually allow for certain non-zero values. Fix this to handle - them later. */ + There are NO EXTENSIONS to this set for AES and friends! The + new spec says "just use 0". The old spec plus extensions would + actually allow for certain non-zero values. Fix this to handle + them later. */ if (qop_req != 0) { - *minor_status = (OM_uint32) G_UNKNOWN_QOP; - return GSS_S_FAILURE; + *minor_status = (OM_uint32) G_UNKNOWN_QOP; + return GSS_S_FAILURE; } /* validate the context handle */ if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); } ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { - *minor_status = KG_CTX_INCOMPLETE; - return(GSS_S_NO_CONTEXT); + *minor_status = KG_CTX_INCOMPLETE; + return(GSS_S_NO_CONTEXT); } context = ctx->k5_context; if ((code = krb5_timeofday(context, &now))) { - *minor_status = code; - save_error_info(*minor_status, context); - return(GSS_S_FAILURE); + *minor_status = code; + save_error_info(*minor_status, context); + return(GSS_S_FAILURE); } switch (ctx->proto) { case 0: - code = make_seal_token_v1(context, ctx->enc, ctx->seq, - &ctx->seq_send, ctx->initiate, - input_message_buffer, output_message_buffer, - ctx->signalg, ctx->cksum_size, ctx->sealalg, - conf_req_flag, toktype, ctx->big_endian, - ctx->mech_used); - break; + code = make_seal_token_v1(context, ctx->enc, ctx->seq, + &ctx->seq_send, ctx->initiate, + input_message_buffer, output_message_buffer, + ctx->signalg, ctx->cksum_size, ctx->sealalg, + conf_req_flag, toktype, ctx->big_endian, + ctx->mech_used); + break; case 1: - code = gss_krb5int_make_seal_token_v3(context, ctx, - input_message_buffer, - output_message_buffer, - conf_req_flag, toktype); - break; + code = gss_krb5int_make_seal_token_v3(context, ctx, + input_message_buffer, + output_message_buffer, + conf_req_flag, toktype); + break; default: - code = G_UNKNOWN_QOP; /* XXX */ - break; + code = G_UNKNOWN_QOP; /* XXX */ + break; } if (code) { - *minor_status = code; - save_error_info(*minor_status, context); - return(GSS_S_FAILURE); + *minor_status = code; + save_error_info(*minor_status, context); + return(GSS_S_FAILURE); } if (conf_state) - *conf_state = conf_req_flag; + *conf_state = conf_req_flag; *minor_status = 0; - return((ctx->endtime < now)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE); + return((ctx->krb_times.endtime < now)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c new file mode 100644 index 0000000000..a0808addb0 --- /dev/null +++ b/src/lib/gssapi/krb5/k5sealiov.c @@ -0,0 +1,517 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* + * lib/gssapi/krb5/k5sealiov.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + */ + +#include +#include "k5-platform.h" /* for 64-bit support */ +#include "k5-int.h" /* for zap() */ +#include "gssapiP_krb5.h" +#include + +static krb5_error_code +make_seal_token_v1_iov(krb5_context context, + krb5_gss_ctx_id_rec *ctx, + int conf_req_flag, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype) +{ + krb5_error_code code = 0; + gss_iov_buffer_t header; + gss_iov_buffer_t padding; + gss_iov_buffer_t trailer; + krb5_checksum md5cksum; + krb5_checksum cksum; + size_t k5_headerlen = 0, k5_trailerlen = 0; + size_t data_length = 0, assoc_data_length = 0; + size_t tmsglen = 0, tlen; + unsigned char *ptr; + krb5_keyusage sign_usage = KG_USAGE_SIGN; + + assert(toktype == KG_TOK_WRAP_MSG); + + md5cksum.length = cksum.length = 0; + md5cksum.contents = cksum.contents = NULL; + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + if (header == NULL) + return EINVAL; + + padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); + if (padding == NULL && (ctx->gss_flags & GSS_C_DCE_STYLE) == 0) + return EINVAL; + + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + if (trailer != NULL) + trailer->buffer.length = 0; + + /* Determine confounder length */ + if (toktype == KG_TOK_WRAP_MSG || conf_req_flag) + k5_headerlen = kg_confounder_size(context, ctx->enc); + + /* Check padding length */ + if (toktype == KG_TOK_WRAP_MSG) { + size_t k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8; + size_t gss_padlen; + size_t conf_data_length; + + kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length); + conf_data_length = k5_headerlen + data_length - assoc_data_length; + + if (k5_padlen == 1) + gss_padlen = 1; /* one byte to indicate one byte of padding */ + else + gss_padlen = k5_padlen - (conf_data_length % k5_padlen); + + if (ctx->gss_flags & GSS_C_DCE_STYLE) { + /* DCE will pad the actual data itself; padding buffer optional and will be zeroed */ + gss_padlen = 0; + + if (conf_data_length % k5_padlen) + code = KRB5_BAD_MSIZE; + } else if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { + code = kg_allocate_iov(padding, gss_padlen); + } else if (padding->buffer.length < gss_padlen) { + code = KRB5_BAD_MSIZE; + } + if (code != 0) + goto cleanup; + + /* Initialize padding buffer to pad itself */ + if (padding != NULL) { + padding->buffer.length = gss_padlen; + memset(padding->buffer.value, (int)gss_padlen, gss_padlen); + } + + if (ctx->gss_flags & GSS_C_DCE_STYLE) + tmsglen = k5_headerlen; /* confounder length */ + else + tmsglen = conf_data_length + padding->buffer.length; + } + + /* Determine token size */ + tlen = g_token_size(ctx->mech_used, 14 + ctx->cksum_size + tmsglen); + + k5_headerlen += tlen - tmsglen; + + if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) + code = kg_allocate_iov(header, k5_headerlen); + else if (header->buffer.length < k5_headerlen) + code = KRB5_BAD_MSIZE; + if (code != 0) + goto cleanup; + + header->buffer.length = k5_headerlen; + + ptr = (unsigned char *)header->buffer.value; + g_make_token_header(ctx->mech_used, 14 + ctx->cksum_size + tmsglen, &ptr, toktype); + + /* 0..1 SIGN_ALG */ + ptr[0] = (ctx->signalg ) & 0xFF; + ptr[1] = (ctx->signalg >> 8) & 0xFF; + + /* 2..3 SEAL_ALG or Filler */ + if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) { + ptr[2] = (ctx->sealalg ) & 0xFF; + ptr[3] = (ctx->sealalg >> 8) & 0xFF; + } else { + /* No seal */ + ptr[2] = 0xFF; + ptr[3] = 0xFF; + } + + /* 4..5 Filler */ + ptr[4] = 0xFF; + ptr[5] = 0xFF; + + /* pad the plaintext, encrypt if needed, and stick it in the token */ + + /* initialize the checksum */ + switch (ctx->signalg) { + case SGN_ALG_DES_MAC_MD5: + case SGN_ALG_MD2_5: + md5cksum.checksum_type = CKSUMTYPE_RSA_MD5; + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; + break; + case SGN_ALG_HMAC_MD5: + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + if (toktype != KG_TOK_WRAP_MSG) + sign_usage = 15; + break; + default: + case SGN_ALG_DES_MAC: + abort (); + } + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &k5_trailerlen); + if (code != 0) + goto cleanup; + md5cksum.length = k5_trailerlen; + + if (k5_headerlen != 0) { + code = kg_make_confounder(context, ctx->enc, ptr + 14 + ctx->cksum_size); + if (code != 0) + goto cleanup; + } + + /* compute the checksum */ + code = kg_make_checksum_iov_v1(context, md5cksum.checksum_type, + ctx->cksum_size, ctx->seq, ctx->enc, + sign_usage, iov, iov_count, toktype, + &md5cksum); + if (code != 0) + goto cleanup; + + switch (ctx->signalg) { + case SGN_ALG_DES_MAC_MD5: + case SGN_ALG_3: + code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL, + (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ? + ctx->seq->contents : NULL), + md5cksum.contents, md5cksum.contents, 16); + if (code != 0) + goto cleanup; + + cksum.length = ctx->cksum_size; + cksum.contents = md5cksum.contents + 16 - cksum.length; + + memcpy(ptr + 14, cksum.contents, cksum.length); + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + assert(md5cksum.length == ctx->cksum_size); + memcpy(ptr + 14, md5cksum.contents, md5cksum.length); + break; + case SGN_ALG_HMAC_MD5: + memcpy(ptr + 14, md5cksum.contents, ctx->cksum_size); + break; + } + + /* create the seq_num */ + code = kg_make_seq_num(context, ctx->seq, ctx->initiate ? 0 : 0xFF, + (OM_uint32)ctx->seq_send, ptr + 14, ptr + 6); + if (code != 0) + goto cleanup; + + if (conf_req_flag) { + if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) { + unsigned char bigend_seqnum[4]; + krb5_keyblock *enc_key; + size_t i; + + bigend_seqnum[0] = (ctx->seq_send >> 24) & 0xFF; + bigend_seqnum[1] = (ctx->seq_send >> 16) & 0xFF; + bigend_seqnum[2] = (ctx->seq_send >> 8 ) & 0xFF; + bigend_seqnum[3] = (ctx->seq_send ) & 0xFF; + + code = krb5_copy_keyblock(context, ctx->enc, &enc_key); + if (code != 0) + goto cleanup; + + assert(enc_key->length == 16); + + for (i = 0; i < enc_key->length; i++) + ((char *)enc_key->contents)[i] ^= 0xF0; + + code = kg_arcfour_docrypt_iov(context, enc_key, 0, + bigend_seqnum, 4, + iov, iov_count); + krb5_free_keyblock(context, enc_key); + } else { + code = kg_encrypt_iov(context, ctx->proto, + ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0), + 0 /*EC*/, 0 /*RRC*/, + ctx->enc, KG_USAGE_SEAL, NULL, + iov, iov_count); + } + if (code != 0) + goto cleanup; + } + + ctx->seq_send++; + ctx->seq_send &= 0xFFFFFFFFL; + + code = 0; + + if (conf_state != NULL) + *conf_state = conf_req_flag; + +cleanup: + if (code != 0) + kg_release_iov(iov, iov_count); + krb5_free_checksum_contents(context, &md5cksum); + + return code; +} + +OM_uint32 +kg_seal_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype) +{ + krb5_gss_ctx_id_rec *ctx; + krb5_error_code code; + krb5_timestamp now; + krb5_context context; + + if (qop_req != 0) { + *minor_status = (OM_uint32)G_UNKNOWN_QOP; + return GSS_S_FAILURE; + } + + if (!kg_validate_ctx_id(context_handle)) { + *minor_status = (OM_uint32)G_VALIDATE_FAILED; + return GSS_S_NO_CONTEXT; + } + + ctx = (krb5_gss_ctx_id_rec *)context_handle; + if (!ctx->established) { + *minor_status = KG_CTX_INCOMPLETE; + return GSS_S_NO_CONTEXT; + } + + context = ctx->k5_context; + code = krb5_timeofday(context, &now); + if (code != 0) { + *minor_status = code; + save_error_info(*minor_status, context); + return GSS_S_FAILURE; + } + + if (conf_req_flag && kg_integ_only_iov(iov, iov_count)) { + /* may be more sensible to return an error here */ + conf_req_flag = FALSE; + } + + switch (ctx->proto) { + case 0: + code = make_seal_token_v1_iov(context, ctx, conf_req_flag, + conf_state, iov, iov_count, toktype); + break; + case 1: + code = gss_krb5int_make_seal_token_v3_iov(context, ctx, conf_req_flag, + conf_state, iov, iov_count, toktype); + break; + default: + code = G_UNKNOWN_QOP; + break; + } + + if (code != 0) { + *minor_status = code; + save_error_info(*minor_status, context); + return GSS_S_FAILURE; + } + + *minor_status = 0; + + return (ctx->krb_times.endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE; +} + +#define INIT_IOV_DATA(_iov) do { (_iov)->buffer.value = NULL; \ + (_iov)->buffer.length = 0; } \ + while (0) + +OM_uint32 +kg_seal_iov_length(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + krb5_gss_ctx_id_rec *ctx; + gss_iov_buffer_t header, trailer, padding; + size_t data_length, assoc_data_length; + size_t gss_headerlen, gss_padlen, gss_trailerlen; + unsigned int k5_headerlen = 0, k5_trailerlen = 0, k5_padlen = 0; + krb5_error_code code; + krb5_context context; + int dce_style; + + if (qop_req != GSS_C_QOP_DEFAULT) { + *minor_status = (OM_uint32)G_UNKNOWN_QOP; + return GSS_S_FAILURE; + } + + if (!kg_validate_ctx_id(context_handle)) { + *minor_status = (OM_uint32)G_VALIDATE_FAILED; + return GSS_S_NO_CONTEXT; + } + + ctx = (krb5_gss_ctx_id_rec *)context_handle; + if (!ctx->established) { + *minor_status = KG_CTX_INCOMPLETE; + return GSS_S_NO_CONTEXT; + } + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + if (header == NULL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + INIT_IOV_DATA(header); + + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + if (trailer != NULL) { + INIT_IOV_DATA(trailer); + } + + dce_style = ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0); + + /* For CFX, EC is used instead of padding, and is placed in header or trailer */ + padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); + if (padding == NULL) { + if (conf_req_flag && ctx->proto == 0 && !dce_style) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + } else { + INIT_IOV_DATA(padding); + } + + kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length); + + if (conf_req_flag && kg_integ_only_iov(iov, iov_count)) + conf_req_flag = FALSE; + + context = ctx->k5_context; + + gss_headerlen = gss_padlen = gss_trailerlen = 0; + + if (ctx->proto == 1) { + krb5_enctype enctype; + size_t ec; + + if (ctx->have_acceptor_subkey) + enctype = ctx->acceptor_subkey->enctype; + else + enctype = ctx->subkey->enctype; + + code = krb5_c_crypto_length(context, enctype, + conf_req_flag ? + KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM, + &k5_trailerlen); + if (code != 0) { + *minor_status = code; + return GSS_S_FAILURE; + } + + if (conf_req_flag) { + code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen); + if (code != 0) { + *minor_status = code; + return GSS_S_FAILURE; + } + } + + gss_headerlen = 16; /* Header */ + if (conf_req_flag) { + gss_headerlen += k5_headerlen; /* Kerb-Header */ + gss_trailerlen = 16 /* E(Header) */ + k5_trailerlen; /* Kerb-Trailer */ + + code = krb5_c_padding_length(context, enctype, + data_length - assoc_data_length + 16 /* E(Header) */, &k5_padlen); + if (code != 0) { + *minor_status = code; + return GSS_S_FAILURE; + } + + if (k5_padlen == 0 && dce_style) { + /* Windows rejects AEAD tokens with non-zero EC */ + code = krb5_c_block_size(context, enctype, &ec); + if (code != 0) { + *minor_status = code; + return GSS_S_FAILURE; + } + } else + ec = k5_padlen; + + gss_trailerlen += ec; + } else { + gss_trailerlen = k5_trailerlen; /* Kerb-Checksum */ + } + } else if (!dce_style) { + k5_padlen = (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) ? 1 : 8; + + if (k5_padlen == 1) + gss_padlen = 1; + else + gss_padlen = k5_padlen - ((data_length - assoc_data_length) % k5_padlen); + } + + data_length += gss_padlen; + + if (ctx->proto == 0) { + /* Header | Checksum | Confounder | Data | Pad */ + size_t data_size; + + k5_headerlen = kg_confounder_size(context, ctx->enc); + + data_size = 14 /* Header */ + ctx->cksum_size + k5_headerlen; + + if (!dce_style) + data_size += data_length; + + gss_headerlen = g_token_size(ctx->mech_used, data_size); + + /* g_token_size() will include data_size as well as the overhead, so + * subtract data_length just to get the overhead (ie. token size) */ + if (!dce_style) + gss_headerlen -= data_length; + } + + if (minor_status != NULL) + *minor_status = 0; + + if (trailer == NULL) + gss_headerlen += gss_trailerlen; + else + trailer->buffer.length = gss_trailerlen; + + assert(gss_padlen == 0 || padding != NULL); + + if (padding != NULL) + padding->buffer.length = gss_padlen; + + header->buffer.length = gss_headerlen; + + if (conf_state != NULL) + *conf_state = conf_req_flag; + + return GSS_S_COMPLETE; +} + diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c index c8a168a17a..71e832e15b 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/k5sealv3.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,19 +23,19 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * */ /* draft-ietf-krb-wg-gssapi-cfx-05 */ #include -#include "k5-platform.h" /* for 64-bit support */ -#include "k5-int.h" /* for zap() */ +#include "k5-platform.h" /* for 64-bit support */ +#include "k5-int.h" /* for zap() */ #include "gssapiP_krb5.h" #include -static int -rotate_left (void *ptr, size_t bufsiz, size_t rc) +int +gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc) { /* Optimize for receiving. After some debugging is done, the MIT implementation won't do any rotates on sending, and while @@ -44,14 +45,14 @@ rotate_left (void *ptr, size_t bufsiz, size_t rc) void *tbuf; if (bufsiz == 0) - return 1; + return 1; rc = rc % bufsiz; if (rc == 0) - return 1; + return 1; tbuf = malloc(rc); if (tbuf == 0) - return 0; + return 0; memcpy(tbuf, ptr, rc); memmove(ptr, (char *)ptr + rc, bufsiz - rc); memcpy((char *)ptr + bufsiz - rc, tbuf, rc); @@ -61,16 +62,12 @@ rotate_left (void *ptr, size_t bufsiz, size_t rc) static const gss_buffer_desc empty_message = { 0, 0 }; -#define FLAG_SENDER_IS_ACCEPTOR 0x01 -#define FLAG_WRAP_CONFIDENTIAL 0x02 -#define FLAG_ACCEPTOR_SUBKEY 0x04 - krb5_error_code gss_krb5int_make_seal_token_v3 (krb5_context context, - krb5_gss_ctx_id_rec *ctx, - const gss_buffer_desc * message, - gss_buffer_t token, - int conf_req_flag, int toktype) + krb5_gss_ctx_id_rec *ctx, + const gss_buffer_desc * message, + gss_buffer_t token, + int conf_req_flag, int toktype) { size_t bufsize = 16; unsigned char *outbuf = 0; @@ -85,202 +82,209 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, unsigned short tok_id; krb5_checksum sum; krb5_keyblock *key; + krb5_cksumtype cksumtype; - assert(toktype != KG_TOK_SEAL_MSG || ctx->enc != 0); assert(ctx->big_endian == 0); acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR; key_usage = (toktype == KG_TOK_WRAP_MSG - ? (ctx->initiate - ? KG_USAGE_INITIATOR_SEAL - : KG_USAGE_ACCEPTOR_SEAL) - : (ctx->initiate - ? KG_USAGE_INITIATOR_SIGN - : KG_USAGE_ACCEPTOR_SIGN)); + ? (ctx->initiate + ? KG_USAGE_INITIATOR_SEAL + : KG_USAGE_ACCEPTOR_SEAL) + : (ctx->initiate + ? KG_USAGE_INITIATOR_SIGN + : KG_USAGE_ACCEPTOR_SIGN)); if (ctx->have_acceptor_subkey) { - key = ctx->acceptor_subkey; + key = ctx->acceptor_subkey; + cksumtype = ctx->acceptor_subkey_cksumtype; } else { - key = ctx->enc; + key = ctx->subkey; + cksumtype = ctx->cksumtype; } + assert(key != NULL); #ifdef CFX_EXERCISE { - static int initialized = 0; - if (!initialized) { - srand(time(0)); - initialized = 1; - } + static int initialized = 0; + if (!initialized) { + srand(time(0)); + initialized = 1; + } } #endif if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) { - krb5_data plain; - krb5_enc_data cipher; - size_t ec_max; - - /* 300: Adds some slop. */ - if (SIZE_MAX - 300 < message->length) - return ENOMEM; - ec_max = SIZE_MAX - message->length - 300; - if (ec_max > 0xffff) - ec_max = 0xffff; + krb5_data plain; + krb5_enc_data cipher; + size_t ec_max; + + /* 300: Adds some slop. */ + if (SIZE_MAX - 300 < message->length) + return ENOMEM; + ec_max = SIZE_MAX - message->length - 300; + if (ec_max > 0xffff) + ec_max = 0xffff; #ifdef CFX_EXERCISE - /* For testing only. For performance, always set ec = 0. */ - ec = ec_max & rand(); + /* For testing only. For performance, always set ec = 0. */ + ec = ec_max & rand(); #else - ec = 0; + ec = 0; #endif - plain.length = message->length + 16 + ec; - plain.data = malloc(message->length + 16 + ec); - if (plain.data == NULL) - return ENOMEM; - - /* Get size of ciphertext. */ - bufsize = 16 + krb5_encrypt_size (plain.length, ctx->enc->enctype); - /* Allocate space for header plus encrypted data. */ - outbuf = malloc(bufsize); - if (outbuf == NULL) { - free(plain.data); - return ENOMEM; - } - - /* TOK_ID */ - store_16_be(0x0504, outbuf); - /* flags */ - outbuf[2] = (acceptor_flag - | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0) - | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0)); - /* filler */ - outbuf[3] = 0xff; - /* EC */ - store_16_be(ec, outbuf+4); - /* RRC */ - store_16_be(0, outbuf+6); - store_64_be(ctx->seq_send, outbuf+8); - - memcpy(plain.data, message->value, message->length); - memset(plain.data + message->length, 'x', ec); - memcpy(plain.data + message->length + ec, outbuf, 16); - - cipher.ciphertext.data = outbuf + 16; - cipher.ciphertext.length = bufsize - 16; - cipher.enctype = key->enctype; - err = krb5_c_encrypt(context, key, key_usage, 0, &plain, &cipher); - zap(plain.data, plain.length); - free(plain.data); - plain.data = 0; - if (err) - goto error; - - /* Now that we know we're returning a valid token.... */ - ctx->seq_send++; + plain.length = message->length + 16 + ec; + plain.data = malloc(message->length + 16 + ec); + if (plain.data == NULL) + return ENOMEM; + + /* Get size of ciphertext. */ + bufsize = 16 + krb5_encrypt_size (plain.length, key->enctype); + /* Allocate space for header plus encrypted data. */ + outbuf = malloc(bufsize); + if (outbuf == NULL) { + free(plain.data); + return ENOMEM; + } + + /* TOK_ID */ + store_16_be(KG2_TOK_WRAP_MSG, outbuf); + /* flags */ + outbuf[2] = (acceptor_flag + | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0) + | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0)); + /* filler */ + outbuf[3] = 0xff; + /* EC */ + store_16_be(ec, outbuf+4); + /* RRC */ + store_16_be(0, outbuf+6); + store_64_be(ctx->seq_send, outbuf+8); + + memcpy(plain.data, message->value, message->length); + memset(plain.data + message->length, 'x', ec); + memcpy(plain.data + message->length + ec, outbuf, 16); + + cipher.ciphertext.data = (char *)outbuf + 16; + cipher.ciphertext.length = bufsize - 16; + cipher.enctype = key->enctype; + err = krb5_c_encrypt(context, key, key_usage, 0, &plain, &cipher); + zap(plain.data, plain.length); + free(plain.data); + plain.data = 0; + if (err) + goto error; + + /* Now that we know we're returning a valid token.... */ + ctx->seq_send++; #ifdef CFX_EXERCISE - rrc = rand() & 0xffff; - if (rotate_left(outbuf+16, bufsize-16, - (bufsize-16) - (rrc % (bufsize - 16)))) - store_16_be(rrc, outbuf+6); - /* If the rotate fails, don't worry about it. */ + rrc = rand() & 0xffff; + if (gss_krb5int_rotate_left(outbuf+16, bufsize-16, + (bufsize-16) - (rrc % (bufsize - 16)))) + store_16_be(rrc, outbuf+6); + /* If the rotate fails, don't worry about it. */ #endif } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) { - krb5_data plain; + krb5_data plain; + size_t cksumsize; - /* Here, message is the application-supplied data; message2 is - what goes into the output token. They may be the same, or - message2 may be empty (for MIC). */ + /* Here, message is the application-supplied data; message2 is + what goes into the output token. They may be the same, or + message2 may be empty (for MIC). */ - tok_id = 0x0504; + tok_id = KG2_TOK_WRAP_MSG; wrap_with_checksum: - plain.length = message->length + 16; - plain.data = malloc(message->length + 16); - if (plain.data == NULL) - return ENOMEM; - - if (ctx->cksum_size > 0xffff) - abort(); - - bufsize = 16 + message2->length + ctx->cksum_size; - outbuf = malloc(bufsize); - if (outbuf == NULL) { - free(plain.data); - plain.data = 0; - err = ENOMEM; - goto error; - } - - /* TOK_ID */ - store_16_be(tok_id, outbuf); - /* flags */ - outbuf[2] = (acceptor_flag - | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0)); - /* filler */ - outbuf[3] = 0xff; - if (toktype == KG_TOK_WRAP_MSG) { - /* Use 0 for checksum calculation, substitute - checksum length later. */ - /* EC */ - store_16_be(0, outbuf+4); - /* RRC */ - store_16_be(0, outbuf+6); - } else { - /* MIC and DEL store 0xFF in EC and RRC. */ - store_16_be(0xffff, outbuf+4); - store_16_be(0xffff, outbuf+6); - } - store_64_be(ctx->seq_send, outbuf+8); - - memcpy(plain.data, message->value, message->length); - memcpy(plain.data + message->length, outbuf, 16); - - /* Fill in the output token -- data contents, if any, and - space for the checksum. */ - if (message2->length) - memcpy(outbuf + 16, message2->value, message2->length); - - sum.contents = outbuf + 16 + message2->length; - sum.length = ctx->cksum_size; - - err = krb5_c_make_checksum(context, ctx->cksumtype, key, - key_usage, &plain, &sum); - zap(plain.data, plain.length); - free(plain.data); - plain.data = 0; - if (err) { - zap(outbuf,bufsize); + plain.length = message->length + 16; + plain.data = malloc(message->length + 16); + if (plain.data == NULL) + return ENOMEM; + + err = krb5_c_checksum_length(context, cksumtype, &cksumsize); + if (err) goto error; - } - if (sum.length != ctx->cksum_size) - abort(); - memcpy(outbuf + 16 + message2->length, sum.contents, ctx->cksum_size); - krb5_free_checksum_contents(context, &sum); - sum.contents = 0; - /* Now that we know we're actually generating the token... */ - ctx->seq_send++; - - if (toktype == KG_TOK_WRAP_MSG) { + + assert(cksumsize <= 0xffff); + + bufsize = 16 + message2->length + cksumsize; + outbuf = malloc(bufsize); + if (outbuf == NULL) { + free(plain.data); + plain.data = 0; + err = ENOMEM; + goto error; + } + + /* TOK_ID */ + store_16_be(tok_id, outbuf); + /* flags */ + outbuf[2] = (acceptor_flag + | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0)); + /* filler */ + outbuf[3] = 0xff; + if (toktype == KG_TOK_WRAP_MSG) { + /* Use 0 for checksum calculation, substitute + checksum length later. */ + /* EC */ + store_16_be(0, outbuf+4); + /* RRC */ + store_16_be(0, outbuf+6); + } else { + /* MIC and DEL store 0xFF in EC and RRC. */ + store_16_be(0xffff, outbuf+4); + store_16_be(0xffff, outbuf+6); + } + store_64_be(ctx->seq_send, outbuf+8); + + memcpy(plain.data, message->value, message->length); + memcpy(plain.data + message->length, outbuf, 16); + + /* Fill in the output token -- data contents, if any, and + space for the checksum. */ + if (message2->length) + memcpy(outbuf + 16, message2->value, message2->length); + + sum.contents = outbuf + 16 + message2->length; + sum.length = cksumsize; + + err = krb5_c_make_checksum(context, cksumtype, key, + key_usage, &plain, &sum); + zap(plain.data, plain.length); + free(plain.data); + plain.data = 0; + if (err) { + zap(outbuf,bufsize); + goto error; + } + if (sum.length != cksumsize) + abort(); + memcpy(outbuf + 16 + message2->length, sum.contents, cksumsize); + krb5_free_checksum_contents(context, &sum); + sum.contents = 0; + /* Now that we know we're actually generating the token... */ + ctx->seq_send++; + + if (toktype == KG_TOK_WRAP_MSG) { #ifdef CFX_EXERCISE - rrc = rand() & 0xffff; - /* If the rotate fails, don't worry about it. */ - if (rotate_left(outbuf+16, bufsize-16, - (bufsize-16) - (rrc % (bufsize - 16)))) - store_16_be(rrc, outbuf+6); + rrc = rand() & 0xffff; + /* If the rotate fails, don't worry about it. */ + if (gss_krb5int_rotate_left(outbuf+16, bufsize-16, + (bufsize-16) - (rrc % (bufsize - 16)))) + store_16_be(rrc, outbuf+6); #endif - /* Fix up EC field. */ - store_16_be(ctx->cksum_size, outbuf+4); - } else { - store_16_be(0xffff, outbuf+6); - } + /* Fix up EC field. */ + store_16_be(cksumsize, outbuf+4); + } else { + store_16_be(0xffff, outbuf+6); + } } else if (toktype == KG_TOK_MIC_MSG) { - tok_id = 0x0404; - message2 = &empty_message; - goto wrap_with_checksum; + tok_id = KG2_TOK_MIC_MSG; + message2 = &empty_message; + goto wrap_with_checksum; } else if (toktype == KG_TOK_DEL_CTX) { - tok_id = 0x0405; - message = message2 = &empty_message; - goto wrap_with_checksum; + tok_id = KG2_TOK_DEL_CTX; + message = message2 = &empty_message; + goto wrap_with_checksum; } else - abort(); + abort(); token->value = outbuf; token->length = bufsize; @@ -298,11 +302,11 @@ error: OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, - OM_uint32 *minor_status, - krb5_gss_ctx_id_rec *ctx, - unsigned char *ptr, unsigned int bodysize, - gss_buffer_t message_buffer, - int *conf_state, int *qop_state, int toktype) + OM_uint32 *minor_status, + krb5_gss_ctx_id_rec *ctx, + unsigned char *ptr, unsigned int bodysize, + gss_buffer_t message_buffer, + int *conf_state, gss_qop_t *qop_state, int toktype) { krb5_context context = *contextptr; krb5_data plain; @@ -314,22 +318,22 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, krb5_error_code err; krb5_boolean valid; krb5_keyblock *key; + krb5_cksumtype cksumtype; - assert(toktype != KG_TOK_SEAL_MSG || ctx->enc != 0); assert(ctx->big_endian == 0); assert(ctx->proto == 1); if (qop_state) - *qop_state = GSS_C_QOP_DEFAULT; + *qop_state = GSS_C_QOP_DEFAULT; acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0; key_usage = (toktype == KG_TOK_WRAP_MSG - ? (!ctx->initiate - ? KG_USAGE_INITIATOR_SEAL - : KG_USAGE_ACCEPTOR_SEAL) - : (!ctx->initiate - ? KG_USAGE_INITIATOR_SIGN - : KG_USAGE_ACCEPTOR_SIGN)); + ? (!ctx->initiate + ? KG_USAGE_INITIATOR_SEAL + : KG_USAGE_ACCEPTOR_SEAL) + : (!ctx->initiate + ? KG_USAGE_INITIATOR_SIGN + : KG_USAGE_ACCEPTOR_SIGN)); /* Oops. I wrote this code assuming ptr would be at the start of the token header. */ @@ -338,174 +342,183 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, if (bodysize < 16) { defective: - *minor_status = 0; - return GSS_S_DEFECTIVE_TOKEN; + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; } if ((ptr[2] & FLAG_SENDER_IS_ACCEPTOR) != acceptor_flag) { - *minor_status = G_BAD_DIRECTION; - return GSS_S_BAD_SIG; + *minor_status = (OM_uint32)G_BAD_DIRECTION; + return GSS_S_BAD_SIG; } /* Two things to note here. - First, we can't really enforce the use of the acceptor's subkey, - if we're the acceptor; the initiator may have sent messages - before getting the subkey. We could probably enforce it if - we're the initiator. - - Second, if someone tweaks the code to not set the flag telling - the krb5 library to generate a new subkey in the AP-REP - message, the MIT library may include a subkey anyways -- - namely, a copy of the AP-REQ subkey, if it was provided. So - the initiator may think we wanted a subkey, and set the flag, - even though we weren't trying to set the subkey. The "other" - key, the one not asserted by the acceptor, will have the same - value in that case, though, so we can just ignore the flag. */ + First, we can't really enforce the use of the acceptor's subkey, + if we're the acceptor; the initiator may have sent messages + before getting the subkey. We could probably enforce it if + we're the initiator. + + Second, if someone tweaks the code to not set the flag telling + the krb5 library to generate a new subkey in the AP-REP + message, the MIT library may include a subkey anyways -- + namely, a copy of the AP-REQ subkey, if it was provided. So + the initiator may think we wanted a subkey, and set the flag, + even though we weren't trying to set the subkey. The "other" + key, the one not asserted by the acceptor, will have the same + value in that case, though, so we can just ignore the flag. */ if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) { - key = ctx->acceptor_subkey; + key = ctx->acceptor_subkey; + cksumtype = ctx->acceptor_subkey_cksumtype; } else { - key = ctx->enc; + key = ctx->subkey; + cksumtype = ctx->cksumtype; } + assert(key != NULL); if (toktype == KG_TOK_WRAP_MSG) { - if (load_16_be(ptr) != 0x0504) - goto defective; - if (ptr[3] != 0xff) - goto defective; - ec = load_16_be(ptr+4); - rrc = load_16_be(ptr+6); - seqnum = load_64_be(ptr+8); - if (!rotate_left(ptr+16, bodysize-16, rrc)) { - no_mem: - *minor_status = ENOMEM; - return GSS_S_FAILURE; - } - if (ptr[2] & FLAG_WRAP_CONFIDENTIAL) { - /* confidentiality */ - krb5_enc_data cipher; - unsigned char *althdr; - - if (conf_state) - *conf_state = 1; - /* Do we have no decrypt_size function? - - For all current cryptosystems, the ciphertext size will - be larger than the plaintext size. */ - cipher.enctype = key->enctype; - cipher.ciphertext.length = bodysize - 16; - cipher.ciphertext.data = ptr + 16; - plain.length = bodysize - 16; - plain.data = malloc(plain.length); - if (plain.data == NULL) - goto no_mem; - err = krb5_c_decrypt(context, key, key_usage, 0, - &cipher, &plain); - if (err) { - free(plain.data); - goto error; - } - /* Don't use bodysize here! Use the fact that - cipher.ciphertext.length has been adjusted to the - correct length. */ - althdr = plain.data + plain.length - 16; - if (load_16_be(althdr) != 0x0504 - || althdr[2] != ptr[2] - || althdr[3] != ptr[3] - || memcmp(althdr+8, ptr+8, 8)) { - free(plain.data); - goto defective; - } - message_buffer->value = plain.data; - message_buffer->length = plain.length - ec - 16; - if(message_buffer->length == 0) { - free(message_buffer->value); - message_buffer->value = NULL; - } - } else { - /* no confidentiality */ - if (conf_state) - *conf_state = 0; - if (ec + 16 < ec) - /* overflow check */ - goto defective; - if (ec + 16 > bodysize) - goto defective; - /* We have: header | msg | cksum. - We need cksum(msg | header). - Rotate the first two. */ - store_16_be(0, ptr+4); - store_16_be(0, ptr+6); - plain.length = bodysize-ec; - plain.data = ptr; - if (!rotate_left(ptr, bodysize-ec, 16)) - goto no_mem; - sum.length = ec; - if (sum.length != ctx->cksum_size) { - *minor_status = 0; - return GSS_S_BAD_SIG; - } - sum.contents = ptr+bodysize-ec; - sum.checksum_type = ctx->cksumtype; - err = krb5_c_verify_checksum(context, key, key_usage, - &plain, &sum, &valid); + if (load_16_be(ptr) != KG2_TOK_WRAP_MSG) + goto defective; + if (ptr[3] != 0xff) + goto defective; + ec = load_16_be(ptr+4); + rrc = load_16_be(ptr+6); + seqnum = load_64_be(ptr+8); + if (!gss_krb5int_rotate_left(ptr+16, bodysize-16, rrc)) { + no_mem: + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + if (ptr[2] & FLAG_WRAP_CONFIDENTIAL) { + /* confidentiality */ + krb5_enc_data cipher; + unsigned char *althdr; + + if (conf_state) + *conf_state = 1; + /* Do we have no decrypt_size function? + + For all current cryptosystems, the ciphertext size will + be larger than the plaintext size. */ + cipher.enctype = key->enctype; + cipher.ciphertext.length = bodysize - 16; + cipher.ciphertext.data = (char *)ptr + 16; + plain.length = bodysize - 16; + plain.data = malloc(plain.length); + if (plain.data == NULL) + goto no_mem; + err = krb5_c_decrypt(context, key, key_usage, 0, + &cipher, &plain); + if (err) { + free(plain.data); + goto error; + } + /* Don't use bodysize here! Use the fact that + cipher.ciphertext.length has been adjusted to the + correct length. */ + althdr = (unsigned char *)plain.data + plain.length - 16; + if (load_16_be(althdr) != KG2_TOK_WRAP_MSG + || althdr[2] != ptr[2] + || althdr[3] != ptr[3] + || memcmp(althdr+8, ptr+8, 8)) { + free(plain.data); + goto defective; + } + message_buffer->value = plain.data; + message_buffer->length = plain.length - ec - 16; + if(message_buffer->length == 0) { + free(message_buffer->value); + message_buffer->value = NULL; + } + } else { + size_t cksumsize; + + err = krb5_c_checksum_length(context, cksumtype, &cksumsize); if (err) goto error; - if (!valid) { - *minor_status = 0; - return GSS_S_BAD_SIG; - } - message_buffer->length = plain.length - 16; - message_buffer->value = malloc(message_buffer->length); - if (message_buffer->value == NULL) - goto no_mem; - memcpy(message_buffer->value, plain.data, message_buffer->length); - } - err = g_order_check(&ctx->seqstate, seqnum); - *minor_status = 0; - return err; + + /* no confidentiality */ + if (conf_state) + *conf_state = 0; + if (ec + 16 < ec) + /* overflow check */ + goto defective; + if (ec + 16 > bodysize) + goto defective; + /* We have: header | msg | cksum. + We need cksum(msg | header). + Rotate the first two. */ + store_16_be(0, ptr+4); + store_16_be(0, ptr+6); + plain.length = bodysize-ec; + plain.data = (char *)ptr; + if (!gss_krb5int_rotate_left(ptr, bodysize-ec, 16)) + goto no_mem; + sum.length = ec; + if (sum.length != cksumsize) { + *minor_status = 0; + return GSS_S_BAD_SIG; + } + sum.contents = ptr+bodysize-ec; + sum.checksum_type = cksumtype; + err = krb5_c_verify_checksum(context, key, key_usage, + &plain, &sum, &valid); + if (err) + goto error; + if (!valid) { + *minor_status = 0; + return GSS_S_BAD_SIG; + } + message_buffer->length = plain.length - 16; + message_buffer->value = malloc(message_buffer->length); + if (message_buffer->value == NULL) + goto no_mem; + memcpy(message_buffer->value, plain.data, message_buffer->length); + } + err = g_order_check(&ctx->seqstate, seqnum); + *minor_status = 0; + return err; } else if (toktype == KG_TOK_MIC_MSG) { - /* wrap token, no confidentiality */ - if (load_16_be(ptr) != 0x0404) - goto defective; + /* wrap token, no confidentiality */ + if (load_16_be(ptr) != KG2_TOK_MIC_MSG) + goto defective; verify_mic_1: - if (ptr[3] != 0xff) - goto defective; - if (load_32_be(ptr+4) != 0xffffffffL) - goto defective; - seqnum = load_64_be(ptr+8); - plain.length = message_buffer->length + 16; - plain.data = malloc(plain.length); - if (plain.data == NULL) - goto no_mem; - if (message_buffer->length) - memcpy(plain.data, message_buffer->value, message_buffer->length); - memcpy(plain.data + message_buffer->length, ptr, 16); - sum.length = bodysize - 16; - sum.contents = ptr + 16; - sum.checksum_type = ctx->cksumtype; - err = krb5_c_verify_checksum(context, key, key_usage, - &plain, &sum, &valid); - free(plain.data); - plain.data = NULL; - if (err) { - error: - *minor_status = err; - save_error_info(*minor_status, context); - return GSS_S_BAD_SIG; /* XXX */ - } - if (!valid) { - *minor_status = 0; - return GSS_S_BAD_SIG; - } - err = g_order_check(&ctx->seqstate, seqnum); - *minor_status = 0; - return err; + if (ptr[3] != 0xff) + goto defective; + if (load_32_be(ptr+4) != 0xffffffffL) + goto defective; + seqnum = load_64_be(ptr+8); + plain.length = message_buffer->length + 16; + plain.data = malloc(plain.length); + if (plain.data == NULL) + goto no_mem; + if (message_buffer->length) + memcpy(plain.data, message_buffer->value, message_buffer->length); + memcpy(plain.data + message_buffer->length, ptr, 16); + sum.length = bodysize - 16; + sum.contents = ptr + 16; + sum.checksum_type = cksumtype; + err = krb5_c_verify_checksum(context, key, key_usage, + &plain, &sum, &valid); + free(plain.data); + plain.data = NULL; + if (err) { + error: + *minor_status = err; + save_error_info(*minor_status, context); + return GSS_S_BAD_SIG; /* XXX */ + } + if (!valid) { + *minor_status = 0; + return GSS_S_BAD_SIG; + } + err = g_order_check(&ctx->seqstate, seqnum); + *minor_status = 0; + return err; } else if (toktype == KG_TOK_DEL_CTX) { - if (load_16_be(ptr) != 0x0405) - goto defective; - message_buffer = &empty_message; - goto verify_mic_1; + if (load_16_be(ptr) != KG2_TOK_DEL_CTX) + goto defective; + message_buffer = (gss_buffer_t)&empty_message; + goto verify_mic_1; } else { - goto defective; + goto defective; } } diff --git a/src/lib/gssapi/krb5/k5sealv3iov.c b/src/lib/gssapi/krb5/k5sealv3iov.c new file mode 100644 index 0000000000..41e6132cd9 --- /dev/null +++ b/src/lib/gssapi/krb5/k5sealv3iov.c @@ -0,0 +1,469 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* + * lib/gssapi/krb5/k5sealv3iov.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + */ + +#include +#include "k5-platform.h" /* for 64-bit support */ +#include "k5-int.h" /* for zap() */ +#include "gssapiP_krb5.h" +#include + +krb5_error_code +gss_krb5int_make_seal_token_v3_iov(krb5_context context, + krb5_gss_ctx_id_rec *ctx, + int conf_req_flag, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype) +{ + krb5_error_code code = 0; + gss_iov_buffer_t header; + gss_iov_buffer_t padding; + gss_iov_buffer_t trailer; + unsigned char acceptor_flag; + unsigned short tok_id; + unsigned char *outbuf = NULL; + unsigned char *tbuf = NULL; + int key_usage; + size_t rrc = 0; + size_t gss_headerlen, gss_trailerlen; + krb5_keyblock *key; + krb5_cksumtype cksumtype; + size_t data_length, assoc_data_length; + + assert(ctx->big_endian == 0); + assert(ctx->proto == 1); + + acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR; + key_usage = (toktype == KG_TOK_WRAP_MSG + ? (ctx->initiate + ? KG_USAGE_INITIATOR_SEAL + : KG_USAGE_ACCEPTOR_SEAL) + : (ctx->initiate + ? KG_USAGE_INITIATOR_SIGN + : KG_USAGE_ACCEPTOR_SIGN)); + if (ctx->have_acceptor_subkey) { + key = ctx->acceptor_subkey; + cksumtype = ctx->acceptor_subkey_cksumtype; + } else { + key = ctx->subkey; + cksumtype = ctx->cksumtype; + } + assert(key != NULL); + assert(cksumtype != 0); + + kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length); + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + if (header == NULL) + return EINVAL; + + padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); + if (padding != NULL) + padding->buffer.length = 0; + + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + + outbuf = (unsigned char *)header->buffer.value; + + if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) { + unsigned int k5_headerlen, k5_trailerlen, k5_padlen; + size_t ec = 0; + size_t conf_data_length = data_length - assoc_data_length; + + code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen); + if (code != 0) + goto cleanup; + + code = krb5_c_padding_length(context, key->enctype, + conf_data_length + 16 /* E(Header) */, &k5_padlen); + if (code != 0) + goto cleanup; + + if (k5_padlen == 0 && (ctx->gss_flags & GSS_C_DCE_STYLE)) { + /* Windows rejects AEAD tokens with non-zero EC */ + code = krb5_c_block_size(context, key->enctype, &ec); + if (code != 0) + goto cleanup; + } else + ec = k5_padlen; + + code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen); + if (code != 0) + goto cleanup; + + gss_headerlen = 16 /* Header */ + k5_headerlen; + gss_trailerlen = ec + 16 /* E(Header) */ + k5_trailerlen; + + if (trailer == NULL) { + rrc = gss_trailerlen; + /* Workaround for Windows bug where it rotates by EC + RRC */ + if (ctx->gss_flags & GSS_C_DCE_STYLE) + rrc -= ec; + gss_headerlen += gss_trailerlen; + } + + if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) + code = kg_allocate_iov(header, gss_headerlen); + else if (header->buffer.length < gss_headerlen) + code = KRB5_BAD_MSIZE; + if (code != 0) + goto cleanup; + header->buffer.length = gss_headerlen; + + if (trailer != NULL) { + if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) + code = kg_allocate_iov(trailer, gss_trailerlen); + else if (trailer->buffer.length < gss_trailerlen) + code = KRB5_BAD_MSIZE; + if (code != 0) + goto cleanup; + trailer->buffer.length = gss_trailerlen; + } + + /* TOK_ID */ + store_16_be(KG2_TOK_WRAP_MSG, outbuf); + /* flags */ + outbuf[2] = (acceptor_flag + | (conf_req_flag ? FLAG_WRAP_CONFIDENTIAL : 0) + | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0)); + /* filler */ + outbuf[3] = 0xFF; + /* EC */ + store_16_be(ec, outbuf + 4); + /* RRC */ + store_16_be(0, outbuf + 6); + store_64_be(ctx->seq_send, outbuf + 8); + + /* EC | copy of header to be encrypted, located in (possibly rotated) trailer */ + if (trailer == NULL) + tbuf = (unsigned char *)header->buffer.value + 16; /* Header */ + else + tbuf = (unsigned char *)trailer->buffer.value; + + memset(tbuf, 0xFF, ec); + memcpy(tbuf + ec, header->buffer.value, 16); + + code = kg_encrypt_iov(context, ctx->proto, + ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0), + ec, rrc, key, key_usage, 0, iov, iov_count); + if (code != 0) + goto cleanup; + + /* RRC */ + store_16_be(rrc, outbuf + 6); + + ctx->seq_send++; + } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) { + tok_id = KG2_TOK_WRAP_MSG; + + wrap_with_checksum: + + gss_headerlen = 16; + + code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &gss_trailerlen); + if (code != 0) + goto cleanup; + + assert(gss_trailerlen <= 0xFFFF); + + if (trailer == NULL) { + rrc = gss_trailerlen; + gss_headerlen += gss_trailerlen; + } + + if (header->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) + code = kg_allocate_iov(header, gss_headerlen); + else if (header->buffer.length < gss_headerlen) + code = KRB5_BAD_MSIZE; + if (code != 0) + goto cleanup; + header->buffer.length = gss_headerlen; + + if (trailer != NULL) { + if (trailer->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) + code = kg_allocate_iov(trailer, gss_trailerlen); + else if (trailer->buffer.length < gss_trailerlen) + code = KRB5_BAD_MSIZE; + if (code != 0) + goto cleanup; + trailer->buffer.length = gss_trailerlen; + } + + /* TOK_ID */ + store_16_be(tok_id, outbuf); + /* flags */ + outbuf[2] = (acceptor_flag + | (ctx->have_acceptor_subkey ? FLAG_ACCEPTOR_SUBKEY : 0)); + /* filler */ + outbuf[3] = 0xFF; + if (toktype == KG_TOK_WRAP_MSG) { + /* Use 0 for checksum calculation, substitute + * checksum length later. + */ + /* EC */ + store_16_be(0, outbuf + 4); + /* RRC */ + store_16_be(0, outbuf + 6); + } else { + /* MIC and DEL store 0xFF in EC and RRC */ + store_16_be(0xFFFF, outbuf + 4); + store_16_be(0xFFFF, outbuf + 6); + } + store_64_be(ctx->seq_send, outbuf + 8); + + code = kg_make_checksum_iov_v3(context, cksumtype, + rrc, key, key_usage, + iov, iov_count); + if (code != 0) + goto cleanup; + + ctx->seq_send++; + + if (toktype == KG_TOK_WRAP_MSG) { + /* Fix up EC field */ + store_16_be(gss_trailerlen, outbuf + 4); + /* Fix up RRC field */ + store_16_be(rrc, outbuf + 6); + } + } else if (toktype == KG_TOK_MIC_MSG) { + tok_id = KG2_TOK_MIC_MSG; + trailer = NULL; + goto wrap_with_checksum; + } else if (toktype == KG_TOK_DEL_CTX) { + tok_id = KG2_TOK_DEL_CTX; + goto wrap_with_checksum; + } else { + abort(); + } + + code = 0; + +cleanup: + if (code != 0) + kg_release_iov(iov, iov_count); + + return code; +} + +OM_uint32 +gss_krb5int_unseal_v3_iov(krb5_context context, + OM_uint32 *minor_status, + krb5_gss_ctx_id_rec *ctx, + gss_iov_buffer_desc *iov, + int iov_count, + int *conf_state, + gss_qop_t *qop_state, + int toktype) +{ + OM_uint32 code; + gss_iov_buffer_t header; + gss_iov_buffer_t padding; + gss_iov_buffer_t trailer; + unsigned char acceptor_flag; + unsigned char *ptr = NULL; + int key_usage; + size_t rrc, ec; + size_t data_length, assoc_data_length; + krb5_keyblock *key; + gssint_uint64 seqnum; + krb5_boolean valid; + krb5_cksumtype cksumtype; + int conf_flag = 0; + + assert(ctx->big_endian == 0); + assert(ctx->proto == 1); + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + assert(header != NULL); + + padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); + if (padding != NULL && padding->buffer.length != 0) + return GSS_S_DEFECTIVE_TOKEN; + + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + + acceptor_flag = ctx->initiate ? FLAG_SENDER_IS_ACCEPTOR : 0; + key_usage = (toktype == KG_TOK_WRAP_MSG + ? (!ctx->initiate + ? KG_USAGE_INITIATOR_SEAL + : KG_USAGE_ACCEPTOR_SEAL) + : (!ctx->initiate + ? KG_USAGE_INITIATOR_SIGN + : KG_USAGE_ACCEPTOR_SIGN)); + + kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length); + + ptr = (unsigned char *)header->buffer.value; + + if (header->buffer.length < 16) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + + if ((ptr[2] & FLAG_SENDER_IS_ACCEPTOR) != acceptor_flag) { + *minor_status = (OM_uint32)G_BAD_DIRECTION; + return GSS_S_BAD_SIG; + } + + if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) { + key = ctx->acceptor_subkey; + cksumtype = ctx->acceptor_subkey_cksumtype; + } else { + key = ctx->subkey; + cksumtype = ctx->cksumtype; + } + assert(key != NULL); + + + if (toktype == KG_TOK_WRAP_MSG) { + unsigned int k5_trailerlen; + + if (load_16_be(ptr) != KG2_TOK_WRAP_MSG) + goto defective; + conf_flag = ((ptr[2] & FLAG_WRAP_CONFIDENTIAL) != 0); + if (ptr[3] != 0xFF) + goto defective; + ec = load_16_be(ptr + 4); + rrc = load_16_be(ptr + 6); + seqnum = load_64_be(ptr + 8); + + code = krb5_c_crypto_length(context, key->enctype, + conf_flag ? KRB5_CRYPTO_TYPE_TRAILER : + KRB5_CRYPTO_TYPE_CHECKSUM, + &k5_trailerlen); + if (code != 0) { + *minor_status = code; + return GSS_S_FAILURE; + } + + /* Deal with RRC */ + if (trailer == NULL) { + size_t desired_rrc = k5_trailerlen; + + if (conf_flag) { + desired_rrc += 16; /* E(Header) */ + + if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0) + desired_rrc += ec; + } + + /* According to MS, we only need to deal with a fixed RRC for DCE */ + if (rrc != desired_rrc) + goto defective; + } else if (rrc != 0) { + /* Should have been rotated by kg_unseal_stream_iov() */ + goto defective; + } + + if (conf_flag) { + unsigned char *althdr; + + /* Decrypt */ + code = kg_decrypt_iov(context, ctx->proto, + ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0), + ec, rrc, + key, key_usage, 0, iov, iov_count); + if (code != 0) { + *minor_status = code; + return GSS_S_BAD_SIG; + } + + /* Validate header integrity */ + if (trailer == NULL) + althdr = (unsigned char *)header->buffer.value + 16 + ec; + else + althdr = (unsigned char *)trailer->buffer.value + ec; + + if (load_16_be(althdr) != KG2_TOK_WRAP_MSG + || althdr[2] != ptr[2] + || althdr[3] != ptr[3] + || memcmp(althdr + 8, ptr + 8, 8) != 0) { + *minor_status = 0; + return GSS_S_BAD_SIG; + } + } else { + /* Verify checksum: note EC is checksum size here, not padding */ + if (ec != k5_trailerlen) + goto defective; + + /* Zero EC, RRC before computing checksum */ + store_16_be(0, ptr + 4); + store_16_be(0, ptr + 6); + + code = kg_verify_checksum_iov_v3(context, cksumtype, rrc, + key, key_usage, + iov, iov_count, &valid); + if (code != 0 || valid == FALSE) { + *minor_status = code; + return GSS_S_BAD_SIG; + } + } + + code = g_order_check(&ctx->seqstate, seqnum); + } else if (toktype == KG_TOK_MIC_MSG) { + if (load_16_be(ptr) != KG2_TOK_MIC_MSG) + goto defective; + + verify_mic_1: + if (ptr[3] != 0xFF) + goto defective; + seqnum = load_64_be(ptr + 8); + + code = kg_verify_checksum_iov_v3(context, cksumtype, 0, + key, key_usage, + iov, iov_count, &valid); + if (code != 0 || valid == FALSE) { + *minor_status = code; + return GSS_S_BAD_SIG; + } + code = g_order_check(&ctx->seqstate, seqnum); + } else if (toktype == KG_TOK_DEL_CTX) { + if (load_16_be(ptr) != KG2_TOK_DEL_CTX) + goto defective; + goto verify_mic_1; + } else { + goto defective; + } + + *minor_status = 0; + + if (conf_state != NULL) + *conf_state = conf_flag; + + return code; + +defective: + *minor_status = 0; + + return GSS_S_DEFECTIVE_TOKEN; +} diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 72afb45763..4b70fd02ad 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 2001, 2007 by the Massachusetts Institute of Technology. * Copyright 1993 by OpenVision Technologies, Inc. @@ -58,7 +59,7 @@ static OM_uint32 kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, - conf_state, qop_state, toktype) + conf_state, qop_state, toktype) krb5_context context; OM_uint32 *minor_status; krb5_gss_ctx_id_rec *ctx; @@ -89,8 +90,8 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, krb5_keyusage sign_usage = KG_USAGE_SIGN; if (toktype == KG_TOK_SEAL_MSG) { - message_buffer->length = 0; - message_buffer->value = NULL; + message_buffer->length = 0; + message_buffer->value = NULL; } /* get the sign and seal algorithms */ @@ -101,141 +102,141 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, /* Sanity checks */ if ((ptr[4] != 0xff) || (ptr[5] != 0xff)) { - *minor_status = 0; - return GSS_S_DEFECTIVE_TOKEN; + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; } if ((toktype != KG_TOK_SEAL_MSG) && - (sealalg != 0xffff)) { - *minor_status = 0; - return GSS_S_DEFECTIVE_TOKEN; + (sealalg != 0xffff)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; } /* in the current spec, there is only one valid seal algorithm per key type, so a simple comparison is ok */ if ((toktype == KG_TOK_SEAL_MSG) && - !((sealalg == 0xffff) || - (sealalg == ctx->sealalg))) { - *minor_status = 0; - return GSS_S_DEFECTIVE_TOKEN; + !((sealalg == 0xffff) || + (sealalg == ctx->sealalg))) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; } /* there are several mappings of seal algorithms to sign algorithms, but few enough that we can try them all. */ if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || - (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) || - (ctx->sealalg == SEAL_ALG_DES3KD && - signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| - (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && - signalg != SGN_ALG_HMAC_MD5)) { - *minor_status = 0; - return GSS_S_DEFECTIVE_TOKEN; + (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) || + (ctx->sealalg == SEAL_ALG_DES3KD && + signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| + (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && + signalg != SGN_ALG_HMAC_MD5)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; } switch (signalg) { case SGN_ALG_DES_MAC_MD5: case SGN_ALG_MD2_5: case SGN_ALG_HMAC_MD5: - cksum_len = 8; - if (toktype != KG_TOK_SEAL_MSG) - sign_usage = 15; - break; + cksum_len = 8; + if (toktype != KG_TOK_SEAL_MSG) + sign_usage = 15; + break; case SGN_ALG_3: - cksum_len = 16; - break; + cksum_len = 16; + break; case SGN_ALG_HMAC_SHA1_DES3_KD: - cksum_len = 20; - break; + cksum_len = 20; + break; default: - *minor_status = 0; - return GSS_S_DEFECTIVE_TOKEN; + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; } /* get the token parameters */ if ((code = kg_get_seq_num(context, ctx->seq, ptr+14, ptr+6, &direction, - &seqnum))) { - *minor_status = code; - return(GSS_S_BAD_SIG); + &seqnum))) { + *minor_status = code; + return(GSS_S_BAD_SIG); } /* decode the message, if SEAL */ if (toktype == KG_TOK_SEAL_MSG) { - int tmsglen = bodysize-(14+cksum_len); - if (sealalg != 0xffff) { - if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) { - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - if (ctx->enc->enctype == ENCTYPE_ARCFOUR_HMAC) { - unsigned char bigend_seqnum[4]; - krb5_keyblock *enc_key; - int i; - bigend_seqnum[0] = (seqnum>>24) & 0xff; - bigend_seqnum[1] = (seqnum>>16) & 0xff; - bigend_seqnum[2] = (seqnum>>8) & 0xff; - bigend_seqnum[3] = seqnum & 0xff; - code = krb5_copy_keyblock (context, ctx->enc, &enc_key); - if (code) - { - xfree(plain); - *minor_status = code; - return(GSS_S_FAILURE); - } - - assert (enc_key->length == 16); - for (i = 0; i <= 15; i++) - ((char *) enc_key->contents)[i] ^=0xf0; - code = kg_arcfour_docrypt (enc_key, 0, - &bigend_seqnum[0], 4, - ptr+14+cksum_len, tmsglen, - plain); - krb5_free_keyblock (context, enc_key); - } else { - code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL, - ptr+14+cksum_len, plain, tmsglen); - } - if (code) { - xfree(plain); - *minor_status = code; - return(GSS_S_FAILURE); - } - } else { - plain = ptr+14+cksum_len; - } - - plainlen = tmsglen; - - if ((sealalg == 0xffff) && ctx->big_endian) { - token.length = tmsglen; - } else { - conflen = kg_confounder_size(context, ctx->enc); - token.length = tmsglen - conflen - plain[tmsglen-1]; - } - - if (token.length) { - if ((token.value = (void *) xmalloc(token.length)) == NULL) { - if (sealalg != 0xffff) - xfree(plain); - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - memcpy(token.value, plain+conflen, token.length); - } else { - token.value = NULL; - } + size_t tmsglen = bodysize-(14+cksum_len); + if (sealalg != 0xffff) { + if ((plain = (unsigned char *) xmalloc(tmsglen)) == NULL) { + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) { + unsigned char bigend_seqnum[4]; + krb5_keyblock *enc_key; + int i; + bigend_seqnum[0] = (seqnum>>24) & 0xff; + bigend_seqnum[1] = (seqnum>>16) & 0xff; + bigend_seqnum[2] = (seqnum>>8) & 0xff; + bigend_seqnum[3] = seqnum & 0xff; + code = krb5_copy_keyblock (context, ctx->enc, &enc_key); + if (code) + { + xfree(plain); + *minor_status = code; + return(GSS_S_FAILURE); + } + + assert (enc_key->length == 16); + for (i = 0; i <= 15; i++) + ((char *) enc_key->contents)[i] ^=0xf0; + code = kg_arcfour_docrypt (enc_key, 0, + &bigend_seqnum[0], 4, + ptr+14+cksum_len, tmsglen, + plain); + krb5_free_keyblock (context, enc_key); + } else { + code = kg_decrypt(context, ctx->enc, KG_USAGE_SEAL, NULL, + ptr+14+cksum_len, plain, tmsglen); + } + if (code) { + xfree(plain); + *minor_status = code; + return(GSS_S_FAILURE); + } + } else { + plain = ptr+14+cksum_len; + } + + plainlen = tmsglen; + + if ((sealalg == 0xffff) && ctx->big_endian) { + token.length = tmsglen; + } else { + conflen = kg_confounder_size(context, ctx->enc); + token.length = tmsglen - conflen - plain[tmsglen-1]; + } + + if (token.length) { + if ((token.value = (void *) xmalloc(token.length)) == NULL) { + if (sealalg != 0xffff) + xfree(plain); + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + memcpy(token.value, plain+conflen, token.length); + } else { + token.value = NULL; + } } else if (toktype == KG_TOK_SIGN_MSG) { - token = *message_buffer; - plain = token.value; - plainlen = token.length; + token = *message_buffer; + plain = token.value; + plainlen = token.length; } else { - token.length = 0; - token.value = NULL; - plain = token.value; - plainlen = token.length; + token.length = 0; + token.value = NULL; + plain = token.value; + plainlen = token.length; } /* compute the checksum of the message */ @@ -246,227 +247,227 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, case SGN_ALG_MD2_5: case SGN_ALG_DES_MAC: case SGN_ALG_3: - md5cksum.checksum_type = CKSUMTYPE_RSA_MD5; - break; + md5cksum.checksum_type = CKSUMTYPE_RSA_MD5; + break; case SGN_ALG_HMAC_MD5: - md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; - break; + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + break; case SGN_ALG_HMAC_SHA1_DES3_KD: - md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; - break; + md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; + break; default: - abort (); + abort (); } code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); if (code) - return(code); + return(code); md5cksum.length = sumlen; switch (signalg) { case SGN_ALG_DES_MAC_MD5: case SGN_ALG_3: - /* compute the checksum of the message */ - - /* 8 = bytes of token body to be checksummed according to spec */ - - if (! (data_ptr = (void *) - xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) { - if (sealalg != 0xffff) - xfree(plain); - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - - (void) memcpy(data_ptr, ptr-2, 8); - - if (ctx->big_endian) - (void) memcpy(data_ptr+8, token.value, token.length); - else - (void) memcpy(data_ptr+8, plain, plainlen); - - plaind.length = 8 + (ctx->big_endian ? token.length : plainlen); - plaind.data = data_ptr; - code = krb5_c_make_checksum(context, md5cksum.checksum_type, - ctx->seq, sign_usage, - &plaind, &md5cksum); - xfree(data_ptr); - - if (code) { - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = code; - return(GSS_S_FAILURE); - } - - if ((code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL, - (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ? - ctx->seq->contents : NULL), - md5cksum.contents, md5cksum.contents, 16))) { - krb5_free_checksum_contents(context, &md5cksum); - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = code; - return GSS_S_FAILURE; - } - - if (signalg == 0) - cksum.length = 8; - else - cksum.length = 16; - cksum.contents = md5cksum.contents + 16 - cksum.length; - - code = memcmp(cksum.contents, ptr+14, cksum.length); - break; + /* compute the checksum of the message */ + + /* 8 = bytes of token body to be checksummed according to spec */ + + if (! (data_ptr = (void *) + xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) { + if (sealalg != 0xffff) + xfree(plain); + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + + (void) memcpy(data_ptr, ptr-2, 8); + + if (ctx->big_endian) + (void) memcpy(data_ptr+8, token.value, token.length); + else + (void) memcpy(data_ptr+8, plain, plainlen); + + plaind.length = 8 + (ctx->big_endian ? token.length : plainlen); + plaind.data = data_ptr; + code = krb5_c_make_checksum(context, md5cksum.checksum_type, + ctx->seq, sign_usage, + &plaind, &md5cksum); + xfree(data_ptr); + + if (code) { + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = code; + return(GSS_S_FAILURE); + } + + if ((code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL, + (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ? + ctx->seq->contents : NULL), + md5cksum.contents, md5cksum.contents, 16))) { + krb5_free_checksum_contents(context, &md5cksum); + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = code; + return GSS_S_FAILURE; + } + + if (signalg == 0) + cksum.length = 8; + else + cksum.length = 16; + cksum.contents = md5cksum.contents + 16 - cksum.length; + + code = memcmp(cksum.contents, ptr+14, cksum.length); + break; case SGN_ALG_MD2_5: - if (!ctx->seed_init && - (code = kg_make_seed(context, ctx->subkey, ctx->seed))) { - krb5_free_checksum_contents(context, &md5cksum); - if (sealalg != 0xffff) - xfree(plain); - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = code; - return GSS_S_FAILURE; - } - - if (! (data_ptr = (void *) - xmalloc(sizeof(ctx->seed) + 8 + - (ctx->big_endian ? token.length : plainlen)))) { - krb5_free_checksum_contents(context, &md5cksum); - if (sealalg == 0) - xfree(plain); - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - (void) memcpy(data_ptr, ptr-2, 8); - (void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed)); - if (ctx->big_endian) - (void) memcpy(data_ptr+8+sizeof(ctx->seed), - token.value, token.length); - else - (void) memcpy(data_ptr+8+sizeof(ctx->seed), - plain, plainlen); - plaind.length = 8 + sizeof(ctx->seed) + - (ctx->big_endian ? token.length : plainlen); - plaind.data = data_ptr; - krb5_free_checksum_contents(context, &md5cksum); - code = krb5_c_make_checksum(context, md5cksum.checksum_type, - ctx->seq, sign_usage, - &plaind, &md5cksum); - xfree(data_ptr); - - if (code) { - if (sealalg == 0) - xfree(plain); - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = code; - return(GSS_S_FAILURE); - } - - code = memcmp(md5cksum.contents, ptr+14, 8); - /* Falls through to defective-token?? */ + if (!ctx->seed_init && + (code = kg_make_seed(context, ctx->subkey, ctx->seed))) { + krb5_free_checksum_contents(context, &md5cksum); + if (sealalg != 0xffff) + xfree(plain); + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = code; + return GSS_S_FAILURE; + } + + if (! (data_ptr = (void *) + xmalloc(sizeof(ctx->seed) + 8 + + (ctx->big_endian ? token.length : plainlen)))) { + krb5_free_checksum_contents(context, &md5cksum); + if (sealalg == 0) + xfree(plain); + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + (void) memcpy(data_ptr, ptr-2, 8); + (void) memcpy(data_ptr+8, ctx->seed, sizeof(ctx->seed)); + if (ctx->big_endian) + (void) memcpy(data_ptr+8+sizeof(ctx->seed), + token.value, token.length); + else + (void) memcpy(data_ptr+8+sizeof(ctx->seed), + plain, plainlen); + plaind.length = 8 + sizeof(ctx->seed) + + (ctx->big_endian ? token.length : plainlen); + plaind.data = data_ptr; + krb5_free_checksum_contents(context, &md5cksum); + code = krb5_c_make_checksum(context, md5cksum.checksum_type, + ctx->seq, sign_usage, + &plaind, &md5cksum); + xfree(data_ptr); + + if (code) { + if (sealalg == 0) + xfree(plain); + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = code; + return(GSS_S_FAILURE); + } + + code = memcmp(md5cksum.contents, ptr+14, 8); + /* Falls through to defective-token?? */ default: - *minor_status = 0; - return(GSS_S_DEFECTIVE_TOKEN); + *minor_status = 0; + return(GSS_S_DEFECTIVE_TOKEN); case SGN_ALG_HMAC_SHA1_DES3_KD: case SGN_ALG_HMAC_MD5: - /* compute the checksum of the message */ - - /* 8 = bytes of token body to be checksummed according to spec */ - - if (! (data_ptr = (void *) - xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) { - if (sealalg != 0xffff) - xfree(plain); - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = ENOMEM; - return(GSS_S_FAILURE); - } - - (void) memcpy(data_ptr, ptr-2, 8); - - if (ctx->big_endian) - (void) memcpy(data_ptr+8, token.value, token.length); - else - (void) memcpy(data_ptr+8, plain, plainlen); - - plaind.length = 8 + (ctx->big_endian ? token.length : plainlen); - plaind.data = data_ptr; - code = krb5_c_make_checksum(context, md5cksum.checksum_type, - ctx->seq, sign_usage, - &plaind, &md5cksum); - xfree(data_ptr); - - if (code) { - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = code; - return(GSS_S_FAILURE); - } - - code = memcmp(md5cksum.contents, ptr+14, cksum_len); - break; + /* compute the checksum of the message */ + + /* 8 = bytes of token body to be checksummed according to spec */ + + if (! (data_ptr = (void *) + xmalloc(8 + (ctx->big_endian ? token.length : plainlen)))) { + if (sealalg != 0xffff) + xfree(plain); + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = ENOMEM; + return(GSS_S_FAILURE); + } + + (void) memcpy(data_ptr, ptr-2, 8); + + if (ctx->big_endian) + (void) memcpy(data_ptr+8, token.value, token.length); + else + (void) memcpy(data_ptr+8, plain, plainlen); + + plaind.length = 8 + (ctx->big_endian ? token.length : plainlen); + plaind.data = data_ptr; + code = krb5_c_make_checksum(context, md5cksum.checksum_type, + ctx->seq, sign_usage, + &plaind, &md5cksum); + xfree(data_ptr); + + if (code) { + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = code; + return(GSS_S_FAILURE); + } + + code = memcmp(md5cksum.contents, ptr+14, cksum_len); + break; } krb5_free_checksum_contents(context, &md5cksum); if (sealalg != 0xffff) - xfree(plain); + xfree(plain); /* compare the computed checksum against the transmitted checksum */ if (code) { - if (toktype == KG_TOK_SEAL_MSG) - xfree(token.value); - *minor_status = 0; - return(GSS_S_BAD_SIG); + if (toktype == KG_TOK_SEAL_MSG) + xfree(token.value); + *minor_status = 0; + return(GSS_S_BAD_SIG); } /* it got through unscathed. Make sure the context is unexpired */ if (toktype == KG_TOK_SEAL_MSG) - *message_buffer = token; + *message_buffer = token; if (conf_state) - *conf_state = (sealalg != 0xffff); + *conf_state = (sealalg != 0xffff); if (qop_state) - *qop_state = GSS_C_QOP_DEFAULT; + *qop_state = GSS_C_QOP_DEFAULT; if ((code = krb5_timeofday(context, &now))) { - *minor_status = code; - return(GSS_S_FAILURE); + *minor_status = code; + return(GSS_S_FAILURE); } - if (now > ctx->endtime) { - *minor_status = 0; - return(GSS_S_CONTEXT_EXPIRED); + if (now > ctx->krb_times.endtime) { + *minor_status = 0; + return(GSS_S_CONTEXT_EXPIRED); } /* do sequencing checks */ if ((ctx->initiate && direction != 0xff) || - (!ctx->initiate && direction != 0)) { - if (toktype == KG_TOK_SEAL_MSG) { - xfree(token.value); - message_buffer->value = NULL; - message_buffer->length = 0; - } - *minor_status = G_BAD_DIRECTION; - return(GSS_S_BAD_SIG); + (!ctx->initiate && direction != 0)) { + if (toktype == KG_TOK_SEAL_MSG) { + xfree(token.value); + message_buffer->value = NULL; + message_buffer->length = 0; + } + *minor_status = (OM_uint32)G_BAD_DIRECTION; + return(GSS_S_BAD_SIG); } - retval = g_order_check(&(ctx->seqstate), seqnum); + retval = g_order_check(&(ctx->seqstate), (gssint_uint64)seqnum); /* success or ordering violation */ @@ -479,13 +480,13 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, OM_uint32 kg_unseal(minor_status, context_handle, input_token_buffer, - message_buffer, conf_state, qop_state, toktype) + message_buffer, conf_state, qop_state, toktype) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_buffer_t input_token_buffer; gss_buffer_t message_buffer; int *conf_state; - int *qop_state; + gss_qop_t *qop_state; int toktype; { krb5_gss_ctx_id_rec *ctx; @@ -497,15 +498,15 @@ kg_unseal(minor_status, context_handle, input_token_buffer, /* validate the context handle */ if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); } ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { - *minor_status = KG_CTX_INCOMPLETE; - return(GSS_S_NO_CONTEXT); + *minor_status = KG_CTX_INCOMPLETE; + return(GSS_S_NO_CONTEXT); } /* parse the token, leave the data in message_buffer, setting conf_state */ @@ -514,41 +515,26 @@ kg_unseal(minor_status, context_handle, input_token_buffer, ptr = (unsigned char *) input_token_buffer->value; - if (ctx->proto) - switch (toktype) { - case KG_TOK_SIGN_MSG: - toktype2 = 0x0404; - break; - case KG_TOK_SEAL_MSG: - toktype2 = 0x0504; - break; - case KG_TOK_DEL_CTX: - toktype2 = 0x0405; - break; - default: - toktype2 = toktype; - break; - } - else - toktype2 = toktype; + toktype2 = kg_map_toktype(ctx->proto, toktype); + err = g_verify_token_header(ctx->mech_used, - &bodysize, &ptr, toktype2, - input_token_buffer->length, - !ctx->proto); + &bodysize, &ptr, toktype2, + input_token_buffer->length, + !ctx->proto); if (err) { - *minor_status = err; - return GSS_S_DEFECTIVE_TOKEN; + *minor_status = err; + return GSS_S_DEFECTIVE_TOKEN; } if (ctx->proto == 0) - ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize, - message_buffer, conf_state, qop_state, - toktype); + ret = kg_unseal_v1(ctx->k5_context, minor_status, ctx, ptr, bodysize, + message_buffer, conf_state, qop_state, + toktype); else - ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx, - ptr, bodysize, message_buffer, - conf_state, qop_state, toktype); + ret = gss_krb5int_unseal_token_v3(&ctx->k5_context, minor_status, ctx, + ptr, bodysize, message_buffer, + conf_state, qop_state, toktype); if (ret != 0) - save_error_info (*minor_status, ctx->k5_context); + save_error_info (*minor_status, ctx->k5_context); return ret; } diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c new file mode 100644 index 0000000000..c72e2db39c --- /dev/null +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -0,0 +1,631 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ +/* + * lib/gssapi/krb5/k5unsealiov.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + */ + +#include +#include "k5-platform.h" /* for 64-bit support */ +#include "k5-int.h" /* for zap() */ +#include "gssapiP_krb5.h" +#include + +static OM_uint32 +kg_unseal_v1_iov(krb5_context context, + OM_uint32 *minor_status, + krb5_gss_ctx_id_rec *ctx, + gss_iov_buffer_desc *iov, + int iov_count, + size_t token_wrapper_len, + int *conf_state, + gss_qop_t *qop_state, + int toktype) +{ + OM_uint32 code; + gss_iov_buffer_t header; + gss_iov_buffer_t trailer; + unsigned char *ptr; + int sealalg; + int signalg; + krb5_checksum cksum; + krb5_checksum md5cksum; + krb5_timestamp now; + size_t cksum_len = 0; + size_t conflen = 0; + int direction; + krb5_ui_4 seqnum; + OM_uint32 retval; + size_t sumlen; + krb5_keyusage sign_usage = KG_USAGE_SIGN; + + assert(toktype == KG_TOK_WRAP_MSG); + + md5cksum.length = cksum.length = 0; + md5cksum.contents = cksum.contents = NULL; + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + assert(header != NULL); + + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + if (trailer != NULL && trailer->buffer.length != 0) { + *minor_status = (OM_uint32)KRB5_BAD_MSIZE; + return GSS_S_DEFECTIVE_TOKEN; + } + + if (header->buffer.length < token_wrapper_len + 14) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + + ptr = (unsigned char *)header->buffer.value + token_wrapper_len; + + signalg = ptr[0]; + signalg |= ptr[1] << 8; + + sealalg = ptr[2]; + sealalg |= ptr[3] << 8; + + if (ptr[4] != 0xFF || ptr[5] != 0xFF) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + + if (toktype != KG_TOK_WRAP_MSG && sealalg != 0xFFFF) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + + if (toktype == KG_TOK_WRAP_MSG && + !(sealalg == 0xFFFF || sealalg == ctx->sealalg)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + + if ((ctx->sealalg == SEAL_ALG_NONE && signalg > 1) || + (ctx->sealalg == SEAL_ALG_1 && signalg != SGN_ALG_3) || + (ctx->sealalg == SEAL_ALG_DES3KD && + signalg != SGN_ALG_HMAC_SHA1_DES3_KD)|| + (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4 && + signalg != SGN_ALG_HMAC_MD5)) { + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + + switch (signalg) { + case SGN_ALG_DES_MAC_MD5: + case SGN_ALG_MD2_5: + case SGN_ALG_HMAC_MD5: + cksum_len = 8; + if (toktype != KG_TOK_WRAP_MSG) + sign_usage = 15; + break; + case SGN_ALG_3: + cksum_len = 16; + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + cksum_len = 20; + break; + default: + *minor_status = 0; + return GSS_S_DEFECTIVE_TOKEN; + } + + /* get the token parameters */ + code = kg_get_seq_num(context, ctx->seq, ptr + 14, ptr + 6, &direction, + &seqnum); + if (code != 0) { + *minor_status = code; + return GSS_S_BAD_SIG; + } + + assert(ctx->big_endian == 0); + + /* decode the message, if SEAL */ + if (toktype == KG_TOK_WRAP_MSG) { + if (sealalg != 0xFFFF) { + if (ctx->sealalg == SEAL_ALG_MICROSOFT_RC4) { + unsigned char bigend_seqnum[4]; + krb5_keyblock *enc_key; + size_t i; + + bigend_seqnum[0] = (seqnum >> 24) & 0xFF; + bigend_seqnum[1] = (seqnum >> 16) & 0xFF; + bigend_seqnum[2] = (seqnum >> 8 ) & 0xFF; + bigend_seqnum[3] = (seqnum ) & 0xFF; + + code = krb5_copy_keyblock(context, ctx->enc, &enc_key); + if (code != 0) { + retval = GSS_S_FAILURE; + goto cleanup; + } + + assert(enc_key->length == 16); + + for (i = 0; i < enc_key->length; i++) + ((char *)enc_key->contents)[i] ^= 0xF0; + + code = kg_arcfour_docrypt_iov(context, enc_key, 0, + &bigend_seqnum[0], 4, + iov, iov_count); + krb5_free_keyblock(context, enc_key); + } else { + code = kg_decrypt_iov(context, ctx->proto, + ((ctx->gss_flags & GSS_C_DCE_STYLE) != 0), + 0 /*EC*/, 0 /*RRC*/, + ctx->enc, KG_USAGE_SEAL, NULL, + iov, iov_count); + } + if (code != 0) { + retval = GSS_S_FAILURE; + goto cleanup; + } + } + conflen = kg_confounder_size(context, ctx->enc); + } + + if (header->buffer.length != token_wrapper_len + 14 + cksum_len + conflen) { + retval = GSS_S_DEFECTIVE_TOKEN; + goto cleanup; + } + + /* compute the checksum of the message */ + + /* initialize the checksum */ + + switch (signalg) { + case SGN_ALG_DES_MAC_MD5: + case SGN_ALG_MD2_5: + case SGN_ALG_DES_MAC: + case SGN_ALG_3: + md5cksum.checksum_type = CKSUMTYPE_RSA_MD5; + break; + case SGN_ALG_HMAC_MD5: + md5cksum.checksum_type = CKSUMTYPE_HMAC_MD5_ARCFOUR; + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + md5cksum.checksum_type = CKSUMTYPE_HMAC_SHA1_DES3; + break; + default: + abort(); + } + + code = krb5_c_checksum_length(context, md5cksum.checksum_type, &sumlen); + if (code != 0) { + retval = GSS_S_FAILURE; + goto cleanup; + } + md5cksum.length = sumlen; + + /* compute the checksum of the message */ + code = kg_make_checksum_iov_v1(context, md5cksum.checksum_type, + cksum_len, ctx->seq, ctx->enc, + sign_usage, iov, iov_count, toktype, + &md5cksum); + if (code != 0) { + retval = GSS_S_FAILURE; + goto cleanup; + } + + switch (signalg) { + case SGN_ALG_DES_MAC_MD5: + case SGN_ALG_3: + code = kg_encrypt(context, ctx->seq, KG_USAGE_SEAL, + (g_OID_equal(ctx->mech_used, gss_mech_krb5_old) ? + ctx->seq->contents : NULL), + md5cksum.contents, md5cksum.contents, 16); + if (code != 0) { + retval = GSS_S_FAILURE; + goto cleanup; + } + + cksum.length = cksum_len; + cksum.contents = md5cksum.contents + 16 - cksum.length; + + code = memcmp(cksum.contents, ptr + 14, cksum.length); + break; + case SGN_ALG_HMAC_SHA1_DES3_KD: + case SGN_ALG_HMAC_MD5: + code = memcmp(md5cksum.contents, ptr + 14, cksum_len); + break; + default: + code = 0; + retval = GSS_S_DEFECTIVE_TOKEN; + goto cleanup; + break; + } + + if (code != 0) { + code = 0; + retval = GSS_S_BAD_SIG; + goto cleanup; + } + + /* + * For GSS_C_DCE_STYLE, the caller manages the padding, because the + * pad length is in the RPC PDU. The value of the padding may be + * uninitialized. For normal GSS, the last bytes of the decrypted + * data contain the pad length. kg_fixup_padding_iov() will find + * this and fixup the last data IOV appropriately. + */ + if (toktype == KG_TOK_WRAP_MSG && + (ctx->gss_flags & GSS_C_DCE_STYLE) == 0) { + retval = kg_fixup_padding_iov(&code, iov, iov_count); + if (retval != GSS_S_COMPLETE) + goto cleanup; + } + + if (conf_state != NULL) + *conf_state = (sealalg != 0xFFFF); + + if (qop_state != NULL) + *qop_state = GSS_C_QOP_DEFAULT; + + code = krb5_timeofday(context, &now); + if (code != 0) { + *minor_status = code; + retval = GSS_S_FAILURE; + goto cleanup; + } + + if (now > ctx->krb_times.endtime) { + *minor_status = 0; + retval = GSS_S_CONTEXT_EXPIRED; + goto cleanup; + } + + if ((ctx->initiate && direction != 0xff) || + (!ctx->initiate && direction != 0)) { + *minor_status = (OM_uint32)G_BAD_DIRECTION; + retval = GSS_S_BAD_SIG; + } + + code = 0; + retval = g_order_check(&ctx->seqstate, (gssint_uint64)seqnum); + +cleanup: + krb5_free_checksum_contents(context, &md5cksum); + + *minor_status = code; + + return retval; +} + +/* + * Caller must provide TOKEN | DATA | PADDING | TRAILER, except + * for DCE in which case it can just provide TOKEN | DATA (must + * guarantee that DATA is padded) + */ +static OM_uint32 +kg_unseal_iov_token(OM_uint32 *minor_status, + krb5_gss_ctx_id_rec *ctx, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype, + int toktype2) +{ + krb5_error_code code; + krb5_context context = ctx->k5_context; + unsigned char *ptr; + gss_iov_buffer_t header; + gss_iov_buffer_t padding; + gss_iov_buffer_t trailer; + size_t input_length; + unsigned int bodysize; + int vfyflags = 0; + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + if (header == NULL) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + + ptr = (unsigned char *)header->buffer.value; + input_length = header->buffer.length; + + if ((ctx->gss_flags & GSS_C_DCE_STYLE) == 0) { + size_t data_length, assoc_data_length; + + kg_iov_msglen(iov, iov_count, &data_length, &assoc_data_length); + + input_length += data_length - assoc_data_length; + + if (padding != NULL) + input_length += padding->buffer.length; + + if (trailer != NULL) + input_length += trailer->buffer.length; + } + + if (ctx->proto == 0) + vfyflags |= G_VFY_TOKEN_HDR_WRAPPER_REQUIRED; + if (ctx->gss_flags & GSS_C_DCE_STYLE) + vfyflags |= G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE; + + code = g_verify_token_header(ctx->mech_used, + &bodysize, &ptr, toktype2, + input_length, vfyflags); + if (code != 0) { + *minor_status = code; + return GSS_S_DEFECTIVE_TOKEN; + } + + if (ctx->proto == 0) + code = kg_unseal_v1_iov(context, minor_status, ctx, iov, iov_count, + (size_t)(ptr - (unsigned char *)header->buffer.value), + conf_state, qop_state, toktype); + else + code = gss_krb5int_unseal_v3_iov(context, minor_status, ctx, iov, iov_count, + conf_state, qop_state, toktype); + + if (code != 0) + save_error_info(*minor_status, context); + + return code; +} + +/* + * Split a STREAM | SIGN_DATA | DATA into + * HEADER | SIGN_DATA | DATA | PADDING | TRAILER + */ +static OM_uint32 +kg_unseal_stream_iov(OM_uint32 *minor_status, + krb5_gss_ctx_id_rec *ctx, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype, + int toktype2) +{ + unsigned char *ptr; + unsigned int bodysize; + OM_uint32 code = 0, major_status = GSS_S_FAILURE; + krb5_context context = ctx->k5_context; + int conf_req_flag; + int i = 0, j; + gss_iov_buffer_desc *tiov = NULL; + gss_iov_buffer_t stream, data = NULL; + gss_iov_buffer_t theader, tdata = NULL, tpadding, ttrailer; + + assert(toktype == KG_TOK_WRAP_MSG); + assert(toktype2 == KG_TOK_WRAP_MSG || toktype2 == KG2_TOK_WRAP_MSG); + + if (toktype != KG_TOK_WRAP_MSG || (ctx->gss_flags & GSS_C_DCE_STYLE)) { + code = EINVAL; + goto cleanup; + } + + stream = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM); + assert(stream != NULL); + + ptr = (unsigned char *)stream->buffer.value; + + code = g_verify_token_header(ctx->mech_used, + &bodysize, &ptr, toktype2, + stream->buffer.length, + ctx->proto ? 0 : G_VFY_TOKEN_HDR_WRAPPER_REQUIRED); + if (code != 0) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto cleanup; + } + + tiov = (gss_iov_buffer_desc *)calloc((size_t)iov_count + 2, sizeof(gss_iov_buffer_desc)); + if (tiov == NULL) { + code = ENOMEM; + goto cleanup; + } + + /* HEADER */ + theader = &tiov[i++]; + theader->type = GSS_IOV_BUFFER_TYPE_HEADER; + theader->buffer.value = stream->buffer.value; + theader->buffer.length = ptr - (unsigned char *)stream->buffer.value; + if (bodysize < 14 || + stream->buffer.length != theader->buffer.length + bodysize) { + major_status = GSS_S_DEFECTIVE_TOKEN; + goto cleanup; + } + theader->buffer.length += 14; + + /* n[SIGN_DATA] | DATA | m[SIGN_DATA] */ + for (j = 0; j < iov_count; j++) { + OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[j].type); + + if (type == GSS_IOV_BUFFER_TYPE_DATA) { + if (data != NULL) { + /* only a single DATA buffer can appear */ + code = EINVAL; + goto cleanup; + } + + data = &iov[j]; + tdata = &tiov[i]; + } + if (type == GSS_IOV_BUFFER_TYPE_DATA || + type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) + tiov[i++] = iov[j]; + } + + if (data == NULL) { + /* a single DATA buffer must be present */ + code = EINVAL; + goto cleanup; + } + + /* PADDING | TRAILER */ + tpadding = &tiov[i++]; + tpadding->type = GSS_IOV_BUFFER_TYPE_PADDING; + tpadding->buffer.length = 0; + tpadding->buffer.value = NULL; + + ttrailer = &tiov[i++]; + ttrailer->type = GSS_IOV_BUFFER_TYPE_TRAILER; + + if (ctx->proto == 1) { + size_t ec, rrc; + krb5_enctype enctype = ctx->enc->enctype; + unsigned int k5_headerlen = 0; + unsigned int k5_trailerlen = 0; + + conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0); + ec = conf_req_flag ? load_16_be(ptr + 2) : 0; + rrc = load_16_be(ptr + 4); + + if (rrc != 0) { + if (!gss_krb5int_rotate_left((unsigned char *)stream->buffer.value + 16, + stream->buffer.length - 16, rrc)) { + code = ENOMEM; + goto cleanup; + } + store_16_be(0, ptr + 4); /* set RRC to zero */ + } + + if (conf_req_flag) { + code = krb5_c_crypto_length(context, enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen); + if (code != 0) + goto cleanup; + theader->buffer.length += k5_headerlen; /* length validated later */ + } + + /* no PADDING for CFX, EC is used instead */ + code = krb5_c_crypto_length(context, enctype, + conf_req_flag ? KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM, + &k5_trailerlen); + if (code != 0) + goto cleanup; + + ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + k5_trailerlen; + ttrailer->buffer.value = (unsigned char *)stream->buffer.value + + stream->buffer.length - ttrailer->buffer.length; + } else { + theader->buffer.length += ctx->cksum_size + kg_confounder_size(context, ctx->enc); + + /* + * we can't set the padding accurately until decryption; + * kg_fixup_padding_iov() will take care of this + */ + tpadding->buffer.length = 1; + tpadding->buffer.value = (unsigned char *)stream->buffer.value + stream->buffer.length - 1; + + /* no TRAILER for pre-CFX */ + ttrailer->buffer.length = 0; + ttrailer->buffer.value = NULL; + } + + /* IOV: -----------0-------------+---1---+--2--+----------------3--------------*/ + /* Old: GSS-Header | Conf | Data | Pad | */ + /* CFX: GSS-Header | Kerb-Header | Data | | EC | E(Header) | Kerb-Trailer */ + /* GSS: -------GSS-HEADER--------+-DATA--+-PAD-+----------GSS-TRAILER----------*/ + + /* validate lengths */ + if (stream->buffer.length < theader->buffer.length + + tpadding->buffer.length + + ttrailer->buffer.length) + { + code = (OM_uint32)KRB5_BAD_MSIZE; + major_status = GSS_S_DEFECTIVE_TOKEN; + goto cleanup; + } + + /* setup data */ + tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length - + tpadding->buffer.length - theader->buffer.length; + + assert(data != NULL); + + if (data->type & GSS_IOV_BUFFER_FLAG_ALLOCATE) { + code = kg_allocate_iov(tdata, tdata->buffer.length); + if (code != 0) + goto cleanup; + memcpy(tdata->buffer.value, + (unsigned char *)stream->buffer.value + theader->buffer.length, tdata->buffer.length); + } else + tdata->buffer.value = (unsigned char *)stream->buffer.value + theader->buffer.length; + + assert(i <= iov_count + 2); + + major_status = kg_unseal_iov_token(&code, ctx, conf_state, qop_state, + tiov, i, toktype, toktype2); + if (major_status == GSS_S_COMPLETE) + *data = *tdata; + else if (tdata->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { + OM_uint32 tmp; + + gss_release_buffer(&tmp, &tdata->buffer); + tdata->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); + } + +cleanup: + if (tiov != NULL) + free(tiov); + + *minor_status = code; + + return major_status; +} + +OM_uint32 +kg_unseal_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype) +{ + krb5_gss_ctx_id_rec *ctx; + OM_uint32 code; + int toktype2; + + if (!kg_validate_ctx_id(context_handle)) { + *minor_status = (OM_uint32)G_VALIDATE_FAILED; + return GSS_S_NO_CONTEXT; + } + + ctx = (krb5_gss_ctx_id_rec *)context_handle; + if (!ctx->established) { + *minor_status = KG_CTX_INCOMPLETE; + return GSS_S_NO_CONTEXT; + } + + toktype2 = kg_map_toktype(ctx->proto, toktype); + + if (kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_STREAM) != NULL) { + code = kg_unseal_stream_iov(minor_status, ctx, conf_state, qop_state, + iov, iov_count, toktype, toktype2); + } else { + code = kg_unseal_iov_token(minor_status, ctx, conf_state, qop_state, + iov, iov_count, toktype, toktype2); + } + + return code; +} + diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index 2bdac009f4..5b7cbdf21c 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -19,1131 +20,391 @@ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ /* * $Id$ */ #include "gssapiP_krb5.h" -#include "mglueP.h" - - -/** mechglue wrappers **/ - -static OM_uint32 k5glue_acquire_cred -(void *, OM_uint32*, /* minor_status */ - gss_name_t, /* desired_name */ - OM_uint32, /* time_req */ - gss_OID_set, /* desired_mechs */ - gss_cred_usage_t, /* cred_usage */ - gss_cred_id_t*, /* output_cred_handle */ - gss_OID_set*, /* actual_mechs */ - OM_uint32* /* time_rec */ - ); - -static OM_uint32 k5glue_release_cred -(void *, OM_uint32*, /* minor_status */ - gss_cred_id_t* /* cred_handle */ - ); - -static OM_uint32 k5glue_init_sec_context -(void *, OM_uint32*, /* minor_status */ - gss_cred_id_t, /* claimant_cred_handle */ - gss_ctx_id_t*, /* context_handle */ - gss_name_t, /* target_name */ - gss_OID, /* mech_type */ - OM_uint32, /* req_flags */ - OM_uint32, /* time_req */ - gss_channel_bindings_t, - /* input_chan_bindings */ - gss_buffer_t, /* input_token */ - gss_OID*, /* actual_mech_type */ - gss_buffer_t, /* output_token */ - OM_uint32*, /* ret_flags */ - OM_uint32* /* time_rec */ - ); - -#ifndef LEAN_CLIENT -static OM_uint32 k5glue_accept_sec_context -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t*, /* context_handle */ - gss_cred_id_t, /* verifier_cred_handle */ - gss_buffer_t, /* input_token_buffer */ - gss_channel_bindings_t, - /* input_chan_bindings */ - gss_name_t*, /* src_name */ - gss_OID*, /* mech_type */ - gss_buffer_t, /* output_token */ - OM_uint32*, /* ret_flags */ - OM_uint32*, /* time_rec */ - gss_cred_id_t* /* delegated_cred_handle */ - ); -#endif /* LEAN_CLIENT */ - -static OM_uint32 k5glue_process_context_token -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t /* token_buffer */ - ); - -static OM_uint32 k5glue_delete_sec_context -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t*, /* context_handle */ - gss_buffer_t /* output_token */ - ); - -static OM_uint32 k5glue_context_time -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - OM_uint32* /* time_rec */ - ); - -static OM_uint32 k5glue_sign -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ - ); - -static OM_uint32 k5glue_verify -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* token_buffer */ - int* /* qop_state */ - ); - -static OM_uint32 k5glue_seal -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - int, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ - int*, /* conf_state */ - gss_buffer_t /* output_message_buffer */ - ); - -static OM_uint32 k5glue_unseal -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ - gss_buffer_t, /* output_message_buffer */ - int*, /* conf_state */ - int* /* qop_state */ - ); - -static OM_uint32 k5glue_display_status -(void *, OM_uint32*, /* minor_status */ - OM_uint32, /* status_value */ - int, /* status_type */ - gss_OID, /* mech_type */ - OM_uint32*, /* message_context */ - gss_buffer_t /* status_string */ - ); - -static OM_uint32 k5glue_indicate_mechs -(void *, OM_uint32*, /* minor_status */ - gss_OID_set* /* mech_set */ - ); - -static OM_uint32 k5glue_compare_name -(void *, OM_uint32*, /* minor_status */ - gss_name_t, /* name1 */ - gss_name_t, /* name2 */ - int* /* name_equal */ - ); - -static OM_uint32 k5glue_display_name -(void *, OM_uint32*, /* minor_status */ - gss_name_t, /* input_name */ - gss_buffer_t, /* output_name_buffer */ - gss_OID* /* output_name_type */ - ); - -static OM_uint32 k5glue_import_name -(void *, OM_uint32*, /* minor_status */ - gss_buffer_t, /* input_name_buffer */ - gss_OID, /* input_name_type */ - gss_name_t* /* output_name */ - ); - -static OM_uint32 k5glue_release_name -(void *, OM_uint32*, /* minor_status */ - gss_name_t* /* input_name */ - ); - -static OM_uint32 k5glue_inquire_cred -(void *, OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_name_t *, /* name */ - OM_uint32 *, /* lifetime */ - gss_cred_usage_t*,/* cred_usage */ - gss_OID_set * /* mechanisms */ - ); - -static OM_uint32 k5glue_inquire_context -(void *, OM_uint32*, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_name_t*, /* initiator_name */ - gss_name_t*, /* acceptor_name */ - OM_uint32*, /* lifetime_rec */ - gss_OID*, /* mech_type */ - OM_uint32*, /* ret_flags */ - int*, /* locally_initiated */ - int* /* open */ - ); - -#if 0 -/* New V2 entry points */ -static OM_uint32 k5glue_get_mic -(void *, OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_qop_t, /* qop_req */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t /* message_token */ - ); - -static OM_uint32 k5glue_verify_mic -(void *, OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* message_buffer */ - gss_buffer_t, /* message_token */ - gss_qop_t * /* qop_state */ - ); - -static OM_uint32 k5glue_wrap -(void *, OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - gss_qop_t, /* qop_req */ - gss_buffer_t, /* input_message_buffer */ - int *, /* conf_state */ - gss_buffer_t /* output_message_buffer */ - ); - -static OM_uint32 k5glue_unwrap -(void *, OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - gss_buffer_t, /* input_message_buffer */ - gss_buffer_t, /* output_message_buffer */ - int *, /* conf_state */ - gss_qop_t * /* qop_state */ - ); -#endif - -static OM_uint32 k5glue_wrap_size_limit -(void *, OM_uint32 *, /* minor_status */ - gss_ctx_id_t, /* context_handle */ - int, /* conf_req_flag */ - gss_qop_t, /* qop_req */ - OM_uint32, /* req_output_size */ - OM_uint32 * /* max_input_size */ - ); - -#if 0 -static OM_uint32 k5glue_import_name_object -(void *, OM_uint32 *, /* minor_status */ - void *, /* input_name */ - gss_OID, /* input_name_type */ - gss_name_t * /* output_name */ - ); - -static OM_uint32 k5glue_export_name_object -(void *, OM_uint32 *, /* minor_status */ - gss_name_t, /* input_name */ - gss_OID, /* desired_name_type */ - void * * /* output_name */ - ); -#endif - -static OM_uint32 k5glue_add_cred -(void *, OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* input_cred_handle */ - gss_name_t, /* desired_name */ - gss_OID, /* desired_mech */ - gss_cred_usage_t, /* cred_usage */ - OM_uint32, /* initiator_time_req */ - OM_uint32, /* acceptor_time_req */ - gss_cred_id_t *, /* output_cred_handle */ - gss_OID_set *, /* actual_mechs */ - OM_uint32 *, /* initiator_time_rec */ - OM_uint32 * /* acceptor_time_rec */ - ); - -static OM_uint32 k5glue_inquire_cred_by_mech -(void *, OM_uint32 *, /* minor_status */ - gss_cred_id_t, /* cred_handle */ - gss_OID, /* mech_type */ - gss_name_t *, /* name */ - OM_uint32 *, /* initiator_lifetime */ - OM_uint32 *, /* acceptor_lifetime */ - gss_cred_usage_t * /* cred_usage */ - ); - -#ifndef LEAN_CLIENT -static OM_uint32 k5glue_export_sec_context -(void *, OM_uint32 *, /* minor_status */ - gss_ctx_id_t *, /* context_handle */ - gss_buffer_t /* interprocess_token */ - ); - -static OM_uint32 k5glue_import_sec_context -(void *, OM_uint32 *, /* minor_status */ - gss_buffer_t, /* interprocess_token */ - gss_ctx_id_t * /* context_handle */ - ); -#endif /* LEAN_CLIENT */ - -krb5_error_code k5glue_ser_init(krb5_context); - -static OM_uint32 k5glue_internal_release_oid -(void *, OM_uint32 *, /* minor_status */ - gss_OID * /* oid */ - ); - -static OM_uint32 k5glue_inquire_names_for_mech -(void *, OM_uint32 *, /* minor_status */ - gss_OID, /* mechanism */ - gss_OID_set * /* name_types */ - ); - -#if 0 -static OM_uint32 k5glue_canonicalize_name -(void *, OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - const gss_OID, /* mech_type */ - gss_name_t * /* output_name */ - ); -#endif - -static OM_uint32 k5glue_export_name -(void *, OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_buffer_t /* exported_name */ - ); - -#if 0 -static OM_uint32 k5glue_duplicate_name -(void *, OM_uint32 *, /* minor_status */ - const gss_name_t, /* input_name */ - gss_name_t * /* dest_name */ - ); -#endif - -#if 0 -static OM_uint32 k5glue_validate_cred -(void *, OM_uint32 *, /* minor_status */ - gss_cred_id_t /* cred */ - ); -#endif -/* - * The krb5 mechanism provides two mech OIDs; use this initializer to - * ensure that both dispatch tables contain identical function - * pointers. - */ -#ifndef LEAN_CLIENT -#define KRB5_GSS_CONFIG_INIT \ - NULL, \ - k5glue_acquire_cred, \ - k5glue_release_cred, \ - k5glue_init_sec_context, \ - k5glue_accept_sec_context, \ - k5glue_process_context_token, \ - k5glue_delete_sec_context, \ - k5glue_context_time, \ - k5glue_sign, \ - k5glue_verify, \ - k5glue_seal, \ - k5glue_unseal, \ - k5glue_display_status, \ - k5glue_indicate_mechs, \ - k5glue_compare_name, \ - k5glue_display_name, \ - k5glue_import_name, \ - k5glue_release_name, \ - k5glue_inquire_cred, \ - k5glue_add_cred, \ - k5glue_export_sec_context, \ - k5glue_import_sec_context, \ - k5glue_inquire_cred_by_mech, \ - k5glue_inquire_names_for_mech, \ - k5glue_inquire_context, \ - k5glue_internal_release_oid, \ - k5glue_wrap_size_limit, \ - k5glue_export_name, \ - NULL /* store_cred */ - -#else /* LEAN_CLIENT */ - -#define KRB5_GSS_CONFIG_INIT \ - NULL, \ - k5glue_acquire_cred, \ - k5glue_release_cred, \ - k5glue_init_sec_context, \ - NULL, \ - k5glue_process_context_token, \ - k5glue_delete_sec_context, \ - k5glue_context_time, \ - k5glue_sign, \ - k5glue_verify, \ - k5glue_seal, \ - k5glue_unseal, \ - k5glue_display_status, \ - k5glue_indicate_mechs, \ - k5glue_compare_name, \ - k5glue_display_name, \ - k5glue_import_name, \ - k5glue_release_name, \ - k5glue_inquire_cred, \ - k5glue_add_cred, \ - NULL, \ - NULL, \ - k5glue_inquire_cred_by_mech, \ - k5glue_inquire_names_for_mech, \ - k5glue_inquire_context, \ - k5glue_internal_release_oid, \ - k5glue_wrap_size_limit, \ - k5glue_export_name, \ - NULL /* store_cred */ - -#endif /* LEAN_CLIENT */ - - -static struct gss_config krb5_mechanism = { - 100, "kerberos_v5", - { GSS_MECH_KRB5_OID_LENGTH, GSS_MECH_KRB5_OID }, - KRB5_GSS_CONFIG_INIT -}; - -static struct gss_config krb5_mechanism_old = { - 200, "kerberos_v5 (pre-RFC OID)", - { GSS_MECH_KRB5_OLD_OID_LENGTH, GSS_MECH_KRB5_OLD_OID }, - KRB5_GSS_CONFIG_INIT -}; - -static struct gss_config krb5_mechanism_wrong = { - 300, "kerberos_v5 (wrong OID)", - { GSS_MECH_KRB5_WRONG_OID_LENGTH, GSS_MECH_KRB5_WRONG_OID }, - KRB5_GSS_CONFIG_INIT -}; - -static gss_mechanism krb5_mech_configs[] = { - &krb5_mechanism, &krb5_mechanism_old, &krb5_mechanism_wrong, NULL -}; - -#ifdef MS_BUG_TEST -static gss_mechanism krb5_mech_configs_hack[] = { - &krb5_mechanism, &krb5_mechanism_old, NULL -}; -#endif - -#define gssint_get_mech_configs krb5_gss_get_mech_configs - -gss_mechanism * -gssint_get_mech_configs(void) +OM_uint32 KRB5_CALLCONV +gss_krb5_get_tkt_flags( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_flags *ticket_flags) { -#ifdef MS_BUG_TEST - char *envstr = getenv("MS_FORCE_NO_MSOID"); - - if (envstr != NULL && strcmp(envstr, "1") == 0) { - return krb5_mech_configs_hack; + static const gss_OID_desc const req_oid = { + GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH, + GSS_KRB5_GET_TKT_FLAGS_OID }; + OM_uint32 major_status; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + + if (ticket_flags == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + major_status = gss_inquire_sec_context_by_oid(minor_status, + context_handle, + (const gss_OID)&req_oid, + &data_set); + if (major_status != GSS_S_COMPLETE) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || + data_set->count != 1 || + data_set->elements[0].length != sizeof(*ticket_flags)) { + *minor_status = EINVAL; + return GSS_S_FAILURE; } -#endif - return krb5_mech_configs; -} -#ifndef LEAN_CLIENT -static OM_uint32 -k5glue_accept_sec_context(ctx, minor_status, context_handle, verifier_cred_handle, - input_token, input_chan_bindings, src_name, mech_type, - output_token, ret_flags, time_rec, delegated_cred_handle) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t *context_handle; - gss_cred_id_t verifier_cred_handle; - gss_buffer_t input_token; - gss_channel_bindings_t input_chan_bindings; - gss_name_t *src_name; - gss_OID *mech_type; - gss_buffer_t output_token; - OM_uint32 *ret_flags; - OM_uint32 *time_rec; - gss_cred_id_t *delegated_cred_handle; -{ - return(krb5_gss_accept_sec_context(minor_status, - context_handle, - verifier_cred_handle, - input_token, - input_chan_bindings, - src_name, - mech_type, - output_token, - ret_flags, - time_rec, - delegated_cred_handle)); -} -#endif /* LEAN_CLIENT */ - -static OM_uint32 -k5glue_acquire_cred(ctx, minor_status, desired_name, time_req, desired_mechs, - cred_usage, output_cred_handle, actual_mechs, time_rec) - void *ctx; - OM_uint32 *minor_status; - gss_name_t desired_name; - OM_uint32 time_req; - gss_OID_set desired_mechs; - gss_cred_usage_t cred_usage; - gss_cred_id_t *output_cred_handle; - gss_OID_set *actual_mechs; - OM_uint32 *time_rec; -{ - return(krb5_gss_acquire_cred(minor_status, - desired_name, - time_req, - desired_mechs, - cred_usage, - output_cred_handle, - actual_mechs, - time_rec)); -} + *ticket_flags = *((krb5_flags *)data_set->elements[0].value); -/* V2 */ -static OM_uint32 -k5glue_add_cred(ctx, minor_status, input_cred_handle, desired_name, desired_mech, - cred_usage, initiator_time_req, acceptor_time_req, - output_cred_handle, actual_mechs, initiator_time_rec, - acceptor_time_rec) - void *ctx; - OM_uint32 *minor_status; - gss_cred_id_t input_cred_handle; - gss_name_t desired_name; - gss_OID desired_mech; - gss_cred_usage_t cred_usage; - OM_uint32 initiator_time_req; - OM_uint32 acceptor_time_req; - gss_cred_id_t *output_cred_handle; - gss_OID_set *actual_mechs; - OM_uint32 *initiator_time_rec; - OM_uint32 *acceptor_time_rec; -{ - return(krb5_gss_add_cred(minor_status, input_cred_handle, desired_name, - desired_mech, cred_usage, initiator_time_req, - acceptor_time_req, output_cred_handle, - actual_mechs, initiator_time_rec, - acceptor_time_rec)); -} + gss_release_buffer_set(minor_status, &data_set); -#if 0 -/* V2 */ -static OM_uint32 -k5glue_add_oid_set_member(ctx, minor_status, member_oid, oid_set) - void *ctx; - OM_uint32 *minor_status; - gss_OID member_oid; - gss_OID_set *oid_set; -{ - return(generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)); -} -#endif - -static OM_uint32 -k5glue_compare_name(ctx, minor_status, name1, name2, name_equal) - void *ctx; - OM_uint32 *minor_status; - gss_name_t name1; - gss_name_t name2; - int *name_equal; -{ - return(krb5_gss_compare_name(minor_status, name1, - name2, name_equal)); -} + *minor_status = 0; -static OM_uint32 -k5glue_context_time(ctx, minor_status, context_handle, time_rec) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - OM_uint32 *time_rec; -{ - return(krb5_gss_context_time(minor_status, context_handle, - time_rec)); + return GSS_S_COMPLETE; } -#if 0 -/* V2 */ -static OM_uint32 -k5glue_create_empty_oid_set(ctx, minor_status, oid_set) - void *ctx; - OM_uint32 *minor_status; - gss_OID_set *oid_set; -{ - return(generic_gss_create_empty_oid_set(minor_status, oid_set)); -} -#endif - -static OM_uint32 -k5glue_delete_sec_context(ctx, minor_status, context_handle, output_token) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t *context_handle; - gss_buffer_t output_token; +OM_uint32 KRB5_CALLCONV +gss_krb5_copy_ccache( + OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + krb5_ccache out_ccache) { - return(krb5_gss_delete_sec_context(minor_status, - context_handle, output_token)); -} + static const gss_OID_desc const req_oid = { + GSS_KRB5_COPY_CCACHE_OID_LENGTH, + GSS_KRB5_COPY_CCACHE_OID }; + OM_uint32 major_status; + gss_buffer_desc req_buffer; -static OM_uint32 -k5glue_display_name(ctx, minor_status, input_name, output_name_buffer, output_name_type) - void *ctx; - OM_uint32 *minor_status; - gss_name_t input_name; - gss_buffer_t output_name_buffer; - gss_OID *output_name_type; -{ - return(krb5_gss_display_name(minor_status, input_name, - output_name_buffer, output_name_type)); -} + if (out_ccache == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; -static OM_uint32 -k5glue_display_status(ctx, minor_status, status_value, status_type, - mech_type, message_context, status_string) - void *ctx; - OM_uint32 *minor_status; - OM_uint32 status_value; - int status_type; - gss_OID mech_type; - OM_uint32 *message_context; - gss_buffer_t status_string; -{ - return(krb5_gss_display_status(minor_status, status_value, - status_type, mech_type, message_context, - status_string)); -} -#ifndef LEAN_CLIENT -/* V2 */ -static OM_uint32 -k5glue_export_sec_context(ctx, minor_status, context_handle, interprocess_token) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t *context_handle; - gss_buffer_t interprocess_token; -{ - return(krb5_gss_export_sec_context(minor_status, - context_handle, - interprocess_token)); -} -#endif /* LEAN_CLIENT */ -#if 0 -/* V2 */ -static OM_uint32 -k5glue_get_mic(ctx, minor_status, context_handle, qop_req, - message_buffer, message_token) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_qop_t qop_req; - gss_buffer_t message_buffer; - gss_buffer_t message_token; -{ - return(krb5_gss_get_mic(minor_status, context_handle, - qop_req, message_buffer, message_token)); + req_buffer.value = out_ccache; + req_buffer.length = sizeof(out_ccache); + + major_status = gssspi_set_cred_option(minor_status, + cred_handle, + (const gss_OID)&req_oid, + &req_buffer); + + return major_status; } -#endif - -static OM_uint32 -k5glue_import_name(ctx, minor_status, input_name_buffer, input_name_type, output_name) - void *ctx; - OM_uint32 *minor_status; - gss_buffer_t input_name_buffer; - gss_OID input_name_type; - gss_name_t *output_name; + +OM_uint32 KRB5_CALLCONV +gss_krb5_export_lucid_sec_context( + OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + OM_uint32 version, + void **kctx) { -#if 0 - OM_uint32 err; - err = gssint_initialize_library(); - if (err) { - *minor_status = err; + unsigned char oid_buf[GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH + 6]; + gss_OID_desc req_oid; + OM_uint32 major_status, minor; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + + if (kctx == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *kctx = NULL; + + req_oid.elements = oid_buf; + req_oid.length = sizeof(oid_buf); + + major_status = generic_gss_oid_compose(minor_status, + GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID, + GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, + (int)version, + &req_oid); + if (GSS_ERROR(major_status)) + return major_status; + + major_status = gss_inquire_sec_context_by_oid(minor_status, + *context_handle, + &req_oid, + &data_set); + if (GSS_ERROR(major_status)) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || + data_set->count != 1 || + data_set->elements[0].length != sizeof(void *)) { + *minor_status = EINVAL; return GSS_S_FAILURE; } -#endif - return(krb5_gss_import_name(minor_status, input_name_buffer, - input_name_type, output_name)); -} -#ifndef LEAN_CLIENT -/* V2 */ -static OM_uint32 -k5glue_import_sec_context(ctx, minor_status, interprocess_token, context_handle) - void *ctx; - OM_uint32 *minor_status; - gss_buffer_t interprocess_token; - gss_ctx_id_t *context_handle; -{ - return(krb5_gss_import_sec_context(minor_status, - interprocess_token, - context_handle)); -} -#endif /* LEAN_CLIENT */ + *kctx = *((void **)data_set->elements[0].value); -static OM_uint32 -k5glue_indicate_mechs(ctx, minor_status, mech_set) - void *ctx; - OM_uint32 *minor_status; - gss_OID_set *mech_set; -{ - return(krb5_gss_indicate_mechs(minor_status, mech_set)); -} + /* Clean up the context state (it is an error for + * someone to attempt to use this context again) + */ + (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); + *context_handle = GSS_C_NO_CONTEXT; -static OM_uint32 -k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle, - target_name, mech_type, req_flags, time_req, - input_chan_bindings, input_token, actual_mech_type, - output_token, ret_flags, time_rec) - void *ctx; - OM_uint32 *minor_status; - gss_cred_id_t claimant_cred_handle; - gss_ctx_id_t *context_handle; - gss_name_t target_name; - gss_OID mech_type; - OM_uint32 req_flags; - OM_uint32 time_req; - gss_channel_bindings_t input_chan_bindings; - gss_buffer_t input_token; - gss_OID *actual_mech_type; - gss_buffer_t output_token; - OM_uint32 *ret_flags; - OM_uint32 *time_rec; -{ - return(krb5_gss_init_sec_context(minor_status, - claimant_cred_handle, context_handle, - target_name, mech_type, req_flags, - time_req, input_chan_bindings, input_token, - actual_mech_type, output_token, ret_flags, - time_rec)); -} + generic_gss_release_buffer_set(&minor, &data_set); -static OM_uint32 -k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name, - lifetime_rec, mech_type, ret_flags, - locally_initiated, opened) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_name_t *initiator_name; - gss_name_t *acceptor_name; - OM_uint32 *lifetime_rec; - gss_OID *mech_type; - OM_uint32 *ret_flags; - int *locally_initiated; - int *opened; -{ - return(krb5_gss_inquire_context(minor_status, context_handle, - initiator_name, acceptor_name, lifetime_rec, - mech_type, ret_flags, locally_initiated, - opened)); + return GSS_S_COMPLETE; } -static OM_uint32 -k5glue_inquire_cred(ctx, minor_status, cred_handle, name, lifetime_ret, - cred_usage, mechanisms) - void *ctx; - OM_uint32 *minor_status; - gss_cred_id_t cred_handle; - gss_name_t *name; - OM_uint32 *lifetime_ret; - gss_cred_usage_t *cred_usage; - gss_OID_set *mechanisms; +OM_uint32 KRB5_CALLCONV +gss_krb5_set_allowable_enctypes( + OM_uint32 *minor_status, + gss_cred_id_t cred, + OM_uint32 num_ktypes, + krb5_enctype *ktypes) { - return(krb5_gss_inquire_cred(minor_status, cred_handle, - name, lifetime_ret, cred_usage, mechanisms)); -} + static const gss_OID_desc const req_oid = { + GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH, + GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID }; + OM_uint32 major_status; + struct krb5_gss_set_allowable_enctypes_req req; + gss_buffer_desc req_buffer; + + req.num_ktypes = num_ktypes; + req.ktypes = ktypes; -/* V2 */ -static OM_uint32 -k5glue_inquire_cred_by_mech(ctx, minor_status, cred_handle, mech_type, name, - initiator_lifetime, acceptor_lifetime, cred_usage) - void *ctx; - OM_uint32 *minor_status; - gss_cred_id_t cred_handle; - gss_OID mech_type; - gss_name_t *name; - OM_uint32 *initiator_lifetime; - OM_uint32 *acceptor_lifetime; - gss_cred_usage_t *cred_usage; -{ - return(krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, - mech_type, name, initiator_lifetime, - acceptor_lifetime, cred_usage)); -} + req_buffer.length = sizeof(req); + req_buffer.value = &req; -/* V2 */ -static OM_uint32 -k5glue_inquire_names_for_mech(ctx, minor_status, mechanism, name_types) - void *ctx; - OM_uint32 *minor_status; - gss_OID mechanism; - gss_OID_set *name_types; -{ - return(krb5_gss_inquire_names_for_mech(minor_status, - mechanism, - name_types)); -} + major_status = gssspi_set_cred_option(minor_status, + cred, + (const gss_OID)&req_oid, + &req_buffer); -#if 0 -/* V2 */ -static OM_uint32 -k5glue_oid_to_str(ctx, minor_status, oid, oid_str) - void *ctx; - OM_uint32 *minor_status; - gss_OID oid; - gss_buffer_t oid_str; -{ - return(generic_gss_oid_to_str(minor_status, oid, oid_str)); -} -#endif - -static OM_uint32 -k5glue_process_context_token(ctx, minor_status, context_handle, token_buffer) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t token_buffer; -{ - return(krb5_gss_process_context_token(minor_status, - context_handle, token_buffer)); + return major_status; } -static OM_uint32 -k5glue_release_cred(ctx, minor_status, cred_handle) - void *ctx; - OM_uint32 *minor_status; - gss_cred_id_t *cred_handle; +OM_uint32 KRB5_CALLCONV +gss_krb5_ccache_name( + OM_uint32 *minor_status, + const char *name, + const char **out_name) { - return(krb5_gss_release_cred(minor_status, cred_handle)); -} + static const gss_OID_desc const req_oid = { + GSS_KRB5_CCACHE_NAME_OID_LENGTH, + GSS_KRB5_CCACHE_NAME_OID }; + OM_uint32 major_status; + struct krb5_gss_ccache_name_req req; + gss_buffer_desc req_buffer; -static OM_uint32 -k5glue_release_name(ctx, minor_status, input_name) - void *ctx; - OM_uint32 *minor_status; - gss_name_t *input_name; -{ - return(krb5_gss_release_name(minor_status, input_name)); -} + req.name = name; + req.out_name = out_name; -#if 0 -static OM_uint32 -k5glue_release_buffer(ctx, minor_status, buffer) - void *ctx; - OM_uint32 *minor_status; - gss_buffer_t buffer; -{ - return(generic_gss_release_buffer(minor_status, - buffer)); -} -#endif - -/* V2 */ -static OM_uint32 -k5glue_internal_release_oid(ctx, minor_status, oid) - void *ctx; - OM_uint32 *minor_status; - gss_OID *oid; -{ - return(krb5_gss_internal_release_oid(minor_status, oid)); -} + req_buffer.length = sizeof(req); + req_buffer.value = &req; -#if 0 -static OM_uint32 -k5glue_release_oid_set(ctx, minor_status, set) - void *ctx; - OM_uint32 * minor_status; - gss_OID_set *set; -{ - return(generic_gss_release_oid_set(minor_status, set)); -} -#endif - -/* V1 only */ -static OM_uint32 -k5glue_seal(ctx, minor_status, context_handle, conf_req_flag, qop_req, - input_message_buffer, conf_state, output_message_buffer) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int conf_req_flag; - int qop_req; - gss_buffer_t input_message_buffer; - int *conf_state; - gss_buffer_t output_message_buffer; -{ - return(krb5_gss_seal(minor_status, context_handle, - conf_req_flag, qop_req, input_message_buffer, - conf_state, output_message_buffer)); -} + major_status = gssspi_mech_invoke(minor_status, + (const gss_OID)gss_mech_krb5, + (const gss_OID)&req_oid, + &req_buffer); -static OM_uint32 -k5glue_sign(ctx, minor_status, context_handle, - qop_req, message_buffer, - message_token) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int qop_req; - gss_buffer_t message_buffer; - gss_buffer_t message_token; -{ - return(krb5_gss_sign(minor_status, context_handle, - qop_req, message_buffer, message_token)); + return major_status; } -#if 0 -/* V2 */ -static OM_uint32 -k5glue_verify_mic(ctx, minor_status, context_handle, - message_buffer, token_buffer, qop_state) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t message_buffer; - gss_buffer_t token_buffer; - gss_qop_t *qop_state; +OM_uint32 KRB5_CALLCONV +gss_krb5_free_lucid_sec_context( + OM_uint32 *minor_status, + void *kctx) { - return(krb5_gss_verify_mic(minor_status, context_handle, - message_buffer, token_buffer, qop_state)); -} + static const gss_OID_desc const req_oid = { + GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH, + GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID }; + OM_uint32 major_status; + gss_buffer_desc req_buffer; -/* V2 */ -static OM_uint32 -k5glue_wrap(ctx, minor_status, context_handle, conf_req_flag, qop_req, - input_message_buffer, conf_state, output_message_buffer) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int conf_req_flag; - gss_qop_t qop_req; - gss_buffer_t input_message_buffer; - int *conf_state; - gss_buffer_t output_message_buffer; -{ - return(krb5_gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, - input_message_buffer, conf_state, - output_message_buffer)); -} + req_buffer.length = sizeof(kctx); + req_buffer.value = kctx; -/* V2 */ -static OM_uint32 -k5glue_str_to_oid(ctx, minor_status, oid_str, oid) - void *ctx; - OM_uint32 *minor_status; - gss_buffer_t oid_str; - gss_OID *oid; -{ - return(generic_gss_str_to_oid(minor_status, oid_str, oid)); -} + major_status = gssspi_mech_invoke(minor_status, + (const gss_OID)gss_mech_krb5, + (const gss_OID)&req_oid, + &req_buffer); -/* V2 */ -static OM_uint32 -k5glue_test_oid_set_member(ctx, minor_status, member, set, present) - void *ctx; - OM_uint32 *minor_status; - gss_OID member; - gss_OID_set set; - int *present; -{ - return(generic_gss_test_oid_set_member(minor_status, member, set, - present)); -} -#endif - -/* V1 only */ -static OM_uint32 -k5glue_unseal(ctx, minor_status, context_handle, input_message_buffer, - output_message_buffer, conf_state, qop_state) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t input_message_buffer; - gss_buffer_t output_message_buffer; - int *conf_state; - int *qop_state; -{ - return(krb5_gss_unseal(minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state)); + return major_status; } -#if 0 -/* V2 */ -static OM_uint32 -k5glue_unwrap(ctx, minor_status, context_handle, input_message_buffer, - output_message_buffer, conf_state, qop_state) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t input_message_buffer; - gss_buffer_t output_message_buffer; - int *conf_state; - gss_qop_t *qop_state; -{ - return(krb5_gss_unwrap(minor_status, context_handle, input_message_buffer, - output_message_buffer, conf_state, qop_state)); -} -#endif - -/* V1 only */ -static OM_uint32 -k5glue_verify(ctx, minor_status, context_handle, message_buffer, - token_buffer, qop_state) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t message_buffer; - gss_buffer_t token_buffer; - int *qop_state; +OM_uint32 KRB5_CALLCONV +krb5_gss_register_acceptor_identity(const char *keytab) { - return(krb5_gss_verify(minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state)); -} + static const gss_OID_desc const req_oid = { + GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID_LENGTH, + GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_OID }; + OM_uint32 major_status; + OM_uint32 minor_status; + gss_buffer_desc req_buffer; -/* V2 interface */ -static OM_uint32 -k5glue_wrap_size_limit(ctx, minor_status, context_handle, conf_req_flag, - qop_req, req_output_size, max_input_size) - void *ctx; - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int conf_req_flag; - gss_qop_t qop_req; - OM_uint32 req_output_size; - OM_uint32 *max_input_size; -{ - return(krb5_gss_wrap_size_limit(minor_status, context_handle, - conf_req_flag, qop_req, - req_output_size, max_input_size)); -} + req_buffer.length = strlen(keytab); + req_buffer.value = (char *)keytab; -#if 0 -/* V2 interface */ -static OM_uint32 -k5glue_canonicalize_name(ctx, minor_status, input_name, mech_type, output_name) - void *ctx; - OM_uint32 *minor_status; - const gss_name_t input_name; - const gss_OID mech_type; - gss_name_t *output_name; -{ - return krb5_gss_canonicalize_name(minor_status, input_name, - mech_type, output_name); -} -#endif - -/* V2 interface */ -static OM_uint32 -k5glue_export_name(ctx, minor_status, input_name, exported_name) - void *ctx; - OM_uint32 *minor_status; - const gss_name_t input_name; - gss_buffer_t exported_name; -{ - return krb5_gss_export_name(minor_status, input_name, exported_name); + major_status = gssspi_mech_invoke(&minor_status, + (const gss_OID)gss_mech_krb5, + (const gss_OID)&req_oid, + &req_buffer); + + return major_status; } -#if 0 -/* V2 interface */ -static OM_uint32 -k5glue_duplicate_name(ctx, minor_status, input_name, dest_name) - void *ctx; - OM_uint32 *minor_status; - const gss_name_t input_name; - gss_name_t *dest_name; +krb5_error_code +krb5_gss_use_kdc_context(void) { - return krb5_gss_duplicate_name(minor_status, input_name, dest_name); + static const gss_OID_desc const req_oid = { + GSS_KRB5_USE_KDC_CONTEXT_OID_LENGTH, + GSS_KRB5_USE_KDC_CONTEXT_OID }; + OM_uint32 major_status; + OM_uint32 minor_status; + gss_buffer_desc req_buffer; + + req_buffer.length = 0; + req_buffer.value = NULL; + + major_status = gssspi_mech_invoke(&minor_status, + (const gss_OID)gss_mech_krb5, + (const gss_OID)&req_oid, + &req_buffer); + + return major_status; } -#endif +/* + * This API should go away and be replaced with an accessor + * into a gss_name_t. + */ OM_uint32 KRB5_CALLCONV -gss_krb5_get_tkt_flags( +gsskrb5_extract_authz_data_from_sec_context( OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - krb5_flags *ticket_flags) -{ - gss_union_ctx_id_t uctx; - - uctx = (gss_union_ctx_id_t)context_handle; - if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && - !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) - return GSS_S_BAD_MECH; - return gss_krb5int_get_tkt_flags(minor_status, uctx->internal_ctx_id, - ticket_flags); -} + const gss_ctx_id_t context_handle, + int ad_type, + gss_buffer_t ad_data) +{ + gss_OID_desc req_oid; + unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6]; + OM_uint32 major_status; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + + if (ad_data == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + req_oid.elements = oid_buf; + req_oid.length = sizeof(oid_buf); + + major_status = generic_gss_oid_compose(minor_status, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID, + GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH, + ad_type, + &req_oid); + if (GSS_ERROR(major_status)) + return major_status; + + major_status = gss_inquire_sec_context_by_oid(minor_status, + context_handle, + (const gss_OID)&req_oid, + &data_set); + if (major_status != GSS_S_COMPLETE) { + return major_status; + } -OM_uint32 KRB5_CALLCONV -gss_krb5_copy_ccache( - OM_uint32 *minor_status, - gss_cred_id_t cred_handle, - krb5_ccache out_ccache) -{ - gss_union_cred_t ucred; - gss_cred_id_t mcred; + if (data_set == GSS_C_NO_BUFFER_SET || + data_set->count != 1) { + return GSS_S_FAILURE; + } - ucred = (gss_union_cred_t)cred_handle; + ad_data->length = data_set->elements[0].length; + ad_data->value = data_set->elements[0].value; - mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); - if (mcred != GSS_C_NO_CREDENTIAL) - return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); + data_set->elements[0].length = 0; + data_set->elements[0].value = NULL; - mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); - if (mcred != GSS_C_NO_CREDENTIAL) - return gss_krb5int_copy_ccache(minor_status, mcred, out_ccache); + data_set->count = 0; - return GSS_S_DEFECTIVE_CREDENTIAL; + gss_release_buffer_set(minor_status, &data_set); + + return GSS_S_COMPLETE; } -/* XXX need to delete mechglue ctx too */ OM_uint32 KRB5_CALLCONV -gss_krb5_export_lucid_sec_context( +gss_krb5_set_cred_rcache( OM_uint32 *minor_status, - gss_ctx_id_t *context_handle, - OM_uint32 version, - void **kctx) + gss_cred_id_t cred, + krb5_rcache rcache) { - gss_union_ctx_id_t uctx; - - uctx = (gss_union_ctx_id_t)*context_handle; - if (!g_OID_equal(uctx->mech_type, &krb5_mechanism.mech_type) && - !g_OID_equal(uctx->mech_type, &krb5_mechanism_old.mech_type)) - return GSS_S_BAD_MECH; - return gss_krb5int_export_lucid_sec_context(minor_status, - &uctx->internal_ctx_id, - version, kctx); + static const gss_OID_desc const req_oid = { + GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH, + GSS_KRB5_SET_CRED_RCACHE_OID }; + OM_uint32 major_status; + gss_buffer_desc req_buffer; + + req_buffer.length = sizeof(rcache); + req_buffer.value = rcache; + + major_status = gssspi_set_cred_option(minor_status, + cred, + (const gss_OID)&req_oid, + &req_buffer); + + return major_status; } OM_uint32 KRB5_CALLCONV -gss_krb5_set_allowable_enctypes( - OM_uint32 *minor_status, - gss_cred_id_t cred, - OM_uint32 num_ktypes, - krb5_enctype *ktypes) -{ - gss_union_cred_t ucred; - gss_cred_id_t mcred; +gsskrb5_extract_authtime_from_sec_context(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + krb5_timestamp *authtime) +{ + static const gss_OID_desc const req_oid = { + GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID_LENGTH, + GSS_KRB5_EXTRACT_AUTHTIME_FROM_SEC_CONTEXT_OID }; + OM_uint32 major_status; + gss_buffer_set_t data_set = GSS_C_NO_BUFFER_SET; + + if (authtime == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + major_status = gss_inquire_sec_context_by_oid(minor_status, + context_handle, + (const gss_OID)&req_oid, + &data_set); + if (major_status != GSS_S_COMPLETE) + return major_status; + + if (data_set == GSS_C_NO_BUFFER_SET || + data_set->count != 1 || + data_set->elements[0].length != sizeof(*authtime)) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } - ucred = (gss_union_cred_t)cred; - mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism.mech_type); - if (mcred != GSS_C_NO_CREDENTIAL) - return gss_krb5int_set_allowable_enctypes(minor_status, mcred, - num_ktypes, ktypes); + *authtime = *((krb5_timestamp *)data_set->elements[0].value); - mcred = gssint_get_mechanism_cred(ucred, &krb5_mechanism_old.mech_type); - if (mcred != GSS_C_NO_CREDENTIAL) - return gss_krb5int_set_allowable_enctypes(minor_status, mcred, - num_ktypes, ktypes); + gss_release_buffer_set(minor_status, &data_set); - return GSS_S_DEFECTIVE_CREDENTIAL; + *minor_status = 0; + + return GSS_S_COMPLETE; } + diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c index 086bea4277..b66fe5c7b5 100644 --- a/src/lib/gssapi/krb5/lucid_context.c +++ b/src/lib/gssapi/krb5/lucid_context.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/lucid_context.c * @@ -51,7 +52,7 @@ copy_keyblock_to_lucid_key( static krb5_error_code make_external_lucid_ctx_v1( krb5_gss_ctx_id_rec * gctx, - unsigned int version, + int version, void **out_ptr); @@ -61,70 +62,61 @@ make_external_lucid_ctx_v1( OM_uint32 KRB5_CALLCONV gss_krb5int_export_lucid_sec_context( - OM_uint32 *minor_status, - gss_ctx_id_t *context_handle, - OM_uint32 version, - void **kctx) + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) { - krb5_error_code kret = 0; - OM_uint32 retval; - krb5_gss_ctx_id_t ctx; - void *lctx = NULL; + krb5_error_code kret = 0; + OM_uint32 retval; + krb5_gss_ctx_id_t ctx = (krb5_gss_ctx_id_t)context_handle; + void *lctx = NULL; + int version = 0; + gss_buffer_desc rep; /* Assume failure */ retval = GSS_S_FAILURE; *minor_status = 0; + *data_set = GSS_C_NO_BUFFER_SET; - if (kctx) - *kctx = NULL; - else { - kret = EINVAL; - goto error_out; - } - - if (!kg_validate_ctx_id(*context_handle)) { - kret = (OM_uint32) G_VALIDATE_FAILED; - retval = GSS_S_NO_CONTEXT; - goto error_out; - } - - ctx = (krb5_gss_ctx_id_t) *context_handle; + retval = generic_gss_oid_decompose(minor_status, + GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID, + GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH, + desired_object, + &version); + if (GSS_ERROR(retval)) + return retval; /* Externalize a structure of the right version */ switch (version) { case 1: - kret = make_external_lucid_ctx_v1((krb5_pointer)ctx, - version, &lctx); + kret = make_external_lucid_ctx_v1((krb5_pointer)ctx, + version, &lctx); break; default: - kret = (OM_uint32) KG_LUCID_VERSION; - break; + kret = (OM_uint32) KG_LUCID_VERSION; + break; } if (kret) - goto error_out; + goto error_out; /* Success! Record the context and return the buffer */ if (! kg_save_lucidctx_id((void *)lctx)) { - kret = G_VALIDATE_FAILED; - goto error_out; + kret = G_VALIDATE_FAILED; + goto error_out; } - *kctx = lctx; - *minor_status = 0; - retval = GSS_S_COMPLETE; - - /* Clean up the context state (it is an error for - * someone to attempt to use this context again) - */ - (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); - *context_handle = GSS_C_NO_CONTEXT; + rep.value = lctx; + rep.length = sizeof(lctx); - return (retval); + retval = generic_gss_add_buffer_set_member(minor_status, &rep, data_set); + if (GSS_ERROR(retval)) + goto error_out; error_out: - if (*minor_status == 0) - *minor_status = (OM_uint32) kret; + if (*minor_status == 0) + *minor_status = (OM_uint32) kret; return(retval); } @@ -132,44 +124,48 @@ error_out: * Frees the storage associated with an * exported lucid context structure. */ -OM_uint32 KRB5_CALLCONV -gss_krb5_free_lucid_sec_context( +OM_uint32 +gss_krb5int_free_lucid_sec_context( OM_uint32 *minor_status, - void *kctx) + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value) { - OM_uint32 retval; - krb5_error_code kret = 0; - int version; + OM_uint32 retval; + krb5_error_code kret = 0; + int version; + void *kctx; /* Assume failure */ retval = GSS_S_FAILURE; *minor_status = 0; + kctx = value->value; if (!kctx) { - kret = EINVAL; - goto error_out; + kret = EINVAL; + goto error_out; } /* Verify pointer is valid lucid context */ if (! kg_validate_lucidctx_id(kctx)) { - kret = G_VALIDATE_FAILED; - goto error_out; + kret = G_VALIDATE_FAILED; + goto error_out; } /* Determine version and call correct free routine */ version = ((gss_krb5_lucid_context_version_t *)kctx)->version; switch (version) { case 1: - (void)kg_delete_lucidctx_id(kctx); - free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx); - break; + (void)kg_delete_lucidctx_id(kctx); + free_external_lucid_ctx_v1((gss_krb5_lucid_context_v1_t*) kctx); + break; default: - kret = EINVAL; - break; + kret = EINVAL; + break; } if (kret) - goto error_out; + goto error_out; /* Success! */ *minor_status = 0; @@ -178,8 +174,8 @@ gss_krb5_free_lucid_sec_context( return (retval); error_out: - if (*minor_status == 0) - *minor_status = (OM_uint32) kret; + if (*minor_status == 0) + *minor_status = (OM_uint32) kret; return(retval); } @@ -190,7 +186,7 @@ error_out: static krb5_error_code make_external_lucid_ctx_v1( krb5_gss_ctx_id_rec * gctx, - unsigned int version, + int version, void **out_ptr) { gss_krb5_lucid_context_v1_t *lctx = NULL; @@ -199,44 +195,44 @@ make_external_lucid_ctx_v1( /* Allocate the structure */ if ((lctx = xmalloc(bufsize)) == NULL) { - retval = ENOMEM; - goto error_out; + retval = ENOMEM; + goto error_out; } memset(lctx, 0, bufsize); lctx->version = 1; lctx->initiate = gctx->initiate ? 1 : 0; - lctx->endtime = gctx->endtime; + lctx->endtime = gctx->krb_times.endtime; lctx->send_seq = gctx->seq_send; lctx->recv_seq = gctx->seq_recv; lctx->protocol = gctx->proto; /* gctx->proto == 0 ==> rfc1964-style key information gctx->proto == 1 ==> cfx-style (draft-ietf-krb-wg-gssapi-cfx-07) keys */ if (gctx->proto == 0) { - lctx->rfc1964_kd.sign_alg = gctx->signalg; - lctx->rfc1964_kd.seal_alg = gctx->sealalg; - /* Copy key */ - if ((retval = copy_keyblock_to_lucid_key(gctx->subkey, - &lctx->rfc1964_kd.ctx_key))) - goto error_out; + lctx->rfc1964_kd.sign_alg = gctx->signalg; + lctx->rfc1964_kd.seal_alg = gctx->sealalg; + /* Copy key */ + if ((retval = copy_keyblock_to_lucid_key(gctx->subkey, + &lctx->rfc1964_kd.ctx_key))) + goto error_out; } else if (gctx->proto == 1) { - /* Copy keys */ - /* (subkey is always present, either a copy of the kerberos - session key or a subkey) */ - if ((retval = copy_keyblock_to_lucid_key(gctx->subkey, - &lctx->cfx_kd.ctx_key))) - goto error_out; - if (gctx->have_acceptor_subkey) { - if ((retval = copy_keyblock_to_lucid_key(gctx->acceptor_subkey, - &lctx->cfx_kd.acceptor_subkey))) - goto error_out; - lctx->cfx_kd.have_acceptor_subkey = 1; - } + /* Copy keys */ + /* (subkey is always present, either a copy of the kerberos + session key or a subkey) */ + if ((retval = copy_keyblock_to_lucid_key(gctx->subkey, + &lctx->cfx_kd.ctx_key))) + goto error_out; + if (gctx->have_acceptor_subkey) { + if ((retval = copy_keyblock_to_lucid_key(gctx->acceptor_subkey, + &lctx->cfx_kd.acceptor_subkey))) + goto error_out; + lctx->cfx_kd.have_acceptor_subkey = 1; + } } else { - return EINVAL; /* XXX better error code? */ + return EINVAL; /* XXX better error code? */ } /* Success! */ @@ -245,7 +241,7 @@ make_external_lucid_ctx_v1( error_out: if (lctx) { - free_external_lucid_ctx_v1(lctx); + free_external_lucid_ctx_v1(lctx); } return retval; @@ -258,13 +254,13 @@ copy_keyblock_to_lucid_key( gss_krb5_lucid_key_t *lkey) { if (!k5key || !k5key->contents || k5key->length == 0) - return EINVAL; + return EINVAL; memset(lkey, 0, sizeof(gss_krb5_lucid_key_t)); /* Allocate storage for the key data */ if ((lkey->data = xmalloc(k5key->length)) == NULL) { - return ENOMEM; + return ENOMEM; } memcpy(lkey->data, k5key->contents, k5key->length); lkey->length = k5key->length; @@ -280,11 +276,11 @@ free_lucid_key_data( gss_krb5_lucid_key_t *key) { if (key) { - if (key->data && key->length) { - memset(key->data, 0, key->length); - xfree(key->data); - memset(key, 0, sizeof(gss_krb5_lucid_key_t)); - } + if (key->data && key->length) { + memset(key->data, 0, key->length); + xfree(key->data); + memset(key, 0, sizeof(gss_krb5_lucid_key_t)); + } } } /* Free any storage associated with a gss_krb5_lucid_context_v1 structure */ @@ -293,15 +289,15 @@ free_external_lucid_ctx_v1( gss_krb5_lucid_context_v1_t *ctx) { if (ctx) { - if (ctx->protocol == 0) { - free_lucid_key_data(&ctx->rfc1964_kd.ctx_key); - } - if (ctx->protocol == 1) { - free_lucid_key_data(&ctx->cfx_kd.ctx_key); - if (ctx->cfx_kd.have_acceptor_subkey) - free_lucid_key_data(&ctx->cfx_kd.acceptor_subkey); - } - xfree(ctx); - ctx = NULL; + if (ctx->protocol == 0) { + free_lucid_key_data(&ctx->rfc1964_kd.ctx_key); + } + if (ctx->protocol == 1) { + free_lucid_key_data(&ctx->cfx_kd.ctx_key); + if (ctx->cfx_kd.have_acceptor_subkey) + free_lucid_key_data(&ctx->cfx_kd.acceptor_subkey); + } + xfree(ctx); + ctx = NULL; } } diff --git a/src/lib/gssapi/krb5/process_context_token.c b/src/lib/gssapi/krb5/process_context_token.c index 49d8ec3f9f..9a4d282ac8 100644 --- a/src/lib/gssapi/krb5/process_context_token.c +++ b/src/lib/gssapi/krb5/process_context_token.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -27,38 +28,38 @@ */ OM_uint32 -krb5_gss_process_context_token(minor_status, context_handle, - token_buffer) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t token_buffer; +krb5_gss_process_context_token(minor_status, context_handle, + token_buffer) + OM_uint32 *minor_status; + gss_ctx_id_t context_handle; + gss_buffer_t token_buffer; { - krb5_gss_ctx_id_rec *ctx; - OM_uint32 majerr; + krb5_gss_ctx_id_rec *ctx; + OM_uint32 majerr; - /* validate the context handle */ - if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); - } + /* validate the context handle */ + if (! kg_validate_ctx_id(context_handle)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); + } - ctx = (krb5_gss_ctx_id_t) context_handle; + ctx = (krb5_gss_ctx_id_t) context_handle; - if (! ctx->established) { - *minor_status = KG_CTX_INCOMPLETE; - return(GSS_S_NO_CONTEXT); - } + if (! ctx->established) { + *minor_status = KG_CTX_INCOMPLETE; + return(GSS_S_NO_CONTEXT); + } - /* "unseal" the token */ + /* "unseal" the token */ - if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle, - token_buffer, - GSS_C_NO_BUFFER, NULL, NULL, - KG_TOK_DEL_CTX))) - return(majerr); + if (GSS_ERROR(majerr = kg_unseal(minor_status, context_handle, + token_buffer, + GSS_C_NO_BUFFER, NULL, NULL, + KG_TOK_DEL_CTX))) + return(majerr); - /* that's it. delete the context */ + /* that's it. delete the context */ - return(krb5_gss_delete_sec_context(minor_status, &context_handle, - GSS_C_NO_BUFFER)); + return(krb5_gss_delete_sec_context(minor_status, &context_handle, + GSS_C_NO_BUFFER)); } diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c index 1b4a6ce55c..8330543268 100644 --- a/src/lib/gssapi/krb5/rel_cred.c +++ b/src/lib/gssapi/krb5/rel_cred.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -22,74 +23,74 @@ #include "gssapiP_krb5.h" -OM_uint32 +OM_uint32 krb5_gss_release_cred(minor_status, cred_handle) - OM_uint32 *minor_status; - gss_cred_id_t *cred_handle; + OM_uint32 *minor_status; + gss_cred_id_t *cred_handle; { - krb5_context context; - krb5_gss_cred_id_t cred; - krb5_error_code code1, code2, code3; + krb5_context context; + krb5_gss_cred_id_t cred; + krb5_error_code code1, code2, code3; - code1 = krb5_gss_init_context(&context); - if (code1) { - *minor_status = code1; - return GSS_S_FAILURE; - } + code1 = krb5_gss_init_context(&context); + if (code1) { + *minor_status = code1; + return GSS_S_FAILURE; + } - if (*cred_handle == GSS_C_NO_CREDENTIAL) { - *minor_status = 0; - krb5_free_context(context); - return(GSS_S_COMPLETE); - } + if (*cred_handle == GSS_C_NO_CREDENTIAL) { + *minor_status = 0; + krb5_free_context(context); + return(GSS_S_COMPLETE); + } - if (! kg_delete_cred_id(*cred_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED); - } + if (! kg_delete_cred_id(*cred_handle)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_NO_CRED); + } - cred = (krb5_gss_cred_id_t)*cred_handle; + cred = (krb5_gss_cred_id_t)*cred_handle; - k5_mutex_destroy(&cred->lock); - /* ignore error destroying mutex */ + k5_mutex_destroy(&cred->lock); + /* ignore error destroying mutex */ - if (cred->ccache) - code1 = krb5_cc_close(context, cred->ccache); - else - code1 = 0; + if (cred->ccache) + code1 = krb5_cc_close(context, cred->ccache); + else + code1 = 0; -#ifndef LEAN_CLIENT - if (cred->keytab) - code2 = krb5_kt_close(context, cred->keytab); - else +#ifndef LEAN_CLIENT + if (cred->keytab) + code2 = krb5_kt_close(context, cred->keytab); + else #endif /* LEAN_CLIENT */ - code2 = 0; + code2 = 0; - if (cred->rcache) - code3 = krb5_rc_close(context, cred->rcache); - else - code3 = 0; - if (cred->princ) - krb5_free_principal(context, cred->princ); + if (cred->rcache) + code3 = krb5_rc_close(context, cred->rcache); + else + code3 = 0; + if (cred->princ) + krb5_free_principal(context, cred->princ); - if (cred->req_enctypes) - free(cred->req_enctypes); + if (cred->req_enctypes) + free(cred->req_enctypes); - xfree(cred); + xfree(cred); - *cred_handle = NULL; + *cred_handle = NULL; - *minor_status = 0; - if (code1) - *minor_status = code1; - if (code2) - *minor_status = code2; - if (code3) - *minor_status = code3; + *minor_status = 0; + if (code1) + *minor_status = code1; + if (code2) + *minor_status = code2; + if (code3) + *minor_status = code3; - if (*minor_status) - save_error_info(*minor_status, context); - krb5_free_context(context); - return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE); + if (*minor_status) + save_error_info(*minor_status, context); + krb5_free_context(context); + return(*minor_status?GSS_S_FAILURE:GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/rel_name.c b/src/lib/gssapi/krb5/rel_name.c index d906a70c0c..49d1944480 100644 --- a/src/lib/gssapi/krb5/rel_name.c +++ b/src/lib/gssapi/krb5/rel_name.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -24,31 +25,31 @@ OM_uint32 krb5_gss_release_name(minor_status, input_name) - OM_uint32 *minor_status; - gss_name_t *input_name; + OM_uint32 *minor_status; + gss_name_t *input_name; { - krb5_context context; - krb5_error_code code; + krb5_context context; + krb5_error_code code; - code = krb5_gss_init_context(&context); - if (code) { - *minor_status = code; - return GSS_S_FAILURE; - } + code = krb5_gss_init_context(&context); + if (code) { + *minor_status = code; + return GSS_S_FAILURE; + } - if (! kg_validate_name(*input_name)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - krb5_free_context(context); - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); - } + if (! kg_validate_name(*input_name)) { + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + krb5_free_context(context); + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); + } - (void)kg_delete_name(*input_name); + (void)kg_delete_name(*input_name); - krb5_free_principal(context, (krb5_principal) *input_name); - krb5_free_context(context); + krb5_free_principal(context, (krb5_principal) *input_name); + krb5_free_context(context); - *input_name = (gss_name_t) NULL; + *input_name = (gss_name_t) NULL; - *minor_status = 0; - return(GSS_S_COMPLETE); + *minor_status = 0; + return(GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/krb5/rel_oid.c b/src/lib/gssapi/krb5/rel_oid.c index 7e45781efb..7a08da2bea 100644 --- a/src/lib/gssapi/krb5/rel_oid.c +++ b/src/lib/gssapi/krb5/rel_oid.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/rel_oid.c * @@ -31,13 +32,13 @@ #include "gssapiP_krb5.h" OM_uint32 krb5_gss_internal_release_oid (OM_uint32 *, /* minor_status */ - gss_OID * /* oid */ - ); + gss_OID * /* oid */ +); OM_uint32 krb5_gss_release_oid(minor_status, oid) - OM_uint32 *minor_status; - gss_OID *oid; + OM_uint32 *minor_status; + gss_OID *oid; { /* * The V2 API says the following! @@ -49,38 +50,37 @@ krb5_gss_release_oid(minor_status, oid) * allocated OID values with OIDs returned by GSS-API. */ if (krb5_gss_internal_release_oid(minor_status, oid) != GSS_S_COMPLETE) { - /* Pawn it off on the generic routine */ - return(generic_gss_release_oid(minor_status, oid)); + /* Pawn it off on the generic routine */ + return(generic_gss_release_oid(minor_status, oid)); } else { - *oid = GSS_C_NO_OID; - *minor_status = 0; - return(GSS_S_COMPLETE); + *oid = GSS_C_NO_OID; + *minor_status = 0; + return(GSS_S_COMPLETE); } } OM_uint32 krb5_gss_internal_release_oid(minor_status, oid) - OM_uint32 *minor_status; - gss_OID *oid; + OM_uint32 *minor_status; + gss_OID *oid; { /* * This function only knows how to release internal OIDs. It will * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize. */ - + *minor_status = 0; if ((*oid != gss_mech_krb5) && - (*oid != gss_mech_krb5_old) && - (*oid != gss_mech_krb5_wrong) && - (*oid != gss_nt_krb5_name) && - (*oid != gss_nt_krb5_principal)) { - /* We don't know about this OID */ - return(GSS_S_CONTINUE_NEEDED); + (*oid != gss_mech_krb5_old) && + (*oid != gss_mech_krb5_wrong) && + (*oid != gss_nt_krb5_name) && + (*oid != gss_nt_krb5_principal)) { + /* We don't know about this OID */ + return(GSS_S_CONTINUE_NEEDED); } else { - *oid = GSS_C_NO_OID; - return(GSS_S_COMPLETE); + *oid = GSS_C_NO_OID; + return(GSS_S_COMPLETE); } } - diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c index 63d3dabe06..7265193b3b 100644 --- a/src/lib/gssapi/krb5/seal.c +++ b/src/lib/gssapi/krb5/seal.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -26,38 +27,56 @@ * $Id$ */ +/* V2 interface */ OM_uint32 -krb5_gss_seal(minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int conf_req_flag; - int qop_req; - gss_buffer_t input_message_buffer; - int *conf_state; - gss_buffer_t output_message_buffer; +krb5_gss_wrap(minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer) + OM_uint32 *minor_status; + gss_ctx_id_t context_handle; + int conf_req_flag; + gss_qop_t qop_req; + gss_buffer_t input_message_buffer; + int *conf_state; + gss_buffer_t output_message_buffer; { - return(kg_seal(minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer, KG_TOK_SEAL_MSG)); + return(kg_seal(minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, + output_message_buffer, KG_TOK_WRAP_MSG)); } -/* V2 interface */ +/* AEAD interfaces */ OM_uint32 -krb5_gss_wrap(minor_status, context_handle, conf_req_flag, - qop_req, input_message_buffer, conf_state, - output_message_buffer) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int conf_req_flag; - gss_qop_t qop_req; - gss_buffer_t input_message_buffer; - int *conf_state; - gss_buffer_t output_message_buffer; +krb5_gss_wrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) { - return(kg_seal(minor_status, context_handle, conf_req_flag, - (int) qop_req, input_message_buffer, conf_state, - output_message_buffer, KG_TOK_WRAP_MSG)); + OM_uint32 major_status; + + major_status = kg_seal_iov(minor_status, context_handle, conf_req_flag, + qop_req, conf_state, + iov, iov_count, KG_TOK_WRAP_MSG); + + return major_status; +} + +OM_uint32 +krb5_gss_wrap_iov_length(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 major_status; + + major_status = kg_seal_iov_length(minor_status, context_handle, conf_req_flag, + qop_req, conf_state, iov, iov_count); + return major_status; } diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c index 92bb302f01..20cc6f9dd0 100644 --- a/src/lib/gssapi/krb5/ser_sctx.c +++ b/src/lib/gssapi/krb5/ser_sctx.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/ser_sctx.c * @@ -32,8 +33,8 @@ #include "gssapiP_krb5.h" /* - * This module contains routines to [de]serialize - * krb5_gss_enc_desc and krb5_gss_ctx_id_t. + * This module contains routines to [de]serialize + * krb5_gss_enc_desc and krb5_gss_ctx_id_t. * XXX This whole serialization abstraction is unnecessary in a * non-messaging environment, which krb5 is. Someday, this should * all get redone without the extra level of indirection. I've done @@ -45,190 +46,190 @@ static krb5_error_code kg_oid_externalize(kcontext, arg, buffer, lenremain) - krb5_context kcontext; - krb5_pointer arg; - krb5_octet **buffer; - size_t *lenremain; + krb5_context kcontext; + krb5_pointer arg; + krb5_octet **buffer; + size_t *lenremain; { - gss_OID oid = (gss_OID) arg; - krb5_error_code err; - - err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); - if (err) - return err; - err = krb5_ser_pack_int32((krb5_int32) oid->length, - buffer, lenremain); - if (err) - return err; - err = krb5_ser_pack_bytes((krb5_octet *) oid->elements, - oid->length, buffer, lenremain); - if (err) - return err; - err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); - return err; + gss_OID oid = (gss_OID) arg; + krb5_error_code err; + + err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); + if (err) + return err; + err = krb5_ser_pack_int32((krb5_int32) oid->length, + buffer, lenremain); + if (err) + return err; + err = krb5_ser_pack_bytes((krb5_octet *) oid->elements, + oid->length, buffer, lenremain); + if (err) + return err; + err = krb5_ser_pack_int32(KV5M_GSS_OID, buffer, lenremain); + return err; } static krb5_error_code kg_oid_internalize(kcontext, argp, buffer, lenremain) - krb5_context kcontext; - krb5_pointer *argp; - krb5_octet **buffer; - size_t *lenremain; + krb5_context kcontext; + krb5_pointer *argp; + krb5_octet **buffer; + size_t *lenremain; { - gss_OID oid; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - - bp = *buffer; - remain = *lenremain; - - /* Read in and check our magic number */ - if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - return (EINVAL); - - if (ibuf != KV5M_GSS_OID) - return (EINVAL); - - oid = (gss_OID) malloc(sizeof(gss_OID_desc)); - if (oid == NULL) - return ENOMEM; - if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { - free(oid); - return EINVAL; - } - oid->length = ibuf; - oid->elements = malloc(ibuf); - if (oid->elements == 0) { - free(oid); - return ENOMEM; - } - if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements, - oid->length, &bp, &remain)) { - free(oid->elements); - free(oid); - return EINVAL; - } - - /* Read in and check our trailing magic number */ - if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { - free(oid->elements); - free(oid); - return (EINVAL); - } - - if (ibuf != KV5M_GSS_OID) { - free(oid->elements); - free(oid); - return (EINVAL); - } - - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) oid; - return 0; + gss_OID oid; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + + bp = *buffer; + remain = *lenremain; + + /* Read in and check our magic number */ + if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) + return (EINVAL); + + if (ibuf != KV5M_GSS_OID) + return (EINVAL); + + oid = (gss_OID) malloc(sizeof(gss_OID_desc)); + if (oid == NULL) + return ENOMEM; + if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { + free(oid); + return EINVAL; + } + oid->length = ibuf; + oid->elements = malloc((size_t)ibuf); + if (oid->elements == 0) { + free(oid); + return ENOMEM; + } + if (krb5_ser_unpack_bytes((krb5_octet *) oid->elements, + oid->length, &bp, &remain)) { + free(oid->elements); + free(oid); + return EINVAL; + } + + /* Read in and check our trailing magic number */ + if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { + free(oid->elements); + free(oid); + return (EINVAL); + } + + if (ibuf != KV5M_GSS_OID) { + free(oid->elements); + free(oid); + return (EINVAL); + } + + *buffer = bp; + *lenremain = remain; + *argp = (krb5_pointer) oid; + return 0; } static krb5_error_code kg_oid_size(kcontext, arg, sizep) - krb5_context kcontext; - krb5_pointer arg; - size_t *sizep; + krb5_context kcontext; + krb5_pointer arg; + size_t *sizep; { - krb5_error_code kret; - gss_OID oid; - size_t required; + krb5_error_code kret; + gss_OID oid; + size_t required; - kret = EINVAL; - if ((oid = (gss_OID) arg)) { - required = 2*sizeof(krb5_int32); /* For the header and trailer */ - required += sizeof(krb5_int32); - required += oid->length; + kret = EINVAL; + if ((oid = (gss_OID) arg)) { + required = 2*sizeof(krb5_int32); /* For the header and trailer */ + required += sizeof(krb5_int32); + required += oid->length; - kret = 0; + kret = 0; - *sizep += required; - } + *sizep += required; + } - return(kret); + return(kret); } static krb5_error_code kg_queue_externalize(kcontext, arg, buffer, lenremain) - krb5_context kcontext; - krb5_pointer arg; - krb5_octet **buffer; - size_t *lenremain; + krb5_context kcontext; + krb5_pointer arg; + krb5_octet **buffer; + size_t *lenremain; { krb5_error_code err; err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); if (err == 0) - err = g_queue_externalize(arg, buffer, lenremain); + err = g_queue_externalize(arg, buffer, lenremain); if (err == 0) - err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); + err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); return err; } static krb5_error_code kg_queue_internalize(kcontext, argp, buffer, lenremain) - krb5_context kcontext; - krb5_pointer *argp; - krb5_octet **buffer; - size_t *lenremain; + krb5_context kcontext; + krb5_pointer *argp; + krb5_octet **buffer; + size_t *lenremain; { - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - krb5_error_code err; - - bp = *buffer; - remain = *lenremain; - - /* Read in and check our magic number */ - if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - return (EINVAL); - - if (ibuf != KV5M_GSS_QUEUE) - return (EINVAL); - - err = g_queue_internalize(argp, &bp, &remain); - if (err) - return err; - - /* Read in and check our trailing magic number */ - if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { - g_order_free(argp); - return (EINVAL); - } - - if (ibuf != KV5M_GSS_QUEUE) { - g_order_free(argp); - return (EINVAL); - } - - *buffer = bp; - *lenremain = remain; - return 0; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + krb5_error_code err; + + bp = *buffer; + remain = *lenremain; + + /* Read in and check our magic number */ + if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) + return (EINVAL); + + if (ibuf != KV5M_GSS_QUEUE) + return (EINVAL); + + err = g_queue_internalize(argp, &bp, &remain); + if (err) + return err; + + /* Read in and check our trailing magic number */ + if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) { + g_order_free(argp); + return (EINVAL); + } + + if (ibuf != KV5M_GSS_QUEUE) { + g_order_free(argp); + return (EINVAL); + } + + *buffer = bp; + *lenremain = remain; + return 0; } static krb5_error_code kg_queue_size(kcontext, arg, sizep) - krb5_context kcontext; - krb5_pointer arg; - size_t *sizep; + krb5_context kcontext; + krb5_pointer arg; + size_t *sizep; { - krb5_error_code kret; - size_t required; - - kret = EINVAL; - if (arg) { - required = 2*sizeof(krb5_int32); /* For the header and trailer */ - g_queue_size(arg, &required); - - kret = 0; - *sizep += required; - } - return(kret); + krb5_error_code kret; + size_t required; + + kret = EINVAL; + if (arg) { + required = 2*sizeof(krb5_int32); /* For the header and trailer */ + g_queue_size(arg, &required); + + kret = 0; + *sizep += required; + } + return(kret); } /* @@ -236,108 +237,123 @@ kg_queue_size(kcontext, arg, sizep) */ krb5_error_code kg_ctx_size(kcontext, arg, sizep) - krb5_context kcontext; - krb5_pointer arg; - size_t *sizep; + krb5_context kcontext; + krb5_pointer arg; + size_t *sizep; { - krb5_error_code kret; - krb5_gss_ctx_id_rec *ctx; - size_t required; + krb5_error_code kret; + krb5_gss_ctx_id_rec *ctx; + size_t required; /* * krb5_gss_ctx_id_rec requires: - * krb5_int32 for KG_CONTEXT - * krb5_int32 for initiate. - * krb5_int32 for established. - * krb5_int32 for big_endian. - * krb5_int32 for have_acceptor_subkey. - * krb5_int32 for seed_init. - * krb5_int32 for gss_flags. - * sizeof(seed) for seed - * ... for here - * ... for there - * ... for subkey - * krb5_int32 for signalg. - * krb5_int32 for cksum_size. - * krb5_int32 for sealalg. - * ... for enc - * ... for seq - * krb5_int32 for endtime. - * krb5_int32 for flags. - * krb5_int64 for seq_send. - * krb5_int64 for seq_recv. - * ... for seqstate - * ... for auth_context - * ... for mech_used - * krb5_int32 for proto - * krb5_int32 for cksumtype - * ... for acceptor_subkey - * krb5_int32 for acceptor_key_cksumtype - * krb5_int32 for cred_rcache - * krb5_int32 for trailer. + * krb5_int32 for KG_CONTEXT + * krb5_int32 for initiate. + * krb5_int32 for established. + * krb5_int32 for big_endian. + * krb5_int32 for have_acceptor_subkey. + * krb5_int32 for seed_init. + * krb5_int32 for gss_flags. + * sizeof(seed) for seed + * ... for here + * ... for there + * ... for subkey + * krb5_int32 for signalg. + * krb5_int32 for cksum_size. + * krb5_int32 for sealalg. + * ... for enc + * ... for seq + * krb5_int32 for authtime. + * krb5_int32 for starttime. + * krb5_int32 for endtime. + * krb5_int32 for renew_till. + * krb5_int32 for flags. + * krb5_int64 for seq_send. + * krb5_int64 for seq_recv. + * ... for seqstate + * ... for auth_context + * ... for mech_used + * krb5_int32 for proto + * krb5_int32 for cksumtype + * ... for acceptor_subkey + * krb5_int32 for acceptor_key_cksumtype + * krb5_int32 for cred_rcache + * krb5_int32 for number of elements in authdata array + * ... for authdata array + * krb5_int32 for trailer. */ kret = EINVAL; if ((ctx = (krb5_gss_ctx_id_rec *) arg)) { - required = 17*sizeof(krb5_int32); - required += 2*sizeof(krb5_int64); - required += sizeof(ctx->seed); - - kret = 0; - if (!kret && ctx->here) - kret = krb5_size_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer) ctx->here, - &required); - - if (!kret && ctx->there) - kret = krb5_size_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer) ctx->there, - &required); - - if (!kret && ctx->subkey) - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) ctx->subkey, - &required); - - if (!kret && ctx->enc) - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) ctx->enc, - &required); - - if (!kret && ctx->seq) - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) ctx->seq, - &required); - - if (!kret) - kret = kg_oid_size(kcontext, - (krb5_pointer) ctx->mech_used, - &required); - - if (!kret && ctx->seqstate) - kret = kg_queue_size(kcontext, ctx->seqstate, &required); - - if (!kret) - kret = krb5_size_opaque(kcontext, - KV5M_CONTEXT, - (krb5_pointer) ctx->k5_context, - &required); - if (!kret) - kret = krb5_size_opaque(kcontext, - KV5M_AUTH_CONTEXT, - (krb5_pointer) ctx->auth_context, - &required); - if (!kret && ctx->acceptor_subkey) - kret = krb5_size_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) ctx->acceptor_subkey, - &required); - if (!kret) - *sizep += required; + required = 21*sizeof(krb5_int32); + required += 2*sizeof(krb5_int64); + required += sizeof(ctx->seed); + + kret = 0; + if (!kret && ctx->here) + kret = krb5_size_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer) ctx->here, + &required); + + if (!kret && ctx->there) + kret = krb5_size_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer) ctx->there, + &required); + + if (!kret && ctx->subkey) + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) ctx->subkey, + &required); + + if (!kret && ctx->enc) + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) ctx->enc, + &required); + + if (!kret && ctx->seq) + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) ctx->seq, + &required); + + if (!kret) + kret = kg_oid_size(kcontext, + (krb5_pointer) ctx->mech_used, + &required); + + if (!kret && ctx->seqstate) + kret = kg_queue_size(kcontext, ctx->seqstate, &required); + + if (!kret) + kret = krb5_size_opaque(kcontext, + KV5M_CONTEXT, + (krb5_pointer) ctx->k5_context, + &required); + if (!kret) + kret = krb5_size_opaque(kcontext, + KV5M_AUTH_CONTEXT, + (krb5_pointer) ctx->auth_context, + &required); + if (!kret && ctx->acceptor_subkey) + kret = krb5_size_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) ctx->acceptor_subkey, + &required); + if (!kret && ctx->authdata) { + krb5_int32 i; + + for (i = 0; !kret && ctx->authdata[i]; i++) { + kret = krb5_size_opaque(kcontext, + KV5M_AUTHDATA, + (krb5_pointer)ctx->authdata[i], + &required); + } + } + if (!kret) + *sizep += required; } return(kret); } @@ -347,20 +363,20 @@ kg_ctx_size(kcontext, arg, sizep) */ krb5_error_code kg_ctx_externalize(kcontext, arg, buffer, lenremain) - krb5_context kcontext; - krb5_pointer arg; - krb5_octet **buffer; - size_t *lenremain; + krb5_context kcontext; + krb5_pointer arg; + krb5_octet **buffer; + size_t *lenremain; { - krb5_error_code kret; - krb5_gss_ctx_id_rec *ctx; - size_t required; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_gss_ctx_id_rec *ctx; + size_t required; + krb5_octet *bp; + size_t remain; krb5int_access kaccess; kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); - if (kret) + if (kret) return(kret); required = 0; @@ -368,122 +384,147 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) remain = *lenremain; kret = EINVAL; if ((ctx = (krb5_gss_ctx_id_rec *) arg)) { - kret = ENOMEM; - if (!kg_ctx_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); - - /* Now static data */ - (void) krb5_ser_pack_int32((krb5_int32) ctx->initiate, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->established, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags, - &bp, &remain); - (void) krb5_ser_pack_bytes((krb5_octet *) ctx->seed, - sizeof(ctx->seed), - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->signalg, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->cksum_size, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->sealalg, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->endtime, - &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, - &bp, &remain); - (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_send, - &bp, &remain); - (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_recv, - &bp, &remain); - - /* Now dynamic data */ - kret = 0; - - if (!kret && ctx->mech_used) - kret = kg_oid_externalize(kcontext, ctx->mech_used, - &bp, &remain); - - if (!kret && ctx->here) - kret = krb5_externalize_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer) ctx->here, - &bp, &remain); - - if (!kret && ctx->there) - kret = krb5_externalize_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer) ctx->there, - &bp, &remain); - - if (!kret && ctx->subkey) - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) ctx->subkey, - &bp, &remain); - - if (!kret && ctx->enc) - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) ctx->enc, - &bp, &remain); - - if (!kret && ctx->seq) - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) ctx->seq, - &bp, &remain); - - if (!kret && ctx->seqstate) - kret = kg_queue_externalize(kcontext, - ctx->seqstate, &bp, &remain); - - if (!kret) - kret = krb5_externalize_opaque(kcontext, - KV5M_CONTEXT, - (krb5_pointer) ctx->k5_context, - &bp, &remain); - - if (!kret) - kret = krb5_externalize_opaque(kcontext, - KV5M_AUTH_CONTEXT, - (krb5_pointer) ctx->auth_context, - &bp, &remain); - - if (!kret) - kret = krb5_ser_pack_int32((krb5_int32) ctx->proto, - &bp, &remain); - if (!kret) - kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype, - &bp, &remain); - if (!kret && ctx->acceptor_subkey) - kret = krb5_externalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer) ctx->acceptor_subkey, - &bp, &remain); - if (!kret) - kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype, - &bp, &remain); - - if (!kret) - kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache, - &bp, &remain); - /* trailer */ - if (!kret) - kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); + kret = ENOMEM; + if (!kg_ctx_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); + + /* Now static data */ + (void) krb5_ser_pack_int32((krb5_int32) ctx->initiate, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->established, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->big_endian, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->have_acceptor_subkey, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->seed_init, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->gss_flags, + &bp, &remain); + (void) krb5_ser_pack_bytes((krb5_octet *) ctx->seed, + sizeof(ctx->seed), + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->signalg, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->cksum_size, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->sealalg, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.authtime, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.starttime, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.endtime, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_times.renew_till, + &bp, &remain); + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, + &bp, &remain); + (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_send, + &bp, &remain); + (void) (*kaccess.krb5_ser_pack_int64)((krb5_int64) ctx->seq_recv, + &bp, &remain); + + /* Now dynamic data */ + kret = 0; + + if (!kret && ctx->mech_used) + kret = kg_oid_externalize(kcontext, ctx->mech_used, + &bp, &remain); + + if (!kret && ctx->here) + kret = krb5_externalize_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer) ctx->here, + &bp, &remain); + + if (!kret && ctx->there) + kret = krb5_externalize_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer) ctx->there, + &bp, &remain); + + if (!kret && ctx->subkey) + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) ctx->subkey, + &bp, &remain); + + if (!kret && ctx->enc) + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) ctx->enc, + &bp, &remain); + + if (!kret && ctx->seq) + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) ctx->seq, + &bp, &remain); + + if (!kret && ctx->seqstate) + kret = kg_queue_externalize(kcontext, + ctx->seqstate, &bp, &remain); + + if (!kret) + kret = krb5_externalize_opaque(kcontext, + KV5M_CONTEXT, + (krb5_pointer) ctx->k5_context, + &bp, &remain); + + if (!kret) + kret = krb5_externalize_opaque(kcontext, + KV5M_AUTH_CONTEXT, + (krb5_pointer) ctx->auth_context, + &bp, &remain); + + if (!kret) + kret = krb5_ser_pack_int32((krb5_int32) ctx->proto, + &bp, &remain); + if (!kret) + kret = krb5_ser_pack_int32((krb5_int32) ctx->cksumtype, + &bp, &remain); + if (!kret && ctx->acceptor_subkey) + kret = krb5_externalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer) ctx->acceptor_subkey, + &bp, &remain); + if (!kret) + kret = krb5_ser_pack_int32((krb5_int32) ctx->acceptor_subkey_cksumtype, + &bp, &remain); + + if (!kret) + kret = krb5_ser_pack_int32((krb5_int32) ctx->cred_rcache, + &bp, &remain); if (!kret) { - *buffer = bp; - *lenremain = remain; + krb5_int32 i = 0; + + if (ctx->authdata) { + for (; ctx->authdata[i]; i++) + ; + } + /* authdata count */ + kret = krb5_ser_pack_int32(i, &bp, &remain); + if (!kret && ctx->authdata) { + /* authdata */ + for (i = 0; !kret && ctx->authdata[i]; i++) + kret = krb5_externalize_opaque(kcontext, + KV5M_AUTHDATA, + ctx->authdata[i], + &bp, + &remain); + } } - } + /* trailer */ + if (!kret) + kret = krb5_ser_pack_int32(KG_CONTEXT, &bp, &remain); + if (!kret) { + *buffer = bp; + *lenremain = remain; + } + } } return(kret); } @@ -493,16 +534,16 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) */ krb5_error_code kg_ctx_internalize(kcontext, argp, buffer, lenremain) - krb5_context kcontext; - krb5_pointer *argp; - krb5_octet **buffer; - size_t *lenremain; + krb5_context kcontext; + krb5_pointer *argp; + krb5_octet **buffer; + size_t *lenremain; { - krb5_error_code kret; - krb5_gss_ctx_id_rec *ctx; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; + krb5_error_code kret; + krb5_gss_ctx_id_rec *ctx; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; krb5int_access kaccess; kret = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); @@ -514,167 +555,193 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KG_CONTEXT) { - kret = ENOMEM; - - /* Get a context */ - if ((remain >= (17*sizeof(krb5_int32) - + 2*sizeof(krb5_int64) - + sizeof(ctx->seed))) && - (ctx = (krb5_gss_ctx_id_rec *) - xmalloc(sizeof(krb5_gss_ctx_id_rec)))) { - memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec)); - - ctx->k5_context = kcontext; - - /* Get static data */ - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->initiate = (int) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->established = (int) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->big_endian = (int) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->have_acceptor_subkey = (int) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->seed_init = (int) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->gss_flags = (int) ibuf; - (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed, - sizeof(ctx->seed), - &bp, &remain); - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->signalg = (int) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->cksum_size = (int) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->sealalg = (int) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->endtime = (krb5_timestamp) ibuf; - (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->krb_flags = (krb5_flags) ibuf; - (void) (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_send, &bp, &remain); - kret = (*kaccess.krb5_ser_unpack_int64)(&ctx->seq_recv, &bp, &remain); - if (kret) { - free(ctx); - return kret; - } - - { - krb5_pointer tmp; - kret = kg_oid_internalize(kcontext, &tmp, &bp, - &remain); - if (kret == 0) - ctx->mech_used = tmp; - else if (kret == EINVAL) - kret = 0; - } - /* Now get substructure data */ - if ((kret = krb5_internalize_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer *) &ctx->here, - &bp, &remain))) { - if (kret == EINVAL) - kret = 0; - } - if (!kret && - (kret = krb5_internalize_opaque(kcontext, - KV5M_PRINCIPAL, - (krb5_pointer *) &ctx->there, - &bp, &remain))) { - if (kret == EINVAL) - kret = 0; - } - if (!kret && - (kret = krb5_internalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer *) &ctx->subkey, - &bp, &remain))) { - if (kret == EINVAL) - kret = 0; - } - if (!kret && - (kret = krb5_internalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer *) &ctx->enc, - &bp, &remain))) { - if (kret == EINVAL) - kret = 0; - } - if (!kret && - (kret = krb5_internalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer *) &ctx->seq, - &bp, &remain))) { - if (kret == EINVAL) - kret = 0; - } - + kret = ENOMEM; + + /* Get a context */ + if ((remain >= (17*sizeof(krb5_int32) + + 2*sizeof(krb5_int64) + + sizeof(ctx->seed))) && + (ctx = (krb5_gss_ctx_id_rec *) + xmalloc(sizeof(krb5_gss_ctx_id_rec)))) { + memset(ctx, 0, sizeof(krb5_gss_ctx_id_rec)); + + ctx->k5_context = kcontext; + + /* Get static data */ + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->initiate = (int) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->established = (int) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->big_endian = (int) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->have_acceptor_subkey = (int) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->seed_init = (int) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->gss_flags = (int) ibuf; + (void) krb5_ser_unpack_bytes((krb5_octet *) ctx->seed, + sizeof(ctx->seed), + &bp, &remain); + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->signalg = (int) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->cksum_size = (int) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->sealalg = (int) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->krb_times.authtime = (krb5_timestamp) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->krb_times.starttime = (krb5_timestamp) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->krb_times.endtime = (krb5_timestamp) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->krb_times.renew_till = (krb5_timestamp) ibuf; + (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->krb_flags = (krb5_flags) ibuf; + (void) (*kaccess.krb5_ser_unpack_int64)((krb5_int64 *)&ctx->seq_send, &bp, &remain); + kret = (*kaccess.krb5_ser_unpack_int64)((krb5_int64 *)&ctx->seq_recv, &bp, &remain); + if (kret) { + free(ctx); + return kret; + } + + { + krb5_pointer tmp; + kret = kg_oid_internalize(kcontext, &tmp, &bp, + &remain); + if (kret == 0) + ctx->mech_used = tmp; + else if (kret == EINVAL) + kret = 0; + } + /* Now get substructure data */ + if ((kret = krb5_internalize_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer *) &ctx->here, + &bp, &remain))) { + if (kret == EINVAL) + kret = 0; + } + if (!kret && + (kret = krb5_internalize_opaque(kcontext, + KV5M_PRINCIPAL, + (krb5_pointer *) &ctx->there, + &bp, &remain))) { + if (kret == EINVAL) + kret = 0; + } + if (!kret && + (kret = krb5_internalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer *) &ctx->subkey, + &bp, &remain))) { + if (kret == EINVAL) + kret = 0; + } + if (!kret && + (kret = krb5_internalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer *) &ctx->enc, + &bp, &remain))) { + if (kret == EINVAL) + kret = 0; + } + if (!kret && + (kret = krb5_internalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer *) &ctx->seq, + &bp, &remain))) { + if (kret == EINVAL) + kret = 0; + } + + if (!kret) { + kret = kg_queue_internalize(kcontext, &ctx->seqstate, + &bp, &remain); + if (kret == EINVAL) + kret = 0; + } + + if (!kret) + kret = krb5_internalize_opaque(kcontext, + KV5M_CONTEXT, + (krb5_pointer *) &ctx->k5_context, + &bp, &remain); + + if (!kret) + kret = krb5_internalize_opaque(kcontext, + KV5M_AUTH_CONTEXT, + (krb5_pointer *) &ctx->auth_context, + &bp, &remain); + + if (!kret) + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->proto = ibuf; + if (!kret) + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->cksumtype = ibuf; + if (!kret && + (kret = krb5_internalize_opaque(kcontext, + KV5M_KEYBLOCK, + (krb5_pointer *) &ctx->acceptor_subkey, + &bp, &remain))) { + if (kret == EINVAL) + kret = 0; + } + if (!kret) + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->acceptor_subkey_cksumtype = ibuf; + if (!kret) + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + ctx->cred_rcache = ibuf; + /* authdata */ + if (!kret) + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (!kret) { - kret = kg_queue_internalize(kcontext, &ctx->seqstate, - &bp, &remain); - if (kret == EINVAL) - kret = 0; + krb5_int32 nadata = ibuf, i; + + if (nadata > 0) { + ctx->authdata = (krb5_authdata **)calloc((size_t)nadata + 1, + sizeof(krb5_authdata *)); + if (ctx->authdata == NULL) { + kret = ENOMEM; + } else { + for (i = 0; !kret && i < nadata; i++) + kret = krb5_internalize_opaque(kcontext, + KV5M_AUTHDATA, + (krb5_pointer *)&ctx->authdata[i], + &bp, + &remain); + } + } } - - if (!kret) - kret = krb5_internalize_opaque(kcontext, - KV5M_CONTEXT, - (krb5_pointer *) &ctx->k5_context, - &bp, &remain); - - if (!kret) - kret = krb5_internalize_opaque(kcontext, - KV5M_AUTH_CONTEXT, - (krb5_pointer *) &ctx->auth_context, - &bp, &remain); - - if (!kret) - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->proto = ibuf; - if (!kret) - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->cksumtype = ibuf; - if (!kret && - (kret = krb5_internalize_opaque(kcontext, - KV5M_KEYBLOCK, - (krb5_pointer *) &ctx->acceptor_subkey, - &bp, &remain))) { - if (kret == EINVAL) - kret = 0; - } - if (!kret) - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->cred_rcache = ibuf; - if (!kret) - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->acceptor_subkey_cksumtype = ibuf; - - /* Get trailer */ - if (!kret) - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - if (!kret && ibuf != KG_CONTEXT) - kret = EINVAL; - - if (!kret) { - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) ctx; - } else { - if (ctx->seq) - krb5_free_keyblock(kcontext, ctx->seq); - if (ctx->enc) - krb5_free_keyblock(kcontext, ctx->enc); - if (ctx->subkey) - krb5_free_keyblock(kcontext, ctx->subkey); - if (ctx->there) - krb5_free_principal(kcontext, ctx->there); - if (ctx->here) - krb5_free_principal(kcontext, ctx->here); - xfree(ctx); - } - } + /* Get trailer */ + if (!kret) + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + if (!kret && ibuf != KG_CONTEXT) + kret = EINVAL; + + if (!kret) { + *buffer = bp; + *lenremain = remain; + *argp = (krb5_pointer) ctx; + } else { + if (ctx->seq) + krb5_free_keyblock(kcontext, ctx->seq); + if (ctx->enc) + krb5_free_keyblock(kcontext, ctx->enc); + if (ctx->subkey) + krb5_free_keyblock(kcontext, ctx->subkey); + if (ctx->there) + krb5_free_principal(kcontext, ctx->there); + if (ctx->here) + krb5_free_principal(kcontext, ctx->here); + xfree(ctx); + } + } } return(kret); } diff --git a/src/lib/gssapi/krb5/set_allowable_enctypes.c b/src/lib/gssapi/krb5/set_allowable_enctypes.c index 396a6f6458..5cc72df8bd 100644 --- a/src/lib/gssapi/krb5/set_allowable_enctypes.c +++ b/src/lib/gssapi/krb5/set_allowable_enctypes.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/set_allowable_enctypes.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -59,10 +60,10 @@ #include "gssapi_krb5.h" OM_uint32 KRB5_CALLCONV -gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, - gss_cred_id_t cred_handle, - OM_uint32 num_ktypes, - krb5_enctype *ktypes) +gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID desired_oid, + const gss_buffer_t value) { unsigned int i; krb5_enctype * new_ktypes; @@ -70,57 +71,61 @@ gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, krb5_gss_cred_id_t cred; krb5_error_code kerr = 0; OM_uint32 temp_status; + struct krb5_gss_set_allowable_enctypes_req *req; /* Assume a failure */ *minor_status = 0; major_status = GSS_S_FAILURE; + assert(value->length == sizeof(*req)); + req = (struct krb5_gss_set_allowable_enctypes_req *)value->value; + /* verify and valildate cred handle */ if (cred_handle == GSS_C_NO_CREDENTIAL) { - kerr = KRB5_NOCREDS_SUPPLIED; - goto error_out; + kerr = KRB5_NOCREDS_SUPPLIED; + goto error_out; } major_status = krb5_gss_validate_cred(&temp_status, cred_handle); if (GSS_ERROR(major_status)) { - kerr = temp_status; - goto error_out; + kerr = temp_status; + goto error_out; } cred = (krb5_gss_cred_id_t) cred_handle; - if (ktypes) { - for (i = 0; i < num_ktypes && ktypes[i]; i++) { - if (!krb5_c_valid_enctype(ktypes[i])) { - kerr = KRB5_PROG_ETYPE_NOSUPP; - goto error_out; - } - } + if (req->ktypes) { + for (i = 0; i < req->num_ktypes && req->ktypes[i]; i++) { + if (!krb5_c_valid_enctype(req->ktypes[i])) { + kerr = KRB5_PROG_ETYPE_NOSUPP; + goto error_out; + } + } } else { - kerr = k5_mutex_lock(&cred->lock); - if (kerr) - goto error_out; - if (cred->req_enctypes) - free(cred->req_enctypes); - cred->req_enctypes = NULL; - k5_mutex_unlock(&cred->lock); - return GSS_S_COMPLETE; + kerr = k5_mutex_lock(&cred->lock); + if (kerr) + goto error_out; + if (cred->req_enctypes) + free(cred->req_enctypes); + cred->req_enctypes = NULL; + k5_mutex_unlock(&cred->lock); + return GSS_S_COMPLETE; } /* Copy the requested ktypes into the cred structure */ if ((new_ktypes = (krb5_enctype *)malloc(sizeof(krb5_enctype) * (i + 1)))) { - memcpy(new_ktypes, ktypes, sizeof(krb5_enctype) * i); - new_ktypes[i] = 0; /* "null-terminate" the list */ + memcpy(new_ktypes, req->ktypes, sizeof(krb5_enctype) * i); + new_ktypes[i] = 0; /* "null-terminate" the list */ } else { - kerr = ENOMEM; - goto error_out; + kerr = ENOMEM; + goto error_out; } kerr = k5_mutex_lock(&cred->lock); if (kerr) { - free(new_ktypes); - goto error_out; + free(new_ktypes); + goto error_out; } if (cred->req_enctypes) - free(cred->req_enctypes); + free(cred->req_enctypes); cred->req_enctypes = new_ktypes; k5_mutex_unlock(&cred->lock); diff --git a/src/lib/gssapi/krb5/set_ccache.c b/src/lib/gssapi/krb5/set_ccache.c index 931058290b..883eb97e56 100644 --- a/src/lib/gssapi/krb5/set_ccache.c +++ b/src/lib/gssapi/krb5/set_ccache.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/gssapi/krb5/set_ccache.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -29,28 +30,35 @@ #include #include "gssapiP_krb5.h" -#include "gss_libinit.h" -OM_uint32 KRB5_CALLCONV -gss_krb5_ccache_name(minor_status, name, out_name) - OM_uint32 *minor_status; - const char *name; - const char **out_name; +OM_uint32 KRB5_CALLCONV +gss_krb5int_ccache_name(OM_uint32 *minor_status, + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value) { char *old_name = NULL; OM_uint32 err = 0; OM_uint32 minor = 0; char *gss_out_name; + struct krb5_gss_ccache_name_req *req; - err = gssint_initialize_library(); + err = gss_krb5int_initialize_library(); if (err) { - *minor_status = err; - return GSS_S_FAILURE; + *minor_status = err; + return GSS_S_FAILURE; } + assert(value->length == sizeof(*req)); + + if (value->length != sizeof(*req)) + return GSS_S_FAILURE; + + req = (struct krb5_gss_ccache_name_req *)value->value; + gss_out_name = k5_getspecific(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME); - if (out_name) { + if (req->out_name) { const char *tmp_name = NULL; if (!err) { @@ -58,35 +66,35 @@ gss_krb5_ccache_name(minor_status, name, out_name) } if (!err) { old_name = gss_out_name; - gss_out_name = tmp_name; - } + gss_out_name = (char *)tmp_name; + } } /* If out_name was NULL, we keep the same gss_out_name value, and don't free up any storage (leave old_name NULL). */ if (!err) - kg_set_ccache_name (&err, name); + kg_set_ccache_name (&err, req->name); minor = k5_setspecific(K5_KEY_GSS_KRB5_SET_CCACHE_OLD_NAME, gss_out_name); if (minor) { - /* Um. Now what? */ - if (err == 0) { - err = minor; - } - free(gss_out_name); - gss_out_name = NULL; + /* Um. Now what? */ + if (err == 0) { + err = minor; + } + free(gss_out_name); + gss_out_name = NULL; } if (!err) { - if (out_name) { - *out_name = gss_out_name; + if (req->out_name) { + *(req->out_name) = gss_out_name; } } - + if (old_name != NULL) { free (old_name); } - + *minor_status = err; return (*minor_status == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE; } diff --git a/src/lib/gssapi/krb5/sign.c b/src/lib/gssapi/krb5/sign.c index 2d192c9bb1..2d047206cf 100644 --- a/src/lib/gssapi/krb5/sign.c +++ b/src/lib/gssapi/krb5/sign.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -26,32 +27,51 @@ * $Id$ */ +/* V2 interface */ OM_uint32 -krb5_gss_sign(minor_status, context_handle, - qop_req, message_buffer, - message_token) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int qop_req; - gss_buffer_t message_buffer; - gss_buffer_t message_token; +krb5_gss_get_mic(minor_status, context_handle, qop_req, + message_buffer, message_token) + OM_uint32 *minor_status; + gss_ctx_id_t context_handle; + gss_qop_t qop_req; + gss_buffer_t message_buffer; + gss_buffer_t message_token; { - return(kg_seal(minor_status, context_handle, 0, - qop_req, message_buffer, NULL, - message_token, KG_TOK_SIGN_MSG)); + return(kg_seal(minor_status, context_handle, 0, + qop_req, message_buffer, NULL, + message_token, KG_TOK_MIC_MSG)); } -/* V2 interface */ +#if 0 OM_uint32 -krb5_gss_get_mic(minor_status, context_handle, qop_req, - message_buffer, message_token) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_qop_t qop_req; - gss_buffer_t message_buffer; - gss_buffer_t message_token; +krb5_gss_get_mic_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_qop_t qop_req, + gss_iov_buffer_desc *iov, + int iov_count) { - return(kg_seal(minor_status, context_handle, 0, - (int) qop_req, message_buffer, NULL, - message_token, KG_TOK_MIC_MSG)); + OM_uint32 major_status; + + major_status = kg_seal_iov(minor_status, context_handle, FALSE, + qop_req, NULL, + iov, iov_count, KG_TOK_MIC_MSG); + + return major_status; +} + +OM_uint32 +krb5_gss_get_mic_iov_length(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 major_status; + + major_status = kg_seal_iov_length(minor_status, context_handle, conf_req_flag, + qop_req, conf_state, iov, iov_count); + return major_status; } +#endif diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c index 71dc110486..82764a9939 100644 --- a/src/lib/gssapi/krb5/unseal.c +++ b/src/lib/gssapi/krb5/unseal.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -26,41 +27,41 @@ * $Id$ */ -OM_uint32 -krb5_gss_unseal(minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t input_message_buffer; - gss_buffer_t output_message_buffer; - int *conf_state; - int *qop_state; -{ - return(kg_unseal(minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state, KG_TOK_SEAL_MSG)); -} - /* V2 interface */ OM_uint32 krb5_gss_unwrap(minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, qop_state) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t input_message_buffer; - gss_buffer_t output_message_buffer; - int *conf_state; - gss_qop_t *qop_state; + input_message_buffer, output_message_buffer, + conf_state, qop_state) + OM_uint32 *minor_status; + gss_ctx_id_t context_handle; + gss_buffer_t input_message_buffer; + gss_buffer_t output_message_buffer; + int *conf_state; + gss_qop_t *qop_state; { - OM_uint32 rstat; - int qstate; + OM_uint32 rstat; rstat = kg_unseal(minor_status, context_handle, - input_message_buffer, output_message_buffer, - conf_state, &qstate, KG_TOK_WRAP_MSG); - if (!rstat && qop_state) - *qop_state = (gss_qop_t) qstate; + input_message_buffer, output_message_buffer, + conf_state, qop_state, KG_TOK_WRAP_MSG); return(rstat); } + +/* AEAD interface */ +OM_uint32 +krb5_gss_unwrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 major_status; + + major_status = kg_unseal_iov(minor_status, context_handle, + conf_state, qop_state, + iov, iov_count, KG_TOK_WRAP_MSG); + + return major_status; +} + diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c index 235d749473..8dcf751292 100644 --- a/src/lib/gssapi/krb5/util_cksum.c +++ b/src/lib/gssapi/krb5/util_cksum.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -28,81 +29,267 @@ /* Checksumming the channel bindings always uses plain MD5. */ krb5_error_code kg_checksum_channel_bindings(context, cb, cksum, bigend) - krb5_context context; - gss_channel_bindings_t cb; - krb5_checksum *cksum; - int bigend; + krb5_context context; + gss_channel_bindings_t cb; + krb5_checksum *cksum; + int bigend; { - size_t len; - char *buf = 0; - char *ptr; - size_t sumlen; - krb5_data plaind; - krb5_error_code code; - void *temp; - - /* initialize the the cksum */ - code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen); - if (code) - return(code); - - cksum->checksum_type = CKSUMTYPE_RSA_MD5; - cksum->length = sumlen; - - /* generate a buffer full of zeros if no cb specified */ - - if (cb == GSS_C_NO_CHANNEL_BINDINGS) { - if ((cksum->contents = (krb5_octet *) xmalloc(cksum->length)) == NULL) { - return(ENOMEM); - } - memset(cksum->contents, '\0', cksum->length); - return(0); - } - - /* create the buffer to checksum into */ - - len = (sizeof(krb5_int32)*5+ - cb->initiator_address.length+ - cb->acceptor_address.length+ - cb->application_data.length); - - if ((buf = (char *) xmalloc(len)) == NULL) - return(ENOMEM); - - /* helper macros. This code currently depends on a long being 32 - bits, and htonl dtrt. */ - - ptr = buf; - - TWRITE_INT(ptr, cb->initiator_addrtype, bigend); - TWRITE_BUF(ptr, cb->initiator_address, bigend); - TWRITE_INT(ptr, cb->acceptor_addrtype, bigend); - TWRITE_BUF(ptr, cb->acceptor_address, bigend); - TWRITE_BUF(ptr, cb->application_data, bigend); - - /* checksum the data */ - - plaind.length = len; - plaind.data = buf; - - code = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0, - &plaind, cksum); - if (code) - goto cleanup; - - if ((temp = xmalloc(cksum->length)) == NULL) { - krb5_free_checksum_contents(context, cksum); - code = ENOMEM; - goto cleanup; - } - - memcpy(temp, cksum->contents, cksum->length); - krb5_free_checksum_contents(context, cksum); - cksum->contents = (krb5_octet *)temp; - - /* success */ - cleanup: - if (buf) - xfree(buf); - return code; + size_t len; + char *buf = 0; + char *ptr; + size_t sumlen; + krb5_data plaind; + krb5_error_code code; + void *temp; + + /* initialize the the cksum */ + code = krb5_c_checksum_length(context, CKSUMTYPE_RSA_MD5, &sumlen); + if (code) + return(code); + + cksum->checksum_type = CKSUMTYPE_RSA_MD5; + cksum->length = sumlen; + + /* generate a buffer full of zeros if no cb specified */ + + if (cb == GSS_C_NO_CHANNEL_BINDINGS) { + if ((cksum->contents = (krb5_octet *) xmalloc(cksum->length)) == NULL) { + return(ENOMEM); + } + memset(cksum->contents, '\0', cksum->length); + return(0); + } + + /* create the buffer to checksum into */ + + len = (sizeof(krb5_int32)*5+ + cb->initiator_address.length+ + cb->acceptor_address.length+ + cb->application_data.length); + + if ((buf = (char *) xmalloc(len)) == NULL) + return(ENOMEM); + + /* helper macros. This code currently depends on a long being 32 + bits, and htonl dtrt. */ + + ptr = buf; + + TWRITE_INT(ptr, cb->initiator_addrtype, bigend); + TWRITE_BUF(ptr, cb->initiator_address, bigend); + TWRITE_INT(ptr, cb->acceptor_addrtype, bigend); + TWRITE_BUF(ptr, cb->acceptor_address, bigend); + TWRITE_BUF(ptr, cb->application_data, bigend); + + /* checksum the data */ + + plaind.length = len; + plaind.data = buf; + + code = krb5_c_make_checksum(context, CKSUMTYPE_RSA_MD5, 0, 0, + &plaind, cksum); + if (code) + goto cleanup; + + if ((temp = xmalloc(cksum->length)) == NULL) { + krb5_free_checksum_contents(context, cksum); + code = ENOMEM; + goto cleanup; + } + + memcpy(temp, cksum->contents, cksum->length); + krb5_free_checksum_contents(context, cksum); + cksum->contents = (krb5_octet *)temp; + + /* success */ +cleanup: + if (buf) + xfree(buf); + return code; +} + +krb5_error_code +kg_make_checksum_iov_v1(krb5_context context, + krb5_cksumtype type, + size_t cksum_len, + krb5_keyblock *seq, + krb5_keyblock *enc, + krb5_keyusage sign_usage, + gss_iov_buffer_desc *iov, + int iov_count, + int toktype, + krb5_checksum *checksum) +{ + krb5_error_code code; + gss_iov_buffer_desc *header; + krb5_crypto_iov *kiov; + size_t kiov_count; + int i = 0, j; + size_t conf_len = 0, token_header_len; + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + assert(header != NULL); + + kiov_count = 3 + iov_count; + kiov = (krb5_crypto_iov *)xmalloc(kiov_count * sizeof(krb5_crypto_iov)); + if (kiov == NULL) + return ENOMEM; + + /* Checksum over ( Header | Confounder | Data | Pad ) */ + if (toktype == KG_TOK_WRAP_MSG) + conf_len = kg_confounder_size(context, (krb5_keyblock *)enc); + + /* Checksum output */ + kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM; + kiov[i].data.length = checksum->length; + kiov[i].data.data = xmalloc(checksum->length); + if (kiov[i].data.data == NULL) { + xfree(kiov); + return ENOMEM; + } + i++; + + /* Header | SND_SEQ | SGN_CKSUM | Confounder */ + token_header_len = 16 + cksum_len + conf_len; + + /* Header (calculate from end because of variable length ASN.1 header) */ + kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + kiov[i].data.length = 8; + kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - token_header_len; + i++; + + /* Confounder */ + if (toktype == KG_TOK_WRAP_MSG) { + kiov[i].flags = KRB5_CRYPTO_TYPE_DATA; + kiov[i].data.length = conf_len; + kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - conf_len; + i++; + } + + for (j = 0; j < iov_count; j++) { + kiov[i].flags = kg_translate_flag_iov(iov[j].type); + kiov[i].data.length = iov[j].buffer.length; + kiov[i].data.data = (char *)iov[j].buffer.value; + i++; + } + + code = krb5_c_make_checksum_iov(context, type, seq, sign_usage, kiov, kiov_count); + if (code == 0) { + checksum->length = kiov[0].data.length; + checksum->contents = (unsigned char *)kiov[0].data.data; + } else + free(kiov[0].data.data); + + xfree(kiov); + + return code; +} + +static krb5_error_code +checksum_iov_v3(krb5_context context, + krb5_cksumtype type, + size_t rrc, + krb5_keyblock *key, + krb5_keyusage sign_usage, + gss_iov_buffer_desc *iov, + int iov_count, + krb5_boolean verify, + krb5_boolean *valid) +{ + krb5_error_code code; + gss_iov_buffer_desc *header; + gss_iov_buffer_desc *trailer; + krb5_crypto_iov *kiov; + size_t kiov_count; + int i = 0, j; + unsigned int k5_checksumlen; + + if (verify) + *valid = FALSE; + + code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_CHECKSUM, &k5_checksumlen); + if (code != 0) + return code; + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + assert(header != NULL); + + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + assert(rrc != 0 || trailer != NULL); + + if (trailer == NULL) { + if (rrc != k5_checksumlen) + return KRB5_BAD_MSIZE; + if (header->buffer.length != 16 + k5_checksumlen) + return KRB5_BAD_MSIZE; + } else if (trailer->buffer.length != k5_checksumlen) + return KRB5_BAD_MSIZE; + + kiov_count = 2 + iov_count; + kiov = (krb5_crypto_iov *)xmalloc(kiov_count * sizeof(krb5_crypto_iov)); + if (kiov == NULL) + return ENOMEM; + + /* Checksum over ( Data | Header ) */ + + /* Data */ + for (j = 0; j < iov_count; j++) { + kiov[i].flags = kg_translate_flag_iov(iov[j].type); + kiov[i].data.length = iov[j].buffer.length; + kiov[i].data.data = (char *)iov[j].buffer.value; + i++; + } + + /* Header */ + kiov[i].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY; + kiov[i].data.length = 16; + kiov[i].data.data = (char *)header->buffer.value; + i++; + + /* Checksum */ + kiov[i].flags = KRB5_CRYPTO_TYPE_CHECKSUM; + if (trailer == NULL) { + kiov[i].data.length = header->buffer.length - 16; + kiov[i].data.data = (char *)header->buffer.value + 16; + } else { + kiov[i].data.length = trailer->buffer.length; + kiov[i].data.data = (char *)trailer->buffer.value; + } + i++; + + if (verify) + code = krb5_c_verify_checksum_iov(context, type, key, sign_usage, kiov, kiov_count, valid); + else + code = krb5_c_make_checksum_iov(context, type, key, sign_usage, kiov, kiov_count); + + xfree(kiov); + + return code; +} + +krb5_error_code +kg_make_checksum_iov_v3(krb5_context context, + krb5_cksumtype type, + size_t rrc, + krb5_keyblock *key, + krb5_keyusage sign_usage, + gss_iov_buffer_desc *iov, + int iov_count) +{ + return checksum_iov_v3(context, type, rrc, key, + sign_usage, iov, iov_count, 0, NULL); +} + +krb5_error_code +kg_verify_checksum_iov_v3(krb5_context context, + krb5_cksumtype type, + size_t rrc, + krb5_keyblock *key, + krb5_keyusage sign_usage, + gss_iov_buffer_desc *iov, + int iov_count, + krb5_boolean *valid) +{ + return checksum_iov_v3(context, type, rrc, key, + sign_usage, iov, iov_count, 1, valid); } diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c index dad4b023d2..d718ae0b18 100644 --- a/src/lib/gssapi/krb5/util_crypt.c +++ b/src/lib/gssapi/krb5/util_crypt.c @@ -1,7 +1,8 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* - * Copyright2001 by the Massachusetts Institute of Technology. + * Copyright 2001, 2008 by the Massachusetts Institute of Technology. * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -11,7 +12,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -23,14 +24,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -41,7 +42,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -53,188 +54,866 @@ #include #endif +const char const kg_arcfour_l40[] = "fortybits"; + +krb5_error_code +kg_setup_keys(krb5_context context, + krb5_gss_ctx_id_rec *ctx, + krb5_keyblock *subkey, + krb5_cksumtype *cksumtype) +{ + krb5_error_code code; + unsigned int i; + krb5int_access kaccess; + + assert(ctx != NULL); + assert(subkey != NULL); + + *cksumtype = 0; + ctx->proto = 0; + + code = krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION); + if (code != 0) + return code; + + if (ctx->enc != NULL) { + krb5_free_keyblock(context, ctx->enc); + ctx->enc = NULL; + } + code = krb5_copy_keyblock(context, subkey, &ctx->enc); + if (code != 0) + return code; + + if (ctx->seq != NULL) { + krb5_free_keyblock(context, ctx->seq); + ctx->seq = NULL; + } + code = krb5_copy_keyblock(context, subkey, &ctx->seq); + if (code != 0) + return code; + + switch (subkey->enctype) { + case ENCTYPE_DES_CBC_MD5: + case ENCTYPE_DES_CBC_MD4: + case ENCTYPE_DES_CBC_CRC: + ctx->enc->enctype = ENCTYPE_DES_CBC_RAW; + ctx->seq->enctype = ENCTYPE_DES_CBC_RAW; + ctx->signalg = SGN_ALG_DES_MAC_MD5; + ctx->cksum_size = 8; + ctx->sealalg = SEAL_ALG_DES; + + for (i = 0; i < ctx->enc->length; i++) + /*SUPPRESS 113*/ + ctx->enc->contents[i] ^= 0xF0; + break; + case ENCTYPE_DES3_CBC_SHA1: + ctx->enc->enctype = ENCTYPE_DES3_CBC_RAW; + ctx->seq->enctype = ENCTYPE_DES3_CBC_RAW; + ctx->signalg = SGN_ALG_HMAC_SHA1_DES3_KD; + ctx->cksum_size = 20; + ctx->sealalg = SEAL_ALG_DES3KD; + break; + case ENCTYPE_ARCFOUR_HMAC: + case ENCTYPE_ARCFOUR_HMAC_EXP: + ctx->signalg = SGN_ALG_HMAC_MD5; + ctx->cksum_size = 8; + ctx->sealalg = SEAL_ALG_MICROSOFT_RC4; + break; + default: + ctx->signalg = -1; + ctx->sealalg = -1; + ctx->proto = 1; + + code = (*kaccess.krb5int_c_mandatory_cksumtype)(context, subkey->enctype, + cksumtype); + if (code != 0) + return code; + } + + return 0; +} + int kg_confounder_size(context, key) - krb5_context context; - krb5_keyblock *key; + krb5_context context; + krb5_keyblock *key; { - krb5_error_code code; - size_t blocksize; - /* We special case rc4*/ - if (key->enctype == ENCTYPE_ARCFOUR_HMAC) - return 8; - code = krb5_c_block_size(context, key->enctype, &blocksize); - if (code) - return(-1); /* XXX */ + krb5_error_code code; + size_t blocksize; + /* We special case rc4*/ + if (key->enctype == ENCTYPE_ARCFOUR_HMAC || + key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) + return 8; + code = krb5_c_block_size(context, key->enctype, &blocksize); + if (code) + return(-1); /* XXX */ - return(blocksize); + return(blocksize); } krb5_error_code kg_make_confounder(context, key, buf) - krb5_context context; - krb5_keyblock *key; - unsigned char *buf; + krb5_context context; + krb5_keyblock *key; + unsigned char *buf; { - krb5_error_code code; - size_t blocksize; - krb5_data lrandom; + int confsize; + krb5_data lrandom; - code = krb5_c_block_size(context, key->enctype, &blocksize); - if (code) - return(code); + confsize = kg_confounder_size(context, key); + if (confsize < 0) + return KRB5_BAD_MSIZE; - lrandom.length = blocksize; - lrandom.data = buf; + lrandom.length = confsize; + lrandom.data = (char *)buf; - return(krb5_c_random_make_octets(context, &lrandom)); + return(krb5_c_random_make_octets(context, &lrandom)); } krb5_error_code kg_encrypt(context, key, usage, iv, in, out, length) - krb5_context context; - krb5_keyblock *key; - int usage; - krb5_pointer iv; - krb5_const_pointer in; - krb5_pointer out; - unsigned int length; -{ - krb5_error_code code; - size_t blocksize; - krb5_data ivd, *pivd, inputd; - krb5_enc_data outputd; - - if (iv) { - code = krb5_c_block_size(context, key->enctype, &blocksize); - if (code) - return(code); - - ivd.length = blocksize; - ivd.data = malloc(ivd.length); - if (ivd.data == NULL) - return ENOMEM; - memcpy(ivd.data, iv, ivd.length); - pivd = &ivd; - } else { - pivd = NULL; - } - - inputd.length = length; - inputd.data = in; - - outputd.ciphertext.length = length; - outputd.ciphertext.data = out; - - code = krb5_c_encrypt(context, key, usage, pivd, &inputd, &outputd); - if (pivd != NULL) - free(pivd->data); - return code; + krb5_context context; + krb5_keyblock *key; + int usage; + krb5_pointer iv; + krb5_const_pointer in; + krb5_pointer out; + unsigned int length; +{ + krb5_error_code code; + size_t blocksize; + krb5_data ivd, *pivd, inputd; + krb5_enc_data outputd; + + if (iv) { + code = krb5_c_block_size(context, key->enctype, &blocksize); + if (code) + return(code); + + ivd.length = blocksize; + ivd.data = malloc(ivd.length); + if (ivd.data == NULL) + return ENOMEM; + memcpy(ivd.data, iv, ivd.length); + pivd = &ivd; + } else { + pivd = NULL; + } + + inputd.length = length; + inputd.data = (char *)in; + + outputd.ciphertext.length = length; + outputd.ciphertext.data = out; + + code = krb5_c_encrypt(context, key, usage, pivd, &inputd, &outputd); + if (pivd != NULL) + free(pivd->data); + return code; } /* length is the length of the cleartext. */ krb5_error_code kg_decrypt(context, key, usage, iv, in, out, length) - krb5_context context; - krb5_keyblock *key; - int usage; - krb5_pointer iv; - krb5_const_pointer in; - krb5_pointer out; - unsigned int length; -{ - krb5_error_code code; - size_t blocksize; - krb5_data ivd, *pivd, outputd; - krb5_enc_data inputd; - - if (iv) { - code = krb5_c_block_size(context, key->enctype, &blocksize); - if (code) - return(code); - - ivd.length = blocksize; - ivd.data = malloc(ivd.length); - if (ivd.data == NULL) - return ENOMEM; - memcpy(ivd.data, iv, ivd.length); - pivd = &ivd; - } else { - pivd = NULL; - } - - inputd.enctype = ENCTYPE_UNKNOWN; - inputd.ciphertext.length = length; - inputd.ciphertext.data = in; - - outputd.length = length; - outputd.data = out; - - code = krb5_c_decrypt(context, key, usage, pivd, &inputd, &outputd); - if (pivd != NULL) - free(pivd->data); - return code; + krb5_context context; + krb5_keyblock *key; + int usage; + krb5_pointer iv; + krb5_const_pointer in; + krb5_pointer out; + unsigned int length; +{ + krb5_error_code code; + size_t blocksize; + krb5_data ivd, *pivd, outputd; + krb5_enc_data inputd; + + if (iv) { + code = krb5_c_block_size(context, key->enctype, &blocksize); + if (code) + return(code); + + ivd.length = blocksize; + ivd.data = malloc(ivd.length); + if (ivd.data == NULL) + return ENOMEM; + memcpy(ivd.data, iv, ivd.length); + pivd = &ivd; + } else { + pivd = NULL; + } + + inputd.enctype = ENCTYPE_UNKNOWN; + inputd.ciphertext.length = length; + inputd.ciphertext.data = (char *)in; + + outputd.length = length; + outputd.data = out; + + code = krb5_c_decrypt(context, key, usage, pivd, &inputd, &outputd); + if (pivd != NULL) + free(pivd->data); + return code; } krb5_error_code kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage, - const unsigned char *kd_data, size_t kd_data_len, - const unsigned char *input_buf, size_t input_len, - unsigned char *output_buf) -{ - krb5_error_code code; - krb5_data input, output; - krb5int_access kaccess; - krb5_keyblock seq_enc_key, usage_key; - unsigned char t[4]; - - usage_key.length = longterm_key->length; - usage_key.contents = malloc(usage_key.length); - if (usage_key.contents == NULL) - return (ENOMEM); - seq_enc_key.length = longterm_key->length; - seq_enc_key.contents = malloc(seq_enc_key.length); - if (seq_enc_key.contents == NULL) { + const unsigned char *kd_data, size_t kd_data_len, + const unsigned char *input_buf, size_t input_len, + unsigned char *output_buf) +{ + krb5_error_code code; + krb5_data input, output; + krb5int_access kaccess; + krb5_keyblock seq_enc_key, usage_key; + unsigned char t[14]; + size_t i = 0; + int exportable = (longterm_key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP); + + usage_key.length = longterm_key->length; + usage_key.contents = malloc(usage_key.length); + if (usage_key.contents == NULL) + return (ENOMEM); + seq_enc_key.length = longterm_key->length; + seq_enc_key.contents = malloc(seq_enc_key.length); + if (seq_enc_key.contents == NULL) { + free ((void *) usage_key.contents); + return (ENOMEM); + } + code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); + if (code) + goto cleanup_arcfour; + + if (exportable) { + memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40)); + i += sizeof(kg_arcfour_l40); + } + t[i++] = ms_usage &0xff; + t[i++] = (ms_usage>>8) & 0xff; + t[i++] = (ms_usage>>16) & 0xff; + t[i++] = (ms_usage>>24) & 0xff; + input.data = (void *) &t; + input.length = i; + output.data = (void *) usage_key.contents; + output.length = usage_key.length; + code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider, + longterm_key, 1, &input, &output); + if (code) + goto cleanup_arcfour; + if (exportable) + memset(usage_key.contents + 7, 0xab, 9); + + input.data = ( void *) kd_data; + input.length = kd_data_len; + output.data = (void *) seq_enc_key.contents; + code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider, + &usage_key, 1, &input, &output); + if (code) + goto cleanup_arcfour; + input.data = ( void * ) input_buf; + input.length = input_len; + output.data = (void * ) output_buf; + output.length = input_len; + code = ((*kaccess.arcfour_enc_provider->encrypt)( + &seq_enc_key, 0, + &input, &output)); +cleanup_arcfour: + memset ((void *) seq_enc_key.contents, 0, seq_enc_key.length); + memset ((void *) usage_key.contents, 0, usage_key.length); + free ((void *) usage_key.contents); + free ((void *) seq_enc_key.contents); + return (code); +} + +/* AEAD */ +static krb5_error_code +kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count) + krb5_context context; + const krb5_keyblock *key; + gss_iov_buffer_desc *iov; + int iov_count; + krb5_crypto_iov **pkiov; + size_t *pkiov_count; +{ + gss_iov_buffer_desc *header; + gss_iov_buffer_desc *trailer; + int i = 0, j; + size_t kiov_count; + krb5_crypto_iov *kiov; + size_t conf_len; + + *pkiov = NULL; + *pkiov_count = 0; + + conf_len = kg_confounder_size(context, (krb5_keyblock *)key); + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + assert(header != NULL); + + if (header->buffer.length < conf_len) + return KRB5_BAD_MSIZE; + + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + assert(trailer == NULL || trailer->buffer.length == 0); + + kiov_count = 3 + iov_count; + kiov = (krb5_crypto_iov *)malloc(kiov_count * sizeof(krb5_crypto_iov)); + if (kiov == NULL) + return ENOMEM; + + /* For pre-CFX (raw enctypes) there is no krb5 header */ + kiov[i].flags = KRB5_CRYPTO_TYPE_HEADER; + kiov[i].data.length = 0; + kiov[i].data.data = NULL; + i++; + + /* For pre-CFX, the confounder is at the end of the GSS header */ + kiov[i].flags = KRB5_CRYPTO_TYPE_DATA; + kiov[i].data.length = conf_len; + kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - conf_len; + i++; + + for (j = 0; j < iov_count; j++) { + kiov[i].flags = kg_translate_flag_iov(iov[j].type); + if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY) + continue; + + kiov[i].data.length = iov[j].buffer.length; + kiov[i].data.data = (char *)iov[j].buffer.value; + i++; + } + + kiov[i].flags = KRB5_CRYPTO_TYPE_TRAILER; + kiov[i].data.length = 0; + kiov[i].data.data = NULL; + i++; + + *pkiov = kiov; + *pkiov_count = i; + + return 0; +} + +static krb5_error_code +kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count) + krb5_context context; + int dce_style; /* DCE_STYLE indicates actual RRC is EC + RRC */ + size_t ec; /* Extra rotate count for DCE_STYLE, pad length otherwise */ + size_t rrc; /* Rotate count */ + const krb5_keyblock *key; + gss_iov_buffer_desc *iov; + int iov_count; + krb5_crypto_iov **pkiov; + size_t *pkiov_count; +{ + gss_iov_buffer_t header; + gss_iov_buffer_t trailer; + int i = 0, j; + size_t kiov_count; + krb5_crypto_iov *kiov; + unsigned int k5_headerlen = 0, k5_trailerlen = 0; + size_t gss_headerlen, gss_trailerlen; + krb5_error_code code; + + *pkiov = NULL; + *pkiov_count = 0; + + header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); + assert(header != NULL); + + trailer = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER); + assert(trailer == NULL || rrc == 0); + + code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_HEADER, &k5_headerlen); + if (code != 0) + return code; + + code = krb5_c_crypto_length(context, key->enctype, KRB5_CRYPTO_TYPE_TRAILER, &k5_trailerlen); + if (code != 0) + return code; + + /* Check header and trailer sizes */ + gss_headerlen = 16 /* GSS-Header */ + k5_headerlen; /* Kerb-Header */ + gss_trailerlen = ec + 16 /* E(GSS-Header) */ + k5_trailerlen; /* Kerb-Trailer */ + + /* If we're caller without a trailer, we must rotate by trailer length */ + if (trailer == NULL) { + size_t actual_rrc = rrc; + + if (dce_style) + actual_rrc += ec; /* compensate for Windows bug */ + + if (actual_rrc != gss_trailerlen) + return KRB5_BAD_MSIZE; + + gss_headerlen += gss_trailerlen; + gss_trailerlen = 0; + } else { + if (trailer->buffer.length != gss_trailerlen) + return KRB5_BAD_MSIZE; + } + + if (header->buffer.length != gss_headerlen) + return KRB5_BAD_MSIZE; + + kiov_count = 3 + iov_count; + kiov = (krb5_crypto_iov *)malloc(kiov_count * sizeof(krb5_crypto_iov)); + if (kiov == NULL) + return ENOMEM; + + /* + * The krb5 header is located at the end of the GSS header. + */ + kiov[i].flags = KRB5_CRYPTO_TYPE_HEADER; + kiov[i].data.length = k5_headerlen; + kiov[i].data.data = (char *)header->buffer.value + header->buffer.length - k5_headerlen; + i++; + + for (j = 0; j < iov_count; j++) { + kiov[i].flags = kg_translate_flag_iov(iov[j].type); + if (kiov[i].flags == KRB5_CRYPTO_TYPE_EMPTY) + continue; + + kiov[i].data.length = iov[j].buffer.length; + kiov[i].data.data = (char *)iov[j].buffer.value; + i++; + } + + /* + * The EC and encrypted GSS header are placed in the trailer, which may + * be rotated directly after the plaintext header if no trailer buffer + * is provided. + */ + kiov[i].flags = KRB5_CRYPTO_TYPE_DATA; + kiov[i].data.length = ec + 16; /* E(Header) */ + if (trailer == NULL) + kiov[i].data.data = (char *)header->buffer.value + 16; + else + kiov[i].data.data = (char *)trailer->buffer.value; + i++; + + /* + * The krb5 trailer is placed after the encrypted copy of the + * krb5 header (which may be in the GSS header or trailer). + */ + kiov[i].flags = KRB5_CRYPTO_TYPE_TRAILER; + kiov[i].data.length = k5_trailerlen; + kiov[i].data.data = kiov[i - 1].data.data + ec + 16; /* E(Header) */ + i++; + + *pkiov = kiov; + *pkiov_count = i; + + return 0; +} + +static krb5_error_code +kg_translate_iov(context, proto, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count) + krb5_context context; + int proto; /* 1 if CFX, 0 for pre-CFX */ + int dce_style; + size_t ec; + size_t rrc; + const krb5_keyblock *key; + gss_iov_buffer_desc *iov; + int iov_count; + krb5_crypto_iov **pkiov; + size_t *pkiov_count; +{ + return proto ? + kg_translate_iov_v3(context, dce_style, ec, rrc, key, iov, iov_count, pkiov, pkiov_count) : + kg_translate_iov_v1(context, key, iov, iov_count, pkiov, pkiov_count); +} + +krb5_error_code +kg_encrypt_iov(context, proto, dce_style, ec, rrc, key, usage, iv, iov, iov_count) + krb5_context context; + int proto; + int dce_style; + size_t ec; + size_t rrc; + krb5_keyblock *key; + int usage; + krb5_pointer iv; + gss_iov_buffer_desc *iov; + int iov_count; +{ + krb5_error_code code; + size_t blocksize; + krb5_data ivd, *pivd; + size_t kiov_count; + krb5_crypto_iov *kiov; + + if (iv) { + code = krb5_c_block_size(context, key->enctype, &blocksize); + if (code) + return(code); + + ivd.length = blocksize; + ivd.data = malloc(ivd.length); + if (ivd.data == NULL) + return ENOMEM; + memcpy(ivd.data, iv, ivd.length); + pivd = &ivd; + } else { + pivd = NULL; + } + + code = kg_translate_iov(context, proto, dce_style, ec, rrc, key, + iov, iov_count, &kiov, &kiov_count); + if (code == 0) { + code = krb5_c_encrypt_iov(context, key, usage, pivd, kiov, kiov_count); + free(kiov); + } + + if (pivd != NULL) + free(pivd->data); + + return code; +} + +/* length is the length of the cleartext. */ + +krb5_error_code +kg_decrypt_iov(context, proto, dce_style, ec, rrc, key, usage, iv, iov, iov_count) + krb5_context context; + int proto; + int dce_style; + size_t ec; + size_t rrc; + krb5_keyblock *key; + int usage; + krb5_pointer iv; + gss_iov_buffer_desc *iov; + int iov_count; +{ + krb5_error_code code; + size_t blocksize; + krb5_data ivd, *pivd; + size_t kiov_count; + krb5_crypto_iov *kiov; + + if (iv) { + code = krb5_c_block_size(context, key->enctype, &blocksize); + if (code) + return(code); + + ivd.length = blocksize; + ivd.data = malloc(ivd.length); + if (ivd.data == NULL) + return ENOMEM; + memcpy(ivd.data, iv, ivd.length); + pivd = &ivd; + } else { + pivd = NULL; + } + + code = kg_translate_iov(context, proto, dce_style, ec, rrc, key, + iov, iov_count, &kiov, &kiov_count); + if (code == 0) { + code = krb5_c_decrypt_iov(context, key, usage, pivd, kiov, kiov_count); + free(kiov); + } + + if (pivd != NULL) + free(pivd->data); + + return code; +} + +krb5_error_code +kg_arcfour_docrypt_iov (krb5_context context, + const krb5_keyblock *longterm_key , int ms_usage, + const unsigned char *kd_data, size_t kd_data_len, + gss_iov_buffer_desc *iov, int iov_count) +{ + krb5_error_code code; + krb5_data input, output; + krb5int_access kaccess; + krb5_keyblock seq_enc_key, usage_key; + unsigned char t[14]; + size_t i = 0; + int exportable = (longterm_key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP); + krb5_crypto_iov *kiov = NULL; + size_t kiov_count = 0; + + usage_key.length = longterm_key->length; + usage_key.contents = malloc(usage_key.length); + if (usage_key.contents == NULL) + return (ENOMEM); + seq_enc_key.length = longterm_key->length; + seq_enc_key.contents = malloc(seq_enc_key.length); + if (seq_enc_key.contents == NULL) { + free ((void *) usage_key.contents); + return (ENOMEM); + } + code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); + if (code) + goto cleanup_arcfour; + + if (exportable) { + memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40)); + i += sizeof(kg_arcfour_l40); + } + t[i++] = ms_usage &0xff; + t[i++] = (ms_usage>>8) & 0xff; + t[i++] = (ms_usage>>16) & 0xff; + t[i++] = (ms_usage>>24) & 0xff; + input.data = (void *) &t; + input.length = i; + output.data = (void *) usage_key.contents; + output.length = usage_key.length; + code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider, + longterm_key, 1, &input, &output); + if (code) + goto cleanup_arcfour; + if (exportable) + memset(usage_key.contents + 7, 0xab, 9); + + input.data = ( void *) kd_data; + input.length = kd_data_len; + output.data = (void *) seq_enc_key.contents; + code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider, + &usage_key, 1, &input, &output); + if (code) + goto cleanup_arcfour; + + code = kg_translate_iov(context, 0 /* proto */, 0 /* dce_style */, + 0 /* ec */, 0 /* rrc */, longterm_key, + iov, iov_count, &kiov, &kiov_count); + if (code) + goto cleanup_arcfour; + + code = ((*kaccess.arcfour_enc_provider->encrypt_iov)( + &seq_enc_key, 0, + kiov, kiov_count)); +cleanup_arcfour: + memset ((void *) seq_enc_key.contents, 0, seq_enc_key.length); + memset ((void *) usage_key.contents, 0, usage_key.length); free ((void *) usage_key.contents); - return (ENOMEM); - } - code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); - if (code) - goto cleanup_arcfour; - - t[0] = ms_usage &0xff; - t[1] = (ms_usage>>8) & 0xff; - t[2] = (ms_usage>>16) & 0xff; - t[3] = (ms_usage>>24) & 0xff; - input.data = (void *) &t; - input.length = 4; - output.data = (void *) usage_key.contents; - output.length = usage_key.length; - code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider, - longterm_key, 1, &input, &output); - if (code) - goto cleanup_arcfour; - - input.data = ( void *) kd_data; - input.length = kd_data_len; - output.data = (void *) seq_enc_key.contents; - code = (*kaccess.krb5_hmac) (kaccess.md5_hash_provider, - &usage_key, 1, &input, &output); - if (code) - goto cleanup_arcfour; - input.data = ( void * ) input_buf; - input.length = input_len; - output.data = (void * ) output_buf; - output.length = input_len; - code = ((*kaccess.arcfour_enc_provider->encrypt)( - &seq_enc_key, 0, - &input, &output)); - cleanup_arcfour: - memset ((void *) seq_enc_key.contents, 0, seq_enc_key.length); - memset ((void *) usage_key.contents, 0, usage_key.length); - free ((void *) usage_key.contents); - free ((void *) seq_enc_key.contents); - return (code); -} - + free ((void *) seq_enc_key.contents); + if (kiov != NULL) + free(kiov); + return (code); +} + +krb5_cryptotype +kg_translate_flag_iov(OM_uint32 type) +{ + krb5_cryptotype ktype; + + switch (GSS_IOV_BUFFER_TYPE(type)) { + case GSS_IOV_BUFFER_TYPE_DATA: + case GSS_IOV_BUFFER_TYPE_PADDING: + ktype = KRB5_CRYPTO_TYPE_DATA; + break; + case GSS_IOV_BUFFER_TYPE_SIGN_ONLY: + ktype = KRB5_CRYPTO_TYPE_SIGN_ONLY; + break; + default: + ktype = KRB5_CRYPTO_TYPE_EMPTY; + break; + } + + return ktype; +} + +gss_iov_buffer_t +kg_locate_iov(gss_iov_buffer_desc *iov, + int iov_count, + OM_uint32 type) +{ + int i; + gss_iov_buffer_t p = GSS_C_NO_IOV_BUFFER; + + if (iov == GSS_C_NO_IOV_BUFFER) + return GSS_C_NO_IOV_BUFFER; + + for (i = iov_count - 1; i >= 0; i--) { + if (GSS_IOV_BUFFER_TYPE(iov[i].type) == type) { + if (p == GSS_C_NO_IOV_BUFFER) + p = &iov[i]; + else + return GSS_C_NO_IOV_BUFFER; + } + } + + return p; +} + +void +kg_iov_msglen(gss_iov_buffer_desc *iov, + int iov_count, + size_t *data_length_p, + size_t *assoc_data_length_p) +{ + int i; + size_t data_length = 0, assoc_data_length = 0; + + assert(iov != GSS_C_NO_IOV_BUFFER); + + *data_length_p = *assoc_data_length_p = 0; + + for (i = 0; i < iov_count; i++) { + OM_uint32 type = GSS_IOV_BUFFER_TYPE(iov[i].type); + + if (type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) + assoc_data_length += iov[i].buffer.length; + + if (type == GSS_IOV_BUFFER_TYPE_DATA || + type == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) + data_length += iov[i].buffer.length; + } + + *data_length_p = data_length; + *assoc_data_length_p = assoc_data_length; +} + +void +kg_release_iov(gss_iov_buffer_desc *iov, int iov_count) +{ + int i; + OM_uint32 min_stat; + + assert(iov != GSS_C_NO_IOV_BUFFER); + + for (i = 0; i < iov_count; i++) { + if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { + gss_release_buffer(&min_stat, &iov[i].buffer); + iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); + } + } +} + +OM_uint32 +kg_fixup_padding_iov(OM_uint32 *minor_status, + gss_iov_buffer_desc *iov, + int iov_count) +{ + gss_iov_buffer_t padding = NULL; + gss_iov_buffer_t data = NULL; + size_t padlength, relative_padlength; + unsigned char *p; + OM_uint32 minor; + + data = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_DATA); + padding = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING); + + if (data == NULL) { + *minor_status = 0; + return GSS_S_COMPLETE; + } + + if (padding == NULL || padding->buffer.length == 0) { + *minor_status = EINVAL; + return GSS_S_FAILURE; + } + + p = (unsigned char *)padding->buffer.value; + padlength = p[padding->buffer.length - 1]; + + if (data->buffer.length + padding->buffer.length < padlength || + padlength == 0) { + *minor_status = (OM_uint32)KRB5_BAD_MSIZE; + return GSS_S_DEFECTIVE_TOKEN; + } + + /* + * kg_unseal_stream_iov() will place one byte of padding in the + * padding buffer; its true value is unknown until after decryption. + * + * relative_padlength contains the number of bytes to compensate the + * padding and data buffers by; it will be zero if the caller manages + * the padding length. + * + * If the caller manages the padding length, then relative_padlength + * wil be zero. + * + * eg. if the buffers are structured as follows: + * + * +---DATA---+-PAD-+ + * | ABCDE444 | 4 | + * +----------+-----+ + * + * after compensation they would look like: + * + * +-DATA--+-PAD--+ + * | ABCDE | NULL | + * +-------+------+ + */ + relative_padlength = padlength - padding->buffer.length; + + assert(data->buffer.length >= relative_padlength); + + data->buffer.length -= relative_padlength; + + if (padding->type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { + gss_release_buffer(&minor, &padding->buffer); + padding->type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); + } + + padding->buffer.length = 0; + padding->buffer.value = NULL; + + return GSS_S_COMPLETE; +} + +int kg_map_toktype(int proto, int toktype) +{ + int toktype2; + + if (proto) + switch (toktype) { + case KG_TOK_SIGN_MSG: + toktype2 = KG2_TOK_MIC_MSG; + break; + case KG_TOK_WRAP_MSG: + toktype2 = KG2_TOK_WRAP_MSG; + break; + case KG_TOK_DEL_CTX: + toktype2 = KG2_TOK_DEL_CTX; + break; + default: + toktype2 = toktype; + break; + } + else + toktype2 = toktype; + + return toktype2; +} + +krb5_boolean kg_integ_only_iov(gss_iov_buffer_desc *iov, int iov_count) +{ + int i; + krb5_boolean has_conf_data = FALSE; + + assert(iov != GSS_C_NO_IOV_BUFFER); + + for (i = 0; i < iov_count; i++) { + if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA) { + has_conf_data = TRUE; + break; + } + } + + return (has_conf_data == FALSE); +} + +krb5_error_code kg_allocate_iov(gss_iov_buffer_t iov, size_t size) +{ + assert(iov != GSS_C_NO_IOV_BUFFER); + assert(iov->type & GSS_IOV_BUFFER_FLAG_ALLOCATE); + + iov->buffer.length = size; + iov->buffer.value = xmalloc(size); + if (iov->buffer.value == NULL) { + iov->buffer.length = 0; + return ENOMEM; + } + + iov->type |= GSS_IOV_BUFFER_FLAG_ALLOCATED; + + return 0; +} diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c index 06a5c2aa9b..17d49a5872 100644 --- a/src/lib/gssapi/krb5/util_seed.c +++ b/src/lib/gssapi/krb5/util_seed.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -29,26 +30,26 @@ static const unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0}; krb5_error_code kg_make_seed(context, key, seed) - krb5_context context; - krb5_keyblock *key; - unsigned char *seed; + krb5_context context; + krb5_keyblock *key; + unsigned char *seed; { - krb5_error_code code; - krb5_keyblock *tmpkey; - unsigned int i; + krb5_error_code code; + krb5_keyblock *tmpkey; + unsigned int i; - code = krb5_copy_keyblock(context, key, &tmpkey); - if (code) - return(code); + code = krb5_copy_keyblock(context, key, &tmpkey); + if (code) + return(code); - /* reverse the key bytes, as per spec */ + /* reverse the key bytes, as per spec */ - for (i=0; ilength; i++) - tmpkey->contents[i] = key->contents[key->length - 1 - i]; + for (i=0; ilength; i++) + tmpkey->contents[i] = key->contents[key->length - 1 - i]; - code = kg_encrypt(context, tmpkey, KG_USAGE_SEAL, NULL, zeros, seed, 16); + code = kg_encrypt(context, tmpkey, KG_USAGE_SEAL, NULL, zeros, seed, 16); - krb5_free_keyblock(context, tmpkey); + krb5_free_keyblock(context, tmpkey); - return(code); + return(code); } diff --git a/src/lib/gssapi/krb5/util_seqnum.c b/src/lib/gssapi/krb5/util_seqnum.c index ec7da55672..d5d7ffa57d 100644 --- a/src/lib/gssapi/krb5/util_seqnum.c +++ b/src/lib/gssapi/krb5/util_seqnum.c @@ -1,7 +1,8 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* - * Copyright2001 by the Massachusetts Institute of Technology. + * Copyright2001 by the Massachusetts Institute of Technology. * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -11,7 +12,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -30,76 +31,79 @@ krb5_error_code kg_make_seq_num(context, key, direction, seqnum, cksum, buf) - krb5_context context; - krb5_keyblock *key; - int direction; - krb5_ui_4 seqnum; - unsigned char *cksum; - unsigned char *buf; + krb5_context context; + krb5_keyblock *key; + int direction; + krb5_ui_4 seqnum; + unsigned char *cksum; + unsigned char *buf; { - unsigned char plain[8]; + unsigned char plain[8]; - plain[4] = direction; - plain[5] = direction; - plain[6] = direction; - plain[7] = direction; - if (key->enctype == ENCTYPE_ARCFOUR_HMAC ) { - /* Yes, Microsoft used big-endian sequence number.*/ - plain[0] = (seqnum>>24) & 0xff; - plain[1] = (seqnum>>16) & 0xff; - plain[2] = (seqnum>>8) & 0xff; - plain[3] = seqnum & 0xff; - return kg_arcfour_docrypt (key, 0, - cksum, 8, - &plain[0], 8, - buf); - - } - - plain[0] = (unsigned char) (seqnum&0xff); - plain[1] = (unsigned char) ((seqnum>>8)&0xff); - plain[2] = (unsigned char) ((seqnum>>16)&0xff); - plain[3] = (unsigned char) ((seqnum>>24)&0xff); + plain[4] = direction; + plain[5] = direction; + plain[6] = direction; + plain[7] = direction; + if (key->enctype == ENCTYPE_ARCFOUR_HMAC || + key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { + /* Yes, Microsoft used big-endian sequence number.*/ + plain[0] = (seqnum>>24) & 0xff; + plain[1] = (seqnum>>16) & 0xff; + plain[2] = (seqnum>>8) & 0xff; + plain[3] = seqnum & 0xff; + return kg_arcfour_docrypt (key, 0, + cksum, 8, + &plain[0], 8, + buf); - return(kg_encrypt(context, key, KG_USAGE_SEQ, cksum, plain, buf, 8)); + } + + plain[0] = (unsigned char) (seqnum&0xff); + plain[1] = (unsigned char) ((seqnum>>8)&0xff); + plain[2] = (unsigned char) ((seqnum>>16)&0xff); + plain[3] = (unsigned char) ((seqnum>>24)&0xff); + + return(kg_encrypt(context, key, KG_USAGE_SEQ, cksum, plain, buf, 8)); } krb5_error_code kg_get_seq_num(context, key, cksum, buf, direction, seqnum) - krb5_context context; - krb5_keyblock *key; - unsigned char *cksum; - unsigned char *buf; - int *direction; - krb5_ui_4 *seqnum; + krb5_context context; + krb5_keyblock *key; + unsigned char *cksum; + unsigned char *buf; + int *direction; + krb5_ui_4 *seqnum; { - krb5_error_code code; - unsigned char plain[8]; + krb5_error_code code; + unsigned char plain[8]; - if (key->enctype == ENCTYPE_ARCFOUR_HMAC) { - code = kg_arcfour_docrypt (key, 0, - cksum, 8, - buf, 8, - plain); - } else { - code = kg_decrypt(context, key, KG_USAGE_SEQ, cksum, buf, plain, 8); - } - if (code) - return(code); + if (key->enctype == ENCTYPE_ARCFOUR_HMAC || + key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { + code = kg_arcfour_docrypt (key, 0, + cksum, 8, + buf, 8, + plain); + } else { + code = kg_decrypt(context, key, KG_USAGE_SEQ, cksum, buf, plain, 8); + } + if (code) + return(code); - if ((plain[4] != plain[5]) || - (plain[4] != plain[6]) || - (plain[4] != plain[7])) - return((krb5_error_code) KG_BAD_SEQ); + if ((plain[4] != plain[5]) || + (plain[4] != plain[6]) || + (plain[4] != plain[7])) + return((krb5_error_code) KG_BAD_SEQ); - *direction = plain[4]; - if (key->enctype == ENCTYPE_ARCFOUR_HMAC) { - *seqnum = (plain[3]|(plain[2]<<8) | (plain[1]<<16)| (plain[0]<<24)); - } else { - *seqnum = ((plain[0]) | - (plain[1]<<8) | - (plain[2]<<16) | - (plain[3]<<24)); - } + *direction = plain[4]; + if (key->enctype == ENCTYPE_ARCFOUR_HMAC || + key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { + *seqnum = (plain[3]|(plain[2]<<8) | (plain[1]<<16)| (plain[0]<<24)); + } else { + *seqnum = ((plain[0]) | + (plain[1]<<8) | + (plain[2]<<16) | + (plain[3]<<24)); + } - return(0); + return(0); } diff --git a/src/lib/gssapi/krb5/val_cred.c b/src/lib/gssapi/krb5/val_cred.c index fb0f15c9d3..dd82d5341c 100644 --- a/src/lib/gssapi/krb5/val_cred.c +++ b/src/lib/gssapi/krb5/val_cred.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1997, 2007 by Massachusetts Institute of Technology * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,7 +21,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ #include "gssapiP_krb5.h" @@ -32,37 +33,37 @@ OM_uint32 krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle, - krb5_context context) + krb5_context context) { krb5_gss_cred_id_t cred; krb5_error_code code; krb5_principal princ; if (!kg_validate_cred_id(cred_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_DEFECTIVE_CREDENTIAL); } cred = (krb5_gss_cred_id_t) cred_handle; code = k5_mutex_lock(&cred->lock); if (code) { - *minor_status = code; - return GSS_S_FAILURE; + *minor_status = code; + return GSS_S_FAILURE; } if (cred->ccache) { - if ((code = krb5_cc_get_principal(context, cred->ccache, &princ))) { - k5_mutex_unlock(&cred->lock); - *minor_status = code; - return(GSS_S_DEFECTIVE_CREDENTIAL); - } - if (!krb5_principal_compare(context, princ, cred->princ)) { - k5_mutex_unlock(&cred->lock); - *minor_status = KG_CCACHE_NOMATCH; - return(GSS_S_DEFECTIVE_CREDENTIAL); - } - (void)krb5_free_principal(context, princ); + if ((code = krb5_cc_get_principal(context, cred->ccache, &princ))) { + k5_mutex_unlock(&cred->lock); + *minor_status = code; + return(GSS_S_DEFECTIVE_CREDENTIAL); + } + if (!krb5_principal_compare(context, princ, cred->princ)) { + k5_mutex_unlock(&cred->lock); + *minor_status = KG_CCACHE_NOMATCH; + return(GSS_S_DEFECTIVE_CREDENTIAL); + } + (void)krb5_free_principal(context, princ); } *minor_status = 0; return GSS_S_COMPLETE; @@ -70,8 +71,8 @@ krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle, OM_uint32 krb5_gss_validate_cred(minor_status, cred_handle) - OM_uint32 *minor_status; - gss_cred_id_t cred_handle; + OM_uint32 *minor_status; + gss_cred_id_t cred_handle; { krb5_context context; krb5_error_code code; @@ -79,21 +80,17 @@ krb5_gss_validate_cred(minor_status, cred_handle) code = krb5_gss_init_context(&context); if (code) { - *minor_status = code; - return GSS_S_FAILURE; + *minor_status = code; + return GSS_S_FAILURE; } maj = krb5_gss_validate_cred_1(minor_status, cred_handle, context); if (maj == 0) { - krb5_gss_cred_id_t cred = (krb5_gss_cred_id_t) cred_handle; - k5_mutex_assert_locked(&cred->lock); - k5_mutex_unlock(&cred->lock); + krb5_gss_cred_id_t cred = (krb5_gss_cred_id_t) cred_handle; + k5_mutex_assert_locked(&cred->lock); + k5_mutex_unlock(&cred->lock); } save_error_info(*minor_status, context); krb5_free_context(context); return maj; } - - - - diff --git a/src/lib/gssapi/krb5/verify.c b/src/lib/gssapi/krb5/verify.c index 833697b19e..31e8ff2961 100644 --- a/src/lib/gssapi/krb5/verify.c +++ b/src/lib/gssapi/krb5/verify.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -10,7 +11,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -26,39 +27,39 @@ * $Id$ */ -OM_uint32 -krb5_gss_verify(minor_status, context_handle, - message_buffer, token_buffer, - qop_state) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t message_buffer; - gss_buffer_t token_buffer; - int *qop_state; -{ - return(kg_unseal(minor_status, context_handle, - token_buffer, message_buffer, - NULL, qop_state, KG_TOK_SIGN_MSG)); -} - /* V2 interface */ OM_uint32 krb5_gss_verify_mic(minor_status, context_handle, - message_buffer, token_buffer, - qop_state) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - gss_buffer_t message_buffer; - gss_buffer_t token_buffer; - gss_qop_t *qop_state; + message_buffer, token_buffer, + qop_state) + OM_uint32 *minor_status; + gss_ctx_id_t context_handle; + gss_buffer_t message_buffer; + gss_buffer_t token_buffer; + gss_qop_t *qop_state; { - OM_uint32 rstat; - int qstate; + OM_uint32 rstat; rstat = kg_unseal(minor_status, context_handle, - token_buffer, message_buffer, - NULL, &qstate, KG_TOK_MIC_MSG); - if (!rstat && qop_state) - *qop_state = (gss_qop_t) qstate; + token_buffer, message_buffer, + NULL, qop_state, KG_TOK_MIC_MSG); return(rstat); } + +#if 0 +OM_uint32 +krb5_gss_verify_mic_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 major_status; + + major_status = kg_unseal_iov(minor_status, context_handle, + NULL, qop_state, + iov, iov_count, KG_TOK_WRAP_MSG); + + return major_status; +} +#endif diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c index b875a965a0..59e8761873 100644 --- a/src/lib/gssapi/krb5/wrap_size_limit.c +++ b/src/lib/gssapi/krb5/wrap_size_limit.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * Copyright 2000 by the Massachusetts Institute of Technology. * All Rights Reserved. @@ -6,7 +7,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -20,11 +21,11 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * */ /* * Copyright 1993 by OpenVision Technologies, Inc. - * + * * Permission to use, copy, modify, distribute, and sell this software * and its documentation for any purpose is hereby granted without fee, * provided that the above copyright notice appears in all copies and @@ -34,7 +35,7 @@ * without specific, written prior permission. OpenVision makes no * representations about the suitability of this software for any * purpose. It is provided "as is" without express or implied warranty. - * + * * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR @@ -46,14 +47,14 @@ /* * Copyright (C) 1998 by the FundsXpress, INC. - * + * * All rights reserved. - * + * * Export of this software from the United States of America may require * a specific license from the United States Government. It is the * responsibility of any person or organization contemplating export to * obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -64,7 +65,7 @@ * permission. FundsXpress makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. @@ -75,69 +76,88 @@ /* V2 interface */ OM_uint32 krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, - qop_req, req_output_size, max_input_size) - OM_uint32 *minor_status; - gss_ctx_id_t context_handle; - int conf_req_flag; - gss_qop_t qop_req; - OM_uint32 req_output_size; - OM_uint32 *max_input_size; + qop_req, req_output_size, max_input_size) + OM_uint32 *minor_status; + gss_ctx_id_t context_handle; + int conf_req_flag; + gss_qop_t qop_req; + OM_uint32 req_output_size; + OM_uint32 *max_input_size; { - krb5_gss_ctx_id_rec *ctx; - OM_uint32 data_size, conflen; - OM_uint32 ohlen; - int overhead; + krb5_gss_ctx_id_rec *ctx; + OM_uint32 data_size, conflen; + OM_uint32 ohlen; + int overhead; /* only default qop is allowed */ if (qop_req != GSS_C_QOP_DEFAULT) { - *minor_status = (OM_uint32) G_UNKNOWN_QOP; - return(GSS_S_FAILURE); + *minor_status = (OM_uint32) G_UNKNOWN_QOP; + return(GSS_S_FAILURE); } - + /* validate the context handle */ if (! kg_validate_ctx_id(context_handle)) { - *minor_status = (OM_uint32) G_VALIDATE_FAILED; - return(GSS_S_NO_CONTEXT); + *minor_status = (OM_uint32) G_VALIDATE_FAILED; + return(GSS_S_NO_CONTEXT); } - + ctx = (krb5_gss_ctx_id_rec *) context_handle; if (! ctx->established) { - *minor_status = KG_CTX_INCOMPLETE; - return(GSS_S_NO_CONTEXT); + *minor_status = KG_CTX_INCOMPLETE; + return(GSS_S_NO_CONTEXT); } if (ctx->proto == 1) { - /* No pseudo-ASN.1 wrapper overhead, so no sequence length and - OID. */ - OM_uint32 sz = req_output_size; - /* Token header: 16 octets. */ - if (conf_req_flag) { - while (sz > 0 && krb5_encrypt_size(sz, ctx->enc->enctype) + 16 > req_output_size) - sz--; - /* Allow for encrypted copy of header. */ - if (sz > 16) - sz -= 16; - else - sz = 0; + /* No pseudo-ASN.1 wrapper overhead, so no sequence length and + OID. */ + OM_uint32 sz = req_output_size; + + /* Token header: 16 octets. */ + if (conf_req_flag) { + krb5_enctype enctype; + + enctype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey->enctype + : ctx->subkey->enctype; + + while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size) + sz--; + /* Allow for encrypted copy of header. */ + if (sz > 16) + sz -= 16; + else + sz = 0; #ifdef CFX_EXERCISE - /* Allow for EC padding. In the MIT implementation, only - added while testing. */ - if (sz > 65535) - sz -= 65535; - else - sz = 0; + /* Allow for EC padding. In the MIT implementation, only + added while testing. */ + if (sz > 65535) + sz -= 65535; + else + sz = 0; #endif - } else { - /* Allow for token header and checksum. */ - if (sz < 16 + ctx->cksum_size) - sz = 0; - else - sz -= (16 + ctx->cksum_size); - } - - *max_input_size = sz; - *minor_status = 0; - return GSS_S_COMPLETE; + } else { + krb5_cksumtype cksumtype; + krb5_error_code err; + size_t cksumsize; + + cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype + : ctx->cksumtype; + + err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize); + if (err) { + *minor_status = err; + return GSS_S_FAILURE; + } + + /* Allow for token header and checksum. */ + if (sz < 16 + cksumsize) + sz = 0; + else + sz -= (16 + cksumsize); + } + + *max_input_size = sz; + *minor_status = 0; + return GSS_S_COMPLETE; } /* Calculate the token size and subtract that from the output size */ @@ -146,17 +166,17 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, conflen = kg_confounder_size(ctx->k5_context, ctx->enc); data_size = (conflen + data_size + 8) & (~(OM_uint32)7); ohlen = g_token_size(ctx->mech_used, - (unsigned int) (data_size + ctx->cksum_size + 14)) - - req_output_size; + (unsigned int) (data_size + ctx->cksum_size + 14)) + - req_output_size; if (ohlen+overhead < req_output_size) - /* - * Cannot have trailer length that will cause us to pad over our - * length. - */ - *max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7); + /* + * Cannot have trailer length that will cause us to pad over our + * length. + */ + *max_input_size = (req_output_size - ohlen - overhead) & (~(OM_uint32)7); else - *max_input_size = 0; + *max_input_size = 0; *minor_status = 0; return(GSS_S_COMPLETE); diff --git a/src/lib/gssapi/libgssapi_krb5.exports b/src/lib/gssapi/libgssapi_krb5.exports index 2d6199cde4..524533843f 100644 --- a/src/lib/gssapi/libgssapi_krb5.exports +++ b/src/lib/gssapi/libgssapi_krb5.exports @@ -1,3 +1,4 @@ +GSS_C_INQ_SSPI_SESSION_KEY GSS_C_NT_ANONYMOUS GSS_C_NT_EXPORT_NAME GSS_C_NT_HOSTBASED_SERVICE @@ -8,36 +9,46 @@ GSS_C_NT_USER_NAME GSS_KRB5_NT_PRINCIPAL_NAME gss_accept_sec_context gss_acquire_cred +gss_add_buffer_set_member gss_add_cred gss_add_oid_set_member gss_canonicalize_name gss_compare_name +gss_complete_auth_token gss_context_time +gss_create_empty_buffer_set gss_create_empty_oid_set gss_delete_sec_context gss_display_name gss_display_status gss_duplicate_name gss_export_name +gss_export_name_object gss_export_sec_context gss_get_mic gss_import_name +gss_import_name_object gss_import_sec_context gss_indicate_mechs gss_init_sec_context gss_inquire_context gss_inquire_cred gss_inquire_cred_by_mech +gss_inquire_cred_by_oid gss_inquire_mechs_for_name gss_inquire_names_for_mech +gss_inquire_sec_context_by_oid gss_krb5_ccache_name gss_krb5_copy_ccache gss_krb5_export_lucid_sec_context gss_krb5_get_tkt_flags gss_krb5_free_lucid_sec_context gss_krb5_set_allowable_enctypes +gss_krb5_set_cred_rcache gss_krb5int_make_seal_token_v3 gss_krb5int_unseal_token_v3 +gsskrb5_extract_authtime_from_sec_context +gsskrb5_extract_authz_data_from_sec_context gss_mech_krb5 gss_mech_krb5_old gss_mech_set_krb5 @@ -53,21 +64,31 @@ gss_nt_string_uid_name gss_nt_user_name gss_oid_to_str gss_process_context_token +gss_release_buffer_set gss_release_buffer gss_release_cred +gss_release_iov_buffer gss_release_name gss_release_oid gss_release_oid_set gss_seal +gss_set_sec_context_option gss_sign gss_str_to_oid gss_test_oid_set_member gss_unseal gss_unwrap +gss_unwrap_aead +gss_unwrap_iov gss_verify gss_verify_mic gss_wrap +gss_wrap_aead +gss_wrap_iov +gss_wrap_iov_length gss_wrap_size_limit +gssspi_set_cred_option +gssspi_mech_invoke krb5_gss_dbg_client_expcreds krb5_gss_register_acceptor_identity krb5_gss_use_kdc_context diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in index f8c9774a08..13a750b230 100644 --- a/src/lib/gssapi/mechglue/Makefile.in +++ b/src/lib/gssapi/mechglue/Makefile.in @@ -2,8 +2,8 @@ thisconfigdir=../../.. myfulldir=lib/gssapi/mechglue mydir=lib/gssapi/mechglue BUILDTOP=$(REL)..$(S)..$(S).. -LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -DEFS= +LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../krb5 -I$(srcdir)/../krb5 -I../spnego -I$(srcdir)/../spnego +DEFS=-D_GSS_STATIC_LINK=1 ##DOSBUILDTOP = ..\..\.. ##DOS##PREFIXDIR=mechglue @@ -14,8 +14,10 @@ DEFS= SRCS = \ $(srcdir)/g_accept_sec_context.c \ $(srcdir)/g_acquire_cred.c \ + $(srcdir)/g_buffer_set.c \ $(srcdir)/g_canon_name.c \ $(srcdir)/g_compare_name.c \ + $(srcdir)/g_complete_auth_token.c \ $(srcdir)/g_context_time.c \ $(srcdir)/g_delete_sec_context.c \ $(srcdir)/g_dsp_name.c \ @@ -23,14 +25,19 @@ SRCS = \ $(srcdir)/g_dup_name.c \ $(srcdir)/g_exp_sec_context.c \ $(srcdir)/g_export_name.c \ + $(srcdir)/g_export_name_object.c \ $(srcdir)/g_glue.c \ $(srcdir)/g_imp_name.c \ + $(srcdir)/g_imp_name_object.c \ $(srcdir)/g_imp_sec_context.c \ $(srcdir)/g_init_sec_context.c \ $(srcdir)/g_initialize.c \ $(srcdir)/g_inq_context.c \ + $(srcdir)/g_inq_context_oid.c \ $(srcdir)/g_inq_cred.c \ + $(srcdir)/g_inq_cred_oid.c \ $(srcdir)/g_inq_names.c \ + $(srcdir)/g_mech_invoke.c \ $(srcdir)/g_mechname.c \ $(srcdir)/g_oid_ops.c \ $(srcdir)/g_process_context.c \ @@ -39,17 +46,24 @@ SRCS = \ $(srcdir)/g_rel_name.c \ $(srcdir)/g_rel_oid_set.c \ $(srcdir)/g_seal.c \ + $(srcdir)/g_set_context_option.c \ + $(srcdir)/g_set_cred_option.c \ $(srcdir)/g_sign.c \ $(srcdir)/g_store_cred.c \ $(srcdir)/g_unseal.c \ + $(srcdir)/g_unwrap_aead.c \ + $(srcdir)/g_unwrap_iov.c \ $(srcdir)/g_verify.c \ - $(srcdir)/oid_ops.c + $(srcdir)/g_wrap_aead.c \ + $(srcdir)/g_wrap_iov.c OBJS = \ $(OUTPRE)g_accept_sec_context.$(OBJEXT) \ $(OUTPRE)g_acquire_cred.$(OBJEXT) \ + $(OUTPRE)g_buffer_set.$(OBJEXT) \ $(OUTPRE)g_canon_name.$(OBJEXT) \ $(OUTPRE)g_compare_name.$(OBJEXT) \ + $(OUTPRE)g_complete_auth_token.$(OBJEXT) \ $(OUTPRE)g_context_time.$(OBJEXT) \ $(OUTPRE)g_delete_sec_context.$(OBJEXT) \ $(OUTPRE)g_dsp_name.$(OBJEXT) \ @@ -57,14 +71,19 @@ OBJS = \ $(OUTPRE)g_dup_name.$(OBJEXT) \ $(OUTPRE)g_exp_sec_context.$(OBJEXT) \ $(OUTPRE)g_export_name.$(OBJEXT) \ + $(OUTPRE)g_export_name_object.$(OBJEXT) \ $(OUTPRE)g_glue.$(OBJEXT) \ $(OUTPRE)g_imp_name.$(OBJEXT) \ + $(OUTPRE)g_imp_name_object.$(OBJEXT) \ $(OUTPRE)g_imp_sec_context.$(OBJEXT) \ $(OUTPRE)g_init_sec_context.$(OBJEXT) \ $(OUTPRE)g_initialize.$(OBJEXT) \ $(OUTPRE)g_inq_context.$(OBJEXT) \ + $(OUTPRE)g_inq_context_oid.$(OBJEXT) \ $(OUTPRE)g_inq_cred.$(OBJEXT) \ + $(OUTPRE)g_inq_cred_oid.$(OBJEXT) \ $(OUTPRE)g_inq_names.$(OBJEXT) \ + $(OUTPRE)g_mech_invoke.$(OBJEXT) \ $(OUTPRE)g_mechname.$(OBJEXT) \ $(OUTPRE)g_oid_ops.$(OBJEXT) \ $(OUTPRE)g_process_context.$(OBJEXT) \ @@ -73,17 +92,24 @@ OBJS = \ $(OUTPRE)g_rel_name.$(OBJEXT) \ $(OUTPRE)g_rel_oid_set.$(OBJEXT) \ $(OUTPRE)g_seal.$(OBJEXT) \ + $(OUTPRE)g_set_context_option.$(OBJEXT) \ + $(OUTPRE)g_set_cred_option.$(OBJEXT) \ $(OUTPRE)g_sign.$(OBJEXT) \ $(OUTPRE)g_store_cred.$(OBJEXT) \ $(OUTPRE)g_unseal.$(OBJEXT) \ + $(OUTPRE)g_unwrap_aead.$(OBJEXT) \ + $(OUTPRE)g_unwrap_iov.$(OBJEXT) \ $(OUTPRE)g_verify.$(OBJEXT) \ - $(OUTPRE)oid_ops.$(OBJEXT) + $(OUTPRE)g_wrap_aead.$(OBJEXT) \ + $(OUTPRE)g_wrap_iov.$(OBJEXT) STLIBOBJS = \ g_accept_sec_context.o \ g_acquire_cred.o \ + g_buffer_set.o \ g_canon_name.o \ g_compare_name.o \ + g_complete_auth_token.o \ g_context_time.o \ g_delete_sec_context.o \ g_dsp_name.o \ @@ -91,14 +117,19 @@ STLIBOBJS = \ g_dup_name.o \ g_exp_sec_context.o \ g_export_name.o \ + g_export_name_object.o \ g_glue.o \ g_imp_name.o \ + g_imp_name_object.o \ g_imp_sec_context.o \ g_init_sec_context.o \ g_initialize.o \ g_inq_context.o \ + g_inq_context_oid.o \ g_inq_cred.o \ + g_inq_cred_oid.o \ g_inq_names.o \ + g_mech_invoke.o \ g_mechname.o \ g_oid_ops.o \ g_process_context.o \ @@ -107,11 +138,16 @@ STLIBOBJS = \ g_rel_name.o \ g_rel_oid_set.o \ g_seal.o \ + g_set_context_option.o \ + g_set_cred_option.o \ g_sign.o \ g_store_cred.o \ g_unseal.o \ + g_unwrap_aead.o \ + g_unwrap_iov.o \ g_verify.o \ - oid_ops.o + g_wrap_aead.o \ + g_wrap_iov.o EHDRDIR= $(BUILDTOP)$(S)include$(S)gssapi EXPORTED_HEADERS = mechglue.h @@ -134,201 +170,3 @@ install:: includes:: @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -g_accept_sec_context.so g_accept_sec_context.po $(OUTPRE)g_accept_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_accept_sec_context.c \ - mechglue.h mglueP.h -g_acquire_cred.so g_acquire_cred.po $(OUTPRE)g_acquire_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_acquire_cred.c mechglue.h \ - mglueP.h -g_canon_name.so g_canon_name.po $(OUTPRE)g_canon_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_canon_name.c mechglue.h \ - mglueP.h -g_compare_name.so g_compare_name.po $(OUTPRE)g_compare_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_compare_name.c mechglue.h \ - mglueP.h -g_context_time.so g_context_time.po $(OUTPRE)g_context_time.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_context_time.c mechglue.h \ - mglueP.h -g_delete_sec_context.so g_delete_sec_context.po $(OUTPRE)g_delete_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_delete_sec_context.c \ - mechglue.h mglueP.h -g_dsp_name.so g_dsp_name.po $(OUTPRE)g_dsp_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_dsp_name.c mechglue.h \ - mglueP.h -g_dsp_status.so g_dsp_status.po $(OUTPRE)g_dsp_status.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_dsp_status.c mechglue.h \ - mglueP.h -g_dup_name.so g_dup_name.po $(OUTPRE)g_dup_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_dup_name.c mechglue.h \ - mglueP.h -g_exp_sec_context.so g_exp_sec_context.po $(OUTPRE)g_exp_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_exp_sec_context.c \ - mechglue.h mglueP.h -g_export_name.so g_export_name.po $(OUTPRE)g_export_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_export_name.c mechglue.h \ - mglueP.h -g_glue.so g_glue.po $(OUTPRE)g_glue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_glue.c mechglue.h \ - mglueP.h -g_imp_name.so g_imp_name.po $(OUTPRE)g_imp_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_imp_name.c mechglue.h \ - mglueP.h -g_imp_sec_context.so g_imp_sec_context.po $(OUTPRE)g_imp_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_imp_sec_context.c \ - mechglue.h mglueP.h -g_init_sec_context.so g_init_sec_context.po $(OUTPRE)g_init_sec_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_init_sec_context.c \ - mechglue.h mglueP.h -g_initialize.so g_initialize.po $(OUTPRE)g_initialize.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssapi.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../gss_libinit.h \ - ../generic/gssapi_err_generic.h g_initialize.c mechglue.h \ - mglueP.h -g_inq_context.so g_inq_context.po $(OUTPRE)g_inq_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_inq_context.c mechglue.h \ - mglueP.h -g_inq_cred.so g_inq_cred.po $(OUTPRE)g_inq_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_inq_cred.c mechglue.h \ - mglueP.h -g_inq_names.so g_inq_names.po $(OUTPRE)g_inq_names.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_inq_names.c mechglue.h \ - mglueP.h -g_mechname.so g_mechname.po $(OUTPRE)g_mechname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_mechname.c mechglue.h \ - mglueP.h -g_oid_ops.so g_oid_ops.po $(OUTPRE)g_oid_ops.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_oid_ops.c mechglue.h \ - mglueP.h -g_process_context.so g_process_context.po $(OUTPRE)g_process_context.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_process_context.c \ - mechglue.h mglueP.h -g_rel_buffer.so g_rel_buffer.po $(OUTPRE)g_rel_buffer.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_rel_buffer.c mechglue.h \ - mglueP.h -g_rel_cred.so g_rel_cred.po $(OUTPRE)g_rel_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_rel_cred.c mechglue.h \ - mglueP.h -g_rel_name.so g_rel_name.po $(OUTPRE)g_rel_name.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_rel_name.c mechglue.h \ - mglueP.h -g_rel_oid_set.so g_rel_oid_set.po $(OUTPRE)g_rel_oid_set.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_rel_oid_set.c mechglue.h \ - mglueP.h -g_seal.so g_seal.po $(OUTPRE)g_seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_seal.c mechglue.h \ - mglueP.h -g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_sign.c mechglue.h \ - mglueP.h -g_store_cred.so g_store_cred.po $(OUTPRE)g_store_cred.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_store_cred.c mechglue.h \ - mglueP.h -g_unseal.so g_unseal.po $(OUTPRE)g_unseal.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_unseal.c mechglue.h \ - mglueP.h -g_verify.so g_verify.po $(OUTPRE)g_verify.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h g_verify.c mechglue.h \ - mglueP.h -oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_generic.h \ - ../generic/gssapi_err_generic.h mechglue.h mglueP.h \ - oid_ops.c diff --git a/src/lib/gssapi/mechglue/deps b/src/lib/gssapi/mechglue/deps new file mode 100644 index 0000000000..f67f754d01 --- /dev/null +++ b/src/lib/gssapi/mechglue/deps @@ -0,0 +1,359 @@ +# +# Generated makefile dependencies follow. +# +g_accept_sec_context.so g_accept_sec_context.po $(OUTPRE)g_accept_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_accept_sec_context.c \ + mechglue.h mglueP.h +g_acquire_cred.so g_acquire_cred.po $(OUTPRE)g_acquire_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_acquire_cred.c mechglue.h \ + mglueP.h +g_buffer_set.so g_buffer_set.po $(OUTPRE)g_buffer_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_buffer_set.c mechglue.h \ + mglueP.h +g_canon_name.so g_canon_name.po $(OUTPRE)g_canon_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_canon_name.c mechglue.h \ + mglueP.h +g_compare_name.so g_compare_name.po $(OUTPRE)g_compare_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_compare_name.c mechglue.h \ + mglueP.h +g_complete_auth_token.so g_complete_auth_token.po $(OUTPRE)g_complete_auth_token.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_complete_auth_token.c \ + mechglue.h mglueP.h +g_context_time.so g_context_time.po $(OUTPRE)g_context_time.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_context_time.c mechglue.h \ + mglueP.h +g_delete_sec_context.so g_delete_sec_context.po $(OUTPRE)g_delete_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_delete_sec_context.c \ + mechglue.h mglueP.h +g_dsp_name.so g_dsp_name.po $(OUTPRE)g_dsp_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dsp_name.c mechglue.h \ + mglueP.h +g_dsp_status.so g_dsp_status.po $(OUTPRE)g_dsp_status.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dsp_status.c mechglue.h \ + mglueP.h +g_dup_name.so g_dup_name.po $(OUTPRE)g_dup_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_dup_name.c mechglue.h \ + mglueP.h +g_exp_sec_context.so g_exp_sec_context.po $(OUTPRE)g_exp_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_exp_sec_context.c \ + mechglue.h mglueP.h +g_export_name.so g_export_name.po $(OUTPRE)g_export_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_export_name.c mechglue.h \ + mglueP.h +g_export_name_object.so g_export_name_object.po $(OUTPRE)g_export_name_object.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_export_name_object.c \ + mechglue.h mglueP.h +g_glue.so g_glue.po $(OUTPRE)g_glue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_glue.c mechglue.h \ + mglueP.h +g_imp_name.so g_imp_name.po $(OUTPRE)g_imp_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_name.c mechglue.h \ + mglueP.h +g_imp_name_object.so g_imp_name_object.po $(OUTPRE)g_imp_name_object.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_name_object.c \ + mechglue.h mglueP.h +g_imp_sec_context.so g_imp_sec_context.po $(OUTPRE)g_imp_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_imp_sec_context.c \ + mechglue.h mglueP.h +g_init_sec_context.so g_init_sec_context.po $(OUTPRE)g_init_sec_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_init_sec_context.c \ + mechglue.h mglueP.h +g_initialize.so g_initialize.po $(OUTPRE)g_initialize.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../krb5/gssapiP_krb5.h $(srcdir)/../spnego/gssapiP_spnego.h \ + ../generic/gssapi_err_generic.h ../krb5/gssapi_err_krb5.h \ + ../krb5/gssapi_krb5.h g_initialize.c mechglue.h mglueP.h +g_inq_context.so g_inq_context.po $(OUTPRE)g_inq_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_context.c mechglue.h \ + mglueP.h +g_inq_context_oid.so g_inq_context_oid.po $(OUTPRE)g_inq_context_oid.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_context_oid.c \ + mechglue.h mglueP.h +g_inq_cred.so g_inq_cred.po $(OUTPRE)g_inq_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_cred.c mechglue.h \ + mglueP.h +g_inq_cred_oid.so g_inq_cred_oid.po $(OUTPRE)g_inq_cred_oid.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_cred_oid.c mechglue.h \ + mglueP.h +g_inq_names.so g_inq_names.po $(OUTPRE)g_inq_names.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_inq_names.c mechglue.h \ + mglueP.h +g_mech_invoke.so g_mech_invoke.po $(OUTPRE)g_mech_invoke.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_mech_invoke.c mechglue.h \ + mglueP.h +g_mechname.so g_mechname.po $(OUTPRE)g_mechname.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_mechname.c mechglue.h \ + mglueP.h +g_oid_ops.so g_oid_ops.po $(OUTPRE)g_oid_ops.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_oid_ops.c mechglue.h \ + mglueP.h +g_process_context.so g_process_context.po $(OUTPRE)g_process_context.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_process_context.c \ + mechglue.h mglueP.h +g_rel_buffer.so g_rel_buffer.po $(OUTPRE)g_rel_buffer.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_buffer.c mechglue.h \ + mglueP.h +g_rel_cred.so g_rel_cred.po $(OUTPRE)g_rel_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_cred.c mechglue.h \ + mglueP.h +g_rel_name.so g_rel_name.po $(OUTPRE)g_rel_name.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_name.c mechglue.h \ + mglueP.h +g_rel_oid_set.so g_rel_oid_set.po $(OUTPRE)g_rel_oid_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_rel_oid_set.c mechglue.h \ + mglueP.h +g_seal.so g_seal.po $(OUTPRE)g_seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_seal.c mechglue.h \ + mglueP.h +g_set_context_option.so g_set_context_option.po $(OUTPRE)g_set_context_option.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_set_context_option.c \ + mechglue.h mglueP.h +g_set_cred_option.so g_set_cred_option.po $(OUTPRE)g_set_cred_option.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_set_cred_option.c \ + mechglue.h mglueP.h +g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_sign.c mechglue.h \ + mglueP.h +g_store_cred.so g_store_cred.po $(OUTPRE)g_store_cred.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_store_cred.c mechglue.h \ + mglueP.h +g_unseal.so g_unseal.po $(OUTPRE)g_unseal.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_unseal.c mechglue.h \ + mglueP.h +g_unwrap_aead.so g_unwrap_aead.po $(OUTPRE)g_unwrap_aead.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_unwrap_aead.c mechglue.h \ + mglueP.h +g_unwrap_iov.so g_unwrap_iov.po $(OUTPRE)g_unwrap_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_unwrap_iov.c mechglue.h \ + mglueP.h +g_verify.so g_verify.po $(OUTPRE)g_verify.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_verify.c mechglue.h \ + mglueP.h +g_wrap_aead.so g_wrap_aead.po $(OUTPRE)g_wrap_aead.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_wrap_aead.c mechglue.h \ + mglueP.h +g_wrap_iov.so g_wrap_iov.po $(OUTPRE)g_wrap_iov.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + ../generic/gssapi_err_generic.h g_wrap_iov.c mechglue.h \ + mglueP.h diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index 9527895eee..fa703d34d2 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -146,7 +146,7 @@ gss_cred_id_t * d_cred; if(*context_handle == GSS_C_NO_CONTEXT) { - if (GSS_EMPTY_BUFFER(input_token_buffer)) + if (input_token_buffer == GSS_C_NO_BUFFER) return (GSS_S_CALL_INACCESSIBLE_READ); /* Get the token mech type */ @@ -193,9 +193,7 @@ gss_cred_id_t * d_cred; mech = gssint_get_mechanism (token_mech_type); if (mech && mech->gss_accept_sec_context) { - status = mech->gss_accept_sec_context( - mech->context, - minor_status, + status = mech->gss_accept_sec_context(minor_status, &union_ctx_id->internal_ctx_id, input_cred_handle, input_token_buffer, @@ -236,7 +234,6 @@ gss_cred_id_t * d_cred; output_token); if (internal_name != GSS_C_NO_NAME) mech->gss_release_name( - mech->context, &temp_minor_status, &internal_name); return (temp_status); @@ -288,8 +285,7 @@ gss_cred_id_t * d_cred; d_u_cred->loopback = d_u_cred; if (mech->gss_inquire_cred) { - status = mech->gss_inquire_cred(mech->context, - minor_status, + status = mech->gss_inquire_cred(minor_status, tmp_d_cred, &internal_name, &d_u_cred->auxinfo.time_rec, diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index f2e8cd1b78..fada9e8872 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -381,8 +381,8 @@ gss_add_cred(minor_status, input_cred_handle, internal_name = union_name->mech_name; else { if (gssint_import_internal_name(minor_status, - &mech->mech_type, union_name, - &allocated_name) != GSS_S_COMPLETE) + &mech->mech_type, union_name, + &allocated_name) != GSS_S_COMPLETE) return (GSS_S_BAD_NAME); internal_name = allocated_name; } @@ -397,8 +397,10 @@ gss_add_cred(minor_status, input_cred_handle, else if (cred_usage == GSS_C_BOTH) time_req = (acceptor_time_req > initiator_time_req) ? acceptor_time_req : initiator_time_req; + else + time_req = 0; - status = mech->gss_acquire_cred(mech->context, minor_status, + status = mech->gss_acquire_cred(minor_status, internal_name, time_req, GSS_C_NULL_OID_SET, cred_usage, &cred, NULL, &time_rec); @@ -421,7 +423,6 @@ gss_add_cred(minor_status, input_cred_handle, if (internal_name == NULL) { if (mech->gss_inquire_cred == NULL || ((status = mech->gss_inquire_cred( - mech->context, &temp_minor_status, cred, &allocated_name, NULL, NULL, NULL)) != GSS_S_COMPLETE)) @@ -430,8 +431,7 @@ gss_add_cred(minor_status, input_cred_handle, } if (internal_name != GSS_C_NO_NAME) { - status = mech->gss_display_name(mech->context, - &temp_minor_status, internal_name, + status = mech->gss_display_name(&temp_minor_status, internal_name, &union_cred->auxinfo.name, &union_cred->auxinfo.name_type); @@ -519,8 +519,7 @@ errout: free(new_cred_array); if (cred != NULL && mech->gss_release_cred) - mech->gss_release_cred(mech->context, - &temp_minor_status, &cred); + mech->gss_release_cred(&temp_minor_status, &cred); if (allocated_name) (void) gssint_release_internal_name(&temp_minor_status, diff --git a/src/lib/krb4/netwrite.c b/src/lib/gssapi/mechglue/g_buffer_set.c similarity index 59% rename from src/lib/krb4/netwrite.c rename to src/lib/gssapi/mechglue/g_buffer_set.c index 31832488dd..1b2621c6b7 100644 --- a/src/lib/krb4/netwrite.c +++ b/src/lib/gssapi/mechglue/g_buffer_set.c @@ -1,14 +1,12 @@ /* - * lib/krb4/netwrite.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,44 +20,38 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. + * */ -#include -#include "krb.h" -#include "autoconf.h" -#ifdef HAVE_UNISTD_H -#include +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include #endif -#include "port-sockets.h" +#include +#include -/* - * krb_net_write() writes "len" bytes from "buf" to the file - * descriptor "fd". It returns the number of bytes written or - * a write() error. (The calling interface is identical to - * write(2).) - * - * XXX must not use non-blocking I/O - */ -int -krb_net_write(fd, buf, len) -int fd; -register char *buf; -int len; +OM_uint32 KRB5_CALLCONV gss_create_empty_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) { - int cc; - register int wrlen = len; - do { - cc = SOCKET_WRITE(fd, buf, wrlen); - if (cc < 0) - { - if (SOCKET_ERRNO == SOCKET_EINTR) - continue; - return(cc); - } - else { - buf += cc; - wrlen -= cc; - } - } while (wrlen > 0); - return(len); + return generic_gss_create_empty_buffer_set(minor_status, buffer_set); } + +OM_uint32 KRB5_CALLCONV gss_add_buffer_set_member + (OM_uint32 * minor_status, + const gss_buffer_t member_buffer, + gss_buffer_set_t *buffer_set) +{ + return generic_gss_add_buffer_set_member(minor_status, + member_buffer, + buffer_set); +} + +OM_uint32 KRB5_CALLCONV gss_release_buffer_set + (OM_uint32 * minor_status, + gss_buffer_set_t *buffer_set) +{ + return generic_gss_release_buffer_set(minor_status, buffer_set); +} + diff --git a/src/lib/gssapi/mechglue/g_compare_name.c b/src/lib/gssapi/mechglue/g_compare_name.c index 40f4648efd..153e9b615c 100644 --- a/src/lib/gssapi/mechglue/g_compare_name.c +++ b/src/lib/gssapi/mechglue/g_compare_name.c @@ -72,7 +72,7 @@ int * name_equal; { OM_uint32 major_status, temp_minor; gss_union_name_t union_name1, union_name2; - gss_mechanism mech; + gss_mechanism mech = NULL; gss_name_t internal_name; major_status = val_comp_name_args(minor_status, @@ -114,7 +114,11 @@ int * name_equal; if ((union_name1->mech_name == 0) || (union_name2->mech_name == 0)) /* should never happen */ return (GSS_S_BAD_NAME); - major_status = mech->gss_compare_name(mech->context, minor_status, + if (!mech) + return (GSS_S_BAD_MECH); + if (!mech->gss_compare_name) + return (GSS_S_UNAVAILABLE); + major_status = mech->gss_compare_name(minor_status, union_name1->mech_name, union_name2->mech_name, name_equal); @@ -190,7 +194,11 @@ int * name_equal; if (major_status != GSS_S_COMPLETE) return (GSS_S_COMPLETE); /* return complete, but not equal */ - major_status = mech->gss_compare_name(mech->context, minor_status, + if (!mech) + return (GSS_S_BAD_MECH); + if (!mech->gss_compare_name) + return (GSS_S_UNAVAILABLE); + major_status = mech->gss_compare_name(minor_status, union_name1->mech_name, internal_name, name_equal); if (major_status != GSS_S_COMPLETE) diff --git a/src/lib/gssapi/mechglue/g_complete_auth_token.c b/src/lib/gssapi/mechglue/g_complete_auth_token.c new file mode 100644 index 0000000000..9181551301 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_complete_auth_token.c @@ -0,0 +1,70 @@ +/* #ident "@(#)gss_seal.c 1.10 95/08/07 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_complete_auth_token + */ + +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +OM_uint32 KRB5_CALLCONV +gss_complete_auth_token (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer) +{ + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + if (context_handle == GSS_C_NO_CONTEXT) + return GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech != NULL) { + if (mech->gss_complete_auth_token != NULL) { + status = mech->gss_complete_auth_token(minor_status, + ctx->internal_ctx_id, + input_message_buffer); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_COMPLETE; + } else + status = GSS_S_BAD_MECH; + + return status; +} diff --git a/src/lib/gssapi/mechglue/g_context_time.c b/src/lib/gssapi/mechglue/g_context_time.c index 866405729b..4293b078eb 100644 --- a/src/lib/gssapi/mechglue/g_context_time.c +++ b/src/lib/gssapi/mechglue/g_context_time.c @@ -64,7 +64,6 @@ OM_uint32 * time_rec; if (mech->gss_context_time) { status = mech->gss_context_time( - mech->context, minor_status, ctx->internal_ctx_id, time_rec); diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c index fdaf2c310d..2fcd3c2d10 100644 --- a/src/lib/gssapi/mechglue/g_delete_sec_context.c +++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c @@ -73,7 +73,6 @@ gss_buffer_t output_token; { OM_uint32 status; gss_union_ctx_id_t ctx; - gss_mechanism mech; status = val_del_sec_ctx_args(minor_status, context_handle, output_token); if (status != GSS_S_COMPLETE) @@ -87,29 +86,19 @@ gss_buffer_t output_token; ctx = (gss_union_ctx_id_t) *context_handle; if (GSSINT_CHK_LOOP(ctx)) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); - mech = gssint_get_mechanism (ctx->mech_type); - - if (mech) { - - if (mech->gss_delete_sec_context) { - status = mech->gss_delete_sec_context( - mech->context, - minor_status, - &ctx->internal_ctx_id, - output_token); - if (status != GSS_S_COMPLETE) - map_error(minor_status, mech); - } else - status = GSS_S_UNAVAILABLE; - - /* now free up the space for the union context structure */ - free(ctx->mech_type->elements); - free(ctx->mech_type); - free(*context_handle); - *context_handle = NULL; - - return(status); - } + + status = gssint_delete_internal_sec_context(minor_status, + ctx->mech_type, + &ctx->internal_ctx_id, + output_token); + if (status) + return status; + + /* now free up the space for the union context structure */ + free(ctx->mech_type->elements); + free(ctx->mech_type); + free(*context_handle); + *context_handle = GSS_C_NO_CONTEXT; - return (GSS_S_BAD_MECH); + return (GSS_S_COMPLETE); } diff --git a/src/lib/gssapi/mechglue/g_dsp_status.c b/src/lib/gssapi/mechglue/g_dsp_status.c index 78dac8a5c4..49b79e15d8 100644 --- a/src/lib/gssapi/mechglue/g_dsp_status.c +++ b/src/lib/gssapi/mechglue/g_dsp_status.c @@ -121,7 +121,7 @@ gss_buffer_t status_string; if (mech && mech->gss_display_status) { OM_uint32 r; - r = mech->gss_display_status(mech->context, minor_status, + r = mech->gss_display_status(minor_status, status_value, status_type, mech_type, message_context, status_string); /* How's this for weird? If we get an error returning the @@ -358,12 +358,11 @@ gss_buffer_t outStr; /* now copy the status code and return to caller */ outStr->length = strlen(errStr); - outStr->value = malloc((size_t)outStr->length+1); + outStr->value = strdup(errStr); if (outStr->value == NULL) { outStr->length = 0; return (GSS_S_FAILURE); } - (void) strcpy((char *)outStr->value, errStr); return (GSS_S_COMPLETE); } /* displayMajor */ diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c index cf9905f830..f2ee5a5b75 100644 --- a/src/lib/gssapi/mechglue/g_exp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c @@ -101,7 +101,7 @@ gss_buffer_t interprocess_token; if (!mech->gss_export_sec_context) return (GSS_S_UNAVAILABLE); - status = mech->gss_export_sec_context(mech->context, minor_status, + status = mech->gss_export_sec_context(minor_status, &ctx->internal_ctx_id, &token); if (status != GSS_S_COMPLETE) { map_error(minor_status, mech); diff --git a/src/lib/gssapi/mechglue/g_export_name.c b/src/lib/gssapi/mechglue/g_export_name.c index c845f8caf7..d9545b798b 100644 --- a/src/lib/gssapi/mechglue/g_export_name.c +++ b/src/lib/gssapi/mechglue/g_export_name.c @@ -56,3 +56,4 @@ gss_buffer_t exported_name; return gssint_export_internal_name(minor_status, union_name->mech_type, union_name->mech_name, exported_name); } + diff --git a/src/lib/gssapi/mechglue/g_export_name_object.c b/src/lib/gssapi/mechglue/g_export_name_object.c new file mode 100644 index 0000000000..4005070438 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_export_name_object.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1996,1997, by Sun Microsystems, Inc. + * All rights reserved. + */ + +/* #pragma ident "@(#)g_export_name.c 1.11 00/07/17 SMI" */ + +/* + * glue routine gss_export_name_object_object_object_object + * + * Will either call the mechanism defined gss_export_name, or if one is + * not defined will call a generic_gss_export_name routine. + */ + +#include +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +OM_uint32 KRB5_CALLCONV +gss_export_name_object(minor_status, + input_name, + desired_name_type, + output_name) +OM_uint32 * minor_status; +const gss_name_t input_name; +gss_OID desired_name_type; +void ** output_name; +{ + gss_union_name_t union_name; + gss_mechanism mech; + OM_uint32 major_status; + + if (minor_status != NULL) + *minor_status = 0; + + if (output_name != NULL) + *output_name = NULL; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (input_name == NULL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; + + if (desired_name_type == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAMETYPE; + + if (output_name == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + union_name = (gss_union_name_t)input_name; + + if (union_name->mech_type == GSS_C_NO_OID) + return GSS_S_NAME_NOT_MN; + + mech = gssint_get_mechanism(union_name->mech_type); + if (mech == NULL) + return GSS_S_BAD_MECH; + + if (mech->gss_export_name_object == NULL) + return GSS_S_UNAVAILABLE; + + major_status = mech->gss_export_name_object(minor_status, + input_name, + desired_name_type, + output_name); + if (major_status != GSS_S_COMPLETE) + map_error(minor_status, mech); + + return major_status; +} diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c index f5bed4719d..8b4070eb4f 100644 --- a/src/lib/gssapi/mechglue/g_glue.c +++ b/src/lib/gssapi/mechglue/g_glue.c @@ -51,7 +51,7 @@ gssint_get_der_length(unsigned char **buf, unsigned int buf_len, unsigned int *b /* p points to the beginning of the buffer */ unsigned char *p = *buf; int length, new_length; - int octets; + unsigned int octets; if (buf_len < 1) return (-1); @@ -184,7 +184,7 @@ gssint_put_der_length(unsigned int length, unsigned char **buf, unsigned int max * */ -OM_uint32 gssint_get_mech_type(OID, token) +OM_uint32 gssint_get_mech_type_oid(OID, token) gss_OID OID; gss_buffer_t token; { @@ -246,6 +246,43 @@ OM_uint32 gssint_get_mech_type(OID, token) return (GSS_S_COMPLETE); } +/* + * The following mechanisms do not always identify themselves + * per the GSS-API specification, when interoperating with MS + * peers. We include the OIDs here so we do not have to ilnk + * with the mechanism. + */ +static gss_OID_desc gss_ntlm_mechanism_oid_desc = + {10, (void *)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"}; +static gss_OID_desc gss_spnego_mechanism_oid_desc = + {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; +static gss_OID_desc gss_krb5_mechanism_oid_desc = + {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; + +#define NTLMSSP_SIGNATURE "NTLMSSP" + +OM_uint32 gssint_get_mech_type(OID, token) + gss_OID OID; + gss_buffer_t token; +{ + /* Check for interoperability exceptions */ + if (token->length >= sizeof(NTLMSSP_SIGNATURE) && + memcmp(token->value, NTLMSSP_SIGNATURE, + sizeof(NTLMSSP_SIGNATURE)) == 0) { + *OID = gss_ntlm_mechanism_oid_desc; + } else if (token->length != 0 && + ((char *)token->value)[0] == 0x6E) { + /* Could be a raw AP-REQ (check for APPLICATION tag) */ + *OID = gss_krb5_mechanism_oid_desc; + } else if (token->length == 0) { + *OID = gss_spnego_mechanism_oid_desc; + } else { + return gssint_get_mech_type_oid(OID, token); + } + + return (GSS_S_COMPLETE); +} + /* * Internal routines to get and release an internal mechanism name @@ -267,7 +304,6 @@ gss_name_t *internal_name; if (mech) { if (mech->gss_import_name) { status = mech->gss_import_name ( - mech->context, minor_status, union_name->external_name, union_name->name_type, @@ -306,8 +342,7 @@ OM_uint32 gssint_export_internal_name(minor_status, mech_type, return (GSS_S_BAD_MECH); if (mech->gss_export_name) { - status = mech->gss_export_name(mech->context, - minor_status, + status = mech->gss_export_name(minor_status, internal_name, name_buf); if (status != GSS_S_COMPLETE) @@ -342,8 +377,7 @@ OM_uint32 gssint_export_internal_name(minor_status, mech_type, * mechanisms also, so that factoring name export/import out of * the mech and into libgss pays off. */ - if ((status = mech->gss_display_name(mech->context, - minor_status, + if ((status = mech->gss_display_name(minor_status, internal_name, &dispName, &nameOid)) @@ -421,7 +455,6 @@ gss_OID *name_type; if (mech) { if (mech->gss_display_name) { status = mech->gss_display_name ( - mech->context, minor_status, internal_name, external_name, @@ -449,7 +482,6 @@ gss_name_t *internal_name; if (mech) { if (mech->gss_release_name) { status = mech->gss_release_name ( - mech->context, minor_status, internal_name); if (status != GSS_S_COMPLETE) @@ -463,6 +495,32 @@ gss_name_t *internal_name; return (GSS_S_BAD_MECH); } +OM_uint32 gssint_delete_internal_sec_context (minor_status, + mech_type, + internal_ctx, + output_token) +OM_uint32 *minor_status; +gss_OID mech_type; +gss_ctx_id_t *internal_ctx; +gss_buffer_t output_token; +{ + OM_uint32 status; + gss_mechanism mech; + + mech = gssint_get_mechanism (mech_type); + if (mech) { + if (mech->gss_delete_sec_context) + status = mech->gss_delete_sec_context (minor_status, + internal_ctx, + output_token); + else + status = GSS_S_UNAVAILABLE; + + return (status); + } + + return (GSS_S_BAD_MECH); +} /* * This function converts an internal gssapi name to a union gssapi @@ -501,10 +559,11 @@ OM_uint32 gssint_convert_name_to_union_name(minor_status, mech, union_name->external_name = (gss_buffer_t) malloc(sizeof(gss_buffer_desc)); if (!union_name->external_name) { + major_status = GSS_S_FAILURE; goto allocation_failure; } - major_status = mech->gss_display_name(mech->context, minor_status, + major_status = mech->gss_display_name(minor_status, internal_name, union_name->external_name, &union_name->name_type); @@ -550,13 +609,29 @@ gssint_get_mechanism_cred(union_cred, mech_type) gss_OID mech_type; { int i; - + if (union_cred == GSS_C_NO_CREDENTIAL) return GSS_C_NO_CREDENTIAL; - + + /* SPNEGO mechanism will again call into GSSAPI */ + if (g_OID_equal(&gss_spnego_mechanism_oid_desc, mech_type)) + return (gss_cred_id_t)union_cred; + for (i=0; i < union_cred->count; i++) { if (g_OID_equal(mech_type, &union_cred->mechs_array[i])) return union_cred->cred_array[i]; + + /* for SPNEGO, check the next-lower set of creds */ + if (g_OID_equal(&gss_spnego_mechanism_oid_desc, &union_cred->mechs_array[i])) { + gss_union_cred_t candidate_cred; + gss_cred_id_t sub_cred; + + candidate_cred = (gss_union_cred_t)union_cred->cred_array[i]; + sub_cred = gssint_get_mechanism_cred(candidate_cred, mech_type); + + if(sub_cred != GSS_C_NO_CREDENTIAL) + return sub_cred; + } } return GSS_C_NO_CREDENTIAL; } @@ -604,3 +679,4 @@ gssint_create_copy_buffer(srcBuf, destBuf, addNullChar) return (GSS_S_COMPLETE); } /* ****** gssint_create_copy_buffer ****** */ + diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c index bb7db31954..c4767bf3e9 100644 --- a/src/lib/gssapi/mechglue/g_imp_name.c +++ b/src/lib/gssapi/mechglue/g_imp_name.c @@ -252,7 +252,7 @@ importExportName(minor, unionName) * have created it. */ if (mech->gss_export_name) { - major = mech->gss_import_name(mech->context, minor, + major = mech->gss_import_name(minor, &expName, (gss_OID)GSS_C_NT_EXPORT_NAME, &unionName->mech_name); if (major != GSS_S_COMPLETE) @@ -350,7 +350,7 @@ importExportName(minor, unionName) */ expName.length = nameLen; expName.value = nameLen ? (void *)buf : NULL; - major = mech->gss_import_name(mech->context, minor, &expName, + major = mech->gss_import_name(minor, &expName, GSS_C_NULL_OID, &unionName->mech_name); if (major != GSS_S_COMPLETE) { map_error(minor, mech); @@ -363,3 +363,4 @@ importExportName(minor, unionName) } return major; } /* importExportName */ + diff --git a/src/lib/gssapi/mechglue/g_imp_name_object.c b/src/lib/gssapi/mechglue/g_imp_name_object.c new file mode 100644 index 0000000000..83f327bd70 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_imp_name_object.c @@ -0,0 +1,124 @@ +/* #pragma ident "@(#)g_imp_name.c 1.26 04/02/23 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine gss_import_name_object + * + */ + +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +static OM_uint32 +val_imp_name_object_args( + OM_uint32 *minor_status, + void *input_name, + gss_OID input_name_type, + gss_name_t *output_name) +{ + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + if (output_name == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (input_name_type == GSS_C_NO_OID) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAMETYPE; + + if (input_name == NULL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; + + return GSS_S_COMPLETE; +} + +OM_uint32 KRB5_CALLCONV +gss_import_name_object(minor_status, + input_name, + input_name_type, + output_name) +OM_uint32 * minor_status; +void * input_name; +gss_OID input_name_type; +gss_name_t * output_name; +{ + gss_union_name_t union_name = NULL; + gss_mechanism mech = NULL; + gss_name_t internal_name = GSS_C_NO_NAME; + OM_uint32 tmp, major_status = GSS_S_FAILURE; + gss_OID_set mechlist = GSS_C_NO_OID_SET; + size_t i; + + major_status = val_imp_name_object_args(minor_status, + input_name, + input_name_type, + output_name); + if (major_status != GSS_S_COMPLETE) + return major_status; + + major_status = gss_indicate_mechs(minor_status, &mechlist); + if (major_status != GSS_S_COMPLETE) + return major_status; + + major_status = GSS_S_BAD_NAMETYPE; + + for (i = 0; i < mechlist->count; i++) { + mech = gssint_get_mechanism(&mechlist->elements[i]); + if (mech == NULL || mech->gss_import_name_object == NULL) + continue; + + major_status = mech->gss_import_name_object(minor_status, + input_name, + input_name_type, + &internal_name); + if (major_status != GSS_S_BAD_NAMETYPE) + break; + } + + if (major_status == GSS_S_COMPLETE) { + assert(internal_name != GSS_C_NO_NAME); + + major_status = gssint_convert_name_to_union_name(minor_status, + mech, + internal_name, + &union_name); + if (major_status != GSS_S_COMPLETE) { + if (mech->gss_release_name != NULL) + mech->gss_release_name(&tmp, &internal_name); + } else + *output_name = (gss_name_t)union_name; + } else + map_error(minor_status, mech); + + generic_gss_release_oid_set(&tmp, &mechlist); + + return major_status; +} + diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c index 2b7aacf102..7aa1165b0f 100644 --- a/src/lib/gssapi/mechglue/g_imp_sec_context.c +++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c @@ -143,7 +143,7 @@ gss_ctx_id_t * context_handle; goto error_out; } - status = mech->gss_import_sec_context(mech->context, minor_status, + status = mech->gss_import_sec_context(minor_status, &token, &ctx->internal_ctx_id); if (status == GSS_S_COMPLETE) { diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c index b51fb8951d..10c8bf9712 100644 --- a/src/lib/gssapi/mechglue/g_init_sec_context.c +++ b/src/lib/gssapi/mechglue/g_init_sec_context.c @@ -209,7 +209,6 @@ OM_uint32 * time_rec; */ status = mech->gss_init_sec_context( - mech->context, minor_status, input_cred_handle, &union_ctx_id->internal_ctx_id, diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c index f2f12266be..e762341c5d 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c @@ -27,10 +27,15 @@ */ #include "mglueP.h" -#include "gss_libinit.h" #ifdef HAVE_STDLIB_H #include #endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +#ifdef HAVE_SYS_PARAM_H +#include +#endif #include #include @@ -40,16 +45,27 @@ #define M_DEFAULT "default" #include "k5-thread.h" +#include "k5-plugin.h" +#include "osconf.h" +#ifdef _GSS_STATIC_LINK +#include "gssapiP_krb5.h" +#include "gssapiP_spnego.h" +#endif + +#define MECH_SYM "gss_mech_initialize" + +#ifndef MECH_CONF +#define MECH_CONF "/etc/gss/mech" +#endif /* Local functions */ static gss_mech_info searchMechList(const gss_OID); +static void loadConfigFile(const char *); static void updateMechList(void); static void freeMechList(void); -static void register_mech(gss_mechanism, const char *, void *); static OM_uint32 build_mechSet(void); static void free_mechSet(void); -static void init_hardcoded(void); /* * list of mechanism libraries and their entry points. @@ -58,28 +74,67 @@ static void init_hardcoded(void); static gss_mech_info g_mechList = NULL; static gss_mech_info g_mechListTail = NULL; static k5_mutex_t g_mechListLock = K5_MUTEX_PARTIAL_INITIALIZER; +static time_t g_confFileModTime = (time_t)0; +static time_t g_mechSetTime = (time_t)0; static gss_OID_set_desc g_mechSet = { 0, NULL }; static k5_mutex_t g_mechSetLock = K5_MUTEX_PARTIAL_INITIALIZER; +MAKE_INIT_FUNCTION(gssint_mechglue_init); +MAKE_FINI_FUNCTION(gssint_mechglue_fini); + int gssint_mechglue_init(void) { int err; +#ifdef SHOW_INITFINI_FUNCS + printf("gssint_mechglue_init\n"); +#endif + + add_error_table(&et_ggss_error_table); + err = k5_mutex_finish_init(&g_mechSetLock); - return k5_mutex_finish_init(&g_mechListLock); + err = k5_mutex_finish_init(&g_mechListLock); + +#ifdef _GSS_STATIC_LINK + err = gss_krb5int_lib_init(); + err = gss_spnegoint_lib_init(); +#endif + + return err; } void gssint_mechglue_fini(void) { + if (!INITIALIZER_RAN(gssint_mechglue_init) || PROGRAM_EXITING()) { +#ifdef SHOW_INITFINI_FUNCS + printf("gssint_mechglue_fini: skipping\n"); +#endif + return; + } + +#ifdef SHOW_INITFINI_FUNCS + printf("gssint_mechglue_fini\n"); +#endif +#ifdef _GSS_STATIC_LINK + gss_spnegoint_lib_fini(); + gss_krb5int_lib_fini(); +#endif k5_mutex_destroy(&g_mechSetLock); k5_mutex_destroy(&g_mechListLock); free_mechSet(); freeMechList(); + remove_error_table(&et_ggss_error_table); + gssint_mecherrmap_destroy(); } +int +gssint_mechglue_initialize_library(void) +{ + return CALL_INIT_FUNCTION(gssint_mechglue_init); +} /* * function used to reclaim the memory used by a gss_OID structure. @@ -93,13 +148,12 @@ gss_OID *oid; OM_uint32 major; gss_mech_info aMech; - if (gssint_initialize_library()) - return GSS_S_FAILURE; - if (minor_status == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); - *minor_status = 0; + *minor_status = gssint_mechglue_initialize_library(); + if (*minor_status != 0) + return (GSS_S_FAILURE); *minor_status = k5_mutex_lock(&g_mechListLock); if (*minor_status) @@ -116,7 +170,6 @@ gss_OID *oid; */ if (aMech->mech && aMech->mech->gss_internal_release_oid) { major = aMech->mech->gss_internal_release_oid( - aMech->mech->context, minor_status, oid); if (major == GSS_S_COMPLETE) { k5_mutex_unlock(&g_mechListLock); @@ -146,6 +199,8 @@ gss_indicate_mechs(minorStatus, mechSet) OM_uint32 *minorStatus; gss_OID_set *mechSet; { + char *fileName; + struct stat fileInfo; unsigned int i, j; gss_OID curItem; @@ -161,9 +216,20 @@ gss_OID_set *mechSet; if (minorStatus == NULL || mechSet == NULL) return (GSS_S_CALL_INACCESSIBLE_WRITE); - if (gssint_initialize_library()) - return GSS_S_FAILURE; + *minorStatus = gssint_mechglue_initialize_library(); + if (*minorStatus != 0) + return (GSS_S_FAILURE); + + fileName = MECH_CONF; + /* + * If we have already computed the mechanisms supported and if it + * is still valid; make a copy and return to caller, + * otherwise build it first. + */ + if ((stat(fileName, &fileInfo) == 0 && + fileInfo.st_mtime > g_mechSetTime)) { + } /* if g_mechSet is out of date or not initialized */ if (build_mechSet()) return GSS_S_FAILURE; @@ -247,7 +313,8 @@ static OM_uint32 build_mechSet(void) { gss_mech_info mList; - int i, count; + size_t i; + size_t count; gss_OID curItem; /* @@ -260,6 +327,20 @@ build_mechSet(void) if (k5_mutex_lock(&g_mechListLock) != 0) return GSS_S_FAILURE; +#if 0 + /* + * this checks for the case when we need to re-construct the + * g_mechSet structure, but the mechanism list is upto date + * (because it has been read by someone calling + * gssint_get_mechanism) + */ + if (fileInfo.st_mtime > g_confFileModTime) + { + g_confFileModTime = fileInfo.st_mtime; + loadConfigFile(fileName); + } +#endif + updateMechList(); /* @@ -323,6 +404,9 @@ build_mechSet(void) } } +#if 0 + g_mechSetTime = fileInfo.st_mtime; +#endif (void) k5_mutex_unlock(&g_mechSetLock); (void) k5_mutex_unlock(&g_mechListLock); @@ -344,6 +428,9 @@ const gss_OID oid; gss_mech_info aMech; char *modOptions = NULL; + if (gssint_mechglue_initialize_library() != 0) + return (NULL); + /* make sure we have fresh data */ if (k5_mutex_lock(&g_mechListLock) != 0) return NULL; @@ -375,6 +462,9 @@ gssint_mech_to_oid(const char *mechStr, gss_OID* oid) *oid = GSS_C_NULL_OID; + if (gssint_mechglue_initialize_library() != 0) + return (GSS_S_FAILURE); + if ((mechStr == NULL) || (strlen(mechStr) == 0) || (strcasecmp(mechStr, M_DEFAULT) == 0)) return (GSS_S_COMPLETE); @@ -413,6 +503,9 @@ gssint_oid_to_mech(const gss_OID oid) if (oid == GSS_C_NULL_OID) return (M_DEFAULT); + if (gssint_mechglue_initialize_library() != 0) + return (NULL); + /* ensure we have fresh data */ if (k5_mutex_lock(&g_mechListLock) != 0) return NULL; @@ -437,11 +530,12 @@ gssint_get_mechanisms(char *mechArray[], int arrayLen) gss_mech_info aMech; int i; - if (gssint_initialize_library()) - return GSS_S_FAILURE; if (mechArray == NULL || arrayLen < 1) return (GSS_S_CALL_INACCESSIBLE_WRITE); + if (gssint_mechglue_initialize_library() != 0) + return (GSS_S_FAILURE); + /* ensure we have fresh data */ if (k5_mutex_lock(&g_mechListLock) != 0) return GSS_S_FAILURE; @@ -463,7 +557,6 @@ gssint_get_mechanisms(char *mechArray[], int arrayLen) return (GSS_S_COMPLETE); } /* gss_get_mechanisms */ - /* * determines if the mechList needs to be updated from file * and performs the update. @@ -472,56 +565,128 @@ gssint_get_mechanisms(char *mechArray[], int arrayLen) static void updateMechList(void) { - + char *fileName; + struct stat fileInfo; + + fileName = MECH_CONF; + + /* check if mechList needs updating */ + if (stat(fileName, &fileInfo) == 0 && + (fileInfo.st_mtime > g_confFileModTime)) { + loadConfigFile(fileName); + g_confFileModTime = fileInfo.st_mtime; + } +#if 0 init_hardcoded(); - +#endif } /* updateMechList */ +#ifdef _GSS_STATIC_LINK static void -freeMechList(void) +releaseMechInfo(gss_mech_info *pCf) { - gss_mech_info cf, next_cf; + gss_mech_info cf; + OM_uint32 minor_status; - for (cf = g_mechList; cf != NULL; cf = next_cf) { - next_cf = cf->next; + if (*pCf == NULL) { + return; + } + + cf = *pCf; + + if (cf->kmodName != NULL) + free(cf->kmodName); + if (cf->uLibName != NULL) free(cf->uLibName); + if (cf->mechNameStr != NULL) free(cf->mechNameStr); - free(cf); + if (cf->optionStr != NULL) + free(cf->optionStr); + if (cf->mech_type != GSS_C_NO_OID && + cf->mech_type != &cf->mech->mech_type) + generic_gss_release_oid(&minor_status, &cf->mech_type); + if (cf->mech != NULL) { + memset(cf->mech, 0, sizeof(*cf->mech)); + free(cf->mech); } + if (cf->dl_handle != NULL) + krb5int_close_plugin(cf->dl_handle); + + memset(cf, 0, sizeof(*cf)); + free(cf); + + *pCf = NULL; } /* * Register a mechanism. Called with g_mechListLock held. */ -static void -register_mech(gss_mechanism mech, const char *namestr, void *dl_handle) +int +gssint_register_mechinfo(gss_mech_info template) { gss_mech_info cf, new_cf; - new_cf = malloc(sizeof(*new_cf)); - if (new_cf == NULL) - return; + new_cf = calloc(1, sizeof(*new_cf)); + if (new_cf == NULL) { + return ENOMEM; + } - memset(new_cf, 0, sizeof(*new_cf)); - new_cf->kmodName = NULL; - new_cf->uLibName = strdup(namestr); - new_cf->mechNameStr = strdup(mech->mechNameStr); - new_cf->mech_type = &mech->mech_type; - new_cf->mech = mech; + new_cf->dl_handle = template->dl_handle; + /* copy mech so we can rewrite canonical mechanism OID */ + new_cf->mech = (gss_mechanism)calloc(1, sizeof(struct gss_config)); + if (new_cf->mech == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + memcpy(new_cf->mech, template->mech, sizeof(struct gss_config)); + if (template->mech_type != NULL) + new_cf->mech->mech_type = *(template->mech_type); + new_cf->mech_type = &new_cf->mech->mech_type; + new_cf->priority = template->priority; + new_cf->freeMech = 1; new_cf->next = NULL; + if (template->kmodName != NULL) { + new_cf->kmodName = strdup(template->kmodName); + if (new_cf->kmodName == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + } + if (template->uLibName != NULL) { + new_cf->uLibName = strdup(template->uLibName); + if (new_cf->uLibName == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + } + if (template->mechNameStr != NULL) { + new_cf->mechNameStr = strdup(template->mechNameStr); + if (new_cf->mechNameStr == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + } + if (template->optionStr != NULL) { + new_cf->optionStr = strdup(template->optionStr); + if (new_cf->optionStr == NULL) { + releaseMechInfo(&new_cf); + return ENOMEM; + } + } if (g_mechList == NULL) { g_mechList = new_cf; g_mechListTail = new_cf; - return; - } else if (mech->priority < g_mechList->mech->priority) { + return 0; + } else if (new_cf->priority < g_mechList->priority) { new_cf->next = g_mechList; g_mechList = new_cf; - return; + return 0; } + for (cf = g_mechList; cf != NULL; cf = cf->next) { if (cf->next == NULL || - mech->priority < cf->next->mech->priority) { + new_cf->priority < cf->next->priority) { new_cf->next = cf->next; cf->next = new_cf; if (g_mechListTail == cf) { @@ -530,36 +695,113 @@ register_mech(gss_mechanism mech, const char *namestr, void *dl_handle) break; } } + + return 0; +} +#endif /* _GSS_STATIC_LINK */ + +#define GSS_ADD_DYNAMIC_METHOD(_dl, _mech, _symbol) \ + do { \ + struct errinfo errinfo; \ + \ + memset(&errinfo, 0, sizeof(errinfo)); \ + if (krb5int_get_plugin_func(_dl, \ + #_symbol, \ + (void (**)())&(_mech)->_symbol, \ + &errinfo) || errinfo.code) \ + (_mech)->_symbol = NULL; \ + } while (0) + +static gss_mechanism +build_dynamicMech(void *dl, const gss_OID mech_type) +{ + gss_mechanism mech; + + mech = (gss_mechanism)calloc(1, sizeof(*mech)); + if (mech == NULL) { + return NULL; + } + + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_acquire_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_release_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_init_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_accept_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_process_context_token); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_delete_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_context_time); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_get_mic); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_verify_mic); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_unwrap); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_display_status); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_indicate_mechs); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_compare_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_display_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_import_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_release_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_add_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_export_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_import_sec_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_cred_by_mech); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_names_for_mech); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_context); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_internal_release_oid); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap_size_limit); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_export_name); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_store_cred); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_import_name_object); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_export_name_object); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_sec_context_by_oid); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_inquire_cred_by_oid); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_set_sec_context_option); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_set_cred_option); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_mech_invoke); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap_aead); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_unwrap_aead); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap_iov); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_unwrap_iov); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_wrap_iov_length); + GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_complete_auth_token); + + assert(mech_type != GSS_C_NO_OID); + + mech->mech_type = *(mech_type); + + return mech; } -/* - * Initialize the hardcoded mechanisms. This function is called with - * g_mechListLock held. - */ static void -init_hardcoded(void) +freeMechList(void) { - gss_mechanism *cflist; - static int inited; - - if (inited) - return; + gss_mech_info cf, next_cf; + OM_uint32 minor; - cflist = krb5_gss_get_mech_configs(); - if (cflist == NULL) - return; - for ( ; *cflist != NULL; cflist++) { - register_mech(*cflist, "", NULL); - } - cflist = spnego_gss_get_mech_configs(); - if (cflist == NULL) - return; - for ( ; *cflist != NULL; cflist++) { - register_mech(*cflist, "", NULL); + for (cf = g_mechList; cf != NULL; cf = next_cf) { + next_cf = cf->next; + if (cf->kmodName != NULL) + free(cf->kmodName); + if (cf->uLibName != NULL) + free(cf->uLibName); + if (cf->mechNameStr != NULL) + free(cf->mechNameStr); + if (cf->optionStr != NULL) + free(cf->optionStr); + if (cf->mech_type != &cf->mech->mech_type) + generic_gss_release_oid(&minor, &cf->mech_type); + if (cf->mech != NULL && cf->freeMech) + free(cf->mech); + if (cf->mech_ext != NULL && cf->freeMech) + free(cf->mech_ext); + if (cf->dl_handle != NULL) + (void) krb5int_close_plugin(cf->dl_handle); + free(cf); } - inited = 1; } +/* + * Register a mechanism. Called with g_mechListLock held. + */ /* * given the mechanism type, return the mechanism structure @@ -569,12 +811,16 @@ init_hardcoded(void) * module if it has not been already loaded. */ gss_mechanism -gssint_get_mechanism(gss_OID oid) +gssint_get_mechanism(oid) +const gss_OID oid; { gss_mech_info aMech; + gss_mechanism (*sym)(const gss_OID); + struct plugin_file_handle *dl; + struct errinfo errinfo; - if (gssint_initialize_library()) - return NULL; + if (gssint_mechglue_initialize_library() != 0) + return (NULL); if (k5_mutex_lock(&g_mechListLock) != 0) return NULL; @@ -602,11 +848,102 @@ gssint_get_mechanism(gss_OID oid) if (aMech->mech) { (void) k5_mutex_unlock(&g_mechListLock); return (aMech->mech); + } + + memset(&errinfo, 0, sizeof(errinfo)); + + if (krb5int_open_plugin(aMech->uLibName, &dl, &errinfo) != 0 || + errinfo.code != 0) { +#if 0 + (void) syslog(LOG_INFO, "libgss dlopen(%s): %s\n", + aMech->uLibName, dlerror()); +#endif + (void) k5_mutex_unlock(&g_mechListLock); + return ((gss_mechanism)NULL); + } + + if (krb5int_get_plugin_func(dl, MECH_SYM, (void (**)())&sym, + &errinfo) == 0) { + /* Call the symbol to get the mechanism table */ + aMech->mech = (*sym)(aMech->mech_type); } else { - return NULL; + /* Try dynamic dispatch table */ + aMech->mech = build_dynamicMech(dl, aMech->mech_type); + aMech->freeMech = 1; } + if (aMech->mech == NULL) { + (void) krb5int_close_plugin(dl); +#if 0 + (void) syslog(LOG_INFO, "unable to initialize mechanism" + " library [%s]\n", aMech->uLibName); +#endif + (void) k5_mutex_unlock(&g_mechListLock); + return ((gss_mechanism)NULL); + } + + aMech->dl_handle = dl; + + (void) k5_mutex_unlock(&g_mechListLock); + return (aMech->mech); } /* gssint_get_mechanism */ +gss_mechanism_ext +gssint_get_mechanism_ext(oid) +const gss_OID oid; +{ + gss_mech_info aMech; + gss_mechanism_ext mech_ext; + + if (gssint_mechglue_initialize_library() != 0) + return (NULL); + + /* check if the mechanism is already loaded */ + if ((aMech = searchMechList(oid)) != NULL && aMech->mech_ext != NULL) + return (aMech->mech_ext); + + if (gssint_get_mechanism(oid) == NULL) + return (NULL); + + if (aMech->dl_handle == NULL) + return (NULL); + + /* Load the gss_config_ext struct for this mech */ + + mech_ext = (gss_mechanism_ext)malloc(sizeof (struct gss_config_ext)); + + if (mech_ext == NULL) + return (NULL); + +#if 0 + /* + * dlsym() the mech's 'method' functions for the extended APIs + * + * NOTE: Until the void *context argument is removed from the + * SPI method functions' signatures it will be necessary to have + * different function pointer typedefs and function names for + * the SPI methods than for the API. When this argument is + * removed it will be possible to rename gss_*_sfct to gss_*_fct + * and and gssspi_* to gss_*. + */ + mech_ext->gss_acquire_cred_with_password = + (gss_acquire_cred_with_password_sfct)dlsym(aMech->dl_handle, + "gssspi_acquire_cred_with_password"); +#endif + + /* Set aMech->mech_ext */ + (void) k5_mutex_lock(&g_mechListLock); + + if (aMech->mech_ext == NULL) + aMech->mech_ext = mech_ext; + else + free(mech_ext); /* we raced and lost; don't leak */ + + (void) k5_mutex_unlock(&g_mechListLock); + + return (aMech->mech_ext); + +} /* gssint_get_mechanism_ext */ + /* * this routine is used for searching the list of mechanism data. @@ -631,3 +968,235 @@ const gss_OID oid; /* none found */ return ((gss_mech_info) NULL); } /* searchMechList */ + + +/* + * loads the configuration file + * this is called while having a mutex lock on the mechanism list + * entries for libraries that have been loaded can't be modified + * mechNameStr and mech_type fields are not updated during updates + */ +static void loadConfigFile(fileName) +const char *fileName; +{ + char buffer[BUFSIZ], *oidStr, *oid, *sharedLib, *kernMod, *endp; + char *modOptions; + char sharedPath[sizeof (MECH_LIB_PREFIX) + BUFSIZ]; + char *tmpStr; + FILE *confFile; + gss_OID mechOid; + gss_mech_info aMech, tmp; + OM_uint32 minor; + gss_buffer_desc oidBuf; + + if ((confFile = fopen(fileName, "r")) == NULL) { + return; + } + + (void) memset(buffer, 0, sizeof (buffer)); + while (fgets(buffer, BUFSIZ, confFile) != NULL) { + + /* ignore lines beginning with # */ + if (*buffer == '#') + continue; + + /* + * find the first white-space character after + * the mechanism name + */ + oidStr = buffer; + for (oid = buffer; *oid && !isspace(*oid); oid++); + + /* Now find the first non-white-space character */ + if (*oid) { + *oid = '\0'; + oid++; + while (*oid && isspace(*oid)) + oid++; + } + + /* + * If that's all, then this is a corrupt entry. Skip it. + */ + if (! *oid) + continue; + + /* Find the end of the oid and make sure it is NULL-ended */ + for (endp = oid; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + } + + /* + * check if an entry for this oid already exists + * if it does, and the library is already loaded then + * we can't modify it, so skip it + */ + oidBuf.value = (void *)oid; + oidBuf.length = strlen(oid); + if (generic_gss_str_to_oid(&minor, &oidBuf, &mechOid) + != GSS_S_COMPLETE) { +#if 0 + (void) syslog(LOG_INFO, "invalid mechanism oid" + " [%s] in configuration file", oid); +#endif + continue; + } + + aMech = searchMechList(mechOid); + if (aMech && aMech->mech) { + generic_gss_release_oid(&minor, &mechOid); + continue; + } + + /* Find the start of the shared lib name */ + for (sharedLib = endp+1; *sharedLib && isspace(*sharedLib); + sharedLib++) + ; + + /* + * If that's all, then this is a corrupt entry. Skip it. + */ + if (! *sharedLib) { + generic_gss_release_oid(&minor, &mechOid); + continue; + } + + /* + * Find the end of the shared lib name and make sure it is + * NULL-terminated. + */ + for (endp = sharedLib; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + } + + /* Find the start of the optional kernel module lib name */ + for (kernMod = endp+1; *kernMod && isspace(*kernMod); + kernMod++) + ; + + /* + * If this item starts with a bracket "[", then + * it is not a kernel module, but is a list of + * options for the user module to parse later. + */ + if (*kernMod && *kernMod != '[') { + /* + * Find the end of the shared lib name and make sure + * it is NULL-terminated. + */ + for (endp = kernMod; *endp && !isspace(*endp); endp++) + ; + + if (*endp) { + *endp = '\0'; + } + } else + kernMod = NULL; + + /* Find the start of the optional module options list */ + for (modOptions = endp+1; *modOptions && isspace(*modOptions); + modOptions++); + + if (*modOptions == '[') { + /* move past the opening bracket */ + for (modOptions = modOptions+1; + *modOptions && isspace(*modOptions); + modOptions++); + + /* Find the closing bracket */ + for (endp = modOptions; + *endp && *endp != ']'; endp++); + + if (endp) + *endp = '\0'; + + } else { + modOptions = NULL; + } + + snprintf(sharedPath, sizeof(sharedPath), "%s%s", MECH_LIB_PREFIX, sharedLib); + + /* + * are we creating a new mechanism entry or + * just modifying existing (non loaded) mechanism entry + */ + if (aMech) { + /* + * delete any old values and set new + * mechNameStr and mech_type are not modified + */ + if (aMech->kmodName) { + free(aMech->kmodName); + aMech->kmodName = NULL; + } + + if (aMech->optionStr) { + free(aMech->optionStr); + aMech->optionStr = NULL; + } + + if ((tmpStr = strdup(sharedPath)) != NULL) { + if (aMech->uLibName) + free(aMech->uLibName); + aMech->uLibName = tmpStr; + } + + if (kernMod) /* this is an optional parameter */ + aMech->kmodName = strdup(kernMod); + + if (modOptions) /* optional module options */ + aMech->optionStr = strdup(modOptions); + + /* the oid is already set */ + generic_gss_release_oid(&minor, &mechOid); + continue; + } + + /* adding a new entry */ + aMech = calloc(1, sizeof (struct gss_mech_config)); + if (aMech == NULL) { + generic_gss_release_oid(&minor, &mechOid); + continue; + } + aMech->mech_type = mechOid; + aMech->uLibName = strdup(sharedPath); + aMech->mechNameStr = strdup(oidStr); + aMech->freeMech = 0; + + /* check if any memory allocations failed - bad news */ + if (aMech->uLibName == NULL || aMech->mechNameStr == NULL) { + if (aMech->uLibName) + free(aMech->uLibName); + if (aMech->mechNameStr) + free(aMech->mechNameStr); + generic_gss_release_oid(&minor, &mechOid); + free(aMech); + continue; + } + if (kernMod) /* this is an optional parameter */ + aMech->kmodName = strdup(kernMod); + + if (modOptions) + aMech->optionStr = strdup(modOptions); + /* + * add the new entry to the end of the list - make sure + * that only complete entries are added because other + * threads might currently be searching the list. + */ + tmp = g_mechListTail; + g_mechListTail = aMech; + + if (tmp != NULL) + tmp->next = aMech; + + if (g_mechList == NULL) + g_mechList = aMech; + } /* while */ + (void) fclose(confFile); +} /* loadConfigFile */ diff --git a/src/lib/gssapi/mechglue/g_inq_context.c b/src/lib/gssapi/mechglue/g_inq_context.c index 201c8bb4a7..013b1768b7 100644 --- a/src/lib/gssapi/mechglue/g_inq_context.c +++ b/src/lib/gssapi/mechglue/g_inq_context.c @@ -111,7 +111,6 @@ gss_inquire_context( } status = mech->gss_inquire_context( - mech->context, minor_status, ctx->internal_ctx_id, (src_name ? &localSourceName : NULL), @@ -135,8 +134,7 @@ gss_inquire_context( if (status != GSS_S_COMPLETE) { if (localTargName) - mech->gss_release_name(mech->context, - &temp_minor, &localTargName); + mech->gss_release_name(&temp_minor, &localTargName); return (status); } diff --git a/src/lib/gssapi/mechglue/g_inq_context_oid.c b/src/lib/gssapi/mechglue/g_inq_context_oid.c new file mode 100644 index 0000000000..50bfcb561d --- /dev/null +++ b/src/lib/gssapi/mechglue/g_inq_context_oid.c @@ -0,0 +1,72 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gss_inquire_sec_context_by_oid + */ + +#include "mglueP.h" + +OM_uint32 KRB5_CALLCONV +gss_inquire_sec_context_by_oid (OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (context_handle == GSS_C_NO_CONTEXT) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech != NULL) { + if (mech->gss_inquire_sec_context_by_oid != NULL) { + status = mech->gss_inquire_sec_context_by_oid(minor_status, + ctx->internal_ctx_id, + desired_object, + data_set); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_BAD_MECH; + + return status; + } + + return GSS_S_NO_CONTEXT; +} + diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c index 2413abca23..a144243990 100644 --- a/src/lib/gssapi/mechglue/g_inq_cred.c +++ b/src/lib/gssapi/mechglue/g_inq_cred.c @@ -86,7 +86,7 @@ gss_OID_set * mechanisms; if (!mech->gss_inquire_cred) return (GSS_S_UNAVAILABLE); - status = mech->gss_inquire_cred(mech->context, minor_status, + status = mech->gss_inquire_cred(minor_status, GSS_C_NO_CREDENTIAL, name ? &internal_name : NULL, lifetime, cred_usage, mechanisms); @@ -143,7 +143,9 @@ gss_OID_set * mechanisms; */ if(name != NULL) { - if ((gss_import_name(&temp_minor_status, + if (union_cred->auxinfo.name.length == 0) { + *name = GSS_C_NO_NAME; + } else if ((gss_import_name(&temp_minor_status, &union_cred->auxinfo.name, union_cred->auxinfo.name_type, name) != GSS_S_COMPLETE) || @@ -246,7 +248,7 @@ gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, return (GSS_S_DEFECTIVE_CREDENTIAL); #endif - status = mech->gss_inquire_cred_by_mech(mech->context, minor_status, + status = mech->gss_inquire_cred_by_mech(minor_status, mech_cred, mech_type, name ? &internal_name : NULL, initiator_lifetime, diff --git a/src/lib/gssapi/mechglue/g_inq_cred_oid.c b/src/lib/gssapi/mechglue/g_inq_cred_oid.c new file mode 100644 index 0000000000..34056f6bde --- /dev/null +++ b/src/lib/gssapi/mechglue/g_inq_cred_oid.c @@ -0,0 +1,133 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gss_inquire_cred_by_oid + */ + +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +static OM_uint32 append_to_buffer_set(OM_uint32 *minor_status, + gss_buffer_set_t *dst, + const gss_buffer_set_t src) +{ + size_t i; + OM_uint32 status; + + if (src == GSS_C_NO_BUFFER_SET) + return GSS_S_COMPLETE; + + if (*dst == GSS_C_NO_BUFFER_SET) { + status = gss_create_empty_buffer_set(minor_status, dst); + if (status != GSS_S_COMPLETE) + return status; + } + + status = GSS_S_COMPLETE; + + for (i = 0; i < src->count; i++) { + status = gss_add_buffer_set_member(minor_status, + &src->elements[i], + dst); + if (status != GSS_S_COMPLETE) + break; + } + + return status; +} + +OM_uint32 KRB5_CALLCONV +gss_inquire_cred_by_oid(OM_uint32 *minor_status, + const gss_cred_id_t cred_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + gss_union_cred_t union_cred; + gss_mechanism mech; + int i; + gss_buffer_set_t union_set = GSS_C_NO_BUFFER_SET; + gss_buffer_set_t ret_set = GSS_C_NO_BUFFER_SET; + OM_uint32 status, minor; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED; + + *minor_status = 0; + *data_set = GSS_C_NO_BUFFER_SET; + + union_cred = (gss_union_cred_t) cred_handle; + + status = gss_create_empty_buffer_set(minor_status, &ret_set); + if (status != GSS_S_COMPLETE) { + return status; + } + + status = GSS_S_BAD_MECH; + + for (i = 0; i < union_cred->count; i++) { + mech = gssint_get_mechanism(&union_cred->mechs_array[i]); + if (mech == NULL) + continue; + + if (mech->gss_inquire_cred_by_oid == NULL) + continue; + + status = (mech->gss_inquire_cred_by_oid)(minor_status, + union_cred->cred_array[i], + desired_object, + &ret_set); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + continue; + } + + if (union_cred->count == 1) { + union_set = ret_set; + break; + } + + status = append_to_buffer_set(minor_status, &union_set, ret_set); + gss_release_buffer_set(&minor, &ret_set); + if (status != GSS_S_COMPLETE) + break; + } + + if (status != GSS_S_COMPLETE) + gss_release_buffer_set(&minor, &union_set); + + *data_set = union_set; + + return status; +} + diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c index 6142d86bac..597ab9919b 100644 --- a/src/lib/gssapi/mechglue/g_inq_names.c +++ b/src/lib/gssapi/mechglue/g_inq_names.c @@ -69,7 +69,6 @@ gss_OID_set * name_types; if (mech->gss_inquire_names_for_mech) { status = mech->gss_inquire_names_for_mech( - mech->context, minor_status, mechanism, name_types); diff --git a/src/lib/krb4/netread.c b/src/lib/gssapi/mechglue/g_mech_invoke.c similarity index 56% rename from src/lib/krb4/netread.c rename to src/lib/gssapi/mechglue/g_mech_invoke.c index b366df3d2c..d753347d15 100644 --- a/src/lib/krb4/netread.c +++ b/src/lib/gssapi/mechglue/g_mech_invoke.c @@ -1,14 +1,12 @@ /* - * lib/krb4/netwrite.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,48 +20,51 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. + * */ -#include -#include "krb.h" -#include "autoconf.h" -#ifdef HAVE_UNISTD_H -#include -#endif -#include "port-sockets.h" - /* - * krb_net_read() reads from the file descriptor "fd" to the buffer - * "buf", until either 1) "len" bytes have been read or 2) cannot - * read anymore from "fd". It returns the number of bytes read - * or a read() error. (The calling interface is identical to - * read(2).) - * - * XXX must not use non-blocking I/O + * glue routine for gssspi_mech_invoke */ -int -krb_net_read(fd, buf, len) -int fd; -register char *buf; -register int len; + +#include "mglueP.h" +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +OM_uint32 KRB5_CALLCONV +gssspi_mech_invoke (OM_uint32 *minor_status, + const gss_OID desired_mech, + const gss_OID desired_object, + gss_buffer_t value) { - int cc, len2 = 0; + OM_uint32 status; + gss_mechanism mech; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; - do { - cc = SOCKET_READ(fd, buf, len); - if (cc < 0) - { - if (SOCKET_ERRNO == SOCKET_EINTR) - continue; - return(cc); /* errno is already set */ - } - else if (cc == 0) { - return(len2); - } else { - buf += cc; - len2 += cc; - len -= cc; - } - } while (len > 0); - return(len2); + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + mech = gssint_get_mechanism (desired_mech); + if (mech == NULL || mech->gssspi_mech_invoke == NULL) { + return GSS_S_BAD_MECH; + } + + status = mech->gssspi_mech_invoke(minor_status, + desired_mech, + desired_object, + value); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + + return status; } + diff --git a/src/lib/gssapi/mechglue/g_oid_ops.c b/src/lib/gssapi/mechglue/g_oid_ops.c index 261d699f8f..bd195239c8 100644 --- a/src/lib/gssapi/mechglue/g_oid_ops.c +++ b/src/lib/gssapi/mechglue/g_oid_ops.c @@ -100,3 +100,12 @@ gss_str_to_oid(minor_status, oid_str, oid) return status; } +OM_uint32 KRB5_CALLCONV +gssint_copy_oid_set( + OM_uint32 *minor_status, + const gss_OID_set_desc * const oidset, + gss_OID_set *new_oidset) +{ + return generic_gss_copy_oid_set(minor_status, oidset, new_oidset); +} + diff --git a/src/lib/gssapi/mechglue/g_process_context.c b/src/lib/gssapi/mechglue/g_process_context.c index 5172c4cb57..9ed350c023 100644 --- a/src/lib/gssapi/mechglue/g_process_context.c +++ b/src/lib/gssapi/mechglue/g_process_context.c @@ -67,7 +67,6 @@ gss_buffer_t token_buffer; if (mech->gss_process_context_token) { status = mech->gss_process_context_token( - mech->context, minor_status, ctx->internal_ctx_id, token_buffer); diff --git a/src/lib/gssapi/mechglue/g_rel_cred.c b/src/lib/gssapi/mechglue/g_rel_cred.c index 02e9152626..df208a0dff 100644 --- a/src/lib/gssapi/mechglue/g_rel_cred.c +++ b/src/lib/gssapi/mechglue/g_rel_cred.c @@ -78,7 +78,7 @@ gss_cred_id_t * cred_handle; if (mech) { if (mech->gss_release_cred) { temp_status = mech->gss_release_cred - (mech->context, + ( minor_status, &union_cred->cred_array[j]); diff --git a/src/lib/gssapi/mechglue/g_rel_name.c b/src/lib/gssapi/mechglue/g_rel_name.c index a6615b7075..84d1af839c 100644 --- a/src/lib/gssapi/mechglue/g_rel_name.c +++ b/src/lib/gssapi/mechglue/g_rel_name.c @@ -48,7 +48,7 @@ gss_name_t * input_name; *minor_status = 0; /* if input_name is NULL, return error */ - if (input_name == 0) + if (input_name == NULL) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME); if (*input_name == GSS_C_NO_NAME) @@ -65,16 +65,19 @@ gss_name_t * input_name; *input_name = 0; *minor_status = 0; - if (union_name->name_type) - gss_release_oid(minor_status, &union_name->name_type); - - free(union_name->external_name->value); - free(union_name->external_name); + if (union_name->name_type != GSS_C_NO_OID) + gss_release_oid(minor_status, &union_name->name_type); + + if (union_name->external_name != GSS_C_NO_BUFFER) { + if (union_name->external_name->value != NULL) + free(union_name->external_name->value); + free(union_name->external_name); + } if (union_name->mech_type) { - gssint_release_internal_name(minor_status, union_name->mech_type, - &union_name->mech_name); - gss_release_oid(minor_status, &union_name->mech_type); + gssint_release_internal_name(minor_status, union_name->mech_type, + &union_name->mech_name); + gss_release_oid(minor_status, &union_name->mech_type); } free(union_name); diff --git a/src/lib/gssapi/mechglue/g_rel_oid_set.c b/src/lib/gssapi/mechglue/g_rel_oid_set.c index f55c907ec4..84c6ce6c96 100644 --- a/src/lib/gssapi/mechglue/g_rel_oid_set.c +++ b/src/lib/gssapi/mechglue/g_rel_oid_set.c @@ -39,25 +39,5 @@ gss_release_oid_set (minor_status, OM_uint32 * minor_status; gss_OID_set * set; { - OM_uint32 i; - gss_OID oid; - if (minor_status) - *minor_status = 0; - - if (set == NULL) - return GSS_S_COMPLETE; - - if (*set == GSS_C_NULL_OID_SET) - return(GSS_S_COMPLETE); - - for (i=0; i<(*set)->count; i++) { - oid = &(*set)->elements[i]; - free(oid->elements); - } - free((*set)->elements); - free(*set); - - *set = GSS_C_NULL_OID_SET; - - return(GSS_S_COMPLETE); + return generic_gss_release_oid_set(minor_status, set); } diff --git a/src/lib/gssapi/mechglue/g_seal.c b/src/lib/gssapi/mechglue/g_seal.c index 95c9b45a01..9faa5ddb0b 100644 --- a/src/lib/gssapi/mechglue/g_seal.c +++ b/src/lib/gssapi/mechglue/g_seal.c @@ -23,17 +23,17 @@ */ /* - * glue routine for gss_seal + * glue routine for gss_wrap */ #include "mglueP.h" static OM_uint32 -val_seal_args( +val_wrap_args( OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, - int qop_req, + gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) @@ -66,9 +66,8 @@ val_seal_args( return (GSS_S_COMPLETE); } - OM_uint32 KRB5_CALLCONV -gss_seal (minor_status, +gss_wrap (minor_status, context_handle, conf_req_flag, qop_req, @@ -79,7 +78,7 @@ gss_seal (minor_status, OM_uint32 * minor_status; gss_ctx_id_t context_handle; int conf_req_flag; -int qop_req; +gss_qop_t qop_req; gss_buffer_t input_message_buffer; int * conf_state; gss_buffer_t output_message_buffer; @@ -90,7 +89,7 @@ gss_buffer_t output_message_buffer; gss_union_ctx_id_t ctx; gss_mechanism mech; - status = val_seal_args(minor_status, context_handle, + status = val_wrap_args(minor_status, context_handle, conf_req_flag, qop_req, input_message_buffer, conf_state, output_message_buffer); @@ -106,9 +105,8 @@ gss_buffer_t output_message_buffer; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_seal) { - status = mech->gss_seal( - mech->context, + if (mech->gss_wrap) { + status = mech->gss_wrap( minor_status, ctx->internal_ctx_id, conf_req_flag, @@ -118,9 +116,20 @@ gss_buffer_t output_message_buffer; output_message_buffer); if (status != GSS_S_COMPLETE) map_error(minor_status, mech); + } else if (mech->gss_wrap_aead || + (mech->gss_wrap_iov && mech->gss_wrap_iov_length)) { + status = gssint_wrap_aead(mech, + minor_status, + ctx, + conf_req_flag, + (gss_qop_t)qop_req, + GSS_C_NO_BUFFER, + input_message_buffer, + conf_state, + output_message_buffer); } else status = GSS_S_UNAVAILABLE; - + return(status); } /* EXPORT DELETE END */ @@ -129,7 +138,7 @@ gss_buffer_t output_message_buffer; } OM_uint32 KRB5_CALLCONV -gss_wrap (minor_status, +gss_seal (minor_status, context_handle, conf_req_flag, qop_req, @@ -140,18 +149,73 @@ gss_wrap (minor_status, OM_uint32 * minor_status; gss_ctx_id_t context_handle; int conf_req_flag; -gss_qop_t qop_req; +int qop_req; gss_buffer_t input_message_buffer; int * conf_state; gss_buffer_t output_message_buffer; { - return gss_seal(minor_status, (gss_ctx_id_t)context_handle, - conf_req_flag, (int) qop_req, - (gss_buffer_t)input_message_buffer, conf_state, + return gss_wrap(minor_status, context_handle, + conf_req_flag, (gss_qop_t) qop_req, + input_message_buffer, conf_state, output_message_buffer); } +/* + * It is only possible to implement gss_wrap_size_limit() on top + * of gss_wrap_iov_length() for mechanisms that do not use any + * padding and have fixed length headers/trailers. + */ +static OM_uint32 +gssint_wrap_size_limit_iov_shim(gss_mechanism mech, + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + OM_uint32 req_output_size, + OM_uint32 *max_input_size) +{ + gss_iov_buffer_desc iov[4]; + OM_uint32 status; + OM_uint32 ohlen; + + iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; + iov[0].buffer.value = NULL; + iov[0].buffer.length = 0; + + iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[1].buffer.length = req_output_size; + iov[1].buffer.value = NULL; + + iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING; + iov[2].buffer.value = NULL; + iov[2].buffer.length = 0; + + iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER; + iov[3].buffer.value = NULL; + iov[3].buffer.length = 0; + + assert(mech->gss_wrap_iov_length); + + status = mech->gss_wrap_iov_length(minor_status, context_handle, + conf_req_flag, qop_req, + NULL, iov, + sizeof(iov)/sizeof(iov[0])); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + return status; + } + + ohlen = iov[0].buffer.length + iov[3].buffer.length; + + if (iov[2].buffer.length == 0 && ohlen < req_output_size) + *max_input_size = req_output_size - ohlen; + else + *max_input_size = 0; + + return GSS_S_COMPLETE; +} + /* * New for V2 */ @@ -190,13 +254,18 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, if (!mech) return (GSS_S_BAD_MECH); - if (!mech->gss_wrap_size_limit) - return (GSS_S_UNAVAILABLE); - - major_status = mech->gss_wrap_size_limit(mech->context, minor_status, - ctx->internal_ctx_id, - conf_req_flag, qop_req, - req_output_size, max_input_size); + if (mech->gss_wrap_size_limit) + major_status = mech->gss_wrap_size_limit(minor_status, + ctx->internal_ctx_id, + conf_req_flag, qop_req, + req_output_size, max_input_size); + else if (mech->gss_wrap_iov_length) + major_status = gssint_wrap_size_limit_iov_shim(mech, minor_status, + ctx->internal_ctx_id, + conf_req_flag, qop_req, + req_output_size, max_input_size); + else + major_status = GSS_S_UNAVAILABLE; if (major_status != GSS_S_COMPLETE) map_error(minor_status, mech); return major_status; diff --git a/src/lib/gssapi/mechglue/g_set_context_option.c b/src/lib/gssapi/mechglue/g_set_context_option.c new file mode 100644 index 0000000000..17d9e3bace --- /dev/null +++ b/src/lib/gssapi/mechglue/g_set_context_option.c @@ -0,0 +1,110 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gss_set_sec_context_option + */ + +#include "mglueP.h" +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +OM_uint32 KRB5_CALLCONV +gss_set_sec_context_option (OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + OM_uint32 status, minor; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + gss_ctx_id_t internal_ctx = GSS_C_NO_CONTEXT; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (context_handle == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + *minor_status = 0; + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) *context_handle; + if (ctx == NULL) { + mech = gssint_get_mechanism (GSS_C_NO_OID); + } else { + mech = gssint_get_mechanism (ctx->mech_type); + } + + if (mech == NULL || mech->gss_set_sec_context_option == NULL) { + return GSS_S_BAD_MECH; + } + + status = mech->gss_set_sec_context_option(minor_status, + ctx ? &internal_ctx : + &ctx->internal_ctx_id, + desired_object, + value); + if (status == GSS_S_COMPLETE) { + if (ctx == NULL && internal_ctx != GSS_C_NO_CONTEXT) { + /* Allocate a union context handle to wrap new context */ + ctx = (gss_union_ctx_id_t)malloc(sizeof(*ctx)); + if (ctx == NULL) { + *minor_status = ENOMEM; + gssint_delete_internal_sec_context(&minor, + ctx->mech_type, + &internal_ctx, + GSS_C_NO_BUFFER); + return GSS_S_FAILURE; + } + + status = generic_gss_copy_oid(minor_status, + &mech->mech_type, + &ctx->mech_type); + if (status != GSS_S_COMPLETE) { + gssint_delete_internal_sec_context(&minor, + ctx->mech_type, + &internal_ctx, + GSS_C_NO_BUFFER); + free(ctx); + return status; + } + + ctx->internal_ctx_id = internal_ctx; + *context_handle = (gss_ctx_id_t)ctx; + } + } else + map_error(minor_status, mech); + + return status; +} + diff --git a/src/lib/gssapi/mechglue/g_set_cred_option.c b/src/lib/gssapi/mechglue/g_set_cred_option.c new file mode 100644 index 0000000000..84d18cdf81 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_set_cred_option.c @@ -0,0 +1,81 @@ +/* + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +/* + * glue routine for gssspi_set_cred_option + */ + +#include "mglueP.h" +#include +#ifdef HAVE_STDLIB_H +#include +#endif +#include +#include + +OM_uint32 KRB5_CALLCONV +gssspi_set_cred_option(OM_uint32 *minor_status, + gss_cred_id_t cred_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + gss_union_cred_t union_cred; + gss_mechanism mech; + int i; + OM_uint32 status; + + if (minor_status == NULL) + return GSS_S_CALL_INACCESSIBLE_WRITE; + + if (cred_handle == GSS_C_NO_CREDENTIAL) + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED; + + *minor_status = 0; + + union_cred = (gss_union_cred_t) cred_handle; + + status = GSS_S_BAD_MECH; + + for (i = 0; i < union_cred->count; i++) { + mech = gssint_get_mechanism(&union_cred->mechs_array[i]); + if (mech == NULL) + continue; + + if (mech->gssspi_set_cred_option == NULL) + continue; + + status = (mech->gssspi_set_cred_option)(minor_status, + union_cred->cred_array[i], + desired_object, + value); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + break; + } + } + + return status; +} + diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c index d297ee1ca3..eec0f49b49 100644 --- a/src/lib/gssapi/mechglue/g_sign.c +++ b/src/lib/gssapi/mechglue/g_sign.c @@ -23,16 +23,16 @@ */ /* - * glue routine gss_sign + * glue routine gss_get_mic */ #include "mglueP.h" static OM_uint32 -val_sign_args( +val_get_mic_args( OM_uint32 *minor_status, gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, gss_buffer_t message_buffer, gss_buffer_t msg_token) { @@ -66,15 +66,15 @@ val_sign_args( OM_uint32 KRB5_CALLCONV -gss_sign (minor_status, - context_handle, - qop_req, - message_buffer, - msg_token) +gss_get_mic (minor_status, + context_handle, + qop_req, + message_buffer, + msg_token) OM_uint32 * minor_status; gss_ctx_id_t context_handle; -int qop_req; +gss_qop_t qop_req; gss_buffer_t message_buffer; gss_buffer_t msg_token; @@ -83,8 +83,8 @@ gss_buffer_t msg_token; gss_union_ctx_id_t ctx; gss_mechanism mech; - status = val_sign_args(minor_status, context_handle, - qop_req, message_buffer, msg_token); + status = val_get_mic_args(minor_status, context_handle, + qop_req, message_buffer, msg_token); if (status != GSS_S_COMPLETE) return (status); @@ -97,9 +97,8 @@ gss_buffer_t msg_token; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_sign) { - status = mech->gss_sign( - mech->context, + if (mech->gss_get_mic) { + status = mech->gss_get_mic( minor_status, ctx->internal_ctx_id, qop_req, @@ -117,7 +116,7 @@ gss_buffer_t msg_token; } OM_uint32 KRB5_CALLCONV -gss_get_mic (minor_status, +gss_sign (minor_status, context_handle, qop_req, message_buffer, @@ -125,12 +124,12 @@ gss_get_mic (minor_status, OM_uint32 * minor_status; gss_ctx_id_t context_handle; -gss_qop_t qop_req; +int qop_req; gss_buffer_t message_buffer; gss_buffer_t msg_token; { - return (gss_sign(minor_status, context_handle, (int) qop_req, - message_buffer, msg_token)); + return (gss_get_mic(minor_status, context_handle, (gss_qop_t) qop_req, + message_buffer, msg_token)); } diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c index d9a7d9adcf..1d438c4b92 100644 --- a/src/lib/gssapi/mechglue/g_store_cred.c +++ b/src/lib/gssapi/mechglue/g_store_cred.c @@ -111,7 +111,7 @@ gss_cred_usage_t *cred_usage_stored; if (mech_cred == GSS_C_NO_CREDENTIAL) return (GSS_S_NO_CRED); - major_status = mech->gss_store_cred(mech->context, + major_status = mech->gss_store_cred( minor_status, (gss_cred_id_t)mech_cred, cred_usage, @@ -143,7 +143,7 @@ gss_cred_usage_t *cred_usage_stored; if (mech_cred == GSS_C_NO_CREDENTIAL) continue; /* can't happen, but safe to ignore */ - major_status = mech->gss_store_cred(mech->context, + major_status = mech->gss_store_cred( minor_status, (gss_cred_id_t)mech_cred, cred_usage, diff --git a/src/lib/gssapi/mechglue/g_unseal.c b/src/lib/gssapi/mechglue/g_unseal.c index be7a8de90b..c6b33506be 100644 --- a/src/lib/gssapi/mechglue/g_unseal.c +++ b/src/lib/gssapi/mechglue/g_unseal.c @@ -23,13 +23,13 @@ */ /* - * glue routine gss_unseal + * glue routine gss_unwrap */ #include "mglueP.h" OM_uint32 KRB5_CALLCONV -gss_unseal (minor_status, +gss_unwrap (minor_status, context_handle, input_message_buffer, output_message_buffer, @@ -41,7 +41,7 @@ gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; gss_buffer_t output_message_buffer; int * conf_state; -int * qop_state; +gss_qop_t * qop_state; { /* EXPORT DELETE START */ @@ -75,15 +75,12 @@ int * qop_state; * select the approprate underlying mechanism routine and * call it. */ - ctx = (gss_union_ctx_id_t) context_handle; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_unseal) { - status = mech->gss_unseal( - mech->context, - minor_status, + if (mech->gss_unwrap) { + status = mech->gss_unwrap(minor_status, ctx->internal_ctx_id, input_message_buffer, output_message_buffer, @@ -91,6 +88,15 @@ int * qop_state; qop_state); if (status != GSS_S_COMPLETE) map_error(minor_status, mech); + } else if (mech->gss_unwrap_aead || mech->gss_unwrap_iov) { + status = gssint_unwrap_aead(mech, + minor_status, + ctx, + input_message_buffer, + GSS_C_NO_BUFFER, + output_message_buffer, + conf_state, + (gss_qop_t *)qop_state); } else status = GSS_S_UNAVAILABLE; @@ -103,7 +109,7 @@ int * qop_state; } OM_uint32 KRB5_CALLCONV -gss_unwrap (minor_status, +gss_unseal (minor_status, context_handle, input_message_buffer, output_message_buffer, @@ -115,10 +121,10 @@ gss_ctx_id_t context_handle; gss_buffer_t input_message_buffer; gss_buffer_t output_message_buffer; int * conf_state; -gss_qop_t * qop_state; +int * qop_state; { - return (gss_unseal(minor_status, (gss_ctx_id_t)context_handle, - (gss_buffer_t)input_message_buffer, - output_message_buffer, conf_state, (int *) qop_state)); + return (gss_unwrap(minor_status, context_handle, + input_message_buffer, + output_message_buffer, conf_state, (gss_qop_t *) qop_state)); } diff --git a/src/lib/gssapi/mechglue/g_unwrap_aead.c b/src/lib/gssapi/mechglue/g_unwrap_aead.c new file mode 100644 index 0000000000..7dcc27701f --- /dev/null +++ b/src/lib/gssapi/mechglue/g_unwrap_aead.c @@ -0,0 +1,198 @@ +/* #pragma ident "@(#)g_seal.c 1.19 98/04/21 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_unwrap_aead + */ + +#include "mglueP.h" + +static OM_uint32 +val_unwrap_aead_args( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + if (input_message_buffer == GSS_C_NO_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_READ); + + if (output_payload_buffer == GSS_C_NO_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + return (GSS_S_COMPLETE); +} + +static OM_uint32 +gssint_unwrap_aead_iov_shim(gss_mechanism mech, + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + OM_uint32 status; + gss_iov_buffer_desc iov[3]; + int i = 0; + + iov[i].type = GSS_IOV_BUFFER_TYPE_STREAM; + iov[i].buffer = *input_message_buffer; + i++; + + if (input_assoc_buffer != NULL) { + iov[i].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[i].buffer = *input_assoc_buffer; + i++; + } + + iov[i].type = GSS_IOV_BUFFER_TYPE_DATA | GSS_IOV_BUFFER_FLAG_ALLOCATE; + iov[i].buffer.value = NULL; + iov[i].buffer.length = 0; + i++; + + assert(mech->gss_unwrap_iov); + + status = mech->gss_unwrap_iov(minor_status, context_handle, conf_state, + qop_state, iov, i); + if (status == GSS_S_COMPLETE) { + *output_payload_buffer = iov[i - 1].buffer; + } else { + OM_uint32 minor; + + map_error(minor_status, mech); + + if (iov[i - 1].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { + gss_release_buffer(&minor, &iov[i - 1].buffer); + iov[i - 1].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); + } + } + + return status; +} + +OM_uint32 +gssint_unwrap_aead (gss_mechanism mech, + OM_uint32 *minor_status, + gss_union_ctx_id_t ctx, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + OM_uint32 status; + + assert(mech != NULL); + assert(ctx != NULL); + + /* EXPORT DELETE START */ + + if (mech->gss_unwrap_aead) { + status = mech->gss_unwrap_aead(minor_status, + ctx->internal_ctx_id, + input_message_buffer, + input_assoc_buffer, + output_payload_buffer, + conf_state, + qop_state); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else if (mech->gss_unwrap_iov) { + status = gssint_unwrap_aead_iov_shim(mech, + minor_status, + ctx->internal_ctx_id, + input_message_buffer, + input_assoc_buffer, + output_payload_buffer, + conf_state, + qop_state); + } else + status = GSS_S_UNAVAILABLE; + /* EXPORT DELETE END */ + + return (status); +} + +OM_uint32 KRB5_CALLCONV +gss_unwrap_aead (minor_status, + context_handle, + input_message_buffer, + input_assoc_buffer, + output_payload_buffer, + conf_state, + qop_state) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +gss_buffer_t input_message_buffer; +gss_buffer_t input_assoc_buffer; +gss_buffer_t output_payload_buffer; +int *conf_state; +gss_qop_t *qop_state; +{ + + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + status = val_unwrap_aead_args(minor_status, context_handle, + input_message_buffer, input_assoc_buffer, + output_payload_buffer, + conf_state, qop_state); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (!mech) + return (GSS_S_BAD_MECH); + + return gssint_unwrap_aead(mech, minor_status, context_handle, + input_message_buffer, input_assoc_buffer, + output_payload_buffer, conf_state, qop_state); +} + diff --git a/src/lib/gssapi/mechglue/g_unwrap_iov.c b/src/lib/gssapi/mechglue/g_unwrap_iov.c new file mode 100644 index 0000000000..ebef1a70a3 --- /dev/null +++ b/src/lib/gssapi/mechglue/g_unwrap_iov.c @@ -0,0 +1,114 @@ +/* #pragma ident "@(#)g_seal.c 1.19 98/04/21 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_unwrap_iov + */ + +#include "mglueP.h" + +static OM_uint32 +val_unwrap_iov_args( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + if (iov == GSS_C_NO_IOV_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_READ); + + return (GSS_S_COMPLETE); +} + + +OM_uint32 KRB5_CALLCONV +gss_unwrap_iov (minor_status, + context_handle, + conf_state, + qop_state, + iov, + iov_count) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +int * conf_state; +gss_qop_t *qop_state; +gss_iov_buffer_desc * iov; +int iov_count; +{ + /* EXPORT DELETE START */ + + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + status = val_unwrap_iov_args(minor_status, context_handle, + conf_state, qop_state, iov, iov_count); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech) { + if (mech->gss_unwrap_iov) { + status = mech->gss_unwrap_iov( + minor_status, + ctx->internal_ctx_id, + conf_state, + qop_state, + iov, + iov_count); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_UNAVAILABLE; + + return(status); + } + /* EXPORT DELETE END */ + + return (GSS_S_BAD_MECH); +} + diff --git a/src/lib/gssapi/mechglue/g_userok.c b/src/lib/gssapi/mechglue/g_userok.c new file mode 100644 index 0000000000..90fa90335e --- /dev/null +++ b/src/lib/gssapi/mechglue/g_userok.c @@ -0,0 +1,114 @@ +/* + * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +/* #pragma ident "@(#)g_userok.c 1.1 04/03/25 SMI" */ + +#include +#include +#include +#include +#include +#include + + +static OM_uint32 +compare_names(OM_uint32 *minor, + const gss_OID mech_type, + const gss_name_t name, + const char *user, + int *user_ok) +{ + + OM_uint32 status, tmpMinor; + gss_name_t imported_name; + gss_name_t canon_name; + gss_buffer_desc gss_user; + int match = 0; + + *user_ok = 0; + + gss_user.value = (void *)user; + if (!gss_user.value || !name || !mech_type) + return (GSS_S_BAD_NAME); + gss_user.length = strlen(gss_user.value); + + status = gss_import_name(minor, + &gss_user, + GSS_C_NT_USER_NAME, + &imported_name); + if (status != GSS_S_COMPLETE) { + goto out; + } + + status = gss_canonicalize_name(minor, + imported_name, + mech_type, + &canon_name); + if (status != GSS_S_COMPLETE) { + (void) gss_release_name(&tmpMinor, &imported_name); + goto out; + } + + status = gss_compare_name(minor, + canon_name, + name, + &match); + (void) gss_release_name(&tmpMinor, &canon_name); + (void) gss_release_name(&tmpMinor, &imported_name); + if (status == GSS_S_COMPLETE) { + if (match) + *user_ok = 1; /* remote user is a-ok */ + } + +out: + return (status); +} + + +OM_uint32 +gssint_userok(OM_uint32 *minor, + const gss_name_t name, + const char *user, + int *user_ok) + +{ + gss_mechanism mech; + gss_union_name_t intName; + gss_name_t mechName = NULL; + OM_uint32 major; + + if (minor == NULL || user_ok == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (name == NULL || user == NULL) + return (GSS_S_CALL_INACCESSIBLE_READ); + + *user_ok = 0; + *minor = GSS_S_COMPLETE; + + intName = (gss_union_name_t)name; + + mech = gssint_get_mechanism(intName->mech_type); + if (mech == NULL) + return (GSS_S_UNAVAILABLE); + + /* may need to import the name if this is not MN */ + if (intName->mech_type == NULL) { + return (GSS_S_FAILURE); + } else + mechName = intName->mech_name; + + if (mech->gssint_userok) { + major = mech->gssint_userok(minor, mechName, + user, user_ok); + if (major != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + major = compare_names(minor, intName->mech_type, + name, user, user_ok); + + return (major); +} /* gss_userok */ + diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c index a6ca923a40..da3279cc78 100644 --- a/src/lib/gssapi/mechglue/g_verify.c +++ b/src/lib/gssapi/mechglue/g_verify.c @@ -23,23 +23,23 @@ */ /* - * glue routine for gss_verify + * glue routine for gss_verify_mic */ #include "mglueP.h" OM_uint32 KRB5_CALLCONV -gss_verify (minor_status, - context_handle, - message_buffer, - token_buffer, - qop_state) +gss_verify_mic (minor_status, + context_handle, + message_buffer, + token_buffer, + qop_state) OM_uint32 * minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; -int * qop_state; +gss_qop_t * qop_state; { OM_uint32 status; @@ -68,14 +68,13 @@ int * qop_state; mech = gssint_get_mechanism (ctx->mech_type); if (mech) { - if (mech->gss_verify) { - status = mech->gss_verify( - mech->context, - minor_status, - ctx->internal_ctx_id, - message_buffer, - token_buffer, - qop_state); + if (mech->gss_verify_mic) { + status = mech->gss_verify_mic( + minor_status, + ctx->internal_ctx_id, + message_buffer, + token_buffer, + qop_state); if (status != GSS_S_COMPLETE) map_error(minor_status, mech); } else @@ -88,7 +87,7 @@ int * qop_state; } OM_uint32 KRB5_CALLCONV -gss_verify_mic (minor_status, +gss_verify (minor_status, context_handle, message_buffer, token_buffer, @@ -98,9 +97,10 @@ OM_uint32 * minor_status; gss_ctx_id_t context_handle; gss_buffer_t message_buffer; gss_buffer_t token_buffer; -gss_qop_t * qop_state; +int * qop_state; { - return (gss_verify(minor_status, context_handle, - message_buffer, token_buffer, (int *) qop_state)); + return (gss_verify_mic(minor_status, context_handle, + message_buffer, token_buffer, + (gss_qop_t *) qop_state)); } diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c new file mode 100644 index 0000000000..ff170e237c --- /dev/null +++ b/src/lib/gssapi/mechglue/g_wrap_aead.c @@ -0,0 +1,267 @@ +/* #pragma ident "@(#)g_seal.c 1.19 98/04/21 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_wrap_aead + */ + +#include "mglueP.h" + +static OM_uint32 +val_wrap_aead_args( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + if (input_payload_buffer == GSS_C_NO_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_READ); + + if (output_message_buffer == GSS_C_NO_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + return (GSS_S_COMPLETE); +} + +static OM_uint32 +gssint_wrap_aead_iov_shim(gss_mechanism mech, + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + gss_iov_buffer_desc iov[5]; + OM_uint32 status; + size_t offset; + int i = 0, iov_count; + + /* HEADER | SIGN_ONLY_DATA | DATA | PADDING | TRAILER */ + + iov[i].type = GSS_IOV_BUFFER_TYPE_HEADER; + iov[i].buffer.value = NULL; + iov[i].buffer.length = 0; + i++; + + if (input_assoc_buffer != GSS_C_NO_BUFFER) { + iov[i].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; + iov[i].buffer = *input_assoc_buffer; + i++; + } + + iov[i].type = GSS_IOV_BUFFER_TYPE_DATA; + iov[i].buffer = *input_payload_buffer; + i++; + + iov[i].type = GSS_IOV_BUFFER_TYPE_PADDING; + iov[i].buffer.value = NULL; + iov[i].buffer.length = 0; + i++; + + iov[i].type = GSS_IOV_BUFFER_TYPE_TRAILER; + iov[i].buffer.value = NULL; + iov[i].buffer.length = 0; + i++; + + iov_count = i; + + assert(mech->gss_wrap_iov_length); + + status = mech->gss_wrap_iov_length(minor_status, context_handle, + conf_req_flag, qop_req, + NULL, iov, iov_count); + if (status != GSS_S_COMPLETE) { + map_error(minor_status, mech); + return status; + } + + /* Format output token (does not include associated data) */ + for (i = 0, output_message_buffer->length = 0; i < iov_count; i++) { + if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_SIGN_ONLY) + continue; + + output_message_buffer->length += iov[i].buffer.length; + } + + output_message_buffer->value = malloc(output_message_buffer->length); + if (output_message_buffer->value == NULL) { + *minor_status = ENOMEM; + return GSS_S_FAILURE; + } + + i = 0, offset = 0; + + /* HEADER */ + iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset; + offset += iov[i].buffer.length; + i++; + + /* SIGN_ONLY_DATA */ + if (input_assoc_buffer != GSS_C_NO_BUFFER) + i++; + + /* DATA */ + iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset; + offset += iov[i].buffer.length; + + memcpy(iov[i].buffer.value, input_payload_buffer->value, iov[i].buffer.length); + i++; + + /* PADDING */ + iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset; + offset += iov[i].buffer.length; + i++; + + /* TRAILER */ + iov[i].buffer.value = (unsigned char *)output_message_buffer->value + offset; + offset += iov[i].buffer.length; + i++; + + assert(offset == output_message_buffer->length); + + assert(mech->gss_wrap_iov); + + status = mech->gss_wrap_iov(minor_status, context_handle, + conf_req_flag, qop_req, + conf_state, iov, iov_count); + if (status != GSS_S_COMPLETE) { + OM_uint32 minor; + + map_error(minor_status, mech); + gss_release_buffer(&minor, output_message_buffer); + } + + return status; +} + +OM_uint32 +gssint_wrap_aead (gss_mechanism mech, + OM_uint32 *minor_status, + gss_union_ctx_id_t ctx, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + /* EXPORT DELETE START */ + OM_uint32 status; + + assert(ctx != NULL); + assert(mech != NULL); + + if (mech->gss_wrap_aead) { + status = mech->gss_wrap_aead(minor_status, + ctx->internal_ctx_id, + conf_req_flag, + qop_req, + input_assoc_buffer, + input_payload_buffer, + conf_state, + output_message_buffer); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else if (mech->gss_wrap_iov && mech->gss_wrap_iov_length) { + status = gssint_wrap_aead_iov_shim(mech, + minor_status, + ctx->internal_ctx_id, + conf_req_flag, + qop_req, + input_assoc_buffer, + input_payload_buffer, + conf_state, + output_message_buffer); + } else + status = GSS_S_UNAVAILABLE; + + /* EXPORT DELETE END */ + + return status; +} + +OM_uint32 KRB5_CALLCONV +gss_wrap_aead (minor_status, + context_handle, + conf_req_flag, + qop_req, + input_assoc_buffer, + input_payload_buffer, + conf_state, + output_message_buffer) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +int conf_req_flag; +gss_qop_t qop_req; +gss_buffer_t input_assoc_buffer; +gss_buffer_t input_payload_buffer; +int * conf_state; +gss_buffer_t output_message_buffer; +{ + OM_uint32 status; + gss_mechanism mech; + gss_union_ctx_id_t ctx; + + status = val_wrap_aead_args(minor_status, context_handle, + conf_req_flag, qop_req, + input_assoc_buffer, input_payload_buffer, + conf_state, output_message_buffer); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + ctx = (gss_union_ctx_id_t)context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + if (!mech) + return (GSS_S_BAD_MECH); + + return gssint_wrap_aead(mech, minor_status, context_handle, + conf_req_flag, qop_req, + input_assoc_buffer, input_payload_buffer, + conf_state, output_message_buffer); +} diff --git a/src/lib/gssapi/mechglue/g_wrap_iov.c b/src/lib/gssapi/mechglue/g_wrap_iov.c new file mode 100644 index 0000000000..8d054b259a --- /dev/null +++ b/src/lib/gssapi/mechglue/g_wrap_iov.c @@ -0,0 +1,207 @@ +/* #pragma ident "@(#)g_seal.c 1.19 98/04/21 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routine for gss_wrap_iov + */ + +#include "mglueP.h" + +static OM_uint32 +val_wrap_iov_args( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + + /* Initialize outputs. */ + + if (minor_status != NULL) + *minor_status = 0; + + /* Validate arguments. */ + + if (minor_status == NULL) + return (GSS_S_CALL_INACCESSIBLE_WRITE); + + if (context_handle == GSS_C_NO_CONTEXT) + return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT); + + if (iov == GSS_C_NO_IOV_BUFFER) + return (GSS_S_CALL_INACCESSIBLE_READ); + + return (GSS_S_COMPLETE); +} + + +OM_uint32 KRB5_CALLCONV +gss_wrap_iov (minor_status, + context_handle, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +int conf_req_flag; +gss_qop_t qop_req; +int * conf_state; +gss_iov_buffer_desc * iov; +int iov_count; +{ + /* EXPORT DELETE START */ + + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + status = val_wrap_iov_args(minor_status, context_handle, + conf_req_flag, qop_req, + conf_state, iov, iov_count); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech) { + if (mech->gss_wrap_iov) { + status = mech->gss_wrap_iov( + minor_status, + ctx->internal_ctx_id, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_UNAVAILABLE; + + return(status); + } + /* EXPORT DELETE END */ + + return (GSS_S_BAD_MECH); +} + +OM_uint32 KRB5_CALLCONV +gss_wrap_iov_length (minor_status, + context_handle, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count) +OM_uint32 * minor_status; +gss_ctx_id_t context_handle; +int conf_req_flag; +gss_qop_t qop_req; +int * conf_state; +gss_iov_buffer_desc * iov; +int iov_count; +{ + /* EXPORT DELETE START */ + + OM_uint32 status; + gss_union_ctx_id_t ctx; + gss_mechanism mech; + + status = val_wrap_iov_args(minor_status, context_handle, + conf_req_flag, qop_req, + conf_state, iov, iov_count); + if (status != GSS_S_COMPLETE) + return (status); + + /* + * select the approprate underlying mechanism routine and + * call it. + */ + + ctx = (gss_union_ctx_id_t) context_handle; + mech = gssint_get_mechanism (ctx->mech_type); + + if (mech) { + if (mech->gss_wrap_iov_length) { + status = mech->gss_wrap_iov_length( + minor_status, + ctx->internal_ctx_id, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_UNAVAILABLE; + + return(status); + } + /* EXPORT DELETE END */ + + return (GSS_S_BAD_MECH); +} + +OM_uint32 KRB5_CALLCONV +gss_release_iov_buffer (minor_status, + iov, + iov_count) +OM_uint32 * minor_status; +gss_iov_buffer_desc * iov; +int iov_count; +{ + OM_uint32 status = GSS_S_COMPLETE; + int i; + + if (minor_status) + *minor_status = 0; + + if (iov == GSS_C_NO_IOV_BUFFER) + return GSS_S_COMPLETE; + + for (i = 0; i < iov_count; i++) { + if (iov[i].type & GSS_IOV_BUFFER_FLAG_ALLOCATED) { + status = gss_release_buffer(minor_status, &iov[i].buffer); + if (status != GSS_S_COMPLETE) + break; + + iov[i].type &= ~(GSS_IOV_BUFFER_FLAG_ALLOCATED); + } + } + + return status; +} + diff --git a/src/lib/gssapi/mechglue/gssd_pname_to_uid.c b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c new file mode 100644 index 0000000000..c310f1630e --- /dev/null +++ b/src/lib/gssapi/mechglue/gssd_pname_to_uid.c @@ -0,0 +1,67 @@ +/* #pragma ident "@(#)gssd_pname_to_uid.c 1.18 04/02/23 SMI" */ + +/* + * Copyright 1996 by Sun Microsystems, Inc. + * + * Permission to use, copy, modify, distribute, and sell this software + * and its documentation for any purpose is hereby granted without fee, + * provided that the above copyright notice appears in all copies and + * that both that copyright notice and this permission notice appear in + * supporting documentation, and that the name of Sun Microsystems not be used + * in advertising or publicity pertaining to distribution of the software + * without specific, written prior permission. Sun Microsystems makes no + * representations about the suitability of this software for any + * purpose. It is provided "as is" without express or implied warranty. + * + * SUN MICROSYSTEMS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + * EVENT SHALL SUN MICROSYSTEMS BE LIABLE FOR ANY SPECIAL, INDIRECT OR + * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * glue routines that test the mech id either passed in to + * gss_init_sec_contex() or gss_accept_sec_context() or within the glue + * routine supported version of the security context and then call + * the appropriate underlying mechanism library procedure. + * + */ + +#include "mglueP.h" + +int gssd_pname_to_uid(pname, name_type, mech_type, uid) + +char * pname; +gss_OID name_type; +gss_OID mech_type; +uid_t * uid; +{ + int status; + gss_mechanism mech; + + /* + * find the appropriate mechanism specific pname_to_uid procedure and + * call it. + */ + + mech = gssint_get_mechanism (mech_type); + + if (mech) { + if (mech_type == GSS_C_NULL_OID) + mech_type = &mech->mech_type; + + if (mech->pname_to_uid) { + status = mech->pname_to_uid(pname, name_type, mech_type, uid); + if (status != GSS_S_COMPLETE) + map_error(minor_status, mech); + } else + status = GSS_S_BAD_MECH; + } else + status = GSS_S_BAD_MECH; + + return(status); +} + diff --git a/src/lib/gssapi/mechglue/mech.conf b/src/lib/gssapi/mechglue/mech.conf deleted file mode 100644 index 5257a01a27..0000000000 --- a/src/lib/gssapi/mechglue/mech.conf +++ /dev/null @@ -1,7 +0,0 @@ -# -# -# GSSAPI Mechanism Definitions -# -# library function -/opt/SUNWgss/lib/mech_krb5.so krb5_gss_initialize -#mech_krb5.so krb5_gss_initialize diff --git a/src/lib/gssapi/mechglue/mechglue.h b/src/lib/gssapi/mechglue/mechglue.h index 4f4cd481cb..7f3334aec2 100644 --- a/src/lib/gssapi/mechglue/mechglue.h +++ b/src/lib/gssapi/mechglue/mechglue.h @@ -35,4 +35,8 @@ /* GSSAPI Extension functions -- these functions aren't */ /* in the GSSAPI, but they are provided in this library */ +#include + +void KRB5_CALLCONV gss_initialize(void); + #endif /* _GSS_MECHGLUE_H */ diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index 1f14ee2178..52195f2931 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -20,9 +20,6 @@ do { \ (o1)->length = (o2)->length; \ } while (0) -#define GSS_EMPTY_BUFFER(buf) ((buf) == NULL ||\ - (buf)->value == NULL || (buf)->length == 0) - /* * Array of context IDs typed by mechanism OID */ @@ -78,7 +75,20 @@ typedef struct gss_cred_id_struct { gss_cred_id_t *cred_array; gss_union_cred_auxinfo auxinfo; } gss_union_cred_desc, *gss_union_cred_t; - + +typedef OM_uint32 (*gss_acquire_cred_with_password_sfct)( + void *, /* context */ + OM_uint32 *, /* minor_status */ + const gss_name_t, /* desired_name */ + const gss_buffer_t, /* password */ + OM_uint32, /* time_req */ + const gss_OID_set, /* desired_mechs */ + int, /* cred_usage */ + gss_cred_id_t *, /* output_cred_handle */ + gss_OID_set *, /* actual_mechs */ + OM_uint32 * /* time_rec */ + /* */); + /* * Rudimentary pointer validation macro to check whether the * "loopback" field of an opaque struct points back to itself. This @@ -91,7 +101,10 @@ typedef struct gss_cred_id_struct { /********************************************************/ /* The Mechanism Dispatch Table -- a mechanism needs to */ /* define one of these and provide a function to return */ -/* it to initialize the GSSAPI library */ +/* it to initialize the GSSAPI library */ +int gssint_mechglue_initialize_library(void); + +OM_uint32 gssint_get_mech_type_oid(gss_OID OID, gss_buffer_t token); /* * This is the definition of the mechs_array struct, which is used to @@ -105,13 +118,10 @@ typedef struct gss_cred_id_struct { */ typedef struct gss_config { - OM_uint32 priority; - char * mechNameStr; gss_OID_desc mech_type; void * context; OM_uint32 (*gss_acquire_cred) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ @@ -123,13 +133,11 @@ typedef struct gss_config { ); OM_uint32 (*gss_release_cred) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_cred_id_t* /* cred_handle */ ); OM_uint32 (*gss_init_sec_context) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t*, /* context_handle */ @@ -146,7 +154,6 @@ typedef struct gss_config { ); OM_uint32 (*gss_accept_sec_context) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_cred_id_t, /* verifier_cred_handle */ @@ -161,67 +168,59 @@ typedef struct gss_config { ); OM_uint32 (*gss_process_context_token) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t /* token_buffer */ ); OM_uint32 (*gss_delete_sec_context) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t*, /* context_handle */ gss_buffer_t /* output_token */ ); OM_uint32 (*gss_context_time) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ OM_uint32* /* time_rec */ ); - OM_uint32 (*gss_sign) + OM_uint32 (*gss_get_mic) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ - int, /* qop_req */ + gss_qop_t, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ ); - OM_uint32 (*gss_verify) + OM_uint32 (*gss_verify_mic) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* token_buffer */ - int* /* qop_state */ + gss_qop_t* /* qop_state */ ); - OM_uint32 (*gss_seal) + OM_uint32 (*gss_wrap) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ - int, /* qop_req */ + gss_qop_t, /* qop_req */ gss_buffer_t, /* input_message_buffer */ int*, /* conf_state */ gss_buffer_t /* output_message_buffer */ ); - OM_uint32 (*gss_unseal) + OM_uint32 (*gss_unwrap) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* input_message_buffer */ gss_buffer_t, /* output_message_buffer */ int*, /* conf_state */ - int* /* qop_state */ + gss_qop_t* /* qop_state */ ); OM_uint32 (*gss_display_status) ( - void*, /* context */ OM_uint32*, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ @@ -231,13 +230,11 @@ typedef struct gss_config { ); OM_uint32 (*gss_indicate_mechs) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_OID_set* /* mech_set */ ); OM_uint32 (*gss_compare_name) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_name_t, /* name1 */ gss_name_t, /* name2 */ @@ -245,7 +242,6 @@ typedef struct gss_config { ); OM_uint32 (*gss_display_name) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ @@ -253,7 +249,6 @@ typedef struct gss_config { ); OM_uint32 (*gss_import_name) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_buffer_t, /* input_name_buffer */ gss_OID, /* input_name_type */ @@ -261,13 +256,11 @@ typedef struct gss_config { ); OM_uint32 (*gss_release_name) ( - void*, /* context */ OM_uint32*, /* minor_status */ gss_name_t* /* input_name */ ); OM_uint32 (*gss_inquire_cred) ( - void*, /* context */ OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_name_t *, /* name */ @@ -277,7 +270,6 @@ typedef struct gss_config { ); OM_uint32 (*gss_add_cred) ( - void*, /* context */ OM_uint32 *, /* minor_status */ gss_cred_id_t, /* input_cred_handle */ gss_name_t, /* desired_name */ @@ -292,21 +284,18 @@ typedef struct gss_config { ); OM_uint32 (*gss_export_sec_context) ( - void*, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* interprocess_token */ ); OM_uint32 (*gss_import_sec_context) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_buffer_t, /* interprocess_token */ gss_ctx_id_t * /* context_handle */ ); OM_uint32 (*gss_inquire_cred_by_mech) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_cred_id_t, /* cred_handle */ gss_OID, /* mech_type */ @@ -317,14 +306,12 @@ typedef struct gss_config { ); OM_uint32 (*gss_inquire_names_for_mech) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_OID, /* mechanism */ gss_OID_set * /* name_types */ ); OM_uint32 (*gss_inquire_context) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_name_t *, /* src_name */ @@ -332,18 +319,16 @@ typedef struct gss_config { OM_uint32 *, /* lifetime_rec */ gss_OID *, /* mech_type */ OM_uint32 *, /* ctx_flags */ - int *, /* locally_initiated */ + int *, /* locally_initiated */ int * /* open */ ); OM_uint32 (*gss_internal_release_oid) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_OID * /* OID */ ); OM_uint32 (*gss_wrap_size_limit) ( - void *, /* context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ int, /* conf_req_flag */ @@ -351,16 +336,30 @@ typedef struct gss_config { OM_uint32, /* req_output_size */ OM_uint32 * /* max_input_size */ ); +#if 0 + int (*pname_to_uid) + ( + char *, /* pname */ + gss_OID, /* name type */ + gss_OID, /* mech type */ + uid_t * /* uid */ + ); + OM_uint32 (*gssint_userok) + ( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* pname */ + const char *, /* local user */ + int * /* user ok? */ + /* */); +#endif OM_uint32 (*gss_export_name) ( - void *, /* context */ OM_uint32 *, /* minor_status */ const gss_name_t, /* input_name */ gss_buffer_t /* exported_name */ /* */); OM_uint32 (*gss_store_cred) ( - void *, /* context */ OM_uint32 *, /* minor_status */ const gss_cred_id_t, /* input_cred */ gss_cred_usage_t, /* cred_usage */ @@ -370,8 +369,132 @@ typedef struct gss_config { gss_OID_set *, /* elements_stored */ gss_cred_usage_t * /* cred_usage_stored */ /* */); + + OM_uint32 (*gss_import_name_object) + ( + OM_uint32 *, /* minor_status */ + void *, /* input_name */ + gss_OID, /* input_name_type */ + gss_name_t * /* output_name */ + /* */); + + OM_uint32 (*gss_export_name_object) + ( + OM_uint32 *, /* minor_status */ + gss_name_t, /* input_name */ + gss_OID, /* desired_name_type */ + void ** /* output_name */ + /* */); + + /* GGF extensions */ + + OM_uint32 (*gss_inquire_sec_context_by_oid) + ( + OM_uint32 *, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + const gss_OID, /* OID */ + gss_buffer_set_t * /* data_set */ + ); + OM_uint32 (*gss_inquire_cred_by_oid) + ( + OM_uint32 *, /* minor_status */ + const gss_cred_id_t, /* cred_handle */ + const gss_OID, /* OID */ + gss_buffer_set_t * /* data_set */ + ); + OM_uint32 (*gss_set_sec_context_option) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t *, /* context_handle */ + const gss_OID, /* OID */ + const gss_buffer_t /* value */ + ); + OM_uint32 (*gssspi_set_cred_option) + ( + OM_uint32 *, /* minor_status */ + gss_cred_id_t, /* cred_handle */ + const gss_OID, /* OID */ + const gss_buffer_t /* value */ + ); + OM_uint32 (*gssspi_mech_invoke) + ( + OM_uint32*, /* minor_status */ + const gss_OID, /* mech OID */ + const gss_OID, /* OID */ + gss_buffer_t /* value */ + ); + + /* AEAD extensions */ + OM_uint32 (*gss_wrap_aead) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + gss_buffer_t, /* input_assoc_buffer */ + gss_buffer_t, /* input_payload_buffer */ + int *, /* conf_state */ + gss_buffer_t /* output_message_buffer */ + /* */); + + OM_uint32 (*gss_unwrap_aead) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* input_assoc_buffer */ + gss_buffer_t, /* output_payload_buffer */ + int *, /* conf_state */ + gss_qop_t * /* qop_state */ + /* */); + + /* SSPI extensions */ + OM_uint32 (*gss_wrap_iov) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req */ + int *, /* conf_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ + /* */); + + OM_uint32 (*gss_unwrap_iov) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int *, /* conf_state */ + gss_qop_t *, /* qop_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ + /* */); + + OM_uint32 (*gss_wrap_iov_length) + ( + OM_uint32 *, /* minor_status */ + gss_ctx_id_t, /* context_handle */ + int, /* conf_req_flag*/ + gss_qop_t, /* qop_req */ + int *, /* conf_state */ + gss_iov_buffer_desc *, /* iov */ + int /* iov_count */ + /* */); + + OM_uint32 (*gss_complete_auth_token) + ( + OM_uint32*, /* minor_status */ + const gss_ctx_id_t, /* context_handle */ + gss_buffer_t /* input_message_buffer */ + ); + } *gss_mechanism; +/* This structure MUST NOT be used by any code outside libgss */ +typedef struct gss_config_ext { + gss_acquire_cred_with_password_sfct gss_acquire_cred_with_password; +} *gss_mechanism_ext; + /* * In the user space we use a wrapper structure to encompass the * mechanism entry points. The wrapper contain the mechanism @@ -387,21 +510,22 @@ typedef struct gss_mech_config { void *dl_handle; /* RTLD object handle for the mech */ gss_OID mech_type; /* mechanism oid */ gss_mechanism mech; /* mechanism initialization struct */ + gss_mechanism_ext mech_ext; /* extensions */ + int priority; /* mechanism preference order */ + int freeMech; /* free mech table */ struct gss_mech_config *next; /* next element in the list */ } *gss_mech_info; -/* Mechanisms defined within our library */ - -extern gss_mechanism *krb5_gss_get_mech_configs(void); -extern gss_mechanism *spnego_gss_get_mech_configs(void); - /********************************************************/ /* Internal mechglue routines */ +#if 0 int gssint_mechglue_init(void); void gssint_mechglue_fini(void); +#endif gss_mechanism gssint_get_mechanism (gss_OID); +gss_mechanism_ext gssint_get_mechanism_ext(const gss_OID); OM_uint32 gssint_get_mech_type (gss_OID, gss_buffer_t); char *gssint_get_kmodName(const gss_OID); char *gssint_get_modOptions(const gss_OID); @@ -412,6 +536,11 @@ OM_uint32 gssint_export_internal_name(OM_uint32 *, const gss_OID, OM_uint32 gssint_display_internal_name (OM_uint32 *, gss_OID, gss_name_t, gss_buffer_t, gss_OID *); OM_uint32 gssint_release_internal_name (OM_uint32 *, gss_OID, gss_name_t *); +OM_uint32 gssint_delete_internal_sec_context (OM_uint32 *, gss_OID, + gss_ctx_id_t *, gss_buffer_t); +#ifdef _GSS_STATIC_LINK +int gssint_register_mechinfo(gss_mech_info template); +#endif OM_uint32 gssint_convert_name_to_union_name (OM_uint32 *, /* minor_status */ @@ -465,6 +594,14 @@ gssint_get_mechanisms( int arrayLen /* length of passed in array */ ); +OM_uint32 +gssint_userok( + OM_uint32 *, /* minor */ + const gss_name_t, /* name */ + const char *, /* user */ + int * /* user_ok */ +); + OM_uint32 gss_store_cred( OM_uint32 *, /* minor_status */ @@ -494,6 +631,27 @@ gssint_put_der_length( unsigned int /* max_len */ ); +OM_uint32 +gssint_wrap_aead (gss_mechanism, /* mech */ + OM_uint32 *, /* minor_status */ + gss_union_ctx_id_t, /* ctx */ + int, /* conf_req_flag */ + gss_qop_t, /* qop_req_flag */ + gss_buffer_t, /* input_assoc_buffer */ + gss_buffer_t, /* input_payload_buffer */ + int *, /* conf_state */ + gss_buffer_t); /* output_message_buffer */ +OM_uint32 +gssint_unwrap_aead (gss_mechanism, /* mech */ + OM_uint32 *, /* minor_status */ + gss_union_ctx_id_t, /* ctx */ + gss_buffer_t, /* input_message_buffer */ + gss_buffer_t, /* input_assoc_buffer */ + gss_buffer_t, /* output_payload_buffer */ + int *, /* conf_state */ + gss_qop_t *); /* qop_state */ + + /* Use this to map an error code that was returned from a mech operation; the mech will be asked to produce the associated error messages. diff --git a/src/lib/gssapi/spnego/Makefile.in b/src/lib/gssapi/spnego/Makefile.in index ee0999f204..95bfd1ab1c 100644 --- a/src/lib/gssapi/spnego/Makefile.in +++ b/src/lib/gssapi/spnego/Makefile.in @@ -3,6 +3,7 @@ myfulldir=lib/gssapi/spnego mydir=lib/gssapi/spnego BUILDTOP=$(REL)..$(S)..$(S).. LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../mechglue -I$(srcdir)/../mechglue +DEFS=-D_GSS_STATIC_LINK=1 ##DOS##BUILDTOP = ..\..\.. ##DOS##PREFIXDIR=spnego @@ -23,21 +24,3 @@ all-unix:: all-libobjs clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -spnego_mech.so spnego_mech.po $(OUTPRE)spnego_mech.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ - $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../mechglue/mechglue.h \ - $(srcdir)/../mechglue/mglueP.h ../generic/gssapi_err_generic.h \ - gssapiP_spnego.h spnego_mech.c diff --git a/src/lib/gssapi/spnego/deps b/src/lib/gssapi/spnego/deps new file mode 100644 index 0000000000..2d3c30cf19 --- /dev/null +++ b/src/lib/gssapi/spnego/deps @@ -0,0 +1,17 @@ +# +# Generated makefile dependencies follow. +# +spnego_mech.so spnego_mech.po $(OUTPRE)spnego_mech.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \ + $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \ + $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \ + ../generic/gssapi_err_generic.h gssapiP_spnego.h spnego_mech.c diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h index 6d7d4c40c9..e1f3987cd2 100644 --- a/src/lib/gssapi/spnego/gssapiP_spnego.h +++ b/src/lib/gssapi/spnego/gssapiP_spnego.h @@ -39,6 +39,7 @@ extern "C" { #define ENUMERATED 0x0a #define ENUMERATION_LENGTH 1 #define HEADER_ID 0x60 +#define GENERAL_STRING 0x1b /* * SPNEGO specific error codes (minor status codes) @@ -106,16 +107,9 @@ typedef struct { */ #define SPNEGO_MAGIC_ID 0x00000fed -/* SPNEGO oid structure */ -static const gss_OID_desc spnego_oids[] = { - {SPNEGO_OID_LENGTH, SPNEGO_OID}, -}; - -const gss_OID_desc * const gss_mech_spnego = spnego_oids+0; -static const gss_OID_set_desc spnego_oidsets[] = { - {1, (gss_OID) spnego_oids+0}, -}; -const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0; +/* SPNEGO oid declarations */ +extern const gss_OID_desc * const gss_mech_spnego; +extern const gss_OID_set_desc * const gss_mech_set_spnego; #ifdef DEBUG #define dsyslog(a) syslog(LOG_DEBUG, a) @@ -130,7 +124,6 @@ const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0; OM_uint32 spnego_gss_acquire_cred ( - void *, /* spnego context */ OM_uint32 *, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ @@ -143,7 +136,6 @@ OM_uint32 spnego_gss_acquire_cred OM_uint32 spnego_gss_release_cred ( - void *, /* spnego context */ OM_uint32 *, /* minor_status */ /* CSTYLED */ gss_cred_id_t * /* cred_handle */ @@ -151,7 +143,6 @@ OM_uint32 spnego_gss_release_cred OM_uint32 spnego_gss_init_sec_context ( - void *, /* spnego context */ OM_uint32 *, /* minor_status */ gss_cred_id_t, /* claimant_cred_handle */ gss_ctx_id_t *, /* context_handle */ @@ -170,7 +161,6 @@ OM_uint32 spnego_gss_init_sec_context #ifndef LEAN_CLIENT OM_uint32 spnego_gss_accept_sec_context ( - void *, /* spnego context */ OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_cred_id_t, /* verifier_cred_handle */ @@ -186,9 +176,16 @@ OM_uint32 spnego_gss_accept_sec_context ); #endif /* LEAN_CLIENT */ +OM_uint32 spnego_gss_compare_name +( + OM_uint32 *, /* minor_status */ + const gss_name_t, /* name1 */ + const gss_name_t, /* name2 */ + int * /* name_equal */ +); + OM_uint32 spnego_gss_display_name ( - void *, OM_uint32 *, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ @@ -197,7 +194,6 @@ OM_uint32 spnego_gss_display_name OM_uint32 spnego_gss_display_status ( - void *, /* spnego context */ OM_uint32 *, /* minor_status */ OM_uint32, /* status_value */ int, /* status_type */ @@ -208,7 +204,6 @@ OM_uint32 spnego_gss_display_status OM_uint32 spnego_gss_import_name ( - void *, /* spnego context */ OM_uint32 *, /* minor_status */ gss_buffer_t, /* input_name_buffer */ gss_OID, /* input_name_type */ @@ -218,7 +213,6 @@ OM_uint32 spnego_gss_import_name OM_uint32 spnego_gss_release_name ( - void *, /* spnego context */ OM_uint32 *, /* minor_status */ /* CSTYLED */ gss_name_t * /* input_name */ @@ -226,30 +220,27 @@ OM_uint32 spnego_gss_release_name OM_uint32 spnego_gss_inquire_names_for_mech ( - void *, /* spnego context */ OM_uint32 *, /* minor_status */ gss_OID, /* mechanism */ gss_OID_set * /* name_types */ ); -OM_uint32 spnego_gss_unseal +OM_uint32 spnego_gss_unwrap ( - void *context, OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, - int *qop_state + gss_qop_t *qop_state ); -OM_uint32 spnego_gss_seal +OM_uint32 spnego_gss_wrap ( - void *context, OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, - int qop_req, + gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer @@ -257,7 +248,6 @@ OM_uint32 spnego_gss_seal OM_uint32 spnego_gss_process_context_token ( - void *context, OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_buffer @@ -265,7 +255,6 @@ OM_uint32 spnego_gss_process_context_token OM_uint32 spnego_gss_delete_sec_context ( - void *context, OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t output_token @@ -273,7 +262,6 @@ OM_uint32 spnego_gss_delete_sec_context OM_uint32 spnego_gss_context_time ( - void *context, OM_uint32 *minor_status, const gss_ctx_id_t context_handle, OM_uint32 *time_rec @@ -281,7 +269,6 @@ OM_uint32 spnego_gss_context_time #ifndef LEAN_CLIENT OM_uint32 spnego_gss_export_sec_context ( - void *context, OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t interprocess_token @@ -289,7 +276,6 @@ OM_uint32 spnego_gss_export_sec_context OM_uint32 spnego_gss_import_sec_context ( - void *context, OM_uint32 *minor_status, const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle @@ -298,7 +284,6 @@ OM_uint32 spnego_gss_import_sec_context OM_uint32 spnego_gss_inquire_context ( - void *context, OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_name_t *src_name, @@ -312,7 +297,6 @@ OM_uint32 spnego_gss_inquire_context OM_uint32 spnego_gss_wrap_size_limit ( - void *context, OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, @@ -321,24 +305,110 @@ OM_uint32 spnego_gss_wrap_size_limit OM_uint32 *max_input_size ); -OM_uint32 spnego_gss_sign +OM_uint32 spnego_gss_get_mic ( - void *context, OM_uint32 *minor_status, const gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token ); -OM_uint32 spnego_gss_verify +OM_uint32 spnego_gss_verify_mic ( - void *context, OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t msg_buffer, const gss_buffer_t token_buffer, - int *qop_state + gss_qop_t *qop_state +); + +OM_uint32 +spnego_gss_inquire_sec_context_by_oid +( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set +); + +OM_uint32 +spnego_gss_set_sec_context_option +( + OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value +); + +#ifdef _GSS_STATIC_LINK +int gss_spnegoint_lib_init(void); +void gss_spnegoint_lib_fini(void); +#else +gss_mechanism KRB5_CALLCONV gss_mech_initialize(void); +#endif /* _GSS_STATIC_LINK */ + +OM_uint32 spnego_gss_wrap_aead +( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer +); + +OM_uint32 spnego_gss_unwrap_aead +( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state +); + +OM_uint32 spnego_gss_wrap_iov +( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count +); + +OM_uint32 spnego_gss_unwrap_iov +( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count +); + +OM_uint32 spnego_gss_wrap_iov_length +( + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count +); + +OM_uint32 +spnego_gss_complete_auth_token +( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer ); #ifdef __cplusplus diff --git a/src/lib/gssapi/spnego/mech_spnego.exports b/src/lib/gssapi/spnego/mech_spnego.exports new file mode 100644 index 0000000000..9d570e5c05 --- /dev/null +++ b/src/lib/gssapi/spnego/mech_spnego.exports @@ -0,0 +1 @@ +gss_mech_initialize diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index b0dc70b2c6..44aea26436 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -32,9 +32,37 @@ * peers using the GSS-API. * */ - +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ /* #pragma ident "@(#)spnego_mech.c 1.7 04/09/28 SMI" */ +#include +#include #include #include #include @@ -78,7 +106,6 @@ static OM_uint32 get_available_mechs(OM_uint32 *, gss_name_t, static void release_spnego_ctx(spnego_gss_ctx_id_t *); static void check_spnego_options(spnego_gss_ctx_id_t); static spnego_gss_ctx_id_t create_spnego_ctx(void); -static int put_req_flags(unsigned char **, OM_uint32, unsigned int); static int put_mech_set(gss_OID_set mechSet, gss_buffer_t buf); static int put_input_token(unsigned char **, gss_buffer_t, unsigned int); static int put_mech_oid(unsigned char **, gss_OID_const, unsigned int); @@ -136,7 +163,9 @@ static int g_get_tag_and_length(unsigned char **, int, unsigned int, unsigned int *); static int -make_spnego_tokenInit_msg(spnego_gss_ctx_id_t, gss_buffer_t, +make_spnego_tokenInit_msg(spnego_gss_ctx_id_t, + int, + gss_buffer_t, OM_uint32, gss_buffer_t, send_token_flag, gss_buffer_t); static int @@ -152,6 +181,26 @@ static OM_uint32 get_negTokenResp(OM_uint32 *, unsigned char *, unsigned int, OM_uint32 *, gss_OID *, gss_buffer_t *, gss_buffer_t *); +static int +is_kerb_mech(gss_OID oid); + +/* SPNEGO oid structure */ +static const gss_OID_desc spnego_oids[] = { + {SPNEGO_OID_LENGTH, SPNEGO_OID}, +}; + +const gss_OID_desc * const gss_mech_spnego = spnego_oids+0; +static const gss_OID_set_desc spnego_oidsets[] = { + {1, (gss_OID) spnego_oids+0}, +}; +const gss_OID_set_desc * const gss_mech_set_spnego = spnego_oidsets+0; + +static int make_NegHints(OM_uint32 *, gss_cred_id_t, gss_buffer_t *); +static int put_neg_hints(unsigned char **, gss_buffer_t, unsigned int); +static OM_uint32 +acc_ctx_hints(OM_uint32 *, gss_ctx_id_t *, gss_cred_id_t, + gss_buffer_t *, OM_uint32 *, send_token_flag *); + /* * The Mech OID for SPNEGO: * { iso(1) org(3) dod(6) internet(1) security(5) @@ -159,7 +208,6 @@ get_negTokenResp(OM_uint32 *, unsigned char *, unsigned int, */ static struct gss_config spnego_mechanism = { - 400, "spnego", {SPNEGO_OID_LENGTH, SPNEGO_OID}, NULL, spnego_gss_acquire_cred, @@ -173,13 +221,13 @@ static struct gss_config spnego_mechanism = NULL, /* gss_process_context_token */ spnego_gss_delete_sec_context, /* gss_delete_sec_context */ spnego_gss_context_time, /* gss_context_time */ - spnego_gss_sign, /* gss_sign */ - spnego_gss_verify, /* gss_verify */ - spnego_gss_seal, /* gss_seal */ - spnego_gss_unseal, /* gss_unseal */ + spnego_gss_get_mic, /* gss_get_mic */ + spnego_gss_verify_mic, /* gss_verify_mic */ + spnego_gss_wrap, /* gss_wrap */ + spnego_gss_unwrap, /* gss_unwrap */ spnego_gss_display_status, NULL, /* gss_indicate_mechs */ - NULL, /* gss_compare_name */ + spnego_gss_compare_name, spnego_gss_display_name, spnego_gss_import_name, spnego_gss_release_name, @@ -199,24 +247,63 @@ static struct gss_config spnego_mechanism = spnego_gss_wrap_size_limit, /* gss_wrap_size_limit */ NULL, /* gss_export_name */ NULL, /* gss_store_cred */ + NULL, /* gss_import_name_object */ + NULL, /* gss_export_name_object */ + spnego_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */ + NULL, /* gss_inquire_cred_by_oid */ + spnego_gss_set_sec_context_option, /* gss_set_sec_context_option */ + NULL, /* gssspi_set_cred_option */ + NULL, /* gssspi_mech_invoke */ + spnego_gss_wrap_aead, + spnego_gss_unwrap_aead, + spnego_gss_wrap_iov, + spnego_gss_unwrap_iov, + spnego_gss_wrap_iov_length, + spnego_gss_complete_auth_token }; -static gss_mechanism spnego_mech_configs[] = { - &spnego_mechanism, NULL -}; +#ifdef _GSS_STATIC_LINK +#include "mglueP.h" + +static int gss_spnegomechglue_init(void) +{ + struct gss_mech_config mech_spnego; + + memset(&mech_spnego, 0, sizeof(mech_spnego)); + mech_spnego.mech = &spnego_mechanism; + mech_spnego.mechNameStr = "spnego"; + mech_spnego.mech_type = GSS_C_NO_OID; -#define gssint_get_mech_configs spnego_gss_get_mech_configs + return gssint_register_mechinfo(&mech_spnego); +} +#else +gss_mechanism KRB5_CALLCONV +gss_mech_initialize(void) +{ + return (&spnego_mechanism); +} + +MAKE_INIT_FUNCTION(gss_krb5int_lib_init); +MAKE_FINI_FUNCTION(gss_krb5int_lib_fini); +int gss_krb5int_lib_init(void) +#endif /* _GSS_STATIC_LINK */ + +int gss_spnegoint_lib_init(void) +{ +#ifdef _GSS_STATIC_LINK + return gss_spnegomechglue_init(); +#else + return 0; +#endif +} -gss_mechanism * -gssint_get_mech_configs(void) +void gss_spnegoint_lib_fini(void) { - return spnego_mech_configs; } /*ARGSUSED*/ OM_uint32 -spnego_gss_acquire_cred(void *ctx, - OM_uint32 *minor_status, +spnego_gss_acquire_cred(OM_uint32 *minor_status, gss_name_t desired_name, OM_uint32 time_req, gss_OID_set desired_mechs, @@ -269,8 +356,7 @@ spnego_gss_acquire_cred(void *ctx, /*ARGSUSED*/ OM_uint32 -spnego_gss_release_cred(void *ctx, - OM_uint32 *minor_status, +spnego_gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) { OM_uint32 status; @@ -557,10 +643,15 @@ init_ctx_cont(OM_uint32 *minor_status, gss_ctx_id_t *ctx, gss_buffer_t buf, * mech not finished and mech token missing */ ret = GSS_S_DEFECTIVE_TOKEN; - } else { + } else if (sc->mic_reqd && + (sc->ctx_flags & GSS_C_INTEG_FLAG)) { *negState = ACCEPT_INCOMPLETE; *tokflag = CONT_TOKEN_SEND; ret = GSS_S_CONTINUE_NEEDED; + } else { + *negState = ACCEPT_COMPLETE; + *tokflag = NO_TOKEN_SEND; + ret = GSS_S_COMPLETE; } cleanup: if (supportedMech != GSS_C_NO_OID) @@ -598,7 +689,17 @@ init_ctx_nego(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, map_errcode(minor_status); return GSS_S_DEFECTIVE_TOKEN; } - if (!g_OID_equal(supportedMech, sc->internal_mech)) { + + /* + * If the mechanism we sent is not the mechanism returned from + * the server, we need to handle the server's counter + * proposal. There is a bug in SAMBA servers that always send + * the old Kerberos mech OID, even though we sent the new one. + * So we will treat all the Kerberos mech OIDS as the same. + */ + if (!(is_kerb_mech(supportedMech) && + is_kerb_mech(sc->internal_mech)) && + !g_OID_equal(supportedMech, sc->internal_mech)) { ret = init_ctx_reselect(minor_status, sc, acc_negState, supportedMech, responseToken, mechListMIC, @@ -722,6 +823,7 @@ init_ctx_call_init(OM_uint32 *minor_status, * generated/handled. */ if (*send_token == CONT_TOKEN_SEND && + mechtok_out->length == 0 && (!sc->mic_reqd || !(sc->ctx_flags & GSS_C_INTEG_FLAG))) { @@ -748,7 +850,7 @@ init_ctx_call_init(OM_uint32 *minor_status, /*ARGSUSED*/ OM_uint32 -spnego_gss_init_sec_context(void *ct, +spnego_gss_init_sec_context( OM_uint32 *minor_status, gss_cred_id_t claimant_cred_handle, gss_ctx_id_t *context_handle, @@ -835,11 +937,11 @@ spnego_gss_init_sec_context(void *ct, cleanup: if (send_token == INIT_TOKEN_SEND) { if (make_spnego_tokenInit_msg(spnego_ctx, + 0, mechListMIC_out, req_flags, &mechtok_out, send_token, output_token) < 0) { - ret = GSS_S_FAILURE; } } else if (send_token != NO_TOKEN_SEND) { @@ -859,6 +961,8 @@ cleanup: *context_handle = (gss_ctx_id_t)spnego_ctx->ctx_handle; if (actual_mech != NULL) *actual_mech = spnego_ctx->actual_mech; + if (ret_flags != NULL) + *ret_flags = spnego_ctx->ctx_flags; release_spnego_ctx(&spnego_ctx); } else if (ret != GSS_S_CONTINUE_NEEDED) { if (spnego_ctx != NULL) { @@ -887,6 +991,265 @@ cleanup: return ret; } /* init_sec_context */ +/* We don't want to import KRB5 headers here */ +static const gss_OID_desc gss_mech_krb5_oid = + { 9, "\052\206\110\206\367\022\001\002\002" }; +static const gss_OID_desc gss_mech_krb5_wrong_oid = + { 9, "\052\206\110\202\367\022\001\002\002" }; + +/* + * verify that the input token length is not 0. If it is, just return. + * If the token length is greater than 0, der encode as a sequence + * and place in buf_out, advancing buf_out. + */ + +static int +put_neg_hints(unsigned char **buf_out, gss_buffer_t input_token, + unsigned int buflen) +{ + int ret; + + /* if token length is 0, we do not want to send */ + if (input_token->length == 0) + return (0); + + if (input_token->length > buflen) + return (-1); + + *(*buf_out)++ = SEQUENCE; + if ((ret = gssint_put_der_length(input_token->length, buf_out, + input_token->length))) + return (ret); + TWRITE_STR(*buf_out, input_token->value, input_token->length); + return (0); +} + +/* + * NegHints ::= SEQUENCE { + * hintName [0] GeneralString OPTIONAL, + * hintAddress [1] OCTET STRING OPTIONAL + * } + */ + +#define HOST_PREFIX "host@" +#define HOST_PREFIX_LEN (sizeof(HOST_PREFIX) - 1) + +static int +make_NegHints(OM_uint32 *minor_status, + gss_cred_id_t cred, gss_buffer_t *outbuf) +{ + gss_buffer_desc hintNameBuf; + gss_name_t hintName = GSS_C_NO_NAME; + gss_name_t hintKerberosName; + gss_OID hintNameType; + OM_uint32 major_status; + OM_uint32 minor; + unsigned int tlen = 0; + unsigned int hintNameSize = 0; + unsigned int negHintsSize = 0; + unsigned char *ptr; + unsigned char *t; + + *outbuf = GSS_C_NO_BUFFER; + + if (cred != GSS_C_NO_CREDENTIAL) { + major_status = gss_inquire_cred(minor_status, + cred, + &hintName, + NULL, + NULL, + NULL); + if (major_status != GSS_S_COMPLETE) + return (major_status); + } + + if (hintName == GSS_C_NO_NAME) { + krb5_error_code code; + krb5int_access kaccess; + char hostname[HOST_PREFIX_LEN + MAXHOSTNAMELEN + 1] = HOST_PREFIX; + + code = krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION); + if (code != 0) { + *minor_status = code; + return (GSS_S_FAILURE); + } + + /* this breaks mutual authentication but Samba relies on it */ + code = (*kaccess.clean_hostname)(NULL, NULL, + &hostname[HOST_PREFIX_LEN], + MAXHOSTNAMELEN); + if (code != 0) { + *minor_status = code; + return (GSS_S_FAILURE); + } + + hintNameBuf.value = hostname; + hintNameBuf.length = strlen(hostname); + + major_status = gss_import_name(minor_status, + &hintNameBuf, + GSS_C_NT_HOSTBASED_SERVICE, + &hintName); + if (major_status != GSS_S_COMPLETE) { + return (major_status); + } + } + + hintNameBuf.value = NULL; + hintNameBuf.length = 0; + + major_status = gss_canonicalize_name(minor_status, + hintName, + (gss_OID)&gss_mech_krb5_oid, + &hintKerberosName); + if (major_status != GSS_S_COMPLETE) { + gss_release_name(&minor, &hintName); + return (major_status); + } + gss_release_name(&minor, &hintName); + + major_status = gss_display_name(minor_status, + hintKerberosName, + &hintNameBuf, + &hintNameType); + if (major_status != GSS_S_COMPLETE) { + gss_release_name(&minor, &hintName); + return (major_status); + } + gss_release_name(&minor, &hintKerberosName); + + /* + * Now encode the name hint into a NegHints ASN.1 type + */ + major_status = GSS_S_FAILURE; + + /* Length of DER encoded GeneralString */ + tlen = 1 + gssint_der_length_size(hintNameBuf.length) + + hintNameBuf.length; + hintNameSize = tlen; + + /* Length of DER encoded hintName */ + tlen += 1 + gssint_der_length_size(hintNameSize); + negHintsSize = tlen; + + t = (unsigned char *)malloc(tlen); + if (t == NULL) { + *minor_status = ENOMEM; + goto errout; + } + + ptr = t; + + *ptr++ = CONTEXT | 0x00; /* hintName identifier */ + if (gssint_put_der_length(hintNameSize, + &ptr, tlen - (int)(ptr-t))) + goto errout; + + *ptr++ = GENERAL_STRING; + if (gssint_put_der_length(hintNameBuf.length, + &ptr, tlen - (int)(ptr-t))) + goto errout; + + memcpy(ptr, hintNameBuf.value, hintNameBuf.length); + ptr += hintNameBuf.length; + + *outbuf = (gss_buffer_t)malloc(sizeof(gss_buffer_desc)); + if (*outbuf == NULL) { + *minor_status = ENOMEM; + goto errout; + } + (*outbuf)->value = (void *)t; + (*outbuf)->length = ptr - t; + + t = NULL; /* don't free */ + + *minor_status = 0; + major_status = GSS_S_COMPLETE; + +errout: + if (t != NULL) { + free(t); + } + + gss_release_buffer(&minor, &hintNameBuf); + + return (major_status); +} + +static OM_uint32 +acc_ctx_hints(OM_uint32 *minor_status, + gss_ctx_id_t *ctx, + gss_cred_id_t cred, + gss_buffer_t *mechListMIC, + OM_uint32 *negState, + send_token_flag *return_token) +{ + OM_uint32 tmpmin, ret; + gss_OID_set supported_mechSet; + spnego_gss_ctx_id_t sc = NULL; + + *mechListMIC = GSS_C_NO_BUFFER; + supported_mechSet = GSS_C_NO_OID_SET; + *return_token = ERROR_TOKEN_SEND; + *negState = REJECT; + *minor_status = 0; + + *ctx = GSS_C_NO_CONTEXT; + ret = GSS_S_DEFECTIVE_TOKEN; + + if (cred != GSS_C_NO_CREDENTIAL) { + ret = gss_inquire_cred(minor_status, cred, NULL, NULL, + NULL, &supported_mechSet); + if (ret != GSS_S_COMPLETE) { + *return_token = NO_TOKEN_SEND; + goto cleanup; + } + } else { + ret = get_available_mechs(minor_status, GSS_C_NO_NAME, + GSS_C_ACCEPT, NULL, + &supported_mechSet); + if (ret != GSS_S_COMPLETE) { + *return_token = NO_TOKEN_SEND; + goto cleanup; + } + } + + ret = make_NegHints(minor_status, cred, mechListMIC); + if (ret != GSS_S_COMPLETE) { + *return_token = NO_TOKEN_SEND; + goto cleanup; + } + + /* + * Select the best match between the list of mechs + * that the initiator requested and the list that + * the acceptor will support. + */ + sc = create_spnego_ctx(); + if (sc == NULL) { + ret = GSS_S_FAILURE; + *return_token = NO_TOKEN_SEND; + goto cleanup; + } + if (put_mech_set(supported_mechSet, &sc->DER_mechTypes) < 0) { + ret = GSS_S_FAILURE; + *return_token = NO_TOKEN_SEND; + goto cleanup; + } + sc->internal_mech = GSS_C_NO_OID; + + *negState = ACCEPT_INCOMPLETE; + *return_token = INIT_TOKEN_SEND; + sc->firstpass = 1; + *ctx = (gss_ctx_id_t)sc; + ret = GSS_S_COMPLETE; + +cleanup: + gss_release_oid_set(&tmpmin, &supported_mechSet); + + return ret; +} + /* * Set negState to REJECT if the token is defective, else * ACCEPT_INCOMPLETE or REQUEST_MIC, depending on whether initiator's @@ -909,6 +1272,7 @@ acc_ctx_new(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc = NULL; *ctx = GSS_C_NO_CONTEXT; + ret = GSS_S_DEFECTIVE_TOKEN; der_mechTypes.length = 0; der_mechTypes.value = NULL; @@ -953,7 +1317,12 @@ acc_ctx_new(OM_uint32 *minor_status, ret = GSS_S_BAD_MECH; goto cleanup; } - sc = create_spnego_ctx(); + sc = (spnego_gss_ctx_id_t)*ctx; + if (sc != NULL) { + gss_release_buffer(&tmpmin, &sc->DER_mechTypes); + assert(mech_wanted != GSS_C_NO_OID); + } else + sc = create_spnego_ctx(); if (sc == NULL) { ret = GSS_S_FAILURE; *return_token = NO_TOKEN_SEND; @@ -1078,7 +1447,7 @@ acc_ctx_vfy_oid(OM_uint32 *minor_status, *tokflag = ERROR_TOKEN_SEND; return GSS_S_BAD_MECH; } - ret = mech->gss_indicate_mechs(NULL, minor_status, &mech_set); + ret = mech->gss_indicate_mechs(minor_status, &mech_set); if (ret != GSS_S_COMPLETE) { *tokflag = NO_TOKEN_SEND; map_error(minor_status, mech); @@ -1115,18 +1484,20 @@ acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, OM_uint32 ret; gss_OID_desc mechoid; - /* - * mechoid is an alias; don't free it. - */ - ret = gssint_get_mech_type(&mechoid, mechtok_in); - if (ret != GSS_S_COMPLETE) { - *tokflag = NO_TOKEN_SEND; - return ret; + if (sc->ctx_handle == GSS_C_NO_CONTEXT) { + /* + * mechoid is an alias; don't free it. + */ + ret = gssint_get_mech_type(&mechoid, mechtok_in); + if (ret != GSS_S_COMPLETE) { + *tokflag = NO_TOKEN_SEND; + return ret; + } + ret = acc_ctx_vfy_oid(minor_status, sc, &mechoid, + negState, tokflag); + if (ret != GSS_S_COMPLETE) + return ret; } - ret = acc_ctx_vfy_oid(minor_status, sc, &mechoid, - negState, tokflag); - if (ret != GSS_S_COMPLETE) - return ret; ret = gss_accept_sec_context(minor_status, &sc->ctx_handle, @@ -1173,7 +1544,7 @@ acc_ctx_call_acc(OM_uint32 *minor_status, spnego_gss_ctx_id_t sc, /*ARGSUSED*/ OM_uint32 -spnego_gss_accept_sec_context(void *ct, +spnego_gss_accept_sec_context( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_cred_id_t verifier_cred_handle, @@ -1186,12 +1557,13 @@ spnego_gss_accept_sec_context(void *ct, OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle) { - OM_uint32 ret, tmpret, tmpmin, negState; + OM_uint32 ret, tmpmin, negState; send_token_flag return_token; gss_buffer_t mechtok_in, mic_in, mic_out; gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER; spnego_gss_ctx_id_t sc = NULL; OM_uint32 mechstat = GSS_S_FAILURE; + int sendTokenInit = 0; mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER; @@ -1210,7 +1582,8 @@ spnego_gss_accept_sec_context(void *ct, if (input_token == GSS_C_NO_BUFFER) return GSS_S_CALL_INACCESSIBLE_READ; - if (*context_handle == GSS_C_NO_CONTEXT) { + sc = (spnego_gss_ctx_id_t)*context_handle; + if (sc == NULL || sc->internal_mech == GSS_C_NO_OID) { if (src_name != NULL) *src_name = GSS_C_NO_NAME; if (mech_type != NULL) @@ -1221,14 +1594,27 @@ spnego_gss_accept_sec_context(void *ct, *ret_flags = 0; if (delegated_cred_handle != NULL) *delegated_cred_handle = GSS_C_NO_CREDENTIAL; - /* Can set negState to REQUEST_MIC */ - ret = acc_ctx_new(minor_status, input_token, - context_handle, verifier_cred_handle, - &mechtok_in, &mic_in, - &negState, &return_token); - if (ret != GSS_S_COMPLETE) - goto cleanup; - ret = GSS_S_CONTINUE_NEEDED; + if (input_token->length == 0) { + sendTokenInit = 1; + ret = acc_ctx_hints(minor_status, + context_handle, + verifier_cred_handle, + &mic_out, + &negState, + &return_token); + if (ret != GSS_S_COMPLETE) + goto cleanup; + ret = GSS_S_CONTINUE_NEEDED; + } else { + /* Can set negState to REQUEST_MIC */ + ret = acc_ctx_new(minor_status, input_token, + context_handle, verifier_cred_handle, + &mechtok_in, &mic_in, + &negState, &return_token); + if (ret != GSS_S_COMPLETE) + goto cleanup; + ret = GSS_S_CONTINUE_NEEDED; + } } else { /* Can set negState to ACCEPT_INCOMPLETE */ ret = acc_ctx_cont(minor_status, input_token, @@ -1267,13 +1653,27 @@ spnego_gss_accept_sec_context(void *ct, } cleanup: if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) { - tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech, - &mechtok_out, mic_out, - return_token, - output_token); - if (tmpret != GSS_S_COMPLETE) { - ret = tmpret; + /* For acceptor-sends-first send a tokenInit */ + int tmpret; + + assert(sc != NULL); + + if (sendTokenInit) { + tmpret = make_spnego_tokenInit_msg(sc, + 1, + mic_out, + 0, + GSS_C_NO_BUFFER, + return_token, + output_token); + } else { + tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech, + &mechtok_out, mic_out, + return_token, + output_token); } + if (tmpret < 0) + ret = GSS_S_FAILURE; } if (ret == GSS_S_COMPLETE) { *context_handle = (gss_ctx_id_t)sc->ctx_handle; @@ -1303,7 +1703,7 @@ cleanup: /*ARGSUSED*/ OM_uint32 -spnego_gss_display_status(void *ctx, +spnego_gss_display_status( OM_uint32 *minor_status, OM_uint32 status_value, int status_type, @@ -1348,7 +1748,7 @@ spnego_gss_display_status(void *ctx, /*ARGSUSED*/ OM_uint32 -spnego_gss_import_name(void *ctx, +spnego_gss_import_name( OM_uint32 *minor_status, gss_buffer_t input_name_buffer, gss_OID input_name_type, @@ -1367,7 +1767,7 @@ spnego_gss_import_name(void *ctx, /*ARGSUSED*/ OM_uint32 -spnego_gss_release_name(void *ctx, +spnego_gss_release_name( OM_uint32 *minor_status, gss_name_t *input_name) { @@ -1383,7 +1783,25 @@ spnego_gss_release_name(void *ctx, /*ARGSUSED*/ OM_uint32 -spnego_gss_display_name(void *ctx, +spnego_gss_compare_name( + OM_uint32 *minor_status, + const gss_name_t name1, + const gss_name_t name2, + int *name_equal) +{ + OM_uint32 status = GSS_S_COMPLETE; + dsyslog("Entering compare_name\n"); + + status = gss_compare_name(minor_status, name1, name2, name_equal); + + dsyslog("Leaving compare_name\n"); + return (status); +} + +/*ARGSUSED*/ +/*ARGSUSED*/ +OM_uint32 +spnego_gss_display_name( OM_uint32 *minor_status, gss_name_t input_name, gss_buffer_t output_name_buffer, @@ -1402,7 +1820,7 @@ spnego_gss_display_name(void *ctx, /*ARGSUSED*/ OM_uint32 -spnego_gss_inquire_names_for_mech(void *ctx, +spnego_gss_inquire_names_for_mech( OM_uint32 *minor_status, gss_OID mechanism, gss_OID_set *name_types) @@ -1445,16 +1863,16 @@ spnego_gss_inquire_names_for_mech(void *ctx, } OM_uint32 -spnego_gss_unseal(void *context, +spnego_gss_unwrap( OM_uint32 *minor_status, gss_ctx_id_t context_handle, gss_buffer_t input_message_buffer, gss_buffer_t output_message_buffer, int *conf_state, - int *qop_state) + gss_qop_t *qop_state) { OM_uint32 ret; - ret = gss_unseal(minor_status, + ret = gss_unwrap(minor_status, context_handle, input_message_buffer, output_message_buffer, @@ -1465,17 +1883,17 @@ spnego_gss_unseal(void *context, } OM_uint32 -spnego_gss_seal(void *context, +spnego_gss_wrap( OM_uint32 *minor_status, gss_ctx_id_t context_handle, int conf_req_flag, - int qop_req, + gss_qop_t qop_req, gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer) { OM_uint32 ret; - ret = gss_seal(minor_status, + ret = gss_wrap(minor_status, context_handle, conf_req_flag, qop_req, @@ -1487,7 +1905,7 @@ spnego_gss_seal(void *context, } OM_uint32 -spnego_gss_process_context_token(void *context, +spnego_gss_process_context_token( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t token_buffer) @@ -1501,7 +1919,7 @@ spnego_gss_process_context_token(void *context, } OM_uint32 -spnego_gss_delete_sec_context(void *context, +spnego_gss_delete_sec_context( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t output_token) @@ -1529,7 +1947,7 @@ spnego_gss_delete_sec_context(void *context, } OM_uint32 -spnego_gss_context_time(void *context, +spnego_gss_context_time( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, OM_uint32 *time_rec) @@ -1542,7 +1960,7 @@ spnego_gss_context_time(void *context, } #ifndef LEAN_CLIENT OM_uint32 -spnego_gss_export_sec_context(void *context, +spnego_gss_export_sec_context( OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t interprocess_token) @@ -1555,7 +1973,7 @@ spnego_gss_export_sec_context(void *context, } OM_uint32 -spnego_gss_import_sec_context(void *context, +spnego_gss_import_sec_context( OM_uint32 *minor_status, const gss_buffer_t interprocess_token, gss_ctx_id_t *context_handle) @@ -1569,7 +1987,7 @@ spnego_gss_import_sec_context(void *context, #endif /* LEAN_CLIENT */ OM_uint32 -spnego_gss_inquire_context(void *context, +spnego_gss_inquire_context( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, gss_name_t *src_name, @@ -1596,7 +2014,7 @@ spnego_gss_inquire_context(void *context, } OM_uint32 -spnego_gss_wrap_size_limit(void *context, +spnego_gss_wrap_size_limit( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, @@ -1615,15 +2033,15 @@ spnego_gss_wrap_size_limit(void *context, } OM_uint32 -spnego_gss_sign(void *context, +spnego_gss_get_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, - int qop_req, + gss_qop_t qop_req, const gss_buffer_t message_buffer, gss_buffer_t message_token) { OM_uint32 ret; - ret = gss_sign(minor_status, + ret = gss_get_mic(minor_status, context_handle, qop_req, message_buffer, @@ -1632,19 +2050,164 @@ spnego_gss_sign(void *context, } OM_uint32 -spnego_gss_verify(void *context, +spnego_gss_verify_mic( OM_uint32 *minor_status, const gss_ctx_id_t context_handle, const gss_buffer_t msg_buffer, const gss_buffer_t token_buffer, - int *qop_state) + gss_qop_t *qop_state) { OM_uint32 ret; ret = gss_verify_mic(minor_status, context_handle, msg_buffer, token_buffer, - (gss_qop_t *)qop_state); /* XXX */ + qop_state); + return (ret); +} + +OM_uint32 +spnego_gss_inquire_sec_context_by_oid( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + const gss_OID desired_object, + gss_buffer_set_t *data_set) +{ + OM_uint32 ret; + ret = gss_inquire_sec_context_by_oid(minor_status, + context_handle, + desired_object, + data_set); + return (ret); +} + +OM_uint32 +spnego_gss_set_sec_context_option( + OM_uint32 *minor_status, + gss_ctx_id_t *context_handle, + const gss_OID desired_object, + const gss_buffer_t value) +{ + OM_uint32 ret; + ret = gss_set_sec_context_option(minor_status, + context_handle, + desired_object, + value); + return (ret); +} + +OM_uint32 +spnego_gss_wrap_aead(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_assoc_buffer, + gss_buffer_t input_payload_buffer, + int *conf_state, + gss_buffer_t output_message_buffer) +{ + OM_uint32 ret; + ret = gss_wrap_aead(minor_status, + context_handle, + conf_req_flag, + qop_req, + input_assoc_buffer, + input_payload_buffer, + conf_state, + output_message_buffer); + + return (ret); +} + +OM_uint32 +spnego_gss_unwrap_aead(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer, + gss_buffer_t input_assoc_buffer, + gss_buffer_t output_payload_buffer, + int *conf_state, + gss_qop_t *qop_state) +{ + OM_uint32 ret; + ret = gss_unwrap_aead(minor_status, + context_handle, + input_message_buffer, + input_assoc_buffer, + output_payload_buffer, + conf_state, + qop_state); + return (ret); +} + +OM_uint32 +spnego_gss_wrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 ret; + ret = gss_wrap_iov(minor_status, + context_handle, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count); + return (ret); +} + +OM_uint32 +spnego_gss_unwrap_iov(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int *conf_state, + gss_qop_t *qop_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 ret; + ret = gss_unwrap_iov(minor_status, + context_handle, + conf_state, + qop_state, + iov, + iov_count); + return (ret); +} + +OM_uint32 +spnego_gss_wrap_iov_length(OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count) +{ + OM_uint32 ret; + ret = gss_wrap_iov_length(minor_status, + context_handle, + conf_req_flag, + qop_req, + conf_state, + iov, + iov_count); + return (ret); +} + + +OM_uint32 +spnego_gss_complete_auth_token( + OM_uint32 *minor_status, + const gss_ctx_id_t context_handle, + gss_buffer_t input_message_buffer) +{ + OM_uint32 ret; + ret = gss_complete_auth_token(minor_status, + context_handle, + input_message_buffer); return (ret); } @@ -2005,30 +2568,6 @@ get_req_flags(unsigned char **buff_in, OM_uint32 bodysize, return (0); } -/* - * der encode the passed req_flags into buf_out, advancing - * the buffer pointer. - */ - -static int -put_req_flags(unsigned char **buf_out, OM_uint32 req_flags, - unsigned int buflen) -{ - int ret = 0; - if (buflen < 6) - return (-1); - - *(*buf_out)++ = CONTEXT | 0x01; - if ((ret = gssint_put_der_length(4, buf_out, buflen-1)) != 0) - return (ret); - - *(*buf_out)++ = BIT_STRING; - *(*buf_out)++ = BIT_STRING_LENGTH; - *(*buf_out)++ = BIT_STRING_PADDING; - *(*buf_out)++ = (unsigned char) (req_flags << 1); - return (ret); -} - static OM_uint32 get_negTokenInit(OM_uint32 *minor_status, gss_buffer_t buf, @@ -2238,8 +2777,14 @@ negotiate_mech_type(OM_uint32 *minor_status, unsigned int i; for (i = 0; i < mechset->count; i++) { - gss_test_oid_set_member(minor_status, &mechset->elements[i], - supported_mechSet, &present); + gss_OID mech_oid = &mechset->elements[i]; + + /* Accept wrong mechanism OID from MS clients */ + if (mech_oid->length == gss_mech_krb5_wrong_oid.length && + memcmp(mech_oid->elements, gss_mech_krb5_wrong_oid.elements, mech_oid->length) == 0) + mech_oid = (gss_OID)&gss_mech_krb5_oid;; + + gss_test_oid_set_member(minor_status, mech_oid, supported_mechSet, &present); if (!present) continue; @@ -2272,14 +2817,7 @@ negotiate_mech_type(OM_uint32 *minor_status, static spnego_token_t make_spnego_token(char *name) { - spnego_token_t token; - - token = (spnego_token_t)malloc(strlen(name)+1); - - if (token == NULL) - return (NULL); - strcpy(token, name); - return (token); + return (spnego_token_t)strdup(name); } static gss_buffer_desc @@ -2306,6 +2844,7 @@ make_err_msg(char *name) */ static int make_spnego_tokenInit_msg(spnego_gss_ctx_id_t spnego_ctx, + int negHintsCompat, gss_buffer_t mechListMIC, OM_uint32 req_flags, gss_buffer_t data, send_token_flag sendtoken, gss_buffer_t outbuf) @@ -2336,13 +2875,6 @@ make_spnego_tokenInit_msg(spnego_gss_ctx_id_t spnego_ctx, gssint_der_length_size(spnego_ctx->DER_mechTypes.length) + spnego_ctx->DER_mechTypes.length; dataLen += mechListTokenSize; - /* - * 4 bytes for ret_flags: - * ASN.1 token + ASN.1 Length + Padding + Flags - * 0xa1 LENGTH BIT_STRING BIT_STRING_LEN PAD DATA - */ - if (req_flags != 0) - dataLen += 6; /* * If a token from gss_init_sec_context exists, @@ -2420,7 +2952,7 @@ make_spnego_tokenInit_msg(spnego_gss_ctx_id_t spnego_ctx, tlen - (int)(ptr-t)))) goto errout; - *ptr++ = CONTEXT; /* MechTypeList identifier */ + *ptr++ = CONTEXT | 0x00; /* MechTypeList identifier */ if ((ret = gssint_put_der_length(spnego_ctx->DER_mechTypes.length, &ptr, tlen - (int)(ptr-t)))) goto errout; @@ -2431,12 +2963,6 @@ make_spnego_tokenInit_msg(spnego_gss_ctx_id_t spnego_ctx, ptr += spnego_ctx->DER_mechTypes.length; - if (req_flags != 0) { - if ((ret = put_req_flags(&ptr, req_flags, - tlen - (int)(ptr-t)))) - goto errout; - } - if (data != NULL) { *ptr++ = CONTEXT | 0x02; if ((ret = gssint_put_der_length(rspTokenSize, @@ -2454,7 +2980,12 @@ make_spnego_tokenInit_msg(spnego_gss_ctx_id_t spnego_ctx, &ptr, tlen - (int)(ptr - t)))) goto errout; - if ((ret = put_input_token(&ptr, mechListMIC, + if (negHintsCompat) { + ret = put_neg_hints(&ptr, mechListMIC, + tlen - (int)(ptr - t)); + if (ret) + goto errout; + } else if ((ret = put_input_token(&ptr, mechListMIC, tlen - (int)(ptr - t)))) goto errout; } @@ -2737,7 +3268,7 @@ g_get_tag_and_length(unsigned char **buf, int tag, unsigned char *ptr = *buf; int ret = -1; /* pessimists, assume failure ! */ unsigned int encoded_len; - int tmplen = 0; + unsigned int tmplen = 0; *outlen = 0; if (buflen > 1 && *ptr == tag) { @@ -2883,3 +3414,26 @@ g_verify_token_header(gss_OID_const mech, return (ret); } + +/* + * Return non-zero if the oid is one of the kerberos mech oids, + * otherwise return zero. + * + * N.B. There are 3 oids that represent the kerberos mech: + * RFC-specified GSS_MECH_KRB5_OID, + * Old pre-RFC GSS_MECH_KRB5_OLD_OID, + * Incorrect MS GSS_MECH_KRB5_WRONG_OID + */ + +static int +is_kerb_mech(gss_OID oid) +{ + int answer = 0; + OM_uint32 minor; + extern const gss_OID_set_desc * const gss_mech_set_krb5_both; + + (void) gss_test_oid_set_member(&minor, + oid, (gss_OID_set)gss_mech_set_krb5_both, &answer); + + return (answer); +} diff --git a/src/lib/kadm5/Makefile.in b/src/lib/kadm5/Makefile.in index d59b80db13..2e4d809d39 100644 --- a/src/lib/kadm5/Makefile.in +++ b/src/lib/kadm5/Makefile.in @@ -100,111 +100,3 @@ clean-windows:: @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \ - $(COM_ERR_DEPS) kadm_err.c -chpass_util_strings.so chpass_util_strings.po $(OUTPRE)chpass_util_strings.$(OBJEXT): \ - $(COM_ERR_DEPS) chpass_util_strings.c -ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h ovsec_glue.c -misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h admin_internal.h misc_free.c \ - server_internal.h -kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/admin_xdr.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h kadm_rpc_xdr.c -chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h admin_internal.h chpass_util.c -alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - alt_prof.c -str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h admin_internal.h str_conv.c -logger.so logger.po $(OUTPRE)logger.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - logger.c diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index c1744171fe..c8617723a4 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -516,6 +516,8 @@ kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names, krb5_error_code kadm5_init_krb5_context (krb5_context *); +krb5_error_code kadm5_init_iprop(void *server_handle, char **db_args); + /* * kadm5_get_principal_keys is used only by kadmin.local to extract existing * keys from the database without changing them. It should never be exposed diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index cfcbd79aa6..45f748d0f9 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -73,42 +73,28 @@ krb5_aprof_init(fname, envname, acontextp) krb5_error_code kret; profile_t profile; const char *kdc_config; - size_t krb5_config_len, kdc_config_len; char *profile_path; char **filenames; int i; + struct k5buf buf; kret = krb5_get_default_config_files (&filenames); if (kret) return kret; - krb5_config_len = 0; - for (i = 0; filenames[i] != NULL; i++) - krb5_config_len += strlen(filenames[i]) + 1; - if (i > 0) - krb5_config_len--; - if (envname == NULL - || (kdc_config = getenv(envname)) == NULL) + if (envname == NULL || (kdc_config = getenv(envname)) == NULL) kdc_config = fname; - if (kdc_config == NULL) - kdc_config_len = 0; - else - kdc_config_len = strlen(kdc_config); - profile_path = malloc(2 + krb5_config_len + kdc_config_len); - if (profile_path == NULL) { - krb5_free_config_files(filenames); - return ENOMEM; + krb5int_buf_init_dynamic(&buf); + if (kdc_config) + krb5int_buf_add(&buf, kdc_config); + for (i = 0; filenames[i] != NULL; i++) { + if (krb5int_buf_len(&buf) > 0) + krb5int_buf_add(&buf, ":"); + krb5int_buf_add(&buf, filenames[i]); } - if (kdc_config_len) - strcpy(profile_path, kdc_config); - else - profile_path[0] = 0; - if (krb5_config_len) - for (i = 0; filenames[i] != NULL; i++) { - if (kdc_config_len || i) - strcat(profile_path, ":"); - strcat(profile_path, filenames[i]); - } krb5_free_config_files(filenames); + profile_path = krb5int_buf_data(&buf); + if (profile_path == NULL) + return ENOMEM; profile = (profile_t) NULL; kret = profile_init_path(profile_path, &profile); free(profile_path); @@ -156,7 +142,7 @@ string_to_boolean (const char *string, krb5_boolean *out) { static const char *const yes[] = { "y", "yes", "true", "t", "1", "on" }; static const char *const no[] = { "n", "no", "false", "f", "nil", "0", "off" }; - int i; + unsigned int i; for (i = 0; i < sizeof(yes)/sizeof(yes[0]); i++) if (!strcasecmp(string, yes[i])) { @@ -192,6 +178,7 @@ krb5_aprof_get_boolean(krb5_pointer acontext, const char **hierarchy, } valp = values[idx]; kret = string_to_boolean (valp, &val); + profile_free_list(values); if (kret) return kret; *retdata = val; @@ -235,9 +222,7 @@ krb5_aprof_get_deltat(acontext, hierarchy, uselast, deltatp) kret = krb5_string_to_deltat(valp, deltatp); /* Free the string storage */ - for (idx=0; values[idx]; idx++) - krb5_xfree(values[idx]); - krb5_xfree(values); + profile_free_list(values); } return(kret); } @@ -265,22 +250,25 @@ krb5_aprof_get_string(acontext, hierarchy, uselast, stringp) { krb5_error_code kret; char **values; - int idx, i; + int lastidx; if (!(kret = krb5_aprof_getvals(acontext, hierarchy, &values))) { - idx = 0; + for (lastidx=0; values[lastidx]; lastidx++); + lastidx--; + + /* Excise the entry we want from the null-terminated list, + and free up the rest. */ if (uselast) { - for (idx=0; values[idx]; idx++); - idx--; + *stringp = values[lastidx]; + values[lastidx] = NULL; + } else { + *stringp = values[0]; + values[0] = values[lastidx]; + values[lastidx] = NULL; } - *stringp = values[idx]; - /* Free the string storage */ - for (i=0; values[i]; i++) - if (i != idx) - krb5_xfree(values[i]); - krb5_xfree(values); + profile_free_list(values); } return(kret); } @@ -322,9 +310,7 @@ krb5_aprof_get_int32(acontext, hierarchy, uselast, intp) kret = EINVAL; /* Free the string storage */ - for (idx=0; values[idx]; idx++) - krb5_xfree(values[idx]); - krb5_xfree(values); + profile_free_list(values); } return(kret); } @@ -798,15 +784,16 @@ kadm5_free_config_params(context, params) kadm5_config_params *params; { if (params) { - krb5_xfree(params->dbname); - krb5_xfree(params->mkey_name); - krb5_xfree(params->stash_file); - krb5_xfree(params->keysalts); + free(params->dbname); + free(params->mkey_name); + free(params->stash_file); + free(params->keysalts); free(params->admin_server); free(params->admin_keytab); free(params->dict_file); free(params->acl_file); free(params->realm); + free(params->iprop_logfile); } return(0); } diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in index 36c663f43f..acc7cfef9b 100644 --- a/src/lib/kadm5/clnt/Makefile.in +++ b/src/lib/kadm5/clnt/Makefile.in @@ -14,8 +14,8 @@ SHLIB_EXPDEPS=\ $(TOPLIBD)/libgssapi_krb5$(SHLIBEXT) \ $(TOPLIBD)/libkrb5$(SHLIBEXT) \ $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(COM_ERR_DEPLIB) -SHLIB_EXPLIBS=-lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err + $(COM_ERR_DEPLIB) $(SUPPORT_LIBDEP) +SHLIB_EXPLIBS=-lgssrpc -lgssapi_krb5 -lkrb5 -lk5crypto $(SUPPORT_LIB) -lcom_err SHLIB_DIRS=-L$(TOPLIBD) SHLIB_RDIRS=$(KRB5_LIBDIR) RELDIR=kadm5/clnt @@ -75,92 +75,3 @@ install:: install-libs @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h client_internal.h clnt_policy.c -client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_rpc.c -client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h client_internal.h client_principal.c -client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h client_init.c client_internal.h -clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h client_internal.h clnt_privs.c -clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \ - clnt_chpass_util.c diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index fc67ab2d73..d5fe5b0f12 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -839,7 +839,7 @@ krb5_error_code kadm5_init_krb5_context (krb5_context *ctx) * libkdb's ulog functions. The srv equivalent makes the actual calls. */ krb5_error_code -kadm5_init_iprop(void *handle) +kadm5_init_iprop(void *handle, char **db_args) { return (0); } diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index 7b65331faf..51135f436e 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -14,6 +14,7 @@ static char *rcsid = "$Header$"; #ifdef HAVE_MEMORY_H #include #endif +#include #include #include "client_internal.h" diff --git a/src/lib/kadm5/clnt/client_rpc.c b/src/lib/kadm5/clnt/client_rpc.c index 2edafcbe57..28d9b6b7ce 100644 --- a/src/lib/kadm5/clnt/client_rpc.c +++ b/src/lib/kadm5/clnt/client_rpc.c @@ -2,6 +2,8 @@ #include #include #include +#include /* for memset prototype */ + #ifdef HAVE_MEMORY_H #include #endif diff --git a/src/lib/kadm5/clnt/deps b/src/lib/kadm5/clnt/deps new file mode 100644 index 0000000000..1bcee56669 --- /dev/null +++ b/src/lib/kadm5/clnt/deps @@ -0,0 +1,82 @@ +# +# Generated makefile dependencies follow. +# +clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \ + clnt_policy.c +client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h client_rpc.c +client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \ + client_principal.c +client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h client_init.c client_internal.h +clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \ + clnt_privs.c +clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h client_internal.h clnt_chpass_util.c diff --git a/src/lib/kadm5/deps b/src/lib/kadm5/deps new file mode 100644 index 0000000000..09b77a8d50 --- /dev/null +++ b/src/lib/kadm5/deps @@ -0,0 +1,101 @@ +# +# Generated makefile dependencies follow. +# +kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \ + $(COM_ERR_DEPS) kadm_err.c +chpass_util_strings.so chpass_util_strings.po $(OUTPRE)chpass_util_strings.$(OBJEXT): \ + $(COM_ERR_DEPS) chpass_util_strings.c +ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h ovsec_glue.c +misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h admin_internal.h misc_free.c \ + server_internal.h +kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/admin_xdr.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h kadm_rpc_xdr.c +chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h admin_internal.h chpass_util.c +alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h alt_prof.c +str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h admin_internal.h str_conv.c +logger.so logger.po $(OUTPRE)logger.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h logger.c diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index a1edd495d0..efff81872d 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -569,7 +569,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do { "LOCAL7", LOG_LOCAL7 }, #endif /* LOG_LOCAL7 */ }; - int j; + unsigned int j; for (j = 0; j < sizeof(facilities)/sizeof(facilities[0]); j++) if (!strcasecmp(cp2, facilities[j].name)) { @@ -664,10 +664,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do log_control.log_nentries = 1; } if (log_control.log_nentries) { - log_control.log_whoami = (char *) malloc(strlen(whoami)+1); - if (log_control.log_whoami) - strcpy(log_control.log_whoami, whoami); - + log_control.log_whoami = strdup(whoami); log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN + 1); if (log_control.log_hostname) { gethostname(log_control.log_hostname, MAXHOSTNAMELEN); diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in index e6410f2bf9..fcb92d797b 100644 --- a/src/lib/kadm5/srv/Makefile.in +++ b/src/lib/kadm5/srv/Makefile.in @@ -22,9 +22,9 @@ SHLIB_EXPDEPS=\ $(TOPLIBD)/libkdb5$(SHLIBEXT) \ $(TOPLIBD)/libkrb5$(SHLIBEXT) \ $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(COM_ERR_DEPLIB) + $(COM_ERR_DEPLIB) $(SUPPORT_LIBDEP) SHLIB_EXPLIBS = -lgssrpc -lgssapi_krb5 -lkdb5 $(KDB5_DB_LIB) \ - -lkrb5 -lk5crypto -lcom_err @GEN_LIB@ + -lkrb5 -lk5crypto $(SUPPORT_LIB) -lcom_err @GEN_LIB@ SHLIB_DIRS=-L$(TOPLIBD) SHLIB_RDIRS=$(KRB5_LIBDIR) RELDIR=kadm5/srv @@ -92,164 +92,3 @@ install:: install-libs @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -svr_policy.so svr_policy.po $(OUTPRE)svr_policy.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h svr_policy.c -svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h svr_principal.c -server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h server_acl.c server_acl.h -server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h server_kdb.c -server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h server_misc.c -server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ - $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../../gssapi/generic/gssapiP_generic.h $(srcdir)/../../gssapi/generic/gssapi_generic.h \ - $(srcdir)/../../gssapi/krb5/gssapiP_krb5.h server_init.c -server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h server_dict.c -svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h svr_iters.c -svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h svr_chpass_util.c -adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h adb_xdr.c diff --git a/src/lib/kadm5/srv/deps b/src/lib/kadm5/srv/deps new file mode 100644 index 0000000000..f4da1d2c56 --- /dev/null +++ b/src/lib/kadm5/srv/deps @@ -0,0 +1,159 @@ +# +# Generated makefile dependencies follow. +# +svr_policy.so svr_policy.po $(OUTPRE)svr_policy.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h svr_policy.c +svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h svr_principal.c +server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h server_acl.c server_acl.h +server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h server_kdb.c +server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h server_misc.c +server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \ + $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../../gssapi/generic/gssapiP_generic.h \ + $(srcdir)/../../gssapi/generic/gssapi_ext.h $(srcdir)/../../gssapi/generic/gssapi_generic.h \ + $(srcdir)/../../gssapi/krb5/gssapiP_krb5.h server_init.c +server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h server_dict.c +svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h svr_iters.c +svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h svr_chpass_util.c +adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h adb_xdr.c diff --git a/src/lib/kadm5/srv/libkadm5srv.exports b/src/lib/kadm5/srv/libkadm5srv.exports index da207372b8..3296d3bb0f 100644 --- a/src/lib/kadm5/srv/libkadm5srv.exports +++ b/src/lib/kadm5/srv/libkadm5srv.exports @@ -1,6 +1,7 @@ _kadm5_check_handle _kadm5_chpass_principal_util kadm5int_acl_check +kadm5int_acl_check_krb kadm5int_acl_finish kadm5int_acl_impose_restrictions kadm5int_acl_init diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c index 8eed476c8b..9471d0ac01 100644 --- a/src/lib/kadm5/srv/server_acl.c +++ b/src/lib/kadm5/srv/server_acl.c @@ -217,9 +217,8 @@ kadm5int_acl_parse_line(lp) } } if (opok) { - acle->ae_name = (char *) malloc(strlen(acle_principal)+1); + acle->ae_name = strdup(acle_principal); if (acle->ae_name) { - strcpy(acle->ae_name, acle_principal); acle->ae_principal = (krb5_principal) NULL; acle->ae_name_bad = 0; DPRINT(DEBUG_ACL, acl_debug_level, @@ -736,6 +735,42 @@ kadm5int_acl_finish(kcontext, debug_level) DPRINT(DEBUG_CALLS, acl_debug_level, ("X kadm5int_acl_finish()\n")); } +/* + * kadm5int_acl_check_krb() - Is this operation permitted for this principal? + */ +krb5_boolean +kadm5int_acl_check_krb(kcontext, caller_princ, opmask, principal, restrictions) + krb5_context kcontext; + krb5_const_principal caller_princ; + krb5_int32 opmask; + krb5_const_principal principal; + restriction_t **restrictions; +{ + krb5_boolean retval; + aent_t *aentry; + + DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_op_permitted()\n")); + + retval = FALSE; + + aentry = kadm5int_acl_find_entry(kcontext, caller_princ, principal); + if (aentry) { + if ((aentry->ae_op_allowed & opmask) == opmask) { + retval = TRUE; + if (restrictions) { + *restrictions = + (aentry->ae_restrictions && aentry->ae_restrictions->mask) + ? aentry->ae_restrictions + : (restriction_t *) NULL; + } + } + } + + DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_op_permitted()=%d\n", + retval)); + return retval; +} + /* * kadm5int_acl_check() - Is this operation permitted for this principal? * this code used not to be based on gssapi. In order @@ -753,47 +788,30 @@ kadm5int_acl_check(kcontext, caller, opmask, principal, restrictions) restriction_t **restrictions; { krb5_boolean retval; - aent_t *aentry; gss_buffer_desc caller_buf; gss_OID caller_oid; OM_uint32 emaj, emin; krb5_error_code code; krb5_principal caller_princ; - DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_op_permitted()\n")); - if (GSS_ERROR(emaj = gss_display_name(&emin, caller, &caller_buf, &caller_oid))) - return(0); + return FALSE; code = krb5_parse_name(kcontext, (char *) caller_buf.value, &caller_princ); gss_release_buffer(&emin, &caller_buf); - if (code) - return(code); + if (code != 0) + return FALSE; - retval = 0; - - aentry = kadm5int_acl_find_entry(kcontext, caller_princ, principal); - if (aentry) { - if ((aentry->ae_op_allowed & opmask) == opmask) { - retval = 1; - if (restrictions) { - *restrictions = - (aentry->ae_restrictions && aentry->ae_restrictions->mask) - ? aentry->ae_restrictions - : (restriction_t *) NULL; - } - } - } + retval = kadm5int_acl_check_krb(kcontext, caller_princ, + opmask, principal, restrictions); krb5_free_principal(kcontext, caller_princ); - DPRINT(DEBUG_CALLS, acl_debug_level, ("X acl_op_permitted()=%d\n", - retval)); - return(retval); + return retval; } kadm5_ret_t diff --git a/src/lib/kadm5/srv/server_acl.h b/src/lib/kadm5/srv/server_acl.h index b0ed0bf3dd..c4c478993f 100644 --- a/src/lib/kadm5/srv/server_acl.h +++ b/src/lib/kadm5/srv/server_acl.h @@ -95,6 +95,12 @@ krb5_boolean kadm5int_acl_check krb5_int32, krb5_principal, restriction_t **); +krb5_boolean kadm5int_acl_check_krb + (krb5_context, + krb5_const_principal, + krb5_int32, + krb5_const_principal, + restriction_t **); krb5_error_code kadm5int_acl_impose_restrictions (krb5_context, kadm5_principal_ent_rec *, diff --git a/src/lib/kadm5/srv/server_dict.c b/src/lib/kadm5/srv/server_dict.c index ece7831c90..8129994f35 100644 --- a/src/lib/kadm5/srv/server_dict.c +++ b/src/lib/kadm5/srv/server_dict.c @@ -24,6 +24,7 @@ static char *rcsid = "$Header$"; #include "adm_proto.h" #include #include "server_internal.h" +#include "k5-platform.h" static char **word_list = NULL; /* list of word pointers */ static char *word_block = NULL; /* actual word data */ diff --git a/src/lib/kadm5/srv/svr_iters.c b/src/lib/kadm5/srv/svr_iters.c index d78b9e5546..9774d76ea9 100644 --- a/src/lib/kadm5/srv/svr_iters.c +++ b/src/lib/kadm5/srv/svr_iters.c @@ -86,7 +86,7 @@ static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) /* and trailing null. If glob has no @, also allocate space for */ /* the realm. */ append_realm = (realm != NULL) && (strchr(glob, '@') == NULL); - p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 2 : 0)); + p = (char *) malloc(strlen(glob)*2+ 3 + (append_realm ? 3 : 0)); if (p == NULL) return ENOMEM; *regexp = p; @@ -120,6 +120,7 @@ static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) if (append_realm) { *p++ = '@'; + *p++ = '.'; *p++ = '*'; } diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 512876b796..650cadf57a 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -12,6 +12,7 @@ static char *rcsid = "$Header$"; #include #include "server_internal.h" #include +#include #include #define MAX_PW_HISTORY 10 @@ -289,11 +290,10 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, if( cnt != 1 ) return KADM5_UNK_POLICY; - if ((entry->policy = (char *) malloc(strlen(t->name) + 1)) == NULL) { + if ((entry->policy = strdup(t->name)) == NULL) { krb5_db_free_policy(handle->context, t); return ENOMEM; } - strcpy(entry->policy, t->name); entry->pw_min_life = t->pw_min_life; entry->pw_max_life = t->pw_max_life; entry->pw_min_length = t->pw_min_length; diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 0dd1ea2545..2ab499fe07 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -763,18 +763,17 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, if ((mask & KADM5_POLICY) && adb.policy && (adb.aux_attributes & KADM5_POLICY)) { - if ((entry->policy = (char *) malloc(strlen(adb.policy) + 1)) == NULL) { + if ((entry->policy = strdup(adb.policy)) == NULL) { ret = ENOMEM; goto done; } - strcpy(entry->policy, adb.policy); } if (mask & KADM5_AUX_ATTRIBUTES) entry->aux_attributes = adb.aux_attributes; if ((mask & KADM5_PRINCIPAL) && - (ret = krb5_copy_principal(handle->context, principal, + (ret = krb5_copy_principal(handle->context, kdb.princ, &entry->principal))) { goto done; } diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c index 0d142d6de4..c35d515217 100644 --- a/src/lib/kadm5/str_conv.c +++ b/src/lib/kadm5/str_conv.c @@ -173,45 +173,29 @@ krb5_flags_to_string(flags, sep, buffer, buflen) int i; krb5_flags pflags; const char *sepstring; - char *op; - int initial; - krb5_error_code retval; + struct k5buf buf; - retval = 0; - op = buffer; pflags = 0; - initial = 1; sepstring = (sep) ? sep : flags_default_sep; + krb5int_buf_init_fixed(&buf, buffer, buflen); /* Blast through the table matching all we can */ for (i=0; i 0) + krb5int_buf_add(&buf, sepstring); + krb5int_buf_add(&buf, flags_table[i].fl_output); /* Keep track of what we matched */ pflags |= flags_table[i].fl_flags; } } - if (!retval) { - /* See if there's any leftovers */ - if (flags & ~pflags) - retval = EINVAL; - else if (initial) - *buffer = '\0'; - } - return(retval); + if (krb5int_buf_data(&buf) == NULL) + return(ENOMEM); + + /* See if there's any leftovers */ + if (flags & ~pflags) + return(EINVAL); + + return(0); } krb5_error_code @@ -221,8 +205,8 @@ krb5_input_flag_to_string(flag, buffer, buflen) size_t buflen; { if(flag < 0 || flag >= flags_table_nents) return ENOENT; /* End of list */ - if(strlen(flags_table[flag].fl_specifier) > buflen) return ENOMEM; - strcpy(buffer, flags_table[flag].fl_specifier); + if(strlcpy(buffer, flags_table[flag].fl_specifier, buflen) >= buflen) + return ENOMEM; return 0; } diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in index 65ccf0645a..8a3cad51cc 100644 --- a/src/lib/kadm5/unit-test/Makefile.in +++ b/src/lib/kadm5/unit-test/Makefile.in @@ -141,93 +141,3 @@ clean:: $(RM) server-iter-test iter-test.o $(RM) server-setkey-test client-setkey-test setkey-test.o $(RM) *.log *.plog *.sum *.psum unit-test-log.* -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)init-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h init-test.c -$(OUTPRE)destroy-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/client_internal.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h destroy-test.c -$(OUTPRE)handle-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/client_internal.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h handle-test.c -$(OUTPRE)iter-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h iter-test.c -$(OUTPRE)setkey-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h setkey-test.c -$(OUTPRE)randkey-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h randkey-test.c -$(OUTPRE)lock-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h lock-test.c diff --git a/src/lib/kadm5/unit-test/deps b/src/lib/kadm5/unit-test/deps new file mode 100644 index 0000000000..8a58416f3b --- /dev/null +++ b/src/lib/kadm5/unit-test/deps @@ -0,0 +1,82 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)init-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h init-test.c +$(OUTPRE)destroy-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/client_internal.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h destroy-test.c +$(OUTPRE)handle-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/client_internal.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h handle-test.c +$(OUTPRE)iter-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h iter-test.c +$(OUTPRE)setkey-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h setkey-test.c +$(OUTPRE)randkey-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h randkey-test.c +$(OUTPRE)lock-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h lock-test.c diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in index 4b25db868a..9c98679aaa 100644 --- a/src/lib/kdb/Makefile.in +++ b/src/lib/kdb/Makefile.in @@ -64,119 +64,3 @@ generate-files-mac: darwin.exports @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -kdb5.so kdb5.po $(OUTPRE)kdb5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h adb_err.h kdb5.c kdb5.h -encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h encrypt_key.c -decrypt_key.so decrypt_key.po $(OUTPRE)decrypt_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h decrypt_key.c -kdb_default.so kdb_default.po $(OUTPRE)kdb_default.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdb_default.c -kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdb_cpw.c -adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): $(COM_ERR_DEPS) \ - adb_err.c -iprop_xdr.so iprop_xdr.po $(OUTPRE)iprop_xdr.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h iprop_xdr.c -kdb_convert.so kdb_convert.po $(OUTPRE)kdb_convert.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kdb_convert.c -kdb_log.so kdb_log.po $(OUTPRE)kdb_log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdb5.h kdb_log.c -keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_kt.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h keytab.c diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index c2ddbfd2c8..9ab66dfbf5 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -63,11 +63,11 @@ */ krb5_error_code -krb5_dbekd_decrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_key_data * key_data, - krb5_keyblock * dbkey, - krb5_keysalt * keysalt) +krb5_dbekd_def_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) { krb5_error_code retval = 0; krb5_int16 tmplen; diff --git a/src/lib/kdb/deps b/src/lib/kdb/deps new file mode 100644 index 0000000000..d99c72e20d --- /dev/null +++ b/src/lib/kdb/deps @@ -0,0 +1,119 @@ +# +# Generated makefile dependencies follow. +# +kdb5.so kdb5.po $(OUTPRE)kdb5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ + $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h adb_err.h kdb5.c kdb5.h \ + kdb5int.h +encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h encrypt_key.c +decrypt_key.so decrypt_key.po $(OUTPRE)decrypt_key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h decrypt_key.c +kdb_default.so kdb_default.po $(OUTPRE)kdb_default.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb_default.c +kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb_cpw.c +adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): $(COM_ERR_DEPS) \ + adb_err.c +iprop_xdr.so iprop_xdr.po $(OUTPRE)iprop_xdr.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h iprop_xdr.c +kdb_convert.so kdb_convert.po $(OUTPRE)kdb_convert.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb_convert.c +kdb_log.so kdb_log.po $(OUTPRE)kdb_log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ + $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb5.h kdb5int.h kdb_log.c +keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_kt.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + keytab.c diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index ed35e6969f..bf778ea858 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -63,12 +63,12 @@ */ krb5_error_code -krb5_dbekd_encrypt_key_data( krb5_context context, - const krb5_keyblock * mkey, - const krb5_keyblock * dbkey, - const krb5_keysalt * keysalt, - int keyver, - krb5_key_data * key_data) +krb5_dbekd_def_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) { krb5_error_code retval; krb5_octet * ptr; diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 7715010d66..f5e9e5c4df 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -38,6 +38,7 @@ #include "kdb5.h" #include #include "kdb_log.h" +#include "kdb5int.h" /* Currently DB2 policy related errors are exported from DAL. But other databases should set_err function to return string. */ @@ -259,6 +260,14 @@ kdb_setup_opt_functions(db_library lib) if (lib->vftabl.promote_db == NULL) { lib->vftabl.promote_db = krb5_def_promote_db; } + + if (lib->vftabl.dbekd_decrypt_key_data == NULL) { + lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data; + } + + if (lib->vftabl.dbekd_encrypt_key_data == NULL) { + lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data; + } } static int kdb_db2_pol_err_loaded = 0; @@ -288,7 +297,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) goto clean_n_exit; } - strcpy((*lib)->name, lib_name); + strlcpy((*lib)->name, lib_name, sizeof((*lib)->name)); #if !defined(KDB5_USE_LIB_KDB_DB2) && !defined(KDB5_USE_LIB_TEST) #error No database module defined @@ -378,7 +387,7 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib) goto clean_n_exit; } - strcpy((*lib)->name, lib_name); + strlcpy((*lib)->name, lib_name, sizeof((*lib)->name)); /* Fetch the list of directories specified in the config file(s) first. */ @@ -934,7 +943,7 @@ krb5_db_get_principal(krb5_context kcontext, } status = - dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, + dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, 0, entries, nentries, more); get_errmsg(kcontext, status); @@ -944,6 +953,40 @@ krb5_db_get_principal(krb5_context kcontext, return status; } +krb5_error_code +krb5_db_get_principal_ext(krb5_context kcontext, + krb5_const_principal search_for, + unsigned int flags, + krb5_db_entry * entries, + int *nentries, krb5_boolean * more) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = + dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, + flags, + entries, nentries, + more); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; +} + krb5_error_code krb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count) { @@ -1146,7 +1189,7 @@ krb5_db_put_principal(krb5_context kcontext, upd->kdb_princ_name.utf8str_t_val = princ_name; upd->kdb_princ_name.utf8str_t_len = strlen(princ_name); - if ((status = ulog_add_update(kcontext, upd))) + if ((status = ulog_add_update(kcontext, upd)) != 0) goto err_lock; upd++; } @@ -1397,9 +1440,32 @@ krb5_db_set_mkey(krb5_context context, krb5_keyblock * key) } krb5_error_code -krb5_db_set_mkey_list(krb5_context context, krb5_keyblock_node * keylist) +krb5_db_set_mkey_list(krb5_context kcontext, + krb5_keyblock_node * keylist) { - return krb5_db_set_master_key_ext(context, NULL, keylist); + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.set_master_key_list(kcontext, keylist); + get_errmsg(kcontext, status); + + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; } krb5_error_code @@ -2054,23 +2120,14 @@ krb5_db_setup_mkey_name(krb5_context context, char **fullname, krb5_principal * principal) { krb5_error_code retval; - size_t keylen; - size_t rlen = strlen(realm); char *fname; if (!keyname) keyname = KRB5_KDB_M_NAME; /* XXX external? */ - keylen = strlen(keyname); - - fname = malloc(keylen + rlen + strlen(REALM_SEP_STRING) + 1); - if (!fname) + if (asprintf(&fname, "%s%s%s", keyname, REALM_SEP_STRING, realm) < 0) return ENOMEM; - strcpy(fname, keyname); - strcat(fname, REALM_SEP_STRING); - strcat(fname, realm); - if ((retval = krb5_parse_name(context, fname, principal))) return retval; if (fullname) @@ -2832,3 +2889,125 @@ krb5_db_promote(krb5_context kcontext, char **db_args) return status; } +krb5_error_code +krb5_dbekd_decrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = + dal_handle->lib_handle->vftabl.dbekd_decrypt_key_data(kcontext, + mkey, key_data, dbkey, keysalt); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; +} + +krb5_error_code +krb5_dbekd_encrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = + dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(kcontext, + mkey, dbkey, keysalt, keyver, key_data); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; +} + +krb5_error_code +krb5_db_get_context(krb5_context context, void **db_context) +{ + *db_context = KRB5_DB_GET_DB_CONTEXT(context); + if (*db_context == NULL) { + return KRB5_KDB_DBNOTINITED; + } + + return 0; +} + +krb5_error_code +krb5_db_set_context(krb5_context context, void *db_context) +{ + KRB5_DB_GET_DB_CONTEXT(context) = db_context; + + return 0; +} + +krb5_error_code +krb5_db_invoke(krb5_context kcontext, + unsigned int method, + const krb5_data *req, + krb5_data *rep) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + if (dal_handle->lib_handle->vftabl.db_invoke == NULL) { + status = KRB5_KDB_DBTYPE_NOSUP; + goto clean_n_exit; + } + + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = + dal_handle->lib_handle->vftabl.db_invoke(kcontext, + method, + req, + rep); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; +} + diff --git a/src/lib/kdb/kdb5.h b/src/lib/kdb/kdb5.h index 31106cd4c6..e3a1f2633a 100644 --- a/src/lib/kdb/kdb5.h +++ b/src/lib/kdb/kdb5.h @@ -10,189 +10,12 @@ #include #include #include "kdb.h" +#include "kdb_ext.h" -#define KDB_MAX_DB_NAME 128 -#define KDB_REALM_SECTION "realms" -#define KDB_MODULE_POINTER "database_module" -#define KDB_MODULE_DEF_SECTION "dbdefaults" -#define KDB_MODULE_SECTION "dbmodules" -#define KDB_LIB_POINTER "db_library" -#define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH -#define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV - -#define KRB5_DB_GET_DB_CONTEXT(kcontext) (((kdb5_dal_handle*) (kcontext)->db_context)->db_context) +#define KRB5_DB_GET_DB_CONTEXT(kcontext) (((kdb5_dal_handle*) (kcontext)->dal_handle)->db_context) #define KRB5_DB_GET_PROFILE(kcontext) ((kcontext)->profile) #define KRB5_DB_GET_REALM(kcontext) ((kcontext)->default_realm) -typedef struct _kdb_vftabl{ - short int maj_ver; - short int min_ver; - - krb5_error_code (*init_library)(); - krb5_error_code (*fini_library)(); - krb5_error_code (*init_module) (krb5_context kcontext, - char * conf_section, - char ** db_args, - int mode); - - krb5_error_code (*fini_module) (krb5_context kcontext); - - krb5_error_code (*db_create) (krb5_context kcontext, - char * conf_section, - char ** db_args); - - krb5_error_code (*db_destroy) (krb5_context kcontext, - char *conf_section, - char ** db_args); - - krb5_error_code (*db_get_age) (krb5_context kcontext, - char *db_name, - time_t *age); - - krb5_error_code (*db_set_option) (krb5_context kcontext, - int option, - void *value); - - krb5_error_code (*db_lock) (krb5_context kcontext, - int mode); - - krb5_error_code (*db_unlock) (krb5_context kcontext); - - krb5_error_code (*db_get_principal) (krb5_context kcontext, - krb5_const_principal search_for, - krb5_db_entry *entries, - int *nentries, - krb5_boolean *more); - - krb5_error_code (*db_free_principal) (krb5_context kcontext, - krb5_db_entry *entry, - int count); - - krb5_error_code (*db_put_principal) (krb5_context kcontext, - krb5_db_entry *entries, - int *nentries, - char **db_args); - - krb5_error_code (*db_delete_principal) (krb5_context kcontext, - krb5_const_principal search_for, - int *nentries); - - krb5_error_code (*db_iterate) (krb5_context kcontext, - char *match_entry, - int (*func) (krb5_pointer, krb5_db_entry *), - krb5_pointer func_arg); - - krb5_error_code (*db_create_policy) (krb5_context kcontext, - osa_policy_ent_t policy); - - krb5_error_code (*db_get_policy) (krb5_context kcontext, - char *name, - osa_policy_ent_t *policy, - int *cnt); - - krb5_error_code (*db_put_policy) (krb5_context kcontext, - osa_policy_ent_t policy); - - krb5_error_code (*db_iter_policy) (krb5_context kcontext, - char *match_entry, - osa_adb_iter_policy_func func, - void *data); - - - krb5_error_code (*db_delete_policy) (krb5_context kcontext, - char *policy); - - void (*db_free_policy) (krb5_context kcontext, - osa_policy_ent_t val); - - krb5_error_code (*db_supported_realms) (krb5_context kcontext, - char **realms); - - krb5_error_code (*db_free_supported_realms) (krb5_context kcontext, - char **realms); - - - const char * (*errcode_2_string) (krb5_context kcontext, - long err_code); - void (*release_errcode_string) (krb5_context kcontext, const char *msg); - - void * (*db_alloc) (krb5_context kcontext, void *ptr, size_t size); - void (*db_free) (krb5_context kcontext, void *ptr); - - - - /* optional functions */ - krb5_error_code (*set_master_key) (krb5_context kcontext, - char *pwd, - krb5_keyblock *key); - - krb5_error_code (*get_master_key) (krb5_context kcontext, - krb5_keyblock **key); - - krb5_error_code (*set_master_key_list) (krb5_context kcontext, - krb5_keyblock_node *keylist); - - krb5_error_code (*get_master_key_list) (krb5_context kcontext, - krb5_keyblock_node **keylist); - - - krb5_error_code (*setup_master_key_name) (krb5_context kcontext, - char *keyname, - char *realm, - char **fullname, - krb5_principal *principal); - - krb5_error_code (*store_master_key) (krb5_context kcontext, - char *db_arg, - krb5_principal mname, - krb5_kvno kvno, - krb5_keyblock *key, - char *master_pwd); - - krb5_error_code (*fetch_master_key) (krb5_context kcontext, - krb5_principal mname, - krb5_keyblock *key, - krb5_kvno *kvno, - char *db_args); - - krb5_error_code (*verify_master_key) (krb5_context kcontext, - krb5_principal mprinc, - krb5_kvno kvno, - krb5_keyblock *mkey); - - krb5_error_code (*fetch_master_key_list) (krb5_context kcontext, - krb5_principal mname, - const krb5_keyblock *key, - krb5_kvno kvno, - krb5_keyblock_node **mkeys_list); - - - krb5_error_code (*dbe_search_enctype) (krb5_context kcontext, - krb5_db_entry *dbentp, - krb5_int32 *start, - krb5_int32 ktype, - krb5_int32 stype, - krb5_int32 kvno, - krb5_key_data **kdatap); - - - krb5_error_code - (*db_change_pwd) (krb5_context context, - krb5_keyblock * master_key, - krb5_key_salt_tuple * ks_tuple, - int ks_tuple_count, - char * passwd, - int new_kvno, - krb5_boolean keepold, - krb5_db_entry * db_entry); - - /* Promote a temporary database to be the live one. */ - krb5_error_code (*promote_db) (krb5_context context, - char *conf_section, - char **db_args); - -} kdb_vftabl; - typedef struct _db_library { char name[KDB_MAX_DB_NAME]; int reference_cnt; diff --git a/src/krb524/krb524.c b/src/lib/kdb/kdb5int.h similarity index 69% rename from src/krb524/krb524.c rename to src/lib/kdb/kdb5int.h index 1eff72f001..40f38ad210 100644 --- a/src/krb524/krb524.c +++ b/src/lib/kdb/kdb5int.h @@ -1,5 +1,7 @@ /* - * Copyright (C) 2003 by the Massachusetts Institute of Technology. + * lib/kdb5/kdb5int.h + * + * Copyright (C) 2008 by the Massachusetts Institute of Technology. * All rights reserved. * * Export of this software from the United States of America may @@ -21,27 +23,22 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. * + * + * Private header file for the kdb5 library for internal functions */ -#ifdef _WIN32 -#include "krb5.h" +#ifndef __KDB5INT_H__ +#define __KDB5INT_H__ + +#include "kdb5.h" -#ifdef krb524_convert_creds_kdc -#undef krb524_convert_creds_kdc -#endif -#ifdef krb524_init_ets -#undef krb524_init_ets -#endif +krb5_error_code +krb5int_put_principal_no_log(krb5_context kcontext, + krb5_db_entry *entries, int *nentries); -int KRB5_CALLCONV_WRONG -krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds) -{ - return(krb5_524_convert_creds(context,v5creds,v4creds)); -} +krb5_error_code +krb5int_delete_principal_no_log(krb5_context kcontext, + krb5_principal search_for, + int *nentries); -void KRB5_CALLCONV_WRONG -krb524_init_ets(krb5_context context) -{ - /* no-op */ -} -#endif /* _WIN32 */ +#endif /* __KDB5INT_H__ */ diff --git a/src/lib/kdb/kdb_convert.c b/src/lib/kdb/kdb_convert.c index 3846cba276..cecf5133f1 100644 --- a/src/lib/kdb/kdb_convert.c +++ b/src/lib/kdb/kdb_convert.c @@ -149,10 +149,10 @@ data_to_utf8str(utf8str_t *u, krb5_data d) { u->utf8str_t_len = d.length; if (d.data) { - /* XXX Is the data always a nul-terminated string? */ - u->utf8str_t_val = strdup(d.data); + u->utf8str_t_val = malloc(d.length); if (u->utf8str_t_val == NULL) return -1; + memcpy(u->utf8str_t_val, d.data, d.length); } else u->utf8str_t_val = NULL; return 0; @@ -225,100 +225,65 @@ conv_princ_2ulog(krb5_principal princ, kdb_incr_update_t *upd, * Maybe a return value should indicate success/failure? */ static void -replace_with_utf8str(krb5_data *d, utf8str_t u) +set_from_utf8str(krb5_data *d, utf8str_t u) { + if (u.utf8str_t_len > INT_MAX-1 || u.utf8str_t_len >= SIZE_MAX-1) { + d->data = NULL; + return; + } d->length = u.utf8str_t_len; - /* XXX Memory leak: old d->data if realloc failed. */ - /* XXX Overflow check? d->length + 1. */ - d->data = realloc(d->data, d->length + 1); + d->data = malloc(d->length + 1); if (d->data == NULL) return; - if (u.utf8str_t_val) /* May be null if length = 0. */ - strncpy(d->data, u.utf8str_t_val, d->length + 1); + if (d->length) /* Pointer may be null if length = 0. */ + strncpy(d->data, u.utf8str_t_val, d->length); d->data[d->length] = 0; } /* * Converts the krb5_principal struct from ulog to db2 format. */ -static krb5_error_code -conv_princ_2db(krb5_context context, krb5_principal *dbprinc, - kdb_incr_update_t *upd, - int cnt, princ_type tp, - int princ_exists) +static krb5_principal +conv_princ_2db(krb5_context context, kdbe_princ_t *kdbe_princ) { int i; krb5_principal princ; - kdbe_princ_t *kdbe_princ; kdbe_data_t *components; - if (upd == NULL) - return (KRB5KRB_ERR_GENERIC); - - if (princ_exists == 0) { - princ = NULL; - princ = (krb5_principal)malloc(sizeof (krb5_principal_data)); - if (princ == NULL) { - return (ENOMEM); - } - } else { - princ = *dbprinc; + princ = calloc(1, sizeof (krb5_principal_data)); + if (princ == NULL) { + return NULL; } - - switch (tp) { - case REG_PRINC: - case MOD_PRINC: - kdbe_princ = &ULOG_ENTRY(upd, cnt).av_princ; /* or av_mod_princ */ - components = kdbe_princ->k_components.k_components_val; - - princ->type = (krb5_int32) - kdbe_princ->k_nametype; - if (princ_exists == 0) - princ->realm.data = NULL; - replace_with_utf8str(&princ->realm, kdbe_princ->k_realm); - if (princ->realm.data == NULL) + princ->length = 0; + princ->data = NULL; + + components = kdbe_princ->k_components.k_components_val; + + princ->type = (krb5_int32) kdbe_princ->k_nametype; + princ->realm.data = NULL; + set_from_utf8str(&princ->realm, kdbe_princ->k_realm); + if (princ->realm.data == NULL) + goto error; + + princ->data = calloc(kdbe_princ->k_components.k_components_len, + sizeof (krb5_data)); + if (princ->data == NULL) + goto error; + for (i = 0; i < kdbe_princ->k_components.k_components_len; i++) + princ->data[i].data = NULL; + princ->length = (krb5_int32)kdbe_princ->k_components.k_components_len; + + for (i = 0; i < princ->length; i++) { + princ->data[i].magic = components[i].k_magic; + set_from_utf8str(&princ->data[i], components[i].k_data); + if (princ->data[i].data == NULL) goto error; - - /* Free up old entries we're about to release. */ - if (princ_exists) { - for (i = kdbe_princ->k_components.k_components_len; i < princ->length; i++) { - free(princ->data[i].data); - princ->data[i].data = NULL; - } - } else - princ->data = NULL; - princ->data = (krb5_data *)realloc(princ->data, - (princ->length * sizeof (krb5_data))); - if (princ->data == NULL) - /* XXX Memory leak: old storage not freed. */ - goto error; - /* Initialize pointers in added component slots. */ - for (i = princ->length; i < kdbe_princ->k_components.k_components_len; i++) { - princ->data[i].data = NULL; - } - princ->length = (krb5_int32)kdbe_princ->k_components.k_components_len; - - for (i = 0; i < princ->length; i++) { - princ->data[i].magic = - components[i].k_magic; - if (princ_exists == 0) - princ->data[i].data = NULL; - replace_with_utf8str(&princ->data[i], - components[i].k_data); - if (princ->data[i].data == NULL) - goto error; - } - break; - - default: - break; } - *dbprinc = princ; - return (0); + return princ; error: krb5_free_principal(context, princ); - return (ENOMEM); + return NULL; } @@ -681,7 +646,7 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, if (dbprincstr == NULL) return (ENOMEM); strncpy(dbprincstr, (char *)upd->kdb_princ_name.utf8str_t_val, - (upd->kdb_princ_name.utf8str_t_len + 1)); + upd->kdb_princ_name.utf8str_t_len); dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; ret = krb5_parse_name(context, dbprincstr, &dbprinc); @@ -702,66 +667,63 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, ent->n_tl_data = 0; for (i = 0; i < nattrs; i++) { + krb5_principal tmpprinc = NULL; + +#define u (ULOG_ENTRY(upd, i)) switch (ULOG_ENTRY_TYPE(upd, i).av_type) { case AT_ATTRFLAGS: - ent->attributes = (krb5_flags) - ULOG_ENTRY(upd, i).av_attrflags; + ent->attributes = (krb5_flags) u.av_attrflags; break; case AT_MAX_LIFE: - ent->max_life = (krb5_deltat) - ULOG_ENTRY(upd, i).av_max_life; + ent->max_life = (krb5_deltat) u.av_max_life; break; case AT_MAX_RENEW_LIFE: - ent->max_renewable_life = (krb5_deltat) - ULOG_ENTRY(upd, i).av_max_renew_life; + ent->max_renewable_life = (krb5_deltat) u.av_max_renew_life; break; case AT_EXP: - ent->expiration = (krb5_timestamp) - ULOG_ENTRY(upd, i).av_exp; + ent->expiration = (krb5_timestamp) u.av_exp; break; case AT_PW_EXP: - ent->pw_expiration = (krb5_timestamp) - ULOG_ENTRY(upd, i).av_pw_exp; + ent->pw_expiration = (krb5_timestamp) u.av_pw_exp; break; case AT_LAST_SUCCESS: - ent->last_success = (krb5_timestamp) - ULOG_ENTRY(upd, i).av_last_success; + ent->last_success = (krb5_timestamp) u.av_last_success; break; case AT_LAST_FAILED: - ent->last_failed = (krb5_timestamp) - ULOG_ENTRY(upd, i).av_last_failed; + ent->last_failed = (krb5_timestamp) u.av_last_failed; break; case AT_FAIL_AUTH_COUNT: - ent->fail_auth_count = (krb5_kvno) - ULOG_ENTRY(upd, i).av_fail_auth_count; + ent->fail_auth_count = (krb5_kvno) u.av_fail_auth_count; break; case AT_PRINC: - if ((ret = conv_princ_2db(context, - &(ent->princ), upd, - i, REG_PRINC, nprincs))) - return (ret); + tmpprinc = conv_princ_2db(context, &u.av_princ); + if (tmpprinc == NULL) + return ENOMEM; + if (nprincs) + krb5_free_principal(context, ent->princ); + ent->princ = tmpprinc; break; case AT_KEYDATA: if (nprincs != 0) prev_n_keys = ent->n_key_data; - ent->n_key_data = (krb5_int16)ULOG_ENTRY(upd, - i).av_keydata.av_keydata_len; + else + prev_n_keys = 0; + ent->n_key_data = (krb5_int16)u.av_keydata.av_keydata_len; if (nprincs == 0) ent->key_data = NULL; - ent->key_data = (krb5_key_data *)realloc( - ent->key_data, - (ent->n_key_data * - sizeof (krb5_key_data))); + ent->key_data = (krb5_key_data *)realloc(ent->key_data, + (ent->n_key_data * + sizeof (krb5_key_data))); /* XXX Memory leak: Old key data in records eliminated by resizing to smaller size. */ @@ -770,37 +732,49 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, return (ENOMEM); /* BEGIN CSTYLED */ + for (j = prev_n_keys; j < ent->n_key_data; j++) { + for (cnt = 0; cnt < 2; cnt++) { + ent->key_data[j].key_data_contents[cnt] = NULL; + } + } for (j = 0; j < ent->n_key_data; j++) { - ent->key_data[j].key_data_ver = (krb5_int16)ULOG_ENTRY_KEYVAL(upd, i, j).k_ver; - ent->key_data[j].key_data_kvno = (krb5_int16)ULOG_ENTRY_KEYVAL(upd, i, j).k_kvno; - - for (cnt = 0; cnt < ent->key_data[j].key_data_ver; cnt++) { - ent->key_data[j].key_data_type[cnt] = (krb5_int16)ULOG_ENTRY_KEYVAL(upd, i, j).k_enctype.k_enctype_val[cnt]; - ent->key_data[j].key_data_length[cnt] = (krb5_int16)ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[cnt].utf8str_t_len; - if ((nprincs == 0) || (j >= prev_n_keys)) - ent->key_data[j].key_data_contents[cnt] = NULL; - - ent->key_data[j].key_data_contents[cnt] = (krb5_octet *)realloc(ent->key_data[j].key_data_contents[cnt], ent->key_data[j].key_data_length[cnt]); - if (ent->key_data[j].key_data_contents[cnt] == NULL) - /* XXX Memory leak: old storage. */ - return (ENOMEM); + krb5_key_data *kp = &ent->key_data[j]; + kdbe_key_t *kv = &ULOG_ENTRY_KEYVAL(upd, i, j); + kp->key_data_ver = (krb5_int16)kv->k_ver; + kp->key_data_kvno = (krb5_int16)kv->k_kvno; + if (kp->key_data_ver > 2) { + return EINVAL; /* XXX ? */ + } - (void) memset(ent->key_data[j].key_data_contents[cnt], 0, (ent->key_data[j].key_data_length[cnt] * sizeof (krb5_octet))); - (void) memcpy(ent->key_data[j].key_data_contents[cnt], ULOG_ENTRY_KEYVAL(upd, i, j).k_contents.k_contents_val[cnt].utf8str_t_val, ent->key_data[j].key_data_length[cnt]); + for (cnt = 0; cnt < kp->key_data_ver; cnt++) { + void *newptr; + kp->key_data_type[cnt] = (krb5_int16)kv->k_enctype.k_enctype_val[cnt]; + kp->key_data_length[cnt] = (krb5_int16)kv->k_contents.k_contents_val[cnt].utf8str_t_len; + newptr = realloc(kp->key_data_contents[cnt], + kp->key_data_length[cnt]); + if (newptr == NULL) + return ENOMEM; + kp->key_data_contents[cnt] = newptr; + + (void) memset(kp->key_data_contents[cnt], 0, + kp->key_data_length[cnt]); + (void) memcpy(kp->key_data_contents[cnt], + kv->k_contents.k_contents_val[cnt].utf8str_t_val, + kp->key_data_length[cnt]); } } break; case AT_TL_DATA: - cnt = ULOG_ENTRY(upd, i).av_tldata.av_tldata_len; + cnt = u.av_tldata.av_tldata_len; newtl = malloc(cnt * sizeof (krb5_tl_data)); (void) memset(newtl, 0, (cnt * sizeof (krb5_tl_data))); if (newtl == NULL) return (ENOMEM); - for (j = 0; j < cnt; j++){ - newtl[j].tl_data_type = (krb5_int16)ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_type; - newtl[j].tl_data_length = (krb5_int16)ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_len; + for (j = 0; j < cnt; j++) { + newtl[j].tl_data_type = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_type; + newtl[j].tl_data_length = (krb5_int16)u.av_tldata.av_tldata_val[j].tl_data.tl_data_len; newtl[j].tl_data_contents = NULL; newtl[j].tl_data_contents = malloc(newtl[j].tl_data_length * sizeof (krb5_octet)); if (newtl[j].tl_data_contents == NULL) @@ -810,15 +784,13 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, return (ENOMEM); (void) memset(newtl[j].tl_data_contents, 0, (newtl[j].tl_data_length * sizeof (krb5_octet))); - (void) memcpy(newtl[j].tl_data_contents, ULOG_ENTRY(upd, i).av_tldata.av_tldata_val[j].tl_data.tl_data_val, newtl[j].tl_data_length); + (void) memcpy(newtl[j].tl_data_contents, u.av_tldata.av_tldata_val[j].tl_data.tl_data_val, newtl[j].tl_data_length); newtl[j].tl_data_next = NULL; if (j > 0) - newtl[j - 1].tl_data_next = - &newtl[j]; + newtl[j - 1].tl_data_next = &newtl[j]; } - if ((ret = krb5_dbe_update_tl_data(context, - ent, newtl))) + if ((ret = krb5_dbe_update_tl_data(context, ent, newtl))) return (ret); for (j = 0; j < cnt; j++) if (newtl[j].tl_data_contents) { @@ -833,32 +805,30 @@ ulog_conv_2dbentry(krb5_context context, krb5_db_entry *entries, /* END CSTYLED */ case AT_PW_LAST_CHANGE: - if ((ret = krb5_dbe_update_last_pwd_change( - context, ent, - ULOG_ENTRY(upd, i).av_pw_last_change))) + if ((ret = krb5_dbe_update_last_pwd_change(context, ent, + u.av_pw_last_change))) return (ret); break; case AT_MOD_PRINC: - if ((ret = conv_princ_2db(context, - &mod_princ, upd, - i, MOD_PRINC, 0))) - return (ret); + tmpprinc = conv_princ_2db(context, &u.av_mod_princ); + if (tmpprinc == NULL) + return ENOMEM; + mod_princ = tmpprinc; break; case AT_MOD_TIME: - mod_time = ULOG_ENTRY(upd, i).av_mod_time; + mod_time = u.av_mod_time; break; case AT_LEN: - ent->len = (krb5_int16) - ULOG_ENTRY(upd, i).av_len; + ent->len = (krb5_int16) u.av_len; break; default: break; } - +#undef u } /* diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index a0d60755ac..161f6ea1af 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -144,19 +144,14 @@ krb5_def_store_mkey(krb5_context context, char defkeyfile[MAXPATHLEN+1]; char *tmp_ktname = NULL, *tmp_ktpath; krb5_data *realm = krb5_princ_realm(context, mname); -#ifndef LEAN_CLIENT - krb5_keytab kt; + krb5_keytab kt = NULL; krb5_keytab_entry new_entry; -#endif /* LEAN_CLIENT */ struct stat stb; int statrc; if (!keyfile) { - (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB); - (void) strncat(defkeyfile, realm->data, - min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1, - realm->length)); - defkeyfile[sizeof(defkeyfile) - 1] = '\0'; + (void) snprintf(defkeyfile, sizeof(defkeyfile), "%s%s", + DEFAULT_KEYFILE_STUB, realm->data); keyfile = defkeyfile; } @@ -184,7 +179,14 @@ krb5_def_store_mkey(krb5_context context, goto out; } - if (mktemp(tmp_ktname) == NULL) { + /* + * Set tmp_ktpath to point to the keyfile path (skip WRFILE:). Subtracting + * 1 to account for NULL terminator in sizeof calculation of a string + * constant. Used further down. + */ + tmp_ktpath = tmp_ktname + (sizeof("WRFILE:") - 1); + + if (mktemp(tmp_ktpath) == NULL) { retval = errno; krb5_set_error_message (context, retval, "Could not create temp stash file: %s", @@ -192,7 +194,6 @@ krb5_def_store_mkey(krb5_context context, goto out; } -#ifndef LEAN_CLIENT /* create new stash keytab using temp file name */ retval = krb5_kt_resolve(context, tmp_ktname, &kt); if (retval != 0) @@ -202,15 +203,7 @@ krb5_def_store_mkey(krb5_context context, new_entry.principal = mname; new_entry.key = *key; new_entry.vno = kvno; -#endif /* LEAN_CLIENT */ - /* - * Set tmp_ktpath to point to the keyfile path (skip WRFILE:). Subtracting - * 1 to account for NULL terminator in sizeof calculation of a string - * constant. Used further down. - */ - tmp_ktpath = tmp_ktname + (sizeof("WRFILE:") - 1); -#ifndef LEAN_CLIENT retval = krb5_kt_add_entry(context, kt, &new_entry); if (retval != 0) { /* delete tmp keyfile if it exists and an error occurrs */ @@ -225,11 +218,12 @@ krb5_def_store_mkey(krb5_context context, tmp_ktpath, keyfile, error_message(errno)); } } -#endif /* LEAN_CLIENT */ out: if (tmp_ktname != NULL) free(tmp_ktname); + if (kt) + krb5_kt_close(context, kt); return retval; } @@ -314,7 +308,6 @@ krb5_db_def_fetch_mkey_stash(krb5_context context, return retval; } -#ifndef LEAN_CLIENT static krb5_error_code krb5_db_def_fetch_mkey_keytab(krb5_context context, const char *keyfile, @@ -323,7 +316,7 @@ krb5_db_def_fetch_mkey_keytab(krb5_context context, krb5_kvno *kvno) { krb5_error_code retval = 0; - krb5_keytab kt; + krb5_keytab kt = NULL; krb5_keytab_entry kt_ent; krb5_enctype enctype = IGNORE_ENCTYPE; @@ -373,9 +366,11 @@ krb5_db_def_fetch_mkey_keytab(krb5_context context, } errout: + if (kt) + krb5_kt_close(context, kt); + return retval; } -#endif /* LEAN_CLIENT */ /* XXX WAF: I'm now thinking this fucntion should check to see if the fetched * key matches the latest mkey in the master princ. If it doesn't then the @@ -397,27 +392,21 @@ krb5_db_def_fetch_mkey(krb5_context context, if (db_args != NULL) { (void) strncpy(keyfile, db_args, sizeof(keyfile)); } else { - (void) strcpy(keyfile, DEFAULT_KEYFILE_STUB); - (void) strncat(keyfile, realm->data, - min(sizeof(keyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1, - realm->length)); + (void) snprintf(keyfile, sizeof(keyfile), "%s%s", + DEFAULT_KEYFILE_STUB, realm->data); } /* null terminate no matter what */ keyfile[sizeof(keyfile) - 1] = '\0'; -#ifndef LEAN_CLIENT /* assume the master key is in a keytab */ retval_kt = krb5_db_def_fetch_mkey_keytab(context, keyfile, mname, key, kvno); if (retval_kt != 0) { -#endif /* LEAN_CLIENT */ /* * If it's not in a keytab, fall back and try getting the mkey from the * older stash file format. */ retval_ofs = krb5_db_def_fetch_mkey_stash(context, keyfile, key, kvno); -#ifndef LEAN_CLIENT } -#endif /* LEAN_CLIENT */ if (retval_kt != 0 && retval_ofs != 0) { /* diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c index 8d24857ab3..3652935a14 100644 --- a/src/lib/kdb/kdb_log.c +++ b/src/lib/kdb/kdb_log.c @@ -16,6 +16,7 @@ #include #include "kdb5.h" #include "kdb_log.h" +#include "kdb5int.h" /* * This modules includes all the necessary functions that create and @@ -73,7 +74,7 @@ ulog_sync_update(kdb_hlog_t *ulog, kdb_ent_header_t *upd) (pagesize-1)) & (~(pagesize-1)); size = end - start; - if (retval = msync((caddr_t)start, size, MS_SYNC)) { + if ((retval = msync((caddr_t)start, size, MS_SYNC))) { return (retval); } @@ -186,10 +187,10 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) recsize = sizeof (kdb_ent_header_t) + upd_size; if (recsize > ulog->kdb_block) { - if (retval = ulog_resize(ulog, ulogentries, ulogfd, recsize)) { - /* Resize element array failed */ - return (retval); - } + if ((retval = ulog_resize(ulog, ulogentries, ulogfd, recsize))) { + /* Resize element array failed */ + return (retval); + } } cur_sno = ulog->kdb_last_sno; @@ -227,7 +228,7 @@ ulog_add_update(krb5_context context, kdb_incr_update_t *upd) if (!xdr_kdb_incr_update_t(&xdrs, upd)) return (KRB5_LOG_CONV); - if (retval = ulog_sync_update(ulog, indx_log)) + if ((retval = ulog_sync_update(ulog, indx_log))) return (retval); if (ulog->kdb_num < ulogentries) @@ -280,7 +281,7 @@ ulog_finish_update(krb5_context context, kdb_incr_update_t *upd) ulog->kdb_state = KDB_STABLE; - if (retval = ulog_sync_update(ulog, indx_log)) + if ((retval = ulog_sync_update(ulog, indx_log))) return (retval); ulog_sync_header(ulog); @@ -370,8 +371,8 @@ ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args) (upd->kdb_princ_name.utf8str_t_len + 1)); dbprincstr[upd->kdb_princ_name.utf8str_t_len] = 0; - if (retval = krb5_parse_name(context, dbprincstr, - &dbprinc)) { + if ((retval = krb5_parse_name(context, dbprincstr, + &dbprinc))) { goto cleanup; } @@ -398,7 +399,7 @@ ulog_replay(krb5_context context, kdb_incr_result_t *incr_ret, char **db_args) (void) memset(entry, 0, sizeof (krb5_db_entry)); - if (retval = ulog_conv_2dbentry(context, entry, upd, 1)) + if ((retval = ulog_conv_2dbentry(context, entry, upd, 1))) goto cleanup; retval = krb5int_put_principal_no_log(context, entry, @@ -441,7 +442,7 @@ ulog_check(krb5_context context, kdb_hlog_t *ulog, char **db_args) { XDR xdrs; krb5_error_code retval = 0; - int i; + unsigned int i; kdb_ent_header_t *indx_log; kdb_incr_update_t *upd = NULL; kdb_incr_result_t *incr_ret = NULL; diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c index bc8bc2a5d5..413a2e8271 100644 --- a/src/lib/kdb/keytab.c +++ b/src/lib/kdb/keytab.c @@ -41,9 +41,8 @@ static krb5_error_code krb5_ktkdb_get_name(krb5_context context, krb5_keytab keytab, char *name, unsigned int namelen) { - if (namelen < sizeof("KDB:")) + if (strlcpy(name, "KDB:", namelen) >= namelen); return KRB5_KT_NAME_TOOLONG; - strcpy(name, "KDB:"); return 0; } @@ -179,6 +178,8 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) kerror = krb5_dbe_find_enctype(context, &db_entry, xrealm_tgt?enctype:-1, -1, kvno, &key_data); + if (kerror == KRB5_KDB_NO_MATCHING_KEY) + kerror = KRB5_KT_KVNONOTFOUND; if (kerror) goto error; diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports index 552b5f4636..b83797dcb3 100644 --- a/src/lib/kdb/libkdb5.exports +++ b/src/lib/kdb/libkdb5.exports @@ -14,10 +14,14 @@ krb5_db_fini krb5_db_free_principal krb5_db_get_age krb5_db_get_mkey +krb5_db_get_context krb5_db_get_principal +krb5_db_get_principal_ext +krb5_db_invoke krb5_db_iterate krb5_db_lock krb5_db_put_principal +krb5_db_set_context krb5_db_set_mkey krb5_db_setup_mkey_name krb5_db_unlock diff --git a/src/lib/krb4/CCache-glue.c b/src/lib/krb4/CCache-glue.c deleted file mode 100644 index a078c9f697..0000000000 --- a/src/lib/krb4/CCache-glue.c +++ /dev/null @@ -1,741 +0,0 @@ -/* - * CCache-glue.c - * - * This file contains implementations of krb4 credentials cache operations in terms - * of the CCache API (). - * - * $Header$ - */ - - -#include "krb.h" -#include "krb4int.h" - -#if !defined (USE_CCAPI) || !USE_CCAPI -#error "Cannot use CCache glue without the CCAPI!" -#endif - -#ifdef USE_LOGIN_LIBRARY -#include -#endif /* USE_LOGIN_LIBRARY */ -#include - -#include -#include - -/* - * The following functions are part of the KfM ABI. - * They are deprecated, so they only appear here, not in krb.h. - * - * Do not change the ABI of these functions! - */ -int KRB5_CALLCONV krb_get_num_cred(void); -int KRB5_CALLCONV krb_get_nth_cred(char *, char *, char *, int); -int KRB5_CALLCONV krb_delete_cred(char *, char *,char *); -int KRB5_CALLCONV dest_all_tkts(void); - -/* Internal functions */ -static void UpdateDefaultCache (void); - -/* - * The way Kerberos v4 normally works is that at any given point in time there is a - * file where all the tickets go, determined by an environment variable. If a user kinits - * to a new principal, the existing tickets are replaced with new ones. At any point in time, there is a - * "current" or "default" principal, which is determined by the principal associated with - * the current ticket file. - * - * In the CCache API implementation, this corresponds to always having a "default" - * or "current" named cache. The default principal then corresponds to that cache. - * - * Unfortunately, Kerberos v4 also has this notion that the default cache exists (in the sense - * that its name is known) even before the actual file has been created. - * - * In addition to this, we cannot make the default cache system-wide global, because then - * we get all sorts of interesting scenarios in which context switches between processes - * can cause credentials to be stored in wrong caches. - * - * To solve all the problems, we have to emulate the concept of an environment variable, - * by having a system-wide concept of what a default credentials cache is; then, we copy - * the system-wide value into the per-process value when the application starts up. - * - * However, in order to allow applications to be able to sanely handle the user model we - * want to support, in which the user has some way of selecting the system-wide default - * user _without_ quitting and relaunching all applications (this is also necessary for - * KClient support), calls had to be added to the Kerberos v4 library to reset the - * per-process cached value of default cache. - */ - -/* - * Name of the default cache - */ -char* gDefaultCacheName = NULL; - -/* - * Initialize credentials cache - * - * Creating the cache will blow away an existing one. The assumption is that - * whoever called us made sure that the one that we blow away if it exists - * is the right one to blow away. - */ - -int KRB5_CALLCONV -krb_in_tkt ( - char* pname, - char* pinst, - char* realm) -{ - char principal [MAX_K_NAME_SZ + 1]; - cc_int32 err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (err == ccNoError) { - snprintf (principal, sizeof(principal), "%s%s%s@%s", pname, (pinst [0] == '\0') ? "" : ".", pinst, realm); - } - - if (err == ccNoError) { - err = cc_context_create_ccache (cc_context, TKT_FILE, cc_credentials_v4, principal, &ccache); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (err != ccNoError) - return KFAILURE; - else - return KSUCCESS; -} - -int KRB5_CALLCONV -krb_save_credentials( - char *service, - char *instance, - char *realm, - C_Block session, - int lifetime, - int kvno, - KTEXT ticket, - long issue_date) -{ - return krb4int_save_credentials_addr(service, instance, realm, - session, lifetime, kvno, - ticket, issue_date, 0); -} - -/* - * Store a ticket into the default credentials cache - * cache must exist (if it didn't exist, it would have been created by in_tkt) - */ -int -krb4int_save_credentials_addr( - char* service, - char* instance, - char* realm, - C_Block session, - int lifetime, - int kvno, - KTEXT ticket, - KRB4_32 issue_date, - KRB_UINT32 local_address) -{ - cc_int32 cc_err = ccNoError; - int kerr = KSUCCESS; - cc_credentials_v4_t v4creds; - cc_credentials_union creds; - cc_ccache_t ccache = NULL; - cc_string_t principal; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - /* First try existing cache */ - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - /* Now we have a cache. Fill out the credentials and put them in the cache. */ - /* To fill out the credentials, we need the principal */ - cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal); - } - - if (cc_err == ccNoError) { - kerr = kname_parse (v4creds.principal, v4creds.principal_instance, v4creds.realm, (char*) principal -> data); - cc_string_release (principal); - } - - if ((cc_err == ccNoError) && (kerr == KSUCCESS)) { - strncpy (v4creds.service, service, SNAME_SZ); - strncpy (v4creds.service_instance, instance, INST_SZ); - strncpy (v4creds.realm, realm, REALM_SZ); - memmove (v4creds.session_key, session, sizeof (C_Block)); - v4creds.kvno = kvno; - v4creds.string_to_key_type = cc_v4_stk_unknown; - v4creds.issue_date = issue_date; - v4creds.address = local_address; - v4creds.lifetime = lifetime; - v4creds.ticket_size = ticket -> length; - memmove (v4creds.ticket, ticket -> dat, ticket -> length); - - creds.version = cc_credentials_v4; - creds.credentials.credentials_v4 = &v4creds; - - cc_err = cc_ccache_store_credentials (ccache, &creds); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (kerr != KSUCCESS) - return kerr; - if (cc_err != ccNoError) - return KFAILURE; - else - return KSUCCESS; -} - -/* - * Credentials file -> realm mapping - * - * Determine the realm by opening the named cache and parsing realm from the principal - */ -int KRB5_CALLCONV -krb_get_tf_realm ( - const char* ticket_file, - char* realm) -{ - cc_string_t principal; - char pname [ANAME_SZ]; - char pinst [INST_SZ]; - char prealm [REALM_SZ]; - int kerr = KSUCCESS; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version = 0; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal); - } - - if (cc_err == ccNoError) { - /* found cache. get princiapl and parse it */ - kerr = kname_parse (pname, pinst, prealm, (char*) principal -> data); - cc_string_release (principal); - } - - if ((cc_err == ccNoError) && (kerr == KSUCCESS)) { - strcpy (realm, prealm); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (kerr != KSUCCESS) - return kerr; - if (cc_err != ccNoError) - return GC_NOTKT; - else - return KSUCCESS; -} - -/* - * Credentials file -> name, instance, realm mapping - */ -int KRB5_CALLCONV -krb_get_tf_fullname ( - const char* ticket_file, - char* name, - char* instance, - char* realm) -{ - cc_string_t principal; - int kerr = KSUCCESS; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, ticket_file, &ccache); - } - - if (cc_err == ccNoError) { - /* found cache. get principal and parse it */ - cc_err = cc_ccache_get_principal (ccache, cc_credentials_v4, &principal); - } - - if (cc_err == ccNoError) { - kerr = kname_parse (name, instance, realm, (char*) principal -> data); - cc_string_release (principal); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (kerr != KSUCCESS) - return kerr; - if (cc_err != ccNoError) - return GC_NOTKT; - else - return KSUCCESS; -} - - -/* - * Retrieval from credentials cache - */ -int KRB5_CALLCONV -krb_get_cred ( - char* service, - char* instance, - char* realm, - CREDENTIALS* creds) -{ - int kerr = KSUCCESS; - cc_int32 cc_err = ccNoError; - cc_credentials_t theCreds = NULL; - cc_credentials_iterator_t iterator = NULL; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - -#ifdef USE_LOGIN_LIBRARY - // If we are requesting a tgt, prompt for it - if (strncmp (service, KRB_TICKET_GRANTING_TICKET, ANAME_SZ) == 0) { - OSStatus err; - char *cacheName; - KLPrincipal outPrincipal; - - err = __KLInternalAcquireInitialTicketsForCache (TKT_FILE, kerberosVersion_V4, NULL, - &outPrincipal, &cacheName); - - if (err == klNoErr) { - krb_set_tkt_string (cacheName); // Tickets for the krb4 principal went here - KLDisposeString (cacheName); - KLDisposePrincipal (outPrincipal); - } else { - return GC_NOTKT; - } - } -#endif /* USE_LOGIN_LIBRARY */ - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator); - } - - if (cc_err == ccNoError) { - for (;;) { - /* get next creds */ - cc_err = cc_credentials_iterator_next (iterator, &theCreds); - if (cc_err == ccIteratorEnd) { - kerr = GC_NOTKT; - break; - } - if (cc_err != ccNoError) { - kerr = KFAILURE; - break; - } - - /* version, service, instance, realm check */ - if ((theCreds -> data -> version == cc_credentials_v4) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> service, service) == 0) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, instance) == 0) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, realm) == 0)) { - - /* Match! */ - strcpy (creds -> service, service); - strcpy (creds -> instance, instance); - strcpy (creds -> realm, realm); - memmove (creds -> session, theCreds -> data -> credentials.credentials_v4 -> session_key, sizeof (C_Block)); - creds -> lifetime = theCreds -> data -> credentials.credentials_v4 -> lifetime; - creds -> kvno = theCreds -> data -> credentials.credentials_v4 -> kvno; - creds -> ticket_st.length = theCreds -> data -> credentials.credentials_v4 -> ticket_size; - memmove (creds -> ticket_st.dat, theCreds -> data -> credentials.credentials_v4 -> ticket, creds -> ticket_st.length); - creds -> issue_date = theCreds -> data -> credentials.credentials_v4 -> issue_date; - strcpy (creds -> pname, theCreds -> data -> credentials.credentials_v4 -> principal); - strcpy (creds -> pinst, theCreds -> data -> credentials.credentials_v4 -> principal_instance); - creds -> stk_type = theCreds -> data -> credentials.credentials_v4 -> string_to_key_type; - - cc_credentials_release (theCreds); - kerr = KSUCCESS; - break; - } else { - cc_credentials_release (theCreds); - } - } - } - - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (kerr != KSUCCESS) - return kerr; - if (cc_err != ccNoError) - return GC_NOTKT; - else - return KSUCCESS; -} - - -/* - * Getting name of default credentials cache - */ -const char* KRB5_CALLCONV -tkt_string (void) -{ - if (gDefaultCacheName == NULL) { - UpdateDefaultCache (); - } - return gDefaultCacheName; -} - -/* - * Synchronize default cache for this process with system default cache - */ - -static void -UpdateDefaultCache (void) -{ - cc_string_t name; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_get_default_ccache_name (cc_context, &name); - } - - if (cc_err == ccNoError) { - krb_set_tkt_string ((char*) name -> data); - cc_string_release (name); - } - - if (cc_context != NULL) - cc_context_release (cc_context); -} - -/* - * Setting name of default credentials cache - */ -void -krb_set_tkt_string ( - const char* val) -{ - /* If we get called with the return value of tkt_string, we - shouldn't dispose of the input string */ - if (val != gDefaultCacheName) { - if (gDefaultCacheName != NULL) - free (gDefaultCacheName); - - gDefaultCacheName = malloc (strlen (val) + 1); - if (gDefaultCacheName != NULL) - strcpy (gDefaultCacheName, val); - } -} - -/* - * Destroy credentials file - * - * Implementation in dest_tkt.c - */ -int KRB5_CALLCONV -dest_tkt (void) -{ - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_ccache_destroy (ccache); - } - - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (cc_err != ccNoError) - return RET_TKFIL; - else - return KSUCCESS; -} - -/* - * The following functions are not part of the standard Kerberos v4 API. - * They were created for Mac implementation, and used by admin tools - * such as CNS-Config. - */ - -/* - * Number of credentials in credentials cache - */ -int KRB5_CALLCONV -krb_get_num_cred (void) -{ - cc_credentials_t theCreds = NULL; - int count = 0; - cc_credentials_iterator_t iterator = NULL; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator); - } - - if (cc_err == ccNoError) { - for (;;) { - /* get next creds */ - cc_err = cc_credentials_iterator_next (iterator, &theCreds); - if (cc_err != ccNoError) - break; - - if (theCreds -> data -> version == cc_credentials_v4) - count++; - - cc_credentials_release (theCreds); - } - } - - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (cc_err != ccNoError) - return 0; - else - return count; -} - -/* - * Retrieval from credentials file - * This function is _not_!! well-defined under CCache API, because - * there is no guarantee about order of credentials remaining the same. - */ -int KRB5_CALLCONV -krb_get_nth_cred ( - char* sname, - char* sinstance, - char* srealm, - int n) -{ - cc_credentials_t theCreds = NULL; - int count = 0; - cc_credentials_iterator_t iterator = NULL; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - if (n < 1) - return KFAILURE; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator); - } - - if (cc_err == ccNoError) { - for (count = 0; count < n;) { - /* get next creds */ - cc_err = cc_credentials_iterator_next (iterator, &theCreds); - if (cc_err != ccNoError) - break; - - if (theCreds -> data -> version == cc_credentials_v4) - count++; - - if (count < n - 1) - cc_credentials_release (theCreds); - } - } - - if (cc_err == ccNoError) { - strcpy (sname, theCreds -> data -> credentials.credentials_v4 -> service); - strcpy (sinstance, theCreds -> data -> credentials.credentials_v4 -> service_instance); - strcpy (srealm, theCreds -> data -> credentials.credentials_v4 -> realm); - } - - if (theCreds != NULL) - cc_credentials_release (theCreds); - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (cc_err != ccNoError) - return KFAILURE; - else - return KSUCCESS; -} - -/* - * Deletion from credentials file - */ -int KRB5_CALLCONV -krb_delete_cred ( - char* sname, - char* sinstance, - char* srealm) -{ - cc_credentials_t theCreds = NULL; - cc_credentials_iterator_t iterator = NULL; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_open_ccache (cc_context, TKT_FILE, &ccache); - } - - if (cc_err == ccNoError) { - cc_err = cc_ccache_new_credentials_iterator (ccache, &iterator); - } - - if (cc_err == ccNoError) { - for (;;) { - /* get next creds */ - cc_err = cc_credentials_iterator_next (iterator, &theCreds); - if (cc_err != ccNoError) { - break; - } - - if ((theCreds -> data -> version == cc_credentials_v4) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> service, sname) == 0) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> service_instance, sinstance) == 0) && - (strcmp (theCreds -> data -> credentials.credentials_v4 -> realm, srealm) == 0)) { - - cc_ccache_remove_credentials (ccache, theCreds); - cc_credentials_release (theCreds); - break; - } - - cc_credentials_release (theCreds); - } - } - - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (ccache != NULL) - cc_ccache_release (ccache); - if (cc_context != NULL) - cc_context_release (cc_context); - - if (cc_err != ccNoError) - return KFAILURE; - else - return KSUCCESS; -} - -/* - * Destroy all credential caches - * - * Implementation in memcache.c - */ -int KRB5_CALLCONV -dest_all_tkts (void) -{ - int count = 0; - cc_ccache_iterator_t iterator = NULL; - cc_int32 cc_err = ccNoError; - cc_context_t cc_context = NULL; - cc_int32 cc_version; - cc_ccache_t ccache = NULL; - - cc_err = cc_initialize (&cc_context, ccapi_version_3, &cc_version, NULL); - - if (cc_err == ccNoError) { - cc_err = cc_context_new_ccache_iterator (cc_context, &iterator); - } - - if (cc_err == ccNoError) { - for (;;) { - /* get next ccache */ - cc_err = cc_ccache_iterator_next (iterator, &ccache); - - if (cc_err != ccNoError) - break; - - cc_ccache_destroy (ccache); - count++; - } - } - - if (iterator != NULL) - cc_credentials_iterator_release (iterator); - if (cc_context != NULL) - cc_context_release (cc_context); - - if ((cc_err == ccIteratorEnd) && (count == 0)) { - /* first time, nothing to destroy */ - return KFAILURE; - } else { - if (cc_err == ccIteratorEnd) { - /* done */ - return KSUCCESS; - } else { - /* error */ - return KFAILURE; - } - } -} diff --git a/src/lib/krb4/FSp-glue.c b/src/lib/krb4/FSp-glue.c deleted file mode 100644 index 7bf0e7b54f..0000000000 --- a/src/lib/krb4/FSp-glue.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * lib/krb4/FSp-glue.c - * - * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * MacOS-specific glue for using FSSpecs to deal with srvtabs. - */ - -#include "krb.h" -#include "krb4int.h" -#include -#include - -#include -/* - * These functions are compiled in for ABI compatibility with older versions of KfM. - * They are deprecated so they do not appear in the KfM headers anymore. - * - * Do not change their ABIs! - */ -int KRB5_CALLCONV FSp_krb_get_svc_in_tkt (char *, char *, char *, char *, char *, int, const FSSpec *); -int KRB5_CALLCONV FSp_put_svc_key (const FSSpec *, char *, char *, char *, int, char *); -int KRB5_CALLCONV FSp_read_service_key (char *, char *, char *, int, const FSSpec*, char *); - -static int FSp_srvtab_to_key (char *, char *, char *, char *, C_Block); - -int KRB5_CALLCONV -FSp_read_service_key( - char *service, /* Service Name */ - char *instance, /* Instance name or "*" */ - char *realm, /* Realm */ - int kvno, /* Key version number */ - const FSSpec *filespec, /* Filespec */ - char *key) /* Pointer to key to be filled in */ -{ - int retval = KFAILURE; - char file [MAXPATHLEN]; - if (filespec != NULL) { - if (FSSpecToPOSIXPath (filespec, file, sizeof(file)) != noErr) { - return retval; - } - } - retval = read_service_key(service, instance, realm, kvno, file, key); - if (file != NULL) { - free (file); - } - return retval; -} - -int KRB5_CALLCONV -FSp_put_svc_key( - const FSSpec *sfilespec, - char *name, - char *inst, - char *realm, - int newvno, - char *key) -{ - int retval = KFAILURE; - char sfile[MAXPATHLEN]; - - if (sfilespec != NULL) { - if (FSSpecToPOSIXPath (sfilespec, sfile, sizeof(sfile)) != noErr) { - return retval; - } - } - retval = put_svc_key(sfile, name, inst, realm, newvno, key); - if (sfile != NULL) { - free (sfile); - } - return retval; -} - -int KRB5_CALLCONV -FSp_krb_get_svc_in_tkt( - char *user, char *instance, char *realm, - char *service, char *sinstance, int life, - const FSSpec *srvtab) -{ - /* Cast the FSSpec into the password field. It will be pulled out again */ - /* by FSp_srvtab_to_key and used to read the real password */ - return krb_get_in_tkt(user, instance, realm, service, sinstance, - life, FSp_srvtab_to_key, NULL, (char *)srvtab); -} - -static int FSp_srvtab_to_key(char *user, char *instance, char *realm, - char *srvtab, C_Block key) -{ - /* FSp_read_service_key correctly handles a NULL FSSpecPtr */ - return FSp_read_service_key(user, instance, realm, 0, - (FSSpec *)srvtab, (char *)key); -} diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in deleted file mode 100644 index 9275f9ecf3..0000000000 --- a/src/lib/krb4/Makefile.in +++ /dev/null @@ -1,664 +0,0 @@ -thisconfigdir=../.. -myfulldir=lib/krb4 -mydir=lib/krb4 -BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES = -I$(BUILDTOP)/include/kerberosIV -I$(srcdir)/../../include/kerberosIV -I. -DEFINES= -DKRB4_USE_KEYTAB -DEFS= - -##DOS##BUILDTOP = ..\.. -##DOS##LIBNAME=$(OUTPRE)krb4.lib -##DOS##OBJFILE=$(OUTPRE)krb4.lst - -LIBBASE=krb4 -LIBMAJOR=2 -LIBMINOR=0 -RELDIR=krb4 - -# Depends on libk5crypto, libkrb5, KRB4_CRYPTO_LIB and _et_list... -# Depends on libkrb5, expect to find -# krb5_init_context, krb5_free_context, profile_get_values -# -KRB4_CRYPTO_LIBS=-ldes425 - -SHLIB_EXPDEPS = \ - $(TOPLIBD)/libdes425$(SHLIBEXT) \ - $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ - $(TOPLIBD)/libkrb5$(SHLIBEXT) -SHLIB_EXPLIBS=-lkrb5 -lcom_err -ldes425 -lk5crypto -SHLIB_DIRS=-L$(TOPLIBD) -SHLIB_RDIRS=$(KRB5_LIBDIR) - -EHDRDIR=$(BUILDTOP)$(S)include$(S)kerberosIV -KRB_ERR=@KRB_ERR@ -##DOS##KRB_ERR=$(OUTPRE)krb_err.$(OBJEXT) - -# Name of generated krb_err.c, needed for err_txt.* dependency on Darwin. -KRB_ERR_C=@KRB_ERR_C@ -##DOS##KRB_ERR_C= - -OBJS = \ - $(OUTPRE)change_password.$(OBJEXT) \ - $(OUTPRE)cr_auth_repl.$(OBJEXT) \ - $(OUTPRE)cr_ciph.$(OBJEXT) \ - $(OUTPRE)cr_tkt.$(OBJEXT) \ - $(OUTPRE)debug.$(OBJEXT) \ - $(OUTPRE)decomp_tkt.$(OBJEXT) \ - $(OUTPRE)err_txt.$(OBJEXT) \ - $(OUTPRE)g_ad_tkt.$(OBJEXT) \ - $(OUTPRE)g_in_tkt.$(OBJEXT) \ - $(OUTPRE)g_phost.$(OBJEXT) \ - $(OUTPRE)g_pw_in_tkt.$(OBJEXT) \ - $(OUTPRE)g_pw_tkt.$(OBJEXT) \ - $(OUTPRE)g_tkt_svc.$(OBJEXT) \ - $(OUTPRE)gethostname.$(OBJEXT) \ - $(OUTPRE)getst.$(OBJEXT) \ - $(OUTPRE)kadm_err.$(OBJEXT) \ - $(OUTPRE)kadm_net.$(OBJEXT) \ - $(OUTPRE)kadm_stream.$(OBJEXT) \ - $(OUTPRE)kname_parse.$(OBJEXT) \ - $(OUTPRE)lifetime.$(OBJEXT) \ - $(OUTPRE)mk_auth.$(OBJEXT) \ - $(OUTPRE)mk_err.$(OBJEXT) \ - $(OUTPRE)mk_priv.$(OBJEXT) \ - $(OUTPRE)mk_req.$(OBJEXT) \ - $(OUTPRE)mk_safe.$(OBJEXT) \ - $(OUTPRE)month_sname.$(OBJEXT) \ - $(OUTPRE)password_to_key.$(OBJEXT) \ - $(OUTPRE)prot_client.$(OBJEXT) \ - $(OUTPRE)prot_common.$(OBJEXT) \ - $(OUTPRE)prot_kdc.$(OBJEXT) \ - $(OUTPRE)pkt_cipher.$(OBJEXT) \ - $(OUTPRE)pkt_clen.$(OBJEXT) \ - $(OUTPRE)rd_err.$(OBJEXT) \ - $(OUTPRE)rd_priv.$(OBJEXT) \ - $(OUTPRE)rd_safe.$(OBJEXT) \ - $(OUTPRE)send_to_kdc.$(OBJEXT) \ - $(OUTPRE)stime.$(OBJEXT) \ - $(OUTPRE)strnlen.$(OBJEXT) \ - $(OUTPRE)rd_preauth.$(OBJEXT) \ - $(OUTPRE)mk_preauth.$(OBJEXT) \ - $(OSOBJS) $(CACHEOBJS) $(SETENVOBJS) $(STRCASEOBJS) $(SHMOBJS) \ - $(LIB_KRB_HOSTOBJS) $(SERVER_KRB_OBJS) $(NETIO_OBJS) $(REALMDBOBJS) $(KRB_ERR) - -SRCS = \ - change_password.c \ - cr_auth_repl.c \ - cr_ciph.c \ - cr_tkt.c \ - debug.c \ - decomp_tkt.c \ - g_ad_tkt.c \ - g_pw_in_tkt.c \ - g_phost.c \ - g_pw_tkt.c \ - g_tkt_svc.c \ - getst.c \ - gethostname.c \ - kadm_err.c \ - kadm_net.c \ - kadm_stream.c \ - kname_parse.c \ - err_txt.c \ - lifetime.c \ - g_in_tkt.c \ - mk_auth.c \ - mk_err.c \ - mk_priv.c \ - mk_req.c \ - mk_safe.c \ - month_sname.c \ - password_to_key.c \ - pkt_cipher.c \ - pkt_clen.c \ - prot_client.c \ - prot_common.c \ - prot_kdc.c \ - rd_err.c \ - rd_priv.c \ - rd_safe.c \ - send_to_kdc.c \ - stime.c \ - strnlen.c \ - rd_preauth.c \ - mk_preauth.c \ - unix_time.c \ - $(OSSRCS) $(CACHESRCS) $(SETENVSRCS) $(STRCASESRCS) $(SHMSRCS) \ - $(LIB_KRB_HOSTSRCS) $(SERVER_KRB_SRCS) $(NETIO_SRCS) $(REALMDBSRCS) - -STLIBOBJS = $(OBJS) -STOBJLISTS=OBJS.ST - -# -# These objects implement the time computation routines. -# -OSOBJS = $(OUTPRE)unix_time.$(OBJEXT) -OSSRCS = unix_time.c - -##DOS##OSOBJS = $(OUTPRE)win_time.obj - -# -# These objects implement ticket cacheing for Unix. They are -# replaced by other files when compiling for Windows or Mac. -# -CACHESRCS = \ - tf_util.c dest_tkt.c in_tkt.c \ - tkt_string.c g_tf_fname.c g_tf_realm.c \ - g_cred.c save_creds.c -CACHEOBJS = \ - $(OUTPRE)tf_util.$(OBJEXT) $(OUTPRE)dest_tkt.$(OBJEXT) $(OUTPRE)in_tkt.$(OBJEXT) \ - $(OUTPRE)tkt_string.$(OBJEXT) $(OUTPRE)g_tf_fname.$(OBJEXT) $(OUTPRE)g_tf_realm.$(OBJEXT) \ - $(OUTPRE)g_cred.$(OBJEXT) $(OUTPRE)save_creds.$(OBJEXT) - -##DOS##CACHEOBJS = $(OUTPRE)memcache.$(OBJEXT) - -# -# These objects implement Kerberos realm<->host database lookup. -# They read config files and/or network databases in various ways -# on various platforms. -# - -CNFFILE = g_cnffile -##DOS##CNFFILE = win_store - -REALMDBSRCS=$(CNFFILE).c RealmsConfig-glue.c -REALMDBOBJS=$(OUTPRE)$(CNFFILE).$(OBJEXT) $(OUTPRE)RealmsConfig-glue.$(OBJEXT) - -# -# These objects are only used on server or debug implementations of Kerberos, -# and they cause some major or minor sort of trouble for some -# client-only platform (Mac or Windows). -# -SERVER_KRB_SRCS = \ - klog.c kuserok.c log.c \ - kntoln.c \ - fgetst.c rd_svc_key.c cr_err_repl.c \ - rd_req.c g_svc_in_tkt.c recvauth.c \ - ad_print.c cr_death_pkt.c \ - put_svc_key.c sendauth.c -SERVER_KRB_OBJS = \ - $(OUTPRE)klog.$(OBJEXT) $(OUTPRE)kuserok.$(OBJEXT) $(OUTPRE)log.$(OBJEXT) \ - $(OUTPRE)kntoln.$(OBJEXT) \ - $(OUTPRE)fgetst.$(OBJEXT) $(OUTPRE)rd_svc_key.$(OBJEXT) $(OUTPRE)cr_err_repl.$(OBJEXT) \ - $(OUTPRE)rd_req.$(OBJEXT) $(OUTPRE)g_svc_in_tkt.$(OBJEXT) $(OUTPRE)recvauth.$(OBJEXT) \ - $(OUTPRE)ad_print.$(OBJEXT) $(OUTPRE)cr_death_pkt.$(OBJEXT) \ - $(OUTPRE)put_svc_key.$(OBJEXT) $(OUTPRE)sendauth.$(OBJEXT) -# -# These objects are included on Unix and Windows (for kstream and kadm) -# but not under Mac (there are no file descriptors). -# -NETIO_SRCS=netread.c netwrite.c -NETIO_OBJS=$(OUTPRE)netread.$(OBJEXT) $(OUTPRE)netwrite.$(OBJEXT) - -# -# These objects glue the Kerberos library to the operating system -# (time-of-day access, etc). They are replaced in Mac and Windows -# by other _glue.* routines. -# -LIB_KRB_HOSTSRCS=unix_glue.c -LIB_KRB_HOSTOBJS=$(OUTPRE)unix_glue.$(OBJEXT) - -##DOS##LIB_KRB_HOSTOBJS=$(OUTPRE)win_glue.obj - -ARCHIVEARGS= $@ $(OBJS) - -# We want *library* compiler options... -DBG=$(DBG_LIB) - -all-unix:: includes all-liblinks - -##DOS##LIBOBJS = $(OBJS) - -# comp_et_depend(krb_err) -krb_err.h: krb_err.et -krb_err.c: krb_err.et - -kadm_err.h: kadm_err.et -kadm_err.c: kadm_err.et - -GEN_ERRTXT=$(AWK) -f $(srcdir)$(S)et_errtxt.awk outfile=$@ - -krb_err_txt.c: krb_err.et $(srcdir)$(S)et_errtxt.awk - $(GEN_ERRTXT) $(srcdir)/krb_err.et - -# Will be empty on Darwin, krb_err_txt.c elsewhere. -KRB_ERR_TXT=@KRB_ERR_TXT@ -##DOS##KRB_ERR_TXT=krb_err_txt.c -err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): err_txt.c $(KRB_ERR_C) $(KRB_ERR_TXT) - -depend-dependencies: krb_err.h $(EHDRDIR)$(S)krb_err.h \ - kadm_err.h $(EHDRDIR)$(S)kadm_err.h \ - krb_err.c - -includes: $(EHDRDIR)$(S)krb_err.h $(EHDRDIR)$(S)kadm_err.h - -$(EHDRDIR)$(S)krb_err.h: krb_err.h - $(CP) krb_err.h $@ -$(EHDRDIR)$(S)kadm_err.h: kadm_err.h - $(CP) kadm_err.h $@ - -clean-unix:: - $(RM) $(EHDRDIR)/krb_err.h - $(RM) $(EHDRDIR)/kadm_err.h - $(RM) krb_err_txt.c - -clean:: - -$(RM) $(OBJS) - -clean-:: clean-unix - -clean-unix:: - -$(RM) krb_err.c - -$(RM) krb_err.h - -$(RM) kadm_err.c - -$(RM) kadm_err.h - -$(RM) ../../include/kerberosIV/krb_err.h - -$(RM) ../../include/kerberosIV/kadm_err.h - -clean-unix:: clean-liblinks clean-libs clean-libobjs - - -check-unix:: $(TEST_PROGS) -check-windows:: - - -install-unix:: install-libs - -@lib_frag@ -@libobj_frag@ - -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -change_password.so change_password.po $(OUTPRE)change_password.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/port-sockets.h change_password.c \ - krb4int.h -cr_auth_repl.so cr_auth_repl.po $(OUTPRE)cr_auth_repl.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h cr_auth_repl.c -cr_ciph.so cr_ciph.po $(OUTPRE)cr_ciph.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h cr_ciph.c -cr_tkt.so cr_tkt.po $(OUTPRE)cr_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/port-sockets.h cr_tkt.c -debug.so debug.po $(OUTPRE)debug.$(OBJEXT): $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - debug.c -decomp_tkt.so decomp_tkt.po $(OUTPRE)decomp_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb54proto.h \ - $(SRCTOP)/include/port-sockets.h decomp_tkt.c -g_ad_tkt.so g_ad_tkt.po $(OUTPRE)g_ad_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - g_ad_tkt.c krb4int.h -g_pw_in_tkt.so g_pw_in_tkt.po $(OUTPRE)g_pw_in_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ - g_pw_in_tkt.c krb4int.h -g_phost.so g_phost.po $(OUTPRE)g_phost.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h g_phost.c -g_pw_tkt.so g_pw_tkt.po $(OUTPRE)g_pw_tkt.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h g_pw_tkt.c -g_tkt_svc.so g_tkt_svc.po $(OUTPRE)g_tkt_svc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - g_tkt_svc.c -getst.so getst.po $(OUTPRE)getst.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - getst.c krb4int.h -gethostname.so gethostname.po $(OUTPRE)gethostname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/port-sockets.h gethostname.c krb4int.h -kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \ - $(COM_ERR_DEPS) kadm_err.c -kadm_net.so kadm_net.po $(OUTPRE)kadm_net.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/krbports.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - kadm_net.c -kadm_stream.so kadm_stream.po $(OUTPRE)kadm_stream.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/kerberosIV/kadm_err.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/kadm.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/port-sockets.h kadm_stream.c -kname_parse.so kname_parse.po $(OUTPRE)kname_parse.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - kname_parse.c -err_txt.so err_txt.po $(OUTPRE)err_txt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h err_txt.c krb4int.h -lifetime.so lifetime.po $(OUTPRE)lifetime.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - lifetime.c -g_in_tkt.so g_in_tkt.po $(OUTPRE)g_in_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - g_in_tkt.c krb4int.h -mk_auth.so mk_auth.po $(OUTPRE)mk_auth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h mk_auth.c -mk_err.so mk_err.po $(OUTPRE)mk_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h mk_err.c -mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - mk_priv.c -mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h mk_req.c -mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - mk_safe.c -month_sname.so month_sname.po $(OUTPRE)month_sname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h month_sname.c -password_to_key.so password_to_key.po $(OUTPRE)password_to_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h password_to_key.c -pkt_cipher.so pkt_cipher.po $(OUTPRE)pkt_cipher.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/kerberosIV/prot.h \ - pkt_cipher.c -pkt_clen.so pkt_clen.po $(OUTPRE)pkt_clen.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/kerberosIV/prot.h \ - pkt_clen.c -prot_client.so prot_client.po $(OUTPRE)prot_client.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h prot_client.c -prot_common.so prot_common.po $(OUTPRE)prot_common.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h prot_common.c -prot_kdc.so prot_kdc.po $(OUTPRE)prot_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - prot_kdc.c -rd_err.so rd_err.po $(OUTPRE)rd_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h rd_err.c -rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - rd_priv.c -rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/lsb_addr_cmp.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - rd_safe.c -send_to_kdc.so send_to_kdc.po $(OUTPRE)send_to_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/krbports.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h krb4int.h send_to_kdc.c -stime.so stime.po $(OUTPRE)stime.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h stime.c -strnlen.so strnlen.po $(OUTPRE)strnlen.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h strnlen.c -rd_preauth.so rd_preauth.po $(OUTPRE)rd_preauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/krb_db.h $(SRCTOP)/include/kerberosIV/prot.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h rd_preauth.c -mk_preauth.so mk_preauth.po $(OUTPRE)mk_preauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h mk_preauth.c -unix_time.so unix_time.po $(OUTPRE)unix_time.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - unix_time.c -tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h krb4int.h tf_util.c -dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h dest_tkt.c -in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h in_tkt.c -tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - tkt_string.c -g_tf_fname.so g_tf_fname.po $(OUTPRE)g_tf_fname.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h g_tf_fname.c -g_tf_realm.so g_tf_realm.po $(OUTPRE)g_tf_realm.$(OBJEXT): \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - g_tf_realm.c -g_cred.so g_cred.po $(OUTPRE)g_cred.$(OBJEXT): $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - g_cred.c -save_creds.so save_creds.po $(OUTPRE)save_creds.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h save_creds.c -unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h unix_glue.c -klog.so klog.po $(OUTPRE)klog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - klog.c krb4int.h -kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - kuserok.c -log.so log.po $(OUTPRE)log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h log.c -kntoln.so kntoln.po $(OUTPRE)kntoln.$(OBJEXT): $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - kntoln.c -fgetst.so fgetst.po $(OUTPRE)fgetst.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/mit-copyright.h $(SRCTOP)/include/port-sockets.h \ - fgetst.c krb4int.h -rd_svc_key.so rd_svc_key.po $(OUTPRE)rd_svc_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/krb54proto.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h krb4int.h rd_svc_key.c -cr_err_repl.so cr_err_repl.po $(OUTPRE)cr_err_repl.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h cr_err_repl.c -rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb54proto.h rd_req.c -g_svc_in_tkt.so g_svc_in_tkt.po $(OUTPRE)g_svc_in_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h $(SRCTOP)/include/port-sockets.h \ - g_svc_in_tkt.c krb4int.h -recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - recvauth.c -ad_print.so ad_print.po $(OUTPRE)ad_print.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - ad_print.c krb4int.h -cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/prot.h cr_death_pkt.c -put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h put_svc_key.c -sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/mit-copyright.h \ - $(SRCTOP)/include/port-sockets.h krb4int.h sendauth.c -netread.so netread.po $(OUTPRE)netread.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ - $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/port-sockets.h netread.c -netwrite.so netwrite.po $(OUTPRE)netwrite.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - netwrite.c -g_cnffile.so g_cnffile.po $(OUTPRE)g_cnffile.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - g_cnffile.c krb4int.h -RealmsConfig-glue.so RealmsConfig-glue.po $(OUTPRE)RealmsConfig-glue.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - RealmsConfig-glue.c krb4int.h diff --git a/src/lib/krb4/Password.c b/src/lib/krb4/Password.c deleted file mode 100644 index 5862e0e655..0000000000 --- a/src/lib/krb4/Password.c +++ /dev/null @@ -1,436 +0,0 @@ -#include "kerberos.h" -#define KRB_DEFS -#include "krb_driver.h" - -#include -#include -#include -#include -#include -#include - -/* added for OpenInitRF.c - FIXME jcm - should check that they are not in c-mac - or other included file -*/ - -#include -#include -#include -#include -#include -#include - - -// #include "debug.h" - -#define kLoginDLOGID -4081 -#define kErrorALERTID -4082 -#define kLoginOKItem 1 -#define kLoginCnclItem 2 -#define kLoginNameItem 10 -#define kLoginVisPwItem 9 -#define kLoginFrameItem 5 -#define kLoginIvisPwItem 6 -#define kBadUserError 1 -#define kNotUniqueError 2 -#define kGenError 3 -#define kIntegrityError 4 -#define kBadPasswordError 5 -#define cr 0x0D -#define enter 0x03 -#define bs 0x08 -#define tab 0x09 -#define larrow 0x1C -#define rarrow 0x1D -#define uarrow 0x1E -#define darrow 0x1F -#define DialogNotDone 1 - -typedef union { // used to convert ProcPtr to Handle - Handle H; - ProcPtr P; -} Proc2Hand; - -static char gPassword [MAX_K_NAME_SZ] = "\0"; - -pascal void FrameOKbtn( WindowPtr myWindow, short itemNo ); -pascal Boolean TwoItemFilter( DialogPtr dlog, EventRecord *event, short *itemHit ); - -/* - FIXME jcm - begin OpenInitRF - Mac_store thinks that it is managing the open resource file - is this code in conflict? -*/ - -void GetExtensionsFolder(short *vRefNumP, long *dirIDP) -{ - Boolean hasFolderMgr = false; - long feature; - -/* - FIXME Error: Ô_GestaltDispatchÕ has not been declared - not needed now? - jcm - if (TrapAvailable(_GestaltDispatch)) -*/ - if (Gestalt(gestaltFindFolderAttr, &feature) == noErr) hasFolderMgr = true; - if (!hasFolderMgr) { - GetSystemFolder(vRefNumP, dirIDP); - return; - } - else { - if (FindFolder(kOnSystemDisk, kExtensionFolderType, kDontCreateFolder, vRefNumP, dirIDP) != noErr) { - *vRefNumP = 0; - *dirIDP = 0; - } - } -} - -short SearchFolderForINIT(long targetType, long targetCreator, short vRefNum, long dirID) -{ - HParamBlockRec fi; - Str255 filename; - short refnum; - - fi.fileParam.ioCompletion = nil; - fi.fileParam.ioNamePtr = filename; - fi.fileParam.ioVRefNum = vRefNum; - fi.fileParam.ioDirID = dirID; - fi.fileParam.ioFDirIndex = 1; - - while (PBHGetFInfo(&fi, false) == noErr) { - /* scan system folder for driver resource files of specific type & creator */ - if (fi.fileParam.ioFlFndrInfo.fdType == targetType && - fi.fileParam.ioFlFndrInfo.fdCreator == targetCreator) { - refnum = HOpenResFile(vRefNum, dirID, filename, fsRdPerm); - return refnum; - } - /* check next file in folder */ - fi.fileParam.ioFDirIndex++; - fi.fileParam.ioDirID = dirID; /* PBHGetFInfo() clobbers ioDirID */ - } - return(-1); -} - -short OpenInitRF() -{ - short refnum; - short vRefNum; - long dirID; - - /* first search Extensions Panels */ - GetExtensionsFolder(&vRefNum, &dirID); - refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID); - if (refnum != -1) return(refnum); - - /* next search System Folder */ - GetSystemFolder(&vRefNum, &dirID); - refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID); - if (refnum != -1) return(refnum); - - /* finally, search Control Panels */ - GetCPanelFolder(&vRefNum, &dirID); - refnum = SearchFolderForINIT('INIT', 'krbL', vRefNum, dirID); - if (refnum != -1) return(refnum); - - return -1; -} - -int DisplayError( short errorID ) -{ - OSErr err; - Str255 errText; - - GetIndString(errText,kErrorALERTID,errorID); - if (errText[0] == 0) { - SysBeep(1); // nothing else we can do - return cKrbCorruptedFile; - } - - ParamText(errText,"\p","\p","\p"); - err = StopAlert(kErrorALERTID,nil); - - return DialogNotDone; -} - - - -OSErr GetUserInfo( char *password ) -{ - DialogPtr myDLOG; - short itemHit; - short itemType; - Handle itemHandle; - Rect itemRect; - OSErr rc = DialogNotDone; - Str255 tempStr,tpswd,tuser; - Proc2Hand procConv; - short rf; - char uname[ANAME_SZ]="\0"; - char uinst[INST_SZ]="\0"; - char realm[REALM_SZ]="\0"; - char UserName[MAX_K_NAME_SZ]="\0"; - CursHandle aCursor; - - krb_get_lrealm (realm, 1); - - ////////////////////////////////////////////////////// - // already got a password, just get the initial ticket - ////////////////////////////////////////////////////// - if (*gPassword) { - strncpy (UserName, krb_get_default_user( ), sizeof(UserName)-1); - UserName[sizeof(UserName) - 1] = '\0'; - /* FIXME jcm - if we have a password then no dialog - comes up for setting the uinstance. */ - rc = kname_parse(uname, uinst, realm, UserName); - if (rc) return rc; - (void) dest_all_tkts(); // start from scratch - rc = krb_get_pw_in_tkt(uname,uinst,realm,"krbtgt",realm,DEFAULT_TKT_LIFE,gPassword); - *gPassword = 0; // Always clear, password only good for one shot - return rc; - } - - ///////////////////////// - // Ask user for password - ///////////////////////// - rf = OpenInitRF(); // need the resource file for the dialog resources - if (rf<=0) return rf; - password[0] = 0; - myDLOG = GetNewDialog( kLoginDLOGID, (void *) NULL, (WindowPtr) -1 ); - if( myDLOG == NULL ) { - CloseResFile(rf); - return cKrbCorruptedFile; - } - - // Insert user's name in dialog - strncpy (UserName, krb_get_default_user( ), sizeof(UserName) - 1); - UserName[sizeof(UserName) - 1] = '\0'; - if (*UserName) { - tempStr[0] = strlen(UserName); - memcpy( &(tempStr[1]), UserName, tempStr[0]); - GetDItem( myDLOG, kLoginNameItem, &itemType, &itemHandle, &itemRect ); - SetIText( itemHandle, tempStr ); - SelIText( myDLOG, kLoginVisPwItem,0,0 ); - } - else SelIText( myDLOG, kLoginNameItem,0,0 ); - - // Establish a user item around the OK button to draw the default button frame in - GetDItem( myDLOG, kLoginOKItem, &itemType, &itemHandle, &itemRect ); - InsetRect( &itemRect, -4, -4 ); // position user item around OK button - procConv.P = (ProcPtr) FrameOKbtn; // convert ProcPtr to a Handle - SetDItem( myDLOG, kLoginFrameItem, userItem, procConv.H, &itemRect ); - - InitCursor(); - do { - do { // display the dialog & handle events - SetOKEnable(myDLOG); - ModalDialog( (ModalFilterProcPtr) TwoItemFilter, (short *) &itemHit ); - } while( itemHit != kLoginOKItem && itemHit != kLoginCnclItem ); - - if( itemHit == kLoginOKItem ) { // OK button pressed? - GetDItem( myDLOG, kLoginNameItem, &itemType, &itemHandle, &itemRect ); - GetIText( itemHandle, tempStr ); - - tempStr[0] = ( tempStr[0] < MAX_K_NAME_SZ ) ? tempStr[0] : MAX_K_NAME_SZ-1 ; - memcpy ((void*) UserName, (void*) &(tempStr[1]), tempStr[0]); - UserName[tempStr[0]] = 0; - - GetDItem( myDLOG, kLoginIvisPwItem, &itemType, &itemHandle, &itemRect ); - GetIText( itemHandle, tempStr ); - - tempStr[0] = ( tempStr[0] < ANAME_SZ ) ? tempStr[0] : ANAME_SZ-1 ; - memcpy( (void*) password, (void*) &(tempStr[1]), tempStr[0]); - password[tempStr[0]] = 0; - - //---------------------------------------------------- - // Get the ticket - //---------------------------------------------------- - aCursor = GetCursor(watchCursor); - SetCursor(*aCursor); - ShowCursor(); - - rc = kname_parse(uname, uinst, realm, UserName); - if (rc) return rc; - - (void) dest_all_tkts(); // start from scratch - rc = krb_get_pw_in_tkt(uname,uinst,realm,"krbtgt",realm,DEFAULT_TKT_LIFE,password); - InitCursor(); - if (!rc) - switch (rc) { - case KDC_PR_UNKNOWN: - case KDC_NULL_KEY: - rc = DisplayError(kBadUserError); - SelIText( myDLOG, kLoginNameItem,0,256 ); - break; - case KDC_PR_N_UNIQUE: - rc = DisplayError(kNotUniqueError); - SelIText( myDLOG, kLoginNameItem,0,256 ); - break; - case KDC_GEN_ERR: - rc = DisplayError(kGenError); - SelIText( myDLOG, kLoginNameItem,0,256 ); - break; - case RD_AP_MODIFIED: - rc = DisplayError(kIntegrityError); - SelIText( myDLOG, kLoginNameItem,0,256 ); - break; - case INTK_BADPW: - rc = DisplayError(kBadPasswordError); - SelIText( myDLOG, kLoginVisPwItem,0,256 ); - break; - default: - break; - } - //---------------------------------------------------- - } - else rc = cKrbUserCancelled; // pressed the Cancel button - } while( rc == DialogNotDone ); - - DisposDialog( myDLOG ); - CloseResFile(rf); - return rc; -} - - -static pascal void FrameOKbtn( WindowPtr myWindow, short itemNo ) -{ - short tempType; - Handle tempHandle; - Rect itemRect; - - GetDItem( (DialogPtr) myWindow, itemNo, &tempType, &tempHandle, &itemRect ); - PenSize( 3, 3 ); - FrameRoundRect( &itemRect, 16, 16 ); // make it an OK button suitable for framing -} - - -static pascal Boolean TwoItemFilter( DialogPtr dlog, EventRecord *event, short *itemHit ) -{ - DialogPtr evtDlog; - short selStart, selEnd; - Handle okBtnHandle; - short tempType; - Rect tempRect; - long tempTicks; - - if( event->what != keyDown && event->what != autoKey ) - return false; // don't care about this event - - switch( event->message & charCodeMask ) - { - case cr: // Return (hitting return or enter is the same as hitting the OK button) - case enter: // Enter - - if (!OKIsEnabled(dlog)) { - event->what = nullEvent; - return false; - } - - GetDItem( dlog, kLoginOKItem, &tempType, &okBtnHandle, &tempRect ); - HiliteControl( (ControlHandle) okBtnHandle, 1 ); // hilite the OK button - Delay( 10, &tempTicks ); // wait a little while - HiliteControl( (ControlHandle) okBtnHandle, 0 ); - - *itemHit = kLoginOKItem; // OK Button - return true; // We handled the event - - case tab: // Tab - case larrow: // Left arrow (Keys that just change the selection) - case rarrow: // Right arrow - case uarrow: // Up arrow - case darrow: // Down arrow - return false; // Let ModalDialog handle them - - default: - - // First see if we're in password field, do stuff to make ¥ displayed - - if( ((DialogPeek) dlog)->editField == kLoginVisPwItem - 1 ) { - - selStart = (**((DialogPeek) dlog)->textH).selStart; // Get the selection in the visible item - selEnd = (**((DialogPeek) dlog)->textH).selEnd; - - SelIText( dlog, kLoginIvisPwItem, selStart, selEnd ); // Select text in invisible item - DialogSelect( event,&evtDlog, itemHit ); // Input key - - SelIText( dlog, kLoginVisPwItem, selStart, selEnd ); // Select same area in visible item - if( ( event->message & charCodeMask ) != bs ) // If it's not a backspace (backspace is the only key that can affect both the text and the selection- thus we need to process it in both fields, but not change it for the hidden field. - event->message = '¥'; // Replace with character to use - } - - // Do the key event and set the hilite on the OK button accordingly - - DialogSelect( event,&evtDlog, itemHit ); // Input key - SetOKEnable(dlog); - - // Pass a NULL event back to DialogMgr - - event->what = nullEvent; - - return false; - } -} - -static int SetOKEnable( DialogPtr dlog ) -{ - short itemType,state; - Handle itemHandle; - Rect itemRect; - Str255 tpswd,tuser; - ControlHandle okButton; - - GetDItem( dlog, kLoginNameItem, &itemType, &itemHandle, &itemRect ); - GetIText( itemHandle, tuser ); - GetDItem( dlog, kLoginVisPwItem, &itemType, &itemHandle, &itemRect ); - GetIText( itemHandle, tpswd ); - GetDItem( dlog, kLoginOKItem, &itemType, (Handle *) &okButton, &itemRect ); - state = (tuser[0] && tpswd[0]) ? 0 : 255; - HiliteControl(okButton,state); -} - -static int OKIsEnabled( DialogPtr dlog ) -{ - short itemType; - Rect itemRect; - ControlHandle okButton; - - GetDItem( dlog, kLoginOKItem, &itemType, (Handle *) &okButton, &itemRect ); - return ((**okButton).contrlHilite != 255); -} - - -extern OSErr INTERFACE -CacheInitialTicket( serviceName ) - char *serviceName; -{ - char service[ANAME_SZ]="\0"; - char instance[INST_SZ]="\0"; - char realm[REALM_SZ]="\0"; - OSErr err = noErr; - char uname[ANAME_SZ]="\0"; - char uinst[INST_SZ]="\0"; - char urealm[REALM_SZ]="\0"; - char password[KKEY_SZ]="\0"; - char UserName[MAX_K_NAME_SZ]="\0"; - char oldName[120]="\0"; - - err = GetUserInfo( password ); - if (err) return err; - - if (!serviceName || (serviceName[0] == '\0')) - return err; - - strncpy (UserName, krb_get_default_user(), sizeof(UserName) - 1); - UserName[sizeof(UserName) - 1] = '\0'; - - err = kname_parse(uname, uinst, urealm, UserName); - if (err) return err; - - if (urealm[0] == '\0') - krb_get_lrealm (urealm, 1); - - err = kname_parse(service, instance, realm, serviceName); // check if there is a service name - if (err) return err; - - err = krb_get_pw_in_tkt(uname,uinst,urealm,service,instance,DEFAULT_TKT_LIFE,password); - return err; -} diff --git a/src/lib/krb4/RealmsConfig-glue.c b/src/lib/krb4/RealmsConfig-glue.c deleted file mode 100644 index df663adb56..0000000000 --- a/src/lib/krb4/RealmsConfig-glue.c +++ /dev/null @@ -1,692 +0,0 @@ -/* - * lib/krb4/RealmsConfig-glue.c - * - * Copyright 1985-2002 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * These calls implement the layer of Kerberos v4 library which - * accesses realms configuration by calling into the Kerberos Profile - * library. - */ - -#include -#include -#include -#include -#include - -#include "profile.h" -#include "krb.h" -#include "krb4int.h" -#include "k5-int.h" /* for accessor, addrlist stuff */ -#include "port-sockets.h" - -/* These two *must* be kept in sync to avoid buffer overflows. */ -#define SCNSCRATCH "%1023s" -#define SCRATCHSZ 1024 -#if SCRATCHSZ < MAXHOSTNAMELEN -#error "SCRATCHSZ must be at least MAXHOSTNAMELEN" -#endif - -/* - * Returns to the caller an initialized profile using the same files - * as Kerberos4Lib would. - */ -int KRB5_CALLCONV -krb_get_profile(profile_t* profile) -{ - int retval = KSUCCESS; - profile_filespec_t *files = NULL; - - /* Use krb5 to get the config files */ - retval = krb5_get_default_config_files(&files); - - if (retval == KSUCCESS) { - retval = profile_init((const_profile_filespec_t *)files, profile); - } - - if (files) { - krb5_free_config_files(files); - } - - if (retval == ENOENT) { - /* No edu.mit.Kerberos file */ - return KFAILURE; - } - - if ((retval == PROF_SECTION_NOTOP) || - (retval == PROF_SECTION_SYNTAX) || - (retval == PROF_RELATION_SYNTAX) || - (retval == PROF_EXTRA_CBRACE) || - (retval == PROF_MISSING_OBRACE)) { - /* Bad config file format */ - return retval; - } - - return retval; -} - -/* Caller must ensure that n >= 1 and that pointers are non-NULL. */ -static int -krb_prof_get_nth( - char *ret, - size_t retlen, - const char *realm, - int n, - const char *sec, - const char *key) -{ - int result; - long profErr; - profile_t profile = NULL; - const char *names[4]; - void *iter = NULL; - char *name = NULL; - char *value = NULL; - int i; - - result = KFAILURE; - - profErr = krb_get_profile(&profile); - if (profErr) { - /* - * Can krb_get_profile() return errors that change PROFILE? - */ - goto cleanup; - } - names[0] = sec; - names[1] = realm; - names[2] = key; - names[3] = NULL; - profErr = profile_iterator_create(profile, names, - PROFILE_ITER_RELATIONS_ONLY, &iter); - if (profErr) - goto cleanup; - - result = KSUCCESS; - for (i = 1; i <= n; i++) { - if (name != NULL) - profile_release_string(name); - if (value != NULL) - profile_release_string(value); - name = value = NULL; - - profErr = profile_iterator(&iter, &name, &value); - if (profErr || (name == NULL)) { - result = KFAILURE; - break; - } - } - if (result == KSUCCESS) { - /* Return error rather than truncating. */ - /* Don't strncpy because retlen is a guess for some callers */ - if (strlen(value) >= retlen) - result = KFAILURE; - else - strcpy(ret, value); - } -cleanup: - if (name != NULL) - profile_release_string(name); - if (value != NULL) - profile_release_string(value); - if (iter != NULL) - profile_iterator_free(&iter); - if (profile != NULL) - profile_abandon(profile); - return result; -} - -/* - * Index -> realm name mapping - * - * Not really. The original implementation has a cryptic comment - * indicating that the function can only work for n = 1, and always - * returns the default realm. I don't know _why_ that's the case, but - * I have to do it that way... - * - * Old description from g_krbrlm.c: - * - * krb_get_lrealm takes a pointer to a string, and a number, n. It fills - * in the string, r, with the name of the nth realm specified on the - * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). - * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the - * config file does not exist, and if n=1, a successful return will occur - * with r = KRB_REALM (also defined in "krb.h"). - * - * NOTE: for archaic & compatibility reasons, this routine will only return - * valid results when n = 1. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). This will also look in KRB_FB_CONF is - * ATHENA_CONF_FALLBACK is defined. - */ -int KRB5_CALLCONV -krb_get_lrealm( - char *realm, - int n) -{ - int result = KSUCCESS; - profile_t profile = NULL; - char *profileDefaultRealm = NULL; - char **profileV4Realms = NULL; - int profileHasDefaultRealm = 0; - int profileDefaultRealmIsV4RealmInProfile = 0; - char krbConfLocalRealm[REALM_SZ]; - int krbConfHasLocalRealm = 0; - - if ((realm == NULL) || (n != 1)) { result = KFAILURE; } - - if (result == KSUCCESS) { - /* Some callers don't check the return value so we initialize - * to an empty string in case it never gets filled in. */ - realm [0] = '\0'; - } - - if (result == KSUCCESS) { - int profileErr = krb_get_profile (&profile); - - if (!profileErr) { - /* Get the default realm from the profile */ - profileErr = profile_get_string(profile, REALMS_V4_PROF_LIBDEFAULTS_SECTION, - REALMS_V4_DEFAULT_REALM, NULL, NULL, - &profileDefaultRealm); - if (profileDefaultRealm == NULL) { profileErr = KFAILURE; } - } - - if (!profileErr) { - /* If there is an equivalent v4 realm to the default realm, use that instead */ - char *profileV4EquivalentRealm = NULL; - - if (profile_get_string (profile, "realms", profileDefaultRealm, "v4_realm", NULL, - &profileV4EquivalentRealm) == 0 && - profileV4EquivalentRealm != NULL) { - - profile_release_string (profileDefaultRealm); - profileDefaultRealm = profileV4EquivalentRealm; - } - } - - if (!profileErr) { - if (strlen (profileDefaultRealm) < REALM_SZ) { - profileHasDefaultRealm = 1; /* a reasonable default realm */ - } else { - profileErr = KFAILURE; - } - } - - if (!profileErr) { - /* Walk through the v4 realms list looking for the default realm */ - const char *profileV4RealmsList[] = { REALMS_V4_PROF_REALMS_SECTION, NULL }; - - if (profile_get_subsection_names (profile, profileV4RealmsList, - &profileV4Realms) == 0 && - profileV4Realms != NULL) { - - char **profileRealm; - for (profileRealm = profileV4Realms; *profileRealm != NULL; profileRealm++) { - if (strcmp (*profileRealm, profileDefaultRealm) == 0) { - /* default realm is a v4 realm */ - profileDefaultRealmIsV4RealmInProfile = 1; - break; - } - } - } - } - } - - if (result == KSUCCESS) { - /* Try to get old-style config file lookup for fallback. */ - FILE *cnffile = NULL; - char scratch[SCRATCHSZ]; - - cnffile = krb__get_cnffile(); - if (cnffile != NULL) { - if (fscanf(cnffile, SCNSCRATCH, scratch) == 1) { - if (strlen(scratch) < REALM_SZ) { - strncpy(krbConfLocalRealm, scratch, REALM_SZ); - krbConfHasLocalRealm = 1; - } - } - fclose(cnffile); - } - } - - if (result == KSUCCESS) { - /* - * We want to favor the profile value over the krb.conf value - * but not stop suppporting its use with a v5-only profile. - * So we only use the krb.conf realm when the default profile - * realm doesn't exist in the v4 realm section of the profile. - */ - if (krbConfHasLocalRealm && !profileDefaultRealmIsV4RealmInProfile) { - strncpy (realm, krbConfLocalRealm, REALM_SZ); - } else if (profileHasDefaultRealm) { - strncpy (realm, profileDefaultRealm, REALM_SZ); - } else { - result = KFAILURE; /* No default realm */ - } - } - - if (profileDefaultRealm != NULL) { profile_release_string (profileDefaultRealm); } - if (profileV4Realms != NULL) { profile_free_list (profileV4Realms); } - if (profile != NULL) { profile_abandon (profile); } - - return result; -} - -/* - * Realm, index -> admin KDC mapping - * - * Old description from g_admhst.c: - * - * Given a Kerberos realm, find a host on which the Kerberos database - * administration server can be found. - * - * krb_get_admhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer n, and - * returns (in h) the nth administrative host entry from the configuration - * file (KRB_CONF, defined in "krb.h") associated with the specified realm. - * If ATHENA_CONF_FALLBACK is defined, also look in old location. - * - * On error, get_admhst returns KFAILURE. If all goes well, the routine - * returns KSUCCESS. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). - * - * This is a temporary hack to allow us to find the nearest system running - * a Kerberos admin server. In the long run, this functionality will be - * provided by a nameserver. - */ -int KRB5_CALLCONV -krb_get_admhst( - char *host, - char *realm, - int n) -{ - int result; - int i; - FILE *cnffile; - char linebuf[BUFSIZ]; - char trealm[SCRATCHSZ]; - char thost[SCRATCHSZ]; - char scratch[SCRATCHSZ]; - - if (n < 1 || host == NULL || realm == NULL) - return KFAILURE; - - result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, - REALMS_V4_PROF_REALMS_SECTION, - REALMS_V4_PROF_ADMIN_KDC); - if (result == KSUCCESS) - return result; - - /* - * Do old-style config file lookup. - */ - cnffile = krb__get_cnffile(); - if (cnffile == NULL) - return KFAILURE; - result = KSUCCESS; - for (i = 0; i < n;) { - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - result = KFAILURE; - break; - } - if (!strchr(linebuf, '\n')) { - result = KFAILURE; - break; - } - /* - * Need to scan for a token after 'admin' to make sure that - * admin matched correctly. - */ - if (sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH " admin " SCNSCRATCH, - trealm, thost, scratch) != 3) - continue; - if (!strcmp(trealm, realm)) - i++; - } - fclose(cnffile); - if (result == KSUCCESS && strlen(thost) < MAX_HSTNM) - strcpy(host, thost); - else - result = KFAILURE; - return result; -} - -/* - * Realm, index -> kpasswd KDC mapping - */ -int -krb_get_kpasswdhst( - char *host, - char *realm, - int n) -{ - if (n < 1 || host == NULL || realm == NULL) - return KFAILURE; - - return krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, - REALMS_V4_PROF_REALMS_SECTION, - REALMS_V4_PROF_KPASSWD_KDC); -} - -/* - * Realm, index -> KDC mapping - * - * Old description from g_krbhst.c: - * - * Given a Kerberos realm, find a host on which the Kerberos authenti- - * cation server can be found. - * - * krb_get_krbhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer, n, and - * returns (in h) the nth entry from the configuration file (KRB_CONF, - * defined in "krb.h") associated with the specified realm. - * - * On end-of-file, krb_get_krbhst returns KFAILURE. If n=1 and the - * configuration file does not exist, krb_get_krbhst will return KRB_HOST - * (also defined in "krb.h"). If all goes well, the routine returnes - * KSUCCESS. - * - * The KRB_CONF file contains the name of the local realm in the first - * line (not used by this routine), followed by lines indicating realm/host - * entries. The words "admin server" following the hostname indicate that - * the host provides an administrative database server. - * This will also look in KRB_FB_CONF if ATHENA_CONF_FALLBACK is defined. - * - * For example: - * - * ATHENA.MIT.EDU - * ATHENA.MIT.EDU kerberos-1.mit.edu admin server - * ATHENA.MIT.EDU kerberos-2.mit.edu - * LCS.MIT.EDU kerberos.lcs.mit.edu admin server - * - * This is a temporary hack to allow us to find the nearest system running - * kerberos. In the long run, this functionality will be provided by a - * nameserver. - */ -#ifdef KRB5_DNS_LOOKUP -static struct { - time_t when; - char realm[REALM_SZ+1]; - struct srv_dns_entry *srv; -} dnscache = { 0, { 0 }, 0 }; -#define DNS_CACHE_TIMEOUT 60 /* seconds */ -#endif - -int KRB5_CALLCONV -krb_get_krbhst( - char *host, - const char *realm, - int n) -{ - int result; - int i; - FILE *cnffile; - char linebuf[BUFSIZ]; - char tr[SCRATCHSZ]; - char scratch[SCRATCHSZ]; -#ifdef KRB5_DNS_LOOKUP - time_t now; -#endif - - if (n < 1 || host == NULL || realm == NULL) - return KFAILURE; - -#ifdef KRB5_DNS_LOOKUP - /* We'll only have this realm's info in the DNS cache if there is - no data in the local config files. - - XXX The files could've been updated in the last few seconds. - Do we care? */ - if (!strncmp(dnscache.realm, realm, REALM_SZ) - && (time(&now), abs(dnscache.when - now) < DNS_CACHE_TIMEOUT)) { - struct srv_dns_entry *entry; - - get_from_dnscache: - /* n starts at 1, addrs indices run 0..naddrs */ - for (i = 1, entry = dnscache.srv; i < n && entry; i++) - entry = entry->next; - if (entry == NULL) - return KFAILURE; - if (strlen(entry->host) + 6 >= MAXHOSTNAMELEN) - return KFAILURE; - snprintf(host, MAXHOSTNAMELEN, "%s:%d", entry->host, entry->port); - return KSUCCESS; - } -#endif - - result = krb_prof_get_nth(host, MAXHOSTNAMELEN, realm, n, - REALMS_V4_PROF_REALMS_SECTION, - REALMS_V4_PROF_KDC); - if (result == KSUCCESS) - return result; - /* - * Do old-style config file lookup. - */ - do { - cnffile = krb__get_cnffile(); - if (cnffile == NULL) - break; - /* Skip default realm name. */ - if (fscanf(cnffile, SCNSCRATCH, tr) == EOF) { - fclose(cnffile); - break; - } - result = KSUCCESS; - for (i = 0; i < n;) { - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - result = KFAILURE; - break; - } - if (!strchr(linebuf, '\n')) { - result = KFAILURE; - break; - } - if ((sscanf(linebuf, SCNSCRATCH " " SCNSCRATCH, - tr, scratch) != 2)) - continue; - if (!strcmp(tr, realm)) - i++; - } - fclose(cnffile); - if (result == KSUCCESS && strlen(scratch) < MAXHOSTNAMELEN) { - strcpy(host, scratch); - return KSUCCESS; - } - if (i > 0) - /* Found some, but not as many as requested. */ - return KFAILURE; - } while (0); -#ifdef KRB5_DNS_LOOKUP - do { - krb5int_access k5; - krb5_error_code err; - krb5_data realmdat; - struct srv_dns_entry *srv; - - err = krb5int_accessor(&k5, KRB5INT_ACCESS_VERSION); - if (err) - break; - - if (k5.use_dns_kdc(krb5__krb4_context)) { - realmdat.data = realm; - realmdat.length = strlen(realm); - err = k5.make_srv_query_realm(&realmdat, "_kerberos-iv", "_udp", - &srv); - if (err) - break; - - if (srv == 0) - break; - - if (dnscache.srv) - k5.free_srv_dns_data(dnscache.srv); - dnscache.srv = srv; - strncpy(dnscache.realm, realm, REALM_SZ); - dnscache.when = now; - goto get_from_dnscache; - } - } while (0); -#endif - return KFAILURE; -} - -/* - * Hostname -> realm name mapping - * - * Old description from realmofhost.c: - * - * Given a fully-qualified domain-style primary host name, - * return the name of the Kerberos realm for the host. - * If the hostname contains no discernable domain, or an error occurs, - * return the local realm name, as supplied by get_krbrlm(). - * If the hostname contains a domain, but no translation is found, - * the hostname's domain is converted to upper-case and returned. - * - * The format of each line of the translation file is: - * domain_name kerberos_realm - * -or- - * host_name kerberos_realm - * - * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) - * host names should be in the usual form (e.g. FOO.BAR.BAZ) - */ -char * KRB5_CALLCONV -krb_realmofhost(char *host) -{ - /* Argh! */ - static char realm[REALM_SZ]; - char *lhost; - const char *names[] = {REALMS_V4_PROF_DOMAIN_SECTION, NULL, NULL}; - char **values = NULL; - profile_t profile = NULL; - long profErr; - char hostname[MAXHOSTNAMELEN]; - char *p; - char *domain; - FILE *trans_file = NULL; - int retval; - char thost[SCRATCHSZ]; - char trealm[SCRATCHSZ]; - struct hostent *h; - - /* Return local realm if all else fails */ - krb_get_lrealm(realm, 1); - - /* Forward-resolve in case domain is missing. */ - h = gethostbyname(host); - if (h == NULL) - lhost = host; - else - lhost = h->h_name; - - if (strlen(lhost) >= MAXHOSTNAMELEN) - return realm; - strcpy(hostname, lhost); - - /* Remove possible trailing dot. */ - p = strrchr(hostname, '.'); - if (p != NULL && p[1] == '\0') - *p = '\0'; - domain = strchr(hostname, '.'); - /* - * If the hostname is just below the top, e.g., CYGNUS.COM, then - * we special-case it; if someone really wants a realm called COM - * they will just have to specify it properly. - */ - if (domain != NULL) { - domain++; - p = strchr(domain, '.'); - if (p == NULL) - domain = lhost; - if (strlen(domain) < REALM_SZ) { - strncpy(realm, domain, REALM_SZ); - /* Upcase realm name. */ - for (p = hostname; *p != '\0'; p++) { - if (*p > 0 && islower((unsigned char)*p)) - *p = toupper((unsigned char)*p); - } - } - } - /* Downcase hostname. */ - for (p = hostname; *p != '\0'; p++) { - if (*p > 0 && isupper((unsigned char)*p)) - *p = tolower((unsigned char)*p); - } - - profErr = krb_get_profile(&profile); - if (profErr) - goto cleanup; - - for (domain = hostname; domain != NULL && *domain != '\0';) { - names[1] = domain; - values = NULL; - profErr = profile_get_values(profile, names, &values); - if (!profErr && strlen(values[0]) < REALM_SZ) { - /* Found, return it */ - strncpy(realm, values[0], REALM_SZ); - profile_free_list(values); - break; - } else { - /* Skip over leading dot. */ - if (*domain == '.') - domain++; - domain = strchr(domain, '.'); - } - profile_free_list(values); - } -cleanup: - if (profile != NULL) - profile_abandon(profile); - - trans_file = krb__get_realmsfile(); - if (trans_file == NULL) - return realm; - domain = strchr(hostname, '.'); - for (;;) { - retval = fscanf(trans_file, SCNSCRATCH " " SCNSCRATCH, - thost, trealm); - if (retval == EOF) - break; - if (retval != 2 || strlen(trealm) >= REALM_SZ) - continue; /* Ignore malformed lines. */ - /* Attempt to match domain. */ - if (*thost == '.') { - if (domain && !strcasecmp(thost, domain)) { - strncpy(realm, trealm, REALM_SZ); - continue; /* Try again for an exact match. */ - } - } else { - /* Hostname must match exactly. */ - if (!strcasecmp(thost, hostname)) { - strncpy(realm, trealm, REALM_SZ); - break; - } - } - } - fclose(trans_file); - return realm; -} diff --git a/src/lib/krb4/ad_print.c b/src/lib/krb4/ad_print.c deleted file mode 100644 index 6329572087..0000000000 --- a/src/lib/krb4/ad_print.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * lib/krb4/ad_print.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. All - * Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "des.h" -#include "krb4int.h" -#include -#include "port-sockets.h" - -#ifndef _WIN32 - -/* - * Print some of the contents of the given authenticator structure - * (AUTH_DAT defined in "krb.h"). Fields printed are: - * - * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session - */ - -void -ad_print(x) - AUTH_DAT *x; -{ - struct in_addr ina; - ina.s_addr = x->address; - - printf("\n%s %s %s ", x->pname, x->pinst, x->prealm); - far_fputs (inet_ntoa(ina), stdout); - printf(" flags %u cksum 0x%lX\n\ttkt_tm 0x%lX sess_key", - x->k_flags, (long) x->checksum, (long) x->time_sec); - printf("[8] ="); -#ifdef NOENCRYPTION - placebo_cblock_print(x->session); -#else /* Do Encryption */ - des_cblock_print_file(&x->session,stdout); -#endif /* NOENCRYPTION */ - /* skip reply for now */ -} - -#ifdef NOENCRYPTION -/* - * Print in hex the 8 bytes of the given session key. - * - * Printed format is: " 0x { x, x, x, x, x, x, x, x }" - */ - -placebo_cblock_print(x) - des_cblock x; -{ - unsigned char *y = (unsigned char *) x; - register int i = 0; - - printf(" 0x { "); - - while (i++ <8) { - printf("%x",*y++); - if (i<8) printf(", "); - } - printf(" }"); -} -#endif /* NOENCRYPTION */ - -#endif diff --git a/src/lib/krb4/change_password.c b/src/lib/krb4/change_password.c deleted file mode 100644 index 7c3bcd01d0..0000000000 --- a/src/lib/krb4/change_password.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * change_password.c - * - * Copyright 1987, 1988, 2002 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include - -#include "krb.h" -#include "krb4int.h" -#include "kadm.h" -#include "prot.h" - -/* - * krb_change_password(): This disgusting function handles changing passwords - * in a krb4-only environment. - * -1783126240 - * THIS IS NOT A NORMAL KRB4 API FUNCTION! DON'T USE IN PORTABLE CODE! - */ - -int KRB5_CALLCONV -krb_change_password(char *principal, char *instance, char *realm, - char *oldPassword, char *newPassword) -{ - int err; - des_cblock key; - KRB_UINT32 tempKey; - size_t sendSize; - u_char *sendStream; - size_t receiveSize; - u_char *receiveStream; - Kadm_Client client_parm; - u_char *p; - - err = 0; - - /* Check inputs: */ - if (principal == NULL || instance == NULL || realm == NULL || - oldPassword == NULL || newPassword == NULL) { - return KFAILURE; - } - - /* - * Get tickets to change the old password and shove them in the - * client_parm - */ - err = krb_get_pw_in_tkt_creds(principal, instance, realm, - PWSERV_NAME, KADM_SINST, 1, - oldPassword, &client_parm.creds); - if (err != KSUCCESS) - goto cleanup; - - /* Now create the key to send to the server */ - /* Use this and not mit_password_to_key so that we don't prompt */ - des_string_to_key(newPassword, key); - - /* Create the link to the server */ - err = kadm_init_link(PWSERV_NAME, KRB_MASTER, realm, &client_parm, 1); - if (err != KADM_SUCCESS) - goto cleanup; - - /* Connect to the KDC */ - err = kadm_cli_conn(&client_parm); - if (err != KADM_SUCCESS) - goto cleanup; - - /* possible problem with vts_long on a non-multiple of four boundary */ - sendSize = 0; /* start of our output packet */ - sendStream = malloc(1); /* to make it reallocable */ - if (sendStream == NULL) - goto disconnect; - sendStream[sendSize++] = CHANGE_PW; - - /* change key to stream */ - /* This looks backwards but gets inverted on the server side. */ - p = key + 4; - KRB4_GET32BE(tempKey, p); - sendSize += vts_long(tempKey, &sendStream, (int)sendSize); - p = key; - KRB4_GET32BE(tempKey, p); - sendSize += vts_long(tempKey, &sendStream, (int)sendSize); - tempKey = 0; - - if (newPassword) { - sendSize += vts_string(newPassword, &sendStream, (int)sendSize); - } - - /* send the data to the kdc */ - err = kadm_cli_send(&client_parm, sendStream, sendSize, - &receiveStream, &receiveSize); - free(sendStream); - if (receiveSize > 0) - /* If there is a string from the kdc, free it - we don't care */ - free(receiveStream); - if (err != KADM_SUCCESS) - goto disconnect; - -disconnect: - /* Disconnect */ - kadm_cli_disconn(&client_parm); - -cleanup: - memset(&client_parm.creds.session, 0, sizeof(client_parm.creds.session)); - memset(&key, 0, sizeof(key)); - return err; -} diff --git a/src/lib/krb4/cr_auth_repl.c b/src/lib/krb4/cr_auth_repl.c deleted file mode 100644 index 277d9af8ee..0000000000 --- a/src/lib/krb4/cr_auth_repl.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * lib/krb4/cr_auth_repl.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * This routine is called by the Kerberos authentication server - * to create a reply to an authentication request. The routine - * takes the user's name, instance, and realm, the client's - * timestamp, the number of tickets, the user's key version - * number and the ciphertext containing the tickets themselves. - * It constructs a packet and returns a pointer to it. - * - * Notes: The packet returned by this routine is static. Thus, if you - * intend to keep the result beyond the next call to this routine, you - * must copy it elsewhere. - * - * The packet is built in the following format: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * unsigned char KRB_PROT_VERSION protocol version number - * - * unsigned char AUTH_MSG_KDC_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned char n number of tickets - * - * unsigned long x_date expiration date - * - * unsigned char kvno master key version - * - * short w_1 cipher length - * - * --- cipher->dat cipher data - */ - -KTEXT -create_auth_reply(pname, pinst, prealm, time_ws, n, x_date, kvno, cipher) - char *pname; /* Principal's name */ - char *pinst; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long time_ws; /* Workstation time */ - int n; /* Number of tickets */ - unsigned long x_date; /* Principal's expiration date */ - int kvno; /* Principal's key version number */ - KTEXT cipher; /* Cipher text with tickets and - * session keys */ -{ - static KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; - unsigned char *p; - size_t pnamelen, pinstlen, prealmlen; - - /* Create fixed part of packet */ - p = pkt->dat; - /* This is really crusty. */ - if (n != 0) - *p++ = 3; - else - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_KDC_REPLY; /* always big-endian */ - - /* Make sure the response will actually fit into its buffer. */ - pnamelen = strlen(pname) + 1; - pinstlen = strlen(pinst) + 1; - prealmlen = strlen(prealm) + 1; - if (sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen - + 4 + 1 + 4 + 1 + 2 + cipher->length) - || cipher->length > 65535 || cipher->length < 0) { - pkt->length = 0; - return NULL; - } - /* Add the basic info */ - memcpy(p, pname, pnamelen); - p += pnamelen; - memcpy(p, pinst, pinstlen); - p += pinstlen; - memcpy(p, prealm, prealmlen); - p += prealmlen; - - /* Workstation timestamp */ - KRB4_PUT32BE(p, time_ws); - - *p++ = n; - - /* Expiration date */ - KRB4_PUT32BE(p, x_date); - - /* Now send the ciphertext and info to help decode it */ - *p++ = kvno; - KRB4_PUT16BE(p, cipher->length); - memcpy(p, cipher->dat, (size_t)cipher->length); - p += cipher->length; - - /* And return the packet */ - pkt->length = p - pkt->dat; - return pkt; -} diff --git a/src/lib/krb4/cr_ciph.c b/src/lib/krb4/cr_ciph.c deleted file mode 100644 index 481cb7ee33..0000000000 --- a/src/lib/krb4/cr_ciph.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * lib/krb4/cr_ciph.c - * - * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include "des.h" -#include - -/* - * This routine is used by the authentication server to create - * a packet for its client, containing a ticket for the requested - * service (given in "tkt"), and some information about the ticket, -#ifndef NOENCRYPTION - * all encrypted in the given key ("key"). -#endif - * - * Returns KSUCCESS no matter what. - * - * The length of the cipher is stored in c->length; the format of - * c->dat is as follows: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * - * 8 bytes session session key for client, service - * - * string service service name - * - * string instance service instance - * - * string realm KDC realm - * - * unsigned char life ticket lifetime - * - * unsigned char kvno service key version number - * - * unsigned char tkt->length length of following ticket - * - * data tkt->dat ticket for service - * - * 4 bytes kdc_time KDC's timestamp - * - * <=7 bytes null null pad to 8 byte multiple - * - */ - -int -create_ciph(c, session, service, instance, realm, life, kvno, tkt, - kdc_time, key) - KTEXT c; /* Text block to hold ciphertext */ - C_Block session; /* Session key to send to user */ - char *service; /* Service name on ticket */ - char *instance; /* Instance name on ticket */ - char *realm; /* Realm of this KDC */ - unsigned long life; /* Lifetime of the ticket */ - int kvno; /* Key version number for service */ - KTEXT tkt; /* The ticket for the service */ - unsigned long kdc_time; /* KDC time */ - C_Block key; /* Key to encrypt ciphertext with */ -{ - unsigned char *ptr; - size_t servicelen, instancelen, realmlen; - Key_schedule key_s; - - ptr = c->dat; - - /* Validate lengths. */ - servicelen = strlen(service) + 1; - instancelen = strlen(instance) + 1; - realmlen = strlen(realm) + 1; - if (sizeof(c->dat) / 8 < ((8 + servicelen + instancelen + realmlen - + 1 + 1 + 1 + tkt->length - + 4 + 7) / 8) - || tkt->length > 255 || tkt->length < 0) { - c->length = 0; - return KFAILURE; - } - - memcpy(ptr, session, 8); - ptr += 8; - - memcpy(ptr, service, servicelen); - ptr += servicelen; - memcpy(ptr, instance, instancelen); - ptr += instancelen; - memcpy(ptr, realm, realmlen); - ptr += realmlen; - - *ptr++ = life; - *ptr++ = kvno; - *ptr++ = tkt->length; - - memcpy(ptr, tkt->dat, (size_t)tkt->length); - ptr += tkt->length; - - KRB4_PUT32BE(ptr, kdc_time); - - /* guarantee null padded encrypted data to multiple of 8 bytes */ - memset(ptr, 0, 7); - - c->length = (((ptr - c->dat) + 7) / 8) * 8; - -#ifndef NOENCRYPTION - key_sched(key, key_s); - pcbc_encrypt((C_Block *)c->dat, (C_Block *)c->dat, - (long)c->length, key_s, (C_Block*)key, ENCRYPT); - memset(key_s, 0, sizeof(key_s)); -#endif /* NOENCRYPTION */ - - return KSUCCESS; -} diff --git a/src/lib/krb4/cr_death_pkt.c b/src/lib/krb4/cr_death_pkt.c deleted file mode 100644 index 63d756277e..0000000000 --- a/src/lib/krb4/cr_death_pkt.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * lib/krb4/cr_death_pkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * This routine creates a packet to type AUTH_MSG_DIE which is sent to - * the Kerberos server to make it shut down. It is used only in the - * development environment. - * - * It takes a string "a_name" which is sent in the packet. A pointer - * to the packet is returned. - * - * The format of the killer packet is: - * - * type variable data - * or constant - * ---- ----------- ---- - * - * unsigned char KRB_PROT_VERSION protocol version number - * - * unsigned char AUTH_MSG_DIE message type - * - * [least significant HOST_BYTE_ORDER byte order of sender - * bit of above field] - * - * string a_name presumably, name of - * principal sending killer - * packet - */ - -#ifdef DEBUG -KTEXT -krb_create_death_packet(a_name) - char *a_name; -{ - static KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; - unsigned char *p; - size_t namelen; - - p = pkt->dat; - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_DIE; - namelen = strlen(a_name) + 1; - if (1 + 1 + namelen > sizeof(pkt->dat)) - return NULL; - memcpy(p, a_name, namelen); - p += namelen; - pkt->length = p - pkt->dat; - return pkt; -} -#endif /* DEBUG */ diff --git a/src/lib/krb4/cr_err_repl.c b/src/lib/krb4/cr_err_repl.c deleted file mode 100644 index 5dad8c1b17..0000000000 --- a/src/lib/krb4/cr_err_repl.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * lib/krb4/cr_err_repl.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * This routine is used by the Kerberos authentication server to - * create an error reply packet to send back to its client. - * - * It takes a pointer to the packet to be built, the name, instance, - * and realm of the principal, the client's timestamp, an error code - * and an error string as arguments. Its return value is undefined. - * - * The packet is built in the following format: - * - * type variable data - * or constant - * ---- ----------- ---- - * - * unsigned char req_ack_vno protocol version number - * - * unsigned char AUTH_MSG_ERR_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned long e error code - * - * string e_string error text - */ - -void -cr_err_reply(pkt,pname,pinst,prealm,time_ws,e,e_string) - KTEXT pkt; - char *pname; /* Principal's name */ - char *pinst; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - u_long time_ws; /* Workstation time */ - u_long e; /* Error code */ - char *e_string; /* Text of error */ -{ - unsigned char *p; - size_t pnamelen, pinstlen, prealmlen, e_stringlen; - - p = pkt->dat; - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_ERR_REPLY; - - /* Make sure the reply will fit into the buffer. */ - pnamelen = strlen(pname) + 1; - pinstlen = strlen(pinst) + 1; - prealmlen = strlen(prealm) + 1; - e_stringlen = strlen(e_string) + 1; - if(sizeof(pkt->dat) < (1 + 1 + pnamelen + pinstlen + prealmlen - + 4 + 4 + e_stringlen)) { - pkt->length = 0; - return; - } - /* Add the basic info */ - memcpy(p, pname, pnamelen); - p += pnamelen; - memcpy(p, pinst, pinstlen); - p += pinstlen; - memcpy(p, prealm, prealmlen); - p += prealmlen; - /* ws timestamp */ - KRB4_PUT32BE(p, time_ws); - /* err code */ - KRB4_PUT32BE(p, e); - /* err text */ - memcpy(p, e_string, e_stringlen); - p += e_stringlen; - - /* And return */ - pkt->length = p - pkt->dat; - return; -} diff --git a/src/lib/krb4/cr_tkt.c b/src/lib/krb4/cr_tkt.c deleted file mode 100644 index 2c01257d81..0000000000 --- a/src/lib/krb4/cr_tkt.c +++ /dev/null @@ -1,254 +0,0 @@ -/* - * lib/krb4/cr_tkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include "des.h" -#include "krb.h" -#include "prot.h" -#include -#include "port-sockets.h" - -static int -krb_cr_tkt_int (KTEXT tkt, unsigned int flags_in, char *pname, - char *pinstance, char *prealm, long paddress, - char *session, int life, long time_sec, - char *sname, char *sinstance); - -/* - * Create ticket takes as arguments information that should be in a - * ticket, and the KTEXT object in which the ticket should be - * constructed. It then constructs a ticket and returns, leaving the - * newly created ticket in tkt. -#ifndef NOENCRYPTION - * The data in tkt->dat is encrypted in the server's key. -#endif - * The length of the ticket is a multiple of - * eight bytes and is in tkt->length. - * - * If the ticket is too long, the ticket will contain nulls. - * The return value of the routine is undefined. - * - * The corresponding routine to extract information from a ticket it - * decomp_ticket. When changes are made to this routine, the - * corresponding changes should also be made to that file. - * - * The packet is built in the following format: - * - * variable - * type or constant data - * ---- ----------- ---- - * - * tkt->length length of ticket (multiple of 8 bytes) - * -#ifdef NOENCRYPTION - * tkt->dat: -#else - * tkt->dat: (encrypted in server's key) -#endif - * - * unsigned char flags namely, HOST_BYTE_ORDER - * - * string pname client's name - * - * string pinstance client's instance - * - * string prealm client's realm - * - * 4 bytes paddress client's address - * - * 8 bytes session session key - * - * 1 byte life ticket lifetime - * - * 4 bytes time_sec KDC timestamp - * - * string sname service's name - * - * string sinstance service's instance - * - * <=7 bytes null null pad to 8 byte multiple - * - */ -int -krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance, key) - KTEXT tkt; /* Gets filled in by the ticket */ - unsigned int flags; /* Various Kerberos flags */ - char *pname; /* Principal's name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long paddress; /* Net address of requesting entity */ - char *session; /* Session key inserted in ticket */ - int life; /* Lifetime of the ticket */ - long time_sec; /* Issue time and date */ - char *sname; /* Service Name */ - char *sinstance; /* Instance Name */ - C_Block key; /* Service's secret key */ -{ - int kerr; - Key_schedule key_s; - - kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance); - if (kerr) - return kerr; - - /* Encrypt the ticket in the services key */ - key_sched(key, key_s); - pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat, - (long)tkt->length, key_s, (C_Block *)key, 1); - memset(key_s, 0, sizeof(key_s)); - return 0; -} - -int -krb_cr_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance, k5key) - KTEXT tkt; /* Gets filled in by the ticket */ - unsigned int flags; /* Various Kerberos flags */ - char *pname; /* Principal's name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long paddress; /* Net address of requesting entity */ - char *session; /* Session key inserted in ticket */ - int life; /* Lifetime of the ticket */ - long time_sec; /* Issue time and date */ - char *sname; /* Service Name */ - char *sinstance; /* Instance Name */ - krb5_keyblock *k5key; /* NULL if not present */ -{ - int kerr; - krb5_data in; - krb5_enc_data out; - krb5_error_code ret; - size_t enclen; - - kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, - paddress, session, life, time_sec, - sname, sinstance); - if (kerr) - return kerr; - - /* Encrypt the ticket in the services key */ - in.length = tkt->length; - in.data = (char *)tkt->dat; - /* XXX assumes context arg is ignored */ - ret = krb5_c_encrypt_length(NULL, k5key->enctype, - (size_t)in.length, &enclen); - if (ret) - return KFAILURE; - out.ciphertext.length = enclen; - out.ciphertext.data = malloc(enclen); - if (out.ciphertext.data == NULL) - return KFAILURE; /* XXX maybe ENOMEM? */ - - /* XXX assumes context arg is ignored */ - ret = krb5_c_encrypt(NULL, k5key, KRB5_KEYUSAGE_KDC_REP_TICKET, - NULL, &in, &out); - if (ret) { - free(out.ciphertext.data); - return KFAILURE; - } else { - tkt->length = out.ciphertext.length; - memcpy(tkt->dat, out.ciphertext.data, out.ciphertext.length); - memset(out.ciphertext.data, 0, out.ciphertext.length); - free(out.ciphertext.data); - } - return 0; -} - -static int -krb_cr_tkt_int(tkt, flags_in, pname, pinstance, prealm, paddress, - session, life, time_sec, sname, sinstance) - KTEXT tkt; /* Gets filled in by the ticket */ - unsigned int flags_in; /* Various Kerberos flags */ - char *pname; /* Principal's name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - long paddress; /* Net address of requesting entity */ - char *session; /* Session key inserted in ticket */ - int life; /* Lifetime of the ticket */ - long time_sec; /* Issue time and date */ - char *sname; /* Service Name */ - char *sinstance; /* Instance Name */ -{ - register unsigned char *data; /* running index into ticket */ - size_t pnamelen, pinstlen, prealmlen, snamelen, sinstlen; - struct in_addr paddr; - - /* Be really paranoid. */ - if (sizeof(paddr.s_addr) != 4) - return KFAILURE; - - tkt->length = 0; /* Clear previous data */ - - /* Check length of ticket */ - pnamelen = strlen(pname) + 1; - pinstlen = strlen(pinstance) + 1; - prealmlen = strlen(prealm) + 1; - snamelen = strlen(sname) + 1; - sinstlen = strlen(sinstance) + 1; - if (sizeof(tkt->dat) / 8 < ((1 + pnamelen + pinstlen + prealmlen - + 4 /* address */ - + 8 /* session */ - + 1 /* life */ - + 4 /* issue time */ - + snamelen + sinstlen - + 7) / 8) /* roundoff */ - || life > 255 || life < 0) { - memset(tkt->dat, 0, sizeof(tkt->dat)); - return KFAILURE /* XXX */; - } - - data = tkt->dat; - *data++ = flags_in; - memcpy(data, pname, pnamelen); - data += pnamelen; - memcpy(data, pinstance, pinstlen); - data += pinstlen; - memcpy(data, prealm, prealmlen); - data += prealmlen; - - paddr.s_addr = paddress; - memcpy(data, &paddr.s_addr, sizeof(paddr.s_addr)); - data += sizeof(paddr.s_addr); - - memcpy(data, session, 8); - data += 8; - *data++ = life; - /* issue time */ - KRB4_PUT32BE(data, time_sec); - - memcpy(data, sname, snamelen); - data += snamelen; - memcpy(data, sinstance, sinstlen); - data += sinstlen; - - /* guarantee null padded ticket to multiple of 8 bytes */ - memset(data, 0, 7); - tkt->length = ((data - tkt->dat + 7) / 8) * 8; - return 0; -} diff --git a/src/lib/krb4/debug.c b/src/lib/krb4/debug.c deleted file mode 100644 index bd2ec904a6..0000000000 --- a/src/lib/krb4/debug.c +++ /dev/null @@ -1,15 +0,0 @@ -/* - * debug.c - * - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" - -/* Declare global debugging variables. */ - -int krb_ap_req_debug = 0; -int krb_debug = 0; diff --git a/src/lib/krb4/decomp_tkt.c b/src/lib/krb4/decomp_tkt.c deleted file mode 100644 index 7d85991a0e..0000000000 --- a/src/lib/krb4/decomp_tkt.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * lib/krb4/decomp_tkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "des.h" -#include "krb.h" -#include "prot.h" -#include -#include -#include "krb54proto.h" -#include "port-sockets.h" - -#ifdef KRB_CRYPT_DEBUG -extern int krb_debug; -#endif - -static int dcmp_tkt_int (KTEXT tkt, unsigned char *flags, - char *pname, char *pinstance, char *prealm, - unsigned KRB4_32 *paddress, C_Block session, - int *life, unsigned KRB4_32 *time_sec, - char *sname, char *sinstance, C_Block key, - Key_schedule key_s, krb5_keyblock *k5key); -/* - * This routine takes a ticket and pointers to the variables that - * should be filled in based on the information in the ticket. It -#ifndef NOENCRYPTION - * decrypts the ticket using the given key, and -#endif - * fills in values for its arguments. - * - * Note: if the client realm field in the ticket is the null string, - * then the "prealm" variable is filled in with the local realm (as - * defined by KRB_REALM). - * - * If the ticket byte order is different than the host's byte order - * (as indicated by the byte order bit of the "flags" field), then - * the KDC timestamp "time_sec" is byte-swapped. The other fields - * potentially affected by byte order, "paddress" and "session" are - * not byte-swapped. - * - * The routine returns KFAILURE if any of the "pname", "pinstance", - * or "prealm" fields is too big, otherwise it returns KSUCCESS. - * - * The corresponding routine to generate tickets is create_ticket. - * When changes are made to this routine, the corresponding changes - * should also be made to that file. - * - * See create_ticket.c for the format of the ticket packet. - */ - -int KRB5_CALLCONV /* XXX should this be exported on win32? */ -decomp_ticket(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, key, key_s) - KTEXT tkt; /* The ticket to be decoded */ - unsigned char *flags; /* Kerberos ticket flags */ - char *pname; /* Authentication name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - unsigned KRB4_32 *paddress; /* Net address of entity - * requesting ticket */ - C_Block session; /* Session key inserted in ticket */ - int *life; /* Lifetime of the ticket */ - unsigned KRB4_32 *time_sec; /* Issue time and date */ - char *sname; /* Service name */ - char *sinstance; /* Service instance */ - C_Block key; /* Service's secret key - * (to decrypt the ticket) */ - Key_schedule key_s; /* The precomputed key schedule */ -{ - return - dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, - paddress, session, life, time_sec, sname, sinstance, - key, key_s, NULL); -} - -int -decomp_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, k5key) - KTEXT tkt; /* The ticket to be decoded */ - unsigned char *flags; /* Kerberos ticket flags */ - char *pname; /* Authentication name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - unsigned KRB4_32 *paddress; /* Net address of entity - * requesting ticket */ - C_Block session; /* Session key inserted in ticket */ - int *life; /* Lifetime of the ticket */ - unsigned KRB4_32 *time_sec; /* Issue time and date */ - char *sname; /* Service name */ - char *sinstance; /* Service instance */ - krb5_keyblock *k5key; /* krb5 keyblock of service */ -{ - C_Block key; /* placeholder; doesn't get used */ - Key_schedule key_s; /* placeholder; doesn't get used */ - - return - dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, key, key_s, k5key); -} - -static int -dcmp_tkt_int(tkt, flags, pname, pinstance, prealm, paddress, session, - life, time_sec, sname, sinstance, key, key_s, k5key) - KTEXT tkt; /* The ticket to be decoded */ - unsigned char *flags; /* Kerberos ticket flags */ - char *pname; /* Authentication name */ - char *pinstance; /* Principal's instance */ - char *prealm; /* Principal's authentication domain */ - unsigned KRB4_32 *paddress; /* Net address of entity - * requesting ticket */ - C_Block session; /* Session key inserted in ticket */ - int *life; /* Lifetime of the ticket */ - unsigned KRB4_32 *time_sec; /* Issue time and date */ - char *sname; /* Service name */ - char *sinstance; /* Service instance */ - C_Block key; /* Service's secret key - * (to decrypt the ticket) */ - Key_schedule key_s; /* The precomputed key schedule */ - krb5_keyblock *k5key; /* krb5 keyblock of service */ -{ - int tkt_le; /* little-endian ticket? */ - unsigned char *ptr = tkt->dat; - int kret, len; - struct in_addr paddr; - - /* Be really paranoid. */ - if (sizeof(paddr.s_addr) != 4) - return KFAILURE; - -#ifndef NOENCRYPTION - /* Do the decryption */ -#ifdef KRB_CRYPT_DEBUG - if (krb_debug) { - FILE *fp; - char *keybuf[BUFSIZ]; /* Avoid secret stuff in stdio buffers */ - - fp = fopen("/kerberos/tkt.des", "wb"); - setbuf(fp, keybuf); - fwrite(tkt->dat, 1, tkt->length, fp); - fclose(fp); - memset(keybuf, 0, sizeof(keybuf)); /* Clear the buffer */ - } -#endif - if (k5key != NULL) { - /* block locals */ - krb5_enc_data in; - krb5_data out; - krb5_error_code ret; - - in.enctype = k5key->enctype; - in.kvno = 0; - in.ciphertext.length = tkt->length; - in.ciphertext.data = (char *)tkt->dat; - out.length = tkt->length; - out.data = malloc((size_t)tkt->length); - if (out.data == NULL) - return KFAILURE; /* XXX maybe ENOMEM? */ - - /* XXX note the following assumes that context arg isn't used */ - ret = - krb5_c_decrypt(NULL, k5key, - KRB5_KEYUSAGE_KDC_REP_TICKET, NULL, &in, &out); - if (ret) { - free(out.data); - return KFAILURE; - } else { - memcpy(tkt->dat, out.data, out.length); - memset(out.data, 0, out.length); - free(out.data); - } - } else { - pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat, - (long)tkt->length, key_s, (C_Block *)key, 0); - } -#endif /* ! NOENCRYPTION */ -#ifdef KRB_CRYPT_DEBUG - if (krb_debug) { - FILE *fp; - char *keybuf[BUFSIZ]; /* Avoid secret stuff in stdio buffers */ - - fp = fopen("/kerberos/tkt.clear", "wb"); - setbuf(fp, keybuf); - fwrite(tkt->dat, 1, tkt->length, fp); - fclose(fp); - memset(keybuf, 0, sizeof(keybuf)); /* Clear the buffer */ - } -#endif - -#define TKT_REMAIN (tkt->length - (ptr - tkt->dat)) - kret = KFAILURE; - if (TKT_REMAIN < 1) - goto cleanup; - *flags = *ptr++; - tkt_le = (*flags >> K_FLAG_ORDER) & 1; - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > ANAME_SZ) - goto cleanup; - memcpy(pname, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - goto cleanup; - memcpy(pinstance, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > REALM_SZ) - goto cleanup; - memcpy(prealm, ptr, (size_t)len); - ptr += len; - - /* - * This hack may be needed for some really krb4 servers, such as - * AFS kaserver (?), that fail to fill in the realm of a ticket - * under some circumstances. - */ - if (*prealm == '\0') - krb_get_lrealm(prealm, 1); - - /* - * Ensure there's enough remaining in the ticket to get the - * fixed-size stuff. - */ - if (TKT_REMAIN < 4 + 8 + 1 + 4) - goto cleanup; - - memcpy(&paddr.s_addr, ptr, sizeof(paddr.s_addr)); - ptr += sizeof(paddr.s_addr); - *paddress = paddr.s_addr; - - memcpy(session, ptr, 8); /* session key */ - memset(ptr, 0, 8); - ptr += 8; -#ifdef notdef /* DONT SWAP SESSION KEY spm 10/22/86 */ - if (tkt_swap_bytes) - swap_C_Block(session); -#endif - - *life = *ptr++; - - KRB4_GET32(*time_sec, ptr, tkt_le); - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > SNAME_SZ) - goto cleanup; - memcpy(sname, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, TKT_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - goto cleanup; - memcpy(sinstance, ptr, (size_t)len); - ptr += len; - kret = KSUCCESS; - -#ifdef KRB_CRYPT_DEBUG - if (krb_debug) { - krb_log("service=%s.%s len(sname)=%d, len(sinstance)=%d", - sname, sinstance, strlen(sname), strlen(sinstance)); - krb_log("ptr - tkt->dat=%d",(char *)ptr - (char *)tkt->dat); - } -#endif - -cleanup: - if (kret != KSUCCESS) { - memset(session, 0, sizeof(session)); - memset(tkt->dat, 0, (size_t)tkt->length); - return kret; - } - return KSUCCESS; -} diff --git a/src/lib/krb4/dest_tkt.c b/src/lib/krb4/dest_tkt.c deleted file mode 100644 index 69198ba6cd..0000000000 --- a/src/lib/krb4/dest_tkt.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * lib/krb4/dest_tkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include -#include -#include -#include - -#include "k5-util.h" -#define do_seteuid krb5_seteuid -#include "k5-platform.h" - -#ifdef TKT_SHMEM -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif -#include - -#ifndef O_SYNC -#define O_SYNC 0 -#endif - -/* - * dest_tkt() is used to destroy the ticket store upon logout. - * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. - * Otherwise the function returns RET_OK on success, KFAILURE on - * failure. - * - * The ticket file (TKT_FILE) is defined in "krb.h". - */ - -int KRB5_CALLCONV -dest_tkt() -{ - const char *file = TKT_FILE; - int i,fd; - int ret; - struct stat statpre, statpost; - char buf[BUFSIZ]; - uid_t me, metoo; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; - size_t shmidlen; -#endif /* TKT_SHMEM */ - - /* If ticket cache selector is null, use default cache. */ - if (file == 0) - file = tkt_string(); - - errno = 0; - ret = KSUCCESS; - me = getuid(); - metoo = geteuid(); - - if (lstat(file, &statpre) < 0) - return (errno == ENOENT) ? RET_TKFIL : KFAILURE; - /* - * This does not guard against certain cases that are vulnerable - * to race conditions, such as world-writable or group-writable - * directories that are not stickybitted, or untrusted path - * components. In all other cases, the following checks should be - * sufficient. It is assumed that the aforementioned certain - * vulnerable cases are unlikely to arise on a well-administered - * system where the user is not deliberately being stupid. - */ - if (!(statpre.st_mode & S_IFREG) || me != statpre.st_uid - || statpre.st_nlink != 1) - return KFAILURE; - /* - * Yes, we do uid twiddling here. It's not optimal, but some - * applications may expect that the ruid is what should really own - * the ticket file, e.g. setuid applications. - */ - if (me != metoo && do_seteuid(me) < 0) - return KFAILURE; - if ((fd = open(file, O_RDWR|O_SYNC, 0)) < 0) { - ret = (errno == ENOENT) ? RET_TKFIL : KFAILURE; - goto out; - } - set_cloexec_fd(fd); - /* - * Do some additional paranoid things. The worst-case situation - * is that a user may be fooled into opening a non-regular file - * briefly if the file is in a directory with improper - * permissions. - */ - if (fstat(fd, &statpost) < 0) { - (void)close(fd); - ret = KFAILURE; - goto out; - } - if (statpre.st_dev != statpost.st_dev - || statpre.st_ino != statpost.st_ino) { - (void)close(fd); - errno = 0; - ret = KFAILURE; - goto out; - } - - memset(buf, 0, BUFSIZ); - for (i = 0; i < statpost.st_size; i += BUFSIZ) - if (write(fd, buf, BUFSIZ) != BUFSIZ) { -#ifndef NO_FSYNC - (void) fsync(fd); -#endif - (void) close(fd); - goto out; - } - -#ifndef NO_FSYNC - (void) fsync(fd); -#endif - (void) close(fd); - - (void) unlink(file); - -out: - if (me != metoo && do_seteuid(metoo) < 0) - return KFAILURE; - if (ret != KSUCCESS) - return ret; - -#ifdef TKT_SHMEM - /* - * handle the shared memory case - */ - shmidlen = strlen(file) + sizeof(".shm"); - if (shmidlen > sizeof(shmidname)) - return RET_TKFIL; - (void)strcpy(shmidname, file); - (void)strcat(shmidname, ".shm"); - return krb_shm_dest(shmidname); -#else /* !TKT_SHMEM */ - return KSUCCESS; -#endif /* !TKT_SHMEM */ -} diff --git a/src/lib/krb4/err_txt.c b/src/lib/krb4/err_txt.c deleted file mode 100644 index 0c4a011586..0000000000 --- a/src/lib/krb4/err_txt.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * lib/krb4/err_txt.c - * - * Copyright 1988, 2002 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "krb4int.h" - -/* - * This is gross. We want krb_err_txt to match the contents of the - * com_err error table, but the text is static in krb_err.c. We can't - * alias it by making a pointer to it, either, so we have to suck in - * another copy of it that is named differently. */ -#if TARGET_OS_MAC && !defined(DEPEND) -#undef initialize_krb_error_table -#define initialize_krb_error_table krb4int_init_krb_err_tbl -void krb4int_init_krb_err_tbl(void); -#include "krb_err.c" -#undef initialize_krb_error_table - -/* - * Depends on the name of the static table generated by compile_et, - * but since this is only on Darwin, where we will always use a - * certain compile_et, it should be ok. - */ -const char * const * const krb_err_txt = text; -#else -#ifndef DEPEND -/* Don't put this in auto-generated dependencies. */ -#include "krb_err_txt.c" -#endif -#endif - -void initialize_krb_error_table(void); - -static int inited = 0; - -void -krb4int_et_init(void) -{ - if (inited) - return; - add_error_table(&et_krb_error_table); - inited = 1;\ -} - -void -krb4int_et_fini(void) -{ - if (inited) - remove_error_table(&et_krb_error_table); -} - -const char * KRB5_CALLCONV -krb_get_err_text(code) - int code; -{ - krb4int_et_init(); - /* - * Shift krb error code into com_err number space. - */ - if (code >= 0 && code < MAX_KRB_ERRORS) - return error_message(ERROR_TABLE_BASE_krb + code); - else - return "Invalid Kerberos error code"; -} diff --git a/src/lib/krb4/et_errtxt.awk b/src/lib/krb4/et_errtxt.awk deleted file mode 100755 index 888dad6950..0000000000 --- a/src/lib/krb4/et_errtxt.awk +++ /dev/null @@ -1,71 +0,0 @@ -/^[ \t]*(error_table|et)[ \t]+[a-zA-Z][a-zA-Z0-9_]+/ { - print "/*" > outfile - print " * " outfile ":" > outfile - print " * This file is automatically generated; please do not edit it." > outfile - print " */" > outfile - print "#if TARGET_OS_MAC" > outfile - print "const char * const * const krb_err_txt" > outfile - print "#else" > outfile - print "const char * const krb_err_txt[]" > outfile - print "#endif" > outfile - print "\t= {" > outfile - table_item_count = 0 -} - -(continuation == 1) && ($0 ~ /\\[ \t]*$/) { - text=substr($0,1,length($0)-1); -# printf "\t\t\"%s\"\n", text > outfile - cont_buf=cont_buf text; -} - -(continuation == 1) && ($0 ~ /"[ \t]*$/) { -# " -# printf "\t\t\"%s,\n", $0 > outfile - printf "\t%s,\n", cont_buf $0 > outfile - continuation = 0; -} -/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*$/ { - table_item_count++ - skipone=1 - next -} - -/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*"[ \t]*$/ { - text="" - for (i=3; i<=NF; i++) { - text = text FS $i - } - text=substr(text,2,length(text)-1); - printf "\t%s,\n", text > outfile - table_item_count++ -} -/^[ \t]*(error_code|ec)[ \t]+[A-Z_0-9]+,[ \t]*".*\\[ \t]*$/ { - text="" - for (i=3; i<=NF; i++) { - text = text FS $i - } - text=substr(text,2,length(text)-2); -# printf "\t%s\"\n", text > outfile - cont_buf=text - continuation++; -} - -/^[ \t]*".*\\[ \t]*$/ { - if (skipone) { - text=substr($0,1,length($0)-1); -# printf "\t%s\"\n", text > outfile - cont_buf=text - continuation++; - } - skipone=0 -} - -{ - if (skipone) { - printf "\t%s,\n", $0 > outfile - } - skipone=0 -} -END { - print "};" > outfile -} diff --git a/src/lib/krb4/fgetst.c b/src/lib/krb4/fgetst.c deleted file mode 100644 index e652ac93ae..0000000000 --- a/src/lib/krb4/fgetst.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * fgetst.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include "krb.h" -#include "krb4int.h" - -/* - * fgetst takes a file descriptor, a character pointer, and a count. - * It reads from the file it has either read "count" characters, or - * until it reads a null byte. When finished, what has been read exists - * in "s". If "count" characters were actually read, the last is changed - * to a null, so the returned string is always null-terminated. fgetst - * returns the number of characters read, including the null terminator. - */ - -int -fgetst(f, s, n) - FILE *f; - register char *s; - int n; -{ - register int count = n; - int ch; /* NOT char; otherwise you don't see EOF */ - - while ((ch = getc(f)) != EOF && ch && --count) { - *s++ = ch; - } - *s = '\0'; - return (n - count); -} diff --git a/src/lib/krb4/g_ad_tkt.c b/src/lib/krb4/g_ad_tkt.c deleted file mode 100644 index 353fdcee5e..0000000000 --- a/src/lib/krb4/g_ad_tkt.c +++ /dev/null @@ -1,383 +0,0 @@ -/* - * lib/krb4/g_ad_tkt.c - * - * Copyright 1986, 1987, 1988, 2000, 2001 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "des.h" -#include "krb4int.h" -#include "prot.h" -#include - -#include - -extern int krb_debug; -extern int swap_bytes; - -/* - * get_ad_tkt obtains a new service ticket from Kerberos, using - * the ticket-granting ticket which must be in the ticket file. - * It is typically called by krb_mk_req() when the client side - * of an application is creating authentication information to be - * sent to the server side. - * - * get_ad_tkt takes four arguments: three pointers to strings which - * contain the name, instance, and realm of the service for which the - * ticket is to be obtained; and an integer indicating the desired - * lifetime of the ticket. - * - * It returns an error status if the ticket couldn't be obtained, - * or AD_OK if all went well. The ticket is stored in the ticket - * cache. - * - * The request sent to the Kerberos ticket-granting service looks - * like this: - * - * pkt->dat - * - * TEXT original contents of authenticator+ticket - * pkt->dat built in krb_mk_req call - * - * 4 bytes time_ws always 0 (?) FIXME! - * char lifetime lifetime argument passed - * string service service name argument - * string sinstance service instance arg. - * - * See "prot.h" for the reply packet layout and definitions of the - * extraction macros like pkt_version(), pkt_msg_type(), etc. - */ - -/* - * g_ad_tk_parse() - * - * Parse the returned packet from the KDC. - * - * Note that the caller is responsible for clearing the returned - * session key if there is an error; that makes the error handling - * code a little less hairy. - */ -static int -g_ad_tkt_parse(KTEXT rpkt, C_Block tgtses, C_Block ses, - char *s_name, char *s_instance, char *rlm, - char *service, char *sinstance, char *realm, - int *lifetime, int *kvno, KTEXT tkt, - unsigned KRB4_32 *kdc_time, - KRB4_32 *t_local) -{ - unsigned char *ptr; - unsigned int t_switch; - int msg_byte_order; - unsigned long rep_err_code; - unsigned long cip_len; - KTEXT_ST cip_st; - KTEXT cip = &cip_st; /* Returned Ciphertext */ - Key_schedule key_s; - int len, i; - KRB4_32 t_diff; /* Difference between timestamps */ - - ptr = rpkt->dat; -#define RPKT_REMAIN (rpkt->length - (ptr - rpkt->dat)) - if (RPKT_REMAIN < 1 + 1) - return INTK_PROT; - /* check packet version of the returned packet */ - if (*ptr++ != KRB_PROT_VERSION) - return INTK_PROT; - - /* This used to be - switch (pkt_msg_type(rpkt) & ~1) { - but SCO 3.2v4 cc compiled that incorrectly. */ - t_switch = *ptr++; - /* Check byte order (little-endian == 1) */ - msg_byte_order = t_switch & 1; - t_switch &= ~1; - /* - * Skip over some stuff (3 strings and various integers -- see - * cr_auth_repl.c for details). Maybe we should actually verify - * these? - */ - for (i = 0; i < 3; i++) { - len = krb4int_strnlen((char *)ptr, RPKT_REMAIN) + 1; - if (len <= 0) - return INTK_PROT; - ptr += len; - } - switch (t_switch) { - case AUTH_MSG_KDC_REPLY: - if (RPKT_REMAIN < 4 + 1 + 4 + 1) - return INTK_PROT; - ptr += 4 + 1 + 4 + 1; - break; - case AUTH_MSG_ERR_REPLY: - if (RPKT_REMAIN < 8) - return INTK_PROT; - ptr += 4; - KRB4_GET32(rep_err_code, ptr, msg_byte_order); - return rep_err_code; - - default: - return INTK_PROT; - } - - /* Extract the ciphertext */ - if (RPKT_REMAIN < 2) - return INTK_PROT; - KRB4_GET16(cip_len, ptr, msg_byte_order); - if (RPKT_REMAIN < cip_len) - return INTK_PROT; - /* - * RPKT_REMAIN will always be non-negative and at most the maximum - * possible value of cip->length, so this assignment is safe. - */ - cip->length = cip_len; - memcpy(cip->dat, ptr, (size_t)cip->length); - ptr += cip->length; - -#ifndef NOENCRYPTION - /* Attempt to decrypt it */ - - key_sched(tgtses, key_s); - DEB (("About to do decryption ...")); - pcbc_encrypt((C_Block *)cip->dat, (C_Block *)cip->dat, - (long)cip->length, key_s, (C_Block *)tgtses, 0); -#endif /* !NOENCRYPTION */ - /* - * Stomp on key schedule. Caller should stomp on tgtses. - */ - memset(key_s, 0, sizeof(key_s)); - - ptr = cip->dat; -#define CIP_REMAIN (cip->length - (ptr - cip->dat)) - if (CIP_REMAIN < 8) - return RD_AP_MODIFIED; - memcpy(ses, ptr, 8); - /* - * Stomp on decrypted session key immediately after copying it. - */ - memset(ptr, 0, 8); - ptr += 8; - - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > SNAME_SZ) - return RD_AP_MODIFIED; - memcpy(s_name, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - return RD_AP_MODIFIED; - memcpy(s_instance, ptr, (size_t)len); - ptr += len; - - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > REALM_SZ) - return RD_AP_MODIFIED; - memcpy(rlm, ptr, (size_t)len); - ptr += len; - - if (strcmp(s_name, service) || strcmp(s_instance, sinstance) - || strcmp(rlm, realm)) /* not what we asked for */ - return INTK_ERR; /* we need a better code here XXX */ - - if (CIP_REMAIN < 1 + 1 + 1) - return RD_AP_MODIFIED; - *lifetime = *ptr++; - *kvno = *ptr++; - tkt->length = *ptr++; - - if (CIP_REMAIN < tkt->length) - return RD_AP_MODIFIED; - memcpy(tkt->dat, ptr, (size_t)tkt->length); - ptr += tkt->length; - - /* Time (coarse) */ - if (CIP_REMAIN < 4) - return RD_AP_MODIFIED; - KRB4_GET32(*kdc_time, ptr, msg_byte_order); - - /* check KDC time stamp */ - *t_local = TIME_GMT_UNIXSEC; - t_diff = *t_local - *kdc_time; - if (t_diff < 0) - t_diff = -t_diff; /* Absolute value of difference */ - if (t_diff > CLOCK_SKEW) - return RD_AP_TIME; /* XXX should probably be better code */ - - return 0; -} - -int KRB5_CALLCONV -get_ad_tkt(service, sinstance, realm, lifetime) - char *service; - char *sinstance; - char *realm; - int lifetime; -{ - KTEXT_ST pkt_st; - KTEXT pkt = & pkt_st; /* Packet to KDC */ - KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; /* Returned packet */ - KTEXT_ST tkt_st; - KTEXT tkt = &tkt_st; /* Current ticket */ - C_Block ses; /* Session key for tkt */ - CREDENTIALS cr; - int kvno; /* Kvno for session key */ - int kerror; - char lrealm[REALM_SZ]; - KRB4_32 time_ws = 0; - char s_name[SNAME_SZ]; - char s_instance[INST_SZ]; - char rlm[REALM_SZ]; - unsigned char *ptr; - KRB4_32 t_local; - struct sockaddr_in laddr; - socklen_t addrlen; - unsigned KRB4_32 kdc_time; /* KDC time */ - size_t snamelen, sinstlen; - - kerror = krb_get_tf_realm(TKT_FILE, lrealm); -#if USE_LOGIN_LIBRARY - if (kerror == GC_NOTKT) { - /* No tickets... call krb_get_cred (KLL will prompt) and try again. */ - if ((kerror = krb_get_cred ("krbtgt", realm, realm, &cr)) == KSUCCESS) { - /* Now get the realm again. */ - kerror = krb_get_tf_realm (TKT_FILE, lrealm); - } - } -#endif - if (kerror != KSUCCESS) - return kerror; - - /* Create skeleton of packet to be sent */ - pkt->length = 0; - - /* - * Look for the session key (and other stuff we don't need) - * in the ticket file for krbtgt.realm@lrealm where "realm" - * is the service's realm (passed in "realm" argument) and - * "lrealm" is the realm of our initial ticket (the local realm). - * If that fails, and the server's realm and the local realm are - * the same thing, give up - no TGT available for local realm. - * - * If the server realm and local realm are different, though, - * try getting a ticket-granting ticket for the server's realm, - * i.e. a ticket for "krbtgt.alienrealm@lrealm", by calling get_ad_tkt(). - * If that succeeds, the ticket will be in ticket cache, get it - * into the "cr" structure by calling krb_get_cred(). - */ - kerror = krb_get_cred("krbtgt", realm, lrealm, &cr); - if (kerror != KSUCCESS) { - /* - * If realm == lrealm, we have no hope, so let's not even try. - */ - if (strncmp(realm, lrealm, sizeof(lrealm)) == 0) - return AD_NOTGT; - else { - kerror = get_ad_tkt("krbtgt", realm, lrealm, lifetime); - if (kerror != KSUCCESS) { - if (kerror == KDC_PR_UNKNOWN) /* no cross-realm ticket */ - return AD_NOTGT; /* So call it no ticket */ - return kerror; - } - kerror = krb_get_cred("krbtgt",realm,lrealm,&cr); - if (kerror != KSUCCESS) - return kerror; - } - } - - /* - * Make up a request packet to the "krbtgt.realm@lrealm". - * Start by calling krb_mk_req() which puts ticket+authenticator - * into "pkt". Then tack other stuff on the end. - */ - kerror = krb_mk_req(pkt, "krbtgt", realm, lrealm, 0L); - if (kerror) { - /* stomp stomp stomp */ - memset(cr.session, 0, sizeof(cr.session)); - return AD_NOTGT; - } - - ptr = pkt->dat + pkt->length; - - snamelen = strlen(service) + 1; - sinstlen = strlen(sinstance) + 1; - if (sizeof(pkt->dat) - (ptr - pkt->dat) < (4 + 1 - + snamelen - + sinstlen)) { - /* stomp stomp stomp */ - memset(cr.session, 0, sizeof(cr.session)); - return INTK_ERR; - } - - /* timestamp */ /* FIXME -- always 0 now, should we fill it in??? */ - KRB4_PUT32BE(ptr, time_ws); - - *ptr++ = lifetime; - - memcpy(ptr, service, snamelen); - ptr += snamelen; - memcpy(ptr, sinstance, sinstlen); - ptr += sinstlen; - - pkt->length = ptr - pkt->dat; - - /* Send the request to the local ticket-granting server */ - rpkt->length = 0; - addrlen = sizeof(laddr); - kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm, - (struct sockaddr *)&laddr, &addrlen); - - if (!kerror) { - /* No error; parse return packet from KDC. */ - kerror = g_ad_tkt_parse(rpkt, cr.session, ses, - s_name, s_instance, rlm, - service, sinstance, realm, - &lifetime, &kvno, tkt, - &kdc_time, &t_local); - } - /* - * Unconditionally stomp on cr.session because we don't need it - * anymore. - */ - memset(cr.session, 0, sizeof(cr.session)); - if (kerror) { - /* - * Stomp on ses for good measure, since g_ad_tkt_parse() - * doesn't do that for us. - */ - memset(ses, 0, sizeof(ses)); - return kerror; - } - - kerror = krb4int_save_credentials_addr(s_name, s_instance, rlm, - ses, lifetime, kvno, tkt, - t_local, - laddr.sin_addr.s_addr); - /* - * Unconditionally stomp on ses because we don't need it anymore. - */ - memset(ses, 0, sizeof(ses)); - if (kerror) - return kerror; - return AD_OK; -} diff --git a/src/lib/krb4/g_cnffile.c b/src/lib/krb4/g_cnffile.c deleted file mode 100644 index 8ef38feefb..0000000000 --- a/src/lib/krb4/g_cnffile.c +++ /dev/null @@ -1,128 +0,0 @@ -/* Copyright 1994 Cygnus Support */ -/* Mark W. Eichin */ -/* - * Permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation. - * Cygnus Support makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* common code for looking at krb.conf and krb.realms file */ -/* this may be superceded by 's work for the Mac port, but - it solves a problem for now. */ - -#include -#include "krb.h" -#include "k5-int.h" -#include "krb4int.h" - -krb5_context krb5__krb4_context = 0; - -static FILE* -krb__v5_get_file(s) - const char *s; -{ - FILE *cnffile = 0; - const char* names[3]; - char **full_name = 0, **cpp; - krb5_error_code retval; - - if (!krb5__krb4_context) - krb5_init_context(&krb5__krb4_context); - names[0] = "libdefaults"; - names[1] = s; - names[2] = 0; - if (krb5__krb4_context) { - retval = profile_get_values(krb5__krb4_context->profile, names, - &full_name); - if (retval == 0 && full_name && full_name[0]) { - cnffile = fopen(full_name[0],"r"); - if (cnffile) - set_cloexec_file(cnffile); - for (cpp = full_name; *cpp; cpp++) - krb5_xfree(*cpp); - krb5_xfree(full_name); - } - } - return cnffile; -} - -char * -krb__get_srvtabname(default_srvtabname) - const char *default_srvtabname; -{ - const char* names[3]; - char **full_name = 0, **cpp; - krb5_error_code retval; - static char retname[MAXPATHLEN]; - - if (!krb5__krb4_context) - krb5_init_context(&krb5__krb4_context); - names[0] = "libdefaults"; - names[1] = "krb4_srvtab"; - names[2] = 0; - if (krb5__krb4_context) { - retval = profile_get_values(krb5__krb4_context->profile, names, - &full_name); - if (retval == 0 && full_name && full_name[0]) { - retname[0] = '\0'; - strncat(retname, full_name[0], sizeof(retname)); - for (cpp = full_name; *cpp; cpp++) - krb5_xfree(*cpp); - krb5_xfree(full_name); - return retname; - } - } - retname[0] = '\0'; - strncat(retname, default_srvtabname, sizeof(retname)); - return retname; -} - -FILE* -krb__get_cnffile() -{ - char *s; - FILE *cnffile = 0; - extern char *getenv(); - - /* standard V4 override first */ - s = getenv("KRB_CONF"); - if (s) cnffile = fopen(s,"r"); - /* if that's wrong, use V5 config */ - if (!cnffile) cnffile = krb__v5_get_file("krb4_config"); - /* and if V5 config doesn't have it, go to hard-coded values */ - if (!cnffile) cnffile = fopen(KRB_CONF,"r"); -#ifdef ATHENA_CONF_FALLBACK - if (!cnffile) cnffile = fopen(KRB_FB_CONF,"r"); -#endif - if (cnffile) - set_cloexec_file(cnffile); - return cnffile; -} - - -FILE* -krb__get_realmsfile() -{ - FILE *realmsfile = 0; - char *s; - - /* standard (not really) V4 override first */ - s = getenv("KRB_REALMS"); - if (s) realmsfile = fopen(s,"r"); - if (!realmsfile) realmsfile = krb__v5_get_file("krb4_realms"); - if (!realmsfile) realmsfile = fopen(KRB_RLM_TRANS, "r"); - -#ifdef ATHENA_CONF_FALLBACK - if (!realmsfile) realmsfile = fopen(KRB_FB_RLM_TRANS, "r"); -#endif - - if (realmsfile) - set_cloexec_file(realmsfile); - - return realmsfile; -} diff --git a/src/lib/krb4/g_cred.c b/src/lib/krb4/g_cred.c deleted file mode 100644 index 498a5f1064..0000000000 --- a/src/lib/krb4/g_cred.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * g_cred.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include -#include "krb.h" - -/* - * krb_get_cred takes a service name, instance, and realm, and a - * structure of type CREDENTIALS to be filled in with ticket - * information. It then searches the ticket file for the appropriate - * ticket and fills in the structure with the corresponding - * information from the file. If successful, it returns KSUCCESS. - * On failure it returns a Kerberos error code. - */ - -int KRB5_CALLCONV -krb_get_cred(service,instance,realm,c) - char *service; /* Service name */ - char *instance; /* Instance */ - char *realm; /* Auth domain */ - CREDENTIALS *c; /* Credentials struct */ -{ - int tf_status; /* return value of tf function calls */ - - /* Open ticket file and lock it for shared reading */ - if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) - return(tf_status); - - /* Copy principal's name and instance into the CREDENTIALS struc c */ - - if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS || - (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS ) - return (tf_status); - - /* Search for requested service credentials and copy into c */ - - while ((tf_status = tf_get_cred(c)) == KSUCCESS) { - /* Is this the right ticket? */ - if ((strcmp(c->service,service) == 0) && - (strcmp(c->instance,instance) == 0) && - (strcmp(c->realm,realm) == 0)) - break; - } - (void) tf_close(); - - if (tf_status == EOF) - return (GC_NOTKT); - return(tf_status); -} diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c deleted file mode 100644 index cf4ebd15df..0000000000 --- a/src/lib/krb4/g_in_tkt.c +++ /dev/null @@ -1,555 +0,0 @@ -/* - * lib/krb4/g_in_tkt.c - * - * Copyright 1986-2002 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "des.h" -#include "krb4int.h" -#include "prot.h" - -#include "port-sockets.h" -#include - -/* Define a couple of function types including parameters. These - are needed on MS-Windows to convert arguments of the function pointers - to the proper types during calls. These declarations are found - in , but the code below is too opaque if you can't also - see them here. */ -#ifndef KEY_PROC_TYPE_DEFINED -typedef int (*key_proc_type) (char *, char *, char *, - char *, C_Block); -#endif -#ifndef DECRYPT_TKT_TYPE_DEFINED -typedef int (*decrypt_tkt_type) (char *, char *, char *, char *, - key_proc_type, KTEXT *); -#endif - -static int decrypt_tkt(char *, char *, char *, char *, key_proc_type, KTEXT *); -static int krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *, - int, char *, int, KTEXT, int *, struct sockaddr_in *); -static int krb_parse_in_tkt_creds(char *, char *, char *, char *, char *, - int, KTEXT, int, CREDENTIALS *); - -/* - * decrypt_tkt(): Given user, instance, realm, passwd, key_proc - * and the cipher text sent from the KDC, decrypt the cipher text - * using the key returned by key_proc. - */ - -static int -decrypt_tkt(user, instance, realm, arg, key_proc, cipp) - char *user; - char *instance; - char *realm; - char *arg; - key_proc_type key_proc; - KTEXT *cipp; -{ - KTEXT cip = *cipp; - C_Block key; /* Key for decrypting cipher */ - Key_schedule key_s; - register int rc; - -#ifndef NOENCRYPTION - /* Attempt to decrypt it */ -#endif - /* generate a key from the supplied arg or password. */ - rc = (*key_proc)(user, instance, realm, arg, key); - if (rc) - return rc; - -#ifndef NOENCRYPTION - key_sched(key, key_s); - pcbc_encrypt((C_Block *)cip->dat, (C_Block *)cip->dat, - (long)cip->length, key_s, (C_Block *)key, 0); -#endif /* !NOENCRYPTION */ - /* Get rid of all traces of key */ - memset(key, 0, sizeof(key)); - memset(key_s, 0, sizeof(key_s)); - - return 0; -} - -/* - * krb_get_in_tkt() gets a ticket for a given principal to use a given - * service and stores the returned ticket and session key for future - * use. - * - * The "user", "instance", and "realm" arguments give the identity of - * the client who will use the ticket. The "service" and "sinstance" - * arguments give the identity of the server that the client wishes - * to use. (The realm of the server is the same as the Kerberos server - * to whom the request is sent.) The "life" argument indicates the - * desired lifetime of the ticket; the "key_proc" argument is a pointer - * to the routine used for getting the client's private key to decrypt - * the reply from Kerberos. The "decrypt_proc" argument is a pointer - * to the routine used to decrypt the reply from Kerberos; and "arg" - * is an argument to be passed on to the "key_proc" routine. - * - * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it - * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned - * by Kerberos, then the error code it contains is returned. Other - * error codes returned by this routine include INTK_PROT to indicate - * wrong protocol version, INTK_BADPW to indicate bad password (if - * decrypted ticket didn't make sense), INTK_ERR if the ticket was for - * the wrong server or the ticket store couldn't be initialized. - * - * The format of the message sent to Kerberos is as follows: - * - * Size Variable Field - * ---- -------- ----- - * - * 1 byte KRB_PROT_VERSION protocol version number - * 1 byte AUTH_MSG_KDC_REQUEST | message type - * HOST_BYTE_ORDER local byte order in lsb - * string user client's name - * string instance client's instance - * string realm client's realm - * 4 bytes tlocal.tv_sec timestamp in seconds - * 1 byte life desired lifetime - * string service service's name - * string sinstance service's instance - */ - -static int -krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life, - preauth_p, preauth_len, cip, byteorder, local_addr) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - char *preauth_p; - int preauth_len; - KTEXT cip; - int *byteorder; - struct sockaddr_in *local_addr; -{ - KTEXT_ST pkt_st; - KTEXT pkt = &pkt_st; /* Packet to KDC */ - KTEXT_ST rpkt_st; - KTEXT rpkt = &rpkt_st; /* Returned packet */ - unsigned char *p; - size_t userlen, instlen, realmlen, servicelen, sinstlen; - unsigned KRB4_32 t_local; - - int msg_byte_order; - int kerror; - socklen_t addrlen; -#if 0 - unsigned long exp_date; -#endif - unsigned long rep_err_code; - unsigned long cip_len; - unsigned int t_switch; - int i, len; - - /* BUILD REQUEST PACKET */ - - p = pkt->dat; - - userlen = strlen(user) + 1; - instlen = strlen(instance) + 1; - realmlen = strlen(realm) + 1; - servicelen = strlen(service) + 1; - sinstlen = strlen(sinstance) + 1; - /* Make sure the ticket data will fit into the buffer. */ - if (sizeof(pkt->dat) < (1 + 1 + userlen + instlen + realmlen - + 4 + 1 + servicelen + sinstlen - + preauth_len)) { - pkt->length = 0; - return INTK_ERR; - } - - /* Set up the fixed part of the packet */ - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_KDC_REQUEST; - - /* Now for the variable info */ - memcpy(p, user, userlen); - p += userlen; - memcpy(p, instance, instlen); - p += instlen; - memcpy(p, realm, realmlen); - p += realmlen; - - /* timestamp */ - t_local = TIME_GMT_UNIXSEC; - KRB4_PUT32BE(p, t_local); - - *p++ = life; - - memcpy(p, service, servicelen); - p += servicelen; - memcpy(p, sinstance, sinstlen); - p += sinstlen; - - if (preauth_len) - memcpy(p, preauth_p, (size_t)preauth_len); - p += preauth_len; - - pkt->length = p - pkt->dat; - - /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ - rpkt->length = 0; - addrlen = sizeof(struct sockaddr_in); - kerror = krb4int_send_to_kdc_addr(pkt, rpkt, realm, - (struct sockaddr *)local_addr, - &addrlen); - if (kerror) - return kerror; - - p = rpkt->dat; -#define RPKT_REMAIN (rpkt->length - (p - rpkt->dat)) - - /* check packet version of the returned packet */ - if (RPKT_REMAIN < 1 + 1) - return INTK_PROT; - if (*p++ != KRB_PROT_VERSION) - return INTK_PROT; - - /* This used to be - switch (pkt_msg_type(rpkt) & ~1) { - but SCO 3.2v4 cc compiled that incorrectly. */ - t_switch = *p++; - /* Check byte order */ - msg_byte_order = t_switch & 1; - t_switch &= ~1; - - /* EXTRACT INFORMATION FROM RETURN PACKET */ - - /* - * Skip over some stuff (3 strings and various integers -- see - * cr_auth_repl.c for details). - */ - for (i = 0; i < 3; i++) { - len = krb4int_strnlen((char *)p, RPKT_REMAIN) + 1; - if (len <= 0) - return INTK_PROT; - p += len; - } - switch (t_switch) { - case AUTH_MSG_KDC_REPLY: - if (RPKT_REMAIN < 4 + 1 + 4 + 1) - return INTK_PROT; - p += 4 + 1 + 4 + 1; - break; - case AUTH_MSG_ERR_REPLY: - if (RPKT_REMAIN < 8) - return INTK_PROT; - p += 4; - KRB4_GET32(rep_err_code, p, msg_byte_order); - return rep_err_code; - default: - return INTK_PROT; - } - - /* Extract the ciphertext */ - if (RPKT_REMAIN < 2) - return INTK_PROT; - KRB4_GET16(cip_len, p, msg_byte_order); - if (RPKT_REMAIN < cip_len) - return INTK_ERR; - /* - * RPKT_REMAIN will always be non-negative and at most the maximum - * possible value of cip->length, so this assignment is safe. - */ - cip->length = cip_len; - memcpy(cip->dat, p, (size_t)cip->length); - p += cip->length; - - *byteorder = msg_byte_order; - return INTK_OK; -} - -static int -krb_parse_in_tkt_creds(user, instance, realm, service, sinstance, life, cip, - byteorder, creds) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - KTEXT cip; - int byteorder; - CREDENTIALS *creds; -{ - unsigned char *ptr; - int len; - int kvno; /* Kvno for session key */ - char s_name[SNAME_SZ]; - char s_instance[INST_SZ]; - char rlm[REALM_SZ]; - KTEXT_ST tkt_st; - KTEXT tkt = &tkt_st; /* Current ticket */ - unsigned long kdc_time; /* KDC time */ - unsigned KRB4_32 t_local; /* Must be 4 bytes long for memcpy below! */ - KRB4_32 t_diff; /* Difference between timestamps */ - int lifetime; - - ptr = cip->dat; - /* Assume that cip->length >= 0 for now. */ -#define CIP_REMAIN (cip->length - (ptr - cip->dat)) - - /* Skip session key for now */ - if (CIP_REMAIN < 8) - return INTK_BADPW; - ptr += 8; - - /* extract server's name */ - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > sizeof(s_name)) - return INTK_BADPW; - memcpy(s_name, ptr, (size_t)len); - ptr += len; - - /* extract server's instance */ - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > sizeof(s_instance)) - return INTK_BADPW; - memcpy(s_instance, ptr, (size_t)len); - ptr += len; - - /* extract server's realm */ - len = krb4int_strnlen((char *)ptr, CIP_REMAIN) + 1; - if (len <= 0 || len > sizeof(rlm)) - return INTK_BADPW; - memcpy(rlm, ptr, (size_t)len); - ptr += len; - - /* extract ticket lifetime, server key version, ticket length */ - /* be sure to avoid sign extension on lifetime! */ - if (CIP_REMAIN < 3) - return INTK_BADPW; - lifetime = *ptr++; - kvno = *ptr++; - tkt->length = *ptr++; - - /* extract ticket itself */ - if (CIP_REMAIN < tkt->length) - return INTK_BADPW; - memcpy(tkt->dat, ptr, (size_t)tkt->length); - ptr += tkt->length; - - if (strcmp(s_name, service) || strcmp(s_instance, sinstance) - || strcmp(rlm, realm)) /* not what we asked for */ - return INTK_ERR; /* we need a better code here XXX */ - - /* check KDC time stamp */ - if (CIP_REMAIN < 4) - return INTK_BADPW; - KRB4_GET32(kdc_time, ptr, byteorder); - - t_local = TIME_GMT_UNIXSEC; - t_diff = t_local - kdc_time; - if (t_diff < 0) - t_diff = -t_diff; /* Absolute value of difference */ - if (t_diff > CLOCK_SKEW) { - return RD_AP_TIME; /* XXX should probably be better code */ - } - - /* stash ticket, session key, etc. for future use */ - strncpy(creds->service, s_name, sizeof(creds->service)); - strncpy(creds->instance, s_instance, sizeof(creds->instance)); - strncpy(creds->realm, rlm, sizeof(creds->realm)); - memmove(creds->session, cip->dat, sizeof(C_Block)); - creds->lifetime = lifetime; - creds->kvno = kvno; - creds->ticket_st.length = tkt->length; - memmove(creds->ticket_st.dat, tkt->dat, (size_t)tkt->length); - creds->issue_date = t_local; - strncpy(creds->pname, user, sizeof(creds->pname)); - strncpy(creds->pinst, instance, sizeof(creds->pinst)); - - return INTK_OK; -} - -int -krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, - arg, preauth_p, preauth_len, creds, laddrp) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - key_proc_type key_proc; - decrypt_tkt_type decrypt_proc; - char *arg; - char *preauth_p; - int preauth_len; - CREDENTIALS *creds; - KRB_UINT32 *laddrp; -{ - int ok; - char key_string[BUFSIZ]; - KTEXT_ST cip_st; - KTEXT cip = &cip_st; /* Returned Ciphertext */ - int kerror; - int byteorder; - key_proc_type *keyprocs = krb_get_keyprocs (key_proc); - int i = 0; - struct sockaddr_in local_addr; - - kerror = krb_mk_in_tkt_preauth(user, instance, realm, - service, sinstance, - life, preauth_p, preauth_len, - cip, &byteorder, &local_addr); - if (kerror) - return kerror; - - /* If arg is null, we have to prompt for the password. decrypt_tkt, by - way of the *_passwd_to_key functions, will prompt if the password is - NULL, but that means that each separate encryption type will prompt - separately. Obtain the password first so that we can try multiple - encryption types without re-prompting. - - Don't, however, prompt on a Windows or Macintosh environment, since - that's harder. Rely on our caller to do it. */ -#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY)) - if (arg == NULL) { - ok = des_read_pw_string(key_string, sizeof(key_string), "Password", 0); - if (ok != 0) - return ok; - arg = key_string; - } -#endif - - /* Attempt to decrypt the reply. Loop trying password_to_key algorithms - until we succeed or we get an error other than "bad password" */ - do { - KTEXT_ST cip_copy_st; - memcpy(&cip_copy_st, &cip_st, sizeof(cip_st)); - cip = &cip_copy_st; - if (decrypt_proc == NULL) { - decrypt_tkt (user, instance, realm, arg, keyprocs[i], &cip); - } else { - (*decrypt_proc)(user, instance, realm, arg, keyprocs[i], &cip); - } - kerror = krb_parse_in_tkt_creds(user, instance, realm, - service, sinstance, life, cip, byteorder, creds); - } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW)); - cip = &cip_st; - - /* Fill in the local address if the caller wants it */ - if (laddrp != NULL) { - *laddrp = local_addr.sin_addr.s_addr; - } - - /* stomp stomp stomp */ - memset(key_string, 0, sizeof(key_string)); - memset(cip->dat, 0, (size_t)cip->length); - return kerror; -} - -int KRB5_CALLCONV -krb_get_in_tkt_creds(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, arg, creds) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - key_proc_type key_proc; - decrypt_tkt_type decrypt_proc; - char *arg; - CREDENTIALS *creds; -{ -#if TARGET_OS_MAC - KRB_UINT32 *laddrp = &creds->address; -#else - KRB_UINT32 *laddrp = NULL; /* Only the Mac stores the address */ -#endif - - return krb_get_in_tkt_preauth_creds(user, instance, realm, - service, sinstance, life, - key_proc, decrypt_proc, arg, - NULL, 0, creds, laddrp); -} - -int KRB5_CALLCONV -krb_get_in_tkt_preauth(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, - arg, preauth_p, preauth_len) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - key_proc_type key_proc; - decrypt_tkt_type decrypt_proc; - char *arg; - char *preauth_p; - int preauth_len; -{ - int retval; - KRB_UINT32 laddr; - CREDENTIALS creds; - - do { - retval = krb_get_in_tkt_preauth_creds(user, instance, realm, - service, sinstance, life, - key_proc, decrypt_proc, - arg, preauth_p, preauth_len, - &creds, &laddr); - if (retval != KSUCCESS) break; - if (krb_in_tkt(user, instance, realm) != KSUCCESS) { - retval = INTK_ERR; - break; - } - retval = krb4int_save_credentials_addr(creds.service, creds.instance, - creds.realm, creds.session, - creds.lifetime, creds.kvno, - &creds.ticket_st, - creds.issue_date, laddr); - if (retval != KSUCCESS) break; - } while (0); - memset(&creds, 0, sizeof(creds)); - return retval; -} - -int KRB5_CALLCONV -krb_get_in_tkt(user, instance, realm, service, sinstance, life, - key_proc, decrypt_proc, arg) - char *user; - char *instance; - char *realm; - char *service; - char *sinstance; - int life; - key_proc_type key_proc; - decrypt_tkt_type decrypt_proc; - char *arg; -{ - return krb_get_in_tkt_preauth(user, instance, realm, - service, sinstance, life, - key_proc, decrypt_proc, arg, - NULL, 0); -} diff --git a/src/lib/krb4/g_phost.c b/src/lib/krb4/g_phost.c deleted file mode 100644 index ba1108f215..0000000000 --- a/src/lib/krb4/g_phost.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * lib/krb4/g_phost.c - * - * Copyright 1988, 2001 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" - -#include -#include -#include -#include "port-sockets.h" - -/* - * This routine takes an alias for a host name and returns the first - * field, lower case, of its domain name. For example, if "menel" is - * an alias for host officially named "menelaus" (in /etc/hosts), for - * the host whose official name is "MENELAUS.MIT.EDU", the name "menelaus" - * is returned. - * - * This is done for historical Athena reasons: the Kerberos name of - * rcmd servers (rlogin, rsh, rcp) is of the form "rcmd.host@realm" - * where "host"is the lowercase for of the host name ("menelaus"). - * This should go away: the instance should be the domain name - * (MENELAUS.MIT.EDU). But for now we need this routine... - * - * A pointer to the name is returned, if found, otherwise a pointer - * to the original "alias" argument is returned. - */ - -char * KRB5_CALLCONV -krb_get_phost(alias) - char *alias; -{ - struct hostent *h; - char *p; - unsigned char *ucp; - static char hostname_mem[MAXHOSTNAMELEN]; -#ifdef DO_REVERSE_RESOLVE - char *rev_addr; int rev_type, rev_len; -#endif - - if ((h=gethostbyname(alias)) != (struct hostent *)NULL ) { -#ifdef DO_REVERSE_RESOLVE - if (! h->h_addr_list ||! h->h_addr_list[0]) { - return(0); - } - rev_type = h->h_addrtype; - rev_len = h->h_length; - rev_addr = malloc(rev_len); - _fmemcpy(rev_addr, h->h_addr_list[0], rev_len); - h = gethostbyaddr(rev_addr, rev_len, rev_type); - free(rev_addr); - if (h == 0) { - return (0); - } -#endif - /* We don't want to return a *, so we copy to a safe location. */ - strncpy (hostname_mem, h->h_name, sizeof (hostname_mem)); - /* Bail out if h_name is too long. */ - if (hostname_mem[MAXHOSTNAMELEN-1] != '\0') - return NULL; - p = strchr( hostname_mem, '.' ); - if (p) - *p = 0; - ucp = (unsigned char *)hostname_mem; - do { - if (isupper(*ucp)) *ucp=tolower(*ucp); - } while (*ucp++); - } - return(hostname_mem); -} diff --git a/src/lib/krb4/g_pw_in_tkt.c b/src/lib/krb4/g_pw_in_tkt.c deleted file mode 100644 index 4382161e0c..0000000000 --- a/src/lib/krb4/g_pw_in_tkt.c +++ /dev/null @@ -1,341 +0,0 @@ -/* - * lib/krb4/g_pw_in_tkt.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include "krb.h" -#include "krb4int.h" -#include "krb_err.h" -#include "prot.h" -#include - -#ifndef NULL -#define NULL 0 -#endif - -#ifndef INTK_PW_NULL -#define INTK_PW_NULL KRBET_GT_PW_NULL -#endif - -/* - * This file contains one routine: krb_get_pw_in_tkt() gets an initial ticket for - * a user. - */ - -/* - * krb_get_pw_in_tkt() takes the name of the server for which the initial - * ticket is to be obtained, the name of the principal the ticket is - * for, the desired lifetime of the ticket, and the user's password. - * It passes its arguments on to krb_get_in_tkt(), which contacts - * Kerberos to get the ticket, decrypts it using the password provided, - * and stores it away for future use. - * - * On a Unix system, krb_get_pw_in_tkt() is able to prompt the user - * for a password, if the supplied password is null. On a a non Unix - * system, it now requires the caller to supply a non-null password. - * This is because of the complexities of prompting the user in a - * non-terminal-oriented environment like the Macintosh (running in a - * driver) or MS-Windows (in a DLL). - * - * krb_get_pw_in_tkt() passes two additional arguments to - * krb_get_in_tkt(): a routine to be used to get the password in case - * the "password" argument is null and NULL for the decryption - * procedure indicating that krb_get_in_tkt should use the default - * method of decrypting the response from the KDC. - * - * The result of the call to krb_get_in_tkt() is returned. - */ - -int KRB5_CALLCONV -krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *password; -{ -#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY) - /* In spite of the comments above, we don't allow that path here, - to simplify coding the non-UNIX clients. The only code that now - depends on this behavior is the preauth support, which has a - seperate function without this trap. Strictly speaking, this - is an API change. */ - - if (password == 0) - return INTK_PW_NULL; -#endif - - return(krb_get_in_tkt(user,instance,realm,service,sinstance,life, - (key_proc_type)NULL, /* krb_get_in_tkt will try them all */ - (decrypt_tkt_type)NULL, password)); -} - -int KRB5_CALLCONV -krb_get_pw_in_tkt_creds( - char *user, char *instance, char *realm, char *service, char *sinstance, - int life, char *password, CREDENTIALS *creds) -{ - return krb_get_in_tkt_creds(user, instance, realm, - service, sinstance, life, - (key_proc_type)NULL, /* krb_get_in_tkt_creds will try them all */ - NULL, password, creds); -} - - -/* - * krb_get_pw_in_tkt_preauth() gets handed the password or key explicitly, - * since the whole point of "pre" authentication is to prove that we've - * already got the key, and the only way to do that is to ask the user - * for it. Clearly we shouldn't ask twice. - */ - -static C_Block old_key; - -static int stub_key(user,instance,realm,passwd,key) - char *user, *instance, *realm, *passwd; - C_Block key; -{ - (void) memcpy((char *) key, (char *) old_key, sizeof(old_key)); - return 0; -} - -int KRB5_CALLCONV -krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *password; -{ - char *preauth_p; - int preauth_len; - int ret_st; - key_proc_type *keyprocs = krb_get_keyprocs (NULL); - int i = 0; - -#if defined(_WIN32) || (defined(USE_LOGIN_LIBRARY) && USE_LOGIN_LIBRARY) - /* On non-Unix systems, we can't handle a null password, because - passwd_to_key can't handle prompting for the password. */ - if (password == 0) - return INTK_PW_NULL; -#endif - - /* Loop trying all the key_proc types */ - do { - krb_mk_preauth(&preauth_p, &preauth_len, keyprocs[i], - user, instance, realm, password, old_key); - ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life, - (key_proc_type) stub_key, - (decrypt_tkt_type) NULL, password, - preauth_p, preauth_len); - - krb_free_preauth(preauth_p, preauth_len); - } while ((keyprocs[++i] != NULL) && (ret_st == INTK_BADPW)); - - return ret_st; -} - -/* FIXME! This routine belongs in the krb library and should simply - be shared between the encrypted and NOENCRYPTION versions! */ - -#ifdef NOENCRYPTION -/* - * This routine prints the supplied string to standard - * output as a prompt, and reads a password string without - * echoing. - */ - -#include -#ifdef BSDUNIX -#include -#include -#include -#include -#else -int strcmp(); -#endif -#if defined(__svr4__) || defined(__SVR4) -#include -#endif - -#ifdef BSDUNIX -static jmp_buf env; -#endif - -#ifdef BSDUNIX -static void sig_restore(); -static push_signals(), pop_signals(); -int placebo_read_pw_string(); -#endif - -/*** Routines ****************************************************** */ -int -placebo_read_password(k,prompt,verify) - des_cblock *k; - char *prompt; - int verify; -{ - int ok; - char key_string[BUFSIZ]; - -#ifdef BSDUNIX - if (setjmp(env)) { - ok = -1; - goto lose; - } -#endif - - ok = placebo_read_pw_string(key_string, BUFSIZ, prompt, verify); - if (ok == 0) - memset(k, 0, sizeof(C_Block)); - -lose: - memset(key_string, 0, sizeof (key_string)); - return ok; -} - -/* - * This version just returns the string, doesn't map to key. - * - * Returns 0 on success, non-zero on failure. - */ - -int -placebo_read_pw_string(s,max,prompt,verify) - char *s; - int max; - char *prompt; - int verify; -{ - int ok = 0; - char *ptr; - -#ifdef BSDUNIX - jmp_buf old_env; - struct sgttyb tty_state; -#endif - char key_string[BUFSIZ]; - - if (max > BUFSIZ) { - return -1; - } - -#ifdef BSDUNIX - memcpy(env, old_env, sizeof(env)); - if (setjmp(env)) - goto lose; - - /* save terminal state */ - if (ioctl(0,TIOCGETP,&tty_state) == -1) - return -1; - - push_signals(); - /* Turn off echo */ - tty_state.sg_flags &= ~ECHO; - if (ioctl(0,TIOCSETP,&tty_state) == -1) - return -1; -#endif - while (!ok) { - printf(prompt); - fflush(stdout); -#ifdef CROSSMSDOS - h19line(s,sizeof(s),0); - if (!strlen(s)) - continue; -#else - if (!fgets(s, max, stdin)) { - clearerr(stdin); - continue; - } - if ((ptr = strchr(s, '\n'))) - *ptr = '\0'; -#endif - if (verify) { - printf("\nVerifying, please re-enter %s",prompt); - fflush(stdout); -#ifdef CROSSMSDOS - h19line(key_string,sizeof(key_string),0); - if (!strlen(key_string)) - continue; -#else - if (!fgets(key_string, sizeof(key_string), stdin)) { - clearerr(stdin); - continue; - } - if ((ptr = strchr(key_string, '\n'))) - *ptr = '\0'; -#endif - if (strcmp(s,key_string)) { - printf("\n\07\07Mismatch - try again\n"); - fflush(stdout); - continue; - } - } - ok = 1; - } - -#ifdef BSDUNIX -lose: - if (!ok) - memset(s, 0, max); - printf("\n"); - /* turn echo back on */ - tty_state.sg_flags |= ECHO; - if (ioctl(0,TIOCSETP,&tty_state)) - ok = 0; - pop_signals(); - memcpy(old_env, env, sizeof(env)); -#endif - if (verify) - memset(key_string, 0, sizeof (key_string)); - s[max-1] = 0; /* force termination */ - return !ok; /* return nonzero if not okay */ -} - -#ifdef BSDUNIX -/* - * this can be static since we should never have more than - * one set saved.... - */ -static sigtype (*old_sigfunc[NSIG])(); - -static push_signals() -{ - register i; - for (i = 0; i < NSIG; i++) - old_sigfunc[i] = signal(i,sig_restore); -} - -static pop_signals() -{ - register i; - for (i = 0; i < NSIG; i++) - signal(i,old_sigfunc[i]); -} - -static void sig_restore(sig,code,scp) - int sig,code; - struct sigcontext *scp; -{ - longjmp(env,1); -} -#endif -#endif /* NOENCRYPTION */ diff --git a/src/lib/krb4/g_pw_tkt.c b/src/lib/krb4/g_pw_tkt.c deleted file mode 100644 index f074fbc6c2..0000000000 --- a/src/lib/krb4/g_pw_tkt.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * g_pw_tkt.c - * - * Copyright 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" - -/* - * Get a ticket for the password-changing server ("changepw.KRB_MASTER"). - * - * Given the name, instance, realm, and current password of the - * principal for which the user wants a password-changing-ticket, - * return either: - * - * GT_PW_BADPW if current password was wrong, - * GT_PW_NULL if principal had a NULL password, - * or the result of the krb_get_pw_in_tkt() call. - * - * First, try to get a ticket for "user.instance@realm" to use the - * "changepw.KRB_MASTER" server (KRB_MASTER is defined in "krb.h"). - * The requested lifetime for the ticket is "1", and the current - * password is the "cpw" argument given. - * - * If the password was bad, give up. - * - * If the principal had a NULL password in the Kerberos database - * (indicating that the principal is known to Kerberos, but hasn't - * got a password yet), try instead to get a ticket for the principal - * "default.changepw@realm" to use the "changepw.KRB_MASTER" server. - * Use the password "changepwkrb" instead of "cpw". Return GT_PW_NULL - * if all goes well, otherwise the error. - * - * If this routine succeeds, a ticket and session key for either the - * principal "user.instance@realm" or "default.changepw@realm" to use - * the password-changing server will be in the user's ticket file. - */ - -int KRB5_CALLCONV -get_pw_tkt(user,instance,realm,cpw) - char *user; - char *instance; - char *realm; - char *cpw; -{ - int kerror; - - kerror = krb_get_pw_in_tkt(user, instance, realm, "changepw", - KRB_MASTER, 1, cpw); - - if (kerror == INTK_BADPW) - return(GT_PW_BADPW); - - if (kerror == KDC_NULL_KEY) { - kerror = krb_get_pw_in_tkt("default","changepw",realm,"changepw", - KRB_MASTER,1,"changepwkrb"); - if (kerror) - return(kerror); - return(GT_PW_NULL); - } - - return(kerror); -} diff --git a/src/lib/krb4/g_svc_in_tkt.c b/src/lib/krb4/g_svc_in_tkt.c deleted file mode 100644 index 7ed4efd2a8..0000000000 --- a/src/lib/krb4/g_svc_in_tkt.c +++ /dev/null @@ -1,152 +0,0 @@ -/* - * lib/krb4/g_svc_in_tkt.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include -#include "krb.h" -#include "prot.h" -#include "krb4int.h" - -/* - * This file contains two routines: srvtab_to_key(), which gets - * a server's key from a srvtab file, and krb_get_svc_in_tkt() which - * gets an initial ticket for a server. - */ - -/* - * srvtab_to_key(): given a "srvtab" file (where the keys for the - * service on a host are stored), return the private key of the - * given service (user.instance@realm). - * - * srvtab_to_key() passes its arguments on to read_service_key(), - * plus one additional argument, the key version number. - * (Currently, the key version number is always 0; this value - * is treated as a wildcard by read_service_key().) - * - * If the "srvtab" argument is null, KEYFILE (defined in "krb.h") - * is passed in its place. - * - * It returns the return value of the read_service_key() call. - * The service key is placed in "key". - */ - -static int srvtab_to_key(user, instance, realm, srvtab, key) - char *user, *instance, *realm, *srvtab; - C_Block key; -{ - if (!srvtab) - srvtab = KEYFILE; - - return(read_service_key(user, instance, realm, 0, srvtab, - (char *)key)); -} - -/* - * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), - * plus two additional arguments: a pointer to the srvtab_to_key() - * function to be used to get the key from the key file and a NULL - * for the decryption procedure indicating that krb_get_in_tkt should - * use the default method of decrypting the response from the KDC. - * - * It returns the return value of the krb_get_in_tkt() call. - */ - -int KRB5_CALLCONV -krb_get_svc_in_tkt(user, instance, realm, service, sinstance, life, srvtab) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *srvtab; -{ - return(krb_get_in_tkt(user, instance, realm, service, sinstance, life, - (key_proc_type) srvtab_to_key, NULL, srvtab)); -} - -/* and we need a preauth version as well. */ -static C_Block old_key; - -static int stub_key(user,instance,realm,passwd,key) - char *user, *instance, *realm, *passwd; - C_Block key; -{ - memcpy(key, old_key, sizeof(C_Block)); - return 0; -} - -int -krb_get_svc_in_tkt_preauth(user, instance, realm, service, sinstance, life, srvtab) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *srvtab; -{ - char *preauth_p; - int preauth_len; - int ret_st; - - krb_mk_preauth(&preauth_p, &preauth_len, - (key_proc_type) srvtab_to_key, user, instance, realm, - srvtab, old_key); - ret_st = krb_get_in_tkt_preauth(user,instance,realm,service,sinstance,life, - (key_proc_type) stub_key, NULL, srvtab, - preauth_p, preauth_len); - - krb_free_preauth(preauth_p, preauth_len); - return ret_st; -} - -/* DEC's dss-kerberos adds krb_svc_init; simple enough */ - -int -krb_svc_init(user,instance,realm,lifetime,srvtab_file,tkt_file) - char *user; - char *instance; - char *realm; - int lifetime; - char *srvtab_file; - char *tkt_file; -{ - if (tkt_file) - krb_set_tkt_string(tkt_file); - - return krb_get_svc_in_tkt(user,instance,realm, - KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file); -} - - -int -krb_svc_init_preauth(user,instance,realm,lifetime,srvtab_file,tkt_file) - char *user; - char *instance; - char *realm; - int lifetime; - char *srvtab_file; - char *tkt_file; -{ - if (tkt_file) - krb_set_tkt_string(tkt_file); - - return krb_get_svc_in_tkt_preauth(user,instance,realm, - KRB_TICKET_GRANTING_TICKET,realm,lifetime,srvtab_file); -} diff --git a/src/lib/krb4/g_tf_fname.c b/src/lib/krb4/g_tf_fname.c deleted file mode 100644 index e03fe24b10..0000000000 --- a/src/lib/krb4/g_tf_fname.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * g_tf_fname.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" -#include -#include /* For EOF */ - -/* - * This file contains a routine to extract the fullname of a user - * from the ticket file. - */ - -/* - * krb_get_tf_fullname() takes four arguments: the name of the - * ticket file, and variables for name, instance, and realm to be - * returned in. Since the realm of a ticket file is not really fully - * supported, the realm used will be that of the the first ticket in - * the file as this is the one that was obtained with a password by - * krb_get_in_tkt(). - */ - -int KRB5_CALLCONV -krb_get_tf_fullname(ticket_file, name, instance, realm) - const char *ticket_file; - char *name; - char *instance; - char *realm; -{ - int tf_status; - CREDENTIALS c; - - /* If ticket cache selector is null, use default cache. */ - if (ticket_file == 0) - ticket_file = tkt_string(); - - if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS) - return(tf_status); - - if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || - ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) - return (tf_status); - - if (name) - strcpy(name, c.pname); - if (instance) - strcpy(instance, c.pinst); - if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { - if (realm) - strcpy(realm, c.realm); - } - else { - if (tf_status == EOF) - return(KFAILURE); - else - return(tf_status); - } - (void) tf_close(); - - return(tf_status); -} diff --git a/src/lib/krb4/g_tkt_svc.c b/src/lib/krb4/g_tkt_svc.c deleted file mode 100644 index d9a2d9f620..0000000000 --- a/src/lib/krb4/g_tkt_svc.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * g_tkt_svc.c - * - * Gets a ticket for a service. Adopted from KClient. - */ - -#include -#include "krb.h" -#include "port-sockets.h" - -/* FIXME -- this should probably be calling mk_auth nowadays. */ -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ - - -static int -ParseFullName(name, instance, realm, fname) - char *name; - char *instance; - char *realm; - char *fname; -{ - int err; - - if (!*fname) return KNAME_FMT; /* null names are not OK */ - *instance = '\0'; - err = kname_parse(name,instance,realm,fname); - if (err) return err; - if (!*name) return KNAME_FMT; /* null names are not OK */ - if (!*realm) { - if ((err = krb_get_lrealm (realm, 1))) - return err; - if (!*realm) return KNAME_FMT; /* FIXME -- should give better error */ - } - return KSUCCESS; -} - - - -static void -CopyTicket(dest, src, numBytes, version, includeVersion) - char *dest; - KTEXT src; - unsigned KRB4_32 *numBytes; - char *version; - int includeVersion; -{ - unsigned KRB4_32 tkt_len; - unsigned KRB4_32 nbytes = 0; - - /* first put version info into the buffer */ - if (includeVersion) { - (void) strncpy(dest, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); - (void) strncpy(dest+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN); - nbytes = 2*KRB_SENDAUTH_VLEN; - } - - /* put ticket length into buffer */ - tkt_len = htonl((unsigned long) src->length); - (void) memcpy((char *)(dest+nbytes), (char *) &tkt_len, sizeof(tkt_len)); - nbytes += sizeof(tkt_len); - - /* put ticket into buffer */ - (void) memcpy ((char *)(dest+nbytes), (char *) src->dat, src->length); - nbytes += src->length; - - *numBytes = nbytes; -} - - -static int -CredIsExpired( cr ) - CREDENTIALS *cr; -{ - KRB4_32 now; - - /* This routine is for use with clients only in order to determine - if a credential is still good. - Note: twice CLOCK_SKEW was added to age of ticket so that we could - be more sure that the ticket was good. - FIXME: I think this is a bug -- should use the same algorithm - everywhere to determine ticket expiration. */ - - now = TIME_GMT_UNIXSEC; - return now + 2 * CLOCK_SKEW > krb_life_to_time(cr->issue_date, - cr->lifetime); -} - - -/* - * Gets a ticket and returns it to application in buf - -> service Formal Kerberos name of service - -> buf Buffer to receive ticket - -> checksum checksum for this service - <-> buflen length of ticket buffer (must be at least - 1258 bytes) - <- sessionKey for internal use - <- schedule for internal use - - * Result is: - * GC_NOTKT if there is no matching TGT in the cache - * MK_AP_TGTEXP if the matching TGT is expired - * Other errors possible. These could cause a dialogue with the user - * to get a new TGT. - */ - -int KRB5_CALLCONV -krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey, - schedule, version, includeVersion) - char *serviceName; - char *buf; - unsigned KRB4_32 *buflen; - int checksum; - des_cblock sessionKey; - Key_schedule schedule; - char *version; - int includeVersion; -{ - char service[SNAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; - int err; - char lrealm[REALM_SZ]; - CREDENTIALS cr; - - service[0] = '\0'; - instance[0] = '\0'; - realm[0] = '\0'; - - /* parse out service name */ - - err = ParseFullName(service, instance, realm, serviceName); - if (err) - return err; - - if ((err = krb_get_tf_realm(TKT_FILE, lrealm)) != KSUCCESS) - return(err); - - /* Make sure we have an intial ticket for the user in this realm - Check local realm, not realm for service since krb_mk_req will - get additional krbtgt if necessary. This is so that inter-realm - works without asking for a password twice. - FIXME gnu - I think this is a bug. We should allow direct - authentication to the desired realm, regardless of what the "local" - realm is. I fixed it. FIXME -- not quite right. */ - err = krb_get_cred (KRB_TICKET_GRANTING_TICKET, realm, lrealm, &cr); - if (err) - return err; - - err = CredIsExpired(&cr); - if (err) - return RD_AP_EXP; /* Expired ticket */ - - /* Get a ticket for the service */ - err = krb_mk_req(&(cr.ticket_st),service,instance,realm,checksum); - if (err) - return err; - - CopyTicket(buf, &(cr.ticket_st), buflen, version, includeVersion); - - /* get the session key for later use in deciphering the server response */ - err = krb_get_cred(service,instance,realm,&cr); - if (err) - return err; - memcpy((char *)sessionKey, (char *)cr.session, sizeof(C_Block)); - err = key_sched(sessionKey, schedule); - if (err) - return KFAILURE; /* Bad DES key for some reason (FIXME better error) */ - - else - return KSUCCESS; - -} - - diff --git a/src/lib/krb4/gethostname.c b/src/lib/krb4/gethostname.c deleted file mode 100644 index cc40dd0781..0000000000 --- a/src/lib/krb4/gethostname.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * gethostname.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" -#include "krb4int.h" -#include "autoconf.h" - -#ifdef HAVE_UNISTD_H -#include -#endif - -#ifndef GETHOSTNAME -#define GETHOSTNAME gethostname /* A rather simple default */ -#endif - -/* - * Return the local host's name in "name", up to "namelen" characters. - * "name" will be null-terminated if "namelen" is big enough. - * The return code is 0 on success, -1 on failure. (The calling - * interface is identical to BSD gethostname(2).) - */ - -int -k_gethostname(name, namelen) - char *name; - int namelen; -{ - return GETHOSTNAME(name, namelen); -} diff --git a/src/lib/krb4/getst.c b/src/lib/krb4/getst.c deleted file mode 100644 index 336170d419..0000000000 --- a/src/lib/krb4/getst.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * getst.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" -#include "krb4int.h" -#include "autoconf.h" -#ifdef HAVE_UNISTD_H -#include -#endif - -/* - * getst() takes a file descriptor, a string and a count. It reads - * from the file until either it has read "count" characters, or until - * it reads a null byte. When finished, what has been read exists in - * the given string "s". If "count" characters were actually read, the - * last is changed to a null, so the returned string is always null- - * terminated. getst() returns the number of characters read, including - * the null terminator. - */ - -int -getst(fd, s, n) - int fd; - register char *s; - int n; -{ - register int count = n; - while (read(fd, s, 1) > 0 && --count) - if (*s++ == '\0') - return (n - count); - *s = '\0'; - return (n - count); -} diff --git a/src/lib/krb4/in_tkt.c b/src/lib/krb4/in_tkt.c deleted file mode 100644 index e2d071aece..0000000000 --- a/src/lib/krb4/in_tkt.c +++ /dev/null @@ -1,205 +0,0 @@ -/* - * lib/krb4/in_tkt.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include -#include -#include "krb.h" -#include -#include -#include "autoconf.h" -#ifdef TKT_SHMEM -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif - -extern int krb_debug; - -/* - * in_tkt() is used to initialize the ticket store. It creates the - * file to contain the tickets and writes the given user's name "pname" - * and instance "pinst" in the file. in_tkt() returns KSUCCESS on - * success, or KFAILURE if something goes wrong. - */ - -#include "k5-util.h" -#define do_seteuid krb5_seteuid -#include "k5-platform.h" - -#ifndef O_SYNC -#define O_SYNC 0 -#endif - -int KRB5_CALLCONV -in_tkt(pname,pinst) - char *pname; - char *pinst; -{ - int tktfile; - uid_t me, metoo, getuid(), geteuid(); - struct stat statpre, statpost; - int count; - const char *file = TKT_FILE; - int fd; - register int i; - char charbuf[BUFSIZ]; - mode_t mask; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; -#endif /* TKT_SHMEM */ - - /* If ticket cache selector is null, use default cache. */ - if (file == 0) - file = tkt_string(); - - me = getuid (); - metoo = geteuid(); - if (lstat(file, &statpre) == 0) { - if (statpre.st_uid != me || !(statpre.st_mode & S_IFREG) - || statpre.st_nlink != 1 || statpre.st_mode & 077) { - if (krb_debug) - fprintf(stderr,"Error initializing %s",file); - return(KFAILURE); - } - /* - * Yes, we do uid twiddling here. It's not optimal, but some - * applications may expect that the ruid is what should really - * own the ticket file, e.g. setuid applications. - */ - if (me != metoo && do_seteuid(me) < 0) - return KFAILURE; - /* file already exists, and permissions appear ok, so nuke it */ - fd = open(file, O_RDWR|O_SYNC, 0); - if (fd >= 0) - set_cloexec_fd(fd); - (void)unlink(file); - if (me != metoo && do_seteuid(metoo) < 0) - return KFAILURE; - if (fd < 0) { - goto out; /* can't zero it, but we can still try truncating it */ - } - - /* - * Do some additional paranoid things. The worst-case - * situation is that a user may be fooled into opening a - * non-regular file briefly if the file is in a directory with - * improper permissions. - */ - if (fstat(fd, &statpost) < 0) { - (void)close(fd); - goto out; - } - if (statpre.st_dev != statpost.st_dev - || statpre.st_ino != statpost.st_ino) { - (void)close(fd); - errno = 0; - goto out; - } - - memset(charbuf, 0, sizeof(charbuf)); - - for (i = 0; i < statpost.st_size; i += sizeof(charbuf)) - if (write(fd, charbuf, sizeof(charbuf)) != sizeof(charbuf)) { -#ifndef NO_FSYNC - (void) fsync(fd); -#endif - (void) close(fd); - goto out; - } - -#ifndef NO_FSYNC - (void) fsync(fd); -#endif - (void) close(fd); - } - out: - /* arrange so the file is owned by the ruid - (swap real & effective uid if necessary). - This isn't a security problem, since the ticket file, if it already - exists, has the right uid (== ruid) and mode. */ - if (me != metoo) { - if (do_seteuid(me) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("in_tkt: seteuid"); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %d and %d\n",(int) metoo, (int) me); - } - /* Set umask to ensure that we have write access on the created - ticket file. */ - mask = umask(077); - tktfile = open(file, O_RDWR|O_SYNC|O_CREAT|O_EXCL, 0600); - if (tktfile >= 0) - set_cloexec_fd(tktfile); - umask(mask); - if (me != metoo) { - if (do_seteuid(metoo) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("in_tkt: seteuid2"); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %d and %d\n", (int) me, (int) metoo); - } - if (tktfile < 0) { - if (krb_debug) - fprintf(stderr,"Error initializing %s",TKT_FILE); - return(KFAILURE); - } - count = strlen(pname)+1; - if (write(tktfile,pname,count) != count) { - (void) close(tktfile); - return(KFAILURE); - } - count = strlen(pinst)+1; - if (write(tktfile,pinst,count) != count) { - (void) close(tktfile); - return(KFAILURE); - } - (void) close(tktfile); -#ifdef TKT_SHMEM - (void) strncpy(shmidname, file, sizeof(shmidname) - 1); - shmidname[sizeof(shmidname) - 1] = '\0'; - (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname)); - return(krb_shm_create(shmidname)); -#else /* !TKT_SHMEM */ - return(KSUCCESS); -#endif /* TKT_SHMEM */ -} - -int KRB5_CALLCONV -krb_in_tkt(pname, pinst, prealm) - char *pname; - char *pinst; - char *prealm; -{ - return in_tkt(pname, pinst); -} diff --git a/src/lib/krb4/kadm_err.et b/src/lib/krb4/kadm_err.et deleted file mode 100644 index 07ab9da4b2..0000000000 --- a/src/lib/krb4/kadm_err.et +++ /dev/null @@ -1,58 +0,0 @@ -# kadmin.v4/server/kadm_err.et -# -# Copyright 1988 by the Massachusetts Institute of Technology. -# -# For copying and distribution information, please see the file -# . -# -# Kerberos administration server error table -# - et kadm - -# KADM_SUCCESS, as all success codes should be, is zero - -ec KADM_RCSID, "$Header$" -# /* Building and unbuilding the packet errors */ -ec KADM_NO_REALM, "Cannot fetch local realm" -ec KADM_NO_CRED, "Unable to fetch credentials" -ec KADM_BAD_KEY, "Bad key supplied" -ec KADM_NO_ENCRYPT, "Can't encrypt data" -ec KADM_NO_AUTH, "Cannot encode/decode authentication info" -ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" -ec KADM_NO_ROOM, "Packet is too large" -ec KADM_BAD_VER, "Version number is incorrect" -ec KADM_BAD_CHK, "Checksum does not match" -ec KADM_NO_READ, "Unsealing private data failed" -ec KADM_NO_OPCODE, "Unsupported operation" -ec KADM_NO_HOST, "Could not find administrating host" -ec KADM_UNK_HOST, "Administrating host name is unknown" -ec KADM_NO_SERV, "Could not find service name in services database" -ec KADM_NO_SOCK, "Could not create socket" -ec KADM_NO_CONN, "Could not connect to server" -ec KADM_NO_HERE, "Could not fetch local socket address" -ec KADM_NO_MAST, "Could not fetch master key" -ec KADM_NO_VERI, "Could not verify master key" - -# /* From the server side routines */ -ec KADM_INUSE, "Entry already exists in database" -ec KADM_UK_SERROR, "Database store error" -ec KADM_UK_RERROR, "Database read error" -ec KADM_UNAUTH, "Insufficient access to perform requested operation" -# KADM_DATA isn't really an error, but... -ec KADM_DATA, "Data is available for return to client" -ec KADM_NOENTRY, "No such entry in the database" - -ec KADM_NOMEM, "Memory exhausted" -ec KADM_NO_HOSTNAME, "Could not fetch system hostname" -ec KADM_NO_BIND, "Could not bind port" -ec KADM_LENGTH_ERROR, "Length mismatch problem" -ec KADM_ILL_WILDCARD, "Illegal use of wildcard" - -ec KADM_DB_INUSE, "Database locked or in use" - -ec KADM_INSECURE_PW, "Insecure password rejected" -ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match" - -ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request" -ec KADM_REALM_TOO_LONG, "Realm name too long" -end diff --git a/src/lib/krb4/kadm_net.c b/src/lib/krb4/kadm_net.c deleted file mode 100644 index 89c87cc27e..0000000000 --- a/src/lib/krb4/kadm_net.c +++ /dev/null @@ -1,393 +0,0 @@ -/* - * lib/krb4/kadm_net.c - * - * Copyright 1988, 2002, 2007 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Kerberos administration server client-side network access routines - * These routines do actual network traffic, in a machine dependent manner. - */ - -#include -#include -#include -#include -#include "autoconf.h" -#ifdef HAVE_UNISTD_H -#include -#endif - -#define DEFINE_SOCKADDR /* Ask krb.h for struct sockaddr, etc */ -#include "port-sockets.h" -#include "krb.h" -#include "krbports.h" -#include "kadm.h" -#include "kadm_err.h" -#include "prot.h" - -/* XXX FIXME! */ -#if defined(_WIN32) - #define SIGNAL(s, f) 0 -#else - #define SIGNAL(s, f) signal(s, f) -#endif - -static void clear_secrets(des_cblock sess_key, Key_schedule sess_sched); -/* XXX FIXME! */ -#ifdef SIGPIPE -static krb5_sigtype (*opipe)(); -#endif - -/* - * kadm_init_link - * receives : principal, instance, realm - * - * initializes client parm, the Kadm_Client structure which holds the - * data about the connection between the server and client, the services - * used, the locations and other fun things - */ -int -kadm_init_link(char *principal, char *instance, char *realm, - Kadm_Client *client_parm, int changepw) -{ - struct servent *sep; /* service we will talk to */ - u_short sep_port; - struct hostent *hop; /* host we will talk to */ - char adm_hostname[MAXHOSTNAMELEN]; - char *scol = 0; - - (void) strcpy(client_parm->sname, principal); - (void) strcpy(client_parm->sinst, instance); - (void) strcpy(client_parm->krbrlm, realm); - client_parm->admin_fd = -1; - client_parm->default_port = 1; - - /* - * set up the admin_addr - fetch name of admin or kpasswd host - * (usually the admin host is the kpasswd host unless you have - * some sort of realm on crack) - */ - if (changepw) { -#if 0 /* XXX */ - if (krb_get_kpasswdhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) -#endif - if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) - return KADM_NO_HOST; - } else { - if (krb_get_admhst(adm_hostname, client_parm->krbrlm, 1) != KSUCCESS) - return KADM_NO_HOST; - } - scol = strchr(adm_hostname,':'); - if (scol) *scol = 0; - if ((hop = gethostbyname(adm_hostname)) == NULL) - /* - * couldn't find the admin servers address - */ - return KADM_UNK_HOST; - if (scol) { - sep_port = htons(atoi(scol+1)); - client_parm->default_port = 0; - } else if ((sep = getservbyname(KADM_SNAME, "tcp")) != NULL) - sep_port = sep->s_port; - else - sep_port = htons(KADM_PORT); /* KADM_SNAME = kerberos_master/tcp */ - memset(&client_parm->admin_addr, 0, sizeof(client_parm->admin_addr)); - client_parm->admin_addr.sin_family = hop->h_addrtype; - memcpy(&client_parm->admin_addr.sin_addr, hop->h_addr, hop->h_length); - client_parm->admin_addr.sin_port = sep_port; - - return KADM_SUCCESS; -} - -/* - * kadm_cli_send - * recieves : opcode, packet, packet length, serv_name, serv_inst - * returns : return code from the packet build, the server, or - * something else - * - * It assembles a packet as follows: - * 8 bytes : VERSION STRING - * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE - * : KTEXT - * : OPCODE \ - * : DATA > Encrypted (with make priv) - * : ...... / - * - * If it builds the packet and it is small enough, then it attempts to open the - * connection to the admin server. If the connection is succesfully open - * then it sends the data and waits for a reply. - */ -int -kadm_cli_send(Kadm_Client *client_parm, - u_char *st_dat, /* the actual data */ - size_t st_siz, /* length of said data */ - u_char **ret_dat, /* to give return info */ - size_t *ret_siz) /* length of returned info */ -{ -/* Macros for use in returning data... used in kadm_cli_send */ -#define RET_N_FREE(r) {clear_secrets(sess_key, sess_sched); free((char *)act_st); free((char *)priv_pak); return r;} -#define RET_N_FREE2(r) {free((char *)*ret_dat); *ret_dat = 0; *ret_siz = 0; clear_secrets(sess_key, sess_sched); return(r);} - - int act_len; /* current offset into packet, return */ - KRB_INT32 retdat; /* data */ - KTEXT_ST authent; /* the authenticator we will build */ - u_char *act_st; /* the pointer to the complete packet */ - u_char *priv_pak; /* private version of the packet */ - long priv_len; /* length of private packet */ - u_long cksum; /* checksum of the packet */ - MSG_DAT mdat; - u_char *return_dat; - u_char *p; - KRB_UINT32 uretdat; - - /* Keys for use in the transactions */ - des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ - Key_schedule sess_sched; - - act_st = malloc(KADM_VERSIZE); /* verstr stored first */ - strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); - act_len = KADM_VERSIZE; - - if ((retdat = kadm_cli_keyd(client_parm, sess_key, sess_sched)) != KADM_SUCCESS) { - free(act_st); - return retdat; /* couldnt get key working */ - } - priv_pak = malloc(st_siz + 200); - /* 200 bytes for extra info case */ - /* XXX Check mk_priv return type */ - if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_long)st_siz, - sess_sched, (C_Block *)sess_key, - &client_parm->my_addr, - &client_parm->admin_addr)) < 0) - RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose here */ - /* - * here is the length of priv data. receiver calcs size of - * authenticator by subtracting vno size, priv size, and - * sizeof(u_long) (for the size indication) from total size - */ - act_len += vts_long((KRB_UINT32)priv_len, &act_st, (int)act_len); -#ifdef NOENCRYPTION - cksum = 0; -#else - cksum = quad_cksum(priv_pak, NULL, priv_len, 0, &sess_key); -#endif - /* XXX cast unsigned->signed */ - if ((retdat = krb_mk_req_creds(&authent, &client_parm->creds, (long)cksum)) != 0) { - /* authenticator? */ - RET_N_FREE(retdat); - } - - act_st = realloc(act_st, (unsigned) (act_len + authent.length - + priv_len)); - if (!act_st) { - clear_secrets(sess_key, sess_sched); - free(priv_pak); - return KADM_NOMEM; - } - memcpy(act_st + act_len, authent.dat, authent.length); - memcpy(act_st + act_len + authent.length, priv_pak, priv_len); - free(priv_pak); - if ((retdat = kadm_cli_out(client_parm, act_st, - act_len + authent.length + priv_len, - ret_dat, ret_siz)) != KADM_SUCCESS) - RET_N_FREE(retdat); - free(act_st); - - /* first see if it's a YOULOSE */ - if ((*ret_siz >= KADM_VERSIZE) && - !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) - { - /* it's a youlose packet */ - if (*ret_siz < KADM_VERSIZE + 4) - RET_N_FREE2(KADM_BAD_VER); - p = *ret_dat + KADM_VERSIZE; - KRB4_GET32BE(uretdat, p); - /* XXX unsigned->signed */ - retdat = (KRB_INT32)uretdat; - RET_N_FREE2(retdat); - } - /* need to decode the ret_dat */ - if ((retdat = krb_rd_priv(*ret_dat, (u_long)*ret_siz, sess_sched, - (C_Block *)sess_key, &client_parm->admin_addr, - &client_parm->my_addr, &mdat)) != 0) - RET_N_FREE2(retdat); - if (mdat.app_length < KADM_VERSIZE + 4) - /* too short! */ - RET_N_FREE2(KADM_BAD_VER); - if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) - /* bad version */ - RET_N_FREE2(KADM_BAD_VER); - p = mdat.app_data + KADM_VERSIZE; - KRB4_GET32BE(uretdat, p); - /* XXX unsigned->signed */ - retdat = (KRB_INT32)uretdat; - if ((mdat.app_length - KADM_VERSIZE - 4) != 0) { - if (!(return_dat = - malloc((unsigned)(mdat.app_length - KADM_VERSIZE - 4)))) - RET_N_FREE2(KADM_NOMEM); - memcpy(return_dat, p, mdat.app_length - KADM_VERSIZE - 4); - } else { - /* If it's zero length, still need to malloc a 1 byte string; */ - /* malloc's of zero will return NULL on AIX & A/UX */ - if (!(return_dat = malloc((unsigned) 1))) - RET_N_FREE2(KADM_NOMEM); - *return_dat = '\0'; - } - free(*ret_dat); - clear_secrets(sess_key, sess_sched); - *ret_dat = return_dat; - *ret_siz = mdat.app_length - KADM_VERSIZE - 4; - return retdat; -} - -int kadm_cli_conn(Kadm_Client *client_parm) -{ /* this connects and sets my_addr */ -#if 0 - int on = 1; -#endif - if ((client_parm->admin_fd = - socket(client_parm->admin_addr.sin_family, SOCK_STREAM,0)) < 0) - return KADM_NO_SOCK; /* couldnt create the socket */ - set_cloexec_fd(client_parm->admin_fd); - if (SOCKET_CONNECT(client_parm->admin_fd, - (struct sockaddr *) & client_parm->admin_addr, - sizeof(client_parm->admin_addr))) { - (void) SOCKET_CLOSE(client_parm->admin_fd); - client_parm->admin_fd = -1; - - /* The V4 kadmind port number is 751. The RFC assigned - number, for V5, is 749. Sometimes the entry in - /etc/services on a client machine will say 749, but the - server may be listening on port 751. We try to partially - cope by automatically falling back to try port 751 if we - don't get a reply on port we are using. */ - if (client_parm->admin_addr.sin_port != htons(KADM_PORT) - && client_parm->default_port) { - client_parm->admin_addr.sin_port = htons(KADM_PORT); - return kadm_cli_conn(client_parm); - } - - return KADM_NO_CONN; /* couldnt get the connect */ - } -#ifdef SIGPIPE - opipe = SIGNAL(SIGPIPE, SIG_IGN); -#endif - client_parm->my_addr_len = sizeof(client_parm->my_addr); - if (SOCKET_GETSOCKNAME(client_parm->admin_fd, - (struct sockaddr *) & client_parm->my_addr, - &client_parm->my_addr_len) < 0) { - (void) SOCKET_CLOSE(client_parm->admin_fd); - client_parm->admin_fd = -1; -#ifdef SIGPIPE - (void) SIGNAL(SIGPIPE, opipe); -#endif - return KADM_NO_HERE; /* couldnt find out who we are */ - } -#if 0 - if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on, - sizeof(on)) < 0) { - (void) closesocket(client_parm.admin_fd); - client_parm.admin_fd = -1; -#ifdef SIGPIPE - (void) SIGNAL(SIGPIPE, opipe); -#endif - return KADM_NO_CONN; /* XXX */ - } -#endif - return KADM_SUCCESS; -} - -void kadm_cli_disconn(Kadm_Client *client_parm) -{ - (void) SOCKET_CLOSE(client_parm->admin_fd); -#ifdef SIGPIPE - (void) SIGNAL(SIGPIPE, opipe); -#endif - return; -} - -int kadm_cli_out(Kadm_Client *client_parm, u_char *dat, int dat_len, - u_char **ret_dat, size_t *ret_siz) -{ - u_short dlen; - int retval; - unsigned char buf[2], *p; - - dlen = (u_short)dat_len; - if (dlen > 0x7fff) /* XXX krb_net_write signedness */ - return KADM_NO_ROOM; - - p = buf; - KRB4_PUT16BE(p, dlen); - if (krb_net_write(client_parm->admin_fd, (char *)buf, 2) < 0) - return SOCKET_ERRNO; /* XXX */ - - if (krb_net_write(client_parm->admin_fd, (char *)dat, (int)dat_len) < 0) - return SOCKET_ERRNO; /* XXX */ - - retval = krb_net_read(client_parm->admin_fd, (char *)buf, 2); - if (retval != 2) { - if (retval < 0) - return SOCKET_ERRNO; /* XXX */ - else - return EPIPE; /* short read ! */ - } - - p = buf; - KRB4_GET16BE(dlen, p); - if (dlen > INT_MAX) /* XXX krb_net_read signedness */ - return KADM_NO_ROOM; - *ret_dat = malloc(dlen); - if (!*ret_dat) - return KADM_NOMEM; - - retval = krb_net_read(client_parm->admin_fd, (char *)*ret_dat, (int)dlen); - if (retval != dlen) { - if (retval < 0) - return SOCKET_ERRNO; /* XXX */ - else - return EPIPE; /* short read ! */ - } - *ret_siz = dlen; - return KADM_SUCCESS; -} - -static void -clear_secrets(des_cblock sess_key, Key_schedule sess_sched) -{ - memset(sess_key, 0, sizeof(sess_key)); - memset(sess_sched, 0, sizeof(sess_sched)); - return; -} - -/* takes in the sess_key and key_schedule and sets them appropriately */ -int kadm_cli_keyd(Kadm_Client *client_parm, - des_cblock s_k, des_key_schedule s_s) -{ - int stat; - - memcpy(s_k, client_parm->creds.session, sizeof(des_cblock)); - stat = key_sched(s_k, s_s); - if (stat) - return stat; - return KADM_SUCCESS; -} /* This code "works" */ diff --git a/src/lib/krb4/kadm_stream.c b/src/lib/krb4/kadm_stream.c deleted file mode 100644 index dc9fef1107..0000000000 --- a/src/lib/krb4/kadm_stream.c +++ /dev/null @@ -1,325 +0,0 @@ -/* - * kadm_stream.c - * - * Copyright 1988, 2002 by the Massachusetts Institute of Technology. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Stream conversion functions for Kerberos administration server - */ - -/* - kadm_stream.c - this holds the stream support routines for the kerberos administration server - - vals_to_stream: converts a vals struct to a stream for transmission - internals build_field_header, vts_[string, char, long, short] - stream_to_vals: converts a stream to a vals struct - internals check_field_header, stv_[string, char, long, short] - error: prints out a kadm error message, returns - fatal: prints out a kadm fatal error message, exits -*/ - -#include -#include - -#include "kadm.h" -#include "kadm_err.h" -#include "prot.h" - -#define min(a,b) (((a) < (b)) ? (a) : (b)) - -/* -vals_to_stream - recieves : kadm_vals *, u_char * - returns : a realloced and filled in u_char * - -this function creates a byte-stream representation of the kadm_vals structure -*/ -int -vals_to_stream(Kadm_vals *dt_in, u_char **dt_out) -{ - int vsloop, stsize; /* loop counter, stream size */ - - stsize = build_field_header(dt_in->fields, dt_out); - for (vsloop = 31; vsloop >= 0; vsloop--) - if (IS_FIELD(vsloop, dt_in->fields)) { - switch (vsloop) { - case KADM_NAME: - stsize += vts_string(dt_in->name, dt_out, stsize); - break; - case KADM_INST: - stsize += vts_string(dt_in->instance, dt_out, stsize); - break; - case KADM_EXPDATE: - stsize += vts_long((KRB_UINT32)dt_in->exp_date, - dt_out, stsize); - break; - case KADM_ATTR: - stsize += vts_short(dt_in->attributes, dt_out, stsize); - break; - case KADM_MAXLIFE: - stsize += vts_char(dt_in->max_life, dt_out, stsize); - break; - case KADM_DESKEY: - stsize += vts_long(dt_in->key_high, dt_out, stsize); - stsize += vts_long(dt_in->key_low, dt_out, stsize); - break; - default: - break; - } - } - return stsize; -} - -int -build_field_header( - u_char *cont, /* container for fields data */ - u_char **st) /* stream */ -{ - *st = malloc(4); - if (*st == NULL) - return -1; - memcpy(*st, cont, 4); - return 4; /* return pointer to current stream location */ -} - -int -vts_string(char *dat, u_char **st, int loc) -{ - size_t len; - unsigned char *p; - - if (loc < 0) - return -1; - len = strlen(dat) + 1; - p = realloc(*st, (size_t)loc + len); - if (p == NULL) - return -1; - memcpy(p + loc, dat, len); - *st = p; - return len; -} - -int -vts_short(KRB_UINT32 dat, u_char **st, int loc) -{ - unsigned char *p; - - if (loc < 0) - return -1; - p = realloc(*st, (size_t)loc + 2); - if (p == NULL) - return -1; - - *st = p; /* KRB4_PUT32BE will modify p */ - - p += loc; /* place bytes at the end */ - KRB4_PUT16BE(p, dat); - - return 2; -} - -int -vts_long(KRB_UINT32 dat, u_char **st, int loc) -{ - unsigned char *p; - - if (loc < 0) - return -1; - p = realloc(*st, (size_t)loc + 4); - if (p == NULL) - return -1; - - *st = p; /* KRB4_PUT32BE will modify p */ - - p += loc; /* place bytes at the end */ - KRB4_PUT32BE(p, dat); - - return 4; -} - -int -vts_char(KRB_UINT32 dat, u_char **st, int loc) -{ - unsigned char *p; - - if (loc < 0) - return -1; - p = realloc(*st, (size_t)loc + 1); - if (p == NULL) - return -1; - p[loc] = dat & 0xff; - *st = p; - return 1; -} - -/* -stream_to_vals - recieves : u_char *, kadm_vals * - returns : a kadm_vals filled in according to u_char * - -this decodes a byte stream represntation of a vals struct into kadm_vals -*/ -int -stream_to_vals( - u_char *dt_in, - Kadm_vals *dt_out, - int maxlen) /* max length to use */ -{ - register int vsloop, stsize; /* loop counter, stream size */ - register int status; - - memset(dt_out, 0, sizeof(*dt_out)); - - stsize = check_field_header(dt_in, dt_out->fields, maxlen); - if (stsize < 0) - return -1; - for (vsloop = 31; vsloop >= 0; vsloop--) - if (IS_FIELD(vsloop, dt_out->fields)) - switch (vsloop) { - case KADM_NAME: - status = stv_string(dt_in, dt_out->name, stsize, - sizeof(dt_out->name), maxlen); - if (status < 0) - return -1; - stsize += status; - break; - case KADM_INST: - status = stv_string(dt_in, dt_out->instance, stsize, - sizeof(dt_out->instance), maxlen); - if (status < 0) - return -1; - stsize += status; - break; - case KADM_EXPDATE: - { - KRB_UINT32 exp_date; - - status = stv_long(dt_in, &exp_date, stsize, maxlen); - if (status < 0) - return -1; - dt_out->exp_date = exp_date; - stsize += status; - } - break; - case KADM_ATTR: - status = stv_short(dt_in, &dt_out->attributes, stsize, - maxlen); - if (status < 0) - return -1; - stsize += status; - break; - case KADM_MAXLIFE: - status = stv_char(dt_in, &dt_out->max_life, stsize, - maxlen); - if (status < 0) - return -1; - stsize += status; - break; - case KADM_DESKEY: - status = stv_long(dt_in, &dt_out->key_high, stsize, - maxlen); - if (status < 0) - return -1; - stsize += status; - status = stv_long(dt_in, &dt_out->key_low, stsize, - maxlen); - if (status < 0) - return -1; - stsize += status; - break; - default: - break; - } - return stsize; -} - -int -check_field_header( - u_char *st, /* stream */ - u_char *cont, /* container for fields data */ - int maxlen) -{ - if (4 > maxlen) - return -1; - memcpy(cont, st, 4); - return 4; /* return pointer to current stream location */ -} - -int -stv_string( - register u_char *st, /* base pointer to the stream */ - char *dat, /* a string to read from the stream */ - register int loc, /* offset into the stream for current data */ - int stlen, /* max length of string to copy in */ - int maxlen) /* max length of input stream */ -{ - int maxcount; /* max count of chars to copy */ - - if (loc < 0) - return -1; - maxcount = min(maxlen - loc, stlen); - if (maxcount <= 0) /* No strings left in the input stream */ - return -1; - - (void) strncpy(dat, (char *)st + loc, (size_t)maxcount); - - if (dat[maxcount - 1]) /* not null-term --> not enuf room */ - return -1; - return strlen(dat) + 1; -} - -int -stv_short(u_char *st, u_short *dat, int loc, int maxlen) -{ - u_short temp; - unsigned char *p; - - if (loc < 0 || loc + 2 > maxlen) - return -1; - p = st + loc; - KRB4_GET16BE(temp, p); - *dat = temp; - return 2; -} - -int -stv_long(u_char *st, KRB_UINT32 *dat, int loc, int maxlen) -{ - KRB_UINT32 temp; - unsigned char *p; - - if (loc < 0 || loc + 4 > maxlen) - return -1; - p = st + loc; - KRB4_GET32BE(temp, p); - *dat = temp; - return 4; -} - -int -stv_char(u_char *st, u_char *dat, int loc, int maxlen) -{ - if (loc < 0 || loc + 1 > maxlen) - return -1; - *dat = *(st + loc); - return 1; -} diff --git a/src/lib/krb4/klog.c b/src/lib/krb4/klog.c deleted file mode 100644 index b1cfa93b40..0000000000 --- a/src/lib/krb4/klog.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * lib/krb4/klog.c - * - * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "autoconf.h" -#ifdef HAVE_TIME_H -#include -#endif -#if !defined(VMS) && !defined(_WIN32) -#include -#endif -#include - -#include "krb4int.h" -#include -#include "k5-platform.h" - -static char *log_name = KRBLOG; -static char logtxt[1000]; - -/* - * This file contains two logging routines: kset_logfile() - * to determine the file to which log entries should be written; - * and klog() to write log entries to the file. - */ - -/* - * klog() is used to add entries to the logfile (see kset_logfile() - * below). Note that it is probably not portable since it makes - * assumptions about what the compiler will do when it is called - * with less than the correct number of arguments which is the - * way it is usually called. - * - * The log entry consists of a timestamp and the given arguments - * printed according to the given "format" string. - * - * The log file is opened and closed for each log entry. - * - * If the given log type "type" is unknown, or if the log file - * cannot be opened, no entry is made to the log file. - * - * The return value is always a pointer to the formatted log - * text string "logtxt". - */ - -char * klog(type,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0) - int type; - char *format; - char *a1,*a2,*a3,*a4,*a5,*a6,*a7,*a8,*a9,*a0; -{ - FILE *logfile; - time_t now; - struct tm *tm; - static int logtype_array[NLOGTYPE]; - static int array_initialized; - - if (!(array_initialized++)) { - logtype_array[L_NET_ERR] = 1; - logtype_array[L_KRB_PERR] = 1; - logtype_array[L_KRB_PWARN] = 1; - logtype_array[L_APPL_REQ] = 1; - logtype_array[L_INI_REQ] = 1; - logtype_array[L_DEATH_REQ] = 1; - logtype_array[L_NTGT_INTK] = 1; - logtype_array[L_ERR_SEXP] = 1; - logtype_array[L_ERR_MKV] = 1; - logtype_array[L_ERR_NKY] = 1; - logtype_array[L_ERR_NUN] = 1; - logtype_array[L_ERR_UNK] = 1; - } - - (void) snprintf(logtxt,sizeof(logtxt),format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0); - - if (!logtype_array[type]) - return(logtxt); - - if ((logfile = fopen(log_name,"a")) == NULL) - return(logtxt); - set_cloexec_file(logfile); - - (void) time(&now); - tm = localtime(&now); - - fprintf(logfile,"%2d-%s-%d %02d:%02d:%02d ",tm->tm_mday, - month_sname(tm->tm_mon + 1),1900+tm->tm_year, - tm->tm_hour, tm->tm_min, tm->tm_sec); - fprintf(logfile,"%s\n",logtxt); - (void) fclose(logfile); - return(logtxt); -} - -/* - * kset_logfile() changes the name of the file to which - * messages are logged. If kset_logfile() is not called, - * the logfile defaults to KRBLOG, defined in "krb.h". - */ - -void -kset_logfile(filename) - char *filename; -{ - log_name = filename; -} diff --git a/src/lib/krb4/kname_parse.c b/src/lib/krb4/kname_parse.c deleted file mode 100644 index db3a1cf0ba..0000000000 --- a/src/lib/krb4/kname_parse.c +++ /dev/null @@ -1,411 +0,0 @@ -/* - * lib/krb4/kname_parse.c - * - * Copyright 1987, 1988, 2001 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include -#include "krb.h" -#include - -static int k_isname_unparsed(const char *s); -static int k_isinst_unparsed(const char *s); -static int k_isrealm_unparsed(const char *s); - -/* - * max size of full name - * - * XXX This does not account for backslach quoting, and besides we - * might want to use MAX_K_NAME_SZ. - */ -#define FULL_SZ (ANAME_SZ + INST_SZ + REALM_SZ) - -#define NAME 0 /* which field are we in? */ -#define INST 1 -#define REALM 2 - -/* - * This file contains four routines for handling Kerberos names. - * - * kname_parse() breaks a Kerberos name into its name, instance, - * and realm components. - * - * k_isname(), k_isinst(), and k_isrealm() check a given string to see if - * it's a syntactically legitimate respective part of a Kerberos name, - * returning 1 if it is, 0 if it isn't. - * - * Definition of "syntactically legitimate" names is according to - * the Project Athena Technical Plan Section E.2.1, page 7 "Specifying - * names", version dated 21 Dec 1987. - */ - -/* - * kname_parse() takes a Kerberos name "fullname" of the form: - * - * username[.instance][@realm] - * - * and returns the three components ("name", "instance", and "realm" - * in the example above) in the given arguments "np", "ip", and "rp". - * - * If successful, it returns KSUCCESS. If there was an error, - * KNAME_FMT is returned. - * - * For proper operation, this routine requires that the ip, np, and rp - * arguments be initialized, either to null strings, or to default values - * of name, instance, and realm. FIXME-gnu: Does anyone use it this way? - */ - -int KRB5_CALLCONV -kname_parse(np, ip, rp, fullname) - char *np; - char *ip; - char *rp; - char *fullname; -{ - char buf[FULL_SZ]; - char *rnext, *wnext; /* next char to read, write */ - register char c; - int backslash; - int field; - - backslash = 0; - rnext = buf; - wnext = np; - field = NAME; - - if (strlen(fullname) > FULL_SZ) - return KNAME_FMT; - (void) strcpy(buf, fullname); - - while ((c = *rnext++)) { - if (backslash) { - *wnext++ = c; - backslash = 0; - continue; - } - switch (c) { - case '\\': - backslash++; - break; - case '.': - switch (field) { - case NAME: - if (wnext == np) - return KNAME_FMT; - *wnext = '\0'; - field = INST; - wnext = ip; - break; - case INST: /* We now allow period in instance */ - case REALM: - *wnext++ = c; - break; - default: - DEB (("unknown field value\n")); - return KNAME_FMT; - } - break; - case '@': - switch (field) { - case NAME: - if (wnext == np) - return KNAME_FMT; - *ip = '\0'; - /* fall through */ - case INST: - *wnext = '\0'; - field = REALM; - wnext = rp; - break; - case REALM: - return KNAME_FMT; - default: - DEB (("unknown field value\n")); - return KNAME_FMT; - } - break; - default: - *wnext++ = c; - } - /* - * Paranoia: check length each time through to ensure that we - * don't overwrite things. - */ - switch (field) { - case NAME: - if (wnext - np >= ANAME_SZ) - return KNAME_FMT; - break; - case INST: - if (wnext - ip >= INST_SZ) - return KNAME_FMT; - break; - case REALM: - if (wnext - rp >= REALM_SZ) - return KNAME_FMT; - break; - default: - DEB (("unknown field value\n")); - return KNAME_FMT; - } - } - *wnext = '\0'; - return KSUCCESS; -} - -/* - * k_isname() returns 1 if the given name is a syntactically legitimate - * Kerberos name; returns 0 if it's not. - */ - -int KRB5_CALLCONV -k_isname(s) - char *s; -{ - register char c; - int backslash = 0; - - if (!*s) - return 0; - if (strlen(s) > ANAME_SZ - 1) - return 0; - while((c = *s++)) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '.': - return 0; - /* break; */ - case '@': - return 0; - /* break; */ - } - } - return 1; -} - - -/* - * k_isinst() returns 1 if the given name is a syntactically legitimate - * Kerberos instance; returns 0 if it's not. - * - * We now allow periods in instance names -- they are unambiguous. - */ - -int KRB5_CALLCONV -k_isinst(s) - char *s; -{ - register char c; - int backslash = 0; - - if (strlen(s) > INST_SZ - 1) - return 0; - while((c = *s++)) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '@': - return 0; - /* break; */ - } - } - return 1; -} - -/* - * k_isrealm() returns 1 if the given name is a syntactically legitimate - * Kerberos realm; returns 0 if it's not. - */ - -int KRB5_CALLCONV -k_isrealm(s) - char *s; -{ - register char c; - int backslash = 0; - - if (!*s) - return 0; - if (strlen(s) > REALM_SZ - 1) - return 0; - while((c = *s++)) { - if (backslash) { - backslash = 0; - continue; - } - switch(c) { - case '\\': - backslash = 1; - break; - case '@': - return 0; - /* break; */ - } - } - return 1; -} - -int KRB5_CALLCONV -kname_unparse( - char *outFullName, - const char *inName, - const char *inInstance, - const char *inRealm) -{ - const char *read; - char *write = outFullName; - - if (inName == NULL) - return KFAILURE; - - if (outFullName == NULL) - return KFAILURE; - - if (!k_isname_unparsed(inName) || - ((inInstance != NULL) && !k_isinst_unparsed(inInstance)) || - ((inRealm != NULL) && !k_isrealm_unparsed(inRealm))) { - - return KFAILURE; - } - - for (read = inName; *read != '\0'; read++, write++) { - if ((*read == '.') || (*read == '@')) { - *write = '\\'; - write++; - } - *write = *read; - } - - if ((inInstance != NULL) && (inInstance[0] != '\0')) { - *write = '.'; - write++; - for (read = inInstance; *read != '\0'; read++, write++) { - if (*read == '@') { - *write = '\\'; - write++; - } - *write = *read; - } - } - - if ((inRealm != NULL) && (inRealm[0] != '\0')) { - *write = '@'; - write++; - for (read = inRealm; *read != '\0'; read++, write++) { - if (*read == '@') { - *write = '\\'; - write++; - } - *write = *read; - } - } - - *write = '\0'; - return KSUCCESS; -} - -/* - * k_isname, k_isrealm, k_isinst expect an unparsed realm -- i.e., one where all - * components have special characters escaped with \. However, - * for kname_unparse, we need to be able to sanity-check components without \. - * That's what k_is*_unparsed are for. - */ - -static int -k_isname_unparsed(const char *s) -{ - int len = strlen(s); - const char* c; - /* Has to be non-empty and has to fit in ANAME_SZ when escaped with \ */ - - if (!*s) - return 0; - - for (c = s; *c != '\0'; c++) { - switch (*c) { - case '.': - case '@': - len++; - break; - } - } - - if (len > ANAME_SZ - 1) - return 0; - return 1; -} - -static int -k_isinst_unparsed(const char *s) -{ - int len = strlen(s); - const char* c; - /* Has to fit in INST_SZ when escaped with \ */ - - for (c = s; *c != '\0'; c++) { - switch (*c) { - case '.': - case '@': - len++; - break; - } - } - - if (len > INST_SZ - 1) - return 0; - return 1; -} - -static int -k_isrealm_unparsed(const char *s) -{ - int len = strlen(s); - const char* c; - /* Has to be non-empty and has to fit in REALM_SZ when escaped with \ */ - - if (!*s) - return 0; - - for (c = s; *c != '\0'; c++) { - switch (*c) { - case '@': - len++; - break; - } - } - - if (len > REALM_SZ - 1) - return 0; - return 1; -} diff --git a/src/lib/krb4/kntoln.c b/src/lib/krb4/kntoln.c deleted file mode 100644 index ca48381b97..0000000000 --- a/src/lib/krb4/kntoln.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * kntoln.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" -#include - -/* - * krb_kntoln converts an auth name into a local name by looking up - * the auth name in the /etc/aname file. The format of the aname - * file is: - * - * +-----+-----+-----+-----+------+----------+-------+-------+ - * | anl | inl | rll | lnl | name | instance | realm | lname | - * +-----+-----+-----+-----+------+----------+-------+-------+ - * | 1by | 1by | 1by | 1by | name | instance | realm | lname | - * +-----+-----+-----+-----+------+----------+-------+-------+ - * - * If the /etc/aname file can not be opened it will set the - * local name to the auth name. Thus, in this case it performs as - * the identity function. - * - * The name instance and realm are passed to krb_kntoln through - * the AUTH_DAT structure (ad). - * - * Now here's what it *really* does: - * - * Given a Kerberos name in an AUTH_DAT structure, check that the - * instance is null, and that the realm is the same as the local - * realm, and return the principal's name in "lname". Return - * KSUCCESS if all goes well, otherwise KFAILURE. - */ - -/* The definition of MAX_USERNAME here MUST agree with kuserok.c, or bad - * things will happen. */ -#define MAX_USERNAME 10 - -int -krb_kntoln(ad,lname) - AUTH_DAT *ad; - char *lname; -{ - static char lrealm[REALM_SZ]; - - if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) - return(KFAILURE); - - if (strcmp(ad->pinst,"")) - return(KFAILURE); - if (strcmp(ad->prealm,lrealm)) - return(KFAILURE); - (void) strncpy(lname,ad->pname,MAX_USERNAME-1); - lname[MAX_USERNAME - 1] = '\0'; - return(KSUCCESS); -} diff --git a/src/lib/krb4/krb4int.h b/src/lib/krb4/krb4int.h deleted file mode 100644 index 51b1138c98..0000000000 --- a/src/lib/krb4/krb4int.h +++ /dev/null @@ -1,129 +0,0 @@ -/* - * lib/krb4/krb4int.h - * - * Copyright 2001-2002, 2007 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * A series of private prototypes that we are not exporting but should - * be available for self consistancy in the library. - */ - -#include "port-sockets.h" - -/* ad_print.c */ -void ad_print(AUTH_DAT *x); - -/* fgetst.c */ -int fgetst(FILE *, char *, int); - -/* getst.c */ -int getst(int, char *, int); - -/* g_cnffile.c */ -FILE *krb__get_realmsfile(void); - -FILE *krb__get_cnffile(void); - -/* g_svc_in_tkt.c */ -int krb_svc_init(char *, char *, char *, int, char *, char *); -int krb_svc_init_preauth(char *, char *, char *, int, char *, char *); - -int krb_get_svc_in_tkt_preauth(char *, char *, char *, char *, char *, int, char *); - -/* gethostname.c */ -int k_gethostname(char *, int); - -/* g_in_tkt.c */ -int krb_get_in_tkt_preauth_creds(char *, char *, char *, - char *, char *, int, - key_proc_type, decrypt_tkt_type, - char *, char *, int, CREDENTIALS *, KRB_UINT32 *); - -/* klog.c */ -void kset_logfile(char *); - -/* log.c */ -void krb_log(const char *, ...) -#if !defined(__cplusplus) && (__GNUC__ > 2) - __attribute__((__format__(__printf__, 1, 2))) -#endif - ; - -void krb_set_logfile(char *); - -/* month_sname.c */ -const char * month_sname(int); - -/* password_to_key.c */ -key_proc_type *krb_get_keyprocs (key_proc_type keyproc); -int KRB5_CALLCONV mit_passwd_to_key(char *user, char *instance, char *realm, - char *passwd, C_Block key); -int KRB5_CALLCONV krb5_passwd_to_key(char *user, char *instance, char *realm, - char *passwd, C_Block key); -int KRB5_CALLCONV afs_passwd_to_key(char *user, char *instance, char *realm, - char *passwd, C_Block key); - -/* rd_preauth.c */ -#ifdef KRB_DB_DEFS -int krb_rd_preauth(KTEXT, char *, int, Principal *, des_cblock); -#endif - -/* sendauth.c */ -int krb_net_rd_sendauth(int, KTEXT, KRB4_32 *); - -/* stime.c */ -char *krb_stime(long *); - -/* tf_util.c */ -int tf_save_cred(char *, char *, char *, C_Block, int , int, KTEXT, KRB4_32); - - -/* unix_glue.c */ -int krb_start_session(char *); - -int krb_end_session(char *); - -#ifndef _WIN32 -/* For windows users, these are defined in krb.h */ -char *krb_get_default_user (void); - -int krb_set_default_user (char *); -#endif - -/* RealmConfig-glue.c */ -int krb_get_kpasswdhst(char *, char *, int); - -/* err_txt.c */ -void krb4int_et_init(void); -void krb4int_et_fini(void); - -int krb4int_save_credentials_addr( - char *, char *, char *, C_Block, int, int, KTEXT, KRB4_32, KRB_UINT32); - -int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *, - struct sockaddr *, socklen_t *); - -/* - * Exported by libdes425 and called by krb_get_in_pw_tkt, but not part of - * the standard DES interface and therefore not prototyped in des.h. - */ -int KRB5_CALLCONV des_read_pw_string(char *, int, char *, int); diff --git a/src/lib/krb4/krb_err.et b/src/lib/krb4/krb_err.et deleted file mode 100644 index c4f225d6c9..0000000000 --- a/src/lib/krb4/krb_err.et +++ /dev/null @@ -1,776 +0,0 @@ -# Copyright 1987,1988 Massachusetts Institute of Technology -# -# For copying and distribution information, see the file -# "mit-copyright.h". -# -# - error_table krb - - ec KRBET_KSUCCESS, - "Kerberos successful" - - ec KRBET_KDC_NAME_EXP, - "Kerberos principal expired" - - ec KRBET_KDC_SERVICE_EXP, - "Kerberos service expired" - - ec KRBET_KDC_AUTH_EXP, - "Kerberos auth expired" - - ec KRBET_KDC_PKT_VER, - "Unknown kerberos protocol version" - - ec KRBET_KDC_P_MKEY_VER, - "Incorrect kerberos master key version for principal" - - ec KRBET_KDC_S_MKEY_VER, - "Incorrect kerberos master key version for service" - - ec KRBET_KDC_BYTE_ORDER, - "Bad byte order (kerberos)" - - ec KRBET_KDC_PR_UNKNOWN, - "Kerberos principal unknown" - - ec KRBET_KDC_PR_N_UNIQUE, - "Kerberos principal not unique" - - ec KRBET_KDC_NULL_KEY, - "Kerberos principal has null key" - - ec KRBET_KRB_RES11, - "Reserved error message 11 (kerberos)" - - ec KRBET_KRB_RES12, - "Reserved error message 12 (kerberos)" - - ec KRBET_KRB_RES13, - "Reserved error message 13 (kerberos)" - - ec KRBET_KRB_RES14, - "Reserved error message 14 (kerberos)" - - ec KRBET_KRB_RES15, - "Reserved error message 15 (kerberos)" - - ec KRBET_KRB_RES16, - "Reserved error message 16 (kerberos)" - - ec KRBET_KRB_RES17, - "Reserved error message 17 (kerberos)" - - ec KRBET_KRB_RES18, - "Reserved error message 18 (kerberos)" - - ec KRBET_KRB_RES19, - "Reserved error message 19 (kerberos)" - - ec KRBET_KDC_GEN_ERR, - "Generic error from Kerberos KDC" - - ec KRBET_GC_TKFIL, - "Can't read Kerberos ticket file" - - ec KRBET_GC_NOTKT, - "Can't find Kerberos ticket or TGT" - - ec KRBET_KRB_RES23, - "Reserved error message 23 (krb_get_cred)" - - ec KRBET_KRB_RES24, - "Reserved error message 24 (krb_get_cred)" - - ec KRBET_KRB_RES25, - "Reserved error message 25 (krb_get_cred)" - - ec KRBET_MK_AP_TGTEXP, - "Kerberos TGT Expired" - - ec KRBET_KRB_RES27, - "Reserved error message 27 (krb_mk_req)" - - ec KRBET_KRB_RES28, - "Reserved error message 28 (krb_mk_req)" - - ec KRBET_KRB_RES29, - "Reserved error message 29 (krb_mk_req)" - - ec KRBET_KRB_RES30, - "Reserved error message 30 (krb_mk_req)" - - ec KRBET_RD_AP_UNDEC, - "Can't decode authenticator (krb_rd_req)" - - ec KRBET_RD_AP_EXP, - "Kerberos ticket expired (krb_rd_req)" - - ec KRBET_RD_AP_NYV, - "Kerberos ticket not yet valid (krb_rd_req)" - - ec KRBET_RD_AP_REPEAT, - "Repeated request (krb_rd_req)" - - ec KRBET_RD_AP_NOT_US, - "Kerberos ticket is for wrong server (krb_rd_req)" - - ec KRBET_RD_AP_INCON, - "Kerberos request inconsistent" - - ec KRBET_RD_AP_TIME, - "Time is out of bounds (krb_rd_req)" - - ec KRBET_RD_AP_BADD, - "Incorrect net address (krb_rd_req)" - - ec KRBET_RD_AP_VERSION, - "Kerberos protocol version mismatch (krb_rd_req)" - - ec KRBET_RD_AP_MSG_TYPE, - "Invalid msg type (krb_rd_req)" - - ec KRBET_RD_AP_MODIFIED, - "Message integrity error (krb_rd_req)" - - ec KRBET_RD_AP_ORDER, - "Message out of order (krb_rd_req)" - - ec KRBET_RD_AP_UNAUTHOR, - "Unauthorized request (krb_rd_req)" - - ec KRBET_KRB_RES44, - "Reserved error message 44 (krb_rd_req)" - - ec KRBET_KRB_RES45, - "Reserved error message 45 (krb_rd_req)" - - ec KRBET_KRB_RES46, - "Reserved error message 46 (krb_rd_req)" - - ec KRBET_KRB_RES47, - "Reserved error message 47 (krb_rd_req)" - - ec KRBET_KRB_RES48, - "Reserved error message 48 (krb_rd_req)" - - ec KRBET_KRB_RES49, - "Reserved error message 49 (krb_rd_req)" - - ec KRBET_KRB_RES50, - "Reserved error message 50 (krb_rd_req)" - - ec KRBET_GT_PW_NULL, - "Current password is null (get_pw_tkt)" - - ec KRBET_GT_PW_BADPW, - "Incorrect current password (get_pw_tkt)" - - ec KRBET_GT_PW_PROT, - "Protocol error (get_pw_tkt)" - - ec KRBET_GT_PW_KDCERR, - "Error returned by KDC (get_pw_tkt)" - - ec KRBET_GT_PW_NULLTKT, - "Null Kerberos ticket returned by KDC (get_pw_tkt)" - - ec KRBET_SKDC_RETRY, - "Retry count exceeded (send_to_kdc)" - - ec KRBET_SKDC_CANT, - "Can't send request (send_to_kdc)" - - ec KRBET_KRB_RES58, - "Reserved error message 58 (send_to_kdc)" - - ec KRBET_KRB_RES59, - "Reserved error message 59 (send_to_kdc)" - - ec KRBET_KRB_RES60, - "Reserved error message 60 (send_to_kdc)" - - ec KRBET_INTK_W_NOTALL, - "Kerberos error: not all tickets returned" - - ec KRBET_INTK_BADPW, - "Incorrect password (get_in_tkt)" - - ec KRBET_INTK_PROT, - "Protocol error (get_in_tkt)" - - ec KRBET_KRB_RES64, - "Reserved error message 64 (get_in_tkt)" - - ec KRBET_KRB_RES65, - "Reserved error message 65 (get_in_tkt)" - - ec KRBET_KRB_RES66, - "Reserved error message 66 (get_in_tkt)" - - ec KRBET_KRB_RES67, - "Reserved error message 67 (get_in_tkt)" - - ec KRBET_KRB_RES68, - "Reserved error message 68 (get_in_tkt)" - - ec KRBET_KRB_RES69, - "Reserved error message 69 (get_in_tkt)" - - ec KRBET_INTK_ERR, - "Other error (get_in_tkt)" - - ec KRBET_AD_NOTGT, - "Don't have Kerberos ticket-granting ticket (get_ad_tkt)" - - ec KRBET_KRB_RES72, - "Reserved error message 72 (get_ad_tkt)" - - ec KRBET_KRB_RES73, - "Reserved error message 73 (get_ad_tkt)" - - ec KRBET_KRB_RES74, - "Reserved error message 74 (get_ad_tkt)" - - ec KRBET_KRB_RES75, - "Reserved error message 75 (get_ad_tkt)" - - ec KRBET_NO_TKT_FIL, - "You have no tickets cached" - - ec KRBET_TKT_FIL_ACC, - "Couldn't access ticket file (tf_util)" - - ec KRBET_TKT_FIL_LCK, - "Couldn't lock ticket file (tf_util)" - - ec KRBET_TKT_FIL_FMT, - "Bad ticket file format (tf_util)" - - ec KRBET_TKT_FIL_INI, - "tf_init not called before reading from ticket file (tf_util)" - - ec KRBET_KNAME_FMT, - "Bad Kerberos name format (kname_parse)" - - ec KRBET_RES82, - "Reserved error message 82" - - ec KRBET_RES83, - "Reserved error message 83" - - ec KRBET_RES84, - "Reserved error message 84" - - ec KRBET_RES85, - "Reserved error message 85" - - ec KRBET_RES86, - "Reserved error message 86" - - ec KRBET_RES87, - "Reserved error message 87" - - ec KRBET_RES88, - "Reserved error message 88" - - ec KRBET_RES89, - "Reserved error message 89" - - ec KRBET_RES90, - "Reserved error message 90" - - ec KRBET_RES91, - "Reserved error message 91" - - ec KRBET_RES92, - "Reserved error message 92" - - ec KRBET_RES93, - "Reserved error message 93" - - ec KRBET_RES94, - "Reserved error message 94" - - ec KRBET_RES95, - "Reserved error message 95" - - ec KRBET_RES96, - "Reserved error message 96" - - ec KRBET_RES97, - "Reserved error message 97" - - ec KRBET_RES98, - "Reserved error message 98" - - ec KRBET_RES99, - "Reserved error message 99" - - ec KRBET_RES100, - "Reserved error message 100" - - ec KRBET_RES101, - "Reserved error message 101" - - ec KRBET_RES102, - "Reserved error message 102" - - ec KRBET_RES103, - "Reserved error message 103" - - ec KRBET_RES104, - "Reserved error message 104" - - ec KRBET_RES105, - "Reserved error message 105" - - ec KRBET_RES106, - "Reserved error message 106" - - ec KRBET_RES107, - "Reserved error message 107" - - ec KRBET_RES108, - "Reserved error message 108" - - ec KRBET_RES109, - "Reserved error message 109" - - ec KRBET_RES110, - "Reserved error message 110" - - ec KRBET_RES111, - "Reserved error message 111" - - ec KRBET_RES112, - "Reserved error message 112" - - ec KRBET_RES113, - "Reserved error message 113" - - ec KRBET_RES114, - "Reserved error message 114" - - ec KRBET_RES115, - "Reserved error message 115" - - ec KRBET_RES116, - "Reserved error message 116" - - ec KRBET_RES117, - "Reserved error message 117" - - ec KRBET_RES118, - "Reserved error message 118" - - ec KRBET_RES119, - "Reserved error message 119" - - ec KRBET_RES120, - "Reserved error message 120" - - ec KRBET_RES121, - "Reserved error message 121" - - ec KRBET_RES122, - "Reserved error message 122" - - ec KRBET_RES123, - "Reserved error message 123" - - ec KRBET_RES124, - "Reserved error message 124" - - ec KRBET_RES125, - "Reserved error message 125" - - ec KRBET_RES126, - "Reserved error message 126" - - ec KRBET_RES127, - "Reserved error message 127" - - ec KRBET_RES128, - "Reserved error message 128" - - ec KRBET_RES129, - "Reserved error message 129" - - ec KRBET_RES130, - "Reserved error message 130" - - ec KRBET_RES131, - "Reserved error message 131" - - ec KRBET_RES132, - "Reserved error message 132" - - ec KRBET_RES133, - "Reserved error message 133" - - ec KRBET_RES134, - "Reserved error message 134" - - ec KRBET_RES135, - "Reserved error message 135" - - ec KRBET_RES136, - "Reserved error message 136" - - ec KRBET_RES137, - "Reserved error message 137" - - ec KRBET_RES138, - "Reserved error message 138" - - ec KRBET_RES139, - "Reserved error message 139" - - ec KRBET_RES140, - "Reserved error message 140" - - ec KRBET_RES141, - "Reserved error message 141" - - ec KRBET_RES142, - "Reserved error message 142" - - ec KRBET_RES143, - "Reserved error message 143" - - ec KRBET_RES144, - "Reserved error message 144" - - ec KRBET_RES145, - "Reserved error message 145" - - ec KRBET_RES146, - "Reserved error message 146" - - ec KRBET_RES147, - "Reserved error message 147" - - ec KRBET_RES148, - "Reserved error message 148" - - ec KRBET_RES149, - "Reserved error message 149" - - ec KRBET_RES150, - "Reserved error message 150" - - ec KRBET_RES151, - "Reserved error message 151" - - ec KRBET_RES152, - "Reserved error message 152" - - ec KRBET_RES153, - "Reserved error message 153" - - ec KRBET_RES154, - "Reserved error message 154" - - ec KRBET_RES155, - "Reserved error message 155" - - ec KRBET_RES156, - "Reserved error message 156" - - ec KRBET_RES157, - "Reserved error message 157" - - ec KRBET_RES158, - "Reserved error message 158" - - ec KRBET_RES159, - "Reserved error message 159" - - ec KRBET_RES160, - "Reserved error message 160" - - ec KRBET_RES161, - "Reserved error message 161" - - ec KRBET_RES162, - "Reserved error message 162" - - ec KRBET_RES163, - "Reserved error message 163" - - ec KRBET_RES164, - "Reserved error message 164" - - ec KRBET_RES165, - "Reserved error message 165" - - ec KRBET_RES166, - "Reserved error message 166" - - ec KRBET_RES167, - "Reserved error message 167" - - ec KRBET_RES168, - "Reserved error message 168" - - ec KRBET_RES169, - "Reserved error message 169" - - ec KRBET_RES170, - "Reserved error message 170" - - ec KRBET_RES171, - "Reserved error message 171" - - ec KRBET_RES172, - "Reserved error message 172" - - ec KRBET_RES173, - "Reserved error message 173" - - ec KRBET_RES174, - "Reserved error message 174" - - ec KRBET_RES175, - "Reserved error message 175" - - ec KRBET_RES176, - "Reserved error message 176" - - ec KRBET_RES177, - "Reserved error message 177" - - ec KRBET_RES178, - "Reserved error message 178" - - ec KRBET_RES179, - "Reserved error message 179" - - ec KRBET_RES180, - "Reserved error message 180" - - ec KRBET_RES181, - "Reserved error message 181" - - ec KRBET_RES182, - "Reserved error message 182" - - ec KRBET_RES183, - "Reserved error message 183" - - ec KRBET_RES184, - "Reserved error message 184" - - ec KRBET_RES185, - "Reserved error message 185" - - ec KRBET_RES186, - "Reserved error message 186" - - ec KRBET_RES187, - "Reserved error message 187" - - ec KRBET_RES188, - "Reserved error message 188" - - ec KRBET_RES189, - "Reserved error message 189" - - ec KRBET_RES190, - "Reserved error message 190" - - ec KRBET_RES191, - "Reserved error message 191" - - ec KRBET_RES192, - "Reserved error message 192" - - ec KRBET_RES193, - "Reserved error message 193" - - ec KRBET_RES194, - "Reserved error message 194" - - ec KRBET_RES195, - "Reserved error message 195" - - ec KRBET_RES196, - "Reserved error message 196" - - ec KRBET_RES197, - "Reserved error message 197" - - ec KRBET_RES198, - "Reserved error message 198" - - ec KRBET_RES199, - "Reserved error message 199" - - ec KRBET_RES200, - "Reserved error message 200" - - ec KRBET_RES201, - "Reserved error message 201" - - ec KRBET_RES202, - "Reserved error message 202" - - ec KRBET_RES203, - "Reserved error message 203" - - ec KRBET_RES204, - "Reserved error message 204" - - ec KRBET_RES205, - "Reserved error message 205" - - ec KRBET_RES206, - "Reserved error message 206" - - ec KRBET_RES207, - "Reserved error message 207" - - ec KRBET_RES208, - "Reserved error message 208" - - ec KRBET_RES209, - "Reserved error message 209" - - ec KRBET_RES210, - "Reserved error message 210" - - ec KRBET_RES211, - "Reserved error message 211" - - ec KRBET_RES212, - "Reserved error message 212" - - ec KRBET_RES213, - "Reserved error message 213" - - ec KRBET_RES214, - "Reserved error message 214" - - ec KRBET_RES215, - "Reserved error message 215" - - ec KRBET_RES216, - "Reserved error message 216" - - ec KRBET_RES217, - "Reserved error message 217" - - ec KRBET_RES218, - "Reserved error message 218" - - ec KRBET_RES219, - "Reserved error message 219" - - ec KRBET_RES220, - "Reserved error message 220" - - ec KRBET_RES221, - "Reserved error message 221" - - ec KRBET_RES222, - "Reserved error message 222" - - ec KRBET_RES223, - "Reserved error message 223" - - ec KRBET_RES224, - "Reserved error message 224" - - ec KRBET_RES225, - "Reserved error message 225" - - ec KRBET_RES226, - "Reserved error message 226" - - ec KRBET_RES227, - "Reserved error message 227" - - ec KRBET_RES228, - "Reserved error message 228" - - ec KRBET_RES229, - "Reserved error message 229" - - ec KRBET_RES230, - "Reserved error message 230" - - ec KRBET_RES231, - "Reserved error message 231" - - ec KRBET_RES232, - "Reserved error message 232" - - ec KRBET_RES233, - "Reserved error message 233" - - ec KRBET_RES234, - "Reserved error message 234" - - ec KRBET_RES235, - "Reserved error message 235" - - ec KRBET_RES236, - "Reserved error message 236" - - ec KRBET_RES237, - "Reserved error message 237" - - ec KRBET_RES238, - "Reserved error message 238" - - ec KRBET_RES239, - "Reserved error message 239" - - ec KRBET_RES240, - "Reserved error message 240" - - ec KRBET_RES241, - "Reserved error message 241" - - ec KRBET_RES242, - "Reserved error message 242" - - ec KRBET_RES243, - "Reserved error message 243" - - ec KRBET_RES244, - "Reserved error message 244" - - ec KRBET_RES245, - "Reserved error message 245" - - ec KRBET_RES246, - "Reserved error message 246" - - ec KRBET_RES247, - "Reserved error message 247" - - ec KRBET_RES248, - "Reserved error message 248" - - ec KRBET_RES249, - "Reserved error message 249" - - ec KRBET_RES250, - "Reserved error message 250" - - ec KRBET_RES251, - "Reserved error message 251" - - ec KRBET_RES252, - "Reserved error message 252" - - ec KRBET_RES253, - "Reserved error message 253" - - ec KRBET_RES254, - "Reserved error message 254" - - ec KRBET_KFAILURE, - "Generic kerberos error (kfailure)" - end diff --git a/src/lib/krb4/kuserok.c b/src/lib/krb4/kuserok.c deleted file mode 100644 index 84a8ebde8f..0000000000 --- a/src/lib/krb4/kuserok.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * lib/krb4/kuserok.c - * - * Copyright 1987, 1988, 2007 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * kuserok: check if a kerberos principal has - * access to a local account - */ - -#include "krb.h" - -#if !defined(_WIN32) - -#include -#include -#include -#include -#include -#include -#include "autoconf.h" -#ifdef HAVE_UNISTD_H -#include -#endif -#ifdef __SCO__ -/* just for F_OK for sco */ -#include -#endif -#include "k5-platform.h" - -#ifndef HAVE_SETEUID -#ifdef HAVE_SETRESUID -#define seteuid(e) setresuid(-1,e,-1) -#define setegid(e) setresgid(-1,e,-1) -#endif -#endif - -#define OK 0 -#define NOTOK 1 -#define MAX_USERNAME 10 - -/* - * Given a Kerberos principal "kdata", and a local username "luser", - * determine whether user is authorized to login according to the - * authorization file ("~luser/.klogin" by default). Returns OK - * if authorized, NOTOK if not authorized. - * - * If there is no account for "luser" on the local machine, returns - * NOTOK. If there is no authorization file, and the given Kerberos - * name "kdata" translates to the same name as "luser" (using - * krb_kntoln()), returns OK. Otherwise, if the authorization file - * can't be accessed, returns NOTOK. Otherwise, the file is read for - * a matching principal name, instance, and realm. If one is found, - * returns OK, if none is found, returns NOTOK. - * - * The file entries are in the format: - * - * name.instance@realm - * - * one entry per line. - * - */ - -int KRB5_CALLCONV -kuserok(kdata, luser) - AUTH_DAT *kdata; - char *luser; -{ - struct stat sbuf; - struct passwd *pwd; - char pbuf[MAXPATHLEN]; - int isok = NOTOK, rc; - FILE *fp; - char kuser[MAX_USERNAME]; - char principal[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - char linebuf[BUFSIZ]; - char *newline; - int gobble; - - /* no account => no access */ - if ((pwd = getpwnam(luser)) == NULL) { - return(NOTOK); - } - if (strlen (pwd->pw_dir) + sizeof ("/.klogin") >= sizeof (pbuf)) - return NOTOK; - (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); - pbuf[sizeof(pbuf) - 1] = '\0'; - (void) strncat(pbuf, "/.klogin", sizeof(pbuf) - 1 - strlen(pbuf)); - - if (access(pbuf, F_OK)) { /* not accessible */ - /* - * if he's trying to log in as himself, and there is no .klogin file, - * let him. To find out, call - * krb_kntoln to convert the triple in kdata to a name which we can - * string compare. - */ - if (!krb_kntoln(kdata, kuser) && (strcmp(kuser, luser) == 0)) { - return(OK); - } - } - /* open ~/.klogin */ - if ((fp = fopen(pbuf, "r")) == NULL) { - /* however, root might not have enough access, so temporarily switch - * over to the user's uid, try the access again, and switch back - */ - if(getuid() == 0) { - uid_t old_euid = geteuid(); - if (seteuid(pwd->pw_uid) < 0) - return NOTOK; - fp = fopen(pbuf, "r"); - if (seteuid(old_euid) < 0) - return NOTOK; - if ((fp) == NULL) { - return(NOTOK); - } - } else { - return(NOTOK); - } - } - set_cloexec_file(fp); - /* - * security: if the user does not own his own .klogin file, - * do not grant access - */ - if (fstat(fileno(fp), &sbuf)) { - fclose(fp); - return(NOTOK); - } - /* - * however, allow root to own the .klogin file, to allow creative - * access management schemes. - */ - if (sbuf.st_uid && (sbuf.st_uid != pwd->pw_uid)) { - fclose(fp); - return(NOTOK); - } - - /* check each line */ - while ((isok != OK) && (fgets(linebuf, BUFSIZ, fp) != NULL)) { - /* null-terminate the input string */ - linebuf[BUFSIZ-1] = '\0'; - newline = NULL; - /* nuke the newline if it exists */ - if ((newline = strchr(linebuf, '\n'))) - *newline = '\0'; - - /* Default the fields (default realm is filled in later) */ - principal[0] = '\0'; - inst[0] = '\0'; - realm[0] = '\0'; - rc = kname_parse(principal, inst, realm, linebuf); - if (rc == KSUCCESS) { - if (realm[0] == '\0') { - rc = krb_get_lrealm(realm, 1); - if (rc != KSUCCESS) - goto nextline; - } - isok = (strncmp(kdata->pname, principal, ANAME_SZ) || - strncmp(kdata->pinst, inst, INST_SZ) || - strncmp(kdata->prealm, realm, REALM_SZ)); - } - nextline: - /* clean up the rest of the line if necessary */ - if (!newline) - while (((gobble = getc(fp)) != EOF) && gobble != '\n'); - } - fclose(fp); - return(isok); -} - -#endif diff --git a/src/lib/krb4/libkrb4.exports b/src/lib/krb4/libkrb4.exports deleted file mode 100644 index acb11698b2..0000000000 --- a/src/lib/krb4/libkrb4.exports +++ /dev/null @@ -1,157 +0,0 @@ -__krb_sendauth_hidden_tkt_len -ad_print -afs_passwd_to_key -cr_err_reply -create_auth_reply -create_ciph -decomp_ticket -decomp_tkt_krb5 -dest_tkt -et_kadm_error_table -et_krb_error_table -fgetst -get_ad_tkt -get_pw_tkt -get_service_key -getst -in_tkt -initialize_kadm_error_table -initialize_krb_error_table -k_gethostname -k_isinst -k_isname -k_isrealm -kadm_build_field_header -kadm_check_field_header -kadm_cli_conn -kadm_cli_disconn -kadm_cli_keyd -kadm_cli_out -kadm_cli_send -kadm_init_link -kadm_stream_to_vals -kadm_stv_char -kadm_stv_long -kadm_stv_short -kadm_stv_string -kadm_vals_to_stream -kadm_vts_char -kadm_vts_long -kadm_vts_short -kadm_vts_string -klog -kname_parse -kname_unparse -krb4int_address_less -krb4int_et_fini -krb4int_et_init -krb4int_save_credentials_addr -krb4int_send_to_kdc_addr -krb4int_strnlen -krb4prot_decode_ciph -krb4prot_decode_error -krb4prot_decode_header -krb4prot_decode_kdc_reply -krb4prot_decode_kdc_request -krb4prot_decode_naminstrlm -krb4prot_encode_apreq -krb4prot_encode_authent -krb4prot_encode_ciph -krb4prot_encode_err_reply -krb4prot_encode_kdc_reply -krb4prot_encode_kdc_request -krb4prot_encode_naminstrlm -krb4prot_encode_tkt -krb54_get_service_keyblock -krb5__krb4_context -krb5_passwd_to_key -krb__get_cnffile -krb__get_realmsfile -krb__get_srvtabname -krb_ap_req_debug -krb_change_password -krb_check_auth -krb_clear_key_krb5 -krb_cr_tkt_krb5 -krb_create_ticket -krb_debug -krb_end_session -krb_err_txt -krb_free_preauth -krb_get_admhst -krb_get_cred -krb_get_default_user -krb_get_err_text -krb_get_in_tkt -krb_get_in_tkt_creds -krb_get_in_tkt_preauth -krb_get_in_tkt_preauth_creds -krb_get_keyprocs -krb_get_kpasswdhst -krb_get_krbhst -krb_get_lrealm -krb_get_phost -krb_get_profile -krb_get_pw_in_tkt -krb_get_pw_in_tkt_creds -krb_get_pw_in_tkt_preauth -krb_get_svc_in_tkt -krb_get_svc_in_tkt_preauth -krb_get_tf_fullname -krb_get_tf_realm -krb_get_ticket_for_service -krb_ignore_ip_address -krb_in_tkt -krb_kntoln -krb_life_to_time -krb_log -krb_mk_auth -krb_mk_err -krb_mk_preauth -krb_mk_priv -krb_mk_req -krb_mk_req_creds -krb_mk_safe -krb_net_rd_sendauth -krb_net_read -krb_net_write -krb_rd_err -krb_rd_preauth -krb_rd_priv -krb_rd_req -krb_rd_req_int -krb_rd_safe -krb_realmofhost -krb_recvauth -krb_save_credentials -krb_sendauth -krb_set_default_user -krb_set_key -krb_set_key_krb5 -krb_set_lifetime -krb_set_logfile -krb_set_tkt_string -krb_start_session -krb_stime -krb_svc_init -krb_svc_init_preauth -krb_time_to_life -kset_logfile -kuserok -mit_passwd_to_key -month_sname -pkt_cipher -pkt_clen -private_msg_ver -put_svc_key -read_service_key -send_to_kdc -swap_bytes -tf_close -tf_get_cred -tf_get_pinst -tf_get_pname -tf_init -tf_save_cred -tkt_string -unix_time_gmt_unixsec diff --git a/src/lib/krb4/log.c b/src/lib/krb4/log.c deleted file mode 100644 index 5be69eaf5a..0000000000 --- a/src/lib/krb4/log.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * lib/krb4/log.c - * - * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifdef KRB_CRYPT_DEBUG -/* This file used to contain log() and set_logfile(). If you define - KRB_CRYPT_DEBUG, you'll need to define those to point to krb_log and - krb_set_logfile, or change all the invokers. */ -#endif - -#include "krb.h" -#include "autoconf.h" -#ifdef HAVE_TIME_H -#include -#endif -#if !defined(VMS) && !defined(_WIN32) -#include -#endif -#include -#include - -#include "krb4int.h" -#include -#include "k5-platform.h" - -static char *log_name = KRBLOG; -#if 0 -static is_open; -#endif - -/* - * This file contains three logging routines: set_logfile() - * to determine the file that log entries should be written to; - * and log() and new_log() to write log entries to the file. - */ - -/* - * krb_log() is used to add entries to the logfile (see krb_set_logfile() - * below). Note that it is probably not portable since it makes - * assumptions about what the compiler will do when it is called - * with less than the correct number of arguments which is the - * way it is usually called. - * - * The log entry consists of a timestamp and the given arguments - * printed according to the given "format". - * - * The log file is opened and closed for each log entry. - * - * The return value is undefined. - */ - -void krb_log(const char *format,...) -{ - FILE *logfile; - time_t now; - struct tm *tm; - va_list args; - - va_start(args, format); - - if ((logfile = fopen(log_name,"a")) != NULL) { - set_cloexec_file(logfile); - (void) time(&now); - tm = localtime(&now); - - fprintf(logfile,"%2d-%s-%d %02d:%02d:%02d ",tm->tm_mday, - month_sname(tm->tm_mon + 1),1900+tm->tm_year, - tm->tm_hour, tm->tm_min, tm->tm_sec); - vfprintf(logfile,format,args); - fprintf(logfile,"\n"); - (void) fclose(logfile); - } - va_end(args); - return; -} - -/* - * krb_set_logfile() changes the name of the file to which - * messages are logged. If krb_set_logfile() is not called, - * the logfile defaults to KRBLOG, defined in "krb.h". - */ - -void -krb_set_logfile(filename) - char *filename; -{ - log_name = filename; -#if 0 - is_open = 0; -#endif -} - -#if 0 -/* - * new_log() appends a log entry containing the give time "t" and the - * string "string" to the logfile (see set_logfile() above). The file - * is opened once and left open. The routine returns 1 on failure, 0 - * on success. - */ - -krb_new_log(t,string) - long t; - char *string; -{ - static FILE *logfile; - - struct tm *tm; - - if (!is_open) { - if ((logfile = fopen(log_name,"a")) == NULL) return(1); - set_cloexec_file(logfile); - is_open = 1; - } - - if (t) { - tm = localtime(&t); - - fprintf(logfile,"\n%2d-%s-%d %02d:%02d:%02d %s",tm->tm_mday, - month_sname(tm->tm_mon + 1),1900+tm->tm_year, - tm->tm_hour, tm->tm_min, tm->tm_sec, string); - } - else { - fprintf(logfile,"\n%20s%s","",string); - } - - (void) fflush(logfile); - return(0); -} -#endif diff --git a/src/lib/krb4/mac_glue.c b/src/lib/krb4/mac_glue.c deleted file mode 100644 index 77d11c2ccf..0000000000 --- a/src/lib/krb4/mac_glue.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * mac_glue.c - * - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Macintosh ooperating system interface for Kerberos. - */ - -#include "mit-copyright.h" -#include "krb.h" - -/* Mac Cincludes */ -#include -#include - -/* FIXME! swab should be swapping, but for initial test, don't bother. */ - -void swab(char *from, char *to, int nbytes) {} - -mymemset( void *s, register int c, register size_t n ) -{ - // written because memset doesn't work in think C (ARGGGG!!!!!!) - register char *j = s; - while( n-- ) - *j++ = c; -} - -int INTERFACE -krb_start_session (x) - char *x; -{ - return KSUCCESS; -} - -int INTERFACE -krb_end_session (x) - char *x; -{ - return KSUCCESS; -} - -/* FIXME: These stubs should go away. */ -int read() {return 0;} -int write () {return 0;} -int krb_ignore_ip_address = 0; diff --git a/src/lib/krb4/mac_store.c b/src/lib/krb4/mac_store.c deleted file mode 100644 index 262ba58bd5..0000000000 --- a/src/lib/krb4/mac_store.c +++ /dev/null @@ -1,731 +0,0 @@ -/* - * mac_store.c - * - * Kerberos configuration store - * Originally coded by Tim Miller / Brown University as KRB_Store.c - * Mods 1/92 By Peter Bosanko - * - * Modified May-June 1994 by Julia Menapace and John Gilmore - * of Cygnus Support. - * - * This file incorporates replacements for the Unix files - * g_admhst.c, g_krbhst.c, realmofhost.c, and g_krbrlm.c. - */ - -/* Headers from in_tkt.c, merged in by gnu FIXME */ -#include - -/* Headers from store.c from KClient */ -#include -#include -#include -#include -#include -#include -#include - -#include "krb.h" -#include "mac_store.h" /* includes memcache.h */ -#include "krb_driver.h" - -#define prefname "\pKerberos Client Preferences" -const OSType preftype = 'PREF'; -const OSType prefcrea = 'krbL'; -const OSType unametype = 'UNam'; -const OSType lrealmtype = 'LRlm'; -const OSType templatetype = 'TMPL'; -const OSType realmmaptype = 'RMap'; -const OSType servermaptype = 'SMap'; -#define kNumTemplates 4 -#define kFirstTemplate 128 -#define kMapResNum 1024 - - -/* Lower level routines and data structures */ - - -/* Need to check this in each high-level routine, and call init_store - if not set. */ -static int initialized_store = 0; - -static char fLRealm[REALM_SZ] = ""; -static Handle fRealmMap = 0; -static Handle fServerMap = 0; -static short fPrefVRefNum; -static long fPrefDirID; -OSErr fConstructErr = -1; - -/* Current default user name (for prompts, etc). */ - -static char gUserName[MAX_K_NAME_SZ]; - - -/* Routines for dealing with the realm versus host database */ - -/* - * krb_get_admhst - * - * Given a Kerberos realm, find a host on which the Kerberos database - * administration server can be found. - * - * krb_get_admhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer n, and - * returns (in h) the nth administrative host entry from the configuration - * file (KRB_CONF, defined in "krb.h") associated with the specified realm. - * If ATHENA_CONF_FALLBACK is defined, also look in old location. - * - * On error, get_admhst returns KFAILURE. If all goes well, the routine - * returns KSUCCESS. - * - * For the format of the KRB_CONF file, see comments describing the routine - * krb_get_krbhst(). - * - * This is a temporary hack to allow us to find the nearest system running - * a Kerberos admin server. In the long run, this functionality will be - * provided by a nameserver. (HAH!) - */ -int -krb_get_admhst (h, r, n) - char *h; - char *r; - int n; -{ - if (!initialized_store) - if (init_store()) - return KFAILURE; - if(GetNthServer(n, r, 1, h)) return KFAILURE; - else return KSUCCESS; -} - -/* - * Given a Kerberos realm, find a host on which the Kerberos authenti- - * cation server can be found. - * - * krb_get_krbhst takes a pointer to be filled in, a pointer to the name - * of the realm for which a server is desired, and an integer, n, and - * returns (in h) the nth entry from the configuration information - * associated with the specified realm. - * - * If no info is found, krb_get_krbhst returns KFAILURE. If n=1 and the - * configuration file does not exist, krb_get_krbhst will return KRB_HOST - * (defined in "krb.h"). If all goes well, the routine returnes - * KSUCCESS. - * - * This is a temporary hack to allow us to find the nearest system running - * kerberos. In the long run, this functionality will be provided by a - * nameserver. (AH SO!) - */ -int krb_get_krbhst(h, r, n) - char *h; - char *r; - int n; -{ - if (!initialized_store) - if (init_store()) - return KFAILURE; - if (GetNthServer(n, r, 0, h)) return KFAILURE; - else return KSUCCESS; -} - - -/* - * krb_get_lrealm takes a pointer to a string, and a number, n. It fills - * in the string, r, with the name of the local realm specified in - * the local Kerberos configuration. - * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the - * config info does not exist, and if n=1, a successful return will occur - * with r = KRB_REALM (also defined in "krb.h"). [FIXME -- not implem.] - * - * NOTE: for archaic & compatibility reasons, this routine will only return - * valid results when n = 1. - */ - -int krb_get_lrealm(char *r, int n) -{ - if (!initialized_store) - if (init_store()) - return KFAILURE; - if (n != 1) - return KFAILURE; - if (GetLocalRealm(r)) - return KFAILURE; - return KSUCCESS; -} - - -/* - * krb_realmofhost. - * Given a fully-qualified domain-style primary host name, - * return the name of the Kerberos realm for the host. - * If the hostname contains no discernable domain, or an error occurs, - * return the local realm name, as supplied by get_krbrlm(). - * If the hostname contains a domain, but no translation is found, - * the hostname's domain is converted to upper-case and returned. - * - * In the database, - * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) - * host names should be in the usual form (e.g. FOO.BAR.BAZ) - */ - -char *krb_realmofhost(char *host) -{ - static char realm[REALM_SZ]; - - if (!initialized_store) - if (init_store()) - return 0; - - /* Store realm string through REALM pointer arg */ - GetRealm(host, realm); - return realm; -} - - -char * INTERFACE -krb_get_default_user (void) -{ - if (!initialized_store) - if (init_store()) - return 0; - - return gUserName; -} - - -int INTERFACE -krb_set_default_user (uName) - char* uName; -{ - if (!initialized_store) - if (init_store()) - return KFAILURE; - - if( strcmp( gUserName, uName ) != 0 ) { - strcpy( gUserName, uName ); - if (WriteUser() != 0) - return KFAILURE; - } - return KSUCCESS; -} - - - -void GetPrefsFolder(short *vRefNumP, long *dirIDP) -{ - Boolean hasFolderMgr = false; - long feature; -/* - FIXME Error: Ô_GestaltDispatchÕ has not been declared - not needed now? - jcm - if (TrapAvailable(_GestaltDispatch)) -*/ - if (Gestalt(gestaltFindFolderAttr, &feature) == noErr) hasFolderMgr = true; - if (!hasFolderMgr) { - GetSystemFolder(vRefNumP, dirIDP); - return; - } - else { - if (FindFolder(kOnSystemDisk, kPreferencesFolderType, kDontCreateFolder, vRefNumP, dirIDP) != noErr) { - *vRefNumP = 0; - *dirIDP = 0; - } - } - } - - -/* - init_store() is used to initialize the config store. It opens the - driver preferences file and reads the local realm, user name, and - realm and server maps from resources in the prefs file into driver - storage. If the preferences file doesn't exist, init_store creates it. - Returns 0 on success, or 1 if something goes wrong. - */ -int -init_store() -{ - short refnum; - Handle temp; - int hasPrefFile; - - /* If a prefs file exists, load from it, otherwise load defaults from self */ - GetPrefsFolder(&fPrefVRefNum, &fPrefDirID); - refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdPerm); - hasPrefFile = (refnum != -1); // did we open it? - - temp = GetResource(lrealmtype, kMapResNum); - if(ResError() || !temp) { - if(refnum != -1) CloseResFile(refnum); - fConstructErr = cKrbCorruptedFile; - return 1; - } - strcpy(fLRealm, *temp); - ReleaseResource(temp); - - temp = GetResource(unametype, kMapResNum); - if(ResError() || !temp) { - if(refnum != -1) CloseResFile(refnum); - fConstructErr = cKrbCorruptedFile; - return 1; - } - strcpy(gUserName, *temp); - ReleaseResource(temp); - - fRealmMap = GetResource(realmmaptype, kMapResNum); - if(ResError() || !fRealmMap) { - if(refnum != -1) CloseResFile(refnum); - *fLRealm = 0; - fConstructErr = cKrbCorruptedFile; - return 1; - } - DetachResource(fRealmMap); - - fServerMap = GetResource(servermaptype, kMapResNum); - if(ResError() || !fServerMap) { - if(refnum != -1) CloseResFile(refnum); - *fLRealm = 0; - DisposeHandle(fRealmMap); - fRealmMap = 0; - fConstructErr = cKrbCorruptedFile; - return 1; - } - DetachResource(fServerMap); - - if(refnum != -1) CloseResFile(refnum); - fConstructErr = noErr; - - if (!hasPrefFile) { - fConstructErr = CreatePrefFile(); // make prefs file if we need to - } - - initialized_store = 1; - return 0; -} - - -/****************Private routines******************/ - -OSErr OpenPrefsFile(short *refnum) -{ - *refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdWrPerm); - - if(ResError()) { /* doesn't exist, create it */ - FInfo fndrinfo; - - HCreateResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname); - if(ResError()) { - return ResError(); - } - *refnum = HOpenResFile(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, fsRdWrPerm); - if(ResError()) { - return ResError(); - } - HGetFInfo(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, &fndrinfo); - fndrinfo.fdCreator = prefcrea; - fndrinfo.fdType = preftype; - HSetFInfo(fPrefVRefNum, fPrefDirID, (unsigned char *)prefname, &fndrinfo); - } - - return noErr; - } - - - -OSErr CreatePrefFile() -{ - short refnum, i; - OSErr err; - Handle tmpls[ kNumTemplates ]; - - // Get all the templates for ResEdit - for( i = 0; i < kNumTemplates; i++ ) { - tmpls[i] = GetResource( templatetype, kFirstTemplate + i ); - if( ResError() || !tmpls[i] ) return cKrbCorruptedFile; - } - - err = OpenPrefsFile( &refnum ); - if( err ) return err; - - // write out the templates - for( i = 0; i < kNumTemplates && !err; i++ ) { - short tmplid; - ResType theType; - Str255 resName; - - GetResInfo( tmpls[i], &tmplid, &theType, resName ); - err = WritePref( refnum, tmpls[i], templatetype, tmplid, resName ); - ReleaseResource( tmpls[i] ); - } - - if( !err ) - err = WritePref( refnum, fRealmMap, realmmaptype, kMapResNum, "\p" ); - if( !err ) - err = WritePref( refnum, fServerMap, servermaptype, kMapResNum, "\p" ); - if( !err ) - err = WritePrefStr( refnum, fLRealm, lrealmtype, kMapResNum, "\p" ); - if( !err ) - err = WritePrefStr( refnum, gUserName, unametype, kMapResNum, "\p" ); - - CloseResFile( refnum ); - if( !err ) err = ResError(); - return err; -} - -OSErr WriteUser() -{ - short refnum; - OSErr err; - - err = OpenPrefsFile( &refnum ); - if( err ) return err; - - err = WritePrefStr( refnum, gUserName, unametype, kMapResNum, "\p" ); - - CloseResFile( refnum ); - if( !err ) err = ResError(); - return err; -} - -OSErr WritePref( short refnum, Handle dataHandle, OSType mapType, short resID, Str255 resName ) -{ - OSErr err; - Handle resHandle; - - resHandle = Get1Resource( mapType, resID ); - if( !resHandle ) { // create a new resource: - resHandle = dataHandle; - err = HandToHand( &resHandle ); // copy the data handle - if( err != noErr ) return err; - - AddResource( resHandle, mapType, resID, resName ); - if( ( err = ResError() ) != noErr ) { - DisposHandle( resHandle ); - return err; - } - SetResAttrs( resHandle, resSysHeap | GetResAttrs( resHandle ) ); - } - else { /* modify an existing resource: */ - Size handleSize = GetHandleSize( dataHandle ); - SetHandleSize( resHandle, handleSize ); - if( ( err = MemError() ) != noErr ) { - ReleaseResource( resHandle ); - return err; - } - BlockMove( *dataHandle, *resHandle, handleSize ); - ChangedResource( resHandle ); - if( ( err = ResError() ) != noErr ) { - ReleaseResource( resHandle ); - return err; - } - } - - UpdateResFile( refnum ); - err = ResError(); - ReleaseResource( resHandle ); - return err; -} - -OSErr WritePrefStr( short refnum, char *dataString, OSType mapType, short resID, Str255 resName ) -{ - OSErr err; - Handle dataHandle; - - err = PtrToHand( dataString, &dataHandle, strlen( dataString ) + 1 ); - if( err == noErr ) { - err = WritePref( refnum, dataHandle, mapType, resID, resName ); - DisposHandle( dataHandle ); - } - return err; -} - -OSErr WriteRealmMap() -{ - short refnum; - OSErr err; - - err = OpenPrefsFile( &refnum ); - if( err ) return err; - - err = WritePref( refnum, fRealmMap, realmmaptype, kMapResNum, "\p" ); - - CloseResFile( refnum ); - if( !err ) err = ResError(); - return err; -} - -OSErr WriteServerMap() -{ - short refnum; - OSErr err; - - err = OpenPrefsFile(&refnum); - if( err ) return err; - - err = WritePref( refnum, fServerMap, servermaptype, kMapResNum,"\p" ); - - CloseResFile( refnum ); - if( !err ) err = ResError(); - return err; -} - -OSErr GetLocalRealm(char *lrealm) -{ - if (!initialized_store) - init_store(); - - strcpy(lrealm, fLRealm); - return noErr; - } - -OSErr SetLocalRealm( const char *lrealm ) -{ - short refnum; - OSErr err; - - if (!initialized_store) - init_store(); - - strcpy( fLRealm, (char *) lrealm ); - - err = OpenPrefsFile( &refnum ); - if( err ) return err; - - err = WritePrefStr( refnum, fLRealm, lrealmtype, kMapResNum, "\p" ); - - CloseResFile( refnum ); - if( !err ) err = ResError(); - return err; -} - -OSErr GetRealm(const char *host, char *realm) -{ - int numrealms; - char *curnetorhost, *currealm; - char *domain; - - if (!initialized_store) - init_store(); - - numrealms = *((short *)*fRealmMap); - GetLocalRealm(realm); - - domain = strchr( host, '.'); - if(!domain) return noErr; - - curnetorhost = (*fRealmMap) + 2; - currealm = strchr(curnetorhost, '\0') + 1; - for( ; numrealms > 0; numrealms--) { - if(!strcasecmp(curnetorhost, host)) { - strcpy(realm, currealm); - return noErr; - } - if(!strcasecmp(curnetorhost, domain)) { - strcpy(realm, currealm); - } - - if(numrealms > 1) { - curnetorhost = strchr(currealm, '\0') + 1; - currealm = strchr(curnetorhost, '\0') + 1; - } - } - - return noErr; - } - -OSErr AddRealmMap(const char *netorhost, const char *realm) -{ - int numrealms; - char *curptr; - - SetHandleSize(fRealmMap, strlen(netorhost)+1 + strlen(realm)+1 + - GetHandleSize(fRealmMap)); - if(MemError()) return MemError(); - - numrealms = ++(*((short *)*fRealmMap)); - - for(curptr = (*fRealmMap)+2; numrealms > 1; numrealms--) { - curptr = strchr(curptr, '\0') + 1; - curptr = strchr(curptr, '\0') + 1; - } - - strcpy(curptr, netorhost); - curptr = strchr(curptr, '\0') + 1; - strcpy(curptr, realm); - - return WriteRealmMap(); - } - -OSErr DeleteRealmMap(const char *netorhost) -{ - int numrealms = *((short *)*fRealmMap); - char *curptr, *fromptr, *nextptr; - - for(curptr = (*fRealmMap)+2; numrealms > 0; numrealms--) { - if(!strcasecmp(curptr, netorhost)) break; /* got it! */ - - curptr = strchr(curptr, '\0') + 1; - curptr = strchr(curptr, '\0') + 1; - } - - if(numrealms == 0) return cKrbMapDoesntExist; - - *(short*)*fRealmMap -= 1; - - if(numrealms > 1) { - fromptr = strchr(curptr, '\0') + 1; - fromptr = strchr(fromptr, '\0') + 1; - } - - for( ; numrealms > 1; numrealms--) { - nextptr = strchr(fromptr, '\0') + 1; - strcpy(curptr, fromptr); - curptr = strchr(curptr, '\0') + 1; - fromptr = nextptr; - - nextptr = strchr(fromptr, '\0') + 1; - strcpy(curptr, fromptr); - curptr = strchr(curptr, '\0') + 1; - fromptr = nextptr; - } - - SetHandleSize(fRealmMap, curptr-(*fRealmMap)); - if(MemError()) return MemError(); - return WriteRealmMap(); - } - -OSErr GetNthRealmMap(const int n, char *netorhost, char *realm) -{ - int i; - char *curptr; - - if(n > *(short*)*fRealmMap) return cKrbMapDoesntExist; - - for(curptr = (*fRealmMap) + 2, i = 1; i < n; i++) { - curptr = strchr(curptr, '\0') + 1; - curptr = strchr(curptr, '\0') + 1; - } - - strcpy(netorhost, curptr); - curptr = strchr(curptr, '\0') + 1; - strcpy(realm, curptr); - - return noErr; - } - -OSErr GetNthServer(const int n, const char *realm, const int mustadmin, - char *server) -{ - int numservers = *(short*)*fServerMap, i = 0; - char *currealm, *curserver; - - currealm = (*fServerMap) + 2; - curserver = strchr(currealm, '\0') + 1 + 1; - for( ; numservers > 0; numservers--) { - if(!strcmp(currealm, realm)) { - if(!mustadmin || *(curserver-1)) i++; - if(i >= n) { - strcpy(server, curserver); - return noErr; - } - } - - if(numservers > 1) { - currealm = strchr(curserver, '\0') + 1; - curserver = strchr(currealm, '\0') + 1 + 1; - } - } - - return cKrbMapDoesntExist; - } - -OSErr AddServerMap(const char *realm, const char *server, - const int isadmin) -{ - int numservers; - char *curptr; - - SetHandleSize(fServerMap, strlen(realm)+1 + 1 + strlen(server)+1 + - GetHandleSize(fServerMap)); - if(MemError()) return MemError(); - - numservers = ++(*((short *)*fServerMap)); - - for(curptr = (*fServerMap)+2; numservers > 1; numservers--) { - curptr = strchr(curptr, '\0') + 1 + 1; - curptr = strchr(curptr, '\0') + 1; - } - - strcpy(curptr, realm); - curptr = strchr(curptr, '\0') + 1; - *curptr = (char) isadmin; - curptr++; - strcpy(curptr, server); - - return WriteServerMap(); - } - -OSErr DeleteServerMap(const char *realm, const char *server) -{ - int numservers = *((short *)*fServerMap); - char *curptr, *fromptr, *nextptr; - - for(curptr = (*fServerMap)+2; numservers > 0; numservers--) { - if(!strcmp(curptr, realm)) { - nextptr = strchr(curptr, '\0') + 1 + 1; - if(!strcasecmp(nextptr, server)) { - break; /* got it! */ - } - } - - curptr = strchr(curptr, '\0') + 1 + 1; - curptr = strchr(curptr, '\0') + 1; - } - - if(numservers == 0) return cKrbMapDoesntExist; - - *(short*)*fServerMap -= 1; - - if(numservers > 1) { - fromptr = strchr(curptr, '\0') + 1 + 1; - fromptr = strchr(fromptr, '\0') + 1; - } - - for( ; numservers > 1; numservers--) { - nextptr = strchr(fromptr, '\0') + 1; - strcpy(curptr, fromptr); - curptr = strchr(curptr, '\0') + 1; - fromptr = nextptr; - - *curptr = *fromptr; - curptr++; - fromptr++; - - nextptr = strchr(fromptr, '\0') + 1; - strcpy(curptr, fromptr); - curptr = strchr(curptr, '\0') + 1; - fromptr = nextptr; - } - - SetHandleSize(fServerMap, curptr-(*fServerMap)); - if(MemError()) return MemError(); - return WriteServerMap(); - } - -OSErr GetNthServerMap(const int n, char *realm, char *server, int *admin) -{ - int i; - char *curptr; - - if(n > *(short*)*fServerMap) return cKrbMapDoesntExist; - - for(curptr = (*fServerMap) + 2, i = 1; i < n; i++) { - curptr = strchr(curptr, '\0') + 1 + 1; - curptr = strchr(curptr, '\0') + 1; - } - - strcpy(realm, curptr); - curptr = strchr(curptr, '\0') + 1; - *admin = *curptr; - curptr++; - strcpy(server, curptr); - - return noErr; -} diff --git a/src/lib/krb4/mac_store.h b/src/lib/krb4/mac_store.h deleted file mode 100644 index b1652dc556..0000000000 --- a/src/lib/krb4/mac_store.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - store.h - Kerberos credential store - Originally coded by Tim Miller / Brown University - Mods 1/92 By Peter Bosanko - - Modified May 1994 by Julia Menapace and John Gilmore, Cygnus - Support. -*/ - -#include "memcache.h" - -extern OSErr fConstructErr; - - OSErr CreatePrefFile(); - OSErr WriteUser(); /* saves gUserName to prefs file */ - - /* Used internally... */ - OSErr WritePref(short refnum, Handle dataHandle, OSType mapType, short resID, - Str255 resName); - OSErr WritePrefStr(short refnum, char *dataString, OSType mapType, short resID, - Str255 resName); - - /*** Realm info routines: ***/ - OSErr GetLocalRealm(char *lrealm); /* stuffs local realm in lrealm */ - OSErr SetLocalRealm(const char *lrealm); /* sets local realm */ - - OSErr GetRealm(const char *host, char *realm); /* yields realm for given - host's net name */ - OSErr AddRealmMap(const char *netorhost, const char *realm); /* says hosts - with this name or in this domain (if - begins with period) map to this realm - (provided no more specific map is - found) */ - OSErr DeleteRealmMap(const char *netorhost); /* deletes realm map for the - net or net hostname */ - OSErr GetNthRealmMap(const int n, char *netorhost, char *realm); /* yields - the Nth mapping of a net or host to - a kerberos realm */ - - OSErr GetNthServer(const int n, const char *realm, const int mustadmin, - char *server); /* yields Nth (administrating if - mustadmin is true) server for - the given realm */ - OSErr AddServerMap(const char *realm, const char *server, - const int isadmin); /* says this server services this - realm (administratively if isadmin) */ - OSErr DeleteServerMap(const char *realm, const char *server); /* deletes - the map of this realm to this server */ - OSErr GetNthServerMap(const int n, char *realm, char *server, int *admin); - /* yields Nth realm-server mapping */ - - OSErr OpenPrefsFile(short *refnum); /* open (create if necessary) prefs file - for writing */ - OSErr WriteRealmMap(); - OSErr WriteServerMap(); diff --git a/src/lib/krb4/mac_stubs.c b/src/lib/krb4/mac_stubs.c deleted file mode 100644 index 2cd1f0ac76..0000000000 --- a/src/lib/krb4/mac_stubs.c +++ /dev/null @@ -1,525 +0,0 @@ -/* - * mac_stubs.c - * - * For copying and distribution information, please see the file - * . - * - * Macintosh oopserating system stub interface for Kerberos. - * Applications call these routines, which then call the driver to do the work. - */ - -#include "krb.h" -#include "krb_driver.h" /* Mac driver interface */ - -#include -#include -#include -#include - -/* We export the driver reference under the name mac_stubs_kdriver, - but for convenience throughout this code, we call it "kdriver", - which was its name when it was static. */ -short mac_stubs_kdriver = 0; /* .Kerberos driver ref */ -#define kdriver mac_stubs_kdriver - -ParamBlockRec pb[1]; -struct krbHiParmBlock khipb[1]; -struct krbParmBlock klopb[1]; - -short lowcall (long cscode, krbParmBlock *klopb, short kdriver) -{ - short s; - ParamBlockRec pb; - - memset (&pb, 0, sizeof(ParamBlockRec)); - *(long *)pb.cntrlParam.csParam = (long)klopb; - pb.cntrlParam.ioCompletion = nil; - pb.cntrlParam.ioCRefNum = kdriver; - pb.cntrlParam.csCode = cscode; - - if (s = PBControl(&pb, false)) - return KFAILURE; - if (s = pb.cntrlParam.ioResult) - return -(s - cKrbKerberosErrBlock); /* Restore krb err code from driver err */ - - return KSUCCESS; -} - - -short hicall (long cscode, krbHiParmBlock *khipb, short kdriver) -{ - short s; - ParamBlockRec pb; - memset(&pb, 0, sizeof(ParamBlockRec)); - *(long *)pb.cntrlParam.csParam = (long)khipb; - pb.cntrlParam.ioCompletion = nil; - pb.cntrlParam.ioCRefNum = kdriver; - - pb.cntrlParam.csCode = cscode; - if (s = PBControl(&pb, false)) - return KFAILURE; - if (s = pb.cntrlParam.ioResult) - return -(s - cKrbKerberosErrBlock); /* Restore krb err code from driver err */ - - return KSUCCESS; -} - - -int INTERFACE -krb_start_session (x) - char *x; -{ - short s; - - /* - * Open the .Kerberos driver if not already open - */ - if (!kdriver) { - s = OpenDriver("\p.Kerberos", &kdriver); - if (s) { - return KFAILURE; /* Improve this error code */ - } - } - - return KSUCCESS; -} - - -int INTERFACE -krb_end_session (x) - char *x; -{ - short s; - -#if 0 /* This driver doesn't want to be closed. FIXME, is this OK? */ - if (kdriver) { - s = CloseDriver(kdriver); - if (s) - return KFAILURE; - kdriver = 0; - } -#endif - return KSUCCESS; -} - - -char * INTERFACE -krb_realmofhost (host) - char *host; -{ - short s; - ParamBlockRec pb; - static char realm[REALM_SZ]; - - memset(klopb, 0, sizeof(*klopb)); - klopb->host = host; - klopb->uRealm = realm; - - /* FIXME jcm - no error handling for return value of lowcall in krb_realmofhost */ - s = lowcall (cKrbGetRealm , klopb, kdriver); - - return realm; -} - -int INTERFACE -krb_get_lrealm (realm, n) - char *realm; - int n; -{ - short s; - ParamBlockRec pb; - - if (n != 1) - return KFAILURE; - - memset(klopb, 0, sizeof(*klopb)); - klopb->uRealm = realm; - - s = lowcall (cKrbGetLocalRealm, klopb, kdriver); - return s; - -} - - -int INTERFACE -kname_parse (name, instance, realm, fullname) - char *name, *instance, *realm, *fullname; -{ - short s; - ParamBlockRec pb; - - memset(klopb, 0, sizeof(*klopb)); - klopb->uName = name; - klopb->uInstance = instance; - klopb->uRealm = realm; - klopb->fullname = fullname; - - s = lowcall (cKrbKnameParse, klopb, kdriver); - return s; -} - -const char* INTERFACE -krb_get_err_text (error_code) - int error_code; -{ - short s; - - memset(klopb, 0, sizeof(*klopb)); - klopb->admin = error_code; - s = lowcall (cKrbGetErrText, klopb, kdriver); - if (s != KSUCCESS) - return "Error in get_err_text"; - return klopb->uName; -} - - -int INTERFACE -krb_get_pw_in_tkt(user,instance,realm,service,sinstance,life,password) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *password; -{ - short s; - - memset(klopb, 0, sizeof(*klopb)); - klopb->uName = user; - klopb->uInstance = instance; - klopb->uRealm = realm; - klopb->sName = service; - klopb->sInstance = sinstance; - klopb->admin = life; - klopb->fullname = password; - - s = lowcall (cKrbGetPwInTkt, klopb, kdriver); - return s; -} - - -/* FIXME: For now, we handle the preauth version exactly the same - as the non-preauth. */ -krb_get_pw_in_tkt_preauth(user,instance,realm,service,sinstance,life,password) - char *user, *instance, *realm, *service, *sinstance; - int life; - char *password; -{ - short s; - - memset(klopb, 0, sizeof(*klopb)); - klopb->uName = user; - klopb->uInstance = instance; - klopb->uRealm = realm; - klopb->sName = service; - klopb->sInstance = sinstance; - klopb->admin = life; - klopb->fullname = password; - - s = lowcall (cKrbGetPwInTkt, klopb, kdriver); - return s; -} - - - -char* INTERFACE -krb_get_default_user (void) -{ - short s; - static char return_name[MAX_K_NAME_SZ]; - - memset(khipb, 0, sizeof(*khipb)); - khipb->user = return_name; - s = hicall (cKrbGetUserName, khipb, kdriver); - if (s != KSUCCESS) - return 0; - return return_name; -} - - -int INTERFACE -krb_set_default_user (uName) - char* uName; -{ - short s; - - memset(khipb, 0, sizeof(*khipb)); - khipb->user = uName; - s = hicall (cKrbSetUserName, khipb, kdriver); - return s; -} - -int INTERFACE -krb_get_cred (name, instance, realm, cr) - char *name; - char *instance; - char *realm; - CREDENTIALS *cr; -{ - short s; - - memset(klopb, 0, sizeof(*klopb)); - - strcpy(cr->service, name); - strcpy(cr->instance, instance); - strcpy(cr->realm, realm); - - klopb->cred = cr; - - s = lowcall (cKrbGetCredentials, klopb, kdriver); - return s; -} - -int INTERFACE -krb_save_credentials (sname, sinstance, srealm, session, - lifetime, kvno,ticket, issue_date) - char *sname; /* service name */ - char *sinstance; /* service instance */ - char *srealm; /* service realm */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT ticket; /* The ticket itself */ - long issue_date; /* The issue time */ - -{ - short s; - CREDENTIALS cr; - - strcpy(cr.service, sname); - strcpy(cr.instance, sinstance); - strcpy(cr.realm, srealm); - memcpy(cr.session, session, sizeof(C_Block)); - cr.lifetime = lifetime; - cr.kvno = kvno; - cr.ticket_st = *ticket; - cr.issue_date = issue_date; - - memset(klopb, 0, sizeof(*klopb)); - klopb->cred = &cr; - - s = lowcall (cKrbAddCredentials, klopb, kdriver); - return s; -} - - -int INTERFACE -krb_delete_cred (sname, sinstance, srealm) - char *sname; - char *sinstance; - char *srealm; -{ - short s; - - memset(klopb, 0, sizeof(*klopb)); - - klopb->sName = sname; - klopb->sInstance = sinstance; - klopb->sRealm = srealm; - - s = lowcall (cKrbDeleteCredentials, klopb, kdriver); - return s; -} - -int INTERFACE -dest_tkt (cachename) - char *cachename; /* This parameter is ignored. */ -{ - short s; - - memset(klopb, 0, sizeof(*klopb)); - s = lowcall (cKrbDeleteAllSessions, klopb, kdriver); - return s; -} - -/* - * returns service name, service instance and realm of the nth credential. - * credential numbering is 1 based. - */ - -int INTERFACE -krb_get_nth_cred (sname, sinstance, srealm, n) - char *sname; - char *sinstance; - char *srealm; - int n; -{ - short s; - - memset(klopb, 0, sizeof(*klopb)); - - klopb->sName = sname; - klopb->sInstance = sinstance; - klopb->sRealm = srealm; - klopb->itemNumber = &n; - - s = lowcall (cKrbGetNthCredentials, klopb, kdriver); - return s; -} - -/* - * Return the number of credentials in the current credential cache (ticket cache). - * On error, returns -1. - */ -int INTERFACE -krb_get_num_cred () -{ - int s; - int n; - - memset(klopb, 0, sizeof(*klopb)); - klopb->itemNumber = &n; - - s = lowcall (cKrbGetNumCredentials, klopb, kdriver); - if (s) - return -1; - return *(klopb->itemNumber); -} - - - -/* GetNthRealmMap - yields the Nth mapping of a net or host to a Kerberos realm - -> itemNumber which mapping, traditionally the first - -> host host or net - -> uRealm pointer to buffer that will receive realm name -*/ - -OSErr INTERFACE -GetNthRealmMap(n, netorhost, realm) - int n; - char *netorhost; - char *realm; -{ - int s; - memset(klopb, 0, sizeof(*klopb)); - klopb->itemNumber = &n; - klopb->host = netorhost; - klopb->uRealm = realm; - - s = lowcall (cKrbGetNthRealmMap, klopb, kdriver); - return s; -} - -/* GetNthServerMap - yields Nth realm-server mapping - -> itemNumber which mapping should be returned - -> uRealm pointer to buffer that will receive realm name - -> host pointer to buffer that will receive server name - -> admin pointer to admin flag - */ - -OSErr INTERFACE -GetNthServerMap(n, realm, server, admin) - int n; - char *realm; - char *server; - int *admin; -{ - int s; - memset(klopb, 0, sizeof(*klopb)); - klopb->itemNumber = &n; - klopb->uRealm = realm; - klopb->host = server; - klopb->adminReturn = admin; - - s = lowcall (cKrbGetNthServerMap, klopb, kdriver); - return s; -} - - - -/* krb_get_ticket_for_service - * Gets a ticket and returns it to application in buf - -> service Formal Kerberos name of service - -> buf Buffer to receive ticket - -> checksum checksum for this service - <-> buflen length of ticket buffer (must be at least - 1258 bytes) - <- sessionKey for internal use - <- schedule for internal use - - * Result is: - * GC_NOTKT if there is no matching TGT in the cache - * MK_AP_TGTEXP if the matching TGT is expired - * Other errors possible. These could cause a dialogue with the user - * to get a new TGT. - */ - -int INTERFACE -krb_get_ticket_for_service (serviceName, buf, buflen, checksum, sessionKey, - schedule, version, includeVersion) - char *serviceName; - char *buf; - unsigned KRB4_32 *buflen; - int checksum; - des_cblock sessionKey; - Key_schedule schedule; - char *version; - int includeVersion; -{ - short s; - - if (includeVersion) - return KFAILURE; /* Not implmented in the kclient driver iface */ - - memset(khipb, 0, sizeof(*khipb)); - khipb->service = serviceName; - khipb->buf = buf; - khipb->buflen = *buflen; - khipb->checksum = checksum; - - s = hicall (cKrbGetTicketForService, khipb, kdriver); - /* These are ARRAYS in the hiparmblock, for some reason! */ - memcpy (sessionKey, khipb->sessionKey, sizeof (khipb[0].sessionKey)); - memcpy (schedule, khipb->schedule, sizeof (khipb[0].schedule)); - *buflen = khipb->buflen; - return s; -} - - -/* krb_get_tf_fullname -- return name, instance and realm of the - principal in the current ticket file. The ticket file name is not - currently used for anything since there is only one credentials - cache/ticket file -*/ - -int INTERFACE -krb_get_tf_fullname (tktfile, name, instance, realm) - char *tktfile; - char *name; - char *instance; - char *realm; - -{ - short s; - memset (klopb, 0, sizeof(*klopb)); - klopb->fullname = tktfile; - klopb->uName = name; - klopb->uInstance = instance; - klopb->uRealm = realm; - - s = lowcall (cKrbGetTfFullname, klopb, kdriver); - return s; -} - - - -#if 0 - xbzero(khipb, sizeof(krbHiParmBlock)); - khipb->service = (char *)cannon; - khipb->buf = (char *)buf; /* where to build it */ - khipb->checksum = 0; - khipb->buflen = sizeof(buf); - if (s = hicall(cKrbGetTicketForService, khipb, kdriver)) - return s; - xbcopy(khipb->sessionKey, sessionKey, sizeof(sessionKey)); /* save the session key */ - /* - * cKrbGetTicketForService put a longword buffer length into the buffer - * which we don't want, so we ignore it. - * Make room for first 3 bytes which preceed the auth data. - */ - cp = &buf[4-3]; /* skip long, make room for 3 bytes */ - cp[0] = tp[0]; /* copy type and modifier */ - cp[1] = tp[1]; - cp[2] = KRB_AUTH; /* suboption command */ - len = khipb->buflen - sizeof(long) + 3; /* data - 4 + 3 */ - -#endif /* 0 */ diff --git a/src/lib/krb4/mac_time.c b/src/lib/krb4/mac_time.c deleted file mode 100644 index bec4d8f530..0000000000 --- a/src/lib/krb4/mac_time.c +++ /dev/null @@ -1,152 +0,0 @@ -/* - * mac_time.c - * (Originally time_stuff.c) - * - * Copyright 1989 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Macintosh ooperating system interface for Kerberos. - */ - -#include "mit-copyright.h" -#include "krb.h" -#include "des.h" -#include "AddressXlation.h" /* for ip_addr */ -#include -#include - -#include /* Defines MachineLocation, used by getTimeZoneOffset */ -#include /* Defines BitTst(), called by getTimeZoneOffset() */ -#include /* Defines GetDateTime */ - -/* Mac Cincludes */ -#include -#include - - - /******************************* - The Unix epoch is 1/1/70, the Mac epoch is 1/1/04. - - 70 - 4 = 66 year differential - - Thus the offset is: - - (66 yrs) * (365 days/yr) * (24 hours/day) * (60 mins/hour) * (60 secs/min) - plus - (17 leap days) * (24 hours/day) * (60 mins/hour) * (60 secs/min) - - Don't forget the offset from GMT. - *******************************/ - - -/* returns the offset in hours between the mac local time and the GMT */ - -unsigned long -getTimeZoneOffset() -{ - MachineLocation macLocation; - long gmtDelta; - - macLocation.gmtFlags.gmtDelta=0L; - ReadLocation(&macLocation); - gmtDelta=macLocation.gmtFlags.gmtDelta & 0x00FFFFFF; - if (BitTst((void *)&gmtDelta,23L)) gmtDelta |= 0xFF000000; - gmtDelta /= 3600L; - return(gmtDelta); -} - - -/* Returns the GMT in seconds using the Unix epoch, ie. Net time */ - -static unsigned long -gettimeofdaynet_no_offset() -{ - time_t the_time; - - GetDateTime (&the_time); - the_time = the_time - - ((66 * 365 * 24 * 60 * 60) + - (17 * 24 * 60 * 60) + - (getTimeZoneOffset() * 60 * 60)); - return the_time; -} - - - -int -gettimeofdaynet (struct timeval *tp, struct timezone *tz) -{ - tp->tv_sec = gettimeofdaynet_no_offset(); - return 0; -} - - -#if 0 - -int -gettimeofdaynet (struct timeval *tp, struct timezone *tz) -{ - int result; - - if (!net_got_offset) - result = get_net_offset(); - else result = 0; - - time ((time_t *) &(tp->tv_sec)); - - tp->tv_sec = tp->tv_sec - (66 * 365 * 24 * 60 * 60 - + 17 * 60 * 60 * 24) + net_offset; - - return (result); -} - - -#define TIME_PORT 37 -#define TM_OFFSET 2208988800 - -/* - * - * get_net_offset () -- Use UDP time protocol to figure out the - * offset between what the Mac thinks the time is an what - * the network thinks. - * - */ -int -get_net_offset() -{ - time_t tv; - char buf[512],ts[256]; - long *nettime; - int attempts, cc, time_port; - long unixtime; - char realm[REALM_SZ]; - ip_addr fromaddr; - unsigned short fromport; - int result; - - nettime = (long *)buf; - time_port = TIME_PORT; - - cc = sizeof(buf); - result = hosts_send_recv(ts, 1, buf, &cc, "", time_port); - time (&tv); - - if (result!=KSUCCESS || cc<4) { - net_offset = 0; - if (!result) result = 100; - return result; - } - - unixtime = (long) ntohl(*nettime) - TM_OFFSET; - - tv -= 66 * 365 * 24 * 60 * 60 - + 17 * 60 * 60 * 24; /* Convert to unix time w/o offset */ - net_offset = unixtime - tv; - net_got_offset = 1; - - return 0; -} - -#endif diff --git a/src/lib/krb4/memcache.c b/src/lib/krb4/memcache.c deleted file mode 100644 index 18a74126bf..0000000000 --- a/src/lib/krb4/memcache.c +++ /dev/null @@ -1,891 +0,0 @@ -/* - * memcache.c - * - * Kerberos credential cache - * Originally coded by Tim Miller / Brown University as KRB_Store.c - * Mods 1/92 By Peter Bosanko - * - * Modified May-June 1994 by Julia Menapace and John Gilmore - * of Cygnus Support. - * - * This file incorporates replacements for the Unix files - * in_tkt.c, dest_tkt.c, tf_util.c, and tkt_string.c. - */ - -#include "krb.h" -#include "krb4int.h" -#include "autoconf.h" - -#ifdef _WIN32 -#include - -typedef DWORD OSErr; -#define noErr 0 -#define cKrbCredsDontExist 12001 -#define cKrbSessDoesntExist 12002 -#define memFullErr ENOMEM -#endif - -#ifndef unix -#ifdef _AIX -#define unix -#endif -#endif - -#ifdef unix -/* Unix interface to memory cache Mac functions. */ - -#include -#include -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc (), *realloc (); -#endif - -typedef int OSErr; -#define noErr 0 -#define memFullErr ENOMEM - -#endif /* unix */ - -#include "memcache.h" - - -/* Lower level data structures */ - -static int fNumSessions = 0; -static Session **fSessions = 0; - -#ifndef _WIN32 -#define change_cache() -#endif - -#if defined (_WIN32) || defined (unix) -/* Fake Mac handles up for general use. */ -#define Handle char ** -#define Size int - -static OSErr memerror = noErr; - -/* - * Simulates Macintosh routine by allocating a block of memory - * and a pointer to that block of memory. If the requested block - * size is 0, then we just allocate the indirect pointer and 0 - * it, otherwise we allocate an indirect pointer and place a pointer - * to the actual allocated block in the indirect pointer location. - */ -Handle -NewHandleSys(s) - int s; -{ - Handle h; - - h = (char **) malloc(sizeof(char *)); - - if (h == NULL) { - memerror = memFullErr; - return (NULL); - } - - if (s > 0) { - *h = malloc(s); - - if (*h == NULL) { - free(h); - memerror = memFullErr; - return (NULL); - } - } - else - *h = NULL; - - memerror = noErr; - - return h; -} - -/* - * Frees allocated indirect pointer and the block of memory it points - * to. If the indirect pointer is NULL, then the block is considered - * to have 0 length. - */ -void -DisposHandle(h) - Handle h; -{ - if (*h != NULL) - free(*h); - free(h); -} - -/* - * Resizes a block of memory pointed to by and indirect pointer. The - * indirect pointer is updated when the block of memory is reallocated. - * If the indirect pointer is 0, then the block of memory is allocated - * rather than reallocated. If the size requested is 0, then the block - * is deallcated rather than reallocated. - */ -void -SetHandleSize(h, s) - Handle h; - int s; -{ - if (*h != NULL) { - if (s > 0) { - *h = realloc(*h, s); - if (*h == NULL) { - memerror = memFullErr; - return; - } - } - else { - free(*h); - *h = NULL; - } - } - - else { - if (s > 0) { - *h = malloc(s); - if (*h == NULL) { - memerror = memFullErr; - return; - } - } - } - - memerror = noErr; -} - -OSErr -MemError() -{ - return memerror; -} - -#endif /* Windows || unix */ - -#ifdef _WIN32 - -/* - * change_cache should be called after the cache changes. - * If the session count is > 0 it forces the DLL to stay in - * memory even after the calling program exits providing cross - * session ticket cacheing. Also a notification message is - * is posted out to all top level Windows so that they may - * recheck the cache based on the changes made. The - * krb_get_notifcation_message routine will return the - * current notificaiton message for the system which an - * application can expect to get. - */ -void -change_cache() -{ - char fname[260]; - static BOOL locked = FALSE; - - if (fNumSessions > 0 && !locked) { - GetModuleFileName(get_lib_instance(), fname, sizeof(fname)); - LoadLibrary(fname); - locked = TRUE; - } - - else if (fNumSessions == 0 && locked) { - FreeLibrary(get_lib_instance()); - locked = FALSE; - } - - PostMessage(HWND_BROADCAST, krb_get_notification_message(), 0, 0); -} - - -/* - * Returns a system wide unique notification message. This - * message will be broadcast to all top level windows when - * the credential cache changes. - */ -unsigned int -krb_get_notification_message(void) -{ - static UINT message = 0; - - if (message == 0) - message = RegisterWindowMessage(WM_KERBEROS_CHANGED); - - return message; -} - - -#endif /* Windows */ - - -/* The low level routines in this file are capable of storing - tickets for multiple "sessions", each led by a different - ticket-granting ticket. For now, since the top level code - doesn't know how to handle that, we are short-cutting all - that with a fixed top level identifying tag for the (one) - session supported. - - FIXME jcm - Force one named cache for now for compatibility with - Cygnus source tree. Figure out later how to access the multiple - cache functionality in KClient. - */ - -char uname[] = "Fixed User"; -char uinstance[] = "Fixed Instance"; -char urealm[] = "Fixed Realm"; - -static char curr_auth_uname [ANAME_SZ]; -static char curr_auth_uinst [INST_SZ]; - - -/* - in_tkt() is used to initialize the ticket cache. - It inits the driver's credentials storage, by deleting any tickets. - in_tkt() returns KSUCCESS on success, or KFAILURE if something goes wrong. - - User name, instance and realm are not currently being stored in - the credentials cache because currently we are forcing a single - named cache by using a fixed user name,inst,and realm in the - memcache accessor routines. - - FIXME jcm - needed while stubbing out multi-caching with fixed - user etc... Store currently authenticated user name and instance - in this file. We will use this information to fill out the p_user - and p_inst fields in the credential. - - FIXME jcm - more kludges: make sure default user name matches the - current credentials cache. Telnet asks for default user name. It - may have last been set to another user name programmatically or - via ResEdit. - - */ -int KRB5_CALLCONV -in_tkt(pname,pinst) - char *pname; - char *pinst; -{ - int retval; - - strncpy (curr_auth_uname, pname, ANAME_SZ); - strncpy (curr_auth_uinst, pinst, INST_SZ); - - krb_set_default_user (pname); - - retval = dest_tkt(); - if (!retval) - return retval; - else - return KSUCCESS; - -} - -int KRB5_CALLCONV -krb_in_tkt(pname, pinst, prealm) - char *pname; - char *pinst; - char *prealm; -{ - return in_tkt(pname, pinst); -} - -/* - * dest_tkt() is used to destroy the ticket store upon logout. - * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. - * Otherwise the function returns RET_OK on success, KFAILURE on - * failure. - * - */ -int KRB5_CALLCONV -dest_tkt() -{ - /* - FIXME jcm - Force one named cache for now for - compatibility with Cygnus source tree. Figure out - later how to access the multiple cache functionality in - KClient. - */ - OSErr err; - - err = DeleteSession(uname, uinstance, urealm); - - change_cache(); - - switch(err) { - case noErr: - return RET_OK; - case cKrbSessDoesntExist: - return RET_TKFIL; - default: - return KFAILURE; - } - } - - -int dest_all_tkts() -{ - int i=0; - char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ]; - int ndeletes=0; - int err=0; - - (void) GetNumSessions(&i); - if(!i) return RET_TKFIL; - - for( ; i; i--) { - if(!GetNthSession(i, name, inst, realm)) { - if (err = DeleteSession(name, inst, realm)) - break; - ndeletes++; - } - else { - err = KFAILURE; - break; - } - } - - if (ndeletes > 0) - change_cache(); - - if (err) - return KFAILURE; - else - return KSUCCESS; - } - - -/* krb_get_tf_realm -- return the realm of the current ticket file. */ -int KRB5_CALLCONV -krb_get_tf_realm (tktfile, lrealm) - char *tktfile; - char *lrealm; /* Result stored through here */ -{ - - return krb_get_tf_fullname(tktfile, (char*) 0, (char*) 0 , lrealm); -} - - -/* krb_get_tf_fullname -- return name, instance and realm of the -principal in the current ticket file. */ -int KRB5_CALLCONV -krb_get_tf_fullname (tktfile, name, instance, realm) - char *tktfile; - char *name; - char *instance; - char *realm; - -{ - OSErr err; - -/* - Explaining this ugly hack: - uname, uinstance, and urealm in the session record are "fixed" - to short circuit multicache functionality, yielding only one - session/cache for all cases. This was done under protest to remain - API compatable with UNIX. The principal's and service realm are - always the same and are stored in the same field of the credential. - Principal's name and instance are stored neither in the session - record or the credentials cache but in the file static variables - curr_auth_uname, and curr_auth_uinst as set by in_tkt from its - arguments pname and pinst. - - FIXME for multiple sessions -- keep track of which one is - the "current" session, as picked by the user. tktfile not - used for anything right now... -*/ - - err = GetNthCredentials(uname, uinstance, urealm, name, - instance, realm, 1); - - if (err != noErr) - return NO_TKT_FIL; - - if (name) - strcpy(name, curr_auth_uname); - if (instance) - strcpy(instance, curr_auth_uinst); - - return KSUCCESS; - -} - - -/* - * krb_get_cred takes a service name, instance, and realm, and a - * structure of type CREDENTIALS to be filled in with ticket - * information. It then searches the ticket file for the appropriate - * ticket and fills in the structure with the corresponding - * information from the file. If successful, it returns KSUCCESS. - * On failure it returns a Kerberos error code. - */ -int KRB5_CALLCONV -krb_get_cred (service, instance, realm, c) - char *service; /* Service name */ - char *instance; /* Instance */ - char *realm; /* Authorization domain */ - CREDENTIALS *c; /* Credentials struct */ -{ - strcpy(c->service, service); - strcpy(c->instance, instance); - strcpy(c->realm, realm); - - /* - FIXME jcm - Force one named cache for now for - compatibility with Cygnus source tree. Figure out - later how to access the multiple cache functionality - from KClient. - */ - - switch(GetCredentials(uname, uinstance, urealm, c)) { - case noErr: - return KSUCCESS; - case cKrbCredsDontExist: - case cKrbSessDoesntExist: - return GC_NOTKT; - default: - return KFAILURE; - } -} - -/* - * This routine takes a ticket and associated info and - * stores them in the ticket cache. The peer - * routine for extracting a ticket and associated info from the - * ticket cache is krb_get_cred(). When changes are made to - * this routine, the corresponding changes should be made - * in krb_get_cred() as well. - * - * Returns KSUCCESS if all goes well, otherwise KFAILURE. - */ - -int -krb4int_save_credentials_addr(sname, sinst, srealm, session, - lifetime, kvno, ticket, issue_date, laddr) - - char* sname; /* Service name */ - char* sinst; /* Instance */ - char* srealm; /* Auth domain */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT ticket; /* The ticket itself */ - KRB4_32 issue_date; /* The issue time */ - KRB_UINT32 laddr; -{ - CREDENTIALS cr; - - strcpy(cr.service, sname); - strcpy(cr.instance, sinst); - strcpy(cr.realm, srealm); - memcpy((void*)cr.session, (void*)session, sizeof(C_Block)); - cr.lifetime = lifetime; - cr.kvno = kvno; - cr.ticket_st = *ticket; - cr.issue_date = issue_date; - strcpy(cr.pname, curr_auth_uname); /* FIXME for mult sessions */ - strcpy(cr.pinst, curr_auth_uinst); /* FIXME for mult sessions */ - - if(AddCredentials(uname, uinstance, urealm, &cr)) return KFAILURE; - change_cache(); - return KSUCCESS; -} - -int KRB5_CALLCONV -krb_save_credentials( - char *name, - char *inst, - char *realm, - C_Block session, - int lifetime, - int kvno, - KTEXT ticket, - KRB4_32 issue_date) -{ - return krb4int_save_credentials_addr(name, inst, realm, session, - lifetime, kvno, ticket, - issue_date, 0); -} - - -int -krb_delete_cred (sname, sinstance, srealm) - char *sname; - char *sinstance; - char *srealm; -{ - - if (DeleteCredentials (uname, uinstance, urealm, sname, sinstance, srealm)) - return KFAILURE; - - change_cache(); - - return KSUCCESS; - - /* - FIXME jcm - translate better between KClient internal OSErr errors - (eg. cKrbCredsDontExist) and kerberos error codes (eg. GC_NOTKT) - */ -} - -int -krb_get_nth_cred (sname, sinstance, srealm, n) - char *sname; - char *sinstance; - char *srealm; - int n; -{ - if (GetNthCredentials(uname, uinstance, urealm, sname, sinstance, srealm, n)) - return KFAILURE; - else - return KSUCCESS; -} - -/* - * Return the number of credentials in the current credential cache (ticket cache). - * On error, returns -1. - */ -int -krb_get_num_cred () -{ - int n; - int s; - - s = GetNumCredentials(uname, uinstance, urealm, &n); - if (s) return -1; - else return n; -} - - - -/* Lower level routines */ - -OSErr GetNumSessions(n) - int *n; -{ - *n = fNumSessions; - return 0; - } - -/* n starts at 1, not 0 */ -OSErr -GetNthSession(n, name, instance, realm) - const int n; - char *name; - char *instance; - char *realm; -{ - Session *sptr; - - if(n > fNumSessions || !fSessions) return cKrbSessDoesntExist; - - sptr = (*fSessions) + n-1; - if (name) strcpy(name, sptr->name); - if (instance) strcpy(instance, sptr->instance); - if (realm) strcpy(realm, sptr->realm); - - return noErr; - } - -OSErr DeleteSession(name, instance, realm) - const char *name; - const char *instance; - const char *realm; -{ - int i; - Session *sptr; - Handle creds; - - if(!fNumSessions || !fSessions) return cKrbSessDoesntExist; - - sptr = *fSessions; - - for(i = 0; i < fNumSessions; i++) { - if(!strcmp(sptr[i].name, name) && - !strcmp(sptr[i].instance, instance) && - !strcmp(sptr[i].realm, realm)) { - break; - } - } - - if(i == fNumSessions) return cKrbSessDoesntExist; - - fNumSessions--; - - creds = (Handle) sptr[i].creds; - - for( ; i < fNumSessions; i++) { - strcpy(sptr[i].name, sptr[i+1].name); - strcpy(sptr[i].instance, sptr[i+1].instance); - strcpy(sptr[i].realm, sptr[i+1].realm); - } - - SetHandleSize((Handle) fSessions, fNumSessions * sizeof(Session)); - if(creds) DisposHandle(creds); - - return MemError(); - } - -OSErr GetCredentials(name, instance, realm, cr) - const char *name; - const char *instance; - const char *realm; - CREDENTIALS *cr; -{ - int i; - Session *sptr; - CREDENTIALS *cptr; - - if(!fNumSessions || !fSessions) return cKrbSessDoesntExist; - - sptr = *fSessions; - - for(i = 0; i < fNumSessions; i++) { - if(!strcmp(sptr[i].name, name) && - !strcmp(sptr[i].instance, instance) && - !strcmp(sptr[i].realm, realm)) { - break; - } - } - - if(i == fNumSessions) return cKrbSessDoesntExist; - - sptr = sptr + i; - - if(!sptr->numcreds || !sptr->creds) return cKrbCredsDontExist; - - cptr = *(sptr->creds); - - for(i = 0; i < sptr->numcreds; i++) { - if(!strcmp(cptr[i].service, cr->service) && - !strcmp(cptr[i].instance, cr->instance) && - !strcmp(cptr[i].realm, cr->realm)) { - break; - } - } - - if(i == sptr->numcreds) return cKrbCredsDontExist; - - *cr = cptr[i]; - return noErr; - } - -OSErr AddCredentials(name, instance, realm, cr) - const char *name; - const char *instance; - const char *realm; - const CREDENTIALS *cr; -{ - Session *sptr; - Handle creds; - int i, thesess; - CREDENTIALS *cptr; - - /* find the appropriate session, or create it if it doesn't exist */ - if(!fSessions) { - fSessions = (Session**) NewHandleSys(0); - if(MemError()) return MemError(); - fNumSessions = 0; - } - - sptr = *fSessions; - - for(thesess = 0; thesess < fNumSessions; thesess++) { - if(!strcmp(sptr[thesess].name, name) && - !strcmp(sptr[thesess].instance, instance) && - !strcmp(sptr[thesess].realm, realm)) { - break; - } - } - - sptr = (*fSessions) + thesess; - - if(thesess == fNumSessions) { /* doesn't exist, create it */ - fNumSessions++; - SetHandleSize((Handle) fSessions, fNumSessions * sizeof(Session)); - if(MemError()) return MemError(); - - /* fSessions may have been moved, so redereference */ - sptr = (*fSessions) + thesess; - strcpy(sptr->name, (char *)name); - strcpy(sptr->instance, (char *)instance); - strcpy(sptr->realm, (char *)realm); - sptr->numcreds = 0; - sptr->creds = 0; - } - - /* if the session has no assoc creds, create storage for them so rest of algorithm - doesn't break */ - if(!sptr->numcreds || !sptr->creds) { - creds = NewHandleSys((Size) 0); - if(MemError()) return MemError(); - - /* rederef */ - sptr = (*fSessions) + thesess; - sptr->creds = (CREDENTIALS **)creds; - sptr->numcreds = 0; - } - - /* find creds if we already have an instance of them, or create a new slot for them - if we don't */ - cptr = *(sptr->creds); - - for(i = 0; i < sptr->numcreds; i++) { - if(!strcmp(cptr[i].service, cr->service) && - !strcmp(cptr[i].instance, cr->instance) && - !strcmp(cptr[i].realm, cr->realm)) { - break; - } - } - - if(i == sptr->numcreds) { - sptr->numcreds++; - SetHandleSize((Handle)sptr->creds, sptr->numcreds * sizeof(CREDENTIALS)); - if(MemError()) return MemError(); - - /* rederef */ - sptr = (*fSessions) + thesess; - cptr = *(sptr->creds); - } - - /* store them (possibly replacing previous creds if they already exist) */ - cptr[i] = *cr; - return noErr; - } - -OSErr -DeleteCredentials (uname, uinst, urealm, sname, sinst, srealm) - const char *uname; - const char *uinst; - const char *urealm; - const char *sname; - const char *sinst; - const char *srealm; -{ - int i; - Session *sptr; - CREDENTIALS *cptr; - - if(!fNumSessions || !fSessions) return cKrbSessDoesntExist; - - sptr = *fSessions; - - for(i = 0; i < fNumSessions; i++) { - if(!strcmp(sptr[i].name, uname) && - !strcmp(sptr[i].instance, uinstance) && - !strcmp(sptr[i].realm, urealm)) { - break; - } - } - - if(i == fNumSessions) return cKrbSessDoesntExist; - - sptr = sptr + i; - - if(!sptr->numcreds || !sptr->creds) return cKrbCredsDontExist; - - cptr = *(sptr->creds); - - for(i = 0; i < sptr->numcreds; i++) { - if(!strcmp(cptr[i].service, sname) && - !strcmp(cptr[i].instance, sinst) && - !strcmp(cptr[i].realm, srealm)) { - break; - } - } - - if(i == sptr->numcreds) return cKrbCredsDontExist; - - sptr->numcreds--; - - for( ; i < sptr->numcreds; i++) { - cptr[i] = cptr[i+1]; - } - - SetHandleSize((Handle) sptr->creds, sptr->numcreds * sizeof(CREDENTIALS)); - - return MemError(); - } - -OSErr GetNumCredentials(name, instance, realm, n) - const char *name; - const char *instance; - const char *realm; - int *n; -{ - int i; - Session *sptr; - - if(!fNumSessions || !fSessions) { - *n = 0; - return cKrbSessDoesntExist; - } - - sptr = *fSessions; - - for(i = 0; i < fNumSessions; i++) { - if(!strcmp(sptr[i].name, name) && - !strcmp(sptr[i].instance, instance) && - !strcmp(sptr[i].realm, realm)) { - break; - } - } - - if(i == fNumSessions) { - *n = 0; - return cKrbCredsDontExist; - } - - *n = sptr[i].numcreds; - return noErr; - } - -/* returns service name, service instance and realm of the nth credential. */ -/* n starts at 1, not 0 */ -OSErr -GetNthCredentials(uname, uinstance, urealm, sname, sinst, srealm, n) - const char *uname; - const char *uinstance; - const char *urealm; - char *sname; - char *sinst; - char *srealm; - const int n; -{ - int i; - Session *sptr; - CREDENTIALS *cptr; - - if(!fNumSessions || !fSessions) return cKrbSessDoesntExist; - - sptr = *fSessions; - - for(i = 0; i < fNumSessions; i++) { - if(!strcmp(sptr[i].name, uname) && - !strcmp(sptr[i].instance, uinstance) && - !strcmp(sptr[i].realm, urealm)) { - break; - } - } - - if(i == fNumSessions) return cKrbSessDoesntExist; - - sptr = (*fSessions) + i; - - if(n > sptr->numcreds || !sptr->creds) return cKrbCredsDontExist; - - cptr = (*(sptr->creds)) + n-1; - - /* - check for null pointers cuz. some callers don't provide - storage for all this info, eg. Kerb_get_tf_fullname. - */ - - if (sname) - strcpy(sname, cptr->service); - if (sinst) - strcpy(sinst, cptr->instance); - if (srealm) - strcpy(srealm, cptr->realm); - return noErr; -} diff --git a/src/lib/krb4/memcache.h b/src/lib/krb4/memcache.h deleted file mode 100644 index d6d04190b9..0000000000 --- a/src/lib/krb4/memcache.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - memcache.h - Kerberos credential store in memory - Originally coded by Tim Miller / Brown University - Mods 1/92 By Peter Bosanko - - Modified May-June 1994 by Julia Menapace and John Gilmore, - Cygnus Support. -*/ - -struct Session { - char name[ANAME_SZ]; - char instance[INST_SZ]; - char realm[REALM_SZ]; - int numcreds; - CREDENTIALS **creds; -}; -typedef struct Session Session; - -OSErr GetNumSessions(int *n); -OSErr GetNthSession(const int n, char *name, char *instance, char *realm); -OSErr DeleteSession(const char *name, const char *instance, const char *realm); -OSErr GetCredentials(const char *name, const char *instance, const char *realm, - CREDENTIALS *cr); -/* name, instance, and realm of service wanted should be set in *cr - before calling */ -OSErr AddCredentials(const char *name, const char *instance, const char *realm, - const CREDENTIALS *cr); -OSErr DeleteCredentials(const char *uname, const char *uinst, - const char *urealm, const char *sname, - const char *sinst, const char *srealm); -OSErr GetNumCredentials(const char *name, const char *instance, - const char *realm, int *n); -OSErr GetNthCredentials(const char *uname, const char *uinst, - const char *urealm, char *sname, char *sinst, - char *srealm, const int n); diff --git a/src/lib/krb4/mk_auth.c b/src/lib/krb4/mk_auth.c deleted file mode 100644 index e09e900761..0000000000 --- a/src/lib/krb4/mk_auth.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - * lib/krb4/mk_auth.c - * - * Copyright 1987, 1988, 2000, 2001 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Derived from sendauth.c by John Gilmore, 10 October 1994. - */ - -#include -#include "krb.h" -#include "prot.h" -#include -#include - -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ -/* - * If the protocol changes, you will need to change the version string - * and make appropriate changes in recvauth.c and sendauth.c. - */ - -/* - * This file contains two routines: krb_mk_auth() and krb_check_auth(). - * - * krb_mk_auth() packages a ticket for transmission to an application - * server. - * - * krb_krb_check_auth() validates a mutual-authentication response from - * the application server. - * - * These routines are portable versions that implement a protocol - * compatible with the original Unix "sendauth". - */ - -/* - * The first argument to krb_mk_auth() contains a bitfield of - * options (the options are defined in "krb.h"): - * - * KOPT_DONT_CANON Don't canonicalize instance as a hostname. - * (If this option is not chosen, krb_get_phost() - * is called to canonicalize it.) - * - * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. - * A ticket must be supplied in the "ticket" - * argument. - * (If this option is not chosen, and there - * is no ticket for the given server in the - * ticket cache, one will be fetched using - * krb_mk_req() and returned in "ticket".) - * - * KOPT_DO_MUTUAL Do mutual authentication, requiring that the - * receiving server return the checksum+1 encrypted - * in the session key. The mutual authentication - * is done using krb_mk_priv() on the other side - * (see "recvauth.c") and krb_rd_priv() on this - * side. - * - * The "ticket" argument is used to store the new ticket - * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is - * chosen, the ticket must be supplied in the "ticket" argument. - * The "service", "inst", and "realm" arguments identify the ticket. - * If "realm" is null, the local realm is used. - * - * The following argument is only needed if the KOPT_DO_MUTUAL option - * is chosen: - * - * The "checksum" argument is a number that the server will add 1 to - * to authenticate itself back to the client. - * - * The application protocol version number (of up to KRB_SENDAUTH_VLEN - * characters) is passed in "version". - * - * The ticket is packaged into a message in the buffer pointed to by - * the argument "buf". - * - * If all goes well, KSUCCESS is returned, otherwise some error code. - * - * The format of the message packaged to send to the application server is: - * - * Size Variable Field - * ---- -------- ----- - * - * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol - * bytes version number - * - * KRB_SENDAUTH_VLEN version application protocol - * bytes version number - * - * 4 bytes ticket->length length of ticket - * - * ticket->length ticket->dat ticket itself - */ - -/* - * Build a "sendauth" packet compatible with Unix sendauth/recvauth. - */ -int KRB5_CALLCONV -krb_mk_auth(options, ticket, service, inst, realm, checksum, version, buf) - long options; /* bit-pattern of options */ - KTEXT ticket; /* where to put ticket (return); or - supplied in case of KOPT_DONT_MK_REQ */ - char *service; /* service name */ - char *inst; /* instance (OUTPUT canonicalized) */ - char *realm; /* realm */ - unsigned KRB4_32 checksum; /* checksum to include in request */ - char *version; /* version string */ - KTEXT buf; /* Output buffer to fill */ -{ - int rem; - char krb_realm[REALM_SZ]; - char *phost; - int phostlen; - unsigned char *p; - - rem = KSUCCESS; - - /* get current realm if not passed in */ - if (!realm) { - rem = krb_get_lrealm(krb_realm,1); - if (rem != KSUCCESS) - return rem; - realm = krb_realm; - } - - if (!(options & KOPT_DONT_CANON)) { - phost = krb_get_phost(inst); - phostlen = krb4int_strnlen(phost, INST_SZ) + 1; - if (phostlen <= 0 || phostlen > INST_SZ) - return KFAILURE; - memcpy(inst, phost, (size_t)phostlen); - } - - /* get the ticket if desired */ - if (!(options & KOPT_DONT_MK_REQ)) { - rem = krb_mk_req(ticket, service, inst, realm, (KRB4_32)checksum); - if (rem != KSUCCESS) - return rem; - } - -#ifdef ATHENA_COMPAT - /* this is only for compatibility with old servers */ - if (options & KOPT_DO_OLDSTYLE) { - (void) snprintf(buf->dat, sizeof(buf->dat), "%d ",ticket->length); - (void) write(fd, buf, strlen(buf)); - (void) write(fd, (char *) ticket->dat, ticket->length); - return(rem); - } -#endif /* ATHENA_COMPAT */ - - /* Check buffer size */ - if (sizeof(buf->dat) < (KRB_SENDAUTH_VLEN + KRB_SENDAUTH_VLEN - + 4 + ticket->length) - || ticket->length < 0) - return KFAILURE; - - /* zero the buffer */ - memset(buf->dat, 0, sizeof(buf->dat)); - p = buf->dat; - - /* insert version strings */ - strncpy((char *)p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); - p += KRB_SENDAUTH_VLEN; - strncpy((char *)p, version, KRB_SENDAUTH_VLEN); - p += KRB_SENDAUTH_VLEN; - - /* put ticket length into buffer */ - KRB4_PUT32BE(p, ticket->length); - - /* put ticket into buffer */ - memcpy(p, ticket->dat, (size_t)ticket->length); - p += ticket->length; - - buf->length = p - buf->dat; - return KSUCCESS; -} - -/* - * For mutual authentication using mk_auth, check the server's response - * to validate that we're really talking to the server which holds the - * key that we obtained from the Kerberos key server. - * - * The "buf" argument is the response we received from the app server. - * The "checksum" argument is a number that the server has added 1 to - * to authenticate itself back to the client (us); the "msg_data" argument - * returns the returned mutual-authentication message from the server - * (i.e., the checksum+1); "session" holds the - * session key of the server, extracted from the ticket file, for use - * in decrypting the mutual authentication message from the server; - * and "schedule" returns the key schedule for that decryption. The - * the local and server addresses are given in "laddr" and "faddr". - */ -int KRB5_CALLCONV -krb_check_auth (buf, checksum, msg_data, session, schedule, laddr, faddr) - KTEXT buf; /* The response we read from app server */ - unsigned KRB4_32 checksum; /* checksum we included in request */ - MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */ - C_Block session; /* credentials (input) */ - Key_schedule schedule; /* key schedule (return) */ - struct sockaddr_in *laddr; /* local address */ - struct sockaddr_in *faddr; /* address of foreign host on fd */ -{ - int cc; - unsigned KRB4_32 cksum; - unsigned char *p; - - /* decrypt it */ -#ifndef NOENCRYPTION - key_sched(session, schedule); -#endif /* !NOENCRYPTION */ - if (buf->length < 0) - return KFAILURE; - cc = krb_rd_priv(buf->dat, (unsigned KRB4_32)buf->length, schedule, - (C_Block *)session, faddr, laddr, msg_data); - if (cc) - return cc; - - /* - * Fetch the (incremented) checksum that we supplied in the - * request. - */ - if (msg_data->app_length < 4) - return KFAILURE; - p = msg_data->app_data; - KRB4_GET32BE(cksum, p); - - /* if it doesn't match, fail -- reply wasn't from our real server. */ - if (cksum != checksum + 1) - return KFAILURE; /* XXX */ - return KSUCCESS; -} diff --git a/src/lib/krb4/mk_err.c b/src/lib/krb4/mk_err.c deleted file mode 100644 index 5eeca1bdba..0000000000 --- a/src/lib/krb4/mk_err.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * lib/krb4/mk_err.c - * - * Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * This routine creates a general purpose error reply message. It - * doesn't use KTEXT because application protocol may have long - * messages, and may want this part of buffer contiguous to other - * stuff. - * - * The error reply is built in "p", using the error code "e" and - * error text "e_string" given. The length of the error reply is - * returned. - * - * The error reply is in the following format: - * - * unsigned char KRB_PROT_VERSION protocol version no. - * unsigned char AUTH_MSG_APPL_ERR message type - * (least significant - * bit of above) HOST_BYTE_ORDER local byte order - * 4 bytes e given error code - * string e_string given error text - */ - -long KRB5_CALLCONV -krb_mk_err(p, e, e_string) - u_char *p; /* Where to build error packet */ - KRB4_32 e; /* Error code */ - char *e_string; /* Text of error */ -{ - u_char *start; - size_t e_len; - - e_len = strlen(e_string) + 1; - - /* Just return the buffer length if p is NULL, because writing to the - * buffer would be a bad idea. Note that this feature is a change from - * previous versions, and can therefore only be used safely in this - * source tree, where we know this function supports it. */ - if (p == NULL) { - return 1 + 1 + 4 + e_len; - } - - start = p; - - /* Create fixed part of packet */ - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_APPL_ERR; - - /* Add the basic info */ - KRB4_PUT32BE(p, e); - memcpy(p, e_string, e_len); /* err text */ - p += e_len; - - /* And return the length */ - return p - start; -} diff --git a/src/lib/krb4/mk_preauth.c b/src/lib/krb4/mk_preauth.c deleted file mode 100644 index 1215e1145d..0000000000 --- a/src/lib/krb4/mk_preauth.c +++ /dev/null @@ -1,78 +0,0 @@ -/* mk_preauth.c */ -/* part of Cygnus Network Security */ -/* Copyright 1994 Cygnus Support */ -/* - * Permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation. - * Cygnus Support makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include - -#include "autoconf.h" -#ifdef HAVE_STDLIB_H -#include -#else -extern char *malloc(), *calloc(), *realloc(); -#endif - -int -krb_mk_preauth(preauth_p, preauth_len, - key_proc, aname, inst, realm, password, key) - char **preauth_p; - int *preauth_len; - key_proc_type key_proc; - char *aname; - char *inst; - char *realm; - char *password; - C_Block key; -{ -#ifdef NOENCRYPTION - *preauth_len = strlen(aname) + 1; /* include the trailing 0 */ - *preauth_p = malloc(*preauth_len); - strcpy(*preauth_p, aname); /* this will copy the trailing 0 */ -#else - des_key_schedule key_s; - int sl = strlen(aname); -#endif - - (*key_proc)(aname, inst, realm, password, key); - -#ifndef NOENCRYPTION - /* - * preauth_len is set to a length greater than sl + 1 - * and a multpile of 8 - */ - *preauth_len = (((sl + 1) / 8) + 1) * 8; - /* allocate memory for preauth_p and fill it with 0 */ - *preauth_p = malloc((size_t)*preauth_len); - /* create the key schedule */ - if (des_key_sched(key, key_s)) { - return 1; - } - /* - * encrypt aname using key_s as the key schedule and key as the - * initialization vector. - */ - des_pcbc_encrypt((des_cblock *)aname, (des_cblock *)*preauth_p, - (long)(sl + 1), key_s, (des_cblock *)key, DES_ENCRYPT); - memset(key_s, 0, sizeof(key_s)); -#endif - return 0; -} - -void -krb_free_preauth(preauth_p, preauth_len) - char *preauth_p; - int preauth_len; -{ - free(preauth_p); - return; -} diff --git a/src/lib/krb4/mk_priv.c b/src/lib/krb4/mk_priv.c deleted file mode 100644 index 470ad94735..0000000000 --- a/src/lib/krb4/mk_priv.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - * lib/krb4/mk_priv.c - * - * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * This routine constructs a Kerberos 'private msg', i.e. - * cryptographically sealed with a private session key. - * - * Returns either < 0 ===> error, or resulting size of message - * - * Steve Miller Project Athena MIT/DEC - */ - -#include -#include - -#include "krb.h" -#include "prot.h" -#include "des.h" -#include "lsb_addr_cmp.h" -#include "port-sockets.h" - -extern int krb_debug; - -/* - * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes - * some user data "in" of "length" bytes and creates a packet in "out" - * consisting of the user data, a timestamp, and the sender's network - * address. -#ifndef NOENCRYTION - * The packet is encrypted by pcbc_encrypt(), using the given - * "key" and "schedule". -#endif - * The length of the resulting packet "out" is - * returned. - * - * It is similar to krb_mk_safe() except for the additional key - * schedule argument "schedule" and the fact that the data is encrypted - * rather than appended with a checksum. Also, the protocol version - * number is "private_msg_ver", defined in krb_rd_priv.c, rather than - * KRB_PROT_VERSION, defined in "krb.h". - * - * The "out" packet consists of: - * - * Size Variable Field - * ---- -------- ----- - * - * 1 byte private_msg_ver protocol version number - * 1 byte AUTH_MSG_PRIVATE | message type plus local - * HOST_BYTE_ORDER byte order in low bit - * -#ifdef NOENCRYPTION - * 4 bytes c_length length of data -#else - * 4 bytes c_length length of encrypted data - * - * ===================== begin encrypt ================================ -#endif - * - * 4 bytes length length of user data - * length in user data - * 1 byte msg_time_5ms timestamp milliseconds - * 4 bytes sender->sin.addr.s_addr sender's IP address - * - * 4 bytes msg_time_sec or timestamp seconds with - * -msg_time_sec direction in sign bit - * - * 0<=n<=7 bytes pad to 8 byte multiple zeroes -#ifndef NOENCRYPTION - * (done by pcbc_encrypt()) - * - * ======================= end encrypt ================================ -#endif - */ - -/* Utility function: - - Determine order of addresses, if SENDER less than RECEIVER return 1 - so caller will negate timestamp. Return -1 for failure. */ -int -krb4int_address_less (struct sockaddr_in *sender, struct sockaddr_in *receiver) -{ - unsigned long sender_addr, receiver_addr; - unsigned short sender_port, receiver_port; - switch (sender->sin_family) { - case AF_INET: - sender_addr = sender->sin_addr.s_addr; - sender_port = sender->sin_port; - break; -#ifdef KRB5_USE_INET6 - case AF_INET6: - { - struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) sender; - if (IN6_IS_ADDR_V4MAPPED (&s6->sin6_addr)) { - struct sockaddr_in sintmp = { 0 }; - memcpy (&sintmp.sin_addr.s_addr, - 12+(char*)&s6->sin6_addr.s6_addr, - 4); - sender_addr = sintmp.sin_addr.s_addr; - } else - return -1; - sender_port = s6->sin6_port; - break; - } -#endif - default: - return -1; - } - switch (receiver->sin_family) { - case AF_INET: - receiver_addr = receiver->sin_addr.s_addr; - receiver_port = receiver->sin_port; - break; -#ifdef KRB5_USE_INET6 - case AF_INET6: - { - struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) receiver; - if (IN6_IS_ADDR_V4MAPPED (&s6->sin6_addr)) { - struct sockaddr_in sintmp = { 0 }; - memcpy (&sintmp.sin_addr.s_addr, - 12+(char*)&s6->sin6_addr.s6_addr, - 4); - receiver_addr = sintmp.sin_addr.s_addr; - } else - return -1; - receiver_port = s6->sin6_port; - break; - } -#endif - default: - return -1; - } - /* For compatibility with broken old code, compares are done in - VAX byte order (LSBFIRST). */ - if (lsb_net_ulong_less(sender_addr, receiver_addr) == -1 - || (lsb_net_ulong_less(sender_addr, receiver_addr) == 0 - && lsb_net_ushort_less(sender_port, receiver_port) == -1)) - return 1; - return 0; - /* - * all that for one tiny bit! Heaven help those that talk to - * themselves. - */ -} - -long KRB5_CALLCONV -krb_mk_priv(in, out, length, schedule, key, sender, receiver) - u_char *in; /* application data */ - u_char *out; /* put msg here, leave room for - * header! breaks if in and out - * (header stuff) overlap */ - unsigned KRB4_32 length; /* of in data */ - Key_schedule schedule; /* precomputed key schedule */ - C_Block *key; /* encryption key for seed and ivec */ - struct sockaddr_in *sender; /* sender address */ - struct sockaddr_in *receiver; /* receiver address */ -{ - register u_char *p,*q; - u_char *c_length_ptr; - extern int private_msg_ver; /* in krb_rd_priv.c */ - - unsigned KRB4_32 c_length, c_length_raw; - u_char msg_time_5ms; - unsigned KRB4_32 msg_time_sec; - unsigned KRB4_32 msg_time_usec; - - /* Be really paranoid. */ - if (sizeof(sender->sin_addr.s_addr) != 4) - return -1; - /* - * get the current time to use instead of a sequence #, since - * process lifetime may be shorter than the lifetime of a session - * key. - */ - msg_time_sec = TIME_GMT_UNIXSEC_US(&msg_time_usec); - msg_time_5ms = msg_time_usec / 5000; /* 5ms quanta */ - - p = out; - - /* Cruftiness below! */ - *p++ = private_msg_ver ? private_msg_ver : KRB_PROT_VERSION; - *p++ = AUTH_MSG_PRIVATE; - - /* save ptr to cipher length */ - c_length_ptr = p; - p += 4; - -#ifndef NOENCRYPTION - /* start for encrypted stuff */ -#endif - q = p; - - /* stuff input length */ - KRB4_PUT32BE(p, length); - -#ifdef NOENCRYPTION - /* make all the stuff contiguous for checksum */ -#else - /* make all the stuff contiguous for checksum and encryption */ -#endif - memcpy(p, in, (size_t)length); - p += length; - - /* stuff time 5ms */ - *p++ = msg_time_5ms; - - /* stuff source address */ - if (sender->sin_family == AF_INET) - memcpy(p, &sender->sin_addr.s_addr, sizeof(sender->sin_addr.s_addr)); -#ifdef KRB5_USE_INET6 - else if (sender->sin_family == AF_INET6 - && IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr)) - memcpy(p, 12+(char*)&((struct sockaddr_in6 *)sender)->sin6_addr, 4); -#endif - else - /* The address isn't one we can encode in 4 bytes -- but - that's okay if the receiver doesn't care. */ - memset(p, 0, 4); - p += sizeof(sender->sin_addr.s_addr); - - /* - * direction bit is the sign bit of the timestamp. Ok - * until 2038?? - */ - switch (krb4int_address_less (sender, receiver)) { - case 1: - msg_time_sec = -msg_time_sec; - break; - case -1: - /* Which way should we go in this case? */ - case 0: - break; - } - - /* stuff time sec */ - KRB4_PUT32BE(p, msg_time_sec); - - /* - * All that for one tiny bit! Heaven help those that talk to - * themselves. - */ - -#ifdef notdef - /* - * calculate the checksum of the length, address, sequence, and - * inp data - */ - cksum = quad_cksum(q,NULL,p-q,0,key); - DEB (("\ncksum = %u",cksum)); - /* stuff checksum */ - memcpy(p, &cksum, sizeof(cksum)); - p += sizeof(cksum); -#endif - -#ifdef NOENCRYPTION - /* - * All the data have been assembled, compute length - */ -#else - /* - * All the data have been assembled, compute length and encrypt - * starting with the length, data, and timestamps use the key as - * an ivec. - */ -#endif - - c_length_raw = p - q; - c_length = ((c_length_raw + sizeof(C_Block) -1) - / sizeof(C_Block)) * sizeof(C_Block); - /* stuff the length */ - p = c_length_ptr; - KRB4_PUT32BE(p, c_length); - -#ifndef NOENCRYPTION - /* pcbc encrypt, pad as needed, use key as ivec */ - pcbc_encrypt((C_Block *)q,(C_Block *)q, (long)c_length_raw, - schedule, key, ENCRYPT); -#endif /* NOENCRYPTION */ - - return q - out + c_length; /* resulting size */ -} diff --git a/src/lib/krb4/mk_req.c b/src/lib/krb4/mk_req.c deleted file mode 100644 index fc92c58e6e..0000000000 --- a/src/lib/krb4/mk_req.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - * lib/krb4/mk_req.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2002 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "prot.h" -#include "des.h" -#include -#include "krb4int.h" - -extern int krb_ap_req_debug; -static int lifetime = 255; /* Default based on the TGT */ - -static int krb_mk_req_creds_prealm(KTEXT, CREDENTIALS *, KRB4_32, char *); - -/* - * krb_mk_req takes a text structure in which an authenticator is to - * be built, the name of a service, an instance, a realm, - * and a checksum. It then retrieves a ticket for - * the desired service and creates an authenticator in the text - * structure passed as the first argument. krb_mk_req returns - * KSUCCESS on success and a Kerberos error code on failure. - * - * The peer procedure on the other end is krb_rd_req. When making - * any changes to this routine it is important to make corresponding - * changes to krb_rd_req. - * - * The authenticator consists of the following: - * - * authent->dat - * - * unsigned char KRB_PROT_VERSION protocol version no. - * unsigned char AUTH_MSG_APPL_REQUEST message type - * (least significant - * bit of above) HOST_BYTE_ORDER local byte ordering - * unsigned char kvno from ticket server's key version - * string realm server's realm - * unsigned char tl ticket length - * unsigned char idl request id length - * text ticket->dat ticket for server - * text req_id->dat request id - * - * The ticket information is retrieved from the ticket cache or - * fetched from Kerberos. The request id (called the "authenticator" -#ifdef NOENCRYPTION - * in the papers on Kerberos) contains the following: -#else - * in the papers on Kerberos) contains information encrypted in the session - * key for the client and ticket-granting service: {req_id}Kc,tgs - * Before encryption, it contains the following: -#endif - * - * req_id->dat - * - * string cr.pname {name, instance, and - * string cr.pinst realm of principal - * string myrealm making this request} - * 4 bytes checksum checksum argument given - * unsigned char time_usecs time (microseconds) - * 4 bytes time_secs time (seconds) - * - * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, - * all rounded up to multiple of 8. - */ - -static int -krb_mk_req_creds_prealm(authent, creds, checksum, myrealm) - register KTEXT authent; /* Place to build the authenticator */ - CREDENTIALS *creds; - KRB4_32 checksum; /* Checksum of data (optional) */ - char *myrealm; /* Client's realm */ -{ - KTEXT_ST req_st; /* Temp storage for req id */ - KTEXT req_id = &req_st; - unsigned char *p, *q, *reqid_lenp; - int tl; /* Tkt len */ - int idl; /* Reqid len */ - register KTEXT ticket; /* Pointer to tkt_st */ - Key_schedule key_s; - size_t realmlen, pnamelen, pinstlen, myrealmlen; - unsigned KRB4_32 time_secs; - unsigned KRB4_32 time_usecs; - - /* Don't risk exposing stack garbage to correspondent, even if - encrypted from other prying eyes. */ - memset(&req_st, 0x69, sizeof(req_st)); - - ticket = &creds->ticket_st; - /* Get the ticket and move it into the authenticator */ - if (krb_ap_req_debug) - DEB (("Realm: %s\n", creds->realm)); - - realmlen = strlen(creds->realm) + 1; - if (sizeof(authent->dat) < (1 + 1 + 1 - + realmlen - + 1 + 1 + ticket->length) - || ticket->length < 0 || ticket->length > 255) { - authent->length = 0; - return KFAILURE; - } - - if (krb_ap_req_debug) - DEB (("%s %s %s %s %s\n", creds->service, creds->instance, - creds->realm, creds->pname, creds->pinst)); - - p = authent->dat; - - /* The fixed parts of the authenticator */ - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_APPL_REQUEST; - *p++ = creds->kvno; - - memcpy(p, creds->realm, realmlen); - p += realmlen; - - tl = ticket->length; - *p++ = tl; - /* Save ptr to where req_id->length goes. */ - reqid_lenp = p; - p++; - memcpy(p, ticket->dat, (size_t)tl); - p += tl; - - if (krb_ap_req_debug) - DEB (("Ticket->length = %d\n",ticket->length)); - if (krb_ap_req_debug) - DEB (("Issue date: %d\n",creds->issue_date)); - - pnamelen = strlen(creds->pname) + 1; - pinstlen = strlen(creds->pinst) + 1; - myrealmlen = strlen(myrealm) + 1; - if (sizeof(req_id->dat) / 8 < (pnamelen + pinstlen + myrealmlen - + 4 + 1 + 4 + 7) / 8) { - return KFAILURE; - } - - q = req_id->dat; - - /* Build request id */ - /* Auth name */ - memcpy(q, creds->pname, pnamelen); - q += pnamelen; - /* Principal's instance */ - memcpy(q, creds->pinst, pinstlen); - q += pinstlen; - /* Authentication domain */ - memcpy(q, myrealm, myrealmlen); - q += myrealmlen; - /* Checksum */ - KRB4_PUT32BE(q, checksum); - - /* Fill in the times on the request id */ - time_secs = TIME_GMT_UNIXSEC_US (&time_usecs); - *q++ = time_usecs; /* time_usecs % 255 */ - /* Time (coarse) */ - KRB4_PUT32BE(q, time_secs); - - /* Fill to a multiple of 8 bytes for DES */ - req_id->length = ((q - req_id->dat + 7) / 8) * 8; - -#ifndef NOENCRYPTION - /* Encrypt the request ID using the session key */ - key_sched(creds->session, key_s); - pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat, - (long)req_id->length, key_s, &creds->session, 1); - /* clean up */ - memset(key_s, 0, sizeof(key_s)); -#endif /* NOENCRYPTION */ - - /* Copy it into the authenticator */ - idl = req_id->length; - if (idl > 255) - return KFAILURE; - *reqid_lenp = idl; - memcpy(p, req_id->dat, (size_t)idl); - p += idl; - - authent->length = p - authent->dat; - - /* clean up */ - memset(req_id, 0, sizeof(*req_id)); - - if (krb_ap_req_debug) - DEB (("Authent->length = %d\n",authent->length)); - if (krb_ap_req_debug) - DEB (("idl = %d, tl = %d\n", idl, tl)); - - return KSUCCESS; -} - -int KRB5_CALLCONV -krb_mk_req(authent, service, instance, realm, checksum) - register KTEXT authent; /* Place to build the authenticator */ - char *service; /* Name of the service */ - char *instance; /* Service instance */ - char *realm; /* Authentication domain of service */ - KRB4_32 checksum; /* Checksum of data (optional) */ -{ - char krb_realm[REALM_SZ]; /* Our local realm, if not specified */ - char myrealm[REALM_SZ]; /* Realm of initial TGT. */ - int retval; - CREDENTIALS creds; - - /* get current realm if not passed in */ - if (realm == NULL) { - retval = krb_get_lrealm(krb_realm, 1); - if (retval != KSUCCESS) - return retval; - realm = krb_realm; - } - /* - * Determine realm of these tickets. We will send this to the - * KDC from which we are requesting tickets so it knows what to - * with our session key. - */ - retval = krb_get_tf_realm(TKT_FILE, myrealm); - if (retval != KSUCCESS) - retval = krb_get_lrealm(myrealm, 1); - if (retval != KSUCCESS) - return retval; - - retval = krb_get_cred(service, instance, realm, &creds); - if (retval == RET_NOTKT) { - retval = get_ad_tkt(service, instance, realm, lifetime); - if (retval) - return retval; - retval = krb_get_cred(service, instance, realm, &creds); - if (retval) - return retval; - } - if (retval != KSUCCESS) - return retval; - - retval = krb_mk_req_creds_prealm(authent, &creds, checksum, myrealm); - memset(&creds.session, 0, sizeof(creds.session)); - return retval; -} - -int KRB5_CALLCONV -krb_mk_req_creds(authent, creds, checksum) - register KTEXT authent; /* Place to build the authenticator */ - CREDENTIALS *creds; - KRB4_32 checksum; /* Checksum of data (optional) */ -{ - return krb_mk_req_creds_prealm(authent, creds, checksum, creds->realm); -} - -/* - * krb_set_lifetime sets the default lifetime for additional tickets - * obtained via krb_mk_req(). - * - * It returns the previous value of the default lifetime. - */ - -int KRB5_CALLCONV -krb_set_lifetime(newval) -int newval; -{ - int olife = lifetime; - - lifetime = newval; - return olife; -} diff --git a/src/lib/krb4/mk_safe.c b/src/lib/krb4/mk_safe.c deleted file mode 100644 index 2a157caad4..0000000000 --- a/src/lib/krb4/mk_safe.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * lib/krb4/mk_req.c - * - * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * This routine constructs a Kerberos 'safe msg', i.e. authenticated - * using a private session key to seed a checksum. Msg is NOT - * encrypted. - * - * Returns either <0 ===> error, or resulting size of message - * - * Steve Miller Project Athena MIT/DEC - */ - -#include -#include - -#include "krb.h" -#include "des.h" -#include "prot.h" -#include "lsb_addr_cmp.h" -#include "port-sockets.h" - -extern int krb_debug; - -/* - * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some - * user data "in" of "length" bytes and creates a packet in "out" - * consisting of the user data, a timestamp, and the sender's network - * address, followed by a checksum computed on the above, using the - * given "key". The length of the resulting packet is returned. - * - * The "out" packet consists of: - * - * Size Variable Field - * ---- -------- ----- - * - * 1 byte KRB_PROT_VERSION protocol version number - * 1 byte AUTH_MSG_SAFE | message type plus local - * HOST_BYTE_ORDER byte order in low bit - * - * ===================== begin checksum ================================ - * - * 4 bytes length length of user data - * length in user data - * 1 byte msg_time_5ms timestamp milliseconds - * 4 bytes sender->sin.addr.s_addr sender's IP address - * - * 4 bytes msg_time_sec or timestamp seconds with - * -msg_time_sec direction in sign bit - * - * ======================= end checksum ================================ - * - * 16 bytes big_cksum quadratic checksum of - * above using "key" - */ - -long KRB5_CALLCONV -krb_mk_safe(in, out, length, key, sender, receiver) - u_char *in; /* application data */ - u_char *out; /* - * put msg here, leave room for header! - * breaks if in and out (header stuff) - * overlap - */ - unsigned KRB4_32 length; /* of in data */ - C_Block *key; /* encryption key for seed and ivec */ - struct sockaddr_in *sender; /* sender address */ - struct sockaddr_in *receiver; /* receiver address */ -{ - register u_char *p,*q; - - unsigned KRB4_32 cksum; - unsigned KRB4_32 big_cksum[4]; - unsigned KRB4_32 msg_secs; - unsigned KRB4_32 msg_usecs; - u_char msg_time_5ms; - KRB4_32 msg_time_sec; - int i; - - /* Be really paranoid. */ - if (sizeof(sender->sin_addr.s_addr) != 4) - return -1; - /* - * get the current time to use instead of a sequence #, since - * process lifetime may be shorter than the lifetime of a session - * key. - */ - msg_secs = TIME_GMT_UNIXSEC_US(&msg_usecs); - msg_time_sec = msg_secs; - msg_time_5ms = msg_usecs / 5000; /* 5ms quanta */ - - p = out; - - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_SAFE; - - q = p; /* start for checksum stuff */ - /* stuff input length */ - KRB4_PUT32BE(p, length); - - /* make all the stuff contiguous for checksum */ - memcpy(p, in, length); - p += length; - - /* stuff time 5ms */ - *p++ = msg_time_5ms; - - /* stuff source address */ - if (sender->sin_family == AF_INET) - memcpy(p, &sender->sin_addr.s_addr, sizeof(sender->sin_addr.s_addr)); -#ifdef KRB5_USE_INET6 - else if (sender->sin_family == AF_INET6 - && IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr)) - memcpy(p, 12+(char*)&((struct sockaddr_in6 *)sender)->sin6_addr, 4); -#endif - else - /* The address isn't one we can encode in 4 bytes -- but - that's okay if the receiver doesn't care. */ - memset(p, 0, 4); - p += sizeof(sender->sin_addr.s_addr); - - /* - * direction bit is the sign bit of the timestamp. Ok until - * 2038?? - */ - if (krb4int_address_less (sender, receiver) == 1) - msg_time_sec = -msg_time_sec; - /* stuff time sec */ - KRB4_PUT32BE(p, msg_time_sec); - -#ifdef NOENCRYPTION - cksum = 0; - memset(big_cksum, 0, sizeof(big_cksum)); -#else /* Do encryption */ - /* calculate the checksum of length, timestamps, and input data */ - cksum = quad_cksum(q, (unsigned KRB4_32 *)big_cksum, - p - q, 2, key); -#endif /* NOENCRYPTION */ - DEB(("\ncksum = %u",cksum)); - - /* stuff checksum */ - for (i = 0; i < 4; i++) - KRB4_PUT32BE(p, big_cksum[i]); - - return p - out; /* resulting size */ -} diff --git a/src/lib/krb4/month_sname.c b/src/lib/krb4/month_sname.c deleted file mode 100644 index 48be89e53a..0000000000 --- a/src/lib/krb4/month_sname.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * month_sname.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -/* - * Given an integer 1-12, month_sname() returns a string - * containing the first three letters of the corresponding - * month. Returns 0 if the argument is out of range. - */ - -#include -#include "krb4int.h" - -const char *month_sname(n) - int n; -{ - static const char name[][4] = { - "Jan","Feb","Mar","Apr","May","Jun", - "Jul","Aug","Sep","Oct","Nov","Dec" - }; - return((n < 1 || n > 12) ? 0 : name [n-1]); -} diff --git a/src/lib/krb4/password_to_key.c b/src/lib/krb4/password_to_key.c deleted file mode 100644 index d5ca7a5ccc..0000000000 --- a/src/lib/krb4/password_to_key.c +++ /dev/null @@ -1,152 +0,0 @@ -/* - * lib/krb4/password_to_key.c - * - * Copyright 1999, 2002 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * password_to_key functions merged from KfM - */ - -#include -#include - -#ifdef USE_CCAPI -#include -#endif -#include "krb.h" -#include "krb4int.h" - -#include "k5-platform.h" - -/* - * passwd_to_key(): given a password, return a DES key. - * There are extra arguments here which (used to be?) - * used by srvtab_to_key(). - * - * If the "passwd" argument is not null, generate a DES - * key from it, using string_to_key(). - * - * If the "passwd" argument is null, then on a Unix system we call - * des_read_password() to prompt for a password and then convert it - * into a DES key. But "prompting" the user is harder in a Windows or - * Macintosh environment, so we rely on our caller to explicitly do - * that now. - * - * In either case, the resulting key is put in the "key" argument, - * and 0 is returned. - */ - - -key_proc_type *krb_get_keyprocs (key_proc_type keyproc) -{ - static key_proc_type default_keyprocs[4] = { mit_passwd_to_key, - afs_passwd_to_key, - krb5_passwd_to_key, - NULL }; - - static key_proc_type user_keyprocs[2] = { NULL, NULL }; - - /* generate the list of key procs */ - if (keyproc == NULL) { - return default_keyprocs; /* use the default */ - } else { - user_keyprocs[0] = keyproc; - return user_keyprocs; /* use the caller provided keyprocs */ - } -} - -int KRB5_CALLCONV -mit_passwd_to_key( - char *user, - char *instance, - char *realm, - char *passwd, - C_Block key) -{ -#if 0 /* what system? */ -#pragma unused(user) -#pragma unused(instance) -#pragma unused(realm) -#endif - - if (passwd) { - des_string_to_key(passwd, key); - } else { -#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY)) - des_read_password((des_cblock *)key, "Password", 0); -#else - return (-1); -#endif - } - return (0); -} - -/* So we can use a v4 kinit against a v5 kdc with no krb4 salted key */ -int KRB5_CALLCONV -krb5_passwd_to_key( - char *user, - char *instance, - char *realm, - char *passwd, - C_Block key) -{ - char *p; - - if (user && instance && realm && passwd) { - if (strlen(realm) + strlen(user) + strlen(instance) > MAX_K_NAME_SZ) - /* XXX Is this right? The old code returned 0, which is - also what it returns after sucessfully generating a - key. The other error path returns -1. */ - return 0; - if (asprintf(&p, "%s%s%s%s", passwd, realm, user, instance) >= 0) { - des_string_to_key (p, key); - free (p); - return 0; - } - } - return -1; -} - -int KRB5_CALLCONV -afs_passwd_to_key( - char *user, - char *instance, - char *realm, - char *passwd, - C_Block key) -{ -#if 0 /* what system? */ -#pragma unused(user) -#pragma unused(instance) -#endif - - if (passwd) { - afs_string_to_key(passwd, realm, key); - } else { -#if !(defined(_WIN32) || defined(USE_LOGIN_LIBRARY)) - des_read_password((des_cblock *)key, "Password", 0); -#else - return (-1); -#endif - } - return (0); -} diff --git a/src/lib/krb4/pkt_cipher.c b/src/lib/krb4/pkt_cipher.c deleted file mode 100644 index 29123480e0..0000000000 --- a/src/lib/krb4/pkt_cipher.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * pkt_cipher.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include "krb.h" -#include "prot.h" - - -/* - * This routine takes a reply packet from the Kerberos ticket-granting - * service and returns a pointer to the beginning of the ciphertext in it. - * - * See "prot.h" for packet format. - */ - -KTEXT -pkt_cipher(packet) - KTEXT packet; -{ - unsigned char *ptr = pkt_a_realm(packet) + 6 - + strlen((char *)pkt_a_realm(packet)); - /* Skip a few more fields */ - ptr += 3 + 4; /* add 4 for exp_date */ - - /* And return the pointer */ - return((KTEXT) ptr); -} diff --git a/src/lib/krb4/pkt_clen.c b/src/lib/krb4/pkt_clen.c deleted file mode 100644 index 52763a4ddf..0000000000 --- a/src/lib/krb4/pkt_clen.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * pkt_clen.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include -#include "krb.h" -#include "prot.h" - -extern int krb_debug; -int swap_bytes=0; - -/* - * Given a pointer to an AUTH_MSG_KDC_REPLY packet, return the length of - * its ciphertext portion. The external variable "swap_bytes" is assumed - * to have been set to indicate whether or not the packet is in local - * byte order. pkt_clen() takes this into account when reading the - * ciphertext length out of the packet. - */ - -int -pkt_clen(pkt) - KTEXT pkt; -{ - static unsigned short temp; - int clen = 0; - - /* Start of ticket list */ - unsigned char *ptr = pkt_a_realm(pkt) + 10 - + strlen((char *)pkt_a_realm(pkt)); - - /* Finally the length */ - memcpy((char *)&temp, (char *)(++ptr), 2); /* alignment */ - if (swap_bytes) - temp = krb4_swab16(temp); - - clen = (int) temp; - - DEB (("Clen is %d\n",clen)); - return(clen); -} diff --git a/src/lib/krb4/prot_client.c b/src/lib/krb4/prot_client.c deleted file mode 100644 index 315f7f08a4..0000000000 --- a/src/lib/krb4/prot_client.c +++ /dev/null @@ -1,370 +0,0 @@ -/* - * lib/krb4/prot_client.c - * - * Copyright 2001 by the Massachusetts Institute of Technology. All - * Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Contains protocol encoders and decoders used by a krb4 client. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * encode_kdc_request - * - * Packet format is originally from g_in_tkt.c. - * - * Size Variable Field - * ---- -------- ----- - * 1 byte KRB_PROT_VERSION protocol version number - * 1 byte AUTH_MSG_KDC_REQUEST | message type - * HOST_BYTE_ORDER local byte order in lsb - * string user client's name - * string instance client's instance - * string realm client's realm - * 4 bytes tlocal.tv_sec timestamp in seconds - * 1 byte life desired lifetime - * string service service's name - * string sinstance service's instance - */ -int KRB5_CALLCONV -krb4prot_encode_kdc_request(char *pname, char *pinst, char *prealm, - KRB4_32 tlocal, int life, - char *sname, char *sinst, - char *preauth, int preauthlen, - int chklen, /* check input str len? */ - int le, /* little-endian? */ - KTEXT pkt) -{ - unsigned char *p; - int ret; - size_t snamelen, sinstlen; - - p = pkt->dat; - - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_KDC_REQUEST | !!le; - - ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, - pkt, &p); - if (ret) - return ret; - - snamelen = strlen(sname) + 1; - sinstlen = strlen(sinst) + 1; - if (chklen && (snamelen > ANAME_SZ || sinstlen > INST_SZ)) - return KRB4PROT_ERR_OVERRUN; - if ((sizeof(pkt->dat) - (p - pkt->dat)) - < (4 + 1 + snamelen + sinstlen + preauthlen)) - return KRB4PROT_ERR_OVERRUN; - - /* timestamp */ - KRB4_PUT32(p, tlocal, le); - - *p++ = life; - - memcpy(p, sname, snamelen); - p += snamelen; - memcpy(p, sinst, sinstlen); - p += sinstlen; - - if (preauthlen) - memcpy(p, preauth, (size_t)preauthlen); - p += preauthlen; - - pkt->length = p - pkt->dat; - return KRB4PROT_OK; -} - -/* - * decode_kdc_reply - */ -int KRB5_CALLCONV -krb4prot_decode_kdc_reply(KTEXT pkt, - int *le, - char *pname, char *pinst, char *prealm, - long *time_ws, int *n, - unsigned long *x_date, int *kvno, - KTEXT ciph) -{ - unsigned char *p; - int msg_type; - int ret; - unsigned int ciph_len; - - p = pkt->dat; - if (pkt->length < 2) - return KRB4PROT_ERR_UNDERRUN; - if (*p++ != KRB_PROT_VERSION) - return KRB4PROT_ERR_PROT_VERS; - msg_type = *p++; - *le = msg_type & 1; - msg_type &= ~1; - if (msg_type != AUTH_MSG_KDC_REPLY) - return KRB4PROT_ERR_MSG_TYPE; - - ret = krb4prot_decode_naminstrlm(ciph, &p, pname, pinst, prealm); - if (ret) - return ret; - -#define PKT_REMAIN (pkt->length - (p - pkt->dat)) - - if (PKT_REMAIN < (4 /* time */ - + 1 /* number of tickets */ - + 4 /* exp date */ - + 1 /* kvno */ - + 2)) /* ciph length */ - return KRB4PROT_ERR_UNDERRUN; - if (time_ws != NULL) - KRB4_GET32(*time_ws, p, *le); /* XXX signed/unsigned */ - else - p += 4; - if (n != NULL) - *n = *p++; - else - p++; - if (x_date != NULL) - KRB4_GET32(*x_date, p, *le); - else - p += 4; - if (kvno != NULL) - *kvno = *p++; - else - p++; - KRB4_GET16(ciph_len, p, *le); - if (PKT_REMAIN < ciph_len) - return KRB4PROT_ERR_UNDERRUN; - ciph->length = ciph_len; - memcpy(ciph->dat, p, (size_t)ciph->length); - return KRB4PROT_OK; -#undef PKT_REMAIN -} - -int KRB5_CALLCONV -krb4prot_decode_ciph(KTEXT ciph, int le, - C_Block session, - char *name, char *inst, char *realm, - int *life, int *kvno, - KTEXT tkt, unsigned long *kdc_time) -{ - unsigned char *p; - int ret; - - p = ciph->dat; - if (ciph->length < 8) - return KRB4PROT_ERR_UNDERRUN; - memcpy(session, p, 8); - p += 8; - ret = krb4prot_decode_naminstrlm(ciph, &p, name, inst, realm); - if (ret) - return ret; -#define CIPH_REMAIN (ciph->length - (p - ciph->dat)) - if (CIPH_REMAIN < (1 /* life */ - + 1 /* kvno */ - + 1)) /* tkt->length */ - return KRB4PROT_ERR_UNDERRUN; - if (life != NULL) - *life = *p++; - else - p++; - if (kvno != NULL) - *kvno = *p++; - else - p++; - tkt->length = *p++; - if (CIPH_REMAIN < (tkt->length - + 4)) /* kdc_time */ - return KRB4PROT_ERR_UNDERRUN; - memcpy(tkt->dat, p, (size_t)tkt->length); - p += tkt->length; - - if (kdc_time != NULL) - KRB4_GET32(*kdc_time, p, le); - - return KRB4PROT_OK; -#undef CIPH_REMAIN -} - -/* - * encode_apreq - * - * The following was originally from mk_req.c. - * - * unsigned char KRB_PROT_VERSION protocol version no. - * unsigned char AUTH_MSG_APPL_REQUEST message type - * (least significant - * bit of above) HOST_BYTE_ORDER local byte ordering - * unsigned char kvno from ticket server's key version - * string realm server's realm - * unsigned char tl ticket length - * unsigned char idl request id length - * binary ticket->dat ticket for server - * binary req_id->dat request id - */ -int KRB5_CALLCONV -krb4prot_encode_apreq(int kvno, char *realm, - KTEXT tkt, KTEXT req_id, - int chklen, /* check str len? */ - int le, /* little-endian? */ - KTEXT pkt) -{ - unsigned char *p; - size_t realmlen; - - p = pkt->dat; - /* Assume >= 3 bytes in a KTEXT. */ - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_APPL_REQUEST | !!le; - - *p++ = kvno; - - realmlen = strlen(realm) + 1; - if (chklen && realmlen > REALM_SZ) - return KRB4PROT_ERR_OVERRUN; - if (tkt->length > 255 || req_id->length > 255) - return KRB4PROT_ERR_OVERRUN; - if ((sizeof(pkt->dat) - (p - pkt->dat)) - < (realmlen - + 1 /* tkt->length */ - + 1 /* req_id->length */ - + tkt->length + req_id->length)) - return KRB4PROT_ERR_OVERRUN; - - memcpy(p, realm, realmlen); - p += realmlen; - - *p++ = tkt->length; - *p++ = req_id->length; - memcpy(p, tkt->dat, (size_t)tkt->length); - p += tkt->length; - memcpy(p, req_id->dat, (size_t)req_id->length); - p += req_id->length; - - pkt->length = p - pkt->dat; - return KRB4PROT_OK; -} - -/* - * encode_authent - * - * Encodes an authenticator (called req_id in some of the code for - * some weird reason). Does not encrypt. - * - * The following packet layout is originally from mk_req.c. It is - * rounded up to the next multiple of 8 bytes. - * - * string cr.pname {name, instance, and - * string cr.pinst realm of principal - * string myrealm making this request} - * 4 bytes checksum checksum argument given - * unsigned char time_usecs time (microseconds) - * 4 bytes time_secs time (seconds) - */ -int KRB5_CALLCONV -krb4prot_encode_authent(char *pname, char *pinst, char *prealm, - KRB4_32 checksum, - int time_usec, long time_sec, - int chklen, /* check str lens? */ - int le, /* little-endian? */ - KTEXT pkt) -{ - unsigned char *p; - int ret; - - p = pkt->dat; - ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, - pkt, &p); - if (ret) - return ret; - if ((sizeof(pkt->dat) - (p - pkt->dat)) / 8 - < (4 /* checksum */ - + 1 /* microsec */ - + 4 /* time */ - + 7) / 8) /* roundoff */ - return KRB4PROT_ERR_OVERRUN; - - KRB4_PUT32(p, checksum, le); - *p++ = time_usec; - KRB4_PUT32(p, time_sec, le); - - memset(p, 0, 7); /* nul-pad */ - pkt->length = (((p - pkt->dat) + 7) / 8) * 8; - return KRB4PROT_OK; -} - -/* - * decode_error - * - * Decodes an error reply from the KDC. - */ -int KRB5_CALLCONV -krb4prot_decode_error(KTEXT pkt, int *le, - char *pname, char *pinst, char *prealm, - unsigned long *time_ws, - unsigned long *err, char *err_string) -{ - unsigned char *p; - int msg_type, ret, errstrlen; - - p = pkt->dat; - if (pkt->length < 2) - return KRB4PROT_ERR_UNDERRUN; - if (*p++ != KRB_PROT_VERSION) - return KRB4PROT_ERR_PROT_VERS; - msg_type = *p++; - *le = msg_type & 1; - msg_type &= ~1; - if (msg_type != AUTH_MSG_ERR_REPLY) - return KRB4PROT_ERR_MSG_TYPE; - - ret = krb4prot_decode_naminstrlm(pkt, &p, pname, pinst, prealm); - if (ret) - return ret; - -#define PKT_REMAIN (pkt->length - (p - pkt->dat)) - if (PKT_REMAIN < (4 /* time */ - + 4)) /* err code */ - return KRB4PROT_ERR_UNDERRUN; - - if (time_ws != NULL) - KRB4_GET32(*time_ws, p, le); - else - p += 4; - if (err != NULL) - KRB4_GET32(*err, p, le); - else - p += 4; - - if (PKT_REMAIN <= 0) /* allow for missing error string */ - return KRB4PROT_OK; - - errstrlen = krb4int_strnlen((char *)p, PKT_REMAIN) + 1; - if (errstrlen <= 0) /* If it's there, it must be nul-terminated. */ - return KRB4PROT_ERR_OVERRUN; - if (err_string != NULL) - memcpy(err_string, p, (size_t)errstrlen); - - return KRB4PROT_OK; -#undef PKT_REMAIN -} diff --git a/src/lib/krb4/prot_common.c b/src/lib/krb4/prot_common.c deleted file mode 100644 index 3e36de1291..0000000000 --- a/src/lib/krb4/prot_common.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * lib/krb4/prot_common.c - * - * Copyright 2001 by the Massachusetts Institute of Technology. All - * Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Contains some common code used by multiple encoders/decoders. - */ - -#include "krb.h" -#include "prot.h" -#include - -/* - * encode_naminstrlm - * - * Takes input string triplet of a principal, encodes into PKT. - * Assumes that input strings are properly terminated. If CHKLEN is - * non-zero, validate input string lengths against their respective - * limits. The pointer P is the address of the moving pointer used by - * the caller, and is updated here. - * - * Returns zero on success, non-zero on failure. - * - * PKT->LENGTH is NOT updated. The caller must update it. - */ -int KRB5_CALLCONV -krb4prot_encode_naminstrlm(char *name, char *inst, char *realm, - int chklen, /* check input str len? */ - KTEXT pkt, /* buffer to encode into */ - unsigned char **p /* moving pointer */) -{ - size_t namelen, instlen, realmlen; - - namelen = strlen(name) + 1; - instlen = strlen(inst) + 1; - realmlen = strlen(realm) + 1; - if (chklen && (namelen > ANAME_SZ || instlen > INST_SZ - || realmlen > REALM_SZ)) - return KRB4PROT_ERR_OVERRUN; - if (*p - pkt->dat < namelen + instlen + realmlen) - return KRB4PROT_ERR_OVERRUN; - memcpy(*p, name, namelen); - *p += namelen; - memcpy(*p, inst, instlen); - *p += namelen; - memcpy(*p, realm, realmlen); - *p += namelen; - return KRB4PROT_OK; -} - -/* - * decode_naminstrlm - * - * Grabs a string triplet corresponding to a principal. The input - * buffer PKT should have its length properly set. The pointer P is - * the address of the moving pointer used by the caller, and will be - * updated. If any input pointer is NULL, merely skip the string. - * - * The output strings NAME, INST, and REALM are assumed to be of the - * correct sizes (ANAME_SZ, INST_SZ, REALM_SZ). - * - * Returns 0 on success, non-zero on failure. - */ -int KRB5_CALLCONV -krb4prot_decode_naminstrlm(KTEXT pkt, /* buffer to decode from */ - unsigned char **p, /* moving pointer */ - char *name, char *inst, char *realm) -{ - int len; - -#define PKT_REMAIN (pkt->length - (*p - pkt->dat)) - if (PKT_REMAIN <= 0) - return KRB4PROT_ERR_UNDERRUN; - len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1; - if (len == 0 || len > ANAME_SZ) - return KRB4PROT_ERR_OVERRUN; - if (name != NULL) - memcpy(name, *p, (size_t)len); - *p += len; - - if (PKT_REMAIN <= 0) - return KRB4PROT_ERR_UNDERRUN; - len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - return KRB4PROT_ERR_OVERRUN; - if (name != NULL) - memcpy(inst, *p, (size_t)len); - *p += len; - - if (PKT_REMAIN <= 0) - return KRB4PROT_ERR_UNDERRUN; - len = krb4int_strnlen((char *)*p, PKT_REMAIN) + 1; - if (len <= 0 || len > REALM_SZ) - return KRB4PROT_ERR_OVERRUN; - if (realm != NULL) - memcpy(realm, *p, (size_t)len); - *p += len; - return KRB4PROT_OK; -#undef PKT_REMAIN -} - -int KRB5_CALLCONV -krb4prot_decode_header(KTEXT pkt, - int *pver, int *msgtype, int *le) -{ - unsigned char *p; - - p = pkt->dat; - if (pkt->length < 2) - return KRB4PROT_ERR_UNDERRUN; - *pver = *p++; - *msgtype = *p++; - *le = *msgtype & 1; - *msgtype &= ~1; - return KRB4PROT_OK; -} diff --git a/src/lib/krb4/prot_kdc.c b/src/lib/krb4/prot_kdc.c deleted file mode 100644 index aaaa9d00c4..0000000000 --- a/src/lib/krb4/prot_kdc.c +++ /dev/null @@ -1,461 +0,0 @@ -/* - * lib/krb4/prot_kdc.c - * - * Copyright 1985--1988, 2000, 2001 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Contains the protocol encoders and decoders used by the KDC. - */ - -#include "krb.h" -#include "prot.h" -#include -#include "port-sockets.h" - -/* - * encode_kdc_reply - * - * Encodes a reply from the KDC to the client. - * - * Returns KRB4PROT_OK on success, non-zero on failure. - * - * Caller is responsible for cleaning up OUTBUF. - * - * This packet layout description was originally in cr_auth_repl.c: - * - * variable - * type or constant data - * ---- ----------- ---- - * unsigned char KRB_PROT_VERSION protocol version number - * - * unsigned char AUTH_MSG_KDC_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned char n number of tickets - * - * unsigned long x_date expiration date - * - * unsigned char kvno master key version - * - * short cipher->length cipher length - * - * binary cipher->dat cipher data - */ -int KRB5_CALLCONV -krb4prot_encode_kdc_reply(char *pname, char *pinst, char *prealm, - long time_ws, - int n, /* Number of tickets; 0 for krb4 (!) */ - unsigned long x_date, /* exp date */ - int kvno, - KTEXT cipher, /* encrypted ticket */ - int chklen, /* check input str len? */ - int le, /* little-endian? */ - KTEXT outbuf) -{ - unsigned char *p; - int ret; - - p = outbuf->dat; - /* This is really crusty. */ - if (n != 0) - *p++ = 3; - else - *p++ = KRB_PROT_VERSION; - /* little-endianness based on input, usually big-endian, though. */ - *p++ = AUTH_MSG_KDC_REPLY | !!le; - - ret = krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, - outbuf, &p); - if (ret) - return ret; - - /* Check lengths */ - if (cipher->length > 65535 || cipher->length < 0) - return KRB4PROT_ERR_OVERRUN; - if ((sizeof(outbuf->dat) - (p - outbuf->dat) - < (4 /* timestamp */ - + 1 /* num of tickets */ - + 4 /* exp date */ - + 1 /* kvno */ - + 2 /* cipher->length */ - + cipher->length))) /* cipher->dat */ - return KRB4PROT_ERR_OVERRUN; - - /* Workstation timestamp */ - KRB4_PUT32(p, time_ws, le); - - /* Number of tickets */ - *p++ = n; - - /* Expiration date */ - KRB4_PUT32(p, x_date, le); - - /* Now send the ciphertext and info to help decode it */ - *p++ = kvno; - KRB4_PUT16(p, cipher->length, le); - memcpy(p, cipher->dat, (size_t)cipher->length); - p += cipher->length; - - /* And return the packet */ - outbuf->length = p - outbuf->dat; - return KRB4PROT_OK; -} - -/* - * encode_ciph - * - * Encodes a "cipher" that is to be included in a KDC reply message. - * - * Caller is responsible for cleaning up CIPH. - * - * Returns KRB4PROT_OK on success, non-zero on failure. - * - * Packet format below is originally from cr_ciph.c: - * - * variable - * type or constant data - * ---- ----------- ---- - * 8 bytes session session key for client, service - * - * string service service name - * - * string instance service instance - * - * string realm KDC realm - * - * unsigned char life ticket lifetime - * - * unsigned char kvno service key version number - * - * unsigned char tkt->length length of following ticket - * - * data tkt->dat ticket for service - * - * 4 bytes kdc_time KDC's timestamp - * - * <=7 bytes null null pad to 8 byte multiple - */ -int KRB5_CALLCONV -krb4prot_encode_ciph(C_Block session, - char *name, char *inst, char *realm, - unsigned long life, int kvno, - KTEXT tkt, /* ticket */ - unsigned long kdc_time, - int chklen, /* check str lens? */ - int le, /* little-endian? */ - KTEXT ciph) /* output buffer */ -{ - unsigned char *p; - int ret; - - p = ciph->dat; - /* - * Assume that there will be >= 8 bytes in a KTEXT. If there - * aren't, we have worse problems. - */ - memcpy(p, session, 8); - p += 8; - - ret = krb4prot_encode_naminstrlm(name, inst, realm, chklen, - ciph, &p); - if (ret) - return ret; - if (tkt->length > 255 || tkt->length < 0) - return KRB4PROT_ERR_OVERRUN; - if ((sizeof(ciph->dat) - (p - ciph->dat)) / 8 - < (1 /* life */ - + 1 /* kvno */ - + 1 /* tkt->length */ - + tkt->length /* tkt->dat */ - + 4 /* kdc_time */ - + 7) / 8) /* roundoff */ - return KRB4PROT_ERR_OVERRUN; - - *p++ = life; - *p++ = kvno; - *p++ = tkt->length; - - memcpy(p, tkt->dat, (size_t)tkt->length); - p += tkt->length; - - KRB4_PUT32(p, kdc_time, le); - - /* Guarantee null pad to multiple of 8 bytes */ - memset(p, 0, 7); - ciph->length = (((p - ciph->dat) + 7) / 8) * 8; - return KRB4PROT_OK; -} - -/* - * encode_tkt - * - * Encode ticket to include in a "cipher". Does not encrypt. - * - * Caller is responsible for cleaning TKT. - * - * The length of the ticket is a multiple of - * eight bytes and is in tkt->length. - * - * If the ticket is not a multiple of eight bytes long, the ticket - * will contain nulls. - * - * Returns KRB4PROT_OK on success, non-zero on failure. - * - * The following packet layout is from cr_tkt.c: - * - * variable - * type or constant data - * ---- ----------- ---- - * unsigned char flags namely, HOST_BYTE_ORDER - * - * string pname client's name - * - * string pinstance client's instance - * - * string prealm client's realm - * - * 4 bytes paddress client's address - * - * 8 bytes session session key - * - * 1 byte life ticket lifetime - * - * 4 bytes time_sec KDC timestamp - * - * string sname service's name - * - * string sinstance service's instance - * - * <=7 bytes null null pad to 8 byte multiple - */ -int KRB5_CALLCONV -krb4prot_encode_tkt(unsigned int flags, - char *pname, char *pinst, char *prealm, - unsigned long paddress, - char *session, - int life, long time_sec, - char *sname, char *sinst, - int chklen, /* check str lens? */ - int le, /* little-endian? */ - KTEXT tkt) /* output buf */ -{ - struct in_addr paddr; - unsigned char *p; - size_t snamelen, sinstlen; - - /* Be really paranoid. */ - if (sizeof(paddr.s_addr) != 4) - return KFAILURE; - - p = tkt->dat; - /* - * Assume at least one byte in a KTEXT. If not, we have bigger - * problems. Also, bitwise-OR in the little-endian flag. - */ - *p++ = flags | !!le; - - if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, - tkt, &p)) - return KFAILURE; - - snamelen = strlen(sname) + 1; - sinstlen = strlen(sinst) + 1; - if (life > 255 || life < 0) - return KFAILURE; - if (chklen && (snamelen > ANAME_SZ || sinstlen > INST_SZ)) - return KFAILURE; - if ((sizeof(tkt->dat) - (p - tkt->dat)) / 8 - < (4 /* address */ - + 8 /* session */ - + 1 /* life */ - + 4 /* issue time */ - + snamelen + sinstlen - + 7) / 8) /* roundoff */ - return KFAILURE; - - paddr.s_addr = paddress; - memcpy(p, &paddr.s_addr, sizeof(paddr.s_addr)); - p += sizeof(paddr.s_addr); - - memcpy(p, session, 8); - p += 8; - *p++ = life; - /* issue time */ - KRB4_PUT32(p, time_sec, le); - - memcpy(p, sname, snamelen); - p += snamelen; - memcpy(p, sinst, sinstlen); - p += sinstlen; - - /* guarantee null padded ticket to multiple of 8 bytes */ - memset(p, 0, 7); - tkt->length = ((p - tkt->dat + 7) / 8) * 8; - return KSUCCESS; -} - -/* - * encode_err_reply - * - * Encode an error reply message from the KDC to the client. - * - * Returns KRB4PROT_OK on success, non-zero on error. - * - * The following packet layout description is from cr_err_repl.c: - * - * type variable data - * or constant - * ---- ----------- ---- - * unsigned char req_ack_vno protocol version number - * - * unsigned char AUTH_MSG_ERR_REPLY protocol message type - * - * [least significant HOST_BYTE_ORDER sender's (server's) byte - * bit of above field] order - * - * string pname principal's name - * - * string pinst principal's instance - * - * string prealm principal's realm - * - * unsigned long time_ws client's timestamp - * - * unsigned long e error code - * - * string e_string error text - */ -int KRB5_CALLCONV -krb4prot_encode_err_reply(char *pname, char *pinst, char *prealm, - unsigned long time_ws, - unsigned long err, /* error code */ - char *err_string, /* error text */ - int chklen, /* check str lens? */ - int le, /* little-endian? */ - KTEXT pkt) /* output buf */ -{ - unsigned char *p; - size_t err_stringlen; - - p = pkt->dat; - /* Assume >= 2 bytes in KTEXT. */ - *p++ = KRB_PROT_VERSION; - *p++ = AUTH_MSG_ERR_REPLY | !!le; - - if (krb4prot_encode_naminstrlm(pname, pinst, prealm, chklen, - pkt, &p)) - return KFAILURE; - - err_stringlen = strlen(err_string) + 1; - if ((sizeof(pkt->dat) - (p - pkt->dat)) - < (4 /* timestamp */ - + 4 /* err code */ - + err_stringlen)) - return KFAILURE; - /* ws timestamp */ - KRB4_PUT32(p, time_ws, le); - /* err code */ - KRB4_PUT32(p, err, le); - /* err text */ - memcpy(p, err_string, err_stringlen); - p += err_stringlen; - - /* And return */ - pkt->length = p - pkt->dat; - return KSUCCESS; -} - -/* - * decode_kdc_request - * - * Decode an initial ticket request sent from the client to the KDC. - * - * Packet format is described in g_in_tkt.c. - * - * Returns KRB4PROT_OK on success, non-zero on failure. - */ -int KRB5_CALLCONV -krb4prot_decode_kdc_request(KTEXT pkt, - int *le, - char *pname, char *pinst, char *prealm, - long *req_time, int *life, - char *sname, char *sinst) -{ - unsigned char *p; - int msg_type, ret, len; - - p = pkt->dat; - - /* Get prot vers and msg type */ - if (pkt->length < 2) - return KRB4PROT_ERR_UNDERRUN; - if (*p++ != KRB_PROT_VERSION) - return KRB4PROT_ERR_PROT_VERS; - msg_type = *p++; - *le = msg_type & 1; - msg_type &= ~1; - if (msg_type != AUTH_MSG_KDC_REQUEST) - return KRB4PROT_ERR_MSG_TYPE; - - ret = krb4prot_decode_naminstrlm(pkt, &p, pname, pinst, prealm); - if (ret) - return ret; - -#define PKT_REMAIN (pkt->length - (p - pkt->dat)) - - if (PKT_REMAIN < (4 /* time */ - + 1)) /* life */ - return KRB4PROT_ERR_UNDERRUN; - - KRB4_GET32(*req_time, p, *le); - - *life = *p++; - - if (PKT_REMAIN <= 0) - return KRB4PROT_ERR_UNDERRUN; - len = krb4int_strnlen((char *)p, PKT_REMAIN) + 1; - if (len <= 0 || len > ANAME_SZ) - return KRB4PROT_ERR_OVERRUN; - memcpy(sname, p, (size_t)len); - p += len; - - if (PKT_REMAIN <= 0) - return KRB4PROT_ERR_UNDERRUN; - len = krb4int_strnlen((char *)p, PKT_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - return KRB4PROT_ERR_OVERRUN; - memcpy(sinst, p, (size_t)len); - p += len; - - /* XXX krb4 preauth? */ - return KRB4PROT_OK; -} diff --git a/src/lib/krb4/put_svc_key.c b/src/lib/krb4/put_svc_key.c deleted file mode 100644 index 53e53c71a3..0000000000 --- a/src/lib/krb4/put_svc_key.c +++ /dev/null @@ -1,96 +0,0 @@ -/* lib/krb/put_svc_key.c */ -/* Copyright 1994 Cygnus Support */ -/* Mark W. Eichin */ -/* - * Permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation. - * Cygnus Support makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* - * put_svc_key is a simple version of what 'ksrvutil add' provides, for some - * circumstances when service keys are distributed by applictions. - * - * Caveats: currently uses UNIX I/O (open, read) rather than stdio - this - * should be fixed. - * It could probably be made more general (and then actually be used - * by ksrvutil.) This version supports just enough to be useful. - */ - -#include "krb.h" -#include "krb4int.h" - -#include -#include -#include -#include "autoconf.h" -#ifdef HAVE_UNISTD_H -#include -#endif -#include "k5-platform.h" - -#define KEYSZ sizeof(C_Block) -/* strict put_svc_key. - The srvtab must already exist; - The key (exact match) must already be in the file; - version numbers are not checked. - */ -int KRB5_CALLCONV -put_svc_key(sfile,name,inst,realm,newvno,key) - char *sfile; - char *name; - char *inst; - char *realm; - int newvno; - char *key; -{ - int fd; - char fname[SNAME_SZ], finst[INST_SZ], frlm[REALM_SZ]; - unsigned char fvno; - char fkey[KEYSZ]; - - if (!sfile) - sfile = KEYFILE; - - if ((fd = open(sfile, O_RDWR)) < 0) - return KFAILURE; - set_cloexec_fd(fd); - - while(getst(fd,fname,SNAME_SZ) > 0) { - getst(fd,finst,INST_SZ); - getst(fd,frlm,REALM_SZ); - if (!strcmp(fname,name) - && !strcmp(finst,inst) - && !strcmp(frlm,realm)) { - /* all matched, so write new data */ - fvno = newvno; - lseek(fd,0,SEEK_CUR); - if (write(fd,&fvno,1) != 1) { - close(fd); - return KFAILURE; - } - if (write(fd,key,KEYSZ) != KEYSZ) { - close(fd); - return KFAILURE; - } - close(fd); - return KSUCCESS; - } - if (read(fd,&fvno,1) != 1) { - close(fd); - return KFAILURE; - } - if (read(fd,fkey,KEYSZ) != KEYSZ) { - close(fd); - return KFAILURE; - } - } - /* never found it */ - close(fd); - return KFAILURE; -} diff --git a/src/lib/krb4/rd_err.c b/src/lib/krb4/rd_err.c deleted file mode 100644 index 47f5167b54..0000000000 --- a/src/lib/krb4/rd_err.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * lib/krb4/rd_err.c - * - * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Steve Miller Project Athena MIT/DEC - */ - -#include - -#include "krb.h" -#include "prot.h" - -/* - * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length", - * return the error code from the message in "code" and the text in - * "m_data" as follows: - * - * m_data->app_data points to the error text - * m_data->app_length points to the length of the error text - * - * If all goes well, return RD_AP_OK. If the version number - * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR - * type message, return RD_AP_MSG_TYPE. - * - * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c - */ - -int KRB5_CALLCONV -krb_rd_err(in, in_length, code, m_data) - u_char *in; /* pointer to the msg received */ - u_long in_length; /* of in msg */ - long *code; /* received error code */ - MSG_DAT *m_data; -{ - register u_char *p; - int le; - unsigned KRB4_32 raw_code; - - p = in; /* beginning of message */ - - if (in_length < 1 + 1 + 4) - return RD_AP_MODIFIED; /* XXX should have better error code */ - if (*p++ != KRB_PROT_VERSION) - return RD_AP_VERSION; - if (((*p) & ~1) != AUTH_MSG_APPL_ERR) - return RD_AP_MSG_TYPE; - le = *p++ & 1; - - KRB4_GET32(raw_code, p, le); - *code = raw_code; /* XXX unsigned->signed conversion! */ - - m_data->app_data = p; /* we're now at the error text - * message */ - m_data->app_length = p - in; - - return RD_AP_OK; /* OK == 0 */ -} diff --git a/src/lib/krb4/rd_preauth.c b/src/lib/krb4/rd_preauth.c deleted file mode 100644 index b30838cc4f..0000000000 --- a/src/lib/krb4/rd_preauth.c +++ /dev/null @@ -1,62 +0,0 @@ -/* rd_preauth.c */ -/* part of Cygnus Network Security */ -/* Copyright 1994 Cygnus Support */ -/* - * Permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation. - * Cygnus Support makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "krb_db.h" -#include "prot.h" -#include "des.h" -#include "krb4int.h" -#include - -/* #define KERB_ERR_PREAUTH_SHORT 11 */ -/* #define KERB_ERR_PREAUTH_MISMATCH 12 */ - - -int -krb_rd_preauth(pkt, preauth_p, preauth_len, auth_pr, key) - KTEXT pkt; - char *preauth_p; - int preauth_len; - Principal *auth_pr; - des_cblock key; -{ - int st; - char *name_p; - - name_p = auth_pr->name; - -#ifndef NOENCRYPTION - /* Decrypt preauth_p using key as the key and initialization vector. */ - /* check preauth_len */ - if ((((strlen(name_p) + 1) / 8) + 1) * 8 != preauth_len) - return KERB_ERR_PREAUTH_SHORT; - else { - des_key_schedule key_s; - - if (des_key_sched(key, key_s)) { - return 1; - } - des_pcbc_encrypt((des_cblock *)preauth_p, (des_cblock *)preauth_p, - (long)preauth_len, key_s, (des_cblock *)key, - DES_DECRYPT); - memset(key_s, 0, sizeof(key_s)); - } -#endif /* R3_NO_MODIFICATIONS */ - - /* since the preauth data has the trailing 0, this just works */ - st = strcmp(preauth_p, name_p); - if (st) - return KERB_ERR_PREAUTH_MISMATCH; - return 0; -} diff --git a/src/lib/krb4/rd_priv.c b/src/lib/krb4/rd_priv.c deleted file mode 100644 index 1ba60081c8..0000000000 --- a/src/lib/krb4/rd_priv.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * lib/krb4/rd_priv.c - * - * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * This routine dissects a a Kerberos 'private msg', decrypting it, - * checking its integrity, and returning a pointer to the application - * data contained and its length. - * - * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...). If - * the return value is RD_AP_TIME, then either the times are too far - * out of synch, OR the packet was modified. - * - * Steve Miller Project Athena MIT/DEC - */ - -/* system include files */ -#include -#include - -/* application include files */ -#include "krb.h" -#include "prot.h" -#include "des.h" -#include "lsb_addr_cmp.h" -#include "port-sockets.h" - -extern int krb_debug; - -/* This one is exported, for use by krb_mk_priv. */ -int private_msg_ver = KRB_PROT_VERSION; - -/* -#ifdef NOENCRPYTION - * krb_rd_priv() checks the integrity of an -#else - * krb_rd_priv() decrypts and checks the integrity of an -#endif - * AUTH_MSG_PRIVATE message. Given the message received, "in", - * the length of that message, "in_length", the key "schedule" -#ifdef NOENCRYPTION - * and "key", and the network addresses of the -#else - * and "key" to decrypt with, and the network addresses of the -#endif - * "sender" and "receiver" of the message, krb_rd_safe() returns - * RD_AP_OK if the message is okay, otherwise some error code. - * - * The message data retrieved from "in" are returned in the structure -#ifdef NOENCRYPTION - * "m_data". The pointer to the application data -#else - * "m_data". The pointer to the decrypted application data -#endif - * (m_data->app_data) refers back to the appropriate place in "in". - * - * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE - * message. The structure containing the extracted message - * information, MSG_DAT, is defined in "krb.h". - */ - -long KRB5_CALLCONV -krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data) - u_char *in; /* pointer to the msg received */ - unsigned KRB4_32 in_length; /* length of "in" msg */ - Key_schedule schedule; /* precomputed key schedule */ - C_Block *key; /* encryption key for seed and ivec */ - struct sockaddr_in *sender; - struct sockaddr_in *receiver; - MSG_DAT *m_data; /*various input/output data from msg */ -{ - register u_char *p,*q; - int v, t, le; - struct in_addr src_addr; - unsigned KRB4_32 c_length; - int swap_bytes; - unsigned KRB4_32 t_local; - KRB4_32 delta_t; /* Difference between timestamps */ - - p = in; /* beginning of message */ -#define IN_REMAIN (in_length - (p - in)) - swap_bytes = 0; - - if (IN_REMAIN < 1 + 1 + 4) - return RD_AP_MODIFIED; - v = *p++; - if (v != KRB_PROT_VERSION && v != 3) - return RD_AP_VERSION; - private_msg_ver = v; - t = *p++; - if ((t & ~1) != AUTH_MSG_PRIVATE) - return RD_AP_MSG_TYPE; - le = t & 1; - - /* get cipher length */ - KRB4_GET32(c_length, p, le); - /* check for rational length so we don't go comatose */ - if (IN_REMAIN < c_length) - return RD_AP_MODIFIED; - -#ifndef NOENCRYPTION - /* - * decrypt to obtain length, timestamps, app_data, and checksum - * use the session key as an ivec - */ -#endif - - q = p; /* mark start of encrypted stuff */ - -#ifndef NOENCRYPTION - /* pcbc decrypt, use key as ivec */ - pcbc_encrypt((C_Block *)q, (C_Block *)q, (long)c_length, - schedule, key, DECRYPT); -#endif - - /* safely get application data length */ - KRB4_GET32(m_data->app_length, p, le); - - if (IN_REMAIN < m_data->app_length + 4 + 1 + 4) - return RD_AP_MODIFIED; - -#ifndef NOENCRYPTION - /* we're now at the decrypted application data */ -#endif - m_data->app_data = p; - - p += m_data->app_length; - - /* safely get time_5ms */ - m_data->time_5ms = *p++; - - /* safely get src address */ - memcpy(&src_addr.s_addr, p, sizeof(src_addr.s_addr)); - /* don't swap, net order always */ - p += sizeof(src_addr.s_addr); - - if (!krb_ignore_ip_address) { - switch (sender->sin_family) { - case AF_INET: - if (src_addr.s_addr != sender->sin_addr.s_addr) - return RD_AP_MODIFIED; - break; -#ifdef KRB5_USE_INET6 - case AF_INET6: - if (IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr) - && !memcmp (&src_addr.s_addr, - 12 + (char *) &((struct sockaddr_in6 *)sender)->sin6_addr, - 4)) - break; - /* Not v4 mapped? Not ignoring addresses? You lose. */ - return RD_AP_MODIFIED; -#endif - default: - return RD_AP_MODIFIED; - } - } - - /* safely get time_sec */ - KRB4_GET32(m_data->time_sec, p, le); - - /* check direction bit is the sign bit */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - /* However, if we don't have good ip addresses anyhow, just clear - the bit. This makes it harder to detect replay of sent packets - back to the receiver, but most higher level protocols can deal - with that more directly. */ - if (krb_ignore_ip_address) { - if (m_data->time_sec < 0) - m_data->time_sec = -m_data->time_sec; - } else - switch (krb4int_address_less (sender, receiver)) { - case 1: - m_data->time_sec = -m_data->time_sec; - break; - case -1: - if (m_data->time_sec < 0) - m_data->time_sec = -m_data->time_sec; - break; - } - - /* check the time integrity of the msg */ - t_local = TIME_GMT_UNIXSEC; - delta_t = t_local - m_data->time_sec; - if (delta_t < 0) - delta_t = -delta_t; /* Absolute value of difference */ - if (delta_t > CLOCK_SKEW) - return RD_AP_TIME; /* XXX should probably be better code */ - DEB(("\ndelta_t = %d", delta_t)); - - /* - * caller must check timestamps for proper order and - * replays, since server might have multiple clients - * each with its own timestamps and we don't assume - * tightly synchronized clocks. - */ - -#ifdef notdef - memcpy((char *)&cksum, (char *) p, sizeof(cksum)); - if (swap_bytes) cksum = krb4_swab32(cksum) - /* - * calculate the checksum of the length, sequence, - * and input data, on the sending byte order!! - */ - calc_cksum = quad_cksum(q, NULL, p-q, 0, key); - - DEB (("\ncalc_cksum = %u, received cksum = %u", - calc_cksum, cksum)); - if (cksum != calc_cksum) - return RD_AP_MODIFIED; -#endif - return RD_AP_OK; /* OK == 0 */ -} diff --git a/src/lib/krb4/rd_req.c b/src/lib/krb4/rd_req.c deleted file mode 100644 index a1d70c643f..0000000000 --- a/src/lib/krb4/rd_req.c +++ /dev/null @@ -1,543 +0,0 @@ -/* - * lib/krb4/rd_req.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2002 by the - * Massachusetts Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "des.h" -#include "krb.h" -#include "prot.h" -#include -#include -#include - -extern int krb_ap_req_debug; - -static int -krb_rd_req_with_key(KTEXT, char *, char *, KRB_UINT32, AUTH_DAT *, - Key_schedule, krb5_keyblock *); - -/* declared in krb.h */ -int krb_ignore_ip_address = 0; - -/* - * Keep the following information around for subsequent calls - * to this routine by the same server using the same key. - */ - -static Key_schedule serv_key; /* Key sched to decrypt ticket */ -static C_Block ky; /* Initialization vector */ -static int st_kvno; /* version number for this key */ -static char st_rlm[REALM_SZ]; /* server's realm */ -static char st_nam[ANAME_SZ]; /* service name */ -static char st_inst[INST_SZ]; /* server's instance */ -static int krb5_key; /* whether krb5 key is used for decrypt */ - -/* - * This file contains two functions. krb_set_key() takes a DES - * key or password string and returns a DES key (either the original - * key, or the password converted into a DES key) and a key schedule - * for it. - * - * krb_rd_req() reads an authentication request and returns information - * about the identity of the requestor, or an indication that the - * identity information was not authentic. - */ - -/* - * krb_set_key() takes as its first argument either a DES key or a - * password string. The "cvt" argument indicates how the first - * argument "key" is to be interpreted: if "cvt" is null, "key" is - * taken to be a DES key; if "cvt" is non-null, "key" is taken to - * be a password string, and is converted into a DES key using - * string_to_key(). In either case, the resulting key is returned - * in the external static variable "ky". A key schedule is - * generated for "ky" and returned in the external static variable - * "serv_key". - * - * This routine returns the return value of des_key_sched. - * - * krb_set_key() needs to be in the same .o file as krb_rd_req() so that - * the key set by krb_set_key() is available in private storage for - * krb_rd_req(). - */ - -static krb5_keyblock srv_k5key; - -int -krb_set_key(key, cvt) - char *key; - int cvt; -{ - if (krb5_key) - /* XXX assumes that context arg is ignored */ - krb5_free_keyblock_contents(NULL, &srv_k5key); - krb5_key = 0; -#ifdef NOENCRYPTION - memset(ky, 0, sizeof(ky)); - return KSUCCESS; -#else /* Encrypt */ - if (cvt) - string_to_key(key, ky); - else - memcpy((char *)ky, key, 8); - return des_key_sched(ky,serv_key); -#endif /* NOENCRYPTION */ -} - -int -krb_set_key_krb5(ctx, key) - krb5_context ctx; - krb5_keyblock *key; -{ - if (krb5_key) - krb5_free_keyblock_contents(ctx, &srv_k5key); - krb5_key = 1; - return krb5_copy_keyblock_contents(ctx, key, &srv_k5key); -} - -void -krb_clear_key_krb5(ctx) - krb5_context ctx; -{ - if (krb5_key) - krb5_free_keyblock_contents(ctx, &srv_k5key); - krb5_key = 0; -} - -/* - * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or - * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(), - * checks its integrity and returns a judgement as to the requestor's - * identity. - * - * The "authent" argument is a pointer to the received message. - * The "service" and "instance" arguments name the receiving server, - * and are used to get the service's ticket to decrypt the ticket - * in the message, and to compare against the server name inside the - * ticket. "from_addr" is the network address of the host from which - * the message was received; this is checked against the network - * address in the ticket. If "from_addr" is zero, the check is not - * performed. "ad" is an AUTH_DAT structure which is - * filled in with information about the sender's identity according - * to the authenticator and ticket sent in the message. Finally, - * "fn" contains the name of the file containing the server's key. - * (If "fn" is NULL, the server's key is assumed to have been set - * by krb_set_key(). If "fn" is the null string ("") the default - * file KEYFILE, defined in "krb.h", is used.) - * - * krb_rd_req() returns RD_AP_OK if the authentication information - * was genuine, or one of the following error codes (defined in - * "krb.h"): - * - * RD_AP_VERSION - wrong protocol version number - * RD_AP_MSG_TYPE - wrong message type - * RD_AP_UNDEC - couldn't decipher the message - * RD_AP_INCON - inconsistencies found - * RD_AP_BADD - wrong network address - * RD_AP_TIME - client time (in authenticator) - * too far off server time - * RD_AP_NYV - Kerberos time (in ticket) too - * far off server time - * RD_AP_EXP - ticket expired - * - * For the message format, see krb_mk_req(). - * - * Mutual authentication is not implemented. - */ - -static int -krb_rd_req_with_key(authent, service, instance, from_addr, ad, ks, k5key) - register KTEXT authent; /* The received message */ - char *service; /* Service name */ - char *instance; /* Service instance */ - unsigned KRB4_32 from_addr; /* Net address of originating host */ - AUTH_DAT *ad; /* Structure to be filled in */ - Key_schedule ks; - krb5_keyblock *k5key; -{ - KTEXT_ST ticket; /* Temp storage for ticket */ - KTEXT tkt = &ticket; - KTEXT_ST req_id_st; /* Temp storage for authenticator */ - register KTEXT req_id = &req_id_st; - - char realm[REALM_SZ]; /* Realm of issuing kerberos */ - Key_schedule seskey_sched; /* Key sched for session key */ - char sname[SNAME_SZ]; /* Service name from ticket */ - char iname[INST_SZ]; /* Instance name from ticket */ - char r_aname[ANAME_SZ]; /* Client name from authenticator */ - char r_inst[INST_SZ]; /* Client instance from authenticator */ - char r_realm[REALM_SZ]; /* Client realm from authenticator */ - unsigned int r_time_ms; /* Fine time from authenticator */ - unsigned KRB4_32 r_time_sec; /* Coarse time from authenticator */ - register unsigned char *ptr; /* For stepping through */ - unsigned KRB4_32 t_local; /* Local time on our side of the protocol */ - KRB4_32 delta_t; /* Time in authenticator minus local time */ -#ifdef KRB_CRYPT_DEBUG - KRB4_32 tkt_age; /* Age of ticket */ -#endif - int le; /* is little endian? */ - int mutual; /* Mutual authentication requested? */ - int t; /* msg type */ - unsigned char s_kvno; /* Version number of the server's key - Kerberos used to encrypt ticket */ - int ret; - int len; - - tkt->mbz = req_id->mbz = 0; - - if (authent->length < 1 + 1 + 1) - return RD_AP_MODIFIED; - - ptr = authent->dat; -#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat)) - - /* get msg version, type and byte order, and server key version */ - - /* check version */ - if (KRB_PROT_VERSION != *ptr++) - return RD_AP_VERSION; - - /* byte order */ - t = *ptr++; - le = t & 1; - - /* check msg type */ - mutual = 0; - switch (t & ~1) { - case AUTH_MSG_APPL_REQUEST: - break; - case AUTH_MSG_APPL_REQUEST_MUTUAL: - mutual++; - break; - default: - return RD_AP_MSG_TYPE; - } - -#ifdef lint - /* XXX mutual is set but not used; why??? */ - /* this is a crock to get lint to shut up */ - if (mutual) - mutual = 0; -#endif /* lint */ - s_kvno = *ptr++; /* get server key version */ - len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1; - if (len <= 0 || len > sizeof(realm)) { - return RD_AP_MODIFIED; /* must have been modified, the client wouldn't - try to trick us with wacky data */ - } - /* And the realm of the issuing KDC */ - (void)memcpy(realm, ptr, (size_t)len); - ptr += len; /* skip the realm "hint" */ - - /* Get ticket length */ - tkt->length = *ptr++; - /* Get authenticator length while we're at it. */ - req_id->length = *ptr++; - if (AUTHENT_REMAIN < tkt->length + req_id->length) - return RD_AP_MODIFIED; - /* Copy ticket */ - memcpy(tkt->dat, ptr, (size_t)tkt->length); - ptr += tkt->length; - -#ifdef KRB_CRYPT_DEBUG - if (krb_ap_req_debug) - log("ticket->length: %d",tkt->length); - if (krb_ap_req_debug) - log("authent->length: %d", authent->length); -#endif - -#ifndef NOENCRYPTION - /* Decrypt and take apart ticket */ -#endif - - if (k5key == NULL) { - if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm, - &(ad->address),ad->session, &(ad->life), - &(ad->time_sec),sname,iname,ky,ks)) { -#ifdef KRB_CRYPT_DEBUG - log("Can't decode ticket"); -#endif - return(RD_AP_UNDEC); - } - } else { - if (decomp_tkt_krb5(tkt, &ad->k_flags, ad->pname, ad->pinst, - ad->prealm, &ad->address, ad->session, - &ad->life, &ad->time_sec, sname, iname, - k5key)) { - return RD_AP_UNDEC; - } - } - -#ifdef KRB_CRYPT_DEBUG - if (krb_ap_req_debug) { - log("Ticket Contents."); - log(" Aname: %s%s%s@%s",ad->pname, - ((int)*(ad->pinst) ? "." : ""), ad->pinst, - ((int)*(ad->prealm) ? ad->prealm : "Athena")); - log(" Service: %s%s%s",sname,((int)*iname ? "." : ""),iname); - log(" sname=%s, sinst=%s", sname, iname); - } -#endif - - /* Extract the authenticator */ - memcpy(req_id->dat, ptr, (size_t)req_id->length); - -#ifndef NOENCRYPTION - /* And decrypt it with the session key from the ticket */ -#ifdef KRB_CRYPT_DEBUG - if (krb_ap_req_debug) log("About to decrypt authenticator"); -#endif - - key_sched(ad->session, seskey_sched); - pcbc_encrypt((C_Block *)req_id->dat, (C_Block *)req_id->dat, - (long)req_id->length, - seskey_sched, &ad->session, DES_DECRYPT); - memset(seskey_sched, 0, sizeof(seskey_sched)); - -#ifdef KRB_CRYPT_DEBUG - if (krb_ap_req_debug) log("Done."); -#endif -#endif /* NOENCRYPTION */ - - ptr = req_id->dat; -#define REQID_REMAIN (req_id->length - (ptr - req_id->dat)) - - ret = RD_AP_MODIFIED; - - len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1; - if (len <= 0 || len > ANAME_SZ) - goto cleanup; - memcpy(r_aname, ptr, (size_t)len); /* Authentication name */ - ptr += len; - len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1; - if (len <= 0 || len > INST_SZ) - goto cleanup; - memcpy(r_inst, ptr, (size_t)len); /* Authentication instance */ - ptr += len; - len = krb4int_strnlen((char *)ptr, REQID_REMAIN) + 1; - if (len <= 0 || len > REALM_SZ) - goto cleanup; - memcpy(r_realm, ptr, (size_t)len); /* Authentication name */ - ptr += len; - - if (REQID_REMAIN < 4 + 1 + 4) - goto cleanup; - KRB4_GET32(ad->checksum, ptr, le); - r_time_ms = *ptr++; /* Time (fine) */ -#ifdef lint - /* XXX r_time_ms is set but not used. why??? */ - /* this is a crock to get lint to shut up */ - if (r_time_ms) - r_time_ms = 0; -#endif /* lint */ - /* Time (coarse) */ - KRB4_GET32(r_time_sec, ptr, le); - - /* Check for authenticity of the request */ -#ifdef KRB_CRYPT_DEBUG - if (krb_ap_req_debug) - log("Pname: %s %s",ad->pname,r_aname); -#endif - - ret = RD_AP_INCON; - if (strcmp(ad->pname,r_aname) != 0) - goto cleanup; - if (strcmp(ad->pinst,r_inst) != 0) - goto cleanup; - -#ifdef KRB_CRYPT_DEBUG - if (krb_ap_req_debug) - log("Realm: %s %s",ad->prealm,r_realm); -#endif - - if (strcmp(ad->prealm,r_realm) != 0) - goto cleanup; - - /* check the time integrity of the msg */ - ret = RD_AP_TIME; - t_local = TIME_GMT_UNIXSEC; - delta_t = t_local - r_time_sec; - if (delta_t < 0) delta_t = -delta_t; /* Absolute value of difference */ - if (delta_t > CLOCK_SKEW) { -#ifdef KRB_CRYPT_DEBUG - if (krb_ap_req_debug) - log("Time out of range: %d - %d = %d", - time_secs, r_time_sec, delta_t); -#endif - goto cleanup; - } - - /* Now check for expiration of ticket */ - - ret = RD_AP_NYV; -#ifdef KRB_CRYPT_DEBUG - tkt_age = t_local - ad->time_sec; - if (krb_ap_req_debug) - log("Time: %d Issue Date: %d Diff: %d Life %x", - time_secs, ad->time_sec, tkt_age, ad->life); -#endif - if (t_local < ad->time_sec) { - if ((ad->time_sec - t_local) > CLOCK_SKEW) - goto cleanup; - } else if (krb_life_to_time((KRB4_32)ad->time_sec, ad->life) - < t_local + CLOCK_SKEW) { - /* - * This calculation is different than the same expiration - * calculation in krb5. In krb5 the ticket lasts for - * clock_skew seconds longer than its expiration; in krb4 it - * lasts clock_skew seconds less. This difference is - * necessary to avoid using an almost expired tgt to get a new - * tgt that will last for another 5 minutes. This code - * interacts with the login in src/kdc/kerberos_v4.c to - * back-date tickets to avoid them expiring late. The - * combination may be overly conservative, but I'm fairly sure - * either removing the kerberos_v4 backdating or replacing - * this check with the krb5 check is sufficient to create a - * security problem. - */ - ret = RD_AP_EXP; - goto cleanup; - } - -#ifdef KRB_CRYPT_DEBUG - if (krb_ap_req_debug) - log("Address: %d %d",ad->address,from_addr); -#endif - - if (!krb_ignore_ip_address - && from_addr && (ad->address != from_addr)) { - ret = RD_AP_BADD; - goto cleanup; - } - - /* All seems OK */ - ad->reply.length = 0; - ret = 0; - -cleanup: - if (ret) { - /* Stomp on session key if there is an error. */ - memset(ad->session, 0, sizeof(ad->session)); - return ret; - } - - return RD_AP_OK; -} - -int KRB5_CALLCONV -krb_rd_req_int(authent, service, instance, from_addr, ad, key) - KTEXT authent; /* The received message */ - char *service; /* Service name */ - char *instance; /* Service instance */ - KRB_UINT32 from_addr; /* Net address of originating host */ - AUTH_DAT *ad; /* Structure to be filled in */ - C_Block key; /* Key to decrypt ticket with */ -{ - Key_schedule ks; - int ret; - - do { - ret = des_key_sched(key, ks); - if (ret) break; - ret = krb_rd_req_with_key(authent, service, instance, - from_addr, ad, ks, NULL); - } while (0); - memset(ks, 0, sizeof(ks)); - return ret; -} - -int KRB5_CALLCONV -krb_rd_req(authent, service, instance, from_addr, ad, fn) - register KTEXT authent; /* The received message */ - char *service; /* Service name */ - char *instance; /* Service instance */ - unsigned KRB4_32 from_addr; /* Net address of originating host */ - AUTH_DAT *ad; /* Structure to be filled in */ - char *fn; /* Filename to get keys from */ -{ - unsigned char *ptr; - unsigned char s_kvno; - char realm[REALM_SZ]; - unsigned char skey[KKEY_SZ]; -#ifdef KRB4_USE_KEYTAB - krb5_keyblock keyblock; -#endif - int len; - int status; - -#define AUTHENT_REMAIN (authent->length - (ptr - authent->dat)) - if (authent->length < 3) - return RD_AP_MODIFIED; - ptr = authent->dat + 2; - s_kvno = *ptr++; /* get server key version */ - len = krb4int_strnlen((char *)ptr, AUTHENT_REMAIN) + 1; - if (len <= 0 || len > sizeof(realm)) - return RD_AP_MODIFIED; - (void)memcpy(realm, ptr, (size_t)len); -#undef AUTHENT_REMAIN - /* - * If "fn" is NULL, key info should already be set; don't - * bother with ticket file. Otherwise, check to see if we - * already have key info for the given server and key version - * (saved in the static st_* variables). If not, go get it - * from the ticket file. If "fn" is the null string, use the - * default ticket file. - */ - if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) - || strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { - if (*fn == 0) - fn = KEYFILE; - st_kvno = s_kvno; - if (read_service_key(service,instance,realm, (int)s_kvno, - fn, (char *)skey) == 0) { - if ((status = krb_set_key((char *)skey,0))) - return(status); -#ifdef KRB4_USE_KEYTAB - } else if (krb54_get_service_keyblock(service, instance, - realm, (int)s_kvno, - fn, &keyblock) == 0) { - krb_set_key_krb5(krb5__krb4_context, &keyblock); - krb5_free_keyblock_contents(krb5__krb4_context, &keyblock); -#endif - } else - return RD_AP_UNDEC; - - len = krb4int_strnlen(realm, sizeof(st_rlm)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_rlm, realm, (size_t)len); - len = krb4int_strnlen(service, sizeof(st_nam)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_nam, service, (size_t)len); - len = krb4int_strnlen(instance, sizeof(st_inst)) + 1; - if (len <= 0) - return KFAILURE; - memcpy(st_inst, instance, (size_t)len); - } - return krb_rd_req_with_key(authent, service, instance, - from_addr, ad, - krb5_key ? NULL : serv_key, - krb5_key ? &srv_k5key : NULL); -} diff --git a/src/lib/krb4/rd_safe.c b/src/lib/krb4/rd_safe.c deleted file mode 100644 index 7df0d6599a..0000000000 --- a/src/lib/krb4/rd_safe.c +++ /dev/null @@ -1,208 +0,0 @@ -/* - * lib/krb4/rd_safe.c - * - * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * This routine dissects a a Kerberos 'safe msg', checking its - * integrity, and returning a pointer to the application data - * contained and its length. - * - * Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...) - * - * Steve Miller Project Athena MIT/DEC - */ - -/* system include files */ -#include -#include - -/* application include files */ -#include "krb.h" -#include "prot.h" -#include "des.h" -#include "lsb_addr_cmp.h" -#include "port-sockets.h" - -extern int krb_debug; - -/* - * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message. - * Given the message received, "in", the length of that message, - * "in_length", the "key" to compute the checksum with, and the - * network addresses of the "sender" and "receiver" of the message, - * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise - * some error code. - * - * The message data retrieved from "in" is returned in the structure - * "m_data". The pointer to the application data (m_data->app_data) - * refers back to the appropriate place in "in". - * - * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE - * message. The structure containing the extracted message - * information, MSG_DAT, is defined in "krb.h". - */ - -long KRB5_CALLCONV -krb_rd_safe(in,in_length,key,sender,receiver,m_data) - u_char *in; /* pointer to the msg received */ - unsigned KRB4_32 in_length; /* length of "in" msg */ - C_Block *key; /* encryption key for seed and ivec */ - struct sockaddr_in *sender; /* sender's address */ - struct sockaddr_in *receiver; /* receiver's address -- me */ - MSG_DAT *m_data; /* where to put message information */ -{ - int i; - unsigned KRB4_32 calc_cksum[4]; - unsigned KRB4_32 big_cksum[4]; - int le; - - u_char *p,*q; - int t; - struct in_addr src_addr; - unsigned KRB4_32 t_local; /* Local time in our machine */ - KRB4_32 delta_t; /* Difference between timestamps */ - - /* Be very conservative */ - if (sizeof(src_addr.s_addr) != 4) { -#ifdef DEBUG - fprintf(stderr, "\nkrb_rd_safe protocol err " - "sizeof(src_addr.s_addr) != 4\n"); -#endif - return RD_AP_VERSION; - } - - p = in; /* beginning of message */ -#define IN_REMAIN (in_length - (p - in)) - if (IN_REMAIN < 1 + 1 + 4) - return RD_AP_MODIFIED; - - if (*p++ != KRB_PROT_VERSION) - return RD_AP_VERSION; - t = *p++; - if ((t & ~1) != AUTH_MSG_SAFE) - return RD_AP_MSG_TYPE; - le = t & 1; - - q = p; /* mark start of cksum stuff */ - - /* safely get length */ - KRB4_GET32(m_data->app_length, p, le); - - if (IN_REMAIN < m_data->app_length + 1 + 4 + 4 + 4 * 4) - return RD_AP_MODIFIED; - - m_data->app_data = p; /* we're now at the application data */ - - /* skip app data */ - p += m_data->app_length; - - /* safely get time_5ms */ - m_data->time_5ms = *p++; - - /* safely get src address */ - (void)memcpy(&src_addr.s_addr, p, sizeof(src_addr.s_addr)); - /* don't swap, net order always */ - p += sizeof(src_addr.s_addr); - - if (!krb_ignore_ip_address) { - switch (sender->sin_family) { - case AF_INET: - if (src_addr.s_addr != sender->sin_addr.s_addr) - return RD_AP_MODIFIED; - break; -#ifdef KRB5_USE_INET6 - case AF_INET6: - if (IN6_IS_ADDR_V4MAPPED (&((struct sockaddr_in6 *)sender)->sin6_addr) - && !memcmp (&src_addr.s_addr, - 12 + (char *) &((struct sockaddr_in6 *)sender)->sin6_addr, - 4)) - break; - /* Not v4 mapped? Not ignoring addresses? You lose. */ - return RD_AP_MODIFIED; -#endif - default: - return RD_AP_MODIFIED; - } - } - - /* safely get time_sec */ - KRB4_GET32(m_data->time_sec, p, le); - - /* check direction bit is the sign bit */ - /* For compatibility with broken old code, compares are done in VAX - byte order (LSBFIRST) */ - /* However, if we don't have good ip addresses anyhow, just clear - the bit. This makes it harder to detect replay of sent packets - back to the receiver, but most higher level protocols can deal - with that more directly. */ - if (krb_ignore_ip_address) { - if (m_data->time_sec < 0) - m_data->time_sec = -m_data->time_sec; - } else - switch (krb4int_address_less (sender, receiver)) { - case 1: - m_data->time_sec = -m_data->time_sec; - break; - case -1: - if (m_data->time_sec < 0) - m_data->time_sec = -m_data->time_sec; - break; - } - - /* check the time integrity of the msg */ - t_local = TIME_GMT_UNIXSEC; - delta_t = t_local - m_data->time_sec; - if (delta_t < 0) delta_t = -delta_t; /* Absolute value of difference */ - if (delta_t > CLOCK_SKEW) { - return(RD_AP_TIME); /* XXX should probably be better - code */ - } - - /* - * caller must check timestamps for proper order and replays, since - * server might have multiple clients each with its own timestamps - * and we don't assume tightly synchronized clocks. - */ - -#ifdef NOENCRYPTION - memset(calc_cksum, 0, sizeof(calc_cksum)); -#else /* Do encryption */ - /* calculate the checksum of the length, timestamps, and - * input data, on the sending byte order !! */ - quad_cksum(q,calc_cksum,p-q,2,key); -#endif /* NOENCRYPTION */ - - for (i = 0; i < 4; i++) - KRB4_GET32(big_cksum[i], p, le); - - DEB (("\n0: calc %l big %lx\n1: calc %lx big %lx\n2: calc %lx big %lx\n3: calc %lx big %lx\n", - calc_cksum[0], big_cksum[0], - calc_cksum[1], big_cksum[1], - calc_cksum[2], big_cksum[2], - calc_cksum[3], big_cksum[3])); - for (i = 0; i < 4; i++) - if (big_cksum[i] != calc_cksum[i]) - return RD_AP_MODIFIED; - - return RD_AP_OK; /* OK == 0 */ -} diff --git a/src/lib/krb4/rd_svc_key.c b/src/lib/krb4/rd_svc_key.c deleted file mode 100644 index 8aeb0999b0..0000000000 --- a/src/lib/krb4/rd_svc_key.c +++ /dev/null @@ -1,345 +0,0 @@ -/* - * rd_svc_key.c - * - * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute - * of Technology. - * - * For copying and distribution information, please see the file - * . - */ - -#include "mit-copyright.h" -#include "krb.h" -#include "krb4int.h" -#include -#include - -#include "k5-int.h" -#include -#include "prot.h" - -/* - * The private keys for servers on a given host are stored in a - * "srvtab" file (typically "/etc/srvtab"). This routine extracts - * a given server's key from the file. - * - * read_service_key() takes the server's name ("service"), "instance", - * and "realm" and a key version number "kvno", and looks in the given - * "file" for the corresponding entry, and if found, returns the entry's - * key field in "key". - * - * If "instance" contains the string "*", then it will match - * any instance, and the chosen instance will be copied to that - * string. For this reason it is important that the there is enough - * space beyond the "*" to receive the entry. - * - * If "kvno" is 0, it is treated as a wild card and the first - * matching entry regardless of the "vno" field is returned. - * - * This routine returns KSUCCESS on success, otherwise KFAILURE. - * - * The format of each "srvtab" entry is as follows: - * - * Size Variable Field in file - * ---- -------- ------------- - * string serv server name - * string inst server instance - * string realm server realm - * 1 byte vno server key version # - * 8 bytes key server's key - * ... ... ... - */ - -#ifdef __i960__ -/* special hack to use a global srvtab variable... */ -#define open vxworks_srvtab_open -#define close vxworks_srvtab_close -#define getst vxworks_srvtab_getst -#define read vxworks_srvtab_read - -extern char *vxworks_srvtab_base; -char *vxworks_srvtab_ptr; -int vxworks_srvtab_getchar(s) - char *s; -{ - int tmp1; - if(vxworks_srvtab_ptr >= (vxworks_srvtab_base + strlen(vxworks_srvtab_base))) - return 0; - - sscanf(vxworks_srvtab_ptr, "%2x", &tmp1); - - *s = tmp1; - vxworks_srvtab_ptr+=2; - return 1; -} - -int vxworks_srvtab_getst(fd,s,n) - int fd; - register char *s; - int n; -{ - register count = n; - while (vxworks_srvtab_getchar(s) && --count) - if (*s++ == '\0') - return (n - count); - *s = '\0'; - return (n - count); -} - -int vxworks_srvtab_open(s, n, m) - char *s; - int n, m; -{ - vxworks_srvtab_ptr = vxworks_srvtab_base; - return 1; -} - -int vxworks_srvtab_close(fd) - int fd; -{ - vxworks_srvtab_ptr = 0; - return 0; -} - -int vxworks_srvtab_read(fd, s, n) - int fd; - char *s; - int n; -{ - int count = n; - /* we want to get exactly n chars. */ - while(vxworks_srvtab_getchar(s) && --count) - s++; - return (n-count); -} -#endif - -#ifdef KRB4_USE_KEYTAB -/* - * This function looks up the requested Krb4 srvtab key using the krb5 - * keytab format, if possible. - */ -extern krb5_error_code -krb54_get_service_keyblock(service,instance,realm,kvno,file,keyblock) - char *service; /* Service Name */ - char *instance; /* Instance name or "*" */ - char *realm; /* Realm */ - int kvno; /* Key version number */ - char *file; /* Filename */ - krb5_keyblock * keyblock; -{ - krb5_error_code retval; - krb5_principal princ = NULL; - krb5_keytab kt_id; - krb5_keytab_entry kt_entry; - char sname[ANAME_SZ+1]; - char sinst[INST_SZ+1]; - char srealm[REALM_SZ+1]; - char keytabname[MAX_KEYTAB_NAME_LEN + 1]; /* + 1 for NULL termination */ - - if (!krb5__krb4_context) { - retval = krb5_init_context(&krb5__krb4_context); - if (retval) - return retval; - } - - if (!strcmp(instance, "*")) { - if ((retval = krb5_sname_to_principal(krb5__krb4_context, NULL, NULL, - KRB5_NT_SRV_HST, &princ))) - goto errout; - - if ((retval = krb5_524_conv_principal(krb5__krb4_context, princ, - sname, sinst, srealm))) - goto errout; - - instance = sinst; - krb5_free_principal(krb5__krb4_context, princ); - princ = 0; - } - - if ((retval = krb5_425_conv_principal(krb5__krb4_context, service, - instance, realm, &princ))) - goto errout; - - /* - * Figure out what name to use; if the name is one of the standard - * /etc/srvtab, /etc/athena/srvtab, etc., use the default keytab - * name. Otherwise, append .krb5 to the filename and try to use - * that. - */ - if (file && - strcmp(file, "/etc/srvtab") && - strcmp(file, "/etc/athena/srvtab") && - strcmp(file, KEYFILE)) { - strncpy(keytabname, file, sizeof(keytabname)); - keytabname[sizeof(keytabname)-1] = 0; - if (strlen(keytabname)+6 < sizeof(keytabname)) - strcat(keytabname, ".krb5"); - } else { - if ((retval = krb5_kt_default_name(krb5__krb4_context, - (char *)keytabname, sizeof(keytabname)-1))) - goto errout; - } - - if ((retval = krb5_kt_resolve(krb5__krb4_context, keytabname, &kt_id))) - goto errout; - - if ((retval = krb5_kt_get_entry(krb5__krb4_context, kt_id, princ, kvno, - 0, &kt_entry))) { - krb5_kt_close(krb5__krb4_context, kt_id); - goto errout; - } - - retval = krb5_copy_keyblock_contents(krb5__krb4_context, - &kt_entry.key, keyblock); - /* Bash types */ - /* KLUDGE! If it's a non-raw des3 key, bash its enctype */ - /* See kdc/kerberos_v4.c */ - if (keyblock->enctype == ENCTYPE_DES3_CBC_SHA1 ) - keyblock->enctype = ENCTYPE_DES3_CBC_RAW; - - krb5_kt_free_entry(krb5__krb4_context, &kt_entry); - krb5_kt_close (krb5__krb4_context, kt_id); - -errout: - if (princ) - krb5_free_principal(krb5__krb4_context, princ); - return retval; -} -#endif - - -int KRB5_CALLCONV -read_service_key(service,instance,realm,kvno,file,key) - char *service; /* Service Name */ - char *instance; /* Instance name or "*" */ - char *realm; /* Realm */ - int kvno; /* Key version number */ - char *file; /* Filename */ - char *key; /* Pointer to key to be filled in */ -{ - int kret; - -#ifdef KRB4_USE_KEYTAB - krb5_error_code retval; - krb5_keyblock keyblock; -#endif - - kret = get_service_key(service,instance,realm,&kvno,file,key); - - if (! kret) - return KSUCCESS; - -#ifdef KRB4_USE_KEYTAB - kret = KFAILURE; - keyblock.magic = KV5M_KEYBLOCK; - keyblock.contents = 0; - - retval = krb54_get_service_keyblock(service,instance,realm,kvno,file, - &keyblock); - if (retval) - goto errout; - - if ((keyblock.length != sizeof(C_Block)) || - ((keyblock.enctype != ENCTYPE_DES_CBC_CRC) && - (keyblock.enctype != ENCTYPE_DES_CBC_MD4) && - (keyblock.enctype != ENCTYPE_DES_CBC_MD5))) { - goto errout; - } - (void) memcpy(key, keyblock.contents, sizeof(C_Block)); - kret = KSUCCESS; - -errout: - if (keyblock.contents) - krb5_free_keyblock_contents(krb5__krb4_context, &keyblock); -#endif - - return kret; -} - -/* kvno is passed by reference, so that if it is zero, and we find a match, - the match gets written back into *kvno so the caller can find it. - */ -int KRB5_CALLCONV -get_service_key(service,instance,realm,kvno,file,key) - char *service; /* Service Name */ - char *instance; /* Instance name or "*" */ - char *realm; /* Realm */ - int *kvno; /* Key version number */ - char *file; /* Filename */ - char *key; /* Pointer to key to be filled in */ -{ - char serv[SNAME_SZ]; - char inst[INST_SZ]; - char rlm[REALM_SZ]; - unsigned char vno; /* Key version number */ - int wcard; - char krb_realm[REALM_SZ]; - - int stab; - - if (!file) - file = KEYFILE; - - if ((stab = open(file, 0, 0)) < 0) - return(KFAILURE); - set_cloexec_fd(stab); - - wcard = (instance[0] == '*') && (instance[1] == '\0'); - /* get current realm if not passed in */ - if (!realm) { - int rem; - - rem = krb_get_lrealm(krb_realm,1); - if (rem != KSUCCESS) - return(rem); - realm = krb_realm; - } - - while(getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */ - (void) getst(stab,inst,INST_SZ); /* Instance */ - (void) getst(stab,rlm,REALM_SZ); /* Realm */ - /* Vers number */ - if (read(stab,(char *)&vno,1) != 1) { - close(stab); - return(KFAILURE); - } - /* Key */ - if (read(stab,key,8) != 8) { - close(stab); - return(KFAILURE); - } - /* Is this the right service */ - if (strcmp(serv,service)) - continue; - /* How about instance */ - if (!wcard && strcmp(inst,instance)) - continue; - if (wcard) - (void) strncpy(instance,inst,INST_SZ); - /* Is this the right realm */ -#if defined(ATHENA_COMPAT) || defined(ATHENA_OLD_SRVTAB) - /* XXX For backward compatibility: if keyfile says "Athena" - and caller wants "ATHENA.MIT.EDU", call it a match */ - if (strcmp(rlm,realm) && - (strcmp(rlm,"Athena") || - strcmp(realm,"ATHENA.MIT.EDU"))) - continue; -#else /* ! ATHENA_COMPAT */ - if (strcmp(rlm,realm)) - continue; -#endif /* ATHENA_COMPAT */ - - /* How about the key version number */ - if (*kvno && *kvno != (int) vno) - continue; - - (void) close(stab); - *kvno = vno; - return(KSUCCESS); - } - - /* Can't find the requested service */ - (void) close(stab); - return(KFAILURE); -} diff --git a/src/lib/krb4/recvauth.c b/src/lib/krb4/recvauth.c deleted file mode 100644 index c5f857e980..0000000000 --- a/src/lib/krb4/recvauth.c +++ /dev/null @@ -1,308 +0,0 @@ -/* - * lib/krb4/recvauth.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include -#include -#include -#include "autoconf.h" -#ifdef HAVE_STDLIB_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif -#include "port-sockets.h" - - -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN - chars */ - -/* - * If the protocol changes, you will need to change the version string - * and make appropriate changes in krb_sendauth.c - * be sure to support old versions of krb_sendauth! - */ - -/* - * krb_recvauth() reads (and optionally responds to) a message sent - * using krb_sendauth(). The "options" argument is a bit-field of - * selected options (see "sendauth.c" for options description). - * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL - * (mutual authentication requested). The "fd" argument supplies - * a file descriptor to read from (and write to, if mutual authenti- - * cation is requested). - * - * Part of the received message will be a Kerberos ticket sent by the - * client; this is read into the "ticket" argument. The "service" and - * "instance" arguments supply the server's Kerberos name. If the - * "instance" argument is the string "*", it is treated as a wild card - * and filled in during the krb_rd_req() call (see read_service_key()). - * - * The "faddr" and "laddr" give the sending (client) and receiving - * (local server) network addresses. ("laddr" may be left NULL unless - * mutual authentication is requested, in which case it must be set.) - * - * The authentication information extracted from the message is returned - * in "kdata". The "filename" argument indicates the file where the - * server's key can be found. (It is passed on to krb_rd_req().) If - * left null, the default "/etc/srvtab" will be used. - * - * If mutual authentication is requested, the session key schedule must - * be computed in order to reply; this schedule is returned in the - * "schedule" argument. A string containing the application version - * number from the received message is returned in "version", which - * should be large enough to hold a KRB_SENDAUTH_VLEN-character string. - * - * See krb_sendauth() for the format of the received client message. - * - * This routine supports another client format, for backward - * compatibility, consisting of: - * - * Size Variable Field - * ---- -------- ----- - * - * string tmp_buf, tkt_len length of ticket, in - * ascii - * - * char ' ' (space char) separator - * - * tkt_len ticket->dat the ticket - * - * This old-style version does not support mutual authentication. - * - * krb_recvauth() first reads the protocol version string from the - * given file descriptor. If it doesn't match the current protocol - * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In - * that case, the string of characters up to the first space is read - * and interpreted as the ticket length, then the ticket is read. - * - * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth() - * next reads the application protocol version string. Then the - * ticket length and ticket itself are read. - * - * The ticket is decrypted and checked by the call to krb_rd_req(). - * If no mutual authentication is required, the result of the - * krb_rd_req() call is retured by this routine. If mutual authenti- - * cation is required, a message in the following format is returned - * on "fd": - * - * Size Variable Field - * ---- -------- ----- - * - * 4 bytes tkt_len length of ticket or -1 - * if error occurred - * - * priv_len tmp_buf "private" message created - * by krb_mk_priv() which - * contains the incremented - * checksum sent by the client - * encrypted in the session - * key. (This field is not - * present in case of error.) - * - * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some - * other error code is returned. - */ - -#ifndef max -#define max(a,b) (((a) > (b)) ? (a) : (b)) -#endif /* max */ - -int KRB5_CALLCONV -krb_recvauth(options, fd, ticket, service, instance, faddr, laddr, kdata, - filename, schedule, version) - long options; /* bit-pattern of options */ - int fd; /* file descr. to read from */ - KTEXT ticket; /* storage for client's ticket */ - char *service; /* service expected */ - char *instance; /* inst expected (may be filled in) */ - struct sockaddr_in *faddr; /* address of foreign host on fd */ - struct sockaddr_in *laddr; /* local address */ - AUTH_DAT *kdata; /* kerberos data (returned) */ - char *filename; /* name of file with service keys */ - Key_schedule schedule; /* key schedule (return) */ - char *version; /* version string (filled in) */ -{ - - int i, cc, old_vers = 0; - char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ - char *cp = NULL; - int rem; - KRB4_32 tkt_len, priv_len; - unsigned KRB4_32 cksum; - u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)] = { 0 }; - - /* read the protocol version number */ - if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != - KRB_SENDAUTH_VLEN) - return(errno); - krb_vers[KRB_SENDAUTH_VLEN] = '\0'; - - /* check version string */ - if (strcmp(krb_vers,KRB_SENDAUTH_VERS)) { - /* Assume the old version of sendkerberosdata: send ascii - length, ' ', and ticket. */ - if (options & KOPT_DO_MUTUAL) - return(KFAILURE); /* XXX can't do old style with mutual auth */ - old_vers = 1; - - /* copy what we have read into tmp_buf */ - (void) memcpy((char *) tmp_buf, krb_vers, KRB_SENDAUTH_VLEN); - - /* search for space, and make it a null */ - for (i = 0; i < KRB_SENDAUTH_VLEN; i++) - if (tmp_buf[i]== ' ') { - tmp_buf[i] = '\0'; - /* point cp to the beginning of the real ticket */ - cp = (char *) &tmp_buf[i+1]; - break; - } - - if (i == KRB_SENDAUTH_VLEN) - /* didn't find the space, keep reading to find it */ - for (; i<20; i++) { - if (read(fd, (char *)&tmp_buf[i], 1) != 1) { - return(KFAILURE); - } - if (tmp_buf[i] == ' ') { - tmp_buf[i] = '\0'; - /* point cp to the beginning of the real ticket */ - cp = (char *) &tmp_buf[i+1]; - break; - } - } - - if (i==20) - return(KFAILURE); - - tkt_len = (KRB4_32) atoi((char *) tmp_buf); - - /* sanity check the length */ - /* These conditions make sure that cp got initialized */ - if ((tkt_len<=0)||(tkt_len>MAX_KTXT_LEN)) - return(KFAILURE); - - if (i < KRB_SENDAUTH_VLEN) { - /* since we already got the space, and part of the ticket, - we read fewer bytes to get the rest of the ticket */ - int len_to_read = tkt_len - KRB_SENDAUTH_VLEN + 1 + i; - if (len_to_read <= 0) - return KFAILURE; - if (krb_net_read(fd, (char *)(tmp_buf+KRB_SENDAUTH_VLEN), - len_to_read) - != len_to_read) - return(errno); - } else { - if (krb_net_read(fd, (char *)(tmp_buf+i), (int)tkt_len) != - (int) tkt_len) - return(errno); - } - ticket->length = tkt_len; - /* copy the ticket into the struct */ - (void) memcpy((char *) ticket->dat, cp, ticket->length); - - } else { - /* read the application version string */ - if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != - KRB_SENDAUTH_VLEN) - return(errno); - version[KRB_SENDAUTH_VLEN] = '\0'; - - /* get the length of the ticket */ - if (krb_net_read(fd, (char *)&tkt_len, sizeof(tkt_len)) != - sizeof(tkt_len)) - return(errno); - - /* sanity check */ - ticket->length = ntohl((unsigned KRB4_32)tkt_len); - if ((ticket->length <= 0) || (ticket->length > MAX_KTXT_LEN)) { - if (options & KOPT_DO_MUTUAL) { - rem = KFAILURE; - goto mutual_fail; - } else - return(KFAILURE); /* XXX there may still be junk on the fd? */ - } - - /* read the ticket */ - if (krb_net_read(fd, (char *) ticket->dat, ticket->length) - != ticket->length) - return(errno); - } - /* - * now have the ticket. decrypt it to get the authenticated - * data. - */ - rem = krb_rd_req(ticket,service,instance,faddr->sin_addr.s_addr, - kdata,filename); - - if (old_vers) return(rem); /* XXX can't do mutual with old client */ - - /* if we are doing mutual auth, compose a response */ - if (options & KOPT_DO_MUTUAL) { - if (rem != KSUCCESS) - /* the krb_rd_req failed */ - goto mutual_fail; - - /* add one to the (formerly) sealed checksum, and re-seal it - for return to the client */ - cksum = kdata->checksum + 1; - cksum = htonl(cksum); -#ifndef NOENCRYPTION - key_sched(kdata->session,schedule); -#endif /* !NOENCRYPTION */ - priv_len = krb_mk_priv((unsigned char *)&cksum, - tmp_buf, - (unsigned KRB4_32) sizeof(cksum), - schedule, - &kdata->session, - laddr, - faddr); - if (priv_len < 0) { - /* re-sealing failed; notify the client */ - rem = KFAILURE; /* XXX */ -mutual_fail: - priv_len = -1; - tkt_len = htonl((unsigned KRB4_32) priv_len); - /* a length of -1 is interpreted as an authentication - failure by the client */ - if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len))) - != sizeof(tkt_len)) - return(cc); - return(rem); - } else { - /* re-sealing succeeded, send the private message */ - tkt_len = htonl((unsigned KRB4_32)priv_len); - if ((cc = krb_net_write(fd, (char *)&tkt_len, sizeof(tkt_len))) - != sizeof(tkt_len)) - return(cc); - if ((cc = krb_net_write(fd, (char *)tmp_buf, (int) priv_len)) - != (int) priv_len) - return(cc); - } - } - return(rem); -} diff --git a/src/lib/krb4/ren-cyg.sh b/src/lib/krb4/ren-cyg.sh deleted file mode 100755 index d3d31a9d41..0000000000 --- a/src/lib/krb4/ren-cyg.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# Rename Kerberos Cygnus V4 filenames to proposed names -# for converting old trees. -awk '/^@ / { if ($6 != "") - if ($6 != $4) - print "mv " $6 " " $4 - else ; - else if ($2 != $4 && $2 != "-") - print "mv " $2 " " $4 - } - ' - -[edited since sending, to bring it up to date with what actually happened.] - -I'd like to come up with some file naming and configuration -conventions that will work in DOS, Unix, and Mac environments. At -Cygnus, we are creating a single freely available K4 source tree that -works on many Unixes, Windows, and Mac. It currently works on Unixes. -(To get a copy, send mail to info@cygnus.com requesting our Kerberos -release. It's in a hidden FTP location due to export control.) - -I diffed the current MIT release of Kerberos for PC and Windows -against the V4 patchlevel 10 release, and identified some 30 files in -lib/krb that have been renamed between Unix and PC. Comparing source -trees becomes much more painful when files are renamed. If we don't -come to sync on the file names, it will be very hard to collaborate, -which would make more work for all of us. - -My plan, which we have used successfully in the GNU software, is to -make sure that all filenames are unique if you take the first 8 chars -and the first 3 after the dot. No files have more than a single dot -in them. We don't restrict file names to just 8.3 characters, since -doing so would impact readability for the (99.9%) of the developers -who are on Unix or Mac, where long file names are fine. - -There's an additional complication that names longer than 14 -characters present problems to old System V Unix and to `ar' on Unix. -DJ Delorie's excellent `doschk' program points out all these problems. -(prep.ai.mit.edu:/pub/gnu/doschk-1.1.tar.gz). - -Here's my proposal for the lib/krb directory. In general, I tried to -regularize the names, turning get_ into g_, removing krb_, turning -reply into repl, turning ticket into tkt, keeping all file names -unique across the various libraries, and making a file name more like -the function name contained in it when there were conflicts. Some -resulting truncated names are more readable than in the current MIT K4 -PC, some are less readable -- but the overall advantage is that the -new names should be acceptable to Unix/Mac developers, while the old -ones weren't. - - MIT K4 patch10 MIT K4 PC PROPOSED NAME (trunc to 8.3) old Cyg -$1 $2 $3 $4 $5 $6 - -@ add_ticket.c (gone) add_tkt.c add_tkt.c -@ - - ChangeLog changelo -@ cr_err_reply.c crerrep.c cr_err_repl.c cr_err_r.c -@ create_auth_reply.c crauthre.c cr_auth_repl.c cr_auth_.c cr_auth_reply.c -@ create_ciph.c cr_ciph.c cr_ciph.c cr_ciph.c -@ create_death_packet.c cr_death.c cr_death_pkt.c cr_death.c cr_death_pkt.c -@ create_ticket.c crticket.c cr_tkt.c cr_tkt.c -@ debug_decl.c debug.c debug.c debug.c -@ decomp_ticket.c decomtkt.c decomp_tkt.c decomp_t.c -@ - - DNR.c dnr.c -@ extract_ticket.c ext_tkt.c ext_tkt.c ext_tkt.c extract_tkt.c -@ - - g_cnffile.c g_cnffil.c -@ get_ad_tkt.c getadtkt.c g_ad_tkt.c g_ad_tkt.c -@ get_admhst.c getadmhs.c g_admhst.c g_admhst.c -@ get_cred.c get_cred.c g_cred.c g_cred.c -@ get_in_tkt.c getintkt.c g_pw_in_tkt.c g_pw_in_.c -@ get_krbhst.c getkrbhs.c g_krbhst.c g_krbhst.c -@ get_krbrlm.c g_krbrlm.c g_krbrlm.c g_krbrlm.c -@ get_phost.c getphost.c g_phost.c g_phost.c -@ get_pw_tkt.c getpwtkt.c g_pw_tkt.c g_pw_tkt.c -@ get_request.c get_req.c (gone) (gone) -@ get_svc_in_tkt.c g_svctkt.c g_svc_in_tkt.c g_svc_in.c get_svc_in.c -@ get_tf_fullname.c gettfnam.c g_tf_fname.c g_tf_fna.c get_tf_fname.c -@ get_tf_realm.c gettfrlm.c g_tf_realm.c g_tf_rea.c -@ - - g_tkt_svc.c g_tkt_sv.c -@ getrealm.c getrealm.c realmofhost.c realmofh.c -@ k_gethostname.c k_gethst.c gethostname.c gethostn.c -@ kname_parse.c knm_pars.c kname_parse.c kname_pa.c -@ krb_err_txt.c k_errtxt.c err_txt.c err_txt.c -@ krb_get_in_tkt.c k_gettkt.c g_in_tkt.c g_in_tkt.c krb_get_in.c -@ - - mac_store.c mac_stor.c -@ - - mac_store.h mac_stor.h -@ - - mac_stubs.c mac_stub.c -@ - - Makefile.in makefile.in -@ - - mk_preauth.c mk_preau.c -@ month_sname.c mth_snam.c month_sname.c month_sn.c -@ pkt_cipher.c pkt_ciph.c pkt_cipher.c pkt_ciph.c -@ - - Password.c password.c -@ - - rd_preauth.c rd_preau.c -@ - - put_svc_key.c put_svc_.c -@ read_service_key.c rdservky.c rd_svc_key.c rd_svc_k.c read_svc_key.c -@ save_credentials.c savecred.c save_creds.c save_cre.c save_creds.c -@ send_to_kdc.c send_kdc.c send_to_kdc.c send_to_.c -@ strcasecmp.c s_cascmp.c strcasecmp.c strcasec.c -@ tkt_string.c tkt_strg.c tkt_string.c tkt_stri.c -@ - - unix_glue.c unix_glu.c -@ util.c util.c ad_print.c ad_print.c -@ - - win_store.c win_stor.c -# Cleanup for simplified sed scripts that use this table -@sed s/tf_ad_print\./tf_util\./g - -I've supplied Unix shell scripts in the distribution for moving: -ren-pl10.sh V4 pl10 filenames to proposed names for converting old trees -ren-pc.sh V4 MIT PC names to proposed names for converting old trees -ren2long.sh truncated names to proposed names for moving DOS->unix -ren2dos.sh proposed names to truncated names for unix->DOS names - -There's also shell scripts to produce sed scripts for converting Makefiles -and documentation. You use them like: - ./sed-pl10.sh >/tmp/sed - sed -f /tmp/sed newMakefile -sed-pl10.sh V4 pl10 filenames to proposed names for converting old trees -sed-pc.sh V4 MIT PC names to proposed names for converting old trees - -I'll also supply a DOS script for moving: -ren-pc.bat V4 MIT PC names to proposed names for converting old trees - -And an MPW script for moving -ren-pl10.mpw V4 pl10 filenames to proposed names for converting old trees - - John Gilmore - Cygnus Support diff --git a/src/lib/krb4/ren2dos.sh b/src/lib/krb4/ren2dos.sh deleted file mode 100644 index 3989e2c6e9..0000000000 --- a/src/lib/krb4/ren2dos.sh +++ /dev/null @@ -1,7 +0,0 @@ -# Rename Unix filenames to DOS-truncated filenames for KRB library. -# for converting Unix distributions to DOS distributions -awk '/^@ / { - if ($4 != $5) - print "mv " $4 " " $5 - } - ' -#include "krb.h" -#include "krb4int.h" - -/* - * This routine takes a ticket and associated info and calls - * tf_save_cred() to store them in the ticket cache. The peer - * routine for extracting a ticket and associated info from the - * ticket cache is krb_get_cred(). When changes are made to - * this routine, the corresponding changes should be made - * in krb_get_cred() as well. - * - * Returns KSUCCESS if all goes well, otherwise an error returned - * by the tf_init() or tf_save_cred() routines. - * - * This used to just be called save_credentials, but when we formalized - * the DOS/Mac interface, we created and exported krb_save_credentials - * to avoid namespace pollution. - */ - -int -krb4int_save_credentials_addr(service, instance, realm, session, lifetime, kvno, - ticket, issue_date, local_addr) - char *service; /* Service name */ - char *instance; /* Instance */ - char *realm; /* Auth domain */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT ticket; /* The ticket itself */ - KRB4_32 issue_date; /* The issue time */ - KRB_UINT32 local_addr; -{ - int tf_status; /* return values of the tf_util calls */ - - /* Open and lock the ticket file for writing */ - if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS) - return(tf_status); - - /* Save credentials by appending to the ticket file */ - tf_status = tf_save_cred(service, instance, realm, session, - lifetime, kvno, ticket, issue_date); - (void) tf_close(); - return (tf_status); -} - -int KRB5_CALLCONV -krb_save_credentials( - char *service, - char *instance, - char *realm, - C_Block session, - int lifetime, - int kvno, - KTEXT ticket, - long issue_date) -{ - return krb4int_save_credentials_addr(service, instance, realm, - session, lifetime, kvno, - ticket, (KRB4_32)issue_date, 0); -} diff --git a/src/lib/krb4/sed-cyg.sh b/src/lib/krb4/sed-cyg.sh deleted file mode 100755 index 3859df1383..0000000000 --- a/src/lib/krb4/sed-cyg.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# Produce a sed script for converting Kerberos Cygnus V4 filenames to proposed -# names -- for converting old makefiles and doc. -# We fix any "oldfoo." into "newfoo." including .c and .o and .h files. -awk '/^@ / { if ($6 != "") - if ($6 != $4) - print "s/" $6 "/" $4 "/g" - else ; - else if ($2 != $4 && $2 != "-") - print "s/" $2 "/" $4 "/g" - } - /^@sed / { print $2 } - ' -#include -#include -#include "autoconf.h" -#ifdef HAVE_SYS_SELECT_H -#include -#endif -#ifdef HAVE_UNISTD_H -#include -#endif -#include "port-sockets.h" -#include "fake-addrinfo.h" -#include "k5-int.h" -#include "krb4int.h" - -#define S_AD_SZ sizeof(struct sockaddr_in) - -/* These are really defaults from getservbyname() or hardcoded. */ -static int cached_krb_udp_port = 0; -static int cached_krbsec_udp_port = 0; - -int krb4int_send_to_kdc_addr(KTEXT, KTEXT, char *, - struct sockaddr *, socklen_t *); - -#ifdef DEBUG -static char *prog = "send_to_kdc"; -#endif - -/* - * send_to_kdc() sends a message to the Kerberos authentication - * server(s) in the given realm and returns the reply message. - * The "pkt" argument points to the message to be sent to Kerberos; - * the "rpkt" argument will be filled in with Kerberos' reply. - * The "realm" argument indicates the realm of the Kerberos server(s) - * to transact with. If the realm is null, the local realm is used. - * - * If more than one Kerberos server is known for a given realm, - * different servers will be queried until one of them replies. - * Several attempts (retries) are made for each server before - * giving up entirely. - * - * The following results can be returned: - * - * KSUCCESS - an answer was received from a Kerberos host - * - * SKDC_CANT - can't get local realm - * - can't find "kerberos" in /etc/services database - * - can't open socket - * - can't bind socket - * - all ports in use - * - couldn't find any Kerberos host - * - * SKDC_RETRY - couldn't get an answer from any Kerberos server, - * after several retries - */ - -int -krb4int_send_to_kdc_addr( - KTEXT pkt, KTEXT rpkt, char *realm, - struct sockaddr *addr, socklen_t *addrlen) -{ - struct addrlist al = ADDRLIST_INIT; - char lrealm[REALM_SZ]; - krb5int_access internals; - krb5_error_code retval; - struct servent *sp; - int krb_udp_port = 0; - int krbsec_udp_port = 0; - char krbhst[MAXHOSTNAMELEN]; - char *scol; - int i; - int err; - krb5_data message, reply; - - /* - * If "realm" is non-null, use that, otherwise get the - * local realm. - */ - if (realm) - strncpy(lrealm, realm, sizeof(lrealm) - 1); - else { - if (krb_get_lrealm(lrealm, 1)) { - DEB (("%s: can't get local realm\n", prog)); - return SKDC_CANT; - } - } - lrealm[sizeof(lrealm) - 1] = '\0'; - DEB (("lrealm is %s\n", lrealm)); - - retval = krb5int_accessor(&internals, KRB5INT_ACCESS_VERSION); - if (retval) - return KFAILURE; - - /* The first time, decide what port to use for the KDC. */ - if (cached_krb_udp_port == 0) { - sp = getservbyname("kerberos","udp"); - if (sp) - cached_krb_udp_port = sp->s_port; - else - cached_krb_udp_port = htons(KERBEROS_PORT); /* kerberos/udp */ - DEB (("cached_krb_udp_port is %d\n", cached_krb_udp_port)); - } - /* If kerberos/udp isn't 750, try using kerberos-sec/udp (or 750) - as a fallback. */ - if (cached_krbsec_udp_port == 0 && - cached_krb_udp_port != htons(KERBEROS_PORT)) { - sp = getservbyname("kerberos-sec","udp"); - if (sp) - cached_krbsec_udp_port = sp->s_port; - else - cached_krbsec_udp_port = htons(KERBEROS_PORT); /* kerberos/udp */ - DEB (("cached_krbsec_udp_port is %d\n", cached_krbsec_udp_port)); - } - - for (i = 1; krb_get_krbhst(krbhst, lrealm, i) == KSUCCESS; ++i) { -#ifdef DEBUG - if (krb_debug) { - DEB (("Getting host entry for %s...",krbhst)); - (void) fflush(stdout); - } -#endif - if (0 != (scol = strchr(krbhst,':'))) { - krb_udp_port = htons(atoi(scol+1)); - *scol = 0; - if (krb_udp_port == 0) { -#ifdef DEBUG - if (krb_debug) { - DEB (("bad port number %s\n",scol+1)); - (void) fflush(stdout); - } -#endif - continue; - } - krbsec_udp_port = 0; - } else { - krb_udp_port = cached_krb_udp_port; - krbsec_udp_port = cached_krbsec_udp_port; - } - err = internals.add_host_to_list(&al, krbhst, - krb_udp_port, krbsec_udp_port, - SOCK_DGRAM, PF_INET); - if (err) { - retval = SKDC_CANT; - goto free_al; - } - } - if (al.naddrs == 0) { - DEB (("%s: can't find any Kerberos host.\n", prog)); - retval = SKDC_CANT; - } - - message.length = pkt->length; - message.data = (char *)pkt->dat; /* XXX yuck */ - retval = internals.sendto_udp(NULL, &message, &al, NULL, &reply, addr, - addrlen, NULL, 0, NULL, NULL, NULL); - DEB(("sendto_udp returns %d\n", retval)); -free_al: - internals.free_addrlist(&al); - if (retval) - return SKDC_CANT; - DEB(("reply.length=%d\n", reply.length)); - if (reply.length > sizeof(rpkt->dat)) - retval = SKDC_CANT; - rpkt->length = 0; - if (!retval) { - memcpy(rpkt->dat, reply.data, reply.length); - rpkt->length = reply.length; - } - krb5_free_data_contents(NULL, &reply); - return retval; -} - -int -send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm) -{ - return krb4int_send_to_kdc_addr(pkt, rpkt, realm, NULL, NULL); -} diff --git a/src/lib/krb4/sendauth.c b/src/lib/krb4/sendauth.c deleted file mode 100644 index 83729442a1..0000000000 --- a/src/lib/krb4/sendauth.c +++ /dev/null @@ -1,282 +0,0 @@ -/* - * sendauth.c - * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - */ - -#include "mit-copyright.h" - -#include "krb.h" -#include "krb4int.h" -#include -#include -#include -#include "port-sockets.h" - -#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ -/* - * If the protocol changes, you will need to change the version string - * and make appropriate changes in krb_recvauth.c - */ - -/* - * This file contains two routines: krb_sendauth() and krb_sendsrv(). - * - * krb_sendauth() transmits a ticket over a file descriptor for a - * desired service, instance, and realm, doing mutual authentication - * with the server if desired. - * - * Most of the real work of krb_sendauth() has been moved into mk_auth.c - * for portability; sendauth takes a Unix file descriptor as argument, - * which doesn't work on other operating systems. - * - * krb_sendsvc() sends a service name to a remote knetd server, and is - * only for Athena compatability. - */ - -/* - * The first argument to krb_sendauth() contains a bitfield of - * options (the options are defined in "krb.h"): - * - * KOPT_DONT_CANON Don't canonicalize instance as a hostname. - * (If this option is not chosen, krb_get_phost() - * is called to canonicalize it.) - * - * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. - * A ticket must be supplied in the "ticket" - * argument. - * (If this option is not chosen, and there - * is no ticket for the given server in the - * ticket cache, one will be fetched using - * krb_mk_req() and returned in "ticket".) - * - * KOPT_DO_MUTUAL Do mutual authentication, requiring that the - * receiving server return the checksum+1 encrypted - * in the session key. The mutual authentication - * is done using krb_mk_priv() on the other side - * (see "recvauth.c") and krb_rd_priv() on this - * side. - * - * The "fd" argument is a file descriptor to write to the remote - * server on. The "ticket" argument is used to store the new ticket - * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is - * chosen, the ticket must be supplied in the "ticket" argument. - * The "service", "inst", and "realm" arguments identify the ticket. - * If "realm" is null, the local realm is used. - * - * The following arguments are only needed if the KOPT_DO_MUTUAL option - * is chosen: - * - * The "checksum" argument is a number that the server will add 1 to - * to authenticate itself back to the client; the "msg_data" argument - * holds the returned mutual-authentication message from the server - * (i.e., the checksum+1); the "cred" structure is used to hold the - * session key of the server, extracted from the ticket file, for use - * in decrypting the mutual authentication message from the server; - * and "schedule" holds the key schedule for that decryption. The - * the local and server addresses are given in "laddr" and "faddr". - * - * The application protocol version number (of up to KRB_SENDAUTH_VLEN - * characters) is passed in "version". - * - * If all goes well, KSUCCESS is returned, otherwise some error code. - * - * The format of the message sent to the server is: - * - * Size Variable Field - * ---- -------- ----- - * - * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol - * bytes version number - * - * KRB_SENDAUTH_VLEN version application protocol - * bytes version number - * - * 4 bytes ticket->length length of ticket - * - * ticket->length ticket->dat ticket itself - */ - -/* - * XXX: Note that krb_rd_priv() is coded in such a way that - * "msg_data->app_data" will be pointing into "packet", which - * will disappear when krb_sendauth() returns. - * - * See FIXME KLUDGE code in appl/bsd/kcmd.c. - */ -KRB4_32 __krb_sendauth_hidden_tkt_len=0; -#define raw_tkt_len __krb_sendauth_hidden_tkt_len - - -/* - * Read a server's sendauth response out of a file descriptor. - * Returns a Kerberos error code. - * - * Note sneaky code using raw_tkt_len to stash away a bit of info - * for use by appl/bsd/kcmd.c. Now that krb_net_rd_sendauth is - * a separate function, kcmd should call it directly to get this - * sneaky info. - */ -int -krb_net_rd_sendauth (fd, reply, raw_len) - int fd; /* file descriptor to write onto */ - KTEXT reply; /* Where we put the reply message */ - KRB4_32 *raw_len; /* Where to read the length field info */ -{ - KRB4_32 tkt_len; - int got; - - reply->length = 0; /* Nothing read from net yet */ - reply->mbz = 0; - - /* get the length of the reply */ - reread: - got = krb_net_read(fd, (char *)raw_len, sizeof(KRB4_32)); - if (got != sizeof(KRB4_32)) - return KFAILURE; - - /* Here's an amazing hack. If we are contacting an rlogin server, - and it is running on a Sun4, and it was compiled with the wrong - shared libary version, it will print an ld.so warning message - when it starts up. We just ignore any such message and keep - going. This doesn't affect security: we just require the - ticket to follow the warning message. */ - if (!memcmp("ld.s", raw_len, 4)) { - char c; - - while (krb_net_read(fd, &c, 1) == 1 && c != '\n') - ; - goto reread; - } - - tkt_len = ntohl(*raw_len); - - /* if the length is negative, the server failed to recognize us. */ - if ((tkt_len < 0) || (tkt_len > sizeof(reply->dat))) - return KFAILURE; /* XXX */ - /* read the reply... */ - got = krb_net_read(fd, (char *)reply->dat, (int) tkt_len); - if (got != (int) tkt_len) - return KFAILURE; - - reply->length = tkt_len; - reply->mbz = 0; - return KSUCCESS; -} - - -/* - * krb_sendauth - * - * The original routine, provided on Unix. - * Obtains a service ticket using the ticket-granting ticket, - * uses it to stuff an authorization request down a Unix socket to the - * end-user application server, sucks a response out of the socket, - * and decodes it to verify mutual authentication. - */ -int KRB5_CALLCONV -krb_sendauth(options, fd, ticket, service, inst, realm, checksum, - msg_data, cred, schedule, laddr, faddr, version) - long options; /* bit-pattern of options */ - int fd; /* file descriptor to write onto */ - KTEXT ticket; /* where to put ticket (return); or - supplied in case of KOPT_DONT_MK_REQ */ - char *service; /* service name */ - char *inst; /* service instance */ - char *realm; /* service realm */ - unsigned KRB4_32 checksum; /* checksum to include in request */ - MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */ - CREDENTIALS *cred; /* credentials (return) */ - Key_schedule schedule; /* key schedule (return) */ - struct sockaddr_in *laddr; /* local address */ - struct sockaddr_in *faddr; /* address of foreign host on fd */ - char *version; /* version string */ -{ - int rem, cc; - char srv_inst[INST_SZ]; - char krb_realm[REALM_SZ]; - KTEXT_ST packet[1]; /* Re-use same one for msg and reply */ - - /* get current realm if not passed in */ - if (!realm) { - rem = krb_get_lrealm(krb_realm,1); - if (rem != KSUCCESS) - return(rem); - realm = krb_realm; - } - - /* copy instance into local storage, so mk_auth can canonicalize */ - (void) strncpy(srv_inst, inst, INST_SZ-1); - srv_inst[INST_SZ-1] = 0; - rem = krb_mk_auth (options, ticket, service, srv_inst, realm, checksum, - version, packet); - if (rem != KSUCCESS) - return rem; - -#ifdef ATHENA_COMPAT - /* this is only for compatibility with old servers */ - if (options & KOPT_DO_OLDSTYLE) { - (void) sprintf(buf,"%d ",ticket->length); - (void) write(fd, buf, strlen(buf)); - (void) write(fd, (char *) ticket->dat, ticket->length); - return(rem); - } -#endif /* ATHENA_COMPAT */ - - /* write the request to the server */ - if ((cc = krb_net_write(fd, packet->dat, packet->length)) != packet->length) - return(cc); - - /* mutual authentication, if desired */ - if (options & KOPT_DO_MUTUAL) { - /* get credentials so we have service session - key for decryption below */ - cc = krb_get_cred(service, srv_inst, realm, cred); - if (cc) - return(cc); - - /* Get the reply out of the socket. */ - cc = krb_net_rd_sendauth (fd, packet, &raw_tkt_len); - if (cc != KSUCCESS) - return cc; - - /* Check the reply to verify that server is really who we expect. */ - cc = krb_check_auth (packet, checksum, - msg_data, cred->session, schedule, laddr, faddr); - if (cc != KSUCCESS) - return cc; - } - return(KSUCCESS); -} - - -#ifdef ATHENA_COMPAT -/* - * krb_sendsvc - */ - -int -krb_sendsvc(fd, service) - int fd; - char *service; -{ - /* write the service name length and then the service name to - the fd */ - KRB4_32 serv_length; - int cc; - - serv_length = htonl((unsigned long)strlen(service)); - if ((cc = krb_net_write(fd, (char *) &serv_length, - sizeof(serv_length))) - != sizeof(serv_length)) - return(cc); - if ((cc = krb_net_write(fd, service, strlen(service))) - != strlen(service)) - return(cc); - return(KSUCCESS); -} -#endif /* ATHENA_COMPAT */ diff --git a/src/lib/krb4/setenv.c b/src/lib/krb4/setenv.c deleted file mode 100644 index 76a2a615b4..0000000000 --- a/src/lib/krb4/setenv.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 1987 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)setenv.c 5.2 (Berkeley) 6/27/88"; -#endif /* LIBC_SCCS and not lint */ - -#include "conf.h" -#include -#include - -/* - * setenv -- - * Set the value of the environmental variable "name" to be - * "value". If rewrite is set, replace any current value. - */ -int setenv(name, value, rewrite) - register char *name, *value; - int rewrite; -{ - extern char **environ; - static int alloced; /* if allocated space before */ - register char *C; - int l_value, offset; - char *malloc(), *realloc(), *_findenv(); - - if (*value == '=') /* no `=' in value */ - ++value; - l_value = strlen(value); - if ((C = _findenv(name, &offset))) { /* find if already exists */ - if (!rewrite) - return(0); - if (strlen(C) >= l_value) { /* old larger; copy over */ - while (*C++ = *value++); - return(0); - } - } - else { /* create new slot */ - register int cnt; - register char **P; - - for (P = environ, cnt = 0; *P; ++P, ++cnt); - if (alloced) { /* just increase size */ - environ = (char **)realloc((char *)environ, - (u_int)(sizeof(char *) * (cnt + 2))); - if (!environ) - return(-1); - } - else { /* get new space */ - alloced = 1; /* copy old entries into it */ - P = (char **)malloc((u_int)(sizeof(char *) * - (cnt + 2))); - if (!P) - return(-1); - memcpy(P, environ, cnt * sizeof(char *)); - environ = P; - } - environ[cnt + 1] = NULL; - offset = cnt; - } - for (C = name; *C && *C != '='; ++C); /* no `=' in name */ - if (!(environ[offset] = /* name + `=' + value */ - malloc((u_int)((int)(C - name) + l_value + 2)))) - return(-1); - for (C = environ[offset]; (*C = *name++) && *C != '='; ++C); - for (*C++ = '='; *C++ = *value++;); - return(0); -} - -/* - * unsetenv(name) -- - * Delete environmental variable "name". - */ -void -unsetenv(name) - char *name; -{ - extern char **environ; - register char **P; - int offset; - char *_findenv(); - - while (_findenv(name, &offset)) /* if set multiple times */ - for (P = &environ[offset];; ++P) - if (!(*P = *(P + 1))) - break; -} -/* - * Copyright (c) 1987 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#ifndef HAVE_GETENV -#if defined(LIBC_SCCS) && !defined(lint) -static char sccsid[] = "@(#)getenv.c 5.5 (Berkeley) 6/27/88"; -#endif /* LIBC_SCCS and not lint */ - -/* - * getenv -- - * Returns ptr to value associated with name, if any, else NULL. - */ -char * -getenv(name) - char *name; -{ - int offset; - char *_findenv(); - - return(_findenv(name, &offset)); -} -#endif -/* - * _findenv -- - * Returns pointer to value associated with name, if any, else NULL. - * Sets offset to be the offset of the name/value combination in the - * environmental array, for use by setenv(3) and unsetenv(3). - * Explicitly removes '=' in argument name. - * - * This routine *should* be a static; don't use it. - */ -char * -_findenv(name, offset) - register char *name; - int *offset; -{ - extern char **environ; - register int len; - register char **P, *C; - - for (C = name, len = 0; *C && *C != '='; ++C, ++len); - for (P = environ; *P; ++P) - if (!strncmp(*P, name, len)) - if (*(C = *P + len) == '=') { - *offset = P - environ; - return(++C); - } - return(NULL); -} diff --git a/src/lib/krb4/stime.c b/src/lib/krb4/stime.c deleted file mode 100644 index f73c6f5201..0000000000 --- a/src/lib/krb4/stime.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * lib/krb4/stime.c - * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute of - * Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "krb4int.h" -#include /* for sprintf() */ -#ifndef _WIN32 -#include -#include -#endif - -/* - * Given a pointer to a long containing the number of seconds - * since the beginning of time (midnight 1 Jan 1970 GMT), return - * a string containing the local time in the form: - * - * "25-Jan-88 10:17:56" - */ - -char *krb_stime(t) - long *t; -{ - static char st[40]; - static time_t adjusted_time; - struct tm *tm; - - adjusted_time = *t - CONVERT_TIME_EPOCH; - tm = localtime(&adjusted_time); - (void) snprintf(st,sizeof(st),"%2d-%s-%d %02d:%02d:%02d",tm->tm_mday, - month_sname(tm->tm_mon + 1),1900+tm->tm_year, - tm->tm_hour, tm->tm_min, tm->tm_sec); - return st; -} - diff --git a/src/lib/krb4/strcasecmp.c b/src/lib/krb4/strcasecmp.c deleted file mode 100644 index 31bf0afbff..0000000000 --- a/src/lib/krb4/strcasecmp.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 1987 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* - * This array is designed for mapping upper and lower case letter - * together for a case independent comparison. The mappings are - * based upon ascii character sequences. - */ -static unsigned char charmap[] = { - '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007', - '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017', - '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027', - '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037', - '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047', - '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057', - '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067', - '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077', - '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147', - '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', - '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', - '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137', - '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147', - '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', - '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', - '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177', - '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207', - '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217', - '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227', - '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237', - '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247', - '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257', - '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267', - '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277', - '\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347', - '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', - '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', - '\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337', - '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347', - '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', - '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', - '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', -}; - -strcasecmp(s1, s2) - char *s1, *s2; -{ - register unsigned char *cm = charmap, - *us1 = (unsigned char *)s1, - *us2 = (unsigned char *)s2; - - while (cm[*us1] == cm[*us2++]) - if (*us1++ == '\0') - return(0); - return(cm[*us1] - cm[*--us2]); -} - -strncasecmp(s1, s2, n) - char *s1, *s2; - register int n; -{ - register unsigned char *cm = charmap, - *us1 = (unsigned char *)s1, - *us2 = (unsigned char *)s2; - - while (--n >= 0 && cm[*us1] == cm[*us2++]) - if (*us1++ == '\0') - return(0); - return(n < 0 ? 0 : cm[*us1] - cm[*--us2]); -} diff --git a/src/lib/krb4/swab.c b/src/lib/krb4/swab.c deleted file mode 100644 index e07b28b434..0000000000 --- a/src/lib/krb4/swab.c +++ /dev/null @@ -1,18 +0,0 @@ -/* simple implementation of swab. */ - -swab(from,to,nbytes) - char *from; - char *to; - int nbytes; -{ - char tmp; - while ( (nbytes-=2) >= 0 ) { - tmp = from[1]; - to[1] = from[0]; - to[0] = tmp; - to++; to++; - from++; from++; - } -} - - diff --git a/src/lib/krb4/tf_shm.c b/src/lib/krb4/tf_shm.c deleted file mode 100644 index 2b040713c1..0000000000 --- a/src/lib/krb4/tf_shm.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * tf_shm.c - * - * Copyright 1988, 2007 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Shared memory segment functions for session keys. Derived from code - * contributed by Dan Kolkowitz (kolk@jessica.stanford.edu). - */ - -#include "mit-copyright.h" - -#include -#include -#include -#include "krb.h" -#include "des.h" -#include -#include - -#define MAX_BUFF sizeof(des_cblock)*1000 /* room for 1k keys */ - -extern int krb_debug; - -/* - * krb_create_shmtkt: - * - * create a shared memory segment for session keys, leaving its id - * in the specified filename. - */ - -int -krb_shm_create(file_name) -char *file_name; -{ - int retval; - int shmid; - struct shmid_ds shm_buf; - FILE *sfile; - uid_t me, metoo, getuid(), geteuid(); - - (void) krb_shm_dest(file_name); /* nuke it if it exists... - this cleans up to make sure we - don't slowly lose memory. */ - - shmid = shmget((long)IPC_PRIVATE,MAX_BUFF, IPC_CREAT); - if (shmid == -1) { - if (krb_debug) - perror("krb_shm_create shmget"); - return(KFAILURE); /* XXX */ - } - me = getuid(); - metoo = geteuid(); - /* - * now set up the buffer so that we can modify it - */ - shm_buf.shm_perm.uid = me; - shm_buf.shm_perm.gid = getgid(); - shm_buf.shm_perm.mode = 0600; - if (shmctl(shmid,IPC_SET,&shm_buf) < 0) { /*can now map it */ - if (krb_debug) - perror("krb_shm_create shmctl"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); /* XXX */ - } -#if !defined(_AIX) - (void) shmctl(shmid, SHM_LOCK, 0); /* attempt to lock-in-core */ -#endif - /* arrange so the file is owned by the ruid - (swap real & effective uid if necessary). */ - if (me != metoo) { - if (setreuid(metoo, me) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("krb_shm_create: setreuid"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %d and %d\n",metoo,me); - } - if ((sfile = fopen(file_name,"w")) == 0) { - if (krb_debug) - perror("krb_shm_create file"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); /* XXX */ - } - set_cloexec_file(sfile); - if (fchmod(fileno(sfile),0600) < 0) { - if (krb_debug) - perror("krb_shm_create fchmod"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); /* XXX */ - } - if (me != metoo) { - if (setreuid(me, metoo) < 0) { - /* can't switch??? barf! */ - if (krb_debug) - perror("krb_shm_create: setreuid2"); - (void) shmctl(shmid, IPC_RMID, 0); - return(KFAILURE); - } else - if (krb_debug) - printf("swapped UID's %d and %d\n",me,metoo); - } - - (void) fprintf(sfile,"%d",shmid); - (void) fflush(sfile); - (void) fclose(sfile); - return(KSUCCESS); -} - - -/* - * krb_is_diskless: - * - * check / to see if file .diskless exists. If so it is diskless. - * Do it this way now to avoid dependencies on a particular routine. - * Choose root file system since that will be private to the client. - */ - -int krb_is_diskless() -{ - struct stat buf; - if (stat("/.diskless",&buf) < 0) - return(0); - else return(1); -} - -/* - * krb_shm_dest: destroy shared memory segment with session keys, and remove - * file pointing to it. - */ - -int krb_shm_dest(file) -char *file; -{ - int shmid; - FILE *sfile; - struct stat st_buf; - - if (stat(file,&st_buf) == 0) { - /* successful stat */ - if ((sfile = fopen(file,"r")) == 0) { - if (krb_debug) - perror("cannot open shared memory file"); - return(KFAILURE); /* XXX */ - } - set_cloexec_file(sfile); - if (fscanf(sfile,"%d",&shmid) == 1) { - if (shmctl(shmid,IPC_RMID,0) != 0) { - if (krb_debug) - perror("krb_shm_dest: cannot delete shm segment"); - (void) fclose(sfile); - return(KFAILURE); /* XXX */ - } - } else { - if (krb_debug) - fprintf(stderr, "bad format in shmid file\n"); - (void) fclose(sfile); - return(KFAILURE); /* XXX */ - } - (void) fclose(sfile); - (void) unlink(file); - return(KSUCCESS); - } else - return(RET_TKFIL); /* XXX */ -} - - - diff --git a/src/lib/krb4/tf_util.c b/src/lib/krb4/tf_util.c deleted file mode 100644 index 0bc05d75d8..0000000000 --- a/src/lib/krb4/tf_util.c +++ /dev/null @@ -1,1103 +0,0 @@ -/* - * lib/krb4/tf_util.c - * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include "k5-int.h" -#include "krb4int.h" - - -#include -#include -#include -#ifdef HAVE_UNISTD_H -#include -#endif -#include -#include - -#ifdef TKT_SHMEM -#include -#include -#include -#endif /* TKT_SHMEM */ - - - -#define TOO_BIG -1 -#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before - * retry if ticket file is - * locked */ -extern int krb_debug; - -void tf_close(); - -#ifdef TKT_SHMEM -char *krb_shm_addr; -static char *tmp_shm_addr; -static const char krb_dummy_skey[8]; - -char *shmat(); -#endif /* TKT_SHMEM */ - -#ifdef NEED_UTIMES - -#include -#ifdef __SCO__ -#include -#endif -#if defined(__svr4__) || defined(__SVR4) -#include -#endif -int utimes(path, times) - char* path; - struct timeval times[2]; -{ - struct utimbuf tv; - tv.actime = times[0].tv_sec; - tv.modtime = times[1].tv_sec; - return utime(path,&tv); -} -#endif - -#ifdef HAVE_SETEUID -#define do_seteuid(e) seteuid((e)) -#else -#ifdef HAVE_SETRESUID -#define do_seteuid(e) setresuid(-1, (e), -1) -#else -#ifdef HAVE_SETREUID -#define do_seteuid(e) setreuid(geteuid(), (e)) -#else -#define do_seteuid(e) (errno = EPERM, -1) -#endif -#endif -#endif - - -#ifdef K5_LE -/* This was taken from jhutz's patch for heimdal krb4. It only - * applies to little endian systems. Big endian systems have a - * less elegant solution documented below. - * - * This record is written after every real ticket, to ensure that - * both 32- and 64-bit readers will perceive the next real ticket - * as starting in the same place. This record looks like a ticket - * with the following properties: - * Field 32-bit 64-bit - * ============ ================= ================= - * sname "." "." - * sinst "" "" - * srealm ".." ".." - * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000 - * lifetime 0 0 - * kvno 0 12 - * ticket 12 nulls 4 nulls - * issue 0 0 - * - * Our code always reads and writes the 32-bit format, but knows - * to skip 00000000 at the front of a record, and to completely - * ignore tickets for the special alignment principal. - */ -static unsigned char align_rec[] = { - 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0x00, 0x2e, - 0x2e, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, - 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00 -}; - -#else /* Big Endian */ - -/* These alignment records are for big endian systems. We need more - * of them because the portion of the 64-bit issue_date that overlaps - * with the start of a ticket on 32-bit systems contains an unpredictable - * number of NULL bytes. Preceeding these records is a second copy of the - * 32-bit issue_date. The srealm for the alignment records is always one of - * ".." or "?.." - */ - -/* No NULL bytes - * This is actually two alignment records since both 32- and 64-bit - * readers will agree on everything in the first record up through the - * issue_date size, except where sname starts. - * Field (1) 32-bit 64-bit - * ============ ================= ================= - * sname "????." "." - * sinst "" "" - * srealm ".." ".." - * session key 00000000 xxxxxxxx 00000000 xxxxxxxx - * lifetime 0 0 - * kvno 0 0 - * ticket 4 nulls 4 nulls - * issue 0 0 - * - * Field (2) 32-bit 64-bit - * ============ ================= ================= - * sname "." "." - * sinst "" "" - * srealm ".." ".." - * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000 - * lifetime 0 0 - * kvno 0 12 - * ticket 12 nulls 4 nulls - * issue 0 0 - * - */ -static unsigned char align_rec_0[] = { - 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0x00, 0x00, - 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, - 0x00, 0x2e, 0x2e, 0x00, 0xff, 0xff, 0xff, 0xff, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x04, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 -}; - -/* One NULL byte - * Field 32-bit 64-bit - * ============ ================= ================= - * sname "x" |"xx"|"xxx" "." - * sinst "xx."|"x."|"." ".." - * srealm ".." "..." - * session key 2E2E2E00 xxxxxxxx xxxxxxxx 00000000 - * lifetime 0 0 - * kvno 0 12 - * ticket 12 nulls 4 nulls - * issue 0 0 - */ -static unsigned char align_rec_1[] = { - 0x2e, 0x00, 0x2e, 0x2e, 0x00, 0x2e, 0x2e, 0x2e, - 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x0c, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00 -}; - -/* Two NULL bytes - * Field 32-bit 64-bit - * ============ ================= ================= - * sname "x" |"x" |"xx" ".." - * sinst "" |"x" |"" "" - * srealm "x.."|".."|".." ".." - * session key 002E2E00 xxxxxxxx xxxxxxxx 00000000 - * lifetime 0 0 - * kvno 0 12 - * ticket 12 nulls 4 nulls - * issue 0 0 - */ - static unsigned char align_rec_2[] = { - 0x2e, 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0xff, - 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x00, - 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - -/* Three NULL bytes - * Things break here for 32-bit krb4 libraries that don't - * understand this alignment record. We can't really do - * anything about the fact that the three strings ended - * in the duplicate timestamp. The good news is that this - * only happens once every 0x1000000 seconds, once roughly - * every six and a half months. We'll live. - * - * Discussion on the krbdev list has suggested the - * issue_date be incremented by one in this case to avoid - * the problem. I'm leaving this here just in case. - * - * Field 32-bit 64-bit - * ============ ================= ================= - * sname "" "." - * sinst "" "" - * srealm "" ".." - * session key 2E00002E 2E00FFFF xxxx0000 0000xxxx - * lifetime 0 0 - * kvno 4294901760 917504 - * ticket 14 nulls 4 nulls - * issue 0 0 - */ -/* -static unsigned char align_rec_3[] = { - 0x2e, 0x00, 0x00, 0x2e, 0x2e, 0x00, 0xff, 0xff, - 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; -*/ -#endif /* K5_LE*/ - -/* - * fd must be initialized to something that won't ever occur as a real - * file descriptor. Since open(2) returns only non-negative numbers as - * valid file descriptors, and tf_init always stuffs the return value - * from open in here even if it is an error flag, we must - * a. Initialize fd to a negative number, to indicate that it is - * not initially valid. - * b. When checking for a valid fd, assume that negative values - * are invalid (ie. when deciding whether tf_init has been - * called.) - * c. In tf_close, be sure it gets reinitialized to a negative - * number. - */ -static int fd = -1; -static int curpos; /* Position in tfbfr */ -static int lastpos; /* End of tfbfr */ -static char tfbfr[BUFSIZ]; /* Buffer for ticket data */ - -static int tf_gets (char *, int), tf_read (char *, int); - -/* - * This file contains routines for manipulating the ticket cache file. - * - * The ticket file is in the following format: - * - * principal's name (null-terminated string) - * principal's instance (null-terminated string) - * CREDENTIAL_1 - * CREDENTIAL_2 - * ... - * CREDENTIAL_n - * EOF - * - * Where "CREDENTIAL_x" consists of the following fixed-length - * fields from the CREDENTIALS structure (see "krb.h"): - * - * string service[ANAME_SZ] - * string instance[INST_SZ] - * string realm[REALM_SZ] - * C_Block session - * int lifetime - * int kvno - * KTEXT_ST ticket_st - * KRB4_32 issue_date - * - * Strings are stored NUL-terminated, and read back until a NUL is - * found or the indicated number of bytes have been read. (So if you - * try to store a string exactly that long or longer, reading them - * back will not work.) The KTEXT_ST structure is stored as an int - * length followed by that many data bytes. All ints are stored using - * host size and byte order for "int". - * - * Short description of routines: - * - * tf_init() opens the ticket file and locks it. - * - * tf_get_pname() returns the principal's name. - * - * tf_get_pinst() returns the principal's instance (may be null). - * - * tf_get_cred() returns the next CREDENTIALS record. - * - * tf_save_cred() appends a new CREDENTIAL record to the ticket file. - * - * tf_close() closes the ticket file and releases the lock. - * - * tf_gets() returns the next null-terminated string. It's an internal - * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). - * - * tf_read() reads a given number of bytes. It's an internal routine - * used by tf_get_cred(). - */ - -/* - * tf_init() should be called before the other ticket file routines. - * It takes the name of the ticket file to use, "tf_name", and a - * read/write flag "rw" as arguments. - * - * It tries to open the ticket file, checks the mode, and if everything - * is okay, locks the file. If it's opened for reading, the lock is - * shared. If it's opened for writing, the lock is exclusive. - * - * Returns KSUCCESS if all went well, otherwise one of the following: - * - * NO_TKT_FIL - file wasn't there - * TKT_FIL_ACC - file was in wrong mode, etc. - * TKT_FIL_LCK - couldn't lock the file, even after a retry - */ - -int KRB5_CALLCONV tf_init(tf_name, rw) - const char *tf_name; - int rw; -{ - int wflag; - uid_t me, metoo; - struct stat stat_buf, stat_buffd; -#ifdef TKT_SHMEM - char shmidname[MAXPATHLEN]; - FILE *sfp; - int shmid; -#endif - - if (!krb5__krb4_context) { - if (krb5_init_context(&krb5__krb4_context)) - return TKT_FIL_LCK; - } - - me = getuid(); - metoo = geteuid(); - - switch (rw) { - case R_TKT_FIL: - wflag = 0; - break; - case W_TKT_FIL: - wflag = 1; - break; - default: - if (krb_debug) fprintf(stderr, "tf_init: illegal parameter\n"); - return TKT_FIL_ACC; - } - - /* If ticket cache selector is null, use default cache. */ - if (tf_name == 0) - tf_name = tkt_string(); - -#ifdef TKT_SHMEM - (void) strncpy(shmidname, tf_name, sizeof(shmidname) - 1); - shmidname[sizeof(shmidname) - 1] = '\0'; - (void) strncat(shmidname, ".shm", sizeof(shmidname) - 1 - strlen(shmidname)); -#endif /* TKT_SHMEM */ - - /* - * If "wflag" is set, open the ticket file in append-writeonly mode - * and lock the ticket file in exclusive mode. If unable to lock - * the file, sleep and try again. If we fail again, return with the - * proper error message. - */ - - curpos = sizeof(tfbfr); - -#ifdef TKT_SHMEM - if (lstat(shmidname, &stat_buf) < 0) { - switch (errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - } - if (stat_buf.st_uid != me || !(stat_buf.st_mode & S_IFREG) - || stat_buf.st_nlink != 1 || stat_buf.st_mode & 077) { - return TKT_FIL_ACC; - } - - /* - * Yes, we do uid twiddling here. It's not optimal, but some - * applications may expect that the ruid is what should really own - * the ticket file, e.g. setuid applications. - */ - if (me != metoo && do_seteuid(me) < 0) - return KFAILURE; - sfp = fopen(shmidname, "r"); /* only need read/write on the - actual tickets */ - if (sfp != 0) - set_cloexec_file(sfp); - if (me != metoo && do_seteuid(metoo) < 0) - return KFAILURE; - if (sfp == 0) { - switch(errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - } - - /* - * fstat() the file to check that the file we opened is the one we - * think it is. - */ - if (fstat(fileno(sfp), &stat_buffd) < 0) { - (void) close(fd); - fd = -1; - switch(errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - } - /* Check that it's the right file */ - if ((stat_buf.st_ino != stat_buffd.st_ino) || - (stat_buf.st_dev != stat_buffd.st_dev)) { - (void) close(fd); - fd = -1; - return TKT_FIL_ACC; - } - /* Check ownership */ - if ((stat_buffd.st_uid != me && me != 0) || - ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) { - (void) close(fd); - fd = -1; - return TKT_FIL_ACC; - } - - - - shmid = -1; - { - char buf[BUFSIZ]; - int val; /* useful for debugging fscanf */ - /* We provide our own buffer here since some STDIO libraries - barf on unbuffered input with fscanf() */ - setbuf(sfp, buf); - if ((val = fscanf(sfp,"%d",&shmid)) != 1) { - (void) fclose(sfp); - return TKT_FIL_ACC; - } - if (shmid < 0) { - (void) fclose(sfp); - return TKT_FIL_ACC; - } - (void) fclose(sfp); - } - /* - * global krb_shm_addr is initialized to 0. Ultrix bombs when you try and - * attach the same segment twice so we need this check. - */ - if (!krb_shm_addr) { - if ((krb_shm_addr = shmat(shmid,0,0)) == -1){ - if (krb_debug) - fprintf(stderr, - "cannot attach shared memory for segment %d\n", - shmid); - krb_shm_addr = 0; /* reset so we catch further errors */ - return TKT_FIL_ACC; - } - } - tmp_shm_addr = krb_shm_addr; -#endif /* TKT_SHMEM */ - - if (lstat(tf_name, &stat_buf) < 0) { - switch (errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - } - if (stat_buf.st_uid != me || !(stat_buf.st_mode & S_IFREG) - || stat_buf.st_nlink != 1 || stat_buf.st_mode & 077) { - return TKT_FIL_ACC; - } - - if (wflag) { - if (me != metoo && do_seteuid(me) < 0) - return KFAILURE; - fd = open(tf_name, O_RDWR, 0600); - if (fd >= 0) - set_cloexec_fd(fd); - if (me != metoo && do_seteuid(metoo) < 0) - return KFAILURE; - if (fd < 0) { - switch(errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - } - /* - * fstat() the file to check that the file we opened is the - * one we think it is, and to check ownership. - */ - if (fstat(fd, &stat_buffd) < 0) { - (void) close(fd); - fd = -1; - switch(errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - } - /* Check that it's the right file */ - if ((stat_buf.st_ino != stat_buffd.st_ino) || - (stat_buf.st_dev != stat_buffd.st_dev)) { - (void) close(fd); - fd = -1; - return TKT_FIL_ACC; - } - /* Check ownership */ - if ((stat_buffd.st_uid != me && me != 0) || - ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) { - (void) close(fd); - fd = -1; - return TKT_FIL_ACC; - } - if (krb5_lock_file(krb5__krb4_context, fd, - KRB5_LOCKMODE_EXCLUSIVE | - KRB5_LOCKMODE_DONTBLOCK) < 0) { - sleep(TF_LCK_RETRY); - if (krb5_lock_file(krb5__krb4_context, fd, - KRB5_LOCKMODE_EXCLUSIVE | - KRB5_LOCKMODE_DONTBLOCK) < 0) { - (void) close(fd); - fd = -1; - return TKT_FIL_LCK; - } - } - return KSUCCESS; - } - /* - * Otherwise "wflag" is not set and the ticket file should be opened - * for read-only operations and locked for shared access. - */ - - if (me != metoo && do_seteuid(me) < 0) - return KFAILURE; - fd = open(tf_name, O_RDONLY, 0600); - if (fd >= 0) - set_cloexec_fd(fd); - if (me != metoo && do_seteuid(metoo) < 0) - return KFAILURE; - if (fd < 0) { - switch(errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - } - /* - * fstat() the file to check that the file we opened is the one we - * think it is, and to check ownership. - */ - if (fstat(fd, &stat_buffd) < 0) { - (void) close(fd); - fd = -1; - switch(errno) { - case ENOENT: - return NO_TKT_FIL; - default: - return TKT_FIL_ACC; - } - } - /* Check that it's the right file */ - if ((stat_buf.st_ino != stat_buffd.st_ino) || - (stat_buf.st_dev != stat_buffd.st_dev)) { - (void) close(fd); - fd = -1; - return TKT_FIL_ACC; - } - /* Check ownership */ - if ((stat_buffd.st_uid != me && me != 0) || - ((stat_buffd.st_mode & S_IFMT) != S_IFREG)) { - (void) close(fd); - fd = -1; - return TKT_FIL_ACC; - } - if (krb5_lock_file(krb5__krb4_context, fd, - KRB5_LOCKMODE_SHARED | - KRB5_LOCKMODE_DONTBLOCK) < 0) { - sleep(TF_LCK_RETRY); - if (krb5_lock_file(krb5__krb4_context, fd, - KRB5_LOCKMODE_SHARED | - KRB5_LOCKMODE_DONTBLOCK) < 0) { - (void) close(fd); - fd = -1; - return TKT_FIL_LCK; - } - } - return KSUCCESS; -} - -/* - * tf_get_pname() reads the principal's name from the ticket file. It - * should only be called after tf_init() has been called. The - * principal's name is filled into the "p" parameter. If all goes well, - * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is - * returned. If the name was null, or EOF was encountered, or the name - * was longer than ANAME_SZ, TKT_FIL_FMT is returned. - */ - -int KRB5_CALLCONV tf_get_pname(p) - char *p; -{ - if (fd < 0) { - if (krb_debug) - fprintf(stderr, "tf_get_pname called before tf_init.\n"); - return TKT_FIL_INI; - } - if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ - return TKT_FIL_FMT; - return KSUCCESS; -} - -/* - * tf_get_pinst() reads the principal's instance from a ticket file. - * It should only be called after tf_init() and tf_get_pname() have been - * called. The instance is filled into the "inst" parameter. If all - * goes well, KSUCCESS is returned. If tf_init() wasn't called, - * TKT_FIL_INI is returned. If EOF was encountered, or the instance - * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the - * instance may be null. - */ - -int KRB5_CALLCONV tf_get_pinst(inst) - char *inst; -{ - if (fd < 0) { - if (krb_debug) - fprintf(stderr, "tf_get_pinst called before tf_init.\n"); - return TKT_FIL_INI; - } - if (tf_gets(inst, INST_SZ) < 1) - return TKT_FIL_FMT; - return KSUCCESS; -} - -/* - * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills - * in the given structure "c". It should only be called after tf_init(), - * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, - * KSUCCESS is returned. Possible error codes are: - * - * TKT_FIL_INI - tf_init wasn't called first - * TKT_FIL_FMT - bad format - * EOF - end of file encountered - */ - -static int real_tf_get_cred(c) - CREDENTIALS *c; -{ - KTEXT ticket = &c->ticket_st; /* pointer to ticket */ - int k_errno; - unsigned char nullbuf[3]; /* used for 64-bit issue_date tf compatibility */ - - if (fd < 0) { - if (krb_debug) - fprintf(stderr, "tf_get_cred called before tf_init.\n"); - return TKT_FIL_INI; - } - if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) { - -#ifdef K5_BE - /* If we're big endian then we can have a null service name as part of - * an alignment record. */ - if (k_errno < 2) - switch (k_errno) { - case TOO_BIG: - tf_close(); - return TKT_FIL_FMT; - case 0: - return EOF; - } -#else /* Little Endian */ - /* If we read an empty service name, it's possible that's because - * the file was written by someone who thinks issue_date should be - * 64 bits. If that is the case, there will be three more zeros, - * followed by the real record.*/ - - if (k_errno == 1 && - tf_read(nullbuf, 3) == 3 && - !nullbuf[0] && !nullbuf[1] && !nullbuf[2]) - k_errno = tf_gets(c->service, SNAME_SZ); - - if (k_errno < 2) - switch (k_errno) { - case TOO_BIG: - case 1: /* can't be just a null */ - tf_close(); - return TKT_FIL_FMT; - case 0: - return EOF; - } -#endif/*K5_BE*/ - - } - if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) - switch (k_errno) { - case TOO_BIG: - return TKT_FIL_FMT; - case 0: - return EOF; - } - if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) { - switch (k_errno) { - case TOO_BIG: - case 1: /* can't be just a null */ - tf_close(); - return TKT_FIL_FMT; - case 0: - return EOF; - } - } - - if ( - tf_read((char *) (c->session), KEY_SZ) < 1 || - tf_read((char *) &(c->lifetime), sizeof(c->lifetime)) < 1 || - tf_read((char *) &(c->kvno), sizeof(c->kvno)) < 1 || - tf_read((char *) &(ticket->length), sizeof(ticket->length)) - < 1 || - /* don't try to read a silly amount into ticket->dat */ - ticket->length > MAX_KTXT_LEN || - tf_read((char *) (ticket->dat), ticket->length) < 1 || - tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1 - ) { - tf_close(); - return TKT_FIL_FMT; - } - -#ifdef K5_BE - /* If the issue_date is 0 and we're not dealing with an alignment - record, then it's likely we've run into an issue_date written by - a 64-bit library that is using long instead of KRB4_32. Let's get - the next four bytes instead. - */ - if (0 == c->issue_date) { - int len = strlen(c->realm); - if (!(2 == len && 0 == strcmp(c->realm, "..")) && - !(3 == len && 0 == strcmp(c->realm + 1, ".."))) { - if (tf_read((char *) &(c->issue_date), sizeof(c->issue_date)) < 1) { - tf_close(); - return TKT_FIL_FMT; - } - } - } - -#endif - - return KSUCCESS; -} - -int KRB5_CALLCONV tf_get_cred(c) - CREDENTIALS *c; -{ - int k_errno; - int fake; - - do { - fake = 0; - k_errno = real_tf_get_cred(c); - if (k_errno) - return k_errno; - -#ifdef K5_BE - /* Here we're checking to see if the realm is one of the - * alignment record realms, ".." or "?..", so we can skip it. - * If it's not, then we need to verify that the service name - * was not null as this should be a valid ticket. - */ - { - int len = strlen(c->realm); - if (2 == len && 0 == strcmp(c->realm, "..")) - fake = 1; - if (3 == len && 0 == strcmp(c->realm + 1, "..")) - fake = 1; - if (!fake && 0 == strlen(c->service)) { - tf_close(); - return TKT_FIL_FMT; - } - } -#else /* Little Endian */ - /* Here we're checking to see if the service principal is the - * special alignment record principal ".@..", so we can skip it. - */ - if (strcmp(c->service, ".") == 0 && - strcmp(c->instance, "") == 0 && - strcmp(c->realm, "..") == 0) - fake = 1; -#endif/*K5_BE*/ - } while (fake); - -#ifdef TKT_SHMEM - memcpy(c->session, tmp_shm_addr, KEY_SZ); - tmp_shm_addr += KEY_SZ; -#endif /* TKT_SHMEM */ - return KSUCCESS; -} - -/* - * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is - * not a valid file descriptor, it just returns. It also clears the - * buffer used to read tickets. - * - * The return value is not defined. - */ - -void KRB5_CALLCONV tf_close() -{ - if (!(fd < 0)) { -#ifdef TKT_SHMEM - if (shmdt(krb_shm_addr)) { - /* what kind of error? */ - if (krb_debug) - fprintf(stderr, "shmdt 0x%x: errno %d",krb_shm_addr, errno); - } else { - krb_shm_addr = 0; - } -#endif /* TKT_SHMEM */ - if (!krb5__krb4_context) - krb5_init_context(&krb5__krb4_context); - (void) krb5_lock_file(krb5__krb4_context, fd, KRB5_LOCKMODE_UNLOCK); - (void) close(fd); - fd = -1; /* see declaration of fd above */ - } - memset(tfbfr, 0, sizeof(tfbfr)); -} - -/* - * tf_gets() is an internal routine. It takes a string "s" and a count - * "n", and reads from the file until either it has read "n" characters, - * or until it reads a null byte. When finished, what has been read exists - * in "s". If it encounters EOF or an error, it closes the ticket file. - * - * Possible return values are: - * - * n the number of bytes read (including null terminator) - * when all goes well - * - * 0 end of file or read error - * - * TOO_BIG if "count" characters are read and no null is - * encountered. This is an indication that the ticket - * file is seriously ill. - */ - -static int -tf_gets(s, n) - register char *s; - int n; -{ - register int count; - - if (fd < 0) { - if (krb_debug) - fprintf(stderr, "tf_gets called before tf_init.\n"); - return TKT_FIL_INI; - } - for (count = n - 1; count > 0; --count) { - if (curpos >= sizeof(tfbfr)) { - lastpos = read(fd, tfbfr, sizeof(tfbfr)); - curpos = 0; - } - if (curpos == lastpos) { - tf_close(); - return 0; - } - *s = tfbfr[curpos++]; - if (*s++ == '\0') - return (n - count); - } - tf_close(); - return TOO_BIG; -} - -/* - * tf_read() is an internal routine. It takes a string "s" and a count - * "n", and reads from the file until "n" bytes have been read. When - * finished, what has been read exists in "s". If it encounters EOF or - * an error, it closes the ticket file. - * - * Possible return values are: - * - * n the number of bytes read when all goes well - * - * 0 on end of file or read error - */ - -static int -tf_read(s, n) - register char *s; - register int n; -{ - register int count; - - for (count = n; count > 0; --count) { - if (curpos >= sizeof(tfbfr)) { - lastpos = read(fd, tfbfr, sizeof(tfbfr)); - curpos = 0; - } - if (curpos == lastpos) { - tf_close(); - return 0; - } - *s++ = tfbfr[curpos++]; - } - return n; -} - -/* - * tf_save_cred() appends an incoming ticket to the end of the ticket - * file. You must call tf_init() before calling tf_save_cred(). - * - * The "service", "instance", and "realm" arguments specify the - * server's name; "session" contains the session key to be used with - * the ticket; "kvno" is the server key version number in which the - * ticket is encrypted, "ticket" contains the actual ticket, and - * "issue_date" is the time the ticket was requested (local host's time). - * - * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't - * called previously, and KFAILURE for anything else that went wrong. - */ - -int tf_save_cred(service, instance, realm, session, lifetime, kvno, - ticket, issue_date) - char *service; /* Service name */ - char *instance; /* Instance */ - char *realm; /* Auth domain */ - C_Block session; /* Session key */ - int lifetime; /* Lifetime */ - int kvno; /* Key version number */ - KTEXT ticket; /* The ticket itself */ - KRB4_32 issue_date; /* The issue time */ -{ - - off_t lseek(); - unsigned int count; /* count for write */ -#ifdef TKT_SHMEM - int *skey_check; -#endif /* TKT_SHMEM */ - - if (fd < 0) { /* fd is ticket file as set by tf_init */ - if (krb_debug) - fprintf(stderr, "tf_save_cred called before tf_init.\n"); - return TKT_FIL_INI; - } - /* Find the end of the ticket file */ - (void) lseek(fd, (off_t)0, 2); -#ifdef TKT_SHMEM - /* scan to end of existing keys: pick first 'empty' slot. - we assume that no real keys will be completely zero (it's a weak - key under DES) */ - - skey_check = (int *) krb_shm_addr; - - while (*skey_check && *(skey_check+1)) - skey_check += 2; - tmp_shm_addr = (char *)skey_check; -#endif /* TKT_SHMEM */ - - /* Write the ticket and associated data */ - /* Service */ - count = strlen(service) + 1; - if (write(fd, service, count) != count) - goto bad; - /* Instance */ - count = strlen(instance) + 1; - if (write(fd, instance, count) != count) - goto bad; - /* Realm */ - count = strlen(realm) + 1; - if (write(fd, realm, count) != count) - goto bad; - /* Session key */ -#ifdef TKT_SHMEM - memcpy(tmp_shm_addr, session, 8); - tmp_shm_addr+=8; - if (write(fd,krb_dummy_skey,8) != 8) - goto bad; -#else /* ! TKT_SHMEM */ - if (write(fd, (char *) session, 8) != 8) - goto bad; -#endif /* TKT_SHMEM */ - /* Lifetime */ - if (write(fd, (char *) &lifetime, sizeof(int)) != sizeof(int)) - goto bad; - /* Key vno */ - if (write(fd, (char *) &kvno, sizeof(int)) != sizeof(int)) - goto bad; - /* Tkt length */ - if (write(fd, (char *) &(ticket->length), sizeof(int)) != - sizeof(int)) - goto bad; - /* Ticket */ - count = ticket->length; - if (write(fd, (char *) (ticket->dat), count) != count) - goto bad; - /* Issue date */ - if (write(fd, (char *) &issue_date, sizeof(KRB4_32)) - != sizeof(KRB4_32)) - goto bad; - /* Alignment Record */ -#ifdef K5_BE - { - int null_bytes = 0; - if (0 == (issue_date & 0xff000000)) - ++null_bytes; - if (0 == (issue_date & 0x00ff0000)) - ++null_bytes; - if (0 == (issue_date & 0x0000ff00)) - ++null_bytes; - if (0 == (issue_date & 0x000000ff)) - ++null_bytes; - - switch(null_bytes) { - case 0: - /* Issue date */ - if (write(fd, (char *) &issue_date, sizeof(KRB4_32)) - != sizeof(KRB4_32)) - goto bad; - if (write(fd, align_rec_0, sizeof(align_rec_0)) - != sizeof(align_rec_0)) - goto bad; - break; - - case 1: - if (write(fd, (char *) &issue_date, sizeof(KRB4_32)) - != sizeof(KRB4_32)) - goto bad; - if (write(fd, align_rec_1, sizeof(align_rec_1)) - != sizeof(align_rec_1)) - goto bad; - break; - - case 3: - /* Three NULLS are troublesome but rare. We'll just pretend - * they don't exist by decrementing the issue_date. - */ - --issue_date; - case 2: - if (write(fd, (char *) &issue_date, sizeof(KRB4_32)) - != sizeof(KRB4_32)) - goto bad; - if (write(fd, align_rec_2, sizeof(align_rec_2)) - != sizeof(align_rec_2)) - goto bad; - break; - - default: - goto bad; - } - - } -#else - if (write(fd, align_rec, sizeof(align_rec)) != sizeof(align_rec)) - goto bad; -#endif - - /* Actually, we should check each write for success */ - return (KSUCCESS); -bad: - return (KFAILURE); -} diff --git a/src/lib/krb4/tkt_string.c b/src/lib/krb4/tkt_string.c deleted file mode 100644 index f6ed927b74..0000000000 --- a/src/lib/krb4/tkt_string.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * tkt_string.c - * - * Copyright 1985, 1986, 1987, 1988, 2002 by the Massachusetts - * Institute of Technology. All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#include "krb.h" -#include -#include -#include -#include "autoconf.h" -#include "port-sockets.h" /* XXX this gets us MAXPATHLEN but we should find - a better way */ - -#ifdef HAVE_STDLIB_H -#include -#else -char *getenv(); -#endif - - -#ifdef _WIN32 -typedef unsigned long uid_t; -uid_t getuid(void) { return 0; } -#endif /* _WIN32 */ - -/* - * This routine is used to generate the name of the file that holds - * the user's cache of server tickets and associated session keys. - * - * If it is set, krb_ticket_string contains the ticket file name. - * Otherwise, the filename is constructed as follows: - * - * If it is set, the environment variable "KRBTKFILE" will be used as - * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and - * the user's uid are concatenated to produce the ticket file name - * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket - * file name is returned. - */ - -static char krb_ticket_string[MAXPATHLEN]; - -const char *tkt_string() -{ - char *env; - uid_t getuid(); - - if (!*krb_ticket_string) { - env = getenv("KRBTKFILE"); - if (env) { - (void) strncpy(krb_ticket_string, env, - sizeof(krb_ticket_string)-1); - krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; - } else { - /* 32 bits of signed integer will always fit in 11 characters - (including the sign), so no need to worry about overflow */ - (void) snprintf(krb_ticket_string, sizeof(krb_ticket_string), - "%s%d",TKT_ROOT,(int) getuid()); - } - } - return krb_ticket_string; -} - -/* - * This routine is used to set the name of the file that holds the user's - * cache of server tickets and associated session keys. - * - * The value passed in is copied into local storage. - * - * NOTE: This routine should be called during initialization, before other - * Kerberos routines are called; otherwise tkt_string() above may be called - * and return an undesired ticket file name until this routine is called. - */ - -void KRB5_CALLCONV -krb_set_tkt_string(val) - const char *val; -{ - (void) strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1); - krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; -} diff --git a/src/lib/krb4/unix_glue.c b/src/lib/krb4/unix_glue.c deleted file mode 100644 index 93a30ed01f..0000000000 --- a/src/lib/krb4/unix_glue.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * unix_glue.c - * - * Glue code for pasting Kerberos into the Unix environment. - * - * Originally written by John Gilmore, Cygnus Support, May '94. - * Public Domain. - */ - -#include "krb.h" -#include -#include "krb4int.h" - -/* Start and end Kerberos library access. On Unix, this is a No-op. */ -int -krb_start_session (x) - char *x; -{ - return KSUCCESS; -} - -int -krb_end_session (x) - char *x; -{ - return KSUCCESS; -} - -char * -krb_get_default_user () -{ - return 0; /* FIXME */ -} - -int -krb_set_default_user (x) - char *x; -{ - return KFAILURE; /* FIXME */ -} diff --git a/src/lib/krb4/unix_time.c b/src/lib/krb4/unix_time.c deleted file mode 100644 index 411ee38d62..0000000000 --- a/src/lib/krb4/unix_time.c +++ /dev/null @@ -1,26 +0,0 @@ -/* - * unix_time.c - * - * Glue code for pasting Kerberos into the Unix environment. - * - * Originally written by John Gilmore, Cygnus Support, May '94. - * Public Domain. - */ - -#include "krb.h" -#include - -/* Time handling. Translate Unix time calls into Kerberos cnternal - procedure calls. See ../../include/cc-unix.h. */ - -unsigned KRB4_32 KRB5_CALLCONV -unix_time_gmt_unixsec (usecptr) - unsigned KRB4_32 *usecptr; -{ - struct timeval now; - - (void) gettimeofday (&now, (struct timezone *)0); - if (usecptr) - *usecptr = now.tv_usec; - return now.tv_sec; -} diff --git a/src/lib/krb4/vmslink.com b/src/lib/krb4/vmslink.com deleted file mode 100644 index 95cabfe1d8..0000000000 --- a/src/lib/krb4/vmslink.com +++ /dev/null @@ -1,79 +0,0 @@ -$ write sys$output "start of run" -$ cc /decc /inc=inc /debug=all des.c -$ cc /decc /inc=inc /debug=all d3des.c -$ cc /decc /inc=inc /debug=all cbc.c -$ cc /decc /inc=([],inc) /debug=all qcksum.c -$ cc /decc /inc=([],inc) /debug=all str2key.c -$ cc /decc /inc=([],inc) /debug=all parity.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all ad_print.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all add_tkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_auth_repl.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_ciph.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_death_pkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_err_repl.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all cr_tkt.c -$ write sys$output "begin d" -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all debug.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all decomp_tkt.c -stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all dest_tkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all err_txt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all ext_tkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all fakeenv.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all fgetst.c -$ write sys$output "begin g" -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_ad_tkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_admhst.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_cnffile.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_cred.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_in_tkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_krbhst.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_krbrlm.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_phost.c -sgtty $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_pw_in_tkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_pw_tkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_request.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_svc_in_tkt.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_tf_fname.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all g_tf_realm.c -$ write sys$output "end g_" -$ cc/decc/inc=inc /define=("HOST_BYTE_ORDER=1",BSD42) /debug=all gethostname.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all getst.c -stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all in_tkt.c -$ cc/decc/inc=inc /define=("HOST_BYTE_ORDER=1",NEED_TIME_H) /debug=all klog.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all kname_parse.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all kntoln.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all kparse.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all krbglue.c -stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all kuserok.c -$ write sys$output "end k" -$ cc/decc/inc=inc /define=("HOST_BYTE_ORDER=1",NEED_TIME_H) /debug=all log.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_err.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_preauth.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_priv.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_req.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all mk_safe.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all month_sname.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all netread.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all netwrite.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all pkt_cipher.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all pkt_clen.c -$ write sys$output "begin rd" -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_err.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_preauth.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_priv.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_req.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_safe.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all rd_svc_key.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all realmofhost.c -$ write sys$output "begin recv" -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all recvauth.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all save_creds.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all send_to_kdc.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all sendauth.c -$ cc/decc/inc=inc /define=("HOST_BYTE_ORDER=1",NEED_TIME_H) /debug=all stime.c -stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all tf_shm.c -stat $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all tf_util.c -MAXPATHLEN $ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all tkt_string.c -$ cc/decc/inc=inc /define="HOST_BYTE_ORDER=1" /debug=all vmsswab.c -$ library /create /list libkrb *.obj - diff --git a/src/lib/krb4/vmsswab.c b/src/lib/krb4/vmsswab.c deleted file mode 100644 index 019580882e..0000000000 --- a/src/lib/krb4/vmsswab.c +++ /dev/null @@ -1,34 +0,0 @@ -/* Copyright 1994 Cygnus Support */ -/* Mark W. Eichin */ -/* - * Permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation. - * Cygnus Support makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -/* VMS doesn't have swab, but everything else does */ -/* so make this available anyway ... someday it might go - into the VMS makefile fragment, but for now it is only - referenced by l.com. */ - -swab(from,to,nbytes) - char *from; - char *to; - int nbytes; -{ - char tmp; - - while ( (nbytes-=2) >= 0 ) { - tmp = from[1]; - to[1] = from[0]; - to[0] = tmp; - to++; to++; - from++; from++; - } -} - diff --git a/src/lib/krb4/win_glue.c b/src/lib/krb4/win_glue.c deleted file mode 100644 index e9cb5db334..0000000000 --- a/src/lib/krb4/win_glue.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * win-glue.c - * - * Glue code for pasting Kerberos into the Windows environment. - * - * Originally written by John Gilmore, Cygnus Support, May '94. - * Public Domain. - */ - -#include "krb.h" - -#include -#include -#include - - -/* - * We needed a way to print out what might be FAR pointers on Windows, - * but might be ordinary pointers on real machines. Printf modifiers - * scattered through the code don't cut it, - * since they might break on real machines. Microloss - * didn't provide a function to print a char *, so we wrote one. - * It gets #define'd to fputs on real machines. - */ -int -far_fputs(string, stream) - char *string; - FILE *stream; -{ - return fprintf(stream, "%Fs", string); -} - -int -krb_start_session(x) - char *x; -{ - return KSUCCESS; -} - -int -krb_end_session(x) - char *x; -{ - return KSUCCESS; -} - -void KRB5_CALLCONV -krb_set_tkt_string(val) -char *val; -{ -} diff --git a/src/lib/krb4/win_store.c b/src/lib/krb4/win_store.c deleted file mode 100644 index 9c2c37aa93..0000000000 --- a/src/lib/krb4/win_store.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * win_store.c - * - * Kerberos configuration storage management routines. - * - * Originally coded by John Rivlin / Fusion Software, Inc. - * - * This file incorporates replacements for the following Unix files: - * g_cnffil.c - */ - -#include "krb.h" -#include "k5-int.h" -#include -#include - -krb5_context krb5__krb4_context = 0; - -char * -krb__get_srvtabname(default_srvtabname) - const char *default_srvtabname; -{ - const char* names[3]; - char **full_name = 0, **cpp; - krb5_error_code retval; - char *retname; - - if (!krb5__krb4_context) { - retval = krb5_init_context(&krb5__krb4_context); - if (!retval) - return NULL; - } - names[0] = "libdefaults"; - names[1] = "krb4_srvtab"; - names[2] = 0; - retval = profile_get_values(krb5__krb4_context->profile, names, - &full_name); - if (retval == 0 && full_name && full_name[0]) { - retname = strdup(full_name[0]); - for (cpp = full_name; *cpp; cpp++) - krb5_xfree(*cpp); - krb5_xfree(full_name); - } else { - retname = strdup(default_srvtabname); - } - return retname; -} - -/* - * Returns an open file handle to the configuration file. This - * file was called "krb.conf" on Unix. Here we search for the entry - * "krb.conf=" in the "[FILES]" section of the "kerberos.ini" file - * located in the Windows directory. If the entry doesn't exist in - * the kerberos.ini file, then "krb.con" in the Windows directory is - * used in its place. - */ -FILE* -krb__get_cnffile() -{ - FILE *cnffile = 0; - char cnfname[FILENAME_MAX]; - char defname[FILENAME_MAX]; - UINT rc; - - defname[sizeof(defname) - 1] = '\0'; - rc = GetWindowsDirectory(defname, sizeof(defname) - 1); - assert(rc > 0); - - strncat(defname, "\\", sizeof(defname) - 1 - strlen(defname)); - - strncat(defname, DEF_KRB_CONF, sizeof(defname) - 1 - strlen(defname)); - - cnfname[sizeof(cnfname) - 1] = '\0'; - GetPrivateProfileString(INI_FILES, INI_KRB_CONF, defname, - cnfname, sizeof(cnfname) - 1, KERBEROS_INI); - - cnffile = fopen(cnfname, "r"); - if (cnffile) - set_cloexec_file(cnffile); - - return cnffile; -} - - -/* - * Returns an open file handle to the realms file. This - * file was called "krb.realms" on Unix. Here we search for the entry - * "krb.realms=" in the "[FILES]" section of the "kerberos.ini" file - * located in the Windows directory. If the entry doesn't exist in - * the kerberos.ini file, then "krb.rea" in the Windows directory is - * used in its place. - */ -FILE* -krb__get_realmsfile() -{ - FILE *realmsfile = 0; - char realmsname[FILENAME_MAX]; - char defname[FILENAME_MAX]; - UINT rc; - - defname[sizeof(defname) - 1] = '\0'; - rc = GetWindowsDirectory(defname, sizeof(defname) - 1); - assert(rc > 0); - - strncat(defname, "\\", sizeof(defname) - 1 - strlen(defname)); - - strncat(defname, DEF_KRB_REALMS, sizeof(defname) - 1 - strlen(defname)); - - defname[sizeof(defname) - 1] = '\0'; - GetPrivateProfileString(INI_FILES, INI_KRB_REALMS, defname, - realmsname, sizeof(realmsname) - 1, KERBEROS_INI); - - realmsfile = fopen(realmsname, "r"); - if (realmsfile) - set_cloexec_file(realmsfile); - - return realmsfile; -} - - -/* - * Returns the current default user. This information is stored in - * the [DEFAULTS] section of the "kerberos.ini" file located in the - * Windows directory. - */ -char * KRB5_CALLCONV -krb_get_default_user() -{ - static char username[ANAME_SZ]; - - GetPrivateProfileString(INI_DEFAULTS, INI_USER, "", - username, sizeof(username), KERBEROS_INI); - - return username; -} - - -/* - * Sets the default user name stored in the "kerberos.ini" file. - */ -int KRB5_CALLCONV -krb_set_default_user(username) - char *username; -{ - BOOL rc; - - rc = WritePrivateProfileString(INI_DEFAULTS, INI_USER, - username, KERBEROS_INI); - - if (rc) - return KSUCCESS; - else - return KFAILURE; -} diff --git a/src/lib/krb4/win_time.c b/src/lib/krb4/win_time.c deleted file mode 100644 index 2560c3192d..0000000000 --- a/src/lib/krb4/win_time.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * win_time.c - * - * Glue code for pasting Kerberos into the Windows environment. - * - * Originally written by John Gilmore, Cygnus Support, May '94. - * Public Domain. - */ - -#include "krb.h" - -#include -#include -#include -#include -#include -#include - -#ifdef _WIN32 - -unsigned KRB4_32 -win_time_gmt_unixsec (usecptr) - unsigned KRB4_32 *usecptr; -{ - struct _timeb timeptr; - - _ftime(&timeptr); /* Get the current time */ - - if (usecptr) - *usecptr = timeptr.millitm * 1000; - - return timeptr.time + CONVERT_TIME_EPOCH; -} - -#else - -/* - * Time handling. Translate Unix time calls into Kerberos internal - * procedure calls. See ../../include/c-win.h. - * - * Due to the fact that DOS time can be unreliable we have reverted - * to using the AT hardware clock and converting it to Unix time. - */ - -unsigned KRB4_32 -win_time_gmt_unixsec (usecptr) - unsigned KRB4_32 *usecptr; -{ - struct tm tm; - union _REGS inregs; - union _REGS outregs; - struct _timeb now; - time_t time; - - _ftime(&now); - - #if 0 - if (usecptr) - *usecptr = now.millitm * 1000; - #endif - - /* Get time from AT hardware clock INT 0x1A, AH=2 */ - memset(&inregs, 0, sizeof(inregs)); - inregs.h.ah = 2; - - _int86(0x1a, &inregs, &outregs); - - /* 0x13 = decimal 13, hence the decoding below */ - tm.tm_sec = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F); - tm.tm_min = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F); - tm.tm_hour = 10 * ((outregs.h.ch & 0xF0) >> 4) + (outregs.h.ch & 0x0F); - - /* Get date from AT hardware clock INT 0x1A, AH=4 */ - memset(&inregs, 0, sizeof(inregs)); - inregs.h.ah = 4; - - _int86(0x1a, &inregs, &outregs); - - tm.tm_mday = 10 * ((outregs.h.dl & 0xF0) >> 4) + (outregs.h.dl & 0x0F); - tm.tm_mon = 10 * ((outregs.h.dh & 0xF0) >> 4) + (outregs.h.dh & 0x0F) - 1; - tm.tm_year = 10 * ((outregs.h.cl & 0xF0) >> 4) + (outregs.h.cl & 0x0F); - tm.tm_year += 100 * ((10 * (outregs.h.ch & 0xF0) >> 4) - + (outregs.h.ch & 0x0F) - 19); - - tm.tm_wday = 0; - tm.tm_yday = 0; - tm.tm_isdst = now.dstflag; - - time = mktime(&tm); - - if (usecptr) - *usecptr = 0; - - return time + CONVERT_TIME_EPOCH; -} - -#endif - -/* - * This routine figures out the current time epoch and returns the - * conversion factor. It exists because - * Microloss screwed the pooch on the time() and _ftime() calls in - * its release 7.0 libraries. They changed the epoch to Dec 31, 1899! - * Idiots... We try to cope. - */ - -static struct tm jan_1_70 = {0, 0, 0, 1, 0, 70}; -static long epoch = 0; -static int epoch_set = 0; - -long -win_time_get_epoch() -{ - - if (!epoch_set) { - epoch = - mktime (&jan_1_70); /* Seconds til 1970 localtime */ - epoch += timezone; /* Seconds til 1970 GMT */ - epoch_set = 1; - } - return epoch; -} diff --git a/src/lib/krb5/Makefile.in b/src/lib/krb5/Makefile.in index e3d9a370e0..75a142973f 100644 --- a/src/lib/krb5/Makefile.in +++ b/src/lib/krb5/Makefile.in @@ -2,8 +2,8 @@ thisconfigdir=../.. myfulldir=lib/krb5 mydir=lib/krb5 BUILDTOP=$(REL)..$(S).. -LOCALINCLUDES = -I$(srcdir)/ccache -I$(srcdir)/keytab -I$(srcdir)/rcache -I$(srcdir)/os -SUBDIRS= error_tables asn.1 ccache keytab krb os rcache +LOCALINCLUDES = -I$(srcdir)/ccache -I$(srcdir)/keytab -I$(srcdir)/rcache -I$(srcdir)/os -I$(srcdir)/unicode +SUBDIRS= error_tables asn.1 ccache keytab krb os rcache unicode DEFS= ##DOSBUILDTOP = ..\.. @@ -32,6 +32,7 @@ STOBJLISTS= \ keytab/OBJS.ST \ krb/OBJS.ST \ rcache/OBJS.ST \ + unicode/OBJS.ST \ os/OBJS.ST \ $(BUILDTOP)/util/profile/OBJS.ST @@ -42,6 +43,7 @@ SUBDIROBJLISTS= \ keytab/OBJS.ST \ krb/OBJS.ST \ rcache/OBJS.ST \ + unicode/OBJS.ST \ os/OBJS.ST \ $(BUILDTOP)/util/profile/OBJS.ST @@ -93,6 +95,9 @@ all-windows:: cd ..\rcache @echo Making in krb5\rcache $(MAKE) -$(MFLAGS) + cd ..\unicode + @echo Making in krb5\unicode + $(MAKE) -$(MFLAGS) cd .. clean-windows:: @@ -120,6 +125,9 @@ clean-windows:: cd ..\rcache @echo Making clean in krb5\rcache $(MAKE) -$(MFLAGS) clean + cd ..\unicode + @echo Making clean in krb5\unicode + $(MAKE) -$(MFLAGS) clean cd .. @echo Making clean locally @@ -128,20 +136,3 @@ install-unix:: install-libs @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -krb5_libinit.so krb5_libinit.po $(OUTPRE)krb5_libinit.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/ccache/cc-int.h $(srcdir)/keytab/kt-int.h \ - $(srcdir)/os/os-proto.h $(srcdir)/rcache/rc-int.h krb5_libinit.c \ - krb5_libinit.h diff --git a/src/lib/krb5/asn.1/.saberinit b/src/lib/krb5/asn.1/.saberinit deleted file mode 100644 index d14fddb66b..0000000000 --- a/src/lib/krb5/asn.1/.saberinit +++ /dev/null @@ -1,4 +0,0 @@ -alias hex print (unsigned) -setopt load_flags -I../include -load -lisode -alias reload load diff --git a/src/lib/krb5/asn.1/Makefile.in b/src/lib/krb5/asn.1/Makefile.in index db5e593276..f7f1b21957 100644 --- a/src/lib/krb5/asn.1/Makefile.in +++ b/src/lib/krb5/asn.1/Makefile.in @@ -57,123 +57,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -asn1_decode.so asn1_decode.po $(OUTPRE)asn1_decode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_decode.c asn1_decode.h asn1_get.h asn1buf.h krbasn1.h -asn1_k_decode.so asn1_k_decode.po $(OUTPRE)asn1_k_decode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_decode.h asn1_get.h asn1_k_decode.c asn1_k_decode.h \ - asn1_misc.h asn1buf.h krbasn1.h -asn1_encode.so asn1_encode.po $(OUTPRE)asn1_encode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_encode.c asn1_encode.h asn1_make.h asn1buf.h krbasn1.h -asn1_get.so asn1_get.po $(OUTPRE)asn1_get.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_get.c asn1_get.h asn1buf.h krbasn1.h -asn1_make.so asn1_make.po $(OUTPRE)asn1_make.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_make.c asn1_make.h asn1buf.h krbasn1.h -asn1buf.so asn1buf.po $(OUTPRE)asn1buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h asn1_get.h asn1buf.c \ - asn1buf.h krbasn1.h -krb5_decode.so krb5_decode.po $(OUTPRE)krb5_decode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_decode.h asn1_get.h asn1_k_decode.h asn1buf.h \ - krb5_decode.c krbasn1.h -krb5_encode.so krb5_encode.po $(OUTPRE)krb5_encode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_encode.h asn1_k_encode.h asn1_make.h asn1buf.h \ - krb5_encode.c krbasn1.h -asn1_k_encode.so asn1_k_encode.po $(OUTPRE)asn1_k_encode.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_encode.h asn1_k_encode.c asn1_k_encode.h asn1_make.h \ - asn1buf.h krbasn1.h -ldap_key_seq.so ldap_key_seq.po $(OUTPRE)ldap_key_seq.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h asn1_decode.h asn1_encode.h \ - asn1_get.h asn1_make.h asn1buf.h krbasn1.h ldap_key_seq.c -asn1_misc.so asn1_misc.po $(OUTPRE)asn1_misc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - asn1_misc.c asn1_misc.h krbasn1.h diff --git a/src/lib/krb5/asn.1/TODO.asn1 b/src/lib/krb5/asn.1/TODO.asn1 new file mode 100644 index 0000000000..73f5fed7af --- /dev/null +++ b/src/lib/krb5/asn.1/TODO.asn1 @@ -0,0 +1,90 @@ +-*- text -*- + +Stuff that should still be done on the ASN.1 encoder conversion: + +* Add support for opaque objects (pre-encoded fields, or ANY), and fix + up those remaining encoders (e.g., asn1_encode_sam_challenge_2) that + need them. + +* Convert PKINIT encoders, after we have test cases. + +* Make offsetof uses conforming. Currently we may use foo.bar or + foo[0] as fields. + +* Script to generate the tables. Then each type or field entry can + generate multiple bits of code, instead of forcing us to bury the + type consistency checking into the structure initializer + expression. For example, we might generate these bits of code from + one field descriptor: + + * Field table entry. + + * Type-checking code: Create a pointer of the expected type and a + pointer of the actual type (address of field of automatic struct), + and verify consistency with comparison, assignment, or conditional + expr. Plenty of comments to indicate what's being compared and + what a compiler complain means. + + * Range-checking code for bitfields: Create an automatic field info + struct, fill in the computed offset or whatever, read it back, + make sure it matches. Also with comments. + + * Possibly header declarations describing the types that could be + imported, with correct handles *and* C types. + + * Static declarations for non-exported types to keep symbol table + sizes down. + + Then similar bits of code (e.g., all the field table entries) can be + pulled together into the appropriate places. + +* Some kind of "module" system for exporting and importing encoders, + better than relying on the "type_*" variable names. Probably use + meaningful strings that indicate both the ASN.1 type and the + associated C type. Find a way to fit "imported type" into this + scheme so that we can cleanly move the PKINIT types into the PKINIT + plugin, the LDAP types into the LDAP plugin, etc., and still let + them use the encoders in the code. Only a subset of types would be + exported probably. + +* More compact encoding: For tags and optional-field bit positions, + encode N+1, and use 0 for "none", then make the field unsigned. + Currently the fields are signed, non-negative values hold useful + data, -1 means "none", and MIN..-2 are unused. Changing this will + either let us reduce the field size one bit, or extend the maximum + tag/bitpos value from 2**(N-1)-1 to 2**N-2. + +* More compact encoding: Use a union with designated initializers, or + some ugly casting, to make the structures smaller by not having all + fields present when we never use all of them at once. The union + approach is certainly more appealing, aside from the little detail + that it won't work on Windows unless we do all the initialization at + run time. + +* Pie in the sky: A verbose mode that can tell you "missing field + KDC-REP.cname.name-string[1].data" or some such. This would require + tracking the stack of pending encodes and adding strings with type + and field names. + +* For ALL_POINTERS_ARE_THE_SAME mode (which is not strictly conforming + with the C standard, and thus not default currently, but makes + things a little smaller and faster), eliminate the loadptr structure + entry. + +* Maybe: Reorganize the data of a "module" so everything needing + relocation is put in some tables, referenced by index from other + structures without relocations. E.g., for krb5_data, here's the + offset for the data pointer, here's the offset for the length value, + here's the index into the pointer reader function table, here's the + index into the length reader function table, here's an index into + the string-type encoder table. + + Using an index into a set of pointer types, with a single function + taking an integer parameter used to switch between various + ptr-to-ptr-to-type code paths, will be a lot smaller -- with a good + compiler the function will probably collapse to a simple + fetch-a-pointer function ignoring the integer argument, while at the + C level it's strictly conforming by using the correct types for + access. + +* Table-driven decoders? diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c index 62c0427061..8427e95b4e 100644 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ b/src/lib/krb5/asn.1/asn1_decode.c @@ -259,3 +259,19 @@ done: *val = t; cleanup(); } + +asn1_error_code asn1_decode_boolean(asn1buf *buf, unsigned *val) +{ + setup(); + asn1_octet bval; + + tag(ASN1_BOOLEAN); + + retval = asn1buf_remove_octet(buf, &bval); + if (retval) return retval; + + *val = (bval != 0x00); + + cleanup(); +} + diff --git a/src/lib/krb5/asn.1/asn1_decode.h b/src/lib/krb5/asn.1/asn1_decode.h index 373826ceb6..3e8bac4c6d 100644 --- a/src/lib/krb5/asn.1/asn1_decode.h +++ b/src/lib/krb5/asn.1/asn1_decode.h @@ -59,6 +59,9 @@ Returns ENOMEM if memory is exhausted. Returns asn1 errors. */ + +asn1_error_code asn1_decode_boolean + (asn1buf *buf, unsigned int *val); asn1_error_code asn1_decode_integer (asn1buf *buf, long *val); asn1_error_code asn1_decode_unsigned_integer diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c index d55e1832f3..c4cc674e02 100644 --- a/src/lib/krb5/asn.1/asn1_encode.c +++ b/src/lib/krb5/asn.1/asn1_encode.c @@ -2,7 +2,7 @@ /* * src/lib/krb5/asn.1/asn1_encode.c * - * Copyright 1994 by the Massachusetts Institute of Technology. + * Copyright 1994, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -30,7 +30,30 @@ #include "asn1_encode.h" #include "asn1_make.h" -static asn1_error_code asn1_encode_integer_internal(asn1buf *buf, long val, +asn1_error_code asn1_encode_boolean(asn1buf *buf, asn1_intmax val, + unsigned int *retlen) +{ + asn1_error_code retval; + unsigned int length = 0; + unsigned int partlen = 1; + asn1_octet bval; + + bval = val ? 0xFF : 0x00; + + retval = asn1buf_insert_octet(buf, bval); + if (retval) return retval; + + length = partlen; + retval = asn1_make_tag(buf, UNIVERSAL, PRIMITIVE, ASN1_BOOLEAN, length, &partlen); + if (retval) return retval; + length += partlen; + + *retlen = length; + return 0; +} + +static asn1_error_code asn1_encode_integer_internal(asn1buf *buf, + asn1_intmax val, unsigned int *retlen) { asn1_error_code retval; @@ -62,7 +85,7 @@ static asn1_error_code asn1_encode_integer_internal(asn1buf *buf, long val, return 0; } -asn1_error_code asn1_encode_integer(asn1buf * buf, long val, +asn1_error_code asn1_encode_integer(asn1buf * buf, asn1_intmax val, unsigned int *retlen) { asn1_error_code retval; @@ -80,6 +103,7 @@ asn1_error_code asn1_encode_integer(asn1buf * buf, long val, return 0; } +#if 0 asn1_error_code asn1_encode_enumerated(asn1buf * buf, long val, unsigned int *retlen) @@ -98,8 +122,9 @@ asn1_encode_enumerated(asn1buf * buf, long val, *retlen = length; return 0; } +#endif -asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, unsigned long val, +asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, asn1_uintmax val, unsigned int *retlen) { asn1_error_code retval; @@ -115,7 +140,7 @@ asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, unsigned long val, if (retval) return retval; length++; valcopy = valcopy >> 8; - } while (valcopy != 0 && valcopy != ~0); + } while (valcopy != 0); if (digit&0x80) { /* make sure the high bit is */ retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ @@ -131,16 +156,18 @@ asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, unsigned long val, return 0; } -asn1_error_code asn1_encode_oid(asn1buf *buf, unsigned int len, - const asn1_octet *val, - unsigned int *retlen) +static asn1_error_code +encode_bytestring_with_tag(asn1buf *buf, unsigned int len, + const void *val, int tag, + unsigned int *retlen) { asn1_error_code retval; unsigned int length; + if (len > 0 && val == 0) return ASN1_MISSING_FIELD; retval = asn1buf_insert_octetstring(buf, len, val); if (retval) return retval; - retval = asn1_make_tag(buf, UNIVERSAL, PRIMITIVE, ASN1_OBJECTIDENTIFIER, + retval = asn1_make_tag(buf, UNIVERSAL, PRIMITIVE, tag, len, &length); if (retval) return retval; @@ -148,37 +175,23 @@ asn1_error_code asn1_encode_oid(asn1buf *buf, unsigned int len, return 0; } -asn1_error_code asn1_encode_octetstring(asn1buf *buf, unsigned int len, - const asn1_octet *val, - unsigned int *retlen) +asn1_error_code asn1_encode_oid(asn1buf *buf, unsigned int len, + const asn1_octet *val, + unsigned int *retlen) { - asn1_error_code retval; - unsigned int length; - - retval = asn1buf_insert_octetstring(buf,len,val); - if (retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_OCTETSTRING,len,&length); - if (retval) return retval; - - *retlen = len + length; - return 0; + return encode_bytestring_with_tag(buf, len, val, ASN1_OBJECTIDENTIFIER, + retlen); } -asn1_error_code asn1_encode_charstring(asn1buf *buf, unsigned int len, - const char *val, unsigned int *retlen) +asn1_error_code asn1_encode_octetstring(asn1buf *buf, unsigned int len, + const void *val, + unsigned int *retlen) { - asn1_error_code retval; - unsigned int length; - - retval = asn1buf_insert_charstring(buf,len,val); - if (retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_OCTETSTRING,len,&length); - if (retval) return retval; - - *retlen = len + length; - return 0; + return encode_bytestring_with_tag(buf, len, val, ASN1_OCTETSTRING, + retlen); } +#if 0 asn1_error_code asn1_encode_null(asn1buf *buf, int *retlen) { asn1_error_code retval; @@ -195,40 +208,23 @@ asn1_error_code asn1_encode_null(asn1buf *buf, int *retlen) asn1_error_code asn1_encode_printablestring(asn1buf *buf, unsigned int len, const char *val, int *retlen) { - asn1_error_code retval; - unsigned int length; - - retval = asn1buf_insert_charstring(buf,len,val); - if (retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_PRINTABLESTRING,len, &length); - if (retval) return retval; - - *retlen = len + length; - return 0; + return encode_bytestring_with_tag(buf, len, val, ASN1_PRINTABLESTRING, + retlen); } asn1_error_code asn1_encode_ia5string(asn1buf *buf, unsigned int len, const char *val, int *retlen) { - asn1_error_code retval; - unsigned int length; - - retval = asn1buf_insert_charstring(buf,len,val); - if (retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_IA5STRING,len, &length); - if (retval) return retval; - - *retlen = len + length; - return 0; + return encode_bytestring_with_tag(buf, len, val, ASN1_IA5STRING, + retlen); } +#endif asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, unsigned int *retlen) { - asn1_error_code retval; struct tm *gtime, gtimebuf; char s[16], *sp; - unsigned int length, sum=0; time_t gmt_time = val; /* @@ -237,6 +233,7 @@ asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, if (gmt_time == 0) { sp = "19700101000000Z"; } else { + int len; /* * Sanity check this just to be paranoid, as gmtime can return NULL, @@ -262,40 +259,436 @@ asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, gtime->tm_mday > 31 || gtime->tm_hour > 23 || gtime->tm_min > 59 || gtime->tm_sec > 59) return ASN1_BAD_GMTIME; - if (snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ", - 1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday, - gtime->tm_hour, gtime->tm_min, gtime->tm_sec) - >= sizeof(s)) + len = snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ", + 1900+gtime->tm_year, gtime->tm_mon+1, + gtime->tm_mday, gtime->tm_hour, + gtime->tm_min, gtime->tm_sec); + if (SNPRINTF_OVERFLOW(len, sizeof(s))) /* Shouldn't be possible given above tests. */ return ASN1_BAD_GMTIME; sp = s; } - retval = asn1buf_insert_charstring(buf,15,sp); + return encode_bytestring_with_tag(buf, 15, sp, ASN1_GENERALTIME, + retlen); +} + +asn1_error_code asn1_encode_generalstring(asn1buf *buf, unsigned int len, + const void *val, + unsigned int *retlen) +{ + return encode_bytestring_with_tag(buf, len, val, ASN1_GENERALSTRING, + retlen); +} + +asn1_error_code asn1_encode_bitstring(asn1buf *buf, unsigned int len, + const void *val, + unsigned int *retlen) +{ + asn1_error_code retval; + unsigned int length; + + retval = asn1buf_insert_octetstring(buf, len, val); + if (retval) return retval; + retval = asn1buf_insert_octet(buf, 0); if (retval) return retval; - sum = 15; + retval = asn1_make_tag(buf, UNIVERSAL, PRIMITIVE, ASN1_BITSTRING, + len+1, &length); + if (retval) return retval; + *retlen = len + 1 + length; + return 0; +} - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_GENERALTIME,sum,&length); +asn1_error_code asn1_encode_opaque(asn1buf *buf, unsigned int len, + const void *val, unsigned int *retlen) +{ + asn1_error_code retval; + + retval = asn1buf_insert_octetstring(buf, len, val); if (retval) return retval; - sum += length; + *retlen = len; + return 0; +} + +/* ASN.1 constructed type encoder engine + + Two entry points here: + + krb5int_asn1_encode_a_thing: Incrementally adds the partial + encoding of an object to an already-initialized asn1buf. + + krb5int_asn1_do_full_encode: Returns a completed encoding, in the + correct byte order, in an allocated krb5_data. */ + +#ifdef POINTERS_ARE_ALL_THE_SAME +#define LOADPTR(PTR,TYPE) \ + (assert((TYPE)->loadptr != NULL), (TYPE)->loadptr(PTR)) +#else +#define LOADPTR(PTR,TYPE) \ + (*(const void *const *)(PTR)) +#endif + +static int +get_nullterm_sequence_len(const void *valp, const struct atype_info *seq) +{ + int i; + const struct atype_info *a; + const void *elt, *eltptr; + + a = seq; + i = 0; + assert(a->type == atype_ptr); + assert(seq->size != 0); + + while (1) { + eltptr = (const char *) valp + i * seq->size; + elt = LOADPTR(eltptr, a); + if (elt == NULL) + break; + i++; + } + return i; +} +static asn1_error_code +encode_sequence_of(asn1buf *buf, int seqlen, const void *val, + const struct atype_info *eltinfo, + unsigned int *retlen); + +static asn1_error_code +encode_nullterm_sequence_of(asn1buf *buf, const void *val, + const struct atype_info *type, + int can_be_empty, + unsigned int *retlen) +{ + int length = get_nullterm_sequence_len(val, type); + if (!can_be_empty && length == 0) return ASN1_MISSING_FIELD; + return encode_sequence_of(buf, length, val, type, retlen); +} + +static asn1_error_code +just_encode_sequence(asn1buf *buf, const void *val, + const struct seq_info *seq, + unsigned int *retlen); +static asn1_error_code +encode_a_field(asn1buf *buf, const void *val, + const struct field_info *field, + unsigned int *retlen); +asn1_error_code +krb5int_asn1_encode_a_thing(asn1buf *buf, const void *val, + const struct atype_info *a, unsigned int *retlen) +{ + switch (a->type) { + case atype_fn: + assert(a->enc != NULL); + return a->enc(buf, val, retlen); + case atype_sequence: + assert(a->seq != NULL); + return just_encode_sequence(buf, val, a->seq, retlen); + case atype_ptr: + assert(a->basetype != NULL); + return krb5int_asn1_encode_a_thing(buf, LOADPTR(val, a), + a->basetype, retlen); + case atype_field: + assert(a->field != NULL); + return encode_a_field(buf, val, a->field, retlen); + case atype_nullterm_sequence_of: + case atype_nonempty_nullterm_sequence_of: + assert(a->basetype != NULL); + return encode_nullterm_sequence_of(buf, val, a->basetype, + a->type == atype_nullterm_sequence_of, + retlen); + case atype_tagged_thing: + { + asn1_error_code retval; + unsigned int length, sum = 0; + retval = krb5int_asn1_encode_a_thing(buf, val, a->basetype, &length); + if (retval) return retval; + sum = length; + retval = asn1_make_etag(buf, a->tagtype, a->tagval, sum, &length); + if (retval) return retval; + sum += length; + *retlen = sum; + return 0; + } + case atype_int: + assert(a->loadint != NULL); + return asn1_encode_integer(buf, a->loadint(val), retlen); + case atype_uint: + assert(a->loaduint != NULL); + return asn1_encode_unsigned_integer(buf, a->loaduint(val), retlen); + case atype_min: + case atype_max: + case atype_fn_len: + default: + assert(a->type > atype_min); + assert(a->type < atype_max); + assert(a->type != atype_fn_len); + abort(); + } +} + +static asn1_error_code +encode_a_field(asn1buf *buf, const void *val, + const struct field_info *field, + unsigned int *retlen) +{ + asn1_error_code retval; + unsigned int sum = 0; + + if (val == NULL) return ASN1_MISSING_FIELD; + + switch (field->ftype) { + case field_immediate: + { + unsigned int length; + + retval = asn1_encode_integer(buf, (asn1_intmax) field->dataoff, + &length); + if (retval) return retval; + sum += length; + break; + } + case field_sequenceof_len: + { + const void *dataptr, *lenptr; + int slen; + unsigned int length; + const struct atype_info *a; + + /* The field holds a pointer to the array of objects. So the + address we compute is a pointer-to-pointer, and that's what + field->atype must help us dereference. */ + dataptr = (const char *)val + field->dataoff; + lenptr = (const char *)val + field->lenoff; + assert(field->atype->type == atype_ptr); + dataptr = LOADPTR(dataptr, field->atype); + a = field->atype->basetype; + assert(field->lentype != 0); + assert(field->lentype->type == atype_int || field->lentype->type == atype_uint); + assert(sizeof(int) <= sizeof(asn1_intmax)); + assert(sizeof(unsigned int) <= sizeof(asn1_uintmax)); + if (field->lentype->type == atype_int) { + asn1_intmax xlen = field->lentype->loadint(lenptr); + if (xlen < 0) + return EINVAL; + if ((unsigned int) xlen != (asn1_uintmax) xlen) + return EINVAL; + if ((unsigned int) xlen > INT_MAX) + return EINVAL; + slen = (int) xlen; + } else { + asn1_uintmax xlen = field->lentype->loaduint(lenptr); + if ((unsigned int) xlen != xlen) + return EINVAL; + if (xlen > INT_MAX) + return EINVAL; + slen = (int) xlen; + } + if (slen != 0 && dataptr == NULL) + return ASN1_MISSING_FIELD; + retval = encode_sequence_of(buf, slen, dataptr, a, &length); + if (retval) return retval; + sum += length; + break; + } + case field_normal: + { + const void *dataptr; + const struct atype_info *a; + unsigned int length; + + dataptr = (const char *)val + field->dataoff; + + a = field->atype; + assert(a->type != atype_fn_len); + retval = krb5int_asn1_encode_a_thing(buf, dataptr, a, &length); + if (retval) { + return retval; + } + sum += length; + break; + } + case field_string: + { + const void *dataptr, *lenptr; + const struct atype_info *a; + size_t slen; + unsigned int length; + + dataptr = (const char *)val + field->dataoff; + lenptr = (const char *)val + field->lenoff; + + a = field->atype; + assert(a->type == atype_fn_len); + assert(field->lentype != 0); + assert(field->lentype->type == atype_int || field->lentype->type == atype_uint); + assert(sizeof(int) <= sizeof(asn1_intmax)); + assert(sizeof(unsigned int) <= sizeof(asn1_uintmax)); + if (field->lentype->type == atype_int) { + asn1_intmax xlen = field->lentype->loadint(lenptr); + if (xlen < 0) + return EINVAL; + if ((size_t) xlen != (asn1_uintmax) xlen) + return EINVAL; + slen = (size_t) xlen; + } else { + asn1_uintmax xlen = field->lentype->loaduint(lenptr); + if ((size_t) xlen != xlen) + return EINVAL; + slen = (size_t) xlen; + } + + dataptr = LOADPTR(dataptr, a); + if (slen == SIZE_MAX) + /* Error - negative or out of size_t range. */ + return EINVAL; + if (dataptr == NULL && slen != 0) + return ASN1_MISSING_FIELD; + /* Currently our string encoders want "unsigned int" for + lengths. */ + if (slen != (unsigned int) slen) + return EINVAL; + assert(a->enclen != NULL); + retval = a->enclen(buf, (unsigned int) slen, dataptr, &length); + if (retval) { + return retval; + } + sum += length; + break; + } + default: + assert(field->ftype > field_min); + assert(field->ftype < field_max); + assert(__LINE__ == 0); + abort(); + } + if (field->tag >= 0) { + unsigned int length; + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, field->tag, sum, + &length); + if (retval) { + return retval; + } + sum += length; + } *retlen = sum; return 0; } -asn1_error_code asn1_encode_generalstring(asn1buf *buf, unsigned int len, - const char *val, - unsigned int *retlen) +static asn1_error_code +encode_fields(asn1buf *buf, const void *val, + const struct field_info *fields, size_t nfields, + unsigned int optional, + unsigned int *retlen) +{ + size_t i; + unsigned int sum = 0; + for (i = nfields; i > 0; i--) { + const struct field_info *f = fields+i-1; + unsigned int length; + asn1_error_code retval; + int present; + + if (f->opt == -1) + present = 1; + else if ((1u << f->opt) & optional) + present = 1; + else + present = 0; + if (present) { + retval = encode_a_field(buf, val, f, &length); + if (retval) return retval; + sum += length; + } + } + *retlen = sum; + return 0; +} + +static asn1_error_code +just_encode_sequence(asn1buf *buf, const void *val, + const struct seq_info *seq, + unsigned int *retlen) { + const struct field_info *fields = seq->fields; + size_t nfields = seq->n_fields; + unsigned int optional; asn1_error_code retval; - unsigned int length; + unsigned int sum = 0; + + if (seq->optional) + optional = seq->optional(val); + else + /* In this case, none of the field descriptors should indicate + that we examine any bits of this value. */ + optional = 0; + { + unsigned int length; + retval = encode_fields(buf, val, fields, nfields, optional, &length); + if (retval) return retval; + sum += length; + } + { + unsigned int length; + retval = asn1_make_sequence(buf, sum, &length); + if (retval) return retval; + sum += length; + } + *retlen = sum; + return 0; +} - retval = asn1buf_insert_charstring(buf,len,val); - if (retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_GENERALSTRING,len, - &length); - if (retval) return retval; +static asn1_error_code +encode_sequence_of(asn1buf *buf, int seqlen, const void *val, + const struct atype_info *eltinfo, + unsigned int *retlen) +{ + asn1_error_code retval; + unsigned int sum = 0; + int i; - *retlen = len + length; + for (i = seqlen-1; i >= 0; i--) { + const void *eltptr; + unsigned int length; + const struct atype_info *a = eltinfo; + + assert(eltinfo->size != 0); + eltptr = (const char *)val + i * eltinfo->size; + retval = krb5int_asn1_encode_a_thing(buf, eltptr, a, &length); + if (retval) return retval; + sum += length; + } + { + unsigned int length; + retval = asn1_make_sequence(buf, sum, &length); + if (retval) return retval; + sum += length; + } + *retlen = sum; return 0; } + +krb5_error_code +krb5int_asn1_do_full_encode(const void *rep, krb5_data **code, + const struct atype_info *a) +{ + unsigned int length; + asn1_error_code retval; + unsigned int sum = 0; + asn1buf *buf = NULL; + + if (rep == NULL) return ASN1_MISSING_FIELD; + + retval = asn1buf_create(&buf); + if (retval) + return retval; + + retval = krb5int_asn1_encode_a_thing(buf, rep, a, &length); + if (retval) + return retval; + sum += length; + retval = asn12krb5_buf(buf, code); + asn1buf_destroy(&buf); + return retval; +} diff --git a/src/lib/krb5/asn.1/asn1_encode.h b/src/lib/krb5/asn.1/asn1_encode.h index c75f4e8791..94ab67fe4e 100644 --- a/src/lib/krb5/asn.1/asn1_encode.h +++ b/src/lib/krb5/asn.1/asn1_encode.h @@ -2,7 +2,7 @@ /* * src/lib/krb5/asn.1/asn1_encode.h * - * Copyright 1994 by the Massachusetts Institute of Technology. + * Copyright 1994, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -41,17 +41,20 @@ Operations + asn1_encode_boolean asn1_encode_integer + asn1_encode_unsigned_integer asn1_encode_octetstring - asn1_encode_null - asn1_encode_printablestring - asn1_encode_ia5string asn1_encode_generaltime asn1_encode_generalstring + asn1_encode_bitstring + asn1_encode_oid */ +asn1_error_code asn1_encode_boolean + (asn1buf *buf, asn1_intmax val, unsigned int *retlen); asn1_error_code asn1_encode_integer - (asn1buf *buf, long val, unsigned int *retlen); + (asn1buf *buf, asn1_intmax val, unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen effects Inserts the encoding of val into *buf and returns @@ -63,7 +66,7 @@ asn1_error_code asn1_encode_enumerated (asn1buf *buf, long val, unsigned int *retlen); asn1_error_code asn1_encode_unsigned_integer - (asn1buf *buf, unsigned long val, + (asn1buf *buf, asn1_uintmax val, unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen @@ -74,7 +77,7 @@ asn1_error_code asn1_encode_unsigned_integer asn1_error_code asn1_encode_octetstring (asn1buf *buf, - unsigned int len, const asn1_octet *val, + unsigned int len, const void *val, unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen @@ -82,6 +85,7 @@ asn1_error_code asn1_encode_octetstring the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ +#define asn1_encode_charstring asn1_encode_octetstring asn1_error_code asn1_encode_oid (asn1buf *buf, @@ -94,17 +98,6 @@ asn1_error_code asn1_encode_oid Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ -asn1_error_code asn1_encode_charstring - (asn1buf *buf, - unsigned int len, const char *val, - unsigned int *retlen); -/* requires *buf is allocated - modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns - the length of the encoding in *retlen. - Returns ENOMEM to signal an unsuccesful attempt - to expand the buffer. */ - asn1_error_code asn1_encode_null (asn1buf *buf, int *retlen); /* requires *buf is allocated @@ -148,7 +141,7 @@ asn1_error_code asn1_encode_generaltime asn1_error_code asn1_encode_generalstring (asn1buf *buf, - unsigned int len, const char *val, + unsigned int len, const void *val, unsigned int *retlen); /* requires *buf is allocated, val has a length of len characters modifies *buf, *retlen @@ -157,4 +150,515 @@ asn1_error_code asn1_encode_generalstring Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ +asn1_error_code asn1_encode_bitstring(asn1buf *buf, unsigned int len, + const void *val, + unsigned int *retlen); +/* requires *buf is allocated, val has a length of len characters + modifies *buf, *retlen + effects Inserts the encoding of val into *buf and returns + the length of the encoding in *retlen. + Returns ENOMEM to signal an unsuccesful attempt + to expand the buffer. */ + +asn1_error_code asn1_encode_opaque(asn1buf *buf, unsigned int len, + const void *val, + unsigned int *retlen); +/* requires *buf is allocated, val has a length of len characters + modifies *buf, *retlen + effects Inserts the encoding of val into *buf and returns + the length of the encoding in *retlen. + Returns ENOMEM to signal an unsuccesful attempt + to expand the buffer. */ + +/* Type descriptor info. + + In this context, a "type" is a combination of a C data type + and an ASN.1 encoding scheme for it. So we would have to define + different "types" for: + + * unsigned char* encoded as octet string + * char* encoded as octet string + * char* encoded as generalstring + * krb5_data encoded as octet string + * krb5_data encoded as generalstring + * int32_t encoded as integer + * unsigned char encoded as integer + + Perhaps someday some kind of flags could be defined so that minor + variations on the C types could be handled via common routines. + + The handling of strings is pretty messy. Currently, we have a + separate kind of encoder function that takes an extra length + parameter. Perhaps we should just give up on that, always deal + with just a single location, and handle strings by via encoder + functions for krb5_data, keyblock, etc. + + We wind up with a lot of load-time relocations being done, which is + a bit annoying. Be careful about "fixing" that at the cost of too + much run-time performance. It might work to have a master "module" + descriptor with pointers to various arrays (type descriptors, + strings, field descriptors, functions) most of which don't need + relocation themselves, and replace most of the pointers with table + indices. + + It's a work in progress. */ + +enum atype_type { + /* For bounds checking only. By starting with values above 1, we + guarantee that zero-initialized storage will be recognized as + invalid. */ + atype_min = 1, + /* Encoder function to be called with address of . */ + atype_fn, + /* Encoder function to be called with address of and a + length (unsigned int). */ + atype_fn_len, + /* Pointer to actual thing to be encoded. + + Most of the fields are related only to the C type -- size, how + to fetch a pointer in a type-safe fashion -- but since the base + type descriptor encapsulates the encoding as well, different + encodings for the same C type may require different pointer-to + types as well. + + Must not refer to atype_fn_len. */ + atype_ptr, + /* Sequence, with pointer to sequence descriptor header. */ + atype_sequence, + /* Sequence-of, with pointer to base type descriptor, represented + as a null-terminated array of pointers (and thus the "base" + type descriptor is actually an atype_ptr node). */ + atype_nullterm_sequence_of, + atype_nonempty_nullterm_sequence_of, + /* Encode this object using a single field descriptor. This may + mean the atype/field breakdown needs revision.... + + Main expected uses: Encode realm component of principal as a + GENERALSTRING. Pluck data and length fields out of a structure + and encode a counted SEQUENCE OF. */ + atype_field, + /* Tagged version of another type. */ + atype_tagged_thing, + /* Integer types. */ + atype_int, + atype_uint, + /* Unused except for bounds checking. */ + atype_max +}; + +/* Initialized structures could be a lot smaller if we could use C99 + designated initializers, and a union for all the type-specific + stuff. Maybe use the hack we use for krb5int_access, where we use + a run-time initialize if the compiler doesn't support designated + initializers? That's a lot of work here, though, with so many + little structures. Maybe if/when these get auto-generated. */ +struct atype_info { + enum atype_type type; + /* used for sequence-of processing */ + unsigned int size; + /* atype_fn */ + asn1_error_code (*enc)(asn1buf *, const void *, unsigned int *); + /* atype_fn_len */ + asn1_error_code (*enclen)(asn1buf *, unsigned int, const void *, + unsigned int *); + /* atype_ptr, atype_fn_len */ + const void *(*loadptr)(const void *); + /* atype_ptr, atype_nullterm_sequence_of */ + const struct atype_info *basetype; + /* atype_sequence */ + const struct seq_info *seq; + /* atype_field */ + const struct field_info *field; + /* atype_tagged_thing */ + unsigned int tagval : 8, tagtype : 8; + /* atype_[u]int */ + asn1_intmax (*loadint)(const void *); + asn1_uintmax (*loaduint)(const void *); +}; + +/* The various DEF*TYPE macros must: + + + Define a type named aux_typedefname_##DESCNAME, for use in any + types derived from the type being defined. + + + Define an atype_info struct named krb5int_asn1type_##DESCNAME. + + + Define any extra stuff needed in the type descriptor, like + pointer-load functions. + + + Accept a following semicolon syntactically, to keep Emacs parsing + (and indentation calculating) code happy. + + Nothing else should directly define the atype_info structures. */ + +/* Define a type for which we must use an explicit encoder function. + The DEFFNTYPE variant uses a function taking a void*, the + DEFFNXTYPE form wants a function taking a pointer to the actual C + type to be encoded; you should use the latter unless you've already + got the void* function supplied elsewhere. + + Of course, we need a single, consistent type for the descriptor + structure field, so we use the function pointer type that uses + void*, and create a wrapper function in DEFFNXTYPE. However, in + all our cases so far, the supplied function is static and not used + otherwise, so the compiler can merge it with the wrapper function + if the optimizer is good enough. */ +#define DEFFNTYPE(DESCNAME, CTYPENAME, ENCFN) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_fn, sizeof(CTYPENAME), ENCFN, \ + } +#define DEFFNXTYPE(DESCNAME, CTYPENAME, ENCFN) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + static asn1_error_code \ + aux_encfn_##DESCNAME(asn1buf *buf, const void *val, \ + unsigned int *retlen) \ + { \ + return ENCFN(buf, \ + (const aux_typedefname_##DESCNAME *)val, \ + retlen); \ + } \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_fn, sizeof(CTYPENAME), aux_encfn_##DESCNAME, \ + } +/* XXX The handling of data+length fields really needs reworking. + A type descriptor probably isn't the right way. + + Also, the C type is likely to be one of char*, unsigned char*, + or (maybe) void*. An enumerator or reference to an external + function would be more compact. + + The supplied encoder function takes as an argument the data pointer + loaded from the indicated location, not the address of the field. + This isn't consistent with DEFFN[X]TYPE above, but all of the uses + of DEFFNLENTYPE are for string encodings, and that's how our + string-encoding primitives work. So be it. */ +#ifdef POINTERS_ARE_ALL_THE_SAME +#define DEFFNLENTYPE(DESCNAME, CTYPENAME, ENCFN) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_fn_len, 0, 0, ENCFN, \ + } +#else +#define DEFFNLENTYPE(DESCNAME, CTYPENAME, ENCFN) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + static const void *loadptr_for_##DESCNAME(const void *pv) \ + { \ + const aux_typedefname_##DESCNAME *p = pv; \ + return *p; \ + } \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_fn_len, 0, 0, ENCFN, \ + loadptr_for_##DESCNAME \ + } +#endif +/* A sequence, defined by the indicated series of fields, and an + optional function indicating which fields are present. */ +#define DEFSEQTYPE(DESCNAME, CTYPENAME, FIELDS, OPT) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + static const struct seq_info aux_seqinfo_##DESCNAME = { \ + OPT, FIELDS, sizeof(FIELDS)/sizeof(FIELDS[0]) \ + }; \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_sequence, sizeof(CTYPENAME), 0,0,0,0, \ + &aux_seqinfo_##DESCNAME, \ + } +/* Integer types. */ +#define DEFINTTYPE(DESCNAME, CTYPENAME) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + static asn1_intmax loadint_##DESCNAME(const void *p) \ + { \ + assert(sizeof(CTYPENAME) <= sizeof(asn1_intmax)); \ + return *(const aux_typedefname_##DESCNAME *)p; \ + } \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_int, sizeof(CTYPENAME), 0, 0, 0, 0, 0, 0, 0, 0, \ + loadint_##DESCNAME, 0, \ + } +#define DEFUINTTYPE(DESCNAME, CTYPENAME) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + static asn1_uintmax loaduint_##DESCNAME(const void *p) \ + { \ + assert(sizeof(CTYPENAME) <= sizeof(asn1_uintmax)); \ + return *(const aux_typedefname_##DESCNAME *)p; \ + } \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_uint, sizeof(CTYPENAME), 0, 0, 0, 0, 0, 0, 0, 0, \ + 0, loaduint_##DESCNAME, \ + } +/* Pointers to other types, to be encoded as those other types. */ +#ifdef POINTERS_ARE_ALL_THE_SAME +#define DEFPTRTYPE(DESCNAME,BASEDESCNAME) \ + typedef aux_typedefname_##BASEDESCNAME * aux_typedefname_##DESCNAME; \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_ptr, sizeof(aux_typedefname_##DESCNAME), 0, 0, 0, \ + &krb5int_asn1type_##BASEDESCNAME, 0 \ + } +#else +#define DEFPTRTYPE(DESCNAME,BASEDESCNAME) \ + typedef aux_typedefname_##BASEDESCNAME * aux_typedefname_##DESCNAME; \ + static const void * \ + loadptr_for_##BASEDESCNAME##_from_##DESCNAME(const void *p) \ + { \ + const aux_typedefname_##DESCNAME *inptr = p; \ + const aux_typedefname_##BASEDESCNAME *retptr; \ + retptr = *inptr; \ + return retptr; \ + } \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_ptr, sizeof(aux_typedefname_##DESCNAME), 0, 0, \ + loadptr_for_##BASEDESCNAME##_from_##DESCNAME, \ + &krb5int_asn1type_##BASEDESCNAME, 0 \ + } +#endif +/* This encodes a pointer-to-pointer-to-thing where the passed-in + value points to a null-terminated list of pointers to objects to be + encoded, and encodes a (possibly empty) SEQUENCE OF these objects. + + BASEDESCNAME is a descriptor name for the pointer-to-thing + type. + + When dealing with a structure containing a + pointer-to-pointer-to-thing field, make a DEFPTRTYPE of this type, + and use that type for the structure field. */ +#define DEFNULLTERMSEQOFTYPE(DESCNAME,BASEDESCNAME) \ + typedef aux_typedefname_##BASEDESCNAME aux_typedefname_##DESCNAME; \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_nullterm_sequence_of, sizeof(aux_typedefname_##DESCNAME), \ + 0, 0, \ + 0 /* loadptr */, \ + &krb5int_asn1type_##BASEDESCNAME, 0 \ + } +#define DEFNONEMPTYNULLTERMSEQOFTYPE(DESCNAME,BASEDESCNAME) \ + typedef aux_typedefname_##BASEDESCNAME aux_typedefname_##DESCNAME; \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_nonempty_nullterm_sequence_of, \ + sizeof(aux_typedefname_##DESCNAME), \ + 0, 0, \ + 0 /* loadptr */, \ + &krb5int_asn1type_##BASEDESCNAME, 0 \ + } +/* Encode a thing (probably sub-fields within the structure) as a + single object. */ +#define DEFFIELDTYPE(DESCNAME, CTYPENAME, FIELDINFO) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + static const struct field_info aux_fieldinfo_##DESCNAME = FIELDINFO; \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_field, sizeof(CTYPENAME), 0, 0, 0, 0, 0, \ + &aux_fieldinfo_##DESCNAME \ + } +/* Objects with an APPLICATION tag added. */ +#define DEFAPPTAGGEDTYPE(DESCNAME, TAG, BASEDESC) \ + typedef aux_typedefname_##BASEDESC aux_typedefname_##DESCNAME; \ + const struct atype_info krb5int_asn1type_##DESCNAME = { \ + atype_tagged_thing, sizeof(aux_typedefname_##DESCNAME), \ + 0, 0, 0, &krb5int_asn1type_##BASEDESC, 0, 0, TAG, APPLICATION \ + } + +/* Declare an externally-defined type. This is a hack we should do + away with once we move to generating code from a script. For now, + this macro is unfortunately not compatible with the defining macros + above, since you can't do the typedefs twice and we need the + declarations to produce typedefs. (We could eliminate the typedefs + from the DEF* macros, but then every DEF* macro use, even the ones + for internal type nodes we only use to build other types, would + need an accompanying declaration which explicitly lists the + type.) */ +#define IMPORT_TYPE(DESCNAME, CTYPENAME) \ + typedef CTYPENAME aux_typedefname_##DESCNAME; \ + extern const struct atype_info krb5int_asn1type_##DESCNAME + +/* Create a partial-encoding function by the indicated name, for the + indicated type. Should only be needed until we've converted all of + the encoders, then everything should use descriptor tables. */ +extern asn1_error_code +krb5int_asn1_encode_a_thing(asn1buf *buf, const void *val, + const struct atype_info *a, unsigned int *retlen); +#define MAKE_ENCFN(FNAME,DESC) \ + static asn1_error_code FNAME (asn1buf *buf, \ + const aux_typedefname_##DESC *val, \ + unsigned int *retlen) \ + { \ + return krb5int_asn1_encode_a_thing(buf, val, \ + &krb5int_asn1type_##DESC, \ + retlen); \ + } \ + extern int dummy /* gobble semicolon */ + +/* Sequence field descriptor. + + Currently we assume everything is a single object with a type + descriptor, and then we bolt on some ugliness on the side for + handling strings with length fields. + + Anything with "interesting" encoding handling, like a sequence-of + or a pointer to the actual value to encode, is handled via opaque + types with their own encoder functions. Most of that should + eventually change. */ + +enum field_type { + /* Unused except for range checking. */ + field_min = 1, + /* Field ATYPE describes processing of field at DATAOFF. */ + field_normal, + /* Encode an "immediate" integer value stored in DATAOFF, with no + reference to the data structure. */ + field_immediate, + /* Encode some kind of string field encoded with pointer and + length. (A GENERALSTRING represented as a null-terminated C + string would be handled as field_normal.) */ + field_string, + /* LENOFF indicates a value describing the length of the array at + DATAOFF, encoded as a sequence-of with the element type + described by ATYPE. */ + field_sequenceof_len, + /* Unused except for range checking. */ + field_max +}; +/* To do: Consider using bitfields. */ +struct field_info { + /* Type of the field. */ + unsigned int /* enum field_type */ ftype : 3; + + /* Use of DATAOFF and LENOFF are described by the value in FTYPE. + Generally DATAOFF will be the offset from the supplied pointer + at which we find the object to be encoded. */ + unsigned int dataoff : 9, lenoff : 9; + + /* If TAG is non-negative, a context tag with that value is added + to the encoding of the thing. (XXX This would encode more + compactly as an unsigned bitfield value tagnum+1, with 0=no + tag.) The tag is omitted for optional fields that are not + present. + + It's a bit illogical to combine the tag and other field info, + since really a sequence field could have zero or several + context tags, and of course a tag could be used elsewhere. But + the normal mode in the Kerberos ASN.1 description is to use one + context tag on each sequence field, so for now let's address + that case primarily and work around the other cases (thus tag<0 + means skip tagging). */ + signed int tag : 5; + + /* If OPT is non-negative and the sequence header structure has a + function pointer describing which fields are present, OPT is + the bit position indicating whether the currently-described + element is present. (XXX Similar encoding issue.) + + Note: Most of the time, I'm using the same number here as for + the context tag. This is just because it's easier for me to + keep track while working on the code by hand. The *only* + meaningful correlation is of this value and the bits set by the + "optional" function when examining the data structure. */ + signed int opt : 5; + + /* For some values of FTYPE, this describes the type of the + object(s) to be encoded. */ + const struct atype_info *atype; + + /* We use different types for "length" fields in different places. + So we need a good way to retrieve the various kinds of lengths + in a compatible way. This may be a string length, or the + length of an array of objects to encode in a SEQUENCE OF. + + In case the field is signed and negative, or larger than + size_t, return SIZE_MAX as an error indication. We'll assume + for now that we'll never have 4G-1 (or 2**64-1, or on tiny + systems, 65535) sized values. On most if not all systems we + care about, SIZE_MAX is equivalent to "all of addressable + memory" minus one byte. That wouldn't leave enough extra room + for the structure we're encoding, so it's pretty safe to assume + SIZE_MAX won't legitimately come up on those systems. + + If this code gets ported to a segmented architecture or other + system where it might be possible... figure it out then. */ + const struct atype_info *lentype; +}; + +/* Normal or optional sequence fields at a particular offset, encoded + as indicated by the listed DESCRiptor. */ +#define FIELDOF_OPT(TYPE,DESCR,FIELDNAME,TAG,OPT) \ + { \ + field_normal, OFFOF(TYPE, FIELDNAME, aux_typedefname_##DESCR), \ + 0, TAG, OPT, &krb5int_asn1type_##DESCR \ + } +#define FIELDOF_NORM(TYPE,DESCR,FIELDNAME,TAG) \ + FIELDOF_OPT(TYPE,DESCR,FIELDNAME,TAG,-1) +/* If encoding a subset of the fields of the current structure (for + example, a flat structure describing data that gets encoded as a + sequence containing one or more sequences), use ENCODEAS, no struct + field name(s), and the indicated type descriptor must support the + current struct type. */ +#define FIELDOF_ENCODEAS(TYPE,DESCR,TAG) \ + FIELDOF_ENCODEAS_OPT(TYPE,DESCR,TAG,-1) +#define FIELDOF_ENCODEAS_OPT(TYPE,DESCR,TAG,OPT) \ + { \ + field_normal, \ + 0 * sizeof(0 ? (TYPE *)0 : (aux_typedefname_##DESCR *) 0), \ + 0, TAG, OPT, &krb5int_asn1type_##DESCR \ + } + +/* Reinterpret some subset of the structure itself as something + else. */ +#define FIELD_SELF(DESCR, TAG) \ + { field_normal, 0, 0, TAG, -1, &krb5int_asn1type_##DESCR } + +#define FIELDOF_OPTSTRINGL(STYPE,DESC,PTRFIELD,LENDESC,LENFIELD,TAG,OPT) \ + { \ + field_string, \ + OFFOF(STYPE, PTRFIELD, aux_typedefname_##DESC), \ + OFFOF(STYPE, LENFIELD, aux_typedefname_##LENDESC), \ + TAG, OPT, &krb5int_asn1type_##DESC, &krb5int_asn1type_##LENDESC \ + } +#define FIELDOF_OPTSTRING(STYPE,DESC,PTRFIELD,LENFIELD,TAG,OPT) \ + FIELDOF_OPTSTRINGL(STYPE,DESC,PTRFIELD,uint,LENFIELD,TAG,OPT) +#define FIELDOF_STRINGL(STYPE,DESC,PTRFIELD,LENDESC,LENFIELD,TAG) \ + FIELDOF_OPTSTRINGL(STYPE,DESC,PTRFIELD,LENDESC,LENFIELD,TAG,-1) +#define FIELDOF_STRING(STYPE,DESC,PTRFIELD,LENFIELD,TAG) \ + FIELDOF_OPTSTRING(STYPE,DESC,PTRFIELD,LENFIELD,TAG,-1) +#define FIELD_INT_IMM(VALUE,TAG) \ + { field_immediate, VALUE, 0, TAG, -1, 0, } + +#define FIELDOF_SEQOF_LEN(STYPE,DESC,PTRFIELD,LENFIELD,LENTYPE,TAG) \ + { \ + field_sequenceof_len, \ + OFFOF(STYPE, PTRFIELD, aux_typedefname_##DESC), \ + OFFOF(STYPE, LENFIELD, aux_typedefname_##LENTYPE), \ + TAG, -1, &krb5int_asn1type_##DESC, &krb5int_asn1type_##LENTYPE \ + } +#define FIELDOF_SEQOF_INT32(STYPE,DESC,PTRFIELD,LENFIELD,TAG) \ + FIELDOF_SEQOF_LEN(STYPE,DESC,PTRFIELD,LENFIELD,int32,TAG) + +struct seq_info { + /* If present, returns a bitmask indicating which fields are + present. See the "opt" field in struct field_info. */ + unsigned int (*optional)(const void *); + /* Indicates an array of sequence field descriptors. */ + const struct field_info *fields; + size_t n_fields; + /* Missing: Extensibility handling. (New field type?) */ +}; + +extern krb5_error_code +krb5int_asn1_do_full_encode(const void *rep, krb5_data **code, + const struct atype_info *a); + +#define MAKE_FULL_ENCODER(FNAME, DESC) \ + krb5_error_code FNAME(const aux_typedefname_##DESC *rep, \ + krb5_data **code) \ + { \ + return krb5int_asn1_do_full_encode(rep, code, \ + &krb5int_asn1type_##DESC); \ + } \ + extern int dummy /* gobble semicolon */ + +#include +/* Ugly hack! + Like "offsetof", but with type checking. */ +#define WARN_IF_TYPE_MISMATCH(LVALUE, TYPE) \ + (sizeof(0 ? (TYPE *) 0 : &(LVALUE))) +#define OFFOF(TYPE,FIELD,FTYPE) \ + (offsetof(TYPE, FIELD) \ + + 0 * WARN_IF_TYPE_MISMATCH(((TYPE*)0)->FIELD, FTYPE)) + #endif diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index e47ca6f0c4..b4dbd2fe84 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -579,6 +579,7 @@ asn1_error_code asn1_decode_enc_kdc_rep_part(asn1buf *buf, krb5_enc_kdc_rep_part get_field(val->server,9,asn1_decode_realm); get_field(val->server,10,asn1_decode_principal_name); opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL); + opt_field(val->enc_padata,12,asn1_decode_sequence_of_pa_data,NULL); end_structure(); val->magic = KV5M_ENC_KDC_REP_PART; } @@ -741,12 +742,12 @@ array_expand (void *array, int n_elts, size_t elt_size) if (n_elts <= 0) return NULL; - if (n_elts > SIZE_MAX / elt_size) + if ((unsigned int) n_elts > SIZE_MAX / elt_size) return NULL; new_size = n_elts * elt_size; if (new_size == 0) return NULL; - if (new_size / elt_size != n_elts) + if (new_size / elt_size != (unsigned int) n_elts) return NULL; new_array = realloc(array, new_size); return new_array; @@ -1186,6 +1187,46 @@ asn1_error_code asn1_decode_predicted_sam_response(asn1buf *buf, krb5_predicted_ cleanup(); } +asn1_error_code asn1_decode_setpw_req(asn1buf *buf, krb5_data *newpasswd, krb5_principal *principal) +{ + setup(); + *principal = NULL; + + { begin_structure(); + get_lenfield(newpasswd->length, newpasswd->data, 0, asn1_decode_charstring); + if (tagnum == 1) { + alloc_field(*principal, krb5_principal_data); + opt_field(*principal, 1, asn1_decode_principal_name, 0); + opt_field(*principal, 2, asn1_decode_realm, 0); + } + end_structure(); + } + cleanup(); +} + +asn1_error_code asn1_decode_pa_for_user(asn1buf *buf, krb5_pa_for_user *val) +{ + setup(); + { begin_structure(); + get_field(val->user,0,asn1_decode_principal_name); + get_field(val->user,1,asn1_decode_realm); + get_field(val->cksum,2,asn1_decode_checksum); + get_lenfield(val->auth_package.length,val->auth_package.data,3,asn1_decode_generalstring); + end_structure(); + } + cleanup(); +} + +asn1_error_code asn1_decode_pa_pac_req(asn1buf *buf, krb5_pa_pac_req *val) +{ + setup(); + { begin_structure(); + get_field(val->include_pac,0,asn1_decode_boolean); + end_structure(); + } + cleanup(); +} + #ifndef DISABLE_PKINIT /* PKINIT */ @@ -1374,7 +1415,8 @@ asn1_error_code asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_i val->parameters.length = 0; val->parameters.data = NULL; - if (length > subbuf.next - subbuf.base) { + assert(subbuf.next >= subbuf.base); + if (length > (size_t)(subbuf.next - subbuf.base)) { unsigned int size = length - (subbuf.next - subbuf.base); retval = asn1buf_remove_octetstring(&subbuf, size, &val->parameters.data); diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h index 8541a822d0..22ef264318 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ b/src/lib/krb5/asn.1/asn1_k_decode.h @@ -233,4 +233,11 @@ asn1_error_code asn1_decode_sequence_of_trusted_ca asn1_error_code asn1_decode_sequence_of_algorithm_identifier (asn1buf *buf, krb5_algorithm_identifier ***val); +asn1_error_code asn1_decode_setpw_req + (asn1buf *buf, krb5_data *rep, krb5_principal *principal); +asn1_error_code asn1_decode_pa_for_user + (asn1buf *buf, krb5_pa_for_user *val); +asn1_error_code asn1_decode_pa_pac_req + (asn1buf *buf, krb5_pa_pac_req *val); + #endif diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index e2577d8f73..3308d0ea14 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -30,45 +30,10 @@ #include "asn1_encode.h" #include -/**** asn1 macros ****/ -#if 0 - How to write an asn1 encoder function using these macros: - - asn1_error_code asn1_encode_krb5_substructure(asn1buf *buf, - const krb5_type *val, - int *retlen) - { - asn1_setup(); - - asn1_addfield(val->last_field, n, asn1_type); - asn1_addfield(rep->next_to_last_field, n-1, asn1_type); - ... - - /* for OPTIONAL fields */ - if (rep->field_i == should_not_be_omitted) - asn1_addfield(rep->field_i, i, asn1_type); - - /* for string fields (these encoders take an additional argument, - the length of the string) */ - addlenfield(rep->field_length, rep->field, i-1, asn1_type); - - /* if you really have to do things yourself... */ - retval = asn1_encode_asn1_type(buf,rep->field,&length); - if (retval) return retval; - sum += length; - retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, tag_number, length, - &length); - if (retval) return retval; - sum += length; +/* helper macros - ... - asn1_addfield(rep->second_field, 1, asn1_type); - asn1_addfield(rep->first_field, 0, asn1_type); - asn1_makeseq(); - - asn1_cleanup(); - } -#endif + These are mostly only needed for PKINIT, but there are three + basic-krb5 encoders not converted yet. */ /* setup() -- create and initialize bookkeeping variables retval: stores error codes returned from subroutines @@ -76,942 +41,1333 @@ sum: cumulative length of the entire encoding */ #define asn1_setup()\ asn1_error_code retval;\ - unsigned int length, sum=0 - -/* asn1_addfield -- add a field, or component, to the encoding */ -#define asn1_addfield(value,tag,encoder)\ -{ retval = encoder(buf,value,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length;\ - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length; } - -/* asn1_addlenfield -- add a field whose length must be separately specified */ -#define asn1_addlenfield(len,value,tag,encoder)\ -{ retval = encoder(buf,len,value,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length;\ - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length; } - -/* asn1_addfield_implicit -- add an implicitly tagged field, or component, to the encoding */ -#define asn1_addfield_implicit(value,tag,encoder)\ -{ retval = encoder(buf,value,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length;\ - retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,length,&length); \ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length; } - -/* asn1_insert_implicit_octetstring -- add an octet string with implicit tagging */ -#define asn1_insert_implicit_octetstring(len,value,tag)\ -{ retval = asn1buf_insert_octetstring(buf,len,value);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += len;\ - retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,len,&length); \ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length; } - -/* asn1_insert_implicit_bitstring -- add a bitstring with implicit tagging */ -#define asn1_insert_implicit_bitstring(len,value,tag)\ -{ retval = asn1buf_insert_octetstring(buf,len,value);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += len;\ - retval = asn1buf_insert_octet(buf, 0);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum++;\ - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,tag,len+1,&length); \ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length; } + unsigned int sum=0 /* form a sequence (by adding a sequence header to the current encoding) */ #define asn1_makeseq()\ +{ unsigned int length;\ retval = asn1_make_sequence(buf,sum,&length);\ if (retval) {\ - asn1buf_destroy(&buf);\ return retval; }\ - sum += length - -/* add an APPLICATION class tag to the current encoding */ -#define asn1_apptag(num)\ - retval = asn1_make_etag(buf,APPLICATION,num,sum,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length + sum += length; } /* produce the final output and clean up the workspace */ #define asn1_cleanup()\ *retlen = sum;\ return 0 -asn1_error_code asn1_encode_ui_4(asn1buf *buf, const krb5_ui_4 val, unsigned int *retlen) -{ - return asn1_encode_unsigned_integer(buf,val,retlen); -} - - -asn1_error_code asn1_encode_realm(asn1buf *buf, const krb5_principal val, unsigned int *retlen) -{ - if (val == NULL || - (val->realm.length && val->realm.data == NULL)) - return ASN1_MISSING_FIELD; - return asn1_encode_generalstring(buf,val->realm.length,val->realm.data, - retlen); -} +/* asn1_addfield -- add a field, or component, to the encoding */ +#define asn1_addfield(value,tag,encoder)\ +{ unsigned int length; \ + retval = encoder(buf,value,&length); \ + if (retval) {\ + return retval; }\ + sum += length;\ + retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ + if (retval) {\ + return retval; }\ + sum += length; } -asn1_error_code asn1_encode_principal_name(asn1buf *buf, const krb5_principal val, unsigned int *retlen) -{ - asn1_setup(); - int n; - - if (val == NULL || val->data == NULL) return ASN1_MISSING_FIELD; - - for (n = (int) ((val->length)-1); n >= 0; n--) { - if (val->data[n].length && - val->data[n].data == NULL) - return ASN1_MISSING_FIELD; - retval = asn1_encode_generalstring(buf, - (val->data)[n].length, - (val->data)[n].data, - &length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,1,sum,&length); - if (retval) return retval; - sum += length; +DEFINTTYPE(int32, krb5_int32); +DEFPTRTYPE(int32_ptr, int32); - asn1_addfield(val->type,0,asn1_encode_integer); +DEFUINTTYPE(uint, unsigned int); +DEFUINTTYPE(octet, krb5_octet); +DEFUINTTYPE(ui_4, krb5_ui_4); - asn1_makeseq(); +DEFFNLENTYPE(octetstring, unsigned char *, asn1_encode_octetstring); +DEFFNLENTYPE(s_octetstring, char *, asn1_encode_octetstring); +DEFFNLENTYPE(charstring, char *, asn1_encode_charstring); +DEFFNLENTYPE(generalstring, char *, asn1_encode_generalstring); +DEFFNLENTYPE(u_generalstring, unsigned char *, asn1_encode_generalstring); +DEFFNLENTYPE(opaque, char *, asn1_encode_opaque); - asn1_cleanup(); -} +DEFFIELDTYPE(gstring_data, krb5_data, + FIELDOF_STRING(krb5_data, generalstring, data, length, -1)); +DEFPTRTYPE(gstring_data_ptr,gstring_data); -asn1_error_code asn1_encode_kerberos_time(asn1buf *buf, const krb5_timestamp val, unsigned int *retlen) -{ - return asn1_encode_generaltime(buf,val,retlen); -} +DEFFIELDTYPE(ostring_data, krb5_data, + FIELDOF_STRING(krb5_data, s_octetstring, data, length, -1)); +DEFPTRTYPE(ostring_data_ptr,ostring_data); -asn1_error_code asn1_encode_host_address(asn1buf *buf, const krb5_address *val, unsigned int *retlen) -{ - asn1_setup(); +DEFFIELDTYPE(opaque_data, krb5_data, + FIELDOF_STRING(krb5_data, opaque, data, length, -1)); - if (val == NULL || val->contents == NULL) return ASN1_MISSING_FIELD; +DEFFIELDTYPE(realm_of_principal_data, krb5_principal_data, + FIELDOF_NORM(krb5_principal_data, gstring_data, realm, -1)); +DEFPTRTYPE(realm_of_principal, realm_of_principal_data); - asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - asn1_addfield(val->addrtype,0,asn1_encode_integer); - asn1_makeseq(); - asn1_cleanup(); -} +static const struct field_info princname_fields[] = { + FIELDOF_NORM(krb5_principal_data, int32, type, 0), + FIELDOF_SEQOF_INT32(krb5_principal_data, gstring_data_ptr, data, length, 1), +}; +/* krb5_principal is a typedef for krb5_principal_data*, so this is + effectively "encode_principal_data_at" with an address arg. */ +DEFSEQTYPE(principal_data, krb5_principal_data, princname_fields, 0); +DEFPTRTYPE(principal, principal_data); -asn1_error_code asn1_encode_host_addresses(asn1buf *buf, const krb5_address **val, unsigned int *retlen) +static asn1_error_code +asn1_encode_kerberos_time_at(asn1buf *buf, const krb5_timestamp *val, + unsigned int *retlen) { - asn1_setup(); - int i; - - if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - - for (i=0; val[i] != NULL; i++); /* go to end of array */ - for (i--; i>=0; i--) { - retval = asn1_encode_host_address(buf,val[i],&length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - - asn1_cleanup(); + /* Range checking for time_t vs krb5_timestamp? */ + time_t tval = *val; + return asn1_encode_generaltime(buf, tval, retlen); } +DEFFNXTYPE(kerberos_time, krb5_timestamp, asn1_encode_kerberos_time_at); -asn1_error_code asn1_encode_encrypted_data(asn1buf *buf, const krb5_enc_data *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL || - (val->ciphertext.length && val->ciphertext.data == NULL)) - return ASN1_MISSING_FIELD; +const static struct field_info address_fields[] = { + FIELDOF_NORM(krb5_address, int32, addrtype, 0), + FIELDOF_STRING(krb5_address, octetstring, contents, length, 1), +}; +DEFSEQTYPE(address, krb5_address, address_fields, 0); +DEFPTRTYPE(address_ptr, address); - asn1_addlenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_encode_charstring); - /* krb5_kvno should be int */ - if (val->kvno) - asn1_addfield((int) val->kvno,1,asn1_encode_integer); - asn1_addfield(val->enctype,0,asn1_encode_integer); +DEFNULLTERMSEQOFTYPE(seq_of_host_addresses, address_ptr); +DEFPTRTYPE(ptr_seqof_host_addresses, seq_of_host_addresses); - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_krb5_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) +static unsigned int +optional_encrypted_data (const void *vptr) { - asn1_setup(); - krb5_flags valcopy = val; - int i; - - for (i=0; i<4; i++) { - retval = asn1buf_insert_octet(buf,(asn1_octet) (valcopy&0xFF)); - if (retval) return retval; - valcopy >>= 8; - } - retval = asn1buf_insert_octet(buf,0); /* 0 padding bits */ - if (retval) return retval; - sum = 5; + const krb5_enc_data *val = vptr; + unsigned int optional = 0; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_BITSTRING,sum, - &length); - if (retval) return retval; - sum += length; + if (val->kvno != 0) + optional |= (1u << 1); - *retlen = sum; - return 0; + return optional; } -asn1_error_code asn1_encode_ap_options(asn1buf *buf, const krb5_flags val, unsigned int *retlen) -{ - return asn1_encode_krb5_flags(buf,val,retlen); -} - -asn1_error_code asn1_encode_ticket_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) -{ - return asn1_encode_krb5_flags(buf,val,retlen); -} - -asn1_error_code asn1_encode_kdc_options(asn1buf *buf, const krb5_flags val, unsigned int *retlen) -{ - return asn1_encode_krb5_flags(buf,val,retlen); -} +static const struct field_info encrypted_data_fields[] = { + FIELDOF_NORM(krb5_enc_data, int32, enctype, 0), + FIELDOF_OPT(krb5_enc_data, uint, kvno, 1, 1), + FIELDOF_NORM(krb5_enc_data, ostring_data, ciphertext, 2), +}; +DEFSEQTYPE(encrypted_data, krb5_enc_data, encrypted_data_fields, + optional_encrypted_data); -asn1_error_code asn1_encode_authorization_data(asn1buf *buf, const krb5_authdata **val, unsigned int *retlen) +/* The encode_bitstring function wants an array of bytes (since PKINIT + may provide something that isn't 32 bits), but krb5_flags is stored + as a 32-bit integer in host order. */ +static asn1_error_code +asn1_encode_krb5_flags_at(asn1buf *buf, const krb5_flags *val, + unsigned int *retlen) { - asn1_setup(); - int i; - - if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - - for (i=0; val[i] != NULL; i++); /* get to the end of the array */ - for (i--; i>=0; i--) { - retval = asn1_encode_krb5_authdata_elt(buf,val[i],&length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - - asn1_cleanup(); + unsigned char cbuf[4]; + store_32_be((krb5_ui_4) *val, cbuf); + return asn1_encode_bitstring(buf, 4, cbuf, retlen); } +DEFFNXTYPE(krb5_flags, krb5_flags, asn1_encode_krb5_flags_at); -asn1_error_code asn1_encode_krb5_authdata_elt(asn1buf *buf, const krb5_authdata *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; - - /* ad-data[1] OCTET STRING */ - asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); +const static struct field_info authdata_elt_fields[] = { /* ad-type[0] INTEGER */ - asn1_addfield(val->ad_type,0,asn1_encode_integer); - /* SEQUENCE */ - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_kdc_rep(int msg_type, asn1buf *buf, const krb5_kdc_rep *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL) return ASN1_MISSING_FIELD; - - asn1_addfield(&(val->enc_part),6,asn1_encode_encrypted_data); - asn1_addfield(val->ticket,5,asn1_encode_ticket); - asn1_addfield(val->client,4,asn1_encode_principal_name); - asn1_addfield(val->client,3,asn1_encode_realm); - if (val->padata != NULL && val->padata[0] != NULL) - asn1_addfield((const krb5_pa_data**)val->padata,2,asn1_encode_sequence_of_pa_data); - if (msg_type != KRB5_AS_REP && msg_type != KRB5_TGS_REP) - return KRB5_BADMSGTYPE; - asn1_addfield(msg_type,1,asn1_encode_integer); - asn1_addfield(KVNO,0,asn1_encode_integer); - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_enc_kdc_rep_part(asn1buf *buf, const krb5_enc_kdc_rep_part *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL) return ASN1_MISSING_FIELD; - - /* caddr[11] HostAddresses OPTIONAL */ - if (val->caddrs != NULL && val->caddrs[0] != NULL) - asn1_addfield((const krb5_address**)(val->caddrs),11,asn1_encode_host_addresses); - - /* sname[10] PrincipalName */ - asn1_addfield(val->server,10,asn1_encode_principal_name); - - /* srealm[9] Realm */ - asn1_addfield(val->server,9,asn1_encode_realm); - - /* renew-till[8] KerberosTime OPTIONAL */ - if (val->flags & TKT_FLG_RENEWABLE) - asn1_addfield(val->times.renew_till,8,asn1_encode_kerberos_time); - - /* endtime[7] KerberosTime */ - asn1_addfield(val->times.endtime,7,asn1_encode_kerberos_time); - - /* starttime[6] KerberosTime OPTIONAL */ - if (val->times.starttime) - asn1_addfield(val->times.starttime,6,asn1_encode_kerberos_time); - - /* authtime[5] KerberosTime */ - asn1_addfield(val->times.authtime,5,asn1_encode_kerberos_time); - - /* flags[4] TicketFlags */ - asn1_addfield(val->flags,4,asn1_encode_ticket_flags); - - /* key-expiration[3] KerberosTime OPTIONAL */ - if (val->key_exp) - asn1_addfield(val->key_exp,3,asn1_encode_kerberos_time); - - /* nonce[2] INTEGER */ - asn1_addfield(val->nonce,2,asn1_encode_integer); - - /* last-req[1] LastReq */ - asn1_addfield((const krb5_last_req_entry**)val->last_req,1,asn1_encode_last_req); - + FIELDOF_NORM(krb5_authdata, int32, ad_type, 0), + /* ad-data[1] OCTET STRING */ + FIELDOF_STRING(krb5_authdata, octetstring, contents, length, 1), +}; +DEFSEQTYPE(authdata_elt, krb5_authdata, authdata_elt_fields, 0); +DEFPTRTYPE(authdata_elt_ptr, authdata_elt); +DEFNONEMPTYNULLTERMSEQOFTYPE(auth_data, authdata_elt_ptr); +DEFPTRTYPE(auth_data_ptr, auth_data); + +static const struct field_info encryption_key_fields[] = { + FIELDOF_NORM(krb5_keyblock, int32, enctype, 0), + FIELDOF_STRING(krb5_keyblock, octetstring, contents, length, 1), +}; +DEFSEQTYPE(encryption_key, krb5_keyblock, encryption_key_fields, 0); +DEFPTRTYPE(ptr_encryption_key, encryption_key); + +static const struct field_info checksum_fields[] = { + FIELDOF_NORM(krb5_checksum, int32, checksum_type, 0), + FIELDOF_STRING(krb5_checksum, octetstring, contents, length, 1), +}; +DEFSEQTYPE(checksum, krb5_checksum, checksum_fields, 0); +DEFPTRTYPE(checksum_ptr, checksum); +DEFNULLTERMSEQOFTYPE(seq_of_checksum, checksum_ptr); +DEFPTRTYPE(ptr_seqof_checksum, seq_of_checksum); + +static const struct field_info lr_fields[] = { + FIELDOF_NORM(krb5_last_req_entry, int32, lr_type, 0), + FIELDOF_NORM(krb5_last_req_entry, kerberos_time, value, 1), +}; +DEFSEQTYPE(last_req_ent, krb5_last_req_entry, lr_fields, 0); + +DEFPTRTYPE(last_req_ent_ptr, last_req_ent); +DEFNONEMPTYNULLTERMSEQOFTYPE(last_req, last_req_ent_ptr); +DEFPTRTYPE(last_req_ptr, last_req); + +static const struct field_info ticket_fields[] = { + FIELD_INT_IMM(KVNO, 0), + FIELDOF_NORM(krb5_ticket, realm_of_principal, server, 1), + FIELDOF_NORM(krb5_ticket, principal, server, 2), + FIELDOF_NORM(krb5_ticket, encrypted_data, enc_part, 3), +}; +DEFSEQTYPE(untagged_ticket, krb5_ticket, ticket_fields, 0); +DEFAPPTAGGEDTYPE(ticket, 1, untagged_ticket); + +static const struct field_info pa_data_fields[] = { + FIELDOF_NORM(krb5_pa_data, int32, pa_type, 1), + FIELDOF_STRING(krb5_pa_data, octetstring, contents, length, 2), +}; +DEFSEQTYPE(pa_data, krb5_pa_data, pa_data_fields, 0); +DEFPTRTYPE(pa_data_ptr, pa_data); + +DEFNULLTERMSEQOFTYPE(seq_of_pa_data, pa_data_ptr); +DEFPTRTYPE(ptr_seqof_pa_data, seq_of_pa_data); + +DEFPTRTYPE(ticket_ptr, ticket); +DEFNONEMPTYNULLTERMSEQOFTYPE(seq_of_ticket,ticket_ptr); +DEFPTRTYPE(ptr_seqof_ticket, seq_of_ticket); + +/* EncKDCRepPart ::= SEQUENCE */ +static const struct field_info enc_kdc_rep_part_fields[] = { /* key[0] EncryptionKey */ - asn1_addfield(val->session,0,asn1_encode_encryption_key); - - /* EncKDCRepPart ::= SEQUENCE */ - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_sequence_of_checksum(asn1buf *buf, const krb5_checksum ** val, unsigned int *retlen) -{ - asn1_setup(); - int i; - - if (val == NULL) return ASN1_MISSING_FIELD; - - for (i=0; val[i] != NULL; i++); - for (i--; i>=0; i--) { - retval = asn1_encode_checksum(buf,val[i],&length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_kdc_req_body(asn1buf *buf, const krb5_kdc_req *rep, unsigned int *retlen) + FIELDOF_NORM(krb5_enc_kdc_rep_part, ptr_encryption_key, session, 0), + /* last-req[1] LastReq */ + FIELDOF_NORM(krb5_enc_kdc_rep_part, last_req_ptr, last_req, 1), + /* nonce[2] INTEGER */ + FIELDOF_NORM(krb5_enc_kdc_rep_part, int32, nonce, 2), + /* key-expiration[3] KerberosTime OPTIONAL */ + FIELDOF_OPT(krb5_enc_kdc_rep_part, kerberos_time, key_exp, 3, 3), + /* flags[4] TicketFlags */ + FIELDOF_NORM(krb5_enc_kdc_rep_part, krb5_flags, flags, 4), + /* authtime[5] KerberosTime */ + FIELDOF_NORM(krb5_enc_kdc_rep_part, kerberos_time, times.authtime, 5), + /* starttime[6] KerberosTime OPTIONAL */ + FIELDOF_OPT(krb5_enc_kdc_rep_part, kerberos_time, times.starttime, 6, 6), + /* endtime[7] KerberosTime */ + FIELDOF_NORM(krb5_enc_kdc_rep_part, kerberos_time, times.endtime, 7), + /* renew-till[8] KerberosTime OPTIONAL */ + FIELDOF_OPT(krb5_enc_kdc_rep_part, kerberos_time, times.renew_till, 8, 8), + /* srealm[9] Realm */ + FIELDOF_NORM(krb5_enc_kdc_rep_part, realm_of_principal, server, 9), + /* sname[10] PrincipalName */ + FIELDOF_NORM(krb5_enc_kdc_rep_part, principal, server, 10), + /* caddr[11] HostAddresses OPTIONAL */ + FIELDOF_OPT(krb5_enc_kdc_rep_part, ptr_seqof_host_addresses, caddrs, + 11, 11), + /* encrypted-pa-data[12] SEQUENCE OF PA-DATA OPTIONAL */ + FIELDOF_OPT(krb5_enc_kdc_rep_part, ptr_seqof_pa_data, enc_padata, 12, 12), +}; +static unsigned int optional_enc_kdc_rep_part(const void *p) { - asn1_setup(); - - if (rep == NULL) return ASN1_MISSING_FIELD; - - /* additional-tickets[11] SEQUENCE OF Ticket OPTIONAL */ - if (rep->second_ticket != NULL && rep->second_ticket[0] != NULL) - asn1_addfield((const krb5_ticket**)rep->second_ticket, - 11,asn1_encode_sequence_of_ticket); - - /* enc-authorization-data[10] EncryptedData OPTIONAL, */ - /* -- Encrypted AuthorizationData encoding */ - if (rep->authorization_data.ciphertext.data != NULL) - asn1_addfield(&(rep->authorization_data),10,asn1_encode_encrypted_data); - - /* addresses[9] HostAddresses OPTIONAL, */ - if (rep->addresses != NULL && rep->addresses[0] != NULL) - asn1_addfield((const krb5_address**)rep->addresses,9,asn1_encode_host_addresses); + const krb5_enc_kdc_rep_part *val = p; + unsigned int optional = 0; - /* etype[8] SEQUENCE OF INTEGER, -- EncryptionType, */ - /* -- in preference order */ - asn1_addlenfield(rep->nktypes,rep->ktype,8,asn1_encode_sequence_of_enctype); - - /* nonce[7] INTEGER, */ - asn1_addfield(rep->nonce,7,asn1_encode_integer); - - /* rtime[6] KerberosTime OPTIONAL, */ - if (rep->rtime) - asn1_addfield(rep->rtime,6,asn1_encode_kerberos_time); - - /* till[5] KerberosTime, */ - asn1_addfield(rep->till,5,asn1_encode_kerberos_time); - - /* from[4] KerberosTime OPTIONAL, */ - if (rep->from) - asn1_addfield(rep->from,4,asn1_encode_kerberos_time); - - /* sname[3] PrincipalName OPTIONAL, */ - if (rep->server != NULL) - asn1_addfield(rep->server,3,asn1_encode_principal_name); - - /* realm[2] Realm, -- Server's realm */ - /* -- Also client's in AS-REQ */ - if (rep->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) { - if (rep->second_ticket != NULL && rep->second_ticket[0] != NULL) { - asn1_addfield(rep->second_ticket[0]->server,2,asn1_encode_realm) - } else return ASN1_MISSING_FIELD; - } else if (rep->server != NULL) { - asn1_addfield(rep->server,2,asn1_encode_realm); + if (val->key_exp) + optional |= (1u << 3); + if (val->times.starttime) + optional |= (1u << 6); + if (val->flags & TKT_FLG_RENEWABLE) + optional |= (1u << 8); + if (val->caddrs != NULL && val->caddrs[0] != NULL) + optional |= (1u << 11); + + return optional; +} +DEFSEQTYPE(enc_kdc_rep_part, krb5_enc_kdc_rep_part, enc_kdc_rep_part_fields, + optional_enc_kdc_rep_part); + +/* Yuck! Eventually push this *up* above the encoder API and make the + rest of the library put the realm name in one consistent place. At + the same time, might as well add the msg-type field and encode both + AS-REQ and TGS-REQ through the same descriptor. */ +struct kdc_req_hack { + krb5_kdc_req v; + krb5_data *server_realm; +}; +static const struct field_info kdc_req_hack_fields[] = { + FIELDOF_NORM(struct kdc_req_hack, krb5_flags, v.kdc_options, 0), + FIELDOF_OPT(struct kdc_req_hack, principal, v.client, 1, 1), + FIELDOF_NORM(struct kdc_req_hack, gstring_data_ptr, server_realm, 2), + FIELDOF_OPT(struct kdc_req_hack, principal, v.server, 3, 3), + FIELDOF_OPT(struct kdc_req_hack, kerberos_time, v.from, 4, 4), + FIELDOF_NORM(struct kdc_req_hack, kerberos_time, v.till, 5), + FIELDOF_OPT(struct kdc_req_hack, kerberos_time, v.rtime, 6, 6), + FIELDOF_NORM(struct kdc_req_hack, int32, v.nonce, 7), + FIELDOF_SEQOF_INT32(struct kdc_req_hack, int32_ptr, v.ktype, v.nktypes, 8), + FIELDOF_OPT(struct kdc_req_hack, ptr_seqof_host_addresses, v.addresses, 9, 9), + FIELDOF_OPT(struct kdc_req_hack, encrypted_data, v.authorization_data, 10, 10), + FIELDOF_OPT(struct kdc_req_hack, ptr_seqof_ticket, v.second_ticket, 11, 11), +}; +static unsigned int optional_kdc_req_hack(const void *p) +{ + const struct kdc_req_hack *val2 = p; + const krb5_kdc_req *val = &val2->v; + unsigned int optional = 0; + + if (val->second_ticket != NULL && val->second_ticket[0] != NULL) + optional |= (1u << 11); + if (val->authorization_data.ciphertext.data != NULL) + optional |= (1u << 10); + if (val->addresses != NULL && val->addresses[0] != NULL) + optional |= (1u << 9); + if (val->rtime) + optional |= (1u << 6); + if (val->from) + optional |= (1u << 4); + if (val->server != NULL) + optional |= (1u << 3); + if (val->client != NULL) + optional |= (1u << 1); + + return optional; +} +DEFSEQTYPE(kdc_req_body_hack, struct kdc_req_hack, kdc_req_hack_fields, + optional_kdc_req_hack); +static asn1_error_code +asn1_encode_kdc_req_hack(asn1buf *, const struct kdc_req_hack *, + unsigned int *); +MAKE_ENCFN(asn1_encode_kdc_req_hack, kdc_req_body_hack); +static asn1_error_code +asn1_encode_kdc_req_body(asn1buf *buf, const krb5_kdc_req *val, + unsigned int *retlen) +{ + struct kdc_req_hack val2; + val2.v = *val; + if (val->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) { + if (val->second_ticket != NULL && val->second_ticket[0] != NULL) { + val2.server_realm = &val->second_ticket[0]->server->realm; + } else return ASN1_MISSING_FIELD; + } else if (val->server != NULL) { + val2.server_realm = &val->server->realm; } else return ASN1_MISSING_FIELD; + return asn1_encode_kdc_req_hack(buf, &val2, retlen); +} +DEFFNXTYPE(kdc_req_body, krb5_kdc_req, asn1_encode_kdc_req_body); +/* end ugly hack */ + +static const struct field_info transited_fields[] = { + FIELDOF_NORM(krb5_transited, octet, tr_type, 0), + FIELDOF_NORM(krb5_transited, ostring_data, tr_contents, 1), +}; +DEFSEQTYPE(transited, krb5_transited, transited_fields, 0); + +static const struct field_info krb_safe_body_fields[] = { + FIELDOF_NORM(krb5_safe, ostring_data, user_data, 0), + FIELDOF_OPT(krb5_safe, kerberos_time, timestamp, 1, 1), + FIELDOF_OPT(krb5_safe, int32, usec, 2, 2), + FIELDOF_OPT(krb5_safe, uint, seq_number, 3, 3), + FIELDOF_NORM(krb5_safe, address_ptr, s_address, 4), + FIELDOF_OPT(krb5_safe, address_ptr, r_address, 5, 5), +}; +static unsigned int optional_krb_safe_body(const void *p) +{ + const krb5_safe *val = p; + unsigned int optional = 0; - /* cname[1] PrincipalName OPTIONAL, */ - /* -- Used only in AS-REQ */ - if (rep->client != NULL) - asn1_addfield(rep->client,1,asn1_encode_principal_name); - - /* kdc-options[0] KDCOptions, */ - asn1_addfield(rep->kdc_options,0,asn1_encode_kdc_options); - - /* KDC-REQ-BODY ::= SEQUENCE */ - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_encryption_key(asn1buf *buf, const krb5_keyblock *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; - - asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - asn1_addfield(val->enctype,0,asn1_encode_integer); - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_checksum(asn1buf *buf, const krb5_checksum *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; - - asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - asn1_addfield(val->checksum_type,0,asn1_encode_integer); - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_transited_encoding(asn1buf *buf, const krb5_transited *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL || - (val->tr_contents.length != 0 && val->tr_contents.data == NULL)) - return ASN1_MISSING_FIELD; - - asn1_addlenfield(val->tr_contents.length,val->tr_contents.data, - 1,asn1_encode_charstring); - asn1_addfield(val->tr_type,0,asn1_encode_integer); - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_last_req(asn1buf *buf, const krb5_last_req_entry **val, unsigned int *retlen) -{ - asn1_setup(); - int i; - - if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - - for (i=0; val[i] != NULL; i++); /* go to end of array */ - for (i--; i>=0; i--) { - retval = asn1_encode_last_req_entry(buf,val[i],&length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_last_req_entry(asn1buf *buf, const krb5_last_req_entry *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL) return ASN1_MISSING_FIELD; - - asn1_addfield(val->value,1,asn1_encode_kerberos_time); - asn1_addfield(val->lr_type,0,asn1_encode_integer); - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_sequence_of_pa_data(asn1buf *buf, const krb5_pa_data **val, unsigned int *retlen) -{ - asn1_setup(); - int i; - - if (val == NULL) return ASN1_MISSING_FIELD; - - for (i=0; val[i] != NULL; i++); - for (i--; i>=0; i--) { - retval = asn1_encode_pa_data(buf,val[i],&length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_pa_data(asn1buf *buf, const krb5_pa_data *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL || (val->length != 0 && val->contents == NULL)) - return ASN1_MISSING_FIELD; - - asn1_addlenfield(val->length,val->contents,2,asn1_encode_octetstring); - asn1_addfield(val->pa_type,1,asn1_encode_integer); - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_sequence_of_ticket(asn1buf *buf, const krb5_ticket **val, unsigned int *retlen) -{ - asn1_setup(); - int i; - - if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - - for (i=0; val[i] != NULL; i++); - for (i--; i>=0; i--) { - retval = asn1_encode_ticket(buf,val[i],&length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_ticket(asn1buf *buf, const krb5_ticket *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL) return ASN1_MISSING_FIELD; - - asn1_addfield(&(val->enc_part),3,asn1_encode_encrypted_data); - asn1_addfield(val->server,2,asn1_encode_principal_name); - asn1_addfield(val->server,1,asn1_encode_realm); - asn1_addfield(KVNO,0,asn1_encode_integer); - asn1_makeseq(); - asn1_apptag(1); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_sequence_of_enctype(asn1buf *buf, const int len, const krb5_enctype *val, unsigned int *retlen) -{ - asn1_setup(); - int i; - - if (val == NULL) return ASN1_MISSING_FIELD; - - for (i=len-1; i>=0; i--) { - retval = asn1_encode_integer(buf,val[i],&length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_kdc_req(int msg_type, asn1buf *buf, const krb5_kdc_req *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL) return ASN1_MISSING_FIELD; - - asn1_addfield(val,4,asn1_encode_kdc_req_body); - if (val->padata != NULL && val->padata[0] != NULL) - asn1_addfield((const krb5_pa_data**)val->padata,3,asn1_encode_sequence_of_pa_data); - if (msg_type != KRB5_AS_REQ && msg_type != KRB5_TGS_REQ) - return KRB5_BADMSGTYPE; - asn1_addfield(msg_type,2,asn1_encode_integer); - asn1_addfield(KVNO,1,asn1_encode_integer); - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_krb_safe_body(asn1buf *buf, const krb5_safe *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL) return ASN1_MISSING_FIELD; - - if (val->r_address != NULL) - asn1_addfield(val->r_address,5,asn1_encode_host_address); - asn1_addfield(val->s_address,4,asn1_encode_host_address); - if (val->seq_number) - asn1_addfield(val->seq_number,3,asn1_encode_unsigned_integer); if (val->timestamp) { - asn1_addfield(val->usec,2,asn1_encode_integer); - asn1_addfield(val->timestamp,1,asn1_encode_kerberos_time); - } - if (val->user_data.length && val->user_data.data == NULL) - return ASN1_MISSING_FIELD; - asn1_addlenfield(val->user_data.length,val->user_data.data,0,asn1_encode_charstring) - ; - - asn1_makeseq(); - asn1_cleanup(); -} - -asn1_error_code asn1_encode_sequence_of_krb_cred_info(asn1buf *buf, const krb5_cred_info **val, unsigned int *retlen) -{ - asn1_setup(); - int i; - - if (val == NULL) return ASN1_MISSING_FIELD; - - for (i=0; val[i] != NULL; i++); - for (i--; i>=0; i--) { - retval = asn1_encode_krb_cred_info(buf,val[i],&length); - if (retval) return retval; - sum += length; + optional |= (1u << 1); + optional |= (1u << 2); } - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_krb_cred_info(asn1buf *buf, const krb5_cred_info *val, unsigned int *retlen) -{ - asn1_setup(); - - if (val == NULL) return ASN1_MISSING_FIELD; + if (val->seq_number) + optional |= (1u << 3); + if (val->r_address != NULL) + optional |= (1u << 5); + + return optional; +} +DEFSEQTYPE(krb_safe_body, krb5_safe, krb_safe_body_fields, + optional_krb_safe_body); + +static const struct field_info krb_cred_info_fields[] = { + FIELDOF_NORM(krb5_cred_info, ptr_encryption_key, session, 0), + FIELDOF_OPT(krb5_cred_info, realm_of_principal, client, 1, 1), + FIELDOF_OPT(krb5_cred_info, principal, client, 2, 2), + FIELDOF_OPT(krb5_cred_info, krb5_flags, flags, 3, 3), + FIELDOF_OPT(krb5_cred_info, kerberos_time, times.authtime, 4, 4), + FIELDOF_OPT(krb5_cred_info, kerberos_time, times.starttime, 5, 5), + FIELDOF_OPT(krb5_cred_info, kerberos_time, times.endtime, 6, 6), + FIELDOF_OPT(krb5_cred_info, kerberos_time, times.renew_till, 7, 7), + FIELDOF_OPT(krb5_cred_info, realm_of_principal, server, 8, 8), + FIELDOF_OPT(krb5_cred_info, principal, server, 9, 9), + FIELDOF_OPT(krb5_cred_info, ptr_seqof_host_addresses, caddrs, 10, 10), +}; +static unsigned int optional_krb_cred_info(const void *p) +{ + const krb5_cred_info *val = p; + unsigned int optional = 0; if (val->caddrs != NULL && val->caddrs[0] != NULL) - asn1_addfield((const krb5_address**)val->caddrs,10,asn1_encode_host_addresses); + optional |= (1u << 10); if (val->server != NULL) { - asn1_addfield(val->server,9,asn1_encode_principal_name); - asn1_addfield(val->server,8,asn1_encode_realm); + optional |= (1u << 9); + optional |= (1u << 8); } if (val->times.renew_till) - asn1_addfield(val->times.renew_till,7,asn1_encode_kerberos_time); + optional |= (1u << 7); if (val->times.endtime) - asn1_addfield(val->times.endtime,6,asn1_encode_kerberos_time); + optional |= (1u << 6); if (val->times.starttime) - asn1_addfield(val->times.starttime,5,asn1_encode_kerberos_time); + optional |= (1u << 5); if (val->times.authtime) - asn1_addfield(val->times.authtime,4,asn1_encode_kerberos_time); + optional |= (1u << 4); if (val->flags) - asn1_addfield(val->flags,3,asn1_encode_ticket_flags); + optional |= (1u << 3); if (val->client != NULL) { - asn1_addfield(val->client,2,asn1_encode_principal_name); - asn1_addfield(val->client,1,asn1_encode_realm); - } - asn1_addfield(val->session,0,asn1_encode_encryption_key); - - asn1_makeseq(); - - asn1_cleanup(); -} - -asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info_entry *val, - unsigned int *retlen, int etype_info2) -{ - asn1_setup(); - - assert(val->s2kparams.data == NULL || etype_info2); - if (val == NULL || (val->length > 0 && val->length != KRB5_ETYPE_NO_SALT && - val->salt == NULL)) - return ASN1_MISSING_FIELD; - if (val->s2kparams.data != NULL) - asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2, - asn1_encode_octetstring); - if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) { - if (etype_info2) { - asn1_addlenfield(val->length,val->salt,1, - asn1_encode_generalstring); - } else { - asn1_addlenfield(val->length,val->salt,1, - asn1_encode_octetstring); - } + optional |= (1u << 2); + optional |= (1u << 1); } - asn1_addfield(val->etype,0,asn1_encode_integer); - asn1_makeseq(); - asn1_cleanup(); + return optional; } +DEFSEQTYPE(cred_info, krb5_cred_info, krb_cred_info_fields, + optional_krb_cred_info); +DEFPTRTYPE(cred_info_ptr, cred_info); +DEFNULLTERMSEQOFTYPE(seq_of_cred_info, cred_info_ptr); -asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry **val, - unsigned int *retlen, int etype_info2) -{ - asn1_setup(); - int i; +DEFPTRTYPE(ptrseqof_cred_info, seq_of_cred_info); - if (val == NULL) return ASN1_MISSING_FIELD; - for (i=0; val[i] != NULL; i++); /* get to the end of the array */ - for (i--; i>=0; i--) { - retval = asn1_encode_etype_info_entry(buf,val[i],&length, etype_info2); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - asn1_cleanup(); -} -asn1_error_code asn1_encode_sequence_of_passwdsequence(asn1buf *buf, const passwd_phrase_element **val, unsigned int *retlen) +static unsigned int +optional_etype_info_entry(const void *vptr) { - asn1_setup(); - int i; + const krb5_etype_info_entry *val = vptr; + unsigned int optional = 0; - if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; + if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) + optional |= (1u << 1); - for (i=0; val[i] != NULL; i++); /* get to the end of the array */ - for (i--; i>=0; i--) { - retval = asn1_encode_passwdsequence(buf,val[i],&length); - if (retval) return retval; - sum += length; - } - asn1_makeseq(); - asn1_cleanup(); + return optional; } +static const struct field_info etype_info_entry_fields[] = { + FIELDOF_NORM(krb5_etype_info_entry, int32, etype, 0), + FIELDOF_OPTSTRING(krb5_etype_info_entry, octetstring, salt, length, 1, 1), +}; +DEFSEQTYPE(etype_info_entry, krb5_etype_info_entry, etype_info_entry_fields, + optional_etype_info_entry); -asn1_error_code asn1_encode_passwdsequence(asn1buf *buf, const passwd_phrase_element *val, unsigned int *retlen) +static unsigned int +optional_etype_info2_entry(const void *vptr) { - asn1_setup(); - asn1_addlenfield(val->phrase->length,val->phrase->data,1,asn1_encode_charstring); - asn1_addlenfield(val->passwd->length,val->passwd->data,0,asn1_encode_charstring); - asn1_makeseq(); - asn1_cleanup(); -} + const krb5_etype_info_entry *val = vptr; + unsigned int optional = 0; -asn1_error_code asn1_encode_sam_flags(asn1buf *buf, const krb5_flags val, unsigned int *retlen) -{ - return asn1_encode_krb5_flags(buf,val,retlen); + if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) + optional |= (1u << 1); + if (val->s2kparams.data) + optional |= (1u << 2); + + return optional; } -#define add_optstring(val,n,fn) \ - if ((val).length > 0) {asn1_addlenfield((val).length,(val).data,n,fn);} +static const struct field_info etype_info2_entry_fields[] = { + FIELDOF_NORM(krb5_etype_info_entry, int32, etype, 0), + FIELDOF_OPTSTRING(krb5_etype_info_entry, u_generalstring, salt, length, + 1, 1), + FIELDOF_OPT(krb5_etype_info_entry, ostring_data, s2kparams, 2, 2), +}; +DEFSEQTYPE(etype_info2_entry, krb5_etype_info_entry, etype_info2_entry_fields, + optional_etype_info2_entry); + +DEFPTRTYPE(etype_info_entry_ptr, etype_info_entry); +DEFNULLTERMSEQOFTYPE(etype_info, etype_info_entry_ptr); + +DEFPTRTYPE(etype_info2_entry_ptr, etype_info2_entry); +DEFNULLTERMSEQOFTYPE(etype_info2, etype_info2_entry_ptr); + +static const struct field_info passwdsequence_fields[] = { + FIELDOF_NORM(passwd_phrase_element, ostring_data_ptr, passwd, 0), + FIELDOF_NORM(passwd_phrase_element, ostring_data_ptr, phrase, 1), +}; +DEFSEQTYPE(passwdsequence, passwd_phrase_element, passwdsequence_fields, 0); + +DEFPTRTYPE(passwdsequence_ptr, passwdsequence); +DEFNONEMPTYNULLTERMSEQOFTYPE(seqof_passwdsequence, passwdsequence_ptr); +DEFPTRTYPE(ptr_seqof_passwdsequence, seqof_passwdsequence); + -asn1_error_code asn1_encode_sam_challenge(asn1buf *buf, const krb5_sam_challenge *val, unsigned int *retlen) +static const struct field_info sam_challenge_fields[] = { + FIELDOF_NORM(krb5_sam_challenge, int32, sam_type, 0), + FIELDOF_NORM(krb5_sam_challenge, krb5_flags, sam_flags, 1), + FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_type_name, 2, 2), + FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_track_id,3, 3), + FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_challenge_label,4, 4), + FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_challenge,5, 5), + FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_response_prompt,6, 6), + FIELDOF_OPT(krb5_sam_challenge, ostring_data, sam_pk_for_sad,7, 7), + FIELDOF_OPT(krb5_sam_challenge, int32, sam_nonce, 8, 8), + FIELDOF_OPT(krb5_sam_challenge, checksum, sam_cksum, 9, 9), +}; +static unsigned int optional_sam_challenge(const void *p) { - asn1_setup(); - /* possibly wrong */ + const krb5_sam_challenge *val = p; + unsigned int optional = 0; + if (val->sam_cksum.length) - asn1_addfield(&(val->sam_cksum),9,asn1_encode_checksum); + optional |= (1u << 9); if (val->sam_nonce) - asn1_addfield(val->sam_nonce,8,asn1_encode_integer); + optional |= (1u << 8); - add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); - add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); - add_optstring(val->sam_challenge,5,asn1_encode_charstring); - add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); - add_optstring(val->sam_track_id,3,asn1_encode_charstring); - add_optstring(val->sam_type_name,2,asn1_encode_charstring); + if (val->sam_pk_for_sad.length > 0) optional |= (1u << 7); + if (val->sam_response_prompt.length > 0) optional |= (1u << 6); + if (val->sam_challenge.length > 0) optional |= (1u << 5); + if (val->sam_challenge_label.length > 0) optional |= (1u << 4); + if (val->sam_track_id.length > 0) optional |= (1u << 3); + if (val->sam_type_name.length > 0) optional |= (1u << 2); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(val->sam_type,0,asn1_encode_integer); - - asn1_makeseq(); - asn1_cleanup(); + return optional; } +DEFSEQTYPE(sam_challenge,krb5_sam_challenge,sam_challenge_fields, + optional_sam_challenge); -asn1_error_code asn1_encode_sam_challenge_2(asn1buf *buf, const krb5_sam_challenge_2 *val, unsigned int *retlen) +#if 0 /* encoders not used! */ +MAKE_ENCFN(asn1_encode_sequence_of_checksum, seq_of_checksum); +static asn1_error_code +asn1_encode_sam_challenge_2(asn1buf *buf, const krb5_sam_challenge_2 *val, + unsigned int *retlen) { asn1_setup(); if ( (!val) || (!val->sam_cksum) || (!val->sam_cksum[0])) return ASN1_MISSING_FIELD; - asn1_addfield((const krb5_checksum **) val->sam_cksum, 1, asn1_encode_sequence_of_checksum); - retval = asn1buf_insert_octetstring(buf, val->sam_challenge_2_body.length, - (unsigned char *)val->sam_challenge_2_body.data); - if (retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += val->sam_challenge_2_body.length; - retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, - val->sam_challenge_2_body.length, &length); - if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1_addfield(val->sam_cksum, 1, asn1_encode_sequence_of_checksum); + + { + unsigned int length; + + retval = asn1buf_insert_octetstring(buf, val->sam_challenge_2_body.length, + (unsigned char *)val->sam_challenge_2_body.data); + if (retval) { + return retval; + } + sum += val->sam_challenge_2_body.length; + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, + val->sam_challenge_2_body.length, &length); + if (retval) { + return retval; + } + sum += length; } - sum += length; asn1_makeseq(); asn1_cleanup(); } +DEFFNXTYPE(sam_challenge_2, krb5_sam_challenge_2, asn1_encode_sam_challenge_2); + +static const struct field_info sam_challenge_2_body_fields[] = { + FIELDOF_NORM(krb5_sam_challenge_2_body, int32, sam_type, 0), + FIELDOF_NORM(krb5_sam_challenge_2_body, krb5_flags, sam_flags, 1), + FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_type_name, 2, 2), + FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_track_id,3, 3), + FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_challenge_label,4, 4), + FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_challenge,5, 5), + FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_response_prompt,6, 6), + FIELDOF_OPT(krb5_sam_challenge_2_body, ostring_data, sam_pk_for_sad,7, 7), + FIELDOF_NORM(krb5_sam_challenge_2_body, int32, sam_nonce, 8), + FIELDOF_NORM(krb5_sam_challenge_2_body, int32, sam_etype, 9), +}; +static unsigned int optional_sam_challenge_2_body(const void *p) +{ + const krb5_sam_challenge_2_body *val = p; + unsigned int optional = 0; + + if (val->sam_pk_for_sad.length > 0) optional |= (1u << 7); + if (val->sam_response_prompt.length > 0) optional |= (1u << 6); + if (val->sam_challenge.length > 0) optional |= (1u << 5); + if (val->sam_challenge_label.length > 0) optional |= (1u << 4); + if (val->sam_track_id.length > 0) optional |= (1u << 3); + if (val->sam_type_name.length > 0) optional |= (1u << 2); + + return optional; +} +DEFSEQTYPE(sam_challenge_2_body,krb5_sam_challenge_2_body,sam_challenge_2_body_fields, + optional_sam_challenge_2_body); +#endif + +static const struct field_info sam_key_fields[] = { + FIELDOF_NORM(krb5_sam_key, encryption_key, sam_key, 0), +}; +DEFSEQTYPE(sam_key, krb5_sam_key, sam_key_fields, 0); -asn1_error_code asn1_encode_sam_challenge_2_body(asn1buf *buf, const krb5_sam_challenge_2_body *val, unsigned int *retlen) +static const struct field_info enc_sam_response_enc_fields[] = { + FIELDOF_NORM(krb5_enc_sam_response_enc, int32, sam_nonce, 0), + FIELDOF_NORM(krb5_enc_sam_response_enc, kerberos_time, sam_timestamp, 1), + FIELDOF_NORM(krb5_enc_sam_response_enc, int32, sam_usec, 2), + FIELDOF_OPT(krb5_enc_sam_response_enc, ostring_data, sam_sad, 3, 3), +}; +static unsigned int optional_enc_sam_response_enc(const void *p) { - asn1_setup(); + const krb5_enc_sam_response_enc *val = p; + unsigned int optional = 0; + + if (val->sam_sad.length > 0) optional |= (1u << 3); - asn1_addfield(val->sam_etype, 9, asn1_encode_integer); - asn1_addfield(val->sam_nonce,8,asn1_encode_integer); - add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); - add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); - add_optstring(val->sam_challenge,5,asn1_encode_charstring); - add_optstring(val->sam_challenge_label,4,asn1_encode_charstring); - add_optstring(val->sam_track_id,3,asn1_encode_charstring); - add_optstring(val->sam_type_name,2,asn1_encode_charstring); + return optional; +} +DEFSEQTYPE(enc_sam_response_enc, krb5_enc_sam_response_enc, + enc_sam_response_enc_fields, optional_enc_sam_response_enc); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(val->sam_type,0,asn1_encode_integer); +static const struct field_info enc_sam_response_enc_2_fields[] = { + FIELDOF_NORM(krb5_enc_sam_response_enc_2, int32, sam_nonce, 0), + FIELDOF_OPT(krb5_enc_sam_response_enc_2, ostring_data, sam_sad, 1, 1), +}; +static unsigned int optional_enc_sam_response_enc_2(const void *p) +{ + const krb5_enc_sam_response_enc_2 *val = p; + unsigned int optional = 0; - asn1_makeseq(); - asn1_cleanup(); + if (val->sam_sad.length > 0) optional |= (1u << 1); + + return optional; } +DEFSEQTYPE(enc_sam_response_enc_2, krb5_enc_sam_response_enc_2, + enc_sam_response_enc_2_fields, optional_enc_sam_response_enc_2); -asn1_error_code asn1_encode_sam_key(asn1buf *buf, const krb5_sam_key *val, unsigned int *retlen) +static const struct field_info sam_response_fields[] = { + FIELDOF_NORM(krb5_sam_response, int32, sam_type, 0), + FIELDOF_NORM(krb5_sam_response, krb5_flags, sam_flags, 1), + FIELDOF_OPT(krb5_sam_response, ostring_data, sam_track_id, 2, 2), + FIELDOF_OPT(krb5_sam_response, encrypted_data, sam_enc_key, 3, 3), + FIELDOF_NORM(krb5_sam_response, encrypted_data, sam_enc_nonce_or_ts, 4), + FIELDOF_OPT(krb5_sam_response, int32, sam_nonce, 5, 5), + FIELDOF_OPT(krb5_sam_response, kerberos_time, sam_patimestamp, 6, 6), +}; +static unsigned int optional_sam_response(const void *p) { - asn1_setup(); - asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); + const krb5_sam_response *val = p; + unsigned int optional = 0; - asn1_makeseq(); + if (val->sam_patimestamp) + optional |= (1u << 6); + if (val->sam_nonce) + optional |= (1u << 5); + if (val->sam_enc_key.ciphertext.length) + optional |= (1u << 3); + if (val->sam_track_id.length > 0) optional |= (1u << 2); + + return optional; +} +DEFSEQTYPE(sam_response, krb5_sam_response, sam_response_fields, + optional_sam_response); + +static const struct field_info sam_response_2_fields[] = { + FIELDOF_NORM(krb5_sam_response_2, int32, sam_type, 0), + FIELDOF_NORM(krb5_sam_response_2, krb5_flags, sam_flags, 1), + FIELDOF_OPT(krb5_sam_response_2, ostring_data, sam_track_id, 2, 2), + FIELDOF_NORM(krb5_sam_response_2, encrypted_data, sam_enc_nonce_or_sad, 3), + FIELDOF_NORM(krb5_sam_response_2, int32, sam_nonce, 4), +}; +static unsigned int optional_sam_response_2(const void *p) +{ + const krb5_sam_response_2 *val = p; + unsigned int optional = 0; + + if (val->sam_track_id.length > 0) optional |= (1u << 2); + + return optional; +} +DEFSEQTYPE(sam_response_2, krb5_sam_response_2, sam_response_2_fields, + optional_sam_response_2); + +static const struct field_info predicted_sam_response_fields[] = { + FIELDOF_NORM(krb5_predicted_sam_response, encryption_key, sam_key, 0), + FIELDOF_NORM(krb5_predicted_sam_response, krb5_flags, sam_flags, 1), + FIELDOF_NORM(krb5_predicted_sam_response, kerberos_time, stime, 2), + FIELDOF_NORM(krb5_predicted_sam_response, int32, susec, 3), + FIELDOF_NORM(krb5_predicted_sam_response, realm_of_principal, client, 4), + FIELDOF_NORM(krb5_predicted_sam_response, principal, client, 5), + FIELDOF_OPT(krb5_predicted_sam_response, ostring_data, msd, 6, 6), +}; +static unsigned int optional_predicted_sam_response(const void *p) +{ + const krb5_predicted_sam_response *val = p; + unsigned int optional = 0; + + if (val->msd.length > 0) optional |= (1u << 6); + + return optional; +} +DEFSEQTYPE(predicted_sam_response, krb5_predicted_sam_response, + predicted_sam_response_fields, + optional_predicted_sam_response); + +static const struct field_info krb5_authenticator_fields[] = { + /* Authenticator ::= [APPLICATION 2] SEQUENCE */ + /* authenticator-vno[0] INTEGER */ + FIELD_INT_IMM(KVNO, 0), + /* crealm[1] Realm */ + FIELDOF_NORM(krb5_authenticator, realm_of_principal, client, 1), + /* cname[2] PrincipalName */ + FIELDOF_NORM(krb5_authenticator, principal, client, 2), + /* cksum[3] Checksum OPTIONAL */ + FIELDOF_OPT(krb5_authenticator, checksum_ptr, checksum, 3, 3), + /* cusec[4] INTEGER */ + FIELDOF_NORM(krb5_authenticator, int32, cusec, 4), + /* ctime[5] KerberosTime */ + FIELDOF_NORM(krb5_authenticator, kerberos_time, ctime, 5), + /* subkey[6] EncryptionKey OPTIONAL */ + FIELDOF_OPT(krb5_authenticator, ptr_encryption_key, subkey, 6, 6), + /* seq-number[7] INTEGER OPTIONAL */ + FIELDOF_OPT(krb5_authenticator, uint, seq_number, 7, 7), + /* authorization-data[8] AuthorizationData OPTIONAL */ + FIELDOF_OPT(krb5_authenticator, auth_data_ptr, authorization_data, 8, 8), +}; +static unsigned int optional_krb5_authenticator(const void *p) +{ + const krb5_authenticator *val = p; + unsigned int optional = 0; + + if (val->authorization_data != NULL && val->authorization_data[0] != NULL) + optional |= (1u << 8); + + if (val->seq_number != 0) + optional |= (1u << 7); + + if (val->subkey != NULL) + optional |= (1u << 6); + + if (val->checksum != NULL) + optional |= (1u << 3); + + return optional; +} +DEFSEQTYPE(untagged_krb5_authenticator, krb5_authenticator, krb5_authenticator_fields, + optional_krb5_authenticator); +DEFAPPTAGGEDTYPE(krb5_authenticator, 2, untagged_krb5_authenticator); + +static const struct field_info enc_tkt_part_fields[] = { + /* EncTicketPart ::= [APPLICATION 3] SEQUENCE */ + /* flags[0] TicketFlags */ + FIELDOF_NORM(krb5_enc_tkt_part, krb5_flags, flags, 0), + /* key[1] EncryptionKey */ + FIELDOF_NORM(krb5_enc_tkt_part, ptr_encryption_key, session, 1), + /* crealm[2] Realm */ + FIELDOF_NORM(krb5_enc_tkt_part, realm_of_principal, client, 2), + /* cname[3] PrincipalName */ + FIELDOF_NORM(krb5_enc_tkt_part, principal, client, 3), + /* transited[4] TransitedEncoding */ + FIELDOF_NORM(krb5_enc_tkt_part, transited, transited, 4), + /* authtime[5] KerberosTime */ + FIELDOF_NORM(krb5_enc_tkt_part, kerberos_time, times.authtime, 5), + /* starttime[6] KerberosTime OPTIONAL */ + FIELDOF_OPT(krb5_enc_tkt_part, kerberos_time, times.starttime, 6, 6), + /* endtime[7] KerberosTime */ + FIELDOF_NORM(krb5_enc_tkt_part, kerberos_time, times.endtime, 7), + /* renew-till[8] KerberosTime OPTIONAL */ + FIELDOF_OPT(krb5_enc_tkt_part, kerberos_time, times.renew_till, 8, 8), + /* caddr[9] HostAddresses OPTIONAL */ + FIELDOF_OPT(krb5_enc_tkt_part, ptr_seqof_host_addresses, caddrs, 9, 9), + /* authorization-data[10] AuthorizationData OPTIONAL */ + FIELDOF_OPT(krb5_enc_tkt_part, auth_data_ptr, authorization_data, 10, 10), +}; +static unsigned int optional_enc_tkt_part(const void *p) +{ + const krb5_enc_tkt_part *val = p; + unsigned int optional = 0; + + if (val->authorization_data != NULL && val->authorization_data[0] != NULL) + optional |= (1u << 10); + if (val->caddrs != NULL && val->caddrs[0] != NULL) + optional |= (1u << 9); + if (val->times.renew_till) + optional |= (1u << 8); + if (val->times.starttime) + optional |= (1u << 6); - asn1_cleanup(); + return optional; } +DEFSEQTYPE(untagged_enc_tkt_part, krb5_enc_tkt_part, enc_tkt_part_fields, + optional_enc_tkt_part); +DEFAPPTAGGEDTYPE(enc_tkt_part, 3, untagged_enc_tkt_part); +DEFAPPTAGGEDTYPE(enc_tgs_rep_part, 26, enc_kdc_rep_part); -asn1_error_code asn1_encode_enc_sam_response_enc(asn1buf *buf, const krb5_enc_sam_response_enc *val, unsigned int *retlen) +static const struct field_info as_rep_fields[] = { + /* AS-REP ::= [APPLICATION 11] KDC-REP */ + /* But KDC-REP needs to know what type it's being encapsulated + in, so expand each version. */ + FIELD_INT_IMM(KVNO, 0), + FIELD_INT_IMM(KRB5_AS_REP, 1), + FIELDOF_OPT(krb5_kdc_rep, ptr_seqof_pa_data, padata, 2, 2), + FIELDOF_NORM(krb5_kdc_rep, realm_of_principal, client, 3), + FIELDOF_NORM(krb5_kdc_rep, principal, client, 4), + FIELDOF_NORM(krb5_kdc_rep, ticket_ptr, ticket, 5), + FIELDOF_NORM(krb5_kdc_rep, encrypted_data, enc_part, 6), +}; +static unsigned int optional_as_rep(const void *p) { - asn1_setup(); - add_optstring(val->sam_sad,3,asn1_encode_charstring); - asn1_addfield(val->sam_usec,2,asn1_encode_integer); - asn1_addfield(val->sam_timestamp,1,asn1_encode_kerberos_time); - asn1_addfield(val->sam_nonce,0,asn1_encode_integer); + const krb5_kdc_rep *val = p; + unsigned int optional = 0; - asn1_makeseq(); + if (val->padata != NULL && val->padata[0] != NULL) + optional |= (1u << 2); + + return optional; +} +DEFSEQTYPE(untagged_as_rep, krb5_kdc_rep, as_rep_fields, optional_as_rep); +DEFAPPTAGGEDTYPE(as_rep, 11, untagged_as_rep); + +static const struct field_info tgs_rep_fields[] = { + /* TGS-REP ::= [APPLICATION 13] KDC-REP */ + /* But KDC-REP needs to know what type it's being encapsulated + in, so expand each version. */ + FIELD_INT_IMM(KVNO, 0), + FIELD_INT_IMM(KRB5_TGS_REP, 1), + FIELDOF_OPT(krb5_kdc_rep, ptr_seqof_pa_data, padata, 2, 2), + FIELDOF_NORM(krb5_kdc_rep, realm_of_principal, client, 3), + FIELDOF_NORM(krb5_kdc_rep, principal, client, 4), + FIELDOF_NORM(krb5_kdc_rep, ticket_ptr, ticket, 5), + FIELDOF_NORM(krb5_kdc_rep, encrypted_data, enc_part, 6), +}; +static unsigned int optional_tgs_rep(const void *p) +{ + const krb5_kdc_rep *val = p; + unsigned int optional = 0; - asn1_cleanup(); + if (val->padata != NULL && val->padata[0] != NULL) + optional |= (1u << 2); + + return optional; +} +DEFSEQTYPE(untagged_tgs_rep, krb5_kdc_rep, tgs_rep_fields, optional_tgs_rep); +DEFAPPTAGGEDTYPE(tgs_rep, 13, untagged_tgs_rep); + +static const struct field_info ap_req_fields[] = { + /* AP-REQ ::= [APPLICATION 14] SEQUENCE */ + /* pvno[0] INTEGER */ + FIELD_INT_IMM(KVNO, 0), + /* msg-type[1] INTEGER */ + FIELD_INT_IMM(ASN1_KRB_AP_REQ, 1), + /* ap-options[2] APOptions */ + FIELDOF_NORM(krb5_ap_req, krb5_flags, ap_options, 2), + /* ticket[3] Ticket */ + FIELDOF_NORM(krb5_ap_req, ticket_ptr, ticket, 3), + /* authenticator[4] EncryptedData */ + FIELDOF_NORM(krb5_ap_req, encrypted_data, authenticator, 4), +}; +DEFSEQTYPE(untagged_ap_req, krb5_ap_req, ap_req_fields, 0); +DEFAPPTAGGEDTYPE(ap_req, 14, untagged_ap_req); + +static const struct field_info ap_rep_fields[] = { + /* AP-REP ::= [APPLICATION 15] SEQUENCE */ + /* pvno[0] INTEGER */ + FIELD_INT_IMM(KVNO, 0), + /* msg-type[1] INTEGER */ + FIELD_INT_IMM(ASN1_KRB_AP_REP, 1), + /* enc-part[2] EncryptedData */ + FIELDOF_NORM(krb5_ap_rep, encrypted_data, enc_part, 2), +}; +DEFSEQTYPE(untagged_ap_rep, krb5_ap_rep, ap_rep_fields, 0); +DEFAPPTAGGEDTYPE(ap_rep, 15, untagged_ap_rep); + +static const struct field_info ap_rep_enc_part_fields[] = { + /* EncAPRepPart ::= [APPLICATION 27] SEQUENCE */ + /* ctime[0] KerberosTime */ + FIELDOF_NORM(krb5_ap_rep_enc_part, kerberos_time, ctime, 0), + /* cusec[1] INTEGER */ + FIELDOF_NORM(krb5_ap_rep_enc_part, int32, cusec, 1), + /* subkey[2] EncryptionKey OPTIONAL */ + FIELDOF_OPT(krb5_ap_rep_enc_part, ptr_encryption_key, subkey, 2, 2), + /* seq-number[3] INTEGER OPTIONAL */ + FIELDOF_OPT(krb5_ap_rep_enc_part, uint, seq_number, 3, 3), +}; +static unsigned int optional_ap_rep_enc_part(const void *p) +{ + const krb5_ap_rep_enc_part *val = p; + unsigned int optional = 0; + + if (val->seq_number) + optional |= (1u << 3); + if (val->subkey != NULL) + optional |= (1u << 2); + + return optional; } +DEFSEQTYPE(untagged_ap_rep_enc_part, krb5_ap_rep_enc_part, + ap_rep_enc_part_fields, optional_ap_rep_enc_part); +DEFAPPTAGGEDTYPE(ap_rep_enc_part, 27, untagged_ap_rep_enc_part); -asn1_error_code asn1_encode_enc_sam_response_enc_2(asn1buf *buf, const krb5_enc_sam_response_enc_2 *val, unsigned int *retlen) +static const struct field_info as_req_fields[] = { + /* AS-REQ ::= [APPLICATION 10] KDC-REQ */ + FIELD_INT_IMM(KVNO, 1), + FIELD_INT_IMM(KRB5_AS_REQ, 2), + FIELDOF_OPT(krb5_kdc_req, ptr_seqof_pa_data, padata, 3, 3), + FIELDOF_ENCODEAS(krb5_kdc_req, kdc_req_body, 4), +}; +static unsigned int optional_as_req(const void *p) { - asn1_setup(); - add_optstring(val->sam_sad,1,asn1_encode_charstring); - asn1_addfield(val->sam_nonce,0,asn1_encode_integer); + const krb5_kdc_req *val = p; + unsigned int optional = 0; - asn1_makeseq(); + if (val->padata != NULL && val->padata[0] != NULL) + optional |= (1u << 3); - asn1_cleanup(); + return optional; } +DEFSEQTYPE(untagged_as_req, krb5_kdc_req, as_req_fields, optional_as_req); +DEFAPPTAGGEDTYPE(as_req, 10, untagged_as_req); -asn1_error_code asn1_encode_sam_response(asn1buf *buf, const krb5_sam_response *val, unsigned int *retlen) +static const struct field_info tgs_req_fields[] = { + /* TGS-REQ ::= [APPLICATION 12] KDC-REQ */ + FIELD_INT_IMM(KVNO, 1), + FIELD_INT_IMM(KRB5_TGS_REQ, 2), + FIELDOF_OPT(krb5_kdc_req, ptr_seqof_pa_data, padata, 3, 3), + FIELDOF_ENCODEAS(krb5_kdc_req, kdc_req_body, 4), +}; +static unsigned int optional_tgs_req(const void *p) { - asn1_setup(); + const krb5_kdc_req *val = p; + unsigned int optional = 0; - if (val->sam_patimestamp) - asn1_addfield(val->sam_patimestamp,6,asn1_encode_kerberos_time); - if (val->sam_nonce) - asn1_addfield(val->sam_nonce,5,asn1_encode_integer); - asn1_addfield(&(val->sam_enc_nonce_or_ts),4,asn1_encode_encrypted_data); - if (val->sam_enc_key.ciphertext.length) - asn1_addfield(&(val->sam_enc_key),3,asn1_encode_encrypted_data); - add_optstring(val->sam_track_id,2,asn1_encode_charstring); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(val->sam_type,0,asn1_encode_integer); + if (val->padata != NULL && val->padata[0] != NULL) + optional |= (1u << 3); + + return optional; +} +DEFSEQTYPE(untagged_tgs_req, krb5_kdc_req, tgs_req_fields, + optional_tgs_req); +DEFAPPTAGGEDTYPE(tgs_req, 12, untagged_tgs_req); + +static const struct field_info krb5_safe_fields[] = { + FIELD_INT_IMM(KVNO, 0), + FIELD_INT_IMM(ASN1_KRB_SAFE,1), + FIELD_SELF(krb_safe_body, 2), + FIELDOF_NORM(krb5_safe, checksum_ptr, checksum, 3), +}; +DEFSEQTYPE(untagged_krb5_safe, krb5_safe, krb5_safe_fields, 0); +DEFAPPTAGGEDTYPE(krb5_safe, 20, untagged_krb5_safe); + +DEFPTRTYPE(krb_saved_safe_body_ptr, opaque_data); +DEFFIELDTYPE(krb5_safe_checksum_only, krb5_safe, + FIELDOF_NORM(krb5_safe, checksum_ptr, checksum, -1)); +DEFPTRTYPE(krb5_safe_checksum_only_ptr, krb5_safe_checksum_only); +static const struct field_info krb5_safe_with_body_fields[] = { + FIELD_INT_IMM(KVNO, 0), + FIELD_INT_IMM(ASN1_KRB_SAFE,1), + FIELDOF_NORM(struct krb5_safe_with_body, krb_saved_safe_body_ptr, body, 2), + FIELDOF_NORM(struct krb5_safe_with_body, krb5_safe_checksum_only_ptr, safe, 3), +}; +DEFSEQTYPE(untagged_krb5_safe_with_body, struct krb5_safe_with_body, + krb5_safe_with_body_fields, 0); +DEFAPPTAGGEDTYPE(krb5_safe_with_body, 20, untagged_krb5_safe_with_body); + +static const struct field_info priv_fields[] = { + FIELD_INT_IMM(KVNO, 0), + FIELD_INT_IMM(ASN1_KRB_PRIV, 1), + FIELDOF_NORM(krb5_priv, encrypted_data, enc_part, 3), +}; +DEFSEQTYPE(untagged_priv, krb5_priv, priv_fields, 0); +DEFAPPTAGGEDTYPE(krb5_priv, 21, untagged_priv); + +static const struct field_info priv_enc_part_fields[] = { + FIELDOF_NORM(krb5_priv_enc_part, ostring_data, user_data, 0), + FIELDOF_OPT(krb5_priv_enc_part, kerberos_time, timestamp, 1, 1), + FIELDOF_OPT(krb5_priv_enc_part, int32, usec, 2, 2), + FIELDOF_OPT(krb5_priv_enc_part, uint, seq_number, 3, 3), + FIELDOF_NORM(krb5_priv_enc_part, address_ptr, s_address, 4), + FIELDOF_OPT(krb5_priv_enc_part, address_ptr, r_address, 5, 5), +}; +static unsigned int optional_priv_enc_part(const void *p) +{ + const krb5_priv_enc_part *val = p; + unsigned int optional = 0; - asn1_makeseq(); + if (val->timestamp) { + optional |= (1u << 2); + optional |= (1u << 1); + } + if (val->seq_number) + optional |= (1u << 3); + if (val->r_address) + optional |= (1u << 5); + + return optional; +} +DEFSEQTYPE(untagged_priv_enc_part, krb5_priv_enc_part, priv_enc_part_fields, + optional_priv_enc_part); +DEFAPPTAGGEDTYPE(priv_enc_part, 28, untagged_priv_enc_part); + +static const struct field_info cred_fields[] = { + /* KRB-CRED ::= [APPLICATION 22] SEQUENCE */ + /* pvno[0] INTEGER */ + FIELD_INT_IMM(KVNO, 0), + /* msg-type[1] INTEGER, -- KRB_CRED */ + FIELD_INT_IMM(ASN1_KRB_CRED, 1), + /* tickets[2] SEQUENCE OF Ticket */ + FIELDOF_NORM(krb5_cred, ptr_seqof_ticket, tickets, 2), + /* enc-part[3] EncryptedData */ + FIELDOF_NORM(krb5_cred, encrypted_data, enc_part, 3), +}; +DEFSEQTYPE(untagged_cred, krb5_cred, cred_fields, 0); +DEFAPPTAGGEDTYPE(krb5_cred, 22, untagged_cred); + +static const struct field_info enc_cred_part_fields[] = { + /* EncKrbCredPart ::= [APPLICATION 29] SEQUENCE */ + /* ticket-info[0] SEQUENCE OF KrbCredInfo */ + FIELDOF_NORM(krb5_cred_enc_part, ptrseqof_cred_info, ticket_info, 0), + /* nonce[1] INTEGER OPTIONAL */ + FIELDOF_OPT(krb5_cred_enc_part, int32, nonce, 1, 1), + /* timestamp[2] KerberosTime OPTIONAL */ + FIELDOF_OPT(krb5_cred_enc_part, kerberos_time, timestamp, 2, 2), + /* usec[3] INTEGER OPTIONAL */ + FIELDOF_OPT(krb5_cred_enc_part, int32, usec, 3, 3), + /* s-address[4] HostAddress OPTIONAL */ + FIELDOF_OPT(krb5_cred_enc_part, address_ptr, s_address, 4, 4), + /* r-address[5] HostAddress OPTIONAL */ + FIELDOF_OPT(krb5_cred_enc_part, address_ptr, r_address, 5, 5), +}; +static unsigned int optional_enc_cred_part(const void *p) +{ + const krb5_cred_enc_part *val = p; + unsigned int optional = 0; - asn1_cleanup(); -} + if (val->r_address != NULL) + optional |= (1u << 5); -asn1_error_code asn1_encode_sam_response_2(asn1buf *buf, const krb5_sam_response_2 *val, unsigned int *retlen) -{ - asn1_setup(); + if (val->s_address != NULL) + optional |= (1u << 4); - asn1_addfield(val->sam_nonce,4,asn1_encode_integer); - asn1_addfield(&(val->sam_enc_nonce_or_sad),3,asn1_encode_encrypted_data); - add_optstring(val->sam_track_id,2,asn1_encode_charstring); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(val->sam_type,0,asn1_encode_integer); + if (val->timestamp) { + optional |= (1u << 2); + optional |= (1u << 3); + } - asn1_makeseq(); + if (val->nonce) + optional |= (1u << 1); + + return optional; +} +DEFSEQTYPE(untagged_enc_cred_part, krb5_cred_enc_part, enc_cred_part_fields, + optional_enc_cred_part); +DEFAPPTAGGEDTYPE(enc_cred_part, 29, untagged_enc_cred_part); + +static const struct field_info error_fields[] = { + /* KRB-ERROR ::= [APPLICATION 30] SEQUENCE */ + /* pvno[0] INTEGER */ + FIELD_INT_IMM(KVNO, 0), + /* msg-type[1] INTEGER */ + FIELD_INT_IMM(ASN1_KRB_ERROR, 1), + /* ctime[2] KerberosTime OPTIONAL */ + FIELDOF_OPT(krb5_error, kerberos_time, ctime, 2, 2), + /* cusec[3] INTEGER OPTIONAL */ + FIELDOF_OPT(krb5_error, int32, cusec, 3, 3), + /* stime[4] KerberosTime */ + FIELDOF_NORM(krb5_error, kerberos_time, stime, 4), + /* susec[5] INTEGER */ + FIELDOF_NORM(krb5_error, int32, susec, 5), + /* error-code[6] INTEGER */ + FIELDOF_NORM(krb5_error, ui_4, error, 6), + /* crealm[7] Realm OPTIONAL */ + FIELDOF_OPT(krb5_error, realm_of_principal, client, 7, 7), + /* cname[8] PrincipalName OPTIONAL */ + FIELDOF_OPT(krb5_error, principal, client, 8, 8), + /* realm[9] Realm -- Correct realm */ + FIELDOF_NORM(krb5_error, realm_of_principal, server, 9), + /* sname[10] PrincipalName -- Correct name */ + FIELDOF_NORM(krb5_error, principal, server, 10), + /* e-text[11] GeneralString OPTIONAL */ + FIELDOF_OPT(krb5_error, gstring_data, text, 11, 11), + /* e-data[12] OCTET STRING OPTIONAL */ + FIELDOF_OPT(krb5_error, ostring_data, e_data, 12, 12), +}; +static unsigned int optional_error(const void *p) +{ + const krb5_error *val = p; + unsigned int optional = 0; + + if (val->ctime) + optional |= (1u << 2); + if (val->cusec) + optional |= (1u << 3); + if (val->client) { + optional |= (1u << 7); + optional |= (1u << 8); + } + if (val->text.data != NULL && val->text.length > 0) + optional |= (1u << 11); + if (val->e_data.data != NULL && val->e_data.length > 0) + optional |= (1u << 12); - asn1_cleanup(); + return optional; } +DEFSEQTYPE(untagged_krb5_error, krb5_error, error_fields, optional_error); +DEFAPPTAGGEDTYPE(krb5_error, 30, untagged_krb5_error); -asn1_error_code asn1_encode_predicted_sam_response(asn1buf *buf, const krb5_predicted_sam_response *val, unsigned int *retlen) +static const struct field_info alt_method_fields[] = { + FIELDOF_NORM(krb5_alt_method, int32, method, 0), + FIELDOF_OPTSTRING(krb5_alt_method, octetstring, data, length, 1, 1), +}; +static unsigned int +optional_alt_method(const void *p) { - asn1_setup(); + const krb5_alt_method *a = p; + unsigned int optional = 0; - add_optstring(val->msd,6,asn1_encode_charstring); - asn1_addfield(val->client,5,asn1_encode_principal_name); - asn1_addfield(val->client,4,asn1_encode_realm); - asn1_addfield(val->susec,3,asn1_encode_integer); - asn1_addfield(val->stime,2,asn1_encode_kerberos_time); - asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); - asn1_addfield(&(val->sam_key),0,asn1_encode_encryption_key); + if (a->data != NULL && a->length > 0) + optional |= (1u << 1); - asn1_makeseq(); + return optional; +} +DEFSEQTYPE(alt_method, krb5_alt_method, alt_method_fields, optional_alt_method); - asn1_cleanup(); +static const struct field_info pa_enc_ts_fields[] = { + FIELDOF_NORM(krb5_pa_enc_ts, kerberos_time, patimestamp, 0), + FIELDOF_OPT(krb5_pa_enc_ts, int32, pausec, 1, 1), +}; +static unsigned int +optional_pa_enc_ts(const void *p) +{ + const krb5_pa_enc_ts *val = p; + unsigned int optional = 0; + + if (val->pausec) + optional |= (1u << 1); + + return optional; } +DEFSEQTYPE(pa_enc_ts, krb5_pa_enc_ts, pa_enc_ts_fields, optional_pa_enc_ts); + +static const struct field_info pwd_data_fields[] = { + FIELDOF_NORM(krb5_pwd_data, int32, sequence_count, 0), + FIELDOF_NORM(krb5_pwd_data, ptr_seqof_passwdsequence, element, 1), +}; +DEFSEQTYPE(pwd_data, krb5_pwd_data, pwd_data_fields, 0); + +static const struct field_info setpw_req_fields[] = { + FIELDOF_NORM(struct krb5_setpw_req, ostring_data, password, 0), + FIELDOF_NORM(struct krb5_setpw_req, principal, target, 1), + FIELDOF_NORM(struct krb5_setpw_req, realm_of_principal, target, 2), +}; + +DEFSEQTYPE(setpw_req, struct krb5_setpw_req, setpw_req_fields, 0); + +/* [MS-SFU] Section 2.2.1. */ +static const struct field_info pa_for_user_fields[] = { + FIELDOF_NORM(krb5_pa_for_user, principal, user, 0), + FIELDOF_NORM(krb5_pa_for_user, realm_of_principal, user, 1), + FIELDOF_NORM(krb5_pa_for_user, checksum, cksum, 2), + FIELDOF_NORM(krb5_pa_for_user, gstring_data, auth_package, 3), +}; + +DEFSEQTYPE(pa_for_user, krb5_pa_for_user, pa_for_user_fields, 0); + +/* draft-ietf-krb-wg-kerberos-referrals Appendix A. */ +static const struct field_info pa_svr_referral_data_fields[] = { + FIELDOF_NORM(krb5_pa_svr_referral_data, realm_of_principal, principal, 0), + FIELDOF_OPT(krb5_pa_svr_referral_data, principal, principal, 1, 1), +}; + +DEFSEQTYPE(pa_svr_referral_data, krb5_pa_svr_referral_data, pa_svr_referral_data_fields, 0); + +/* draft-ietf-krb-wg-kerberos-referrals Section 8. */ +static const struct field_info pa_server_referral_data_fields[] = { + FIELDOF_OPT(krb5_pa_server_referral_data, gstring_data_ptr, referred_realm, 0, 0), + FIELDOF_OPT(krb5_pa_server_referral_data, principal, true_principal_name, 1, 1), + FIELDOF_OPT(krb5_pa_server_referral_data, principal, requested_principal_name, 2, 2), + FIELDOF_OPT(krb5_pa_server_referral_data, kerberos_time, referral_valid_until, 3, 3), + FIELDOF_NORM(krb5_pa_server_referral_data, checksum, rep_cksum, 4), +}; + +DEFSEQTYPE(pa_server_referral_data, krb5_pa_server_referral_data, pa_server_referral_data_fields, 0); + +#if 0 +/* draft-brezak-win2k-krb-authz Section 6. */ +static const struct field_info pa_pac_request_fields[] = { + FIELDOF_NORM(krb5_pa_pac_req, boolean, include_pac, 0), +}; + +DEFSEQTYPE(pa_pac_request, krb5_pa_pac_req, pa_pac_request_fields, 0); +#endif + +/* RFC 4537 */ +DEFFIELDTYPE(etype_list, krb5_etype_list, + FIELDOF_SEQOF_INT32(krb5_etype_list, int32_ptr, etypes, length, -1)); + +/* Exported complete encoders -- these produce a krb5_data with + the encoding in the correct byte order. */ + +MAKE_FULL_ENCODER(encode_krb5_authenticator, krb5_authenticator); +MAKE_FULL_ENCODER(encode_krb5_ticket, ticket); +MAKE_FULL_ENCODER(encode_krb5_encryption_key, encryption_key); +MAKE_FULL_ENCODER(encode_krb5_enc_tkt_part, enc_tkt_part); +/* XXX We currently (for backwards compatibility) encode both + EncASRepPart and EncTGSRepPart with application tag 26. */ +MAKE_FULL_ENCODER(encode_krb5_enc_kdc_rep_part, enc_tgs_rep_part); +MAKE_FULL_ENCODER(encode_krb5_as_rep, as_rep); +MAKE_FULL_ENCODER(encode_krb5_tgs_rep, tgs_rep); +MAKE_FULL_ENCODER(encode_krb5_ap_req, ap_req); +MAKE_FULL_ENCODER(encode_krb5_ap_rep, ap_rep); +MAKE_FULL_ENCODER(encode_krb5_ap_rep_enc_part, ap_rep_enc_part); +MAKE_FULL_ENCODER(encode_krb5_as_req, as_req); +MAKE_FULL_ENCODER(encode_krb5_tgs_req, tgs_req); +MAKE_FULL_ENCODER(encode_krb5_kdc_req_body, kdc_req_body); +MAKE_FULL_ENCODER(encode_krb5_safe, krb5_safe); /* - * Do some ugliness to insert a raw pre-encoded KRB-SAFE-BODY. + * encode_krb5_safe_with_body + * + * Like encode_krb5_safe(), except takes a saved KRB-SAFE-BODY + * encoding to avoid problems with re-encoding. */ -asn1_error_code asn1_encode_krb_saved_safe_body(asn1buf *buf, const krb5_data *body, unsigned int *retlen) -{ - asn1_error_code retval; +MAKE_FULL_ENCODER(encode_krb5_safe_with_body, krb5_safe_with_body); + +MAKE_FULL_ENCODER(encode_krb5_priv, krb5_priv); +MAKE_FULL_ENCODER(encode_krb5_enc_priv_part, priv_enc_part); +MAKE_FULL_ENCODER(encode_krb5_cred, krb5_cred); +MAKE_FULL_ENCODER(encode_krb5_enc_cred_part, enc_cred_part); +MAKE_FULL_ENCODER(encode_krb5_error, krb5_error); +MAKE_FULL_ENCODER(encode_krb5_authdata, auth_data); +MAKE_FULL_ENCODER(encode_krb5_authdata_elt, authdata_elt); +MAKE_FULL_ENCODER(encode_krb5_alt_method, alt_method); +MAKE_FULL_ENCODER(encode_krb5_etype_info, etype_info); +MAKE_FULL_ENCODER(encode_krb5_etype_info2, etype_info2); +MAKE_FULL_ENCODER(encode_krb5_enc_data, encrypted_data); +MAKE_FULL_ENCODER(encode_krb5_pa_enc_ts, pa_enc_ts); +/* Sandia Additions */ +MAKE_FULL_ENCODER(encode_krb5_pwd_sequence, passwdsequence); +MAKE_FULL_ENCODER(encode_krb5_pwd_data, pwd_data); +MAKE_FULL_ENCODER(encode_krb5_padata_sequence, seq_of_pa_data); +/* sam preauth additions */ +MAKE_FULL_ENCODER(encode_krb5_sam_challenge, sam_challenge); +#if 0 /* encoders not used! */ +MAKE_FULL_ENCODER(encode_krb5_sam_challenge_2, sam_challenge_2); +MAKE_FULL_ENCODER(encode_krb5_sam_challenge_2_body, + sam_challenge_2_body); +#endif +MAKE_FULL_ENCODER(encode_krb5_sam_key, sam_key); +MAKE_FULL_ENCODER(encode_krb5_enc_sam_response_enc, + enc_sam_response_enc); +MAKE_FULL_ENCODER(encode_krb5_enc_sam_response_enc_2, + enc_sam_response_enc_2); +MAKE_FULL_ENCODER(encode_krb5_sam_response, sam_response); +MAKE_FULL_ENCODER(encode_krb5_sam_response_2, sam_response_2); +MAKE_FULL_ENCODER(encode_krb5_predicted_sam_response, + predicted_sam_response); +MAKE_FULL_ENCODER(encode_krb5_setpw_req, setpw_req); +MAKE_FULL_ENCODER(encode_krb5_pa_for_user, pa_for_user); +MAKE_FULL_ENCODER(encode_krb5_pa_svr_referral_data, pa_svr_referral_data); +MAKE_FULL_ENCODER(encode_krb5_pa_server_referral_data, pa_server_referral_data); +MAKE_FULL_ENCODER(encode_krb5_etype_list, etype_list); + + + + + - retval = asn1buf_insert_octetstring(buf, body->length, - (krb5_octet *)body->data); - if (retval) { - asn1buf_destroy(&buf); - return retval; - } - *retlen = body->length; - return 0; -} #ifndef DISABLE_PKINIT /* * PKINIT */ +/* This code hasn't been converted to use the above framework yet, + because we currently have no test cases to validate the new + version. It *also* appears that some of the encodings may disagree + with the specifications, but that's a separate problem. */ + +/**** asn1 macros ****/ +#if 0 + How to write an asn1 encoder function using these macros: + + asn1_error_code asn1_encode_krb5_substructure(asn1buf *buf, + const krb5_type *val, + int *retlen) + { + asn1_setup(); + + asn1_addfield(val->last_field, n, asn1_type); + asn1_addfield(rep->next_to_last_field, n-1, asn1_type); + ... + + /* for OPTIONAL fields */ + if (rep->field_i == should_not_be_omitted) + asn1_addfield(rep->field_i, i, asn1_type); + + /* for string fields (these encoders take an additional argument, + the length of the string) */ + addlenfield(rep->field_length, rep->field, i-1, asn1_type); + + /* if you really have to do things yourself... */ + retval = asn1_encode_asn1_type(buf,rep->field,&length); + if (retval) return retval; + sum += length; + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, tag_number, length, + &length); + if (retval) return retval; + sum += length; + + ... + asn1_addfield(rep->second_field, 1, asn1_type); + asn1_addfield(rep->first_field, 0, asn1_type); + asn1_makeseq(); + + asn1_cleanup(); + } +#endif + +/* asn1_addlenfield -- add a field whose length must be separately specified */ +#define asn1_addlenfield(len,value,tag,encoder)\ +{ unsigned int length; \ + retval = encoder(buf,len,value,&length); \ + if (retval) {\ + asn1buf_destroy(&buf);\ + return retval; }\ + sum += length;\ + retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ + if (retval) {\ + asn1buf_destroy(&buf);\ + return retval; }\ + sum += length; } + +/* asn1_addfield_implicit -- add an implicitly tagged field, or component, to the encoding */ +#define asn1_addfield_implicit(value,tag,encoder)\ +{ unsigned int length;\ + retval = encoder(buf,value,&length);\ + if (retval) {\ + return retval; }\ + sum += length;\ + retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,length,&length); \ + if (retval) {\ + return retval; }\ + sum += length; } + +/* asn1_insert_implicit_octetstring -- add an octet string with implicit tagging */ +#define asn1_insert_implicit_octetstring(len,value,tag)\ +{ unsigned int length;\ + retval = asn1buf_insert_octetstring(buf,len,value);\ + if (retval) {\ + return retval; }\ + sum += len;\ + retval = asn1_make_tag(buf,CONTEXT_SPECIFIC,PRIMITIVE,tag,len,&length); \ + if (retval) {\ + return retval; }\ + sum += length; } + +/* asn1_insert_implicit_bitstring -- add a bitstring with implicit tagging */ +/* needs "length" declared in enclosing context */ +#define asn1_insert_implicit_bitstring(len,value,tag)\ +{ retval = asn1buf_insert_octetstring(buf,len,value); \ + if (retval) {\ + return retval; }\ + sum += len;\ + retval = asn1buf_insert_octet(buf, 0);\ + if (retval) {\ + return retval; }\ + sum++;\ + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,tag,len+1,&length); \ + if (retval) {\ + return retval; }\ + sum += length; } + +/* Callable encoders for the types defined above, until the PKINIT + encoders get converted. */ +MAKE_ENCFN(asn1_encode_realm, realm_of_principal_data); +MAKE_ENCFN(asn1_encode_principal_name, principal_data); +MAKE_ENCFN(asn1_encode_encryption_key, encryption_key); +MAKE_ENCFN(asn1_encode_checksum, checksum); + +static asn1_error_code +asn1_encode_kerberos_time(asn1buf *buf, const krb5_timestamp val, + unsigned int *retlen) +{ + return asn1_encode_kerberos_time_at(buf,&val,retlen); +} + +/* Now the real PKINIT encoder functions. */ asn1_error_code asn1_encode_pk_authenticator(asn1buf *buf, const krb5_pk_authenticator *val, unsigned int *retlen) { asn1_setup(); @@ -1053,15 +1409,18 @@ asn1_error_code asn1_encode_algorithm_identifier(asn1buf *buf, const krb5_algori sum += val->parameters.length; } - retval = asn1_encode_oid(buf, val->algorithm.length, - val->algorithm.data, - &length); + { + unsigned int length; + retval = asn1_encode_oid(buf, val->algorithm.length, + val->algorithm.data, + &length); - if (retval) { - asn1buf_destroy(&buf); - return retval; + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; } - sum += length; asn1_makeseq(); asn1_cleanup(); @@ -1071,9 +1430,14 @@ asn1_error_code asn1_encode_subject_pk_info(asn1buf *buf, const krb5_subject_pk_ { asn1_setup(); - asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,ASN1_BITSTRING); + { + unsigned int length; + asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,ASN1_BITSTRING); + } if (val->algorithm.parameters.length != 0) { + unsigned int length; + retval = asn1buf_insert_octetstring(buf, val->algorithm.parameters.length, val->algorithm.parameters.data); if (retval) { @@ -1081,27 +1445,28 @@ asn1_error_code asn1_encode_subject_pk_info(asn1buf *buf, const krb5_subject_pk_ return retval; } sum += val->algorithm.parameters.length; - } - retval = asn1_encode_oid(buf, val->algorithm.algorithm.length, - val->algorithm.algorithm.data, - &length); + retval = asn1_encode_oid(buf, val->algorithm.algorithm.length, + val->algorithm.algorithm.data, + &length); + + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; - if (retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += length; - retval = asn1_make_etag(buf, UNIVERSAL, ASN1_SEQUENCE, - val->algorithm.parameters.length + length, - &length); + retval = asn1_make_etag(buf, UNIVERSAL, ASN1_SEQUENCE, + val->algorithm.parameters.length + length, + &length); - if (retval) { - asn1buf_destroy(&buf); - return retval; + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; } - sum += length; asn1_makeseq(); asn1_cleanup(); @@ -1116,6 +1481,7 @@ asn1_error_code asn1_encode_sequence_of_algorithm_identifier(asn1buf *buf, const for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { + unsigned int length; retval = asn1_encode_algorithm_identifier(buf,val[i],&length); if (retval) return retval; sum += length; @@ -1183,6 +1549,7 @@ asn1_error_code asn1_encode_sequence_of_external_principal_identifier(asn1buf *b for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { + unsigned int length; retval = asn1_encode_external_principal_identifier(buf,val[i],&length); if (retval) return retval; sum += length; @@ -1238,6 +1605,7 @@ asn1_error_code asn1_encode_sequence_of_trusted_ca(asn1buf *buf, const krb5_trus for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { + unsigned int length; retval = asn1_encode_trusted_ca(buf,val[i],&length); if (retval) return retval; sum += length; @@ -1286,15 +1654,19 @@ asn1_error_code asn1_encode_kdc_dh_key_info(asn1buf *buf, const krb5_kdc_dh_key_ asn1_addfield(val->dhKeyExpiration, 2, asn1_encode_kerberos_time); asn1_addfield(val->nonce, 1, asn1_encode_integer); - asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,3); - retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, - val->subjectPublicKey.length + 1 + length, - &length); - if (retval) { - asn1buf_destroy(&buf); - return retval; + { + unsigned int length; + + asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,3); + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, + val->subjectPublicKey.length + 1 + length, + &length); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += length; } - sum += length; asn1_makeseq(); asn1_cleanup(); @@ -1363,10 +1735,14 @@ asn1_error_code asn1_encode_pa_pk_as_rep_draft9(asn1buf *buf, const krb5_pa_pk_a asn1_error_code asn1_encode_td_trusted_certifiers(asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen) { asn1_setup(); - retval = asn1_encode_sequence_of_external_principal_identifier(buf, val, &length); - if (retval) { - asn1buf_destroy(&buf); - return retval; + { + unsigned int length; + retval = asn1_encode_sequence_of_external_principal_identifier(buf, val, &length); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + /* length set but ignored? sum not updated? */ } asn1_cleanup(); } @@ -1380,6 +1756,8 @@ asn1_error_code asn1_encode_sequence_of_typed_data(asn1buf *buf, const krb5_type for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { + unsigned int length; + retval = asn1_encode_typed_data(buf,val[i],&length); if (retval) return retval; sum += length; diff --git a/src/lib/krb5/asn.1/asn1_k_encode.h b/src/lib/krb5/asn.1/asn1_k_encode.h index 7ec2b06321..94b8f7b600 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.h +++ b/src/lib/krb5/asn.1/asn1_k_encode.h @@ -2,7 +2,7 @@ /* * src/lib/krb5/asn.1/asn1_k_encode.h * - * Copyright 1994 by the Massachusetts Institute of Technology. + * Copyright 1994, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -32,48 +32,6 @@ #include #include "asn1buf.h" -/* - Overview - - Encoding routines for various ASN.1 "substructures" as defined in - the krb5 protocol. - - Operations - - asn1_encode_krb5_flags - asn1_encode_ap_options - asn1_encode_ticket_flags - asn1_encode_kdc_options - asn1_encode_kerberos_time - - asn1_encode_realm - asn1_encode_principal_name - asn1_encode_encrypted_data - asn1_encode_authorization_data - asn1_encode_krb5_authdata_elt - asn1_encode_kdc_rep - asn1_encode_ticket - asn1_encode_encryption_key - asn1_encode_checksum - asn1_encode_host_address - asn1_encode_transited_encoding - asn1_encode_enc_kdc_rep_part - asn1_encode_kdc_req - asn1_encode_kdc_req_body - asn1_encode_krb_safe_body - asn1_encode_krb_cred_info - asn1_encode_last_req_entry - asn1_encode_pa_data - - asn1_encode_host_addresses - asn1_encode_last_req - asn1_encode_sequence_of_pa_data - asn1_encode_sequence_of_ticket - asn1_encode_sequence_of_enctype - asn1_encode_sequence_of_checksum - asn1_encode_sequence_of_krb_cred_info -*/ - /* **** for simple val's **** asn1_error_code asn1_encode_asn1_type(asn1buf *buf, @@ -107,169 +65,6 @@ asn1_error_code asn1_encode_asn1_type(asn1buf *buf, Returns ENOMEM if memory runs out. */ -asn1_error_code asn1_encode_ui_4 (asn1buf *buf, - const krb5_ui_4 val, - unsigned int *retlen); - -asn1_error_code asn1_encode_msgtype (asn1buf *buf, - const /*krb5_msgtype*/int val, - unsigned int *retlen); - -asn1_error_code asn1_encode_realm - (asn1buf *buf, const krb5_principal val, unsigned int *retlen); - -asn1_error_code asn1_encode_principal_name - (asn1buf *buf, const krb5_principal val, unsigned int *retlen); - -asn1_error_code asn1_encode_encrypted_data - (asn1buf *buf, const krb5_enc_data *val, unsigned int *retlen); - -asn1_error_code asn1_encode_krb5_flags - (asn1buf *buf, const krb5_flags val, unsigned int *retlen); - -asn1_error_code asn1_encode_ap_options - (asn1buf *buf, const krb5_flags val, unsigned int *retlen); - -asn1_error_code asn1_encode_ticket_flags - (asn1buf *buf, const krb5_flags val, unsigned int *retlen); - -asn1_error_code asn1_encode_kdc_options - (asn1buf *buf, const krb5_flags val, unsigned int *retlen); - -asn1_error_code asn1_encode_authorization_data - (asn1buf *buf, const krb5_authdata **val, unsigned int *retlen); - -asn1_error_code asn1_encode_krb5_authdata_elt - (asn1buf *buf, const krb5_authdata *val, unsigned int *retlen); - -asn1_error_code asn1_encode_kdc_rep - (int msg_type, asn1buf *buf, const krb5_kdc_rep *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_enc_kdc_rep_part - (asn1buf *buf, const krb5_enc_kdc_rep_part *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_ticket - (asn1buf *buf, const krb5_ticket *val, unsigned int *retlen); - -asn1_error_code asn1_encode_encryption_key - (asn1buf *buf, const krb5_keyblock *val, unsigned int *retlen); - -asn1_error_code asn1_encode_kerberos_time - (asn1buf *buf, const krb5_timestamp val, unsigned int *retlen); - -asn1_error_code asn1_encode_checksum - (asn1buf *buf, const krb5_checksum *val, unsigned int *retlen); - -asn1_error_code asn1_encode_host_address - (asn1buf *buf, const krb5_address *val, unsigned int *retlen); - -asn1_error_code asn1_encode_host_addresses - (asn1buf *buf, const krb5_address **val, unsigned int *retlen); - -asn1_error_code asn1_encode_transited_encoding - (asn1buf *buf, const krb5_transited *val, unsigned int *retlen); - -asn1_error_code asn1_encode_last_req - (asn1buf *buf, const krb5_last_req_entry **val, - unsigned int *retlen); - -asn1_error_code asn1_encode_sequence_of_pa_data - (asn1buf *buf, const krb5_pa_data **val, unsigned int *retlen); - -asn1_error_code asn1_encode_sequence_of_ticket - (asn1buf *buf, const krb5_ticket **val, unsigned int *retlen); - -asn1_error_code asn1_encode_sequence_of_enctype - (asn1buf *buf, - const int len, const krb5_enctype *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_sequence_of_checksum - (asn1buf *buf, const krb5_checksum **val, unsigned int *retlen); - -asn1_error_code asn1_encode_kdc_req - (int msg_type, - asn1buf *buf, - const krb5_kdc_req *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_kdc_req_body - (asn1buf *buf, const krb5_kdc_req *val, unsigned int *retlen); - -asn1_error_code asn1_encode_krb_safe_body - (asn1buf *buf, const krb5_safe *val, unsigned int *retlen); - -asn1_error_code asn1_encode_sequence_of_krb_cred_info - (asn1buf *buf, const krb5_cred_info **val, unsigned int *retlen); - -asn1_error_code asn1_encode_krb_cred_info - (asn1buf *buf, const krb5_cred_info *val, unsigned int *retlen); - -asn1_error_code asn1_encode_last_req_entry - (asn1buf *buf, const krb5_last_req_entry *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_pa_data - (asn1buf *buf, const krb5_pa_data *val, unsigned int *retlen); - -asn1_error_code asn1_encode_alt_method - (asn1buf *buf, const krb5_alt_method *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_etype_info_entry - (asn1buf *buf, const krb5_etype_info_entry *val, - unsigned int *retlen, int etype_info2); - -asn1_error_code asn1_encode_etype_info - (asn1buf *buf, const krb5_etype_info_entry **val, - unsigned int *retlen, int etype_info2); - -asn1_error_code asn1_encode_passwdsequence - (asn1buf *buf, const passwd_phrase_element *val, unsigned int *retlen); - -asn1_error_code asn1_encode_sequence_of_passwdsequence - (asn1buf *buf, const passwd_phrase_element **val, - unsigned int *retlen); - -asn1_error_code asn1_encode_sam_flags - (asn1buf * buf, const krb5_flags val, unsigned int *retlen); - -asn1_error_code asn1_encode_sam_challenge - (asn1buf *buf, const krb5_sam_challenge * val, unsigned int *retlen); - -asn1_error_code asn1_encode_sam_challenge_2 - (asn1buf *buf, const krb5_sam_challenge_2 * val, unsigned int *retlen); - -asn1_error_code asn1_encode_sam_challenge_2_body - (asn1buf *buf, const krb5_sam_challenge_2_body * val, - unsigned int *retlen); - -asn1_error_code asn1_encode_sam_key - (asn1buf *buf, const krb5_sam_key *val, unsigned int *retlen); - -asn1_error_code asn1_encode_enc_sam_response_enc - (asn1buf *buf, const krb5_enc_sam_response_enc *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_enc_sam_response_enc_2 - (asn1buf *buf, const krb5_enc_sam_response_enc_2 *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_sam_response - (asn1buf *buf, const krb5_sam_response *val, unsigned int *retlen); - -asn1_error_code asn1_encode_sam_response_2 - (asn1buf *buf, const krb5_sam_response_2 *val, unsigned int *retlen); - -asn1_error_code asn1_encode_predicted_sam_response - (asn1buf *buf, const krb5_predicted_sam_response *val, - unsigned int *retlen); - -asn1_error_code asn1_encode_krb_saved_safe_body - (asn1buf *buf, const krb5_data *body, unsigned int *retlen); - /* PKINIT */ asn1_error_code asn1_encode_pk_authenticator @@ -337,4 +132,5 @@ asn1_error_code asn1_encode_typed_data asn1_error_code asn1_encode_sequence_of_typed_data (asn1buf *buf, const krb5_typed_data **val, unsigned int *retlen); + #endif diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c index 49ef84fbb6..b8efabaca4 100644 --- a/src/lib/krb5/asn.1/asn1buf.c +++ b/src/lib/krb5/asn.1/asn1buf.c @@ -52,10 +52,17 @@ #define ASN1BUF_OMIT_INLINE_FUNCS #include "asn1buf.h" -#undef ASN1BUF_OMIT_INLINE_FUNCS #include #include "asn1_get.h" +#if !defined(__GNUC__) || defined(CONFIG_SMALL) +/* Declare private procedures as static if they're not used for inline + expansion of other stuff elsewhere. */ +static unsigned int asn1buf_free(const asn1buf *); +static asn1_error_code asn1buf_ensure_space(asn1buf *, unsigned int); +static asn1_error_code asn1buf_expand(asn1buf *, unsigned int); +#endif + #define asn1_is_eoc(class, num, indef) \ ((class) == UNIVERSAL && !(num) && !(indef)) @@ -117,7 +124,7 @@ asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const nestlevel = 1 + indef; if (!indef) { - if (length <= buf->bound - buf->next + 1) + if (length <= (size_t)(buf->bound - buf->next + 1)) buf->next += length; else return ASN1_OVERRUN; @@ -128,7 +135,7 @@ asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const retval = asn1_get_tag_2(buf, &t); if (retval) return retval; if (!t.indef) { - if (t.length <= buf->bound - buf->next + 1) + if (t.length <= (size_t)(buf->bound - buf->next + 1)) buf->next += t.length; else return ASN1_OVERRUN; @@ -165,29 +172,20 @@ asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o) return 0; } -asn1_error_code asn1buf_insert_octetstring(asn1buf *buf, const unsigned int len, const krb5_octet *s) +asn1_error_code +asn1buf_insert_bytestring(asn1buf *buf, const unsigned int len, const void *sv) { asn1_error_code retval; unsigned int length; + const char *s = sv; retval = asn1buf_ensure_space(buf,len); if (retval) return retval; for (length=1; length<=len; length++,(buf->next)++) - *(buf->next) = (char)(s[len-length]); + *(buf->next) = (s[len-length]); return 0; } -asn1_error_code asn1buf_insert_charstring(asn1buf *buf, const unsigned int len, const char *s) -{ - asn1_error_code retval; - unsigned int length; - - retval = asn1buf_ensure_space(buf,len); - if (retval) return retval; - for (length=1; length<=len; length++,(buf->next)++) - *(buf->next) = (char)(s[len-length]); - return 0; -} #undef asn1buf_remove_octet asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o) @@ -201,7 +199,7 @@ asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, { unsigned int i; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; + if (len > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; if (len == 0) { *s = 0; return 0; @@ -219,7 +217,7 @@ asn1_error_code asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, { unsigned int i; - if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; + if (len > (size_t)(buf->bound + 1 - buf->next)) return ASN1_OVERRUN; if (len == 0) { *s = 0; return 0; @@ -276,13 +274,11 @@ asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s) { free(*s); if (buf == NULL) { - *s = malloc(sizeof("")); + *s = strdup(""); if (*s == NULL) return ENOMEM; - strcpy(*s,""); } else if (buf->base == NULL) { - *s = malloc(sizeof("")); + *s = strdup(""); if (*s == NULL) return ENOMEM; - strcpy(*s,""); } else { unsigned int length = asn1buf_len(buf); unsigned int i; @@ -305,13 +301,11 @@ asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s) free(*s); if (buf == NULL) { - *s = malloc(sizeof("")); + *s = strdup(""); if (*s == NULL) return ENOMEM; - strcpy(*s,""); } else if (buf->base == NULL) { - *s = malloc(sizeof("")); + *s = strdup(""); if (*s == NULL) return ENOMEM; - strcpy(*s,""); } else { unsigned int length = asn1buf_len(buf); int i; @@ -331,8 +325,7 @@ asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s) /****************************************************************/ /* Private Procedures */ -#undef asn1buf_size -int asn1buf_size(const asn1buf *buf) +static int asn1buf_size(const asn1buf *buf) { if (buf == NULL || buf->base == NULL) return 0; return buf->bound - buf->base + 1; @@ -348,12 +341,10 @@ unsigned int asn1buf_free(const asn1buf *buf) #undef asn1buf_ensure_space asn1_error_code asn1buf_ensure_space(asn1buf *buf, const unsigned int amount) { - int avail = asn1buf_free(buf); - if (avail < amount) { - asn1_error_code retval = asn1buf_expand(buf, amount-avail); - if (retval) return retval; - } - return 0; + unsigned int avail = asn1buf_free(buf); + if (avail >= amount) + return 0; + return asn1buf_expand(buf, amount-avail); } asn1_error_code asn1buf_expand(asn1buf *buf, unsigned int inc) @@ -367,12 +358,9 @@ asn1_error_code asn1buf_expand(asn1buf *buf, unsigned int inc) if (inc < STANDARD_INCREMENT) inc = STANDARD_INCREMENT; - if (buf->base == NULL) - buf->base = malloc((asn1buf_size(buf)+inc) * sizeof(asn1_octet)); - else - buf->base = realloc(buf->base, - (asn1buf_size(buf)+inc) * sizeof(asn1_octet)); - if (buf->base == NULL) return ENOMEM; + buf->base = realloc(buf->base, + (asn1buf_size(buf)+inc) * sizeof(asn1_octet)); + if (buf->base == NULL) return ENOMEM; /* XXX leak */ buf->bound = (buf->base) + bound_offset + inc; buf->next = (buf->base) + next_offset; return 0; diff --git a/src/lib/krb5/asn.1/asn1buf.h b/src/lib/krb5/asn.1/asn1buf.h index c492076483..874d6db5cc 100644 --- a/src/lib/krb5/asn.1/asn1buf.h +++ b/src/lib/krb5/asn.1/asn1buf.h @@ -13,16 +13,7 @@ typedef struct code_buffer_rep { /**************** Private Procedures ****************/ -int asn1buf_size - (const asn1buf *buf); -/* requires *buf has been created and not destroyed - effects Returns the total size - (in octets) of buf's octet buffer. */ -#define asn1buf_size(buf) \ - (((buf) == NULL || (buf)->base == NULL) \ - ? 0 \ - : ((buf)->bound - (buf)->base + 1)) - +#if (__GNUC__ >= 2) && !defined(CONFIG_SMALL) unsigned int asn1buf_free (const asn1buf *buf); /* requires *buf is allocated @@ -40,13 +31,10 @@ asn1_error_code asn1buf_ensure_space effects If buf has less than amount octets of free space, then it is expanded to have at least amount octets of free space. Returns ENOMEM memory is exhausted. */ -#ifndef CONFIG_SMALL #define asn1buf_ensure_space(buf,amount) \ ((asn1buf_free(buf) < (amount)) \ ? (asn1buf_expand((buf), (amount)-asn1buf_free(buf))) \ : 0) -#endif - asn1_error_code asn1buf_expand (asn1buf *buf, unsigned int inc); @@ -54,6 +42,7 @@ asn1_error_code asn1buf_expand modifies *buf effects Expands *buf by allocating space for inc more octets. Returns ENOMEM if memory is exhausted. */ +#endif int asn1buf_len (const asn1buf *buf); @@ -162,21 +151,16 @@ extern __inline__ asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o } #endif -asn1_error_code asn1buf_insert_octetstring - (asn1buf *buf, const unsigned int len, const asn1_octet *s); +asn1_error_code asn1buf_insert_bytestring + (asn1buf *buf, const unsigned int len, const void *s); /* requires *buf is allocated modifies *buf - effects Inserts the contents of s (an octet array of length len) + effects Inserts the contents of s (an array of length len) into the buffer *buf, expanding the buffer if necessary. Returns ENOMEM if memory is exhausted. */ -asn1_error_code asn1buf_insert_charstring - (asn1buf *buf, const unsigned int len, const char *s); -/* requires *buf is allocated - modifies *buf - effects Inserts the contents of s (a character array of length len) - into the buffer *buf, expanding the buffer if necessary. - Returns ENOMEM if memory is exhausted. */ +#define asn1buf_insert_octetstring asn1buf_insert_bytestring +#define asn1buf_insert_charstring asn1buf_insert_bytestring asn1_error_code asn1buf_remove_octet (asn1buf *buf, asn1_octet *o); diff --git a/src/lib/krb5/asn.1/deps b/src/lib/krb5/asn.1/deps new file mode 100644 index 0000000000..5ff7a7f3f3 --- /dev/null +++ b/src/lib/krb5/asn.1/deps @@ -0,0 +1,125 @@ +# +# Generated makefile dependencies follow. +# +asn1_decode.so asn1_decode.po $(OUTPRE)asn1_decode.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_decode.c asn1_decode.h \ + asn1_get.h asn1buf.h krbasn1.h +asn1_k_decode.so asn1_k_decode.po $(OUTPRE)asn1_k_decode.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_decode.h asn1_get.h \ + asn1_k_decode.c asn1_k_decode.h asn1_misc.h asn1buf.h \ + krbasn1.h +asn1_encode.so asn1_encode.po $(OUTPRE)asn1_encode.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_encode.c asn1_encode.h \ + asn1_make.h asn1buf.h krbasn1.h +asn1_get.so asn1_get.po $(OUTPRE)asn1_get.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_get.c asn1_get.h \ + asn1buf.h krbasn1.h +asn1_make.so asn1_make.po $(OUTPRE)asn1_make.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_make.c asn1_make.h \ + asn1buf.h krbasn1.h +asn1buf.so asn1buf.po $(OUTPRE)asn1buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + asn1_get.h asn1buf.c asn1buf.h krbasn1.h +krb5_decode.so krb5_decode.po $(OUTPRE)krb5_decode.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_decode.h asn1_get.h \ + asn1_k_decode.h asn1buf.h krb5_decode.c krbasn1.h +krb5_encode.so krb5_encode.po $(OUTPRE)krb5_encode.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_encode.h asn1_k_encode.h \ + asn1_make.h asn1buf.h krb5_encode.c krbasn1.h +asn1_k_encode.so asn1_k_encode.po $(OUTPRE)asn1_k_encode.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_encode.h asn1_k_encode.c \ + asn1_k_encode.h asn1_make.h asn1buf.h krbasn1.h +ldap_key_seq.so ldap_key_seq.po $(OUTPRE)ldap_key_seq.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_decode.h asn1_encode.h \ + asn1_get.h asn1_k_encode.h asn1_make.h asn1buf.h krbasn1.h \ + ldap_key_seq.c +asn1_misc.so asn1_misc.po $(OUTPRE)asn1_misc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h asn1_misc.c asn1_misc.h \ + krbasn1.h diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index ca0eb9e373..c413a32f19 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -215,6 +215,7 @@ error_out: \ #define free_field(rep,f) free((rep)->f) #define clear_field(rep,f) (*(rep))->f = 0 +#ifndef LEAN_CLIENT krb5_error_code decode_krb5_authenticator(const krb5_data *code, krb5_authenticator **rep) { setup(); @@ -254,6 +255,7 @@ error_out: } return retval; } +#endif krb5_error_code KRB5_CALLCONV @@ -949,6 +951,53 @@ krb5_error_code decode_krb5_predicted_sam_response(const krb5_data *code, krb5_p cleanup(free); } +krb5_error_code decode_krb5_setpw_req(const krb5_data *code, + krb5_data **rep, + krb5_principal *principal) +{ + setup_buf_only(); + alloc_field(*rep, krb5_data); + *principal = NULL; + + retval = asn1_decode_setpw_req(&buf, *rep, principal); + if (retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code decode_krb5_pa_for_user(const krb5_data *code, krb5_pa_for_user **rep) +{ + setup_buf_only(); + alloc_field(*rep, krb5_pa_for_user); + + retval = asn1_decode_pa_for_user(&buf, *rep); + if (retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code decode_krb5_pa_pac_req(const krb5_data *code, krb5_pa_pac_req **rep) +{ + setup_buf_only(); + alloc_field(*rep, krb5_pa_pac_req); + + retval = asn1_decode_pa_pac_req(&buf, *rep); + if (retval) clean_return(retval); + + cleanup(free); +} + +krb5_error_code decode_krb5_etype_list(const krb5_data *code, krb5_etype_list **rep) +{ + setup_buf_only(); + alloc_field(*rep, krb5_etype_list); + + retval = asn1_decode_sequence_of_enctype(&buf, &(*rep)->length, &(*rep)->etypes); + if (retval) clean_return(retval); + + cleanup(free); +} + #ifndef DISABLE_PKINIT krb5_error_code decode_krb5_pa_pk_as_req(const krb5_data *code, krb5_pa_pk_as_req **rep) { diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c index 7efbbae9f3..a6fa305e62 100644 --- a/src/lib/krb5/asn.1/krb5_encode.c +++ b/src/lib/krb5/asn.1/krb5_encode.c @@ -34,47 +34,7 @@ /**************** Macros (these save a lot of typing) ****************/ -/**** krb5 macros ****/ -#if 0 - How to write a krb5 encoder function using these macros: - - asn1_error_code encode_krb5_structure(const krb5_type *rep, - krb5_data **code) - { - krb5_setup(); - - krb5_addfield(rep->last_field, n, asn1_type); - krb5_addfield(rep->next_to_last_field, n-1, asn1_type); - ... - - /* for OPTIONAL fields */ - if (rep->field_i == should_not_be_omitted) - krb5_addfield(rep->field_i, i, asn1_type); - - /* for string fields (these encoders take an additional argument, - the length of the string) */ - addlenfield(rep->field_length, rep->field, i-1, asn1_type); - - /* if you really have to do things yourself... */ - retval = asn1_encode_asn1_type(buf,rep->field,&length); - if (retval) return retval; - sum += length; - retval = asn1_make_etag(buf, - [UNIVERSAL/APPLICATION/CONTEXT_SPECIFIC/PRIVATE], - tag_number, length, &length); - if (retval) return retval; - sum += length; - - ... - krb5_addfield(rep->second_field, 1, asn1_type); - krb5_addfield(rep->first_field, 0, asn1_type); - krb5_makeseq(); - krb5_apptag(tag_number); - - krb5_cleanup(); - } -#endif - +#ifndef DISABLE_PKINIT /* setup() -- create and initialize bookkeeping variables retval: stores error codes returned from subroutines buf: the coding buffer @@ -82,56 +42,14 @@ sum: cumulative length of the entire encoding */ #define krb5_setup()\ asn1_error_code retval;\ + unsigned int length, sum = 0;\ asn1buf *buf=NULL;\ - unsigned int length, sum=0;\ \ if (rep == NULL) return ASN1_MISSING_FIELD;\ \ retval = asn1buf_create(&buf);\ if (retval) return retval -/* krb5_addfield -- add a field, or component, to the encoding */ -#define krb5_addfield(value,tag,encoder)\ -{ retval = encoder(buf,value,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length;\ - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length; } - -/* krb5_addlenfield -- add a field whose length must be separately specified */ -#define krb5_addlenfield(len,value,tag,encoder)\ -{ retval = encoder(buf,len,value,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length;\ - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,tag,length,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length; } - -/* form a sequence (by adding a sequence header to the current encoding) */ -#define krb5_makeseq()\ - retval = asn1_make_sequence(buf,sum,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length - -/* add an APPLICATION class tag to the current encoding */ -#define krb5_apptag(num)\ - retval = asn1_make_etag(buf,APPLICATION,num,sum,&length);\ - if (retval) {\ - asn1buf_destroy(&buf);\ - return retval; }\ - sum += length - /* produce the final output and clean up the workspace */ #define krb5_cleanup()\ retval = asn12krb5_buf(buf,code);\ @@ -144,769 +62,6 @@ \ return 0 -krb5_error_code encode_krb5_authenticator(const krb5_authenticator *rep, krb5_data **code) -{ - krb5_setup(); - - /* authorization-data[8] AuthorizationData OPTIONAL */ - if (rep->authorization_data != NULL && - rep->authorization_data[0] != NULL) { - retval = asn1_encode_authorization_data(buf, (const krb5_authdata **) - rep->authorization_data, - &length); - if (retval) { - asn1buf_destroy(&buf); - return retval; } - sum += length; - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,8,length,&length); - if (retval) { - asn1buf_destroy(&buf); - return retval; } - sum += length; - } - - /* seq-number[7] INTEGER OPTIONAL */ - if (rep->seq_number != 0) - krb5_addfield(rep->seq_number,7,asn1_encode_unsigned_integer); - - /* subkey[6] EncryptionKey OPTIONAL */ - if (rep->subkey != NULL) - krb5_addfield(rep->subkey,6,asn1_encode_encryption_key); - - /* ctime[5] KerberosTime */ - krb5_addfield(rep->ctime,5,asn1_encode_kerberos_time); - - /* cusec[4] INTEGER */ - krb5_addfield(rep->cusec,4,asn1_encode_integer); - - /* cksum[3] Checksum OPTIONAL */ - if (rep->checksum != NULL) - krb5_addfield(rep->checksum,3,asn1_encode_checksum); - - /* cname[2] PrincipalName */ - krb5_addfield(rep->client,2,asn1_encode_principal_name); - - /* crealm[1] Realm */ - krb5_addfield(rep->client,1,asn1_encode_realm); - - /* authenticator-vno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* Authenticator ::= [APPLICATION 2] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(2); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code) -{ - krb5_setup(); - - /* enc-part[3] EncryptedData */ - krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - - /* sname [2] PrincipalName */ - krb5_addfield(rep->server,2,asn1_encode_principal_name); - - /* realm [1] Realm */ - krb5_addfield(rep->server,1,asn1_encode_realm); - - /* tkt-vno [0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* Ticket ::= [APPLICATION 1] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(1); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_encryption_key(const krb5_keyblock *rep, krb5_data **code) -{ - krb5_setup(); - - /* keyvalue[1] OCTET STRING */ - krb5_addlenfield(rep->length,rep->contents,1,asn1_encode_octetstring); - - /* enctype[0] INTEGER */ - krb5_addfield(rep->enctype,0,asn1_encode_integer); - - /* EncryptionKey ::= SEQUENCE */ - krb5_makeseq(); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data **code) -{ - krb5_setup(); - - /* authorization-data[10] AuthorizationData OPTIONAL */ - if (rep->authorization_data != NULL && - rep->authorization_data[0] != NULL) - krb5_addfield((const krb5_authdata**)rep->authorization_data, - 10,asn1_encode_authorization_data); - - /* caddr[9] HostAddresses OPTIONAL */ - if (rep->caddrs != NULL && rep->caddrs[0] != NULL) - krb5_addfield((const krb5_address**)rep->caddrs,9,asn1_encode_host_addresses); - - /* renew-till[8] KerberosTime OPTIONAL */ - if (rep->times.renew_till) - krb5_addfield(rep->times.renew_till,8,asn1_encode_kerberos_time); - - /* endtime[7] KerberosTime */ - krb5_addfield(rep->times.endtime,7,asn1_encode_kerberos_time); - - /* starttime[6] KerberosTime OPTIONAL */ - if (rep->times.starttime) - krb5_addfield(rep->times.starttime,6,asn1_encode_kerberos_time); - - /* authtime[5] KerberosTime */ - krb5_addfield(rep->times.authtime,5,asn1_encode_kerberos_time); - - /* transited[4] TransitedEncoding */ - krb5_addfield(&(rep->transited),4,asn1_encode_transited_encoding); - - /* cname[3] PrincipalName */ - krb5_addfield(rep->client,3,asn1_encode_principal_name); - - /* crealm[2] Realm */ - krb5_addfield(rep->client,2,asn1_encode_realm); - - /* key[1] EncryptionKey */ - krb5_addfield(rep->session,1,asn1_encode_encryption_key); - - /* flags[0] TicketFlags */ - krb5_addfield(rep->flags,0,asn1_encode_ticket_flags); - - /* EncTicketPart ::= [APPLICATION 3] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(3); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_enc_kdc_rep_part(const krb5_enc_kdc_rep_part *rep, krb5_data **code) -{ - asn1_error_code retval; - asn1buf *buf=NULL; - unsigned int length, sum=0; - - if (rep == NULL) return ASN1_MISSING_FIELD; - - retval = asn1buf_create(&buf); - if (retval) return retval; - - retval = asn1_encode_enc_kdc_rep_part(buf,rep,&length); - if (retval) return retval; - sum += length; - -#ifdef KRB5_ENCKRB5KDCREPPART_COMPAT - krb5_apptag(26); -#else - /* XXX WRONG!!! Should use 25 || 26, not the outer KDC_REP tags! */ - if (rep->msg_type == KRB5_AS_REP) { krb5_apptag(ASN1_KRB_AS_REP); } - else if (rep->msg_type == KRB5_TGS_REP) { krb5_apptag(ASN1_KRB_TGS_REP); } - else return KRB5_BADMSGTYPE; -#endif - krb5_cleanup(); -} - -/* yes, the translation is identical to that used for KDC__REP */ -krb5_error_code encode_krb5_as_rep(const krb5_kdc_rep *rep, krb5_data **code) -{ - krb5_setup(); - - /* AS-REP ::= [APPLICATION 11] KDC-REP */ - retval = asn1_encode_kdc_rep(KRB5_AS_REP,buf,rep,&length); - if (retval) return retval; - sum += length; - - krb5_apptag(11); - - krb5_cleanup(); -} - -/* yes, the translation is identical to that used for KDC__REP */ -krb5_error_code encode_krb5_tgs_rep(const krb5_kdc_rep *rep, krb5_data **code) -{ - krb5_setup(); - - /* TGS-REP ::= [APPLICATION 13] KDC-REP */ - retval = asn1_encode_kdc_rep(KRB5_TGS_REP,buf,rep,&length); - if (retval) return retval; - sum += length; - - krb5_apptag(13); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_ap_req(const krb5_ap_req *rep, krb5_data **code) -{ - krb5_setup(); - - /* authenticator[4] EncryptedData */ - krb5_addfield(&(rep->authenticator),4,asn1_encode_encrypted_data); - - /* ticket[3] Ticket */ - krb5_addfield(rep->ticket,3,asn1_encode_ticket); - - /* ap-options[2] APOptions */ - krb5_addfield(rep->ap_options,2,asn1_encode_ap_options); - - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_AP_REQ,1,asn1_encode_integer); - - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* AP-REQ ::= [APPLICATION 14] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(14); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_ap_rep(const krb5_ap_rep *rep, krb5_data **code) -{ - krb5_setup(); - - /* enc-part[2] EncryptedData */ - krb5_addfield(&(rep->enc_part),2,asn1_encode_encrypted_data); - - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_AP_REP,1,asn1_encode_integer); - - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* AP-REP ::= [APPLICATION 15] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(15); - - krb5_cleanup(); -} - - -krb5_error_code encode_krb5_ap_rep_enc_part(const krb5_ap_rep_enc_part *rep, krb5_data **code) -{ - krb5_setup(); - - /* seq-number[3] INTEGER OPTIONAL */ - if (rep->seq_number) - krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); - - /* subkey[2] EncryptionKey OPTIONAL */ - if (rep->subkey != NULL) - krb5_addfield(rep->subkey,2,asn1_encode_encryption_key); - - /* cusec[1] INTEGER */ - krb5_addfield(rep->cusec,1,asn1_encode_integer); - - /* ctime[0] KerberosTime */ - krb5_addfield(rep->ctime,0,asn1_encode_kerberos_time); - - /* EncAPRepPart ::= [APPLICATION 27] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(27); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_as_req(const krb5_kdc_req *rep, krb5_data **code) -{ - krb5_setup(); - - /* AS-REQ ::= [APPLICATION 10] KDC-REQ */ - retval = asn1_encode_kdc_req(KRB5_AS_REQ,buf,rep,&length); - if (retval) return retval; - sum += length; - - krb5_apptag(10); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_tgs_req(const krb5_kdc_req *rep, krb5_data **code) -{ - krb5_setup(); - - /* TGS-REQ ::= [APPLICATION 12] KDC-REQ */ - retval = asn1_encode_kdc_req(KRB5_TGS_REQ,buf,rep,&length); - if (retval) return retval; - sum += length; - - krb5_apptag(12); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_kdc_req_body(const krb5_kdc_req *rep, krb5_data **code) -{ - krb5_setup(); - - retval = asn1_encode_kdc_req_body(buf,rep,&length); - if (retval) return retval; - sum += length; - - krb5_cleanup(); -} - - -krb5_error_code encode_krb5_safe(const krb5_safe *rep, krb5_data **code) -{ - krb5_setup(); - - /* cksum[3] Checksum */ - krb5_addfield(rep->checksum,3,asn1_encode_checksum); - - /* safe-body[2] KRB-SAFE-BODY */ - krb5_addfield(rep,2,asn1_encode_krb_safe_body); - - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer); - - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(20); - - krb5_cleanup(); -} - -/* - * encode_krb5_safe_with_body - * - * Like encode_krb5_safe(), except takes a saved KRB-SAFE-BODY - * encoding to avoid problems with re-encoding. - */ -krb5_error_code encode_krb5_safe_with_body( - const krb5_safe *rep, - const krb5_data *body, - krb5_data **code) -{ - krb5_setup(); - - if (body == NULL) { - asn1buf_destroy(&buf); - return ASN1_MISSING_FIELD; - } - - /* cksum[3] Checksum */ - krb5_addfield(rep->checksum,3,asn1_encode_checksum); - - /* safe-body[2] KRB-SAFE-BODY */ - krb5_addfield(body,2,asn1_encode_krb_saved_safe_body); - - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer); - - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(20); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_priv(const krb5_priv *rep, krb5_data **code) -{ - krb5_setup(); - - /* enc-part[3] EncryptedData */ - krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_PRIV,1,asn1_encode_integer); - - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* KRB-PRIV ::= [APPLICATION 21] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(21); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_data **code) -{ - krb5_setup(); - - /* r-address[5] HostAddress OPTIONAL -- recip's addr */ - if (rep->r_address) - krb5_addfield(rep->r_address,5,asn1_encode_host_address); - - /* s-address[4] HostAddress -- sender's addr */ - krb5_addfield(rep->s_address,4,asn1_encode_host_address); - - /* seq-number[3] INTEGER OPTIONAL */ - if (rep->seq_number) - krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); - - /* usec[2] INTEGER OPTIONAL */ - if (rep->timestamp) { - krb5_addfield(rep->usec,2,asn1_encode_integer); - /* timestamp[1] KerberosTime OPTIONAL */ - krb5_addfield(rep->timestamp,1,asn1_encode_kerberos_time); - } - - /* user-data[0] OCTET STRING */ - krb5_addlenfield(rep->user_data.length,rep->user_data.data,0,asn1_encode_charstring); - - /* EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(28); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_cred(const krb5_cred *rep, krb5_data **code) -{ - krb5_setup(); - - /* enc-part[3] EncryptedData */ - krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - - /* tickets[2] SEQUENCE OF Ticket */ - krb5_addfield((const krb5_ticket**)rep->tickets,2,asn1_encode_sequence_of_ticket); - - /* msg-type[1] INTEGER, -- KRB_CRED */ - krb5_addfield(ASN1_KRB_CRED,1,asn1_encode_integer); - - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* KRB-CRED ::= [APPLICATION 22] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(22); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_enc_cred_part(const krb5_cred_enc_part *rep, krb5_data **code) -{ - krb5_setup(); - - /* r-address[5] HostAddress OPTIONAL */ - if (rep->r_address != NULL) - krb5_addfield(rep->r_address,5,asn1_encode_host_address); - - /* s-address[4] HostAddress OPTIONAL */ - if (rep->s_address != NULL) - krb5_addfield(rep->s_address,4,asn1_encode_host_address); - - /* usec[3] INTEGER OPTIONAL */ - if (rep->timestamp) { - krb5_addfield(rep->usec,3,asn1_encode_integer); - /* timestamp[2] KerberosTime OPTIONAL */ - krb5_addfield(rep->timestamp,2,asn1_encode_kerberos_time); - } - - /* nonce[1] INTEGER OPTIONAL */ - if (rep->nonce) - krb5_addfield(rep->nonce,1,asn1_encode_integer); - - /* ticket-info[0] SEQUENCE OF KrbCredInfo */ - krb5_addfield((const krb5_cred_info**)rep->ticket_info, - 0,asn1_encode_sequence_of_krb_cred_info); - - /* EncKrbCredPart ::= [APPLICATION 29] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(29); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_error(const krb5_error *rep, krb5_data **code) -{ - krb5_setup(); - - /* e-data[12] OCTET STRING OPTIONAL */ - if (rep->e_data.data != NULL && rep->e_data.length > 0) - krb5_addlenfield(rep->e_data.length,rep->e_data.data,12,asn1_encode_charstring); - - /* e-text[11] GeneralString OPTIONAL */ - if (rep->text.data != NULL && rep->text.length > 0) - krb5_addlenfield(rep->text.length,rep->text.data,11,asn1_encode_generalstring); - - /* sname[10] PrincipalName -- Correct name */ - krb5_addfield(rep->server,10,asn1_encode_principal_name); - - /* realm[9] Realm -- Correct realm */ - krb5_addfield(rep->server,9,asn1_encode_realm); - - /* cname[8] PrincipalName OPTIONAL */ - if (rep->client != NULL) { - krb5_addfield(rep->client,8,asn1_encode_principal_name); - /* crealm[7] Realm OPTIONAL */ - krb5_addfield(rep->client,7,asn1_encode_realm); - } - - /* error-code[6] INTEGER */ - krb5_addfield(rep->error,6,asn1_encode_ui_4); - - /* susec[5] INTEGER */ - krb5_addfield(rep->susec,5,asn1_encode_integer); - - /* stime[4] KerberosTime */ - krb5_addfield(rep->stime,4,asn1_encode_kerberos_time); - - /* cusec[3] INTEGER OPTIONAL */ - if (rep->cusec) - krb5_addfield(rep->cusec,3,asn1_encode_integer); - - /* ctime[2] KerberosTime OPTIONAL */ - if (rep->ctime) - krb5_addfield(rep->ctime,2,asn1_encode_kerberos_time); - - /* msg-type[1] INTEGER */ - krb5_addfield(ASN1_KRB_ERROR,1,asn1_encode_integer); - - /* pvno[0] INTEGER */ - krb5_addfield(KVNO,0,asn1_encode_integer); - - /* KRB-ERROR ::= [APPLICATION 30] SEQUENCE */ - krb5_makeseq(); - krb5_apptag(30); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_authdata(const krb5_authdata **rep, krb5_data **code) -{ - asn1_error_code retval; - asn1buf *buf=NULL; - unsigned int length; - - if (rep == NULL) return ASN1_MISSING_FIELD; - - retval = asn1buf_create(&buf); - if (retval) return retval; - - retval = asn1_encode_authorization_data(buf,(const krb5_authdata**)rep, - &length); - if (retval) return retval; - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_authdata_elt(const krb5_authdata *rep, krb5_data **code) -{ - asn1_error_code retval; - asn1buf *buf=NULL; - unsigned int length; - - if (rep == NULL) return ASN1_MISSING_FIELD; - - retval = asn1buf_create(&buf); - if (retval) return retval; - - retval = asn1_encode_krb5_authdata_elt(buf,rep, &length); - if (retval) return retval; - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_alt_method(const krb5_alt_method *rep, krb5_data **code) -{ - krb5_setup(); - - /* method-data[1] OctetString OPTIONAL */ - if (rep->data != NULL && rep->length > 0) - krb5_addlenfield(rep->length,rep->data,1,asn1_encode_octetstring); - - /* method-type[0] Integer */ - krb5_addfield(rep->method,0,asn1_encode_integer); - - krb5_makeseq(); - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_etype_info(const krb5_etype_info_entry **rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_etype_info(buf,rep,&length, 0); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_etype_info2(const krb5_etype_info_entry **rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_etype_info(buf,rep,&length, 1); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - - -krb5_error_code encode_krb5_enc_data(const krb5_enc_data *rep, krb5_data **code) -{ - krb5_setup(); - - retval = asn1_encode_encrypted_data(buf,rep,&length); - if (retval) return retval; - sum += length; - - krb5_cleanup(); -} - -krb5_error_code encode_krb5_pa_enc_ts(const krb5_pa_enc_ts *rep, krb5_data **code) -{ - krb5_setup(); - - /* pausec[1] INTEGER OPTIONAL */ - if (rep->pausec) - krb5_addfield(rep->pausec,1,asn1_encode_integer); - - /* patimestamp[0] KerberosTime, -- client's time */ - krb5_addfield(rep->patimestamp,0,asn1_encode_kerberos_time); - - krb5_makeseq(); - - krb5_cleanup(); -} - -/* Sandia Additions */ -krb5_error_code encode_krb5_pwd_sequence(const passwd_phrase_element *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_passwdsequence(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_pwd_data(const krb5_pwd_data *rep, krb5_data **code) -{ - krb5_setup(); - krb5_addfield((const passwd_phrase_element**)rep->element,1,asn1_encode_sequence_of_passwdsequence); - krb5_addfield(rep->sequence_count,0,asn1_encode_integer); - krb5_makeseq(); - krb5_cleanup(); -} - -krb5_error_code encode_krb5_padata_sequence(const krb5_pa_data **rep, krb5_data **code) -{ - krb5_setup(); - - retval = asn1_encode_sequence_of_pa_data(buf,rep,&length); - if (retval) return retval; - sum += length; - - krb5_cleanup(); -} - -/* sam preauth additions */ -krb5_error_code encode_krb5_sam_challenge(const krb5_sam_challenge *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_sam_challenge(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_sam_challenge_2(const krb5_sam_challenge_2 *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_sam_challenge_2(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_sam_challenge_2_body(const krb5_sam_challenge_2_body *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_sam_challenge_2_body(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_sam_key(const krb5_sam_key *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_sam_key(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_enc_sam_response_enc(const krb5_enc_sam_response_enc *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_enc_sam_response_enc(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_enc_sam_response_enc_2(const krb5_enc_sam_response_enc_2 *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_enc_sam_response_enc_2(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_sam_response(const krb5_sam_response *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_sam_response(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_sam_response_2(const krb5_sam_response_2 *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_sam_response_2(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_predicted_sam_response(const krb5_predicted_sam_response *rep, krb5_data **code) -{ - krb5_setup(); - retval = asn1_encode_predicted_sam_response(buf,rep,&length); - if (retval) return retval; - sum += length; - krb5_cleanup(); -} - -krb5_error_code encode_krb5_setpw_req(const krb5_principal target, - char *password, krb5_data **code) -{ - /* Macros really want us to have a variable called rep which we do not need*/ - const char *rep = "dummy string"; - - krb5_setup(); - - krb5_addfield(target,2,asn1_encode_realm); - krb5_addfield(target,1,asn1_encode_principal_name); - krb5_addlenfield(strlen(password), password,0,asn1_encode_octetstring); - krb5_makeseq(); - - - krb5_cleanup(); -} - -#ifndef DISABLE_PKINIT krb5_error_code encode_krb5_pa_pk_as_req(const krb5_pa_pk_as_req *rep, krb5_data **code) { krb5_setup(); diff --git a/src/lib/krb5/asn.1/krbasn1.h b/src/lib/krb5/asn.1/krbasn1.h index cc41dfdcec..53feb6dd6b 100644 --- a/src/lib/krb5/asn.1/krbasn1.h +++ b/src/lib/krb5/asn.1/krbasn1.h @@ -9,16 +9,6 @@ #ifdef HAVE_STDLIB_H #include #endif -/* - * Older versions of the Kerberos are always sending the - * enc_kdc_rep_part structure with an application tag of #26, instead - * of using the application tag of #25 (AS REP) or #26 (AS REP) as - * necessary. Worse yet, they will only accept a tag of #26, so we - * need to follow this for backwards compatibility. #defining - * KRB5_ENCKRB5KDCREPPART_COMPAT will preserve this wrong (but - * compatible) behavior. - */ -#define KRB5_ENCKRB5KDCREPPART_COMPAT /* * If KRB5_MSGTYPE_STRICT is defined, then be strict about checking @@ -45,6 +35,9 @@ typedef enum { PRIMITIVE = 0x00, CONSTRUCTED = 0x20 } asn1_construction; typedef enum { UNIVERSAL = 0x00, APPLICATION = 0x40, CONTEXT_SPECIFIC = 0x80, PRIVATE = 0xC0 } asn1_class; +typedef INT64_TYPE asn1_intmax; +typedef UINT64_TYPE asn1_uintmax; + typedef int asn1_tagnum; #define ASN1_TAGNUM_CEILING INT_MAX #define ASN1_TAGNUM_MAX (ASN1_TAGNUM_CEILING-1) @@ -53,12 +46,13 @@ typedef int asn1_tagnum; #define KVNO 5 /* Universal Tag Numbers */ +#define ASN1_BOOLEAN 1 #define ASN1_INTEGER 2 #define ASN1_BITSTRING 3 #define ASN1_OCTETSTRING 4 #define ASN1_NULL 5 #define ASN1_OBJECTIDENTIFIER 6 -#define ASN1_ENUMERATED 10 +#define ASN1_ENUMERATED 10 #define ASN1_SEQUENCE 16 #define ASN1_SET 17 #define ASN1_PRINTABLESTRING 19 diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c index 7f0355d9fd..2807a51011 100644 --- a/src/lib/krb5/asn.1/ldap_key_seq.c +++ b/src/lib/krb5/asn.1/ldap_key_seq.c @@ -39,187 +39,86 @@ #include "asn1_decode.h" #include "asn1_make.h" #include "asn1_get.h" +#include "asn1_k_encode.h" #ifdef ENABLE_LDAP -#define asn1_encode_sequence_of_keys krb5int_ldap_encode_sequence_of_keys -#define asn1_decode_sequence_of_keys krb5int_ldap_decode_sequence_of_keys - -#define cleanup(err) \ - { \ - ret = err; \ - goto last; \ - } - -#define checkerr \ - if (ret != 0) \ - goto last - /************************************************************************/ /* Encode the Principal's keys */ /************************************************************************/ -static asn1_error_code -asn1_encode_key(asn1buf *buf, - krb5_key_data key_data, - unsigned int *retlen) -{ - asn1_error_code ret = 0; - unsigned int length, sum = 0; - - /* Encode the key type and value. */ - { - unsigned int key_len = 0; - /* key value */ - ret = asn1_encode_octetstring (buf, - key_data.key_data_length[0], - key_data.key_data_contents[0], - &length); checkerr; - key_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); checkerr; - key_len += length; - /* key type */ - ret = asn1_encode_integer (buf, key_data.key_data_type[0], &length); - checkerr; - key_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr; - key_len += length; +/* Imports from asn1_k_encode.c. + XXX Must be manually synchronized for now. */ +IMPORT_TYPE(octetstring, unsigned char *); +IMPORT_TYPE(int32, krb5_int32); - ret = asn1_make_sequence(buf, key_len, &length); checkerr; - key_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, key_len, &length); checkerr; - key_len += length; +DEFINTTYPE(int16, krb5_int16); +DEFINTTYPE(ui_2, krb5_ui_2); - sum += key_len; - } - /* Encode the salt type and value (optional) */ - if (key_data.key_data_ver > 1) { - unsigned int salt_len = 0; - /* salt value (optional) */ - if (key_data.key_data_length[1] > 0) { - ret = asn1_encode_octetstring (buf, - key_data.key_data_length[1], - key_data.key_data_contents[1], - &length); checkerr; - salt_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); - checkerr; - salt_len += length; - } - /* salt type */ - ret = asn1_encode_integer (buf, key_data.key_data_type[1], &length); - checkerr; - salt_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr; - salt_len += length; - - ret = asn1_make_sequence(buf, salt_len, &length); checkerr; - salt_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, salt_len, &length); checkerr; - salt_len += length; - - sum += salt_len; - } - - ret = asn1_make_sequence(buf, sum, &length); checkerr; - sum += length; - - *retlen = sum; - -last: - return ret; -} - -/* Major version and minor version are both '1' - first version */ -/* asn1_error_code asn1_encode_sequence_of_keys (krb5_key_data *key_data, */ -krb5_error_code -asn1_encode_sequence_of_keys (krb5_key_data *key_data, - krb5_int16 n_key_data, - krb5_int32 mkvno, /* Master key version number */ - krb5_data **code) +static const struct field_info krbsalt_fields[] = { + FIELDOF_NORM(krb5_key_data, int16, key_data_type[1], 0), + FIELDOF_OPTSTRINGL(krb5_key_data, octetstring, key_data_contents[1], + ui_2, key_data_length[1], 1, 1), +}; +static unsigned int optional_krbsalt (const void *p) { - asn1_error_code ret = 0; - asn1buf *buf = NULL; - unsigned int length, sum = 0; - unsigned long tmp_ul; - - *code = NULL; + const krb5_key_data *k = p; + unsigned int optional = 0; - if (n_key_data == 0) cleanup (ASN1_MISSING_FIELD); + if (k->key_data_length[1] > 0) + optional |= (1u << 1); - /* Allocate the buffer */ - ret = asn1buf_create(&buf); - checkerr; - - /* Sequence of keys */ - { - int i; - unsigned int seq_len = 0; - - for (i = n_key_data - 1; i >= 0; i--) { - ret = asn1_encode_key (buf, key_data[i], &length); checkerr; - seq_len += length; - } - ret = asn1_make_sequence(buf, seq_len, &length); checkerr; - seq_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 4, seq_len, &length); checkerr; - seq_len += length; - - sum += seq_len; - } - - /* mkvno */ - if (mkvno < 0) - cleanup (ASN1_BAD_FORMAT); - tmp_ul = (unsigned long)mkvno; - ret = asn1_encode_unsigned_integer (buf, tmp_ul, &length); checkerr; - sum += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 3, length, &length); checkerr; - sum += length; - - /* kvno (assuming all keys in array have same version) */ - if (key_data[0].key_data_kvno < 0) - cleanup (ASN1_BAD_FORMAT); - tmp_ul = (unsigned long)key_data[0].key_data_kvno; - ret = asn1_encode_unsigned_integer (buf, tmp_ul, &length); - checkerr; - sum += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 2, length, &length); checkerr; - sum += length; - - /* attribute-minor-vno == 1 */ - ret = asn1_encode_unsigned_integer (buf, 1, &length); checkerr; - sum += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); checkerr; - sum += length; - - /* attribute-major-vno == 1 */ - ret = asn1_encode_unsigned_integer (buf, 1, &length); checkerr; - sum += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr; - sum += length; - - ret = asn1_make_sequence(buf, sum, &length); checkerr; - sum += length; - - /* The reverse encoding is straightened out here */ - ret = asn12krb5_buf (buf, code); checkerr; - -last: - asn1buf_destroy (&buf); - - if (ret != 0 && *code != NULL) { - free ((*code)->data); - free (*code); - } - - return ret; + return optional; } +DEFSEQTYPE(krbsalt, krb5_key_data, krbsalt_fields, optional_krbsalt); +static const struct field_info encryptionkey_fields[] = { + FIELDOF_NORM(krb5_key_data, int16, key_data_type[0], 0), + FIELDOF_STRINGL(krb5_key_data, octetstring, key_data_contents[0], + ui_2, key_data_length[0], 1), +}; +DEFSEQTYPE(encryptionkey, krb5_key_data, encryptionkey_fields, 0); + +static const struct field_info key_data_fields[] = { + FIELDOF_ENCODEAS(krb5_key_data, krbsalt, 0), + FIELDOF_ENCODEAS(krb5_key_data, encryptionkey, 1), +#if 0 /* We don't support this field currently. */ + FIELDOF_blah(krb5_key_data, s2kparams, ...), +#endif +}; +DEFSEQTYPE(key_data, krb5_key_data, key_data_fields, 0); +DEFPTRTYPE(ptr_key_data, key_data); + +DEFFIELDTYPE(key_data_kvno, krb5_key_data, + FIELDOF_NORM(krb5_key_data, int16, key_data_kvno, -1)); +DEFPTRTYPE(ptr_key_data_kvno, key_data_kvno); + +static const struct field_info ldap_key_seq_fields[] = { + FIELD_INT_IMM(1, 0), + FIELD_INT_IMM(1, 1), + FIELDOF_NORM(ldap_seqof_key_data, ptr_key_data_kvno, key_data, 2), + FIELDOF_NORM(ldap_seqof_key_data, int32, mkvno, 3), /* mkvno */ + FIELDOF_SEQOF_LEN(ldap_seqof_key_data, ptr_key_data, key_data, n_key_data, + int16, 4), +}; +DEFSEQTYPE(ldap_key_seq, ldap_seqof_key_data, ldap_key_seq_fields, 0); + +/* Export a function to do the whole encoding. */ +MAKE_FULL_ENCODER(krb5int_ldap_encode_sequence_of_keys, ldap_key_seq); /************************************************************************/ /* Decode the Principal's keys */ /************************************************************************/ +#define cleanup(err) \ + { \ + ret = err; \ + goto last; \ + } + +#define checkerr \ + if (ret != 0) \ + goto last + #define safe_syncbuf(outer,inner,buflen) \ if (! ((inner)->next == (inner)->bound + 1 && \ (inner)->next == (outer)->next + buflen)) \ @@ -279,7 +178,8 @@ last: #endif static asn1_error_code -decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag, int *len, +decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag, + unsigned int *len, asn1_octet **val) { int buflen; @@ -328,8 +228,8 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) if (t.tagnum == 0) { int salt_buflen; asn1buf slt; - unsigned long keytype; - int keylen; + long keytype; + unsigned int keylen; key->key_data_ver = 2; asn1_get_sequence(&subbuf, &length, &seqindef); @@ -358,7 +258,7 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) int key_buflen; asn1buf kbuf; long lval; - int ival; + unsigned int ival; if (t.tagnum != 1) cleanup (ASN1_MISSING_FIELD); @@ -390,12 +290,14 @@ last: return ret; } -/* asn1_error_code asn1_decode_sequence_of_keys (krb5_data *in, */ -krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in, - krb5_key_data **out, - krb5_int16 *n_key_data, - int *mkvno) +krb5_error_code krb5int_ldap_decode_sequence_of_keys (krb5_data *in, + ldap_seqof_key_data **rep) { + ldap_seqof_key_data *repval; + krb5_key_data **out; + krb5_int16 *n_key_data; + int *mkvno; + asn1_error_code ret; asn1buf buf, subbuf; int seqindef; @@ -404,6 +306,12 @@ krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in, int kvno, maj, min; long lval; + repval = calloc(1,sizeof(ldap_seqof_key_data)); + *rep = repval; + out = &repval->key_data; + n_key_data = &repval->n_key_data; + mkvno = &repval->mkvno; + *n_key_data = 0; *out = NULL; diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in index d7fe0921fd..5dcf2adf66 100644 --- a/src/lib/krb5/ccache/Makefile.in +++ b/src/lib/krb5/ccache/Makefile.in @@ -113,125 +113,3 @@ clean-unix:: @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -ccbase.so ccbase.po $(OUTPRE)ccbase.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h cc-int.h ccbase.c \ - fcc.h -cccopy.so cccopy.po $(OUTPRE)cccopy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h cccopy.c -cccursor.so cccursor.po $(OUTPRE)cccursor.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cc-int.h cccursor.c -ccdefault.so ccdefault.po $(OUTPRE)ccdefault.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - ccdefault.c -ccdefops.so ccdefops.po $(OUTPRE)ccdefops.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - ccdefops.c fcc.h -cc_retr.so cc_retr.po $(OUTPRE)cc_retr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h cc-int.h cc_retr.c -cc_file.so cc_file.po $(OUTPRE)cc_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h cc_file.c -cc_memory.so cc_memory.po $(OUTPRE)cc_memory.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cc-int.h cc_memory.c -cc_keyring.so cc_keyring.po $(OUTPRE)cc_keyring.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cc-int.h cc_keyring.c -ccfns.so ccfns.po $(OUTPRE)ccfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ccfns.c -ser_cc.so ser_cc.po $(OUTPRE)ser_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ser_cc.c -t_cc.so t_cc.po $(OUTPRE)t_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h t_cc.c -t_cccursor.so t_cccursor.po $(OUTPRE)t_cccursor.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h t_cccursor.c diff --git a/src/lib/krb5/ccache/cc-int.h b/src/lib/krb5/ccache/cc-int.h index 4c0db959d7..84b100286a 100644 --- a/src/lib/krb5/ccache/cc-int.h +++ b/src/lib/krb5/ccache/cc-int.h @@ -64,6 +64,36 @@ krb5int_cc_typecursor_free( krb5_context context, krb5_cc_typecursor *cursor); +/* reentrant mutex used by krb5_cc_* functions */ +typedef struct _k5_cc_mutex { + k5_mutex_t lock; + krb5_context owner; + krb5_int32 refcount; +} k5_cc_mutex; + +#define K5_CC_MUTEX_PARTIAL_INITIALIZER \ + { K5_MUTEX_PARTIAL_INITIALIZER, NULL, 0 } + +krb5_error_code +k5_cc_mutex_init(k5_cc_mutex *m); + +krb5_error_code +k5_cc_mutex_finish_init(k5_cc_mutex *m); + +#define k5_cc_mutex_destroy(M) \ +k5_mutex_destroy(&(M)->lock); + +void +k5_cc_mutex_assert_locked(krb5_context context, k5_cc_mutex *m); + +void +k5_cc_mutex_assert_unlocked(krb5_context context, k5_cc_mutex *m); + +krb5_error_code +k5_cc_mutex_lock(krb5_context context, k5_cc_mutex *m); + +krb5_error_code +k5_cc_mutex_unlock(krb5_context context, k5_cc_mutex *m); extern k5_cc_mutex krb5int_mcc_mutex; extern k5_cc_mutex krb5int_krcc_mutex; diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 22c01b8b70..71476d7788 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -76,7 +76,7 @@ etc. fcc_nseq.c and fcc_read don't check return values a lot. */ #include "k5-int.h" - +#include "cc-int.h" #include #include @@ -1997,8 +1997,7 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) if (kret) return kret; - (void) strcpy(scratch, TKT_ROOT); - (void) strcat(scratch, "XXXXXX"); + (void) snprintf(scratch, sizeof(scratch), "%sXXXXXX", TKT_ROOT); ret = mkstemp(scratch); if (ret == -1) { k5_cc_mutex_unlock(context, &krb5int_cc_file_mutex); diff --git a/src/lib/krb5/ccache/cc_memory.c b/src/lib/krb5/ccache/cc_memory.c index 4a3b67c80a..cdddc58f50 100644 --- a/src/lib/krb5/ccache/cc_memory.c +++ b/src/lib/krb5/ccache/cc_memory.c @@ -415,7 +415,7 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr) return err; } - d->name = malloc(strlen(name) + 1); + d->name = strdup(name); if (d->name == NULL) { k5_cc_mutex_destroy(&d->lock); krb5_xfree(d); @@ -426,9 +426,6 @@ new_mcc_data (const char *name, krb5_mcc_data **dataptr) d->changetime = 0; update_mcc_change_time(d); - /* Set up the filename */ - strcpy(d->name, name); - n = malloc(sizeof(krb5_mcc_list_node)); if (n == NULL) { free(d->name); diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c index a5e171e242..14569fb596 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc.c +++ b/src/lib/krb5/ccache/ccapi/stdcc.c @@ -5,7 +5,7 @@ * Written by Frank Dabek July 1998 * Updated by Jeffrey Altman June 2006 * - * Copyright 1998, 1999, 2006 by the Massachusetts Institute of Technology. + * Copyright 1998, 1999, 2006, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -347,12 +347,11 @@ krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id ) } if (!err) { - name = (char *) malloc (sizeof (*name) * (strlen (ccstring->data) + 1)); + name = strdup (ccstring->data); if (!name) { err = KRB5_CC_NOMEM; } } if (!err) { - strcpy (name, ccstring->data); ccapi_data->cache_name = name; name = NULL; /* take ownership */ @@ -407,7 +406,7 @@ krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residu } if (!err) { - name = malloc (strlen(residual) + 1); + name = strdup (residual); if (!name) { err = KRB5_CC_NOMEM; } } @@ -421,7 +420,6 @@ krb5_stdccv3_resolve (krb5_context context, krb5_ccache *id , const char *residu } if (!err) { - strcpy(name, residual); ccapi_data->cache_name = name; name = NULL; /* take ownership */ @@ -850,6 +848,10 @@ krb5_stdccv3_remove (krb5_context context, } if (err == ccIteratorEnd) { err = ccErrCredentialsNotFound; } + if (iterator) { + err = cc_credentials_iterator_release(iterator); + } + if (!err) { cache_changed (); } @@ -936,12 +938,11 @@ krb5_stdccv3_ptcursor_next( } if (!err) { - name = (char *) malloc (sizeof (*name) * (strlen (ccstring->data) + 1)); + name = strdup (ccstring->data); if (!name) { err = KRB5_CC_NOMEM; } } if (!err) { - strcpy (name, ccstring->data); ccapi_data->cache_name = name; name = NULL; /* take ownership */ @@ -1198,15 +1199,13 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_resolve if (!(ccapi_data = (stdccCacheDataPtr)malloc(sizeof(stdccCacheData)))) goto errout; - if (!(cName = malloc(strlen(residual)+1))) + if (!(cName = strdup(residual))) goto errout; newCache->ops = &krb5_cc_stdcc_ops; newCache->data = ccapi_data; ccapi_data->cache_name = cName; - strcpy(cName, residual); - err = cc_open(gCntrlBlock, cName, CC_CRED_V5, 0L, &ccapi_data->NamedCache); if (err != CC_NOERROR) { diff --git a/src/lib/krb5/ccache/ccdefault.c b/src/lib/krb5/ccache/ccdefault.c index e5006de220..c4f9f292e6 100644 --- a/src/lib/krb5/ccache/ccdefault.c +++ b/src/lib/krb5/ccache/ccdefault.c @@ -31,6 +31,7 @@ #if defined(USE_KIM) #include +#include "kim_library_private.h" #elif defined(USE_LEASH) static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL; static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; @@ -78,7 +79,7 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) } #ifdef USE_KIM - { + if (kim_library_allow_automatic_prompting ()) { kim_error err = KIM_NO_ERROR; kim_ccache kimccache = NULL; kim_identity identity = KIM_IDENTITY_ANY; @@ -111,7 +112,8 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) if (!err) { krb5_cc_set_default_name (context, name); } - + + kim_identity_free (&identity); kim_string_free (&name); kim_ccache_free (&kimccache); } diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c index 853d6c90b8..5d95a64289 100644 --- a/src/lib/krb5/ccache/ccfns.c +++ b/src/lib/krb5/ccache/ccfns.c @@ -1,7 +1,7 @@ /* * lib/krb5/ccache/ccfns.c * - * Copyright 2000, 2007 by the Massachusetts Institute of Technology. + * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -69,6 +69,9 @@ krb5_cc_store_cred (krb5_context context, krb5_ccache cache, krb5_ticket *tkt; krb5_principal s1, s2; + /* remove any dups */ + krb5_cc_remove_cred(context, cache, 0, creds); + ret = cache->ops->store(context, cache, creds); if (ret) return ret; @@ -82,9 +85,11 @@ krb5_cc_store_cred (krb5_context context, krb5_ccache cache, if (ret) return 0; s2 = tkt->server; if (!krb5_principal_compare(context, s1, s2)) { - creds->server = s2; - ret = cache->ops->store(context, cache, creds); - creds->server = s1; + creds->server = s2; + /* remove any dups */ + krb5_cc_remove_cred(context, cache, 0, creds); + ret = cache->ops->store(context, cache, creds); + creds->server = s1; } krb5_free_ticket(context, tkt); return ret; diff --git a/src/lib/krb5/ccache/deps b/src/lib/krb5/ccache/deps new file mode 100644 index 0000000000..fa42f24d2f --- /dev/null +++ b/src/lib/krb5/ccache/deps @@ -0,0 +1,126 @@ +# +# Generated makefile dependencies follow. +# +ccbase.so ccbase.po $(OUTPRE)ccbase.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + cc-int.h ccbase.c fcc.h +cccopy.so cccopy.po $(OUTPRE)cccopy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + cccopy.c +cccursor.so cccursor.po $(OUTPRE)cccursor.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cc-int.h cccursor.c +ccdefault.so ccdefault.po $(OUTPRE)ccdefault.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ccdefault.c +ccdefops.so ccdefops.po $(OUTPRE)ccdefops.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ccdefops.c fcc.h +cc_retr.so cc_retr.po $(OUTPRE)cc_retr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + cc-int.h cc_retr.c +cc_file.so cc_file.po $(OUTPRE)cc_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + cc-int.h cc_file.c +cc_memory.so cc_memory.po $(OUTPRE)cc_memory.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cc-int.h cc_memory.c +cc_keyring.so cc_keyring.po $(OUTPRE)cc_keyring.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cc-int.h cc_keyring.c +ccfns.so ccfns.po $(OUTPRE)ccfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ccfns.c +ser_cc.so ser_cc.po $(OUTPRE)ser_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ser_cc.c +t_cc.so t_cc.po $(OUTPRE)t_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + t_cc.c +t_cccursor.so t_cccursor.po $(OUTPRE)t_cccursor.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h t_cccursor.c diff --git a/src/lib/krb5/deps b/src/lib/krb5/deps new file mode 100644 index 0000000000..1923dd2cf1 --- /dev/null +++ b/src/lib/krb5/deps @@ -0,0 +1,15 @@ +# +# Generated makefile dependencies follow. +# +krb5_libinit.so krb5_libinit.po $(OUTPRE)krb5_libinit.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/ccache/cc-int.h \ + $(srcdir)/keytab/kt-int.h $(srcdir)/os/os-proto.h $(srcdir)/rcache/rc-int.h \ + krb5_libinit.c krb5_libinit.h diff --git a/src/lib/krb5/error_tables/Makefile.in b/src/lib/krb5/error_tables/Makefile.in index e07f63b433..ec4c9202c7 100644 --- a/src/lib/krb5/error_tables/Makefile.in +++ b/src/lib/krb5/error_tables/Makefile.in @@ -58,18 +58,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -asn1_err.so asn1_err.po $(OUTPRE)asn1_err.$(OBJEXT): \ - $(COM_ERR_DEPS) asn1_err.c -kdb5_err.so kdb5_err.po $(OUTPRE)kdb5_err.$(OBJEXT): \ - $(COM_ERR_DEPS) kdb5_err.c -krb5_err.so krb5_err.po $(OUTPRE)krb5_err.$(OBJEXT): \ - $(COM_ERR_DEPS) krb5_err.c -kv5m_err.so kv5m_err.po $(OUTPRE)kv5m_err.$(OBJEXT): \ - $(COM_ERR_DEPS) kv5m_err.c -krb524_err.so krb524_err.po $(OUTPRE)krb524_err.$(OBJEXT): \ - $(COM_ERR_DEPS) krb524_err.c diff --git a/src/lib/krb5/error_tables/deps b/src/lib/krb5/error_tables/deps new file mode 100644 index 0000000000..3828bd380a --- /dev/null +++ b/src/lib/krb5/error_tables/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +asn1_err.so asn1_err.po $(OUTPRE)asn1_err.$(OBJEXT): \ + $(COM_ERR_DEPS) asn1_err.c +kdb5_err.so kdb5_err.po $(OUTPRE)kdb5_err.$(OBJEXT): \ + $(COM_ERR_DEPS) kdb5_err.c +krb5_err.so krb5_err.po $(OUTPRE)krb5_err.$(OBJEXT): \ + $(COM_ERR_DEPS) krb5_err.c +kv5m_err.so kv5m_err.po $(OUTPRE)kv5m_err.$(OBJEXT): \ + $(COM_ERR_DEPS) kv5m_err.c +krb524_err.so krb524_err.po $(OUTPRE)krb524_err.$(OBJEXT): \ + $(COM_ERR_DEPS) krb524_err.c diff --git a/src/lib/krb5/error_tables/krb5_err.et b/src/lib/krb5/error_tables/krb5_err.et index e166242875..5e699c2064 100644 --- a/src/lib/krb5/error_tables/krb5_err.et +++ b/src/lib/krb5/error_tables/krb5_err.et @@ -66,8 +66,8 @@ error_code KRB5KDC_ERR_PREAUTH_FAILED, "Preauthentication failed" # ^^ 24 error_code KRB5KDC_ERR_PREAUTH_REQUIRED, "Additional pre-authentication required" error_code KRB5KDC_ERR_SERVER_NOMATCH, "Requested server and ticket don't match" -error_code KRB5PLACEHOLD_27, "KRB5 error code 27" -error_code KRB5PLACEHOLD_28, "KRB5 error code 28" +error_code KRB5KDC_ERR_MUST_USE_USER2USER, "Server principal valid for user2user only" +error_code KRB5KDC_ERR_PATH_NOT_ACCEPTED, "KDC policy rejects transited path" error_code KRB5KDC_ERR_SVC_UNAVAILABLE, "A service is not available that is required to process the request" error_code KRB5PLACEHOLD_30, "KRB5 error code 30" # vv 31 @@ -108,9 +108,9 @@ error_code KRB5KDC_ERR_KDC_NOT_TRUSTED, "KDC not trusted" error_code KRB5KDC_ERR_INVALID_SIG, "Invalid signature" error_code KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED, "Key parameters not accepted" error_code KRB5KDC_ERR_CERTIFICATE_MISMATCH, "Certificate mismatch" -error_code KRB5PLACEHOLD_67, "KRB5 error code 67" -error_code KRB5PLACEHOLD_68, "KRB5 error code 68" -error_code KRB5PLACEHOLD_69, "KRB5 error code 69" +error_code KRB5KRB_AP_ERR_NO_TGT, "No ticket granting ticket" +error_code KRB5KDC_ERR_WRONG_REALM, "Realm not local to KDC" +error_code KRB5KRB_AP_ERR_USER_TO_USER_REQUIRED, "User to user required" error_code KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE, "Can't verify certificate" error_code KRB5KDC_ERR_INVALID_CERTIFICATE, "Invalid certificate" error_code KRB5KDC_ERR_REVOKED_CERTIFICATE, "Revoked certificate" diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in index 94a70b1b2b..c422e9c937 100644 --- a/src/lib/krb5/keytab/Makefile.in +++ b/src/lib/krb5/keytab/Makefile.in @@ -78,114 +78,3 @@ clean-windows:: @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -ktadd.so ktadd.po $(OUTPRE)ktadd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ktadd.c -ktbase.so ktbase.po $(OUTPRE)ktbase.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kt-int.h ktbase.c -ktdefault.so ktdefault.po $(OUTPRE)ktdefault.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - ktdefault.c -ktfr_entry.so ktfr_entry.po $(OUTPRE)ktfr_entry.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - ktfr_entry.c -ktremove.so ktremove.po $(OUTPRE)ktremove.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - ktremove.c -ktfns.so ktfns.po $(OUTPRE)ktfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ktfns.c -kt_file.so kt_file.po $(OUTPRE)kt_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kt_file.c -kt_memory.so kt_memory.po $(OUTPRE)kt_memory.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kt-int.h kt_memory.c -kt_srvtab.so kt_srvtab.po $(OUTPRE)kt_srvtab.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kt_srvtab.c -read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - read_servi.c -t_keytab.so t_keytab.po $(OUTPRE)t_keytab.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - t_keytab.c diff --git a/src/lib/krb5/keytab/deps b/src/lib/krb5/keytab/deps new file mode 100644 index 0000000000..32ab2bc41c --- /dev/null +++ b/src/lib/krb5/keytab/deps @@ -0,0 +1,113 @@ +# +# Generated makefile dependencies follow. +# +ktadd.so ktadd.po $(OUTPRE)ktadd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ktadd.c +ktbase.so ktbase.po $(OUTPRE)ktbase.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kt-int.h ktbase.c +ktdefault.so ktdefault.po $(OUTPRE)ktdefault.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ktdefault.c +ktfr_entry.so ktfr_entry.po $(OUTPRE)ktfr_entry.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ktfr_entry.c +ktremove.so ktremove.po $(OUTPRE)ktremove.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ktremove.c +ktfns.so ktfns.po $(OUTPRE)ktfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ktfns.c +kt_file.so kt_file.po $(OUTPRE)kt_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kt_file.c +kt_memory.so kt_memory.po $(OUTPRE)kt_memory.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kt-int.h kt_memory.c +kt_srvtab.so kt_srvtab.po $(OUTPRE)kt_srvtab.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kt_srvtab.c +read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h read_servi.c +t_keytab.so t_keytab.po $(OUTPRE)t_keytab.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h t_keytab.c diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index cd2298ba54..83fb264852 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -221,14 +221,13 @@ ktfile_common_resolve(krb5_context context, const char *name, return err; } - if ((data->name = (char *)calloc(strlen(name) + 1, sizeof(char))) == NULL) { + if ((data->name = strdup(name)) == NULL) { k5_mutex_destroy(&data->lock); krb5_xfree(data); krb5_xfree(*id); return(ENOMEM); } - (void) strcpy(data->name, name); data->openf = 0; data->version = 0; data->iter_count = 0; @@ -441,21 +440,12 @@ krb5_ktfile_get_name(krb5_context context, krb5_keytab id, char *name, unsigned * trt will happen if the name is passed back to resolve. */ { - memset(name, 0, len); - - if (len < strlen(id->ops->prefix)+2) - return(KRB5_KT_NAME_TOOLONG); - strcpy(name, id->ops->prefix); - name += strlen(id->ops->prefix); - name[0] = ':'; - name++; - len -= strlen(id->ops->prefix)+1; + int result; - if (len < strlen(KTFILENAME(id))+1) + memset(name, 0, len); + result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id)); + if (SNPRINTF_OVERFLOW(result, len)) return(KRB5_KT_NAME_TOOLONG); - strcpy(name, KTFILENAME(id)); - /* strcpy will NUL-terminate the destination */ - return(0); } diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c index eb1dd77e03..53d15edd87 100644 --- a/src/lib/krb5/keytab/kt_memory.c +++ b/src/lib/krb5/keytab/kt_memory.c @@ -252,7 +252,7 @@ krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id) goto done; } - if ((data->name = (char *)calloc(strlen(name) + 1, sizeof(char))) == NULL) { + if ((data->name = strdup(name)) == NULL) { k5_mutex_destroy(&data->lock); krb5_xfree(data); krb5_xfree(list->keytab); @@ -261,8 +261,6 @@ krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id) goto done; } - (void) strcpy(data->name, name); - data->link = NULL; data->refcount = 0; list->keytab->data = (krb5_pointer)data; @@ -474,21 +472,12 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id, krb5_error_code KRB5_CALLCONV krb5_mkt_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len) { - memset(name, 0, len); - - if (len < strlen(id->ops->prefix)+2) - return(KRB5_KT_NAME_TOOLONG); - strcpy(name, id->ops->prefix); - name += strlen(id->ops->prefix); - name[0] = ':'; - name++; - len -= strlen(id->ops->prefix)+1; + int result; - if (len < strlen(KTNAME(id))+1) + memset(name, 0, len); + result = snprintf(name, len, "%s:%s", id->ops->prefix, KTNAME(id)); + if (SNPRINTF_OVERFLOW(result, len)) return(KRB5_KT_NAME_TOOLONG); - strcpy(name, KTNAME(id)); - /* strcpy will NUL-terminate the destination */ - return(0); } diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index 2bc4603454..4555ca3329 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -127,14 +127,13 @@ krb5_ktsrvtab_resolve(krb5_context context, const char *name, krb5_keytab *id) return(ENOMEM); } - data->name = (char *)malloc(strlen(name) + 1); + data->name = strdup(name); if (data->name == NULL) { krb5_xfree(data); krb5_xfree(*id); return(ENOMEM); } - (void) strcpy(data->name, name); data->openf = 0; (*id)->data = (krb5_pointer)data; @@ -249,21 +248,12 @@ krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigne * trt will happen if the name is passed back to resolve. */ { - memset(name, 0, len); - - if (len < strlen(id->ops->prefix)+2) - return(KRB5_KT_NAME_TOOLONG); - strcpy(name, id->ops->prefix); - name += strlen(id->ops->prefix); - name[0] = ':'; - name++; - len -= strlen(id->ops->prefix)+1; + int result; - if (len < strlen(KTFILENAME(id))+1) + memset(name, 0, len); + result = snprintf(name, len, "%s:%s", id->ops->prefix, KTFILENAME(id)); + if (SNPRINTF_OVERFLOW(result, len)) return(KRB5_KT_NAME_TOOLONG); - strcpy(name, KTFILENAME(id)); - /* strcpy will NUL-terminate the destination */ - return(0); } diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c index b68b351c6a..9d51745402 100644 --- a/src/lib/krb5/keytab/ktbase.c +++ b/src/lib/krb5/keytab/ktbase.c @@ -181,6 +181,11 @@ krb5_kt_resolve (krb5_context context, const char *name, krb5_keytab *ktid) return ENOMEM; resid = name; + } else if (name[0] == '/') { + pfx = strdup("FILE"); + if (!pfx) + return ENOMEM; + resid = name; } else { resid = name + pfxlen + 1; diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index acbb66a639..4e60b04051 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -64,6 +64,7 @@ STLIBOBJS= \ mk_req.o \ mk_req_ext.o \ mk_safe.o \ + pac.o \ parse.o \ pr_to_salt.o \ preauth.o \ @@ -94,7 +95,6 @@ STLIBOBJS= \ str_conv.o \ tgtname.o \ unparse.o \ - v4lifetime.o \ valid_times.o \ vfy_increds.o \ vic_opt.o \ @@ -151,7 +151,8 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \ $(OUTPRE)mk_req.$(OBJEXT) \ $(OUTPRE)mk_req_ext.$(OBJEXT) \ $(OUTPRE)mk_safe.$(OBJEXT) \ - $(OUTPRE)parse.$(OBJEXT) \ + $(OUTPRE)pac.$(OBJEXT) \ + $(OUTPRE)parse.$(OBJEXT) \ $(OUTPRE)pr_to_salt.$(OBJEXT) \ $(OUTPRE)preauth.$(OBJEXT) \ $(OUTPRE)preauth2.$(OBJEXT) \ @@ -181,7 +182,6 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \ $(OUTPRE)str_conv.$(OBJEXT) \ $(OUTPRE)tgtname.$(OBJEXT) \ $(OUTPRE)unparse.$(OBJEXT) \ - $(OUTPRE)v4lifetime.$(OBJEXT) \ $(OUTPRE)valid_times.$(OBJEXT) \ $(OUTPRE)vfy_increds.$(OBJEXT) \ $(OUTPRE)vic_opt.$(OBJEXT) \ @@ -239,6 +239,7 @@ SRCS= $(srcdir)/addr_comp.c \ $(srcdir)/mk_req.c \ $(srcdir)/mk_req_ext.c \ $(srcdir)/mk_safe.c \ + $(srcdir)/pac.c \ $(srcdir)/parse.c \ $(srcdir)/pr_to_salt.c \ $(srcdir)/preauth.c \ @@ -269,7 +270,6 @@ SRCS= $(srcdir)/addr_comp.c \ $(srcdir)/str_conv.c \ $(srcdir)/tgtname.c \ $(srcdir)/unparse.c \ - $(srcdir)/v4lifetime.c \ $(srcdir)/valid_times.c \ $(srcdir)/vfy_increds.c \ $(srcdir)/vic_opt.c \ @@ -297,7 +297,7 @@ clean-unix:: clean-libobjs COMERRLIB=$(TOPLIBD)/libcom_err.a T_WALK_RTREE_OBJS= t_walk_rtree.o walk_rtree.o tgtname.o unparse.o \ - free_rtree.o bld_pr_ext.o + free_rtree.o bld_pr_ext.o copy_data.o T_KERB_OBJS= t_kerb.o conv_princ.o unparse.o set_realm.o str_conv.o @@ -354,8 +354,8 @@ check-unix:: $(TEST_PROGS) $(RUN_SETUP) $(VALGRIND) ./t_ser $(RUN_SETUP) $(VALGRIND) ./t_deltat $(RUN_SETUP) $(VALGRIND) sh $(srcdir)/transit-tests - : known to fail "http://krbdev.mit.edu/rt/Ticket/Display.html?id=5947" - -$(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests + KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ + $(RUN_SETUP) $(VALGRIND) sh $(srcdir)/walktree-tests clean:: $(RM) $(OUTPRE)t_walk_rtree$(EXEEXT) $(OUTPRE)t_walk_rtree.$(OBJEXT) \ @@ -366,898 +366,3 @@ clean:: @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -addr_comp.so addr_comp.po $(OUTPRE)addr_comp.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - addr_comp.c -addr_order.so addr_order.po $(OUTPRE)addr_order.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - addr_order.c -addr_srch.so addr_srch.po $(OUTPRE)addr_srch.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - addr_srch.c -appdefault.so appdefault.po $(OUTPRE)appdefault.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - appdefault.c -auth_con.so auth_con.po $(OUTPRE)auth_con.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - auth_con.c auth_con.h -bld_pr_ext.so bld_pr_ext.po $(OUTPRE)bld_pr_ext.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - bld_pr_ext.c -bld_princ.so bld_princ.po $(OUTPRE)bld_princ.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - bld_princ.c -brand.so brand.po $(OUTPRE)brand.$(OBJEXT): $(SRCTOP)/patchlevel.h \ - brand.c -chk_trans.so chk_trans.po $(OUTPRE)chk_trans.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - chk_trans.c -chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h chpw.c -conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - conv_creds.c -conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - conv_princ.c -copy_addrs.so copy_addrs.po $(OUTPRE)copy_addrs.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_addrs.c -copy_auth.so copy_auth.po $(OUTPRE)copy_auth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_auth.c -copy_athctr.so copy_athctr.po $(OUTPRE)copy_athctr.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_athctr.c -copy_cksum.so copy_cksum.po $(OUTPRE)copy_cksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_cksum.c -copy_creds.so copy_creds.po $(OUTPRE)copy_creds.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_creds.c -copy_data.so copy_data.po $(OUTPRE)copy_data.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_data.c -copy_key.so copy_key.po $(OUTPRE)copy_key.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_key.c -copy_princ.so copy_princ.po $(OUTPRE)copy_princ.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_princ.c -copy_tick.so copy_tick.po $(OUTPRE)copy_tick.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - copy_tick.c -cp_key_cnt.so cp_key_cnt.po $(OUTPRE)cp_key_cnt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cp_key_cnt.c -decode_kdc.so decode_kdc.po $(OUTPRE)decode_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - decode_kdc.c -decrypt_tk.so decrypt_tk.po $(OUTPRE)decrypt_tk.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - decrypt_tk.c -deltat.so deltat.po $(OUTPRE)deltat.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h deltat.c -enc_helper.so enc_helper.po $(OUTPRE)enc_helper.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - enc_helper.c -encode_kdc.so encode_kdc.po $(OUTPRE)encode_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - encode_kdc.c -encrypt_tk.so encrypt_tk.po $(OUTPRE)encrypt_tk.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - encrypt_tk.c -free_rtree.so free_rtree.po $(OUTPRE)free_rtree.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - free_rtree.c -fwd_tgt.so fwd_tgt.po $(OUTPRE)fwd_tgt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h fwd_tgt.c -gc_frm_kdc.so gc_frm_kdc.po $(OUTPRE)gc_frm_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - gc_frm_kdc.c int-proto.h -gc_via_tkt.so gc_via_tkt.po $(OUTPRE)gc_via_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - gc_via_tkt.c int-proto.h -gen_seqnum.so gen_seqnum.po $(OUTPRE)gen_seqnum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - gen_seqnum.c -gen_subkey.so gen_subkey.po $(OUTPRE)gen_subkey.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - gen_subkey.c -get_creds.so get_creds.po $(OUTPRE)get_creds.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - get_creds.c -get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(srcdir)/../os/os-proto.h get_in_tkt.c int-proto.h -gic_keytab.so gic_keytab.po $(OUTPRE)gic_keytab.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - gic_keytab.c -gic_opt.so gic_opt.po $(OUTPRE)gic_opt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h gic_opt.c int-proto.h -gic_pwd.so gic_pwd.po $(OUTPRE)gic_pwd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h gic_pwd.c -in_tkt_sky.so in_tkt_sky.po $(OUTPRE)in_tkt_sky.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - in_tkt_sky.c -init_ctx.so init_ctx.po $(OUTPRE)init_ctx.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/patchlevel.h $(srcdir)/../krb5_libinit.h \ - brand.c init_ctx.c -init_keyblock.so init_keyblock.po $(OUTPRE)init_keyblock.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - init_keyblock.c -kdc_rep_dc.so kdc_rep_dc.po $(OUTPRE)kdc_rep_dc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kdc_rep_dc.c -kerrs.so kerrs.po $(OUTPRE)kerrs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kerrs.c -kfree.so kfree.po $(OUTPRE)kfree.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kfree.c -mk_cred.so mk_cred.po $(OUTPRE)mk_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \ - mk_cred.c -mk_error.so mk_error.po $(OUTPRE)mk_error.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - mk_error.c -mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \ - mk_priv.c -mk_rep.so mk_rep.po $(OUTPRE)mk_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h mk_rep.c -mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h mk_req.c -mk_req_ext.so mk_req_ext.po $(OUTPRE)mk_req_ext.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - auth_con.h mk_req_ext.c -mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \ - mk_safe.c -parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h parse.c -pr_to_salt.so pr_to_salt.po $(OUTPRE)pr_to_salt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - pr_to_salt.c -preauth.so preauth.po $(OUTPRE)preauth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h preauth.c -preauth2.so preauth2.po $(OUTPRE)preauth2.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - int-proto.h preauth2.c -princ_comp.so princ_comp.po $(OUTPRE)princ_comp.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - princ_comp.c -rd_cred.so rd_cred.po $(OUTPRE)rd_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \ - rd_cred.c -rd_error.so rd_error.po $(OUTPRE)rd_error.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - rd_error.c -rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \ - rd_priv.c -rd_rep.so rd_rep.po $(OUTPRE)rd_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h rd_rep.c -rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h rd_req.c -rd_req_dec.so rd_req_dec.po $(OUTPRE)rd_req_dec.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - auth_con.h rd_req_dec.c -rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \ - rd_safe.c -recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - auth_con.h recvauth.c -sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - auth_con.h sendauth.c -send_tgs.so send_tgs.po $(OUTPRE)send_tgs.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - send_tgs.c -ser_actx.so ser_actx.po $(OUTPRE)ser_actx.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - auth_con.h int-proto.h ser_actx.c -ser_adata.so ser_adata.po $(OUTPRE)ser_adata.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - int-proto.h ser_adata.c -ser_addr.so ser_addr.po $(OUTPRE)ser_addr.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - int-proto.h ser_addr.c -ser_auth.so ser_auth.po $(OUTPRE)ser_auth.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - int-proto.h ser_auth.c -ser_cksum.so ser_cksum.po $(OUTPRE)ser_cksum.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - int-proto.h ser_cksum.c -ser_ctx.so ser_ctx.po $(OUTPRE)ser_ctx.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ser_ctx.c -ser_key.so ser_key.po $(OUTPRE)ser_key.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h int-proto.h ser_key.c -ser_princ.so ser_princ.po $(OUTPRE)ser_princ.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - int-proto.h ser_princ.c -serialize.so serialize.po $(OUTPRE)serialize.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - serialize.c -set_realm.so set_realm.po $(OUTPRE)set_realm.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - set_realm.c -srv_dec_tkt.so srv_dec_tkt.po $(OUTPRE)srv_dec_tkt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - srv_dec_tkt.c -srv_rcache.so srv_rcache.po $(OUTPRE)srv_rcache.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - srv_rcache.c -str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h str_conv.c -tgtname.so tgtname.po $(OUTPRE)tgtname.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h int-proto.h tgtname.c -unparse.so unparse.po $(OUTPRE)unparse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h unparse.c -v4lifetime.so v4lifetime.po $(OUTPRE)v4lifetime.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - v4lifetime.c -valid_times.so valid_times.po $(OUTPRE)valid_times.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - valid_times.c -vfy_increds.so vfy_increds.po $(OUTPRE)vfy_increds.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - int-proto.h vfy_increds.c -vic_opt.so vic_opt.po $(OUTPRE)vic_opt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h vic_opt.c -walk_rtree.so walk_rtree.po $(OUTPRE)walk_rtree.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - int-proto.h walk_rtree.c -t_walk_rtree.so t_walk_rtree.po $(OUTPRE)t_walk_rtree.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - t_walk_rtree.c -t_kerb.so t_kerb.po $(OUTPRE)t_kerb.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ - t_kerb.c -t_ser.so t_ser.po $(OUTPRE)t_ser.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h auth_con.h t_ser.c -t_deltat.so t_deltat.po $(OUTPRE)t_deltat.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - t_deltat.c -t_expand.so t_expand.po $(OUTPRE)t_expand.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - chk_trans.c t_expand.c diff --git a/src/lib/krb5/krb/addr_srch.c b/src/lib/krb5/krb/addr_srch.c index efab59f8fd..11a3ce0bb1 100644 --- a/src/lib/krb5/krb/addr_srch.c +++ b/src/lib/krb5/krb/addr_srch.c @@ -29,6 +29,20 @@ #include "k5-int.h" +static unsigned int +address_count(krb5_address *const *addrlist) +{ + unsigned int i; + + if (addrlist == NULL) + return 0; + + for (i = 0; addrlist[i]; i++) + ; + + return i; +} + /* * if addr is listed in addrlist, or addrlist is null, return TRUE. * if not listed, return FALSE @@ -36,6 +50,14 @@ krb5_boolean krb5_address_search(krb5_context context, const krb5_address *addr, krb5_address *const *addrlist) { + /* + * Treat an address list containing only a NetBIOS address + * as empty, because we presently have no way of associating + * a client with its NetBIOS address. + */ + if (address_count(addrlist) == 1 && + addrlist[0]->addrtype == ADDRTYPE_NETBIOS) + return TRUE; if (!addrlist) return TRUE; for (; *addrlist; addrlist++) { diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c index ba62d687e7..7c1858553d 100644 --- a/src/lib/krb5/krb/auth_con.c +++ b/src/lib/krb5/krb/auth_con.c @@ -34,8 +34,9 @@ krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context) (*auth_context)->req_cksumtype = context->default_ap_req_sumtype; (*auth_context)->safe_cksumtype = context->default_safe_sumtype; - (*auth_context) -> checksum_func = NULL; + (*auth_context)->checksum_func = NULL; (*auth_context)->checksum_func_data = NULL; + (*auth_context)->negotiated_etype = ENCTYPE_NULL; (*auth_context)->magic = KV5M_AUTH_CONTEXT; return 0; } @@ -243,13 +244,14 @@ krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_con *seqnumber = auth_context->local_seq_number; return 0; } - +#ifndef LEAN_CLIENT krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator **authenticator) { return (krb5_copy_authenticator(context, auth_context->authentp, authenticator)); } +#endif krb5_error_code KRB5_CALLCONV krb5_auth_con_getremoteseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 *seqnumber) diff --git a/src/lib/krb5/krb/auth_con.h b/src/lib/krb5/krb/auth_con.h index 9543de355e..be63bedbf4 100644 --- a/src/lib/krb5/krb/auth_con.h +++ b/src/lib/krb5/krb/auth_con.h @@ -21,8 +21,9 @@ struct _krb5_auth_context { krb5_pointer i_vector; /* mk_priv, rd_priv only */ krb5_rcache rcache; krb5_enctype * permitted_etypes; /* rd_req */ - krb5_mk_req_checksum_func checksum_func; - void *checksum_func_data; + krb5_mk_req_checksum_func checksum_func; + void *checksum_func_data; + krb5_enctype negotiated_etype; }; diff --git a/src/lib/krb5/krb/bld_pr_ext.c b/src/lib/krb5/krb/bld_pr_ext.c index c7236b7b5a..c1e19ba17f 100644 --- a/src/lib/krb5/krb/bld_pr_ext.c +++ b/src/lib/krb5/krb/bld_pr_ext.c @@ -93,7 +93,7 @@ krb5_build_principal_ext(krb5_context context, krb5_principal * princ, return 0; free_out: - while (i-- >= 0) + while (--i >= 0) krb5_xfree(princ_data[i].data); krb5_xfree(princ_data); krb5_xfree(princ_ret); diff --git a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c index 03bf1267e3..c7e996374c 100644 --- a/src/lib/krb5/krb/bld_princ.c +++ b/src/lib/krb5/krb/bld_princ.c @@ -30,84 +30,159 @@ #include #include "k5-int.h" -krb5_error_code -KRB5_CALLCONV -krb5_build_principal_va(krb5_context context, krb5_principal princ, unsigned int rlen, const char *realm, va_list ap) +/* Takes first component as argument for KIM API, + * which does not allow realms with zero components */ +static krb5_error_code +krb5int_build_principal_va(krb5_context context, + krb5_principal princ, + unsigned int rlen, + const char *realm, + const char *first, + va_list ap) { - register int i, count = 0; - register char *next; - char *tmpdata; - krb5_data *data; - - /* guess at an initial sufficent count of 2 pieces */ - count = 2; - - /* get space for array and realm, and insert realm */ - data = (krb5_data *) malloc(sizeof(krb5_data) * count); - if (data == 0) - return ENOMEM; - krb5_princ_set_realm_length(context, princ, rlen); - tmpdata = malloc(rlen); - if (!tmpdata) { - free (data); - return ENOMEM; + krb5_error_code retval = 0; + char *r = NULL; + krb5_data *data = NULL; + krb5_int32 count = 0; + krb5_int32 size = 2; /* initial guess at needed space */ + char *component = NULL; + + data = malloc(size * sizeof(krb5_data)); + if (!data) { retval = ENOMEM; } + + if (!retval) { + r = strdup(realm); + if (!r) { retval = ENOMEM; } + } + + if (!retval && first) { + data[0].length = strlen(first); + data[0].data = strdup(first); + if (!data[0].data) { retval = ENOMEM; } + count++; + + /* ap is only valid if first is non-NULL */ + while (!retval && (component = va_arg(ap, char *))) { + if (count == size) { + krb5_data *new_data = NULL; + + size *= 2; + new_data = realloc ((char *) data, sizeof(krb5_data) * size); + if (new_data) { + data = new_data; + } else { + retval = ENOMEM; + } + } + + if (!retval) { + data[count].length = strlen(component); + data[count].data = strdup(component); + if (!data[count].data) { retval = ENOMEM; } + count++; + } + } + } + + if (!retval) { + princ->type = KRB5_NT_UNKNOWN; + princ->magic = KV5M_PRINCIPAL; + krb5_princ_set_realm_data(context, princ, r); + krb5_princ_set_realm_length(context, princ, rlen); + princ->data = data; + princ->length = count; + r = NULL; /* take ownership */ + data = NULL; /* take ownership */ + } + + if (data) { + while (--count >= 0) { + krb5_xfree(data[count].data); + } + krb5_xfree(data); } - krb5_princ_set_realm_data(context, princ, tmpdata); - memcpy(tmpdata, realm, rlen); + krb5_xfree(r); + + return retval; +} - /* process rest of components */ +krb5_error_code KRB5_CALLCONV +krb5_build_principal_va(krb5_context context, + krb5_principal princ, + unsigned int rlen, + const char *realm, + va_list ap) +{ + char *first = va_arg(ap, char *); + + return krb5int_build_principal_va(context, princ, rlen, realm, first, ap); +} - for (i = 0, next = va_arg(ap, char *); - next; - next = va_arg(ap, char *), i++) { - if (i == count) { - /* not big enough. realloc the array */ - krb5_data *p_tmp; - p_tmp = (krb5_data *) realloc((char *)data, - sizeof(krb5_data)*(count*2)); - if (!p_tmp) { - free_out: - while (--i >= 0) - krb5_xfree(data[i].data); - krb5_xfree(data); - krb5_xfree(tmpdata); - return (ENOMEM); - } - count *= 2; - data = p_tmp; - } +/* Takes first component as argument for KIM API, + * which does not allow realms with zero components */ +krb5_error_code KRB5_CALLCONV +krb5int_build_principal_alloc_va(krb5_context context, + krb5_principal *princ, + unsigned int rlen, + const char *realm, + const char *first, + va_list ap) +{ + krb5_error_code retval = 0; + + krb5_principal p = malloc(sizeof(krb5_principal_data)); + if (!p) { retval = ENOMEM; } + + if (!retval) { + retval = krb5int_build_principal_va(context, p, rlen, realm, first, ap); + } + + if (!retval) { + *princ = p; + } else { + krb5_xfree(p); + } + + return retval; +} - data[i].length = strlen(next); - data[i].data = strdup(next); - if (!data[i].data) - goto free_out; +krb5_error_code KRB5_CALLCONV +krb5_build_principal_alloc_va(krb5_context context, + krb5_principal *princ, + unsigned int rlen, + const char *realm, + va_list ap) +{ + krb5_error_code retval = 0; + + krb5_principal p = malloc(sizeof(krb5_principal_data)); + if (!p) { retval = ENOMEM; } + + if (!retval) { + retval = krb5_build_principal_va(context, p, rlen, realm, ap); + } + + if (!retval) { + *princ = p; + } else { + krb5_xfree(p); } - princ->data = data; - princ->length = i; - princ->type = KRB5_NT_UNKNOWN; - princ->magic = KV5M_PRINCIPAL; - return 0; + + return retval; } krb5_error_code KRB5_CALLCONV_C -krb5_build_principal(krb5_context context, krb5_principal * princ, +krb5_build_principal(krb5_context context, + krb5_principal * princ, unsigned int rlen, const char * realm, ...) { + krb5_error_code retval = 0; va_list ap; - krb5_error_code retval; - krb5_principal pr_ret = (krb5_principal)malloc(sizeof(krb5_principal_data)); - - if (!pr_ret) - return ENOMEM; - + va_start(ap, realm); - retval = krb5_build_principal_va(context, pr_ret, rlen, realm, ap); + retval = krb5_build_principal_alloc_va(context, princ, rlen, realm, ap); va_end(ap); - if (retval == 0) - *princ = pr_ret; - else - krb5_xfree(pr_ret); - + return retval; } diff --git a/src/lib/krb5/krb/chk_trans.c b/src/lib/krb5/krb/chk_trans.c index 2a28542591..9af063ce3e 100644 --- a/src/lib/krb5/krb/chk_trans.c +++ b/src/lib/krb5/krb/chk_trans.c @@ -137,7 +137,7 @@ process_intermediates (krb5_error_code (*fn)(krb5_data *, void *), void *data, } static krb5_error_code -maybe_join (krb5_data *last, krb5_data *buf, int bufsiz) +maybe_join (krb5_data *last, krb5_data *buf, unsigned int bufsiz) { if (buf->length == 0) return 0; diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c index 287adfa0f3..851a9ecdda 100644 --- a/src/lib/krb5/krb/chpw.c +++ b/src/lib/krb5/krb/chpw.c @@ -269,6 +269,7 @@ krb5int_mk_setpw_req(krb5_context context, krb5_error_code ret; krb5_data cipherpw; krb5_data *encoded_setpw; + struct krb5_setpw_req req; char *ptr; @@ -279,7 +280,10 @@ krb5int_mk_setpw_req(krb5_context context, KRB5_AUTH_CONTEXT_DO_SEQUENCE))) return(ret); - ret = encode_krb5_setpw_req(targprinc, passwd, &encoded_setpw); + req.target = targprinc; + req.password.data = passwd; + req.password.length = strlen(passwd); + ret = encode_krb5_setpw_req(&req, &encoded_setpw); if (ret) { return ret; } diff --git a/src/lib/krb5/krb/conv_creds.c b/src/lib/krb5/krb/conv_creds.c index 68af733016..b6c610842a 100644 --- a/src/lib/krb5/krb/conv_creds.c +++ b/src/lib/krb5/krb/conv_creds.c @@ -27,238 +27,6 @@ #include "port-sockets.h" #include "socket-utils.h" -#if defined(KRB5_KRB4_COMPAT) || defined(_WIN32) /* yuck */ -#include "kerberosIV/krb.h" - -#ifdef USE_CCAPI -#include -#endif - -#define krb524_debug krb5int_krb524_debug -int krb524_debug = 0; - -static krb5_error_code krb524_convert_creds_plain -(krb5_context context, krb5_creds *v5creds, - CREDENTIALS *v4creds); - -static int decode_v4tkt - (struct ktext *v4tkt, char *buf, unsigned int *encoded_len); - -krb5_error_code KRB5_CALLCONV -krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, - CREDENTIALS *v4creds) -{ - krb5_error_code ret; - krb5_data reply; - char *p; - struct sockaddr_storage ss; - socklen_t slen = sizeof(ss); - - ret = krb524_convert_creds_plain(context, v5creds, v4creds); - if (ret) - return ret; - - reply.data = NULL; - ret = krb5int_524_sendto_kdc(context, &v5creds->ticket, - &v5creds->server->realm, &reply, - ss2sa(&ss), &slen); - if (ret) - return ret; - -#if TARGET_OS_MAC -#ifdef USE_CCAPI - v4creds->stk_type = cc_v4_stk_des; -#endif - if (slen == sizeof(struct sockaddr_in) - && ss2sa(&ss)->sa_family == AF_INET) { - v4creds->address = ss2sin(&ss)->sin_addr.s_addr; - } - /* Otherwise, leave it set to all-zero. */ -#endif - - p = reply.data; - ret = ntohl(*((krb5_error_code *) p)); - p += sizeof(krb5_int32); - reply.length -= sizeof(krb5_int32); - if (ret) - goto fail; - - v4creds->kvno = ntohl(*((krb5_error_code *) p)); - p += sizeof(krb5_int32); - reply.length -= sizeof(krb5_int32); - ret = decode_v4tkt(&v4creds->ticket_st, p, &reply.length); - -fail: - if (reply.data) - free(reply.data); - reply.data = NULL; - return ret; -} - -static krb5_error_code -krb524_convert_creds_plain(context, v5creds, v4creds) - krb5_context context; - krb5_creds *v5creds; - CREDENTIALS *v4creds; -{ - int ret; - krb5_timestamp endtime; - char dummy[REALM_SZ]; - memset((char *) v4creds, 0, sizeof(CREDENTIALS)); - - if ((ret = krb5_524_conv_principal(context, v5creds->client, - v4creds->pname, v4creds->pinst, - dummy))) - return ret; - if ((ret = krb5_524_conv_principal(context, v5creds->server, - v4creds->service, v4creds->instance, - v4creds->realm))) - return ret; - - /* Check enctype too */ - if (v5creds->keyblock.length != sizeof(C_Block)) { - if (krb524_debug) - fprintf(stderr, "v5 session keyblock length %d != C_Block size %d\n", - v5creds->keyblock.length, - (int) sizeof(C_Block)); - return KRB524_BADKEY; - } else - memcpy(v4creds->session, (char *) v5creds->keyblock.contents, - sizeof(C_Block)); - - /* V4 has no concept of authtime or renew_till, so ignore them */ - v4creds->issue_date = v5creds->times.starttime; - v4creds->lifetime = krb5int_krb_time_to_life(v5creds->times.starttime, - v5creds->times.endtime); - endtime = krb5int_krb_life_to_time(v4creds->issue_date, - v4creds->lifetime); - /* - * Adjust start time backwards to deal with rounding up in - * krb_time_to_life(), to match code on server side. - */ - if (endtime > v5creds->times.endtime) - v4creds->issue_date -= endtime - v5creds->times.endtime; - - return 0; -} - -/* this used to be krb524/encode.c, under same copyright as above */ -/* - * I'm sure that this is reinventing the wheel, but I don't know where - * the wheel is hidden. - */ - -int encode_v4tkt (KTEXT_ST *, char *, unsigned int *); -static int encode_bytes (char **, int *, char *, unsigned int), - encode_int32 (char **, int *, krb5_int32 *); - -static int decode_bytes (char **, int *, char *, unsigned int), - decode_int32 (char **, int *, krb5_int32 *); - -static int encode_bytes(out, outlen, in, len) - char **out; - int *outlen; - char *in; - unsigned int len; -{ - if (len > *outlen) - return KRB524_ENCFULL; - memcpy(*out, in, len); - *out += len; - *outlen -= len; - return 0; -} - -static int encode_int32(out, outlen, v) - char **out; - int *outlen; - krb5_int32 *v; -{ - krb5_int32 nv; /* Must be 4 bytes */ - - nv = htonl(*v); - return encode_bytes(out, outlen, (char *) &nv, sizeof(nv)); -} - -int krb5int_encode_v4tkt(v4tkt, buf, encoded_len) - KTEXT_ST *v4tkt; - char *buf; - unsigned int *encoded_len; -{ - int buflen, ret; - krb5_int32 temp; - - buflen = *encoded_len; - - if (v4tkt->length < MAX_KTXT_LEN) - memset(v4tkt->dat + v4tkt->length, 0, - (unsigned int) (MAX_KTXT_LEN - v4tkt->length)); - temp = v4tkt->length; - if ((ret = encode_int32(&buf, &buflen, &temp))) - return ret; - if ((ret = encode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN))) - return ret; - temp = v4tkt->mbz; - if ((ret = encode_int32(&buf, &buflen, &temp))) - return ret; - - *encoded_len -= buflen; - return 0; -} - -/* decode functions */ - -static int decode_bytes(out, outlen, in, len) - char **out; - int *outlen; - char *in; - unsigned int len; -{ - if (len > *outlen) - return KRB524_DECEMPTY; - memcpy(in, *out, len); - *out += len; - *outlen -= len; - return 0; -} - -static int decode_int32(out, outlen, v) - char **out; - int *outlen; - krb5_int32 *v; -{ - int ret; - krb5_int32 nv; /* Must be four bytes */ - - if ((ret = decode_bytes(out, outlen, (char *) &nv, sizeof(nv)))) - return ret; - *v = ntohl(nv); - return 0; -} - -static int decode_v4tkt(v4tkt, buf, encoded_len) - KTEXT_ST *v4tkt; - char *buf; - unsigned int *encoded_len; -{ - int buflen, ret; - krb5_int32 temp; - - buflen = *encoded_len; - if ((ret = decode_int32(&buf, &buflen, &temp))) - return ret; - v4tkt->length = temp; - if ((ret = decode_bytes(&buf, &buflen, (char *)v4tkt->dat, MAX_KTXT_LEN))) - return ret; - if ((ret = decode_int32(&buf, &buflen, &temp))) - return ret; - v4tkt->mbz = temp; - *encoded_len -= buflen; - return 0; -} - -#else /* no krb4 compat */ - krb5_error_code KRB5_CALLCONV krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds) @@ -266,8 +34,6 @@ krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, return KRB524_KRB4_DISABLED; } -#endif - /* These may be needed for object-level backwards compatibility on Mac OS and UNIX, but Windows should be okay. */ #ifndef _WIN32 @@ -285,7 +51,7 @@ krb5_error_code KRB5_CALLCONV krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds) { - return krb5_524_convert_creds(context, v5creds, v4creds); + return KRB524_KRB4_DISABLED; } void KRB5_CALLCONV krb524_init_ets () diff --git a/src/lib/krb5/krb/conv_princ.c b/src/lib/krb5/krb/conv_princ.c index 3a1ca63b92..60c8115133 100644 --- a/src/lib/krb5/krb/conv_princ.c +++ b/src/lib/krb5/krb/conv_princ.c @@ -169,9 +169,8 @@ krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, * It is, so set the new name now, and chop off * instance's domain name if requested. */ - if (strlen (p->v4_str) > ANAME_SZ - 1) + if (strlcpy(name, p->v4_str, ANAME_SZ) >= ANAME_SZ) return KRB5_INVALID_PRINCIPAL; - strcpy(name, p->v4_str); if (p->flags & DO_REALM_CONVERSION) { compo = krb5_princ_component(context, princ, 1); c = strnchr(compo->data, '.', compo->length); diff --git a/src/lib/krb5/krb/copy_athctr.c b/src/lib/krb5/krb/copy_athctr.c index 2694776c2e..4d23c84701 100644 --- a/src/lib/krb5/krb/copy_athctr.c +++ b/src/lib/krb5/krb/copy_athctr.c @@ -28,7 +28,7 @@ */ #include "k5-int.h" - +#ifndef LEAN_CLIENT krb5_error_code KRB5_CALLCONV krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom, krb5_authenticator **authto) { @@ -79,3 +79,5 @@ krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom *authto = tempto; return 0; } +#endif + diff --git a/src/lib/krb5/krb/copy_auth.c b/src/lib/krb5/krb/copy_auth.c index 9c978cb6bf..cd27f72b52 100644 --- a/src/lib/krb5/krb/copy_auth.c +++ b/src/lib/krb5/krb/copy_auth.c @@ -26,6 +26,33 @@ * * krb5_copy_authdata() */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" @@ -80,3 +107,58 @@ krb5_copy_authdata(krb5_context context, krb5_authdata *const *inauthdat, krb5_a *outauthdat = tempauthdat; return 0; } + +krb5_error_code KRB5_CALLCONV +krb5_decode_authdata_container(krb5_context context, + krb5_authdatatype type, + const krb5_authdata *container, + krb5_authdata ***authdata) +{ + krb5_error_code code; + krb5_data data; + + *authdata = NULL; + + if ((container->ad_type & AD_TYPE_FIELD_TYPE_MASK) != type) + return EINVAL; + + data.length = container->length; + data.data = (char *)container->contents; + + code = decode_krb5_authdata(&data, authdata); + if (code) + return code; + + return 0; +} + +krb5_error_code KRB5_CALLCONV +krb5_encode_authdata_container(krb5_context context, + krb5_authdatatype type, + krb5_authdata *const*authdata, + krb5_authdata ***container) +{ + krb5_error_code code; + krb5_data *data; + krb5_authdata ad_datum; + krb5_authdata *ad_data[2]; + + *container = NULL; + + code = encode_krb5_authdata((krb5_authdata * const *)authdata, &data); + if (code) + return code; + + ad_datum.ad_type = type & AD_TYPE_FIELD_TYPE_MASK; + ad_datum.length = data->length; + ad_datum.contents = (unsigned char *)data->data; + + ad_data[0] = &ad_datum; + ad_data[1] = NULL; + + code = krb5_copy_authdata(context, ad_data, container); + + krb5_free_data(context, data); + + return code; +} diff --git a/src/lib/krb5/krb/deps b/src/lib/krb5/krb/deps new file mode 100644 index 0000000000..23f3ea54f3 --- /dev/null +++ b/src/lib/krb5/krb/deps @@ -0,0 +1,912 @@ +# +# Generated makefile dependencies follow. +# +addr_comp.so addr_comp.po $(OUTPRE)addr_comp.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h addr_comp.c +addr_order.so addr_order.po $(OUTPRE)addr_order.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h addr_order.c +addr_srch.so addr_srch.po $(OUTPRE)addr_srch.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h addr_srch.c +appdefault.so appdefault.po $(OUTPRE)appdefault.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h appdefault.c +auth_con.so auth_con.po $(OUTPRE)auth_con.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h auth_con.c auth_con.h +bld_pr_ext.so bld_pr_ext.po $(OUTPRE)bld_pr_ext.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h bld_pr_ext.c +bld_princ.so bld_princ.po $(OUTPRE)bld_princ.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h bld_princ.c +brand.so brand.po $(OUTPRE)brand.$(OBJEXT): $(SRCTOP)/patchlevel.h \ + brand.c +chk_trans.so chk_trans.po $(OUTPRE)chk_trans.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h chk_trans.c +chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h chpw.c +conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h conv_creds.c +conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h conv_princ.c +copy_addrs.so copy_addrs.po $(OUTPRE)copy_addrs.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_addrs.c +copy_auth.so copy_auth.po $(OUTPRE)copy_auth.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_auth.c +copy_athctr.so copy_athctr.po $(OUTPRE)copy_athctr.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_athctr.c +copy_cksum.so copy_cksum.po $(OUTPRE)copy_cksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_cksum.c +copy_creds.so copy_creds.po $(OUTPRE)copy_creds.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_creds.c +copy_data.so copy_data.po $(OUTPRE)copy_data.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_data.c +copy_key.so copy_key.po $(OUTPRE)copy_key.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_key.c +copy_princ.so copy_princ.po $(OUTPRE)copy_princ.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_princ.c +copy_tick.so copy_tick.po $(OUTPRE)copy_tick.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h copy_tick.c +cp_key_cnt.so cp_key_cnt.po $(OUTPRE)cp_key_cnt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cp_key_cnt.c +decode_kdc.so decode_kdc.po $(OUTPRE)decode_kdc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h decode_kdc.c +decrypt_tk.so decrypt_tk.po $(OUTPRE)decrypt_tk.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h decrypt_tk.c +deltat.so deltat.po $(OUTPRE)deltat.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + deltat.c +enc_helper.so enc_helper.po $(OUTPRE)enc_helper.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h enc_helper.c +encode_kdc.so encode_kdc.po $(OUTPRE)encode_kdc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h encode_kdc.c +encrypt_tk.so encrypt_tk.po $(OUTPRE)encrypt_tk.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h encrypt_tk.c +free_rtree.so free_rtree.po $(OUTPRE)free_rtree.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h free_rtree.c +fwd_tgt.so fwd_tgt.po $(OUTPRE)fwd_tgt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + fwd_tgt.c +gc_frm_kdc.so gc_frm_kdc.po $(OUTPRE)gc_frm_kdc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h gc_frm_kdc.c int-proto.h +gc_via_tkt.so gc_via_tkt.po $(OUTPRE)gc_via_tkt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h gc_via_tkt.c int-proto.h +gen_seqnum.so gen_seqnum.po $(OUTPRE)gen_seqnum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h gen_seqnum.c +gen_subkey.so gen_subkey.po $(OUTPRE)gen_subkey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h gen_subkey.c +get_creds.so get_creds.po $(OUTPRE)get_creds.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h get_creds.c int-proto.h +get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../os/os-proto.h \ + get_in_tkt.c int-proto.h +gic_keytab.so gic_keytab.po $(OUTPRE)gic_keytab.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h gic_keytab.c +gic_opt.so gic_opt.po $(OUTPRE)gic_opt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + gic_opt.c int-proto.h +gic_pwd.so gic_pwd.po $(OUTPRE)gic_pwd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + gic_pwd.c +in_tkt_sky.so in_tkt_sky.po $(OUTPRE)in_tkt_sky.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h in_tkt_sky.c +init_ctx.so init_ctx.po $(OUTPRE)init_ctx.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/patchlevel.h \ + $(srcdir)/../krb5_libinit.h brand.c init_ctx.c +init_keyblock.so init_keyblock.po $(OUTPRE)init_keyblock.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h init_keyblock.c +kdc_rep_dc.so kdc_rep_dc.po $(OUTPRE)kdc_rep_dc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdc_rep_dc.c +kerrs.so kerrs.po $(OUTPRE)kerrs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kerrs.c +kfree.so kfree.po $(OUTPRE)kfree.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kfree.c +mk_cred.so mk_cred.po $(OUTPRE)mk_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h cleanup.h mk_cred.c +mk_error.so mk_error.po $(OUTPRE)mk_error.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h mk_error.c +mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h cleanup.h mk_priv.c +mk_rep.so mk_rep.po $(OUTPRE)mk_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h mk_rep.c +mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h mk_req.c +mk_req_ext.so mk_req_ext.po $(OUTPRE)mk_req_ext.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h auth_con.h mk_req_ext.c +mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h cleanup.h mk_safe.c +pac.so pac.po $(OUTPRE)pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-utf8.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h pac.c +parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + parse.c +pr_to_salt.so pr_to_salt.po $(OUTPRE)pr_to_salt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h pr_to_salt.c +preauth.so preauth.po $(OUTPRE)preauth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + preauth.c +preauth2.so preauth2.po $(OUTPRE)preauth2.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h int-proto.h preauth2.c +princ_comp.so princ_comp.po $(OUTPRE)princ_comp.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-unicode.h $(SRCTOP)/include/k5-utf8.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h princ_comp.c +rd_cred.so rd_cred.po $(OUTPRE)rd_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h cleanup.h rd_cred.c +rd_error.so rd_error.po $(OUTPRE)rd_error.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h rd_error.c +rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h cleanup.h rd_priv.c +rd_rep.so rd_rep.po $(OUTPRE)rd_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h rd_rep.c +rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h rd_req.c +rd_req_dec.so rd_req_dec.po $(OUTPRE)rd_req_dec.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h auth_con.h rd_req_dec.c +rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h cleanup.h rd_safe.c +recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h auth_con.h recvauth.c +sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h auth_con.h sendauth.c +send_tgs.so send_tgs.po $(OUTPRE)send_tgs.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h send_tgs.c +ser_actx.so ser_actx.po $(OUTPRE)ser_actx.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h auth_con.h int-proto.h \ + ser_actx.c +ser_adata.so ser_adata.po $(OUTPRE)ser_adata.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h int-proto.h ser_adata.c +ser_addr.so ser_addr.po $(OUTPRE)ser_addr.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h int-proto.h ser_addr.c +ser_auth.so ser_auth.po $(OUTPRE)ser_auth.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h int-proto.h ser_auth.c +ser_cksum.so ser_cksum.po $(OUTPRE)ser_cksum.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h int-proto.h ser_cksum.c +ser_ctx.so ser_ctx.po $(OUTPRE)ser_ctx.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ser_ctx.c +ser_key.so ser_key.po $(OUTPRE)ser_key.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + int-proto.h ser_key.c +ser_princ.so ser_princ.po $(OUTPRE)ser_princ.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h int-proto.h ser_princ.c +serialize.so serialize.po $(OUTPRE)serialize.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h serialize.c +set_realm.so set_realm.po $(OUTPRE)set_realm.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h set_realm.c +srv_dec_tkt.so srv_dec_tkt.po $(OUTPRE)srv_dec_tkt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h srv_dec_tkt.c +srv_rcache.so srv_rcache.po $(OUTPRE)srv_rcache.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h srv_rcache.c +str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h str_conv.c +tgtname.so tgtname.po $(OUTPRE)tgtname.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + int-proto.h tgtname.c +unparse.so unparse.po $(OUTPRE)unparse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + unparse.c +valid_times.so valid_times.po $(OUTPRE)valid_times.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h valid_times.c +vfy_increds.so vfy_increds.po $(OUTPRE)vfy_increds.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h int-proto.h vfy_increds.c +vic_opt.so vic_opt.po $(OUTPRE)vic_opt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + vic_opt.c +walk_rtree.so walk_rtree.po $(OUTPRE)walk_rtree.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h int-proto.h walk_rtree.c +t_walk_rtree.so t_walk_rtree.po $(OUTPRE)t_walk_rtree.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h t_walk_rtree.c +t_kerb.so t_kerb.po $(OUTPRE)t_kerb.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + t_kerb.c +t_ser.so t_ser.po $(OUTPRE)t_ser.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + auth_con.h t_ser.c +t_deltat.so t_deltat.po $(OUTPRE)t_deltat.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h t_deltat.c +t_expand.so t_expand.po $(OUTPRE)t_expand.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h chk_trans.c t_expand.c diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 90a49d6a6e..09048f4aaa 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -92,6 +92,7 @@ struct tr_state { krb5_creds *cur_cc_tgt; krb5_creds *nxt_cc_tgt; unsigned int ntgts; + krb5_creds *offpath_tgt; }; /* @@ -139,10 +140,6 @@ static void tr_dbg_rtree(struct tr_state *, const char *, krb5_principal); #define HARD_CC_ERR(r) ((r) && (r) != KRB5_CC_NOTFOUND && \ (r) != KRB5_CC_NOT_KTYPE) -#define IS_TGS_PRINC(c, p) \ - (krb5_princ_size((c), (p)) == 2 && \ - data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) - /* * Flags for ccache lookups of cross-realm TGTs. * @@ -168,9 +165,11 @@ static krb5_error_code init_rtree(struct tr_state *, static krb5_error_code do_traversal(krb5_context ctx, krb5_ccache, krb5_principal client, krb5_principal server, krb5_creds *out_cc_tgt, krb5_creds **out_tgt, - krb5_creds ***out_kdc_tgts); -static krb5_error_code krb5_get_cred_from_kdc_opt(krb5_context, krb5_ccache, - krb5_creds *, krb5_creds **, krb5_creds ***, int); + krb5_creds ***out_kdc_tgts, int *tgtptr_isoffpath); +static krb5_error_code chase_offpath(struct tr_state *, krb5_principal, + krb5_principal); +static krb5_error_code offpath_loopchk(struct tr_state *ts, + krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount); /* * init_cc_tgts() @@ -434,6 +433,7 @@ find_nxt_kdc(struct tr_state *ts) krb5_principal *kdcptr; TR_DBG(ts, "find_nxt_kdc"); + assert(ts->ntgts > 0); assert(ts->nxt_tgt == ts->kdc_tgts[ts->ntgts-1]); if (krb5_princ_size(ts->ctx, ts->nxt_tgt->server) != 2) return KRB5_KDCREP_MODIFIED; @@ -448,21 +448,39 @@ find_nxt_kdc(struct tr_state *ts) break; } } - if (*kdcptr == NULL) { + if (*kdcptr != NULL) { + ts->nxt_kdc = kdcptr; + TR_DBG_RET(ts, "find_nxt_kdc", 0); + return 0; + } + + r2 = krb5_princ_component(ts->ctx, ts->kdc_list[0], 1); + if (r1 != NULL && r2 != NULL && + r1->length == r2->length && + !memcmp(r1->data, r2->data, r1->length)) { + TR_DBG_RET(ts, "find_nxt_kdc: looped back to local", + KRB5_KDCREP_MODIFIED); + return KRB5_KDCREP_MODIFIED; + } + + /* + * Realm is not in our list; we probably got an unexpected realm + * referral. + */ + ts->offpath_tgt = ts->nxt_tgt; + if (ts->cur_kdc == ts->kdc_list) { /* - * Not found; we probably got an unexpected realm referral. - * Don't touch NXT_KDC, thus allowing next_closest_tgt() to - * continue looping backwards. + * Local KDC referred us off path; trust it for caching + * purposes. */ - if (ts->ntgts > 0) { - /* Punt NXT_TGT from KDC_TGTS if bogus. */ - krb5_free_creds(ts->ctx, ts->kdc_tgts[--ts->ntgts]); - ts->kdc_tgts[ts->ntgts] = NULL; - } - TR_DBG_RET(ts, "find_nxt_kdc", KRB5_KDCREP_MODIFIED); - return KRB5_KDCREP_MODIFIED; + return 0; } - ts->nxt_kdc = kdcptr; + /* + * Unlink the off-path TGT from KDC_TGTS but don't free it, + * because we should return it. + */ + ts->kdc_tgts[--ts->ntgts] = NULL; + ts->nxt_tgt = ts->cur_tgt; TR_DBG_RET(ts, "find_nxt_kdc", 0); return 0; } @@ -577,10 +595,8 @@ next_closest_tgt(struct tr_state *ts, krb5_principal client) break; } /* - * Because try_kdc() validates referral TGTs, it can return an - * error indicating a bogus referral. The loop continues when - * it gets a bogus referral, which is arguably the right - * thing. (Previous implementation unconditionally failed.) + * In case of errors in try_kdc() or find_nxt_kdc(), continue + * looping through the KDC list. */ } /* @@ -689,7 +705,8 @@ do_traversal(krb5_context ctx, krb5_principal server, krb5_creds *out_cc_tgt, krb5_creds **out_tgt, - krb5_creds ***out_kdc_tgts) + krb5_creds ***out_kdc_tgts, + int *tgtptr_isoffpath) { krb5_error_code retval; struct tr_state state, *ts; @@ -717,13 +734,23 @@ do_traversal(krb5_context ctx, retval = next_closest_tgt(ts, client); if (retval) goto cleanup; + + if (ts->offpath_tgt != NULL) { + retval = chase_offpath(ts, client, server); + if (retval) + goto cleanup; + break; + } assert(ts->cur_kdc != ts->nxt_kdc); } if (NXT_TGT_IS_CACHED(ts)) { + assert(ts->offpath_tgt = NULL); *out_cc_tgt = *ts->cur_cc_tgt; *out_tgt = out_cc_tgt; MARK_CUR_CC_TGT_CLEAN(ts); + } else if (ts->offpath_tgt != NULL){ + *out_tgt = ts->offpath_tgt; } else { /* CUR_TGT is somewhere in KDC_TGTS; no need to copy. */ *out_tgt = ts->nxt_tgt; @@ -739,9 +766,125 @@ cleanup: free(ts->kdc_tgts); } else *out_kdc_tgts = ts->kdc_tgts; + *tgtptr_isoffpath = (ts->offpath_tgt != NULL); return retval; } +/* + * chase_offpath() + * + * Chase off-path TGT referrals. + * + * If we are traversing a trusted path (either hierarchically derived + * or explicit capath) and get a TGT pointing to a realm off this + * path, query the realm referenced by that off-path TGT. Repeat + * until we get to the destination realm or encounter an error. + * + * CUR_TGT is always either pointing into REFTGTS or is an alias for + * TS->OFFPATH_TGT. + */ +static krb5_error_code +chase_offpath(struct tr_state *ts, + krb5_principal client, krb5_principal server) +{ + krb5_error_code retval; + krb5_creds mcred; + krb5_creds *cur_tgt, *nxt_tgt, *reftgts[KRB5_REFERRAL_MAXHOPS]; + krb5_data *rsrc, *rdst, *r1; + unsigned int rcount, i; + + rdst = krb5_princ_realm(ts->ctx, server); + cur_tgt = ts->offpath_tgt; + + for (rcount = 0; rcount < KRB5_REFERRAL_MAXHOPS; rcount++) { + nxt_tgt = NULL; + memset(&mcred, 0, sizeof(mcred)); + rsrc = krb5_princ_component(ts->ctx, cur_tgt->server, 1); + retval = krb5_tgtname(ts->ctx, rdst, rsrc, &mcred.server); + if (retval) + goto cleanup; + mcred.client = client; + retval = krb5_get_cred_via_tkt(ts->ctx, cur_tgt, + FLAGS2OPTS(cur_tgt->ticket_flags), + cur_tgt->addresses, &mcred, &nxt_tgt); + mcred.client = NULL; + krb5_free_principal(ts->ctx, mcred.server); + mcred.server = NULL; + if (retval) + goto cleanup; + if (!IS_TGS_PRINC(ts->ctx, nxt_tgt->server)) { + retval = KRB5_KDCREP_MODIFIED; + goto cleanup; + } + r1 = krb5_princ_component(ts->ctx, nxt_tgt->server, 1); + if (rdst->length == r1->length && + !memcmp(rdst->data, r1->data, rdst->length)) { + retval = 0; + goto cleanup; + } + retval = offpath_loopchk(ts, nxt_tgt, reftgts, rcount); + if (retval) + goto cleanup; + reftgts[rcount] = nxt_tgt; + cur_tgt = nxt_tgt; + nxt_tgt = NULL; + } + /* Max hop count exceeded. */ + retval = KRB5_KDCREP_MODIFIED; + +cleanup: + if (mcred.server != NULL) { + krb5_free_principal(ts->ctx, mcred.server); + } + /* + * Don't free TS->OFFPATH_TGT if it's in the list of cacheable + * TGTs to be returned by do_traversal(). + */ + if (ts->offpath_tgt != ts->nxt_tgt) { + krb5_free_creds(ts->ctx, ts->offpath_tgt); + } + ts->offpath_tgt = NULL; + if (nxt_tgt != NULL) { + if (retval) + krb5_free_creds(ts->ctx, nxt_tgt); + else + ts->offpath_tgt = nxt_tgt; + } + for (i = 0; i < rcount; i++) { + krb5_free_creds(ts->ctx, reftgts[i]); + } + return retval; +} + +/* + * offpath_loopchk() + * + * Check for loop back to previously-visited realms, both off-path and + * on-path. + */ +static krb5_error_code +offpath_loopchk(struct tr_state *ts, + krb5_creds *tgt, krb5_creds *reftgts[], unsigned int rcount) +{ + krb5_data *r1, *r2; + unsigned int i; + + r1 = krb5_princ_component(ts->ctx, tgt->server, 1); + for (i = 0; i < rcount; i++) { + r2 = krb5_princ_component(ts->ctx, reftgts[i]->server, 1); + if (r1->length == r2->length && + !memcmp(r1->data, r2->data, r1->length)) + return KRB5_KDCREP_MODIFIED; + } + for (i = 0; i < ts->ntgts; i++) { + r2 = krb5_princ_component(ts->ctx, ts->kdc_tgts[i]->server, 1); + if (r1->length == r2->length && + !memcmp(r1->data, r2->data, r1->length)) + return KRB5_KDCREP_MODIFIED; + } + return 0; +} + /* * krb5_get_cred_from_kdc_opt() * krb5_get_cred_from_kdc() @@ -778,7 +921,7 @@ cleanup: * Returns errors, system errors. */ -static krb5_error_code +krb5_error_code krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds *in_cred, krb5_creds **out_cred, krb5_creds ***tgts, int kdcopt) @@ -786,6 +929,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_error_code retval, subretval; krb5_principal client, server, supplied_server, out_supplied_server; krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS]; + krb5_creds *otgtptr = NULL; + int tgtptr_isoffpath = 0; krb5_boolean old_use_conf_ktypes; char **hrealms; unsigned int referral_count, i; @@ -847,8 +992,10 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, } else if (!HARD_CC_ERR(retval)) { DPRINTF(("gc_from_kdc: starting do_traversal to find " "initial TGT for referral\n")); + tgtptr_isoffpath = 0; + otgtptr = NULL; retval = do_traversal(context, ccache, client, server, - &cc_tgt, &tgtptr, tgts); + &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath); } if (retval) { DPRINTF(("gc_from_kdc: failed to find initial TGT for referral\n")); @@ -863,6 +1010,11 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, * path, otherwise fall back to old-style assumptions. */ + /* + * Save TGTPTR because we rewrite it in the referral loop, and + * we might need to explicitly free it later. + */ + otgtptr = tgtptr; for (referral_count = 0; referral_count < KRB5_REFERRAL_MAXHOPS; referral_count++) { @@ -987,6 +1139,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, tgtptr=*out_cred; /* Save pointer to tgt in referral_tgts. */ referral_tgts[referral_count]=*out_cred; + *out_cred = NULL; /* Copy krbtgt realm to server principal. */ krb5_free_data_contents(context, &server->realm); retval = krb5int_copy_data_contents(context, @@ -1061,6 +1214,11 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, /* Free tgtptr data if reused from above. */ if (tgtptr == &cc_tgt) krb5_free_cred_contents(context, tgtptr); + tgtptr = NULL; + /* Free saved TGT in OTGTPTR if it was off-path. */ + if (tgtptr_isoffpath) + krb5_free_creds(context, otgtptr); + otgtptr = NULL; /* Free TGTS if previously filled by do_traversal() */ if (*tgts != NULL) { for (i = 0; (*tgts)[i] != NULL; i++) { @@ -1075,11 +1233,13 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, if (!retval) { tgtptr = &cc_tgt; } else if (!HARD_CC_ERR(retval)) { + tgtptr_isoffpath = 0; retval = do_traversal(context, ccache, client, server, - &cc_tgt, &tgtptr, tgts); + &cc_tgt, &tgtptr, tgts, &tgtptr_isoffpath); } if (retval) goto cleanup; + otgtptr = tgtptr; /* * Finally have TGT for target realm! Try using it to get creds. @@ -1102,6 +1262,8 @@ cleanup: krb5_free_cred_contents(context, &tgtq); if (tgtptr == &cc_tgt) krb5_free_cred_contents(context, tgtptr); + if (tgtptr_isoffpath) + krb5_free_creds(context, otgtptr); context->use_conf_ktypes = old_use_conf_ktypes; /* Drop the original principal back into in_cred so that it's cached in the expected format. */ diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c index 22ac7f9db0..c73c6d5296 100644 --- a/src/lib/krb5/krb/gc_via_tkt.c +++ b/src/lib/krb5/krb/gc_via_tkt.c @@ -31,12 +31,6 @@ #include "k5-int.h" #include "int-proto.h" -#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) - -#define IS_TGS_PRINC(c, p) \ - (krb5_princ_size((c), (p)) == 2 && \ - data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) - static krb5_error_code krb5_kdcrep2creds(krb5_context context, krb5_kdc_rep *pkdcrep, krb5_address *const *address, krb5_data *psectkt, krb5_creds **ppcreds) { diff --git a/src/lib/krb5/krb/gen_subkey.c b/src/lib/krb5/krb/gen_subkey.c index ad8d4bba39..4d4e7be681 100644 --- a/src/lib/krb5/krb/gen_subkey.c +++ b/src/lib/krb5/krb/gen_subkey.c @@ -40,7 +40,10 @@ key2data (krb5_keyblock k) } krb5_error_code -krb5_generate_subkey(krb5_context context, const krb5_keyblock *key, krb5_keyblock **subkey) +krb5_generate_subkey_extended(krb5_context context, + const krb5_keyblock *key, + krb5_enctype enctype, + krb5_keyblock **subkey) { krb5_error_code retval; krb5_data seed; @@ -52,10 +55,16 @@ krb5_generate_subkey(krb5_context context, const krb5_keyblock *key, krb5_keyblo if ((*subkey = (krb5_keyblock *) malloc(sizeof(krb5_keyblock))) == NULL) return(ENOMEM); - if ((retval = krb5_c_make_random_key(context, key->enctype, *subkey))) { + if ((retval = krb5_c_make_random_key(context, enctype, *subkey))) { krb5_xfree(*subkey); return(retval); } return(0); } + +krb5_error_code +krb5_generate_subkey(krb5_context context, const krb5_keyblock *key, krb5_keyblock **subkey) +{ + return krb5_generate_subkey_extended(context, key, key->enctype, subkey); +} diff --git a/src/lib/krb5/krb/get_creds.c b/src/lib/krb5/krb/get_creds.c index 38c3383170..6824a74b22 100644 --- a/src/lib/krb5/krb/get_creds.c +++ b/src/lib/krb5/krb/get_creds.c @@ -44,6 +44,7 @@ */ #include "k5-int.h" +#include "int-proto.h" static krb5_error_code krb5_get_credentials_core(krb5_context context, krb5_flags options, @@ -110,6 +111,7 @@ krb5_get_credentials(krb5_context context, krb5_flags options, krb5_creds **tgts; krb5_flags fields; int not_ktype; + int kdcopt = 0; retval = krb5_get_credentials_core(context, options, in_creds, @@ -141,7 +143,11 @@ krb5_get_credentials(krb5_context context, krb5_flags options, else not_ktype = 0; - retval = krb5_get_cred_from_kdc(context, ccache, ncreds, out_creds, &tgts); + if (options & KRB5_GC_CANONICALIZE) + kdcopt |= KDC_OPT_CANONICALIZE; + + retval = krb5_get_cred_from_kdc_opt(context, ccache, ncreds, + out_creds, &tgts, kdcopt); if (tgts) { register int i = 0; krb5_error_code rv2; diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 36b731155c..f30ae21227 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -293,15 +293,31 @@ verify_as_reply(krb5_context context, krb5_kdc_rep *as_reply) { krb5_error_code retval; - + int canon_req; + int canon_ok; + /* check the contents for sanity: */ if (!as_reply->enc_part2->times.starttime) as_reply->enc_part2->times.starttime = as_reply->enc_part2->times.authtime; - - if (!krb5_principal_compare(context, as_reply->client, request->client) - || !krb5_principal_compare(context, as_reply->enc_part2->server, request->server) - || !krb5_principal_compare(context, as_reply->ticket->server, request->server) + + /* + * We only allow the AS-REP server name to be changed if the + * caller set the canonicalize flag (or requested an enterprise + * principal) and we requested (and received) a TGT. + */ + canon_req = ((request->kdc_options & KDC_OPT_CANONICALIZE) != 0) || + (krb5_princ_type(context, request->client) == KRB5_NT_ENTERPRISE_PRINCIPAL); + if (canon_req) { + canon_ok = IS_TGS_PRINC(context, request->server) && + IS_TGS_PRINC(context, as_reply->enc_part2->server); + } else + canon_ok = 0; + + if ((!canon_ok && + (!krb5_principal_compare(context, as_reply->client, request->client) || + !krb5_principal_compare(context, as_reply->enc_part2->server, request->server))) + || !krb5_principal_compare(context, as_reply->enc_part2->server, as_reply->ticket->server) || (request->nonce != as_reply->enc_part2->nonce) /* XXX check for extraneous flags */ /* XXX || (!krb5_addresses_compare(context, addrs, as_reply->enc_part2->caddrs)) */ @@ -507,7 +523,10 @@ krb5_get_in_tkt(krb5_context context, krb5_pa_data ** preauth_to_use = 0; int loopcount = 0; krb5_int32 do_more = 0; + int canon_flag; int use_master = 0; + int referral_count = 0; + krb5_principal_data referred_client; #if APPLE_PKINIT inTktDebug("krb5_get_in_tkt top\n"); @@ -518,7 +537,15 @@ krb5_get_in_tkt(krb5_context context, if (ret_as_reply) *ret_as_reply = 0; - + + referred_client = *(creds->client); + referred_client.realm.data = NULL; + referred_client.realm.length = 0; + + /* per referrals draft, enterprise principals imply canonicalization */ + canon_flag = ((options & KDC_OPT_CANONICALIZE) != 0) || + creds->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL; + /* * Set up the basic request structure */ @@ -641,6 +668,27 @@ krb5_get_in_tkt(krb5_context context, if (retval) goto cleanup; continue; + } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { + if (++referral_count > KRB5_REFERRAL_MAXHOPS || + err_reply->client == NULL || + err_reply->client->realm.length == 0) { + retval = KRB5KDC_ERR_WRONG_REALM; + krb5_free_error(context, err_reply); + goto cleanup; + } + /* Rewrite request.client with realm from error reply */ + if (referred_client.realm.data) { + krb5_free_data_contents(context, &referred_client.realm); + referred_client.realm.data = NULL; + } + retval = krb5int_copy_data_contents(context, + &err_reply->client->realm, + &referred_client.realm); + krb5_free_error(context, err_reply); + if (retval) + goto cleanup; + request.client = &referred_client; + continue; } else { retval = (krb5_error_code) err_reply->error + ERROR_TABLE_BASE_krb5; @@ -692,6 +740,8 @@ cleanup: else krb5_free_kdc_rep(context, as_reply); } + if (referred_client.realm.data) + krb5_free_data_contents(context, &referred_client.realm); return (retval); } @@ -788,11 +838,9 @@ goodbye: if (!nameval[0]) { retval = ENOENT; } else { - *ret_value = malloc(strlen(nameval[0]) + 1); + *ret_value = strdup(nameval[0]); if (!*ret_value) retval = ENOMEM; - else - strcpy(*ret_value, nameval[0]); } profile_free_list(nameval); @@ -925,6 +973,8 @@ krb5_get_init_creds(krb5_context context, krb5_timestamp time_now; krb5_enctype etype = 0; krb5_preauth_client_rock get_data_rock; + int canon_flag = 0; + krb5_principal_data referred_client; /* initialize everything which will be freed at cleanup */ @@ -949,6 +999,11 @@ krb5_get_init_creds(krb5_context context, err_reply = NULL; + /* referred_client is used to rewrite the client realm for referrals */ + referred_client = *client; + referred_client.realm.data = NULL; + referred_client.realm.length = 0; + /* * Set up the basic request structure */ @@ -986,6 +1041,17 @@ krb5_get_init_creds(krb5_context context, if (tempint) request.kdc_options |= KDC_OPT_PROXIABLE; + /* canonicalize */ + if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE)) + tempint = 1; + else if ((ret = krb5_libdefault_boolean(context, &client->realm, + "canonicalize", &tempint)) == 0) + ; + else + tempint = 0; + if (tempint) + request.kdc_options |= KDC_OPT_CANONICALIZE; + /* allow_postdate */ if (start_time > 0) @@ -1047,6 +1113,10 @@ krb5_get_init_creds(krb5_context context, request.client = client; + /* per referrals draft, enterprise principals imply canonicalization */ + canon_flag = ((request.kdc_options & KDC_OPT_CANONICALIZE) != 0) || + client->type == KRB5_NT_ENTERPRISE_PRINCIPAL; + /* service */ if (in_tkt_service) { @@ -1153,7 +1223,7 @@ krb5_get_init_creds(krb5_context context, krb5_data random_data; random_data.length = 4; - random_data.data = random_buf; + random_data.data = (char *)random_buf; if (krb5_c_random_make_octets(context, &random_data) == 0) /* See RT ticket 3196 at MIT. If we set the high bit, we may have compatibility problems with Heimdal, because @@ -1255,6 +1325,25 @@ krb5_get_init_creds(krb5_context context, if (ret) goto cleanup; /* continue to next iteration */ + } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) { + if (err_reply->client == NULL || + err_reply->client->realm.length == 0) { + ret = KRB5KDC_ERR_WRONG_REALM; + krb5_free_error(context, err_reply); + goto cleanup; + } + /* Rewrite request.client with realm from error reply */ + if (referred_client.realm.data) { + krb5_free_data_contents(context, &referred_client.realm); + referred_client.realm.data = NULL; + } + ret = krb5int_copy_data_contents(context, + &err_reply->client->realm, + &referred_client.realm); + krb5_free_error(context, err_reply); + if (ret) + goto cleanup; + request.client = &referred_client; } else { if (err_reply->e_data.length > 0) { /* continue to next iteration */ @@ -1405,6 +1494,8 @@ cleanup: *as_reply = local_as_reply; else if (local_as_reply) krb5_free_kdc_rep(context, local_as_reply); + if (referred_client.realm.data) + krb5_free_data_contents(context, &referred_client.realm); return(ret); } diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c index 1ba1877bf9..348637ca3c 100644 --- a/src/lib/krb5/krb/gic_opt.c +++ b/src/lib/krb5/krb/gic_opt.c @@ -42,6 +42,15 @@ krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, int proxiabl opt->proxiable = proxiable; } +void KRB5_CALLCONV +krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opt, int canonicalize) +{ + if (canonicalize) + opt->flags |= KRB5_GET_INIT_CREDS_OPT_CANONICALIZE; + else + opt->flags &= ~(KRB5_GET_INIT_CREDS_OPT_CANONICALIZE); +} + void KRB5_CALLCONV krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length) { diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index bd5cbd195c..716d3cc434 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -45,10 +45,7 @@ krb5_get_as_key_password( if ((ret = krb5_unparse_name(context, client, &clientstr))) return(ret); - strcpy(promptstr, "Password for "); - strncat(promptstr, clientstr, sizeof(promptstr)-strlen(promptstr)-1); - promptstr[sizeof(promptstr)-1] = '\0'; - + snprintf(promptstr, sizeof(promptstr), "Password for %s", clientstr); free(clientstr); prompt.prompt = promptstr; @@ -115,11 +112,11 @@ krb5_get_init_creds_password(krb5_context context, pw0.data = pw0array; if (password && password[0]) { - if ((pw0.length = strlen(password)) > sizeof(pw0array)) { - ret = EINVAL; - goto cleanup; + if (strlcpy(pw0.data, password, sizeof(pw0array)) >= sizeof(pw0array)) { + ret = EINVAL; + goto cleanup; } - strcpy(pw0.data, password); + pw0.length = strlen(password); } else { pw0.data[0] = '\0'; pw0.length = sizeof(pw0array); @@ -241,7 +238,8 @@ krb5_get_init_creds_password(krb5_context context, prompt[1].reply = &pw1; prompt_types[1] = KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN; - strcpy(banner, "Password expired. You must change it now."); + strlcpy(banner, "Password expired. You must change it now.", + sizeof(banner)); for (tries = 3; tries; tries--) { pw0.length = sizeof(pw0array); diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 467aec951d..f916660f9d 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -488,6 +488,38 @@ krb5_is_permitted_enctype(krb5_context context, krb5_enctype etype) return(ret); } +/* The same as krb5_is_permitted_enctype, but verifies multiple etype's + * Returns 0 is either the list of the permitted enc types is not available + * or all requested etypes are not permitted. Otherwise returns 1. + */ + +krb5_boolean +krb5_is_permitted_enctype_ext ( krb5_context context, + krb5_etypes_permitted *etypes) +{ + krb5_enctype *list, *ptr; + krb5_boolean ret = 0; + int i = 0; + + if (krb5_get_permitted_enctypes(context, &list)) + return(0); + + for ( i=0; i< etypes->etype_count; i++ ) + { + for (ptr = list; *ptr; ptr++) + { + if (*ptr == etypes->etype[i]) + { + etypes->etype_ok[i] = TRUE; + ret = 1; + } + } + } + krb5_free_ktypes (context, list); + + return(ret); +} + static krb5_error_code copy_ktypes(krb5_context ctx, unsigned int nktypes, diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h index 5c576c3fd6..b81fe2566b 100644 --- a/src/lib/krb5/krb/int-proto.h +++ b/src/lib/krb5/krb/int-proto.h @@ -54,5 +54,16 @@ krb5_preauth_supply_preauth_data(krb5_context context, const char *attr, const char *value); +krb5_error_code +krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, + krb5_creds *in_cred, krb5_creds **out_cred, + krb5_creds ***tgts, int kdcopt); + +#define in_clock_skew(date, now) (labs((date)-(now)) < context->clockskew) + +#define IS_TGS_PRINC(c, p) \ + (krb5_princ_size((c), (p)) == 2 && \ + data_eq_string(*krb5_princ_component((c), (p), 0), KRB5_TGS_NAME)) + #endif /* KRB5_INT_FUNC_PROTO__ */ diff --git a/src/lib/krb5/krb/kfree.c b/src/lib/krb5/krb/kfree.c index 5e88b49074..945141231a 100644 --- a/src/lib/krb5/krb/kfree.c +++ b/src/lib/krb5/krb/kfree.c @@ -25,6 +25,33 @@ * * krb5_free_address() */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include @@ -715,6 +742,75 @@ krb5_free_pa_enc_ts(krb5_context ctx, krb5_pa_enc_ts *pa_enc_ts) krb5_xfree(pa_enc_ts); } +void KRB5_CALLCONV +krb5_free_pa_for_user(krb5_context context, krb5_pa_for_user *req) +{ + if (req == NULL) + return; + if (req->user != NULL) { + krb5_free_principal(context, req->user); + req->user = NULL; + } + krb5_free_checksum_contents(context, &req->cksum); + krb5_free_data_contents(context, &req->auth_package); + krb5_xfree(req); +} + +void KRB5_CALLCONV +krb5_free_pa_server_referral_data(krb5_context context, + krb5_pa_server_referral_data *ref) +{ + if (ref == NULL) + return; + if (ref->referred_realm) { + krb5_free_data(context, ref->referred_realm); + ref->referred_realm = NULL; + } + if (ref->true_principal_name != NULL) { + krb5_free_principal(context, ref->true_principal_name); + ref->true_principal_name = NULL; + } + if (ref->requested_principal_name != NULL) { + krb5_free_principal(context, ref->requested_principal_name); + ref->requested_principal_name = NULL; + } + krb5_free_checksum_contents(context, &ref->rep_cksum); + krb5_xfree(ref); +} + +void KRB5_CALLCONV +krb5_free_pa_svr_referral_data(krb5_context context, + krb5_pa_svr_referral_data *ref) +{ + if (ref == NULL) + return; + if (ref->principal != NULL) { + krb5_free_principal(context, ref->principal); + ref->principal = NULL; + } + krb5_xfree(ref); +} + +void KRB5_CALLCONV +krb5_free_pa_pac_req(krb5_context context, + krb5_pa_pac_req *req) +{ + if (req == NULL) + return; + krb5_xfree(req); +} + +void KRB5_CALLCONV +krb5_free_etype_list(krb5_context context, + krb5_etype_list *etypes) +{ + if (etypes != NULL) { + if (etypes->etypes != NULL) + krb5_xfree(etypes->etypes); + krb5_xfree(etypes); + } +} + void KRB5_CALLCONV krb5_free_key_data_contents(krb5_context context, krb5_key_data *key) diff --git a/src/lib/krb5/krb/mk_cred.c b/src/lib/krb5/krb/mk_cred.c index e9ed3850bd..8611e14097 100644 --- a/src/lib/krb5/krb/mk_cred.c +++ b/src/lib/krb5/krb/mk_cred.c @@ -174,13 +174,15 @@ krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, /* * Allocate memory for a NULL terminated list of tickets. */ - for (ncred = 0; ppcreds[ncred]; ncred++); + for (ncred = 0; ppcreds[ncred]; ncred++) + ; if ((pcred = (krb5_cred *)calloc(1, sizeof(krb5_cred))) == NULL) return ENOMEM; if ((pcred->tickets - = (krb5_ticket **)calloc(ncred+1, sizeof(krb5_ticket *))) == NULL) { + = (krb5_ticket **)calloc((size_t)ncred+1, + sizeof(krb5_ticket *))) == NULL) { free(pcred); return ENOMEM; } diff --git a/src/lib/krb5/krb/mk_rep.c b/src/lib/krb5/krb/mk_rep.c index b512f09752..ee4f34ed2f 100644 --- a/src/lib/krb5/krb/mk_rep.c +++ b/src/lib/krb5/krb/mk_rep.c @@ -26,6 +26,33 @@ * * krb5_mk_rep() */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include "auth_con.h" @@ -39,9 +66,9 @@ returns system errors */ -krb5_error_code KRB5_CALLCONV -krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, - krb5_data *outbuf) +static krb5_error_code +k5_mk_rep(krb5_context context, krb5_auth_context auth_context, + krb5_data *outbuf, int dce_style) { krb5_error_code retval; krb5_ap_rep_enc_part repl; @@ -58,17 +85,31 @@ krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, return(retval); } - repl.ctime = auth_context->authentp->ctime; - repl.cusec = auth_context->authentp->cusec; - if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) { + if (dce_style) { + krb5_us_timeofday(context, &repl.ctime, &repl.cusec); + } else { + repl.ctime = auth_context->authentp->ctime; + repl.cusec = auth_context->authentp->cusec; + } + + if (dce_style) + repl.subkey = NULL; + else if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_USE_SUBKEY) { + assert(auth_context->negotiated_etype != ENCTYPE_NULL); + retval = krb5int_generate_and_save_subkey (context, auth_context, - auth_context->keyblock); + auth_context->keyblock, + auth_context->negotiated_etype); if (retval) return retval; repl.subkey = auth_context->send_subkey; } else repl.subkey = auth_context->authentp->subkey; - repl.seq_number = auth_context->local_seq_number; + + if (dce_style) + repl.seq_number = auth_context->remote_seq_number; + else + repl.seq_number = auth_context->local_seq_number; /* encode it before encrypting */ if ((retval = encode_krb5_ap_rep_enc_part(&repl, &scratch))) @@ -95,3 +136,15 @@ cleanup_scratch: return retval; } + +krb5_error_code KRB5_CALLCONV +krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) +{ + return k5_mk_rep(context, auth_context, outbuf, 0); +} + +krb5_error_code KRB5_CALLCONV +krb5_mk_rep_dce(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf) +{ + return k5_mk_rep(context, auth_context, outbuf, 1); +} diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 6d40e5de7a..4a9d03551f 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -64,16 +64,25 @@ returns system errors */ +static krb5_error_code +make_etype_list(krb5_context context, + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype, + krb5_authdata ***authdata); + static krb5_error_code krb5_generate_authenticator (krb5_context, krb5_authenticator *, krb5_principal, krb5_checksum *, krb5_keyblock *, - krb5_ui_4, krb5_authdata ** ); + krb5_ui_4, krb5_authdata **, + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype); krb5_error_code krb5int_generate_and_save_subkey (krb5_context context, krb5_auth_context auth_context, - krb5_keyblock *keyblock) + krb5_keyblock *keyblock, + krb5_enctype enctype) { /* Provide some more fodder for random number code. This isn't strong cryptographically; the point here is not @@ -92,7 +101,8 @@ krb5int_generate_and_save_subkey (krb5_context context, if (auth_context->send_subkey) krb5_free_keyblock(context, auth_context->send_subkey); - if ((retval = krb5_generate_subkey(context, keyblock, &auth_context->send_subkey))) + if ((retval = krb5_generate_subkey_extended(context, keyblock, enctype, + &auth_context->send_subkey))) return retval; if (auth_context->recv_subkey) @@ -116,18 +126,23 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, krb5_checksum checksum; krb5_checksum *checksump = 0; krb5_auth_context new_auth_context; + krb5_enctype *desired_etypes = NULL; krb5_ap_req request; krb5_data *scratch = 0; krb5_data *toutbuf; request.ap_options = ap_req_options & AP_OPTS_WIRE_MASK; - request.authenticator.ciphertext.data = 0; + request.authenticator.ciphertext.data = NULL; request.ticket = 0; if (!in_creds->ticket.length) return(KRB5_NO_TKT_SUPPLIED); + if ((ap_req_options & AP_OPTS_ETYPE_NEGOTIATION) && + !(ap_req_options & AP_OPTS_MUTUAL_REQUIRED)) + return(EINVAL); + /* we need a native ticket */ if ((retval = decode_krb5_ticket(&(in_creds)->ticket, &request.ticket))) return(retval); @@ -174,7 +189,8 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) { retval = krb5int_generate_and_save_subkey (context, *auth_context, - &in_creds->keyblock); + &in_creds->keyblock, + in_creds->keyblock.enctype); if (retval) goto cleanup; } @@ -205,12 +221,23 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, goto cleanup_cksum; } + if (ap_req_options & AP_OPTS_ETYPE_NEGOTIATION) { + if ((*auth_context)->permitted_etypes == NULL) { + retval = krb5_get_tgs_ktypes(context, in_creds->server, &desired_etypes); + if (retval) + goto cleanup_cksum; + } else + desired_etypes = (*auth_context)->permitted_etypes; + } + if ((retval = krb5_generate_authenticator(context, (*auth_context)->authentp, - (in_creds)->client, checksump, + in_creds->client, checksump, (*auth_context)->send_subkey, (*auth_context)->local_seq_number, - (in_creds)->authdata))) + in_creds->authdata, + desired_etypes, + in_creds->keyblock.enctype))) goto cleanup_cksum; /* encode the authenticator */ @@ -223,7 +250,6 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, */ (*auth_context)->authentp->client = NULL; (*auth_context)->authentp->checksum = NULL; - (*auth_context)->authentp->authorization_data = NULL; /* call the encryption routine */ if ((retval = krb5_encrypt_helper(context, &in_creds->keyblock, @@ -242,6 +268,9 @@ cleanup_cksum: free(checksump->contents); cleanup: + if (desired_etypes && + desired_etypes != (*auth_context)->permitted_etypes) + krb5_xfree(desired_etypes); if (request.ticket) krb5_free_ticket(context, request.ticket); if (request.authenticator.ciphertext.data) { @@ -261,7 +290,9 @@ static krb5_error_code krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, krb5_principal client, krb5_checksum *cksum, krb5_keyblock *key, krb5_ui_4 seq_number, - krb5_authdata **authorization) + krb5_authdata **authorization, + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype) { krb5_error_code retval; @@ -274,7 +305,116 @@ krb5_generate_authenticator(krb5_context context, krb5_authenticator *authent, } else authent->subkey = 0; authent->seq_number = seq_number; - authent->authorization_data = authorization; + authent->authorization_data = NULL; + + if (authorization != NULL) { + retval = krb5_copy_authdata(context, authorization, + &authent->authorization_data); + if (retval) + return retval; + } + /* Only send EtypeList if we prefer another enctype to tkt_enctype */ + if (desired_etypes != NULL && desired_etypes[0] != tkt_enctype) { + retval = make_etype_list(context, desired_etypes, tkt_enctype, + &authent->authorization_data); + if (retval) + return retval; + } return(krb5_us_timeofday(context, &authent->ctime, &authent->cusec)); } + +/* RFC 4537 */ +static krb5_error_code +make_etype_list(krb5_context context, + krb5_enctype *desired_etypes, + krb5_enctype tkt_enctype, + krb5_authdata ***authdata) +{ + krb5_error_code code; + krb5_etype_list etypes; + krb5_data *enc_etype_list; + krb5_data *ad_if_relevant; + krb5_authdata *etype_adata[2], etype_adatum, **adata; + int i; + + etypes.etypes = desired_etypes; + + for (etypes.length = 0; + etypes.etypes[etypes.length] != ENCTYPE_NULL; + etypes.length++) + ; + + /* + * RFC 4537: + * + * If the enctype of the ticket session key is included in the enctype + * list sent by the client, it SHOULD be the last on the list; + */ + for (i = 0; i < etypes.length; i++) { + if (etypes.etypes[i] == tkt_enctype) { + krb5_enctype etype; + + etype = etypes.etypes[etypes.length - 1]; + etypes.etypes[etypes.length - 1] = tkt_enctype; + etypes.etypes[i] = etype; + break; + } + } + + code = encode_krb5_etype_list(&etypes, &enc_etype_list); + if (code) { + return code; + } + + etype_adatum.magic = KV5M_AUTHDATA; + etype_adatum.ad_type = KRB5_AUTHDATA_ETYPE_NEGOTIATION; + etype_adatum.length = enc_etype_list->length; + etype_adatum.contents = (krb5_octet *)enc_etype_list->data; + + etype_adata[0] = &etype_adatum; + etype_adata[1] = NULL; + + /* Wrap in AD-IF-RELEVANT container */ + code = encode_krb5_authdata(etype_adata, &ad_if_relevant); + if (code) { + krb5_free_data(context, enc_etype_list); + return code; + } + + krb5_free_data(context, enc_etype_list); + + adata = *authdata; + if (adata == NULL) { + adata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *)); + i = 0; + } else { + for (i = 0; adata[i] != NULL; i++) + ; + + adata = (krb5_authdata **)realloc(*authdata, + (i + 2) * sizeof(krb5_authdata *)); + } + if (adata == NULL) { + krb5_free_data(context, ad_if_relevant); + return ENOMEM; + } + + adata[i] = (krb5_authdata *)malloc(sizeof(krb5_authdata)); + if (adata[i] == NULL) { + krb5_free_data(context, ad_if_relevant); + return ENOMEM; + } + adata[i]->magic = KV5M_AUTHDATA; + adata[i]->ad_type = KRB5_AUTHDATA_IF_RELEVANT; + adata[i]->length = ad_if_relevant->length; + adata[i]->contents = (krb5_octet *)ad_if_relevant->data; + krb5_xfree(ad_if_relevant); /* contents owned by adata[i] */ + + adata[i + 1] = NULL; + + *authdata = adata; + + return 0; +} + diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c new file mode 100644 index 0000000000..ca7bdce514 --- /dev/null +++ b/src/lib/krb5/krb/pac.c @@ -0,0 +1,869 @@ +/* + * lib/krb5/krb/pac.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include "k5-int.h" +#include "k5-utf8.h" + +/* draft-brezak-win2k-krb-authz-00 */ + +/* + * A PAC consists of a sequence of PAC_INFO_BUFFERs, preceeded by + * a PACTYPE header. Decoding the contents of the buffers is left + * to the application (notwithstanding signature verification). + */ + +typedef struct _PAC_INFO_BUFFER { + krb5_ui_4 ulType; + krb5_ui_4 cbBufferSize; + krb5_ui_8 Offset; +} PAC_INFO_BUFFER; + +#define PAC_INFO_BUFFER_LENGTH 16 + +/* ulType */ +#define PAC_LOGON_INFO 1 +#define PAC_SERVER_CHECKSUM 6 +#define PAC_PRIVSVR_CHECKSUM 7 +#define PAC_CLIENT_INFO 10 + +typedef struct _PACTYPE { + krb5_ui_4 cBuffers; + krb5_ui_4 Version; + PAC_INFO_BUFFER Buffers[1]; +} PACTYPE; + +#define PAC_ALIGNMENT 8 +#define PACTYPE_LENGTH 8U +#define PAC_SIGNATURE_DATA_LENGTH 4U +#define PAC_CLIENT_INFO_LENGTH 10U + +#define NT_TIME_EPOCH 11644473600LL + +struct krb5_pac_data { + PACTYPE *pac; /* PAC header + info buffer array */ + krb5_data data; /* PAC data (including uninitialised header) */ +}; + +static krb5_error_code +k5_pac_locate_buffer(krb5_context context, + const krb5_pac pac, + krb5_ui_4 type, + krb5_data *data); + +/* + * Add a buffer to the provided PAC and update header. + */ +static krb5_error_code +k5_pac_add_buffer(krb5_context context, + krb5_pac pac, + krb5_ui_4 type, + const krb5_data *data, + krb5_boolean zerofill, + krb5_data *out_data) +{ + PACTYPE *header; + size_t header_len, i, pad = 0; + char *pac_data; + + assert((data->data == NULL) == zerofill); + + /* Check there isn't already a buffer of this type */ + if (k5_pac_locate_buffer(context, pac, type, NULL) == 0) { + return EINVAL; + } + + header = (PACTYPE *)realloc(pac->pac, + sizeof(PACTYPE) + + (pac->pac->cBuffers * sizeof(PAC_INFO_BUFFER))); + if (header == NULL) { + return ENOMEM; + } + pac->pac = header; + + header_len = PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH); + + if (data->length % PAC_ALIGNMENT) + pad = PAC_ALIGNMENT - (data->length % PAC_ALIGNMENT); + + pac_data = realloc(pac->data.data, + pac->data.length + PAC_INFO_BUFFER_LENGTH + data->length + pad); + if (pac_data == NULL) { + return ENOMEM; + } + pac->data.data = pac_data; + + /* Update offsets of existing buffers */ + for (i = 0; i < pac->pac->cBuffers; i++) + pac->pac->Buffers[i].Offset += PAC_INFO_BUFFER_LENGTH; + + /* Make room for new PAC_INFO_BUFFER */ + memmove(pac->data.data + header_len + PAC_INFO_BUFFER_LENGTH, + pac->data.data + header_len, + pac->data.length - header_len); + memset(pac->data.data + header_len, 0, PAC_INFO_BUFFER_LENGTH); + + /* Initialise new PAC_INFO_BUFFER */ + pac->pac->Buffers[i].ulType = type; + pac->pac->Buffers[i].cbBufferSize = data->length; + pac->pac->Buffers[i].Offset = pac->data.length + PAC_INFO_BUFFER_LENGTH; + assert((pac->pac->Buffers[i].Offset % PAC_ALIGNMENT) == 0); + + /* Copy in new PAC data and zero padding bytes */ + if (zerofill) + memset(pac->data.data + pac->pac->Buffers[i].Offset, 0, data->length); + else + memcpy(pac->data.data + pac->pac->Buffers[i].Offset, data->data, data->length); + + memset(pac->data.data + pac->pac->Buffers[i].Offset + data->length, 0, pad); + + pac->pac->cBuffers++; + pac->data.length += PAC_INFO_BUFFER_LENGTH + data->length + pad; + + if (out_data != NULL) { + out_data->data = pac->data.data + pac->pac->Buffers[i].Offset; + out_data->length = data->length; + } + + return 0; +} + +krb5_error_code KRB5_CALLCONV +krb5_pac_add_buffer(krb5_context context, + krb5_pac pac, + krb5_ui_4 type, + const krb5_data *data) +{ + return k5_pac_add_buffer(context, pac, type, data, FALSE, NULL); +} + +/* + * Free a PAC + */ +void KRB5_CALLCONV +krb5_pac_free(krb5_context context, + krb5_pac pac) +{ + if (pac != NULL) { + if (pac->data.data != NULL) { + memset(pac->data.data, 0, pac->data.length); + free(pac->data.data); + } + if (pac->pac != NULL) + free(pac->pac); + memset(pac, 0, sizeof(*pac)); + free(pac); + } +} + +static krb5_error_code +k5_pac_locate_buffer(krb5_context context, + const krb5_pac pac, + krb5_ui_4 type, + krb5_data *data) +{ + PAC_INFO_BUFFER *buffer = NULL; + size_t i; + + if (pac == NULL) + return EINVAL; + + for (i = 0; i < pac->pac->cBuffers; i++) { + if (pac->pac->Buffers[i].ulType == type) { + if (buffer == NULL) + buffer = &pac->pac->Buffers[i]; + else + return EINVAL; + } + } + + if (buffer == NULL) + return ENOENT; + + assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length); + + if (data != NULL) { + data->length = buffer->cbBufferSize; + data->data = pac->data.data + buffer->Offset; + } + + return 0; +} + +/* + * Find a buffer and copy data into output + */ +krb5_error_code KRB5_CALLCONV +krb5_pac_get_buffer(krb5_context context, + krb5_pac pac, + krb5_ui_4 type, + krb5_data *data) +{ + krb5_data d; + krb5_error_code ret; + + ret = k5_pac_locate_buffer(context, pac, type, &d); + if (ret != 0) + return ret; + + data->data = malloc(d.length); + if (data == NULL) + return ENOMEM; + + data->length = d.length; + memcpy(data->data, d.data, d.length); + + return 0; +} + +/* + * Return an array of the types of data in the PAC + */ +krb5_error_code KRB5_CALLCONV +krb5_pac_get_types(krb5_context context, + krb5_pac pac, + size_t *len, + krb5_ui_4 **types) +{ + size_t i; + + *types = (krb5_ui_4 *)malloc(pac->pac->cBuffers * sizeof(krb5_ui_4)); + if (*types == NULL) + return ENOMEM; + + *len = pac->pac->cBuffers; + + for (i = 0; i < pac->pac->cBuffers; i++) + (*types)[i] = pac->pac->Buffers[i].ulType; + + return 0; +} + +/* + * Initialize PAC + */ +krb5_error_code KRB5_CALLCONV +krb5_pac_init(krb5_context context, + krb5_pac *ppac) +{ + krb5_pac pac; + + pac = (krb5_pac)malloc(sizeof(*pac)); + if (pac == NULL) + return ENOMEM; + + pac->pac = (PACTYPE *)malloc(sizeof(PACTYPE)); + if (pac->pac == NULL) { + free( pac); + return ENOMEM; + } + + pac->pac->cBuffers = 0; + pac->pac->Version = 0; + + pac->data.length = PACTYPE_LENGTH; + pac->data.data = calloc(1, pac->data.length); + if (pac->data.data == NULL) { + krb5_pac_free(context, pac); + return ENOMEM; + } + + *ppac = pac; + + return 0; +} + +/* + * Parse the supplied data into the PAC allocated by this function + */ +krb5_error_code KRB5_CALLCONV +krb5_pac_parse(krb5_context context, + const void *ptr, + size_t len, + krb5_pac *ppac) +{ + krb5_error_code ret; + size_t i; + PACTYPE header; + const unsigned char *p = (const unsigned char *)ptr; + krb5_pac pac; + size_t header_len; + + *ppac = NULL; + + if (len < PACTYPE_LENGTH) + return ERANGE; + + header.cBuffers = load_32_le(p); + p += 4; + header.Version = load_32_le(p); + p += 4; + + if (header.Version != 0) + return EINVAL; + + header_len = PACTYPE_LENGTH + (header.cBuffers * PAC_INFO_BUFFER_LENGTH); + if (len < header_len) + return ERANGE; + + ret = krb5_pac_init(context, &pac); + if (ret != 0) + return ret; + + pac->pac = (PACTYPE *)realloc(pac->pac, + sizeof(PACTYPE) + ((header.cBuffers - 1) * sizeof(PAC_INFO_BUFFER))); + if (pac->pac == NULL) { + krb5_pac_free(context, pac); + return ENOMEM; + } + + memcpy(pac->pac, &header, sizeof(header)); + + for (i = 0; i < pac->pac->cBuffers; i++) { + PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i]; + + buffer->ulType = load_32_le(p); + p += 4; + buffer->cbBufferSize = load_32_le(p); + p += 4; + buffer->Offset = load_64_le(p); + p += 8; + + if (buffer->Offset % PAC_ALIGNMENT) { + krb5_pac_free(context, pac); + return EINVAL; + } + if (buffer->Offset < header_len || + buffer->Offset + buffer->cbBufferSize > len) { + krb5_pac_free(context, pac); + return ERANGE; + } + } + + pac->data.data = realloc(pac->data.data, len); + if (pac->data.data == NULL) { + krb5_pac_free(context, pac); + return ENOMEM; + } + memcpy(pac->data.data, ptr, len); + + pac->data.length = len; + + *ppac = pac; + + return 0; +} + +static krb5_error_code +k5_time_to_seconds_since_1970(krb5_ui_8 ntTime, krb5_timestamp *elapsedSeconds) +{ + krb5_ui_8 abstime; + + ntTime /= 10000000; + + abstime = ntTime > 0 ? ntTime - NT_TIME_EPOCH : -ntTime; + + if (abstime > KRB5_INT32_MAX) + return ERANGE; + + *elapsedSeconds = abstime; + + return 0; +} + +static krb5_error_code +k5_seconds_since_1970_to_time(krb5_timestamp elapsedSeconds, krb5_ui_8 *ntTime) +{ + *ntTime = elapsedSeconds; + + if (elapsedSeconds > 0) + *ntTime += NT_TIME_EPOCH; + + *ntTime *= 10000000; + + return 0; +} + +static krb5_error_code +k5_pac_validate_client(krb5_context context, + const krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal) +{ + krb5_error_code ret; + krb5_data client_info; + char *pac_princname; + unsigned char *p; + krb5_timestamp pac_authtime; + krb5_ui_2 pac_princname_length; + krb5_ui_8 pac_nt_authtime; + krb5_principal pac_principal; + + ret = k5_pac_locate_buffer(context, pac, PAC_CLIENT_INFO, &client_info); + if (ret != 0) + return ret; + + if (client_info.length < PAC_CLIENT_INFO_LENGTH) + return ERANGE; + + p = (unsigned char *)client_info.data; + pac_nt_authtime = load_64_le(p); + p += 8; + pac_princname_length = load_16_le(p); + p += 2; + + ret = k5_time_to_seconds_since_1970(pac_nt_authtime, &pac_authtime); + if (ret != 0) + return ret; + + if (client_info.length < PAC_CLIENT_INFO_LENGTH + pac_princname_length || + pac_princname_length % 2) + return ERANGE; + + ret = krb5int_ucs2lecs_to_utf8s(p, (size_t)pac_princname_length / 2, &pac_princname, NULL); + if (ret != 0) + return ret; + + ret = krb5_parse_name_flags(context, pac_princname, 0, &pac_principal); + if (ret != 0) { + free(pac_princname); + return ret; + } + + free(pac_princname); + + if (pac_authtime != authtime || + krb5_principal_compare(context, pac_principal, principal) == FALSE) + ret = KRB5KRB_AP_WRONG_PRINC; + + krb5_free_principal(context, pac_principal); + + return ret; +} + +static krb5_error_code +k5_pac_zero_signature(krb5_context context, + const krb5_pac pac, + krb5_ui_4 type, + krb5_data *data) +{ + PAC_INFO_BUFFER *buffer = NULL; + size_t i; + + assert(type == PAC_SERVER_CHECKSUM || type == PAC_PRIVSVR_CHECKSUM); + assert(data->length >= pac->data.length); + + for (i = 0; i < pac->pac->cBuffers; i++) { + if (pac->pac->Buffers[i].ulType == type) { + buffer = &pac->pac->Buffers[i]; + break; + } + } + + if (buffer == NULL) + return ENOENT; + + if (buffer->Offset + buffer->cbBufferSize > pac->data.length) + return ERANGE; + + if (buffer->cbBufferSize < PAC_SIGNATURE_DATA_LENGTH) + return KRB5_BAD_MSIZE; + + /* Zero out the data portion of the checksum only */ + memset(data->data + buffer->Offset + PAC_SIGNATURE_DATA_LENGTH, + 0, + buffer->cbBufferSize - PAC_SIGNATURE_DATA_LENGTH); + + return 0; +} + +static krb5_error_code +k5_pac_verify_server_checksum(krb5_context context, + const krb5_pac pac, + const krb5_keyblock *server) +{ + krb5_error_code ret; + krb5_data pac_data; /* PAC with zeroed checksums */ + krb5_checksum checksum; + krb5_data checksum_data; + krb5_boolean valid; + krb5_octet *p; + + ret = k5_pac_locate_buffer(context, pac, PAC_SERVER_CHECKSUM, &checksum_data); + if (ret != 0) + return ret; + + if (checksum_data.length < PAC_SIGNATURE_DATA_LENGTH) + return KRB5_BAD_MSIZE; + + p = (krb5_octet *)checksum_data.data; + checksum.checksum_type = load_32_le(p); + checksum.length = checksum_data.length - PAC_SIGNATURE_DATA_LENGTH; + checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH; + + pac_data.length = pac->data.length; + pac_data.data = malloc(pac->data.length); + if (pac_data.data == NULL) + return ENOMEM; + + memcpy(pac_data.data, pac->data.data, pac->data.length); + + /* Zero out both checksum buffers */ + ret = k5_pac_zero_signature(context, pac, PAC_SERVER_CHECKSUM, &pac_data); + if (ret != 0) { + free(pac_data.data); + return ret; + } + + ret = k5_pac_zero_signature(context, pac, PAC_PRIVSVR_CHECKSUM, &pac_data); + if (ret != 0) { + free(pac_data.data); + return ret; + } + + ret = krb5_c_verify_checksum(context, server, KRB5_KEYUSAGE_APP_DATA_CKSUM, + &pac_data, &checksum, &valid); + if (ret != 0) { + free(pac_data.data); + return ret; + } + + if (valid == FALSE) + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + + return ret; +} + +static krb5_error_code +k5_pac_verify_kdc_checksum(krb5_context context, + const krb5_pac pac, + const krb5_keyblock *privsvr) +{ + krb5_error_code ret; + krb5_data server_checksum, privsvr_checksum; + krb5_checksum checksum; + krb5_boolean valid; + krb5_octet *p; + + ret = k5_pac_locate_buffer(context, pac, PAC_PRIVSVR_CHECKSUM, &privsvr_checksum); + if (ret != 0) + return ret; + + if (privsvr_checksum.length < PAC_SIGNATURE_DATA_LENGTH) + return KRB5_BAD_MSIZE; + + ret = k5_pac_locate_buffer(context, pac, PAC_SERVER_CHECKSUM, &server_checksum); + if (ret != 0) + return ret; + + if (server_checksum.length < PAC_SIGNATURE_DATA_LENGTH) + return KRB5_BAD_MSIZE; + + p = (krb5_octet *)privsvr_checksum.data; + checksum.checksum_type = load_32_le(p); + checksum.length = privsvr_checksum.length - PAC_SIGNATURE_DATA_LENGTH; + checksum.contents = p + PAC_SIGNATURE_DATA_LENGTH; + + server_checksum.data += PAC_SIGNATURE_DATA_LENGTH; + server_checksum.length -= PAC_SIGNATURE_DATA_LENGTH; + + ret = krb5_c_verify_checksum(context, privsvr, KRB5_KEYUSAGE_APP_DATA_CKSUM, + &server_checksum, &checksum, &valid); + if (ret != 0) + return ret; + + if (valid == FALSE) + ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; + + return ret; +} + +krb5_error_code KRB5_CALLCONV +krb5_pac_verify(krb5_context context, + const krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal, + const krb5_keyblock *server, + const krb5_keyblock *privsvr) +{ + krb5_error_code ret; + + if (server == NULL) + return EINVAL; + + ret = k5_pac_verify_server_checksum(context, pac, server); + if (ret != 0) + return ret; + + if (privsvr != NULL) { + ret = k5_pac_verify_kdc_checksum(context, pac, privsvr); + if (ret != 0) + return ret; + } + + if (principal != NULL) { + ret = k5_pac_validate_client(context, pac, authtime, principal); + if (ret != 0) + return ret; + } + + return 0; +} + +static krb5_error_code +k5_insert_client_info(krb5_context context, + krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal) +{ + krb5_error_code ret; + krb5_data client_info; + char *princ_name_utf8 = NULL; + unsigned char *princ_name_ucs2 = NULL, *p; + size_t princ_name_ucs2_len = 0; + krb5_ui_8 nt_authtime; + + /* If we already have a CLIENT_INFO buffer, then just validate it */ + if (k5_pac_locate_buffer(context, pac, PAC_CLIENT_INFO, &client_info) == 0) { + return k5_pac_validate_client(context, pac, authtime, principal); + } + + ret = krb5_unparse_name_flags(context, principal, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, &princ_name_utf8); + if (ret != 0) + goto cleanup; + + ret = krb5int_utf8s_to_ucs2les(princ_name_utf8, + &princ_name_ucs2, + &princ_name_ucs2_len); + if (ret != 0) + goto cleanup; + + client_info.length = PAC_CLIENT_INFO_LENGTH + princ_name_ucs2_len; + client_info.data = NULL; + + ret = k5_pac_add_buffer(context, pac, PAC_CLIENT_INFO, &client_info, TRUE, &client_info); + if (ret != 0) + goto cleanup; + + p = (unsigned char *)client_info.data; + + /* copy in authtime converted to a 64-bit NT time */ + k5_seconds_since_1970_to_time(authtime, &nt_authtime); + store_64_le(nt_authtime, p); + p += 8; + + /* copy in number of UCS-2 characters in principal name */ + store_16_le(princ_name_ucs2_len, p); + p += 2; + + /* copy in principal name */ + memcpy(p, princ_name_ucs2, princ_name_ucs2_len); + +cleanup: + if (princ_name_utf8 != NULL) + free(princ_name_utf8); + if (princ_name_ucs2 != NULL) + free(princ_name_ucs2); + + return ret; +} + +static krb5_error_code +k5_insert_checksum(krb5_context context, + krb5_pac pac, + krb5_ui_4 type, + const krb5_keyblock *key, + krb5_cksumtype *cksumtype) +{ + krb5_error_code ret; + size_t len; + krb5_data cksumdata; + + ret = krb5int_c_mandatory_cksumtype(context, key->enctype, cksumtype); + if (ret != 0) + return ret; + + ret = krb5_c_checksum_length(context, *cksumtype, &len); + if (ret != 0) + return ret; + + ret = k5_pac_locate_buffer(context, pac, type, &cksumdata); + if (ret == 0) { + /* If we're resigning PAC, make sure we can fit checksum into existing buffer */ + if (cksumdata.length != PAC_SIGNATURE_DATA_LENGTH + len) + return ERANGE; + + memset(cksumdata.data, 0, cksumdata.length); + } else { + /* Add a zero filled buffer */ + cksumdata.length = PAC_SIGNATURE_DATA_LENGTH + len; + cksumdata.data = NULL; + + ret = k5_pac_add_buffer(context, pac, type, &cksumdata, TRUE, &cksumdata); + if (ret != 0) + return ret; + } + + /* Encode checksum type into buffer */ + store_32_le((krb5_ui_4)*cksumtype, (unsigned char *)cksumdata.data); + + return 0; +} + +/* in-place encoding of PAC header */ +static krb5_error_code +k5_pac_encode_header(krb5_context context, krb5_pac pac) +{ + size_t i; + unsigned char *p; + size_t header_len; + + header_len = PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH); + assert(pac->data.length >= header_len); + + p = (unsigned char *)pac->data.data; + + store_32_le(pac->pac->cBuffers, p); + p += 4; + store_32_le(pac->pac->Version, p); + p += 4; + + for (i = 0; i < pac->pac->cBuffers; i++) { + PAC_INFO_BUFFER *buffer = &pac->pac->Buffers[i]; + + store_32_le(buffer->ulType, p); + p += 4; + store_32_le(buffer->cbBufferSize, p); + p += 4; + store_64_le(buffer->Offset, p); + p += 8; + + assert((buffer->Offset % PAC_ALIGNMENT) == 0); + assert(buffer->Offset + buffer->cbBufferSize <= pac->data.length); + assert(buffer->Offset >= header_len); + + if (buffer->Offset % PAC_ALIGNMENT || + buffer->Offset + buffer->cbBufferSize > pac->data.length || + buffer->Offset < header_len) + return ERANGE; + } + + return 0; +} + +krb5_error_code KRB5_CALLCONV +krb5int_pac_sign(krb5_context context, + krb5_pac pac, + krb5_timestamp authtime, + krb5_const_principal principal, + const krb5_keyblock *server_key, + const krb5_keyblock *privsvr_key, + krb5_data *data) +{ + krb5_error_code ret; + krb5_data server_cksum, privsvr_cksum; + krb5_cksumtype server_cksumtype, privsvr_cksumtype; + krb5_crypto_iov iov[2]; + + data->length = 0; + data->data = NULL; + + if (principal != NULL) { + ret = k5_insert_client_info(context, pac, authtime, principal); + if (ret != 0) + return ret; + } + + /* Create zeroed buffers for both checksums */ + ret = k5_insert_checksum(context, pac, PAC_SERVER_CHECKSUM, + server_key, &server_cksumtype); + if (ret != 0) + return ret; + + ret = k5_insert_checksum(context, pac, PAC_PRIVSVR_CHECKSUM, + privsvr_key, &privsvr_cksumtype); + if (ret != 0) + return ret; + + /* Now, encode the PAC header so that the checksums will include it */ + ret = k5_pac_encode_header(context, pac); + if (ret != 0) + return ret; + + /* Generate the server checksum over the entire PAC */ + ret = k5_pac_locate_buffer(context, pac, PAC_SERVER_CHECKSUM, &server_cksum); + if (ret != 0) + return ret; + + assert(server_cksum.length > PAC_SIGNATURE_DATA_LENGTH); + + iov[0].flags = KRB5_CRYPTO_TYPE_DATA; + iov[0].data = pac->data; + + iov[1].flags = KRB5_CRYPTO_TYPE_CHECKSUM; + iov[1].data.data = server_cksum.data + PAC_SIGNATURE_DATA_LENGTH; + iov[1].data.length = server_cksum.length - PAC_SIGNATURE_DATA_LENGTH; + + ret = krb5_c_make_checksum_iov(context, server_cksumtype, + server_key, KRB5_KEYUSAGE_APP_DATA_CKSUM, + iov, sizeof(iov)/sizeof(iov[0])); + if (ret != 0) + return ret; + + /* Generate the privsvr checksum over the server checksum buffer */ + ret = k5_pac_locate_buffer(context, pac, PAC_PRIVSVR_CHECKSUM, &privsvr_cksum); + if (ret != 0) + return ret; + + assert(privsvr_cksum.length > PAC_SIGNATURE_DATA_LENGTH); + + iov[0].flags = KRB5_CRYPTO_TYPE_DATA; + iov[0].data.data = server_cksum.data + PAC_SIGNATURE_DATA_LENGTH; + iov[0].data.length = server_cksum.length - PAC_SIGNATURE_DATA_LENGTH; + + iov[1].flags = KRB5_CRYPTO_TYPE_CHECKSUM; + iov[1].data.data = privsvr_cksum.data + PAC_SIGNATURE_DATA_LENGTH; + iov[1].data.length = privsvr_cksum.length - PAC_SIGNATURE_DATA_LENGTH; + + ret = krb5_c_make_checksum_iov(context, privsvr_cksumtype, + privsvr_key, KRB5_KEYUSAGE_APP_DATA_CKSUM, + iov, sizeof(iov)/sizeof(iov[0])); + if (ret != 0) + return ret; + + data->data = malloc(pac->data.length); + if (data->data == NULL) + return ENOMEM; + + data->length = pac->data.length; + + memcpy(data->data, pac->data.data, pac->data.length); + memset(pac->data.data, 0, PACTYPE_LENGTH + (pac->pac->cBuffers * PAC_INFO_BUFFER_LENGTH)); + + return 0; +} + diff --git a/src/lib/krb5/krb/parse.c b/src/lib/krb5/krb/parse.c index fbcc49db0d..5c705490d3 100644 --- a/src/lib/krb5/krb/parse.c +++ b/src/lib/krb5/krb/parse.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/parse.c * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -59,17 +59,17 @@ #define FCOMPNUM 10 - /* * May the fleas of a thousand camels infest the ISO, they who think * that arbitrarily large multi-component names are a Good Thing..... */ -krb5_error_code KRB5_CALLCONV -krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincipal) +static krb5_error_code +k5_parse_name(krb5_context context, const char *name, + int flags, krb5_principal *nprincipal) { register const char *cp; register char *q; - register int i,c,size; + register int i,c,size; int components = 0; const char *parsed_realm = NULL; int fcompsize[FCOMPNUM]; @@ -79,24 +79,28 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip char *tmpdata; krb5_principal principal; krb5_error_code retval; - + unsigned int enterprise = (flags & KRB5_PRINCIPAL_PARSE_ENTERPRISE); + int first_at; + /* * Pass 1. Find out how many components there are to the name, - * and get string sizes for the first FCOMPNUM components. + * and get string sizes for the first FCOMPNUM components. For + * enterprise principal names (UPNs), there is only a single + * component. */ size = 0; - for (i=0,cp = name; (c = *cp); cp++) { + for (i=0,cp = name, first_at = 1; (c = *cp); cp++) { if (c == QUOTECHAR) { cp++; if (!(c = *cp)) /* - * QUOTECHAR can't be at the last - * character of the name! - */ + * QUOTECHAR can't be at the last + * character of the name! + */ return(KRB5_PARSE_MALFORMED); size++; continue; - } else if (c == COMPONENT_SEP) { + } else if (c == COMPONENT_SEP && !enterprise) { if (parsed_realm) /* * Shouldn't see a component separator @@ -108,22 +112,26 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip } size = 0; i++; - } else if (c == REALM_SEP) { + } else if (c == REALM_SEP && (!enterprise || !first_at)) { if (parsed_realm) /* * Multiple realm separaters * not allowed; zero-length realms are. */ return(KRB5_PARSE_MALFORMED); - parsed_realm = cp+1; + parsed_realm = cp + 1; if (i < FCOMPNUM) { fcompsize[i] = size; } size = 0; - } else + } else { + if (c == REALM_SEP && enterprise && first_at) + first_at = 0; + size++; + } } - if (parsed_realm) + if (parsed_realm != NULL) realmsize = size; else if (i < FCOMPNUM) fcompsize[i] = size; @@ -133,20 +141,30 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip * component pieces */ principal = (krb5_principal)malloc(sizeof(krb5_principal_data)); - if (!principal) { - return(ENOMEM); + if (principal == NULL) { + return(ENOMEM); } principal->data = (krb5_data *) malloc(sizeof(krb5_data) * components); - if (!principal->data) { - free((char *)principal); + if (principal->data == NULL) { + krb5_xfree((char *)principal); return ENOMEM; } principal->length = components; + /* - * If a realm was not found, then use the defualt realm.... + * If a realm was not found, then use the default realm, unless + * KRB5_PRINCIPAL_PARSE_NO_REALM was specified in which case the + * realm will be empty. */ if (!parsed_realm) { - if (!default_realm) { + if (flags & KRB5_PRINCIPAL_PARSE_REQUIRE_REALM) { + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, + "Principal %s is missing required realm", name); + krb5_xfree(principal->data); + krb5_xfree(principal); + return KRB5_PARSE_MALFORMED; + } + if (!default_realm && (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) == 0) { retval = krb5_get_default_realm(context, &default_realm); if (retval) { krb5_xfree(principal->data); @@ -156,7 +174,14 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip default_realm_size = strlen(default_realm); } realmsize = default_realm_size; + } else if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) { + krb5_set_error_message(context, KRB5_PARSE_MALFORMED, + "Principal %s has realm present", name); + krb5_xfree(principal->data); + krb5_xfree(principal); + return KRB5_PARSE_MALFORMED; } + /* * Pass 2. Happens only if there were more than FCOMPNUM * component; if this happens, someone should be shot @@ -208,7 +233,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip /* * Now, we need to allocate the space for the strings themselves..... */ - tmpdata = malloc(realmsize+1); + tmpdata = malloc(realmsize + 1); if (tmpdata == 0) { krb5_xfree(principal->data); krb5_xfree(principal); @@ -220,7 +245,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip for (i=0; i < components; i++) { char *tmpdata2 = malloc(krb5_princ_component(context, principal, i)->length + 1); - if (!tmpdata2) { + if (tmpdata2 == NULL) { for (i--; i >= 0; i--) krb5_xfree(krb5_princ_component(context, principal, i)->data); krb5_xfree(krb5_princ_realm(context, principal)->data); @@ -239,7 +264,7 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip * allocated. */ q = krb5_princ_component(context, principal, 0)->data; - for (i=0,cp = name; (c = *cp); cp++) { + for (i=0,cp = name, first_at = 1; (c = *cp); cp++) { if (c == QUOTECHAR) { cp++; switch (c = *cp) { @@ -257,29 +282,57 @@ krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincip break; default: *q++ = c; + break; } - } else if ((c == COMPONENT_SEP) || (c == REALM_SEP)) { + } else if (c == COMPONENT_SEP && !enterprise) { + i++; + *q++ = '\0'; + q = krb5_princ_component(context, principal, i)->data; + } else if (c == REALM_SEP && (!enterprise || !first_at)) { i++; *q++ = '\0'; - if (c == COMPONENT_SEP) - q = krb5_princ_component(context, principal, i)->data; - else - q = krb5_princ_realm(context, principal)->data; - } else + q = krb5_princ_realm(context, principal)->data; + } else { + if (c == REALM_SEP && enterprise && first_at) + first_at = 0; + *q++ = c; + } } *q++ = '\0'; - if (!parsed_realm) - strcpy(krb5_princ_realm(context, principal)->data, default_realm); + if (!parsed_realm) { + if (flags & KRB5_PRINCIPAL_PARSE_NO_REALM) + (krb5_princ_realm(context, principal)->data)[0] = '\0'; + else + strlcpy(krb5_princ_realm(context, principal)->data, default_realm, realmsize+1); + } /* * Alright, we're done. Now stuff a pointer to this monstrosity * into the return variable, and let's get out of here. */ - krb5_princ_type(context, principal) = KRB5_NT_PRINCIPAL; + if (enterprise) + krb5_princ_type(context, principal) = KRB5_NT_ENTERPRISE_PRINCIPAL; + else + krb5_princ_type(context, principal) = KRB5_NT_PRINCIPAL; principal->magic = KV5M_PRINCIPAL; principal->realm.magic = KV5M_DATA; *nprincipal = principal; - krb5_xfree(default_realm); + if (default_realm != NULL) + krb5_xfree(default_realm); + return(0); } + +krb5_error_code KRB5_CALLCONV +krb5_parse_name(krb5_context context, const char *name, krb5_principal *nprincipal) +{ + return k5_parse_name(context, name, 0, nprincipal); +} + +krb5_error_code KRB5_CALLCONV +krb5_parse_name_flags(krb5_context context, const char *name, + int flags, krb5_principal *nprincipal) +{ + return k5_parse_name(context, name, flags, nprincipal); +} diff --git a/src/lib/krb5/krb/pkinit_apple_cert_store.c b/src/lib/krb5/krb/pkinit_apple_cert_store.c index be0ea73abb..449f1cc990 100644 --- a/src/lib/krb5/krb/pkinit_apple_cert_store.c +++ b/src/lib/krb5/krb/pkinit_apple_cert_store.c @@ -594,7 +594,7 @@ char *krb5_pkinit_cert_hash_str( } cpOut = outstr; for(dex=0; dextm_min > 59 || utc->tm_sec > 59) { return ASN1_BAD_GMTIME; } - outStr = (char *)malloc(16); - if(outStr == NULL) { + if (asprintf(&outStr, "%04d%02d%02d%02d%02d%02dZ", + utc->tm_year + 1900, utc->tm_mon + 1, + utc->tm_mday, utc->tm_hour, utc->tm_min, utc->tm_sec) < 0) { return ENOMEM; } - sprintf(outStr, "%04d%02d%02d%02d%02d%02dZ", - utc->tm_year + 1900, utc->tm_mon + 1, - utc->tm_mday, utc->tm_hour, utc->tm_min, utc->tm_sec); *str = outStr; return 0; } diff --git a/src/lib/krb5/krb/preauth.c b/src/lib/krb5/krb/preauth.c index 0e7c279e14..11574116a3 100644 --- a/src/lib/krb5/krb/preauth.c +++ b/src/lib/krb5/krb/preauth.c @@ -397,10 +397,7 @@ char *handle_sam_labels(krb5_sam_challenge *sc) unsigned int prompt_len = sc->sam_response_prompt.length; char *challenge = sc->sam_challenge.data; unsigned int challenge_len = sc->sam_challenge.length; - char *prompt1, *p; - char *sep1 = ": ["; - char *sep2 = "]\n"; - char *sep3 = ": "; + struct k5buf buf; if (sc->sam_cksum.length == 0) { /* or invalid -- but lets just handle presence now XXX */ @@ -438,20 +435,16 @@ char *handle_sam_labels(krb5_sam_challenge *sc) Challenge for Digital Pathways mechanism: [134591] Passcode: */ - p = prompt1 = malloc(label_len + strlen(sep1) + - challenge_len + strlen(sep2) + - prompt_len+ strlen(sep3) + 1); - if (p == NULL) - return NULL; + krb5int_buf_init_dynamic(&buf); if (challenge_len) { - strncpy(p, label, label_len); p += label_len; - strcpy(p, sep1); p += strlen(sep1); - strncpy(p, challenge, challenge_len); p += challenge_len; - strcpy(p, sep2); p += strlen(sep2); + krb5int_buf_add_len(&buf, label, label_len); + krb5int_buf_add(&buf, ": ["); + krb5int_buf_add_len(&buf, challenge, challenge_len); + krb5int_buf_add(&buf, "]\n"); } - strncpy(p, prompt, prompt_len); p += prompt_len; - strcpy(p, sep3); /* p += strlen(sep3); */ - return prompt1; + krb5int_buf_add_len(&buf, prompt, prompt_len); + krb5int_buf_add(&buf, ": "); + return krb5int_buf_data(&buf); } /* diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 85e3532162..bcb15d6632 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -792,7 +792,7 @@ krb5_error_code pa_sam(krb5_context context, return(ret); if (sam_challenge->sam_flags & KRB5_SAM_MUST_PK_ENCRYPT_SAD) { - krb5_xfree(sam_challenge); + krb5_free_sam_challenge(context, sam_challenge); return(KRB5_SAM_UNSUPPORTED); } @@ -842,7 +842,7 @@ krb5_error_code pa_sam(krb5_context context, krb5int_set_prompt_types(context, &prompt_type); if ((ret = ((*prompter)(context, prompter_data, name, banner, 1, &kprompt)))) { - krb5_xfree(sam_challenge); + krb5_free_sam_challenge(context, sam_challenge); krb5int_set_prompt_types(context, 0); return(ret); } @@ -853,8 +853,8 @@ krb5_error_code pa_sam(krb5_context context, if ((ret = krb5_us_timeofday(context, &enc_sam_response_enc.sam_timestamp, &enc_sam_response_enc.sam_usec))) { - krb5_xfree(sam_challenge); - return(ret); + krb5_free_sam_challenge(context,sam_challenge); + return(ret); } sam_response.sam_patimestamp = enc_sam_response_enc.sam_timestamp; @@ -878,7 +878,7 @@ krb5_error_code pa_sam(krb5_context context, if ((salt->length == -1 || salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) { if ((ret = krb5_principal2salt(context, request->client, &defsalt))) { - krb5_xfree(sam_challenge); + krb5_free_sam_challenge(context, sam_challenge); return(ret); } @@ -896,7 +896,7 @@ krb5_error_code pa_sam(krb5_context context, krb5_xfree(defsalt.data); if (ret) { - krb5_xfree(sam_challenge); + krb5_free_sam_challenge(context, sam_challenge); return(ret); } @@ -916,7 +916,7 @@ krb5_error_code pa_sam(krb5_context context, if ((salt->length == SALT_TYPE_AFS_LENGTH) && (salt->data == NULL)) { if (ret = krb5_principal2salt(context, request->client, &defsalt)) { - krb5_xfree(sam_challenge); + krb5_free_sam_challenge(context, sam_challenge); return(ret); } @@ -940,7 +940,7 @@ krb5_error_code pa_sam(krb5_context context, krb5_xfree(defsalt.data); if (ret) { - krb5_xfree(sam_challenge); + krb5_free_sam_challenge(context, sam_challenge); return(ret); } @@ -991,6 +991,8 @@ krb5_error_code pa_sam(krb5_context context, *out_padata = pa; + krb5_xfree(scratch); + return(0); } diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index 6e033ad918..46e00e48d1 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -29,37 +29,116 @@ */ #include "k5-int.h" +#include "k5-unicode.h" + +static krb5_boolean +realm_compare_flags(krb5_context context, + krb5_const_principal princ1, + krb5_const_principal princ2, + int flags) +{ + const krb5_data *realm1 = krb5_princ_realm(context, princ1); + const krb5_data *realm2 = krb5_princ_realm(context, princ2); + + if (realm1->length != realm2->length) + return FALSE; + + return (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) ? + (strncasecmp(realm1->data, realm2->data, realm2->length) == 0) : + (memcmp(realm1->data, realm2->data, realm2->length) == 0); +} krb5_boolean KRB5_CALLCONV krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) { - if (!data_eq(*krb5_princ_realm(context, princ1), - *krb5_princ_realm(context, princ2))) - return FALSE; + return realm_compare_flags(context, princ1, princ2, 0); +} - return TRUE; +static krb5_error_code +upn_to_principal(krb5_context context, + krb5_const_principal princ, + krb5_principal *upn) +{ + char *unparsed_name; + krb5_error_code code; + + code = krb5_unparse_name_flags(context, princ, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, + &unparsed_name); + if (code) { + *upn = NULL; + return code; + } + + code = krb5_parse_name(context, unparsed_name, upn); + + free(unparsed_name); + + return code; } krb5_boolean KRB5_CALLCONV -krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) +krb5_principal_compare_flags(krb5_context context, + krb5_const_principal princ1, + krb5_const_principal princ2, + int flags) { register int i; krb5_int32 nelem; + unsigned int utf8 = (flags & KRB5_PRINCIPAL_COMPARE_UTF8) != 0; + unsigned int casefold = (flags & KRB5_PRINCIPAL_COMPARE_CASEFOLD) != 0; + krb5_principal upn1 = NULL; + krb5_principal upn2 = NULL; + krb5_boolean ret = FALSE; + + if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) { + /* Treat UPNs as if they were real principals */ + if (krb5_princ_type(context, princ1) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (upn_to_principal(context, princ1, &upn1) == 0) + princ1 = upn1; + } + if (krb5_princ_type(context, princ2) == KRB5_NT_ENTERPRISE_PRINCIPAL) { + if (upn_to_principal(context, princ2, &upn2) == 0) + princ2 = upn2; + } + } nelem = krb5_princ_size(context, princ1); if (nelem != krb5_princ_size(context, princ2)) - return FALSE; + goto out; - if (! krb5_realm_compare(context, princ1, princ2)) - return FALSE; + if ((flags & KRB5_PRINCIPAL_COMPARE_IGNORE_REALM) == 0 && + !realm_compare_flags(context, princ1, princ2, flags)) + goto out; for (i = 0; i < (int) nelem; i++) { register const krb5_data *p1 = krb5_princ_component(context, princ1, i); register const krb5_data *p2 = krb5_princ_component(context, princ2, i); - if (!data_eq(*p1, *p2)) - return FALSE; + int cmp; + + if (casefold) { + if (utf8) + cmp = krb5int_utf8_normcmp(p1, p2, KRB5_UTF8_CASEFOLD); + else + cmp = p1->length == p2->length ? + strncasecmp(p1->data, p2->data, p2->length) : + p1->length - p2->length; + } else + cmp = !data_eq(*p1, *p2); + + if (cmp != 0) + goto out; } - return TRUE; + + ret = TRUE; + +out: + if (upn1 != NULL) + krb5_free_principal(context, upn1); + if (upn2 != NULL) + krb5_free_principal(context, upn2); + + return ret; } krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r) @@ -81,3 +160,20 @@ krb5_boolean KRB5_CALLCONV krb5_is_referral_realm(const krb5_data *r) else return FALSE; } + +krb5_boolean KRB5_CALLCONV +krb5_principal_compare(krb5_context context, + krb5_const_principal princ1, + krb5_const_principal princ2) +{ + return krb5_principal_compare_flags(context, princ1, princ2, 0); +} + +krb5_boolean KRB5_CALLCONV +krb5_principal_compare_any_realm(krb5_context context, + krb5_const_principal princ1, + krb5_const_principal princ2) +{ + return krb5_principal_compare_flags(context, princ1, princ2, KRB5_PRINCIPAL_COMPARE_IGNORE_REALM); +} + diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 66cee85381..618726efe2 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -265,7 +265,9 @@ krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, error:; krb5_xfree(outbuf->data); - return retval; + outbuf->length = 0; + outbuf->data = NULL; + return retval; } diff --git a/src/lib/krb5/krb/rd_rep.c b/src/lib/krb5/krb/rd_rep.c index 901de4338a..1e6e0e1e82 100644 --- a/src/lib/krb5/krb/rd_rep.c +++ b/src/lib/krb5/krb/rd_rep.c @@ -26,6 +26,33 @@ * * krb5_rd_rep() */ +/* + * Copyright (c) 2006-2008, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ #include "k5-int.h" #include "auth_con.h" @@ -102,6 +129,8 @@ krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, krb5_free_keyblock(context, auth_context->send_subkey); auth_context->send_subkey = NULL; } + /* not used for anything yet */ + auth_context->negotiated_etype = (*repl)->subkey->enctype; } /* Get remote sequence number */ @@ -114,3 +143,60 @@ clean_scratch: free(scratch.data); return retval; } + +krb5_error_code KRB5_CALLCONV +krb5_rd_rep_dce(krb5_context context, krb5_auth_context auth_context, + const krb5_data *inbuf, krb5_ui_4 *nonce) +{ + krb5_error_code retval; + krb5_ap_rep * reply; + krb5_data scratch; + krb5_ap_rep_enc_part *repl; + + if (!krb5_is_ap_rep(inbuf)) + return KRB5KRB_AP_ERR_MSG_TYPE; + + /* decode it */ + + if ((retval = decode_krb5_ap_rep(inbuf, &reply))) + return retval; + + /* put together an eblock for this encryption */ + + scratch.length = reply->enc_part.ciphertext.length; + if (!(scratch.data = malloc(scratch.length))) { + krb5_free_ap_rep(context, reply); + return(ENOMEM); + } + + if ((retval = krb5_c_decrypt(context, auth_context->keyblock, + KRB5_KEYUSAGE_AP_REP_ENCPART, 0, + &reply->enc_part, &scratch))) + goto clean_scratch; + + /* now decode the decrypted stuff */ + retval = decode_krb5_ap_rep_enc_part(&scratch, &repl); + if (retval) + goto clean_scratch; + + *nonce = repl->seq_number; + if (*nonce != auth_context->local_seq_number) { + retval = KRB5_MUTUAL_FAILED; + goto clean_scratch; + } + + /* Must be NULL to prevent echoing for client AP-REP */ + if (repl->subkey != NULL) { + retval = KRB5_MUTUAL_FAILED; + goto clean_scratch; + } + +clean_scratch: + memset(scratch.data, 0, scratch.length); + + if (repl != NULL) + krb5_free_ap_rep_enc_part(context, repl); + krb5_free_ap_rep(context, reply); + free(scratch.data); + return retval; +} diff --git a/src/lib/krb5/krb/rd_req.c b/src/lib/krb5/krb/rd_req.c index 6a479496fa..5848aa776f 100644 --- a/src/lib/krb5/krb/rd_req.c +++ b/src/lib/krb5/krb/rd_req.c @@ -77,19 +77,6 @@ krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, *auth_context = new_auth_context; } - if (!server) { - server = request->ticket->server; - } - /* Get an rcache if necessary. */ - if (((*auth_context)->rcache == NULL) - && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) - && server) { - if ((retval = krb5_get_server_rcache(context, - krb5_princ_component(context, - server,0), - &(*auth_context)->rcache))) - goto cleanup_auth_context; - } #ifndef LEAN_CLIENT /* Get a keytab if necessary. */ diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index e93551a545..bbf7ed6a72 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -2,7 +2,7 @@ * lib/krb5/krb/rd_req_dec.c * * Copyright (c) 1994 CyberSAFE Corporation. - * Copyright 1990,1991,2007 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2007,2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -62,6 +62,19 @@ static krb5_error_code decrypt_authenticator (krb5_context, const krb5_ap_req *, krb5_authenticator **, int); +static krb5_error_code +decode_etype_list(krb5_context context, + const krb5_authenticator *authp, + krb5_enctype **desired_etypes, + int *desired_etypes_len); +static krb5_error_code +negotiate_etype(krb5_context context, + const krb5_enctype *desired_etypes, + int desired_etypes_len, + int mandatory_etypes_index, + const krb5_enctype *permitted_etypes, + int permitted_etypes_len, + krb5_enctype *negotiated_etype); krb5_error_code krb5int_check_clockskew(krb5_context context, krb5_timestamp date) @@ -79,27 +92,83 @@ krb5int_check_clockskew(krb5_context context, krb5_timestamp date) static krb5_error_code krb5_rd_req_decrypt_tkt_part(krb5_context context, const krb5_ap_req *req, - krb5_keytab keytab) + krb5_const_principal server, krb5_keytab keytab) { krb5_error_code retval; - krb5_enctype enctype; krb5_keytab_entry ktent; - enctype = req->ticket->enc_part.enctype; + retval = KRB5_KT_NOTFOUND; #ifndef LEAN_CLIENT - if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server, - req->ticket->enc_part.kvno, - enctype, &ktent))) - return retval; + if (server != NULL || keytab->ops->start_seq_get == NULL) { + retval = krb5_kt_get_entry(context, keytab, + server != NULL ? server : req->ticket->server, + req->ticket->enc_part.kvno, + req->ticket->enc_part.enctype, &ktent); + if (retval == 0) { + retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket); + + (void) krb5_free_keytab_entry_contents(context, &ktent); + } + } else { + krb5_error_code code; + krb5_kt_cursor cursor; + + retval = krb5_kt_start_seq_get(context, keytab, &cursor); + if (retval != 0) + goto map_error; + + while ((code = krb5_kt_next_entry(context, keytab, + &ktent, &cursor)) == 0) { + if (ktent.key.enctype != req->ticket->enc_part.enctype) + continue; + + retval = krb5_decrypt_tkt_part(context, &ktent.key, + req->ticket); + + if (retval == 0) { + krb5_principal tmp; + + /* + * We overwrite ticket->server to be the principal + * that we match in the keytab. The reason for doing + * this is that GSS-API and other consumers look at + * that principal to make authorization decisions + * about whether the appropriate server is contacted. + * It might be cleaner to create a new API and store + * the server in the auth_context, but doing so would + * probably miss existing uses of the server. Instead, + * perhaps an API should be created to retrieve the + * server as it appeared in the ticket. + */ + retval = krb5_copy_principal(context, ktent.principal, &tmp); + if (retval == 0) { + krb5_free_principal(context, req->ticket->server); + req->ticket->server = tmp; + } + (void) krb5_free_keytab_entry_contents(context, &ktent); + break; + } + (void) krb5_free_keytab_entry_contents(context, &ktent); + } + + code = krb5_kt_end_seq_get(context, keytab, &cursor); + if (code != 0) + retval = code; + } #endif /* LEAN_CLIENT */ - retval = krb5_decrypt_tkt_part(context, &ktent.key, req->ticket); - /* Upon error, Free keytab entry first, then return */ +map_error: + switch (retval) { + case KRB5_KT_KVNONOTFOUND: + case KRB5_KT_NOTFOUND: + case KRB5KRB_AP_ERR_BAD_INTEGRITY: + retval = KRB5KRB_AP_WRONG_PRINC; + break; + default: + break; + } -#ifndef LEAN_CLIENT - (void) krb5_kt_free_entry(context, &ktent); -#endif /* LEAN_CLIENT */ return retval; } @@ -134,8 +203,13 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, krb5_ticket **ticket, int check_valid_flag) { krb5_error_code retval = 0; - krb5_principal_data princ_data; - + krb5_principal_data princ_data; + krb5_enctype *desired_etypes = NULL; + int desired_etypes_len = 0; + int rfc4537_etypes_len = 0; + krb5_enctype *permitted_etypes = NULL; + int permitted_etypes_len = 0; + req->ticket->enc_part2 = NULL; if (server && krb5_is_referral_realm(&server->realm)) { char *realm; @@ -147,18 +221,7 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, princ_data.realm.data = realm; princ_data.realm.length = strlen(realm); } - if (server && !krb5_principal_compare(context, server, req->ticket->server)) { - char *found_name = 0, *wanted_name = 0; - if (krb5_unparse_name(context, server, &wanted_name) == 0 - && krb5_unparse_name(context, req->ticket->server, &found_name) == 0) - krb5_set_error_message(context, KRB5KRB_AP_WRONG_PRINC, - "Wrong principal in request (found %s, wanted %s)", - found_name, wanted_name); - krb5_free_unparsed_name(context, wanted_name); - krb5_free_unparsed_name(context, found_name); - retval = KRB5KRB_AP_WRONG_PRINC; - goto cleanup; - } + /* if (req->ap_options & AP_OPTS_USE_SESSION_KEY) do we need special processing here ? */ @@ -171,18 +234,19 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, krb5_free_keyblock(context, (*auth_context)->keyblock); (*auth_context)->keyblock = NULL; } else { - if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, keytab))) + if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, server, keytab))) goto cleanup; } /* XXX this is an evil hack. check_valid_flag is set iff the call is not from inside the kdc. we can use this to determine which key usage to use */ +#ifndef LEAN_CLIENT if ((retval = decrypt_authenticator(context, req, &((*auth_context)->authentp), check_valid_flag))) goto cleanup; - +#endif if (!krb5_principal_compare(context, (*auth_context)->authentp->client, req->ticket->enc_part2->client)) { retval = KRB5KRB_AP_ERR_BADMATCH; @@ -196,6 +260,19 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, goto cleanup; } + if (!server) { + server = req->ticket->server; + } + /* Get an rcache if necessary. */ + if (((*auth_context)->rcache == NULL) + && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME) + && server) { + if ((retval = krb5_get_server_rcache(context, + krb5_princ_component(context, + server,0), + &(*auth_context)->rcache))) + goto cleanup; + } /* okay, now check cross-realm policy */ #if defined(_SINGLE_HOP_ONLY) @@ -295,81 +372,86 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, } } - /* check if the various etypes are permitted */ + /* read RFC 4537 etype list from sender */ + retval = decode_etype_list(context, + (*auth_context)->authentp, + &desired_etypes, + &rfc4537_etypes_len); + if (retval != 0) + goto cleanup; - if ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_PERMIT_ALL) { - /* no etype check needed */; - } else if ((*auth_context)->permitted_etypes == NULL) { - int etype; - /* check against the default set */ - if ((!krb5_is_permitted_enctype(context, - etype = req->ticket->enc_part.enctype)) || - (!krb5_is_permitted_enctype(context, - etype = req->ticket->enc_part2->session->enctype)) || - (((*auth_context)->authentp->subkey) && - !krb5_is_permitted_enctype(context, - etype = (*auth_context)->authentp->subkey->enctype))) { - char enctype_name[30]; - retval = KRB5_NOPERM_ETYPE; - if (krb5_enctype_to_string(etype, enctype_name, sizeof(enctype_name)) == 0) - krb5_set_error_message(context, retval, - "Encryption type %s not permitted", - enctype_name); - goto cleanup; - } - } else { - /* check against the set in the auth_context */ - int i; + if (desired_etypes == NULL) + desired_etypes = (krb5_enctype *)calloc(4, sizeof(krb5_enctype)); + else + desired_etypes = (krb5_enctype *)realloc(desired_etypes, + (rfc4537_etypes_len + 4) * + sizeof(krb5_enctype)); + if (desired_etypes == NULL) { + retval = ENOMEM; + goto cleanup; + } - for (i=0; (*auth_context)->permitted_etypes[i]; i++) - if ((*auth_context)->permitted_etypes[i] == - req->ticket->enc_part.enctype) - break; - if (!(*auth_context)->permitted_etypes[i]) { - char enctype_name[30]; - retval = KRB5_NOPERM_ETYPE; - if (krb5_enctype_to_string(req->ticket->enc_part.enctype, - enctype_name, sizeof(enctype_name)) == 0) - krb5_set_error_message(context, retval, - "Encryption type %s not permitted", - enctype_name); - goto cleanup; - } - - for (i=0; (*auth_context)->permitted_etypes[i]; i++) - if ((*auth_context)->permitted_etypes[i] == - req->ticket->enc_part2->session->enctype) - break; - if (!(*auth_context)->permitted_etypes[i]) { - char enctype_name[30]; - retval = KRB5_NOPERM_ETYPE; - if (krb5_enctype_to_string(req->ticket->enc_part2->session->enctype, - enctype_name, sizeof(enctype_name)) == 0) - krb5_set_error_message(context, retval, - "Encryption type %s not permitted", - enctype_name); - goto cleanup; - } - - if ((*auth_context)->authentp->subkey) { - for (i=0; (*auth_context)->permitted_etypes[i]; i++) - if ((*auth_context)->permitted_etypes[i] == - (*auth_context)->authentp->subkey->enctype) - break; - if (!(*auth_context)->permitted_etypes[i]) { - char enctype_name[30]; - retval = KRB5_NOPERM_ETYPE; - if (krb5_enctype_to_string((*auth_context)->authentp->subkey->enctype, - enctype_name, - sizeof(enctype_name)) == 0) - krb5_set_error_message(context, retval, - "Encryption type %s not permitted", - enctype_name); + desired_etypes_len = rfc4537_etypes_len; + + /* + * RFC 4537: + * + * If the EtypeList is present and the server prefers an enctype from + * the client's enctype list over that of the AP-REQ authenticator + * subkey (if that is present) or the service ticket session key, the + * server MUST create a subkey using that enctype. This negotiated + * subkey is sent in the subkey field of AP-REP message, and it is then + * used as the protocol key or base key [RFC3961] for subsequent + * communication. + * + * If the enctype of the ticket session key is included in the enctype + * list sent by the client, it SHOULD be the last on the list; + * otherwise, this enctype MUST NOT be negotiated if it was not included + * in the list. + * + * The second paragraph does appear to contradict the first with respect + * to whether it is legal to negotiate the ticket session key type if it + * is absent in the EtypeList. A literal reading suggests that we can use + * the AP-REQ subkey enctype. Also a client has no way of distinguishing + * a server that does not RFC 4537 from one that has chosen the same + * enctype as the ticket session key for the acceptor subkey, surely. + */ + + if ((*auth_context)->authentp->subkey != NULL) { + desired_etypes[desired_etypes_len++] = (*auth_context)->authentp->subkey->enctype; + } + desired_etypes[desired_etypes_len++] = req->ticket->enc_part2->session->enctype; + desired_etypes[desired_etypes_len++] = req->ticket->enc_part.enctype; + desired_etypes[desired_etypes_len] = ENCTYPE_NULL; + + if (((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_PERMIT_ALL) == 0) { + if ((*auth_context)->permitted_etypes != NULL) { + permitted_etypes = (*auth_context)->permitted_etypes; + } else { + retval = krb5_get_permitted_enctypes(context, &permitted_etypes); + if (retval != 0) goto cleanup; - } } + for (permitted_etypes_len = 0; + permitted_etypes[permitted_etypes_len] != ENCTYPE_NULL; + permitted_etypes_len++) + ; + } else { + permitted_etypes = NULL; + permitted_etypes_len = 0; } + /* check if the various etypes are permitted */ + retval = negotiate_etype(context, + desired_etypes, desired_etypes_len, + rfc4537_etypes_len, + permitted_etypes, permitted_etypes_len, + &(*auth_context)->negotiated_etype); + if (retval != 0) + goto cleanup; + + assert((*auth_context)->negotiated_etype != ENCTYPE_NULL); + (*auth_context)->remote_seq_number = (*auth_context)->authentp->seq_number; if ((*auth_context)->authentp->subkey) { if ((retval = krb5_copy_keyblock(context, @@ -408,11 +490,22 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, if (ticket) if ((retval = krb5_copy_ticket(context, req->ticket, ticket))) goto cleanup; - if (ap_req_options) - *ap_req_options = req->ap_options; + if (ap_req_options) { + *ap_req_options = req->ap_options & AP_OPTS_WIRE_MASK; + if (rfc4537_etypes_len != 0) + *ap_req_options |= AP_OPTS_ETYPE_NEGOTIATION; + if ((*auth_context)->negotiated_etype != (*auth_context)->keyblock->enctype) + *ap_req_options |= AP_OPTS_USE_SUBKEY; + } + retval = 0; cleanup: + if (desired_etypes != NULL) + krb5_xfree(desired_etypes); + if (permitted_etypes != NULL && + permitted_etypes != (*auth_context)->permitted_etypes) + krb5_xfree(permitted_etypes); if (server == &princ_data) krb5_free_default_realm(context, princ_data.realm.data); if (retval) { @@ -454,6 +547,7 @@ krb5_rd_req_decoded_anyflag(krb5_context context, return retval; } +#ifndef LEAN_CLIENT static krb5_error_code decrypt_authenticator(krb5_context context, const krb5_ap_req *request, krb5_authenticator **authpp, int is_ap_req) @@ -488,3 +582,131 @@ free(scratch.data);} clean_scratch(); return retval; } +#endif + +static krb5_error_code +negotiate_etype(krb5_context context, + const krb5_enctype *desired_etypes, + int desired_etypes_len, + int mandatory_etypes_index, + const krb5_enctype *permitted_etypes, + int permitted_etypes_len, + krb5_enctype *negotiated_etype) +{ + int i, j; + + *negotiated_etype = ENCTYPE_NULL; + + /* mandatory segment of desired_etypes must be permitted */ + for (i = mandatory_etypes_index; i < desired_etypes_len; i++) { + krb5_boolean permitted = FALSE; + + for (j = 0; j < permitted_etypes_len; j++) { + if (desired_etypes[i] == permitted_etypes[j]) { + permitted = TRUE; + break; + } + } + + if (permitted == FALSE) { + char enctype_name[30]; + + if (krb5_enctype_to_string(desired_etypes[i], + enctype_name, + sizeof(enctype_name)) == 0) + krb5_set_error_message(context, KRB5_NOPERM_ETYPE, + "Encryption type %s not permitted", + enctype_name); + return KRB5_NOPERM_ETYPE; + } + } + + /* + * permitted_etypes is ordered from most to least preferred; + * find first desired_etype that matches. + */ + for (j = 0; j < permitted_etypes_len; j++) { + for (i = 0; i < desired_etypes_len; i++) { + if (desired_etypes[i] == permitted_etypes[j]) { + *negotiated_etype = permitted_etypes[j]; + return 0; + } + } + } + + /*NOTREACHED*/ + return KRB5_NOPERM_ETYPE; +} + +static krb5_error_code +decode_etype_list(krb5_context context, + const krb5_authenticator *authp, + krb5_enctype **desired_etypes, + int *desired_etypes_len) +{ + krb5_error_code code; + krb5_authdata **ad_if_relevant = NULL; + krb5_authdata *etype_adata = NULL; + krb5_etype_list *etype_list = NULL; + int i, j; + krb5_data data; + + *desired_etypes = NULL; + + if (authp->authorization_data == NULL) + return 0; + + /* + * RFC 4537 says that ETYPE_NEGOTIATION auth data should be wrapped + * in AD_IF_RELEVANT, but we handle the case where it is mandatory. + */ + for (i = 0; authp->authorization_data[i] != NULL; i++) { + switch (authp->authorization_data[i]->ad_type) { + case KRB5_AUTHDATA_IF_RELEVANT: + code = krb5_decode_authdata_container(context, + KRB5_AUTHDATA_IF_RELEVANT, + authp->authorization_data[i], + &ad_if_relevant); + if (code != 0) + continue; + + for (j = 0; ad_if_relevant[j] != NULL; j++) { + if (ad_if_relevant[j]->ad_type == KRB5_AUTHDATA_ETYPE_NEGOTIATION) { + etype_adata = ad_if_relevant[j]; + break; + } + } + if (etype_adata == NULL) { + krb5_free_authdata(context, ad_if_relevant); + ad_if_relevant = NULL; + } + break; + case KRB5_AUTHDATA_ETYPE_NEGOTIATION: + etype_adata = authp->authorization_data[i]; + break; + default: + break; + } + if (etype_adata != NULL) + break; + } + + if (etype_adata == NULL) + return 0; + + data.data = (char *)etype_adata->contents; + data.length = etype_adata->length; + + code = decode_krb5_etype_list(&data, &etype_list); + if (code == 0) { + *desired_etypes = etype_list->etypes; + *desired_etypes_len = etype_list->length; + krb5_xfree(etype_list); + } + + if (ad_if_relevant != NULL) + krb5_free_authdata(context, ad_if_relevant); + + return code; +} + diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index 021fd803e8..98d73733c3 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -58,6 +58,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, krb5_octet zero_octet = 0; krb5_data *scratch; krb5_boolean valid; + struct krb5_safe_with_body swb; if (!krb5_is_krb_safe(inbuf)) return KRB5KRB_AP_ERR_MSG_TYPE; @@ -116,7 +117,9 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, message->checksum = &our_cksum; - retval = encode_krb5_safe_with_body(message, &safe_body, &scratch); + swb.body = &safe_body; + swb.safe = message; + retval = encode_krb5_safe_with_body(&swb, &scratch); message->checksum = his_cksum; if (retval) goto cleanup; diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c index aa881e16f0..138599804a 100644 --- a/src/lib/krb5/krb/send_tgs.c +++ b/src/lib/krb5/krb/send_tgs.c @@ -167,8 +167,7 @@ krb5_send_tgs(krb5_context context, krb5_flags kdcoptions, if (authorization_data) { /* need to encrypt it in the request */ - if ((retval = encode_krb5_authdata((const krb5_authdata**)authorization_data, - &scratch))) + if ((retval = encode_krb5_authdata(authorization_data, &scratch))) return(retval); if ((retval = krb5_encrypt_helper(context, &in_cred->keyblock, diff --git a/src/lib/krb5/krb/ser_actx.c b/src/lib/krb5/krb/ser_actx.c index 5e4be29c2d..347b300f55 100644 --- a/src/lib/krb5/krb/ser_actx.c +++ b/src/lib/krb5/krb/ser_actx.c @@ -550,8 +550,10 @@ krb5_ser_auth_context_init(krb5_context kcontext) kret = krb5_ser_authdata_init(kcontext); if (!kret) kret = krb5_ser_address_init(kcontext); +#ifndef LEAN_CLIENT if (!kret) kret = krb5_ser_authenticator_init(kcontext); +#endif if (!kret) kret = krb5_ser_checksum_init(kcontext); if (!kret) diff --git a/src/lib/krb5/krb/ser_auth.c b/src/lib/krb5/krb/ser_auth.c index d76ec500ab..6951f92fa4 100644 --- a/src/lib/krb5/krb/ser_auth.c +++ b/src/lib/krb5/krb/ser_auth.c @@ -28,6 +28,9 @@ /* * ser_auth.c - Serialize krb5_authenticator structure. */ + +#ifndef LEAN_CLIENT + #include "k5-int.h" #include "int-proto.h" @@ -335,7 +338,6 @@ krb5_authenticator_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_o } return(kret); } - /* * Register the authenticator serializer. */ @@ -344,3 +346,4 @@ krb5_ser_authenticator_init(krb5_context kcontext) { return(krb5_register_serializer(kcontext, &krb5_authenticator_ser_entry)); } +#endif diff --git a/src/lib/krb5/krb/serialize.c b/src/lib/krb5/krb/serialize.c index fc20fb1928..9152dba0a7 100644 --- a/src/lib/krb5/krb/serialize.c +++ b/src/lib/krb5/krb/serialize.c @@ -62,7 +62,8 @@ krb5_register_serializer(krb5_context kcontext, const krb5_ser_entry *entry) kret = 0; /* See if it's already there, if so, we're good to go. */ - if (!(stable = krb5_find_serializer(kcontext, entry->odtype))) { + if (!(stable = (krb5_ser_entry *)krb5_find_serializer(kcontext, + entry->odtype))) { /* * Can't find our type. Create a new entry. */ diff --git a/src/lib/krb5/krb/set_realm.c b/src/lib/krb5/krb/set_realm.c index 16112a8dae..edb72ae7fb 100644 --- a/src/lib/krb5/krb/set_realm.c +++ b/src/lib/krb5/krb/set_realm.c @@ -36,10 +36,9 @@ krb5_set_principal_realm(krb5_context context, krb5_principal principal, const c return -EINVAL; length = strlen(realm); - newrealm = malloc(length+1); /* Include room for the null */ + newrealm = strdup(realm); if (!newrealm) return -ENOMEM; - strcpy(newrealm, realm); (void) krb5_xfree(krb5_princ_realm(context,principal)->data); diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c index f3ea3ee5ab..a426881d41 100644 --- a/src/lib/krb5/krb/srv_rcache.c +++ b/src/lib/krb5/krb/srv_rcache.c @@ -39,13 +39,10 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, { krb5_rcache rcache = 0; char *cachename = 0, *cachetype; - char tmp[4]; krb5_error_code retval; - unsigned int p, i; - unsigned int len; - + unsigned int i; + struct k5buf buf; #ifdef HAVE_GETEUID - unsigned long tens; unsigned long uid = geteuid(); #endif @@ -54,55 +51,24 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, cachetype = krb5_rc_default_type(context); - len = piece->length + 3 + 1; + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add(&buf, cachetype); + krb5int_buf_add(&buf, ":"); for (i = 0; i < piece->length; i++) { if (piece->data[i] == '-') - len++; + krb5int_buf_add(&buf, "--"); else if (!isvalidrcname((int) piece->data[i])) - len += 3; + krb5int_buf_add_fmt(&buf, "-%03o", piece->data[i]); + else + krb5int_buf_add_len(&buf, &piece->data[i], 1); } - #ifdef HAVE_GETEUID - len += 2; /* _ */ - for (tens = 1; (uid / tens) > 9 ; tens *= 10) - len++; + krb5int_buf_add_fmt(&buf, "_%lu", uid); #endif - - cachename = malloc(strlen(cachetype) + 5 + len); - if (!cachename) { - retval = ENOMEM; - goto cleanup; - } - strcpy(cachename, cachetype); - p = strlen(cachename); - cachename[p++] = ':'; - for (i = 0; i < piece->length; i++) { - if (piece->data[i] == '-') { - cachename[p++] = '-'; - cachename[p++] = '-'; - continue; - } - if (!isvalidrcname((int) piece->data[i])) { - snprintf(tmp, sizeof(tmp), "%03o", piece->data[i]); - cachename[p++] = '-'; - cachename[p++] = tmp[0]; - cachename[p++] = tmp[1]; - cachename[p++] = tmp[2]; - continue; - } - cachename[p++] = piece->data[i]; - } - -#ifdef HAVE_GETEUID - cachename[p++] = '_'; - while (tens) { - cachename[p++] = '0' + ((uid / tens) % 10); - tens /= 10; - } -#endif - - cachename[p++] = '\0'; + cachename = krb5int_buf_data(&buf); + if (cachename == NULL) + return ENOMEM; retval = krb5_rc_resolve_full(context, &rcache, cachename); if (retval) { diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c index 986274d40b..2413cebcdf 100644 --- a/src/lib/krb5/krb/str_conv.c +++ b/src/lib/krb5/krb/str_conv.c @@ -118,11 +118,9 @@ krb5_salttype_to_string(krb5_int32 salttype, char *buffer, size_t buflen) } } if (out) { - if (buflen > strlen(out)) - strcpy(buffer, out); - else - out = (char *) NULL; - return((out) ? 0 : ENOMEM); + if (strlcpy(buffer, out, buflen) >= buflen) + return(ENOMEM); + return(0); } else return(EINVAL); diff --git a/src/lib/krb5/krb/t_kerb.c b/src/lib/krb5/krb/t_kerb.c index 9e3116170c..8627922b2d 100644 --- a/src/lib/krb5/krb/t_kerb.c +++ b/src/lib/krb5/krb/t_kerb.c @@ -5,9 +5,6 @@ #include "krb5.h" #include "autoconf.h" -#ifdef KRB5_KRB4_COMPAT -#include "kerberosIV/krb.h" -#endif #include #include #include @@ -68,11 +65,9 @@ void test_524_conv_principal(krb5_context ctx, char *name) { krb5_principal princ = 0; krb5_error_code retval; -#ifndef KRB5_KRB4_COMPAT #define ANAME_SZ 40 #define INST_SZ 40 #define REALM_SZ 40 -#endif char aname[ANAME_SZ+1], inst[INST_SZ+1], realm[REALM_SZ+1]; aname[ANAME_SZ] = inst[INST_SZ] = realm[REALM_SZ] = 0; diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index 47971d350f..7c39453235 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -418,7 +418,7 @@ ser_keytab_test(krb5_context kcontext, int verbose) !(kret = ser_data(verbose, "> Resolved default keytab", (krb5_pointer) keytab, KV5M_KEYTAB)) && !(kret = krb5_kt_close(kcontext, keytab))) { - sprintf(ccname, "FILE:temp_kt_%d", (int) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:temp_kt_%d", (int) getpid()); if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && !(kret = ser_data(verbose, "> Resolved FILE keytab", (krb5_pointer) keytab, KV5M_KEYTAB)) && diff --git a/src/lib/krb5/krb/unparse.c b/src/lib/krb5/krb/unparse.c index e24dccf097..ec0976fb22 100644 --- a/src/lib/krb5/krb/unparse.c +++ b/src/lib/krb5/krb/unparse.c @@ -1,7 +1,7 @@ /* * lib/krb5/krb/unparse.c * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -58,33 +58,52 @@ #define COMPONENT_SEP '/' static int -component_length_quoted(const krb5_data *src) +component_length_quoted(const krb5_data *src, int flags) { const char *cp = src->data; int length = src->length; int j; int size = length; - for (j = 0; j < length; j++,cp++) - if (*cp == REALM_SEP || *cp == COMPONENT_SEP || - *cp == '\0' || *cp == '\\' || *cp == '\t' || - *cp == '\n' || *cp == '\b') - size++; + if ((flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) == 0) { + int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && + !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); + + for (j = 0; j < length; j++,cp++) + if ((!no_realm && *cp == REALM_SEP) || + *cp == COMPONENT_SEP || + *cp == '\0' || *cp == '\\' || *cp == '\t' || + *cp == '\n' || *cp == '\b') + size++; + } + return size; } static int -copy_component_quoting(char *dest, const krb5_data *src) +copy_component_quoting(char *dest, const krb5_data *src, int flags) { int j; const char *cp = src->data; char *q = dest; int length = src->length; + if (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) { + memcpy(dest, src->data, src->length); + return src->length; + } + for (j=0; j < length; j++,cp++) { + int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) && + !(flags & KRB5_PRINCIPAL_UNPARSE_SHORT); + switch (*cp) { - case COMPONENT_SEP: case REALM_SEP: + if (no_realm) { + *q++ = *cp; + break; + } + case COMPONENT_SEP: case '\\': *q++ = '\\'; *q++ = *cp; @@ -101,6 +120,13 @@ copy_component_quoting(char *dest, const krb5_data *src) *q++ = '\\'; *q++ = 'b'; break; +#if 0 + /* Heimdal escapes spaces in principal names upon unparsing */ + case ' ': + *q++ = '\\'; + *q++ = ' '; + break; +#endif case '\0': *q++ = '\\'; *q++ = '0'; @@ -112,27 +138,47 @@ copy_component_quoting(char *dest, const krb5_data *src) return q - dest; } -krb5_error_code KRB5_CALLCONV -krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, - char **name, unsigned int *size) +static krb5_error_code +k5_unparse_name(krb5_context context, krb5_const_principal principal, + int flags, char **name, unsigned int *size) { char *cp, *q; int i; int length; krb5_int32 nelem; unsigned int totalsize = 0; + char *default_realm = NULL; + krb5_error_code ret = 0; if (!principal || !name) return KRB5_PARSE_MALFORMED; - totalsize += component_length_quoted(krb5_princ_realm(context, - principal)); - totalsize++; /* This is for the separator */ + if (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) { + /* omit realm if local realm */ + krb5_principal_data p; + + ret = krb5_get_default_realm(context, &default_realm); + if (ret != 0) + goto cleanup; + + krb5_princ_realm(context, &p)->length = strlen(default_realm); + krb5_princ_realm(context, &p)->data = default_realm; + + if (krb5_realm_compare(context, &p, principal)) + flags |= KRB5_PRINCIPAL_UNPARSE_NO_REALM; + } + + if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { + totalsize += component_length_quoted(krb5_princ_realm(context, + principal), + flags); + totalsize++; /* This is for the separator */ + } nelem = krb5_princ_size(context, principal); for (i = 0; i < (int) nelem; i++) { cp = krb5_princ_component(context, principal, i)->data; - totalsize += component_length_quoted(krb5_princ_component(context, principal, i)); + totalsize += component_length_quoted(krb5_princ_component(context, principal, i), flags); totalsize++; /* This is for the separator */ } if (nelem == 0) @@ -143,7 +189,7 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, * provided, use it, realloc'ing it if necessary. * * We need only n-1 seperators for n components, but we need - * an extra byte for the NULL at the end. + * an extra byte for the NUL at the end. */ if (size) { if (*name && (*size < totalsize)) { @@ -156,8 +202,10 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, *name = malloc(totalsize); } - if (!*name) - return ENOMEM; + if (!*name) { + ret = ENOMEM; + goto cleanup; + } q = *name; @@ -167,24 +215,55 @@ krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, q += copy_component_quoting(q, krb5_princ_component(context, principal, - i)); + i), + flags); *q++ = COMPONENT_SEP; } if (i > 0) q--; /* Back up last component separator */ - *q++ = REALM_SEP; - q += copy_component_quoting(q, krb5_princ_realm(context, principal)); + if ((flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) == 0) { + *q++ = REALM_SEP; + q += copy_component_quoting(q, krb5_princ_realm(context, principal), flags); + } *q++ = '\0'; - - return 0; + +cleanup: + if (default_realm != NULL) + krb5_free_default_realm(context, default_realm); + + return ret; } krb5_error_code KRB5_CALLCONV krb5_unparse_name(krb5_context context, krb5_const_principal principal, register char **name) { - if (name) /* name == NULL will return error from _ext */ - *name = NULL; - return(krb5_unparse_name_ext(context, principal, name, NULL)); + if (name != NULL) /* name == NULL will return error from _ext */ + *name = NULL; + + return k5_unparse_name(context, principal, 0, name, NULL); +} + +krb5_error_code KRB5_CALLCONV +krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, + char **name, unsigned int *size) +{ + return k5_unparse_name(context, principal, 0, name, size); +} + +krb5_error_code KRB5_CALLCONV +krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, + int flags, char **name) +{ + if (name != NULL) + *name = NULL; + return k5_unparse_name(context, principal, flags, name, NULL); +} + +krb5_error_code KRB5_CALLCONV +krb5_unparse_name_flags_ext(krb5_context context, krb5_const_principal principal, + int flags, char **name, unsigned int *size) +{ + return k5_unparse_name(context, principal, flags, name, size); } diff --git a/src/lib/krb5/krb/v4lifetime.c b/src/lib/krb5/krb/v4lifetime.c deleted file mode 100644 index 94bf5f6aba..0000000000 --- a/src/lib/krb5/krb/v4lifetime.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright 2000, 2001, 2003 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -#include "k5-int.h" - -/* - * Only lifetime bytes values less than 128 are on a linear scale. - * The following table contains an exponential scale that covers the - * lifetime values 128 to 191 inclusive (a total of 64 values). - * Values greater than 191 get interpreted the same as 191, but they - * will never be generated by the functions in this file. - * - * The ratio is approximately 1.069144898 (actually exactly - * exp(log(67.5)/63), where 67.5 = 2592000/38400, and 259200 = 30 - * days, and 38400 = 128*5 minutes. This allows a lifetime byte of - * 191 to correspond to a ticket life of exactly 30 days and a - * lifetime byte of 128 to correspond to exactly 128*5 minutes, with - * the other values spread on an exponential curve fit in between - * them. This table should correspond exactly to the set of extended - * ticket lifetime values used by AFS and CMU. - * - * The following awk script is sufficient to reproduce the table: - * BEGIN { - * r = exp(log(2592000/38400)/63); - * x = 38400; - * for (i=0;i<64;i++) { - * printf("%d\n",x+0.5); - * x *= r; - * } - * } - */ -#ifndef SHORT_LIFETIME -#define NLIFETIMES 64 -static const krb5_int32 lifetimes[NLIFETIMES] = { - 38400, 41055, /* 00:10:40:00, 00:11:24:15 */ - 43894, 46929, /* 00:12:11:34, 00:13:02:09 */ - 50174, 53643, /* 00:13:56:14, 00:14:54:03 */ - 57352, 61318, /* 00:15:55:52, 00:17:01:58 */ - 65558, 70091, /* 00:18:12:38, 00:19:28:11 */ - 74937, 80119, /* 00:20:48:57, 00:22:15:19 */ - 85658, 91581, /* 00:23:47:38, 01:01:26:21 */ - 97914, 104684, /* 01:03:11:54, 01:05:04:44 */ - 111922, 119661, /* 01:07:05:22, 01:09:14:21 */ - 127935, 136781, /* 01:11:32:15, 01:13:59:41 */ - 146239, 156350, /* 01:16:37:19, 01:19:25:50 */ - 167161, 178720, /* 01:22:26:01, 02:01:38:40 */ - 191077, 204289, /* 02:05:04:37, 02:08:44:49 */ - 218415, 233517, /* 02:12:40:15, 02:16:51:57 */ - 249664, 266926, /* 02:21:21:04, 03:02:08:46 */ - 285383, 305116, /* 03:07:16:23, 03:12:45:16 */ - 326213, 348769, /* 03:18:36:53, 04:00:52:49 */ - 372885, 398668, /* 04:07:34:45, 04:14:44:28 */ - 426234, 455705, /* 04:22:23:54, 05:06:35:05 */ - 487215, 520904, /* 05:15:20:15, 06:00:41:44 */ - 556921, 595430, /* 06:10:42:01, 06:21:23:50 */ - 636601, 680618, /* 07:08:50:01, 07:21:03:38 */ - 727680, 777995, /* 08:10:08:00, 09:00:06:35 */ - 831789, 889303, /* 09:15:03:09, 10:07:01:43 */ - 950794, 1016537, /* 11:00:06:34, 11:18:22:17 */ - 1086825, 1161973, /* 12:13:53:45, 13:10:46:13 */ - 1242318, 1328218, /* 14:09:05:18, 15:08:56:58 */ - 1420057, 1518247, /* 16:10:27:37, 17:13:44:07 */ - 1623226, 1735464, /* 18:18:53:46, 20:02:04:24 */ - 1855462, 1983758, /* 21:11:24:22, 22:23:02:38 */ - 2120925, 2267576, /* 24:13:08:45, 26:05:52:56 */ - 2424367, 2592000 /* 28:01:26:07, 30:00:00:00 */ -}; -#define MINFIXED 0x80 -#define MAXFIXED (MINFIXED + NLIFETIMES - 1) -#endif /* !SHORT_LIFETIME */ - -/* - * krb_life_to_time - * - * Given a start date and a lifetime byte, compute the expiration - * date. - */ -krb5_int32 -krb5int_krb_life_to_time(krb5_int32 start, int life) -{ - if (life < 0 || life > 255) /* possibly sign botch in caller */ - return start; -#ifndef SHORT_LIFETIME - if (life < MINFIXED) - return start + life * 5 * 60; - if (life > MAXFIXED) - return start + lifetimes[NLIFETIMES - 1]; - return start + lifetimes[life - MINFIXED]; -#else /* SHORT_LIFETIME */ - return start + life * 5 * 60; -#endif /* SHORT_LIFETIME */ -} - -/* - * krb_time_to_life - * - * Given the start date and the end date, compute the lifetime byte. - * Round up, since we can adjust the start date backwards if we are - * issuing the ticket to cause it to expire at the correct time. - */ -int -krb5int_krb_time_to_life(krb5_int32 start, krb5_int32 end) -{ - krb5_int32 dt; -#ifndef SHORT_LIFETIME - int i; -#endif - - dt = end - start; - if (dt <= 0) - return 0; -#ifndef SHORT_LIFETIME - if (dt < lifetimes[0]) - return (dt + 5 * 60 - 1) / (5 * 60); - /* This depends on the array being ordered. */ - for (i = 0; i < NLIFETIMES; i++) { - if (lifetimes[i] >= dt) - return i + MINFIXED; - } - return MAXFIXED; -#else /* SHORT_LIFETIME */ - if (dt > 5 * 60 * 255) - return 255; - else - return (dt + 5 * 60 - 1) / (5 * 60); -#endif /* SHORT_LIFETIME */ -} diff --git a/src/lib/krb5/krb/valid_times.c b/src/lib/krb5/krb/valid_times.c index 9c53d7d919..febbc369ff 100644 --- a/src/lib/krb5/krb/valid_times.c +++ b/src/lib/krb5/krb/valid_times.c @@ -29,8 +29,6 @@ #include "k5-int.h" -#define in_clock_skew(date) (labs((date)-currenttime) < context->clockskew) - /* * This is an internal routine which validates the krb5_timestamps * field in a krb5_ticket. diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c index 37adb9b935..f133e2f67d 100644 --- a/src/lib/krb5/krb/vfy_increds.c +++ b/src/lib/krb5/krb/vfy_increds.c @@ -76,7 +76,9 @@ krb5_verify_init_creds(krb5_context context, ap_req.data = NULL; if (server_arg) { - server = server_arg; + ret = krb5_copy_principal(context, server_arg, &server); + if (ret) + goto cleanup; } else { if ((ret = krb5_sname_to_principal(context, NULL, NULL, KRB5_NT_SRV_HST, &server))) @@ -94,6 +96,12 @@ krb5_verify_init_creds(krb5_context context, if ((ret = krb5_kt_default(context, &keytab))) goto cleanup; } + if (krb5_is_referral_realm(&server->realm)) { + krb5_free_data_contents(context, &server->realm); + ret = krb5_get_default_realm(context, &server->realm.data); + if (ret) goto cleanup; + server->realm.length = strlen(server->realm.data); + } if ((ret = krb5_kt_get_entry(context, keytab, server, 0, 0, &kte))) { /* this means there is no keying material. This is ok, as long as @@ -207,7 +215,7 @@ krb5_verify_init_creds(krb5_context context, accordingly. either that, or it's zero, which is fine, too */ cleanup: - if (!server_arg && server) + if ( server) krb5_free_principal(context, server); if (!keytab_arg && keytab) krb5_kt_close(context, keytab); diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c index b1b2627c8d..4cebce5267 100644 --- a/src/lib/krb5/krb/walk_rtree.c +++ b/src/lib/krb5/krb/walk_rtree.c @@ -1,14 +1,14 @@ /* * lib/krb5/krb/walk_rtree.c * - * Copyright 1990,1991,2008 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2008,2009 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,11 +22,104 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * * * krb5_walk_realm_tree() + * + * internal function, used by krb5_get_cred_from_kdc() */ +#include "k5-int.h" +#include "int-proto.h" + +/* + * Structure to help with finding the common suffix between client and + * server realm during hierarchical traversal. + */ +struct hstate { + char *str; + size_t len; + char *tail; + char *dot; +}; + +static krb5_error_code +rtree_capath_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + char **vals, + krb5_principal **tree); + +static krb5_error_code +rtree_capath_vals( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + char ***vals); + +static krb5_error_code +rtree_hier_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_principal **rettree, + int sep); + +static krb5_error_code +rtree_hier_realms( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_data **realms, + size_t *nrealms, + int sep); + +static krb5_error_code +rtree_hier_tweens( + krb5_context context, + struct hstate *realm, + krb5_data **tweens, + size_t *ntweens, + int dotail, + int sep); + +static void +adjtail(struct hstate *c, struct hstate *s, int sep); + +static void +comtail(struct hstate *c, struct hstate *s, int sep); + +krb5_error_code +krb5_walk_realm_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_principal **tree, + int realm_sep) +{ + krb5_error_code retval = 0; + char **capvals; + + if (client->data == NULL || server->data == NULL) + return KRB5_NO_TKT_IN_RLM; + + if (client->length == server->length && + memcmp(client->data, server->data, server->length) == 0) { + return KRB5_NO_TKT_IN_RLM; + } + retval = rtree_capath_vals(context, client, server, &capvals); + if (retval) + return retval; + + if (capvals != NULL) { + retval = rtree_capath_tree(context, client, server, capvals, tree); + return retval; + } + + retval = rtree_hier_tree(context, client, server, tree, realm_sep); + return retval; +} + /* ANL - Modified to allow Configurable Authentication Paths. * This modification removes the restriction on the choice of realm * names, i.e. they nolonger have to be hierarchical. This @@ -52,8 +145,8 @@ * NERSC.GOV = ES.NET * PNL.GOV = ES.NET * ES.NET = . - * HAL.COM = K5.MOON - * HAL.COM = K5.JUPITER + * HAL.COM = K5.MOON + * HAL.COM = K5.JUPITER * } * NERSC.GOV = { * ANL.GOV = ES.NET @@ -62,7 +155,7 @@ * ANL.GOV = ES.NET * } * ES.NET = { - * ANL.GOV = . + * ANL.GOV = . * } * HAL.COM = { * ANL.GOV = K5.JUPITER @@ -82,326 +175,384 @@ * will work together. * DEE - 5/23/95 */ -#include "k5-int.h" -#include "int-proto.h" -/* internal function, used by krb5_get_cred_from_kdc() */ +/* + * Build a tree given a set of profile values retrieved by + * walk_rtree_capath_vals(). + */ +static krb5_error_code +rtree_capath_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + char **vals, + krb5_principal **rettree) +{ + krb5_error_code retval = 0; + unsigned int nvals, nlinks, nprincs, i; + krb5_data srcrealm, dstrealm; + krb5_principal *tree, *pprinc; -#ifndef min -#define min(x,y) ((x) < (y) ? (x) : (y)) -#define max(x,y) ((x) > (y) ? (x) : (y)) -#endif + *rettree = NULL; + tree = pprinc = NULL; + for (nvals = 0; vals[nvals] != NULL; nvals++) + ; + if (vals[0] != NULL && *vals[0] == '.') { + nlinks = 0; + } else { + nlinks = nvals; + } + nprincs = nlinks + 2; + tree = calloc(nprincs + 1, sizeof(krb5_principal)); + if (tree == NULL) { + retval = ENOMEM; + goto error; + } + for (i = 0; i < nprincs + 1; i++) + tree[i] = NULL; + /* Invariant: PPRINC points one past end of list. */ + pprinc = &tree[0]; + /* Local TGS name */ + retval = krb5_tgtname(context, client, client, pprinc++); + if (retval) goto error; + srcrealm = *client; + for (i = 0; i < nlinks; i++) { + dstrealm.data = vals[i]; + dstrealm.length = strcspn(vals[i], "\t "); + retval = krb5_tgtname(context, &dstrealm, &srcrealm, pprinc++); + if (retval) goto error; + srcrealm = dstrealm; + } + retval = krb5_tgtname(context, server, &srcrealm, pprinc++); + if (retval) goto error; + *rettree = tree; + +error: + profile_free_list(vals); + if (retval) { + while (pprinc != NULL && pprinc > &tree[0]) { + /* krb5_free_principal() correctly handles null input */ + krb5_free_principal(context, *--pprinc); + *pprinc = NULL; + } + free(tree); + } + return retval; +} /* - * xxx The following function is very confusing to read and probably - * is buggy. It should be documented better. Here is what I've - * learned about it doing a quick bug fixing walk through. The - * function takes a client and server realm name and returns the set - * of realms (in a field called tree) that you need to get tickets in - * in order to get from the source realm to the destination realm. It - * takes a realm separater character (normally ., but presumably there - * for all those X.500 realms) . There are two modes it runs in: the - * ANL krb5.conf mode and the hierarchy mode. The ANL mode is - * fairly obvious. The hierarchy mode looks for common components in - * both the client and server realms. In general, the pointer scp and - * ccp are used to walk through the client and server realms. The - * com_sdot and com_cdot pointers point to (I think) the beginning of - * the common part of the realm names. I.E. strcmp(com_cdot, - * com_sdot) ==0 is roughly an invarient. However, there are cases - * where com_sdot and com_cdot are set to point before the start of - * the client or server strings. I think this only happens when there - * are no common components. --hartmans 2002/03/14 + * Get realm list from "capaths" section of the profile. Deliberately + * returns success but leaves VALS null if profile_get_values() fails + * by not finding anything. */ +static krb5_error_code +rtree_capath_vals( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + char ***vals) +{ + krb5_error_code retval = 0; + /* null-terminated realm names */ + char *clientz = NULL, *serverz = NULL; + const char *key[4]; -krb5_error_code -krb5_walk_realm_tree(krb5_context context, const krb5_data *client, const krb5_data *server, krb5_principal **tree, int realm_branch_char) + *vals = NULL; + + clientz = calloc(client->length + 1, 1); + if (clientz == NULL) { + retval = ENOMEM; + goto error; + } + memcpy(clientz, client->data, client->length); + + serverz = calloc(server->length + 1, 1); + if (clientz == NULL) { + retval = ENOMEM; + goto error; + } + memcpy(serverz, server->data, server->length); + + key[0] = "capaths"; + key[1] = clientz; + key[2] = serverz; + key[3] = NULL; + retval = profile_get_values(context->profile, key, vals); + switch (retval) { + case PROF_NO_SECTION: + case PROF_NO_RELATION: + /* + * Not found; don't return an error. + */ + retval = 0; + break; + default: + break; + } +error: + free(clientz); + free(serverz); + return retval; +} + +/* + * Build tree by hierarchical traversal. + */ +static krb5_error_code +rtree_hier_tree( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_principal **rettree, + int sep) { krb5_error_code retval; - krb5_principal *rettree; - register char *ccp, *scp; - register char *prevccp = 0, *prevscp = 0; - char *com_sdot = 0, *com_cdot = 0; - register int i, links = 0; - int clen, slen = -1; - krb5_data tmpcrealm, tmpsrealm; - int nocommon = 1; - - const char *cap_names[4]; - char *cap_client, *cap_server; - char **cap_nodes; - krb5_error_code cap_code; - -#ifdef DEBUG_REFERRALS - printf("krb5_walk_realm_tree starting\n"); - printf(" client is %s\n",client->data); - printf(" server is %s\n",server->data); -#endif - - if (!(client->data &&server->data)) - return KRB5_NO_TKT_IN_RLM; - if ((cap_client = (char *)malloc(client->length + 1)) == NULL) - return ENOMEM; - strncpy(cap_client, client->data, client->length); - cap_client[client->length] = '\0'; - if ((cap_server = (char *)malloc(server->length + 1)) == NULL) { - krb5_xfree(cap_client); - return ENOMEM; + krb5_data *realms; + const krb5_data *dstrealm, *srcrealm; + krb5_principal *tree, *pprinc; + size_t nrealms, nprincs, i; + + *rettree = NULL; + retval = rtree_hier_realms(context, client, server, + &realms, &nrealms, sep); + if (retval) + return retval; + nprincs = nrealms; + pprinc = tree = calloc(nprincs + 1, sizeof(krb5_principal)); + if (tree == NULL) { + retval = ENOMEM; + goto error; } - strncpy(cap_server, server->data, server->length); - cap_server[server->length] = '\0'; - cap_names[0] = "capaths"; - cap_names[1] = cap_client; - cap_names[2] = cap_server; - cap_names[3] = 0; - cap_code = profile_get_values(context->profile, cap_names, &cap_nodes); - krb5_xfree(cap_client); /* done with client string */ - cap_names[1] = 0; - if (cap_code == 0) { /* found a path, so lets use it */ - links = 0; - if (*cap_nodes[0] != '.') { /* a link of . means direct */ - while(cap_nodes[links]) { - links++; - } - } - if (cap_nodes[links] != NULL) - krb5_xfree(cap_nodes[links]); - - cap_nodes[links] = cap_server; /* put server on end of list */ - /* this simplifies the code later and make */ - /* cleanup eaiser as well */ - links++; /* count the null entry at end */ - } else { /* no path use hierarchical method */ - krb5_xfree(cap_server); /* failed, don't need server string */ - cap_names[2] = 0; - - clen = client->length; - slen = server->length; - - for (com_cdot = ccp = client->data + clen - 1, - com_sdot = scp = server->data + slen - 1; - clen && slen && *ccp == *scp ; - ccp--, scp--, clen--, slen--) { - if (*ccp == realm_branch_char) { - com_cdot = ccp; - com_sdot = scp; - nocommon = 0; - } - } + for (i = 0; i < nrealms; i++) + tree[i] = NULL; + srcrealm = client; + for (i = 0; i < nrealms; i++) { + dstrealm = &realms[i]; + retval = krb5_tgtname(context, dstrealm, srcrealm, pprinc++); + if (retval) goto error; + srcrealm = dstrealm; + } + *rettree = tree; + return 0; +error: + while (pprinc != NULL && pprinc > tree) { + krb5_free_principal(context, *--pprinc); + *pprinc = NULL; + } + free(tree); + return retval; +} - /* ccp, scp point to common root. - com_cdot, com_sdot point to common components. */ - /* handle case of one ran out */ - if (!clen) { - /* construct path from client to server, down the tree */ - if (!slen) - /* in the same realm--this means there is no ticket - in this realm. */ - return KRB5_NO_TKT_IN_RLM; - if (*scp == realm_branch_char) { - /* one is a subdomain of the other */ - com_cdot = client->data; - com_sdot = scp; - nocommon = 0; - } /* else normal case of two sharing parents */ - } - if (!slen) { - /* construct path from client to server, up the tree */ - if (*ccp == realm_branch_char) { - /* one is a subdomain of the other */ - com_sdot = server->data; - com_cdot = ccp; - nocommon = 0; - } /* else normal case of two sharing parents */ - } - /* determine #links to/from common ancestor */ - if (nocommon) - links = 1; - else - links = 2; - /* if no common ancestor, artificially set up common root at the last - component, then join with special code */ - for (ccp = client->data; ccp < com_cdot; ccp++) { - if (*ccp == realm_branch_char) { - links++; - if (nocommon) - prevccp = ccp; - } - } +/* + * Construct list of realms between client and server. + */ +static krb5_error_code +rtree_hier_realms( + krb5_context context, + const krb5_data *client, + const krb5_data *server, + krb5_data **realms, + size_t *nrealms, + int sep) +{ + krb5_error_code retval; + struct hstate c, s; + krb5_data *ctweens, *stweens, *twp, *r, *rp; + size_t nctween, nstween; - for (scp = server->data; scp < com_sdot; scp++) { - if (*scp == realm_branch_char) { - links++; - if (nocommon) - prevscp = scp; - } - } - if (nocommon) { - if (prevccp) - com_cdot = prevccp; - if (prevscp) - com_sdot = prevscp; - - if(com_cdot == client->data + client->length -1) - com_cdot = client->data - 1 ; - if(com_sdot == server->data + server->length -1) - com_sdot = server->data - 1 ; - } - } /* end of if use hierarchical method */ + r = rp = NULL; + c.str = client->data; + c.len = client->length; + c.dot = c.tail = NULL; + s.str = server->data; + s.len = server->length; + s.dot = s.tail = NULL; + + comtail(&c, &s, sep); + adjtail(&c, &s, sep); + + retval = rtree_hier_tweens(context, &c, &ctweens, &nctween, 1, sep); + if (retval) goto error; + retval = rtree_hier_tweens(context, &s, &stweens, &nstween, 0, sep); + if (retval) goto error; - if (!(rettree = (krb5_principal *)calloc(links+2, - sizeof(krb5_principal)))) { - return ENOMEM; + *nrealms = nctween + nstween; + rp = r = calloc(*nrealms, sizeof(krb5_data)); + if (r == NULL) { + retval = ENOMEM; + goto error; } - i = 1; - if ((retval = krb5_tgtname(context, client, client, &rettree[0]))) { - krb5_xfree(rettree); - return retval; + /* Copy client realm "tweens" forward. */ + for (twp = ctweens; twp < &ctweens[nctween]; twp++) { + retval = krb5int_copy_data_contents(context, twp, rp++); + if (retval) goto error; } - links--; /* dont count the null entry on end */ - if (cap_code == 0) { /* found a path above */ - tmpcrealm.data = client->data; - tmpcrealm.length = client->length; - while( i-1 <= links) { - - tmpsrealm.data = cap_nodes[i-1]; - /* don't count trailing whitespace from profile_get */ - tmpsrealm.length = strcspn(cap_nodes[i-1],"\t "); - if ((retval = krb5_tgtname(context, - &tmpsrealm, - &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - /* cleanup the cap_nodes from profile_get */ - for (i = 0; i<=links; i++) { - krb5_xfree(cap_nodes[i]); - } - krb5_xfree((char *)cap_nodes); - return retval; - } - tmpcrealm.data = tmpsrealm.data; - tmpcrealm.length = tmpsrealm.length; - i++; - } - /* cleanup the cap_nodes from profile_get last one has server */ - for (i = 0; i<=links; i++) { - krb5_xfree(cap_nodes[i]); - } - krb5_xfree((char *)cap_nodes); - } else { /* if not cap then use hierarchical method */ - for (prevccp = ccp = client->data; - ccp <= com_cdot; - ccp++) { - if (*ccp != realm_branch_char) - continue; - ++ccp; /* advance past dot */ - tmpcrealm.data = prevccp; - tmpcrealm.length = client->length - - (prevccp - client->data); - tmpsrealm.data = ccp; - tmpsrealm.length = client->length - - (ccp - client->data); - if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - return retval; - } - prevccp = ccp; - i++; - } - if (nocommon) { - tmpcrealm.data = com_cdot + 1; - tmpcrealm.length = client->length - - (com_cdot + 1 - client->data); - tmpsrealm.data = com_sdot + 1; - tmpsrealm.length = server->length - - (com_sdot + 1 - server->data); - if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - return retval; - } - i++; + /* Copy server realm "tweens" backward. */ + for (twp = &stweens[nstween]; twp-- > stweens;) { + krb5int_copy_data_contents(context, twp, rp++); + if (retval) goto error; + } +error: + if (retval) { + *nrealms = 0; + while (rp > r) { + krb5_free_data_contents(context, --rp); } + free(r); + r = NULL; + } + free(ctweens); + free(stweens); + *realms = r; + return retval; +} - for (prevscp = com_sdot + 1, scp = com_sdot - 1; - scp > server->data; - scp--) { - if (*scp != realm_branch_char) - continue; - if (scp - 1 < server->data) - break; /* XXX only if . starts realm? */ - tmpcrealm.data = prevscp; - tmpcrealm.length = server->length - - (prevscp - server->data); - tmpsrealm.data = scp + 1; - tmpsrealm.length = server->length - - (scp + 1 - server->data); - if ((retval = krb5_tgtname(context, &tmpsrealm, &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - return retval; - } - prevscp = scp + 1; - i++; - } - if (slen && com_sdot >= server->data) { - /* only necessary if building down tree from ancestor or client */ - /* however, we can get here if we have only one component - in the server realm name, hence we make sure we found a component - separator there... */ - tmpcrealm.data = prevscp; - tmpcrealm.length = server->length - - (prevscp - server->data); - if ((retval = krb5_tgtname(context, server, &tmpcrealm, - &rettree[i]))) { - while (i) { - krb5_free_principal(context, rettree[i-1]); - i--; - } - krb5_xfree(rettree); - return retval; - } +/* + * Build a list of realms between a given realm and the common + * suffix. The original realm is included, but the "tail" is only + * included if DOTAIL is true. + * + * Warning: This function intentionally aliases memory. Caller must + * make copies as needed and not call krb5_free_data_contents, etc. + */ +static krb5_error_code +rtree_hier_tweens( + krb5_context context, + struct hstate *realm, + krb5_data **tweens, + size_t *ntweens, + int dotail, + int sep) +{ + char *p, *r, *rtail, *lp; + size_t rlen, n; + krb5_data *tws, *ntws; + + r = realm->str; + rlen = realm->len; + rtail = realm->tail; + *tweens = ntws = tws = NULL; + *ntweens = n = 0; + + for (lp = p = r; p < &r[rlen]; p++) { + if (*p != sep && &p[1] != &r[rlen]) + continue; + if (lp == rtail && !dotail) + break; + ntws = realloc(tws, (n + 1) * sizeof(krb5_data)); + if (ntws == NULL) { + free(tws); + return ENOMEM; } + tws = ntws; + tws[n].data = lp; + tws[n].length = &r[rlen] - lp; + n++; + if (lp == rtail) + break; + lp = &p[1]; } - *tree = rettree; - -#ifdef DEBUG_REFERRALS - printf("krb5_walk_realm_tree ending; tree (length %d) is:\n",links); - for(i=0;ilength;n++) - printf("%s<%.*s>",(n>0)?"/":"",p->data[n].length,p->data[n].data); - printf("@<%.*s> (length %d, type %d)\n",p->realm.length,p->realm.data, - p->length, p->type); + int cfull, sfull; + char *cp, *sp; + + cp = c->tail; + sp = s->tail; + if (cp == NULL || sp == NULL) + return; + /* + * Is it a full component? Yes, if it's the beginning of the + * string or there's a separator to the left. + * + * The index of -1 is valid because it only gets evaluated if the + * pointer is not at the beginning of the string. + */ + cfull = (cp == c->str || cp[-1] == sep); + sfull = (sp == s->str || sp[-1] == sep); + /* + * If they're both full components, we're done. + */ + if (cfull && sfull) { + return; + } else if (c->dot != NULL && s->dot != NULL) { + cp = c->dot + 1; + sp = s->dot + 1; + /* + * Out of bounds? Can only happen if there are trailing dots. + */ + if (cp >= &c->str[c->len] || sp >= &s->str[s->len]) { + cp = sp = NULL; + } + } else { + cp = sp = NULL; + } + c->tail = cp; + s->tail = sp; +} + +/* + * Find common suffix of C and S. + * + * C->TAIL and S->TAIL will point to the respective suffixes. C->DOT + * and S->DOT will point to the nearest instances of SEP to the right + * of the start of each suffix. Caller must initialize TAIL and DOT + * pointers to null. + */ +static void +comtail(struct hstate *c, struct hstate *s, int sep) +{ + char *cp, *sp, *cdot, *sdot; + + if (c->len == 0 || s->len == 0) + return; + + cdot = sdot = NULL; + /* + * ANSI/ISO C allows a pointer one past the end but not one + * before the beginning of an array. + */ + cp = &c->str[c->len]; + sp = &s->str[s->len]; + /* + * Set CP and SP to point to the common suffix of each string. + * When we run into separators (dots, unless someone has a X.500 + * style realm), keep pointers to the latest pair. + */ + while (cp > c->str && sp > s->str) { + if (*--cp != *--sp) { + /* + * Didn't match, so most recent match is one byte to the + * right (or not at all). + */ + cp++; + sp++; + break; + } + /* + * Keep track of matching dots. + */ + if (*cp == sep) { + cdot = cp; + sdot = sp; + } + } + /* No match found at all. */ + if (cp == &c->str[c->len]) + return; + c->tail = cp; + s->tail = sp; + c->dot = cdot; + s->dot = sdot; } -#endif diff --git a/src/lib/krb5/krb/walktree-tests b/src/lib/krb5/krb/walktree-tests index 99561c5479..17f6eae115 100644 --- a/src/lib/krb5/krb/walktree-tests +++ b/src/lib/krb5/krb/walktree-tests @@ -68,4 +68,12 @@ eval $check set A.EXAMPLE.COM EXAMPLE.COM "A.EXAMPLE.COM@A.EXAMPLE.COM EXAMPLE.COM@A.EXAMPLE.COM" eval $check +echo CAPATH test +set ATHENA.MIT.EDU KERBEROS.COM "ATHENA.MIT.EDU@ATHENA.MIT.EDU KERBEROS.COM@ATHENA.MIT.EDU" +eval $check + +echo CAPATH test +set LCS.MIT.EDU KABLOOEY.KERBEROS.COM "LCS.MIT.EDU@LCS.MIT.EDU ATHENA.MIT.EDU@LCS.MIT.EDU KERBEROS.COM@ATHENA.MIT.EDU KABLOOEY.KERBEROS.COM@KERBEROS.COM" +eval $check + exit $err diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 2d503b8510..ad560c071b 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -19,6 +19,8 @@ decode_krb5_error decode_krb5_etype_info decode_krb5_kdc_req_body decode_krb5_pa_enc_ts +decode_krb5_pa_for_user +decode_krb5_pa_pac_req decode_krb5_padata_sequence decode_krb5_predicted_sam_response decode_krb5_priv @@ -27,6 +29,7 @@ decode_krb5_pwd_sequence decode_krb5_safe decode_krb5_sam_challenge decode_krb5_sam_response +decode_krb5_setpw_req decode_krb5_tgs_rep decode_krb5_tgs_req decode_krb5_ticket @@ -51,6 +54,9 @@ encode_krb5_etype_info encode_krb5_etype_info2 encode_krb5_kdc_req_body encode_krb5_pa_enc_ts +encode_krb5_pa_for_user +encode_krb5_pa_server_referral_data +encode_krb5_pa_svr_referral_data encode_krb5_padata_sequence encode_krb5_predicted_sam_response encode_krb5_priv @@ -120,6 +126,7 @@ krb5_auth_to_rep krb5_build_principal krb5_build_principal_ext krb5_build_principal_va +krb5_build_principal_alloc_va krb5_cc_close krb5_cc_copy_creds krb5_cc_default @@ -166,6 +173,7 @@ krb5_copy_principal krb5_copy_ticket krb5_create_secure_file krb5_crypto_us_timeofday +krb5_decode_authdata_container krb5_decode_kdc_rep krb5_decode_ticket krb5_decrypt_tkt_part @@ -174,6 +182,7 @@ krb5_default_pwd_prompt2 krb5_defkeyname krb5_deltat_to_string krb5_do_preauth +krb5_encode_authdata_container krb5_encode_kdc_rep krb5_encrypt_helper krb5_encrypt_tkt_part @@ -220,6 +229,10 @@ krb5_free_ktypes krb5_free_last_req krb5_free_pa_data krb5_free_pa_enc_ts +krb5_free_pa_pac_req +krb5_free_pa_for_user +krb5_free_pa_server_referral_data +krb5_free_pa_svr_referral_data krb5_free_predicted_sam_response krb5_free_predicted_sam_response_contents krb5_free_principal @@ -261,6 +274,7 @@ krb5_get_default_config_files krb5_get_default_in_tkt_ktypes krb5_get_default_realm krb5_get_error_message +krb5_get_fallback_host_realm krb5_get_host_realm krb5_get_in_tkt krb5_get_in_tkt_with_keytab @@ -274,6 +288,7 @@ krb5_get_init_creds_opt_free_pa krb5_get_init_creds_opt_get_pa krb5_get_init_creds_opt_init krb5_get_init_creds_opt_set_address_list +krb5_get_init_creds_opt_set_canonicalize krb5_get_init_creds_opt_set_change_password_prompt krb5_get_init_creds_opt_set_etype_list krb5_get_init_creds_opt_set_forwardable @@ -336,6 +351,7 @@ krb5_mk_error krb5_mk_ncred krb5_mk_priv krb5_mk_rep +krb5_mk_rep_dce krb5_mk_req krb5_mk_req_extended krb5_mk_safe @@ -347,10 +363,20 @@ krb5_os_hostaddr krb5_os_init_context krb5_os_localaddr krb5_overridekeyname +krb5_pac_add_buffer +krb5_pac_free +krb5_pac_get_buffer +krb5_pac_get_types +krb5_pac_init +krb5_pac_parse +krb5_pac_verify krb5_parse_name +krb5_parse_name_flags krb5_principal2salt krb5_principal2salt_norealm krb5_principal_compare +krb5_principal_compare_any_realm +krb5_principal_compare_flags krb5_process_padata krb5_prompter_posix krb5_rc_close @@ -396,6 +422,7 @@ krb5_rd_cred krb5_rd_error krb5_rd_priv krb5_rd_rep +krb5_rd_rep_dce krb5_rd_req krb5_rd_req_decoded krb5_rd_req_decoded_anyflag @@ -461,6 +488,8 @@ krb5_unlock_file krb5_unpack_full_ipaddr krb5_unparse_name krb5_unparse_name_ext +krb5_unparse_name_flags +krb5_unparse_name_flags_ext krb5_us_timeofday krb5_use_natural_time krb5_validate_times @@ -478,6 +507,7 @@ krb5int_foreach_localaddr krb5int_free_addrlist krb5int_init_context_kdc krb5int_initialize_library +krb5int_pac_sign krb5int_sendtokdc_debug_handler profile_abandon profile_add_node diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in index 36c5f8638c..4998e0fae3 100644 --- a/src/lib/krb5/os/Makefile.in +++ b/src/lib/krb5/os/Makefile.in @@ -48,7 +48,6 @@ STLIBOBJS= \ read_pwd.o \ realm_dom.o \ realm_iter.o \ - send524.o \ sendto_kdc.o \ sn2princ.o \ thread_safe.o \ @@ -93,7 +92,6 @@ OBJS= \ $(OUTPRE)read_pwd.$(OBJEXT) \ $(OUTPRE)realm_dom.$(OBJEXT) \ $(OUTPRE)realm_iter.$(OBJEXT) \ - $(OUTPRE)send524.$(OBJEXT) \ $(OUTPRE)sendto_kdc.$(OBJEXT) \ $(OUTPRE)sn2princ.$(OBJEXT) \ $(OUTPRE)thread_safe.$(OBJEXT) \ @@ -138,7 +136,6 @@ SRCS= \ $(srcdir)/realm_dom.c \ $(srcdir)/realm_iter.c \ $(srcdir)/port2ip.c \ - $(srcdir)/send524.c \ $(srcdir)/sendto_kdc.c \ $(srcdir)/sn2princ.c \ $(srcdir)/thread_safe.c \ @@ -241,466 +238,3 @@ clean:: @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -accessor.so accessor.po $(OUTPRE)accessor.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - accessor.c os-proto.h -an_to_ln.so an_to_ln.po $(OUTPRE)an_to_ln.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - an_to_ln.c -c_ustime.so c_ustime.po $(OUTPRE)c_ustime.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - c_ustime.c -def_realm.so def_realm.po $(OUTPRE)def_realm.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - def_realm.c os-proto.h -ccdefname.so ccdefname.po $(OUTPRE)ccdefname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - ccdefname.c -changepw.so changepw.po $(OUTPRE)changepw.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - changepw.c os-proto.h -dnsglue.so dnsglue.po $(OUTPRE)dnsglue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h dnsglue.c dnsglue.h \ - os-proto.h -dnssrv.so dnssrv.po $(OUTPRE)dnssrv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h dnsglue.h dnssrv.c \ - os-proto.h -free_krbhs.so free_krbhs.po $(OUTPRE)free_krbhs.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - free_krbhs.c -free_hstrl.so free_hstrl.po $(OUTPRE)free_hstrl.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - free_hstrl.c -full_ipadr.so full_ipadr.po $(OUTPRE)full_ipadr.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - full_ipadr.c os-proto.h -get_krbhst.so get_krbhst.po $(OUTPRE)get_krbhst.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - get_krbhst.c -gen_port.so gen_port.po $(OUTPRE)gen_port.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - gen_port.c os-proto.h -genaddrs.so genaddrs.po $(OUTPRE)genaddrs.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - genaddrs.c os-proto.h -gen_rname.so gen_rname.po $(OUTPRE)gen_rname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - gen_rname.c os-proto.h -hostaddr.so hostaddr.po $(OUTPRE)hostaddr.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h hostaddr.c -hst_realm.so hst_realm.po $(OUTPRE)hst_realm.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h dnsglue.h hst_realm.c \ - os-proto.h -init_os_ctx.so init_os_ctx.po $(OUTPRE)init_os_ctx.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/util/profile/prof_int.h init_os_ctx.c os-proto.h -krbfileio.so krbfileio.po $(OUTPRE)krbfileio.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - krbfileio.c -ktdefname.so ktdefname.po $(OUTPRE)ktdefname.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - ktdefname.c -kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kuserok.c -mk_faddr.so mk_faddr.po $(OUTPRE)mk_faddr.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - mk_faddr.c os-proto.h -localaddr.so localaddr.po $(OUTPRE)localaddr.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h localaddr.c -locate_kdc.so locate_kdc.po $(OUTPRE)locate_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h locate_kdc.c os-proto.h -lock_file.so lock_file.po $(OUTPRE)lock_file.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - lock_file.c -net_read.so net_read.po $(OUTPRE)net_read.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - net_read.c -net_write.so net_write.po $(OUTPRE)net_write.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - net_write.c -osconfig.so osconfig.po $(OUTPRE)osconfig.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - osconfig.c -prompter.so prompter.po $(OUTPRE)prompter.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - prompter.c -read_msg.so read_msg.po $(OUTPRE)read_msg.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - read_msg.c -read_pwd.so read_pwd.po $(OUTPRE)read_pwd.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - read_pwd.c -realm_dom.so realm_dom.po $(OUTPRE)realm_dom.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - realm_dom.c -realm_iter.so realm_iter.po $(OUTPRE)realm_iter.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - realm_iter.c -port2ip.so port2ip.po $(OUTPRE)port2ip.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h os-proto.h port2ip.c -send524.so send524.po $(OUTPRE)send524.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - os-proto.h send524.c -sendto_kdc.so sendto_kdc.po $(OUTPRE)sendto_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - os-proto.h sendto_kdc.c -sn2princ.so sn2princ.po $(OUTPRE)sn2princ.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h os-proto.h sn2princ.c -thread_safe.so thread_safe.po $(OUTPRE)thread_safe.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - thread_safe.c -timeofday.so timeofday.po $(OUTPRE)timeofday.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - timeofday.c -toffset.so toffset.po $(OUTPRE)toffset.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h toffset.c -unlck_file.so unlck_file.po $(OUTPRE)unlck_file.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - unlck_file.c -ustime.so ustime.po $(OUTPRE)ustime.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ustime.c -write_msg.so write_msg.po $(OUTPRE)write_msg.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - write_msg.c -t_an_to_ln.so t_an_to_ln.po $(OUTPRE)t_an_to_ln.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ - t_an_to_ln.c -t_gifconf.so t_gifconf.po $(OUTPRE)t_gifconf.$(OBJEXT): \ - t_gifconf.c -t_locate_kdc.so t_locate_kdc.po $(OUTPRE)t_locate_kdc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h dnsglue.c dnsglue.h \ - dnssrv.c locate_kdc.c os-proto.h t_locate_kdc.c -t_realm_iter.so t_realm_iter.po $(OUTPRE)t_realm_iter.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ - t_realm_iter.c -t_std_conf.so t_std_conf.po $(OUTPRE)t_std_conf.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h os-proto.h t_std_conf.c diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c index 1593468cd4..cdbb598418 100644 --- a/src/lib/krb5/os/accessor.c +++ b/src/lib/krb5/os/accessor.c @@ -67,16 +67,11 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) SC (free_srv_dns_data, krb5int_free_srv_dns_data), SC (use_dns_kdc, _krb5_use_dns_kdc), #undef SC + S (clean_hostname, krb5int_clean_hostname), -#ifdef KRB5_KRB4_COMPAT -#define SC(FIELD, VAL) S(FIELD, VAL) -#else /* disable */ -#define SC(FIELD, VAL) S(FIELD, 0) -#endif - SC (krb_life_to_time, krb5int_krb_life_to_time), - SC (krb_time_to_life, krb5int_krb_time_to_life), - SC (krb524_encode_v4tkt, krb5int_encode_v4tkt), -#undef SC + S (krb_life_to_time, 0), + S (krb_time_to_life, 0), + S (krb524_encode_v4tkt, 0), S (krb5int_c_mandatory_cksumtype, krb5int_c_mandatory_cksumtype), #ifndef LEAN_CLIENT @@ -134,6 +129,9 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version) SC (encode_krb5_authdata_elt, encode_krb5_authdata_elt), #undef SC + S (encode_krb5_sam_response_2, encode_krb5_sam_response_2), + S (encode_krb5_enc_sam_response_enc_2, encode_krb5_enc_sam_response_enc_2), + #if DESIGNATED_INITIALIZERS }; #else diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c index 6e6dadc570..83bce2bab5 100644 --- a/src/lib/krb5/os/an_to_ln.c +++ b/src/lib/krb5/os/an_to_ln.c @@ -600,9 +600,7 @@ rule_an_to_ln(krb5_context context, char *rule, krb5_const_principal aname, cons kret = aname_replacer(selstring, ¤t, &outstring); if (outstring) { /* Copy out the value if there's enough room */ - if (strlen(outstring)+1 <= (size_t) lnsize) - strcpy(lname, outstring); - else + if (strlcpy(lname, outstring, lnsize) >= lnsize) kret = KRB5_CONFIG_NOTENUFSPACE; free(outstring); } @@ -728,9 +726,8 @@ krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int ln } /* Copy out the value if there's enough room */ - if (strlen(mapping_values[nvalid-1])+1 <= (size_t) lnsize) - strcpy(lname, mapping_values[nvalid-1]); - else + if (strlcpy(lname, mapping_values[nvalid-1], + lnsize) >= lnsize) kret = KRB5_CONFIG_NOTENUFSPACE; /* Free residue */ diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index 8d42a965a5..63e00d4217 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -251,13 +251,9 @@ krb5_cc_set_default_name(krb5_context context, const char *name) if (name != NULL) { if (!err) { /* If the name isn't NULL, make a copy of it */ - new_ccname = malloc (strlen (name) + 1); + new_ccname = strdup (name); if (new_ccname == NULL) { err = ENOMEM; } } - - if (!err) { - strcpy (new_ccname, name); - } } if (!err) { diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c index 710a3fcf56..7811387385 100644 --- a/src/lib/krb5/os/changepw.c +++ b/src/lib/krb5/os/changepw.c @@ -34,6 +34,7 @@ #include "k5-int.h" #include "os-proto.h" #include "cm.h" +#include "../krb/auth_con.h" #include #include @@ -48,6 +49,7 @@ struct sendto_callback_context { krb5_principal set_password_for; char *newpw; krb5_data ap_req; + krb5_ui_4 remote_seq_num, local_seq_num; }; /* @@ -62,11 +64,12 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm, int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM); code = krb5int_locate_server (context, realm, addrlist, - locate_service_kpasswd, sockType, 0); + locate_service_kpasswd, sockType, AF_INET); if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) { code = krb5int_locate_server (context, realm, addrlist, - locate_service_kadmin, SOCK_STREAM, 0); + locate_service_kadmin, SOCK_STREAM, + AF_INET); if (!code) { /* Success with admin_server but now we need to change the port number to use DEFAULT_KPASSWD_PORT and the socktype. */ @@ -159,6 +162,9 @@ static int kpasswd_sendto_msg_callback(struct conn_state *conn, void *callback_c &local_kaddr, NULL))) goto cleanup; + ctx->auth_context->remote_seq_number = ctx->remote_seq_num; + ctx->auth_context->local_seq_number = ctx->local_seq_num; + if (ctx->set_password_for) code = krb5int_mk_setpw_req(ctx->context, ctx->auth_context, @@ -208,6 +214,7 @@ krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw, struct sockaddr_storage remote_addr; struct addrlist al = ADDRLIST_INIT; + memset(&chpw_rep, 0, sizeof(krb5_data)); memset( &callback_ctx, 0, sizeof(struct sendto_callback_context)); callback_ctx.context = context; callback_ctx.newpw = newpw; @@ -225,6 +232,9 @@ krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw, &callback_ctx.ap_req))) goto cleanup; + callback_ctx.remote_seq_num = callback_ctx.auth_context->remote_seq_number; + callback_ctx.local_seq_num = callback_ctx.auth_context->local_seq_number; + do { if ((code = krb5_locate_kpasswd(callback_ctx.context, krb5_princ_realm(callback_ctx.context, @@ -330,6 +340,7 @@ cleanup: krb5int_free_addrlist (&al); krb5_free_data_contents(callback_ctx.context, &callback_ctx.ap_req); + krb5_free_data_contents(callback_ctx.context, &chpw_rep); return(code); } diff --git a/src/lib/krb5/os/def_realm.c b/src/lib/krb5/os/def_realm.c index d63f1af63b..13a025d9bb 100644 --- a/src/lib/krb5/os/def_realm.c +++ b/src/lib/krb5/os/def_realm.c @@ -72,7 +72,6 @@ krb5_error_code KRB5_CALLCONV krb5_get_default_realm(krb5_context context, char **lrealm) { char *realm = 0; - char *cp; krb5_error_code retval; if (!context || (context->magic != KV5M_CONTEXT)) @@ -90,12 +89,11 @@ krb5_get_default_realm(krb5_context context, char **lrealm) &realm); if (!retval && realm) { - context->default_realm = malloc(strlen(realm) + 1); + context->default_realm = strdup(realm); if (!context->default_realm) { profile_release_string(realm); return ENOMEM; } - strcpy(context->default_realm, realm); profile_release_string(realm); } } @@ -155,9 +153,8 @@ krb5_get_default_realm(krb5_context context, char **lrealm) realm = context->default_realm; - if (!(*lrealm = cp = malloc((unsigned int) strlen(realm) + 1))) + if (!(*lrealm = strdup(realm))) return ENOMEM; - strcpy(cp, realm); return(0); } @@ -176,12 +173,11 @@ krb5_set_default_realm(krb5_context context, const char *lrealm) NULL */ if (!lrealm) return 0; - context->default_realm = malloc(strlen (lrealm) + 1); + context->default_realm = strdup(lrealm); if (!context->default_realm) return ENOMEM; - strcpy(context->default_realm, lrealm); return(0); } diff --git a/src/lib/krb5/os/deps b/src/lib/krb5/os/deps new file mode 100644 index 0000000000..d86f8b25bd --- /dev/null +++ b/src/lib/krb5/os/deps @@ -0,0 +1,463 @@ +# +# Generated makefile dependencies follow. +# +accessor.so accessor.po $(OUTPRE)accessor.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h accessor.c os-proto.h +an_to_ln.so an_to_ln.po $(OUTPRE)an_to_ln.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h an_to_ln.c +c_ustime.so c_ustime.po $(OUTPRE)c_ustime.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h c_ustime.c +def_realm.so def_realm.po $(OUTPRE)def_realm.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h def_realm.c os-proto.h +ccdefname.so ccdefname.po $(OUTPRE)ccdefname.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ccdefname.c +changepw.so changepw.po $(OUTPRE)changepw.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(srcdir)/../krb/auth_con.h \ + changepw.c os-proto.h +dnsglue.so dnsglue.po $(OUTPRE)dnsglue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + dnsglue.c dnsglue.h os-proto.h +dnssrv.so dnssrv.po $(OUTPRE)dnssrv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + dnsglue.h dnssrv.c os-proto.h +free_krbhs.so free_krbhs.po $(OUTPRE)free_krbhs.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h free_krbhs.c +free_hstrl.so free_hstrl.po $(OUTPRE)free_hstrl.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h free_hstrl.c +full_ipadr.so full_ipadr.po $(OUTPRE)full_ipadr.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h full_ipadr.c os-proto.h +get_krbhst.so get_krbhst.po $(OUTPRE)get_krbhst.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h get_krbhst.c +gen_port.so gen_port.po $(OUTPRE)gen_port.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h gen_port.c os-proto.h +genaddrs.so genaddrs.po $(OUTPRE)genaddrs.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h genaddrs.c os-proto.h +gen_rname.so gen_rname.po $(OUTPRE)gen_rname.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h gen_rname.c os-proto.h +hostaddr.so hostaddr.po $(OUTPRE)hostaddr.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + hostaddr.c +hst_realm.so hst_realm.po $(OUTPRE)hst_realm.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + dnsglue.h hst_realm.c os-proto.h +init_os_ctx.so init_os_ctx.po $(OUTPRE)init_os_ctx.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/util/profile/prof_int.h \ + init_os_ctx.c os-proto.h +krbfileio.so krbfileio.po $(OUTPRE)krbfileio.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h krbfileio.c +ktdefname.so ktdefname.po $(OUTPRE)ktdefname.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ktdefname.c +kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kuserok.c +mk_faddr.so mk_faddr.po $(OUTPRE)mk_faddr.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h mk_faddr.c os-proto.h +localaddr.so localaddr.po $(OUTPRE)localaddr.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + localaddr.c +locate_kdc.so locate_kdc.po $(OUTPRE)locate_kdc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + locate_kdc.c os-proto.h +lock_file.so lock_file.po $(OUTPRE)lock_file.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h lock_file.c +net_read.so net_read.po $(OUTPRE)net_read.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h net_read.c +net_write.so net_write.po $(OUTPRE)net_write.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h net_write.c +osconfig.so osconfig.po $(OUTPRE)osconfig.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h osconfig.c +prompter.so prompter.po $(OUTPRE)prompter.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h prompter.c +read_msg.so read_msg.po $(OUTPRE)read_msg.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h read_msg.c +read_pwd.so read_pwd.po $(OUTPRE)read_pwd.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h read_pwd.c +realm_dom.so realm_dom.po $(OUTPRE)realm_dom.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h realm_dom.c +realm_iter.so realm_iter.po $(OUTPRE)realm_iter.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h realm_iter.c +port2ip.so port2ip.po $(OUTPRE)port2ip.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + os-proto.h port2ip.c +sendto_kdc.so sendto_kdc.po $(OUTPRE)sendto_kdc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h os-proto.h sendto_kdc.c +sn2princ.so sn2princ.po $(OUTPRE)sn2princ.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + os-proto.h sn2princ.c +thread_safe.so thread_safe.po $(OUTPRE)thread_safe.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h thread_safe.c +timeofday.so timeofday.po $(OUTPRE)timeofday.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h timeofday.c +toffset.so toffset.po $(OUTPRE)toffset.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + toffset.c +unlck_file.so unlck_file.po $(OUTPRE)unlck_file.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h unlck_file.c +ustime.so ustime.po $(OUTPRE)ustime.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + ustime.c +write_msg.so write_msg.po $(OUTPRE)write_msg.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h write_msg.c +t_an_to_ln.so t_an_to_ln.po $(OUTPRE)t_an_to_ln.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + t_an_to_ln.c +t_gifconf.so t_gifconf.po $(OUTPRE)t_gifconf.$(OBJEXT): \ + t_gifconf.c +t_locate_kdc.so t_locate_kdc.po $(OUTPRE)t_locate_kdc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + dnsglue.c dnsglue.h dnssrv.c locate_kdc.c os-proto.h \ + t_locate_kdc.c +t_realm_iter.so t_realm_iter.po $(OUTPRE)t_realm_iter.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + t_realm_iter.c +t_std_conf.so t_std_conf.po $(OUTPRE)t_std_conf.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + os-proto.h t_std_conf.c diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c index d726fb7e54..4dcd57cb81 100644 --- a/src/lib/krb5/os/dnssrv.c +++ b/src/lib/krb5/os/dnssrv.c @@ -60,10 +60,11 @@ krb5int_make_srv_query_realm(const krb5_data *realm, struct srv_dns_entry **answers) { const unsigned char *p = NULL, *base = NULL; - char host[MAXDNAME], *h; - int size, ret, rdlen, nlen; + char host[MAXDNAME]; + int size, ret, rdlen, nlen, len; unsigned short priority, weight, port; struct krb5int_dns_state *ds = NULL; + struct k5buf buf; struct srv_dns_entry *head = NULL; struct srv_dns_entry *srv = NULL, *entry = NULL; @@ -81,13 +82,9 @@ krb5int_make_srv_query_realm(const krb5_data *realm, if (memchr(realm->data, 0, realm->length)) return 0; - if ( strlen(service) + strlen(protocol) + realm->length + 6 - > MAXDNAME ) - return 0; - if (snprintf(host, sizeof(host), "%s.%s.%.*s", - service, protocol, (int) realm->length, - realm->data) >= sizeof(host)) - return 0; + krb5int_buf_init_fixed(&buf, host, sizeof(host)); + krb5int_buf_add_fmt(&buf, "%s.%s.", service, protocol); + krb5int_buf_add_len(&buf, realm->data, realm->length); /* Realm names don't (normally) end with ".", but if the query doesn't end with "." and doesn't get an answer as is, the @@ -98,9 +95,12 @@ krb5int_make_srv_query_realm(const krb5_data *realm, a search on the prefix alone then the intention is to allow the local domain or domain search lists to be expanded. */ - h = host + strlen (host); - if ((h[-1] != '.') && ((h - host + 1) < sizeof(host))) - strcpy (h, "."); + len = krb5int_buf_len(&buf); + if (len > 0 && host[len - 1] != '.') + krb5int_buf_add(&buf, "."); + + if (krb5int_buf_data(&buf) == NULL) + return 0; #ifdef TEST fprintf (stderr, "sending DNS SRV query for %s\n", host); @@ -144,10 +144,7 @@ krb5int_make_srv_query_realm(const krb5_data *realm, srv->port = port; /* The returned names are fully qualified. Don't let the local resolver code do domain search path stuff. */ - if (strlen(host) + 2 < sizeof(host)) - strcat(host, "."); - srv->host = strdup(host); - if (srv->host == NULL) { + if (asprintf(&srv->host, "%s.", host) < 0) { free(srv); goto out; } diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 9836378642..36c0e48608 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -78,6 +78,10 @@ #include "fake-addrinfo.h" +static krb5_error_code +domain_heuristic(krb5_context context, const char *domain, + char **realm, int limit); + #ifdef KRB5_DNS_LOOKUP #include "dnsglue.h" @@ -90,23 +94,20 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm) { krb5_error_code retval = KRB5_ERR_HOST_REALM_UNKNOWN; const unsigned char *p, *base; - char host[MAXDNAME], *h; + char host[MAXDNAME]; int ret, rdlen, len; struct krb5int_dns_state *ds = NULL; + struct k5buf buf; /* * Form our query, and send it via DNS */ + krb5int_buf_init_fixed(&buf, host, sizeof(host)); if (name == NULL || name[0] == '\0') { - if (strlen (prefix) >= sizeof(host)-1) - return KRB5_ERR_HOST_REALM_UNKNOWN; - strcpy(host,prefix); + krb5int_buf_add(&buf, prefix); } else { - if ( strlen(prefix) + strlen(name) + 3 > MAXDNAME ) - return KRB5_ERR_HOST_REALM_UNKNOWN; - if (snprintf(host, sizeof(host), "%s.%s", prefix, name) >= sizeof(host)) - return KRB5_ERR_HOST_REALM_UNKNOWN; + krb5int_buf_add_fmt(&buf, "%s.%s", prefix, name); /* Realm names don't (normally) end with ".", but if the query doesn't end with "." and doesn't get an answer as is, the @@ -118,10 +119,12 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm) the local domain or domain search lists to be expanded. */ - h = host + strlen (host); - if ((h > host) && (h[-1] != '.') && ((h - host + 1) < sizeof(host))) - strcpy (h, "."); + len = krb5int_buf_len(&buf); + if (len > 0 && host[len - 1] != '.') + krb5int_buf_add(&buf, "."); } + if (krb5int_buf_data(&buf) == NULL) + return KRB5_ERR_HOST_REALM_UNKNOWN; ret = krb5int_dns_init(&ds, host, C_IN, T_TXT); if (ret < 0) goto errout; @@ -250,19 +253,17 @@ krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp) #ifdef DEBUG_REFERRALS printf(" temp_realm is %s\n",temp_realm); #endif - realm = malloc(strlen(temp_realm) + 1); + realm = strdup(temp_realm); if (!realm) { profile_release_string(temp_realm); return ENOMEM; } - strcpy(realm, temp_realm); profile_release_string(temp_realm); } if (realm == (char *)NULL) { - if (!(cp = (char *)malloc(strlen(KRB5_REFERRAL_REALM)+1))) + if (!(cp = strdup(KRB5_REFERRAL_REALM))) return ENOMEM; - strcpy(cp, KRB5_REFERRAL_REALM); realm = cp; } @@ -337,7 +338,7 @@ krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realmsp) { char **retrealms; - char *default_realm, *realm, *cp, *temp_realm; + char *realm, *cp; krb5_error_code retval; char local_host[MAXDNAME+1], host[MAXDNAME+1]; @@ -351,72 +352,71 @@ krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***rea krb5int_clean_hostname(context, host, local_host, sizeof local_host); - /* Scan hostname for DNS realm, and save as last-ditch realm - assumption. */ - cp = local_host; -#ifdef DEBUG_REFERRALS - printf(" local_host: %s\n",local_host); -#endif - realm = default_realm = (char *)NULL; - temp_realm = 0; - while (cp && !default_realm) { - if (*cp == '.') { - cp++; - if (default_realm == (char *)NULL) { - /* If nothing else works, use the host's domain */ - default_realm = cp; - } - } else { - cp = strchr(cp, '.'); - } + /* + * Try looking up a _kerberos. TXT record in DNS. This + * heuristic is turned off by default since, in the absence of + * secure DNS, it can allow an attacker to control the realm used + * for a host. + */ + realm = (char *)NULL; +#ifdef KRB5_DNS_LOOKUP + if (_krb5_use_dns_realm(context)) { + cp = local_host; + do { + retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm); + cp = strchr(cp,'.'); + if (cp) + cp++; + } while (retval && cp && cp[0]); } -#ifdef DEBUG_REFERRALS - printf(" done finding DNS-based default realm: >%s<\n",default_realm); -#endif +#endif /* KRB5_DNS_LOOKUP */ -#ifdef KRB5_DNS_LOOKUP + /* + * Next try searching the domain components as realms. This + * heuristic is also turned off by default. If DNS lookups for + * KDCs are enabled (as they are by default), an attacker could + * control which domain component is used as the realm for a host. + */ if (realm == (char *)NULL) { - int use_dns = _krb5_use_dns_realm(context); - if ( use_dns ) { - /* - * Since this didn't appear in our config file, try looking - * it up via DNS. Look for a TXT records of the form: - * - * _kerberos. - * - */ - cp = local_host; - do { - retval = krb5_try_realm_txt_rr("_kerberos", cp, &realm); - cp = strchr(cp,'.'); - if (cp) - cp++; - } while (retval && cp && cp[0]); - } + int limit; + errcode_t code; + + code = profile_get_integer(context->profile, "libdefaults", + "realm_try_domains", 0, -1, &limit); + if (code == 0) { + retval = domain_heuristic(context, local_host, &realm, limit); + if (retval) + return retval; + } } -#endif /* KRB5_DNS_LOOKUP */ - + /* + * The next fallback--and the first one to apply with default + * configuration--is to use the upper-cased parent domain of the + * hostname, regardless of whether we can actually look it up as a + * realm. + */ if (realm == (char *)NULL) { - if (default_realm != (char *)NULL) { - /* We are defaulting to the realm of the host */ - if (!(cp = (char *)malloc(strlen(default_realm)+1))) - return ENOMEM; - strcpy(cp, default_realm); - realm = cp; - - /* Assume the realm name is upper case */ + cp = strchr(local_host, '.'); + if (cp) { + if (!(realm = strdup(cp + 1))) + return ENOMEM; for (cp = realm; *cp; cp++) if (islower((int) (*cp))) *cp = toupper((int) *cp); - } else { - /* We are defaulting to the local realm */ - retval = krb5_get_default_realm(context, &realm); - if (retval) { - return retval; - } - } + } + } + + /* + * The final fallback--used when the fully-qualified hostname has + * only one component--is to use the local default realm. + */ + if (realm == (char *)NULL) { + retval = krb5_get_default_realm(context, &realm); + if (retval) + return retval; } + if (!(retrealms = (char **)calloc(2, sizeof(*retrealms)))) { if (realm != (char *)NULL) free(realm); @@ -492,3 +492,70 @@ krb5int_clean_hostname(krb5_context context, const char *host, char *local_host, #endif return 0; } + +/* + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +/* + * Walk through the components of a domain. At each stage determine + * if a KDC can be located for that domain. Return a realm + * corresponding to the upper-cased domain name for which a KDC was + * found or NULL if no KDC was found. Stop searching after limit + * labels have been removed from the domain (-1 means don't search at + * all, 0 means try only the full domain itself, 1 means also try the + * parent domain, etc.) or when we reach a parent with only one label. + */ +static krb5_error_code +domain_heuristic(krb5_context context, const char *domain, + char **realm, int limit) +{ + krb5_error_code retval = 0, r; + struct addrlist alist; + krb5_data drealm; + char *cp = NULL; + char *fqdn = NULL; + + *realm = NULL; + if (limit < 0) + return 0; + + memset(&drealm, 0, sizeof (drealm)); + if (!(fqdn = strdup(domain))) { + retval = ENOMEM; + goto cleanup; + } + + /* Upper case the domain (for use as a realm) */ + for (cp = fqdn; *cp; cp++) + if (islower((int)(*cp))) + *cp = toupper((int)*cp); + + /* Search up to limit parents, as long as we have multiple labels. */ + cp = fqdn; + while (limit-- >= 0 && strchr(cp, '.') != NULL) { + + drealm.length = strlen(cp); + drealm.data = cp; + + /* Find a kdc based on this part of the domain name. */ + r = krb5_locate_kdc(context, &drealm, &alist, 0, SOCK_DGRAM, 0); + if (!r) { /* Found a KDC! */ + krb5int_free_addrlist(&alist); + if (!(*realm = strdup(cp))) { + retval = ENOMEM; + goto cleanup; + } + break; + } + + cp = strchr(cp, '.'); + cp++; + } + +cleanup: + if (fqdn) + free(fqdn); + return retval; +} diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c index 4799e91073..5aded9beee 100644 --- a/src/lib/krb5/os/init_os_ctx.c +++ b/src/lib/krb5/os/init_os_ctx.c @@ -198,9 +198,8 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) char *env = getenv("KRB5_CONFIG"); if (env) { - name = malloc(strlen(env) + 1); + name = strdup(env); if (!name) return ENOMEM; - strcpy(name, env); } } if (!name && !secure) @@ -420,7 +419,6 @@ krb5_get_profile (krb5_context ctx, profile_t *profile) return profile_copy (ctx->profile, profile); } - krb5_error_code krb5_set_config_files(krb5_context ctx, const char **filenames) { diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c index 022d93cc56..89bb35fcfb 100644 --- a/src/lib/krb5/os/ktdefname.c +++ b/src/lib/krb5/os/ktdefname.c @@ -44,22 +44,19 @@ krb5_kt_default_name(krb5_context context, char *name, int name_size) unsigned int namesize = (name_size < 0 ? 0 : name_size); if (krb5_overridekeyname) { - if (namesize < (strlen(krb5_overridekeyname)+1)) + if (strlcpy(name, krb5_overridekeyname, namesize) >= namesize) return KRB5_CONFIG_NOTENUFSPACE; - strcpy(name, krb5_overridekeyname); } else if ((context->profile_secure == FALSE) && (cp = getenv("KRB5_KTNAME"))) { - if (namesize < (strlen(cp)+1)) + if (strlcpy(name, cp, namesize) >= namesize) return KRB5_CONFIG_NOTENUFSPACE; - strcpy(name, cp); } else if ((profile_get_string(context->profile, "libdefaults", "default_keytab_name", NULL, NULL, &retval) == 0) && retval) { - if (namesize < (strlen(retval)+1)) + if (strlcpy(name, retval, namesize) >= namesize) return KRB5_CONFIG_NOTENUFSPACE; - strcpy(name, retval); profile_release_string(retval); } else { #if defined(_WIN32) @@ -74,9 +71,8 @@ krb5_kt_default_name(krb5_context context, char *name, int name_size) snprintf(name, namesize, krb5_defkeyname, defname); } #else - if (namesize < (strlen(krb5_defkeyname)+1)) + if (strlcpy(name, krb5_defkeyname, namesize) >= namesize) return KRB5_CONFIG_NOTENUFSPACE; - strcpy(name, krb5_defkeyname); #endif } return 0; diff --git a/src/lib/krb5/os/promptusr.c b/src/lib/krb5/os/promptusr.c index 68f8b14a04..3c9c50a6c1 100644 --- a/src/lib/krb5/os/promptusr.c +++ b/src/lib/krb5/os/promptusr.c @@ -90,11 +90,10 @@ krb5_os_get_tty_uio(krb5_context context, krb5_uio uio) } while (ch != EOF && ch != '\n'); read_string[sizeof(read_string)-1] = 0; - if ((p->response = malloc(strlen(read_string)+1)) == NULL) { + if ((p->response = strdup(read_string)) == NULL) { errno = ENOMEM; goto cleanup; } - strcpy(p->response, read_string); if ((p->flags & KRB5_UIO_ECHORESPONSE) == 0) { (void) putchar('\n'); diff --git a/src/lib/krb5/os/realm_dom.c b/src/lib/krb5/os/realm_dom.c index d7a4be7dbe..43e6266ca3 100644 --- a/src/lib/krb5/os/realm_dom.c +++ b/src/lib/krb5/os/realm_dom.c @@ -55,11 +55,9 @@ krb5_get_realm_domain(krb5_context context, const char *realm, char **domain) "default_domain", realm, &temp_domain); if (!retval && temp_domain) { - *domain = malloc(strlen(temp_domain) + 1); + *domain = strdup(temp_domain); if (!*domain) { retval = ENOMEM; - } else { - strcpy(*domain, temp_domain); } profile_release_string(temp_domain); } diff --git a/src/lib/krb5/os/send524.c b/src/lib/krb5/os/send524.c deleted file mode 100644 index 1792b4930e..0000000000 --- a/src/lib/krb5/os/send524.c +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright 1990,1991,1997 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * Send a packet to a service and await a reply, using an exponential - * backoff retry algorithm. This is based on krb5_sendto_kdc. - */ - -/* Grab socket stuff. This might want to go away later. */ -#include "fake-addrinfo.h" /* for custom addrinfo if needed */ -#include "k5-int.h" - -#ifndef _WIN32 -#include -#include -#endif - -#include -#include - -#include "os-proto.h" - -/* - * krb524_sendto_kdc: - * - * A slightly modified version of krb5_sendto_kdc. - * - * send the formatted request 'message' to a KDC for realm 'realm' and - * return the response (if any) in 'reply'. - * - * If the message is sent and a response is received, 0 is returned, - * otherwise an error code is returned. - * - * The storage for 'reply' is allocated and should be freed by the caller - * when finished. - */ - -krb5_error_code -krb5int_524_sendto_kdc (context, message, realm, reply, addr, addrlen) - krb5_context context; - const krb5_data * message; - const krb5_data * realm; - krb5_data * reply; - struct sockaddr *addr; - socklen_t *addrlen; -{ -#if defined(KRB5_KRB4_COMPAT) || defined(_WIN32) /* yuck! */ - int i; - struct addrlist al = ADDRLIST_INIT; - struct servent *serv; - krb5_error_code retval; - int port; - - /* - * find KDC location(s) for realm - */ - - serv = getservbyname(KRB524_SERVICE, "udp"); - port = serv ? serv->s_port : htons (KRB524_PORT); - - retval = krb5int_locate_server(context, realm, &al, locate_service_krb524, - SOCK_DGRAM, PF_INET); - if (retval == KRB5_REALM_CANT_RESOLVE || retval == KRB5_REALM_UNKNOWN) { - /* Fallback heuristic: Assume krb524 port on every KDC might - work. */ - retval = krb5_locate_kdc(context, realm, &al, 0, SOCK_DGRAM, PF_INET); - /* - * Bash the ports numbers. - */ - if (retval == 0) - for (i = 0; i < al.naddrs; i++) { - al.addrs[i].ai->ai_socktype = SOCK_DGRAM; - if (al.addrs[i].ai->ai_family == AF_INET) - sa2sin (al.addrs[i].ai->ai_addr)->sin_port = port; - } - } - if (retval) - return retval; - if (al.naddrs == 0) - return KRB5_REALM_UNKNOWN; - - retval = krb5int_sendto (context, message, &al, NULL, reply, addr, addrlen, NULL, 0, NULL, NULL, NULL); - krb5int_free_addrlist (&al); - return retval; -#else - return KRB524_KRB4_DISABLED; -#endif -} diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 218748273e..971047b547 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -116,6 +116,7 @@ krb5int_debug_fprint (const char *fmt, ...) #define max(a,b) ((a) > (b) ? (a) : (b)) #endif char tmpbuf[max(NI_MAXHOST + NI_MAXSERV + 30, 200)]; + struct k5buf buf; if (!krb5int_debug_sendto_kdc) return; @@ -221,26 +222,27 @@ krb5int_debug_fprint (const char *fmt, ...) case 'A': /* %A => addrinfo */ ai = va_arg(args, struct addrinfo *); + krb5int_buf_init_dynamic(&buf); if (ai->ai_socktype == SOCK_DGRAM) - strcpy(tmpbuf, "dgram"); + krb5int_buf_add(&buf, "dgram"); else if (ai->ai_socktype == SOCK_STREAM) - strcpy(tmpbuf, "stream"); + krb5int_buf_add(&buf, "stream"); else - snprintf(tmpbuf, sizeof(tmpbuf), "socktype%d", ai->ai_socktype); + krb5int_buf_add_fmt(&buf, "socktype%d", ai->ai_socktype); + if (0 != getnameinfo (ai->ai_addr, ai->ai_addrlen, addrbuf, sizeof (addrbuf), portbuf, sizeof (portbuf), NI_NUMERICHOST | NI_NUMERICSERV)) { if (ai->ai_addr->sa_family == AF_UNSPEC) - strcpy(tmpbuf + strlen(tmpbuf), " AF_UNSPEC"); + krb5int_buf_add(&buf, " AF_UNSPEC"); else - snprintf(tmpbuf + strlen(tmpbuf), - sizeof(tmpbuf)-strlen(tmpbuf), - " af%d", ai->ai_addr->sa_family); + krb5int_buf_add_fmt(&buf, " af%d", ai->ai_addr->sa_family); } else - snprintf(tmpbuf + strlen(tmpbuf), sizeof(tmpbuf)-strlen(tmpbuf), - " %s.%s", addrbuf, portbuf); - putstr(tmpbuf); + krb5int_buf_add_fmt(&buf, " %s.%s", addrbuf, portbuf); + if (krb5int_buf_data(&buf)) + putstr(krb5int_buf_data(&buf)); + krb5int_free_buf(&buf); break; case 'D': /* %D => krb5_data * */ diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index 8df5911383..cbc6eb1edc 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -107,6 +107,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET; + hints.ai_flags = AI_CANONNAME; try_getaddrinfo_again: err = getaddrinfo(hostname, 0, &hints, &ai); if (err) { @@ -147,7 +148,8 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * if (!remote_host) return ENOMEM; } - } + } else + freeaddrinfo(ai); } else /* type == KRB5_NT_UNKNOWN */ { remote_host = strdup(hostname); } diff --git a/src/lib/krb5/os/t_gifconf.c b/src/lib/krb5/os/t_gifconf.c index 92a49123a8..b0d9b7de2b 100644 --- a/src/lib/krb5/os/t_gifconf.c +++ b/src/lib/krb5/os/t_gifconf.c @@ -97,7 +97,7 @@ int main (void) { /* Solaris returns "Invalid argument" if the buffer is too small. AIX and Linux return no error indication. */ int e = errno; - sprintf (buffer, "SIOCGIFCONF(%d)", t); + snprintf (buffer, sizeof(buffer), "SIOCGIFCONF(%d)", t); errno = e; perror (buffer); if (e == EINVAL) diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c index 20e07af666..9cc845a829 100644 --- a/src/lib/krb5/os/t_locate_kdc.c +++ b/src/lib/krb5/os/t_locate_kdc.c @@ -37,7 +37,7 @@ static const char *stypename (int stype) case SOCK_RAW: return "raw"; default: - sprintf(buf, "?%d", stype); + snprintf(buf, sizeof(buf), "?%d", stype); return buf; } } diff --git a/src/lib/krb5/os/timeofday.c b/src/lib/krb5/os/timeofday.c index c65ce6fc0b..31d803eb55 100644 --- a/src/lib/krb5/os/timeofday.c +++ b/src/lib/krb5/os/timeofday.c @@ -35,9 +35,13 @@ krb5_error_code KRB5_CALLCONV krb5_timeofday(krb5_context context, register krb5_timestamp *timeret) { - krb5_os_context os_ctx = &context->os_context; + krb5_os_context os_ctx; time_t tval; + if (context == NULL) + return EINVAL; + + os_ctx = &context->os_context; if (os_ctx->os_flags & KRB5_OS_TOFFSET_TIME) { *timeret = os_ctx->time_offset; return 0; diff --git a/src/lib/krb5/rcache/Makefile.in b/src/lib/krb5/rcache/Makefile.in index 1aafb1e87d..d4c1336234 100644 --- a/src/lib/krb5/rcache/Makefile.in +++ b/src/lib/krb5/rcache/Makefile.in @@ -45,84 +45,3 @@ clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -rc_base.so rc_base.po $(OUTPRE)rc_base.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rc-int.h rc_base.c \ - rc_base.h -rc_dfl.so rc_dfl.po $(OUTPRE)rc_dfl.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rc-int.h rc_base.h \ - rc_dfl.c rc_dfl.h rc_io.h -rc_io.so rc_io.po $(OUTPRE)rc_io.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rc_base.h rc_dfl.h \ - rc_io.c rc_io.h -rcdef.so rcdef.po $(OUTPRE)rcdef.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rc-int.h rc_dfl.h \ - rcdef.c -rc_none.so rc_none.po $(OUTPRE)rc_none.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rc-int.h rc_none.c -rc_conv.so rc_conv.po $(OUTPRE)rc_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rc_base.h rc_conv.c -ser_rc.so ser_rc.po $(OUTPRE)ser_rc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rc-int.h ser_rc.c -rcfns.so rcfns.po $(OUTPRE)rcfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h rc-int.h rcfns.c diff --git a/src/lib/krb5/rcache/deps b/src/lib/krb5/rcache/deps new file mode 100644 index 0000000000..b2f02ae6cb --- /dev/null +++ b/src/lib/krb5/rcache/deps @@ -0,0 +1,83 @@ +# +# Generated makefile dependencies follow. +# +rc_base.so rc_base.po $(OUTPRE)rc_base.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + rc-int.h rc_base.c rc_base.h +rc_dfl.so rc_dfl.po $(OUTPRE)rc_dfl.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + rc-int.h rc_base.h rc_dfl.c rc_dfl.h rc_io.h +rc_io.so rc_io.po $(OUTPRE)rc_io.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + rc_base.h rc_dfl.h rc_io.c rc_io.h +rcdef.so rcdef.po $(OUTPRE)rcdef.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + rc-int.h rc_dfl.h rcdef.c +rc_none.so rc_none.po $(OUTPRE)rc_none.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + rc-int.h rc_none.c +rc_conv.so rc_conv.po $(OUTPRE)rc_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + rc_base.h rc_conv.c +ser_rc.so ser_rc.po $(OUTPRE)ser_rc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + rc-int.h ser_rc.c +rcfns.so rcfns.po $(OUTPRE)rcfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + rc-int.h rcfns.c diff --git a/src/lib/krb5/rcache/rc-int.h b/src/lib/krb5/rcache/rc-int.h index 2f09d239a6..5d91d3cc6d 100644 --- a/src/lib/krb5/rcache/rc-int.h +++ b/src/lib/krb5/rcache/rc-int.h @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/keytab/rc-int.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * This file contains constant and function declarations used in the * file-based replay cache routines. @@ -46,25 +47,25 @@ struct _krb5_rc_ops { krb5_magic magic; char *type; krb5_error_code (KRB5_CALLCONV *init) - (krb5_context, krb5_rcache,krb5_deltat); /* create */ + (krb5_context, krb5_rcache,krb5_deltat); /* create */ krb5_error_code (KRB5_CALLCONV *recover) - (krb5_context, krb5_rcache); /* open */ + (krb5_context, krb5_rcache); /* open */ krb5_error_code (KRB5_CALLCONV *recover_or_init) - (krb5_context, krb5_rcache,krb5_deltat); + (krb5_context, krb5_rcache,krb5_deltat); krb5_error_code (KRB5_CALLCONV *destroy) - (krb5_context, krb5_rcache); + (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *close) - (krb5_context, krb5_rcache); + (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *store) - (krb5_context, krb5_rcache,krb5_donot_replay *); + (krb5_context, krb5_rcache,krb5_donot_replay *); krb5_error_code (KRB5_CALLCONV *expunge) - (krb5_context, krb5_rcache); + (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *get_span) - (krb5_context, krb5_rcache,krb5_deltat *); + (krb5_context, krb5_rcache,krb5_deltat *); char *(KRB5_CALLCONV *get_name) - (krb5_context, krb5_rcache); + (krb5_context, krb5_rcache); krb5_error_code (KRB5_CALLCONV *resolve) - (krb5_context, krb5_rcache, char *); + (krb5_context, krb5_rcache, char *); }; typedef struct _krb5_rc_ops krb5_rc_ops; diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c index ad5c4e93cd..24a895f7ea 100644 --- a/src/lib/krb5/rcache/rc_base.c +++ b/src/lib/krb5/rcache/rc_base.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_base.c * @@ -6,7 +7,6 @@ * */ - /* * Base "glue" functions for the replay cache. */ @@ -35,29 +35,29 @@ void krb5int_rc_terminate(void) struct krb5_rc_typelist *t, *t_next; k5_mutex_destroy(&rc_typelist_lock); for (t = typehead; t != &krb5_rc_typelist_dfl; t = t_next) { - t_next = t->next; - free(t); + t_next = t->next; + free(t); } } krb5_error_code krb5_rc_register_type(krb5_context context, - const krb5_rc_ops *ops) + const krb5_rc_ops *ops) { struct krb5_rc_typelist *t; krb5_error_code err; err = k5_mutex_lock(&rc_typelist_lock); if (err) - return err; + return err; for (t = typehead;t && strcmp(t->ops->type,ops->type);t = t->next) - ; + ; if (t) { - k5_mutex_unlock(&rc_typelist_lock); - return KRB5_RC_TYPE_EXISTS; + k5_mutex_unlock(&rc_typelist_lock); + return KRB5_RC_TYPE_EXISTS; } t = (struct krb5_rc_typelist *) malloc(sizeof(struct krb5_rc_typelist)); if (t == NULL) { - k5_mutex_unlock(&rc_typelist_lock); - return KRB5_RC_MALLOC; + k5_mutex_unlock(&rc_typelist_lock); + return KRB5_RC_MALLOC; } t->next = typehead; t->ops = ops; @@ -67,18 +67,18 @@ krb5_error_code krb5_rc_register_type(krb5_context context, } krb5_error_code krb5_rc_resolve_type(krb5_context context, krb5_rcache *id, - char *type) + char *type) { struct krb5_rc_typelist *t; krb5_error_code err; err = k5_mutex_lock(&rc_typelist_lock); if (err) - return err; + return err; for (t = typehead;t && strcmp(t->ops->type,type);t = t->next) - ; + ; if (!t) { - k5_mutex_unlock(&rc_typelist_lock); - return KRB5_RC_TYPE_NOTFOUND; + k5_mutex_unlock(&rc_typelist_lock); + return KRB5_RC_TYPE_NOTFOUND; } /* allocate *id? nah */ (*id)->ops = t->ops; @@ -95,18 +95,18 @@ char * krb5_rc_default_type(krb5_context context) { char *s; if ((s = getenv("KRB5RCACHETYPE"))) - return s; + return s; else - return "dfl"; + return "dfl"; } char * krb5_rc_default_name(krb5_context context) { char *s; if ((s = getenv("KRB5RCACHENAME"))) - return s; + return s; else - return (char *) 0; + return (char *) 0; } krb5_error_code @@ -115,18 +115,18 @@ krb5_rc_default(krb5_context context, krb5_rcache *id) krb5_error_code retval; if (!(*id = (krb5_rcache )malloc(sizeof(**id)))) - return KRB5_RC_MALLOC; + return KRB5_RC_MALLOC; - if ((retval = krb5_rc_resolve_type(context, id, - krb5_rc_default_type(context)))) { - FREE(*id); - return retval; + if ((retval = krb5_rc_resolve_type(context, id, + krb5_rc_default_type(context)))) { + FREE(*id); + return retval; } - if ((retval = krb5_rc_resolve(context, *id, - krb5_rc_default_name(context)))) { - k5_mutex_destroy(&(*id)->lock); - FREE(*id); - return retval; + if ((retval = krb5_rc_resolve(context, *id, + krb5_rc_default_name(context)))) { + k5_mutex_destroy(&(*id)->lock); + FREE(*id); + return retval; } (*id)->magic = KV5M_RCACHE; return retval; @@ -141,31 +141,30 @@ krb5_error_code krb5_rc_resolve_full(krb5_context context, krb5_rcache *id, char unsigned int diff; if (!(residual = strchr(string_name,':'))) - return KRB5_RC_PARSE; - + return KRB5_RC_PARSE; + diff = residual - string_name; if (!(type = malloc(diff + 1))) - return KRB5_RC_MALLOC; + return KRB5_RC_MALLOC; (void) strncpy(type, string_name, diff); type[residual - string_name] = '\0'; if (!(*id = (krb5_rcache) malloc(sizeof(**id)))) { - FREE(type); - return KRB5_RC_MALLOC; + FREE(type); + return KRB5_RC_MALLOC; } if ((retval = krb5_rc_resolve_type(context, id,type))) { - FREE(type); - FREE(*id); - return retval; + FREE(type); + FREE(*id); + return retval; } FREE(type); if ((retval = krb5_rc_resolve(context, *id,residual + 1))) { - k5_mutex_destroy(&(*id)->lock); - FREE(*id); - return retval; + k5_mutex_destroy(&(*id)->lock); + FREE(*id); + return retval; } (*id)->magic = KV5M_RCACHE; return retval; } - diff --git a/src/lib/krb5/rcache/rc_base.h b/src/lib/krb5/rcache/rc_base.h index e2e27677ec..b8687f2fef 100644 --- a/src/lib/krb5/rcache/rc_base.h +++ b/src/lib/krb5/rcache/rc_base.h @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_base.h * diff --git a/src/lib/krb5/rcache/rc_conv.c b/src/lib/krb5/rcache/rc_conv.c index 8eb73ccbe8..16ed9e7eb8 100644 --- a/src/lib/krb5/rcache/rc_conv.c +++ b/src/lib/krb5/rcache/rc_conv.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_conv.c * @@ -6,7 +7,6 @@ * */ - /* * An implementation for the default replay cache type. */ @@ -16,23 +16,23 @@ #include "rc_base.h" /* -Local stuff: - krb5_auth_to_replay(context, krb5_tkt_authent *auth,krb5_donot_replay *rep) + Local stuff: + krb5_auth_to_replay(context, krb5_tkt_authent *auth,krb5_donot_replay *rep) given auth, take important information and make rep; return -1 if failed */ krb5_error_code krb5_auth_to_rep(krb5_context context, krb5_tkt_authent *auth, krb5_donot_replay *rep) { - krb5_error_code retval; - rep->cusec = auth->authenticator->cusec; - rep->ctime = auth->authenticator->ctime; - if ((retval = krb5_unparse_name(context, auth->ticket->server, &rep->server))) - return retval; /* shouldn't happen */ - if ((retval = krb5_unparse_name(context, auth->authenticator->client, - &rep->client))) { - FREE(rep->server); - return retval; /* shouldn't happen. */ - } - return 0; + krb5_error_code retval; + rep->cusec = auth->authenticator->cusec; + rep->ctime = auth->authenticator->ctime; + if ((retval = krb5_unparse_name(context, auth->ticket->server, &rep->server))) + return retval; /* shouldn't happen */ + if ((retval = krb5_unparse_name(context, auth->authenticator->client, + &rep->client))) { + FREE(rep->server); + return retval; /* shouldn't happen. */ + } + return 0; } diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c index 4b1c174b2c..aa0b3a5f98 100644 --- a/src/lib/krb5/rcache/rc_dfl.c +++ b/src/lib/krb5/rcache/rc_dfl.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_dfl.c * @@ -6,7 +7,6 @@ * */ - /* * An implementation for the default replay cache type. */ @@ -22,23 +22,23 @@ */ /* -Local stuff: + Local stuff: -static int hash(krb5_donot_replay *rep, int hsize) + static int hash(krb5_donot_replay *rep, int hsize) returns hash value of *rep, between 0 and hsize - 1 -HASHSIZE + HASHSIZE size of hash table (constant), can be preset -static int cmp(krb5_donot_replay *old, krb5_donot_replay *new, krb5_deltat t) + static int cmp(krb5_donot_replay *old, krb5_donot_replay *new, krb5_deltat t) compare old and new; return CMP_REPLAY or CMP_HOHUM -static int alive(krb5_context, krb5_donot_replay *new, krb5_deltat t) + static int alive(krb5_context, krb5_donot_replay *new, krb5_deltat t) see if new is still alive; return CMP_EXPIRED or CMP_HOHUM -CMP_MALLOC, CMP_EXPIRED, CMP_REPLAY, CMP_HOHUM + CMP_MALLOC, CMP_EXPIRED, CMP_REPLAY, CMP_HOHUM return codes from cmp(), alive(), and store() -struct dfl_data + struct dfl_data data stored in this cache type, namely "dfl" -struct authlist + struct authlist multilinked list of reps -static int rc_store(context, krb5_rcache id, krb5_donot_replay *rep) + static int rc_store(context, krb5_rcache id, krb5_donot_replay *rep) store rep in cache id; return CMP_REPLAY if replay, else CMP_MALLOC/CMP_HOHUM */ @@ -83,10 +83,10 @@ static int cmp(krb5_donot_replay *old, krb5_donot_replay *new1, krb5_deltat t) { if ((old->cusec == new1->cusec) && /* most likely to distinguish */ - (old->ctime == new1->ctime) && - (strcmp(old->client, new1->client) == 0) && - (strcmp(old->server, new1->server) == 0)) /* always true */ - return CMP_REPLAY; + (old->ctime == new1->ctime) && + (strcmp(old->client, new1->client) == 0) && + (strcmp(old->server, new1->server) == 0)) /* always true */ + return CMP_REPLAY; return CMP_HOHUM; } @@ -94,10 +94,10 @@ static int alive(krb5_int32 mytime, krb5_donot_replay *new1, krb5_deltat t) { if (mytime == 0) - return CMP_HOHUM; /* who cares? */ + return CMP_HOHUM; /* who cares? */ /* I hope we don't have to worry about overflow */ if (new1->ctime + t < mytime) - return CMP_EXPIRED; + return CMP_EXPIRED; return CMP_HOHUM; } @@ -128,7 +128,7 @@ struct authlist static int rc_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep, - krb5_int32 now) + krb5_int32 now) { struct dfl_data *t = (struct dfl_data *)id->data; unsigned int rephash; @@ -137,34 +137,34 @@ rc_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep, rephash = hash(rep, t->hsize); for (ta = t->h[rephash]; ta; ta = ta->nh) { - switch(cmp(&ta->rep, rep, t->lifespan)) - { - case CMP_REPLAY: - return CMP_REPLAY; - case CMP_HOHUM: - if (alive(now, &ta->rep, t->lifespan) == CMP_EXPIRED) - t->nummisses++; - else - t->numhits++; - break; - default: - ; /* wtf? */ - } + switch(cmp(&ta->rep, rep, t->lifespan)) + { + case CMP_REPLAY: + return CMP_REPLAY; + case CMP_HOHUM: + if (alive(now, &ta->rep, t->lifespan) == CMP_EXPIRED) + t->nummisses++; + else + t->numhits++; + break; + default: + ; /* wtf? */ + } } if (!(ta = (struct authlist *) malloc(sizeof(struct authlist)))) - return CMP_MALLOC; + return CMP_MALLOC; ta->na = t->a; t->a = ta; ta->nh = t->h[rephash]; t->h[rephash] = ta; ta->rep = *rep; if (!(ta->rep.client = strdup(rep->client))) { - FREE(ta); - return CMP_MALLOC; + FREE(ta); + return CMP_MALLOC; } if (!(ta->rep.server = strdup(rep->server))) { - FREE(ta->rep.client); - FREE(ta); - return CMP_MALLOC; + FREE(ta->rep.client); + FREE(ta); + return CMP_MALLOC; } return CMP_HOHUM; @@ -178,14 +178,14 @@ krb5_rc_dfl_get_name(krb5_context context, krb5_rcache id) krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span(krb5_context context, krb5_rcache id, - krb5_deltat *lifespan) + krb5_deltat *lifespan) { krb5_error_code err; struct dfl_data *t; err = k5_mutex_lock(&id->lock); if (err) - return err; + return err; t = (struct dfl_data *) id->data; *lifespan = t->lifespan; k5_mutex_unlock(&id->lock); @@ -202,12 +202,12 @@ krb5_rc_dfl_init_locked(krb5_context context, krb5_rcache id, krb5_deltat lifesp /* default to clockskew from the context */ #ifndef NOIOSTUFF if ((retval = krb5_rc_io_creat(context, &t->d, &t->name))) { - return retval; + return retval; } if ((krb5_rc_io_write(context, &t->d, - (krb5_pointer) &t->lifespan, sizeof(t->lifespan)) - || krb5_rc_io_sync(context, &t->d))) { - return KRB5_RC_IO; + (krb5_pointer) &t->lifespan, sizeof(t->lifespan)) + || krb5_rc_io_sync(context, &t->d))) { + return KRB5_RC_IO; } #endif return 0; @@ -220,7 +220,7 @@ krb5_rc_dfl_init(krb5_context context, krb5_rcache id, krb5_deltat lifespan) retval = k5_mutex_lock(&id->lock); if (retval) - return retval; + return retval; retval = krb5_rc_dfl_init_locked(context, id, lifespan); k5_mutex_unlock(&id->lock); return retval; @@ -235,13 +235,13 @@ krb5_rc_dfl_close_no_free(krb5_context context, krb5_rcache id) FREE(t->h); if (t->name) - FREE(t->name); + FREE(t->name); while ((q = t->a)) { - t->a = q->na; - FREE(q->rep.client); - FREE(q->rep.server); - FREE(q); + t->a = q->na; + FREE(q->rep.client); + FREE(q->rep.server); + FREE(q); } #ifndef NOIOSTUFF (void) krb5_rc_io_close(context, &t->d); @@ -256,7 +256,7 @@ krb5_rc_dfl_close(krb5_context context, krb5_rcache id) krb5_error_code retval; retval = k5_mutex_lock(&id->lock); if (retval) - return retval; + return retval; krb5_rc_dfl_close_no_free(context, id); k5_mutex_unlock(&id->lock); k5_mutex_destroy(&id->lock); @@ -269,7 +269,7 @@ krb5_rc_dfl_destroy(krb5_context context, krb5_rcache id) { #ifndef NOIOSTUFF if (krb5_rc_io_destroy(context, &((struct dfl_data *) (id->data))->d)) - return KRB5_RC_IO; + return KRB5_RC_IO; #endif return krb5_rc_dfl_close(context, id); } @@ -282,23 +282,22 @@ krb5_rc_dfl_resolve(krb5_context context, krb5_rcache id, char *name) /* allocate id? no */ if (!(t = (struct dfl_data *) calloc(1, sizeof(struct dfl_data)))) - return KRB5_RC_MALLOC; + return KRB5_RC_MALLOC; id->data = (krb5_pointer) t; if (name) { - t->name = malloc(strlen(name)+1); - if (!t->name) { - retval = KRB5_RC_MALLOC; - goto cleanup; - } - strcpy(t->name, name); + t->name = strdup(name); + if (!t->name) { + retval = KRB5_RC_MALLOC; + goto cleanup; + } } else - t->name = 0; + t->name = 0; t->numhits = t->nummisses = 0; t->hsize = HASHSIZE; /* no need to store---it's memory-only */ t->h = (struct authlist **) malloc(t->hsize*sizeof(struct authlist *)); if (!t->h) { - retval = KRB5_RC_MALLOC; - goto cleanup; + retval = KRB5_RC_MALLOC; + goto cleanup; } memset(t->h, 0, t->hsize*sizeof(struct authlist *)); t->a = (struct authlist *) 0; @@ -310,11 +309,11 @@ krb5_rc_dfl_resolve(krb5_context context, krb5_rcache id, char *name) cleanup: if (t) { - if (t->name) - krb5_xfree(t->name); - if (t->h) - krb5_xfree(t->h); - krb5_xfree(t); + if (t->name) + krb5_xfree(t->name); + if (t->h) + krb5_xfree(t->h); + krb5_xfree(t); } return retval; } @@ -327,20 +326,20 @@ krb5_rc_free_entry(krb5_context context, krb5_donot_replay **rep) *rep = NULL; if (rp) { - if (rp->client) - free(rp->client); - - if (rp->server) - free(rp->server); - rp->client = NULL; - rp->server = NULL; - free(rp); + if (rp->client) + free(rp->client); + + if (rp->server) + free(rp->server); + rp->client = NULL; + rp->server = NULL; + free(rp); } } static krb5_error_code krb5_rc_io_fetch(krb5_context context, struct dfl_data *t, - krb5_donot_replay *rep, int maxlen) + krb5_donot_replay *rep, int maxlen) { int len2; unsigned int len; @@ -349,60 +348,60 @@ krb5_rc_io_fetch(krb5_context context, struct dfl_data *t, rep->client = rep->server = 0; retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2, - sizeof(len2)); + sizeof(len2)); if (retval) - return retval; + return retval; if ((len2 <= 0) || (len2 >= maxlen)) - return KRB5_RC_IO_EOF; + return KRB5_RC_IO_EOF; len = len2; rep->client = malloc (len); if (!rep->client) - return KRB5_RC_MALLOC; + return KRB5_RC_MALLOC; retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) rep->client, len); if (retval) - goto errout; + goto errout; - retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2, - sizeof(len2)); + retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &len2, + sizeof(len2)); if (retval) - goto errout; + goto errout; if ((len2 <= 0) || (len2 >= maxlen)) { - retval = KRB5_RC_IO_EOF; - goto errout; + retval = KRB5_RC_IO_EOF; + goto errout; } len = len2; rep->server = malloc (len); if (!rep->server) { - retval = KRB5_RC_MALLOC; - goto errout; + retval = KRB5_RC_MALLOC; + goto errout; } retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) rep->server, len); if (retval) - goto errout; + goto errout; retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &rep->cusec, - sizeof(rep->cusec)); + sizeof(rep->cusec)); if (retval) - goto errout; + goto errout; retval = krb5_rc_io_read(context, &t->d, (krb5_pointer) &rep->ctime, - sizeof(rep->ctime)); + sizeof(rep->ctime)); if (retval) - goto errout; + goto errout; return 0; errout: if (rep->client) - krb5_xfree(rep->client); + krb5_xfree(rep->client); if (rep->server) - krb5_xfree(rep->server); + krb5_xfree(rep->server); rep->client = rep->server = 0; return retval; } @@ -426,7 +425,7 @@ krb5_rc_dfl_recover_locked(krb5_context context, krb5_rcache id) krb5_int32 now; if ((retval = krb5_rc_io_open(context, &t->d, t->name))) { - return retval; + return retval; } t->recovering = 1; @@ -435,50 +434,50 @@ krb5_rc_dfl_recover_locked(krb5_context context, krb5_rcache id) rep = NULL; if (krb5_rc_io_read(context, &t->d, (krb5_pointer) &t->lifespan, - sizeof(t->lifespan))) { - retval = KRB5_RC_IO; - goto io_fail; + sizeof(t->lifespan))) { + retval = KRB5_RC_IO; + goto io_fail; } if (!(rep = (krb5_donot_replay *) malloc(sizeof(krb5_donot_replay)))) { - retval = KRB5_RC_MALLOC; - goto io_fail; + retval = KRB5_RC_MALLOC; + goto io_fail; } rep->client = NULL; rep->server = NULL; if (krb5_timeofday(context, &now)) - now = 0; + now = 0; /* now read in each auth_replay and insert into table */ for (;;) { - if (krb5_rc_io_mark(context, &t->d)) { - retval = KRB5_RC_IO; - goto io_fail; - } - - retval = krb5_rc_io_fetch(context, t, rep, (int) max_size); - - if (retval == KRB5_RC_IO_EOF) - break; - else if (retval != 0) - goto io_fail; - - - if (alive(now, rep, t->lifespan) != CMP_EXPIRED) { - if (rc_store(context, id, rep, now) == CMP_MALLOC) { - retval = KRB5_RC_MALLOC; goto io_fail; - } - } else { - expired_entries++; - } - /* - * free fields allocated by rc_io_fetch - */ - FREE(rep->server); - FREE(rep->client); - rep->server = 0; - rep->client = 0; + if (krb5_rc_io_mark(context, &t->d)) { + retval = KRB5_RC_IO; + goto io_fail; + } + + retval = krb5_rc_io_fetch(context, t, rep, (int) max_size); + + if (retval == KRB5_RC_IO_EOF) + break; + else if (retval != 0) + goto io_fail; + + + if (alive(now, rep, t->lifespan) != CMP_EXPIRED) { + if (rc_store(context, id, rep, now) == CMP_MALLOC) { + retval = KRB5_RC_MALLOC; goto io_fail; + } + } else { + expired_entries++; + } + /* + * free fields allocated by rc_io_fetch + */ + FREE(rep->server); + FREE(rep->client); + rep->server = 0; + rep->client = 0; } retval = 0; krb5_rc_io_unmark(context, &t->d); @@ -489,9 +488,9 @@ krb5_rc_dfl_recover_locked(krb5_context context, krb5_rcache id) io_fail: krb5_rc_free_entry(context, &rep); if (retval) - krb5_rc_io_close(context, &t->d); + krb5_rc_io_close(context, &t->d); else if (expired_entries > EXCESSREPS) - retval = krb5_rc_dfl_expunge_locked(context, id); + retval = krb5_rc_dfl_expunge_locked(context, id); t->recovering = 0; return retval; @@ -504,7 +503,7 @@ krb5_rc_dfl_recover(krb5_context context, krb5_rcache id) krb5_error_code ret; ret = k5_mutex_lock(&id->lock); if (ret) - return ret; + return ret; ret = krb5_rc_dfl_recover_locked(context, id); k5_mutex_unlock(&id->lock); return ret; @@ -512,23 +511,23 @@ krb5_rc_dfl_recover(krb5_context context, krb5_rcache id) krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover_or_init(krb5_context context, krb5_rcache id, - krb5_deltat lifespan) + krb5_deltat lifespan) { krb5_error_code retval; retval = k5_mutex_lock(&id->lock); if (retval) - return retval; + return retval; retval = krb5_rc_dfl_recover_locked(context, id); if (retval) - retval = krb5_rc_dfl_init_locked(context, id, lifespan); + retval = krb5_rc_dfl_init_locked(context, id, lifespan); k5_mutex_unlock(&id->lock); return retval; } static krb5_error_code krb5_rc_io_store(krb5_context context, struct dfl_data *t, - krb5_donot_replay *rep) + krb5_donot_replay *rep) { unsigned int clientlen, serverlen, len; char *buf, *ptr; @@ -537,10 +536,10 @@ krb5_rc_io_store(krb5_context context, struct dfl_data *t, clientlen = strlen(rep->client) + 1; serverlen = strlen(rep->server) + 1; len = sizeof(clientlen) + clientlen + sizeof(serverlen) + serverlen + - sizeof(rep->cusec) + sizeof(rep->ctime); + sizeof(rep->cusec) + sizeof(rep->ctime); buf = malloc(len); if (buf == 0) - return KRB5_RC_MALLOC; + return KRB5_RC_MALLOC; ptr = buf; memcpy(ptr, &clientlen, sizeof(clientlen)); ptr += sizeof(clientlen); memcpy(ptr, rep->client, clientlen); ptr += clientlen; @@ -565,19 +564,19 @@ krb5_rc_dfl_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep) ret = krb5_timeofday(context, &now); if (ret) - return ret; + return ret; ret = k5_mutex_lock(&id->lock); if (ret) - return ret; + return ret; switch(rc_store(context, id, rep, now)) { case CMP_MALLOC: - k5_mutex_unlock(&id->lock); - return KRB5_RC_MALLOC; + k5_mutex_unlock(&id->lock); + return KRB5_RC_MALLOC; case CMP_REPLAY: - k5_mutex_unlock(&id->lock); - return KRB5KRB_AP_ERR_REPEAT; + k5_mutex_unlock(&id->lock); + return KRB5KRB_AP_ERR_REPEAT; case 0: break; default: /* wtf? */ ; } @@ -585,24 +584,24 @@ krb5_rc_dfl_store(krb5_context context, krb5_rcache id, krb5_donot_replay *rep) #ifndef NOIOSTUFF ret = krb5_rc_io_store(context, t, rep); if (ret) { - k5_mutex_unlock(&id->lock); - return ret; + k5_mutex_unlock(&id->lock); + return ret; } #endif /* Shall we automatically expunge? */ if (t->nummisses > t->numhits + EXCESSREPS) { - ret = krb5_rc_dfl_expunge_locked(context, id); - k5_mutex_unlock(&id->lock); - return ret; + ret = krb5_rc_dfl_expunge_locked(context, id); + k5_mutex_unlock(&id->lock); + return ret; } #ifndef NOIOSTUFF else { - if (krb5_rc_io_sync(context, &t->d)) { - k5_mutex_unlock(&id->lock); - return KRB5_RC_IO; - } + if (krb5_rc_io_sync(context, &t->d)) { + k5_mutex_unlock(&id->lock); + return KRB5_RC_IO; + } } #endif k5_mutex_unlock(&id->lock); @@ -622,24 +621,24 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) krb5_int32 now; if (krb5_timestamp(context, &now)) - now = 0; + now = 0; for (q = &t->a; *q; q = qt) { - qt = &(*q)->na; - if (alive(now, &(*q)->rep, t->lifespan) == CMP_EXPIRED) { - FREE((*q)->rep.client); - FREE((*q)->rep.server); - FREE(*q); - *q = *qt; /* why doesn't this feel right? */ - } + qt = &(*q)->na; + if (alive(now, &(*q)->rep, t->lifespan) == CMP_EXPIRED) { + FREE((*q)->rep.client); + FREE((*q)->rep.server); + FREE(*q); + *q = *qt; /* why doesn't this feel right? */ + } } for (i = 0; i < t->hsize; i++) - t->h[i] = (struct authlist *) 0; + t->h[i] = (struct authlist *) 0; for (r = t->a; r; r = r->na) { - i = hash(&r->rep, t->hsize); - rt = t->h[i]; - t->h[i] = r; - r->nh = rt; + i = hash(&r->rep, t->hsize); + rt = t->h[i]; + t->h[i] = r; + r->nh = rt; } return 0; #else @@ -650,22 +649,22 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) krb5_deltat lifespan = t->lifespan; /* save original lifespan */ if (! t->recovering) { - name = t->name; - t->name = 0; /* Clear name so it isn't freed */ - (void) krb5_rc_dfl_close_no_free(context, id); - retval = krb5_rc_dfl_resolve(context, id, name); - free(name); - if (retval) - return retval; - retval = krb5_rc_dfl_recover_locked(context, id); - if (retval) - return retval; - t = (struct dfl_data *)id->data; /* point to recovered cache */ + name = t->name; + t->name = 0; /* Clear name so it isn't freed */ + (void) krb5_rc_dfl_close_no_free(context, id); + retval = krb5_rc_dfl_resolve(context, id, name); + free(name); + if (retval) + return retval; + retval = krb5_rc_dfl_recover_locked(context, id); + if (retval) + return retval; + t = (struct dfl_data *)id->data; /* point to recovered cache */ } tmp = (krb5_rcache) malloc(sizeof(*tmp)); if (!tmp) - return ENOMEM; + return ENOMEM; retval = krb5_rc_resolve_type(context, &tmp, "dfl"); if (retval) { free(tmp); @@ -678,7 +677,7 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) if (retval) goto cleanup; for (q = t->a; q; q = q->na) { - if (krb5_rc_io_store(context, (struct dfl_data *)tmp->data, &q->rep)) { + if (krb5_rc_io_store(context, (struct dfl_data *)tmp->data, &q->rep)) { retval = KRB5_RC_IO; goto cleanup; } @@ -692,7 +691,7 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id) if (krb5_rc_io_move(context, &t->d, &((struct dfl_data *)tmp->data)->d)) goto cleanup; retval = 0; - cleanup: +cleanup: (void) krb5_rc_dfl_close(context, tmp); return retval; #endif @@ -704,7 +703,7 @@ krb5_rc_dfl_expunge(krb5_context context, krb5_rcache id) krb5_error_code ret; ret = k5_mutex_lock(&id->lock); if (ret) - return ret; + return ret; ret = krb5_rc_dfl_expunge_locked(context, id); k5_mutex_unlock(&id->lock); return ret; diff --git a/src/lib/krb5/rcache/rc_dfl.h b/src/lib/krb5/rcache/rc_dfl.h index d5fdd1a69f..4a6badafe9 100644 --- a/src/lib/krb5/rcache/rc_dfl.h +++ b/src/lib/krb5/rcache/rc_dfl.h @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_dfl.h * @@ -13,44 +14,43 @@ #ifndef KRB5_RC_DFL_H #define KRB5_RC_DFL_H -krb5_error_code KRB5_CALLCONV krb5_rc_dfl_init - (krb5_context, - krb5_rcache, - krb5_deltat); -krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover - (krb5_context, - krb5_rcache); +krb5_error_code KRB5_CALLCONV krb5_rc_dfl_init + (krb5_context, + krb5_rcache, + krb5_deltat); +krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover + (krb5_context, + krb5_rcache); krb5_error_code KRB5_CALLCONV krb5_rc_dfl_recover_or_init - (krb5_context, krb5_rcache, krb5_deltat); -krb5_error_code KRB5_CALLCONV krb5_rc_dfl_destroy - (krb5_context, - krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_dfl_close - (krb5_context, - krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_dfl_store - (krb5_context, - krb5_rcache, - krb5_donot_replay *); -krb5_error_code KRB5_CALLCONV krb5_rc_dfl_expunge - (krb5_context, - krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span - (krb5_context, - krb5_rcache, - krb5_deltat *); -char * KRB5_CALLCONV krb5_rc_dfl_get_name - (krb5_context, - krb5_rcache); -krb5_error_code KRB5_CALLCONV krb5_rc_dfl_resolve - (krb5_context, - krb5_rcache, - char *); + (krb5_context, krb5_rcache, krb5_deltat); +krb5_error_code KRB5_CALLCONV krb5_rc_dfl_destroy + (krb5_context, + krb5_rcache); +krb5_error_code KRB5_CALLCONV krb5_rc_dfl_close + (krb5_context, + krb5_rcache); +krb5_error_code KRB5_CALLCONV krb5_rc_dfl_store + (krb5_context, + krb5_rcache, + krb5_donot_replay *); +krb5_error_code KRB5_CALLCONV krb5_rc_dfl_expunge + (krb5_context, + krb5_rcache); +krb5_error_code KRB5_CALLCONV krb5_rc_dfl_get_span + (krb5_context, + krb5_rcache, + krb5_deltat *); +char * KRB5_CALLCONV krb5_rc_dfl_get_name + (krb5_context, + krb5_rcache); +krb5_error_code KRB5_CALLCONV krb5_rc_dfl_resolve + (krb5_context, + krb5_rcache, + char *); krb5_error_code krb5_rc_dfl_close_no_free - (krb5_context, - krb5_rcache); -void krb5_rc_free_entry - (krb5_context, - krb5_donot_replay **); + (krb5_context, + krb5_rcache); +void krb5_rc_free_entry + (krb5_context, + krb5_donot_replay **); #endif - diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 6692ae1459..5abf109c6c 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_io.c * @@ -6,7 +7,6 @@ * */ - /* * I/O functions for the replay cache default implementation. */ @@ -17,7 +17,7 @@ # define PATH_SEPARATOR "/" #endif -#define KRB5_RC_VNO 0x0501 /* krb5, rcache v 1 */ +#define KRB5_RC_VNO 0x0501 /* krb5, rcache v 1 */ #if HAVE_SYS_STAT_H #include @@ -52,17 +52,17 @@ getdir(void) if (!(dir = getenv("KRB5RCACHEDIR"))) { #if defined(_WIN32) - if (!(dir = getenv("TEMP"))) - if (!(dir = getenv("TMP"))) - dir = "C:"; + if (!(dir = getenv("TEMP"))) + if (!(dir = getenv("TMP"))) + dir = "C:"; #else - if (!(dir = getenv("TMPDIR"))) { + if (!(dir = getenv("TMPDIR"))) { #ifdef RCTMPDIR - dir = RCTMPDIR; + dir = RCTMPDIR; #else - dir = "/tmp"; + dir = "/tmp"; #endif - } + } #endif } return dir; @@ -85,17 +85,17 @@ krb5_rc_io_mkstemp(krb5_context context, krb5_rc_iostuff *d, char *dir) memset(&stbuf, 0, sizeof(stbuf)); if (asprintf(&d->fn, "%s%skrb5_RCXXXXXX", - dir, PATH_SEPARATOR) < 0) { - d->fn = NULL; - return KRB5_RC_IO_MALLOC; + dir, PATH_SEPARATOR) < 0) { + d->fn = NULL; + return KRB5_RC_IO_MALLOC; } d->fd = mkstemp(d->fn); if (d->fd == -1) { - /* - * This return value is deliberate because d->fd == -1 causes - * caller to go into errno interpretation code. - */ - return 0; + /* + * This return value is deliberate because d->fd == -1 causes + * caller to go into errno interpretation code. + */ + return 0; } #if HAVE_SYS_STAT_H /* @@ -104,18 +104,18 @@ krb5_rc_io_mkstemp(krb5_context context, krb5_rc_iostuff *d, char *dir) */ retval = fstat(d->fd, &stbuf); if (retval) { - krb5_set_error_message(context, retval, - "Cannot fstat replay cache file %s: %s", - d->fn, strerror(errno)); - return KRB5_RC_IO_UNKNOWN; + krb5_set_error_message(context, retval, + "Cannot fstat replay cache file %s: %s", + d->fn, strerror(errno)); + return KRB5_RC_IO_UNKNOWN; } if (stbuf.st_mode & 077) { - krb5_set_error_message(context, retval, - "Insecure mkstemp() file mode " - "for replay cache file %s; " - "try running this program " - "with umask 077 ", d->fn); - return KRB5_RC_IO_UNKNOWN; + krb5_set_error_message(context, retval, + "Insecure mkstemp() file mode " + "for replay cache file %s; " + "try running this program " + "with umask 077 ", d->fn); + return KRB5_RC_IO_UNKNOWN; } #endif return 0; @@ -127,7 +127,7 @@ static krb5_error_code rc_map_errno (int) __attribute__((cold)); static krb5_error_code rc_map_errno (krb5_context context, int e, const char *fn, - const char *operation) + const char *operation) { switch (e) { case EFBIG: @@ -135,25 +135,25 @@ rc_map_errno (krb5_context context, int e, const char *fn, case EDQUOT: #endif case ENOSPC: - return KRB5_RC_IO_SPACE; + return KRB5_RC_IO_SPACE; case EIO: - return KRB5_RC_IO_IO; + return KRB5_RC_IO_IO; case EPERM: case EACCES: case EROFS: case EEXIST: - krb5_set_error_message(context, KRB5_RC_IO_PERM, - "Cannot %s replay cache file %s: %s", - operation, fn, strerror(e)); - return KRB5_RC_IO_PERM; + krb5_set_error_message(context, KRB5_RC_IO_PERM, + "Cannot %s replay cache file %s: %s", + operation, fn, strerror(e)); + return KRB5_RC_IO_PERM; default: - krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, - "Cannot %s replay cache: %s", - operation, strerror(e)); - return KRB5_RC_IO_UNKNOWN; + krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, + "Cannot %s replay cache: %s", + operation, strerror(e)); + return KRB5_RC_IO_UNKNOWN; } } @@ -169,58 +169,55 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) GETDIR; if (fn && *fn) { - if (!(d->fn = malloc(strlen(*fn) + dirlen + 1))) - return KRB5_RC_IO_MALLOC; - (void) strcpy(d->fn, dir); - (void) strcat(d->fn, PATH_SEPARATOR); - (void) strcat(d->fn, *fn); - unlink(d->fn); - d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | - O_BINARY, 0600); + if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, *fn) < 0) + return KRB5_RC_IO_MALLOC; + unlink(d->fn); + d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | + O_BINARY, 0600); } else { - retval = krb5_rc_io_mkstemp(context, d, dir); - if (retval) - goto cleanup; - if (d->fd != -1 && fn) { - *fn = strdup(d->fn + dirlen); - if (*fn == NULL) { - free(d->fn); - return KRB5_RC_IO_MALLOC; - } - } + retval = krb5_rc_io_mkstemp(context, d, dir); + if (retval) + goto cleanup; + if (d->fd != -1 && fn) { + *fn = strdup(d->fn + dirlen); + if (*fn == NULL) { + free(d->fn); + return KRB5_RC_IO_MALLOC; + } + } } if (d->fd == -1) { - retval = rc_map_errno(context, errno, d->fn, "create"); - if (retval == KRB5_RC_IO_PERM) - do_not_unlink = 1; - goto cleanup; + retval = rc_map_errno(context, errno, d->fn, "create"); + if (retval == KRB5_RC_IO_PERM) + do_not_unlink = 1; + goto cleanup; } set_cloexec_fd(d->fd); retval = krb5_rc_io_write(context, d, (krb5_pointer)&rc_vno, - sizeof(rc_vno)); + sizeof(rc_vno)); if (retval) - goto cleanup; + goto cleanup; retval = krb5_rc_io_sync(context, d); - cleanup: +cleanup: if (retval) { - if (d->fn) { - if (!do_not_unlink) - (void) unlink(d->fn); - FREE(d->fn); - d->fn = NULL; - } - if (d->fd != -1) { - (void) close(d->fd); - } + if (d->fn) { + if (!do_not_unlink) + (void) unlink(d->fn); + FREE(d->fn); + d->fn = NULL; + } + if (d->fd != -1) { + (void) close(d->fd); + } } return retval; } static krb5_error_code krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, - char* full_pathname) + char* full_pathname) { krb5_int16 rc_vno; krb5_error_code retval = 0; @@ -233,58 +230,54 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, GETDIR; if (full_pathname) { - if (!(d->fn = malloc(strlen(full_pathname) + 1))) - return KRB5_RC_IO_MALLOC; - (void) strcpy(d->fn, full_pathname); + if (!(d->fn = strdup(full_pathname))) + return KRB5_RC_IO_MALLOC; } else { - if (!(d->fn = malloc(strlen(fn) + dirlen + 1))) - return KRB5_RC_IO_MALLOC; - (void) strcpy(d->fn, dir); - (void) strcat(d->fn, PATH_SEPARATOR); - (void) strcat(d->fn, fn); + if (asprintf(&d->fn, "%s%s%s", dir, PATH_SEPARATOR, fn) < 0) + return KRB5_RC_IO_MALLOC; } #ifdef NO_USERID d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600); #else if ((d->fd = stat(d->fn, &statb)) != -1) { - uid_t me; - - me = geteuid(); - /* must be owned by this user, to prevent some security problems with - * other users modifying replay cache stufff */ - if ((statb.st_uid != me) || ((statb.st_mode & S_IFMT) != S_IFREG)) { - FREE(d->fn); - return KRB5_RC_IO_PERM; - } - d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600); + uid_t me; + + me = geteuid(); + /* must be owned by this user, to prevent some security problems with + * other users modifying replay cache stufff */ + if ((statb.st_uid != me) || ((statb.st_mode & S_IFMT) != S_IFREG)) { + FREE(d->fn); + return KRB5_RC_IO_PERM; + } + d->fd = THREEPARAMOPEN(d->fn, O_RDWR | O_BINARY, 0600); } #endif if (d->fd == -1) { - retval = rc_map_errno(context, errno, d->fn, "open"); - goto cleanup; + retval = rc_map_errno(context, errno, d->fn, "open"); + goto cleanup; } set_cloexec_fd(d->fd); do_not_unlink = 0; retval = krb5_rc_io_read(context, d, (krb5_pointer) &rc_vno, - sizeof(rc_vno)); + sizeof(rc_vno)); if (retval) - goto cleanup; + goto cleanup; if (ntohs(rc_vno) != KRB5_RC_VNO) - retval = KRB5_RCACHE_BADVNO; + retval = KRB5_RCACHE_BADVNO; - cleanup: +cleanup: if (retval) { - if (d->fn) { - if (!do_not_unlink) - (void) unlink(d->fn); - FREE(d->fn); - d->fn = NULL; - } - if (d->fd >= 0) - (void) close(d->fd); + if (d->fn) { + if (!do_not_unlink) + (void) unlink(d->fn); + FREE(d->fn); + d->fn = NULL; + } + if (d->fd >= 0) + (void) close(d->fd); } return retval; } @@ -297,7 +290,7 @@ krb5_rc_io_open(krb5_context context, krb5_rc_iostuff *d, char *fn) krb5_error_code krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1, - krb5_rc_iostuff *old) + krb5_rc_iostuff *old) { #if defined(_WIN32) || defined(__CYGWIN__) char *new_fn = NULL; @@ -341,29 +334,29 @@ krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1, old->fd = -1; if (rename(old_fn, new_fn) == -1) { /* MUST be atomic! */ - retval = KRB5_RC_IO_UNKNOWN; - goto cleanup; + retval = KRB5_RC_IO_UNKNOWN; + goto cleanup; } retval = krb5_rc_io_open_internal(context, new1, 0, new_fn); if (retval) - goto cleanup; + goto cleanup; if (lseek(new1->fd, offset, SEEK_SET) == -1) { - retval = KRB5_RC_IO_UNKNOWN; - goto cleanup; + retval = KRB5_RC_IO_UNKNOWN; + goto cleanup; } - cleanup: +cleanup: free(new_fn); free(old_fn); return retval; #else char *fn = NULL; if (rename(old->fn, new1->fn) == -1) /* MUST be atomic! */ - return KRB5_RC_IO_UNKNOWN; + return KRB5_RC_IO_UNKNOWN; fn = new1->fn; - new1->fn = NULL; /* avoid clobbering */ + new1->fn = NULL; /* avoid clobbering */ (void) krb5_rc_io_close(context, new1); new1->fn = fn; new1->fd = dup(old->fd); @@ -374,32 +367,32 @@ krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1, krb5_error_code krb5_rc_io_write(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf, - unsigned int num) + unsigned int num) { if (write(d->fd, (char *) buf, num) == -1) - switch(errno) - { + switch(errno) + { #ifdef EDQUOT - case EDQUOT: + case EDQUOT: #endif - case EFBIG: - case ENOSPC: - krb5_set_error_message (context, KRB5_RC_IO_SPACE, - "Can't write to replay cache: %s", - strerror(errno)); - return KRB5_RC_IO_SPACE; - case EIO: - krb5_set_error_message (context, KRB5_RC_IO_IO, - "Can't write to replay cache: %s", - strerror(errno)); - return KRB5_RC_IO_IO; - case EBADF: - default: - krb5_set_error_message (context, KRB5_RC_IO_UNKNOWN, - "Can't write to replay cache: %s", - strerror(errno)); - return KRB5_RC_IO_UNKNOWN; - } + case EFBIG: + case ENOSPC: + krb5_set_error_message (context, KRB5_RC_IO_SPACE, + "Can't write to replay cache: %s", + strerror(errno)); + return KRB5_RC_IO_SPACE; + case EIO: + krb5_set_error_message (context, KRB5_RC_IO_IO, + "Can't write to replay cache: %s", + strerror(errno)); + return KRB5_RC_IO_IO; + case EBADF: + default: + krb5_set_error_message (context, KRB5_RC_IO_UNKNOWN, + "Can't write to replay cache: %s", + strerror(errno)); + return KRB5_RC_IO_UNKNOWN; + } return 0; } @@ -412,38 +405,38 @@ krb5_rc_io_sync(krb5_context context, krb5_rc_iostuff *d) #endif #endif if (fsync(d->fd) == -1) { - switch(errno) - { - case EBADF: return KRB5_RC_IO_UNKNOWN; - case EIO: return KRB5_RC_IO_IO; - default: - krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, - "Cannot sync replay cache file: %s", - strerror(errno)); - return KRB5_RC_IO_UNKNOWN; - } + switch(errno) + { + case EBADF: return KRB5_RC_IO_UNKNOWN; + case EIO: return KRB5_RC_IO_IO; + default: + krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, + "Cannot sync replay cache file: %s", + strerror(errno)); + return KRB5_RC_IO_UNKNOWN; + } } return 0; } krb5_error_code krb5_rc_io_read(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf, - unsigned int num) + unsigned int num) { int count; if ((count = read(d->fd, (char *) buf, num)) == -1) - switch(errno) - { - case EIO: return KRB5_RC_IO_IO; - case EBADF: - default: - krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, - "Can't read from replay cache: %s", - strerror(errno)); - return KRB5_RC_IO_UNKNOWN; - } + switch(errno) + { + case EIO: return KRB5_RC_IO_IO; + case EBADF: + default: + krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, + "Can't read from replay cache: %s", + strerror(errno)); + return KRB5_RC_IO_UNKNOWN; + } if (count < 0 || (unsigned int)count != num) - return KRB5_RC_IO_EOF; + return KRB5_RC_IO_EOF; return 0; } @@ -451,13 +444,13 @@ krb5_error_code krb5_rc_io_close(krb5_context context, krb5_rc_iostuff *d) { if (d->fn != NULL) { - FREE(d->fn); - d->fn = NULL; + FREE(d->fn); + d->fn = NULL; } if (d->fd != -1) { - if (close(d->fd) == -1) /* can't happen */ - return KRB5_RC_IO_UNKNOWN; - d->fd = -1; + if (close(d->fd) == -1) /* can't happen */ + return KRB5_RC_IO_UNKNOWN; + d->fd = -1; } return 0; } @@ -466,27 +459,27 @@ krb5_error_code krb5_rc_io_destroy(krb5_context context, krb5_rc_iostuff *d) { if (unlink(d->fn) == -1) - switch(errno) - { - case EIO: - krb5_set_error_message(context, KRB5_RC_IO_IO, - "Can't destroy replay cache: %s", - strerror(errno)); - return KRB5_RC_IO_IO; - case EPERM: - case EBUSY: - case EROFS: - krb5_set_error_message(context, KRB5_RC_IO_PERM, - "Can't destroy replay cache: %s", - strerror(errno)); - return KRB5_RC_IO_PERM; - case EBADF: - default: - krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, - "Can't destroy replay cache: %s", - strerror(errno)); - return KRB5_RC_IO_UNKNOWN; - } + switch(errno) + { + case EIO: + krb5_set_error_message(context, KRB5_RC_IO_IO, + "Can't destroy replay cache: %s", + strerror(errno)); + return KRB5_RC_IO_IO; + case EPERM: + case EBUSY: + case EROFS: + krb5_set_error_message(context, KRB5_RC_IO_PERM, + "Can't destroy replay cache: %s", + strerror(errno)); + return KRB5_RC_IO_PERM; + case EBADF: + default: + krb5_set_error_message(context, KRB5_RC_IO_UNKNOWN, + "Can't destroy replay cache: %s", + strerror(errno)); + return KRB5_RC_IO_UNKNOWN; + } return 0; } @@ -510,7 +503,7 @@ krb5_rc_io_size(krb5_context context, krb5_rc_iostuff *d) struct stat statb; if (fstat(d->fd, &statb) == 0) - return statb.st_size; + return statb.st_size; else - return 0; + return 0; } diff --git a/src/lib/krb5/rcache/rc_io.h b/src/lib/krb5/rcache/rc_io.h index 77eb34f0b1..a2e13bcc29 100644 --- a/src/lib/krb5/rcache/rc_io.h +++ b/src/lib/krb5/rcache/rc_io.h @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_io.h * @@ -27,44 +28,44 @@ krb5_rc_iostuff; /* first argument is always iostuff for result file */ -krb5_error_code krb5_rc_io_creat - (krb5_context, - krb5_rc_iostuff *, - char **); -krb5_error_code krb5_rc_io_open - (krb5_context, - krb5_rc_iostuff *, - char *); -krb5_error_code krb5_rc_io_move - (krb5_context, - krb5_rc_iostuff *, - krb5_rc_iostuff *); -krb5_error_code krb5_rc_io_write - (krb5_context, - krb5_rc_iostuff *, - krb5_pointer, - unsigned int); -krb5_error_code krb5_rc_io_read - (krb5_context, - krb5_rc_iostuff *, - krb5_pointer, - unsigned int); -krb5_error_code krb5_rc_io_close - (krb5_context, - krb5_rc_iostuff *); -krb5_error_code krb5_rc_io_destroy - (krb5_context, - krb5_rc_iostuff *); -krb5_error_code krb5_rc_io_mark - (krb5_context, - krb5_rc_iostuff *); -krb5_error_code krb5_rc_io_unmark - (krb5_context, - krb5_rc_iostuff *); +krb5_error_code krb5_rc_io_creat + (krb5_context, + krb5_rc_iostuff *, + char **); +krb5_error_code krb5_rc_io_open + (krb5_context, + krb5_rc_iostuff *, + char *); +krb5_error_code krb5_rc_io_move + (krb5_context, + krb5_rc_iostuff *, + krb5_rc_iostuff *); +krb5_error_code krb5_rc_io_write + (krb5_context, + krb5_rc_iostuff *, + krb5_pointer, + unsigned int); +krb5_error_code krb5_rc_io_read + (krb5_context, + krb5_rc_iostuff *, + krb5_pointer, + unsigned int); +krb5_error_code krb5_rc_io_close + (krb5_context, + krb5_rc_iostuff *); +krb5_error_code krb5_rc_io_destroy + (krb5_context, + krb5_rc_iostuff *); +krb5_error_code krb5_rc_io_mark + (krb5_context, + krb5_rc_iostuff *); +krb5_error_code krb5_rc_io_unmark + (krb5_context, + krb5_rc_iostuff *); krb5_error_code krb5_rc_io_sync - (krb5_context, - krb5_rc_iostuff *); + (krb5_context, + krb5_rc_iostuff *); long krb5_rc_io_size - (krb5_context, - krb5_rc_iostuff *); + (krb5_context, + krb5_rc_iostuff *); #endif diff --git a/src/lib/krb5/rcache/rc_none.c b/src/lib/krb5/rcache/rc_none.c index a306f86fe7..255dec9e38 100644 --- a/src/lib/krb5/rcache/rc_none.c +++ b/src/lib/krb5/rcache/rc_none.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rc_none.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * replay cache no-op implementation */ @@ -42,10 +43,10 @@ krb5_rc_none_noargs(krb5_context ctx, krb5_rcache rc) { return 0; } -#define krb5_rc_none_recover krb5_rc_none_noargs -#define krb5_rc_none_destroy krb5_rc_none_noargs -#define krb5_rc_none_close krb5_rc_none_noargs -#define krb5_rc_none_expunge krb5_rc_none_noargs +#define krb5_rc_none_recover krb5_rc_none_noargs +#define krb5_rc_none_destroy krb5_rc_none_noargs +#define krb5_rc_none_close krb5_rc_none_noargs +#define krb5_rc_none_expunge krb5_rc_none_noargs static krb5_error_code KRB5_CALLCONV krb5_rc_none_store(krb5_context ctx, krb5_rcache rc, krb5_donot_replay *r) diff --git a/src/lib/krb5/rcache/rcdef.c b/src/lib/krb5/rcache/rcdef.c index 0aa334fa85..c17fa8aff3 100644 --- a/src/lib/krb5/rcache/rcdef.c +++ b/src/lib/krb5/rcache/rcdef.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rcdef.c * @@ -32,18 +33,17 @@ #include "rc_dfl.h" const krb5_rc_ops krb5_rc_dfl_ops = - { - 0, - "dfl", - krb5_rc_dfl_init, - krb5_rc_dfl_recover, - krb5_rc_dfl_recover_or_init, - krb5_rc_dfl_destroy, - krb5_rc_dfl_close, - krb5_rc_dfl_store, - krb5_rc_dfl_expunge, - krb5_rc_dfl_get_span, - krb5_rc_dfl_get_name, - krb5_rc_dfl_resolve - } -; +{ + 0, + "dfl", + krb5_rc_dfl_init, + krb5_rc_dfl_recover, + krb5_rc_dfl_recover_or_init, + krb5_rc_dfl_destroy, + krb5_rc_dfl_close, + krb5_rc_dfl_store, + krb5_rc_dfl_expunge, + krb5_rc_dfl_get_span, + krb5_rc_dfl_get_name, + krb5_rc_dfl_resolve +}; diff --git a/src/lib/krb5/rcache/rcfns.c b/src/lib/krb5/rcache/rcfns.c index bcbcaf4be9..6794af6210 100644 --- a/src/lib/krb5/rcache/rcfns.c +++ b/src/lib/krb5/rcache/rcfns.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/rcfns.c * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -39,7 +40,7 @@ krb5_rc_initialize (krb5_context context, krb5_rcache id, krb5_deltat span) krb5_error_code KRB5_CALLCONV krb5_rc_recover_or_initialize (krb5_context context, krb5_rcache id, - krb5_deltat span) + krb5_deltat span) { return krb5_x(id->ops->recover_or_init,(context, id, span)); } @@ -64,7 +65,7 @@ krb5_rc_close (krb5_context context, krb5_rcache id) krb5_error_code KRB5_CALLCONV krb5_rc_store (krb5_context context, krb5_rcache id, - krb5_donot_replay *dontreplay) + krb5_donot_replay *dontreplay) { return krb5_x((id)->ops->store,(context, id, dontreplay)); } @@ -77,7 +78,7 @@ krb5_rc_expunge (krb5_context context, krb5_rcache id) krb5_error_code KRB5_CALLCONV krb5_rc_get_lifespan (krb5_context context, krb5_rcache id, - krb5_deltat *spanp) + krb5_deltat *spanp) { return krb5_x((id)->ops->get_span,(context, id, spanp)); } diff --git a/src/lib/krb5/rcache/ser_rc.c b/src/lib/krb5/rcache/ser_rc.c index af19edf7a6..148ec5d78a 100644 --- a/src/lib/krb5/rcache/ser_rc.c +++ b/src/lib/krb5/rcache/ser_rc.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/rcache/ser_rc.c * @@ -33,167 +34,167 @@ /* * Routines to deal with externalizing krb5_rcache. - * krb5_rcache_size(); - * krb5_rcache_externalize(); - * krb5_rcache_internalize(); + * krb5_rcache_size(); + * krb5_rcache_externalize(); + * krb5_rcache_internalize(); */ static krb5_error_code krb5_rcache_size - (krb5_context, krb5_pointer, size_t *); + (krb5_context, krb5_pointer, size_t *); static krb5_error_code krb5_rcache_externalize - (krb5_context, krb5_pointer, krb5_octet **, size_t *); + (krb5_context, krb5_pointer, krb5_octet **, size_t *); static krb5_error_code krb5_rcache_internalize - (krb5_context,krb5_pointer *, krb5_octet **, size_t *); + (krb5_context,krb5_pointer *, krb5_octet **, size_t *); /* * Serialization entry for this type. */ static const krb5_ser_entry krb5_rcache_ser_entry = { - KV5M_RCACHE, /* Type */ - krb5_rcache_size, /* Sizer routine */ - krb5_rcache_externalize, /* Externalize routine */ - krb5_rcache_internalize /* Internalize routine */ + KV5M_RCACHE, /* Type */ + krb5_rcache_size, /* Sizer routine */ + krb5_rcache_externalize, /* Externalize routine */ + krb5_rcache_internalize /* Internalize routine */ }; /* - * krb5_rcache_size() - Determine the size required to externalize - * this krb5_rcache variant. + * krb5_rcache_size() - Determine the size required to externalize + * this krb5_rcache variant. */ static krb5_error_code krb5_rcache_size(krb5_context kcontext, krb5_pointer arg, size_t *sizep) { - krb5_error_code kret; - krb5_rcache rcache; - size_t required; + krb5_error_code kret; + krb5_rcache rcache; + size_t required; kret = EINVAL; if ((rcache = (krb5_rcache) arg)) { - /* - * Saving FILE: variants of krb5_rcache requires at minimum: - * krb5_int32 for KV5M_RCACHE - * krb5_int32 for length of rcache name. - * krb5_int32 for KV5M_RCACHE - */ - required = sizeof(krb5_int32) * 3; - if (rcache->ops && rcache->ops->type) - required += (strlen(rcache->ops->type)+1); + /* + * Saving FILE: variants of krb5_rcache requires at minimum: + * krb5_int32 for KV5M_RCACHE + * krb5_int32 for length of rcache name. + * krb5_int32 for KV5M_RCACHE + */ + required = sizeof(krb5_int32) * 3; + if (rcache->ops && rcache->ops->type) + required += (strlen(rcache->ops->type)+1); - /* - * The rcache name is formed as follows: - * : - */ - required += strlen(krb5_rc_get_name(kcontext, rcache)); + /* + * The rcache name is formed as follows: + * : + */ + required += strlen(krb5_rc_get_name(kcontext, rcache)); - kret = 0; - *sizep += required; + kret = 0; + *sizep += required; } return(kret); } /* - * krb5_rcache_externalize() - Externalize the krb5_rcache. + * krb5_rcache_externalize() - Externalize the krb5_rcache. */ static krb5_error_code krb5_rcache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_rcache rcache; - size_t required; - krb5_octet *bp; - size_t remain; - char *rcname; - size_t namelen; - char *fnamep; + krb5_error_code kret; + krb5_rcache rcache; + size_t required; + krb5_octet *bp; + size_t remain; + char *rcname; + size_t namelen; + char *fnamep; required = 0; bp = *buffer; remain = *lenremain; kret = EINVAL; if ((rcache = (krb5_rcache) arg)) { - kret = ENOMEM; - if (!krb5_rcache_size(kcontext, arg, &required) && - (required <= remain)) { - /* Our identifier */ - (void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain); + kret = ENOMEM; + if (!krb5_rcache_size(kcontext, arg, &required) && + (required <= remain)) { + /* Our identifier */ + (void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain); - /* Calculate the length of the name */ - namelen = (rcache->ops && rcache->ops->type) ? - strlen(rcache->ops->type)+1 : 0; - fnamep = krb5_rc_get_name(kcontext, rcache); - namelen += (strlen(fnamep)+1); + /* Calculate the length of the name */ + namelen = (rcache->ops && rcache->ops->type) ? + strlen(rcache->ops->type)+1 : 0; + fnamep = krb5_rc_get_name(kcontext, rcache); + namelen += (strlen(fnamep)+1); - if (rcache->ops && rcache->ops->type) { - if (asprintf(&rcname, "%s:%s", rcache->ops->type, fnamep) < 0) - rcname = NULL; - } else - rcname = strdup(fnamep); + if (rcache->ops && rcache->ops->type) { + if (asprintf(&rcname, "%s:%s", rcache->ops->type, fnamep) < 0) + rcname = NULL; + } else + rcname = strdup(fnamep); - if (rcname) { - /* Put the length of the file name */ - (void) krb5_ser_pack_int32((krb5_int32) strlen(rcname), - &bp, &remain); - - /* Put the name */ - (void) krb5_ser_pack_bytes((krb5_octet *) rcname, - strlen(rcname), - &bp, &remain); + if (rcname) { + /* Put the length of the file name */ + (void) krb5_ser_pack_int32((krb5_int32) strlen(rcname), + &bp, &remain); - /* Put the trailer */ - (void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain); - kret = 0; - *buffer = bp; - *lenremain = remain; - free(rcname); - } - } + /* Put the name */ + (void) krb5_ser_pack_bytes((krb5_octet *) rcname, + strlen(rcname), + &bp, &remain); + + /* Put the trailer */ + (void) krb5_ser_pack_int32(KV5M_RCACHE, &bp, &remain); + kret = 0; + *buffer = bp; + *lenremain = remain; + free(rcname); + } + } } return(kret); } /* - * krb5_rcache_internalize() - Internalize the krb5_rcache. + * krb5_rcache_internalize() - Internalize the krb5_rcache. */ static krb5_error_code krb5_rcache_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet **buffer, size_t *lenremain) { - krb5_error_code kret; - krb5_rcache rcache; - krb5_int32 ibuf; - krb5_octet *bp; - size_t remain; - char *rcname; + krb5_error_code kret; + krb5_rcache rcache; + krb5_int32 ibuf; + krb5_octet *bp; + size_t remain; + char *rcname; bp = *buffer; remain = *lenremain; kret = EINVAL; /* Read our magic number */ if (krb5_ser_unpack_int32(&ibuf, &bp, &remain)) - ibuf = 0; + ibuf = 0; if (ibuf == KV5M_RCACHE) { - kret = ENOMEM; + kret = ENOMEM; - /* Get the length of the rcache name */ - kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); + /* Get the length of the rcache name */ + kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); - if (!kret && - (rcname = (char *) malloc((size_t) (ibuf+1))) && - !(kret = krb5_ser_unpack_bytes((krb5_octet *) rcname, - (size_t) ibuf, - &bp, &remain))) { - rcname[ibuf] = '\0'; - if (!(kret = krb5_rc_resolve_full(kcontext, &rcache, rcname))) { - (void) krb5_rc_recover(kcontext, rcache); - if (!kret && - !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) && - (ibuf == KV5M_RCACHE)) { - *buffer = bp; - *lenremain = remain; - *argp = (krb5_pointer) rcache; - } - else - krb5_rc_close(kcontext, rcache); - } - free(rcname); - } + if (!kret && + (rcname = (char *) malloc((size_t) (ibuf+1))) && + !(kret = krb5_ser_unpack_bytes((krb5_octet *) rcname, + (size_t) ibuf, + &bp, &remain))) { + rcname[ibuf] = '\0'; + if (!(kret = krb5_rc_resolve_full(kcontext, &rcache, rcname))) { + (void) krb5_rc_recover(kcontext, rcache); + if (!kret && + !(kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain)) && + (ibuf == KV5M_RCACHE)) { + *buffer = bp; + *lenremain = remain; + *argp = (krb5_pointer) rcache; + } + else + krb5_rc_close(kcontext, rcache); + } + free(rcname); + } } return(kret); } diff --git a/src/lib/krb5/unicode/CompositionExclusions.txt b/src/lib/krb5/unicode/CompositionExclusions.txt new file mode 100644 index 0000000000..07a60b8b92 --- /dev/null +++ b/src/lib/krb5/unicode/CompositionExclusions.txt @@ -0,0 +1,176 @@ +# CompositionExclusions-3.2.0.txt +# Date: 2002-03-19,23:30:28 GMT [MD] +# +# This file lists the characters from the UAX #15 Composition Exclusion Table. +# +# The format of the comments in this file has been updated since the last version, +# CompositionExclusions-3.txt. The only substantive change to this file between that +# version and this one is the addition of U+2ADC FORKING. +# +# For more information, see +# http://www.unicode.org/unicode/reports/tr15/#Primary Exclusion List Table +# ================================================ + +# (1) Script Specifics +# This list of characters cannot be derived from the UnicodeData file. +# ================================================ + +0958 # DEVANAGARI LETTER QA +0959 # DEVANAGARI LETTER KHHA +095A # DEVANAGARI LETTER GHHA +095B # DEVANAGARI LETTER ZA +095C # DEVANAGARI LETTER DDDHA +095D # DEVANAGARI LETTER RHA +095E # DEVANAGARI LETTER FA +095F # DEVANAGARI LETTER YYA +09DC # BENGALI LETTER RRA +09DD # BENGALI LETTER RHA +09DF # BENGALI LETTER YYA +0A33 # GURMUKHI LETTER LLA +0A36 # GURMUKHI LETTER SHA +0A59 # GURMUKHI LETTER KHHA +0A5A # GURMUKHI LETTER GHHA +0A5B # GURMUKHI LETTER ZA +0A5E # GURMUKHI LETTER FA +0B5C # ORIYA LETTER RRA +0B5D # ORIYA LETTER RHA +0F43 # TIBETAN LETTER GHA +0F4D # TIBETAN LETTER DDHA +0F52 # TIBETAN LETTER DHA +0F57 # TIBETAN LETTER BHA +0F5C # TIBETAN LETTER DZHA +0F69 # TIBETAN LETTER KSSA +0F76 # TIBETAN VOWEL SIGN VOCALIC R +0F78 # TIBETAN VOWEL SIGN VOCALIC L +0F93 # TIBETAN SUBJOINED LETTER GHA +0F9D # TIBETAN SUBJOINED LETTER DDHA +0FA2 # TIBETAN SUBJOINED LETTER DHA +0FA7 # TIBETAN SUBJOINED LETTER BHA +0FAC # TIBETAN SUBJOINED LETTER DZHA +0FB9 # TIBETAN SUBJOINED LETTER KSSA +FB1D # HEBREW LETTER YOD WITH HIRIQ +FB1F # HEBREW LIGATURE YIDDISH YOD YOD PATAH +FB2A # HEBREW LETTER SHIN WITH SHIN DOT +FB2B # HEBREW LETTER SHIN WITH SIN DOT +FB2C # HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT +FB2D # HEBREW LETTER SHIN WITH DAGESH AND SIN DOT +FB2E # HEBREW LETTER ALEF WITH PATAH +FB2F # HEBREW LETTER ALEF WITH QAMATS +FB30 # HEBREW LETTER ALEF WITH MAPIQ +FB31 # HEBREW LETTER BET WITH DAGESH +FB32 # HEBREW LETTER GIMEL WITH DAGESH +FB33 # HEBREW LETTER DALET WITH DAGESH +FB34 # HEBREW LETTER HE WITH MAPIQ +FB35 # HEBREW LETTER VAV WITH DAGESH +FB36 # HEBREW LETTER ZAYIN WITH DAGESH +FB38 # HEBREW LETTER TET WITH DAGESH +FB39 # HEBREW LETTER YOD WITH DAGESH +FB3A # HEBREW LETTER FINAL KAF WITH DAGESH +FB3B # HEBREW LETTER KAF WITH DAGESH +FB3C # HEBREW LETTER LAMED WITH DAGESH +FB3E # HEBREW LETTER MEM WITH DAGESH +FB40 # HEBREW LETTER NUN WITH DAGESH +FB41 # HEBREW LETTER SAMEKH WITH DAGESH +FB43 # HEBREW LETTER FINAL PE WITH DAGESH +FB44 # HEBREW LETTER PE WITH DAGESH +FB46 # HEBREW LETTER TSADI WITH DAGESH +FB47 # HEBREW LETTER QOF WITH DAGESH +FB48 # HEBREW LETTER RESH WITH DAGESH +FB49 # HEBREW LETTER SHIN WITH DAGESH +FB4A # HEBREW LETTER TAV WITH DAGESH +FB4B # HEBREW LETTER VAV WITH HOLAM +FB4C # HEBREW LETTER BET WITH RAFE +FB4D # HEBREW LETTER KAF WITH RAFE +FB4E # HEBREW LETTER PE WITH RAFE + +# Total code points: 67 + +# ================================================ +# (2) Post Composition Version precomposed characters +# These characters cannot be derived solely from the UnicodeData.txt file +# in this version of Unicode. +# ================================================ + +2ADC # FORKING +1D15E # MUSICAL SYMBOL HALF NOTE +1D15F # MUSICAL SYMBOL QUARTER NOTE +1D160 # MUSICAL SYMBOL EIGHTH NOTE +1D161 # MUSICAL SYMBOL SIXTEENTH NOTE +1D162 # MUSICAL SYMBOL THIRTY-SECOND NOTE +1D163 # MUSICAL SYMBOL SIXTY-FOURTH NOTE +1D164 # MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE +1D1BB # MUSICAL SYMBOL MINIMA +1D1BC # MUSICAL SYMBOL MINIMA BLACK +1D1BD # MUSICAL SYMBOL SEMIMINIMA WHITE +1D1BE # MUSICAL SYMBOL SEMIMINIMA BLACK +1D1BF # MUSICAL SYMBOL FUSA WHITE +1D1C0 # MUSICAL SYMBOL FUSA BLACK + +# Total code points: 14 + +# ================================================ +# (3) Singleton Decompositions +# These characters can be derived from the UnicodeData file +# by including all characters whose canonical decomposition +# consists of a single character. +# These characters are simply quoted here for reference. +# ================================================ + +# 0340..0341 [2] COMBINING GRAVE TONE MARK..COMBINING ACUTE TONE MARK +# 0343 COMBINING GREEK KORONIS +# 0374 GREEK NUMERAL SIGN +# 037E GREEK QUESTION MARK +# 0387 GREEK ANO TELEIA +# 1F71 GREEK SMALL LETTER ALPHA WITH OXIA +# 1F73 GREEK SMALL LETTER EPSILON WITH OXIA +# 1F75 GREEK SMALL LETTER ETA WITH OXIA +# 1F77 GREEK SMALL LETTER IOTA WITH OXIA +# 1F79 GREEK SMALL LETTER OMICRON WITH OXIA +# 1F7B GREEK SMALL LETTER UPSILON WITH OXIA +# 1F7D GREEK SMALL LETTER OMEGA WITH OXIA +# 1FBB GREEK CAPITAL LETTER ALPHA WITH OXIA +# 1FBE GREEK PROSGEGRAMMENI +# 1FC9 GREEK CAPITAL LETTER EPSILON WITH OXIA +# 1FCB GREEK CAPITAL LETTER ETA WITH OXIA +# 1FD3 GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA +# 1FDB GREEK CAPITAL LETTER IOTA WITH OXIA +# 1FE3 GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA +# 1FEB GREEK CAPITAL LETTER UPSILON WITH OXIA +# 1FEE..1FEF [2] GREEK DIALYTIKA AND OXIA..GREEK VARIA +# 1FF9 GREEK CAPITAL LETTER OMICRON WITH OXIA +# 1FFB GREEK CAPITAL LETTER OMEGA WITH OXIA +# 1FFD GREEK OXIA +# 2000..2001 [2] EN QUAD..EM QUAD +# 2126 OHM SIGN +# 212A..212B [2] KELVIN SIGN..ANGSTROM SIGN +# 2329 LEFT-POINTING ANGLE BRACKET +# 232A RIGHT-POINTING ANGLE BRACKET +# F900..FA0D [270] CJK COMPATIBILITY IDEOGRAPH-F900..CJK COMPATIBILITY IDEOGRAPH-FA0D +# FA10 CJK COMPATIBILITY IDEOGRAPH-FA10 +# FA12 CJK COMPATIBILITY IDEOGRAPH-FA12 +# FA15..FA1E [10] CJK COMPATIBILITY IDEOGRAPH-FA15..CJK COMPATIBILITY IDEOGRAPH-FA1E +# FA20 CJK COMPATIBILITY IDEOGRAPH-FA20 +# FA22 CJK COMPATIBILITY IDEOGRAPH-FA22 +# FA25..FA26 [2] CJK COMPATIBILITY IDEOGRAPH-FA25..CJK COMPATIBILITY IDEOGRAPH-FA26 +# FA2A..FA2D [4] CJK COMPATIBILITY IDEOGRAPH-FA2A..CJK COMPATIBILITY IDEOGRAPH-FA2D +# FA30..FA6A [59] CJK COMPATIBILITY IDEOGRAPH-FA30..CJK COMPATIBILITY IDEOGRAPH-FA6A +# 2F800..2FA1D [542] CJK COMPATIBILITY IDEOGRAPH-2F800..CJK COMPATIBILITY IDEOGRAPH-2FA1D + +# Total code points: 924 + +# ================================================ +# (4) Non-Starter Decompositions +# These characters can be derived from the UnicodeData file +# by including all characters whose canonical decomposition consists +# of a sequence of characters, the first of which has a non-zero +# combining class. +# These characters are simply quoted here for reference. +# ================================================ + +# 0344 COMBINING GREEK DIALYTIKA TONOS +# 0F73 TIBETAN VOWEL SIGN II +# 0F75 TIBETAN VOWEL SIGN UU +# 0F81 TIBETAN VOWEL SIGN REVERSED II + +# Total code points: 4 + diff --git a/src/lib/krb5/unicode/Makefile.in b/src/lib/krb5/unicode/Makefile.in new file mode 100644 index 0000000000..ea0a0e336b --- /dev/null +++ b/src/lib/krb5/unicode/Makefile.in @@ -0,0 +1,69 @@ +thisconfigdir=../../.. +myfulldir=lib/krb5/unicode +mydir=lib/krb5/unicode +BUILDTOP=$(REL)..$(S)..$(S).. +KRB5_RUN_ENV = @KRB5_RUN_ENV@ +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) +DEFS= +DEFINES=-DLIBDIR=\"$(KRB5_LIBDIR)\" +LOCALINCLUDES= + +##DOS##BUILDTOP = ..\..\.. +##DOS##PREFIXDIR=unicode +##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst + +XXDIR = $(srcdir)/ucdata/ +XXHEADERS = ucdata.h ure.h uctable.h +XXSRCS = ucdata.c ucgendat.c ure.c urestubs.c + +STLIBOBJS= \ + ucdata.o \ + ure.o \ + urestubs.o \ + ucstr.o + +OBJS= \ + $(OUTPRE)ucdata.$(OBJEXT) \ + $(OUTPRE)ure.$(OBJEXT) \ + $(OUTPRE)urestubs.$(OBJEXT) \ + $(OUTPRE)ucstr.$(OBJEXT) + +SRCS= \ + $(srcdir)/ucstr.c + +EXTRADEPSRCS = + +##DOS##LIBOBJS = $(OBJS) + +all-unix:: all-libobjs +clean-unix:: clean-libobjs + +shared: + mkdir shared + +uctable.h: $(XXDIR)/uctable.h + +$(XXDIR)/uctable.h: $(XXDIR)/ucgendat.c $(srcdir)/UnicodeData.txt $(srcdir)/CompositionExclusions.txt + $(MAKE) ucgendat + ./ucgendat $(srcdir)/UnicodeData.txt -x $(srcdir)/CompositionExclusions.txt + +ucgendat: ucgendat.o + $(CC_LINK) $(ALL_CFLAGS) -o ucgendat ucgendat.o $(LIBS) + +.links : + @for i in $(XXSRCS) $(XXHEADERS); do \ + $(RM) $$i ; \ + ii=`find $(srcdir) -name $$i` ; \ + $(LN_S) $$ii . ; \ + done + touch .links + +$(XXSRCS) $(XXHEADERS) : .links + +clean:: + $(RM) *.dat .links $(XXHEADERS) $(XXSRCS) ucgendat + +depend:: .links + +@libobj_frag@ diff --git a/src/lib/krb5/unicode/UCD-Terms b/src/lib/krb5/unicode/UCD-Terms new file mode 100644 index 0000000000..4ec4da2992 --- /dev/null +++ b/src/lib/krb5/unicode/UCD-Terms @@ -0,0 +1,29 @@ +UCD Terms of Use (http://www.unicode.org/Public/UNIDATA/UCD.html) + +Disclaimer + +The Unicode Character Database is provided as is by Unicode, Inc. +No claims are made as to fitness for any particular purpose. No +warranties of any kind are expressed or implied. The recipient +agrees to determine applicability of information provided. If this +file has been purchased on magnetic or optical media from Unicode, +Inc., the sole remedy for any claim will be exchange of defective +media within 90 days of receipt. + +This disclaimer is applicable for all other data files accompanying +the Unicode Character Database, some of which have been compiled +by the Unicode Consortium, and some of which have been supplied by +other sources. + +Limitations on Rights to Redistribute This Data + +Recipient is granted the right to make copies in any form for +internal distribution and to freely use the information supplied +in the creation of products supporting the Unicode (TM) Standard. +The files in the Unicode Character Database can be redistributed +to third parties or other organizations (whether for profit or not) +as long as this notice and the disclaimer notice are retained. +Information can be extracted from these files and used in documentation +or programs, as long as there is an accompanying notice indicating +the source. + diff --git a/src/lib/krb5/unicode/UnicodeData.txt b/src/lib/krb5/unicode/UnicodeData.txt new file mode 100644 index 0000000000..125a6920dc --- /dev/null +++ b/src/lib/krb5/unicode/UnicodeData.txt @@ -0,0 +1,13874 @@ +0000;;Cc;0;BN;;;;;N;NULL;;;; +0001;;Cc;0;BN;;;;;N;START OF HEADING;;;; +0002;;Cc;0;BN;;;;;N;START OF TEXT;;;; +0003;;Cc;0;BN;;;;;N;END OF TEXT;;;; +0004;;Cc;0;BN;;;;;N;END OF TRANSMISSION;;;; +0005;;Cc;0;BN;;;;;N;ENQUIRY;;;; +0006;;Cc;0;BN;;;;;N;ACKNOWLEDGE;;;; +0007;;Cc;0;BN;;;;;N;BELL;;;; +0008;;Cc;0;BN;;;;;N;BACKSPACE;;;; +0009;;Cc;0;S;;;;;N;CHARACTER TABULATION;;;; +000A;;Cc;0;B;;;;;N;LINE FEED (LF);;;; +000B;;Cc;0;S;;;;;N;LINE TABULATION;;;; +000C;;Cc;0;WS;;;;;N;FORM FEED (FF);;;; +000D;;Cc;0;B;;;;;N;CARRIAGE RETURN (CR);;;; +000E;;Cc;0;BN;;;;;N;SHIFT OUT;;;; +000F;;Cc;0;BN;;;;;N;SHIFT IN;;;; +0010;;Cc;0;BN;;;;;N;DATA LINK ESCAPE;;;; +0011;;Cc;0;BN;;;;;N;DEVICE CONTROL ONE;;;; +0012;;Cc;0;BN;;;;;N;DEVICE CONTROL TWO;;;; +0013;;Cc;0;BN;;;;;N;DEVICE CONTROL THREE;;;; +0014;;Cc;0;BN;;;;;N;DEVICE CONTROL FOUR;;;; +0015;;Cc;0;BN;;;;;N;NEGATIVE ACKNOWLEDGE;;;; +0016;;Cc;0;BN;;;;;N;SYNCHRONOUS IDLE;;;; +0017;;Cc;0;BN;;;;;N;END OF TRANSMISSION BLOCK;;;; +0018;;Cc;0;BN;;;;;N;CANCEL;;;; +0019;;Cc;0;BN;;;;;N;END OF MEDIUM;;;; +001A;;Cc;0;BN;;;;;N;SUBSTITUTE;;;; +001B;;Cc;0;BN;;;;;N;ESCAPE;;;; +001C;;Cc;0;B;;;;;N;INFORMATION SEPARATOR FOUR;;;; +001D;;Cc;0;B;;;;;N;INFORMATION SEPARATOR THREE;;;; +001E;;Cc;0;B;;;;;N;INFORMATION SEPARATOR TWO;;;; +001F;;Cc;0;S;;;;;N;INFORMATION SEPARATOR ONE;;;; +0020;SPACE;Zs;0;WS;;;;;N;;;;; +0021;EXCLAMATION MARK;Po;0;ON;;;;;N;;;;; +0022;QUOTATION MARK;Po;0;ON;;;;;N;;;;; +0023;NUMBER SIGN;Po;0;ET;;;;;N;;;;; +0024;DOLLAR SIGN;Sc;0;ET;;;;;N;;;;; +0025;PERCENT SIGN;Po;0;ET;;;;;N;;;;; +0026;AMPERSAND;Po;0;ON;;;;;N;;;;; +0027;APOSTROPHE;Po;0;ON;;;;;N;APOSTROPHE-QUOTE;;;; +0028;LEFT PARENTHESIS;Ps;0;ON;;;;;Y;OPENING PARENTHESIS;;;; +0029;RIGHT PARENTHESIS;Pe;0;ON;;;;;Y;CLOSING PARENTHESIS;;;; +002A;ASTERISK;Po;0;ON;;;;;N;;;;; +002B;PLUS SIGN;Sm;0;ET;;;;;N;;;;; +002C;COMMA;Po;0;CS;;;;;N;;;;; +002D;HYPHEN-MINUS;Pd;0;ET;;;;;N;;;;; +002E;FULL STOP;Po;0;CS;;;;;N;PERIOD;;;; +002F;SOLIDUS;Po;0;ES;;;;;N;SLASH;;;; +0030;DIGIT ZERO;Nd;0;EN;;0;0;0;N;;;;; +0031;DIGIT ONE;Nd;0;EN;;1;1;1;N;;;;; +0032;DIGIT TWO;Nd;0;EN;;2;2;2;N;;;;; +0033;DIGIT THREE;Nd;0;EN;;3;3;3;N;;;;; +0034;DIGIT FOUR;Nd;0;EN;;4;4;4;N;;;;; +0035;DIGIT FIVE;Nd;0;EN;;5;5;5;N;;;;; +0036;DIGIT SIX;Nd;0;EN;;6;6;6;N;;;;; +0037;DIGIT SEVEN;Nd;0;EN;;7;7;7;N;;;;; +0038;DIGIT EIGHT;Nd;0;EN;;8;8;8;N;;;;; +0039;DIGIT NINE;Nd;0;EN;;9;9;9;N;;;;; +003A;COLON;Po;0;CS;;;;;N;;;;; +003B;SEMICOLON;Po;0;ON;;;;;N;;;;; +003C;LESS-THAN SIGN;Sm;0;ON;;;;;Y;;;;; +003D;EQUALS SIGN;Sm;0;ON;;;;;N;;;;; +003E;GREATER-THAN SIGN;Sm;0;ON;;;;;Y;;;;; +003F;QUESTION MARK;Po;0;ON;;;;;N;;;;; +0040;COMMERCIAL AT;Po;0;ON;;;;;N;;;;; +0041;LATIN CAPITAL LETTER A;Lu;0;L;;;;;N;;;;0061; +0042;LATIN CAPITAL LETTER B;Lu;0;L;;;;;N;;;;0062; +0043;LATIN CAPITAL LETTER C;Lu;0;L;;;;;N;;;;0063; +0044;LATIN CAPITAL LETTER D;Lu;0;L;;;;;N;;;;0064; +0045;LATIN CAPITAL LETTER E;Lu;0;L;;;;;N;;;;0065; +0046;LATIN CAPITAL LETTER F;Lu;0;L;;;;;N;;;;0066; +0047;LATIN CAPITAL LETTER G;Lu;0;L;;;;;N;;;;0067; +0048;LATIN CAPITAL LETTER H;Lu;0;L;;;;;N;;;;0068; +0049;LATIN CAPITAL LETTER I;Lu;0;L;;;;;N;;;;0069; +004A;LATIN CAPITAL LETTER J;Lu;0;L;;;;;N;;;;006A; +004B;LATIN CAPITAL LETTER K;Lu;0;L;;;;;N;;;;006B; +004C;LATIN CAPITAL LETTER L;Lu;0;L;;;;;N;;;;006C; +004D;LATIN CAPITAL LETTER M;Lu;0;L;;;;;N;;;;006D; +004E;LATIN CAPITAL LETTER N;Lu;0;L;;;;;N;;;;006E; +004F;LATIN CAPITAL LETTER O;Lu;0;L;;;;;N;;;;006F; +0050;LATIN CAPITAL LETTER P;Lu;0;L;;;;;N;;;;0070; +0051;LATIN CAPITAL LETTER Q;Lu;0;L;;;;;N;;;;0071; +0052;LATIN CAPITAL LETTER R;Lu;0;L;;;;;N;;;;0072; +0053;LATIN CAPITAL LETTER S;Lu;0;L;;;;;N;;;;0073; +0054;LATIN CAPITAL LETTER T;Lu;0;L;;;;;N;;;;0074; +0055;LATIN CAPITAL LETTER U;Lu;0;L;;;;;N;;;;0075; +0056;LATIN CAPITAL LETTER V;Lu;0;L;;;;;N;;;;0076; +0057;LATIN CAPITAL LETTER W;Lu;0;L;;;;;N;;;;0077; +0058;LATIN CAPITAL LETTER X;Lu;0;L;;;;;N;;;;0078; +0059;LATIN CAPITAL LETTER Y;Lu;0;L;;;;;N;;;;0079; +005A;LATIN CAPITAL LETTER Z;Lu;0;L;;;;;N;;;;007A; +005B;LEFT SQUARE BRACKET;Ps;0;ON;;;;;Y;OPENING SQUARE BRACKET;;;; +005C;REVERSE SOLIDUS;Po;0;ON;;;;;N;BACKSLASH;;;; +005D;RIGHT SQUARE BRACKET;Pe;0;ON;;;;;Y;CLOSING SQUARE BRACKET;;;; +005E;CIRCUMFLEX ACCENT;Sk;0;ON;;;;;N;SPACING CIRCUMFLEX;;;; +005F;LOW LINE;Pc;0;ON;;;;;N;SPACING UNDERSCORE;;;; +0060;GRAVE ACCENT;Sk;0;ON;;;;;N;SPACING GRAVE;;;; +0061;LATIN SMALL LETTER A;Ll;0;L;;;;;N;;;0041;;0041 +0062;LATIN SMALL LETTER B;Ll;0;L;;;;;N;;;0042;;0042 +0063;LATIN SMALL LETTER C;Ll;0;L;;;;;N;;;0043;;0043 +0064;LATIN SMALL LETTER D;Ll;0;L;;;;;N;;;0044;;0044 +0065;LATIN SMALL LETTER E;Ll;0;L;;;;;N;;;0045;;0045 +0066;LATIN SMALL LETTER F;Ll;0;L;;;;;N;;;0046;;0046 +0067;LATIN SMALL LETTER G;Ll;0;L;;;;;N;;;0047;;0047 +0068;LATIN SMALL LETTER H;Ll;0;L;;;;;N;;;0048;;0048 +0069;LATIN SMALL LETTER I;Ll;0;L;;;;;N;;;0049;;0049 +006A;LATIN SMALL LETTER J;Ll;0;L;;;;;N;;;004A;;004A +006B;LATIN SMALL LETTER K;Ll;0;L;;;;;N;;;004B;;004B +006C;LATIN SMALL LETTER L;Ll;0;L;;;;;N;;;004C;;004C +006D;LATIN SMALL LETTER M;Ll;0;L;;;;;N;;;004D;;004D +006E;LATIN SMALL LETTER N;Ll;0;L;;;;;N;;;004E;;004E +006F;LATIN SMALL LETTER O;Ll;0;L;;;;;N;;;004F;;004F +0070;LATIN SMALL LETTER P;Ll;0;L;;;;;N;;;0050;;0050 +0071;LATIN SMALL LETTER Q;Ll;0;L;;;;;N;;;0051;;0051 +0072;LATIN SMALL LETTER R;Ll;0;L;;;;;N;;;0052;;0052 +0073;LATIN SMALL LETTER S;Ll;0;L;;;;;N;;;0053;;0053 +0074;LATIN SMALL LETTER T;Ll;0;L;;;;;N;;;0054;;0054 +0075;LATIN SMALL LETTER U;Ll;0;L;;;;;N;;;0055;;0055 +0076;LATIN SMALL LETTER V;Ll;0;L;;;;;N;;;0056;;0056 +0077;LATIN SMALL LETTER W;Ll;0;L;;;;;N;;;0057;;0057 +0078;LATIN SMALL LETTER X;Ll;0;L;;;;;N;;;0058;;0058 +0079;LATIN SMALL LETTER Y;Ll;0;L;;;;;N;;;0059;;0059 +007A;LATIN SMALL LETTER Z;Ll;0;L;;;;;N;;;005A;;005A +007B;LEFT CURLY BRACKET;Ps;0;ON;;;;;Y;OPENING CURLY BRACKET;;;; +007C;VERTICAL LINE;Sm;0;ON;;;;;N;VERTICAL BAR;;;; +007D;RIGHT CURLY BRACKET;Pe;0;ON;;;;;Y;CLOSING CURLY BRACKET;;;; +007E;TILDE;Sm;0;ON;;;;;N;;;;; +007F;;Cc;0;BN;;;;;N;DELETE;;;; +0080;;Cc;0;BN;;;;;N;;;;; +0081;;Cc;0;BN;;;;;N;;;;; +0082;;Cc;0;BN;;;;;N;BREAK PERMITTED HERE;;;; +0083;;Cc;0;BN;;;;;N;NO BREAK HERE;;;; +0084;;Cc;0;BN;;;;;N;;;;; +0085;;Cc;0;B;;;;;N;NEXT LINE (NEL);;;; +0086;;Cc;0;BN;;;;;N;START OF SELECTED AREA;;;; +0087;;Cc;0;BN;;;;;N;END OF SELECTED AREA;;;; +0088;;Cc;0;BN;;;;;N;CHARACTER TABULATION SET;;;; +0089;;Cc;0;BN;;;;;N;CHARACTER TABULATION WITH JUSTIFICATION;;;; +008A;;Cc;0;BN;;;;;N;LINE TABULATION SET;;;; +008B;;Cc;0;BN;;;;;N;PARTIAL LINE FORWARD;;;; +008C;;Cc;0;BN;;;;;N;PARTIAL LINE BACKWARD;;;; +008D;;Cc;0;BN;;;;;N;REVERSE LINE FEED;;;; +008E;;Cc;0;BN;;;;;N;SINGLE SHIFT TWO;;;; +008F;;Cc;0;BN;;;;;N;SINGLE SHIFT THREE;;;; +0090;;Cc;0;BN;;;;;N;DEVICE CONTROL STRING;;;; +0091;;Cc;0;BN;;;;;N;PRIVATE USE ONE;;;; +0092;;Cc;0;BN;;;;;N;PRIVATE USE TWO;;;; +0093;;Cc;0;BN;;;;;N;SET TRANSMIT STATE;;;; +0094;;Cc;0;BN;;;;;N;CANCEL CHARACTER;;;; +0095;;Cc;0;BN;;;;;N;MESSAGE WAITING;;;; +0096;;Cc;0;BN;;;;;N;START OF GUARDED AREA;;;; +0097;;Cc;0;BN;;;;;N;END OF GUARDED AREA;;;; +0098;;Cc;0;BN;;;;;N;START OF STRING;;;; +0099;;Cc;0;BN;;;;;N;;;;; +009A;;Cc;0;BN;;;;;N;SINGLE CHARACTER INTRODUCER;;;; +009B;;Cc;0;BN;;;;;N;CONTROL SEQUENCE INTRODUCER;;;; +009C;;Cc;0;BN;;;;;N;STRING TERMINATOR;;;; +009D;;Cc;0;BN;;;;;N;OPERATING SYSTEM COMMAND;;;; +009E;;Cc;0;BN;;;;;N;PRIVACY MESSAGE;;;; +009F;;Cc;0;BN;;;;;N;APPLICATION PROGRAM COMMAND;;;; +00A0;NO-BREAK SPACE;Zs;0;CS; 0020;;;;N;NON-BREAKING SPACE;;;; +00A1;INVERTED EXCLAMATION MARK;Po;0;ON;;;;;N;;;;; +00A2;CENT SIGN;Sc;0;ET;;;;;N;;;;; +00A3;POUND SIGN;Sc;0;ET;;;;;N;;;;; +00A4;CURRENCY SIGN;Sc;0;ET;;;;;N;;;;; +00A5;YEN SIGN;Sc;0;ET;;;;;N;;;;; +00A6;BROKEN BAR;So;0;ON;;;;;N;BROKEN VERTICAL BAR;;;; +00A7;SECTION SIGN;So;0;ON;;;;;N;;;;; +00A8;DIAERESIS;Sk;0;ON; 0020 0308;;;;N;SPACING DIAERESIS;;;; +00A9;COPYRIGHT SIGN;So;0;ON;;;;;N;;;;; +00AA;FEMININE ORDINAL INDICATOR;Ll;0;L; 0061;;;;N;;;;; +00AB;LEFT-POINTING DOUBLE ANGLE QUOTATION MARK;Pi;0;ON;;;;;Y;LEFT POINTING GUILLEMET;*;;; +00AC;NOT SIGN;Sm;0;ON;;;;;N;;;;; +00AD;SOFT HYPHEN;Pd;0;ON;;;;;N;;;;; +00AE;REGISTERED SIGN;So;0;ON;;;;;N;REGISTERED TRADE MARK SIGN;;;; +00AF;MACRON;Sk;0;ON; 0020 0304;;;;N;SPACING MACRON;;;; +00B0;DEGREE SIGN;So;0;ET;;;;;N;;;;; +00B1;PLUS-MINUS SIGN;Sm;0;ET;;;;;N;PLUS-OR-MINUS SIGN;;;; +00B2;SUPERSCRIPT TWO;No;0;EN; 0032;2;2;2;N;SUPERSCRIPT DIGIT TWO;;;; +00B3;SUPERSCRIPT THREE;No;0;EN; 0033;3;3;3;N;SUPERSCRIPT DIGIT THREE;;;; +00B4;ACUTE ACCENT;Sk;0;ON; 0020 0301;;;;N;SPACING ACUTE;;;; +00B5;MICRO SIGN;Ll;0;L; 03BC;;;;N;;;039C;;039C +00B6;PILCROW SIGN;So;0;ON;;;;;N;PARAGRAPH SIGN;;;; +00B7;MIDDLE DOT;Po;0;ON;;;;;N;;;;; +00B8;CEDILLA;Sk;0;ON; 0020 0327;;;;N;SPACING CEDILLA;;;; +00B9;SUPERSCRIPT ONE;No;0;EN; 0031;1;1;1;N;SUPERSCRIPT DIGIT ONE;;;; +00BA;MASCULINE ORDINAL INDICATOR;Ll;0;L; 006F;;;;N;;;;; +00BB;RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK;Pf;0;ON;;;;;Y;RIGHT POINTING GUILLEMET;*;;; +00BC;VULGAR FRACTION ONE QUARTER;No;0;ON; 0031 2044 0034;;;1/4;N;FRACTION ONE QUARTER;;;; +00BD;VULGAR FRACTION ONE HALF;No;0;ON; 0031 2044 0032;;;1/2;N;FRACTION ONE HALF;;;; +00BE;VULGAR FRACTION THREE QUARTERS;No;0;ON; 0033 2044 0034;;;3/4;N;FRACTION THREE QUARTERS;;;; +00BF;INVERTED QUESTION MARK;Po;0;ON;;;;;N;;;;; +00C0;LATIN CAPITAL LETTER A WITH GRAVE;Lu;0;L;0041 0300;;;;N;LATIN CAPITAL LETTER A GRAVE;;;00E0; +00C1;LATIN CAPITAL LETTER A WITH ACUTE;Lu;0;L;0041 0301;;;;N;LATIN CAPITAL LETTER A ACUTE;;;00E1; +00C2;LATIN CAPITAL LETTER A WITH CIRCUMFLEX;Lu;0;L;0041 0302;;;;N;LATIN CAPITAL LETTER A CIRCUMFLEX;;;00E2; +00C3;LATIN CAPITAL LETTER A WITH TILDE;Lu;0;L;0041 0303;;;;N;LATIN CAPITAL LETTER A TILDE;;;00E3; +00C4;LATIN CAPITAL LETTER A WITH DIAERESIS;Lu;0;L;0041 0308;;;;N;LATIN CAPITAL LETTER A DIAERESIS;;;00E4; +00C5;LATIN CAPITAL LETTER A WITH RING ABOVE;Lu;0;L;0041 030A;;;;N;LATIN CAPITAL LETTER A RING;;;00E5; +00C6;LATIN CAPITAL LETTER AE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER A E;ash *;;00E6; +00C7;LATIN CAPITAL LETTER C WITH CEDILLA;Lu;0;L;0043 0327;;;;N;LATIN CAPITAL LETTER C CEDILLA;;;00E7; +00C8;LATIN CAPITAL LETTER E WITH GRAVE;Lu;0;L;0045 0300;;;;N;LATIN CAPITAL LETTER E GRAVE;;;00E8; +00C9;LATIN CAPITAL LETTER E WITH ACUTE;Lu;0;L;0045 0301;;;;N;LATIN CAPITAL LETTER E ACUTE;;;00E9; +00CA;LATIN CAPITAL LETTER E WITH CIRCUMFLEX;Lu;0;L;0045 0302;;;;N;LATIN CAPITAL LETTER E CIRCUMFLEX;;;00EA; +00CB;LATIN CAPITAL LETTER E WITH DIAERESIS;Lu;0;L;0045 0308;;;;N;LATIN CAPITAL LETTER E DIAERESIS;;;00EB; +00CC;LATIN CAPITAL LETTER I WITH GRAVE;Lu;0;L;0049 0300;;;;N;LATIN CAPITAL LETTER I GRAVE;;;00EC; +00CD;LATIN CAPITAL LETTER I WITH ACUTE;Lu;0;L;0049 0301;;;;N;LATIN CAPITAL LETTER I ACUTE;;;00ED; +00CE;LATIN CAPITAL LETTER I WITH CIRCUMFLEX;Lu;0;L;0049 0302;;;;N;LATIN CAPITAL LETTER I CIRCUMFLEX;;;00EE; +00CF;LATIN CAPITAL LETTER I WITH DIAERESIS;Lu;0;L;0049 0308;;;;N;LATIN CAPITAL LETTER I DIAERESIS;;;00EF; +00D0;LATIN CAPITAL LETTER ETH;Lu;0;L;;;;;N;;Icelandic;;00F0; +00D1;LATIN CAPITAL LETTER N WITH TILDE;Lu;0;L;004E 0303;;;;N;LATIN CAPITAL LETTER N TILDE;;;00F1; +00D2;LATIN CAPITAL LETTER O WITH GRAVE;Lu;0;L;004F 0300;;;;N;LATIN CAPITAL LETTER O GRAVE;;;00F2; +00D3;LATIN CAPITAL LETTER O WITH ACUTE;Lu;0;L;004F 0301;;;;N;LATIN CAPITAL LETTER O ACUTE;;;00F3; +00D4;LATIN CAPITAL LETTER O WITH CIRCUMFLEX;Lu;0;L;004F 0302;;;;N;LATIN CAPITAL LETTER O CIRCUMFLEX;;;00F4; +00D5;LATIN CAPITAL LETTER O WITH TILDE;Lu;0;L;004F 0303;;;;N;LATIN CAPITAL LETTER O TILDE;;;00F5; +00D6;LATIN CAPITAL LETTER O WITH DIAERESIS;Lu;0;L;004F 0308;;;;N;LATIN CAPITAL LETTER O DIAERESIS;;;00F6; +00D7;MULTIPLICATION SIGN;Sm;0;ON;;;;;N;;;;; +00D8;LATIN CAPITAL LETTER O WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O SLASH;;;00F8; +00D9;LATIN CAPITAL LETTER U WITH GRAVE;Lu;0;L;0055 0300;;;;N;LATIN CAPITAL LETTER U GRAVE;;;00F9; +00DA;LATIN CAPITAL LETTER U WITH ACUTE;Lu;0;L;0055 0301;;;;N;LATIN CAPITAL LETTER U ACUTE;;;00FA; +00DB;LATIN CAPITAL LETTER U WITH CIRCUMFLEX;Lu;0;L;0055 0302;;;;N;LATIN CAPITAL LETTER U CIRCUMFLEX;;;00FB; +00DC;LATIN CAPITAL LETTER U WITH DIAERESIS;Lu;0;L;0055 0308;;;;N;LATIN CAPITAL LETTER U DIAERESIS;;;00FC; +00DD;LATIN CAPITAL LETTER Y WITH ACUTE;Lu;0;L;0059 0301;;;;N;LATIN CAPITAL LETTER Y ACUTE;;;00FD; +00DE;LATIN CAPITAL LETTER THORN;Lu;0;L;;;;;N;;Icelandic;;00FE; +00DF;LATIN SMALL LETTER SHARP S;Ll;0;L;;;;;N;;German;;; +00E0;LATIN SMALL LETTER A WITH GRAVE;Ll;0;L;0061 0300;;;;N;LATIN SMALL LETTER A GRAVE;;00C0;;00C0 +00E1;LATIN SMALL LETTER A WITH ACUTE;Ll;0;L;0061 0301;;;;N;LATIN SMALL LETTER A ACUTE;;00C1;;00C1 +00E2;LATIN SMALL LETTER A WITH CIRCUMFLEX;Ll;0;L;0061 0302;;;;N;LATIN SMALL LETTER A CIRCUMFLEX;;00C2;;00C2 +00E3;LATIN SMALL LETTER A WITH TILDE;Ll;0;L;0061 0303;;;;N;LATIN SMALL LETTER A TILDE;;00C3;;00C3 +00E4;LATIN SMALL LETTER A WITH DIAERESIS;Ll;0;L;0061 0308;;;;N;LATIN SMALL LETTER A DIAERESIS;;00C4;;00C4 +00E5;LATIN SMALL LETTER A WITH RING ABOVE;Ll;0;L;0061 030A;;;;N;LATIN SMALL LETTER A RING;;00C5;;00C5 +00E6;LATIN SMALL LETTER AE;Ll;0;L;;;;;N;LATIN SMALL LETTER A E;ash *;00C6;;00C6 +00E7;LATIN SMALL LETTER C WITH CEDILLA;Ll;0;L;0063 0327;;;;N;LATIN SMALL LETTER C CEDILLA;;00C7;;00C7 +00E8;LATIN SMALL LETTER E WITH GRAVE;Ll;0;L;0065 0300;;;;N;LATIN SMALL LETTER E GRAVE;;00C8;;00C8 +00E9;LATIN SMALL LETTER E WITH ACUTE;Ll;0;L;0065 0301;;;;N;LATIN SMALL LETTER E ACUTE;;00C9;;00C9 +00EA;LATIN SMALL LETTER E WITH CIRCUMFLEX;Ll;0;L;0065 0302;;;;N;LATIN SMALL LETTER E CIRCUMFLEX;;00CA;;00CA +00EB;LATIN SMALL LETTER E WITH DIAERESIS;Ll;0;L;0065 0308;;;;N;LATIN SMALL LETTER E DIAERESIS;;00CB;;00CB +00EC;LATIN SMALL LETTER I WITH GRAVE;Ll;0;L;0069 0300;;;;N;LATIN SMALL LETTER I GRAVE;;00CC;;00CC +00ED;LATIN SMALL LETTER I WITH ACUTE;Ll;0;L;0069 0301;;;;N;LATIN SMALL LETTER I ACUTE;;00CD;;00CD +00EE;LATIN SMALL LETTER I WITH CIRCUMFLEX;Ll;0;L;0069 0302;;;;N;LATIN SMALL LETTER I CIRCUMFLEX;;00CE;;00CE +00EF;LATIN SMALL LETTER I WITH DIAERESIS;Ll;0;L;0069 0308;;;;N;LATIN SMALL LETTER I DIAERESIS;;00CF;;00CF +00F0;LATIN SMALL LETTER ETH;Ll;0;L;;;;;N;;Icelandic;00D0;;00D0 +00F1;LATIN SMALL LETTER N WITH TILDE;Ll;0;L;006E 0303;;;;N;LATIN SMALL LETTER N TILDE;;00D1;;00D1 +00F2;LATIN SMALL LETTER O WITH GRAVE;Ll;0;L;006F 0300;;;;N;LATIN SMALL LETTER O GRAVE;;00D2;;00D2 +00F3;LATIN SMALL LETTER O WITH ACUTE;Ll;0;L;006F 0301;;;;N;LATIN SMALL LETTER O ACUTE;;00D3;;00D3 +00F4;LATIN SMALL LETTER O WITH CIRCUMFLEX;Ll;0;L;006F 0302;;;;N;LATIN SMALL LETTER O CIRCUMFLEX;;00D4;;00D4 +00F5;LATIN SMALL LETTER O WITH TILDE;Ll;0;L;006F 0303;;;;N;LATIN SMALL LETTER O TILDE;;00D5;;00D5 +00F6;LATIN SMALL LETTER O WITH DIAERESIS;Ll;0;L;006F 0308;;;;N;LATIN SMALL LETTER O DIAERESIS;;00D6;;00D6 +00F7;DIVISION SIGN;Sm;0;ON;;;;;N;;;;; +00F8;LATIN SMALL LETTER O WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER O SLASH;;00D8;;00D8 +00F9;LATIN SMALL LETTER U WITH GRAVE;Ll;0;L;0075 0300;;;;N;LATIN SMALL LETTER U GRAVE;;00D9;;00D9 +00FA;LATIN SMALL LETTER U WITH ACUTE;Ll;0;L;0075 0301;;;;N;LATIN SMALL LETTER U ACUTE;;00DA;;00DA +00FB;LATIN SMALL LETTER U WITH CIRCUMFLEX;Ll;0;L;0075 0302;;;;N;LATIN SMALL LETTER U CIRCUMFLEX;;00DB;;00DB +00FC;LATIN SMALL LETTER U WITH DIAERESIS;Ll;0;L;0075 0308;;;;N;LATIN SMALL LETTER U DIAERESIS;;00DC;;00DC +00FD;LATIN SMALL LETTER Y WITH ACUTE;Ll;0;L;0079 0301;;;;N;LATIN SMALL LETTER Y ACUTE;;00DD;;00DD +00FE;LATIN SMALL LETTER THORN;Ll;0;L;;;;;N;;Icelandic;00DE;;00DE +00FF;LATIN SMALL LETTER Y WITH DIAERESIS;Ll;0;L;0079 0308;;;;N;LATIN SMALL LETTER Y DIAERESIS;;0178;;0178 +0100;LATIN CAPITAL LETTER A WITH MACRON;Lu;0;L;0041 0304;;;;N;LATIN CAPITAL LETTER A MACRON;;;0101; +0101;LATIN SMALL LETTER A WITH MACRON;Ll;0;L;0061 0304;;;;N;LATIN SMALL LETTER A MACRON;;0100;;0100 +0102;LATIN CAPITAL LETTER A WITH BREVE;Lu;0;L;0041 0306;;;;N;LATIN CAPITAL LETTER A BREVE;;;0103; +0103;LATIN SMALL LETTER A WITH BREVE;Ll;0;L;0061 0306;;;;N;LATIN SMALL LETTER A BREVE;;0102;;0102 +0104;LATIN CAPITAL LETTER A WITH OGONEK;Lu;0;L;0041 0328;;;;N;LATIN CAPITAL LETTER A OGONEK;;;0105; +0105;LATIN SMALL LETTER A WITH OGONEK;Ll;0;L;0061 0328;;;;N;LATIN SMALL LETTER A OGONEK;;0104;;0104 +0106;LATIN CAPITAL LETTER C WITH ACUTE;Lu;0;L;0043 0301;;;;N;LATIN CAPITAL LETTER C ACUTE;;;0107; +0107;LATIN SMALL LETTER C WITH ACUTE;Ll;0;L;0063 0301;;;;N;LATIN SMALL LETTER C ACUTE;;0106;;0106 +0108;LATIN CAPITAL LETTER C WITH CIRCUMFLEX;Lu;0;L;0043 0302;;;;N;LATIN CAPITAL LETTER C CIRCUMFLEX;;;0109; +0109;LATIN SMALL LETTER C WITH CIRCUMFLEX;Ll;0;L;0063 0302;;;;N;LATIN SMALL LETTER C CIRCUMFLEX;;0108;;0108 +010A;LATIN CAPITAL LETTER C WITH DOT ABOVE;Lu;0;L;0043 0307;;;;N;LATIN CAPITAL LETTER C DOT;;;010B; +010B;LATIN SMALL LETTER C WITH DOT ABOVE;Ll;0;L;0063 0307;;;;N;LATIN SMALL LETTER C DOT;;010A;;010A +010C;LATIN CAPITAL LETTER C WITH CARON;Lu;0;L;0043 030C;;;;N;LATIN CAPITAL LETTER C HACEK;;;010D; +010D;LATIN SMALL LETTER C WITH CARON;Ll;0;L;0063 030C;;;;N;LATIN SMALL LETTER C HACEK;;010C;;010C +010E;LATIN CAPITAL LETTER D WITH CARON;Lu;0;L;0044 030C;;;;N;LATIN CAPITAL LETTER D HACEK;;;010F; +010F;LATIN SMALL LETTER D WITH CARON;Ll;0;L;0064 030C;;;;N;LATIN SMALL LETTER D HACEK;;010E;;010E +0110;LATIN CAPITAL LETTER D WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D BAR;;;0111; +0111;LATIN SMALL LETTER D WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER D BAR;;0110;;0110 +0112;LATIN CAPITAL LETTER E WITH MACRON;Lu;0;L;0045 0304;;;;N;LATIN CAPITAL LETTER E MACRON;;;0113; +0113;LATIN SMALL LETTER E WITH MACRON;Ll;0;L;0065 0304;;;;N;LATIN SMALL LETTER E MACRON;;0112;;0112 +0114;LATIN CAPITAL LETTER E WITH BREVE;Lu;0;L;0045 0306;;;;N;LATIN CAPITAL LETTER E BREVE;;;0115; +0115;LATIN SMALL LETTER E WITH BREVE;Ll;0;L;0065 0306;;;;N;LATIN SMALL LETTER E BREVE;;0114;;0114 +0116;LATIN CAPITAL LETTER E WITH DOT ABOVE;Lu;0;L;0045 0307;;;;N;LATIN CAPITAL LETTER E DOT;;;0117; +0117;LATIN SMALL LETTER E WITH DOT ABOVE;Ll;0;L;0065 0307;;;;N;LATIN SMALL LETTER E DOT;;0116;;0116 +0118;LATIN CAPITAL LETTER E WITH OGONEK;Lu;0;L;0045 0328;;;;N;LATIN CAPITAL LETTER E OGONEK;;;0119; +0119;LATIN SMALL LETTER E WITH OGONEK;Ll;0;L;0065 0328;;;;N;LATIN SMALL LETTER E OGONEK;;0118;;0118 +011A;LATIN CAPITAL LETTER E WITH CARON;Lu;0;L;0045 030C;;;;N;LATIN CAPITAL LETTER E HACEK;;;011B; +011B;LATIN SMALL LETTER E WITH CARON;Ll;0;L;0065 030C;;;;N;LATIN SMALL LETTER E HACEK;;011A;;011A +011C;LATIN CAPITAL LETTER G WITH CIRCUMFLEX;Lu;0;L;0047 0302;;;;N;LATIN CAPITAL LETTER G CIRCUMFLEX;;;011D; +011D;LATIN SMALL LETTER G WITH CIRCUMFLEX;Ll;0;L;0067 0302;;;;N;LATIN SMALL LETTER G CIRCUMFLEX;;011C;;011C +011E;LATIN CAPITAL LETTER G WITH BREVE;Lu;0;L;0047 0306;;;;N;LATIN CAPITAL LETTER G BREVE;;;011F; +011F;LATIN SMALL LETTER G WITH BREVE;Ll;0;L;0067 0306;;;;N;LATIN SMALL LETTER G BREVE;;011E;;011E +0120;LATIN CAPITAL LETTER G WITH DOT ABOVE;Lu;0;L;0047 0307;;;;N;LATIN CAPITAL LETTER G DOT;;;0121; +0121;LATIN SMALL LETTER G WITH DOT ABOVE;Ll;0;L;0067 0307;;;;N;LATIN SMALL LETTER G DOT;;0120;;0120 +0122;LATIN CAPITAL LETTER G WITH CEDILLA;Lu;0;L;0047 0327;;;;N;LATIN CAPITAL LETTER G CEDILLA;;;0123; +0123;LATIN SMALL LETTER G WITH CEDILLA;Ll;0;L;0067 0327;;;;N;LATIN SMALL LETTER G CEDILLA;;0122;;0122 +0124;LATIN CAPITAL LETTER H WITH CIRCUMFLEX;Lu;0;L;0048 0302;;;;N;LATIN CAPITAL LETTER H CIRCUMFLEX;;;0125; +0125;LATIN SMALL LETTER H WITH CIRCUMFLEX;Ll;0;L;0068 0302;;;;N;LATIN SMALL LETTER H CIRCUMFLEX;;0124;;0124 +0126;LATIN CAPITAL LETTER H WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER H BAR;;;0127; +0127;LATIN SMALL LETTER H WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER H BAR;;0126;;0126 +0128;LATIN CAPITAL LETTER I WITH TILDE;Lu;0;L;0049 0303;;;;N;LATIN CAPITAL LETTER I TILDE;;;0129; +0129;LATIN SMALL LETTER I WITH TILDE;Ll;0;L;0069 0303;;;;N;LATIN SMALL LETTER I TILDE;;0128;;0128 +012A;LATIN CAPITAL LETTER I WITH MACRON;Lu;0;L;0049 0304;;;;N;LATIN CAPITAL LETTER I MACRON;;;012B; +012B;LATIN SMALL LETTER I WITH MACRON;Ll;0;L;0069 0304;;;;N;LATIN SMALL LETTER I MACRON;;012A;;012A +012C;LATIN CAPITAL LETTER I WITH BREVE;Lu;0;L;0049 0306;;;;N;LATIN CAPITAL LETTER I BREVE;;;012D; +012D;LATIN SMALL LETTER I WITH BREVE;Ll;0;L;0069 0306;;;;N;LATIN SMALL LETTER I BREVE;;012C;;012C +012E;LATIN CAPITAL LETTER I WITH OGONEK;Lu;0;L;0049 0328;;;;N;LATIN CAPITAL LETTER I OGONEK;;;012F; +012F;LATIN SMALL LETTER I WITH OGONEK;Ll;0;L;0069 0328;;;;N;LATIN SMALL LETTER I OGONEK;;012E;;012E +0130;LATIN CAPITAL LETTER I WITH DOT ABOVE;Lu;0;L;0049 0307;;;;N;LATIN CAPITAL LETTER I DOT;;;0069; +0131;LATIN SMALL LETTER DOTLESS I;Ll;0;L;;;;;N;;;0049;;0049 +0132;LATIN CAPITAL LIGATURE IJ;Lu;0;L; 0049 004A;;;;N;LATIN CAPITAL LETTER I J;;;0133; +0133;LATIN SMALL LIGATURE IJ;Ll;0;L; 0069 006A;;;;N;LATIN SMALL LETTER I J;;0132;;0132 +0134;LATIN CAPITAL LETTER J WITH CIRCUMFLEX;Lu;0;L;004A 0302;;;;N;LATIN CAPITAL LETTER J CIRCUMFLEX;;;0135; +0135;LATIN SMALL LETTER J WITH CIRCUMFLEX;Ll;0;L;006A 0302;;;;N;LATIN SMALL LETTER J CIRCUMFLEX;;0134;;0134 +0136;LATIN CAPITAL LETTER K WITH CEDILLA;Lu;0;L;004B 0327;;;;N;LATIN CAPITAL LETTER K CEDILLA;;;0137; +0137;LATIN SMALL LETTER K WITH CEDILLA;Ll;0;L;006B 0327;;;;N;LATIN SMALL LETTER K CEDILLA;;0136;;0136 +0138;LATIN SMALL LETTER KRA;Ll;0;L;;;;;N;;Greenlandic;;; +0139;LATIN CAPITAL LETTER L WITH ACUTE;Lu;0;L;004C 0301;;;;N;LATIN CAPITAL LETTER L ACUTE;;;013A; +013A;LATIN SMALL LETTER L WITH ACUTE;Ll;0;L;006C 0301;;;;N;LATIN SMALL LETTER L ACUTE;;0139;;0139 +013B;LATIN CAPITAL LETTER L WITH CEDILLA;Lu;0;L;004C 0327;;;;N;LATIN CAPITAL LETTER L CEDILLA;;;013C; +013C;LATIN SMALL LETTER L WITH CEDILLA;Ll;0;L;006C 0327;;;;N;LATIN SMALL LETTER L CEDILLA;;013B;;013B +013D;LATIN CAPITAL LETTER L WITH CARON;Lu;0;L;004C 030C;;;;N;LATIN CAPITAL LETTER L HACEK;;;013E; +013E;LATIN SMALL LETTER L WITH CARON;Ll;0;L;006C 030C;;;;N;LATIN SMALL LETTER L HACEK;;013D;;013D +013F;LATIN CAPITAL LETTER L WITH MIDDLE DOT;Lu;0;L; 004C 00B7;;;;N;;;;0140; +0140;LATIN SMALL LETTER L WITH MIDDLE DOT;Ll;0;L; 006C 00B7;;;;N;;;013F;;013F +0141;LATIN CAPITAL LETTER L WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER L SLASH;;;0142; +0142;LATIN SMALL LETTER L WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER L SLASH;;0141;;0141 +0143;LATIN CAPITAL LETTER N WITH ACUTE;Lu;0;L;004E 0301;;;;N;LATIN CAPITAL LETTER N ACUTE;;;0144; +0144;LATIN SMALL LETTER N WITH ACUTE;Ll;0;L;006E 0301;;;;N;LATIN SMALL LETTER N ACUTE;;0143;;0143 +0145;LATIN CAPITAL LETTER N WITH CEDILLA;Lu;0;L;004E 0327;;;;N;LATIN CAPITAL LETTER N CEDILLA;;;0146; +0146;LATIN SMALL LETTER N WITH CEDILLA;Ll;0;L;006E 0327;;;;N;LATIN SMALL LETTER N CEDILLA;;0145;;0145 +0147;LATIN CAPITAL LETTER N WITH CARON;Lu;0;L;004E 030C;;;;N;LATIN CAPITAL LETTER N HACEK;;;0148; +0148;LATIN SMALL LETTER N WITH CARON;Ll;0;L;006E 030C;;;;N;LATIN SMALL LETTER N HACEK;;0147;;0147 +0149;LATIN SMALL LETTER N PRECEDED BY APOSTROPHE;Ll;0;L; 02BC 006E;;;;N;LATIN SMALL LETTER APOSTROPHE N;;;; +014A;LATIN CAPITAL LETTER ENG;Lu;0;L;;;;;N;;Sami;;014B; +014B;LATIN SMALL LETTER ENG;Ll;0;L;;;;;N;;Sami;014A;;014A +014C;LATIN CAPITAL LETTER O WITH MACRON;Lu;0;L;004F 0304;;;;N;LATIN CAPITAL LETTER O MACRON;;;014D; +014D;LATIN SMALL LETTER O WITH MACRON;Ll;0;L;006F 0304;;;;N;LATIN SMALL LETTER O MACRON;;014C;;014C +014E;LATIN CAPITAL LETTER O WITH BREVE;Lu;0;L;004F 0306;;;;N;LATIN CAPITAL LETTER O BREVE;;;014F; +014F;LATIN SMALL LETTER O WITH BREVE;Ll;0;L;006F 0306;;;;N;LATIN SMALL LETTER O BREVE;;014E;;014E +0150;LATIN CAPITAL LETTER O WITH DOUBLE ACUTE;Lu;0;L;004F 030B;;;;N;LATIN CAPITAL LETTER O DOUBLE ACUTE;;;0151; +0151;LATIN SMALL LETTER O WITH DOUBLE ACUTE;Ll;0;L;006F 030B;;;;N;LATIN SMALL LETTER O DOUBLE ACUTE;;0150;;0150 +0152;LATIN CAPITAL LIGATURE OE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O E;;;0153; +0153;LATIN SMALL LIGATURE OE;Ll;0;L;;;;;N;LATIN SMALL LETTER O E;;0152;;0152 +0154;LATIN CAPITAL LETTER R WITH ACUTE;Lu;0;L;0052 0301;;;;N;LATIN CAPITAL LETTER R ACUTE;;;0155; +0155;LATIN SMALL LETTER R WITH ACUTE;Ll;0;L;0072 0301;;;;N;LATIN SMALL LETTER R ACUTE;;0154;;0154 +0156;LATIN CAPITAL LETTER R WITH CEDILLA;Lu;0;L;0052 0327;;;;N;LATIN CAPITAL LETTER R CEDILLA;;;0157; +0157;LATIN SMALL LETTER R WITH CEDILLA;Ll;0;L;0072 0327;;;;N;LATIN SMALL LETTER R CEDILLA;;0156;;0156 +0158;LATIN CAPITAL LETTER R WITH CARON;Lu;0;L;0052 030C;;;;N;LATIN CAPITAL LETTER R HACEK;;;0159; +0159;LATIN SMALL LETTER R WITH CARON;Ll;0;L;0072 030C;;;;N;LATIN SMALL LETTER R HACEK;;0158;;0158 +015A;LATIN CAPITAL LETTER S WITH ACUTE;Lu;0;L;0053 0301;;;;N;LATIN CAPITAL LETTER S ACUTE;;;015B; +015B;LATIN SMALL LETTER S WITH ACUTE;Ll;0;L;0073 0301;;;;N;LATIN SMALL LETTER S ACUTE;;015A;;015A +015C;LATIN CAPITAL LETTER S WITH CIRCUMFLEX;Lu;0;L;0053 0302;;;;N;LATIN CAPITAL LETTER S CIRCUMFLEX;;;015D; +015D;LATIN SMALL LETTER S WITH CIRCUMFLEX;Ll;0;L;0073 0302;;;;N;LATIN SMALL LETTER S CIRCUMFLEX;;015C;;015C +015E;LATIN CAPITAL LETTER S WITH CEDILLA;Lu;0;L;0053 0327;;;;N;LATIN CAPITAL LETTER S CEDILLA;*;;015F; +015F;LATIN SMALL LETTER S WITH CEDILLA;Ll;0;L;0073 0327;;;;N;LATIN SMALL LETTER S CEDILLA;*;015E;;015E +0160;LATIN CAPITAL LETTER S WITH CARON;Lu;0;L;0053 030C;;;;N;LATIN CAPITAL LETTER S HACEK;;;0161; +0161;LATIN SMALL LETTER S WITH CARON;Ll;0;L;0073 030C;;;;N;LATIN SMALL LETTER S HACEK;;0160;;0160 +0162;LATIN CAPITAL LETTER T WITH CEDILLA;Lu;0;L;0054 0327;;;;N;LATIN CAPITAL LETTER T CEDILLA;*;;0163; +0163;LATIN SMALL LETTER T WITH CEDILLA;Ll;0;L;0074 0327;;;;N;LATIN SMALL LETTER T CEDILLA;*;0162;;0162 +0164;LATIN CAPITAL LETTER T WITH CARON;Lu;0;L;0054 030C;;;;N;LATIN CAPITAL LETTER T HACEK;;;0165; +0165;LATIN SMALL LETTER T WITH CARON;Ll;0;L;0074 030C;;;;N;LATIN SMALL LETTER T HACEK;;0164;;0164 +0166;LATIN CAPITAL LETTER T WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T BAR;;;0167; +0167;LATIN SMALL LETTER T WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER T BAR;;0166;;0166 +0168;LATIN CAPITAL LETTER U WITH TILDE;Lu;0;L;0055 0303;;;;N;LATIN CAPITAL LETTER U TILDE;;;0169; +0169;LATIN SMALL LETTER U WITH TILDE;Ll;0;L;0075 0303;;;;N;LATIN SMALL LETTER U TILDE;;0168;;0168 +016A;LATIN CAPITAL LETTER U WITH MACRON;Lu;0;L;0055 0304;;;;N;LATIN CAPITAL LETTER U MACRON;;;016B; +016B;LATIN SMALL LETTER U WITH MACRON;Ll;0;L;0075 0304;;;;N;LATIN SMALL LETTER U MACRON;;016A;;016A +016C;LATIN CAPITAL LETTER U WITH BREVE;Lu;0;L;0055 0306;;;;N;LATIN CAPITAL LETTER U BREVE;;;016D; +016D;LATIN SMALL LETTER U WITH BREVE;Ll;0;L;0075 0306;;;;N;LATIN SMALL LETTER U BREVE;;016C;;016C +016E;LATIN CAPITAL LETTER U WITH RING ABOVE;Lu;0;L;0055 030A;;;;N;LATIN CAPITAL LETTER U RING;;;016F; +016F;LATIN SMALL LETTER U WITH RING ABOVE;Ll;0;L;0075 030A;;;;N;LATIN SMALL LETTER U RING;;016E;;016E +0170;LATIN CAPITAL LETTER U WITH DOUBLE ACUTE;Lu;0;L;0055 030B;;;;N;LATIN CAPITAL LETTER U DOUBLE ACUTE;;;0171; +0171;LATIN SMALL LETTER U WITH DOUBLE ACUTE;Ll;0;L;0075 030B;;;;N;LATIN SMALL LETTER U DOUBLE ACUTE;;0170;;0170 +0172;LATIN CAPITAL LETTER U WITH OGONEK;Lu;0;L;0055 0328;;;;N;LATIN CAPITAL LETTER U OGONEK;;;0173; +0173;LATIN SMALL LETTER U WITH OGONEK;Ll;0;L;0075 0328;;;;N;LATIN SMALL LETTER U OGONEK;;0172;;0172 +0174;LATIN CAPITAL LETTER W WITH CIRCUMFLEX;Lu;0;L;0057 0302;;;;N;LATIN CAPITAL LETTER W CIRCUMFLEX;;;0175; +0175;LATIN SMALL LETTER W WITH CIRCUMFLEX;Ll;0;L;0077 0302;;;;N;LATIN SMALL LETTER W CIRCUMFLEX;;0174;;0174 +0176;LATIN CAPITAL LETTER Y WITH CIRCUMFLEX;Lu;0;L;0059 0302;;;;N;LATIN CAPITAL LETTER Y CIRCUMFLEX;;;0177; +0177;LATIN SMALL LETTER Y WITH CIRCUMFLEX;Ll;0;L;0079 0302;;;;N;LATIN SMALL LETTER Y CIRCUMFLEX;;0176;;0176 +0178;LATIN CAPITAL LETTER Y WITH DIAERESIS;Lu;0;L;0059 0308;;;;N;LATIN CAPITAL LETTER Y DIAERESIS;;;00FF; +0179;LATIN CAPITAL LETTER Z WITH ACUTE;Lu;0;L;005A 0301;;;;N;LATIN CAPITAL LETTER Z ACUTE;;;017A; +017A;LATIN SMALL LETTER Z WITH ACUTE;Ll;0;L;007A 0301;;;;N;LATIN SMALL LETTER Z ACUTE;;0179;;0179 +017B;LATIN CAPITAL LETTER Z WITH DOT ABOVE;Lu;0;L;005A 0307;;;;N;LATIN CAPITAL LETTER Z DOT;;;017C; +017C;LATIN SMALL LETTER Z WITH DOT ABOVE;Ll;0;L;007A 0307;;;;N;LATIN SMALL LETTER Z DOT;;017B;;017B +017D;LATIN CAPITAL LETTER Z WITH CARON;Lu;0;L;005A 030C;;;;N;LATIN CAPITAL LETTER Z HACEK;;;017E; +017E;LATIN SMALL LETTER Z WITH CARON;Ll;0;L;007A 030C;;;;N;LATIN SMALL LETTER Z HACEK;;017D;;017D +017F;LATIN SMALL LETTER LONG S;Ll;0;L; 0073;;;;N;;;0053;;0053 +0180;LATIN SMALL LETTER B WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER B BAR;;;; +0181;LATIN CAPITAL LETTER B WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER B HOOK;;;0253; +0182;LATIN CAPITAL LETTER B WITH TOPBAR;Lu;0;L;;;;;N;LATIN CAPITAL LETTER B TOPBAR;;;0183; +0183;LATIN SMALL LETTER B WITH TOPBAR;Ll;0;L;;;;;N;LATIN SMALL LETTER B TOPBAR;;0182;;0182 +0184;LATIN CAPITAL LETTER TONE SIX;Lu;0;L;;;;;N;;;;0185; +0185;LATIN SMALL LETTER TONE SIX;Ll;0;L;;;;;N;;;0184;;0184 +0186;LATIN CAPITAL LETTER OPEN O;Lu;0;L;;;;;N;;;;0254; +0187;LATIN CAPITAL LETTER C WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER C HOOK;;;0188; +0188;LATIN SMALL LETTER C WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER C HOOK;;0187;;0187 +0189;LATIN CAPITAL LETTER AFRICAN D;Lu;0;L;;;;;N;;*;;0256; +018A;LATIN CAPITAL LETTER D WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D HOOK;;;0257; +018B;LATIN CAPITAL LETTER D WITH TOPBAR;Lu;0;L;;;;;N;LATIN CAPITAL LETTER D TOPBAR;;;018C; +018C;LATIN SMALL LETTER D WITH TOPBAR;Ll;0;L;;;;;N;LATIN SMALL LETTER D TOPBAR;;018B;;018B +018D;LATIN SMALL LETTER TURNED DELTA;Ll;0;L;;;;;N;;;;; +018E;LATIN CAPITAL LETTER REVERSED E;Lu;0;L;;;;;N;LATIN CAPITAL LETTER TURNED E;;;01DD; +018F;LATIN CAPITAL LETTER SCHWA;Lu;0;L;;;;;N;;;;0259; +0190;LATIN CAPITAL LETTER OPEN E;Lu;0;L;;;;;N;LATIN CAPITAL LETTER EPSILON;;;025B; +0191;LATIN CAPITAL LETTER F WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER F HOOK;;;0192; +0192;LATIN SMALL LETTER F WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT F;;0191;;0191 +0193;LATIN CAPITAL LETTER G WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER G HOOK;;;0260; +0194;LATIN CAPITAL LETTER GAMMA;Lu;0;L;;;;;N;;;;0263; +0195;LATIN SMALL LETTER HV;Ll;0;L;;;;;N;LATIN SMALL LETTER H V;hwair;01F6;;01F6 +0196;LATIN CAPITAL LETTER IOTA;Lu;0;L;;;;;N;;;;0269; +0197;LATIN CAPITAL LETTER I WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER BARRED I;;;0268; +0198;LATIN CAPITAL LETTER K WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER K HOOK;;;0199; +0199;LATIN SMALL LETTER K WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER K HOOK;;0198;;0198 +019A;LATIN SMALL LETTER L WITH BAR;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED L;;;; +019B;LATIN SMALL LETTER LAMBDA WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED LAMBDA;;;; +019C;LATIN CAPITAL LETTER TURNED M;Lu;0;L;;;;;N;;;;026F; +019D;LATIN CAPITAL LETTER N WITH LEFT HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER N HOOK;;;0272; +019E;LATIN SMALL LETTER N WITH LONG RIGHT LEG;Ll;0;L;;;;;N;;;0220;;0220 +019F;LATIN CAPITAL LETTER O WITH MIDDLE TILDE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER BARRED O;*;;0275; +01A0;LATIN CAPITAL LETTER O WITH HORN;Lu;0;L;004F 031B;;;;N;LATIN CAPITAL LETTER O HORN;;;01A1; +01A1;LATIN SMALL LETTER O WITH HORN;Ll;0;L;006F 031B;;;;N;LATIN SMALL LETTER O HORN;;01A0;;01A0 +01A2;LATIN CAPITAL LETTER OI;Lu;0;L;;;;;N;LATIN CAPITAL LETTER O I;gha;;01A3; +01A3;LATIN SMALL LETTER OI;Ll;0;L;;;;;N;LATIN SMALL LETTER O I;gha;01A2;;01A2 +01A4;LATIN CAPITAL LETTER P WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER P HOOK;;;01A5; +01A5;LATIN SMALL LETTER P WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER P HOOK;;01A4;;01A4 +01A6;LATIN LETTER YR;Lu;0;L;;;;;N;LATIN LETTER Y R;*;;0280; +01A7;LATIN CAPITAL LETTER TONE TWO;Lu;0;L;;;;;N;;;;01A8; +01A8;LATIN SMALL LETTER TONE TWO;Ll;0;L;;;;;N;;;01A7;;01A7 +01A9;LATIN CAPITAL LETTER ESH;Lu;0;L;;;;;N;;;;0283; +01AA;LATIN LETTER REVERSED ESH LOOP;Ll;0;L;;;;;N;;;;; +01AB;LATIN SMALL LETTER T WITH PALATAL HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T PALATAL HOOK;;;; +01AC;LATIN CAPITAL LETTER T WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T HOOK;;;01AD; +01AD;LATIN SMALL LETTER T WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T HOOK;;01AC;;01AC +01AE;LATIN CAPITAL LETTER T WITH RETROFLEX HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER T RETROFLEX HOOK;;;0288; +01AF;LATIN CAPITAL LETTER U WITH HORN;Lu;0;L;0055 031B;;;;N;LATIN CAPITAL LETTER U HORN;;;01B0; +01B0;LATIN SMALL LETTER U WITH HORN;Ll;0;L;0075 031B;;;;N;LATIN SMALL LETTER U HORN;;01AF;;01AF +01B1;LATIN CAPITAL LETTER UPSILON;Lu;0;L;;;;;N;;;;028A; +01B2;LATIN CAPITAL LETTER V WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER SCRIPT V;;;028B; +01B3;LATIN CAPITAL LETTER Y WITH HOOK;Lu;0;L;;;;;N;LATIN CAPITAL LETTER Y HOOK;;;01B4; +01B4;LATIN SMALL LETTER Y WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Y HOOK;;01B3;;01B3 +01B5;LATIN CAPITAL LETTER Z WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER Z BAR;;;01B6; +01B6;LATIN SMALL LETTER Z WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER Z BAR;;01B5;;01B5 +01B7;LATIN CAPITAL LETTER EZH;Lu;0;L;;;;;N;LATIN CAPITAL LETTER YOGH;;;0292; +01B8;LATIN CAPITAL LETTER EZH REVERSED;Lu;0;L;;;;;N;LATIN CAPITAL LETTER REVERSED YOGH;;;01B9; +01B9;LATIN SMALL LETTER EZH REVERSED;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED YOGH;;01B8;;01B8 +01BA;LATIN SMALL LETTER EZH WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH WITH TAIL;;;; +01BB;LATIN LETTER TWO WITH STROKE;Lo;0;L;;;;;N;LATIN LETTER TWO BAR;;;; +01BC;LATIN CAPITAL LETTER TONE FIVE;Lu;0;L;;;;;N;;;;01BD; +01BD;LATIN SMALL LETTER TONE FIVE;Ll;0;L;;;;;N;;;01BC;;01BC +01BE;LATIN LETTER INVERTED GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER INVERTED GLOTTAL STOP BAR;;;; +01BF;LATIN LETTER WYNN;Ll;0;L;;;;;N;;;01F7;;01F7 +01C0;LATIN LETTER DENTAL CLICK;Lo;0;L;;;;;N;LATIN LETTER PIPE;;;; +01C1;LATIN LETTER LATERAL CLICK;Lo;0;L;;;;;N;LATIN LETTER DOUBLE PIPE;;;; +01C2;LATIN LETTER ALVEOLAR CLICK;Lo;0;L;;;;;N;LATIN LETTER PIPE DOUBLE BAR;;;; +01C3;LATIN LETTER RETROFLEX CLICK;Lo;0;L;;;;;N;LATIN LETTER EXCLAMATION MARK;;;; +01C4;LATIN CAPITAL LETTER DZ WITH CARON;Lu;0;L; 0044 017D;;;;N;LATIN CAPITAL LETTER D Z HACEK;;;01C6;01C5 +01C5;LATIN CAPITAL LETTER D WITH SMALL LETTER Z WITH CARON;Lt;0;L; 0044 017E;;;;N;LATIN LETTER CAPITAL D SMALL Z HACEK;;01C4;01C6; +01C6;LATIN SMALL LETTER DZ WITH CARON;Ll;0;L; 0064 017E;;;;N;LATIN SMALL LETTER D Z HACEK;;01C4;;01C5 +01C7;LATIN CAPITAL LETTER LJ;Lu;0;L; 004C 004A;;;;N;LATIN CAPITAL LETTER L J;;;01C9;01C8 +01C8;LATIN CAPITAL LETTER L WITH SMALL LETTER J;Lt;0;L; 004C 006A;;;;N;LATIN LETTER CAPITAL L SMALL J;;01C7;01C9; +01C9;LATIN SMALL LETTER LJ;Ll;0;L; 006C 006A;;;;N;LATIN SMALL LETTER L J;;01C7;;01C8 +01CA;LATIN CAPITAL LETTER NJ;Lu;0;L; 004E 004A;;;;N;LATIN CAPITAL LETTER N J;;;01CC;01CB +01CB;LATIN CAPITAL LETTER N WITH SMALL LETTER J;Lt;0;L; 004E 006A;;;;N;LATIN LETTER CAPITAL N SMALL J;;01CA;01CC; +01CC;LATIN SMALL LETTER NJ;Ll;0;L; 006E 006A;;;;N;LATIN SMALL LETTER N J;;01CA;;01CB +01CD;LATIN CAPITAL LETTER A WITH CARON;Lu;0;L;0041 030C;;;;N;LATIN CAPITAL LETTER A HACEK;;;01CE; +01CE;LATIN SMALL LETTER A WITH CARON;Ll;0;L;0061 030C;;;;N;LATIN SMALL LETTER A HACEK;;01CD;;01CD +01CF;LATIN CAPITAL LETTER I WITH CARON;Lu;0;L;0049 030C;;;;N;LATIN CAPITAL LETTER I HACEK;;;01D0; +01D0;LATIN SMALL LETTER I WITH CARON;Ll;0;L;0069 030C;;;;N;LATIN SMALL LETTER I HACEK;;01CF;;01CF +01D1;LATIN CAPITAL LETTER O WITH CARON;Lu;0;L;004F 030C;;;;N;LATIN CAPITAL LETTER O HACEK;;;01D2; +01D2;LATIN SMALL LETTER O WITH CARON;Ll;0;L;006F 030C;;;;N;LATIN SMALL LETTER O HACEK;;01D1;;01D1 +01D3;LATIN CAPITAL LETTER U WITH CARON;Lu;0;L;0055 030C;;;;N;LATIN CAPITAL LETTER U HACEK;;;01D4; +01D4;LATIN SMALL LETTER U WITH CARON;Ll;0;L;0075 030C;;;;N;LATIN SMALL LETTER U HACEK;;01D3;;01D3 +01D5;LATIN CAPITAL LETTER U WITH DIAERESIS AND MACRON;Lu;0;L;00DC 0304;;;;N;LATIN CAPITAL LETTER U DIAERESIS MACRON;;;01D6; +01D6;LATIN SMALL LETTER U WITH DIAERESIS AND MACRON;Ll;0;L;00FC 0304;;;;N;LATIN SMALL LETTER U DIAERESIS MACRON;;01D5;;01D5 +01D7;LATIN CAPITAL LETTER U WITH DIAERESIS AND ACUTE;Lu;0;L;00DC 0301;;;;N;LATIN CAPITAL LETTER U DIAERESIS ACUTE;;;01D8; +01D8;LATIN SMALL LETTER U WITH DIAERESIS AND ACUTE;Ll;0;L;00FC 0301;;;;N;LATIN SMALL LETTER U DIAERESIS ACUTE;;01D7;;01D7 +01D9;LATIN CAPITAL LETTER U WITH DIAERESIS AND CARON;Lu;0;L;00DC 030C;;;;N;LATIN CAPITAL LETTER U DIAERESIS HACEK;;;01DA; +01DA;LATIN SMALL LETTER U WITH DIAERESIS AND CARON;Ll;0;L;00FC 030C;;;;N;LATIN SMALL LETTER U DIAERESIS HACEK;;01D9;;01D9 +01DB;LATIN CAPITAL LETTER U WITH DIAERESIS AND GRAVE;Lu;0;L;00DC 0300;;;;N;LATIN CAPITAL LETTER U DIAERESIS GRAVE;;;01DC; +01DC;LATIN SMALL LETTER U WITH DIAERESIS AND GRAVE;Ll;0;L;00FC 0300;;;;N;LATIN SMALL LETTER U DIAERESIS GRAVE;;01DB;;01DB +01DD;LATIN SMALL LETTER TURNED E;Ll;0;L;;;;;N;;;018E;;018E +01DE;LATIN CAPITAL LETTER A WITH DIAERESIS AND MACRON;Lu;0;L;00C4 0304;;;;N;LATIN CAPITAL LETTER A DIAERESIS MACRON;;;01DF; +01DF;LATIN SMALL LETTER A WITH DIAERESIS AND MACRON;Ll;0;L;00E4 0304;;;;N;LATIN SMALL LETTER A DIAERESIS MACRON;;01DE;;01DE +01E0;LATIN CAPITAL LETTER A WITH DOT ABOVE AND MACRON;Lu;0;L;0226 0304;;;;N;LATIN CAPITAL LETTER A DOT MACRON;;;01E1; +01E1;LATIN SMALL LETTER A WITH DOT ABOVE AND MACRON;Ll;0;L;0227 0304;;;;N;LATIN SMALL LETTER A DOT MACRON;;01E0;;01E0 +01E2;LATIN CAPITAL LETTER AE WITH MACRON;Lu;0;L;00C6 0304;;;;N;LATIN CAPITAL LETTER A E MACRON;ash *;;01E3; +01E3;LATIN SMALL LETTER AE WITH MACRON;Ll;0;L;00E6 0304;;;;N;LATIN SMALL LETTER A E MACRON;ash *;01E2;;01E2 +01E4;LATIN CAPITAL LETTER G WITH STROKE;Lu;0;L;;;;;N;LATIN CAPITAL LETTER G BAR;;;01E5; +01E5;LATIN SMALL LETTER G WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER G BAR;;01E4;;01E4 +01E6;LATIN CAPITAL LETTER G WITH CARON;Lu;0;L;0047 030C;;;;N;LATIN CAPITAL LETTER G HACEK;;;01E7; +01E7;LATIN SMALL LETTER G WITH CARON;Ll;0;L;0067 030C;;;;N;LATIN SMALL LETTER G HACEK;;01E6;;01E6 +01E8;LATIN CAPITAL LETTER K WITH CARON;Lu;0;L;004B 030C;;;;N;LATIN CAPITAL LETTER K HACEK;;;01E9; +01E9;LATIN SMALL LETTER K WITH CARON;Ll;0;L;006B 030C;;;;N;LATIN SMALL LETTER K HACEK;;01E8;;01E8 +01EA;LATIN CAPITAL LETTER O WITH OGONEK;Lu;0;L;004F 0328;;;;N;LATIN CAPITAL LETTER O OGONEK;;;01EB; +01EB;LATIN SMALL LETTER O WITH OGONEK;Ll;0;L;006F 0328;;;;N;LATIN SMALL LETTER O OGONEK;;01EA;;01EA +01EC;LATIN CAPITAL LETTER O WITH OGONEK AND MACRON;Lu;0;L;01EA 0304;;;;N;LATIN CAPITAL LETTER O OGONEK MACRON;;;01ED; +01ED;LATIN SMALL LETTER O WITH OGONEK AND MACRON;Ll;0;L;01EB 0304;;;;N;LATIN SMALL LETTER O OGONEK MACRON;;01EC;;01EC +01EE;LATIN CAPITAL LETTER EZH WITH CARON;Lu;0;L;01B7 030C;;;;N;LATIN CAPITAL LETTER YOGH HACEK;;;01EF; +01EF;LATIN SMALL LETTER EZH WITH CARON;Ll;0;L;0292 030C;;;;N;LATIN SMALL LETTER YOGH HACEK;;01EE;;01EE +01F0;LATIN SMALL LETTER J WITH CARON;Ll;0;L;006A 030C;;;;N;LATIN SMALL LETTER J HACEK;;;; +01F1;LATIN CAPITAL LETTER DZ;Lu;0;L; 0044 005A;;;;N;;;;01F3;01F2 +01F2;LATIN CAPITAL LETTER D WITH SMALL LETTER Z;Lt;0;L; 0044 007A;;;;N;;;01F1;01F3; +01F3;LATIN SMALL LETTER DZ;Ll;0;L; 0064 007A;;;;N;;;01F1;;01F2 +01F4;LATIN CAPITAL LETTER G WITH ACUTE;Lu;0;L;0047 0301;;;;N;;;;01F5; +01F5;LATIN SMALL LETTER G WITH ACUTE;Ll;0;L;0067 0301;;;;N;;;01F4;;01F4 +01F6;LATIN CAPITAL LETTER HWAIR;Lu;0;L;;;;;N;;;;0195; +01F7;LATIN CAPITAL LETTER WYNN;Lu;0;L;;;;;N;;;;01BF; +01F8;LATIN CAPITAL LETTER N WITH GRAVE;Lu;0;L;004E 0300;;;;N;;;;01F9; +01F9;LATIN SMALL LETTER N WITH GRAVE;Ll;0;L;006E 0300;;;;N;;;01F8;;01F8 +01FA;LATIN CAPITAL LETTER A WITH RING ABOVE AND ACUTE;Lu;0;L;00C5 0301;;;;N;;;;01FB; +01FB;LATIN SMALL LETTER A WITH RING ABOVE AND ACUTE;Ll;0;L;00E5 0301;;;;N;;;01FA;;01FA +01FC;LATIN CAPITAL LETTER AE WITH ACUTE;Lu;0;L;00C6 0301;;;;N;;ash *;;01FD; +01FD;LATIN SMALL LETTER AE WITH ACUTE;Ll;0;L;00E6 0301;;;;N;;ash *;01FC;;01FC +01FE;LATIN CAPITAL LETTER O WITH STROKE AND ACUTE;Lu;0;L;00D8 0301;;;;N;;;;01FF; +01FF;LATIN SMALL LETTER O WITH STROKE AND ACUTE;Ll;0;L;00F8 0301;;;;N;;;01FE;;01FE +0200;LATIN CAPITAL LETTER A WITH DOUBLE GRAVE;Lu;0;L;0041 030F;;;;N;;;;0201; +0201;LATIN SMALL LETTER A WITH DOUBLE GRAVE;Ll;0;L;0061 030F;;;;N;;;0200;;0200 +0202;LATIN CAPITAL LETTER A WITH INVERTED BREVE;Lu;0;L;0041 0311;;;;N;;;;0203; +0203;LATIN SMALL LETTER A WITH INVERTED BREVE;Ll;0;L;0061 0311;;;;N;;;0202;;0202 +0204;LATIN CAPITAL LETTER E WITH DOUBLE GRAVE;Lu;0;L;0045 030F;;;;N;;;;0205; +0205;LATIN SMALL LETTER E WITH DOUBLE GRAVE;Ll;0;L;0065 030F;;;;N;;;0204;;0204 +0206;LATIN CAPITAL LETTER E WITH INVERTED BREVE;Lu;0;L;0045 0311;;;;N;;;;0207; +0207;LATIN SMALL LETTER E WITH INVERTED BREVE;Ll;0;L;0065 0311;;;;N;;;0206;;0206 +0208;LATIN CAPITAL LETTER I WITH DOUBLE GRAVE;Lu;0;L;0049 030F;;;;N;;;;0209; +0209;LATIN SMALL LETTER I WITH DOUBLE GRAVE;Ll;0;L;0069 030F;;;;N;;;0208;;0208 +020A;LATIN CAPITAL LETTER I WITH INVERTED BREVE;Lu;0;L;0049 0311;;;;N;;;;020B; +020B;LATIN SMALL LETTER I WITH INVERTED BREVE;Ll;0;L;0069 0311;;;;N;;;020A;;020A +020C;LATIN CAPITAL LETTER O WITH DOUBLE GRAVE;Lu;0;L;004F 030F;;;;N;;;;020D; +020D;LATIN SMALL LETTER O WITH DOUBLE GRAVE;Ll;0;L;006F 030F;;;;N;;;020C;;020C +020E;LATIN CAPITAL LETTER O WITH INVERTED BREVE;Lu;0;L;004F 0311;;;;N;;;;020F; +020F;LATIN SMALL LETTER O WITH INVERTED BREVE;Ll;0;L;006F 0311;;;;N;;;020E;;020E +0210;LATIN CAPITAL LETTER R WITH DOUBLE GRAVE;Lu;0;L;0052 030F;;;;N;;;;0211; +0211;LATIN SMALL LETTER R WITH DOUBLE GRAVE;Ll;0;L;0072 030F;;;;N;;;0210;;0210 +0212;LATIN CAPITAL LETTER R WITH INVERTED BREVE;Lu;0;L;0052 0311;;;;N;;;;0213; +0213;LATIN SMALL LETTER R WITH INVERTED BREVE;Ll;0;L;0072 0311;;;;N;;;0212;;0212 +0214;LATIN CAPITAL LETTER U WITH DOUBLE GRAVE;Lu;0;L;0055 030F;;;;N;;;;0215; +0215;LATIN SMALL LETTER U WITH DOUBLE GRAVE;Ll;0;L;0075 030F;;;;N;;;0214;;0214 +0216;LATIN CAPITAL LETTER U WITH INVERTED BREVE;Lu;0;L;0055 0311;;;;N;;;;0217; +0217;LATIN SMALL LETTER U WITH INVERTED BREVE;Ll;0;L;0075 0311;;;;N;;;0216;;0216 +0218;LATIN CAPITAL LETTER S WITH COMMA BELOW;Lu;0;L;0053 0326;;;;N;;*;;0219; +0219;LATIN SMALL LETTER S WITH COMMA BELOW;Ll;0;L;0073 0326;;;;N;;*;0218;;0218 +021A;LATIN CAPITAL LETTER T WITH COMMA BELOW;Lu;0;L;0054 0326;;;;N;;*;;021B; +021B;LATIN SMALL LETTER T WITH COMMA BELOW;Ll;0;L;0074 0326;;;;N;;*;021A;;021A +021C;LATIN CAPITAL LETTER YOGH;Lu;0;L;;;;;N;;;;021D; +021D;LATIN SMALL LETTER YOGH;Ll;0;L;;;;;N;;;021C;;021C +021E;LATIN CAPITAL LETTER H WITH CARON;Lu;0;L;0048 030C;;;;N;;;;021F; +021F;LATIN SMALL LETTER H WITH CARON;Ll;0;L;0068 030C;;;;N;;;021E;;021E +0220;LATIN CAPITAL LETTER N WITH LONG RIGHT LEG;Lu;0;L;;;;;N;;;;019E; +0222;LATIN CAPITAL LETTER OU;Lu;0;L;;;;;N;;;;0223; +0223;LATIN SMALL LETTER OU;Ll;0;L;;;;;N;;;0222;;0222 +0224;LATIN CAPITAL LETTER Z WITH HOOK;Lu;0;L;;;;;N;;;;0225; +0225;LATIN SMALL LETTER Z WITH HOOK;Ll;0;L;;;;;N;;;0224;;0224 +0226;LATIN CAPITAL LETTER A WITH DOT ABOVE;Lu;0;L;0041 0307;;;;N;;;;0227; +0227;LATIN SMALL LETTER A WITH DOT ABOVE;Ll;0;L;0061 0307;;;;N;;;0226;;0226 +0228;LATIN CAPITAL LETTER E WITH CEDILLA;Lu;0;L;0045 0327;;;;N;;;;0229; +0229;LATIN SMALL LETTER E WITH CEDILLA;Ll;0;L;0065 0327;;;;N;;;0228;;0228 +022A;LATIN CAPITAL LETTER O WITH DIAERESIS AND MACRON;Lu;0;L;00D6 0304;;;;N;;;;022B; +022B;LATIN SMALL LETTER O WITH DIAERESIS AND MACRON;Ll;0;L;00F6 0304;;;;N;;;022A;;022A +022C;LATIN CAPITAL LETTER O WITH TILDE AND MACRON;Lu;0;L;00D5 0304;;;;N;;;;022D; +022D;LATIN SMALL LETTER O WITH TILDE AND MACRON;Ll;0;L;00F5 0304;;;;N;;;022C;;022C +022E;LATIN CAPITAL LETTER O WITH DOT ABOVE;Lu;0;L;004F 0307;;;;N;;;;022F; +022F;LATIN SMALL LETTER O WITH DOT ABOVE;Ll;0;L;006F 0307;;;;N;;;022E;;022E +0230;LATIN CAPITAL LETTER O WITH DOT ABOVE AND MACRON;Lu;0;L;022E 0304;;;;N;;;;0231; +0231;LATIN SMALL LETTER O WITH DOT ABOVE AND MACRON;Ll;0;L;022F 0304;;;;N;;;0230;;0230 +0232;LATIN CAPITAL LETTER Y WITH MACRON;Lu;0;L;0059 0304;;;;N;;;;0233; +0233;LATIN SMALL LETTER Y WITH MACRON;Ll;0;L;0079 0304;;;;N;;;0232;;0232 +0250;LATIN SMALL LETTER TURNED A;Ll;0;L;;;;;N;;;;; +0251;LATIN SMALL LETTER ALPHA;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT A;;;; +0252;LATIN SMALL LETTER TURNED ALPHA;Ll;0;L;;;;;N;LATIN SMALL LETTER TURNED SCRIPT A;;;; +0253;LATIN SMALL LETTER B WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER B HOOK;;0181;;0181 +0254;LATIN SMALL LETTER OPEN O;Ll;0;L;;;;;N;;;0186;;0186 +0255;LATIN SMALL LETTER C WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER C CURL;;;; +0256;LATIN SMALL LETTER D WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER D RETROFLEX HOOK;;0189;;0189 +0257;LATIN SMALL LETTER D WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER D HOOK;;018A;;018A +0258;LATIN SMALL LETTER REVERSED E;Ll;0;L;;;;;N;;;;; +0259;LATIN SMALL LETTER SCHWA;Ll;0;L;;;;;N;;;018F;;018F +025A;LATIN SMALL LETTER SCHWA WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCHWA HOOK;;;; +025B;LATIN SMALL LETTER OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER EPSILON;;0190;;0190 +025C;LATIN SMALL LETTER REVERSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED EPSILON;;;; +025D;LATIN SMALL LETTER REVERSED OPEN E WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED EPSILON HOOK;;;; +025E;LATIN SMALL LETTER CLOSED REVERSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER CLOSED REVERSED EPSILON;;;; +025F;LATIN SMALL LETTER DOTLESS J WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER DOTLESS J BAR;;;; +0260;LATIN SMALL LETTER G WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER G HOOK;;0193;;0193 +0261;LATIN SMALL LETTER SCRIPT G;Ll;0;L;;;;;N;;;;; +0262;LATIN LETTER SMALL CAPITAL G;Ll;0;L;;;;;N;;;;; +0263;LATIN SMALL LETTER GAMMA;Ll;0;L;;;;;N;;;0194;;0194 +0264;LATIN SMALL LETTER RAMS HORN;Ll;0;L;;;;;N;LATIN SMALL LETTER BABY GAMMA;;;; +0265;LATIN SMALL LETTER TURNED H;Ll;0;L;;;;;N;;;;; +0266;LATIN SMALL LETTER H WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER H HOOK;;;; +0267;LATIN SMALL LETTER HENG WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER HENG HOOK;;;; +0268;LATIN SMALL LETTER I WITH STROKE;Ll;0;L;;;;;N;LATIN SMALL LETTER BARRED I;;0197;;0197 +0269;LATIN SMALL LETTER IOTA;Ll;0;L;;;;;N;;;0196;;0196 +026A;LATIN LETTER SMALL CAPITAL I;Ll;0;L;;;;;N;;;;; +026B;LATIN SMALL LETTER L WITH MIDDLE TILDE;Ll;0;L;;;;;N;;;;; +026C;LATIN SMALL LETTER L WITH BELT;Ll;0;L;;;;;N;LATIN SMALL LETTER L BELT;;;; +026D;LATIN SMALL LETTER L WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER L RETROFLEX HOOK;;;; +026E;LATIN SMALL LETTER LEZH;Ll;0;L;;;;;N;LATIN SMALL LETTER L YOGH;;;; +026F;LATIN SMALL LETTER TURNED M;Ll;0;L;;;;;N;;;019C;;019C +0270;LATIN SMALL LETTER TURNED M WITH LONG LEG;Ll;0;L;;;;;N;;;;; +0271;LATIN SMALL LETTER M WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER M HOOK;;;; +0272;LATIN SMALL LETTER N WITH LEFT HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER N HOOK;;019D;;019D +0273;LATIN SMALL LETTER N WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER N RETROFLEX HOOK;;;; +0274;LATIN LETTER SMALL CAPITAL N;Ll;0;L;;;;;N;;;;; +0275;LATIN SMALL LETTER BARRED O;Ll;0;L;;;;;N;;;019F;;019F +0276;LATIN LETTER SMALL CAPITAL OE;Ll;0;L;;;;;N;LATIN LETTER SMALL CAPITAL O E;;;; +0277;LATIN SMALL LETTER CLOSED OMEGA;Ll;0;L;;;;;N;;;;; +0278;LATIN SMALL LETTER PHI;Ll;0;L;;;;;N;;;;; +0279;LATIN SMALL LETTER TURNED R;Ll;0;L;;;;;N;;;;; +027A;LATIN SMALL LETTER TURNED R WITH LONG LEG;Ll;0;L;;;;;N;;;;; +027B;LATIN SMALL LETTER TURNED R WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER TURNED R HOOK;;;; +027C;LATIN SMALL LETTER R WITH LONG LEG;Ll;0;L;;;;;N;;;;; +027D;LATIN SMALL LETTER R WITH TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER R HOOK;;;; +027E;LATIN SMALL LETTER R WITH FISHHOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER FISHHOOK R;;;; +027F;LATIN SMALL LETTER REVERSED R WITH FISHHOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER REVERSED FISHHOOK R;;;; +0280;LATIN LETTER SMALL CAPITAL R;Ll;0;L;;;;;N;;*;01A6;;01A6 +0281;LATIN LETTER SMALL CAPITAL INVERTED R;Ll;0;L;;;;;N;;;;; +0282;LATIN SMALL LETTER S WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER S HOOK;;;; +0283;LATIN SMALL LETTER ESH;Ll;0;L;;;;;N;;;01A9;;01A9 +0284;LATIN SMALL LETTER DOTLESS J WITH STROKE AND HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER DOTLESS J BAR HOOK;;;; +0285;LATIN SMALL LETTER SQUAT REVERSED ESH;Ll;0;L;;;;;N;;;;; +0286;LATIN SMALL LETTER ESH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER ESH CURL;;;; +0287;LATIN SMALL LETTER TURNED T;Ll;0;L;;;;;N;;;;; +0288;LATIN SMALL LETTER T WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER T RETROFLEX HOOK;;01AE;;01AE +0289;LATIN SMALL LETTER U BAR;Ll;0;L;;;;;N;;;;; +028A;LATIN SMALL LETTER UPSILON;Ll;0;L;;;;;N;;;01B1;;01B1 +028B;LATIN SMALL LETTER V WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER SCRIPT V;;01B2;;01B2 +028C;LATIN SMALL LETTER TURNED V;Ll;0;L;;;;;N;;;;; +028D;LATIN SMALL LETTER TURNED W;Ll;0;L;;;;;N;;;;; +028E;LATIN SMALL LETTER TURNED Y;Ll;0;L;;;;;N;;;;; +028F;LATIN LETTER SMALL CAPITAL Y;Ll;0;L;;;;;N;;;;; +0290;LATIN SMALL LETTER Z WITH RETROFLEX HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Z RETROFLEX HOOK;;;; +0291;LATIN SMALL LETTER Z WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER Z CURL;;;; +0292;LATIN SMALL LETTER EZH;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH;;01B7;;01B7 +0293;LATIN SMALL LETTER EZH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER YOGH CURL;;;; +0294;LATIN LETTER GLOTTAL STOP;Ll;0;L;;;;;N;;;;; +0295;LATIN LETTER PHARYNGEAL VOICED FRICATIVE;Ll;0;L;;;;;N;LATIN LETTER REVERSED GLOTTAL STOP;;;; +0296;LATIN LETTER INVERTED GLOTTAL STOP;Ll;0;L;;;;;N;;;;; +0297;LATIN LETTER STRETCHED C;Ll;0;L;;;;;N;;;;; +0298;LATIN LETTER BILABIAL CLICK;Ll;0;L;;;;;N;LATIN LETTER BULLSEYE;;;; +0299;LATIN LETTER SMALL CAPITAL B;Ll;0;L;;;;;N;;;;; +029A;LATIN SMALL LETTER CLOSED OPEN E;Ll;0;L;;;;;N;LATIN SMALL LETTER CLOSED EPSILON;;;; +029B;LATIN LETTER SMALL CAPITAL G WITH HOOK;Ll;0;L;;;;;N;LATIN LETTER SMALL CAPITAL G HOOK;;;; +029C;LATIN LETTER SMALL CAPITAL H;Ll;0;L;;;;;N;;;;; +029D;LATIN SMALL LETTER J WITH CROSSED-TAIL;Ll;0;L;;;;;N;LATIN SMALL LETTER CROSSED-TAIL J;;;; +029E;LATIN SMALL LETTER TURNED K;Ll;0;L;;;;;N;;;;; +029F;LATIN LETTER SMALL CAPITAL L;Ll;0;L;;;;;N;;;;; +02A0;LATIN SMALL LETTER Q WITH HOOK;Ll;0;L;;;;;N;LATIN SMALL LETTER Q HOOK;;;; +02A1;LATIN LETTER GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER GLOTTAL STOP BAR;;;; +02A2;LATIN LETTER REVERSED GLOTTAL STOP WITH STROKE;Ll;0;L;;;;;N;LATIN LETTER REVERSED GLOTTAL STOP BAR;;;; +02A3;LATIN SMALL LETTER DZ DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER D Z;;;; +02A4;LATIN SMALL LETTER DEZH DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER D YOGH;;;; +02A5;LATIN SMALL LETTER DZ DIGRAPH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER D Z CURL;;;; +02A6;LATIN SMALL LETTER TS DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER T S;;;; +02A7;LATIN SMALL LETTER TESH DIGRAPH;Ll;0;L;;;;;N;LATIN SMALL LETTER T ESH;;;; +02A8;LATIN SMALL LETTER TC DIGRAPH WITH CURL;Ll;0;L;;;;;N;LATIN SMALL LETTER T C CURL;;;; +02A9;LATIN SMALL LETTER FENG DIGRAPH;Ll;0;L;;;;;N;;;;; +02AA;LATIN SMALL LETTER LS DIGRAPH;Ll;0;L;;;;;N;;;;; +02AB;LATIN SMALL LETTER LZ DIGRAPH;Ll;0;L;;;;;N;;;;; +02AC;LATIN LETTER BILABIAL PERCUSSIVE;Ll;0;L;;;;;N;;;;; +02AD;LATIN LETTER BIDENTAL PERCUSSIVE;Ll;0;L;;;;;N;;;;; +02B0;MODIFIER LETTER SMALL H;Lm;0;L; 0068;;;;N;;;;; +02B1;MODIFIER LETTER SMALL H WITH HOOK;Lm;0;L; 0266;;;;N;MODIFIER LETTER SMALL H HOOK;;;; +02B2;MODIFIER LETTER SMALL J;Lm;0;L; 006A;;;;N;;;;; +02B3;MODIFIER LETTER SMALL R;Lm;0;L; 0072;;;;N;;;;; +02B4;MODIFIER LETTER SMALL TURNED R;Lm;0;L; 0279;;;;N;;;;; +02B5;MODIFIER LETTER SMALL TURNED R WITH HOOK;Lm;0;L; 027B;;;;N;MODIFIER LETTER SMALL TURNED R HOOK;;;; +02B6;MODIFIER LETTER SMALL CAPITAL INVERTED R;Lm;0;L; 0281;;;;N;;;;; +02B7;MODIFIER LETTER SMALL W;Lm;0;L; 0077;;;;N;;;;; +02B8;MODIFIER LETTER SMALL Y;Lm;0;L; 0079;;;;N;;;;; +02B9;MODIFIER LETTER PRIME;Sk;0;ON;;;;;N;;;;; +02BA;MODIFIER LETTER DOUBLE PRIME;Sk;0;ON;;;;;N;;;;; +02BB;MODIFIER LETTER TURNED COMMA;Lm;0;L;;;;;N;;;;; +02BC;MODIFIER LETTER APOSTROPHE;Lm;0;L;;;;;N;;;;; +02BD;MODIFIER LETTER REVERSED COMMA;Lm;0;L;;;;;N;;;;; +02BE;MODIFIER LETTER RIGHT HALF RING;Lm;0;L;;;;;N;;;;; +02BF;MODIFIER LETTER LEFT HALF RING;Lm;0;L;;;;;N;;;;; +02C0;MODIFIER LETTER GLOTTAL STOP;Lm;0;L;;;;;N;;;;; +02C1;MODIFIER LETTER REVERSED GLOTTAL STOP;Lm;0;L;;;;;N;;;;; +02C2;MODIFIER LETTER LEFT ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02C3;MODIFIER LETTER RIGHT ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02C4;MODIFIER LETTER UP ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02C5;MODIFIER LETTER DOWN ARROWHEAD;Sk;0;ON;;;;;N;;;;; +02C6;MODIFIER LETTER CIRCUMFLEX ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER CIRCUMFLEX;;;; +02C7;CARON;Sk;0;ON;;;;;N;MODIFIER LETTER HACEK;Mandarin Chinese third tone;;; +02C8;MODIFIER LETTER VERTICAL LINE;Sk;0;ON;;;;;N;;;;; +02C9;MODIFIER LETTER MACRON;Sk;0;ON;;;;;N;;Mandarin Chinese first tone;;; +02CA;MODIFIER LETTER ACUTE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER ACUTE;Mandarin Chinese second tone;;; +02CB;MODIFIER LETTER GRAVE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER GRAVE;Mandarin Chinese fourth tone;;; +02CC;MODIFIER LETTER LOW VERTICAL LINE;Sk;0;ON;;;;;N;;;;; +02CD;MODIFIER LETTER LOW MACRON;Sk;0;ON;;;;;N;;;;; +02CE;MODIFIER LETTER LOW GRAVE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER LOW GRAVE;;;; +02CF;MODIFIER LETTER LOW ACUTE ACCENT;Sk;0;ON;;;;;N;MODIFIER LETTER LOW ACUTE;;;; +02D0;MODIFIER LETTER TRIANGULAR COLON;Lm;0;L;;;;;N;;;;; +02D1;MODIFIER LETTER HALF TRIANGULAR COLON;Lm;0;L;;;;;N;;;;; +02D2;MODIFIER LETTER CENTRED RIGHT HALF RING;Sk;0;ON;;;;;N;MODIFIER LETTER CENTERED RIGHT HALF RING;;;; +02D3;MODIFIER LETTER CENTRED LEFT HALF RING;Sk;0;ON;;;;;N;MODIFIER LETTER CENTERED LEFT HALF RING;;;; +02D4;MODIFIER LETTER UP TACK;Sk;0;ON;;;;;N;;;;; +02D5;MODIFIER LETTER DOWN TACK;Sk;0;ON;;;;;N;;;;; +02D6;MODIFIER LETTER PLUS SIGN;Sk;0;ON;;;;;N;;;;; +02D7;MODIFIER LETTER MINUS SIGN;Sk;0;ON;;;;;N;;;;; +02D8;BREVE;Sk;0;ON; 0020 0306;;;;N;SPACING BREVE;;;; +02D9;DOT ABOVE;Sk;0;ON; 0020 0307;;;;N;SPACING DOT ABOVE;Mandarin Chinese light tone;;; +02DA;RING ABOVE;Sk;0;ON; 0020 030A;;;;N;SPACING RING ABOVE;;;; +02DB;OGONEK;Sk;0;ON; 0020 0328;;;;N;SPACING OGONEK;;;; +02DC;SMALL TILDE;Sk;0;ON; 0020 0303;;;;N;SPACING TILDE;;;; +02DD;DOUBLE ACUTE ACCENT;Sk;0;ON; 0020 030B;;;;N;SPACING DOUBLE ACUTE;;;; +02DE;MODIFIER LETTER RHOTIC HOOK;Sk;0;ON;;;;;N;;;;; +02DF;MODIFIER LETTER CROSS ACCENT;Sk;0;ON;;;;;N;;;;; +02E0;MODIFIER LETTER SMALL GAMMA;Lm;0;L; 0263;;;;N;;;;; +02E1;MODIFIER LETTER SMALL L;Lm;0;L; 006C;;;;N;;;;; +02E2;MODIFIER LETTER SMALL S;Lm;0;L; 0073;;;;N;;;;; +02E3;MODIFIER LETTER SMALL X;Lm;0;L; 0078;;;;N;;;;; +02E4;MODIFIER LETTER SMALL REVERSED GLOTTAL STOP;Lm;0;L; 0295;;;;N;;;;; +02E5;MODIFIER LETTER EXTRA-HIGH TONE BAR;Sk;0;ON;;;;;N;;;;; +02E6;MODIFIER LETTER HIGH TONE BAR;Sk;0;ON;;;;;N;;;;; +02E7;MODIFIER LETTER MID TONE BAR;Sk;0;ON;;;;;N;;;;; +02E8;MODIFIER LETTER LOW TONE BAR;Sk;0;ON;;;;;N;;;;; +02E9;MODIFIER LETTER EXTRA-LOW TONE BAR;Sk;0;ON;;;;;N;;;;; +02EA;MODIFIER LETTER YIN DEPARTING TONE MARK;Sk;0;ON;;;;;N;;;;; +02EB;MODIFIER LETTER YANG DEPARTING TONE MARK;Sk;0;ON;;;;;N;;;;; +02EC;MODIFIER LETTER VOICING;Sk;0;ON;;;;;N;;;;; +02ED;MODIFIER LETTER UNASPIRATED;Sk;0;ON;;;;;N;;;;; +02EE;MODIFIER LETTER DOUBLE APOSTROPHE;Lm;0;L;;;;;N;;;;; +0300;COMBINING GRAVE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING GRAVE;Varia;;; +0301;COMBINING ACUTE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING ACUTE;Oxia, Tonos;;; +0302;COMBINING CIRCUMFLEX ACCENT;Mn;230;NSM;;;;;N;NON-SPACING CIRCUMFLEX;;;; +0303;COMBINING TILDE;Mn;230;NSM;;;;;N;NON-SPACING TILDE;;;; +0304;COMBINING MACRON;Mn;230;NSM;;;;;N;NON-SPACING MACRON;;;; +0305;COMBINING OVERLINE;Mn;230;NSM;;;;;N;NON-SPACING OVERSCORE;;;; +0306;COMBINING BREVE;Mn;230;NSM;;;;;N;NON-SPACING BREVE;Vrachy;;; +0307;COMBINING DOT ABOVE;Mn;230;NSM;;;;;N;NON-SPACING DOT ABOVE;;;; +0308;COMBINING DIAERESIS;Mn;230;NSM;;;;;N;NON-SPACING DIAERESIS;Dialytika;;; +0309;COMBINING HOOK ABOVE;Mn;230;NSM;;;;;N;NON-SPACING HOOK ABOVE;;;; +030A;COMBINING RING ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RING ABOVE;;;; +030B;COMBINING DOUBLE ACUTE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE ACUTE;;;; +030C;COMBINING CARON;Mn;230;NSM;;;;;N;NON-SPACING HACEK;;;; +030D;COMBINING VERTICAL LINE ABOVE;Mn;230;NSM;;;;;N;NON-SPACING VERTICAL LINE ABOVE;;;; +030E;COMBINING DOUBLE VERTICAL LINE ABOVE;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE VERTICAL LINE ABOVE;;;; +030F;COMBINING DOUBLE GRAVE ACCENT;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE GRAVE;;;; +0310;COMBINING CANDRABINDU;Mn;230;NSM;;;;;N;NON-SPACING CANDRABINDU;;;; +0311;COMBINING INVERTED BREVE;Mn;230;NSM;;;;;N;NON-SPACING INVERTED BREVE;;;; +0312;COMBINING TURNED COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING TURNED COMMA ABOVE;;;; +0313;COMBINING COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING COMMA ABOVE;Psili;;; +0314;COMBINING REVERSED COMMA ABOVE;Mn;230;NSM;;;;;N;NON-SPACING REVERSED COMMA ABOVE;Dasia;;; +0315;COMBINING COMMA ABOVE RIGHT;Mn;232;NSM;;;;;N;NON-SPACING COMMA ABOVE RIGHT;;;; +0316;COMBINING GRAVE ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING GRAVE BELOW;;;; +0317;COMBINING ACUTE ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING ACUTE BELOW;;;; +0318;COMBINING LEFT TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING LEFT TACK BELOW;;;; +0319;COMBINING RIGHT TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING RIGHT TACK BELOW;;;; +031A;COMBINING LEFT ANGLE ABOVE;Mn;232;NSM;;;;;N;NON-SPACING LEFT ANGLE ABOVE;;;; +031B;COMBINING HORN;Mn;216;NSM;;;;;N;NON-SPACING HORN;;;; +031C;COMBINING LEFT HALF RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING LEFT HALF RING BELOW;;;; +031D;COMBINING UP TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING UP TACK BELOW;;;; +031E;COMBINING DOWN TACK BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOWN TACK BELOW;;;; +031F;COMBINING PLUS SIGN BELOW;Mn;220;NSM;;;;;N;NON-SPACING PLUS SIGN BELOW;;;; +0320;COMBINING MINUS SIGN BELOW;Mn;220;NSM;;;;;N;NON-SPACING MINUS SIGN BELOW;;;; +0321;COMBINING PALATALIZED HOOK BELOW;Mn;202;NSM;;;;;N;NON-SPACING PALATALIZED HOOK BELOW;;;; +0322;COMBINING RETROFLEX HOOK BELOW;Mn;202;NSM;;;;;N;NON-SPACING RETROFLEX HOOK BELOW;;;; +0323;COMBINING DOT BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOT BELOW;;;; +0324;COMBINING DIAERESIS BELOW;Mn;220;NSM;;;;;N;NON-SPACING DOUBLE DOT BELOW;;;; +0325;COMBINING RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING RING BELOW;;;; +0326;COMBINING COMMA BELOW;Mn;220;NSM;;;;;N;NON-SPACING COMMA BELOW;;;; +0327;COMBINING CEDILLA;Mn;202;NSM;;;;;N;NON-SPACING CEDILLA;;;; +0328;COMBINING OGONEK;Mn;202;NSM;;;;;N;NON-SPACING OGONEK;;;; +0329;COMBINING VERTICAL LINE BELOW;Mn;220;NSM;;;;;N;NON-SPACING VERTICAL LINE BELOW;;;; +032A;COMBINING BRIDGE BELOW;Mn;220;NSM;;;;;N;NON-SPACING BRIDGE BELOW;;;; +032B;COMBINING INVERTED DOUBLE ARCH BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED DOUBLE ARCH BELOW;;;; +032C;COMBINING CARON BELOW;Mn;220;NSM;;;;;N;NON-SPACING HACEK BELOW;;;; +032D;COMBINING CIRCUMFLEX ACCENT BELOW;Mn;220;NSM;;;;;N;NON-SPACING CIRCUMFLEX BELOW;;;; +032E;COMBINING BREVE BELOW;Mn;220;NSM;;;;;N;NON-SPACING BREVE BELOW;;;; +032F;COMBINING INVERTED BREVE BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED BREVE BELOW;;;; +0330;COMBINING TILDE BELOW;Mn;220;NSM;;;;;N;NON-SPACING TILDE BELOW;;;; +0331;COMBINING MACRON BELOW;Mn;220;NSM;;;;;N;NON-SPACING MACRON BELOW;;;; +0332;COMBINING LOW LINE;Mn;220;NSM;;;;;N;NON-SPACING UNDERSCORE;;;; +0333;COMBINING DOUBLE LOW LINE;Mn;220;NSM;;;;;N;NON-SPACING DOUBLE UNDERSCORE;;;; +0334;COMBINING TILDE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING TILDE OVERLAY;;;; +0335;COMBINING SHORT STROKE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT BAR OVERLAY;;;; +0336;COMBINING LONG STROKE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG BAR OVERLAY;;;; +0337;COMBINING SHORT SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT SLASH OVERLAY;;;; +0338;COMBINING LONG SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG SLASH OVERLAY;;;; +0339;COMBINING RIGHT HALF RING BELOW;Mn;220;NSM;;;;;N;NON-SPACING RIGHT HALF RING BELOW;;;; +033A;COMBINING INVERTED BRIDGE BELOW;Mn;220;NSM;;;;;N;NON-SPACING INVERTED BRIDGE BELOW;;;; +033B;COMBINING SQUARE BELOW;Mn;220;NSM;;;;;N;NON-SPACING SQUARE BELOW;;;; +033C;COMBINING SEAGULL BELOW;Mn;220;NSM;;;;;N;NON-SPACING SEAGULL BELOW;;;; +033D;COMBINING X ABOVE;Mn;230;NSM;;;;;N;NON-SPACING X ABOVE;;;; +033E;COMBINING VERTICAL TILDE;Mn;230;NSM;;;;;N;NON-SPACING VERTICAL TILDE;;;; +033F;COMBINING DOUBLE OVERLINE;Mn;230;NSM;;;;;N;NON-SPACING DOUBLE OVERSCORE;;;; +0340;COMBINING GRAVE TONE MARK;Mn;230;NSM;0300;;;;N;NON-SPACING GRAVE TONE MARK;Vietnamese;;; +0341;COMBINING ACUTE TONE MARK;Mn;230;NSM;0301;;;;N;NON-SPACING ACUTE TONE MARK;Vietnamese;;; +0342;COMBINING GREEK PERISPOMENI;Mn;230;NSM;;;;;N;;;;; +0343;COMBINING GREEK KORONIS;Mn;230;NSM;0313;;;;N;;;;; +0344;COMBINING GREEK DIALYTIKA TONOS;Mn;230;NSM;0308 0301;;;;N;GREEK NON-SPACING DIAERESIS TONOS;;;; +0345;COMBINING GREEK YPOGEGRAMMENI;Mn;240;NSM;;;;;N;GREEK NON-SPACING IOTA BELOW;;0399;;0399 +0346;COMBINING BRIDGE ABOVE;Mn;230;NSM;;;;;N;;;;; +0347;COMBINING EQUALS SIGN BELOW;Mn;220;NSM;;;;;N;;;;; +0348;COMBINING DOUBLE VERTICAL LINE BELOW;Mn;220;NSM;;;;;N;;;;; +0349;COMBINING LEFT ANGLE BELOW;Mn;220;NSM;;;;;N;;;;; +034A;COMBINING NOT TILDE ABOVE;Mn;230;NSM;;;;;N;;;;; +034B;COMBINING HOMOTHETIC ABOVE;Mn;230;NSM;;;;;N;;;;; +034C;COMBINING ALMOST EQUAL TO ABOVE;Mn;230;NSM;;;;;N;;;;; +034D;COMBINING LEFT RIGHT ARROW BELOW;Mn;220;NSM;;;;;N;;;;; +034E;COMBINING UPWARDS ARROW BELOW;Mn;220;NSM;;;;;N;;;;; +034F;COMBINING GRAPHEME JOINER;Mn;0;NSM;;;;;N;;;;; +0360;COMBINING DOUBLE TILDE;Mn;234;NSM;;;;;N;;;;; +0361;COMBINING DOUBLE INVERTED BREVE;Mn;234;NSM;;;;;N;;;;; +0362;COMBINING DOUBLE RIGHTWARDS ARROW BELOW;Mn;233;NSM;;;;;N;;;;; +0363;COMBINING LATIN SMALL LETTER A;Mn;230;NSM;;;;;N;;;;; +0364;COMBINING LATIN SMALL LETTER E;Mn;230;NSM;;;;;N;;;;; +0365;COMBINING LATIN SMALL LETTER I;Mn;230;NSM;;;;;N;;;;; +0366;COMBINING LATIN SMALL LETTER O;Mn;230;NSM;;;;;N;;;;; +0367;COMBINING LATIN SMALL LETTER U;Mn;230;NSM;;;;;N;;;;; +0368;COMBINING LATIN SMALL LETTER C;Mn;230;NSM;;;;;N;;;;; +0369;COMBINING LATIN SMALL LETTER D;Mn;230;NSM;;;;;N;;;;; +036A;COMBINING LATIN SMALL LETTER H;Mn;230;NSM;;;;;N;;;;; +036B;COMBINING LATIN SMALL LETTER M;Mn;230;NSM;;;;;N;;;;; +036C;COMBINING LATIN SMALL LETTER R;Mn;230;NSM;;;;;N;;;;; +036D;COMBINING LATIN SMALL LETTER T;Mn;230;NSM;;;;;N;;;;; +036E;COMBINING LATIN SMALL LETTER V;Mn;230;NSM;;;;;N;;;;; +036F;COMBINING LATIN SMALL LETTER X;Mn;230;NSM;;;;;N;;;;; +0374;GREEK NUMERAL SIGN;Sk;0;ON;02B9;;;;N;GREEK UPPER NUMERAL SIGN;Dexia keraia;;; +0375;GREEK LOWER NUMERAL SIGN;Sk;0;ON;;;;;N;;Aristeri keraia;;; +037A;GREEK YPOGEGRAMMENI;Lm;0;L; 0020 0345;;;;N;GREEK SPACING IOTA BELOW;;;; +037E;GREEK QUESTION MARK;Po;0;ON;003B;;;;N;;Erotimatiko;;; +0384;GREEK TONOS;Sk;0;ON; 0020 0301;;;;N;GREEK SPACING TONOS;;;; +0385;GREEK DIALYTIKA TONOS;Sk;0;ON;00A8 0301;;;;N;GREEK SPACING DIAERESIS TONOS;;;; +0386;GREEK CAPITAL LETTER ALPHA WITH TONOS;Lu;0;L;0391 0301;;;;N;GREEK CAPITAL LETTER ALPHA TONOS;;;03AC; +0387;GREEK ANO TELEIA;Po;0;ON;00B7;;;;N;;;;; +0388;GREEK CAPITAL LETTER EPSILON WITH TONOS;Lu;0;L;0395 0301;;;;N;GREEK CAPITAL LETTER EPSILON TONOS;;;03AD; +0389;GREEK CAPITAL LETTER ETA WITH TONOS;Lu;0;L;0397 0301;;;;N;GREEK CAPITAL LETTER ETA TONOS;;;03AE; +038A;GREEK CAPITAL LETTER IOTA WITH TONOS;Lu;0;L;0399 0301;;;;N;GREEK CAPITAL LETTER IOTA TONOS;;;03AF; +038C;GREEK CAPITAL LETTER OMICRON WITH TONOS;Lu;0;L;039F 0301;;;;N;GREEK CAPITAL LETTER OMICRON TONOS;;;03CC; +038E;GREEK CAPITAL LETTER UPSILON WITH TONOS;Lu;0;L;03A5 0301;;;;N;GREEK CAPITAL LETTER UPSILON TONOS;;;03CD; +038F;GREEK CAPITAL LETTER OMEGA WITH TONOS;Lu;0;L;03A9 0301;;;;N;GREEK CAPITAL LETTER OMEGA TONOS;;;03CE; +0390;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND TONOS;Ll;0;L;03CA 0301;;;;N;GREEK SMALL LETTER IOTA DIAERESIS TONOS;;;; +0391;GREEK CAPITAL LETTER ALPHA;Lu;0;L;;;;;N;;;;03B1; +0392;GREEK CAPITAL LETTER BETA;Lu;0;L;;;;;N;;;;03B2; +0393;GREEK CAPITAL LETTER GAMMA;Lu;0;L;;;;;N;;;;03B3; +0394;GREEK CAPITAL LETTER DELTA;Lu;0;L;;;;;N;;;;03B4; +0395;GREEK CAPITAL LETTER EPSILON;Lu;0;L;;;;;N;;;;03B5; +0396;GREEK CAPITAL LETTER ZETA;Lu;0;L;;;;;N;;;;03B6; +0397;GREEK CAPITAL LETTER ETA;Lu;0;L;;;;;N;;;;03B7; +0398;GREEK CAPITAL LETTER THETA;Lu;0;L;;;;;N;;;;03B8; +0399;GREEK CAPITAL LETTER IOTA;Lu;0;L;;;;;N;;;;03B9; +039A;GREEK CAPITAL LETTER KAPPA;Lu;0;L;;;;;N;;;;03BA; +039B;GREEK CAPITAL LETTER LAMDA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER LAMBDA;;;03BB; +039C;GREEK CAPITAL LETTER MU;Lu;0;L;;;;;N;;;;03BC; +039D;GREEK CAPITAL LETTER NU;Lu;0;L;;;;;N;;;;03BD; +039E;GREEK CAPITAL LETTER XI;Lu;0;L;;;;;N;;;;03BE; +039F;GREEK CAPITAL LETTER OMICRON;Lu;0;L;;;;;N;;;;03BF; +03A0;GREEK CAPITAL LETTER PI;Lu;0;L;;;;;N;;;;03C0; +03A1;GREEK CAPITAL LETTER RHO;Lu;0;L;;;;;N;;;;03C1; +03A3;GREEK CAPITAL LETTER SIGMA;Lu;0;L;;;;;N;;;;03C3; +03A4;GREEK CAPITAL LETTER TAU;Lu;0;L;;;;;N;;;;03C4; +03A5;GREEK CAPITAL LETTER UPSILON;Lu;0;L;;;;;N;;;;03C5; +03A6;GREEK CAPITAL LETTER PHI;Lu;0;L;;;;;N;;;;03C6; +03A7;GREEK CAPITAL LETTER CHI;Lu;0;L;;;;;N;;;;03C7; +03A8;GREEK CAPITAL LETTER PSI;Lu;0;L;;;;;N;;;;03C8; +03A9;GREEK CAPITAL LETTER OMEGA;Lu;0;L;;;;;N;;;;03C9; +03AA;GREEK CAPITAL LETTER IOTA WITH DIALYTIKA;Lu;0;L;0399 0308;;;;N;GREEK CAPITAL LETTER IOTA DIAERESIS;;;03CA; +03AB;GREEK CAPITAL LETTER UPSILON WITH DIALYTIKA;Lu;0;L;03A5 0308;;;;N;GREEK CAPITAL LETTER UPSILON DIAERESIS;;;03CB; +03AC;GREEK SMALL LETTER ALPHA WITH TONOS;Ll;0;L;03B1 0301;;;;N;GREEK SMALL LETTER ALPHA TONOS;;0386;;0386 +03AD;GREEK SMALL LETTER EPSILON WITH TONOS;Ll;0;L;03B5 0301;;;;N;GREEK SMALL LETTER EPSILON TONOS;;0388;;0388 +03AE;GREEK SMALL LETTER ETA WITH TONOS;Ll;0;L;03B7 0301;;;;N;GREEK SMALL LETTER ETA TONOS;;0389;;0389 +03AF;GREEK SMALL LETTER IOTA WITH TONOS;Ll;0;L;03B9 0301;;;;N;GREEK SMALL LETTER IOTA TONOS;;038A;;038A +03B0;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND TONOS;Ll;0;L;03CB 0301;;;;N;GREEK SMALL LETTER UPSILON DIAERESIS TONOS;;;; +03B1;GREEK SMALL LETTER ALPHA;Ll;0;L;;;;;N;;;0391;;0391 +03B2;GREEK SMALL LETTER BETA;Ll;0;L;;;;;N;;;0392;;0392 +03B3;GREEK SMALL LETTER GAMMA;Ll;0;L;;;;;N;;;0393;;0393 +03B4;GREEK SMALL LETTER DELTA;Ll;0;L;;;;;N;;;0394;;0394 +03B5;GREEK SMALL LETTER EPSILON;Ll;0;L;;;;;N;;;0395;;0395 +03B6;GREEK SMALL LETTER ZETA;Ll;0;L;;;;;N;;;0396;;0396 +03B7;GREEK SMALL LETTER ETA;Ll;0;L;;;;;N;;;0397;;0397 +03B8;GREEK SMALL LETTER THETA;Ll;0;L;;;;;N;;;0398;;0398 +03B9;GREEK SMALL LETTER IOTA;Ll;0;L;;;;;N;;;0399;;0399 +03BA;GREEK SMALL LETTER KAPPA;Ll;0;L;;;;;N;;;039A;;039A +03BB;GREEK SMALL LETTER LAMDA;Ll;0;L;;;;;N;GREEK SMALL LETTER LAMBDA;;039B;;039B +03BC;GREEK SMALL LETTER MU;Ll;0;L;;;;;N;;;039C;;039C +03BD;GREEK SMALL LETTER NU;Ll;0;L;;;;;N;;;039D;;039D +03BE;GREEK SMALL LETTER XI;Ll;0;L;;;;;N;;;039E;;039E +03BF;GREEK SMALL LETTER OMICRON;Ll;0;L;;;;;N;;;039F;;039F +03C0;GREEK SMALL LETTER PI;Ll;0;L;;;;;N;;;03A0;;03A0 +03C1;GREEK SMALL LETTER RHO;Ll;0;L;;;;;N;;;03A1;;03A1 +03C2;GREEK SMALL LETTER FINAL SIGMA;Ll;0;L;;;;;N;;;03A3;;03A3 +03C3;GREEK SMALL LETTER SIGMA;Ll;0;L;;;;;N;;;03A3;;03A3 +03C4;GREEK SMALL LETTER TAU;Ll;0;L;;;;;N;;;03A4;;03A4 +03C5;GREEK SMALL LETTER UPSILON;Ll;0;L;;;;;N;;;03A5;;03A5 +03C6;GREEK SMALL LETTER PHI;Ll;0;L;;;;;N;;;03A6;;03A6 +03C7;GREEK SMALL LETTER CHI;Ll;0;L;;;;;N;;;03A7;;03A7 +03C8;GREEK SMALL LETTER PSI;Ll;0;L;;;;;N;;;03A8;;03A8 +03C9;GREEK SMALL LETTER OMEGA;Ll;0;L;;;;;N;;;03A9;;03A9 +03CA;GREEK SMALL LETTER IOTA WITH DIALYTIKA;Ll;0;L;03B9 0308;;;;N;GREEK SMALL LETTER IOTA DIAERESIS;;03AA;;03AA +03CB;GREEK SMALL LETTER UPSILON WITH DIALYTIKA;Ll;0;L;03C5 0308;;;;N;GREEK SMALL LETTER UPSILON DIAERESIS;;03AB;;03AB +03CC;GREEK SMALL LETTER OMICRON WITH TONOS;Ll;0;L;03BF 0301;;;;N;GREEK SMALL LETTER OMICRON TONOS;;038C;;038C +03CD;GREEK SMALL LETTER UPSILON WITH TONOS;Ll;0;L;03C5 0301;;;;N;GREEK SMALL LETTER UPSILON TONOS;;038E;;038E +03CE;GREEK SMALL LETTER OMEGA WITH TONOS;Ll;0;L;03C9 0301;;;;N;GREEK SMALL LETTER OMEGA TONOS;;038F;;038F +03D0;GREEK BETA SYMBOL;Ll;0;L; 03B2;;;;N;GREEK SMALL LETTER CURLED BETA;;0392;;0392 +03D1;GREEK THETA SYMBOL;Ll;0;L; 03B8;;;;N;GREEK SMALL LETTER SCRIPT THETA;;0398;;0398 +03D2;GREEK UPSILON WITH HOOK SYMBOL;Lu;0;L; 03A5;;;;N;GREEK CAPITAL LETTER UPSILON HOOK;;;; +03D3;GREEK UPSILON WITH ACUTE AND HOOK SYMBOL;Lu;0;L;03D2 0301;;;;N;GREEK CAPITAL LETTER UPSILON HOOK TONOS;;;; +03D4;GREEK UPSILON WITH DIAERESIS AND HOOK SYMBOL;Lu;0;L;03D2 0308;;;;N;GREEK CAPITAL LETTER UPSILON HOOK DIAERESIS;;;; +03D5;GREEK PHI SYMBOL;Ll;0;L; 03C6;;;;N;GREEK SMALL LETTER SCRIPT PHI;;03A6;;03A6 +03D6;GREEK PI SYMBOL;Ll;0;L; 03C0;;;;N;GREEK SMALL LETTER OMEGA PI;;03A0;;03A0 +03D7;GREEK KAI SYMBOL;Ll;0;L;;;;;N;;;;; +03D8;GREEK LETTER ARCHAIC KOPPA;Lu;0;L;;;;;N;;*;;03D9; +03D9;GREEK SMALL LETTER ARCHAIC KOPPA;Ll;0;L;;;;;N;;*;03D8;;03D8 +03DA;GREEK LETTER STIGMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER STIGMA;;;03DB; +03DB;GREEK SMALL LETTER STIGMA;Ll;0;L;;;;;N;;;03DA;;03DA +03DC;GREEK LETTER DIGAMMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER DIGAMMA;;;03DD; +03DD;GREEK SMALL LETTER DIGAMMA;Ll;0;L;;;;;N;;;03DC;;03DC +03DE;GREEK LETTER KOPPA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER KOPPA;;;03DF; +03DF;GREEK SMALL LETTER KOPPA;Ll;0;L;;;;;N;;;03DE;;03DE +03E0;GREEK LETTER SAMPI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SAMPI;;;03E1; +03E1;GREEK SMALL LETTER SAMPI;Ll;0;L;;;;;N;;;03E0;;03E0 +03E2;COPTIC CAPITAL LETTER SHEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SHEI;;;03E3; +03E3;COPTIC SMALL LETTER SHEI;Ll;0;L;;;;;N;GREEK SMALL LETTER SHEI;;03E2;;03E2 +03E4;COPTIC CAPITAL LETTER FEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER FEI;;;03E5; +03E5;COPTIC SMALL LETTER FEI;Ll;0;L;;;;;N;GREEK SMALL LETTER FEI;;03E4;;03E4 +03E6;COPTIC CAPITAL LETTER KHEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER KHEI;;;03E7; +03E7;COPTIC SMALL LETTER KHEI;Ll;0;L;;;;;N;GREEK SMALL LETTER KHEI;;03E6;;03E6 +03E8;COPTIC CAPITAL LETTER HORI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER HORI;;;03E9; +03E9;COPTIC SMALL LETTER HORI;Ll;0;L;;;;;N;GREEK SMALL LETTER HORI;;03E8;;03E8 +03EA;COPTIC CAPITAL LETTER GANGIA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER GANGIA;;;03EB; +03EB;COPTIC SMALL LETTER GANGIA;Ll;0;L;;;;;N;GREEK SMALL LETTER GANGIA;;03EA;;03EA +03EC;COPTIC CAPITAL LETTER SHIMA;Lu;0;L;;;;;N;GREEK CAPITAL LETTER SHIMA;;;03ED; +03ED;COPTIC SMALL LETTER SHIMA;Ll;0;L;;;;;N;GREEK SMALL LETTER SHIMA;;03EC;;03EC +03EE;COPTIC CAPITAL LETTER DEI;Lu;0;L;;;;;N;GREEK CAPITAL LETTER DEI;;;03EF; +03EF;COPTIC SMALL LETTER DEI;Ll;0;L;;;;;N;GREEK SMALL LETTER DEI;;03EE;;03EE +03F0;GREEK KAPPA SYMBOL;Ll;0;L; 03BA;;;;N;GREEK SMALL LETTER SCRIPT KAPPA;;039A;;039A +03F1;GREEK RHO SYMBOL;Ll;0;L; 03C1;;;;N;GREEK SMALL LETTER TAILED RHO;;03A1;;03A1 +03F2;GREEK LUNATE SIGMA SYMBOL;Ll;0;L; 03C2;;;;N;GREEK SMALL LETTER LUNATE SIGMA;;03A3;;03A3 +03F3;GREEK LETTER YOT;Ll;0;L;;;;;N;;;;; +03F4;GREEK CAPITAL THETA SYMBOL;Lu;0;L; 0398;;;;N;;;;03B8; +03F5;GREEK LUNATE EPSILON SYMBOL;Ll;0;L; 03B5;;;;N;;;0395;;0395 +03F6;GREEK REVERSED LUNATE EPSILON SYMBOL;Sm;0;ON;;;;;N;;;;; +0400;CYRILLIC CAPITAL LETTER IE WITH GRAVE;Lu;0;L;0415 0300;;;;N;;;;0450; +0401;CYRILLIC CAPITAL LETTER IO;Lu;0;L;0415 0308;;;;N;;;;0451; +0402;CYRILLIC CAPITAL LETTER DJE;Lu;0;L;;;;;N;;Serbocroatian;;0452; +0403;CYRILLIC CAPITAL LETTER GJE;Lu;0;L;0413 0301;;;;N;;;;0453; +0404;CYRILLIC CAPITAL LETTER UKRAINIAN IE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER E;;;0454; +0405;CYRILLIC CAPITAL LETTER DZE;Lu;0;L;;;;;N;;;;0455; +0406;CYRILLIC CAPITAL LETTER BYELORUSSIAN-UKRAINIAN I;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER I;;;0456; +0407;CYRILLIC CAPITAL LETTER YI;Lu;0;L;0406 0308;;;;N;;Ukrainian;;0457; +0408;CYRILLIC CAPITAL LETTER JE;Lu;0;L;;;;;N;;;;0458; +0409;CYRILLIC CAPITAL LETTER LJE;Lu;0;L;;;;;N;;;;0459; +040A;CYRILLIC CAPITAL LETTER NJE;Lu;0;L;;;;;N;;;;045A; +040B;CYRILLIC CAPITAL LETTER TSHE;Lu;0;L;;;;;N;;Serbocroatian;;045B; +040C;CYRILLIC CAPITAL LETTER KJE;Lu;0;L;041A 0301;;;;N;;;;045C; +040D;CYRILLIC CAPITAL LETTER I WITH GRAVE;Lu;0;L;0418 0300;;;;N;;;;045D; +040E;CYRILLIC CAPITAL LETTER SHORT U;Lu;0;L;0423 0306;;;;N;;Byelorussian;;045E; +040F;CYRILLIC CAPITAL LETTER DZHE;Lu;0;L;;;;;N;;;;045F; +0410;CYRILLIC CAPITAL LETTER A;Lu;0;L;;;;;N;;;;0430; +0411;CYRILLIC CAPITAL LETTER BE;Lu;0;L;;;;;N;;;;0431; +0412;CYRILLIC CAPITAL LETTER VE;Lu;0;L;;;;;N;;;;0432; +0413;CYRILLIC CAPITAL LETTER GHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE;;;0433; +0414;CYRILLIC CAPITAL LETTER DE;Lu;0;L;;;;;N;;;;0434; +0415;CYRILLIC CAPITAL LETTER IE;Lu;0;L;;;;;N;;;;0435; +0416;CYRILLIC CAPITAL LETTER ZHE;Lu;0;L;;;;;N;;;;0436; +0417;CYRILLIC CAPITAL LETTER ZE;Lu;0;L;;;;;N;;;;0437; +0418;CYRILLIC CAPITAL LETTER I;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER II;;;0438; +0419;CYRILLIC CAPITAL LETTER SHORT I;Lu;0;L;0418 0306;;;;N;CYRILLIC CAPITAL LETTER SHORT II;;;0439; +041A;CYRILLIC CAPITAL LETTER KA;Lu;0;L;;;;;N;;;;043A; +041B;CYRILLIC CAPITAL LETTER EL;Lu;0;L;;;;;N;;;;043B; +041C;CYRILLIC CAPITAL LETTER EM;Lu;0;L;;;;;N;;;;043C; +041D;CYRILLIC CAPITAL LETTER EN;Lu;0;L;;;;;N;;;;043D; +041E;CYRILLIC CAPITAL LETTER O;Lu;0;L;;;;;N;;;;043E; +041F;CYRILLIC CAPITAL LETTER PE;Lu;0;L;;;;;N;;;;043F; +0420;CYRILLIC CAPITAL LETTER ER;Lu;0;L;;;;;N;;;;0440; +0421;CYRILLIC CAPITAL LETTER ES;Lu;0;L;;;;;N;;;;0441; +0422;CYRILLIC CAPITAL LETTER TE;Lu;0;L;;;;;N;;;;0442; +0423;CYRILLIC CAPITAL LETTER U;Lu;0;L;;;;;N;;;;0443; +0424;CYRILLIC CAPITAL LETTER EF;Lu;0;L;;;;;N;;;;0444; +0425;CYRILLIC CAPITAL LETTER HA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KHA;;;0445; +0426;CYRILLIC CAPITAL LETTER TSE;Lu;0;L;;;;;N;;;;0446; +0427;CYRILLIC CAPITAL LETTER CHE;Lu;0;L;;;;;N;;;;0447; +0428;CYRILLIC CAPITAL LETTER SHA;Lu;0;L;;;;;N;;;;0448; +0429;CYRILLIC CAPITAL LETTER SHCHA;Lu;0;L;;;;;N;;;;0449; +042A;CYRILLIC CAPITAL LETTER HARD SIGN;Lu;0;L;;;;;N;;;;044A; +042B;CYRILLIC CAPITAL LETTER YERU;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER YERI;;;044B; +042C;CYRILLIC CAPITAL LETTER SOFT SIGN;Lu;0;L;;;;;N;;;;044C; +042D;CYRILLIC CAPITAL LETTER E;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER REVERSED E;;;044D; +042E;CYRILLIC CAPITAL LETTER YU;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IU;;;044E; +042F;CYRILLIC CAPITAL LETTER YA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IA;;;044F; +0430;CYRILLIC SMALL LETTER A;Ll;0;L;;;;;N;;;0410;;0410 +0431;CYRILLIC SMALL LETTER BE;Ll;0;L;;;;;N;;;0411;;0411 +0432;CYRILLIC SMALL LETTER VE;Ll;0;L;;;;;N;;;0412;;0412 +0433;CYRILLIC SMALL LETTER GHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE;;0413;;0413 +0434;CYRILLIC SMALL LETTER DE;Ll;0;L;;;;;N;;;0414;;0414 +0435;CYRILLIC SMALL LETTER IE;Ll;0;L;;;;;N;;;0415;;0415 +0436;CYRILLIC SMALL LETTER ZHE;Ll;0;L;;;;;N;;;0416;;0416 +0437;CYRILLIC SMALL LETTER ZE;Ll;0;L;;;;;N;;;0417;;0417 +0438;CYRILLIC SMALL LETTER I;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER II;;0418;;0418 +0439;CYRILLIC SMALL LETTER SHORT I;Ll;0;L;0438 0306;;;;N;CYRILLIC SMALL LETTER SHORT II;;0419;;0419 +043A;CYRILLIC SMALL LETTER KA;Ll;0;L;;;;;N;;;041A;;041A +043B;CYRILLIC SMALL LETTER EL;Ll;0;L;;;;;N;;;041B;;041B +043C;CYRILLIC SMALL LETTER EM;Ll;0;L;;;;;N;;;041C;;041C +043D;CYRILLIC SMALL LETTER EN;Ll;0;L;;;;;N;;;041D;;041D +043E;CYRILLIC SMALL LETTER O;Ll;0;L;;;;;N;;;041E;;041E +043F;CYRILLIC SMALL LETTER PE;Ll;0;L;;;;;N;;;041F;;041F +0440;CYRILLIC SMALL LETTER ER;Ll;0;L;;;;;N;;;0420;;0420 +0441;CYRILLIC SMALL LETTER ES;Ll;0;L;;;;;N;;;0421;;0421 +0442;CYRILLIC SMALL LETTER TE;Ll;0;L;;;;;N;;;0422;;0422 +0443;CYRILLIC SMALL LETTER U;Ll;0;L;;;;;N;;;0423;;0423 +0444;CYRILLIC SMALL LETTER EF;Ll;0;L;;;;;N;;;0424;;0424 +0445;CYRILLIC SMALL LETTER HA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KHA;;0425;;0425 +0446;CYRILLIC SMALL LETTER TSE;Ll;0;L;;;;;N;;;0426;;0426 +0447;CYRILLIC SMALL LETTER CHE;Ll;0;L;;;;;N;;;0427;;0427 +0448;CYRILLIC SMALL LETTER SHA;Ll;0;L;;;;;N;;;0428;;0428 +0449;CYRILLIC SMALL LETTER SHCHA;Ll;0;L;;;;;N;;;0429;;0429 +044A;CYRILLIC SMALL LETTER HARD SIGN;Ll;0;L;;;;;N;;;042A;;042A +044B;CYRILLIC SMALL LETTER YERU;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER YERI;;042B;;042B +044C;CYRILLIC SMALL LETTER SOFT SIGN;Ll;0;L;;;;;N;;;042C;;042C +044D;CYRILLIC SMALL LETTER E;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER REVERSED E;;042D;;042D +044E;CYRILLIC SMALL LETTER YU;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IU;;042E;;042E +044F;CYRILLIC SMALL LETTER YA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IA;;042F;;042F +0450;CYRILLIC SMALL LETTER IE WITH GRAVE;Ll;0;L;0435 0300;;;;N;;;0400;;0400 +0451;CYRILLIC SMALL LETTER IO;Ll;0;L;0435 0308;;;;N;;;0401;;0401 +0452;CYRILLIC SMALL LETTER DJE;Ll;0;L;;;;;N;;Serbocroatian;0402;;0402 +0453;CYRILLIC SMALL LETTER GJE;Ll;0;L;0433 0301;;;;N;;;0403;;0403 +0454;CYRILLIC SMALL LETTER UKRAINIAN IE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER E;;0404;;0404 +0455;CYRILLIC SMALL LETTER DZE;Ll;0;L;;;;;N;;;0405;;0405 +0456;CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER I;;0406;;0406 +0457;CYRILLIC SMALL LETTER YI;Ll;0;L;0456 0308;;;;N;;Ukrainian;0407;;0407 +0458;CYRILLIC SMALL LETTER JE;Ll;0;L;;;;;N;;;0408;;0408 +0459;CYRILLIC SMALL LETTER LJE;Ll;0;L;;;;;N;;;0409;;0409 +045A;CYRILLIC SMALL LETTER NJE;Ll;0;L;;;;;N;;;040A;;040A +045B;CYRILLIC SMALL LETTER TSHE;Ll;0;L;;;;;N;;Serbocroatian;040B;;040B +045C;CYRILLIC SMALL LETTER KJE;Ll;0;L;043A 0301;;;;N;;;040C;;040C +045D;CYRILLIC SMALL LETTER I WITH GRAVE;Ll;0;L;0438 0300;;;;N;;;040D;;040D +045E;CYRILLIC SMALL LETTER SHORT U;Ll;0;L;0443 0306;;;;N;;Byelorussian;040E;;040E +045F;CYRILLIC SMALL LETTER DZHE;Ll;0;L;;;;;N;;;040F;;040F +0460;CYRILLIC CAPITAL LETTER OMEGA;Lu;0;L;;;;;N;;;;0461; +0461;CYRILLIC SMALL LETTER OMEGA;Ll;0;L;;;;;N;;;0460;;0460 +0462;CYRILLIC CAPITAL LETTER YAT;Lu;0;L;;;;;N;;;;0463; +0463;CYRILLIC SMALL LETTER YAT;Ll;0;L;;;;;N;;;0462;;0462 +0464;CYRILLIC CAPITAL LETTER IOTIFIED E;Lu;0;L;;;;;N;;;;0465; +0465;CYRILLIC SMALL LETTER IOTIFIED E;Ll;0;L;;;;;N;;;0464;;0464 +0466;CYRILLIC CAPITAL LETTER LITTLE YUS;Lu;0;L;;;;;N;;;;0467; +0467;CYRILLIC SMALL LETTER LITTLE YUS;Ll;0;L;;;;;N;;;0466;;0466 +0468;CYRILLIC CAPITAL LETTER IOTIFIED LITTLE YUS;Lu;0;L;;;;;N;;;;0469; +0469;CYRILLIC SMALL LETTER IOTIFIED LITTLE YUS;Ll;0;L;;;;;N;;;0468;;0468 +046A;CYRILLIC CAPITAL LETTER BIG YUS;Lu;0;L;;;;;N;;;;046B; +046B;CYRILLIC SMALL LETTER BIG YUS;Ll;0;L;;;;;N;;;046A;;046A +046C;CYRILLIC CAPITAL LETTER IOTIFIED BIG YUS;Lu;0;L;;;;;N;;;;046D; +046D;CYRILLIC SMALL LETTER IOTIFIED BIG YUS;Ll;0;L;;;;;N;;;046C;;046C +046E;CYRILLIC CAPITAL LETTER KSI;Lu;0;L;;;;;N;;;;046F; +046F;CYRILLIC SMALL LETTER KSI;Ll;0;L;;;;;N;;;046E;;046E +0470;CYRILLIC CAPITAL LETTER PSI;Lu;0;L;;;;;N;;;;0471; +0471;CYRILLIC SMALL LETTER PSI;Ll;0;L;;;;;N;;;0470;;0470 +0472;CYRILLIC CAPITAL LETTER FITA;Lu;0;L;;;;;N;;;;0473; +0473;CYRILLIC SMALL LETTER FITA;Ll;0;L;;;;;N;;;0472;;0472 +0474;CYRILLIC CAPITAL LETTER IZHITSA;Lu;0;L;;;;;N;;;;0475; +0475;CYRILLIC SMALL LETTER IZHITSA;Ll;0;L;;;;;N;;;0474;;0474 +0476;CYRILLIC CAPITAL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT;Lu;0;L;0474 030F;;;;N;CYRILLIC CAPITAL LETTER IZHITSA DOUBLE GRAVE;;;0477; +0477;CYRILLIC SMALL LETTER IZHITSA WITH DOUBLE GRAVE ACCENT;Ll;0;L;0475 030F;;;;N;CYRILLIC SMALL LETTER IZHITSA DOUBLE GRAVE;;0476;;0476 +0478;CYRILLIC CAPITAL LETTER UK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER UK DIGRAPH;;;0479; +0479;CYRILLIC SMALL LETTER UK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER UK DIGRAPH;;0478;;0478 +047A;CYRILLIC CAPITAL LETTER ROUND OMEGA;Lu;0;L;;;;;N;;;;047B; +047B;CYRILLIC SMALL LETTER ROUND OMEGA;Ll;0;L;;;;;N;;;047A;;047A +047C;CYRILLIC CAPITAL LETTER OMEGA WITH TITLO;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER OMEGA TITLO;;;047D; +047D;CYRILLIC SMALL LETTER OMEGA WITH TITLO;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER OMEGA TITLO;;047C;;047C +047E;CYRILLIC CAPITAL LETTER OT;Lu;0;L;;;;;N;;;;047F; +047F;CYRILLIC SMALL LETTER OT;Ll;0;L;;;;;N;;;047E;;047E +0480;CYRILLIC CAPITAL LETTER KOPPA;Lu;0;L;;;;;N;;;;0481; +0481;CYRILLIC SMALL LETTER KOPPA;Ll;0;L;;;;;N;;;0480;;0480 +0482;CYRILLIC THOUSANDS SIGN;So;0;L;;;;;N;;;;; +0483;COMBINING CYRILLIC TITLO;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING TITLO;;;; +0484;COMBINING CYRILLIC PALATALIZATION;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING PALATALIZATION;;;; +0485;COMBINING CYRILLIC DASIA PNEUMATA;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING DASIA PNEUMATA;;;; +0486;COMBINING CYRILLIC PSILI PNEUMATA;Mn;230;NSM;;;;;N;CYRILLIC NON-SPACING PSILI PNEUMATA;;;; +0488;COMBINING CYRILLIC HUNDRED THOUSANDS SIGN;Me;0;NSM;;;;;N;;;;; +0489;COMBINING CYRILLIC MILLIONS SIGN;Me;0;NSM;;;;;N;;;;; +048A;CYRILLIC CAPITAL LETTER SHORT I WITH TAIL;Lu;0;L;;;;;N;;;;048B; +048B;CYRILLIC SMALL LETTER SHORT I WITH TAIL;Ll;0;L;;;;;N;;;048A;;048A +048C;CYRILLIC CAPITAL LETTER SEMISOFT SIGN;Lu;0;L;;;;;N;;;;048D; +048D;CYRILLIC SMALL LETTER SEMISOFT SIGN;Ll;0;L;;;;;N;;;048C;;048C +048E;CYRILLIC CAPITAL LETTER ER WITH TICK;Lu;0;L;;;;;N;;;;048F; +048F;CYRILLIC SMALL LETTER ER WITH TICK;Ll;0;L;;;;;N;;;048E;;048E +0490;CYRILLIC CAPITAL LETTER GHE WITH UPTURN;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE WITH UPTURN;;;0491; +0491;CYRILLIC SMALL LETTER GHE WITH UPTURN;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE WITH UPTURN;;0490;;0490 +0492;CYRILLIC CAPITAL LETTER GHE WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE BAR;;;0493; +0493;CYRILLIC SMALL LETTER GHE WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE BAR;;0492;;0492 +0494;CYRILLIC CAPITAL LETTER GHE WITH MIDDLE HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER GE HOOK;;;0495; +0495;CYRILLIC SMALL LETTER GHE WITH MIDDLE HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER GE HOOK;;0494;;0494 +0496;CYRILLIC CAPITAL LETTER ZHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ZHE WITH RIGHT DESCENDER;;;0497; +0497;CYRILLIC SMALL LETTER ZHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ZHE WITH RIGHT DESCENDER;;0496;;0496 +0498;CYRILLIC CAPITAL LETTER ZE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ZE CEDILLA;;;0499; +0499;CYRILLIC SMALL LETTER ZE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ZE CEDILLA;;0498;;0498 +049A;CYRILLIC CAPITAL LETTER KA WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA WITH RIGHT DESCENDER;;;049B; +049B;CYRILLIC SMALL LETTER KA WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA WITH RIGHT DESCENDER;;049A;;049A +049C;CYRILLIC CAPITAL LETTER KA WITH VERTICAL STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA VERTICAL BAR;;;049D; +049D;CYRILLIC SMALL LETTER KA WITH VERTICAL STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA VERTICAL BAR;;049C;;049C +049E;CYRILLIC CAPITAL LETTER KA WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA BAR;;;049F; +049F;CYRILLIC SMALL LETTER KA WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA BAR;;049E;;049E +04A0;CYRILLIC CAPITAL LETTER BASHKIR KA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER REVERSED GE KA;;;04A1; +04A1;CYRILLIC SMALL LETTER BASHKIR KA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER REVERSED GE KA;;04A0;;04A0 +04A2;CYRILLIC CAPITAL LETTER EN WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN WITH RIGHT DESCENDER;;;04A3; +04A3;CYRILLIC SMALL LETTER EN WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN WITH RIGHT DESCENDER;;04A2;;04A2 +04A4;CYRILLIC CAPITAL LIGATURE EN GHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN GE;;;04A5; +04A5;CYRILLIC SMALL LIGATURE EN GHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN GE;;04A4;;04A4 +04A6;CYRILLIC CAPITAL LETTER PE WITH MIDDLE HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER PE HOOK;Abkhasian;;04A7; +04A7;CYRILLIC SMALL LETTER PE WITH MIDDLE HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER PE HOOK;Abkhasian;04A6;;04A6 +04A8;CYRILLIC CAPITAL LETTER ABKHASIAN HA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER O HOOK;;;04A9; +04A9;CYRILLIC SMALL LETTER ABKHASIAN HA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER O HOOK;;04A8;;04A8 +04AA;CYRILLIC CAPITAL LETTER ES WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER ES CEDILLA;;;04AB; +04AB;CYRILLIC SMALL LETTER ES WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER ES CEDILLA;;04AA;;04AA +04AC;CYRILLIC CAPITAL LETTER TE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER TE WITH RIGHT DESCENDER;;;04AD; +04AD;CYRILLIC SMALL LETTER TE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER TE WITH RIGHT DESCENDER;;04AC;;04AC +04AE;CYRILLIC CAPITAL LETTER STRAIGHT U;Lu;0;L;;;;;N;;;;04AF; +04AF;CYRILLIC SMALL LETTER STRAIGHT U;Ll;0;L;;;;;N;;;04AE;;04AE +04B0;CYRILLIC CAPITAL LETTER STRAIGHT U WITH STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER STRAIGHT U BAR;;;04B1; +04B1;CYRILLIC SMALL LETTER STRAIGHT U WITH STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER STRAIGHT U BAR;;04B0;;04B0 +04B2;CYRILLIC CAPITAL LETTER HA WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KHA WITH RIGHT DESCENDER;;;04B3; +04B3;CYRILLIC SMALL LETTER HA WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KHA WITH RIGHT DESCENDER;;04B2;;04B2 +04B4;CYRILLIC CAPITAL LIGATURE TE TSE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER TE TSE;Abkhasian;;04B5; +04B5;CYRILLIC SMALL LIGATURE TE TSE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER TE TSE;Abkhasian;04B4;;04B4 +04B6;CYRILLIC CAPITAL LETTER CHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE WITH RIGHT DESCENDER;;;04B7; +04B7;CYRILLIC SMALL LETTER CHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE WITH RIGHT DESCENDER;;04B6;;04B6 +04B8;CYRILLIC CAPITAL LETTER CHE WITH VERTICAL STROKE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE VERTICAL BAR;;;04B9; +04B9;CYRILLIC SMALL LETTER CHE WITH VERTICAL STROKE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE VERTICAL BAR;;04B8;;04B8 +04BA;CYRILLIC CAPITAL LETTER SHHA;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER H;;;04BB; +04BB;CYRILLIC SMALL LETTER SHHA;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER H;;04BA;;04BA +04BC;CYRILLIC CAPITAL LETTER ABKHASIAN CHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IE HOOK;;;04BD; +04BD;CYRILLIC SMALL LETTER ABKHASIAN CHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IE HOOK;;04BC;;04BC +04BE;CYRILLIC CAPITAL LETTER ABKHASIAN CHE WITH DESCENDER;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER IE HOOK OGONEK;;;04BF; +04BF;CYRILLIC SMALL LETTER ABKHASIAN CHE WITH DESCENDER;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER IE HOOK OGONEK;;04BE;;04BE +04C0;CYRILLIC LETTER PALOCHKA;Lu;0;L;;;;;N;CYRILLIC LETTER I;;;; +04C1;CYRILLIC CAPITAL LETTER ZHE WITH BREVE;Lu;0;L;0416 0306;;;;N;CYRILLIC CAPITAL LETTER SHORT ZHE;;;04C2; +04C2;CYRILLIC SMALL LETTER ZHE WITH BREVE;Ll;0;L;0436 0306;;;;N;CYRILLIC SMALL LETTER SHORT ZHE;;04C1;;04C1 +04C3;CYRILLIC CAPITAL LETTER KA WITH HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER KA HOOK;;;04C4; +04C4;CYRILLIC SMALL LETTER KA WITH HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER KA HOOK;;04C3;;04C3 +04C5;CYRILLIC CAPITAL LETTER EL WITH TAIL;Lu;0;L;;;;;N;;;;04C6; +04C6;CYRILLIC SMALL LETTER EL WITH TAIL;Ll;0;L;;;;;N;;;04C5;;04C5 +04C7;CYRILLIC CAPITAL LETTER EN WITH HOOK;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER EN HOOK;;;04C8; +04C8;CYRILLIC SMALL LETTER EN WITH HOOK;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER EN HOOK;;04C7;;04C7 +04C9;CYRILLIC CAPITAL LETTER EN WITH TAIL;Lu;0;L;;;;;N;;;;04CA; +04CA;CYRILLIC SMALL LETTER EN WITH TAIL;Ll;0;L;;;;;N;;;04C9;;04C9 +04CB;CYRILLIC CAPITAL LETTER KHAKASSIAN CHE;Lu;0;L;;;;;N;CYRILLIC CAPITAL LETTER CHE WITH LEFT DESCENDER;;;04CC; +04CC;CYRILLIC SMALL LETTER KHAKASSIAN CHE;Ll;0;L;;;;;N;CYRILLIC SMALL LETTER CHE WITH LEFT DESCENDER;;04CB;;04CB +04CD;CYRILLIC CAPITAL LETTER EM WITH TAIL;Lu;0;L;;;;;N;;;;04CE; +04CE;CYRILLIC SMALL LETTER EM WITH TAIL;Ll;0;L;;;;;N;;;04CD;;04CD +04D0;CYRILLIC CAPITAL LETTER A WITH BREVE;Lu;0;L;0410 0306;;;;N;;;;04D1; +04D1;CYRILLIC SMALL LETTER A WITH BREVE;Ll;0;L;0430 0306;;;;N;;;04D0;;04D0 +04D2;CYRILLIC CAPITAL LETTER A WITH DIAERESIS;Lu;0;L;0410 0308;;;;N;;;;04D3; +04D3;CYRILLIC SMALL LETTER A WITH DIAERESIS;Ll;0;L;0430 0308;;;;N;;;04D2;;04D2 +04D4;CYRILLIC CAPITAL LIGATURE A IE;Lu;0;L;;;;;N;;;;04D5; +04D5;CYRILLIC SMALL LIGATURE A IE;Ll;0;L;;;;;N;;;04D4;;04D4 +04D6;CYRILLIC CAPITAL LETTER IE WITH BREVE;Lu;0;L;0415 0306;;;;N;;;;04D7; +04D7;CYRILLIC SMALL LETTER IE WITH BREVE;Ll;0;L;0435 0306;;;;N;;;04D6;;04D6 +04D8;CYRILLIC CAPITAL LETTER SCHWA;Lu;0;L;;;;;N;;;;04D9; +04D9;CYRILLIC SMALL LETTER SCHWA;Ll;0;L;;;;;N;;;04D8;;04D8 +04DA;CYRILLIC CAPITAL LETTER SCHWA WITH DIAERESIS;Lu;0;L;04D8 0308;;;;N;;;;04DB; +04DB;CYRILLIC SMALL LETTER SCHWA WITH DIAERESIS;Ll;0;L;04D9 0308;;;;N;;;04DA;;04DA +04DC;CYRILLIC CAPITAL LETTER ZHE WITH DIAERESIS;Lu;0;L;0416 0308;;;;N;;;;04DD; +04DD;CYRILLIC SMALL LETTER ZHE WITH DIAERESIS;Ll;0;L;0436 0308;;;;N;;;04DC;;04DC +04DE;CYRILLIC CAPITAL LETTER ZE WITH DIAERESIS;Lu;0;L;0417 0308;;;;N;;;;04DF; +04DF;CYRILLIC SMALL LETTER ZE WITH DIAERESIS;Ll;0;L;0437 0308;;;;N;;;04DE;;04DE +04E0;CYRILLIC CAPITAL LETTER ABKHASIAN DZE;Lu;0;L;;;;;N;;;;04E1; +04E1;CYRILLIC SMALL LETTER ABKHASIAN DZE;Ll;0;L;;;;;N;;;04E0;;04E0 +04E2;CYRILLIC CAPITAL LETTER I WITH MACRON;Lu;0;L;0418 0304;;;;N;;;;04E3; +04E3;CYRILLIC SMALL LETTER I WITH MACRON;Ll;0;L;0438 0304;;;;N;;;04E2;;04E2 +04E4;CYRILLIC CAPITAL LETTER I WITH DIAERESIS;Lu;0;L;0418 0308;;;;N;;;;04E5; +04E5;CYRILLIC SMALL LETTER I WITH DIAERESIS;Ll;0;L;0438 0308;;;;N;;;04E4;;04E4 +04E6;CYRILLIC CAPITAL LETTER O WITH DIAERESIS;Lu;0;L;041E 0308;;;;N;;;;04E7; +04E7;CYRILLIC SMALL LETTER O WITH DIAERESIS;Ll;0;L;043E 0308;;;;N;;;04E6;;04E6 +04E8;CYRILLIC CAPITAL LETTER BARRED O;Lu;0;L;;;;;N;;;;04E9; +04E9;CYRILLIC SMALL LETTER BARRED O;Ll;0;L;;;;;N;;;04E8;;04E8 +04EA;CYRILLIC CAPITAL LETTER BARRED O WITH DIAERESIS;Lu;0;L;04E8 0308;;;;N;;;;04EB; +04EB;CYRILLIC SMALL LETTER BARRED O WITH DIAERESIS;Ll;0;L;04E9 0308;;;;N;;;04EA;;04EA +04EC;CYRILLIC CAPITAL LETTER E WITH DIAERESIS;Lu;0;L;042D 0308;;;;N;;;;04ED; +04ED;CYRILLIC SMALL LETTER E WITH DIAERESIS;Ll;0;L;044D 0308;;;;N;;;04EC;;04EC +04EE;CYRILLIC CAPITAL LETTER U WITH MACRON;Lu;0;L;0423 0304;;;;N;;;;04EF; +04EF;CYRILLIC SMALL LETTER U WITH MACRON;Ll;0;L;0443 0304;;;;N;;;04EE;;04EE +04F0;CYRILLIC CAPITAL LETTER U WITH DIAERESIS;Lu;0;L;0423 0308;;;;N;;;;04F1; +04F1;CYRILLIC SMALL LETTER U WITH DIAERESIS;Ll;0;L;0443 0308;;;;N;;;04F0;;04F0 +04F2;CYRILLIC CAPITAL LETTER U WITH DOUBLE ACUTE;Lu;0;L;0423 030B;;;;N;;;;04F3; +04F3;CYRILLIC SMALL LETTER U WITH DOUBLE ACUTE;Ll;0;L;0443 030B;;;;N;;;04F2;;04F2 +04F4;CYRILLIC CAPITAL LETTER CHE WITH DIAERESIS;Lu;0;L;0427 0308;;;;N;;;;04F5; +04F5;CYRILLIC SMALL LETTER CHE WITH DIAERESIS;Ll;0;L;0447 0308;;;;N;;;04F4;;04F4 +04F8;CYRILLIC CAPITAL LETTER YERU WITH DIAERESIS;Lu;0;L;042B 0308;;;;N;;;;04F9; +04F9;CYRILLIC SMALL LETTER YERU WITH DIAERESIS;Ll;0;L;044B 0308;;;;N;;;04F8;;04F8 +0500;CYRILLIC CAPITAL LETTER KOMI DE;Lu;0;L;;;;;N;;;;0501; +0501;CYRILLIC SMALL LETTER KOMI DE;Ll;0;L;;;;;N;;;0500;;0500 +0502;CYRILLIC CAPITAL LETTER KOMI DJE;Lu;0;L;;;;;N;;;;0503; +0503;CYRILLIC SMALL LETTER KOMI DJE;Ll;0;L;;;;;N;;;0502;;0502 +0504;CYRILLIC CAPITAL LETTER KOMI ZJE;Lu;0;L;;;;;N;;;;0505; +0505;CYRILLIC SMALL LETTER KOMI ZJE;Ll;0;L;;;;;N;;;0504;;0504 +0506;CYRILLIC CAPITAL LETTER KOMI DZJE;Lu;0;L;;;;;N;;;;0507; +0507;CYRILLIC SMALL LETTER KOMI DZJE;Ll;0;L;;;;;N;;;0506;;0506 +0508;CYRILLIC CAPITAL LETTER KOMI LJE;Lu;0;L;;;;;N;;;;0509; +0509;CYRILLIC SMALL LETTER KOMI LJE;Ll;0;L;;;;;N;;;0508;;0508 +050A;CYRILLIC CAPITAL LETTER KOMI NJE;Lu;0;L;;;;;N;;;;050B; +050B;CYRILLIC SMALL LETTER KOMI NJE;Ll;0;L;;;;;N;;;050A;;050A +050C;CYRILLIC CAPITAL LETTER KOMI SJE;Lu;0;L;;;;;N;;;;050D; +050D;CYRILLIC SMALL LETTER KOMI SJE;Ll;0;L;;;;;N;;;050C;;050C +050E;CYRILLIC CAPITAL LETTER KOMI TJE;Lu;0;L;;;;;N;;;;050F; +050F;CYRILLIC SMALL LETTER KOMI TJE;Ll;0;L;;;;;N;;;050E;;050E +0531;ARMENIAN CAPITAL LETTER AYB;Lu;0;L;;;;;N;;;;0561; +0532;ARMENIAN CAPITAL LETTER BEN;Lu;0;L;;;;;N;;;;0562; +0533;ARMENIAN CAPITAL LETTER GIM;Lu;0;L;;;;;N;;;;0563; +0534;ARMENIAN CAPITAL LETTER DA;Lu;0;L;;;;;N;;;;0564; +0535;ARMENIAN CAPITAL LETTER ECH;Lu;0;L;;;;;N;;;;0565; +0536;ARMENIAN CAPITAL LETTER ZA;Lu;0;L;;;;;N;;;;0566; +0537;ARMENIAN CAPITAL LETTER EH;Lu;0;L;;;;;N;;;;0567; +0538;ARMENIAN CAPITAL LETTER ET;Lu;0;L;;;;;N;;;;0568; +0539;ARMENIAN CAPITAL LETTER TO;Lu;0;L;;;;;N;;;;0569; +053A;ARMENIAN CAPITAL LETTER ZHE;Lu;0;L;;;;;N;;;;056A; +053B;ARMENIAN CAPITAL LETTER INI;Lu;0;L;;;;;N;;;;056B; +053C;ARMENIAN CAPITAL LETTER LIWN;Lu;0;L;;;;;N;;;;056C; +053D;ARMENIAN CAPITAL LETTER XEH;Lu;0;L;;;;;N;;;;056D; +053E;ARMENIAN CAPITAL LETTER CA;Lu;0;L;;;;;N;;;;056E; +053F;ARMENIAN CAPITAL LETTER KEN;Lu;0;L;;;;;N;;;;056F; +0540;ARMENIAN CAPITAL LETTER HO;Lu;0;L;;;;;N;;;;0570; +0541;ARMENIAN CAPITAL LETTER JA;Lu;0;L;;;;;N;;;;0571; +0542;ARMENIAN CAPITAL LETTER GHAD;Lu;0;L;;;;;N;ARMENIAN CAPITAL LETTER LAD;;;0572; +0543;ARMENIAN CAPITAL LETTER CHEH;Lu;0;L;;;;;N;;;;0573; +0544;ARMENIAN CAPITAL LETTER MEN;Lu;0;L;;;;;N;;;;0574; +0545;ARMENIAN CAPITAL LETTER YI;Lu;0;L;;;;;N;;;;0575; +0546;ARMENIAN CAPITAL LETTER NOW;Lu;0;L;;;;;N;;;;0576; +0547;ARMENIAN CAPITAL LETTER SHA;Lu;0;L;;;;;N;;;;0577; +0548;ARMENIAN CAPITAL LETTER VO;Lu;0;L;;;;;N;;;;0578; +0549;ARMENIAN CAPITAL LETTER CHA;Lu;0;L;;;;;N;;;;0579; +054A;ARMENIAN CAPITAL LETTER PEH;Lu;0;L;;;;;N;;;;057A; +054B;ARMENIAN CAPITAL LETTER JHEH;Lu;0;L;;;;;N;;;;057B; +054C;ARMENIAN CAPITAL LETTER RA;Lu;0;L;;;;;N;;;;057C; +054D;ARMENIAN CAPITAL LETTER SEH;Lu;0;L;;;;;N;;;;057D; +054E;ARMENIAN CAPITAL LETTER VEW;Lu;0;L;;;;;N;;;;057E; +054F;ARMENIAN CAPITAL LETTER TIWN;Lu;0;L;;;;;N;;;;057F; +0550;ARMENIAN CAPITAL LETTER REH;Lu;0;L;;;;;N;;;;0580; +0551;ARMENIAN CAPITAL LETTER CO;Lu;0;L;;;;;N;;;;0581; +0552;ARMENIAN CAPITAL LETTER YIWN;Lu;0;L;;;;;N;;;;0582; +0553;ARMENIAN CAPITAL LETTER PIWR;Lu;0;L;;;;;N;;;;0583; +0554;ARMENIAN CAPITAL LETTER KEH;Lu;0;L;;;;;N;;;;0584; +0555;ARMENIAN CAPITAL LETTER OH;Lu;0;L;;;;;N;;;;0585; +0556;ARMENIAN CAPITAL LETTER FEH;Lu;0;L;;;;;N;;;;0586; +0559;ARMENIAN MODIFIER LETTER LEFT HALF RING;Lm;0;L;;;;;N;;;;; +055A;ARMENIAN APOSTROPHE;Po;0;L;;;;;N;ARMENIAN MODIFIER LETTER RIGHT HALF RING;;;; +055B;ARMENIAN EMPHASIS MARK;Po;0;L;;;;;N;;;;; +055C;ARMENIAN EXCLAMATION MARK;Po;0;L;;;;;N;;;;; +055D;ARMENIAN COMMA;Po;0;L;;;;;N;;;;; +055E;ARMENIAN QUESTION MARK;Po;0;L;;;;;N;;;;; +055F;ARMENIAN ABBREVIATION MARK;Po;0;L;;;;;N;;;;; +0561;ARMENIAN SMALL LETTER AYB;Ll;0;L;;;;;N;;;0531;;0531 +0562;ARMENIAN SMALL LETTER BEN;Ll;0;L;;;;;N;;;0532;;0532 +0563;ARMENIAN SMALL LETTER GIM;Ll;0;L;;;;;N;;;0533;;0533 +0564;ARMENIAN SMALL LETTER DA;Ll;0;L;;;;;N;;;0534;;0534 +0565;ARMENIAN SMALL LETTER ECH;Ll;0;L;;;;;N;;;0535;;0535 +0566;ARMENIAN SMALL LETTER ZA;Ll;0;L;;;;;N;;;0536;;0536 +0567;ARMENIAN SMALL LETTER EH;Ll;0;L;;;;;N;;;0537;;0537 +0568;ARMENIAN SMALL LETTER ET;Ll;0;L;;;;;N;;;0538;;0538 +0569;ARMENIAN SMALL LETTER TO;Ll;0;L;;;;;N;;;0539;;0539 +056A;ARMENIAN SMALL LETTER ZHE;Ll;0;L;;;;;N;;;053A;;053A +056B;ARMENIAN SMALL LETTER INI;Ll;0;L;;;;;N;;;053B;;053B +056C;ARMENIAN SMALL LETTER LIWN;Ll;0;L;;;;;N;;;053C;;053C +056D;ARMENIAN SMALL LETTER XEH;Ll;0;L;;;;;N;;;053D;;053D +056E;ARMENIAN SMALL LETTER CA;Ll;0;L;;;;;N;;;053E;;053E +056F;ARMENIAN SMALL LETTER KEN;Ll;0;L;;;;;N;;;053F;;053F +0570;ARMENIAN SMALL LETTER HO;Ll;0;L;;;;;N;;;0540;;0540 +0571;ARMENIAN SMALL LETTER JA;Ll;0;L;;;;;N;;;0541;;0541 +0572;ARMENIAN SMALL LETTER GHAD;Ll;0;L;;;;;N;ARMENIAN SMALL LETTER LAD;;0542;;0542 +0573;ARMENIAN SMALL LETTER CHEH;Ll;0;L;;;;;N;;;0543;;0543 +0574;ARMENIAN SMALL LETTER MEN;Ll;0;L;;;;;N;;;0544;;0544 +0575;ARMENIAN SMALL LETTER YI;Ll;0;L;;;;;N;;;0545;;0545 +0576;ARMENIAN SMALL LETTER NOW;Ll;0;L;;;;;N;;;0546;;0546 +0577;ARMENIAN SMALL LETTER SHA;Ll;0;L;;;;;N;;;0547;;0547 +0578;ARMENIAN SMALL LETTER VO;Ll;0;L;;;;;N;;;0548;;0548 +0579;ARMENIAN SMALL LETTER CHA;Ll;0;L;;;;;N;;;0549;;0549 +057A;ARMENIAN SMALL LETTER PEH;Ll;0;L;;;;;N;;;054A;;054A +057B;ARMENIAN SMALL LETTER JHEH;Ll;0;L;;;;;N;;;054B;;054B +057C;ARMENIAN SMALL LETTER RA;Ll;0;L;;;;;N;;;054C;;054C +057D;ARMENIAN SMALL LETTER SEH;Ll;0;L;;;;;N;;;054D;;054D +057E;ARMENIAN SMALL LETTER VEW;Ll;0;L;;;;;N;;;054E;;054E +057F;ARMENIAN SMALL LETTER TIWN;Ll;0;L;;;;;N;;;054F;;054F +0580;ARMENIAN SMALL LETTER REH;Ll;0;L;;;;;N;;;0550;;0550 +0581;ARMENIAN SMALL LETTER CO;Ll;0;L;;;;;N;;;0551;;0551 +0582;ARMENIAN SMALL LETTER YIWN;Ll;0;L;;;;;N;;;0552;;0552 +0583;ARMENIAN SMALL LETTER PIWR;Ll;0;L;;;;;N;;;0553;;0553 +0584;ARMENIAN SMALL LETTER KEH;Ll;0;L;;;;;N;;;0554;;0554 +0585;ARMENIAN SMALL LETTER OH;Ll;0;L;;;;;N;;;0555;;0555 +0586;ARMENIAN SMALL LETTER FEH;Ll;0;L;;;;;N;;;0556;;0556 +0587;ARMENIAN SMALL LIGATURE ECH YIWN;Ll;0;L; 0565 0582;;;;N;;;;; +0589;ARMENIAN FULL STOP;Po;0;L;;;;;N;ARMENIAN PERIOD;;;; +058A;ARMENIAN HYPHEN;Pd;0;ON;;;;;N;;;;; +0591;HEBREW ACCENT ETNAHTA;Mn;220;NSM;;;;;N;;;;; +0592;HEBREW ACCENT SEGOL;Mn;230;NSM;;;;;N;;;;; +0593;HEBREW ACCENT SHALSHELET;Mn;230;NSM;;;;;N;;;;; +0594;HEBREW ACCENT ZAQEF QATAN;Mn;230;NSM;;;;;N;;;;; +0595;HEBREW ACCENT ZAQEF GADOL;Mn;230;NSM;;;;;N;;;;; +0596;HEBREW ACCENT TIPEHA;Mn;220;NSM;;;;;N;;*;;; +0597;HEBREW ACCENT REVIA;Mn;230;NSM;;;;;N;;;;; +0598;HEBREW ACCENT ZARQA;Mn;230;NSM;;;;;N;;*;;; +0599;HEBREW ACCENT PASHTA;Mn;230;NSM;;;;;N;;;;; +059A;HEBREW ACCENT YETIV;Mn;222;NSM;;;;;N;;;;; +059B;HEBREW ACCENT TEVIR;Mn;220;NSM;;;;;N;;;;; +059C;HEBREW ACCENT GERESH;Mn;230;NSM;;;;;N;;;;; +059D;HEBREW ACCENT GERESH MUQDAM;Mn;230;NSM;;;;;N;;;;; +059E;HEBREW ACCENT GERSHAYIM;Mn;230;NSM;;;;;N;;;;; +059F;HEBREW ACCENT QARNEY PARA;Mn;230;NSM;;;;;N;;;;; +05A0;HEBREW ACCENT TELISHA GEDOLA;Mn;230;NSM;;;;;N;;;;; +05A1;HEBREW ACCENT PAZER;Mn;230;NSM;;;;;N;;;;; +05A3;HEBREW ACCENT MUNAH;Mn;220;NSM;;;;;N;;;;; +05A4;HEBREW ACCENT MAHAPAKH;Mn;220;NSM;;;;;N;;;;; +05A5;HEBREW ACCENT MERKHA;Mn;220;NSM;;;;;N;;*;;; +05A6;HEBREW ACCENT MERKHA KEFULA;Mn;220;NSM;;;;;N;;;;; +05A7;HEBREW ACCENT DARGA;Mn;220;NSM;;;;;N;;;;; +05A8;HEBREW ACCENT QADMA;Mn;230;NSM;;;;;N;;*;;; +05A9;HEBREW ACCENT TELISHA QETANA;Mn;230;NSM;;;;;N;;;;; +05AA;HEBREW ACCENT YERAH BEN YOMO;Mn;220;NSM;;;;;N;;*;;; +05AB;HEBREW ACCENT OLE;Mn;230;NSM;;;;;N;;;;; +05AC;HEBREW ACCENT ILUY;Mn;230;NSM;;;;;N;;;;; +05AD;HEBREW ACCENT DEHI;Mn;222;NSM;;;;;N;;;;; +05AE;HEBREW ACCENT ZINOR;Mn;228;NSM;;;;;N;;;;; +05AF;HEBREW MARK MASORA CIRCLE;Mn;230;NSM;;;;;N;;;;; +05B0;HEBREW POINT SHEVA;Mn;10;NSM;;;;;N;;;;; +05B1;HEBREW POINT HATAF SEGOL;Mn;11;NSM;;;;;N;;;;; +05B2;HEBREW POINT HATAF PATAH;Mn;12;NSM;;;;;N;;;;; +05B3;HEBREW POINT HATAF QAMATS;Mn;13;NSM;;;;;N;;;;; +05B4;HEBREW POINT HIRIQ;Mn;14;NSM;;;;;N;;;;; +05B5;HEBREW POINT TSERE;Mn;15;NSM;;;;;N;;;;; +05B6;HEBREW POINT SEGOL;Mn;16;NSM;;;;;N;;;;; +05B7;HEBREW POINT PATAH;Mn;17;NSM;;;;;N;;;;; +05B8;HEBREW POINT QAMATS;Mn;18;NSM;;;;;N;;;;; +05B9;HEBREW POINT HOLAM;Mn;19;NSM;;;;;N;;;;; +05BB;HEBREW POINT QUBUTS;Mn;20;NSM;;;;;N;;;;; +05BC;HEBREW POINT DAGESH OR MAPIQ;Mn;21;NSM;;;;;N;HEBREW POINT DAGESH;or shuruq;;; +05BD;HEBREW POINT METEG;Mn;22;NSM;;;;;N;;*;;; +05BE;HEBREW PUNCTUATION MAQAF;Po;0;R;;;;;N;;;;; +05BF;HEBREW POINT RAFE;Mn;23;NSM;;;;;N;;;;; +05C0;HEBREW PUNCTUATION PASEQ;Po;0;R;;;;;N;HEBREW POINT PASEQ;*;;; +05C1;HEBREW POINT SHIN DOT;Mn;24;NSM;;;;;N;;;;; +05C2;HEBREW POINT SIN DOT;Mn;25;NSM;;;;;N;;;;; +05C3;HEBREW PUNCTUATION SOF PASUQ;Po;0;R;;;;;N;;*;;; +05C4;HEBREW MARK UPPER DOT;Mn;230;NSM;;;;;N;;;;; +05D0;HEBREW LETTER ALEF;Lo;0;R;;;;;N;;;;; +05D1;HEBREW LETTER BET;Lo;0;R;;;;;N;;;;; +05D2;HEBREW LETTER GIMEL;Lo;0;R;;;;;N;;;;; +05D3;HEBREW LETTER DALET;Lo;0;R;;;;;N;;;;; +05D4;HEBREW LETTER HE;Lo;0;R;;;;;N;;;;; +05D5;HEBREW LETTER VAV;Lo;0;R;;;;;N;;;;; +05D6;HEBREW LETTER ZAYIN;Lo;0;R;;;;;N;;;;; +05D7;HEBREW LETTER HET;Lo;0;R;;;;;N;;;;; +05D8;HEBREW LETTER TET;Lo;0;R;;;;;N;;;;; +05D9;HEBREW LETTER YOD;Lo;0;R;;;;;N;;;;; +05DA;HEBREW LETTER FINAL KAF;Lo;0;R;;;;;N;;;;; +05DB;HEBREW LETTER KAF;Lo;0;R;;;;;N;;;;; +05DC;HEBREW LETTER LAMED;Lo;0;R;;;;;N;;;;; +05DD;HEBREW LETTER FINAL MEM;Lo;0;R;;;;;N;;;;; +05DE;HEBREW LETTER MEM;Lo;0;R;;;;;N;;;;; +05DF;HEBREW LETTER FINAL NUN;Lo;0;R;;;;;N;;;;; +05E0;HEBREW LETTER NUN;Lo;0;R;;;;;N;;;;; +05E1;HEBREW LETTER SAMEKH;Lo;0;R;;;;;N;;;;; +05E2;HEBREW LETTER AYIN;Lo;0;R;;;;;N;;;;; +05E3;HEBREW LETTER FINAL PE;Lo;0;R;;;;;N;;;;; +05E4;HEBREW LETTER PE;Lo;0;R;;;;;N;;;;; +05E5;HEBREW LETTER FINAL TSADI;Lo;0;R;;;;;N;;;;; +05E6;HEBREW LETTER TSADI;Lo;0;R;;;;;N;;;;; +05E7;HEBREW LETTER QOF;Lo;0;R;;;;;N;;;;; +05E8;HEBREW LETTER RESH;Lo;0;R;;;;;N;;;;; +05E9;HEBREW LETTER SHIN;Lo;0;R;;;;;N;;;;; +05EA;HEBREW LETTER TAV;Lo;0;R;;;;;N;;;;; +05F0;HEBREW LIGATURE YIDDISH DOUBLE VAV;Lo;0;R;;;;;N;HEBREW LETTER DOUBLE VAV;;;; +05F1;HEBREW LIGATURE YIDDISH VAV YOD;Lo;0;R;;;;;N;HEBREW LETTER VAV YOD;;;; +05F2;HEBREW LIGATURE YIDDISH DOUBLE YOD;Lo;0;R;;;;;N;HEBREW LETTER DOUBLE YOD;;;; +05F3;HEBREW PUNCTUATION GERESH;Po;0;R;;;;;N;;;;; +05F4;HEBREW PUNCTUATION GERSHAYIM;Po;0;R;;;;;N;;;;; +060C;ARABIC COMMA;Po;0;CS;;;;;N;;;;; +061B;ARABIC SEMICOLON;Po;0;AL;;;;;N;;;;; +061F;ARABIC QUESTION MARK;Po;0;AL;;;;;N;;;;; +0621;ARABIC LETTER HAMZA;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAH;;;; +0622;ARABIC LETTER ALEF WITH MADDA ABOVE;Lo;0;AL;0627 0653;;;;N;ARABIC LETTER MADDAH ON ALEF;;;; +0623;ARABIC LETTER ALEF WITH HAMZA ABOVE;Lo;0;AL;0627 0654;;;;N;ARABIC LETTER HAMZAH ON ALEF;;;; +0624;ARABIC LETTER WAW WITH HAMZA ABOVE;Lo;0;AL;0648 0654;;;;N;ARABIC LETTER HAMZAH ON WAW;;;; +0625;ARABIC LETTER ALEF WITH HAMZA BELOW;Lo;0;AL;0627 0655;;;;N;ARABIC LETTER HAMZAH UNDER ALEF;;;; +0626;ARABIC LETTER YEH WITH HAMZA ABOVE;Lo;0;AL;064A 0654;;;;N;ARABIC LETTER HAMZAH ON YA;;;; +0627;ARABIC LETTER ALEF;Lo;0;AL;;;;;N;;;;; +0628;ARABIC LETTER BEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA;;;; +0629;ARABIC LETTER TEH MARBUTA;Lo;0;AL;;;;;N;ARABIC LETTER TAA MARBUTAH;;;; +062A;ARABIC LETTER TEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA;;;; +062B;ARABIC LETTER THEH;Lo;0;AL;;;;;N;ARABIC LETTER THAA;;;; +062C;ARABIC LETTER JEEM;Lo;0;AL;;;;;N;;;;; +062D;ARABIC LETTER HAH;Lo;0;AL;;;;;N;ARABIC LETTER HAA;;;; +062E;ARABIC LETTER KHAH;Lo;0;AL;;;;;N;ARABIC LETTER KHAA;;;; +062F;ARABIC LETTER DAL;Lo;0;AL;;;;;N;;;;; +0630;ARABIC LETTER THAL;Lo;0;AL;;;;;N;;;;; +0631;ARABIC LETTER REH;Lo;0;AL;;;;;N;ARABIC LETTER RA;;;; +0632;ARABIC LETTER ZAIN;Lo;0;AL;;;;;N;;;;; +0633;ARABIC LETTER SEEN;Lo;0;AL;;;;;N;;;;; +0634;ARABIC LETTER SHEEN;Lo;0;AL;;;;;N;;;;; +0635;ARABIC LETTER SAD;Lo;0;AL;;;;;N;;;;; +0636;ARABIC LETTER DAD;Lo;0;AL;;;;;N;;;;; +0637;ARABIC LETTER TAH;Lo;0;AL;;;;;N;;;;; +0638;ARABIC LETTER ZAH;Lo;0;AL;;;;;N;ARABIC LETTER DHAH;;;; +0639;ARABIC LETTER AIN;Lo;0;AL;;;;;N;;;;; +063A;ARABIC LETTER GHAIN;Lo;0;AL;;;;;N;;;;; +0640;ARABIC TATWEEL;Lm;0;AL;;;;;N;;;;; +0641;ARABIC LETTER FEH;Lo;0;AL;;;;;N;ARABIC LETTER FA;;;; +0642;ARABIC LETTER QAF;Lo;0;AL;;;;;N;;;;; +0643;ARABIC LETTER KAF;Lo;0;AL;;;;;N;ARABIC LETTER CAF;;;; +0644;ARABIC LETTER LAM;Lo;0;AL;;;;;N;;;;; +0645;ARABIC LETTER MEEM;Lo;0;AL;;;;;N;;;;; +0646;ARABIC LETTER NOON;Lo;0;AL;;;;;N;;;;; +0647;ARABIC LETTER HEH;Lo;0;AL;;;;;N;ARABIC LETTER HA;;;; +0648;ARABIC LETTER WAW;Lo;0;AL;;;;;N;;;;; +0649;ARABIC LETTER ALEF MAKSURA;Lo;0;AL;;;;;N;ARABIC LETTER ALEF MAQSURAH;;;; +064A;ARABIC LETTER YEH;Lo;0;AL;;;;;N;ARABIC LETTER YA;;;; +064B;ARABIC FATHATAN;Mn;27;NSM;;;;;N;;;;; +064C;ARABIC DAMMATAN;Mn;28;NSM;;;;;N;;;;; +064D;ARABIC KASRATAN;Mn;29;NSM;;;;;N;;;;; +064E;ARABIC FATHA;Mn;30;NSM;;;;;N;ARABIC FATHAH;;;; +064F;ARABIC DAMMA;Mn;31;NSM;;;;;N;ARABIC DAMMAH;;;; +0650;ARABIC KASRA;Mn;32;NSM;;;;;N;ARABIC KASRAH;;;; +0651;ARABIC SHADDA;Mn;33;NSM;;;;;N;ARABIC SHADDAH;;;; +0652;ARABIC SUKUN;Mn;34;NSM;;;;;N;;;;; +0653;ARABIC MADDAH ABOVE;Mn;230;NSM;;;;;N;;;;; +0654;ARABIC HAMZA ABOVE;Mn;230;NSM;;;;;N;;;;; +0655;ARABIC HAMZA BELOW;Mn;220;NSM;;;;;N;;;;; +0660;ARABIC-INDIC DIGIT ZERO;Nd;0;AN;;0;0;0;N;;;;; +0661;ARABIC-INDIC DIGIT ONE;Nd;0;AN;;1;1;1;N;;;;; +0662;ARABIC-INDIC DIGIT TWO;Nd;0;AN;;2;2;2;N;;;;; +0663;ARABIC-INDIC DIGIT THREE;Nd;0;AN;;3;3;3;N;;;;; +0664;ARABIC-INDIC DIGIT FOUR;Nd;0;AN;;4;4;4;N;;;;; +0665;ARABIC-INDIC DIGIT FIVE;Nd;0;AN;;5;5;5;N;;;;; +0666;ARABIC-INDIC DIGIT SIX;Nd;0;AN;;6;6;6;N;;;;; +0667;ARABIC-INDIC DIGIT SEVEN;Nd;0;AN;;7;7;7;N;;;;; +0668;ARABIC-INDIC DIGIT EIGHT;Nd;0;AN;;8;8;8;N;;;;; +0669;ARABIC-INDIC DIGIT NINE;Nd;0;AN;;9;9;9;N;;;;; +066A;ARABIC PERCENT SIGN;Po;0;ET;;;;;N;;;;; +066B;ARABIC DECIMAL SEPARATOR;Po;0;AN;;;;;N;;;;; +066C;ARABIC THOUSANDS SEPARATOR;Po;0;AN;;;;;N;;;;; +066D;ARABIC FIVE POINTED STAR;Po;0;AL;;;;;N;;;;; +066E;ARABIC LETTER DOTLESS BEH;Lo;0;AL;;;;;N;;;;; +066F;ARABIC LETTER DOTLESS QAF;Lo;0;AL;;;;;N;;;;; +0670;ARABIC LETTER SUPERSCRIPT ALEF;Mn;35;NSM;;;;;N;ARABIC ALEF ABOVE;;;; +0671;ARABIC LETTER ALEF WASLA;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAT WASL ON ALEF;;;; +0672;ARABIC LETTER ALEF WITH WAVY HAMZA ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER WAVY HAMZAH ON ALEF;;;; +0673;ARABIC LETTER ALEF WITH WAVY HAMZA BELOW;Lo;0;AL;;;;;N;ARABIC LETTER WAVY HAMZAH UNDER ALEF;;;; +0674;ARABIC LETTER HIGH HAMZA;Lo;0;AL;;;;;N;ARABIC LETTER HIGH HAMZAH;;;; +0675;ARABIC LETTER HIGH HAMZA ALEF;Lo;0;AL; 0627 0674;;;;N;ARABIC LETTER HIGH HAMZAH ALEF;;;; +0676;ARABIC LETTER HIGH HAMZA WAW;Lo;0;AL; 0648 0674;;;;N;ARABIC LETTER HIGH HAMZAH WAW;;;; +0677;ARABIC LETTER U WITH HAMZA ABOVE;Lo;0;AL; 06C7 0674;;;;N;ARABIC LETTER HIGH HAMZAH WAW WITH DAMMAH;;;; +0678;ARABIC LETTER HIGH HAMZA YEH;Lo;0;AL; 064A 0674;;;;N;ARABIC LETTER HIGH HAMZAH YA;;;; +0679;ARABIC LETTER TTEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH SMALL TAH;;;; +067A;ARABIC LETTER TTEHEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH TWO DOTS VERTICAL ABOVE;;;; +067B;ARABIC LETTER BEEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA WITH TWO DOTS VERTICAL BELOW;;;; +067C;ARABIC LETTER TEH WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH RING;;;; +067D;ARABIC LETTER TEH WITH THREE DOTS ABOVE DOWNWARDS;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH THREE DOTS ABOVE DOWNWARD;;;; +067E;ARABIC LETTER PEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH THREE DOTS BELOW;;;; +067F;ARABIC LETTER TEHEH;Lo;0;AL;;;;;N;ARABIC LETTER TAA WITH FOUR DOTS ABOVE;;;; +0680;ARABIC LETTER BEHEH;Lo;0;AL;;;;;N;ARABIC LETTER BAA WITH FOUR DOTS BELOW;;;; +0681;ARABIC LETTER HAH WITH HAMZA ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAMZAH ON HAA;;;; +0682;ARABIC LETTER HAH WITH TWO DOTS VERTICAL ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH TWO DOTS VERTICAL ABOVE;;;; +0683;ARABIC LETTER NYEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE TWO DOTS;;;; +0684;ARABIC LETTER DYEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE TWO DOTS VERTICAL;;;; +0685;ARABIC LETTER HAH WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH THREE DOTS ABOVE;;;; +0686;ARABIC LETTER TCHEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE THREE DOTS DOWNWARD;;;; +0687;ARABIC LETTER TCHEHEH;Lo;0;AL;;;;;N;ARABIC LETTER HAA WITH MIDDLE FOUR DOTS;;;; +0688;ARABIC LETTER DDAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH SMALL TAH;;;; +0689;ARABIC LETTER DAL WITH RING;Lo;0;AL;;;;;N;;;;; +068A;ARABIC LETTER DAL WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +068B;ARABIC LETTER DAL WITH DOT BELOW AND SMALL TAH;Lo;0;AL;;;;;N;;;;; +068C;ARABIC LETTER DAHAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH TWO DOTS ABOVE;;;; +068D;ARABIC LETTER DDAHAL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH TWO DOTS BELOW;;;; +068E;ARABIC LETTER DUL;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH THREE DOTS ABOVE;;;; +068F;ARABIC LETTER DAL WITH THREE DOTS ABOVE DOWNWARDS;Lo;0;AL;;;;;N;ARABIC LETTER DAL WITH THREE DOTS ABOVE DOWNWARD;;;; +0690;ARABIC LETTER DAL WITH FOUR DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +0691;ARABIC LETTER RREH;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL TAH;;;; +0692;ARABIC LETTER REH WITH SMALL V;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL V;;;; +0693;ARABIC LETTER REH WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH RING;;;; +0694;ARABIC LETTER REH WITH DOT BELOW;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH DOT BELOW;;;; +0695;ARABIC LETTER REH WITH SMALL V BELOW;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH SMALL V BELOW;;;; +0696;ARABIC LETTER REH WITH DOT BELOW AND DOT ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH DOT BELOW AND DOT ABOVE;;;; +0697;ARABIC LETTER REH WITH TWO DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH TWO DOTS ABOVE;;;; +0698;ARABIC LETTER JEH;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH THREE DOTS ABOVE;;;; +0699;ARABIC LETTER REH WITH FOUR DOTS ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER RA WITH FOUR DOTS ABOVE;;;; +069A;ARABIC LETTER SEEN WITH DOT BELOW AND DOT ABOVE;Lo;0;AL;;;;;N;;;;; +069B;ARABIC LETTER SEEN WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;;;;; +069C;ARABIC LETTER SEEN WITH THREE DOTS BELOW AND THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +069D;ARABIC LETTER SAD WITH TWO DOTS BELOW;Lo;0;AL;;;;;N;;;;; +069E;ARABIC LETTER SAD WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +069F;ARABIC LETTER TAH WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06A0;ARABIC LETTER AIN WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06A1;ARABIC LETTER DOTLESS FEH;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS FA;;;; +06A2;ARABIC LETTER FEH WITH DOT MOVED BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH DOT MOVED BELOW;;;; +06A3;ARABIC LETTER FEH WITH DOT BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH DOT BELOW;;;; +06A4;ARABIC LETTER VEH;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH THREE DOTS ABOVE;;;; +06A5;ARABIC LETTER FEH WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH THREE DOTS BELOW;;;; +06A6;ARABIC LETTER PEHEH;Lo;0;AL;;;;;N;ARABIC LETTER FA WITH FOUR DOTS ABOVE;;;; +06A7;ARABIC LETTER QAF WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;; +06A8;ARABIC LETTER QAF WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06A9;ARABIC LETTER KEHEH;Lo;0;AL;;;;;N;ARABIC LETTER OPEN CAF;;;; +06AA;ARABIC LETTER SWASH KAF;Lo;0;AL;;;;;N;ARABIC LETTER SWASH CAF;;;; +06AB;ARABIC LETTER KAF WITH RING;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH RING;;;; +06AC;ARABIC LETTER KAF WITH DOT ABOVE;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH DOT ABOVE;;;; +06AD;ARABIC LETTER NG;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH THREE DOTS ABOVE;;;; +06AE;ARABIC LETTER KAF WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER CAF WITH THREE DOTS BELOW;;;; +06AF;ARABIC LETTER GAF;Lo;0;AL;;;;;N;;*;;; +06B0;ARABIC LETTER GAF WITH RING;Lo;0;AL;;;;;N;;;;; +06B1;ARABIC LETTER NGOEH;Lo;0;AL;;;;;N;ARABIC LETTER GAF WITH TWO DOTS ABOVE;;;; +06B2;ARABIC LETTER GAF WITH TWO DOTS BELOW;Lo;0;AL;;;;;N;;;;; +06B3;ARABIC LETTER GUEH;Lo;0;AL;;;;;N;ARABIC LETTER GAF WITH TWO DOTS VERTICAL BELOW;;;; +06B4;ARABIC LETTER GAF WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06B5;ARABIC LETTER LAM WITH SMALL V;Lo;0;AL;;;;;N;;;;; +06B6;ARABIC LETTER LAM WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;; +06B7;ARABIC LETTER LAM WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06B8;ARABIC LETTER LAM WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;;;;; +06B9;ARABIC LETTER NOON WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +06BA;ARABIC LETTER NOON GHUNNA;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS NOON;;;; +06BB;ARABIC LETTER RNOON;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS NOON WITH SMALL TAH;;;; +06BC;ARABIC LETTER NOON WITH RING;Lo;0;AL;;;;;N;;;;; +06BD;ARABIC LETTER NOON WITH THREE DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06BE;ARABIC LETTER HEH DOACHASHMEE;Lo;0;AL;;;;;N;ARABIC LETTER KNOTTED HA;;;; +06BF;ARABIC LETTER TCHEH WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;; +06C0;ARABIC LETTER HEH WITH YEH ABOVE;Lo;0;AL;06D5 0654;;;;N;ARABIC LETTER HAMZAH ON HA;;;; +06C1;ARABIC LETTER HEH GOAL;Lo;0;AL;;;;;N;ARABIC LETTER HA GOAL;;;; +06C2;ARABIC LETTER HEH GOAL WITH HAMZA ABOVE;Lo;0;AL;06C1 0654;;;;N;ARABIC LETTER HAMZAH ON HA GOAL;;;; +06C3;ARABIC LETTER TEH MARBUTA GOAL;Lo;0;AL;;;;;N;ARABIC LETTER TAA MARBUTAH GOAL;;;; +06C4;ARABIC LETTER WAW WITH RING;Lo;0;AL;;;;;N;;;;; +06C5;ARABIC LETTER KIRGHIZ OE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH BAR;;;; +06C6;ARABIC LETTER OE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH SMALL V;;;; +06C7;ARABIC LETTER U;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH DAMMAH;;;; +06C8;ARABIC LETTER YU;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH ALEF ABOVE;;;; +06C9;ARABIC LETTER KIRGHIZ YU;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH INVERTED SMALL V;;;; +06CA;ARABIC LETTER WAW WITH TWO DOTS ABOVE;Lo;0;AL;;;;;N;;;;; +06CB;ARABIC LETTER VE;Lo;0;AL;;;;;N;ARABIC LETTER WAW WITH THREE DOTS ABOVE;;;; +06CC;ARABIC LETTER FARSI YEH;Lo;0;AL;;;;;N;ARABIC LETTER DOTLESS YA;;;; +06CD;ARABIC LETTER YEH WITH TAIL;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH TAIL;;;; +06CE;ARABIC LETTER YEH WITH SMALL V;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH SMALL V;;;; +06CF;ARABIC LETTER WAW WITH DOT ABOVE;Lo;0;AL;;;;;N;;;;; +06D0;ARABIC LETTER E;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH TWO DOTS VERTICAL BELOW;*;;; +06D1;ARABIC LETTER YEH WITH THREE DOTS BELOW;Lo;0;AL;;;;;N;ARABIC LETTER YA WITH THREE DOTS BELOW;;;; +06D2;ARABIC LETTER YEH BARREE;Lo;0;AL;;;;;N;ARABIC LETTER YA BARREE;;;; +06D3;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE;Lo;0;AL;06D2 0654;;;;N;ARABIC LETTER HAMZAH ON YA BARREE;;;; +06D4;ARABIC FULL STOP;Po;0;AL;;;;;N;ARABIC PERIOD;;;; +06D5;ARABIC LETTER AE;Lo;0;AL;;;;;N;;;;; +06D6;ARABIC SMALL HIGH LIGATURE SAD WITH LAM WITH ALEF MAKSURA;Mn;230;NSM;;;;;N;;;;; +06D7;ARABIC SMALL HIGH LIGATURE QAF WITH LAM WITH ALEF MAKSURA;Mn;230;NSM;;;;;N;;;;; +06D8;ARABIC SMALL HIGH MEEM INITIAL FORM;Mn;230;NSM;;;;;N;;;;; +06D9;ARABIC SMALL HIGH LAM ALEF;Mn;230;NSM;;;;;N;;;;; +06DA;ARABIC SMALL HIGH JEEM;Mn;230;NSM;;;;;N;;;;; +06DB;ARABIC SMALL HIGH THREE DOTS;Mn;230;NSM;;;;;N;;;;; +06DC;ARABIC SMALL HIGH SEEN;Mn;230;NSM;;;;;N;;;;; +06DD;ARABIC END OF AYAH;Cf;0;AL;;;;;N;;;;; +06DE;ARABIC START OF RUB EL HIZB;Me;0;NSM;;;;;N;;;;; +06DF;ARABIC SMALL HIGH ROUNDED ZERO;Mn;230;NSM;;;;;N;;;;; +06E0;ARABIC SMALL HIGH UPRIGHT RECTANGULAR ZERO;Mn;230;NSM;;;;;N;;;;; +06E1;ARABIC SMALL HIGH DOTLESS HEAD OF KHAH;Mn;230;NSM;;;;;N;;;;; +06E2;ARABIC SMALL HIGH MEEM ISOLATED FORM;Mn;230;NSM;;;;;N;;;;; +06E3;ARABIC SMALL LOW SEEN;Mn;220;NSM;;;;;N;;;;; +06E4;ARABIC SMALL HIGH MADDA;Mn;230;NSM;;;;;N;;;;; +06E5;ARABIC SMALL WAW;Lm;0;AL;;;;;N;;;;; +06E6;ARABIC SMALL YEH;Lm;0;AL;;;;;N;;;;; +06E7;ARABIC SMALL HIGH YEH;Mn;230;NSM;;;;;N;;;;; +06E8;ARABIC SMALL HIGH NOON;Mn;230;NSM;;;;;N;;;;; +06E9;ARABIC PLACE OF SAJDAH;So;0;ON;;;;;N;;;;; +06EA;ARABIC EMPTY CENTRE LOW STOP;Mn;220;NSM;;;;;N;;;;; +06EB;ARABIC EMPTY CENTRE HIGH STOP;Mn;230;NSM;;;;;N;;;;; +06EC;ARABIC ROUNDED HIGH STOP WITH FILLED CENTRE;Mn;230;NSM;;;;;N;;;;; +06ED;ARABIC SMALL LOW MEEM;Mn;220;NSM;;;;;N;;;;; +06F0;EXTENDED ARABIC-INDIC DIGIT ZERO;Nd;0;EN;;0;0;0;N;EASTERN ARABIC-INDIC DIGIT ZERO;;;; +06F1;EXTENDED ARABIC-INDIC DIGIT ONE;Nd;0;EN;;1;1;1;N;EASTERN ARABIC-INDIC DIGIT ONE;;;; +06F2;EXTENDED ARABIC-INDIC DIGIT TWO;Nd;0;EN;;2;2;2;N;EASTERN ARABIC-INDIC DIGIT TWO;;;; +06F3;EXTENDED ARABIC-INDIC DIGIT THREE;Nd;0;EN;;3;3;3;N;EASTERN ARABIC-INDIC DIGIT THREE;;;; +06F4;EXTENDED ARABIC-INDIC DIGIT FOUR;Nd;0;EN;;4;4;4;N;EASTERN ARABIC-INDIC DIGIT FOUR;;;; +06F5;EXTENDED ARABIC-INDIC DIGIT FIVE;Nd;0;EN;;5;5;5;N;EASTERN ARABIC-INDIC DIGIT FIVE;;;; +06F6;EXTENDED ARABIC-INDIC DIGIT SIX;Nd;0;EN;;6;6;6;N;EASTERN ARABIC-INDIC DIGIT SIX;;;; +06F7;EXTENDED ARABIC-INDIC DIGIT SEVEN;Nd;0;EN;;7;7;7;N;EASTERN ARABIC-INDIC DIGIT SEVEN;;;; +06F8;EXTENDED ARABIC-INDIC DIGIT EIGHT;Nd;0;EN;;8;8;8;N;EASTERN ARABIC-INDIC DIGIT EIGHT;;;; +06F9;EXTENDED ARABIC-INDIC DIGIT NINE;Nd;0;EN;;9;9;9;N;EASTERN ARABIC-INDIC DIGIT NINE;;;; +06FA;ARABIC LETTER SHEEN WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +06FB;ARABIC LETTER DAD WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +06FC;ARABIC LETTER GHAIN WITH DOT BELOW;Lo;0;AL;;;;;N;;;;; +06FD;ARABIC SIGN SINDHI AMPERSAND;So;0;AL;;;;;N;;;;; +06FE;ARABIC SIGN SINDHI POSTPOSITION MEN;So;0;AL;;;;;N;;;;; +0700;SYRIAC END OF PARAGRAPH;Po;0;AL;;;;;N;;;;; +0701;SYRIAC SUPRALINEAR FULL STOP;Po;0;AL;;;;;N;;;;; +0702;SYRIAC SUBLINEAR FULL STOP;Po;0;AL;;;;;N;;;;; +0703;SYRIAC SUPRALINEAR COLON;Po;0;AL;;;;;N;;;;; +0704;SYRIAC SUBLINEAR COLON;Po;0;AL;;;;;N;;;;; +0705;SYRIAC HORIZONTAL COLON;Po;0;AL;;;;;N;;;;; +0706;SYRIAC COLON SKEWED LEFT;Po;0;AL;;;;;N;;;;; +0707;SYRIAC COLON SKEWED RIGHT;Po;0;AL;;;;;N;;;;; +0708;SYRIAC SUPRALINEAR COLON SKEWED LEFT;Po;0;AL;;;;;N;;;;; +0709;SYRIAC SUBLINEAR COLON SKEWED RIGHT;Po;0;AL;;;;;N;;;;; +070A;SYRIAC CONTRACTION;Po;0;AL;;;;;N;;;;; +070B;SYRIAC HARKLEAN OBELUS;Po;0;AL;;;;;N;;;;; +070C;SYRIAC HARKLEAN METOBELUS;Po;0;AL;;;;;N;;;;; +070D;SYRIAC HARKLEAN ASTERISCUS;Po;0;AL;;;;;N;;;;; +070F;SYRIAC ABBREVIATION MARK;Cf;0;BN;;;;;N;;;;; +0710;SYRIAC LETTER ALAPH;Lo;0;AL;;;;;N;;;;; +0711;SYRIAC LETTER SUPERSCRIPT ALAPH;Mn;36;NSM;;;;;N;;;;; +0712;SYRIAC LETTER BETH;Lo;0;AL;;;;;N;;;;; +0713;SYRIAC LETTER GAMAL;Lo;0;AL;;;;;N;;;;; +0714;SYRIAC LETTER GAMAL GARSHUNI;Lo;0;AL;;;;;N;;;;; +0715;SYRIAC LETTER DALATH;Lo;0;AL;;;;;N;;;;; +0716;SYRIAC LETTER DOTLESS DALATH RISH;Lo;0;AL;;;;;N;;;;; +0717;SYRIAC LETTER HE;Lo;0;AL;;;;;N;;;;; +0718;SYRIAC LETTER WAW;Lo;0;AL;;;;;N;;;;; +0719;SYRIAC LETTER ZAIN;Lo;0;AL;;;;;N;;;;; +071A;SYRIAC LETTER HETH;Lo;0;AL;;;;;N;;;;; +071B;SYRIAC LETTER TETH;Lo;0;AL;;;;;N;;;;; +071C;SYRIAC LETTER TETH GARSHUNI;Lo;0;AL;;;;;N;;;;; +071D;SYRIAC LETTER YUDH;Lo;0;AL;;;;;N;;;;; +071E;SYRIAC LETTER YUDH HE;Lo;0;AL;;;;;N;;;;; +071F;SYRIAC LETTER KAPH;Lo;0;AL;;;;;N;;;;; +0720;SYRIAC LETTER LAMADH;Lo;0;AL;;;;;N;;;;; +0721;SYRIAC LETTER MIM;Lo;0;AL;;;;;N;;;;; +0722;SYRIAC LETTER NUN;Lo;0;AL;;;;;N;;;;; +0723;SYRIAC LETTER SEMKATH;Lo;0;AL;;;;;N;;;;; +0724;SYRIAC LETTER FINAL SEMKATH;Lo;0;AL;;;;;N;;;;; +0725;SYRIAC LETTER E;Lo;0;AL;;;;;N;;;;; +0726;SYRIAC LETTER PE;Lo;0;AL;;;;;N;;;;; +0727;SYRIAC LETTER REVERSED PE;Lo;0;AL;;;;;N;;;;; +0728;SYRIAC LETTER SADHE;Lo;0;AL;;;;;N;;;;; +0729;SYRIAC LETTER QAPH;Lo;0;AL;;;;;N;;;;; +072A;SYRIAC LETTER RISH;Lo;0;AL;;;;;N;;;;; +072B;SYRIAC LETTER SHIN;Lo;0;AL;;;;;N;;;;; +072C;SYRIAC LETTER TAW;Lo;0;AL;;;;;N;;;;; +0730;SYRIAC PTHAHA ABOVE;Mn;230;NSM;;;;;N;;;;; +0731;SYRIAC PTHAHA BELOW;Mn;220;NSM;;;;;N;;;;; +0732;SYRIAC PTHAHA DOTTED;Mn;230;NSM;;;;;N;;;;; +0733;SYRIAC ZQAPHA ABOVE;Mn;230;NSM;;;;;N;;;;; +0734;SYRIAC ZQAPHA BELOW;Mn;220;NSM;;;;;N;;;;; +0735;SYRIAC ZQAPHA DOTTED;Mn;230;NSM;;;;;N;;;;; +0736;SYRIAC RBASA ABOVE;Mn;230;NSM;;;;;N;;;;; +0737;SYRIAC RBASA BELOW;Mn;220;NSM;;;;;N;;;;; +0738;SYRIAC DOTTED ZLAMA HORIZONTAL;Mn;220;NSM;;;;;N;;;;; +0739;SYRIAC DOTTED ZLAMA ANGULAR;Mn;220;NSM;;;;;N;;;;; +073A;SYRIAC HBASA ABOVE;Mn;230;NSM;;;;;N;;;;; +073B;SYRIAC HBASA BELOW;Mn;220;NSM;;;;;N;;;;; +073C;SYRIAC HBASA-ESASA DOTTED;Mn;220;NSM;;;;;N;;;;; +073D;SYRIAC ESASA ABOVE;Mn;230;NSM;;;;;N;;;;; +073E;SYRIAC ESASA BELOW;Mn;220;NSM;;;;;N;;;;; +073F;SYRIAC RWAHA;Mn;230;NSM;;;;;N;;;;; +0740;SYRIAC FEMININE DOT;Mn;230;NSM;;;;;N;;;;; +0741;SYRIAC QUSHSHAYA;Mn;230;NSM;;;;;N;;;;; +0742;SYRIAC RUKKAKHA;Mn;220;NSM;;;;;N;;;;; +0743;SYRIAC TWO VERTICAL DOTS ABOVE;Mn;230;NSM;;;;;N;;;;; +0744;SYRIAC TWO VERTICAL DOTS BELOW;Mn;220;NSM;;;;;N;;;;; +0745;SYRIAC THREE DOTS ABOVE;Mn;230;NSM;;;;;N;;;;; +0746;SYRIAC THREE DOTS BELOW;Mn;220;NSM;;;;;N;;;;; +0747;SYRIAC OBLIQUE LINE ABOVE;Mn;230;NSM;;;;;N;;;;; +0748;SYRIAC OBLIQUE LINE BELOW;Mn;220;NSM;;;;;N;;;;; +0749;SYRIAC MUSIC;Mn;230;NSM;;;;;N;;;;; +074A;SYRIAC BARREKH;Mn;230;NSM;;;;;N;;;;; +0780;THAANA LETTER HAA;Lo;0;AL;;;;;N;;;;; +0781;THAANA LETTER SHAVIYANI;Lo;0;AL;;;;;N;;;;; +0782;THAANA LETTER NOONU;Lo;0;AL;;;;;N;;;;; +0783;THAANA LETTER RAA;Lo;0;AL;;;;;N;;;;; +0784;THAANA LETTER BAA;Lo;0;AL;;;;;N;;;;; +0785;THAANA LETTER LHAVIYANI;Lo;0;AL;;;;;N;;;;; +0786;THAANA LETTER KAAFU;Lo;0;AL;;;;;N;;;;; +0787;THAANA LETTER ALIFU;Lo;0;AL;;;;;N;;;;; +0788;THAANA LETTER VAAVU;Lo;0;AL;;;;;N;;;;; +0789;THAANA LETTER MEEMU;Lo;0;AL;;;;;N;;;;; +078A;THAANA LETTER FAAFU;Lo;0;AL;;;;;N;;;;; +078B;THAANA LETTER DHAALU;Lo;0;AL;;;;;N;;;;; +078C;THAANA LETTER THAA;Lo;0;AL;;;;;N;;;;; +078D;THAANA LETTER LAAMU;Lo;0;AL;;;;;N;;;;; +078E;THAANA LETTER GAAFU;Lo;0;AL;;;;;N;;;;; +078F;THAANA LETTER GNAVIYANI;Lo;0;AL;;;;;N;;;;; +0790;THAANA LETTER SEENU;Lo;0;AL;;;;;N;;;;; +0791;THAANA LETTER DAVIYANI;Lo;0;AL;;;;;N;;;;; +0792;THAANA LETTER ZAVIYANI;Lo;0;AL;;;;;N;;;;; +0793;THAANA LETTER TAVIYANI;Lo;0;AL;;;;;N;;;;; +0794;THAANA LETTER YAA;Lo;0;AL;;;;;N;;;;; +0795;THAANA LETTER PAVIYANI;Lo;0;AL;;;;;N;;;;; +0796;THAANA LETTER JAVIYANI;Lo;0;AL;;;;;N;;;;; +0797;THAANA LETTER CHAVIYANI;Lo;0;AL;;;;;N;;;;; +0798;THAANA LETTER TTAA;Lo;0;AL;;;;;N;;;;; +0799;THAANA LETTER HHAA;Lo;0;AL;;;;;N;;;;; +079A;THAANA LETTER KHAA;Lo;0;AL;;;;;N;;;;; +079B;THAANA LETTER THAALU;Lo;0;AL;;;;;N;;;;; +079C;THAANA LETTER ZAA;Lo;0;AL;;;;;N;;;;; +079D;THAANA LETTER SHEENU;Lo;0;AL;;;;;N;;;;; +079E;THAANA LETTER SAADHU;Lo;0;AL;;;;;N;;;;; +079F;THAANA LETTER DAADHU;Lo;0;AL;;;;;N;;;;; +07A0;THAANA LETTER TO;Lo;0;AL;;;;;N;;;;; +07A1;THAANA LETTER ZO;Lo;0;AL;;;;;N;;;;; +07A2;THAANA LETTER AINU;Lo;0;AL;;;;;N;;;;; +07A3;THAANA LETTER GHAINU;Lo;0;AL;;;;;N;;;;; +07A4;THAANA LETTER QAAFU;Lo;0;AL;;;;;N;;;;; +07A5;THAANA LETTER WAAVU;Lo;0;AL;;;;;N;;;;; +07A6;THAANA ABAFILI;Mn;0;NSM;;;;;N;;;;; +07A7;THAANA AABAAFILI;Mn;0;NSM;;;;;N;;;;; +07A8;THAANA IBIFILI;Mn;0;NSM;;;;;N;;;;; +07A9;THAANA EEBEEFILI;Mn;0;NSM;;;;;N;;;;; +07AA;THAANA UBUFILI;Mn;0;NSM;;;;;N;;;;; +07AB;THAANA OOBOOFILI;Mn;0;NSM;;;;;N;;;;; +07AC;THAANA EBEFILI;Mn;0;NSM;;;;;N;;;;; +07AD;THAANA EYBEYFILI;Mn;0;NSM;;;;;N;;;;; +07AE;THAANA OBOFILI;Mn;0;NSM;;;;;N;;;;; +07AF;THAANA OABOAFILI;Mn;0;NSM;;;;;N;;;;; +07B0;THAANA SUKUN;Mn;0;NSM;;;;;N;;;;; +07B1;THAANA LETTER NAA;Lo;0;AL;;;;;N;;;;; +0901;DEVANAGARI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;; +0902;DEVANAGARI SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;; +0903;DEVANAGARI SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0905;DEVANAGARI LETTER A;Lo;0;L;;;;;N;;;;; +0906;DEVANAGARI LETTER AA;Lo;0;L;;;;;N;;;;; +0907;DEVANAGARI LETTER I;Lo;0;L;;;;;N;;;;; +0908;DEVANAGARI LETTER II;Lo;0;L;;;;;N;;;;; +0909;DEVANAGARI LETTER U;Lo;0;L;;;;;N;;;;; +090A;DEVANAGARI LETTER UU;Lo;0;L;;;;;N;;;;; +090B;DEVANAGARI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +090C;DEVANAGARI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +090D;DEVANAGARI LETTER CANDRA E;Lo;0;L;;;;;N;;;;; +090E;DEVANAGARI LETTER SHORT E;Lo;0;L;;;;;N;;;;; +090F;DEVANAGARI LETTER E;Lo;0;L;;;;;N;;;;; +0910;DEVANAGARI LETTER AI;Lo;0;L;;;;;N;;;;; +0911;DEVANAGARI LETTER CANDRA O;Lo;0;L;;;;;N;;;;; +0912;DEVANAGARI LETTER SHORT O;Lo;0;L;;;;;N;;;;; +0913;DEVANAGARI LETTER O;Lo;0;L;;;;;N;;;;; +0914;DEVANAGARI LETTER AU;Lo;0;L;;;;;N;;;;; +0915;DEVANAGARI LETTER KA;Lo;0;L;;;;;N;;;;; +0916;DEVANAGARI LETTER KHA;Lo;0;L;;;;;N;;;;; +0917;DEVANAGARI LETTER GA;Lo;0;L;;;;;N;;;;; +0918;DEVANAGARI LETTER GHA;Lo;0;L;;;;;N;;;;; +0919;DEVANAGARI LETTER NGA;Lo;0;L;;;;;N;;;;; +091A;DEVANAGARI LETTER CA;Lo;0;L;;;;;N;;;;; +091B;DEVANAGARI LETTER CHA;Lo;0;L;;;;;N;;;;; +091C;DEVANAGARI LETTER JA;Lo;0;L;;;;;N;;;;; +091D;DEVANAGARI LETTER JHA;Lo;0;L;;;;;N;;;;; +091E;DEVANAGARI LETTER NYA;Lo;0;L;;;;;N;;;;; +091F;DEVANAGARI LETTER TTA;Lo;0;L;;;;;N;;;;; +0920;DEVANAGARI LETTER TTHA;Lo;0;L;;;;;N;;;;; +0921;DEVANAGARI LETTER DDA;Lo;0;L;;;;;N;;;;; +0922;DEVANAGARI LETTER DDHA;Lo;0;L;;;;;N;;;;; +0923;DEVANAGARI LETTER NNA;Lo;0;L;;;;;N;;;;; +0924;DEVANAGARI LETTER TA;Lo;0;L;;;;;N;;;;; +0925;DEVANAGARI LETTER THA;Lo;0;L;;;;;N;;;;; +0926;DEVANAGARI LETTER DA;Lo;0;L;;;;;N;;;;; +0927;DEVANAGARI LETTER DHA;Lo;0;L;;;;;N;;;;; +0928;DEVANAGARI LETTER NA;Lo;0;L;;;;;N;;;;; +0929;DEVANAGARI LETTER NNNA;Lo;0;L;0928 093C;;;;N;;;;; +092A;DEVANAGARI LETTER PA;Lo;0;L;;;;;N;;;;; +092B;DEVANAGARI LETTER PHA;Lo;0;L;;;;;N;;;;; +092C;DEVANAGARI LETTER BA;Lo;0;L;;;;;N;;;;; +092D;DEVANAGARI LETTER BHA;Lo;0;L;;;;;N;;;;; +092E;DEVANAGARI LETTER MA;Lo;0;L;;;;;N;;;;; +092F;DEVANAGARI LETTER YA;Lo;0;L;;;;;N;;;;; +0930;DEVANAGARI LETTER RA;Lo;0;L;;;;;N;;;;; +0931;DEVANAGARI LETTER RRA;Lo;0;L;0930 093C;;;;N;;;;; +0932;DEVANAGARI LETTER LA;Lo;0;L;;;;;N;;;;; +0933;DEVANAGARI LETTER LLA;Lo;0;L;;;;;N;;;;; +0934;DEVANAGARI LETTER LLLA;Lo;0;L;0933 093C;;;;N;;;;; +0935;DEVANAGARI LETTER VA;Lo;0;L;;;;;N;;;;; +0936;DEVANAGARI LETTER SHA;Lo;0;L;;;;;N;;;;; +0937;DEVANAGARI LETTER SSA;Lo;0;L;;;;;N;;;;; +0938;DEVANAGARI LETTER SA;Lo;0;L;;;;;N;;;;; +0939;DEVANAGARI LETTER HA;Lo;0;L;;;;;N;;;;; +093C;DEVANAGARI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +093D;DEVANAGARI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;; +093E;DEVANAGARI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +093F;DEVANAGARI VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0940;DEVANAGARI VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0941;DEVANAGARI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0942;DEVANAGARI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0943;DEVANAGARI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +0944;DEVANAGARI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;; +0945;DEVANAGARI VOWEL SIGN CANDRA E;Mn;0;NSM;;;;;N;;;;; +0946;DEVANAGARI VOWEL SIGN SHORT E;Mn;0;NSM;;;;;N;;;;; +0947;DEVANAGARI VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;; +0948;DEVANAGARI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;; +0949;DEVANAGARI VOWEL SIGN CANDRA O;Mc;0;L;;;;;N;;;;; +094A;DEVANAGARI VOWEL SIGN SHORT O;Mc;0;L;;;;;N;;;;; +094B;DEVANAGARI VOWEL SIGN O;Mc;0;L;;;;;N;;;;; +094C;DEVANAGARI VOWEL SIGN AU;Mc;0;L;;;;;N;;;;; +094D;DEVANAGARI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0950;DEVANAGARI OM;Lo;0;L;;;;;N;;;;; +0951;DEVANAGARI STRESS SIGN UDATTA;Mn;230;NSM;;;;;N;;;;; +0952;DEVANAGARI STRESS SIGN ANUDATTA;Mn;220;NSM;;;;;N;;;;; +0953;DEVANAGARI GRAVE ACCENT;Mn;230;NSM;;;;;N;;;;; +0954;DEVANAGARI ACUTE ACCENT;Mn;230;NSM;;;;;N;;;;; +0958;DEVANAGARI LETTER QA;Lo;0;L;0915 093C;;;;N;;;;; +0959;DEVANAGARI LETTER KHHA;Lo;0;L;0916 093C;;;;N;;;;; +095A;DEVANAGARI LETTER GHHA;Lo;0;L;0917 093C;;;;N;;;;; +095B;DEVANAGARI LETTER ZA;Lo;0;L;091C 093C;;;;N;;;;; +095C;DEVANAGARI LETTER DDDHA;Lo;0;L;0921 093C;;;;N;;;;; +095D;DEVANAGARI LETTER RHA;Lo;0;L;0922 093C;;;;N;;;;; +095E;DEVANAGARI LETTER FA;Lo;0;L;092B 093C;;;;N;;;;; +095F;DEVANAGARI LETTER YYA;Lo;0;L;092F 093C;;;;N;;;;; +0960;DEVANAGARI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0961;DEVANAGARI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0962;DEVANAGARI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;; +0963;DEVANAGARI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;; +0964;DEVANAGARI DANDA;Po;0;L;;;;;N;;;;; +0965;DEVANAGARI DOUBLE DANDA;Po;0;L;;;;;N;;;;; +0966;DEVANAGARI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0967;DEVANAGARI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0968;DEVANAGARI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0969;DEVANAGARI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +096A;DEVANAGARI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +096B;DEVANAGARI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +096C;DEVANAGARI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +096D;DEVANAGARI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +096E;DEVANAGARI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +096F;DEVANAGARI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0970;DEVANAGARI ABBREVIATION SIGN;Po;0;L;;;;;N;;;;; +0981;BENGALI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;; +0982;BENGALI SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0983;BENGALI SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0985;BENGALI LETTER A;Lo;0;L;;;;;N;;;;; +0986;BENGALI LETTER AA;Lo;0;L;;;;;N;;;;; +0987;BENGALI LETTER I;Lo;0;L;;;;;N;;;;; +0988;BENGALI LETTER II;Lo;0;L;;;;;N;;;;; +0989;BENGALI LETTER U;Lo;0;L;;;;;N;;;;; +098A;BENGALI LETTER UU;Lo;0;L;;;;;N;;;;; +098B;BENGALI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +098C;BENGALI LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +098F;BENGALI LETTER E;Lo;0;L;;;;;N;;;;; +0990;BENGALI LETTER AI;Lo;0;L;;;;;N;;;;; +0993;BENGALI LETTER O;Lo;0;L;;;;;N;;;;; +0994;BENGALI LETTER AU;Lo;0;L;;;;;N;;;;; +0995;BENGALI LETTER KA;Lo;0;L;;;;;N;;;;; +0996;BENGALI LETTER KHA;Lo;0;L;;;;;N;;;;; +0997;BENGALI LETTER GA;Lo;0;L;;;;;N;;;;; +0998;BENGALI LETTER GHA;Lo;0;L;;;;;N;;;;; +0999;BENGALI LETTER NGA;Lo;0;L;;;;;N;;;;; +099A;BENGALI LETTER CA;Lo;0;L;;;;;N;;;;; +099B;BENGALI LETTER CHA;Lo;0;L;;;;;N;;;;; +099C;BENGALI LETTER JA;Lo;0;L;;;;;N;;;;; +099D;BENGALI LETTER JHA;Lo;0;L;;;;;N;;;;; +099E;BENGALI LETTER NYA;Lo;0;L;;;;;N;;;;; +099F;BENGALI LETTER TTA;Lo;0;L;;;;;N;;;;; +09A0;BENGALI LETTER TTHA;Lo;0;L;;;;;N;;;;; +09A1;BENGALI LETTER DDA;Lo;0;L;;;;;N;;;;; +09A2;BENGALI LETTER DDHA;Lo;0;L;;;;;N;;;;; +09A3;BENGALI LETTER NNA;Lo;0;L;;;;;N;;;;; +09A4;BENGALI LETTER TA;Lo;0;L;;;;;N;;;;; +09A5;BENGALI LETTER THA;Lo;0;L;;;;;N;;;;; +09A6;BENGALI LETTER DA;Lo;0;L;;;;;N;;;;; +09A7;BENGALI LETTER DHA;Lo;0;L;;;;;N;;;;; +09A8;BENGALI LETTER NA;Lo;0;L;;;;;N;;;;; +09AA;BENGALI LETTER PA;Lo;0;L;;;;;N;;;;; +09AB;BENGALI LETTER PHA;Lo;0;L;;;;;N;;;;; +09AC;BENGALI LETTER BA;Lo;0;L;;;;;N;;;;; +09AD;BENGALI LETTER BHA;Lo;0;L;;;;;N;;;;; +09AE;BENGALI LETTER MA;Lo;0;L;;;;;N;;;;; +09AF;BENGALI LETTER YA;Lo;0;L;;;;;N;;;;; +09B0;BENGALI LETTER RA;Lo;0;L;;;;;N;;;;; +09B2;BENGALI LETTER LA;Lo;0;L;;;;;N;;;;; +09B6;BENGALI LETTER SHA;Lo;0;L;;;;;N;;;;; +09B7;BENGALI LETTER SSA;Lo;0;L;;;;;N;;;;; +09B8;BENGALI LETTER SA;Lo;0;L;;;;;N;;;;; +09B9;BENGALI LETTER HA;Lo;0;L;;;;;N;;;;; +09BC;BENGALI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +09BE;BENGALI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +09BF;BENGALI VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +09C0;BENGALI VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +09C1;BENGALI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +09C2;BENGALI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +09C3;BENGALI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +09C4;BENGALI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;; +09C7;BENGALI VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +09C8;BENGALI VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +09CB;BENGALI VOWEL SIGN O;Mc;0;L;09C7 09BE;;;;N;;;;; +09CC;BENGALI VOWEL SIGN AU;Mc;0;L;09C7 09D7;;;;N;;;;; +09CD;BENGALI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +09D7;BENGALI AU LENGTH MARK;Mc;0;L;;;;;N;;;;; +09DC;BENGALI LETTER RRA;Lo;0;L;09A1 09BC;;;;N;;;;; +09DD;BENGALI LETTER RHA;Lo;0;L;09A2 09BC;;;;N;;;;; +09DF;BENGALI LETTER YYA;Lo;0;L;09AF 09BC;;;;N;;;;; +09E0;BENGALI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +09E1;BENGALI LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +09E2;BENGALI VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;; +09E3;BENGALI VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;; +09E6;BENGALI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +09E7;BENGALI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +09E8;BENGALI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +09E9;BENGALI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +09EA;BENGALI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +09EB;BENGALI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +09EC;BENGALI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +09ED;BENGALI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +09EE;BENGALI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +09EF;BENGALI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +09F0;BENGALI LETTER RA WITH MIDDLE DIAGONAL;Lo;0;L;;;;;N;;Assamese;;; +09F1;BENGALI LETTER RA WITH LOWER DIAGONAL;Lo;0;L;;;;;N;BENGALI LETTER VA WITH LOWER DIAGONAL;Assamese;;; +09F2;BENGALI RUPEE MARK;Sc;0;ET;;;;;N;;;;; +09F3;BENGALI RUPEE SIGN;Sc;0;ET;;;;;N;;;;; +09F4;BENGALI CURRENCY NUMERATOR ONE;No;0;L;;;;1;N;;;;; +09F5;BENGALI CURRENCY NUMERATOR TWO;No;0;L;;;;2;N;;;;; +09F6;BENGALI CURRENCY NUMERATOR THREE;No;0;L;;;;3;N;;;;; +09F7;BENGALI CURRENCY NUMERATOR FOUR;No;0;L;;;;4;N;;;;; +09F8;BENGALI CURRENCY NUMERATOR ONE LESS THAN THE DENOMINATOR;No;0;L;;;;;N;;;;; +09F9;BENGALI CURRENCY DENOMINATOR SIXTEEN;No;0;L;;;;16;N;;;;; +09FA;BENGALI ISSHAR;So;0;L;;;;;N;;;;; +0A02;GURMUKHI SIGN BINDI;Mn;0;NSM;;;;;N;;;;; +0A05;GURMUKHI LETTER A;Lo;0;L;;;;;N;;;;; +0A06;GURMUKHI LETTER AA;Lo;0;L;;;;;N;;;;; +0A07;GURMUKHI LETTER I;Lo;0;L;;;;;N;;;;; +0A08;GURMUKHI LETTER II;Lo;0;L;;;;;N;;;;; +0A09;GURMUKHI LETTER U;Lo;0;L;;;;;N;;;;; +0A0A;GURMUKHI LETTER UU;Lo;0;L;;;;;N;;;;; +0A0F;GURMUKHI LETTER EE;Lo;0;L;;;;;N;;;;; +0A10;GURMUKHI LETTER AI;Lo;0;L;;;;;N;;;;; +0A13;GURMUKHI LETTER OO;Lo;0;L;;;;;N;;;;; +0A14;GURMUKHI LETTER AU;Lo;0;L;;;;;N;;;;; +0A15;GURMUKHI LETTER KA;Lo;0;L;;;;;N;;;;; +0A16;GURMUKHI LETTER KHA;Lo;0;L;;;;;N;;;;; +0A17;GURMUKHI LETTER GA;Lo;0;L;;;;;N;;;;; +0A18;GURMUKHI LETTER GHA;Lo;0;L;;;;;N;;;;; +0A19;GURMUKHI LETTER NGA;Lo;0;L;;;;;N;;;;; +0A1A;GURMUKHI LETTER CA;Lo;0;L;;;;;N;;;;; +0A1B;GURMUKHI LETTER CHA;Lo;0;L;;;;;N;;;;; +0A1C;GURMUKHI LETTER JA;Lo;0;L;;;;;N;;;;; +0A1D;GURMUKHI LETTER JHA;Lo;0;L;;;;;N;;;;; +0A1E;GURMUKHI LETTER NYA;Lo;0;L;;;;;N;;;;; +0A1F;GURMUKHI LETTER TTA;Lo;0;L;;;;;N;;;;; +0A20;GURMUKHI LETTER TTHA;Lo;0;L;;;;;N;;;;; +0A21;GURMUKHI LETTER DDA;Lo;0;L;;;;;N;;;;; +0A22;GURMUKHI LETTER DDHA;Lo;0;L;;;;;N;;;;; +0A23;GURMUKHI LETTER NNA;Lo;0;L;;;;;N;;;;; +0A24;GURMUKHI LETTER TA;Lo;0;L;;;;;N;;;;; +0A25;GURMUKHI LETTER THA;Lo;0;L;;;;;N;;;;; +0A26;GURMUKHI LETTER DA;Lo;0;L;;;;;N;;;;; +0A27;GURMUKHI LETTER DHA;Lo;0;L;;;;;N;;;;; +0A28;GURMUKHI LETTER NA;Lo;0;L;;;;;N;;;;; +0A2A;GURMUKHI LETTER PA;Lo;0;L;;;;;N;;;;; +0A2B;GURMUKHI LETTER PHA;Lo;0;L;;;;;N;;;;; +0A2C;GURMUKHI LETTER BA;Lo;0;L;;;;;N;;;;; +0A2D;GURMUKHI LETTER BHA;Lo;0;L;;;;;N;;;;; +0A2E;GURMUKHI LETTER MA;Lo;0;L;;;;;N;;;;; +0A2F;GURMUKHI LETTER YA;Lo;0;L;;;;;N;;;;; +0A30;GURMUKHI LETTER RA;Lo;0;L;;;;;N;;;;; +0A32;GURMUKHI LETTER LA;Lo;0;L;;;;;N;;;;; +0A33;GURMUKHI LETTER LLA;Lo;0;L;0A32 0A3C;;;;N;;;;; +0A35;GURMUKHI LETTER VA;Lo;0;L;;;;;N;;;;; +0A36;GURMUKHI LETTER SHA;Lo;0;L;0A38 0A3C;;;;N;;;;; +0A38;GURMUKHI LETTER SA;Lo;0;L;;;;;N;;;;; +0A39;GURMUKHI LETTER HA;Lo;0;L;;;;;N;;;;; +0A3C;GURMUKHI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +0A3E;GURMUKHI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0A3F;GURMUKHI VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0A40;GURMUKHI VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0A41;GURMUKHI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0A42;GURMUKHI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0A47;GURMUKHI VOWEL SIGN EE;Mn;0;NSM;;;;;N;;;;; +0A48;GURMUKHI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;; +0A4B;GURMUKHI VOWEL SIGN OO;Mn;0;NSM;;;;;N;;;;; +0A4C;GURMUKHI VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;; +0A4D;GURMUKHI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0A59;GURMUKHI LETTER KHHA;Lo;0;L;0A16 0A3C;;;;N;;;;; +0A5A;GURMUKHI LETTER GHHA;Lo;0;L;0A17 0A3C;;;;N;;;;; +0A5B;GURMUKHI LETTER ZA;Lo;0;L;0A1C 0A3C;;;;N;;;;; +0A5C;GURMUKHI LETTER RRA;Lo;0;L;;;;;N;;;;; +0A5E;GURMUKHI LETTER FA;Lo;0;L;0A2B 0A3C;;;;N;;;;; +0A66;GURMUKHI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0A67;GURMUKHI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0A68;GURMUKHI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0A69;GURMUKHI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0A6A;GURMUKHI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0A6B;GURMUKHI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0A6C;GURMUKHI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0A6D;GURMUKHI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0A6E;GURMUKHI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0A6F;GURMUKHI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0A70;GURMUKHI TIPPI;Mn;0;NSM;;;;;N;;;;; +0A71;GURMUKHI ADDAK;Mn;0;NSM;;;;;N;;;;; +0A72;GURMUKHI IRI;Lo;0;L;;;;;N;;;;; +0A73;GURMUKHI URA;Lo;0;L;;;;;N;;;;; +0A74;GURMUKHI EK ONKAR;Lo;0;L;;;;;N;;;;; +0A81;GUJARATI SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;; +0A82;GUJARATI SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;; +0A83;GUJARATI SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0A85;GUJARATI LETTER A;Lo;0;L;;;;;N;;;;; +0A86;GUJARATI LETTER AA;Lo;0;L;;;;;N;;;;; +0A87;GUJARATI LETTER I;Lo;0;L;;;;;N;;;;; +0A88;GUJARATI LETTER II;Lo;0;L;;;;;N;;;;; +0A89;GUJARATI LETTER U;Lo;0;L;;;;;N;;;;; +0A8A;GUJARATI LETTER UU;Lo;0;L;;;;;N;;;;; +0A8B;GUJARATI LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0A8D;GUJARATI VOWEL CANDRA E;Lo;0;L;;;;;N;;;;; +0A8F;GUJARATI LETTER E;Lo;0;L;;;;;N;;;;; +0A90;GUJARATI LETTER AI;Lo;0;L;;;;;N;;;;; +0A91;GUJARATI VOWEL CANDRA O;Lo;0;L;;;;;N;;;;; +0A93;GUJARATI LETTER O;Lo;0;L;;;;;N;;;;; +0A94;GUJARATI LETTER AU;Lo;0;L;;;;;N;;;;; +0A95;GUJARATI LETTER KA;Lo;0;L;;;;;N;;;;; +0A96;GUJARATI LETTER KHA;Lo;0;L;;;;;N;;;;; +0A97;GUJARATI LETTER GA;Lo;0;L;;;;;N;;;;; +0A98;GUJARATI LETTER GHA;Lo;0;L;;;;;N;;;;; +0A99;GUJARATI LETTER NGA;Lo;0;L;;;;;N;;;;; +0A9A;GUJARATI LETTER CA;Lo;0;L;;;;;N;;;;; +0A9B;GUJARATI LETTER CHA;Lo;0;L;;;;;N;;;;; +0A9C;GUJARATI LETTER JA;Lo;0;L;;;;;N;;;;; +0A9D;GUJARATI LETTER JHA;Lo;0;L;;;;;N;;;;; +0A9E;GUJARATI LETTER NYA;Lo;0;L;;;;;N;;;;; +0A9F;GUJARATI LETTER TTA;Lo;0;L;;;;;N;;;;; +0AA0;GUJARATI LETTER TTHA;Lo;0;L;;;;;N;;;;; +0AA1;GUJARATI LETTER DDA;Lo;0;L;;;;;N;;;;; +0AA2;GUJARATI LETTER DDHA;Lo;0;L;;;;;N;;;;; +0AA3;GUJARATI LETTER NNA;Lo;0;L;;;;;N;;;;; +0AA4;GUJARATI LETTER TA;Lo;0;L;;;;;N;;;;; +0AA5;GUJARATI LETTER THA;Lo;0;L;;;;;N;;;;; +0AA6;GUJARATI LETTER DA;Lo;0;L;;;;;N;;;;; +0AA7;GUJARATI LETTER DHA;Lo;0;L;;;;;N;;;;; +0AA8;GUJARATI LETTER NA;Lo;0;L;;;;;N;;;;; +0AAA;GUJARATI LETTER PA;Lo;0;L;;;;;N;;;;; +0AAB;GUJARATI LETTER PHA;Lo;0;L;;;;;N;;;;; +0AAC;GUJARATI LETTER BA;Lo;0;L;;;;;N;;;;; +0AAD;GUJARATI LETTER BHA;Lo;0;L;;;;;N;;;;; +0AAE;GUJARATI LETTER MA;Lo;0;L;;;;;N;;;;; +0AAF;GUJARATI LETTER YA;Lo;0;L;;;;;N;;;;; +0AB0;GUJARATI LETTER RA;Lo;0;L;;;;;N;;;;; +0AB2;GUJARATI LETTER LA;Lo;0;L;;;;;N;;;;; +0AB3;GUJARATI LETTER LLA;Lo;0;L;;;;;N;;;;; +0AB5;GUJARATI LETTER VA;Lo;0;L;;;;;N;;;;; +0AB6;GUJARATI LETTER SHA;Lo;0;L;;;;;N;;;;; +0AB7;GUJARATI LETTER SSA;Lo;0;L;;;;;N;;;;; +0AB8;GUJARATI LETTER SA;Lo;0;L;;;;;N;;;;; +0AB9;GUJARATI LETTER HA;Lo;0;L;;;;;N;;;;; +0ABC;GUJARATI SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +0ABD;GUJARATI SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;; +0ABE;GUJARATI VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0ABF;GUJARATI VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0AC0;GUJARATI VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0AC1;GUJARATI VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0AC2;GUJARATI VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0AC3;GUJARATI VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +0AC4;GUJARATI VOWEL SIGN VOCALIC RR;Mn;0;NSM;;;;;N;;;;; +0AC5;GUJARATI VOWEL SIGN CANDRA E;Mn;0;NSM;;;;;N;;;;; +0AC7;GUJARATI VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;; +0AC8;GUJARATI VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;; +0AC9;GUJARATI VOWEL SIGN CANDRA O;Mc;0;L;;;;;N;;;;; +0ACB;GUJARATI VOWEL SIGN O;Mc;0;L;;;;;N;;;;; +0ACC;GUJARATI VOWEL SIGN AU;Mc;0;L;;;;;N;;;;; +0ACD;GUJARATI SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0AD0;GUJARATI OM;Lo;0;L;;;;;N;;;;; +0AE0;GUJARATI LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0AE6;GUJARATI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0AE7;GUJARATI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0AE8;GUJARATI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0AE9;GUJARATI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0AEA;GUJARATI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0AEB;GUJARATI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0AEC;GUJARATI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0AED;GUJARATI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0AEE;GUJARATI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0AEF;GUJARATI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0B01;ORIYA SIGN CANDRABINDU;Mn;0;NSM;;;;;N;;;;; +0B02;ORIYA SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0B03;ORIYA SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0B05;ORIYA LETTER A;Lo;0;L;;;;;N;;;;; +0B06;ORIYA LETTER AA;Lo;0;L;;;;;N;;;;; +0B07;ORIYA LETTER I;Lo;0;L;;;;;N;;;;; +0B08;ORIYA LETTER II;Lo;0;L;;;;;N;;;;; +0B09;ORIYA LETTER U;Lo;0;L;;;;;N;;;;; +0B0A;ORIYA LETTER UU;Lo;0;L;;;;;N;;;;; +0B0B;ORIYA LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0B0C;ORIYA LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0B0F;ORIYA LETTER E;Lo;0;L;;;;;N;;;;; +0B10;ORIYA LETTER AI;Lo;0;L;;;;;N;;;;; +0B13;ORIYA LETTER O;Lo;0;L;;;;;N;;;;; +0B14;ORIYA LETTER AU;Lo;0;L;;;;;N;;;;; +0B15;ORIYA LETTER KA;Lo;0;L;;;;;N;;;;; +0B16;ORIYA LETTER KHA;Lo;0;L;;;;;N;;;;; +0B17;ORIYA LETTER GA;Lo;0;L;;;;;N;;;;; +0B18;ORIYA LETTER GHA;Lo;0;L;;;;;N;;;;; +0B19;ORIYA LETTER NGA;Lo;0;L;;;;;N;;;;; +0B1A;ORIYA LETTER CA;Lo;0;L;;;;;N;;;;; +0B1B;ORIYA LETTER CHA;Lo;0;L;;;;;N;;;;; +0B1C;ORIYA LETTER JA;Lo;0;L;;;;;N;;;;; +0B1D;ORIYA LETTER JHA;Lo;0;L;;;;;N;;;;; +0B1E;ORIYA LETTER NYA;Lo;0;L;;;;;N;;;;; +0B1F;ORIYA LETTER TTA;Lo;0;L;;;;;N;;;;; +0B20;ORIYA LETTER TTHA;Lo;0;L;;;;;N;;;;; +0B21;ORIYA LETTER DDA;Lo;0;L;;;;;N;;;;; +0B22;ORIYA LETTER DDHA;Lo;0;L;;;;;N;;;;; +0B23;ORIYA LETTER NNA;Lo;0;L;;;;;N;;;;; +0B24;ORIYA LETTER TA;Lo;0;L;;;;;N;;;;; +0B25;ORIYA LETTER THA;Lo;0;L;;;;;N;;;;; +0B26;ORIYA LETTER DA;Lo;0;L;;;;;N;;;;; +0B27;ORIYA LETTER DHA;Lo;0;L;;;;;N;;;;; +0B28;ORIYA LETTER NA;Lo;0;L;;;;;N;;;;; +0B2A;ORIYA LETTER PA;Lo;0;L;;;;;N;;;;; +0B2B;ORIYA LETTER PHA;Lo;0;L;;;;;N;;;;; +0B2C;ORIYA LETTER BA;Lo;0;L;;;;;N;;;;; +0B2D;ORIYA LETTER BHA;Lo;0;L;;;;;N;;;;; +0B2E;ORIYA LETTER MA;Lo;0;L;;;;;N;;;;; +0B2F;ORIYA LETTER YA;Lo;0;L;;;;;N;;;;; +0B30;ORIYA LETTER RA;Lo;0;L;;;;;N;;;;; +0B32;ORIYA LETTER LA;Lo;0;L;;;;;N;;;;; +0B33;ORIYA LETTER LLA;Lo;0;L;;;;;N;;;;; +0B36;ORIYA LETTER SHA;Lo;0;L;;;;;N;;;;; +0B37;ORIYA LETTER SSA;Lo;0;L;;;;;N;;;;; +0B38;ORIYA LETTER SA;Lo;0;L;;;;;N;;;;; +0B39;ORIYA LETTER HA;Lo;0;L;;;;;N;;;;; +0B3C;ORIYA SIGN NUKTA;Mn;7;NSM;;;;;N;;;;; +0B3D;ORIYA SIGN AVAGRAHA;Lo;0;L;;;;;N;;;;; +0B3E;ORIYA VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0B3F;ORIYA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +0B40;ORIYA VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0B41;ORIYA VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0B42;ORIYA VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0B43;ORIYA VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +0B47;ORIYA VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +0B48;ORIYA VOWEL SIGN AI;Mc;0;L;0B47 0B56;;;;N;;;;; +0B4B;ORIYA VOWEL SIGN O;Mc;0;L;0B47 0B3E;;;;N;;;;; +0B4C;ORIYA VOWEL SIGN AU;Mc;0;L;0B47 0B57;;;;N;;;;; +0B4D;ORIYA SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0B56;ORIYA AI LENGTH MARK;Mn;0;NSM;;;;;N;;;;; +0B57;ORIYA AU LENGTH MARK;Mc;0;L;;;;;N;;;;; +0B5C;ORIYA LETTER RRA;Lo;0;L;0B21 0B3C;;;;N;;;;; +0B5D;ORIYA LETTER RHA;Lo;0;L;0B22 0B3C;;;;N;;;;; +0B5F;ORIYA LETTER YYA;Lo;0;L;;;;;N;;;;; +0B60;ORIYA LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0B61;ORIYA LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0B66;ORIYA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0B67;ORIYA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0B68;ORIYA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0B69;ORIYA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0B6A;ORIYA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0B6B;ORIYA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0B6C;ORIYA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0B6D;ORIYA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0B6E;ORIYA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0B6F;ORIYA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0B70;ORIYA ISSHAR;So;0;L;;;;;N;;;;; +0B82;TAMIL SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;; +0B83;TAMIL SIGN VISARGA;Lo;0;L;;;;;N;;;;; +0B85;TAMIL LETTER A;Lo;0;L;;;;;N;;;;; +0B86;TAMIL LETTER AA;Lo;0;L;;;;;N;;;;; +0B87;TAMIL LETTER I;Lo;0;L;;;;;N;;;;; +0B88;TAMIL LETTER II;Lo;0;L;;;;;N;;;;; +0B89;TAMIL LETTER U;Lo;0;L;;;;;N;;;;; +0B8A;TAMIL LETTER UU;Lo;0;L;;;;;N;;;;; +0B8E;TAMIL LETTER E;Lo;0;L;;;;;N;;;;; +0B8F;TAMIL LETTER EE;Lo;0;L;;;;;N;;;;; +0B90;TAMIL LETTER AI;Lo;0;L;;;;;N;;;;; +0B92;TAMIL LETTER O;Lo;0;L;;;;;N;;;;; +0B93;TAMIL LETTER OO;Lo;0;L;;;;;N;;;;; +0B94;TAMIL LETTER AU;Lo;0;L;0B92 0BD7;;;;N;;;;; +0B95;TAMIL LETTER KA;Lo;0;L;;;;;N;;;;; +0B99;TAMIL LETTER NGA;Lo;0;L;;;;;N;;;;; +0B9A;TAMIL LETTER CA;Lo;0;L;;;;;N;;;;; +0B9C;TAMIL LETTER JA;Lo;0;L;;;;;N;;;;; +0B9E;TAMIL LETTER NYA;Lo;0;L;;;;;N;;;;; +0B9F;TAMIL LETTER TTA;Lo;0;L;;;;;N;;;;; +0BA3;TAMIL LETTER NNA;Lo;0;L;;;;;N;;;;; +0BA4;TAMIL LETTER TA;Lo;0;L;;;;;N;;;;; +0BA8;TAMIL LETTER NA;Lo;0;L;;;;;N;;;;; +0BA9;TAMIL LETTER NNNA;Lo;0;L;;;;;N;;;;; +0BAA;TAMIL LETTER PA;Lo;0;L;;;;;N;;;;; +0BAE;TAMIL LETTER MA;Lo;0;L;;;;;N;;;;; +0BAF;TAMIL LETTER YA;Lo;0;L;;;;;N;;;;; +0BB0;TAMIL LETTER RA;Lo;0;L;;;;;N;;;;; +0BB1;TAMIL LETTER RRA;Lo;0;L;;;;;N;;;;; +0BB2;TAMIL LETTER LA;Lo;0;L;;;;;N;;;;; +0BB3;TAMIL LETTER LLA;Lo;0;L;;;;;N;;;;; +0BB4;TAMIL LETTER LLLA;Lo;0;L;;;;;N;;;;; +0BB5;TAMIL LETTER VA;Lo;0;L;;;;;N;;;;; +0BB7;TAMIL LETTER SSA;Lo;0;L;;;;;N;;;;; +0BB8;TAMIL LETTER SA;Lo;0;L;;;;;N;;;;; +0BB9;TAMIL LETTER HA;Lo;0;L;;;;;N;;;;; +0BBE;TAMIL VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0BBF;TAMIL VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0BC0;TAMIL VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +0BC1;TAMIL VOWEL SIGN U;Mc;0;L;;;;;N;;;;; +0BC2;TAMIL VOWEL SIGN UU;Mc;0;L;;;;;N;;;;; +0BC6;TAMIL VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +0BC7;TAMIL VOWEL SIGN EE;Mc;0;L;;;;;N;;;;; +0BC8;TAMIL VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +0BCA;TAMIL VOWEL SIGN O;Mc;0;L;0BC6 0BBE;;;;N;;;;; +0BCB;TAMIL VOWEL SIGN OO;Mc;0;L;0BC7 0BBE;;;;N;;;;; +0BCC;TAMIL VOWEL SIGN AU;Mc;0;L;0BC6 0BD7;;;;N;;;;; +0BCD;TAMIL SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0BD7;TAMIL AU LENGTH MARK;Mc;0;L;;;;;N;;;;; +0BE7;TAMIL DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0BE8;TAMIL DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0BE9;TAMIL DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0BEA;TAMIL DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0BEB;TAMIL DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0BEC;TAMIL DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0BED;TAMIL DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0BEE;TAMIL DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0BEF;TAMIL DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0BF0;TAMIL NUMBER TEN;No;0;L;;;;10;N;;;;; +0BF1;TAMIL NUMBER ONE HUNDRED;No;0;L;;;;100;N;;;;; +0BF2;TAMIL NUMBER ONE THOUSAND;No;0;L;;;;1000;N;;;;; +0C01;TELUGU SIGN CANDRABINDU;Mc;0;L;;;;;N;;;;; +0C02;TELUGU SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0C03;TELUGU SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0C05;TELUGU LETTER A;Lo;0;L;;;;;N;;;;; +0C06;TELUGU LETTER AA;Lo;0;L;;;;;N;;;;; +0C07;TELUGU LETTER I;Lo;0;L;;;;;N;;;;; +0C08;TELUGU LETTER II;Lo;0;L;;;;;N;;;;; +0C09;TELUGU LETTER U;Lo;0;L;;;;;N;;;;; +0C0A;TELUGU LETTER UU;Lo;0;L;;;;;N;;;;; +0C0B;TELUGU LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0C0C;TELUGU LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0C0E;TELUGU LETTER E;Lo;0;L;;;;;N;;;;; +0C0F;TELUGU LETTER EE;Lo;0;L;;;;;N;;;;; +0C10;TELUGU LETTER AI;Lo;0;L;;;;;N;;;;; +0C12;TELUGU LETTER O;Lo;0;L;;;;;N;;;;; +0C13;TELUGU LETTER OO;Lo;0;L;;;;;N;;;;; +0C14;TELUGU LETTER AU;Lo;0;L;;;;;N;;;;; +0C15;TELUGU LETTER KA;Lo;0;L;;;;;N;;;;; +0C16;TELUGU LETTER KHA;Lo;0;L;;;;;N;;;;; +0C17;TELUGU LETTER GA;Lo;0;L;;;;;N;;;;; +0C18;TELUGU LETTER GHA;Lo;0;L;;;;;N;;;;; +0C19;TELUGU LETTER NGA;Lo;0;L;;;;;N;;;;; +0C1A;TELUGU LETTER CA;Lo;0;L;;;;;N;;;;; +0C1B;TELUGU LETTER CHA;Lo;0;L;;;;;N;;;;; +0C1C;TELUGU LETTER JA;Lo;0;L;;;;;N;;;;; +0C1D;TELUGU LETTER JHA;Lo;0;L;;;;;N;;;;; +0C1E;TELUGU LETTER NYA;Lo;0;L;;;;;N;;;;; +0C1F;TELUGU LETTER TTA;Lo;0;L;;;;;N;;;;; +0C20;TELUGU LETTER TTHA;Lo;0;L;;;;;N;;;;; +0C21;TELUGU LETTER DDA;Lo;0;L;;;;;N;;;;; +0C22;TELUGU LETTER DDHA;Lo;0;L;;;;;N;;;;; +0C23;TELUGU LETTER NNA;Lo;0;L;;;;;N;;;;; +0C24;TELUGU LETTER TA;Lo;0;L;;;;;N;;;;; +0C25;TELUGU LETTER THA;Lo;0;L;;;;;N;;;;; +0C26;TELUGU LETTER DA;Lo;0;L;;;;;N;;;;; +0C27;TELUGU LETTER DHA;Lo;0;L;;;;;N;;;;; +0C28;TELUGU LETTER NA;Lo;0;L;;;;;N;;;;; +0C2A;TELUGU LETTER PA;Lo;0;L;;;;;N;;;;; +0C2B;TELUGU LETTER PHA;Lo;0;L;;;;;N;;;;; +0C2C;TELUGU LETTER BA;Lo;0;L;;;;;N;;;;; +0C2D;TELUGU LETTER BHA;Lo;0;L;;;;;N;;;;; +0C2E;TELUGU LETTER MA;Lo;0;L;;;;;N;;;;; +0C2F;TELUGU LETTER YA;Lo;0;L;;;;;N;;;;; +0C30;TELUGU LETTER RA;Lo;0;L;;;;;N;;;;; +0C31;TELUGU LETTER RRA;Lo;0;L;;;;;N;;;;; +0C32;TELUGU LETTER LA;Lo;0;L;;;;;N;;;;; +0C33;TELUGU LETTER LLA;Lo;0;L;;;;;N;;;;; +0C35;TELUGU LETTER VA;Lo;0;L;;;;;N;;;;; +0C36;TELUGU LETTER SHA;Lo;0;L;;;;;N;;;;; +0C37;TELUGU LETTER SSA;Lo;0;L;;;;;N;;;;; +0C38;TELUGU LETTER SA;Lo;0;L;;;;;N;;;;; +0C39;TELUGU LETTER HA;Lo;0;L;;;;;N;;;;; +0C3E;TELUGU VOWEL SIGN AA;Mn;0;NSM;;;;;N;;;;; +0C3F;TELUGU VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +0C40;TELUGU VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +0C41;TELUGU VOWEL SIGN U;Mc;0;L;;;;;N;;;;; +0C42;TELUGU VOWEL SIGN UU;Mc;0;L;;;;;N;;;;; +0C43;TELUGU VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;; +0C44;TELUGU VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;; +0C46;TELUGU VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;; +0C47;TELUGU VOWEL SIGN EE;Mn;0;NSM;;;;;N;;;;; +0C48;TELUGU VOWEL SIGN AI;Mn;0;NSM;0C46 0C56;;;;N;;;;; +0C4A;TELUGU VOWEL SIGN O;Mn;0;NSM;;;;;N;;;;; +0C4B;TELUGU VOWEL SIGN OO;Mn;0;NSM;;;;;N;;;;; +0C4C;TELUGU VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;; +0C4D;TELUGU SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0C55;TELUGU LENGTH MARK;Mn;84;NSM;;;;;N;;;;; +0C56;TELUGU AI LENGTH MARK;Mn;91;NSM;;;;;N;;;;; +0C60;TELUGU LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0C61;TELUGU LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0C66;TELUGU DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0C67;TELUGU DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0C68;TELUGU DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0C69;TELUGU DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0C6A;TELUGU DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0C6B;TELUGU DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0C6C;TELUGU DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0C6D;TELUGU DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0C6E;TELUGU DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0C6F;TELUGU DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0C82;KANNADA SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0C83;KANNADA SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0C85;KANNADA LETTER A;Lo;0;L;;;;;N;;;;; +0C86;KANNADA LETTER AA;Lo;0;L;;;;;N;;;;; +0C87;KANNADA LETTER I;Lo;0;L;;;;;N;;;;; +0C88;KANNADA LETTER II;Lo;0;L;;;;;N;;;;; +0C89;KANNADA LETTER U;Lo;0;L;;;;;N;;;;; +0C8A;KANNADA LETTER UU;Lo;0;L;;;;;N;;;;; +0C8B;KANNADA LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0C8C;KANNADA LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0C8E;KANNADA LETTER E;Lo;0;L;;;;;N;;;;; +0C8F;KANNADA LETTER EE;Lo;0;L;;;;;N;;;;; +0C90;KANNADA LETTER AI;Lo;0;L;;;;;N;;;;; +0C92;KANNADA LETTER O;Lo;0;L;;;;;N;;;;; +0C93;KANNADA LETTER OO;Lo;0;L;;;;;N;;;;; +0C94;KANNADA LETTER AU;Lo;0;L;;;;;N;;;;; +0C95;KANNADA LETTER KA;Lo;0;L;;;;;N;;;;; +0C96;KANNADA LETTER KHA;Lo;0;L;;;;;N;;;;; +0C97;KANNADA LETTER GA;Lo;0;L;;;;;N;;;;; +0C98;KANNADA LETTER GHA;Lo;0;L;;;;;N;;;;; +0C99;KANNADA LETTER NGA;Lo;0;L;;;;;N;;;;; +0C9A;KANNADA LETTER CA;Lo;0;L;;;;;N;;;;; +0C9B;KANNADA LETTER CHA;Lo;0;L;;;;;N;;;;; +0C9C;KANNADA LETTER JA;Lo;0;L;;;;;N;;;;; +0C9D;KANNADA LETTER JHA;Lo;0;L;;;;;N;;;;; +0C9E;KANNADA LETTER NYA;Lo;0;L;;;;;N;;;;; +0C9F;KANNADA LETTER TTA;Lo;0;L;;;;;N;;;;; +0CA0;KANNADA LETTER TTHA;Lo;0;L;;;;;N;;;;; +0CA1;KANNADA LETTER DDA;Lo;0;L;;;;;N;;;;; +0CA2;KANNADA LETTER DDHA;Lo;0;L;;;;;N;;;;; +0CA3;KANNADA LETTER NNA;Lo;0;L;;;;;N;;;;; +0CA4;KANNADA LETTER TA;Lo;0;L;;;;;N;;;;; +0CA5;KANNADA LETTER THA;Lo;0;L;;;;;N;;;;; +0CA6;KANNADA LETTER DA;Lo;0;L;;;;;N;;;;; +0CA7;KANNADA LETTER DHA;Lo;0;L;;;;;N;;;;; +0CA8;KANNADA LETTER NA;Lo;0;L;;;;;N;;;;; +0CAA;KANNADA LETTER PA;Lo;0;L;;;;;N;;;;; +0CAB;KANNADA LETTER PHA;Lo;0;L;;;;;N;;;;; +0CAC;KANNADA LETTER BA;Lo;0;L;;;;;N;;;;; +0CAD;KANNADA LETTER BHA;Lo;0;L;;;;;N;;;;; +0CAE;KANNADA LETTER MA;Lo;0;L;;;;;N;;;;; +0CAF;KANNADA LETTER YA;Lo;0;L;;;;;N;;;;; +0CB0;KANNADA LETTER RA;Lo;0;L;;;;;N;;;;; +0CB1;KANNADA LETTER RRA;Lo;0;L;;;;;N;;;;; +0CB2;KANNADA LETTER LA;Lo;0;L;;;;;N;;;;; +0CB3;KANNADA LETTER LLA;Lo;0;L;;;;;N;;;;; +0CB5;KANNADA LETTER VA;Lo;0;L;;;;;N;;;;; +0CB6;KANNADA LETTER SHA;Lo;0;L;;;;;N;;;;; +0CB7;KANNADA LETTER SSA;Lo;0;L;;;;;N;;;;; +0CB8;KANNADA LETTER SA;Lo;0;L;;;;;N;;;;; +0CB9;KANNADA LETTER HA;Lo;0;L;;;;;N;;;;; +0CBE;KANNADA VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0CBF;KANNADA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +0CC0;KANNADA VOWEL SIGN II;Mc;0;L;0CBF 0CD5;;;;N;;;;; +0CC1;KANNADA VOWEL SIGN U;Mc;0;L;;;;;N;;;;; +0CC2;KANNADA VOWEL SIGN UU;Mc;0;L;;;;;N;;;;; +0CC3;KANNADA VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;; +0CC4;KANNADA VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;; +0CC6;KANNADA VOWEL SIGN E;Mn;0;NSM;;;;;N;;;;; +0CC7;KANNADA VOWEL SIGN EE;Mc;0;L;0CC6 0CD5;;;;N;;;;; +0CC8;KANNADA VOWEL SIGN AI;Mc;0;L;0CC6 0CD6;;;;N;;;;; +0CCA;KANNADA VOWEL SIGN O;Mc;0;L;0CC6 0CC2;;;;N;;;;; +0CCB;KANNADA VOWEL SIGN OO;Mc;0;L;0CCA 0CD5;;;;N;;;;; +0CCC;KANNADA VOWEL SIGN AU;Mn;0;NSM;;;;;N;;;;; +0CCD;KANNADA SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0CD5;KANNADA LENGTH MARK;Mc;0;L;;;;;N;;;;; +0CD6;KANNADA AI LENGTH MARK;Mc;0;L;;;;;N;;;;; +0CDE;KANNADA LETTER FA;Lo;0;L;;;;;N;;;;; +0CE0;KANNADA LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0CE1;KANNADA LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0CE6;KANNADA DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0CE7;KANNADA DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0CE8;KANNADA DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0CE9;KANNADA DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0CEA;KANNADA DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0CEB;KANNADA DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0CEC;KANNADA DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0CED;KANNADA DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0CEE;KANNADA DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0CEF;KANNADA DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0D02;MALAYALAM SIGN ANUSVARA;Mc;0;L;;;;;N;;;;; +0D03;MALAYALAM SIGN VISARGA;Mc;0;L;;;;;N;;;;; +0D05;MALAYALAM LETTER A;Lo;0;L;;;;;N;;;;; +0D06;MALAYALAM LETTER AA;Lo;0;L;;;;;N;;;;; +0D07;MALAYALAM LETTER I;Lo;0;L;;;;;N;;;;; +0D08;MALAYALAM LETTER II;Lo;0;L;;;;;N;;;;; +0D09;MALAYALAM LETTER U;Lo;0;L;;;;;N;;;;; +0D0A;MALAYALAM LETTER UU;Lo;0;L;;;;;N;;;;; +0D0B;MALAYALAM LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +0D0C;MALAYALAM LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +0D0E;MALAYALAM LETTER E;Lo;0;L;;;;;N;;;;; +0D0F;MALAYALAM LETTER EE;Lo;0;L;;;;;N;;;;; +0D10;MALAYALAM LETTER AI;Lo;0;L;;;;;N;;;;; +0D12;MALAYALAM LETTER O;Lo;0;L;;;;;N;;;;; +0D13;MALAYALAM LETTER OO;Lo;0;L;;;;;N;;;;; +0D14;MALAYALAM LETTER AU;Lo;0;L;;;;;N;;;;; +0D15;MALAYALAM LETTER KA;Lo;0;L;;;;;N;;;;; +0D16;MALAYALAM LETTER KHA;Lo;0;L;;;;;N;;;;; +0D17;MALAYALAM LETTER GA;Lo;0;L;;;;;N;;;;; +0D18;MALAYALAM LETTER GHA;Lo;0;L;;;;;N;;;;; +0D19;MALAYALAM LETTER NGA;Lo;0;L;;;;;N;;;;; +0D1A;MALAYALAM LETTER CA;Lo;0;L;;;;;N;;;;; +0D1B;MALAYALAM LETTER CHA;Lo;0;L;;;;;N;;;;; +0D1C;MALAYALAM LETTER JA;Lo;0;L;;;;;N;;;;; +0D1D;MALAYALAM LETTER JHA;Lo;0;L;;;;;N;;;;; +0D1E;MALAYALAM LETTER NYA;Lo;0;L;;;;;N;;;;; +0D1F;MALAYALAM LETTER TTA;Lo;0;L;;;;;N;;;;; +0D20;MALAYALAM LETTER TTHA;Lo;0;L;;;;;N;;;;; +0D21;MALAYALAM LETTER DDA;Lo;0;L;;;;;N;;;;; +0D22;MALAYALAM LETTER DDHA;Lo;0;L;;;;;N;;;;; +0D23;MALAYALAM LETTER NNA;Lo;0;L;;;;;N;;;;; +0D24;MALAYALAM LETTER TA;Lo;0;L;;;;;N;;;;; +0D25;MALAYALAM LETTER THA;Lo;0;L;;;;;N;;;;; +0D26;MALAYALAM LETTER DA;Lo;0;L;;;;;N;;;;; +0D27;MALAYALAM LETTER DHA;Lo;0;L;;;;;N;;;;; +0D28;MALAYALAM LETTER NA;Lo;0;L;;;;;N;;;;; +0D2A;MALAYALAM LETTER PA;Lo;0;L;;;;;N;;;;; +0D2B;MALAYALAM LETTER PHA;Lo;0;L;;;;;N;;;;; +0D2C;MALAYALAM LETTER BA;Lo;0;L;;;;;N;;;;; +0D2D;MALAYALAM LETTER BHA;Lo;0;L;;;;;N;;;;; +0D2E;MALAYALAM LETTER MA;Lo;0;L;;;;;N;;;;; +0D2F;MALAYALAM LETTER YA;Lo;0;L;;;;;N;;;;; +0D30;MALAYALAM LETTER RA;Lo;0;L;;;;;N;;;;; +0D31;MALAYALAM LETTER RRA;Lo;0;L;;;;;N;;;;; +0D32;MALAYALAM LETTER LA;Lo;0;L;;;;;N;;;;; +0D33;MALAYALAM LETTER LLA;Lo;0;L;;;;;N;;;;; +0D34;MALAYALAM LETTER LLLA;Lo;0;L;;;;;N;;;;; +0D35;MALAYALAM LETTER VA;Lo;0;L;;;;;N;;;;; +0D36;MALAYALAM LETTER SHA;Lo;0;L;;;;;N;;;;; +0D37;MALAYALAM LETTER SSA;Lo;0;L;;;;;N;;;;; +0D38;MALAYALAM LETTER SA;Lo;0;L;;;;;N;;;;; +0D39;MALAYALAM LETTER HA;Lo;0;L;;;;;N;;;;; +0D3E;MALAYALAM VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +0D3F;MALAYALAM VOWEL SIGN I;Mc;0;L;;;;;N;;;;; +0D40;MALAYALAM VOWEL SIGN II;Mc;0;L;;;;;N;;;;; +0D41;MALAYALAM VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +0D42;MALAYALAM VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +0D43;MALAYALAM VOWEL SIGN VOCALIC R;Mn;0;NSM;;;;;N;;;;; +0D46;MALAYALAM VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +0D47;MALAYALAM VOWEL SIGN EE;Mc;0;L;;;;;N;;;;; +0D48;MALAYALAM VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +0D4A;MALAYALAM VOWEL SIGN O;Mc;0;L;0D46 0D3E;;;;N;;;;; +0D4B;MALAYALAM VOWEL SIGN OO;Mc;0;L;0D47 0D3E;;;;N;;;;; +0D4C;MALAYALAM VOWEL SIGN AU;Mc;0;L;0D46 0D57;;;;N;;;;; +0D4D;MALAYALAM SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +0D57;MALAYALAM AU LENGTH MARK;Mc;0;L;;;;;N;;;;; +0D60;MALAYALAM LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +0D61;MALAYALAM LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +0D66;MALAYALAM DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0D67;MALAYALAM DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0D68;MALAYALAM DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0D69;MALAYALAM DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0D6A;MALAYALAM DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0D6B;MALAYALAM DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0D6C;MALAYALAM DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0D6D;MALAYALAM DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0D6E;MALAYALAM DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0D6F;MALAYALAM DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0D82;SINHALA SIGN ANUSVARAYA;Mc;0;L;;;;;N;;;;; +0D83;SINHALA SIGN VISARGAYA;Mc;0;L;;;;;N;;;;; +0D85;SINHALA LETTER AYANNA;Lo;0;L;;;;;N;;;;; +0D86;SINHALA LETTER AAYANNA;Lo;0;L;;;;;N;;;;; +0D87;SINHALA LETTER AEYANNA;Lo;0;L;;;;;N;;;;; +0D88;SINHALA LETTER AEEYANNA;Lo;0;L;;;;;N;;;;; +0D89;SINHALA LETTER IYANNA;Lo;0;L;;;;;N;;;;; +0D8A;SINHALA LETTER IIYANNA;Lo;0;L;;;;;N;;;;; +0D8B;SINHALA LETTER UYANNA;Lo;0;L;;;;;N;;;;; +0D8C;SINHALA LETTER UUYANNA;Lo;0;L;;;;;N;;;;; +0D8D;SINHALA LETTER IRUYANNA;Lo;0;L;;;;;N;;;;; +0D8E;SINHALA LETTER IRUUYANNA;Lo;0;L;;;;;N;;;;; +0D8F;SINHALA LETTER ILUYANNA;Lo;0;L;;;;;N;;;;; +0D90;SINHALA LETTER ILUUYANNA;Lo;0;L;;;;;N;;;;; +0D91;SINHALA LETTER EYANNA;Lo;0;L;;;;;N;;;;; +0D92;SINHALA LETTER EEYANNA;Lo;0;L;;;;;N;;;;; +0D93;SINHALA LETTER AIYANNA;Lo;0;L;;;;;N;;;;; +0D94;SINHALA LETTER OYANNA;Lo;0;L;;;;;N;;;;; +0D95;SINHALA LETTER OOYANNA;Lo;0;L;;;;;N;;;;; +0D96;SINHALA LETTER AUYANNA;Lo;0;L;;;;;N;;;;; +0D9A;SINHALA LETTER ALPAPRAANA KAYANNA;Lo;0;L;;;;;N;;;;; +0D9B;SINHALA LETTER MAHAAPRAANA KAYANNA;Lo;0;L;;;;;N;;;;; +0D9C;SINHALA LETTER ALPAPRAANA GAYANNA;Lo;0;L;;;;;N;;;;; +0D9D;SINHALA LETTER MAHAAPRAANA GAYANNA;Lo;0;L;;;;;N;;;;; +0D9E;SINHALA LETTER KANTAJA NAASIKYAYA;Lo;0;L;;;;;N;;;;; +0D9F;SINHALA LETTER SANYAKA GAYANNA;Lo;0;L;;;;;N;;;;; +0DA0;SINHALA LETTER ALPAPRAANA CAYANNA;Lo;0;L;;;;;N;;;;; +0DA1;SINHALA LETTER MAHAAPRAANA CAYANNA;Lo;0;L;;;;;N;;;;; +0DA2;SINHALA LETTER ALPAPRAANA JAYANNA;Lo;0;L;;;;;N;;;;; +0DA3;SINHALA LETTER MAHAAPRAANA JAYANNA;Lo;0;L;;;;;N;;;;; +0DA4;SINHALA LETTER TAALUJA NAASIKYAYA;Lo;0;L;;;;;N;;;;; +0DA5;SINHALA LETTER TAALUJA SANYOOGA NAAKSIKYAYA;Lo;0;L;;;;;N;;;;; +0DA6;SINHALA LETTER SANYAKA JAYANNA;Lo;0;L;;;;;N;;;;; +0DA7;SINHALA LETTER ALPAPRAANA TTAYANNA;Lo;0;L;;;;;N;;;;; +0DA8;SINHALA LETTER MAHAAPRAANA TTAYANNA;Lo;0;L;;;;;N;;;;; +0DA9;SINHALA LETTER ALPAPRAANA DDAYANNA;Lo;0;L;;;;;N;;;;; +0DAA;SINHALA LETTER MAHAAPRAANA DDAYANNA;Lo;0;L;;;;;N;;;;; +0DAB;SINHALA LETTER MUURDHAJA NAYANNA;Lo;0;L;;;;;N;;;;; +0DAC;SINHALA LETTER SANYAKA DDAYANNA;Lo;0;L;;;;;N;;;;; +0DAD;SINHALA LETTER ALPAPRAANA TAYANNA;Lo;0;L;;;;;N;;;;; +0DAE;SINHALA LETTER MAHAAPRAANA TAYANNA;Lo;0;L;;;;;N;;;;; +0DAF;SINHALA LETTER ALPAPRAANA DAYANNA;Lo;0;L;;;;;N;;;;; +0DB0;SINHALA LETTER MAHAAPRAANA DAYANNA;Lo;0;L;;;;;N;;;;; +0DB1;SINHALA LETTER DANTAJA NAYANNA;Lo;0;L;;;;;N;;;;; +0DB3;SINHALA LETTER SANYAKA DAYANNA;Lo;0;L;;;;;N;;;;; +0DB4;SINHALA LETTER ALPAPRAANA PAYANNA;Lo;0;L;;;;;N;;;;; +0DB5;SINHALA LETTER MAHAAPRAANA PAYANNA;Lo;0;L;;;;;N;;;;; +0DB6;SINHALA LETTER ALPAPRAANA BAYANNA;Lo;0;L;;;;;N;;;;; +0DB7;SINHALA LETTER MAHAAPRAANA BAYANNA;Lo;0;L;;;;;N;;;;; +0DB8;SINHALA LETTER MAYANNA;Lo;0;L;;;;;N;;;;; +0DB9;SINHALA LETTER AMBA BAYANNA;Lo;0;L;;;;;N;;;;; +0DBA;SINHALA LETTER YAYANNA;Lo;0;L;;;;;N;;;;; +0DBB;SINHALA LETTER RAYANNA;Lo;0;L;;;;;N;;;;; +0DBD;SINHALA LETTER DANTAJA LAYANNA;Lo;0;L;;;;;N;;;;; +0DC0;SINHALA LETTER VAYANNA;Lo;0;L;;;;;N;;;;; +0DC1;SINHALA LETTER TAALUJA SAYANNA;Lo;0;L;;;;;N;;;;; +0DC2;SINHALA LETTER MUURDHAJA SAYANNA;Lo;0;L;;;;;N;;;;; +0DC3;SINHALA LETTER DANTAJA SAYANNA;Lo;0;L;;;;;N;;;;; +0DC4;SINHALA LETTER HAYANNA;Lo;0;L;;;;;N;;;;; +0DC5;SINHALA LETTER MUURDHAJA LAYANNA;Lo;0;L;;;;;N;;;;; +0DC6;SINHALA LETTER FAYANNA;Lo;0;L;;;;;N;;;;; +0DCA;SINHALA SIGN AL-LAKUNA;Mn;9;NSM;;;;;N;;;;; +0DCF;SINHALA VOWEL SIGN AELA-PILLA;Mc;0;L;;;;;N;;;;; +0DD0;SINHALA VOWEL SIGN KETTI AEDA-PILLA;Mc;0;L;;;;;N;;;;; +0DD1;SINHALA VOWEL SIGN DIGA AEDA-PILLA;Mc;0;L;;;;;N;;;;; +0DD2;SINHALA VOWEL SIGN KETTI IS-PILLA;Mn;0;NSM;;;;;N;;;;; +0DD3;SINHALA VOWEL SIGN DIGA IS-PILLA;Mn;0;NSM;;;;;N;;;;; +0DD4;SINHALA VOWEL SIGN KETTI PAA-PILLA;Mn;0;NSM;;;;;N;;;;; +0DD6;SINHALA VOWEL SIGN DIGA PAA-PILLA;Mn;0;NSM;;;;;N;;;;; +0DD8;SINHALA VOWEL SIGN GAETTA-PILLA;Mc;0;L;;;;;N;;;;; +0DD9;SINHALA VOWEL SIGN KOMBUVA;Mc;0;L;;;;;N;;;;; +0DDA;SINHALA VOWEL SIGN DIGA KOMBUVA;Mc;0;L;0DD9 0DCA;;;;N;;;;; +0DDB;SINHALA VOWEL SIGN KOMBU DEKA;Mc;0;L;;;;;N;;;;; +0DDC;SINHALA VOWEL SIGN KOMBUVA HAA AELA-PILLA;Mc;0;L;0DD9 0DCF;;;;N;;;;; +0DDD;SINHALA VOWEL SIGN KOMBUVA HAA DIGA AELA-PILLA;Mc;0;L;0DDC 0DCA;;;;N;;;;; +0DDE;SINHALA VOWEL SIGN KOMBUVA HAA GAYANUKITTA;Mc;0;L;0DD9 0DDF;;;;N;;;;; +0DDF;SINHALA VOWEL SIGN GAYANUKITTA;Mc;0;L;;;;;N;;;;; +0DF2;SINHALA VOWEL SIGN DIGA GAETTA-PILLA;Mc;0;L;;;;;N;;;;; +0DF3;SINHALA VOWEL SIGN DIGA GAYANUKITTA;Mc;0;L;;;;;N;;;;; +0DF4;SINHALA PUNCTUATION KUNDDALIYA;Po;0;L;;;;;N;;;;; +0E01;THAI CHARACTER KO KAI;Lo;0;L;;;;;N;THAI LETTER KO KAI;;;; +0E02;THAI CHARACTER KHO KHAI;Lo;0;L;;;;;N;THAI LETTER KHO KHAI;;;; +0E03;THAI CHARACTER KHO KHUAT;Lo;0;L;;;;;N;THAI LETTER KHO KHUAT;;;; +0E04;THAI CHARACTER KHO KHWAI;Lo;0;L;;;;;N;THAI LETTER KHO KHWAI;;;; +0E05;THAI CHARACTER KHO KHON;Lo;0;L;;;;;N;THAI LETTER KHO KHON;;;; +0E06;THAI CHARACTER KHO RAKHANG;Lo;0;L;;;;;N;THAI LETTER KHO RAKHANG;;;; +0E07;THAI CHARACTER NGO NGU;Lo;0;L;;;;;N;THAI LETTER NGO NGU;;;; +0E08;THAI CHARACTER CHO CHAN;Lo;0;L;;;;;N;THAI LETTER CHO CHAN;;;; +0E09;THAI CHARACTER CHO CHING;Lo;0;L;;;;;N;THAI LETTER CHO CHING;;;; +0E0A;THAI CHARACTER CHO CHANG;Lo;0;L;;;;;N;THAI LETTER CHO CHANG;;;; +0E0B;THAI CHARACTER SO SO;Lo;0;L;;;;;N;THAI LETTER SO SO;;;; +0E0C;THAI CHARACTER CHO CHOE;Lo;0;L;;;;;N;THAI LETTER CHO CHOE;;;; +0E0D;THAI CHARACTER YO YING;Lo;0;L;;;;;N;THAI LETTER YO YING;;;; +0E0E;THAI CHARACTER DO CHADA;Lo;0;L;;;;;N;THAI LETTER DO CHADA;;;; +0E0F;THAI CHARACTER TO PATAK;Lo;0;L;;;;;N;THAI LETTER TO PATAK;;;; +0E10;THAI CHARACTER THO THAN;Lo;0;L;;;;;N;THAI LETTER THO THAN;;;; +0E11;THAI CHARACTER THO NANGMONTHO;Lo;0;L;;;;;N;THAI LETTER THO NANGMONTHO;;;; +0E12;THAI CHARACTER THO PHUTHAO;Lo;0;L;;;;;N;THAI LETTER THO PHUTHAO;;;; +0E13;THAI CHARACTER NO NEN;Lo;0;L;;;;;N;THAI LETTER NO NEN;;;; +0E14;THAI CHARACTER DO DEK;Lo;0;L;;;;;N;THAI LETTER DO DEK;;;; +0E15;THAI CHARACTER TO TAO;Lo;0;L;;;;;N;THAI LETTER TO TAO;;;; +0E16;THAI CHARACTER THO THUNG;Lo;0;L;;;;;N;THAI LETTER THO THUNG;;;; +0E17;THAI CHARACTER THO THAHAN;Lo;0;L;;;;;N;THAI LETTER THO THAHAN;;;; +0E18;THAI CHARACTER THO THONG;Lo;0;L;;;;;N;THAI LETTER THO THONG;;;; +0E19;THAI CHARACTER NO NU;Lo;0;L;;;;;N;THAI LETTER NO NU;;;; +0E1A;THAI CHARACTER BO BAIMAI;Lo;0;L;;;;;N;THAI LETTER BO BAIMAI;;;; +0E1B;THAI CHARACTER PO PLA;Lo;0;L;;;;;N;THAI LETTER PO PLA;;;; +0E1C;THAI CHARACTER PHO PHUNG;Lo;0;L;;;;;N;THAI LETTER PHO PHUNG;;;; +0E1D;THAI CHARACTER FO FA;Lo;0;L;;;;;N;THAI LETTER FO FA;;;; +0E1E;THAI CHARACTER PHO PHAN;Lo;0;L;;;;;N;THAI LETTER PHO PHAN;;;; +0E1F;THAI CHARACTER FO FAN;Lo;0;L;;;;;N;THAI LETTER FO FAN;;;; +0E20;THAI CHARACTER PHO SAMPHAO;Lo;0;L;;;;;N;THAI LETTER PHO SAMPHAO;;;; +0E21;THAI CHARACTER MO MA;Lo;0;L;;;;;N;THAI LETTER MO MA;;;; +0E22;THAI CHARACTER YO YAK;Lo;0;L;;;;;N;THAI LETTER YO YAK;;;; +0E23;THAI CHARACTER RO RUA;Lo;0;L;;;;;N;THAI LETTER RO RUA;;;; +0E24;THAI CHARACTER RU;Lo;0;L;;;;;N;THAI LETTER RU;;;; +0E25;THAI CHARACTER LO LING;Lo;0;L;;;;;N;THAI LETTER LO LING;;;; +0E26;THAI CHARACTER LU;Lo;0;L;;;;;N;THAI LETTER LU;;;; +0E27;THAI CHARACTER WO WAEN;Lo;0;L;;;;;N;THAI LETTER WO WAEN;;;; +0E28;THAI CHARACTER SO SALA;Lo;0;L;;;;;N;THAI LETTER SO SALA;;;; +0E29;THAI CHARACTER SO RUSI;Lo;0;L;;;;;N;THAI LETTER SO RUSI;;;; +0E2A;THAI CHARACTER SO SUA;Lo;0;L;;;;;N;THAI LETTER SO SUA;;;; +0E2B;THAI CHARACTER HO HIP;Lo;0;L;;;;;N;THAI LETTER HO HIP;;;; +0E2C;THAI CHARACTER LO CHULA;Lo;0;L;;;;;N;THAI LETTER LO CHULA;;;; +0E2D;THAI CHARACTER O ANG;Lo;0;L;;;;;N;THAI LETTER O ANG;;;; +0E2E;THAI CHARACTER HO NOKHUK;Lo;0;L;;;;;N;THAI LETTER HO NOK HUK;;;; +0E2F;THAI CHARACTER PAIYANNOI;Lo;0;L;;;;;N;THAI PAI YAN NOI;paiyan noi;;; +0E30;THAI CHARACTER SARA A;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA A;;;; +0E31;THAI CHARACTER MAI HAN-AKAT;Mn;0;NSM;;;;;N;THAI VOWEL SIGN MAI HAN-AKAT;;;; +0E32;THAI CHARACTER SARA AA;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA AA;;;; +0E33;THAI CHARACTER SARA AM;Lo;0;L; 0E4D 0E32;;;;N;THAI VOWEL SIGN SARA AM;;;; +0E34;THAI CHARACTER SARA I;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA I;;;; +0E35;THAI CHARACTER SARA II;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA II;;;; +0E36;THAI CHARACTER SARA UE;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA UE;;;; +0E37;THAI CHARACTER SARA UEE;Mn;0;NSM;;;;;N;THAI VOWEL SIGN SARA UEE;sara uue;;; +0E38;THAI CHARACTER SARA U;Mn;103;NSM;;;;;N;THAI VOWEL SIGN SARA U;;;; +0E39;THAI CHARACTER SARA UU;Mn;103;NSM;;;;;N;THAI VOWEL SIGN SARA UU;;;; +0E3A;THAI CHARACTER PHINTHU;Mn;9;NSM;;;;;N;THAI VOWEL SIGN PHINTHU;;;; +0E3F;THAI CURRENCY SYMBOL BAHT;Sc;0;ET;;;;;N;THAI BAHT SIGN;;;; +0E40;THAI CHARACTER SARA E;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA E;;;; +0E41;THAI CHARACTER SARA AE;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA AE;;;; +0E42;THAI CHARACTER SARA O;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA O;;;; +0E43;THAI CHARACTER SARA AI MAIMUAN;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA MAI MUAN;sara ai mai muan;;; +0E44;THAI CHARACTER SARA AI MAIMALAI;Lo;0;L;;;;;N;THAI VOWEL SIGN SARA MAI MALAI;sara ai mai malai;;; +0E45;THAI CHARACTER LAKKHANGYAO;Lo;0;L;;;;;N;THAI LAK KHANG YAO;lakkhang yao;;; +0E46;THAI CHARACTER MAIYAMOK;Lm;0;L;;;;;N;THAI MAI YAMOK;mai yamok;;; +0E47;THAI CHARACTER MAITAIKHU;Mn;0;NSM;;;;;N;THAI VOWEL SIGN MAI TAI KHU;mai taikhu;;; +0E48;THAI CHARACTER MAI EK;Mn;107;NSM;;;;;N;THAI TONE MAI EK;;;; +0E49;THAI CHARACTER MAI THO;Mn;107;NSM;;;;;N;THAI TONE MAI THO;;;; +0E4A;THAI CHARACTER MAI TRI;Mn;107;NSM;;;;;N;THAI TONE MAI TRI;;;; +0E4B;THAI CHARACTER MAI CHATTAWA;Mn;107;NSM;;;;;N;THAI TONE MAI CHATTAWA;;;; +0E4C;THAI CHARACTER THANTHAKHAT;Mn;0;NSM;;;;;N;THAI THANTHAKHAT;;;; +0E4D;THAI CHARACTER NIKHAHIT;Mn;0;NSM;;;;;N;THAI NIKKHAHIT;nikkhahit;;; +0E4E;THAI CHARACTER YAMAKKAN;Mn;0;NSM;;;;;N;THAI YAMAKKAN;;;; +0E4F;THAI CHARACTER FONGMAN;Po;0;L;;;;;N;THAI FONGMAN;;;; +0E50;THAI DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0E51;THAI DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0E52;THAI DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0E53;THAI DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0E54;THAI DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0E55;THAI DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0E56;THAI DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0E57;THAI DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0E58;THAI DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0E59;THAI DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0E5A;THAI CHARACTER ANGKHANKHU;Po;0;L;;;;;N;THAI ANGKHANKHU;;;; +0E5B;THAI CHARACTER KHOMUT;Po;0;L;;;;;N;THAI KHOMUT;;;; +0E81;LAO LETTER KO;Lo;0;L;;;;;N;;;;; +0E82;LAO LETTER KHO SUNG;Lo;0;L;;;;;N;;;;; +0E84;LAO LETTER KHO TAM;Lo;0;L;;;;;N;;;;; +0E87;LAO LETTER NGO;Lo;0;L;;;;;N;;;;; +0E88;LAO LETTER CO;Lo;0;L;;;;;N;;;;; +0E8A;LAO LETTER SO TAM;Lo;0;L;;;;;N;;;;; +0E8D;LAO LETTER NYO;Lo;0;L;;;;;N;;;;; +0E94;LAO LETTER DO;Lo;0;L;;;;;N;;;;; +0E95;LAO LETTER TO;Lo;0;L;;;;;N;;;;; +0E96;LAO LETTER THO SUNG;Lo;0;L;;;;;N;;;;; +0E97;LAO LETTER THO TAM;Lo;0;L;;;;;N;;;;; +0E99;LAO LETTER NO;Lo;0;L;;;;;N;;;;; +0E9A;LAO LETTER BO;Lo;0;L;;;;;N;;;;; +0E9B;LAO LETTER PO;Lo;0;L;;;;;N;;;;; +0E9C;LAO LETTER PHO SUNG;Lo;0;L;;;;;N;;;;; +0E9D;LAO LETTER FO TAM;Lo;0;L;;;;;N;;;;; +0E9E;LAO LETTER PHO TAM;Lo;0;L;;;;;N;;;;; +0E9F;LAO LETTER FO SUNG;Lo;0;L;;;;;N;;;;; +0EA1;LAO LETTER MO;Lo;0;L;;;;;N;;;;; +0EA2;LAO LETTER YO;Lo;0;L;;;;;N;;;;; +0EA3;LAO LETTER LO LING;Lo;0;L;;;;;N;;;;; +0EA5;LAO LETTER LO LOOT;Lo;0;L;;;;;N;;;;; +0EA7;LAO LETTER WO;Lo;0;L;;;;;N;;;;; +0EAA;LAO LETTER SO SUNG;Lo;0;L;;;;;N;;;;; +0EAB;LAO LETTER HO SUNG;Lo;0;L;;;;;N;;;;; +0EAD;LAO LETTER O;Lo;0;L;;;;;N;;;;; +0EAE;LAO LETTER HO TAM;Lo;0;L;;;;;N;;;;; +0EAF;LAO ELLIPSIS;Lo;0;L;;;;;N;;;;; +0EB0;LAO VOWEL SIGN A;Lo;0;L;;;;;N;;;;; +0EB1;LAO VOWEL SIGN MAI KAN;Mn;0;NSM;;;;;N;;;;; +0EB2;LAO VOWEL SIGN AA;Lo;0;L;;;;;N;;;;; +0EB3;LAO VOWEL SIGN AM;Lo;0;L; 0ECD 0EB2;;;;N;;;;; +0EB4;LAO VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +0EB5;LAO VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +0EB6;LAO VOWEL SIGN Y;Mn;0;NSM;;;;;N;;;;; +0EB7;LAO VOWEL SIGN YY;Mn;0;NSM;;;;;N;;;;; +0EB8;LAO VOWEL SIGN U;Mn;118;NSM;;;;;N;;;;; +0EB9;LAO VOWEL SIGN UU;Mn;118;NSM;;;;;N;;;;; +0EBB;LAO VOWEL SIGN MAI KON;Mn;0;NSM;;;;;N;;;;; +0EBC;LAO SEMIVOWEL SIGN LO;Mn;0;NSM;;;;;N;;;;; +0EBD;LAO SEMIVOWEL SIGN NYO;Lo;0;L;;;;;N;;;;; +0EC0;LAO VOWEL SIGN E;Lo;0;L;;;;;N;;;;; +0EC1;LAO VOWEL SIGN EI;Lo;0;L;;;;;N;;;;; +0EC2;LAO VOWEL SIGN O;Lo;0;L;;;;;N;;;;; +0EC3;LAO VOWEL SIGN AY;Lo;0;L;;;;;N;;;;; +0EC4;LAO VOWEL SIGN AI;Lo;0;L;;;;;N;;;;; +0EC6;LAO KO LA;Lm;0;L;;;;;N;;;;; +0EC8;LAO TONE MAI EK;Mn;122;NSM;;;;;N;;;;; +0EC9;LAO TONE MAI THO;Mn;122;NSM;;;;;N;;;;; +0ECA;LAO TONE MAI TI;Mn;122;NSM;;;;;N;;;;; +0ECB;LAO TONE MAI CATAWA;Mn;122;NSM;;;;;N;;;;; +0ECC;LAO CANCELLATION MARK;Mn;0;NSM;;;;;N;;;;; +0ECD;LAO NIGGAHITA;Mn;0;NSM;;;;;N;;;;; +0ED0;LAO DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0ED1;LAO DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0ED2;LAO DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0ED3;LAO DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0ED4;LAO DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0ED5;LAO DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0ED6;LAO DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0ED7;LAO DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0ED8;LAO DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0ED9;LAO DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0EDC;LAO HO NO;Lo;0;L; 0EAB 0E99;;;;N;;;;; +0EDD;LAO HO MO;Lo;0;L; 0EAB 0EA1;;;;N;;;;; +0F00;TIBETAN SYLLABLE OM;Lo;0;L;;;;;N;;;;; +0F01;TIBETAN MARK GTER YIG MGO TRUNCATED A;So;0;L;;;;;N;;ter yik go a thung;;; +0F02;TIBETAN MARK GTER YIG MGO -UM RNAM BCAD MA;So;0;L;;;;;N;;ter yik go wum nam chey ma;;; +0F03;TIBETAN MARK GTER YIG MGO -UM GTER TSHEG MA;So;0;L;;;;;N;;ter yik go wum ter tsek ma;;; +0F04;TIBETAN MARK INITIAL YIG MGO MDUN MA;Po;0;L;;;;;N;TIBETAN SINGLE ORNAMENT;yik go dun ma;;; +0F05;TIBETAN MARK CLOSING YIG MGO SGAB MA;Po;0;L;;;;;N;;yik go kab ma;;; +0F06;TIBETAN MARK CARET YIG MGO PHUR SHAD MA;Po;0;L;;;;;N;;yik go pur shey ma;;; +0F07;TIBETAN MARK YIG MGO TSHEG SHAD MA;Po;0;L;;;;;N;;yik go tsek shey ma;;; +0F08;TIBETAN MARK SBRUL SHAD;Po;0;L;;;;;N;TIBETAN RGYANSHAD;drul shey;;; +0F09;TIBETAN MARK BSKUR YIG MGO;Po;0;L;;;;;N;;kur yik go;;; +0F0A;TIBETAN MARK BKA- SHOG YIG MGO;Po;0;L;;;;;N;;ka sho yik go;;; +0F0B;TIBETAN MARK INTERSYLLABIC TSHEG;Po;0;L;;;;;N;TIBETAN TSEG;tsek;;; +0F0C;TIBETAN MARK DELIMITER TSHEG BSTAR;Po;0;L; 0F0B;;;;N;;tsek tar;;; +0F0D;TIBETAN MARK SHAD;Po;0;L;;;;;N;TIBETAN SHAD;shey;;; +0F0E;TIBETAN MARK NYIS SHAD;Po;0;L;;;;;N;TIBETAN DOUBLE SHAD;nyi shey;;; +0F0F;TIBETAN MARK TSHEG SHAD;Po;0;L;;;;;N;;tsek shey;;; +0F10;TIBETAN MARK NYIS TSHEG SHAD;Po;0;L;;;;;N;;nyi tsek shey;;; +0F11;TIBETAN MARK RIN CHEN SPUNGS SHAD;Po;0;L;;;;;N;TIBETAN RINCHANPHUNGSHAD;rinchen pung shey;;; +0F12;TIBETAN MARK RGYA GRAM SHAD;Po;0;L;;;;;N;;gya tram shey;;; +0F13;TIBETAN MARK CARET -DZUD RTAGS ME LONG CAN;So;0;L;;;;;N;;dzu ta me long chen;;; +0F14;TIBETAN MARK GTER TSHEG;So;0;L;;;;;N;TIBETAN COMMA;ter tsek;;; +0F15;TIBETAN LOGOTYPE SIGN CHAD RTAGS;So;0;L;;;;;N;;che ta;;; +0F16;TIBETAN LOGOTYPE SIGN LHAG RTAGS;So;0;L;;;;;N;;hlak ta;;; +0F17;TIBETAN ASTROLOGICAL SIGN SGRA GCAN -CHAR RTAGS;So;0;L;;;;;N;;trachen char ta;;; +0F18;TIBETAN ASTROLOGICAL SIGN -KHYUD PA;Mn;220;NSM;;;;;N;;kyu pa;;; +0F19;TIBETAN ASTROLOGICAL SIGN SDONG TSHUGS;Mn;220;NSM;;;;;N;;dong tsu;;; +0F1A;TIBETAN SIGN RDEL DKAR GCIG;So;0;L;;;;;N;;deka chig;;; +0F1B;TIBETAN SIGN RDEL DKAR GNYIS;So;0;L;;;;;N;;deka nyi;;; +0F1C;TIBETAN SIGN RDEL DKAR GSUM;So;0;L;;;;;N;;deka sum;;; +0F1D;TIBETAN SIGN RDEL NAG GCIG;So;0;L;;;;;N;;dena chig;;; +0F1E;TIBETAN SIGN RDEL NAG GNYIS;So;0;L;;;;;N;;dena nyi;;; +0F1F;TIBETAN SIGN RDEL DKAR RDEL NAG;So;0;L;;;;;N;;deka dena;;; +0F20;TIBETAN DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +0F21;TIBETAN DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +0F22;TIBETAN DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +0F23;TIBETAN DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +0F24;TIBETAN DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +0F25;TIBETAN DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +0F26;TIBETAN DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +0F27;TIBETAN DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +0F28;TIBETAN DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +0F29;TIBETAN DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +0F2A;TIBETAN DIGIT HALF ONE;No;0;L;;;;1/2;N;;;;; +0F2B;TIBETAN DIGIT HALF TWO;No;0;L;;;;3/2;N;;;;; +0F2C;TIBETAN DIGIT HALF THREE;No;0;L;;;;5/2;N;;;;; +0F2D;TIBETAN DIGIT HALF FOUR;No;0;L;;;;7/2;N;;;;; +0F2E;TIBETAN DIGIT HALF FIVE;No;0;L;;;;9/2;N;;;;; +0F2F;TIBETAN DIGIT HALF SIX;No;0;L;;;;11/2;N;;;;; +0F30;TIBETAN DIGIT HALF SEVEN;No;0;L;;;;13/2;N;;;;; +0F31;TIBETAN DIGIT HALF EIGHT;No;0;L;;;;15/2;N;;;;; +0F32;TIBETAN DIGIT HALF NINE;No;0;L;;;;17/2;N;;;;; +0F33;TIBETAN DIGIT HALF ZERO;No;0;L;;;;-1/2;N;;;;; +0F34;TIBETAN MARK BSDUS RTAGS;So;0;L;;;;;N;;du ta;;; +0F35;TIBETAN MARK NGAS BZUNG NYI ZLA;Mn;220;NSM;;;;;N;TIBETAN HONORIFIC UNDER RING;nge zung nyi da;;; +0F36;TIBETAN MARK CARET -DZUD RTAGS BZHI MIG CAN;So;0;L;;;;;N;;dzu ta shi mig chen;;; +0F37;TIBETAN MARK NGAS BZUNG SGOR RTAGS;Mn;220;NSM;;;;;N;TIBETAN UNDER RING;nge zung gor ta;;; +0F38;TIBETAN MARK CHE MGO;So;0;L;;;;;N;;che go;;; +0F39;TIBETAN MARK TSA -PHRU;Mn;216;NSM;;;;;N;TIBETAN LENITION MARK;tsa tru;;; +0F3A;TIBETAN MARK GUG RTAGS GYON;Ps;0;ON;;;;;N;;gug ta yun;;; +0F3B;TIBETAN MARK GUG RTAGS GYAS;Pe;0;ON;;;;;N;;gug ta ye;;; +0F3C;TIBETAN MARK ANG KHANG GYON;Ps;0;ON;;;;;N;TIBETAN LEFT BRACE;ang kang yun;;; +0F3D;TIBETAN MARK ANG KHANG GYAS;Pe;0;ON;;;;;N;TIBETAN RIGHT BRACE;ang kang ye;;; +0F3E;TIBETAN SIGN YAR TSHES;Mc;0;L;;;;;N;;yar tse;;; +0F3F;TIBETAN SIGN MAR TSHES;Mc;0;L;;;;;N;;mar tse;;; +0F40;TIBETAN LETTER KA;Lo;0;L;;;;;N;;;;; +0F41;TIBETAN LETTER KHA;Lo;0;L;;;;;N;;;;; +0F42;TIBETAN LETTER GA;Lo;0;L;;;;;N;;;;; +0F43;TIBETAN LETTER GHA;Lo;0;L;0F42 0FB7;;;;N;;;;; +0F44;TIBETAN LETTER NGA;Lo;0;L;;;;;N;;;;; +0F45;TIBETAN LETTER CA;Lo;0;L;;;;;N;;;;; +0F46;TIBETAN LETTER CHA;Lo;0;L;;;;;N;;;;; +0F47;TIBETAN LETTER JA;Lo;0;L;;;;;N;;;;; +0F49;TIBETAN LETTER NYA;Lo;0;L;;;;;N;;;;; +0F4A;TIBETAN LETTER TTA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED TA;;;; +0F4B;TIBETAN LETTER TTHA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED THA;;;; +0F4C;TIBETAN LETTER DDA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED DA;;;; +0F4D;TIBETAN LETTER DDHA;Lo;0;L;0F4C 0FB7;;;;N;;;;; +0F4E;TIBETAN LETTER NNA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED NA;;;; +0F4F;TIBETAN LETTER TA;Lo;0;L;;;;;N;;;;; +0F50;TIBETAN LETTER THA;Lo;0;L;;;;;N;;;;; +0F51;TIBETAN LETTER DA;Lo;0;L;;;;;N;;;;; +0F52;TIBETAN LETTER DHA;Lo;0;L;0F51 0FB7;;;;N;;;;; +0F53;TIBETAN LETTER NA;Lo;0;L;;;;;N;;;;; +0F54;TIBETAN LETTER PA;Lo;0;L;;;;;N;;;;; +0F55;TIBETAN LETTER PHA;Lo;0;L;;;;;N;;;;; +0F56;TIBETAN LETTER BA;Lo;0;L;;;;;N;;;;; +0F57;TIBETAN LETTER BHA;Lo;0;L;0F56 0FB7;;;;N;;;;; +0F58;TIBETAN LETTER MA;Lo;0;L;;;;;N;;;;; +0F59;TIBETAN LETTER TSA;Lo;0;L;;;;;N;;;;; +0F5A;TIBETAN LETTER TSHA;Lo;0;L;;;;;N;;;;; +0F5B;TIBETAN LETTER DZA;Lo;0;L;;;;;N;;;;; +0F5C;TIBETAN LETTER DZHA;Lo;0;L;0F5B 0FB7;;;;N;;;;; +0F5D;TIBETAN LETTER WA;Lo;0;L;;;;;N;;;;; +0F5E;TIBETAN LETTER ZHA;Lo;0;L;;;;;N;;;;; +0F5F;TIBETAN LETTER ZA;Lo;0;L;;;;;N;;;;; +0F60;TIBETAN LETTER -A;Lo;0;L;;;;;N;TIBETAN LETTER AA;;;; +0F61;TIBETAN LETTER YA;Lo;0;L;;;;;N;;;;; +0F62;TIBETAN LETTER RA;Lo;0;L;;;;;N;;*;;; +0F63;TIBETAN LETTER LA;Lo;0;L;;;;;N;;;;; +0F64;TIBETAN LETTER SHA;Lo;0;L;;;;;N;;;;; +0F65;TIBETAN LETTER SSA;Lo;0;L;;;;;N;TIBETAN LETTER REVERSED SHA;;;; +0F66;TIBETAN LETTER SA;Lo;0;L;;;;;N;;;;; +0F67;TIBETAN LETTER HA;Lo;0;L;;;;;N;;;;; +0F68;TIBETAN LETTER A;Lo;0;L;;;;;N;;;;; +0F69;TIBETAN LETTER KSSA;Lo;0;L;0F40 0FB5;;;;N;;;;; +0F6A;TIBETAN LETTER FIXED-FORM RA;Lo;0;L;;;;;N;;*;;; +0F71;TIBETAN VOWEL SIGN AA;Mn;129;NSM;;;;;N;;;;; +0F72;TIBETAN VOWEL SIGN I;Mn;130;NSM;;;;;N;;;;; +0F73;TIBETAN VOWEL SIGN II;Mn;0;NSM;0F71 0F72;;;;N;;;;; +0F74;TIBETAN VOWEL SIGN U;Mn;132;NSM;;;;;N;;;;; +0F75;TIBETAN VOWEL SIGN UU;Mn;0;NSM;0F71 0F74;;;;N;;;;; +0F76;TIBETAN VOWEL SIGN VOCALIC R;Mn;0;NSM;0FB2 0F80;;;;N;;;;; +0F77;TIBETAN VOWEL SIGN VOCALIC RR;Mn;0;NSM; 0FB2 0F81;;;;N;;;;; +0F78;TIBETAN VOWEL SIGN VOCALIC L;Mn;0;NSM;0FB3 0F80;;;;N;;;;; +0F79;TIBETAN VOWEL SIGN VOCALIC LL;Mn;0;NSM; 0FB3 0F81;;;;N;;;;; +0F7A;TIBETAN VOWEL SIGN E;Mn;130;NSM;;;;;N;;;;; +0F7B;TIBETAN VOWEL SIGN EE;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN AI;;;; +0F7C;TIBETAN VOWEL SIGN O;Mn;130;NSM;;;;;N;;;;; +0F7D;TIBETAN VOWEL SIGN OO;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN AU;;;; +0F7E;TIBETAN SIGN RJES SU NGA RO;Mn;0;NSM;;;;;N;TIBETAN ANUSVARA;je su nga ro;;; +0F7F;TIBETAN SIGN RNAM BCAD;Mc;0;L;;;;;N;TIBETAN VISARGA;nam chey;;; +0F80;TIBETAN VOWEL SIGN REVERSED I;Mn;130;NSM;;;;;N;TIBETAN VOWEL SIGN SHORT I;;;; +0F81;TIBETAN VOWEL SIGN REVERSED II;Mn;0;NSM;0F71 0F80;;;;N;;;;; +0F82;TIBETAN SIGN NYI ZLA NAA DA;Mn;230;NSM;;;;;N;TIBETAN CANDRABINDU WITH ORNAMENT;nyi da na da;;; +0F83;TIBETAN SIGN SNA LDAN;Mn;230;NSM;;;;;N;TIBETAN CANDRABINDU;nan de;;; +0F84;TIBETAN MARK HALANTA;Mn;9;NSM;;;;;N;TIBETAN VIRAMA;;;; +0F85;TIBETAN MARK PALUTA;Po;0;L;;;;;N;TIBETAN CHUCHENYIGE;;;; +0F86;TIBETAN SIGN LCI RTAGS;Mn;230;NSM;;;;;N;;ji ta;;; +0F87;TIBETAN SIGN YANG RTAGS;Mn;230;NSM;;;;;N;;yang ta;;; +0F88;TIBETAN SIGN LCE TSA CAN;Lo;0;L;;;;;N;;che tsa chen;;; +0F89;TIBETAN SIGN MCHU CAN;Lo;0;L;;;;;N;;chu chen;;; +0F8A;TIBETAN SIGN GRU CAN RGYINGS;Lo;0;L;;;;;N;;tru chen ging;;; +0F8B;TIBETAN SIGN GRU MED RGYINGS;Lo;0;L;;;;;N;;tru me ging;;; +0F90;TIBETAN SUBJOINED LETTER KA;Mn;0;NSM;;;;;N;;;;; +0F91;TIBETAN SUBJOINED LETTER KHA;Mn;0;NSM;;;;;N;;;;; +0F92;TIBETAN SUBJOINED LETTER GA;Mn;0;NSM;;;;;N;;;;; +0F93;TIBETAN SUBJOINED LETTER GHA;Mn;0;NSM;0F92 0FB7;;;;N;;;;; +0F94;TIBETAN SUBJOINED LETTER NGA;Mn;0;NSM;;;;;N;;;;; +0F95;TIBETAN SUBJOINED LETTER CA;Mn;0;NSM;;;;;N;;;;; +0F96;TIBETAN SUBJOINED LETTER CHA;Mn;0;NSM;;;;;N;;;;; +0F97;TIBETAN SUBJOINED LETTER JA;Mn;0;NSM;;;;;N;;;;; +0F99;TIBETAN SUBJOINED LETTER NYA;Mn;0;NSM;;;;;N;;;;; +0F9A;TIBETAN SUBJOINED LETTER TTA;Mn;0;NSM;;;;;N;;;;; +0F9B;TIBETAN SUBJOINED LETTER TTHA;Mn;0;NSM;;;;;N;;;;; +0F9C;TIBETAN SUBJOINED LETTER DDA;Mn;0;NSM;;;;;N;;;;; +0F9D;TIBETAN SUBJOINED LETTER DDHA;Mn;0;NSM;0F9C 0FB7;;;;N;;;;; +0F9E;TIBETAN SUBJOINED LETTER NNA;Mn;0;NSM;;;;;N;;;;; +0F9F;TIBETAN SUBJOINED LETTER TA;Mn;0;NSM;;;;;N;;;;; +0FA0;TIBETAN SUBJOINED LETTER THA;Mn;0;NSM;;;;;N;;;;; +0FA1;TIBETAN SUBJOINED LETTER DA;Mn;0;NSM;;;;;N;;;;; +0FA2;TIBETAN SUBJOINED LETTER DHA;Mn;0;NSM;0FA1 0FB7;;;;N;;;;; +0FA3;TIBETAN SUBJOINED LETTER NA;Mn;0;NSM;;;;;N;;;;; +0FA4;TIBETAN SUBJOINED LETTER PA;Mn;0;NSM;;;;;N;;;;; +0FA5;TIBETAN SUBJOINED LETTER PHA;Mn;0;NSM;;;;;N;;;;; +0FA6;TIBETAN SUBJOINED LETTER BA;Mn;0;NSM;;;;;N;;;;; +0FA7;TIBETAN SUBJOINED LETTER BHA;Mn;0;NSM;0FA6 0FB7;;;;N;;;;; +0FA8;TIBETAN SUBJOINED LETTER MA;Mn;0;NSM;;;;;N;;;;; +0FA9;TIBETAN SUBJOINED LETTER TSA;Mn;0;NSM;;;;;N;;;;; +0FAA;TIBETAN SUBJOINED LETTER TSHA;Mn;0;NSM;;;;;N;;;;; +0FAB;TIBETAN SUBJOINED LETTER DZA;Mn;0;NSM;;;;;N;;;;; +0FAC;TIBETAN SUBJOINED LETTER DZHA;Mn;0;NSM;0FAB 0FB7;;;;N;;;;; +0FAD;TIBETAN SUBJOINED LETTER WA;Mn;0;NSM;;;;;N;;*;;; +0FAE;TIBETAN SUBJOINED LETTER ZHA;Mn;0;NSM;;;;;N;;;;; +0FAF;TIBETAN SUBJOINED LETTER ZA;Mn;0;NSM;;;;;N;;;;; +0FB0;TIBETAN SUBJOINED LETTER -A;Mn;0;NSM;;;;;N;;;;; +0FB1;TIBETAN SUBJOINED LETTER YA;Mn;0;NSM;;;;;N;;*;;; +0FB2;TIBETAN SUBJOINED LETTER RA;Mn;0;NSM;;;;;N;;*;;; +0FB3;TIBETAN SUBJOINED LETTER LA;Mn;0;NSM;;;;;N;;;;; +0FB4;TIBETAN SUBJOINED LETTER SHA;Mn;0;NSM;;;;;N;;;;; +0FB5;TIBETAN SUBJOINED LETTER SSA;Mn;0;NSM;;;;;N;;;;; +0FB6;TIBETAN SUBJOINED LETTER SA;Mn;0;NSM;;;;;N;;;;; +0FB7;TIBETAN SUBJOINED LETTER HA;Mn;0;NSM;;;;;N;;;;; +0FB8;TIBETAN SUBJOINED LETTER A;Mn;0;NSM;;;;;N;;;;; +0FB9;TIBETAN SUBJOINED LETTER KSSA;Mn;0;NSM;0F90 0FB5;;;;N;;;;; +0FBA;TIBETAN SUBJOINED LETTER FIXED-FORM WA;Mn;0;NSM;;;;;N;;*;;; +0FBB;TIBETAN SUBJOINED LETTER FIXED-FORM YA;Mn;0;NSM;;;;;N;;*;;; +0FBC;TIBETAN SUBJOINED LETTER FIXED-FORM RA;Mn;0;NSM;;;;;N;;*;;; +0FBE;TIBETAN KU RU KHA;So;0;L;;;;;N;;kuruka;;; +0FBF;TIBETAN KU RU KHA BZHI MIG CAN;So;0;L;;;;;N;;kuruka shi mik chen;;; +0FC0;TIBETAN CANTILLATION SIGN HEAVY BEAT;So;0;L;;;;;N;;;;; +0FC1;TIBETAN CANTILLATION SIGN LIGHT BEAT;So;0;L;;;;;N;;;;; +0FC2;TIBETAN CANTILLATION SIGN CANG TE-U;So;0;L;;;;;N;;chang tyu;;; +0FC3;TIBETAN CANTILLATION SIGN SBUB -CHAL;So;0;L;;;;;N;;bub chey;;; +0FC4;TIBETAN SYMBOL DRIL BU;So;0;L;;;;;N;;drilbu;;; +0FC5;TIBETAN SYMBOL RDO RJE;So;0;L;;;;;N;;dorje;;; +0FC6;TIBETAN SYMBOL PADMA GDAN;Mn;220;NSM;;;;;N;;pema den;;; +0FC7;TIBETAN SYMBOL RDO RJE RGYA GRAM;So;0;L;;;;;N;;dorje gya dram;;; +0FC8;TIBETAN SYMBOL PHUR PA;So;0;L;;;;;N;;phurba;;; +0FC9;TIBETAN SYMBOL NOR BU;So;0;L;;;;;N;;norbu;;; +0FCA;TIBETAN SYMBOL NOR BU NYIS -KHYIL;So;0;L;;;;;N;;norbu nyi khyi;;; +0FCB;TIBETAN SYMBOL NOR BU GSUM -KHYIL;So;0;L;;;;;N;;norbu sum khyi;;; +0FCC;TIBETAN SYMBOL NOR BU BZHI -KHYIL;So;0;L;;;;;N;;norbu shi khyi;;; +0FCF;TIBETAN SIGN RDEL NAG GSUM;So;0;L;;;;;N;;dena sum;;; +1000;MYANMAR LETTER KA;Lo;0;L;;;;;N;;;;; +1001;MYANMAR LETTER KHA;Lo;0;L;;;;;N;;;;; +1002;MYANMAR LETTER GA;Lo;0;L;;;;;N;;;;; +1003;MYANMAR LETTER GHA;Lo;0;L;;;;;N;;;;; +1004;MYANMAR LETTER NGA;Lo;0;L;;;;;N;;;;; +1005;MYANMAR LETTER CA;Lo;0;L;;;;;N;;;;; +1006;MYANMAR LETTER CHA;Lo;0;L;;;;;N;;;;; +1007;MYANMAR LETTER JA;Lo;0;L;;;;;N;;;;; +1008;MYANMAR LETTER JHA;Lo;0;L;;;;;N;;;;; +1009;MYANMAR LETTER NYA;Lo;0;L;;;;;N;;;;; +100A;MYANMAR LETTER NNYA;Lo;0;L;;;;;N;;;;; +100B;MYANMAR LETTER TTA;Lo;0;L;;;;;N;;;;; +100C;MYANMAR LETTER TTHA;Lo;0;L;;;;;N;;;;; +100D;MYANMAR LETTER DDA;Lo;0;L;;;;;N;;;;; +100E;MYANMAR LETTER DDHA;Lo;0;L;;;;;N;;;;; +100F;MYANMAR LETTER NNA;Lo;0;L;;;;;N;;;;; +1010;MYANMAR LETTER TA;Lo;0;L;;;;;N;;;;; +1011;MYANMAR LETTER THA;Lo;0;L;;;;;N;;;;; +1012;MYANMAR LETTER DA;Lo;0;L;;;;;N;;;;; +1013;MYANMAR LETTER DHA;Lo;0;L;;;;;N;;;;; +1014;MYANMAR LETTER NA;Lo;0;L;;;;;N;;;;; +1015;MYANMAR LETTER PA;Lo;0;L;;;;;N;;;;; +1016;MYANMAR LETTER PHA;Lo;0;L;;;;;N;;;;; +1017;MYANMAR LETTER BA;Lo;0;L;;;;;N;;;;; +1018;MYANMAR LETTER BHA;Lo;0;L;;;;;N;;;;; +1019;MYANMAR LETTER MA;Lo;0;L;;;;;N;;;;; +101A;MYANMAR LETTER YA;Lo;0;L;;;;;N;;;;; +101B;MYANMAR LETTER RA;Lo;0;L;;;;;N;;;;; +101C;MYANMAR LETTER LA;Lo;0;L;;;;;N;;;;; +101D;MYANMAR LETTER WA;Lo;0;L;;;;;N;;;;; +101E;MYANMAR LETTER SA;Lo;0;L;;;;;N;;;;; +101F;MYANMAR LETTER HA;Lo;0;L;;;;;N;;;;; +1020;MYANMAR LETTER LLA;Lo;0;L;;;;;N;;;;; +1021;MYANMAR LETTER A;Lo;0;L;;;;;N;;;;; +1023;MYANMAR LETTER I;Lo;0;L;;;;;N;;;;; +1024;MYANMAR LETTER II;Lo;0;L;;;;;N;;;;; +1025;MYANMAR LETTER U;Lo;0;L;;;;;N;;;;; +1026;MYANMAR LETTER UU;Lo;0;L;1025 102E;;;;N;;;;; +1027;MYANMAR LETTER E;Lo;0;L;;;;;N;;;;; +1029;MYANMAR LETTER O;Lo;0;L;;;;;N;;;;; +102A;MYANMAR LETTER AU;Lo;0;L;;;;;N;;;;; +102C;MYANMAR VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +102D;MYANMAR VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +102E;MYANMAR VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +102F;MYANMAR VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1030;MYANMAR VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +1031;MYANMAR VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +1032;MYANMAR VOWEL SIGN AI;Mn;0;NSM;;;;;N;;;;; +1036;MYANMAR SIGN ANUSVARA;Mn;0;NSM;;;;;N;;;;; +1037;MYANMAR SIGN DOT BELOW;Mn;7;NSM;;;;;N;;;;; +1038;MYANMAR SIGN VISARGA;Mc;0;L;;;;;N;;;;; +1039;MYANMAR SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +1040;MYANMAR DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +1041;MYANMAR DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +1042;MYANMAR DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +1043;MYANMAR DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +1044;MYANMAR DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +1045;MYANMAR DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +1046;MYANMAR DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +1047;MYANMAR DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +1048;MYANMAR DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +1049;MYANMAR DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +104A;MYANMAR SIGN LITTLE SECTION;Po;0;L;;;;;N;;;;; +104B;MYANMAR SIGN SECTION;Po;0;L;;;;;N;;;;; +104C;MYANMAR SYMBOL LOCATIVE;Po;0;L;;;;;N;;;;; +104D;MYANMAR SYMBOL COMPLETED;Po;0;L;;;;;N;;;;; +104E;MYANMAR SYMBOL AFOREMENTIONED;Po;0;L;;;;;N;;;;; +104F;MYANMAR SYMBOL GENITIVE;Po;0;L;;;;;N;;;;; +1050;MYANMAR LETTER SHA;Lo;0;L;;;;;N;;;;; +1051;MYANMAR LETTER SSA;Lo;0;L;;;;;N;;;;; +1052;MYANMAR LETTER VOCALIC R;Lo;0;L;;;;;N;;;;; +1053;MYANMAR LETTER VOCALIC RR;Lo;0;L;;;;;N;;;;; +1054;MYANMAR LETTER VOCALIC L;Lo;0;L;;;;;N;;;;; +1055;MYANMAR LETTER VOCALIC LL;Lo;0;L;;;;;N;;;;; +1056;MYANMAR VOWEL SIGN VOCALIC R;Mc;0;L;;;;;N;;;;; +1057;MYANMAR VOWEL SIGN VOCALIC RR;Mc;0;L;;;;;N;;;;; +1058;MYANMAR VOWEL SIGN VOCALIC L;Mn;0;NSM;;;;;N;;;;; +1059;MYANMAR VOWEL SIGN VOCALIC LL;Mn;0;NSM;;;;;N;;;;; +10A0;GEORGIAN CAPITAL LETTER AN;Lu;0;L;;;;;N;;Khutsuri;;; +10A1;GEORGIAN CAPITAL LETTER BAN;Lu;0;L;;;;;N;;Khutsuri;;; +10A2;GEORGIAN CAPITAL LETTER GAN;Lu;0;L;;;;;N;;Khutsuri;;; +10A3;GEORGIAN CAPITAL LETTER DON;Lu;0;L;;;;;N;;Khutsuri;;; +10A4;GEORGIAN CAPITAL LETTER EN;Lu;0;L;;;;;N;;Khutsuri;;; +10A5;GEORGIAN CAPITAL LETTER VIN;Lu;0;L;;;;;N;;Khutsuri;;; +10A6;GEORGIAN CAPITAL LETTER ZEN;Lu;0;L;;;;;N;;Khutsuri;;; +10A7;GEORGIAN CAPITAL LETTER TAN;Lu;0;L;;;;;N;;Khutsuri;;; +10A8;GEORGIAN CAPITAL LETTER IN;Lu;0;L;;;;;N;;Khutsuri;;; +10A9;GEORGIAN CAPITAL LETTER KAN;Lu;0;L;;;;;N;;Khutsuri;;; +10AA;GEORGIAN CAPITAL LETTER LAS;Lu;0;L;;;;;N;;Khutsuri;;; +10AB;GEORGIAN CAPITAL LETTER MAN;Lu;0;L;;;;;N;;Khutsuri;;; +10AC;GEORGIAN CAPITAL LETTER NAR;Lu;0;L;;;;;N;;Khutsuri;;; +10AD;GEORGIAN CAPITAL LETTER ON;Lu;0;L;;;;;N;;Khutsuri;;; +10AE;GEORGIAN CAPITAL LETTER PAR;Lu;0;L;;;;;N;;Khutsuri;;; +10AF;GEORGIAN CAPITAL LETTER ZHAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B0;GEORGIAN CAPITAL LETTER RAE;Lu;0;L;;;;;N;;Khutsuri;;; +10B1;GEORGIAN CAPITAL LETTER SAN;Lu;0;L;;;;;N;;Khutsuri;;; +10B2;GEORGIAN CAPITAL LETTER TAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B3;GEORGIAN CAPITAL LETTER UN;Lu;0;L;;;;;N;;Khutsuri;;; +10B4;GEORGIAN CAPITAL LETTER PHAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B5;GEORGIAN CAPITAL LETTER KHAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B6;GEORGIAN CAPITAL LETTER GHAN;Lu;0;L;;;;;N;;Khutsuri;;; +10B7;GEORGIAN CAPITAL LETTER QAR;Lu;0;L;;;;;N;;Khutsuri;;; +10B8;GEORGIAN CAPITAL LETTER SHIN;Lu;0;L;;;;;N;;Khutsuri;;; +10B9;GEORGIAN CAPITAL LETTER CHIN;Lu;0;L;;;;;N;;Khutsuri;;; +10BA;GEORGIAN CAPITAL LETTER CAN;Lu;0;L;;;;;N;;Khutsuri;;; +10BB;GEORGIAN CAPITAL LETTER JIL;Lu;0;L;;;;;N;;Khutsuri;;; +10BC;GEORGIAN CAPITAL LETTER CIL;Lu;0;L;;;;;N;;Khutsuri;;; +10BD;GEORGIAN CAPITAL LETTER CHAR;Lu;0;L;;;;;N;;Khutsuri;;; +10BE;GEORGIAN CAPITAL LETTER XAN;Lu;0;L;;;;;N;;Khutsuri;;; +10BF;GEORGIAN CAPITAL LETTER JHAN;Lu;0;L;;;;;N;;Khutsuri;;; +10C0;GEORGIAN CAPITAL LETTER HAE;Lu;0;L;;;;;N;;Khutsuri;;; +10C1;GEORGIAN CAPITAL LETTER HE;Lu;0;L;;;;;N;;Khutsuri;;; +10C2;GEORGIAN CAPITAL LETTER HIE;Lu;0;L;;;;;N;;Khutsuri;;; +10C3;GEORGIAN CAPITAL LETTER WE;Lu;0;L;;;;;N;;Khutsuri;;; +10C4;GEORGIAN CAPITAL LETTER HAR;Lu;0;L;;;;;N;;Khutsuri;;; +10C5;GEORGIAN CAPITAL LETTER HOE;Lu;0;L;;;;;N;;Khutsuri;;; +10D0;GEORGIAN LETTER AN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER AN;;;; +10D1;GEORGIAN LETTER BAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER BAN;;;; +10D2;GEORGIAN LETTER GAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER GAN;;;; +10D3;GEORGIAN LETTER DON;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER DON;;;; +10D4;GEORGIAN LETTER EN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER EN;;;; +10D5;GEORGIAN LETTER VIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER VIN;;;; +10D6;GEORGIAN LETTER ZEN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ZEN;;;; +10D7;GEORGIAN LETTER TAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER TAN;;;; +10D8;GEORGIAN LETTER IN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER IN;;;; +10D9;GEORGIAN LETTER KAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER KAN;;;; +10DA;GEORGIAN LETTER LAS;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER LAS;;;; +10DB;GEORGIAN LETTER MAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER MAN;;;; +10DC;GEORGIAN LETTER NAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER NAR;;;; +10DD;GEORGIAN LETTER ON;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ON;;;; +10DE;GEORGIAN LETTER PAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER PAR;;;; +10DF;GEORGIAN LETTER ZHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER ZHAR;;;; +10E0;GEORGIAN LETTER RAE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER RAE;;;; +10E1;GEORGIAN LETTER SAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER SAN;;;; +10E2;GEORGIAN LETTER TAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER TAR;;;; +10E3;GEORGIAN LETTER UN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER UN;;;; +10E4;GEORGIAN LETTER PHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER PHAR;;;; +10E5;GEORGIAN LETTER KHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER KHAR;;;; +10E6;GEORGIAN LETTER GHAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER GHAN;;;; +10E7;GEORGIAN LETTER QAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER QAR;;;; +10E8;GEORGIAN LETTER SHIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER SHIN;;;; +10E9;GEORGIAN LETTER CHIN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CHIN;;;; +10EA;GEORGIAN LETTER CAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CAN;;;; +10EB;GEORGIAN LETTER JIL;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER JIL;;;; +10EC;GEORGIAN LETTER CIL;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CIL;;;; +10ED;GEORGIAN LETTER CHAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER CHAR;;;; +10EE;GEORGIAN LETTER XAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER XAN;;;; +10EF;GEORGIAN LETTER JHAN;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER JHAN;;;; +10F0;GEORGIAN LETTER HAE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HAE;;;; +10F1;GEORGIAN LETTER HE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HE;;;; +10F2;GEORGIAN LETTER HIE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HIE;;;; +10F3;GEORGIAN LETTER WE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER WE;;;; +10F4;GEORGIAN LETTER HAR;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HAR;;;; +10F5;GEORGIAN LETTER HOE;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER HOE;;;; +10F6;GEORGIAN LETTER FI;Lo;0;L;;;;;N;GEORGIAN SMALL LETTER FI;;;; +10F7;GEORGIAN LETTER YN;Lo;0;L;;;;;N;;;;; +10F8;GEORGIAN LETTER ELIFI;Lo;0;L;;;;;N;;;;; +10FB;GEORGIAN PARAGRAPH SEPARATOR;Po;0;L;;;;;N;;;;; +1100;HANGUL CHOSEONG KIYEOK;Lo;0;L;;;;;N;;g *;;; +1101;HANGUL CHOSEONG SSANGKIYEOK;Lo;0;L;;;;;N;;gg *;;; +1102;HANGUL CHOSEONG NIEUN;Lo;0;L;;;;;N;;n *;;; +1103;HANGUL CHOSEONG TIKEUT;Lo;0;L;;;;;N;;d *;;; +1104;HANGUL CHOSEONG SSANGTIKEUT;Lo;0;L;;;;;N;;dd *;;; +1105;HANGUL CHOSEONG RIEUL;Lo;0;L;;;;;N;;r *;;; +1106;HANGUL CHOSEONG MIEUM;Lo;0;L;;;;;N;;m *;;; +1107;HANGUL CHOSEONG PIEUP;Lo;0;L;;;;;N;;b *;;; +1108;HANGUL CHOSEONG SSANGPIEUP;Lo;0;L;;;;;N;;bb *;;; +1109;HANGUL CHOSEONG SIOS;Lo;0;L;;;;;N;;s *;;; +110A;HANGUL CHOSEONG SSANGSIOS;Lo;0;L;;;;;N;;ss *;;; +110B;HANGUL CHOSEONG IEUNG;Lo;0;L;;;;;N;;;;; +110C;HANGUL CHOSEONG CIEUC;Lo;0;L;;;;;N;;j *;;; +110D;HANGUL CHOSEONG SSANGCIEUC;Lo;0;L;;;;;N;;jj *;;; +110E;HANGUL CHOSEONG CHIEUCH;Lo;0;L;;;;;N;;c *;;; +110F;HANGUL CHOSEONG KHIEUKH;Lo;0;L;;;;;N;;k *;;; +1110;HANGUL CHOSEONG THIEUTH;Lo;0;L;;;;;N;;t *;;; +1111;HANGUL CHOSEONG PHIEUPH;Lo;0;L;;;;;N;;p *;;; +1112;HANGUL CHOSEONG HIEUH;Lo;0;L;;;;;N;;h *;;; +1113;HANGUL CHOSEONG NIEUN-KIYEOK;Lo;0;L;;;;;N;;;;; +1114;HANGUL CHOSEONG SSANGNIEUN;Lo;0;L;;;;;N;;;;; +1115;HANGUL CHOSEONG NIEUN-TIKEUT;Lo;0;L;;;;;N;;;;; +1116;HANGUL CHOSEONG NIEUN-PIEUP;Lo;0;L;;;;;N;;;;; +1117;HANGUL CHOSEONG TIKEUT-KIYEOK;Lo;0;L;;;;;N;;;;; +1118;HANGUL CHOSEONG RIEUL-NIEUN;Lo;0;L;;;;;N;;;;; +1119;HANGUL CHOSEONG SSANGRIEUL;Lo;0;L;;;;;N;;;;; +111A;HANGUL CHOSEONG RIEUL-HIEUH;Lo;0;L;;;;;N;;;;; +111B;HANGUL CHOSEONG KAPYEOUNRIEUL;Lo;0;L;;;;;N;;;;; +111C;HANGUL CHOSEONG MIEUM-PIEUP;Lo;0;L;;;;;N;;;;; +111D;HANGUL CHOSEONG KAPYEOUNMIEUM;Lo;0;L;;;;;N;;;;; +111E;HANGUL CHOSEONG PIEUP-KIYEOK;Lo;0;L;;;;;N;;;;; +111F;HANGUL CHOSEONG PIEUP-NIEUN;Lo;0;L;;;;;N;;;;; +1120;HANGUL CHOSEONG PIEUP-TIKEUT;Lo;0;L;;;;;N;;;;; +1121;HANGUL CHOSEONG PIEUP-SIOS;Lo;0;L;;;;;N;;;;; +1122;HANGUL CHOSEONG PIEUP-SIOS-KIYEOK;Lo;0;L;;;;;N;;;;; +1123;HANGUL CHOSEONG PIEUP-SIOS-TIKEUT;Lo;0;L;;;;;N;;;;; +1124;HANGUL CHOSEONG PIEUP-SIOS-PIEUP;Lo;0;L;;;;;N;;;;; +1125;HANGUL CHOSEONG PIEUP-SSANGSIOS;Lo;0;L;;;;;N;;;;; +1126;HANGUL CHOSEONG PIEUP-SIOS-CIEUC;Lo;0;L;;;;;N;;;;; +1127;HANGUL CHOSEONG PIEUP-CIEUC;Lo;0;L;;;;;N;;;;; +1128;HANGUL CHOSEONG PIEUP-CHIEUCH;Lo;0;L;;;;;N;;;;; +1129;HANGUL CHOSEONG PIEUP-THIEUTH;Lo;0;L;;;;;N;;;;; +112A;HANGUL CHOSEONG PIEUP-PHIEUPH;Lo;0;L;;;;;N;;;;; +112B;HANGUL CHOSEONG KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;; +112C;HANGUL CHOSEONG KAPYEOUNSSANGPIEUP;Lo;0;L;;;;;N;;;;; +112D;HANGUL CHOSEONG SIOS-KIYEOK;Lo;0;L;;;;;N;;;;; +112E;HANGUL CHOSEONG SIOS-NIEUN;Lo;0;L;;;;;N;;;;; +112F;HANGUL CHOSEONG SIOS-TIKEUT;Lo;0;L;;;;;N;;;;; +1130;HANGUL CHOSEONG SIOS-RIEUL;Lo;0;L;;;;;N;;;;; +1131;HANGUL CHOSEONG SIOS-MIEUM;Lo;0;L;;;;;N;;;;; +1132;HANGUL CHOSEONG SIOS-PIEUP;Lo;0;L;;;;;N;;;;; +1133;HANGUL CHOSEONG SIOS-PIEUP-KIYEOK;Lo;0;L;;;;;N;;;;; +1134;HANGUL CHOSEONG SIOS-SSANGSIOS;Lo;0;L;;;;;N;;;;; +1135;HANGUL CHOSEONG SIOS-IEUNG;Lo;0;L;;;;;N;;;;; +1136;HANGUL CHOSEONG SIOS-CIEUC;Lo;0;L;;;;;N;;;;; +1137;HANGUL CHOSEONG SIOS-CHIEUCH;Lo;0;L;;;;;N;;;;; +1138;HANGUL CHOSEONG SIOS-KHIEUKH;Lo;0;L;;;;;N;;;;; +1139;HANGUL CHOSEONG SIOS-THIEUTH;Lo;0;L;;;;;N;;;;; +113A;HANGUL CHOSEONG SIOS-PHIEUPH;Lo;0;L;;;;;N;;;;; +113B;HANGUL CHOSEONG SIOS-HIEUH;Lo;0;L;;;;;N;;;;; +113C;HANGUL CHOSEONG CHITUEUMSIOS;Lo;0;L;;;;;N;;;;; +113D;HANGUL CHOSEONG CHITUEUMSSANGSIOS;Lo;0;L;;;;;N;;;;; +113E;HANGUL CHOSEONG CEONGCHIEUMSIOS;Lo;0;L;;;;;N;;;;; +113F;HANGUL CHOSEONG CEONGCHIEUMSSANGSIOS;Lo;0;L;;;;;N;;;;; +1140;HANGUL CHOSEONG PANSIOS;Lo;0;L;;;;;N;;;;; +1141;HANGUL CHOSEONG IEUNG-KIYEOK;Lo;0;L;;;;;N;;;;; +1142;HANGUL CHOSEONG IEUNG-TIKEUT;Lo;0;L;;;;;N;;;;; +1143;HANGUL CHOSEONG IEUNG-MIEUM;Lo;0;L;;;;;N;;;;; +1144;HANGUL CHOSEONG IEUNG-PIEUP;Lo;0;L;;;;;N;;;;; +1145;HANGUL CHOSEONG IEUNG-SIOS;Lo;0;L;;;;;N;;;;; +1146;HANGUL CHOSEONG IEUNG-PANSIOS;Lo;0;L;;;;;N;;;;; +1147;HANGUL CHOSEONG SSANGIEUNG;Lo;0;L;;;;;N;;;;; +1148;HANGUL CHOSEONG IEUNG-CIEUC;Lo;0;L;;;;;N;;;;; +1149;HANGUL CHOSEONG IEUNG-CHIEUCH;Lo;0;L;;;;;N;;;;; +114A;HANGUL CHOSEONG IEUNG-THIEUTH;Lo;0;L;;;;;N;;;;; +114B;HANGUL CHOSEONG IEUNG-PHIEUPH;Lo;0;L;;;;;N;;;;; +114C;HANGUL CHOSEONG YESIEUNG;Lo;0;L;;;;;N;;;;; +114D;HANGUL CHOSEONG CIEUC-IEUNG;Lo;0;L;;;;;N;;;;; +114E;HANGUL CHOSEONG CHITUEUMCIEUC;Lo;0;L;;;;;N;;;;; +114F;HANGUL CHOSEONG CHITUEUMSSANGCIEUC;Lo;0;L;;;;;N;;;;; +1150;HANGUL CHOSEONG CEONGCHIEUMCIEUC;Lo;0;L;;;;;N;;;;; +1151;HANGUL CHOSEONG CEONGCHIEUMSSANGCIEUC;Lo;0;L;;;;;N;;;;; +1152;HANGUL CHOSEONG CHIEUCH-KHIEUKH;Lo;0;L;;;;;N;;;;; +1153;HANGUL CHOSEONG CHIEUCH-HIEUH;Lo;0;L;;;;;N;;;;; +1154;HANGUL CHOSEONG CHITUEUMCHIEUCH;Lo;0;L;;;;;N;;;;; +1155;HANGUL CHOSEONG CEONGCHIEUMCHIEUCH;Lo;0;L;;;;;N;;;;; +1156;HANGUL CHOSEONG PHIEUPH-PIEUP;Lo;0;L;;;;;N;;;;; +1157;HANGUL CHOSEONG KAPYEOUNPHIEUPH;Lo;0;L;;;;;N;;;;; +1158;HANGUL CHOSEONG SSANGHIEUH;Lo;0;L;;;;;N;;;;; +1159;HANGUL CHOSEONG YEORINHIEUH;Lo;0;L;;;;;N;;;;; +115F;HANGUL CHOSEONG FILLER;Lo;0;L;;;;;N;;;;; +1160;HANGUL JUNGSEONG FILLER;Lo;0;L;;;;;N;;;;; +1161;HANGUL JUNGSEONG A;Lo;0;L;;;;;N;;;;; +1162;HANGUL JUNGSEONG AE;Lo;0;L;;;;;N;;;;; +1163;HANGUL JUNGSEONG YA;Lo;0;L;;;;;N;;;;; +1164;HANGUL JUNGSEONG YAE;Lo;0;L;;;;;N;;;;; +1165;HANGUL JUNGSEONG EO;Lo;0;L;;;;;N;;;;; +1166;HANGUL JUNGSEONG E;Lo;0;L;;;;;N;;;;; +1167;HANGUL JUNGSEONG YEO;Lo;0;L;;;;;N;;;;; +1168;HANGUL JUNGSEONG YE;Lo;0;L;;;;;N;;;;; +1169;HANGUL JUNGSEONG O;Lo;0;L;;;;;N;;;;; +116A;HANGUL JUNGSEONG WA;Lo;0;L;;;;;N;;;;; +116B;HANGUL JUNGSEONG WAE;Lo;0;L;;;;;N;;;;; +116C;HANGUL JUNGSEONG OE;Lo;0;L;;;;;N;;;;; +116D;HANGUL JUNGSEONG YO;Lo;0;L;;;;;N;;;;; +116E;HANGUL JUNGSEONG U;Lo;0;L;;;;;N;;;;; +116F;HANGUL JUNGSEONG WEO;Lo;0;L;;;;;N;;;;; +1170;HANGUL JUNGSEONG WE;Lo;0;L;;;;;N;;;;; +1171;HANGUL JUNGSEONG WI;Lo;0;L;;;;;N;;;;; +1172;HANGUL JUNGSEONG YU;Lo;0;L;;;;;N;;;;; +1173;HANGUL JUNGSEONG EU;Lo;0;L;;;;;N;;;;; +1174;HANGUL JUNGSEONG YI;Lo;0;L;;;;;N;;;;; +1175;HANGUL JUNGSEONG I;Lo;0;L;;;;;N;;;;; +1176;HANGUL JUNGSEONG A-O;Lo;0;L;;;;;N;;;;; +1177;HANGUL JUNGSEONG A-U;Lo;0;L;;;;;N;;;;; +1178;HANGUL JUNGSEONG YA-O;Lo;0;L;;;;;N;;;;; +1179;HANGUL JUNGSEONG YA-YO;Lo;0;L;;;;;N;;;;; +117A;HANGUL JUNGSEONG EO-O;Lo;0;L;;;;;N;;;;; +117B;HANGUL JUNGSEONG EO-U;Lo;0;L;;;;;N;;;;; +117C;HANGUL JUNGSEONG EO-EU;Lo;0;L;;;;;N;;;;; +117D;HANGUL JUNGSEONG YEO-O;Lo;0;L;;;;;N;;;;; +117E;HANGUL JUNGSEONG YEO-U;Lo;0;L;;;;;N;;;;; +117F;HANGUL JUNGSEONG O-EO;Lo;0;L;;;;;N;;;;; +1180;HANGUL JUNGSEONG O-E;Lo;0;L;;;;;N;;;;; +1181;HANGUL JUNGSEONG O-YE;Lo;0;L;;;;;N;;;;; +1182;HANGUL JUNGSEONG O-O;Lo;0;L;;;;;N;;;;; +1183;HANGUL JUNGSEONG O-U;Lo;0;L;;;;;N;;;;; +1184;HANGUL JUNGSEONG YO-YA;Lo;0;L;;;;;N;;;;; +1185;HANGUL JUNGSEONG YO-YAE;Lo;0;L;;;;;N;;;;; +1186;HANGUL JUNGSEONG YO-YEO;Lo;0;L;;;;;N;;;;; +1187;HANGUL JUNGSEONG YO-O;Lo;0;L;;;;;N;;;;; +1188;HANGUL JUNGSEONG YO-I;Lo;0;L;;;;;N;;;;; +1189;HANGUL JUNGSEONG U-A;Lo;0;L;;;;;N;;;;; +118A;HANGUL JUNGSEONG U-AE;Lo;0;L;;;;;N;;;;; +118B;HANGUL JUNGSEONG U-EO-EU;Lo;0;L;;;;;N;;;;; +118C;HANGUL JUNGSEONG U-YE;Lo;0;L;;;;;N;;;;; +118D;HANGUL JUNGSEONG U-U;Lo;0;L;;;;;N;;;;; +118E;HANGUL JUNGSEONG YU-A;Lo;0;L;;;;;N;;;;; +118F;HANGUL JUNGSEONG YU-EO;Lo;0;L;;;;;N;;;;; +1190;HANGUL JUNGSEONG YU-E;Lo;0;L;;;;;N;;;;; +1191;HANGUL JUNGSEONG YU-YEO;Lo;0;L;;;;;N;;;;; +1192;HANGUL JUNGSEONG YU-YE;Lo;0;L;;;;;N;;;;; +1193;HANGUL JUNGSEONG YU-U;Lo;0;L;;;;;N;;;;; +1194;HANGUL JUNGSEONG YU-I;Lo;0;L;;;;;N;;;;; +1195;HANGUL JUNGSEONG EU-U;Lo;0;L;;;;;N;;;;; +1196;HANGUL JUNGSEONG EU-EU;Lo;0;L;;;;;N;;;;; +1197;HANGUL JUNGSEONG YI-U;Lo;0;L;;;;;N;;;;; +1198;HANGUL JUNGSEONG I-A;Lo;0;L;;;;;N;;;;; +1199;HANGUL JUNGSEONG I-YA;Lo;0;L;;;;;N;;;;; +119A;HANGUL JUNGSEONG I-O;Lo;0;L;;;;;N;;;;; +119B;HANGUL JUNGSEONG I-U;Lo;0;L;;;;;N;;;;; +119C;HANGUL JUNGSEONG I-EU;Lo;0;L;;;;;N;;;;; +119D;HANGUL JUNGSEONG I-ARAEA;Lo;0;L;;;;;N;;;;; +119E;HANGUL JUNGSEONG ARAEA;Lo;0;L;;;;;N;;;;; +119F;HANGUL JUNGSEONG ARAEA-EO;Lo;0;L;;;;;N;;;;; +11A0;HANGUL JUNGSEONG ARAEA-U;Lo;0;L;;;;;N;;;;; +11A1;HANGUL JUNGSEONG ARAEA-I;Lo;0;L;;;;;N;;;;; +11A2;HANGUL JUNGSEONG SSANGARAEA;Lo;0;L;;;;;N;;;;; +11A8;HANGUL JONGSEONG KIYEOK;Lo;0;L;;;;;N;;g *;;; +11A9;HANGUL JONGSEONG SSANGKIYEOK;Lo;0;L;;;;;N;;gg *;;; +11AA;HANGUL JONGSEONG KIYEOK-SIOS;Lo;0;L;;;;;N;;gs *;;; +11AB;HANGUL JONGSEONG NIEUN;Lo;0;L;;;;;N;;n *;;; +11AC;HANGUL JONGSEONG NIEUN-CIEUC;Lo;0;L;;;;;N;;nj *;;; +11AD;HANGUL JONGSEONG NIEUN-HIEUH;Lo;0;L;;;;;N;;nh *;;; +11AE;HANGUL JONGSEONG TIKEUT;Lo;0;L;;;;;N;;d *;;; +11AF;HANGUL JONGSEONG RIEUL;Lo;0;L;;;;;N;;l *;;; +11B0;HANGUL JONGSEONG RIEUL-KIYEOK;Lo;0;L;;;;;N;;lg *;;; +11B1;HANGUL JONGSEONG RIEUL-MIEUM;Lo;0;L;;;;;N;;lm *;;; +11B2;HANGUL JONGSEONG RIEUL-PIEUP;Lo;0;L;;;;;N;;lb *;;; +11B3;HANGUL JONGSEONG RIEUL-SIOS;Lo;0;L;;;;;N;;ls *;;; +11B4;HANGUL JONGSEONG RIEUL-THIEUTH;Lo;0;L;;;;;N;;lt *;;; +11B5;HANGUL JONGSEONG RIEUL-PHIEUPH;Lo;0;L;;;;;N;;lp *;;; +11B6;HANGUL JONGSEONG RIEUL-HIEUH;Lo;0;L;;;;;N;;lh *;;; +11B7;HANGUL JONGSEONG MIEUM;Lo;0;L;;;;;N;;m *;;; +11B8;HANGUL JONGSEONG PIEUP;Lo;0;L;;;;;N;;b *;;; +11B9;HANGUL JONGSEONG PIEUP-SIOS;Lo;0;L;;;;;N;;bs *;;; +11BA;HANGUL JONGSEONG SIOS;Lo;0;L;;;;;N;;s *;;; +11BB;HANGUL JONGSEONG SSANGSIOS;Lo;0;L;;;;;N;;ss *;;; +11BC;HANGUL JONGSEONG IEUNG;Lo;0;L;;;;;N;;ng *;;; +11BD;HANGUL JONGSEONG CIEUC;Lo;0;L;;;;;N;;j *;;; +11BE;HANGUL JONGSEONG CHIEUCH;Lo;0;L;;;;;N;;c *;;; +11BF;HANGUL JONGSEONG KHIEUKH;Lo;0;L;;;;;N;;k *;;; +11C0;HANGUL JONGSEONG THIEUTH;Lo;0;L;;;;;N;;t *;;; +11C1;HANGUL JONGSEONG PHIEUPH;Lo;0;L;;;;;N;;p *;;; +11C2;HANGUL JONGSEONG HIEUH;Lo;0;L;;;;;N;;h *;;; +11C3;HANGUL JONGSEONG KIYEOK-RIEUL;Lo;0;L;;;;;N;;;;; +11C4;HANGUL JONGSEONG KIYEOK-SIOS-KIYEOK;Lo;0;L;;;;;N;;;;; +11C5;HANGUL JONGSEONG NIEUN-KIYEOK;Lo;0;L;;;;;N;;;;; +11C6;HANGUL JONGSEONG NIEUN-TIKEUT;Lo;0;L;;;;;N;;;;; +11C7;HANGUL JONGSEONG NIEUN-SIOS;Lo;0;L;;;;;N;;;;; +11C8;HANGUL JONGSEONG NIEUN-PANSIOS;Lo;0;L;;;;;N;;;;; +11C9;HANGUL JONGSEONG NIEUN-THIEUTH;Lo;0;L;;;;;N;;;;; +11CA;HANGUL JONGSEONG TIKEUT-KIYEOK;Lo;0;L;;;;;N;;;;; +11CB;HANGUL JONGSEONG TIKEUT-RIEUL;Lo;0;L;;;;;N;;;;; +11CC;HANGUL JONGSEONG RIEUL-KIYEOK-SIOS;Lo;0;L;;;;;N;;;;; +11CD;HANGUL JONGSEONG RIEUL-NIEUN;Lo;0;L;;;;;N;;;;; +11CE;HANGUL JONGSEONG RIEUL-TIKEUT;Lo;0;L;;;;;N;;;;; +11CF;HANGUL JONGSEONG RIEUL-TIKEUT-HIEUH;Lo;0;L;;;;;N;;;;; +11D0;HANGUL JONGSEONG SSANGRIEUL;Lo;0;L;;;;;N;;;;; +11D1;HANGUL JONGSEONG RIEUL-MIEUM-KIYEOK;Lo;0;L;;;;;N;;;;; +11D2;HANGUL JONGSEONG RIEUL-MIEUM-SIOS;Lo;0;L;;;;;N;;;;; +11D3;HANGUL JONGSEONG RIEUL-PIEUP-SIOS;Lo;0;L;;;;;N;;;;; +11D4;HANGUL JONGSEONG RIEUL-PIEUP-HIEUH;Lo;0;L;;;;;N;;;;; +11D5;HANGUL JONGSEONG RIEUL-KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;; +11D6;HANGUL JONGSEONG RIEUL-SSANGSIOS;Lo;0;L;;;;;N;;;;; +11D7;HANGUL JONGSEONG RIEUL-PANSIOS;Lo;0;L;;;;;N;;;;; +11D8;HANGUL JONGSEONG RIEUL-KHIEUKH;Lo;0;L;;;;;N;;;;; +11D9;HANGUL JONGSEONG RIEUL-YEORINHIEUH;Lo;0;L;;;;;N;;;;; +11DA;HANGUL JONGSEONG MIEUM-KIYEOK;Lo;0;L;;;;;N;;;;; +11DB;HANGUL JONGSEONG MIEUM-RIEUL;Lo;0;L;;;;;N;;;;; +11DC;HANGUL JONGSEONG MIEUM-PIEUP;Lo;0;L;;;;;N;;;;; +11DD;HANGUL JONGSEONG MIEUM-SIOS;Lo;0;L;;;;;N;;;;; +11DE;HANGUL JONGSEONG MIEUM-SSANGSIOS;Lo;0;L;;;;;N;;;;; +11DF;HANGUL JONGSEONG MIEUM-PANSIOS;Lo;0;L;;;;;N;;;;; +11E0;HANGUL JONGSEONG MIEUM-CHIEUCH;Lo;0;L;;;;;N;;;;; +11E1;HANGUL JONGSEONG MIEUM-HIEUH;Lo;0;L;;;;;N;;;;; +11E2;HANGUL JONGSEONG KAPYEOUNMIEUM;Lo;0;L;;;;;N;;;;; +11E3;HANGUL JONGSEONG PIEUP-RIEUL;Lo;0;L;;;;;N;;;;; +11E4;HANGUL JONGSEONG PIEUP-PHIEUPH;Lo;0;L;;;;;N;;;;; +11E5;HANGUL JONGSEONG PIEUP-HIEUH;Lo;0;L;;;;;N;;;;; +11E6;HANGUL JONGSEONG KAPYEOUNPIEUP;Lo;0;L;;;;;N;;;;; +11E7;HANGUL JONGSEONG SIOS-KIYEOK;Lo;0;L;;;;;N;;;;; +11E8;HANGUL JONGSEONG SIOS-TIKEUT;Lo;0;L;;;;;N;;;;; +11E9;HANGUL JONGSEONG SIOS-RIEUL;Lo;0;L;;;;;N;;;;; +11EA;HANGUL JONGSEONG SIOS-PIEUP;Lo;0;L;;;;;N;;;;; +11EB;HANGUL JONGSEONG PANSIOS;Lo;0;L;;;;;N;;;;; +11EC;HANGUL JONGSEONG IEUNG-KIYEOK;Lo;0;L;;;;;N;;;;; +11ED;HANGUL JONGSEONG IEUNG-SSANGKIYEOK;Lo;0;L;;;;;N;;;;; +11EE;HANGUL JONGSEONG SSANGIEUNG;Lo;0;L;;;;;N;;;;; +11EF;HANGUL JONGSEONG IEUNG-KHIEUKH;Lo;0;L;;;;;N;;;;; +11F0;HANGUL JONGSEONG YESIEUNG;Lo;0;L;;;;;N;;;;; +11F1;HANGUL JONGSEONG YESIEUNG-SIOS;Lo;0;L;;;;;N;;;;; +11F2;HANGUL JONGSEONG YESIEUNG-PANSIOS;Lo;0;L;;;;;N;;;;; +11F3;HANGUL JONGSEONG PHIEUPH-PIEUP;Lo;0;L;;;;;N;;;;; +11F4;HANGUL JONGSEONG KAPYEOUNPHIEUPH;Lo;0;L;;;;;N;;;;; +11F5;HANGUL JONGSEONG HIEUH-NIEUN;Lo;0;L;;;;;N;;;;; +11F6;HANGUL JONGSEONG HIEUH-RIEUL;Lo;0;L;;;;;N;;;;; +11F7;HANGUL JONGSEONG HIEUH-MIEUM;Lo;0;L;;;;;N;;;;; +11F8;HANGUL JONGSEONG HIEUH-PIEUP;Lo;0;L;;;;;N;;;;; +11F9;HANGUL JONGSEONG YEORINHIEUH;Lo;0;L;;;;;N;;;;; +1200;ETHIOPIC SYLLABLE HA;Lo;0;L;;;;;N;;;;; +1201;ETHIOPIC SYLLABLE HU;Lo;0;L;;;;;N;;;;; +1202;ETHIOPIC SYLLABLE HI;Lo;0;L;;;;;N;;;;; +1203;ETHIOPIC SYLLABLE HAA;Lo;0;L;;;;;N;;;;; +1204;ETHIOPIC SYLLABLE HEE;Lo;0;L;;;;;N;;;;; +1205;ETHIOPIC SYLLABLE HE;Lo;0;L;;;;;N;;;;; +1206;ETHIOPIC SYLLABLE HO;Lo;0;L;;;;;N;;;;; +1208;ETHIOPIC SYLLABLE LA;Lo;0;L;;;;;N;;;;; +1209;ETHIOPIC SYLLABLE LU;Lo;0;L;;;;;N;;;;; +120A;ETHIOPIC SYLLABLE LI;Lo;0;L;;;;;N;;;;; +120B;ETHIOPIC SYLLABLE LAA;Lo;0;L;;;;;N;;;;; +120C;ETHIOPIC SYLLABLE LEE;Lo;0;L;;;;;N;;;;; +120D;ETHIOPIC SYLLABLE LE;Lo;0;L;;;;;N;;;;; +120E;ETHIOPIC SYLLABLE LO;Lo;0;L;;;;;N;;;;; +120F;ETHIOPIC SYLLABLE LWA;Lo;0;L;;;;;N;;;;; +1210;ETHIOPIC SYLLABLE HHA;Lo;0;L;;;;;N;;;;; +1211;ETHIOPIC SYLLABLE HHU;Lo;0;L;;;;;N;;;;; +1212;ETHIOPIC SYLLABLE HHI;Lo;0;L;;;;;N;;;;; +1213;ETHIOPIC SYLLABLE HHAA;Lo;0;L;;;;;N;;;;; +1214;ETHIOPIC SYLLABLE HHEE;Lo;0;L;;;;;N;;;;; +1215;ETHIOPIC SYLLABLE HHE;Lo;0;L;;;;;N;;;;; +1216;ETHIOPIC SYLLABLE HHO;Lo;0;L;;;;;N;;;;; +1217;ETHIOPIC SYLLABLE HHWA;Lo;0;L;;;;;N;;;;; +1218;ETHIOPIC SYLLABLE MA;Lo;0;L;;;;;N;;;;; +1219;ETHIOPIC SYLLABLE MU;Lo;0;L;;;;;N;;;;; +121A;ETHIOPIC SYLLABLE MI;Lo;0;L;;;;;N;;;;; +121B;ETHIOPIC SYLLABLE MAA;Lo;0;L;;;;;N;;;;; +121C;ETHIOPIC SYLLABLE MEE;Lo;0;L;;;;;N;;;;; +121D;ETHIOPIC SYLLABLE ME;Lo;0;L;;;;;N;;;;; +121E;ETHIOPIC SYLLABLE MO;Lo;0;L;;;;;N;;;;; +121F;ETHIOPIC SYLLABLE MWA;Lo;0;L;;;;;N;;;;; +1220;ETHIOPIC SYLLABLE SZA;Lo;0;L;;;;;N;;;;; +1221;ETHIOPIC SYLLABLE SZU;Lo;0;L;;;;;N;;;;; +1222;ETHIOPIC SYLLABLE SZI;Lo;0;L;;;;;N;;;;; +1223;ETHIOPIC SYLLABLE SZAA;Lo;0;L;;;;;N;;;;; +1224;ETHIOPIC SYLLABLE SZEE;Lo;0;L;;;;;N;;;;; +1225;ETHIOPIC SYLLABLE SZE;Lo;0;L;;;;;N;;;;; +1226;ETHIOPIC SYLLABLE SZO;Lo;0;L;;;;;N;;;;; +1227;ETHIOPIC SYLLABLE SZWA;Lo;0;L;;;;;N;;;;; +1228;ETHIOPIC SYLLABLE RA;Lo;0;L;;;;;N;;;;; +1229;ETHIOPIC SYLLABLE RU;Lo;0;L;;;;;N;;;;; +122A;ETHIOPIC SYLLABLE RI;Lo;0;L;;;;;N;;;;; +122B;ETHIOPIC SYLLABLE RAA;Lo;0;L;;;;;N;;;;; +122C;ETHIOPIC SYLLABLE REE;Lo;0;L;;;;;N;;;;; +122D;ETHIOPIC SYLLABLE RE;Lo;0;L;;;;;N;;;;; +122E;ETHIOPIC SYLLABLE RO;Lo;0;L;;;;;N;;;;; +122F;ETHIOPIC SYLLABLE RWA;Lo;0;L;;;;;N;;;;; +1230;ETHIOPIC SYLLABLE SA;Lo;0;L;;;;;N;;;;; +1231;ETHIOPIC SYLLABLE SU;Lo;0;L;;;;;N;;;;; +1232;ETHIOPIC SYLLABLE SI;Lo;0;L;;;;;N;;;;; +1233;ETHIOPIC SYLLABLE SAA;Lo;0;L;;;;;N;;;;; +1234;ETHIOPIC SYLLABLE SEE;Lo;0;L;;;;;N;;;;; +1235;ETHIOPIC SYLLABLE SE;Lo;0;L;;;;;N;;;;; +1236;ETHIOPIC SYLLABLE SO;Lo;0;L;;;;;N;;;;; +1237;ETHIOPIC SYLLABLE SWA;Lo;0;L;;;;;N;;;;; +1238;ETHIOPIC SYLLABLE SHA;Lo;0;L;;;;;N;;;;; +1239;ETHIOPIC SYLLABLE SHU;Lo;0;L;;;;;N;;;;; +123A;ETHIOPIC SYLLABLE SHI;Lo;0;L;;;;;N;;;;; +123B;ETHIOPIC SYLLABLE SHAA;Lo;0;L;;;;;N;;;;; +123C;ETHIOPIC SYLLABLE SHEE;Lo;0;L;;;;;N;;;;; +123D;ETHIOPIC SYLLABLE SHE;Lo;0;L;;;;;N;;;;; +123E;ETHIOPIC SYLLABLE SHO;Lo;0;L;;;;;N;;;;; +123F;ETHIOPIC SYLLABLE SHWA;Lo;0;L;;;;;N;;;;; +1240;ETHIOPIC SYLLABLE QA;Lo;0;L;;;;;N;;;;; +1241;ETHIOPIC SYLLABLE QU;Lo;0;L;;;;;N;;;;; +1242;ETHIOPIC SYLLABLE QI;Lo;0;L;;;;;N;;;;; +1243;ETHIOPIC SYLLABLE QAA;Lo;0;L;;;;;N;;;;; +1244;ETHIOPIC SYLLABLE QEE;Lo;0;L;;;;;N;;;;; +1245;ETHIOPIC SYLLABLE QE;Lo;0;L;;;;;N;;;;; +1246;ETHIOPIC SYLLABLE QO;Lo;0;L;;;;;N;;;;; +1248;ETHIOPIC SYLLABLE QWA;Lo;0;L;;;;;N;;;;; +124A;ETHIOPIC SYLLABLE QWI;Lo;0;L;;;;;N;;;;; +124B;ETHIOPIC SYLLABLE QWAA;Lo;0;L;;;;;N;;;;; +124C;ETHIOPIC SYLLABLE QWEE;Lo;0;L;;;;;N;;;;; +124D;ETHIOPIC SYLLABLE QWE;Lo;0;L;;;;;N;;;;; +1250;ETHIOPIC SYLLABLE QHA;Lo;0;L;;;;;N;;;;; +1251;ETHIOPIC SYLLABLE QHU;Lo;0;L;;;;;N;;;;; +1252;ETHIOPIC SYLLABLE QHI;Lo;0;L;;;;;N;;;;; +1253;ETHIOPIC SYLLABLE QHAA;Lo;0;L;;;;;N;;;;; +1254;ETHIOPIC SYLLABLE QHEE;Lo;0;L;;;;;N;;;;; +1255;ETHIOPIC SYLLABLE QHE;Lo;0;L;;;;;N;;;;; +1256;ETHIOPIC SYLLABLE QHO;Lo;0;L;;;;;N;;;;; +1258;ETHIOPIC SYLLABLE QHWA;Lo;0;L;;;;;N;;;;; +125A;ETHIOPIC SYLLABLE QHWI;Lo;0;L;;;;;N;;;;; +125B;ETHIOPIC SYLLABLE QHWAA;Lo;0;L;;;;;N;;;;; +125C;ETHIOPIC SYLLABLE QHWEE;Lo;0;L;;;;;N;;;;; +125D;ETHIOPIC SYLLABLE QHWE;Lo;0;L;;;;;N;;;;; +1260;ETHIOPIC SYLLABLE BA;Lo;0;L;;;;;N;;;;; +1261;ETHIOPIC SYLLABLE BU;Lo;0;L;;;;;N;;;;; +1262;ETHIOPIC SYLLABLE BI;Lo;0;L;;;;;N;;;;; +1263;ETHIOPIC SYLLABLE BAA;Lo;0;L;;;;;N;;;;; +1264;ETHIOPIC SYLLABLE BEE;Lo;0;L;;;;;N;;;;; +1265;ETHIOPIC SYLLABLE BE;Lo;0;L;;;;;N;;;;; +1266;ETHIOPIC SYLLABLE BO;Lo;0;L;;;;;N;;;;; +1267;ETHIOPIC SYLLABLE BWA;Lo;0;L;;;;;N;;;;; +1268;ETHIOPIC SYLLABLE VA;Lo;0;L;;;;;N;;;;; +1269;ETHIOPIC SYLLABLE VU;Lo;0;L;;;;;N;;;;; +126A;ETHIOPIC SYLLABLE VI;Lo;0;L;;;;;N;;;;; +126B;ETHIOPIC SYLLABLE VAA;Lo;0;L;;;;;N;;;;; +126C;ETHIOPIC SYLLABLE VEE;Lo;0;L;;;;;N;;;;; +126D;ETHIOPIC SYLLABLE VE;Lo;0;L;;;;;N;;;;; +126E;ETHIOPIC SYLLABLE VO;Lo;0;L;;;;;N;;;;; +126F;ETHIOPIC SYLLABLE VWA;Lo;0;L;;;;;N;;;;; +1270;ETHIOPIC SYLLABLE TA;Lo;0;L;;;;;N;;;;; +1271;ETHIOPIC SYLLABLE TU;Lo;0;L;;;;;N;;;;; +1272;ETHIOPIC SYLLABLE TI;Lo;0;L;;;;;N;;;;; +1273;ETHIOPIC SYLLABLE TAA;Lo;0;L;;;;;N;;;;; +1274;ETHIOPIC SYLLABLE TEE;Lo;0;L;;;;;N;;;;; +1275;ETHIOPIC SYLLABLE TE;Lo;0;L;;;;;N;;;;; +1276;ETHIOPIC SYLLABLE TO;Lo;0;L;;;;;N;;;;; +1277;ETHIOPIC SYLLABLE TWA;Lo;0;L;;;;;N;;;;; +1278;ETHIOPIC SYLLABLE CA;Lo;0;L;;;;;N;;;;; +1279;ETHIOPIC SYLLABLE CU;Lo;0;L;;;;;N;;;;; +127A;ETHIOPIC SYLLABLE CI;Lo;0;L;;;;;N;;;;; +127B;ETHIOPIC SYLLABLE CAA;Lo;0;L;;;;;N;;;;; +127C;ETHIOPIC SYLLABLE CEE;Lo;0;L;;;;;N;;;;; +127D;ETHIOPIC SYLLABLE CE;Lo;0;L;;;;;N;;;;; +127E;ETHIOPIC SYLLABLE CO;Lo;0;L;;;;;N;;;;; +127F;ETHIOPIC SYLLABLE CWA;Lo;0;L;;;;;N;;;;; +1280;ETHIOPIC SYLLABLE XA;Lo;0;L;;;;;N;;;;; +1281;ETHIOPIC SYLLABLE XU;Lo;0;L;;;;;N;;;;; +1282;ETHIOPIC SYLLABLE XI;Lo;0;L;;;;;N;;;;; +1283;ETHIOPIC SYLLABLE XAA;Lo;0;L;;;;;N;;;;; +1284;ETHIOPIC SYLLABLE XEE;Lo;0;L;;;;;N;;;;; +1285;ETHIOPIC SYLLABLE XE;Lo;0;L;;;;;N;;;;; +1286;ETHIOPIC SYLLABLE XO;Lo;0;L;;;;;N;;;;; +1288;ETHIOPIC SYLLABLE XWA;Lo;0;L;;;;;N;;;;; +128A;ETHIOPIC SYLLABLE XWI;Lo;0;L;;;;;N;;;;; +128B;ETHIOPIC SYLLABLE XWAA;Lo;0;L;;;;;N;;;;; +128C;ETHIOPIC SYLLABLE XWEE;Lo;0;L;;;;;N;;;;; +128D;ETHIOPIC SYLLABLE XWE;Lo;0;L;;;;;N;;;;; +1290;ETHIOPIC SYLLABLE NA;Lo;0;L;;;;;N;;;;; +1291;ETHIOPIC SYLLABLE NU;Lo;0;L;;;;;N;;;;; +1292;ETHIOPIC SYLLABLE NI;Lo;0;L;;;;;N;;;;; +1293;ETHIOPIC SYLLABLE NAA;Lo;0;L;;;;;N;;;;; +1294;ETHIOPIC SYLLABLE NEE;Lo;0;L;;;;;N;;;;; +1295;ETHIOPIC SYLLABLE NE;Lo;0;L;;;;;N;;;;; +1296;ETHIOPIC SYLLABLE NO;Lo;0;L;;;;;N;;;;; +1297;ETHIOPIC SYLLABLE NWA;Lo;0;L;;;;;N;;;;; +1298;ETHIOPIC SYLLABLE NYA;Lo;0;L;;;;;N;;;;; +1299;ETHIOPIC SYLLABLE NYU;Lo;0;L;;;;;N;;;;; +129A;ETHIOPIC SYLLABLE NYI;Lo;0;L;;;;;N;;;;; +129B;ETHIOPIC SYLLABLE NYAA;Lo;0;L;;;;;N;;;;; +129C;ETHIOPIC SYLLABLE NYEE;Lo;0;L;;;;;N;;;;; +129D;ETHIOPIC SYLLABLE NYE;Lo;0;L;;;;;N;;;;; +129E;ETHIOPIC SYLLABLE NYO;Lo;0;L;;;;;N;;;;; +129F;ETHIOPIC SYLLABLE NYWA;Lo;0;L;;;;;N;;;;; +12A0;ETHIOPIC SYLLABLE GLOTTAL A;Lo;0;L;;;;;N;;;;; +12A1;ETHIOPIC SYLLABLE GLOTTAL U;Lo;0;L;;;;;N;;;;; +12A2;ETHIOPIC SYLLABLE GLOTTAL I;Lo;0;L;;;;;N;;;;; +12A3;ETHIOPIC SYLLABLE GLOTTAL AA;Lo;0;L;;;;;N;;;;; +12A4;ETHIOPIC SYLLABLE GLOTTAL EE;Lo;0;L;;;;;N;;;;; +12A5;ETHIOPIC SYLLABLE GLOTTAL E;Lo;0;L;;;;;N;;;;; +12A6;ETHIOPIC SYLLABLE GLOTTAL O;Lo;0;L;;;;;N;;;;; +12A7;ETHIOPIC SYLLABLE GLOTTAL WA;Lo;0;L;;;;;N;;;;; +12A8;ETHIOPIC SYLLABLE KA;Lo;0;L;;;;;N;;;;; +12A9;ETHIOPIC SYLLABLE KU;Lo;0;L;;;;;N;;;;; +12AA;ETHIOPIC SYLLABLE KI;Lo;0;L;;;;;N;;;;; +12AB;ETHIOPIC SYLLABLE KAA;Lo;0;L;;;;;N;;;;; +12AC;ETHIOPIC SYLLABLE KEE;Lo;0;L;;;;;N;;;;; +12AD;ETHIOPIC SYLLABLE KE;Lo;0;L;;;;;N;;;;; +12AE;ETHIOPIC SYLLABLE KO;Lo;0;L;;;;;N;;;;; +12B0;ETHIOPIC SYLLABLE KWA;Lo;0;L;;;;;N;;;;; +12B2;ETHIOPIC SYLLABLE KWI;Lo;0;L;;;;;N;;;;; +12B3;ETHIOPIC SYLLABLE KWAA;Lo;0;L;;;;;N;;;;; +12B4;ETHIOPIC SYLLABLE KWEE;Lo;0;L;;;;;N;;;;; +12B5;ETHIOPIC SYLLABLE KWE;Lo;0;L;;;;;N;;;;; +12B8;ETHIOPIC SYLLABLE KXA;Lo;0;L;;;;;N;;;;; +12B9;ETHIOPIC SYLLABLE KXU;Lo;0;L;;;;;N;;;;; +12BA;ETHIOPIC SYLLABLE KXI;Lo;0;L;;;;;N;;;;; +12BB;ETHIOPIC SYLLABLE KXAA;Lo;0;L;;;;;N;;;;; +12BC;ETHIOPIC SYLLABLE KXEE;Lo;0;L;;;;;N;;;;; +12BD;ETHIOPIC SYLLABLE KXE;Lo;0;L;;;;;N;;;;; +12BE;ETHIOPIC SYLLABLE KXO;Lo;0;L;;;;;N;;;;; +12C0;ETHIOPIC SYLLABLE KXWA;Lo;0;L;;;;;N;;;;; +12C2;ETHIOPIC SYLLABLE KXWI;Lo;0;L;;;;;N;;;;; +12C3;ETHIOPIC SYLLABLE KXWAA;Lo;0;L;;;;;N;;;;; +12C4;ETHIOPIC SYLLABLE KXWEE;Lo;0;L;;;;;N;;;;; +12C5;ETHIOPIC SYLLABLE KXWE;Lo;0;L;;;;;N;;;;; +12C8;ETHIOPIC SYLLABLE WA;Lo;0;L;;;;;N;;;;; +12C9;ETHIOPIC SYLLABLE WU;Lo;0;L;;;;;N;;;;; +12CA;ETHIOPIC SYLLABLE WI;Lo;0;L;;;;;N;;;;; +12CB;ETHIOPIC SYLLABLE WAA;Lo;0;L;;;;;N;;;;; +12CC;ETHIOPIC SYLLABLE WEE;Lo;0;L;;;;;N;;;;; +12CD;ETHIOPIC SYLLABLE WE;Lo;0;L;;;;;N;;;;; +12CE;ETHIOPIC SYLLABLE WO;Lo;0;L;;;;;N;;;;; +12D0;ETHIOPIC SYLLABLE PHARYNGEAL A;Lo;0;L;;;;;N;;;;; +12D1;ETHIOPIC SYLLABLE PHARYNGEAL U;Lo;0;L;;;;;N;;;;; +12D2;ETHIOPIC SYLLABLE PHARYNGEAL I;Lo;0;L;;;;;N;;;;; +12D3;ETHIOPIC SYLLABLE PHARYNGEAL AA;Lo;0;L;;;;;N;;;;; +12D4;ETHIOPIC SYLLABLE PHARYNGEAL EE;Lo;0;L;;;;;N;;;;; +12D5;ETHIOPIC SYLLABLE PHARYNGEAL E;Lo;0;L;;;;;N;;;;; +12D6;ETHIOPIC SYLLABLE PHARYNGEAL O;Lo;0;L;;;;;N;;;;; +12D8;ETHIOPIC SYLLABLE ZA;Lo;0;L;;;;;N;;;;; +12D9;ETHIOPIC SYLLABLE ZU;Lo;0;L;;;;;N;;;;; +12DA;ETHIOPIC SYLLABLE ZI;Lo;0;L;;;;;N;;;;; +12DB;ETHIOPIC SYLLABLE ZAA;Lo;0;L;;;;;N;;;;; +12DC;ETHIOPIC SYLLABLE ZEE;Lo;0;L;;;;;N;;;;; +12DD;ETHIOPIC SYLLABLE ZE;Lo;0;L;;;;;N;;;;; +12DE;ETHIOPIC SYLLABLE ZO;Lo;0;L;;;;;N;;;;; +12DF;ETHIOPIC SYLLABLE ZWA;Lo;0;L;;;;;N;;;;; +12E0;ETHIOPIC SYLLABLE ZHA;Lo;0;L;;;;;N;;;;; +12E1;ETHIOPIC SYLLABLE ZHU;Lo;0;L;;;;;N;;;;; +12E2;ETHIOPIC SYLLABLE ZHI;Lo;0;L;;;;;N;;;;; +12E3;ETHIOPIC SYLLABLE ZHAA;Lo;0;L;;;;;N;;;;; +12E4;ETHIOPIC SYLLABLE ZHEE;Lo;0;L;;;;;N;;;;; +12E5;ETHIOPIC SYLLABLE ZHE;Lo;0;L;;;;;N;;;;; +12E6;ETHIOPIC SYLLABLE ZHO;Lo;0;L;;;;;N;;;;; +12E7;ETHIOPIC SYLLABLE ZHWA;Lo;0;L;;;;;N;;;;; +12E8;ETHIOPIC SYLLABLE YA;Lo;0;L;;;;;N;;;;; +12E9;ETHIOPIC SYLLABLE YU;Lo;0;L;;;;;N;;;;; +12EA;ETHIOPIC SYLLABLE YI;Lo;0;L;;;;;N;;;;; +12EB;ETHIOPIC SYLLABLE YAA;Lo;0;L;;;;;N;;;;; +12EC;ETHIOPIC SYLLABLE YEE;Lo;0;L;;;;;N;;;;; +12ED;ETHIOPIC SYLLABLE YE;Lo;0;L;;;;;N;;;;; +12EE;ETHIOPIC SYLLABLE YO;Lo;0;L;;;;;N;;;;; +12F0;ETHIOPIC SYLLABLE DA;Lo;0;L;;;;;N;;;;; +12F1;ETHIOPIC SYLLABLE DU;Lo;0;L;;;;;N;;;;; +12F2;ETHIOPIC SYLLABLE DI;Lo;0;L;;;;;N;;;;; +12F3;ETHIOPIC SYLLABLE DAA;Lo;0;L;;;;;N;;;;; +12F4;ETHIOPIC SYLLABLE DEE;Lo;0;L;;;;;N;;;;; +12F5;ETHIOPIC SYLLABLE DE;Lo;0;L;;;;;N;;;;; +12F6;ETHIOPIC SYLLABLE DO;Lo;0;L;;;;;N;;;;; +12F7;ETHIOPIC SYLLABLE DWA;Lo;0;L;;;;;N;;;;; +12F8;ETHIOPIC SYLLABLE DDA;Lo;0;L;;;;;N;;;;; +12F9;ETHIOPIC SYLLABLE DDU;Lo;0;L;;;;;N;;;;; +12FA;ETHIOPIC SYLLABLE DDI;Lo;0;L;;;;;N;;;;; +12FB;ETHIOPIC SYLLABLE DDAA;Lo;0;L;;;;;N;;;;; +12FC;ETHIOPIC SYLLABLE DDEE;Lo;0;L;;;;;N;;;;; +12FD;ETHIOPIC SYLLABLE DDE;Lo;0;L;;;;;N;;;;; +12FE;ETHIOPIC SYLLABLE DDO;Lo;0;L;;;;;N;;;;; +12FF;ETHIOPIC SYLLABLE DDWA;Lo;0;L;;;;;N;;;;; +1300;ETHIOPIC SYLLABLE JA;Lo;0;L;;;;;N;;;;; +1301;ETHIOPIC SYLLABLE JU;Lo;0;L;;;;;N;;;;; +1302;ETHIOPIC SYLLABLE JI;Lo;0;L;;;;;N;;;;; +1303;ETHIOPIC SYLLABLE JAA;Lo;0;L;;;;;N;;;;; +1304;ETHIOPIC SYLLABLE JEE;Lo;0;L;;;;;N;;;;; +1305;ETHIOPIC SYLLABLE JE;Lo;0;L;;;;;N;;;;; +1306;ETHIOPIC SYLLABLE JO;Lo;0;L;;;;;N;;;;; +1307;ETHIOPIC SYLLABLE JWA;Lo;0;L;;;;;N;;;;; +1308;ETHIOPIC SYLLABLE GA;Lo;0;L;;;;;N;;;;; +1309;ETHIOPIC SYLLABLE GU;Lo;0;L;;;;;N;;;;; +130A;ETHIOPIC SYLLABLE GI;Lo;0;L;;;;;N;;;;; +130B;ETHIOPIC SYLLABLE GAA;Lo;0;L;;;;;N;;;;; +130C;ETHIOPIC SYLLABLE GEE;Lo;0;L;;;;;N;;;;; +130D;ETHIOPIC SYLLABLE GE;Lo;0;L;;;;;N;;;;; +130E;ETHIOPIC SYLLABLE GO;Lo;0;L;;;;;N;;;;; +1310;ETHIOPIC SYLLABLE GWA;Lo;0;L;;;;;N;;;;; +1312;ETHIOPIC SYLLABLE GWI;Lo;0;L;;;;;N;;;;; +1313;ETHIOPIC SYLLABLE GWAA;Lo;0;L;;;;;N;;;;; +1314;ETHIOPIC SYLLABLE GWEE;Lo;0;L;;;;;N;;;;; +1315;ETHIOPIC SYLLABLE GWE;Lo;0;L;;;;;N;;;;; +1318;ETHIOPIC SYLLABLE GGA;Lo;0;L;;;;;N;;;;; +1319;ETHIOPIC SYLLABLE GGU;Lo;0;L;;;;;N;;;;; +131A;ETHIOPIC SYLLABLE GGI;Lo;0;L;;;;;N;;;;; +131B;ETHIOPIC SYLLABLE GGAA;Lo;0;L;;;;;N;;;;; +131C;ETHIOPIC SYLLABLE GGEE;Lo;0;L;;;;;N;;;;; +131D;ETHIOPIC SYLLABLE GGE;Lo;0;L;;;;;N;;;;; +131E;ETHIOPIC SYLLABLE GGO;Lo;0;L;;;;;N;;;;; +1320;ETHIOPIC SYLLABLE THA;Lo;0;L;;;;;N;;;;; +1321;ETHIOPIC SYLLABLE THU;Lo;0;L;;;;;N;;;;; +1322;ETHIOPIC SYLLABLE THI;Lo;0;L;;;;;N;;;;; +1323;ETHIOPIC SYLLABLE THAA;Lo;0;L;;;;;N;;;;; +1324;ETHIOPIC SYLLABLE THEE;Lo;0;L;;;;;N;;;;; +1325;ETHIOPIC SYLLABLE THE;Lo;0;L;;;;;N;;;;; +1326;ETHIOPIC SYLLABLE THO;Lo;0;L;;;;;N;;;;; +1327;ETHIOPIC SYLLABLE THWA;Lo;0;L;;;;;N;;;;; +1328;ETHIOPIC SYLLABLE CHA;Lo;0;L;;;;;N;;;;; +1329;ETHIOPIC SYLLABLE CHU;Lo;0;L;;;;;N;;;;; +132A;ETHIOPIC SYLLABLE CHI;Lo;0;L;;;;;N;;;;; +132B;ETHIOPIC SYLLABLE CHAA;Lo;0;L;;;;;N;;;;; +132C;ETHIOPIC SYLLABLE CHEE;Lo;0;L;;;;;N;;;;; +132D;ETHIOPIC SYLLABLE CHE;Lo;0;L;;;;;N;;;;; +132E;ETHIOPIC SYLLABLE CHO;Lo;0;L;;;;;N;;;;; +132F;ETHIOPIC SYLLABLE CHWA;Lo;0;L;;;;;N;;;;; +1330;ETHIOPIC SYLLABLE PHA;Lo;0;L;;;;;N;;;;; +1331;ETHIOPIC SYLLABLE PHU;Lo;0;L;;;;;N;;;;; +1332;ETHIOPIC SYLLABLE PHI;Lo;0;L;;;;;N;;;;; +1333;ETHIOPIC SYLLABLE PHAA;Lo;0;L;;;;;N;;;;; +1334;ETHIOPIC SYLLABLE PHEE;Lo;0;L;;;;;N;;;;; +1335;ETHIOPIC SYLLABLE PHE;Lo;0;L;;;;;N;;;;; +1336;ETHIOPIC SYLLABLE PHO;Lo;0;L;;;;;N;;;;; +1337;ETHIOPIC SYLLABLE PHWA;Lo;0;L;;;;;N;;;;; +1338;ETHIOPIC SYLLABLE TSA;Lo;0;L;;;;;N;;;;; +1339;ETHIOPIC SYLLABLE TSU;Lo;0;L;;;;;N;;;;; +133A;ETHIOPIC SYLLABLE TSI;Lo;0;L;;;;;N;;;;; +133B;ETHIOPIC SYLLABLE TSAA;Lo;0;L;;;;;N;;;;; +133C;ETHIOPIC SYLLABLE TSEE;Lo;0;L;;;;;N;;;;; +133D;ETHIOPIC SYLLABLE TSE;Lo;0;L;;;;;N;;;;; +133E;ETHIOPIC SYLLABLE TSO;Lo;0;L;;;;;N;;;;; +133F;ETHIOPIC SYLLABLE TSWA;Lo;0;L;;;;;N;;;;; +1340;ETHIOPIC SYLLABLE TZA;Lo;0;L;;;;;N;;;;; +1341;ETHIOPIC SYLLABLE TZU;Lo;0;L;;;;;N;;;;; +1342;ETHIOPIC SYLLABLE TZI;Lo;0;L;;;;;N;;;;; +1343;ETHIOPIC SYLLABLE TZAA;Lo;0;L;;;;;N;;;;; +1344;ETHIOPIC SYLLABLE TZEE;Lo;0;L;;;;;N;;;;; +1345;ETHIOPIC SYLLABLE TZE;Lo;0;L;;;;;N;;;;; +1346;ETHIOPIC SYLLABLE TZO;Lo;0;L;;;;;N;;;;; +1348;ETHIOPIC SYLLABLE FA;Lo;0;L;;;;;N;;;;; +1349;ETHIOPIC SYLLABLE FU;Lo;0;L;;;;;N;;;;; +134A;ETHIOPIC SYLLABLE FI;Lo;0;L;;;;;N;;;;; +134B;ETHIOPIC SYLLABLE FAA;Lo;0;L;;;;;N;;;;; +134C;ETHIOPIC SYLLABLE FEE;Lo;0;L;;;;;N;;;;; +134D;ETHIOPIC SYLLABLE FE;Lo;0;L;;;;;N;;;;; +134E;ETHIOPIC SYLLABLE FO;Lo;0;L;;;;;N;;;;; +134F;ETHIOPIC SYLLABLE FWA;Lo;0;L;;;;;N;;;;; +1350;ETHIOPIC SYLLABLE PA;Lo;0;L;;;;;N;;;;; +1351;ETHIOPIC SYLLABLE PU;Lo;0;L;;;;;N;;;;; +1352;ETHIOPIC SYLLABLE PI;Lo;0;L;;;;;N;;;;; +1353;ETHIOPIC SYLLABLE PAA;Lo;0;L;;;;;N;;;;; +1354;ETHIOPIC SYLLABLE PEE;Lo;0;L;;;;;N;;;;; +1355;ETHIOPIC SYLLABLE PE;Lo;0;L;;;;;N;;;;; +1356;ETHIOPIC SYLLABLE PO;Lo;0;L;;;;;N;;;;; +1357;ETHIOPIC SYLLABLE PWA;Lo;0;L;;;;;N;;;;; +1358;ETHIOPIC SYLLABLE RYA;Lo;0;L;;;;;N;;;;; +1359;ETHIOPIC SYLLABLE MYA;Lo;0;L;;;;;N;;;;; +135A;ETHIOPIC SYLLABLE FYA;Lo;0;L;;;;;N;;;;; +1361;ETHIOPIC WORDSPACE;Po;0;L;;;;;N;;;;; +1362;ETHIOPIC FULL STOP;Po;0;L;;;;;N;;;;; +1363;ETHIOPIC COMMA;Po;0;L;;;;;N;;;;; +1364;ETHIOPIC SEMICOLON;Po;0;L;;;;;N;;;;; +1365;ETHIOPIC COLON;Po;0;L;;;;;N;;;;; +1366;ETHIOPIC PREFACE COLON;Po;0;L;;;;;N;;;;; +1367;ETHIOPIC QUESTION MARK;Po;0;L;;;;;N;;;;; +1368;ETHIOPIC PARAGRAPH SEPARATOR;Po;0;L;;;;;N;;;;; +1369;ETHIOPIC DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +136A;ETHIOPIC DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +136B;ETHIOPIC DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +136C;ETHIOPIC DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +136D;ETHIOPIC DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +136E;ETHIOPIC DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +136F;ETHIOPIC DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +1370;ETHIOPIC DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +1371;ETHIOPIC DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +1372;ETHIOPIC NUMBER TEN;No;0;L;;;;10;N;;;;; +1373;ETHIOPIC NUMBER TWENTY;No;0;L;;;;20;N;;;;; +1374;ETHIOPIC NUMBER THIRTY;No;0;L;;;;30;N;;;;; +1375;ETHIOPIC NUMBER FORTY;No;0;L;;;;40;N;;;;; +1376;ETHIOPIC NUMBER FIFTY;No;0;L;;;;50;N;;;;; +1377;ETHIOPIC NUMBER SIXTY;No;0;L;;;;60;N;;;;; +1378;ETHIOPIC NUMBER SEVENTY;No;0;L;;;;70;N;;;;; +1379;ETHIOPIC NUMBER EIGHTY;No;0;L;;;;80;N;;;;; +137A;ETHIOPIC NUMBER NINETY;No;0;L;;;;90;N;;;;; +137B;ETHIOPIC NUMBER HUNDRED;No;0;L;;;;100;N;;;;; +137C;ETHIOPIC NUMBER TEN THOUSAND;No;0;L;;;;10000;N;;;;; +13A0;CHEROKEE LETTER A;Lo;0;L;;;;;N;;;;; +13A1;CHEROKEE LETTER E;Lo;0;L;;;;;N;;;;; +13A2;CHEROKEE LETTER I;Lo;0;L;;;;;N;;;;; +13A3;CHEROKEE LETTER O;Lo;0;L;;;;;N;;;;; +13A4;CHEROKEE LETTER U;Lo;0;L;;;;;N;;;;; +13A5;CHEROKEE LETTER V;Lo;0;L;;;;;N;;;;; +13A6;CHEROKEE LETTER GA;Lo;0;L;;;;;N;;;;; +13A7;CHEROKEE LETTER KA;Lo;0;L;;;;;N;;;;; +13A8;CHEROKEE LETTER GE;Lo;0;L;;;;;N;;;;; +13A9;CHEROKEE LETTER GI;Lo;0;L;;;;;N;;;;; +13AA;CHEROKEE LETTER GO;Lo;0;L;;;;;N;;;;; +13AB;CHEROKEE LETTER GU;Lo;0;L;;;;;N;;;;; +13AC;CHEROKEE LETTER GV;Lo;0;L;;;;;N;;;;; +13AD;CHEROKEE LETTER HA;Lo;0;L;;;;;N;;;;; +13AE;CHEROKEE LETTER HE;Lo;0;L;;;;;N;;;;; +13AF;CHEROKEE LETTER HI;Lo;0;L;;;;;N;;;;; +13B0;CHEROKEE LETTER HO;Lo;0;L;;;;;N;;;;; +13B1;CHEROKEE LETTER HU;Lo;0;L;;;;;N;;;;; +13B2;CHEROKEE LETTER HV;Lo;0;L;;;;;N;;;;; +13B3;CHEROKEE LETTER LA;Lo;0;L;;;;;N;;;;; +13B4;CHEROKEE LETTER LE;Lo;0;L;;;;;N;;;;; +13B5;CHEROKEE LETTER LI;Lo;0;L;;;;;N;;;;; +13B6;CHEROKEE LETTER LO;Lo;0;L;;;;;N;;;;; +13B7;CHEROKEE LETTER LU;Lo;0;L;;;;;N;;;;; +13B8;CHEROKEE LETTER LV;Lo;0;L;;;;;N;;;;; +13B9;CHEROKEE LETTER MA;Lo;0;L;;;;;N;;;;; +13BA;CHEROKEE LETTER ME;Lo;0;L;;;;;N;;;;; +13BB;CHEROKEE LETTER MI;Lo;0;L;;;;;N;;;;; +13BC;CHEROKEE LETTER MO;Lo;0;L;;;;;N;;;;; +13BD;CHEROKEE LETTER MU;Lo;0;L;;;;;N;;;;; +13BE;CHEROKEE LETTER NA;Lo;0;L;;;;;N;;;;; +13BF;CHEROKEE LETTER HNA;Lo;0;L;;;;;N;;;;; +13C0;CHEROKEE LETTER NAH;Lo;0;L;;;;;N;;;;; +13C1;CHEROKEE LETTER NE;Lo;0;L;;;;;N;;;;; +13C2;CHEROKEE LETTER NI;Lo;0;L;;;;;N;;;;; +13C3;CHEROKEE LETTER NO;Lo;0;L;;;;;N;;;;; +13C4;CHEROKEE LETTER NU;Lo;0;L;;;;;N;;;;; +13C5;CHEROKEE LETTER NV;Lo;0;L;;;;;N;;;;; +13C6;CHEROKEE LETTER QUA;Lo;0;L;;;;;N;;;;; +13C7;CHEROKEE LETTER QUE;Lo;0;L;;;;;N;;;;; +13C8;CHEROKEE LETTER QUI;Lo;0;L;;;;;N;;;;; +13C9;CHEROKEE LETTER QUO;Lo;0;L;;;;;N;;;;; +13CA;CHEROKEE LETTER QUU;Lo;0;L;;;;;N;;;;; +13CB;CHEROKEE LETTER QUV;Lo;0;L;;;;;N;;;;; +13CC;CHEROKEE LETTER SA;Lo;0;L;;;;;N;;;;; +13CD;CHEROKEE LETTER S;Lo;0;L;;;;;N;;;;; +13CE;CHEROKEE LETTER SE;Lo;0;L;;;;;N;;;;; +13CF;CHEROKEE LETTER SI;Lo;0;L;;;;;N;;;;; +13D0;CHEROKEE LETTER SO;Lo;0;L;;;;;N;;;;; +13D1;CHEROKEE LETTER SU;Lo;0;L;;;;;N;;;;; +13D2;CHEROKEE LETTER SV;Lo;0;L;;;;;N;;;;; +13D3;CHEROKEE LETTER DA;Lo;0;L;;;;;N;;;;; +13D4;CHEROKEE LETTER TA;Lo;0;L;;;;;N;;;;; +13D5;CHEROKEE LETTER DE;Lo;0;L;;;;;N;;;;; +13D6;CHEROKEE LETTER TE;Lo;0;L;;;;;N;;;;; +13D7;CHEROKEE LETTER DI;Lo;0;L;;;;;N;;;;; +13D8;CHEROKEE LETTER TI;Lo;0;L;;;;;N;;;;; +13D9;CHEROKEE LETTER DO;Lo;0;L;;;;;N;;;;; +13DA;CHEROKEE LETTER DU;Lo;0;L;;;;;N;;;;; +13DB;CHEROKEE LETTER DV;Lo;0;L;;;;;N;;;;; +13DC;CHEROKEE LETTER DLA;Lo;0;L;;;;;N;;;;; +13DD;CHEROKEE LETTER TLA;Lo;0;L;;;;;N;;;;; +13DE;CHEROKEE LETTER TLE;Lo;0;L;;;;;N;;;;; +13DF;CHEROKEE LETTER TLI;Lo;0;L;;;;;N;;;;; +13E0;CHEROKEE LETTER TLO;Lo;0;L;;;;;N;;;;; +13E1;CHEROKEE LETTER TLU;Lo;0;L;;;;;N;;;;; +13E2;CHEROKEE LETTER TLV;Lo;0;L;;;;;N;;;;; +13E3;CHEROKEE LETTER TSA;Lo;0;L;;;;;N;;;;; +13E4;CHEROKEE LETTER TSE;Lo;0;L;;;;;N;;;;; +13E5;CHEROKEE LETTER TSI;Lo;0;L;;;;;N;;;;; +13E6;CHEROKEE LETTER TSO;Lo;0;L;;;;;N;;;;; +13E7;CHEROKEE LETTER TSU;Lo;0;L;;;;;N;;;;; +13E8;CHEROKEE LETTER TSV;Lo;0;L;;;;;N;;;;; +13E9;CHEROKEE LETTER WA;Lo;0;L;;;;;N;;;;; +13EA;CHEROKEE LETTER WE;Lo;0;L;;;;;N;;;;; +13EB;CHEROKEE LETTER WI;Lo;0;L;;;;;N;;;;; +13EC;CHEROKEE LETTER WO;Lo;0;L;;;;;N;;;;; +13ED;CHEROKEE LETTER WU;Lo;0;L;;;;;N;;;;; +13EE;CHEROKEE LETTER WV;Lo;0;L;;;;;N;;;;; +13EF;CHEROKEE LETTER YA;Lo;0;L;;;;;N;;;;; +13F0;CHEROKEE LETTER YE;Lo;0;L;;;;;N;;;;; +13F1;CHEROKEE LETTER YI;Lo;0;L;;;;;N;;;;; +13F2;CHEROKEE LETTER YO;Lo;0;L;;;;;N;;;;; +13F3;CHEROKEE LETTER YU;Lo;0;L;;;;;N;;;;; +13F4;CHEROKEE LETTER YV;Lo;0;L;;;;;N;;;;; +1401;CANADIAN SYLLABICS E;Lo;0;L;;;;;N;;;;; +1402;CANADIAN SYLLABICS AAI;Lo;0;L;;;;;N;;;;; +1403;CANADIAN SYLLABICS I;Lo;0;L;;;;;N;;;;; +1404;CANADIAN SYLLABICS II;Lo;0;L;;;;;N;;;;; +1405;CANADIAN SYLLABICS O;Lo;0;L;;;;;N;;;;; +1406;CANADIAN SYLLABICS OO;Lo;0;L;;;;;N;;;;; +1407;CANADIAN SYLLABICS Y-CREE OO;Lo;0;L;;;;;N;;;;; +1408;CANADIAN SYLLABICS CARRIER EE;Lo;0;L;;;;;N;;;;; +1409;CANADIAN SYLLABICS CARRIER I;Lo;0;L;;;;;N;;;;; +140A;CANADIAN SYLLABICS A;Lo;0;L;;;;;N;;;;; +140B;CANADIAN SYLLABICS AA;Lo;0;L;;;;;N;;;;; +140C;CANADIAN SYLLABICS WE;Lo;0;L;;;;;N;;;;; +140D;CANADIAN SYLLABICS WEST-CREE WE;Lo;0;L;;;;;N;;;;; +140E;CANADIAN SYLLABICS WI;Lo;0;L;;;;;N;;;;; +140F;CANADIAN SYLLABICS WEST-CREE WI;Lo;0;L;;;;;N;;;;; +1410;CANADIAN SYLLABICS WII;Lo;0;L;;;;;N;;;;; +1411;CANADIAN SYLLABICS WEST-CREE WII;Lo;0;L;;;;;N;;;;; +1412;CANADIAN SYLLABICS WO;Lo;0;L;;;;;N;;;;; +1413;CANADIAN SYLLABICS WEST-CREE WO;Lo;0;L;;;;;N;;;;; +1414;CANADIAN SYLLABICS WOO;Lo;0;L;;;;;N;;;;; +1415;CANADIAN SYLLABICS WEST-CREE WOO;Lo;0;L;;;;;N;;;;; +1416;CANADIAN SYLLABICS NASKAPI WOO;Lo;0;L;;;;;N;;;;; +1417;CANADIAN SYLLABICS WA;Lo;0;L;;;;;N;;;;; +1418;CANADIAN SYLLABICS WEST-CREE WA;Lo;0;L;;;;;N;;;;; +1419;CANADIAN SYLLABICS WAA;Lo;0;L;;;;;N;;;;; +141A;CANADIAN SYLLABICS WEST-CREE WAA;Lo;0;L;;;;;N;;;;; +141B;CANADIAN SYLLABICS NASKAPI WAA;Lo;0;L;;;;;N;;;;; +141C;CANADIAN SYLLABICS AI;Lo;0;L;;;;;N;;;;; +141D;CANADIAN SYLLABICS Y-CREE W;Lo;0;L;;;;;N;;;;; +141E;CANADIAN SYLLABICS GLOTTAL STOP;Lo;0;L;;;;;N;;;;; +141F;CANADIAN SYLLABICS FINAL ACUTE;Lo;0;L;;;;;N;;;;; +1420;CANADIAN SYLLABICS FINAL GRAVE;Lo;0;L;;;;;N;;;;; +1421;CANADIAN SYLLABICS FINAL BOTTOM HALF RING;Lo;0;L;;;;;N;;;;; +1422;CANADIAN SYLLABICS FINAL TOP HALF RING;Lo;0;L;;;;;N;;;;; +1423;CANADIAN SYLLABICS FINAL RIGHT HALF RING;Lo;0;L;;;;;N;;;;; +1424;CANADIAN SYLLABICS FINAL RING;Lo;0;L;;;;;N;;;;; +1425;CANADIAN SYLLABICS FINAL DOUBLE ACUTE;Lo;0;L;;;;;N;;;;; +1426;CANADIAN SYLLABICS FINAL DOUBLE SHORT VERTICAL STROKES;Lo;0;L;;;;;N;;;;; +1427;CANADIAN SYLLABICS FINAL MIDDLE DOT;Lo;0;L;;;;;N;;;;; +1428;CANADIAN SYLLABICS FINAL SHORT HORIZONTAL STROKE;Lo;0;L;;;;;N;;;;; +1429;CANADIAN SYLLABICS FINAL PLUS;Lo;0;L;;;;;N;;;;; +142A;CANADIAN SYLLABICS FINAL DOWN TACK;Lo;0;L;;;;;N;;;;; +142B;CANADIAN SYLLABICS EN;Lo;0;L;;;;;N;;;;; +142C;CANADIAN SYLLABICS IN;Lo;0;L;;;;;N;;;;; +142D;CANADIAN SYLLABICS ON;Lo;0;L;;;;;N;;;;; +142E;CANADIAN SYLLABICS AN;Lo;0;L;;;;;N;;;;; +142F;CANADIAN SYLLABICS PE;Lo;0;L;;;;;N;;;;; +1430;CANADIAN SYLLABICS PAAI;Lo;0;L;;;;;N;;;;; +1431;CANADIAN SYLLABICS PI;Lo;0;L;;;;;N;;;;; +1432;CANADIAN SYLLABICS PII;Lo;0;L;;;;;N;;;;; +1433;CANADIAN SYLLABICS PO;Lo;0;L;;;;;N;;;;; +1434;CANADIAN SYLLABICS POO;Lo;0;L;;;;;N;;;;; +1435;CANADIAN SYLLABICS Y-CREE POO;Lo;0;L;;;;;N;;;;; +1436;CANADIAN SYLLABICS CARRIER HEE;Lo;0;L;;;;;N;;;;; +1437;CANADIAN SYLLABICS CARRIER HI;Lo;0;L;;;;;N;;;;; +1438;CANADIAN SYLLABICS PA;Lo;0;L;;;;;N;;;;; +1439;CANADIAN SYLLABICS PAA;Lo;0;L;;;;;N;;;;; +143A;CANADIAN SYLLABICS PWE;Lo;0;L;;;;;N;;;;; +143B;CANADIAN SYLLABICS WEST-CREE PWE;Lo;0;L;;;;;N;;;;; +143C;CANADIAN SYLLABICS PWI;Lo;0;L;;;;;N;;;;; +143D;CANADIAN SYLLABICS WEST-CREE PWI;Lo;0;L;;;;;N;;;;; +143E;CANADIAN SYLLABICS PWII;Lo;0;L;;;;;N;;;;; +143F;CANADIAN SYLLABICS WEST-CREE PWII;Lo;0;L;;;;;N;;;;; +1440;CANADIAN SYLLABICS PWO;Lo;0;L;;;;;N;;;;; +1441;CANADIAN SYLLABICS WEST-CREE PWO;Lo;0;L;;;;;N;;;;; +1442;CANADIAN SYLLABICS PWOO;Lo;0;L;;;;;N;;;;; +1443;CANADIAN SYLLABICS WEST-CREE PWOO;Lo;0;L;;;;;N;;;;; +1444;CANADIAN SYLLABICS PWA;Lo;0;L;;;;;N;;;;; +1445;CANADIAN SYLLABICS WEST-CREE PWA;Lo;0;L;;;;;N;;;;; +1446;CANADIAN SYLLABICS PWAA;Lo;0;L;;;;;N;;;;; +1447;CANADIAN SYLLABICS WEST-CREE PWAA;Lo;0;L;;;;;N;;;;; +1448;CANADIAN SYLLABICS Y-CREE PWAA;Lo;0;L;;;;;N;;;;; +1449;CANADIAN SYLLABICS P;Lo;0;L;;;;;N;;;;; +144A;CANADIAN SYLLABICS WEST-CREE P;Lo;0;L;;;;;N;;;;; +144B;CANADIAN SYLLABICS CARRIER H;Lo;0;L;;;;;N;;;;; +144C;CANADIAN SYLLABICS TE;Lo;0;L;;;;;N;;;;; +144D;CANADIAN SYLLABICS TAAI;Lo;0;L;;;;;N;;;;; +144E;CANADIAN SYLLABICS TI;Lo;0;L;;;;;N;;;;; +144F;CANADIAN SYLLABICS TII;Lo;0;L;;;;;N;;;;; +1450;CANADIAN SYLLABICS TO;Lo;0;L;;;;;N;;;;; +1451;CANADIAN SYLLABICS TOO;Lo;0;L;;;;;N;;;;; +1452;CANADIAN SYLLABICS Y-CREE TOO;Lo;0;L;;;;;N;;;;; +1453;CANADIAN SYLLABICS CARRIER DEE;Lo;0;L;;;;;N;;;;; +1454;CANADIAN SYLLABICS CARRIER DI;Lo;0;L;;;;;N;;;;; +1455;CANADIAN SYLLABICS TA;Lo;0;L;;;;;N;;;;; +1456;CANADIAN SYLLABICS TAA;Lo;0;L;;;;;N;;;;; +1457;CANADIAN SYLLABICS TWE;Lo;0;L;;;;;N;;;;; +1458;CANADIAN SYLLABICS WEST-CREE TWE;Lo;0;L;;;;;N;;;;; +1459;CANADIAN SYLLABICS TWI;Lo;0;L;;;;;N;;;;; +145A;CANADIAN SYLLABICS WEST-CREE TWI;Lo;0;L;;;;;N;;;;; +145B;CANADIAN SYLLABICS TWII;Lo;0;L;;;;;N;;;;; +145C;CANADIAN SYLLABICS WEST-CREE TWII;Lo;0;L;;;;;N;;;;; +145D;CANADIAN SYLLABICS TWO;Lo;0;L;;;;;N;;;;; +145E;CANADIAN SYLLABICS WEST-CREE TWO;Lo;0;L;;;;;N;;;;; +145F;CANADIAN SYLLABICS TWOO;Lo;0;L;;;;;N;;;;; +1460;CANADIAN SYLLABICS WEST-CREE TWOO;Lo;0;L;;;;;N;;;;; +1461;CANADIAN SYLLABICS TWA;Lo;0;L;;;;;N;;;;; +1462;CANADIAN SYLLABICS WEST-CREE TWA;Lo;0;L;;;;;N;;;;; +1463;CANADIAN SYLLABICS TWAA;Lo;0;L;;;;;N;;;;; +1464;CANADIAN SYLLABICS WEST-CREE TWAA;Lo;0;L;;;;;N;;;;; +1465;CANADIAN SYLLABICS NASKAPI TWAA;Lo;0;L;;;;;N;;;;; +1466;CANADIAN SYLLABICS T;Lo;0;L;;;;;N;;;;; +1467;CANADIAN SYLLABICS TTE;Lo;0;L;;;;;N;;;;; +1468;CANADIAN SYLLABICS TTI;Lo;0;L;;;;;N;;;;; +1469;CANADIAN SYLLABICS TTO;Lo;0;L;;;;;N;;;;; +146A;CANADIAN SYLLABICS TTA;Lo;0;L;;;;;N;;;;; +146B;CANADIAN SYLLABICS KE;Lo;0;L;;;;;N;;;;; +146C;CANADIAN SYLLABICS KAAI;Lo;0;L;;;;;N;;;;; +146D;CANADIAN SYLLABICS KI;Lo;0;L;;;;;N;;;;; +146E;CANADIAN SYLLABICS KII;Lo;0;L;;;;;N;;;;; +146F;CANADIAN SYLLABICS KO;Lo;0;L;;;;;N;;;;; +1470;CANADIAN SYLLABICS KOO;Lo;0;L;;;;;N;;;;; +1471;CANADIAN SYLLABICS Y-CREE KOO;Lo;0;L;;;;;N;;;;; +1472;CANADIAN SYLLABICS KA;Lo;0;L;;;;;N;;;;; +1473;CANADIAN SYLLABICS KAA;Lo;0;L;;;;;N;;;;; +1474;CANADIAN SYLLABICS KWE;Lo;0;L;;;;;N;;;;; +1475;CANADIAN SYLLABICS WEST-CREE KWE;Lo;0;L;;;;;N;;;;; +1476;CANADIAN SYLLABICS KWI;Lo;0;L;;;;;N;;;;; +1477;CANADIAN SYLLABICS WEST-CREE KWI;Lo;0;L;;;;;N;;;;; +1478;CANADIAN SYLLABICS KWII;Lo;0;L;;;;;N;;;;; +1479;CANADIAN SYLLABICS WEST-CREE KWII;Lo;0;L;;;;;N;;;;; +147A;CANADIAN SYLLABICS KWO;Lo;0;L;;;;;N;;;;; +147B;CANADIAN SYLLABICS WEST-CREE KWO;Lo;0;L;;;;;N;;;;; +147C;CANADIAN SYLLABICS KWOO;Lo;0;L;;;;;N;;;;; +147D;CANADIAN SYLLABICS WEST-CREE KWOO;Lo;0;L;;;;;N;;;;; +147E;CANADIAN SYLLABICS KWA;Lo;0;L;;;;;N;;;;; +147F;CANADIAN SYLLABICS WEST-CREE KWA;Lo;0;L;;;;;N;;;;; +1480;CANADIAN SYLLABICS KWAA;Lo;0;L;;;;;N;;;;; +1481;CANADIAN SYLLABICS WEST-CREE KWAA;Lo;0;L;;;;;N;;;;; +1482;CANADIAN SYLLABICS NASKAPI KWAA;Lo;0;L;;;;;N;;;;; +1483;CANADIAN SYLLABICS K;Lo;0;L;;;;;N;;;;; +1484;CANADIAN SYLLABICS KW;Lo;0;L;;;;;N;;;;; +1485;CANADIAN SYLLABICS SOUTH-SLAVEY KEH;Lo;0;L;;;;;N;;;;; +1486;CANADIAN SYLLABICS SOUTH-SLAVEY KIH;Lo;0;L;;;;;N;;;;; +1487;CANADIAN SYLLABICS SOUTH-SLAVEY KOH;Lo;0;L;;;;;N;;;;; +1488;CANADIAN SYLLABICS SOUTH-SLAVEY KAH;Lo;0;L;;;;;N;;;;; +1489;CANADIAN SYLLABICS CE;Lo;0;L;;;;;N;;;;; +148A;CANADIAN SYLLABICS CAAI;Lo;0;L;;;;;N;;;;; +148B;CANADIAN SYLLABICS CI;Lo;0;L;;;;;N;;;;; +148C;CANADIAN SYLLABICS CII;Lo;0;L;;;;;N;;;;; +148D;CANADIAN SYLLABICS CO;Lo;0;L;;;;;N;;;;; +148E;CANADIAN SYLLABICS COO;Lo;0;L;;;;;N;;;;; +148F;CANADIAN SYLLABICS Y-CREE COO;Lo;0;L;;;;;N;;;;; +1490;CANADIAN SYLLABICS CA;Lo;0;L;;;;;N;;;;; +1491;CANADIAN SYLLABICS CAA;Lo;0;L;;;;;N;;;;; +1492;CANADIAN SYLLABICS CWE;Lo;0;L;;;;;N;;;;; +1493;CANADIAN SYLLABICS WEST-CREE CWE;Lo;0;L;;;;;N;;;;; +1494;CANADIAN SYLLABICS CWI;Lo;0;L;;;;;N;;;;; +1495;CANADIAN SYLLABICS WEST-CREE CWI;Lo;0;L;;;;;N;;;;; +1496;CANADIAN SYLLABICS CWII;Lo;0;L;;;;;N;;;;; +1497;CANADIAN SYLLABICS WEST-CREE CWII;Lo;0;L;;;;;N;;;;; +1498;CANADIAN SYLLABICS CWO;Lo;0;L;;;;;N;;;;; +1499;CANADIAN SYLLABICS WEST-CREE CWO;Lo;0;L;;;;;N;;;;; +149A;CANADIAN SYLLABICS CWOO;Lo;0;L;;;;;N;;;;; +149B;CANADIAN SYLLABICS WEST-CREE CWOO;Lo;0;L;;;;;N;;;;; +149C;CANADIAN SYLLABICS CWA;Lo;0;L;;;;;N;;;;; +149D;CANADIAN SYLLABICS WEST-CREE CWA;Lo;0;L;;;;;N;;;;; +149E;CANADIAN SYLLABICS CWAA;Lo;0;L;;;;;N;;;;; +149F;CANADIAN SYLLABICS WEST-CREE CWAA;Lo;0;L;;;;;N;;;;; +14A0;CANADIAN SYLLABICS NASKAPI CWAA;Lo;0;L;;;;;N;;;;; +14A1;CANADIAN SYLLABICS C;Lo;0;L;;;;;N;;;;; +14A2;CANADIAN SYLLABICS SAYISI TH;Lo;0;L;;;;;N;;;;; +14A3;CANADIAN SYLLABICS ME;Lo;0;L;;;;;N;;;;; +14A4;CANADIAN SYLLABICS MAAI;Lo;0;L;;;;;N;;;;; +14A5;CANADIAN SYLLABICS MI;Lo;0;L;;;;;N;;;;; +14A6;CANADIAN SYLLABICS MII;Lo;0;L;;;;;N;;;;; +14A7;CANADIAN SYLLABICS MO;Lo;0;L;;;;;N;;;;; +14A8;CANADIAN SYLLABICS MOO;Lo;0;L;;;;;N;;;;; +14A9;CANADIAN SYLLABICS Y-CREE MOO;Lo;0;L;;;;;N;;;;; +14AA;CANADIAN SYLLABICS MA;Lo;0;L;;;;;N;;;;; +14AB;CANADIAN SYLLABICS MAA;Lo;0;L;;;;;N;;;;; +14AC;CANADIAN SYLLABICS MWE;Lo;0;L;;;;;N;;;;; +14AD;CANADIAN SYLLABICS WEST-CREE MWE;Lo;0;L;;;;;N;;;;; +14AE;CANADIAN SYLLABICS MWI;Lo;0;L;;;;;N;;;;; +14AF;CANADIAN SYLLABICS WEST-CREE MWI;Lo;0;L;;;;;N;;;;; +14B0;CANADIAN SYLLABICS MWII;Lo;0;L;;;;;N;;;;; +14B1;CANADIAN SYLLABICS WEST-CREE MWII;Lo;0;L;;;;;N;;;;; +14B2;CANADIAN SYLLABICS MWO;Lo;0;L;;;;;N;;;;; +14B3;CANADIAN SYLLABICS WEST-CREE MWO;Lo;0;L;;;;;N;;;;; +14B4;CANADIAN SYLLABICS MWOO;Lo;0;L;;;;;N;;;;; +14B5;CANADIAN SYLLABICS WEST-CREE MWOO;Lo;0;L;;;;;N;;;;; +14B6;CANADIAN SYLLABICS MWA;Lo;0;L;;;;;N;;;;; +14B7;CANADIAN SYLLABICS WEST-CREE MWA;Lo;0;L;;;;;N;;;;; +14B8;CANADIAN SYLLABICS MWAA;Lo;0;L;;;;;N;;;;; +14B9;CANADIAN SYLLABICS WEST-CREE MWAA;Lo;0;L;;;;;N;;;;; +14BA;CANADIAN SYLLABICS NASKAPI MWAA;Lo;0;L;;;;;N;;;;; +14BB;CANADIAN SYLLABICS M;Lo;0;L;;;;;N;;;;; +14BC;CANADIAN SYLLABICS WEST-CREE M;Lo;0;L;;;;;N;;;;; +14BD;CANADIAN SYLLABICS MH;Lo;0;L;;;;;N;;;;; +14BE;CANADIAN SYLLABICS ATHAPASCAN M;Lo;0;L;;;;;N;;;;; +14BF;CANADIAN SYLLABICS SAYISI M;Lo;0;L;;;;;N;;;;; +14C0;CANADIAN SYLLABICS NE;Lo;0;L;;;;;N;;;;; +14C1;CANADIAN SYLLABICS NAAI;Lo;0;L;;;;;N;;;;; +14C2;CANADIAN SYLLABICS NI;Lo;0;L;;;;;N;;;;; +14C3;CANADIAN SYLLABICS NII;Lo;0;L;;;;;N;;;;; +14C4;CANADIAN SYLLABICS NO;Lo;0;L;;;;;N;;;;; +14C5;CANADIAN SYLLABICS NOO;Lo;0;L;;;;;N;;;;; +14C6;CANADIAN SYLLABICS Y-CREE NOO;Lo;0;L;;;;;N;;;;; +14C7;CANADIAN SYLLABICS NA;Lo;0;L;;;;;N;;;;; +14C8;CANADIAN SYLLABICS NAA;Lo;0;L;;;;;N;;;;; +14C9;CANADIAN SYLLABICS NWE;Lo;0;L;;;;;N;;;;; +14CA;CANADIAN SYLLABICS WEST-CREE NWE;Lo;0;L;;;;;N;;;;; +14CB;CANADIAN SYLLABICS NWA;Lo;0;L;;;;;N;;;;; +14CC;CANADIAN SYLLABICS WEST-CREE NWA;Lo;0;L;;;;;N;;;;; +14CD;CANADIAN SYLLABICS NWAA;Lo;0;L;;;;;N;;;;; +14CE;CANADIAN SYLLABICS WEST-CREE NWAA;Lo;0;L;;;;;N;;;;; +14CF;CANADIAN SYLLABICS NASKAPI NWAA;Lo;0;L;;;;;N;;;;; +14D0;CANADIAN SYLLABICS N;Lo;0;L;;;;;N;;;;; +14D1;CANADIAN SYLLABICS CARRIER NG;Lo;0;L;;;;;N;;;;; +14D2;CANADIAN SYLLABICS NH;Lo;0;L;;;;;N;;;;; +14D3;CANADIAN SYLLABICS LE;Lo;0;L;;;;;N;;;;; +14D4;CANADIAN SYLLABICS LAAI;Lo;0;L;;;;;N;;;;; +14D5;CANADIAN SYLLABICS LI;Lo;0;L;;;;;N;;;;; +14D6;CANADIAN SYLLABICS LII;Lo;0;L;;;;;N;;;;; +14D7;CANADIAN SYLLABICS LO;Lo;0;L;;;;;N;;;;; +14D8;CANADIAN SYLLABICS LOO;Lo;0;L;;;;;N;;;;; +14D9;CANADIAN SYLLABICS Y-CREE LOO;Lo;0;L;;;;;N;;;;; +14DA;CANADIAN SYLLABICS LA;Lo;0;L;;;;;N;;;;; +14DB;CANADIAN SYLLABICS LAA;Lo;0;L;;;;;N;;;;; +14DC;CANADIAN SYLLABICS LWE;Lo;0;L;;;;;N;;;;; +14DD;CANADIAN SYLLABICS WEST-CREE LWE;Lo;0;L;;;;;N;;;;; +14DE;CANADIAN SYLLABICS LWI;Lo;0;L;;;;;N;;;;; +14DF;CANADIAN SYLLABICS WEST-CREE LWI;Lo;0;L;;;;;N;;;;; +14E0;CANADIAN SYLLABICS LWII;Lo;0;L;;;;;N;;;;; +14E1;CANADIAN SYLLABICS WEST-CREE LWII;Lo;0;L;;;;;N;;;;; +14E2;CANADIAN SYLLABICS LWO;Lo;0;L;;;;;N;;;;; +14E3;CANADIAN SYLLABICS WEST-CREE LWO;Lo;0;L;;;;;N;;;;; +14E4;CANADIAN SYLLABICS LWOO;Lo;0;L;;;;;N;;;;; +14E5;CANADIAN SYLLABICS WEST-CREE LWOO;Lo;0;L;;;;;N;;;;; +14E6;CANADIAN SYLLABICS LWA;Lo;0;L;;;;;N;;;;; +14E7;CANADIAN SYLLABICS WEST-CREE LWA;Lo;0;L;;;;;N;;;;; +14E8;CANADIAN SYLLABICS LWAA;Lo;0;L;;;;;N;;;;; +14E9;CANADIAN SYLLABICS WEST-CREE LWAA;Lo;0;L;;;;;N;;;;; +14EA;CANADIAN SYLLABICS L;Lo;0;L;;;;;N;;;;; +14EB;CANADIAN SYLLABICS WEST-CREE L;Lo;0;L;;;;;N;;;;; +14EC;CANADIAN SYLLABICS MEDIAL L;Lo;0;L;;;;;N;;;;; +14ED;CANADIAN SYLLABICS SE;Lo;0;L;;;;;N;;;;; +14EE;CANADIAN SYLLABICS SAAI;Lo;0;L;;;;;N;;;;; +14EF;CANADIAN SYLLABICS SI;Lo;0;L;;;;;N;;;;; +14F0;CANADIAN SYLLABICS SII;Lo;0;L;;;;;N;;;;; +14F1;CANADIAN SYLLABICS SO;Lo;0;L;;;;;N;;;;; +14F2;CANADIAN SYLLABICS SOO;Lo;0;L;;;;;N;;;;; +14F3;CANADIAN SYLLABICS Y-CREE SOO;Lo;0;L;;;;;N;;;;; +14F4;CANADIAN SYLLABICS SA;Lo;0;L;;;;;N;;;;; +14F5;CANADIAN SYLLABICS SAA;Lo;0;L;;;;;N;;;;; +14F6;CANADIAN SYLLABICS SWE;Lo;0;L;;;;;N;;;;; +14F7;CANADIAN SYLLABICS WEST-CREE SWE;Lo;0;L;;;;;N;;;;; +14F8;CANADIAN SYLLABICS SWI;Lo;0;L;;;;;N;;;;; +14F9;CANADIAN SYLLABICS WEST-CREE SWI;Lo;0;L;;;;;N;;;;; +14FA;CANADIAN SYLLABICS SWII;Lo;0;L;;;;;N;;;;; +14FB;CANADIAN SYLLABICS WEST-CREE SWII;Lo;0;L;;;;;N;;;;; +14FC;CANADIAN SYLLABICS SWO;Lo;0;L;;;;;N;;;;; +14FD;CANADIAN SYLLABICS WEST-CREE SWO;Lo;0;L;;;;;N;;;;; +14FE;CANADIAN SYLLABICS SWOO;Lo;0;L;;;;;N;;;;; +14FF;CANADIAN SYLLABICS WEST-CREE SWOO;Lo;0;L;;;;;N;;;;; +1500;CANADIAN SYLLABICS SWA;Lo;0;L;;;;;N;;;;; +1501;CANADIAN SYLLABICS WEST-CREE SWA;Lo;0;L;;;;;N;;;;; +1502;CANADIAN SYLLABICS SWAA;Lo;0;L;;;;;N;;;;; +1503;CANADIAN SYLLABICS WEST-CREE SWAA;Lo;0;L;;;;;N;;;;; +1504;CANADIAN SYLLABICS NASKAPI SWAA;Lo;0;L;;;;;N;;;;; +1505;CANADIAN SYLLABICS S;Lo;0;L;;;;;N;;;;; +1506;CANADIAN SYLLABICS ATHAPASCAN S;Lo;0;L;;;;;N;;;;; +1507;CANADIAN SYLLABICS SW;Lo;0;L;;;;;N;;;;; +1508;CANADIAN SYLLABICS BLACKFOOT S;Lo;0;L;;;;;N;;;;; +1509;CANADIAN SYLLABICS MOOSE-CREE SK;Lo;0;L;;;;;N;;;;; +150A;CANADIAN SYLLABICS NASKAPI SKW;Lo;0;L;;;;;N;;;;; +150B;CANADIAN SYLLABICS NASKAPI S-W;Lo;0;L;;;;;N;;;;; +150C;CANADIAN SYLLABICS NASKAPI SPWA;Lo;0;L;;;;;N;;;;; +150D;CANADIAN SYLLABICS NASKAPI STWA;Lo;0;L;;;;;N;;;;; +150E;CANADIAN SYLLABICS NASKAPI SKWA;Lo;0;L;;;;;N;;;;; +150F;CANADIAN SYLLABICS NASKAPI SCWA;Lo;0;L;;;;;N;;;;; +1510;CANADIAN SYLLABICS SHE;Lo;0;L;;;;;N;;;;; +1511;CANADIAN SYLLABICS SHI;Lo;0;L;;;;;N;;;;; +1512;CANADIAN SYLLABICS SHII;Lo;0;L;;;;;N;;;;; +1513;CANADIAN SYLLABICS SHO;Lo;0;L;;;;;N;;;;; +1514;CANADIAN SYLLABICS SHOO;Lo;0;L;;;;;N;;;;; +1515;CANADIAN SYLLABICS SHA;Lo;0;L;;;;;N;;;;; +1516;CANADIAN SYLLABICS SHAA;Lo;0;L;;;;;N;;;;; +1517;CANADIAN SYLLABICS SHWE;Lo;0;L;;;;;N;;;;; +1518;CANADIAN SYLLABICS WEST-CREE SHWE;Lo;0;L;;;;;N;;;;; +1519;CANADIAN SYLLABICS SHWI;Lo;0;L;;;;;N;;;;; +151A;CANADIAN SYLLABICS WEST-CREE SHWI;Lo;0;L;;;;;N;;;;; +151B;CANADIAN SYLLABICS SHWII;Lo;0;L;;;;;N;;;;; +151C;CANADIAN SYLLABICS WEST-CREE SHWII;Lo;0;L;;;;;N;;;;; +151D;CANADIAN SYLLABICS SHWO;Lo;0;L;;;;;N;;;;; +151E;CANADIAN SYLLABICS WEST-CREE SHWO;Lo;0;L;;;;;N;;;;; +151F;CANADIAN SYLLABICS SHWOO;Lo;0;L;;;;;N;;;;; +1520;CANADIAN SYLLABICS WEST-CREE SHWOO;Lo;0;L;;;;;N;;;;; +1521;CANADIAN SYLLABICS SHWA;Lo;0;L;;;;;N;;;;; +1522;CANADIAN SYLLABICS WEST-CREE SHWA;Lo;0;L;;;;;N;;;;; +1523;CANADIAN SYLLABICS SHWAA;Lo;0;L;;;;;N;;;;; +1524;CANADIAN SYLLABICS WEST-CREE SHWAA;Lo;0;L;;;;;N;;;;; +1525;CANADIAN SYLLABICS SH;Lo;0;L;;;;;N;;;;; +1526;CANADIAN SYLLABICS YE;Lo;0;L;;;;;N;;;;; +1527;CANADIAN SYLLABICS YAAI;Lo;0;L;;;;;N;;;;; +1528;CANADIAN SYLLABICS YI;Lo;0;L;;;;;N;;;;; +1529;CANADIAN SYLLABICS YII;Lo;0;L;;;;;N;;;;; +152A;CANADIAN SYLLABICS YO;Lo;0;L;;;;;N;;;;; +152B;CANADIAN SYLLABICS YOO;Lo;0;L;;;;;N;;;;; +152C;CANADIAN SYLLABICS Y-CREE YOO;Lo;0;L;;;;;N;;;;; +152D;CANADIAN SYLLABICS YA;Lo;0;L;;;;;N;;;;; +152E;CANADIAN SYLLABICS YAA;Lo;0;L;;;;;N;;;;; +152F;CANADIAN SYLLABICS YWE;Lo;0;L;;;;;N;;;;; +1530;CANADIAN SYLLABICS WEST-CREE YWE;Lo;0;L;;;;;N;;;;; +1531;CANADIAN SYLLABICS YWI;Lo;0;L;;;;;N;;;;; +1532;CANADIAN SYLLABICS WEST-CREE YWI;Lo;0;L;;;;;N;;;;; +1533;CANADIAN SYLLABICS YWII;Lo;0;L;;;;;N;;;;; +1534;CANADIAN SYLLABICS WEST-CREE YWII;Lo;0;L;;;;;N;;;;; +1535;CANADIAN SYLLABICS YWO;Lo;0;L;;;;;N;;;;; +1536;CANADIAN SYLLABICS WEST-CREE YWO;Lo;0;L;;;;;N;;;;; +1537;CANADIAN SYLLABICS YWOO;Lo;0;L;;;;;N;;;;; +1538;CANADIAN SYLLABICS WEST-CREE YWOO;Lo;0;L;;;;;N;;;;; +1539;CANADIAN SYLLABICS YWA;Lo;0;L;;;;;N;;;;; +153A;CANADIAN SYLLABICS WEST-CREE YWA;Lo;0;L;;;;;N;;;;; +153B;CANADIAN SYLLABICS YWAA;Lo;0;L;;;;;N;;;;; +153C;CANADIAN SYLLABICS WEST-CREE YWAA;Lo;0;L;;;;;N;;;;; +153D;CANADIAN SYLLABICS NASKAPI YWAA;Lo;0;L;;;;;N;;;;; +153E;CANADIAN SYLLABICS Y;Lo;0;L;;;;;N;;;;; +153F;CANADIAN SYLLABICS BIBLE-CREE Y;Lo;0;L;;;;;N;;;;; +1540;CANADIAN SYLLABICS WEST-CREE Y;Lo;0;L;;;;;N;;;;; +1541;CANADIAN SYLLABICS SAYISI YI;Lo;0;L;;;;;N;;;;; +1542;CANADIAN SYLLABICS RE;Lo;0;L;;;;;N;;;;; +1543;CANADIAN SYLLABICS R-CREE RE;Lo;0;L;;;;;N;;;;; +1544;CANADIAN SYLLABICS WEST-CREE LE;Lo;0;L;;;;;N;;;;; +1545;CANADIAN SYLLABICS RAAI;Lo;0;L;;;;;N;;;;; +1546;CANADIAN SYLLABICS RI;Lo;0;L;;;;;N;;;;; +1547;CANADIAN SYLLABICS RII;Lo;0;L;;;;;N;;;;; +1548;CANADIAN SYLLABICS RO;Lo;0;L;;;;;N;;;;; +1549;CANADIAN SYLLABICS ROO;Lo;0;L;;;;;N;;;;; +154A;CANADIAN SYLLABICS WEST-CREE LO;Lo;0;L;;;;;N;;;;; +154B;CANADIAN SYLLABICS RA;Lo;0;L;;;;;N;;;;; +154C;CANADIAN SYLLABICS RAA;Lo;0;L;;;;;N;;;;; +154D;CANADIAN SYLLABICS WEST-CREE LA;Lo;0;L;;;;;N;;;;; +154E;CANADIAN SYLLABICS RWAA;Lo;0;L;;;;;N;;;;; +154F;CANADIAN SYLLABICS WEST-CREE RWAA;Lo;0;L;;;;;N;;;;; +1550;CANADIAN SYLLABICS R;Lo;0;L;;;;;N;;;;; +1551;CANADIAN SYLLABICS WEST-CREE R;Lo;0;L;;;;;N;;;;; +1552;CANADIAN SYLLABICS MEDIAL R;Lo;0;L;;;;;N;;;;; +1553;CANADIAN SYLLABICS FE;Lo;0;L;;;;;N;;;;; +1554;CANADIAN SYLLABICS FAAI;Lo;0;L;;;;;N;;;;; +1555;CANADIAN SYLLABICS FI;Lo;0;L;;;;;N;;;;; +1556;CANADIAN SYLLABICS FII;Lo;0;L;;;;;N;;;;; +1557;CANADIAN SYLLABICS FO;Lo;0;L;;;;;N;;;;; +1558;CANADIAN SYLLABICS FOO;Lo;0;L;;;;;N;;;;; +1559;CANADIAN SYLLABICS FA;Lo;0;L;;;;;N;;;;; +155A;CANADIAN SYLLABICS FAA;Lo;0;L;;;;;N;;;;; +155B;CANADIAN SYLLABICS FWAA;Lo;0;L;;;;;N;;;;; +155C;CANADIAN SYLLABICS WEST-CREE FWAA;Lo;0;L;;;;;N;;;;; +155D;CANADIAN SYLLABICS F;Lo;0;L;;;;;N;;;;; +155E;CANADIAN SYLLABICS THE;Lo;0;L;;;;;N;;;;; +155F;CANADIAN SYLLABICS N-CREE THE;Lo;0;L;;;;;N;;;;; +1560;CANADIAN SYLLABICS THI;Lo;0;L;;;;;N;;;;; +1561;CANADIAN SYLLABICS N-CREE THI;Lo;0;L;;;;;N;;;;; +1562;CANADIAN SYLLABICS THII;Lo;0;L;;;;;N;;;;; +1563;CANADIAN SYLLABICS N-CREE THII;Lo;0;L;;;;;N;;;;; +1564;CANADIAN SYLLABICS THO;Lo;0;L;;;;;N;;;;; +1565;CANADIAN SYLLABICS THOO;Lo;0;L;;;;;N;;;;; +1566;CANADIAN SYLLABICS THA;Lo;0;L;;;;;N;;;;; +1567;CANADIAN SYLLABICS THAA;Lo;0;L;;;;;N;;;;; +1568;CANADIAN SYLLABICS THWAA;Lo;0;L;;;;;N;;;;; +1569;CANADIAN SYLLABICS WEST-CREE THWAA;Lo;0;L;;;;;N;;;;; +156A;CANADIAN SYLLABICS TH;Lo;0;L;;;;;N;;;;; +156B;CANADIAN SYLLABICS TTHE;Lo;0;L;;;;;N;;;;; +156C;CANADIAN SYLLABICS TTHI;Lo;0;L;;;;;N;;;;; +156D;CANADIAN SYLLABICS TTHO;Lo;0;L;;;;;N;;;;; +156E;CANADIAN SYLLABICS TTHA;Lo;0;L;;;;;N;;;;; +156F;CANADIAN SYLLABICS TTH;Lo;0;L;;;;;N;;;;; +1570;CANADIAN SYLLABICS TYE;Lo;0;L;;;;;N;;;;; +1571;CANADIAN SYLLABICS TYI;Lo;0;L;;;;;N;;;;; +1572;CANADIAN SYLLABICS TYO;Lo;0;L;;;;;N;;;;; +1573;CANADIAN SYLLABICS TYA;Lo;0;L;;;;;N;;;;; +1574;CANADIAN SYLLABICS NUNAVIK HE;Lo;0;L;;;;;N;;;;; +1575;CANADIAN SYLLABICS NUNAVIK HI;Lo;0;L;;;;;N;;;;; +1576;CANADIAN SYLLABICS NUNAVIK HII;Lo;0;L;;;;;N;;;;; +1577;CANADIAN SYLLABICS NUNAVIK HO;Lo;0;L;;;;;N;;;;; +1578;CANADIAN SYLLABICS NUNAVIK HOO;Lo;0;L;;;;;N;;;;; +1579;CANADIAN SYLLABICS NUNAVIK HA;Lo;0;L;;;;;N;;;;; +157A;CANADIAN SYLLABICS NUNAVIK HAA;Lo;0;L;;;;;N;;;;; +157B;CANADIAN SYLLABICS NUNAVIK H;Lo;0;L;;;;;N;;;;; +157C;CANADIAN SYLLABICS NUNAVUT H;Lo;0;L;;;;;N;;;;; +157D;CANADIAN SYLLABICS HK;Lo;0;L;;;;;N;;;;; +157E;CANADIAN SYLLABICS QAAI;Lo;0;L;;;;;N;;;;; +157F;CANADIAN SYLLABICS QI;Lo;0;L;;;;;N;;;;; +1580;CANADIAN SYLLABICS QII;Lo;0;L;;;;;N;;;;; +1581;CANADIAN SYLLABICS QO;Lo;0;L;;;;;N;;;;; +1582;CANADIAN SYLLABICS QOO;Lo;0;L;;;;;N;;;;; +1583;CANADIAN SYLLABICS QA;Lo;0;L;;;;;N;;;;; +1584;CANADIAN SYLLABICS QAA;Lo;0;L;;;;;N;;;;; +1585;CANADIAN SYLLABICS Q;Lo;0;L;;;;;N;;;;; +1586;CANADIAN SYLLABICS TLHE;Lo;0;L;;;;;N;;;;; +1587;CANADIAN SYLLABICS TLHI;Lo;0;L;;;;;N;;;;; +1588;CANADIAN SYLLABICS TLHO;Lo;0;L;;;;;N;;;;; +1589;CANADIAN SYLLABICS TLHA;Lo;0;L;;;;;N;;;;; +158A;CANADIAN SYLLABICS WEST-CREE RE;Lo;0;L;;;;;N;;;;; +158B;CANADIAN SYLLABICS WEST-CREE RI;Lo;0;L;;;;;N;;;;; +158C;CANADIAN SYLLABICS WEST-CREE RO;Lo;0;L;;;;;N;;;;; +158D;CANADIAN SYLLABICS WEST-CREE RA;Lo;0;L;;;;;N;;;;; +158E;CANADIAN SYLLABICS NGAAI;Lo;0;L;;;;;N;;;;; +158F;CANADIAN SYLLABICS NGI;Lo;0;L;;;;;N;;;;; +1590;CANADIAN SYLLABICS NGII;Lo;0;L;;;;;N;;;;; +1591;CANADIAN SYLLABICS NGO;Lo;0;L;;;;;N;;;;; +1592;CANADIAN SYLLABICS NGOO;Lo;0;L;;;;;N;;;;; +1593;CANADIAN SYLLABICS NGA;Lo;0;L;;;;;N;;;;; +1594;CANADIAN SYLLABICS NGAA;Lo;0;L;;;;;N;;;;; +1595;CANADIAN SYLLABICS NG;Lo;0;L;;;;;N;;;;; +1596;CANADIAN SYLLABICS NNG;Lo;0;L;;;;;N;;;;; +1597;CANADIAN SYLLABICS SAYISI SHE;Lo;0;L;;;;;N;;;;; +1598;CANADIAN SYLLABICS SAYISI SHI;Lo;0;L;;;;;N;;;;; +1599;CANADIAN SYLLABICS SAYISI SHO;Lo;0;L;;;;;N;;;;; +159A;CANADIAN SYLLABICS SAYISI SHA;Lo;0;L;;;;;N;;;;; +159B;CANADIAN SYLLABICS WOODS-CREE THE;Lo;0;L;;;;;N;;;;; +159C;CANADIAN SYLLABICS WOODS-CREE THI;Lo;0;L;;;;;N;;;;; +159D;CANADIAN SYLLABICS WOODS-CREE THO;Lo;0;L;;;;;N;;;;; +159E;CANADIAN SYLLABICS WOODS-CREE THA;Lo;0;L;;;;;N;;;;; +159F;CANADIAN SYLLABICS WOODS-CREE TH;Lo;0;L;;;;;N;;;;; +15A0;CANADIAN SYLLABICS LHI;Lo;0;L;;;;;N;;;;; +15A1;CANADIAN SYLLABICS LHII;Lo;0;L;;;;;N;;;;; +15A2;CANADIAN SYLLABICS LHO;Lo;0;L;;;;;N;;;;; +15A3;CANADIAN SYLLABICS LHOO;Lo;0;L;;;;;N;;;;; +15A4;CANADIAN SYLLABICS LHA;Lo;0;L;;;;;N;;;;; +15A5;CANADIAN SYLLABICS LHAA;Lo;0;L;;;;;N;;;;; +15A6;CANADIAN SYLLABICS LH;Lo;0;L;;;;;N;;;;; +15A7;CANADIAN SYLLABICS TH-CREE THE;Lo;0;L;;;;;N;;;;; +15A8;CANADIAN SYLLABICS TH-CREE THI;Lo;0;L;;;;;N;;;;; +15A9;CANADIAN SYLLABICS TH-CREE THII;Lo;0;L;;;;;N;;;;; +15AA;CANADIAN SYLLABICS TH-CREE THO;Lo;0;L;;;;;N;;;;; +15AB;CANADIAN SYLLABICS TH-CREE THOO;Lo;0;L;;;;;N;;;;; +15AC;CANADIAN SYLLABICS TH-CREE THA;Lo;0;L;;;;;N;;;;; +15AD;CANADIAN SYLLABICS TH-CREE THAA;Lo;0;L;;;;;N;;;;; +15AE;CANADIAN SYLLABICS TH-CREE TH;Lo;0;L;;;;;N;;;;; +15AF;CANADIAN SYLLABICS AIVILIK B;Lo;0;L;;;;;N;;;;; +15B0;CANADIAN SYLLABICS BLACKFOOT E;Lo;0;L;;;;;N;;;;; +15B1;CANADIAN SYLLABICS BLACKFOOT I;Lo;0;L;;;;;N;;;;; +15B2;CANADIAN SYLLABICS BLACKFOOT O;Lo;0;L;;;;;N;;;;; +15B3;CANADIAN SYLLABICS BLACKFOOT A;Lo;0;L;;;;;N;;;;; +15B4;CANADIAN SYLLABICS BLACKFOOT WE;Lo;0;L;;;;;N;;;;; +15B5;CANADIAN SYLLABICS BLACKFOOT WI;Lo;0;L;;;;;N;;;;; +15B6;CANADIAN SYLLABICS BLACKFOOT WO;Lo;0;L;;;;;N;;;;; +15B7;CANADIAN SYLLABICS BLACKFOOT WA;Lo;0;L;;;;;N;;;;; +15B8;CANADIAN SYLLABICS BLACKFOOT NE;Lo;0;L;;;;;N;;;;; +15B9;CANADIAN SYLLABICS BLACKFOOT NI;Lo;0;L;;;;;N;;;;; +15BA;CANADIAN SYLLABICS BLACKFOOT NO;Lo;0;L;;;;;N;;;;; +15BB;CANADIAN SYLLABICS BLACKFOOT NA;Lo;0;L;;;;;N;;;;; +15BC;CANADIAN SYLLABICS BLACKFOOT KE;Lo;0;L;;;;;N;;;;; +15BD;CANADIAN SYLLABICS BLACKFOOT KI;Lo;0;L;;;;;N;;;;; +15BE;CANADIAN SYLLABICS BLACKFOOT KO;Lo;0;L;;;;;N;;;;; +15BF;CANADIAN SYLLABICS BLACKFOOT KA;Lo;0;L;;;;;N;;;;; +15C0;CANADIAN SYLLABICS SAYISI HE;Lo;0;L;;;;;N;;;;; +15C1;CANADIAN SYLLABICS SAYISI HI;Lo;0;L;;;;;N;;;;; +15C2;CANADIAN SYLLABICS SAYISI HO;Lo;0;L;;;;;N;;;;; +15C3;CANADIAN SYLLABICS SAYISI HA;Lo;0;L;;;;;N;;;;; +15C4;CANADIAN SYLLABICS CARRIER GHU;Lo;0;L;;;;;N;;;;; +15C5;CANADIAN SYLLABICS CARRIER GHO;Lo;0;L;;;;;N;;;;; +15C6;CANADIAN SYLLABICS CARRIER GHE;Lo;0;L;;;;;N;;;;; +15C7;CANADIAN SYLLABICS CARRIER GHEE;Lo;0;L;;;;;N;;;;; +15C8;CANADIAN SYLLABICS CARRIER GHI;Lo;0;L;;;;;N;;;;; +15C9;CANADIAN SYLLABICS CARRIER GHA;Lo;0;L;;;;;N;;;;; +15CA;CANADIAN SYLLABICS CARRIER RU;Lo;0;L;;;;;N;;;;; +15CB;CANADIAN SYLLABICS CARRIER RO;Lo;0;L;;;;;N;;;;; +15CC;CANADIAN SYLLABICS CARRIER RE;Lo;0;L;;;;;N;;;;; +15CD;CANADIAN SYLLABICS CARRIER REE;Lo;0;L;;;;;N;;;;; +15CE;CANADIAN SYLLABICS CARRIER RI;Lo;0;L;;;;;N;;;;; +15CF;CANADIAN SYLLABICS CARRIER RA;Lo;0;L;;;;;N;;;;; +15D0;CANADIAN SYLLABICS CARRIER WU;Lo;0;L;;;;;N;;;;; +15D1;CANADIAN SYLLABICS CARRIER WO;Lo;0;L;;;;;N;;;;; +15D2;CANADIAN SYLLABICS CARRIER WE;Lo;0;L;;;;;N;;;;; +15D3;CANADIAN SYLLABICS CARRIER WEE;Lo;0;L;;;;;N;;;;; +15D4;CANADIAN SYLLABICS CARRIER WI;Lo;0;L;;;;;N;;;;; +15D5;CANADIAN SYLLABICS CARRIER WA;Lo;0;L;;;;;N;;;;; +15D6;CANADIAN SYLLABICS CARRIER HWU;Lo;0;L;;;;;N;;;;; +15D7;CANADIAN SYLLABICS CARRIER HWO;Lo;0;L;;;;;N;;;;; +15D8;CANADIAN SYLLABICS CARRIER HWE;Lo;0;L;;;;;N;;;;; +15D9;CANADIAN SYLLABICS CARRIER HWEE;Lo;0;L;;;;;N;;;;; +15DA;CANADIAN SYLLABICS CARRIER HWI;Lo;0;L;;;;;N;;;;; +15DB;CANADIAN SYLLABICS CARRIER HWA;Lo;0;L;;;;;N;;;;; +15DC;CANADIAN SYLLABICS CARRIER THU;Lo;0;L;;;;;N;;;;; +15DD;CANADIAN SYLLABICS CARRIER THO;Lo;0;L;;;;;N;;;;; +15DE;CANADIAN SYLLABICS CARRIER THE;Lo;0;L;;;;;N;;;;; +15DF;CANADIAN SYLLABICS CARRIER THEE;Lo;0;L;;;;;N;;;;; +15E0;CANADIAN SYLLABICS CARRIER THI;Lo;0;L;;;;;N;;;;; +15E1;CANADIAN SYLLABICS CARRIER THA;Lo;0;L;;;;;N;;;;; +15E2;CANADIAN SYLLABICS CARRIER TTU;Lo;0;L;;;;;N;;;;; +15E3;CANADIAN SYLLABICS CARRIER TTO;Lo;0;L;;;;;N;;;;; +15E4;CANADIAN SYLLABICS CARRIER TTE;Lo;0;L;;;;;N;;;;; +15E5;CANADIAN SYLLABICS CARRIER TTEE;Lo;0;L;;;;;N;;;;; +15E6;CANADIAN SYLLABICS CARRIER TTI;Lo;0;L;;;;;N;;;;; +15E7;CANADIAN SYLLABICS CARRIER TTA;Lo;0;L;;;;;N;;;;; +15E8;CANADIAN SYLLABICS CARRIER PU;Lo;0;L;;;;;N;;;;; +15E9;CANADIAN SYLLABICS CARRIER PO;Lo;0;L;;;;;N;;;;; +15EA;CANADIAN SYLLABICS CARRIER PE;Lo;0;L;;;;;N;;;;; +15EB;CANADIAN SYLLABICS CARRIER PEE;Lo;0;L;;;;;N;;;;; +15EC;CANADIAN SYLLABICS CARRIER PI;Lo;0;L;;;;;N;;;;; +15ED;CANADIAN SYLLABICS CARRIER PA;Lo;0;L;;;;;N;;;;; +15EE;CANADIAN SYLLABICS CARRIER P;Lo;0;L;;;;;N;;;;; +15EF;CANADIAN SYLLABICS CARRIER GU;Lo;0;L;;;;;N;;;;; +15F0;CANADIAN SYLLABICS CARRIER GO;Lo;0;L;;;;;N;;;;; +15F1;CANADIAN SYLLABICS CARRIER GE;Lo;0;L;;;;;N;;;;; +15F2;CANADIAN SYLLABICS CARRIER GEE;Lo;0;L;;;;;N;;;;; +15F3;CANADIAN SYLLABICS CARRIER GI;Lo;0;L;;;;;N;;;;; +15F4;CANADIAN SYLLABICS CARRIER GA;Lo;0;L;;;;;N;;;;; +15F5;CANADIAN SYLLABICS CARRIER KHU;Lo;0;L;;;;;N;;;;; +15F6;CANADIAN SYLLABICS CARRIER KHO;Lo;0;L;;;;;N;;;;; +15F7;CANADIAN SYLLABICS CARRIER KHE;Lo;0;L;;;;;N;;;;; +15F8;CANADIAN SYLLABICS CARRIER KHEE;Lo;0;L;;;;;N;;;;; +15F9;CANADIAN SYLLABICS CARRIER KHI;Lo;0;L;;;;;N;;;;; +15FA;CANADIAN SYLLABICS CARRIER KHA;Lo;0;L;;;;;N;;;;; +15FB;CANADIAN SYLLABICS CARRIER KKU;Lo;0;L;;;;;N;;;;; +15FC;CANADIAN SYLLABICS CARRIER KKO;Lo;0;L;;;;;N;;;;; +15FD;CANADIAN SYLLABICS CARRIER KKE;Lo;0;L;;;;;N;;;;; +15FE;CANADIAN SYLLABICS CARRIER KKEE;Lo;0;L;;;;;N;;;;; +15FF;CANADIAN SYLLABICS CARRIER KKI;Lo;0;L;;;;;N;;;;; +1600;CANADIAN SYLLABICS CARRIER KKA;Lo;0;L;;;;;N;;;;; +1601;CANADIAN SYLLABICS CARRIER KK;Lo;0;L;;;;;N;;;;; +1602;CANADIAN SYLLABICS CARRIER NU;Lo;0;L;;;;;N;;;;; +1603;CANADIAN SYLLABICS CARRIER NO;Lo;0;L;;;;;N;;;;; +1604;CANADIAN SYLLABICS CARRIER NE;Lo;0;L;;;;;N;;;;; +1605;CANADIAN SYLLABICS CARRIER NEE;Lo;0;L;;;;;N;;;;; +1606;CANADIAN SYLLABICS CARRIER NI;Lo;0;L;;;;;N;;;;; +1607;CANADIAN SYLLABICS CARRIER NA;Lo;0;L;;;;;N;;;;; +1608;CANADIAN SYLLABICS CARRIER MU;Lo;0;L;;;;;N;;;;; +1609;CANADIAN SYLLABICS CARRIER MO;Lo;0;L;;;;;N;;;;; +160A;CANADIAN SYLLABICS CARRIER ME;Lo;0;L;;;;;N;;;;; +160B;CANADIAN SYLLABICS CARRIER MEE;Lo;0;L;;;;;N;;;;; +160C;CANADIAN SYLLABICS CARRIER MI;Lo;0;L;;;;;N;;;;; +160D;CANADIAN SYLLABICS CARRIER MA;Lo;0;L;;;;;N;;;;; +160E;CANADIAN SYLLABICS CARRIER YU;Lo;0;L;;;;;N;;;;; +160F;CANADIAN SYLLABICS CARRIER YO;Lo;0;L;;;;;N;;;;; +1610;CANADIAN SYLLABICS CARRIER YE;Lo;0;L;;;;;N;;;;; +1611;CANADIAN SYLLABICS CARRIER YEE;Lo;0;L;;;;;N;;;;; +1612;CANADIAN SYLLABICS CARRIER YI;Lo;0;L;;;;;N;;;;; +1613;CANADIAN SYLLABICS CARRIER YA;Lo;0;L;;;;;N;;;;; +1614;CANADIAN SYLLABICS CARRIER JU;Lo;0;L;;;;;N;;;;; +1615;CANADIAN SYLLABICS SAYISI JU;Lo;0;L;;;;;N;;;;; +1616;CANADIAN SYLLABICS CARRIER JO;Lo;0;L;;;;;N;;;;; +1617;CANADIAN SYLLABICS CARRIER JE;Lo;0;L;;;;;N;;;;; +1618;CANADIAN SYLLABICS CARRIER JEE;Lo;0;L;;;;;N;;;;; +1619;CANADIAN SYLLABICS CARRIER JI;Lo;0;L;;;;;N;;;;; +161A;CANADIAN SYLLABICS SAYISI JI;Lo;0;L;;;;;N;;;;; +161B;CANADIAN SYLLABICS CARRIER JA;Lo;0;L;;;;;N;;;;; +161C;CANADIAN SYLLABICS CARRIER JJU;Lo;0;L;;;;;N;;;;; +161D;CANADIAN SYLLABICS CARRIER JJO;Lo;0;L;;;;;N;;;;; +161E;CANADIAN SYLLABICS CARRIER JJE;Lo;0;L;;;;;N;;;;; +161F;CANADIAN SYLLABICS CARRIER JJEE;Lo;0;L;;;;;N;;;;; +1620;CANADIAN SYLLABICS CARRIER JJI;Lo;0;L;;;;;N;;;;; +1621;CANADIAN SYLLABICS CARRIER JJA;Lo;0;L;;;;;N;;;;; +1622;CANADIAN SYLLABICS CARRIER LU;Lo;0;L;;;;;N;;;;; +1623;CANADIAN SYLLABICS CARRIER LO;Lo;0;L;;;;;N;;;;; +1624;CANADIAN SYLLABICS CARRIER LE;Lo;0;L;;;;;N;;;;; +1625;CANADIAN SYLLABICS CARRIER LEE;Lo;0;L;;;;;N;;;;; +1626;CANADIAN SYLLABICS CARRIER LI;Lo;0;L;;;;;N;;;;; +1627;CANADIAN SYLLABICS CARRIER LA;Lo;0;L;;;;;N;;;;; +1628;CANADIAN SYLLABICS CARRIER DLU;Lo;0;L;;;;;N;;;;; +1629;CANADIAN SYLLABICS CARRIER DLO;Lo;0;L;;;;;N;;;;; +162A;CANADIAN SYLLABICS CARRIER DLE;Lo;0;L;;;;;N;;;;; +162B;CANADIAN SYLLABICS CARRIER DLEE;Lo;0;L;;;;;N;;;;; +162C;CANADIAN SYLLABICS CARRIER DLI;Lo;0;L;;;;;N;;;;; +162D;CANADIAN SYLLABICS CARRIER DLA;Lo;0;L;;;;;N;;;;; +162E;CANADIAN SYLLABICS CARRIER LHU;Lo;0;L;;;;;N;;;;; +162F;CANADIAN SYLLABICS CARRIER LHO;Lo;0;L;;;;;N;;;;; +1630;CANADIAN SYLLABICS CARRIER LHE;Lo;0;L;;;;;N;;;;; +1631;CANADIAN SYLLABICS CARRIER LHEE;Lo;0;L;;;;;N;;;;; +1632;CANADIAN SYLLABICS CARRIER LHI;Lo;0;L;;;;;N;;;;; +1633;CANADIAN SYLLABICS CARRIER LHA;Lo;0;L;;;;;N;;;;; +1634;CANADIAN SYLLABICS CARRIER TLHU;Lo;0;L;;;;;N;;;;; +1635;CANADIAN SYLLABICS CARRIER TLHO;Lo;0;L;;;;;N;;;;; +1636;CANADIAN SYLLABICS CARRIER TLHE;Lo;0;L;;;;;N;;;;; +1637;CANADIAN SYLLABICS CARRIER TLHEE;Lo;0;L;;;;;N;;;;; +1638;CANADIAN SYLLABICS CARRIER TLHI;Lo;0;L;;;;;N;;;;; +1639;CANADIAN SYLLABICS CARRIER TLHA;Lo;0;L;;;;;N;;;;; +163A;CANADIAN SYLLABICS CARRIER TLU;Lo;0;L;;;;;N;;;;; +163B;CANADIAN SYLLABICS CARRIER TLO;Lo;0;L;;;;;N;;;;; +163C;CANADIAN SYLLABICS CARRIER TLE;Lo;0;L;;;;;N;;;;; +163D;CANADIAN SYLLABICS CARRIER TLEE;Lo;0;L;;;;;N;;;;; +163E;CANADIAN SYLLABICS CARRIER TLI;Lo;0;L;;;;;N;;;;; +163F;CANADIAN SYLLABICS CARRIER TLA;Lo;0;L;;;;;N;;;;; +1640;CANADIAN SYLLABICS CARRIER ZU;Lo;0;L;;;;;N;;;;; +1641;CANADIAN SYLLABICS CARRIER ZO;Lo;0;L;;;;;N;;;;; +1642;CANADIAN SYLLABICS CARRIER ZE;Lo;0;L;;;;;N;;;;; +1643;CANADIAN SYLLABICS CARRIER ZEE;Lo;0;L;;;;;N;;;;; +1644;CANADIAN SYLLABICS CARRIER ZI;Lo;0;L;;;;;N;;;;; +1645;CANADIAN SYLLABICS CARRIER ZA;Lo;0;L;;;;;N;;;;; +1646;CANADIAN SYLLABICS CARRIER Z;Lo;0;L;;;;;N;;;;; +1647;CANADIAN SYLLABICS CARRIER INITIAL Z;Lo;0;L;;;;;N;;;;; +1648;CANADIAN SYLLABICS CARRIER DZU;Lo;0;L;;;;;N;;;;; +1649;CANADIAN SYLLABICS CARRIER DZO;Lo;0;L;;;;;N;;;;; +164A;CANADIAN SYLLABICS CARRIER DZE;Lo;0;L;;;;;N;;;;; +164B;CANADIAN SYLLABICS CARRIER DZEE;Lo;0;L;;;;;N;;;;; +164C;CANADIAN SYLLABICS CARRIER DZI;Lo;0;L;;;;;N;;;;; +164D;CANADIAN SYLLABICS CARRIER DZA;Lo;0;L;;;;;N;;;;; +164E;CANADIAN SYLLABICS CARRIER SU;Lo;0;L;;;;;N;;;;; +164F;CANADIAN SYLLABICS CARRIER SO;Lo;0;L;;;;;N;;;;; +1650;CANADIAN SYLLABICS CARRIER SE;Lo;0;L;;;;;N;;;;; +1651;CANADIAN SYLLABICS CARRIER SEE;Lo;0;L;;;;;N;;;;; +1652;CANADIAN SYLLABICS CARRIER SI;Lo;0;L;;;;;N;;;;; +1653;CANADIAN SYLLABICS CARRIER SA;Lo;0;L;;;;;N;;;;; +1654;CANADIAN SYLLABICS CARRIER SHU;Lo;0;L;;;;;N;;;;; +1655;CANADIAN SYLLABICS CARRIER SHO;Lo;0;L;;;;;N;;;;; +1656;CANADIAN SYLLABICS CARRIER SHE;Lo;0;L;;;;;N;;;;; +1657;CANADIAN SYLLABICS CARRIER SHEE;Lo;0;L;;;;;N;;;;; +1658;CANADIAN SYLLABICS CARRIER SHI;Lo;0;L;;;;;N;;;;; +1659;CANADIAN SYLLABICS CARRIER SHA;Lo;0;L;;;;;N;;;;; +165A;CANADIAN SYLLABICS CARRIER SH;Lo;0;L;;;;;N;;;;; +165B;CANADIAN SYLLABICS CARRIER TSU;Lo;0;L;;;;;N;;;;; +165C;CANADIAN SYLLABICS CARRIER TSO;Lo;0;L;;;;;N;;;;; +165D;CANADIAN SYLLABICS CARRIER TSE;Lo;0;L;;;;;N;;;;; +165E;CANADIAN SYLLABICS CARRIER TSEE;Lo;0;L;;;;;N;;;;; +165F;CANADIAN SYLLABICS CARRIER TSI;Lo;0;L;;;;;N;;;;; +1660;CANADIAN SYLLABICS CARRIER TSA;Lo;0;L;;;;;N;;;;; +1661;CANADIAN SYLLABICS CARRIER CHU;Lo;0;L;;;;;N;;;;; +1662;CANADIAN SYLLABICS CARRIER CHO;Lo;0;L;;;;;N;;;;; +1663;CANADIAN SYLLABICS CARRIER CHE;Lo;0;L;;;;;N;;;;; +1664;CANADIAN SYLLABICS CARRIER CHEE;Lo;0;L;;;;;N;;;;; +1665;CANADIAN SYLLABICS CARRIER CHI;Lo;0;L;;;;;N;;;;; +1666;CANADIAN SYLLABICS CARRIER CHA;Lo;0;L;;;;;N;;;;; +1667;CANADIAN SYLLABICS CARRIER TTSU;Lo;0;L;;;;;N;;;;; +1668;CANADIAN SYLLABICS CARRIER TTSO;Lo;0;L;;;;;N;;;;; +1669;CANADIAN SYLLABICS CARRIER TTSE;Lo;0;L;;;;;N;;;;; +166A;CANADIAN SYLLABICS CARRIER TTSEE;Lo;0;L;;;;;N;;;;; +166B;CANADIAN SYLLABICS CARRIER TTSI;Lo;0;L;;;;;N;;;;; +166C;CANADIAN SYLLABICS CARRIER TTSA;Lo;0;L;;;;;N;;;;; +166D;CANADIAN SYLLABICS CHI SIGN;Po;0;L;;;;;N;;;;; +166E;CANADIAN SYLLABICS FULL STOP;Po;0;L;;;;;N;;;;; +166F;CANADIAN SYLLABICS QAI;Lo;0;L;;;;;N;;;;; +1670;CANADIAN SYLLABICS NGAI;Lo;0;L;;;;;N;;;;; +1671;CANADIAN SYLLABICS NNGI;Lo;0;L;;;;;N;;;;; +1672;CANADIAN SYLLABICS NNGII;Lo;0;L;;;;;N;;;;; +1673;CANADIAN SYLLABICS NNGO;Lo;0;L;;;;;N;;;;; +1674;CANADIAN SYLLABICS NNGOO;Lo;0;L;;;;;N;;;;; +1675;CANADIAN SYLLABICS NNGA;Lo;0;L;;;;;N;;;;; +1676;CANADIAN SYLLABICS NNGAA;Lo;0;L;;;;;N;;;;; +1680;OGHAM SPACE MARK;Zs;0;WS;;;;;N;;;;; +1681;OGHAM LETTER BEITH;Lo;0;L;;;;;N;;;;; +1682;OGHAM LETTER LUIS;Lo;0;L;;;;;N;;;;; +1683;OGHAM LETTER FEARN;Lo;0;L;;;;;N;;;;; +1684;OGHAM LETTER SAIL;Lo;0;L;;;;;N;;;;; +1685;OGHAM LETTER NION;Lo;0;L;;;;;N;;;;; +1686;OGHAM LETTER UATH;Lo;0;L;;;;;N;;;;; +1687;OGHAM LETTER DAIR;Lo;0;L;;;;;N;;;;; +1688;OGHAM LETTER TINNE;Lo;0;L;;;;;N;;;;; +1689;OGHAM LETTER COLL;Lo;0;L;;;;;N;;;;; +168A;OGHAM LETTER CEIRT;Lo;0;L;;;;;N;;;;; +168B;OGHAM LETTER MUIN;Lo;0;L;;;;;N;;;;; +168C;OGHAM LETTER GORT;Lo;0;L;;;;;N;;;;; +168D;OGHAM LETTER NGEADAL;Lo;0;L;;;;;N;;;;; +168E;OGHAM LETTER STRAIF;Lo;0;L;;;;;N;;;;; +168F;OGHAM LETTER RUIS;Lo;0;L;;;;;N;;;;; +1690;OGHAM LETTER AILM;Lo;0;L;;;;;N;;;;; +1691;OGHAM LETTER ONN;Lo;0;L;;;;;N;;;;; +1692;OGHAM LETTER UR;Lo;0;L;;;;;N;;;;; +1693;OGHAM LETTER EADHADH;Lo;0;L;;;;;N;;;;; +1694;OGHAM LETTER IODHADH;Lo;0;L;;;;;N;;;;; +1695;OGHAM LETTER EABHADH;Lo;0;L;;;;;N;;;;; +1696;OGHAM LETTER OR;Lo;0;L;;;;;N;;;;; +1697;OGHAM LETTER UILLEANN;Lo;0;L;;;;;N;;;;; +1698;OGHAM LETTER IFIN;Lo;0;L;;;;;N;;;;; +1699;OGHAM LETTER EAMHANCHOLL;Lo;0;L;;;;;N;;;;; +169A;OGHAM LETTER PEITH;Lo;0;L;;;;;N;;;;; +169B;OGHAM FEATHER MARK;Ps;0;ON;;;;;N;;;;; +169C;OGHAM REVERSED FEATHER MARK;Pe;0;ON;;;;;N;;;;; +16A0;RUNIC LETTER FEHU FEOH FE F;Lo;0;L;;;;;N;;;;; +16A1;RUNIC LETTER V;Lo;0;L;;;;;N;;;;; +16A2;RUNIC LETTER URUZ UR U;Lo;0;L;;;;;N;;;;; +16A3;RUNIC LETTER YR;Lo;0;L;;;;;N;;;;; +16A4;RUNIC LETTER Y;Lo;0;L;;;;;N;;;;; +16A5;RUNIC LETTER W;Lo;0;L;;;;;N;;;;; +16A6;RUNIC LETTER THURISAZ THURS THORN;Lo;0;L;;;;;N;;;;; +16A7;RUNIC LETTER ETH;Lo;0;L;;;;;N;;;;; +16A8;RUNIC LETTER ANSUZ A;Lo;0;L;;;;;N;;;;; +16A9;RUNIC LETTER OS O;Lo;0;L;;;;;N;;;;; +16AA;RUNIC LETTER AC A;Lo;0;L;;;;;N;;;;; +16AB;RUNIC LETTER AESC;Lo;0;L;;;;;N;;;;; +16AC;RUNIC LETTER LONG-BRANCH-OSS O;Lo;0;L;;;;;N;;;;; +16AD;RUNIC LETTER SHORT-TWIG-OSS O;Lo;0;L;;;;;N;;;;; +16AE;RUNIC LETTER O;Lo;0;L;;;;;N;;;;; +16AF;RUNIC LETTER OE;Lo;0;L;;;;;N;;;;; +16B0;RUNIC LETTER ON;Lo;0;L;;;;;N;;;;; +16B1;RUNIC LETTER RAIDO RAD REID R;Lo;0;L;;;;;N;;;;; +16B2;RUNIC LETTER KAUNA;Lo;0;L;;;;;N;;;;; +16B3;RUNIC LETTER CEN;Lo;0;L;;;;;N;;;;; +16B4;RUNIC LETTER KAUN K;Lo;0;L;;;;;N;;;;; +16B5;RUNIC LETTER G;Lo;0;L;;;;;N;;;;; +16B6;RUNIC LETTER ENG;Lo;0;L;;;;;N;;;;; +16B7;RUNIC LETTER GEBO GYFU G;Lo;0;L;;;;;N;;;;; +16B8;RUNIC LETTER GAR;Lo;0;L;;;;;N;;;;; +16B9;RUNIC LETTER WUNJO WYNN W;Lo;0;L;;;;;N;;;;; +16BA;RUNIC LETTER HAGLAZ H;Lo;0;L;;;;;N;;;;; +16BB;RUNIC LETTER HAEGL H;Lo;0;L;;;;;N;;;;; +16BC;RUNIC LETTER LONG-BRANCH-HAGALL H;Lo;0;L;;;;;N;;;;; +16BD;RUNIC LETTER SHORT-TWIG-HAGALL H;Lo;0;L;;;;;N;;;;; +16BE;RUNIC LETTER NAUDIZ NYD NAUD N;Lo;0;L;;;;;N;;;;; +16BF;RUNIC LETTER SHORT-TWIG-NAUD N;Lo;0;L;;;;;N;;;;; +16C0;RUNIC LETTER DOTTED-N;Lo;0;L;;;;;N;;;;; +16C1;RUNIC LETTER ISAZ IS ISS I;Lo;0;L;;;;;N;;;;; +16C2;RUNIC LETTER E;Lo;0;L;;;;;N;;;;; +16C3;RUNIC LETTER JERAN J;Lo;0;L;;;;;N;;;;; +16C4;RUNIC LETTER GER;Lo;0;L;;;;;N;;;;; +16C5;RUNIC LETTER LONG-BRANCH-AR AE;Lo;0;L;;;;;N;;;;; +16C6;RUNIC LETTER SHORT-TWIG-AR A;Lo;0;L;;;;;N;;;;; +16C7;RUNIC LETTER IWAZ EOH;Lo;0;L;;;;;N;;;;; +16C8;RUNIC LETTER PERTHO PEORTH P;Lo;0;L;;;;;N;;;;; +16C9;RUNIC LETTER ALGIZ EOLHX;Lo;0;L;;;;;N;;;;; +16CA;RUNIC LETTER SOWILO S;Lo;0;L;;;;;N;;;;; +16CB;RUNIC LETTER SIGEL LONG-BRANCH-SOL S;Lo;0;L;;;;;N;;;;; +16CC;RUNIC LETTER SHORT-TWIG-SOL S;Lo;0;L;;;;;N;;;;; +16CD;RUNIC LETTER C;Lo;0;L;;;;;N;;;;; +16CE;RUNIC LETTER Z;Lo;0;L;;;;;N;;;;; +16CF;RUNIC LETTER TIWAZ TIR TYR T;Lo;0;L;;;;;N;;;;; +16D0;RUNIC LETTER SHORT-TWIG-TYR T;Lo;0;L;;;;;N;;;;; +16D1;RUNIC LETTER D;Lo;0;L;;;;;N;;;;; +16D2;RUNIC LETTER BERKANAN BEORC BJARKAN B;Lo;0;L;;;;;N;;;;; +16D3;RUNIC LETTER SHORT-TWIG-BJARKAN B;Lo;0;L;;;;;N;;;;; +16D4;RUNIC LETTER DOTTED-P;Lo;0;L;;;;;N;;;;; +16D5;RUNIC LETTER OPEN-P;Lo;0;L;;;;;N;;;;; +16D6;RUNIC LETTER EHWAZ EH E;Lo;0;L;;;;;N;;;;; +16D7;RUNIC LETTER MANNAZ MAN M;Lo;0;L;;;;;N;;;;; +16D8;RUNIC LETTER LONG-BRANCH-MADR M;Lo;0;L;;;;;N;;;;; +16D9;RUNIC LETTER SHORT-TWIG-MADR M;Lo;0;L;;;;;N;;;;; +16DA;RUNIC LETTER LAUKAZ LAGU LOGR L;Lo;0;L;;;;;N;;;;; +16DB;RUNIC LETTER DOTTED-L;Lo;0;L;;;;;N;;;;; +16DC;RUNIC LETTER INGWAZ;Lo;0;L;;;;;N;;;;; +16DD;RUNIC LETTER ING;Lo;0;L;;;;;N;;;;; +16DE;RUNIC LETTER DAGAZ DAEG D;Lo;0;L;;;;;N;;;;; +16DF;RUNIC LETTER OTHALAN ETHEL O;Lo;0;L;;;;;N;;;;; +16E0;RUNIC LETTER EAR;Lo;0;L;;;;;N;;;;; +16E1;RUNIC LETTER IOR;Lo;0;L;;;;;N;;;;; +16E2;RUNIC LETTER CWEORTH;Lo;0;L;;;;;N;;;;; +16E3;RUNIC LETTER CALC;Lo;0;L;;;;;N;;;;; +16E4;RUNIC LETTER CEALC;Lo;0;L;;;;;N;;;;; +16E5;RUNIC LETTER STAN;Lo;0;L;;;;;N;;;;; +16E6;RUNIC LETTER LONG-BRANCH-YR;Lo;0;L;;;;;N;;;;; +16E7;RUNIC LETTER SHORT-TWIG-YR;Lo;0;L;;;;;N;;;;; +16E8;RUNIC LETTER ICELANDIC-YR;Lo;0;L;;;;;N;;;;; +16E9;RUNIC LETTER Q;Lo;0;L;;;;;N;;;;; +16EA;RUNIC LETTER X;Lo;0;L;;;;;N;;;;; +16EB;RUNIC SINGLE PUNCTUATION;Po;0;L;;;;;N;;;;; +16EC;RUNIC MULTIPLE PUNCTUATION;Po;0;L;;;;;N;;;;; +16ED;RUNIC CROSS PUNCTUATION;Po;0;L;;;;;N;;;;; +16EE;RUNIC ARLAUG SYMBOL;Nl;0;L;;;;17;N;;golden number 17;;; +16EF;RUNIC TVIMADUR SYMBOL;Nl;0;L;;;;18;N;;golden number 18;;; +16F0;RUNIC BELGTHOR SYMBOL;Nl;0;L;;;;19;N;;golden number 19;;; +1700;TAGALOG LETTER A;Lo;0;L;;;;;N;;;;; +1701;TAGALOG LETTER I;Lo;0;L;;;;;N;;;;; +1702;TAGALOG LETTER U;Lo;0;L;;;;;N;;;;; +1703;TAGALOG LETTER KA;Lo;0;L;;;;;N;;;;; +1704;TAGALOG LETTER GA;Lo;0;L;;;;;N;;;;; +1705;TAGALOG LETTER NGA;Lo;0;L;;;;;N;;;;; +1706;TAGALOG LETTER TA;Lo;0;L;;;;;N;;;;; +1707;TAGALOG LETTER DA;Lo;0;L;;;;;N;;;;; +1708;TAGALOG LETTER NA;Lo;0;L;;;;;N;;;;; +1709;TAGALOG LETTER PA;Lo;0;L;;;;;N;;;;; +170A;TAGALOG LETTER BA;Lo;0;L;;;;;N;;;;; +170B;TAGALOG LETTER MA;Lo;0;L;;;;;N;;;;; +170C;TAGALOG LETTER YA;Lo;0;L;;;;;N;;;;; +170E;TAGALOG LETTER LA;Lo;0;L;;;;;N;;;;; +170F;TAGALOG LETTER WA;Lo;0;L;;;;;N;;;;; +1710;TAGALOG LETTER SA;Lo;0;L;;;;;N;;;;; +1711;TAGALOG LETTER HA;Lo;0;L;;;;;N;;;;; +1712;TAGALOG VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1713;TAGALOG VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1714;TAGALOG SIGN VIRAMA;Mn;9;NSM;;;;;N;;;;; +1720;HANUNOO LETTER A;Lo;0;L;;;;;N;;;;; +1721;HANUNOO LETTER I;Lo;0;L;;;;;N;;;;; +1722;HANUNOO LETTER U;Lo;0;L;;;;;N;;;;; +1723;HANUNOO LETTER KA;Lo;0;L;;;;;N;;;;; +1724;HANUNOO LETTER GA;Lo;0;L;;;;;N;;;;; +1725;HANUNOO LETTER NGA;Lo;0;L;;;;;N;;;;; +1726;HANUNOO LETTER TA;Lo;0;L;;;;;N;;;;; +1727;HANUNOO LETTER DA;Lo;0;L;;;;;N;;;;; +1728;HANUNOO LETTER NA;Lo;0;L;;;;;N;;;;; +1729;HANUNOO LETTER PA;Lo;0;L;;;;;N;;;;; +172A;HANUNOO LETTER BA;Lo;0;L;;;;;N;;;;; +172B;HANUNOO LETTER MA;Lo;0;L;;;;;N;;;;; +172C;HANUNOO LETTER YA;Lo;0;L;;;;;N;;;;; +172D;HANUNOO LETTER RA;Lo;0;L;;;;;N;;;;; +172E;HANUNOO LETTER LA;Lo;0;L;;;;;N;;;;; +172F;HANUNOO LETTER WA;Lo;0;L;;;;;N;;;;; +1730;HANUNOO LETTER SA;Lo;0;L;;;;;N;;;;; +1731;HANUNOO LETTER HA;Lo;0;L;;;;;N;;;;; +1732;HANUNOO VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1733;HANUNOO VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1734;HANUNOO SIGN PAMUDPOD;Mn;9;NSM;;;;;N;;;;; +1735;PHILIPPINE SINGLE PUNCTUATION;Po;0;L;;;;;N;;;;; +1736;PHILIPPINE DOUBLE PUNCTUATION;Po;0;L;;;;;N;;;;; +1740;BUHID LETTER A;Lo;0;L;;;;;N;;;;; +1741;BUHID LETTER I;Lo;0;L;;;;;N;;;;; +1742;BUHID LETTER U;Lo;0;L;;;;;N;;;;; +1743;BUHID LETTER KA;Lo;0;L;;;;;N;;;;; +1744;BUHID LETTER GA;Lo;0;L;;;;;N;;;;; +1745;BUHID LETTER NGA;Lo;0;L;;;;;N;;;;; +1746;BUHID LETTER TA;Lo;0;L;;;;;N;;;;; +1747;BUHID LETTER DA;Lo;0;L;;;;;N;;;;; +1748;BUHID LETTER NA;Lo;0;L;;;;;N;;;;; +1749;BUHID LETTER PA;Lo;0;L;;;;;N;;;;; +174A;BUHID LETTER BA;Lo;0;L;;;;;N;;;;; +174B;BUHID LETTER MA;Lo;0;L;;;;;N;;;;; +174C;BUHID LETTER YA;Lo;0;L;;;;;N;;;;; +174D;BUHID LETTER RA;Lo;0;L;;;;;N;;;;; +174E;BUHID LETTER LA;Lo;0;L;;;;;N;;;;; +174F;BUHID LETTER WA;Lo;0;L;;;;;N;;;;; +1750;BUHID LETTER SA;Lo;0;L;;;;;N;;;;; +1751;BUHID LETTER HA;Lo;0;L;;;;;N;;;;; +1752;BUHID VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1753;BUHID VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1760;TAGBANWA LETTER A;Lo;0;L;;;;;N;;;;; +1761;TAGBANWA LETTER I;Lo;0;L;;;;;N;;;;; +1762;TAGBANWA LETTER U;Lo;0;L;;;;;N;;;;; +1763;TAGBANWA LETTER KA;Lo;0;L;;;;;N;;;;; +1764;TAGBANWA LETTER GA;Lo;0;L;;;;;N;;;;; +1765;TAGBANWA LETTER NGA;Lo;0;L;;;;;N;;;;; +1766;TAGBANWA LETTER TA;Lo;0;L;;;;;N;;;;; +1767;TAGBANWA LETTER DA;Lo;0;L;;;;;N;;;;; +1768;TAGBANWA LETTER NA;Lo;0;L;;;;;N;;;;; +1769;TAGBANWA LETTER PA;Lo;0;L;;;;;N;;;;; +176A;TAGBANWA LETTER BA;Lo;0;L;;;;;N;;;;; +176B;TAGBANWA LETTER MA;Lo;0;L;;;;;N;;;;; +176C;TAGBANWA LETTER YA;Lo;0;L;;;;;N;;;;; +176E;TAGBANWA LETTER LA;Lo;0;L;;;;;N;;;;; +176F;TAGBANWA LETTER WA;Lo;0;L;;;;;N;;;;; +1770;TAGBANWA LETTER SA;Lo;0;L;;;;;N;;;;; +1772;TAGBANWA VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +1773;TAGBANWA VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +1780;KHMER LETTER KA;Lo;0;L;;;;;N;;;;; +1781;KHMER LETTER KHA;Lo;0;L;;;;;N;;;;; +1782;KHMER LETTER KO;Lo;0;L;;;;;N;;;;; +1783;KHMER LETTER KHO;Lo;0;L;;;;;N;;;;; +1784;KHMER LETTER NGO;Lo;0;L;;;;;N;;;;; +1785;KHMER LETTER CA;Lo;0;L;;;;;N;;;;; +1786;KHMER LETTER CHA;Lo;0;L;;;;;N;;;;; +1787;KHMER LETTER CO;Lo;0;L;;;;;N;;;;; +1788;KHMER LETTER CHO;Lo;0;L;;;;;N;;;;; +1789;KHMER LETTER NYO;Lo;0;L;;;;;N;;;;; +178A;KHMER LETTER DA;Lo;0;L;;;;;N;;;;; +178B;KHMER LETTER TTHA;Lo;0;L;;;;;N;;;;; +178C;KHMER LETTER DO;Lo;0;L;;;;;N;;;;; +178D;KHMER LETTER TTHO;Lo;0;L;;;;;N;;;;; +178E;KHMER LETTER NNO;Lo;0;L;;;;;N;;;;; +178F;KHMER LETTER TA;Lo;0;L;;;;;N;;;;; +1790;KHMER LETTER THA;Lo;0;L;;;;;N;;;;; +1791;KHMER LETTER TO;Lo;0;L;;;;;N;;;;; +1792;KHMER LETTER THO;Lo;0;L;;;;;N;;;;; +1793;KHMER LETTER NO;Lo;0;L;;;;;N;;;;; +1794;KHMER LETTER BA;Lo;0;L;;;;;N;;;;; +1795;KHMER LETTER PHA;Lo;0;L;;;;;N;;;;; +1796;KHMER LETTER PO;Lo;0;L;;;;;N;;;;; +1797;KHMER LETTER PHO;Lo;0;L;;;;;N;;;;; +1798;KHMER LETTER MO;Lo;0;L;;;;;N;;;;; +1799;KHMER LETTER YO;Lo;0;L;;;;;N;;;;; +179A;KHMER LETTER RO;Lo;0;L;;;;;N;;;;; +179B;KHMER LETTER LO;Lo;0;L;;;;;N;;;;; +179C;KHMER LETTER VO;Lo;0;L;;;;;N;;;;; +179D;KHMER LETTER SHA;Lo;0;L;;;;;N;;;;; +179E;KHMER LETTER SSO;Lo;0;L;;;;;N;;;;; +179F;KHMER LETTER SA;Lo;0;L;;;;;N;;;;; +17A0;KHMER LETTER HA;Lo;0;L;;;;;N;;;;; +17A1;KHMER LETTER LA;Lo;0;L;;;;;N;;;;; +17A2;KHMER LETTER QA;Lo;0;L;;;;;N;;;;; +17A3;KHMER INDEPENDENT VOWEL QAQ;Lo;0;L;;;;;N;;;;; +17A4;KHMER INDEPENDENT VOWEL QAA;Lo;0;L;;;;;N;;;;; +17A5;KHMER INDEPENDENT VOWEL QI;Lo;0;L;;;;;N;;;;; +17A6;KHMER INDEPENDENT VOWEL QII;Lo;0;L;;;;;N;;;;; +17A7;KHMER INDEPENDENT VOWEL QU;Lo;0;L;;;;;N;;;;; +17A8;KHMER INDEPENDENT VOWEL QUK;Lo;0;L;;;;;N;;;;; +17A9;KHMER INDEPENDENT VOWEL QUU;Lo;0;L;;;;;N;;;;; +17AA;KHMER INDEPENDENT VOWEL QUUV;Lo;0;L;;;;;N;;;;; +17AB;KHMER INDEPENDENT VOWEL RY;Lo;0;L;;;;;N;;;;; +17AC;KHMER INDEPENDENT VOWEL RYY;Lo;0;L;;;;;N;;;;; +17AD;KHMER INDEPENDENT VOWEL LY;Lo;0;L;;;;;N;;;;; +17AE;KHMER INDEPENDENT VOWEL LYY;Lo;0;L;;;;;N;;;;; +17AF;KHMER INDEPENDENT VOWEL QE;Lo;0;L;;;;;N;;;;; +17B0;KHMER INDEPENDENT VOWEL QAI;Lo;0;L;;;;;N;;;;; +17B1;KHMER INDEPENDENT VOWEL QOO TYPE ONE;Lo;0;L;;;;;N;;;;; +17B2;KHMER INDEPENDENT VOWEL QOO TYPE TWO;Lo;0;L;;;;;N;;;;; +17B3;KHMER INDEPENDENT VOWEL QAU;Lo;0;L;;;;;N;;;;; +17B4;KHMER VOWEL INHERENT AQ;Mc;0;L;;;;;N;;;;; +17B5;KHMER VOWEL INHERENT AA;Mc;0;L;;;;;N;;;;; +17B6;KHMER VOWEL SIGN AA;Mc;0;L;;;;;N;;;;; +17B7;KHMER VOWEL SIGN I;Mn;0;NSM;;;;;N;;;;; +17B8;KHMER VOWEL SIGN II;Mn;0;NSM;;;;;N;;;;; +17B9;KHMER VOWEL SIGN Y;Mn;0;NSM;;;;;N;;;;; +17BA;KHMER VOWEL SIGN YY;Mn;0;NSM;;;;;N;;;;; +17BB;KHMER VOWEL SIGN U;Mn;0;NSM;;;;;N;;;;; +17BC;KHMER VOWEL SIGN UU;Mn;0;NSM;;;;;N;;;;; +17BD;KHMER VOWEL SIGN UA;Mn;0;NSM;;;;;N;;;;; +17BE;KHMER VOWEL SIGN OE;Mc;0;L;;;;;N;;;;; +17BF;KHMER VOWEL SIGN YA;Mc;0;L;;;;;N;;;;; +17C0;KHMER VOWEL SIGN IE;Mc;0;L;;;;;N;;;;; +17C1;KHMER VOWEL SIGN E;Mc;0;L;;;;;N;;;;; +17C2;KHMER VOWEL SIGN AE;Mc;0;L;;;;;N;;;;; +17C3;KHMER VOWEL SIGN AI;Mc;0;L;;;;;N;;;;; +17C4;KHMER VOWEL SIGN OO;Mc;0;L;;;;;N;;;;; +17C5;KHMER VOWEL SIGN AU;Mc;0;L;;;;;N;;;;; +17C6;KHMER SIGN NIKAHIT;Mn;0;NSM;;;;;N;;;;; +17C7;KHMER SIGN REAHMUK;Mc;0;L;;;;;N;;;;; +17C8;KHMER SIGN YUUKALEAPINTU;Mc;0;L;;;;;N;;;;; +17C9;KHMER SIGN MUUSIKATOAN;Mn;0;NSM;;;;;N;;;;; +17CA;KHMER SIGN TRIISAP;Mn;0;NSM;;;;;N;;;;; +17CB;KHMER SIGN BANTOC;Mn;0;NSM;;;;;N;;;;; +17CC;KHMER SIGN ROBAT;Mn;0;NSM;;;;;N;;;;; +17CD;KHMER SIGN TOANDAKHIAT;Mn;0;NSM;;;;;N;;;;; +17CE;KHMER SIGN KAKABAT;Mn;0;NSM;;;;;N;;;;; +17CF;KHMER SIGN AHSDA;Mn;0;NSM;;;;;N;;;;; +17D0;KHMER SIGN SAMYOK SANNYA;Mn;0;NSM;;;;;N;;;;; +17D1;KHMER SIGN VIRIAM;Mn;0;NSM;;;;;N;;;;; +17D2;KHMER SIGN COENG;Mn;9;NSM;;;;;N;;;;; +17D3;KHMER SIGN BATHAMASAT;Mn;0;NSM;;;;;N;;;;; +17D4;KHMER SIGN KHAN;Po;0;L;;;;;N;;;;; +17D5;KHMER SIGN BARIYOOSAN;Po;0;L;;;;;N;;;;; +17D6;KHMER SIGN CAMNUC PII KUUH;Po;0;L;;;;;N;;;;; +17D7;KHMER SIGN LEK TOO;Lm;0;L;;;;;N;;;;; +17D8;KHMER SIGN BEYYAL;Po;0;L;;;;;N;;;;; +17D9;KHMER SIGN PHNAEK MUAN;Po;0;L;;;;;N;;;;; +17DA;KHMER SIGN KOOMUUT;Po;0;L;;;;;N;;;;; +17DB;KHMER CURRENCY SYMBOL RIEL;Sc;0;ET;;;;;N;;;;; +17DC;KHMER SIGN AVAKRAHASANYA;Lo;0;L;;;;;N;;;;; +17E0;KHMER DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +17E1;KHMER DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +17E2;KHMER DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +17E3;KHMER DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +17E4;KHMER DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +17E5;KHMER DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +17E6;KHMER DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +17E7;KHMER DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +17E8;KHMER DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +17E9;KHMER DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +1800;MONGOLIAN BIRGA;Po;0;ON;;;;;N;;;;; +1801;MONGOLIAN ELLIPSIS;Po;0;ON;;;;;N;;;;; +1802;MONGOLIAN COMMA;Po;0;ON;;;;;N;;;;; +1803;MONGOLIAN FULL STOP;Po;0;ON;;;;;N;;;;; +1804;MONGOLIAN COLON;Po;0;ON;;;;;N;;;;; +1805;MONGOLIAN FOUR DOTS;Po;0;ON;;;;;N;;;;; +1806;MONGOLIAN TODO SOFT HYPHEN;Pd;0;ON;;;;;N;;;;; +1807;MONGOLIAN SIBE SYLLABLE BOUNDARY MARKER;Po;0;ON;;;;;N;;;;; +1808;MONGOLIAN MANCHU COMMA;Po;0;ON;;;;;N;;;;; +1809;MONGOLIAN MANCHU FULL STOP;Po;0;ON;;;;;N;;;;; +180A;MONGOLIAN NIRUGU;Po;0;ON;;;;;N;;;;; +180B;MONGOLIAN FREE VARIATION SELECTOR ONE;Mn;0;NSM;;;;;N;;;;; +180C;MONGOLIAN FREE VARIATION SELECTOR TWO;Mn;0;NSM;;;;;N;;;;; +180D;MONGOLIAN FREE VARIATION SELECTOR THREE;Mn;0;NSM;;;;;N;;;;; +180E;MONGOLIAN VOWEL SEPARATOR;Cf;0;BN;;;;;N;;;;; +1810;MONGOLIAN DIGIT ZERO;Nd;0;L;;0;0;0;N;;;;; +1811;MONGOLIAN DIGIT ONE;Nd;0;L;;1;1;1;N;;;;; +1812;MONGOLIAN DIGIT TWO;Nd;0;L;;2;2;2;N;;;;; +1813;MONGOLIAN DIGIT THREE;Nd;0;L;;3;3;3;N;;;;; +1814;MONGOLIAN DIGIT FOUR;Nd;0;L;;4;4;4;N;;;;; +1815;MONGOLIAN DIGIT FIVE;Nd;0;L;;5;5;5;N;;;;; +1816;MONGOLIAN DIGIT SIX;Nd;0;L;;6;6;6;N;;;;; +1817;MONGOLIAN DIGIT SEVEN;Nd;0;L;;7;7;7;N;;;;; +1818;MONGOLIAN DIGIT EIGHT;Nd;0;L;;8;8;8;N;;;;; +1819;MONGOLIAN DIGIT NINE;Nd;0;L;;9;9;9;N;;;;; +1820;MONGOLIAN LETTER A;Lo;0;L;;;;;N;;;;; +1821;MONGOLIAN LETTER E;Lo;0;L;;;;;N;;;;; +1822;MONGOLIAN LETTER I;Lo;0;L;;;;;N;;;;; +1823;MONGOLIAN LETTER O;Lo;0;L;;;;;N;;;;; +1824;MONGOLIAN LETTER U;Lo;0;L;;;;;N;;;;; +1825;MONGOLIAN LETTER OE;Lo;0;L;;;;;N;;;;; +1826;MONGOLIAN LETTER UE;Lo;0;L;;;;;N;;;;; +1827;MONGOLIAN LETTER EE;Lo;0;L;;;;;N;;;;; +1828;MONGOLIAN LETTER NA;Lo;0;L;;;;;N;;;;; +1829;MONGOLIAN LETTER ANG;Lo;0;L;;;;;N;;;;; +182A;MONGOLIAN LETTER BA;Lo;0;L;;;;;N;;;;; +182B;MONGOLIAN LETTER PA;Lo;0;L;;;;;N;;;;; +182C;MONGOLIAN LETTER QA;Lo;0;L;;;;;N;;;;; +182D;MONGOLIAN LETTER GA;Lo;0;L;;;;;N;;;;; +182E;MONGOLIAN LETTER MA;Lo;0;L;;;;;N;;;;; +182F;MONGOLIAN LETTER LA;Lo;0;L;;;;;N;;;;; +1830;MONGOLIAN LETTER SA;Lo;0;L;;;;;N;;;;; +1831;MONGOLIAN LETTER SHA;Lo;0;L;;;;;N;;;;; +1832;MONGOLIAN LETTER TA;Lo;0;L;;;;;N;;;;; +1833;MONGOLIAN LETTER DA;Lo;0;L;;;;;N;;;;; +1834;MONGOLIAN LETTER CHA;Lo;0;L;;;;;N;;;;; +1835;MONGOLIAN LETTER JA;Lo;0;L;;;;;N;;;;; +1836;MONGOLIAN LETTER YA;Lo;0;L;;;;;N;;;;; +1837;MONGOLIAN LETTER RA;Lo;0;L;;;;;N;;;;; +1838;MONGOLIAN LETTER WA;Lo;0;L;;;;;N;;;;; +1839;MONGOLIAN LETTER FA;Lo;0;L;;;;;N;;;;; +183A;MONGOLIAN LETTER KA;Lo;0;L;;;;;N;;;;; +183B;MONGOLIAN LETTER KHA;Lo;0;L;;;;;N;;;;; +183C;MONGOLIAN LETTER TSA;Lo;0;L;;;;;N;;;;; +183D;MONGOLIAN LETTER ZA;Lo;0;L;;;;;N;;;;; +183E;MONGOLIAN LETTER HAA;Lo;0;L;;;;;N;;;;; +183F;MONGOLIAN LETTER ZRA;Lo;0;L;;;;;N;;;;; +1840;MONGOLIAN LETTER LHA;Lo;0;L;;;;;N;;;;; +1841;MONGOLIAN LETTER ZHI;Lo;0;L;;;;;N;;;;; +1842;MONGOLIAN LETTER CHI;Lo;0;L;;;;;N;;;;; +1843;MONGOLIAN LETTER TODO LONG VOWEL SIGN;Lm;0;L;;;;;N;;;;; +1844;MONGOLIAN LETTER TODO E;Lo;0;L;;;;;N;;;;; +1845;MONGOLIAN LETTER TODO I;Lo;0;L;;;;;N;;;;; +1846;MONGOLIAN LETTER TODO O;Lo;0;L;;;;;N;;;;; +1847;MONGOLIAN LETTER TODO U;Lo;0;L;;;;;N;;;;; +1848;MONGOLIAN LETTER TODO OE;Lo;0;L;;;;;N;;;;; +1849;MONGOLIAN LETTER TODO UE;Lo;0;L;;;;;N;;;;; +184A;MONGOLIAN LETTER TODO ANG;Lo;0;L;;;;;N;;;;; +184B;MONGOLIAN LETTER TODO BA;Lo;0;L;;;;;N;;;;; +184C;MONGOLIAN LETTER TODO PA;Lo;0;L;;;;;N;;;;; +184D;MONGOLIAN LETTER TODO QA;Lo;0;L;;;;;N;;;;; +184E;MONGOLIAN LETTER TODO GA;Lo;0;L;;;;;N;;;;; +184F;MONGOLIAN LETTER TODO MA;Lo;0;L;;;;;N;;;;; +1850;MONGOLIAN LETTER TODO TA;Lo;0;L;;;;;N;;;;; +1851;MONGOLIAN LETTER TODO DA;Lo;0;L;;;;;N;;;;; +1852;MONGOLIAN LETTER TODO CHA;Lo;0;L;;;;;N;;;;; +1853;MONGOLIAN LETTER TODO JA;Lo;0;L;;;;;N;;;;; +1854;MONGOLIAN LETTER TODO TSA;Lo;0;L;;;;;N;;;;; +1855;MONGOLIAN LETTER TODO YA;Lo;0;L;;;;;N;;;;; +1856;MONGOLIAN LETTER TODO WA;Lo;0;L;;;;;N;;;;; +1857;MONGOLIAN LETTER TODO KA;Lo;0;L;;;;;N;;;;; +1858;MONGOLIAN LETTER TODO GAA;Lo;0;L;;;;;N;;;;; +1859;MONGOLIAN LETTER TODO HAA;Lo;0;L;;;;;N;;;;; +185A;MONGOLIAN LETTER TODO JIA;Lo;0;L;;;;;N;;;;; +185B;MONGOLIAN LETTER TODO NIA;Lo;0;L;;;;;N;;;;; +185C;MONGOLIAN LETTER TODO DZA;Lo;0;L;;;;;N;;;;; +185D;MONGOLIAN LETTER SIBE E;Lo;0;L;;;;;N;;;;; +185E;MONGOLIAN LETTER SIBE I;Lo;0;L;;;;;N;;;;; +185F;MONGOLIAN LETTER SIBE IY;Lo;0;L;;;;;N;;;;; +1860;MONGOLIAN LETTER SIBE UE;Lo;0;L;;;;;N;;;;; +1861;MONGOLIAN LETTER SIBE U;Lo;0;L;;;;;N;;;;; +1862;MONGOLIAN LETTER SIBE ANG;Lo;0;L;;;;;N;;;;; +1863;MONGOLIAN LETTER SIBE KA;Lo;0;L;;;;;N;;;;; +1864;MONGOLIAN LETTER SIBE GA;Lo;0;L;;;;;N;;;;; +1865;MONGOLIAN LETTER SIBE HA;Lo;0;L;;;;;N;;;;; +1866;MONGOLIAN LETTER SIBE PA;Lo;0;L;;;;;N;;;;; +1867;MONGOLIAN LETTER SIBE SHA;Lo;0;L;;;;;N;;;;; +1868;MONGOLIAN LETTER SIBE TA;Lo;0;L;;;;;N;;;;; +1869;MONGOLIAN LETTER SIBE DA;Lo;0;L;;;;;N;;;;; +186A;MONGOLIAN LETTER SIBE JA;Lo;0;L;;;;;N;;;;; +186B;MONGOLIAN LETTER SIBE FA;Lo;0;L;;;;;N;;;;; +186C;MONGOLIAN LETTER SIBE GAA;Lo;0;L;;;;;N;;;;; +186D;MONGOLIAN LETTER SIBE HAA;Lo;0;L;;;;;N;;;;; +186E;MONGOLIAN LETTER SIBE TSA;Lo;0;L;;;;;N;;;;; +186F;MONGOLIAN LETTER SIBE ZA;Lo;0;L;;;;;N;;;;; +1870;MONGOLIAN LETTER SIBE RAA;Lo;0;L;;;;;N;;;;; +1871;MONGOLIAN LETTER SIBE CHA;Lo;0;L;;;;;N;;;;; +1872;MONGOLIAN LETTER SIBE ZHA;Lo;0;L;;;;;N;;;;; +1873;MONGOLIAN LETTER MANCHU I;Lo;0;L;;;;;N;;;;; +1874;MONGOLIAN LETTER MANCHU KA;Lo;0;L;;;;;N;;;;; +1875;MONGOLIAN LETTER MANCHU RA;Lo;0;L;;;;;N;;;;; +1876;MONGOLIAN LETTER MANCHU FA;Lo;0;L;;;;;N;;;;; +1877;MONGOLIAN LETTER MANCHU ZHA;Lo;0;L;;;;;N;;;;; +1880;MONGOLIAN LETTER ALI GALI ANUSVARA ONE;Lo;0;L;;;;;N;;;;; +1881;MONGOLIAN LETTER ALI GALI VISARGA ONE;Lo;0;L;;;;;N;;;;; +1882;MONGOLIAN LETTER ALI GALI DAMARU;Lo;0;L;;;;;N;;;;; +1883;MONGOLIAN LETTER ALI GALI UBADAMA;Lo;0;L;;;;;N;;;;; +1884;MONGOLIAN LETTER ALI GALI INVERTED UBADAMA;Lo;0;L;;;;;N;;;;; +1885;MONGOLIAN LETTER ALI GALI BALUDA;Lo;0;L;;;;;N;;;;; +1886;MONGOLIAN LETTER ALI GALI THREE BALUDA;Lo;0;L;;;;;N;;;;; +1887;MONGOLIAN LETTER ALI GALI A;Lo;0;L;;;;;N;;;;; +1888;MONGOLIAN LETTER ALI GALI I;Lo;0;L;;;;;N;;;;; +1889;MONGOLIAN LETTER ALI GALI KA;Lo;0;L;;;;;N;;;;; +188A;MONGOLIAN LETTER ALI GALI NGA;Lo;0;L;;;;;N;;;;; +188B;MONGOLIAN LETTER ALI GALI CA;Lo;0;L;;;;;N;;;;; +188C;MONGOLIAN LETTER ALI GALI TTA;Lo;0;L;;;;;N;;;;; +188D;MONGOLIAN LETTER ALI GALI TTHA;Lo;0;L;;;;;N;;;;; +188E;MONGOLIAN LETTER ALI GALI DDA;Lo;0;L;;;;;N;;;;; +188F;MONGOLIAN LETTER ALI GALI NNA;Lo;0;L;;;;;N;;;;; +1890;MONGOLIAN LETTER ALI GALI TA;Lo;0;L;;;;;N;;;;; +1891;MONGOLIAN LETTER ALI GALI DA;Lo;0;L;;;;;N;;;;; +1892;MONGOLIAN LETTER ALI GALI PA;Lo;0;L;;;;;N;;;;; +1893;MONGOLIAN LETTER ALI GALI PHA;Lo;0;L;;;;;N;;;;; +1894;MONGOLIAN LETTER ALI GALI SSA;Lo;0;L;;;;;N;;;;; +1895;MONGOLIAN LETTER ALI GALI ZHA;Lo;0;L;;;;;N;;;;; +1896;MONGOLIAN LETTER ALI GALI ZA;Lo;0;L;;;;;N;;;;; +1897;MONGOLIAN LETTER ALI GALI AH;Lo;0;L;;;;;N;;;;; +1898;MONGOLIAN LETTER TODO ALI GALI TA;Lo;0;L;;;;;N;;;;; +1899;MONGOLIAN LETTER TODO ALI GALI ZHA;Lo;0;L;;;;;N;;;;; +189A;MONGOLIAN LETTER MANCHU ALI GALI GHA;Lo;0;L;;;;;N;;;;; +189B;MONGOLIAN LETTER MANCHU ALI GALI NGA;Lo;0;L;;;;;N;;;;; +189C;MONGOLIAN LETTER MANCHU ALI GALI CA;Lo;0;L;;;;;N;;;;; +189D;MONGOLIAN LETTER MANCHU ALI GALI JHA;Lo;0;L;;;;;N;;;;; +189E;MONGOLIAN LETTER MANCHU ALI GALI TTA;Lo;0;L;;;;;N;;;;; +189F;MONGOLIAN LETTER MANCHU ALI GALI DDHA;Lo;0;L;;;;;N;;;;; +18A0;MONGOLIAN LETTER MANCHU ALI GALI TA;Lo;0;L;;;;;N;;;;; +18A1;MONGOLIAN LETTER MANCHU ALI GALI DHA;Lo;0;L;;;;;N;;;;; +18A2;MONGOLIAN LETTER MANCHU ALI GALI SSA;Lo;0;L;;;;;N;;;;; +18A3;MONGOLIAN LETTER MANCHU ALI GALI CYA;Lo;0;L;;;;;N;;;;; +18A4;MONGOLIAN LETTER MANCHU ALI GALI ZHA;Lo;0;L;;;;;N;;;;; +18A5;MONGOLIAN LETTER MANCHU ALI GALI ZA;Lo;0;L;;;;;N;;;;; +18A6;MONGOLIAN LETTER ALI GALI HALF U;Lo;0;L;;;;;N;;;;; +18A7;MONGOLIAN LETTER ALI GALI HALF YA;Lo;0;L;;;;;N;;;;; +18A8;MONGOLIAN LETTER MANCHU ALI GALI BHA;Lo;0;L;;;;;N;;;;; +18A9;MONGOLIAN LETTER ALI GALI DAGALGA;Mn;228;NSM;;;;;N;;;;; +1E00;LATIN CAPITAL LETTER A WITH RING BELOW;Lu;0;L;0041 0325;;;;N;;;;1E01; +1E01;LATIN SMALL LETTER A WITH RING BELOW;Ll;0;L;0061 0325;;;;N;;;1E00;;1E00 +1E02;LATIN CAPITAL LETTER B WITH DOT ABOVE;Lu;0;L;0042 0307;;;;N;;;;1E03; +1E03;LATIN SMALL LETTER B WITH DOT ABOVE;Ll;0;L;0062 0307;;;;N;;;1E02;;1E02 +1E04;LATIN CAPITAL LETTER B WITH DOT BELOW;Lu;0;L;0042 0323;;;;N;;;;1E05; +1E05;LATIN SMALL LETTER B WITH DOT BELOW;Ll;0;L;0062 0323;;;;N;;;1E04;;1E04 +1E06;LATIN CAPITAL LETTER B WITH LINE BELOW;Lu;0;L;0042 0331;;;;N;;;;1E07; +1E07;LATIN SMALL LETTER B WITH LINE BELOW;Ll;0;L;0062 0331;;;;N;;;1E06;;1E06 +1E08;LATIN CAPITAL LETTER C WITH CEDILLA AND ACUTE;Lu;0;L;00C7 0301;;;;N;;;;1E09; +1E09;LATIN SMALL LETTER C WITH CEDILLA AND ACUTE;Ll;0;L;00E7 0301;;;;N;;;1E08;;1E08 +1E0A;LATIN CAPITAL LETTER D WITH DOT ABOVE;Lu;0;L;0044 0307;;;;N;;;;1E0B; +1E0B;LATIN SMALL LETTER D WITH DOT ABOVE;Ll;0;L;0064 0307;;;;N;;;1E0A;;1E0A +1E0C;LATIN CAPITAL LETTER D WITH DOT BELOW;Lu;0;L;0044 0323;;;;N;;;;1E0D; +1E0D;LATIN SMALL LETTER D WITH DOT BELOW;Ll;0;L;0064 0323;;;;N;;;1E0C;;1E0C +1E0E;LATIN CAPITAL LETTER D WITH LINE BELOW;Lu;0;L;0044 0331;;;;N;;;;1E0F; +1E0F;LATIN SMALL LETTER D WITH LINE BELOW;Ll;0;L;0064 0331;;;;N;;;1E0E;;1E0E +1E10;LATIN CAPITAL LETTER D WITH CEDILLA;Lu;0;L;0044 0327;;;;N;;;;1E11; +1E11;LATIN SMALL LETTER D WITH CEDILLA;Ll;0;L;0064 0327;;;;N;;;1E10;;1E10 +1E12;LATIN CAPITAL LETTER D WITH CIRCUMFLEX BELOW;Lu;0;L;0044 032D;;;;N;;;;1E13; +1E13;LATIN SMALL LETTER D WITH CIRCUMFLEX BELOW;Ll;0;L;0064 032D;;;;N;;;1E12;;1E12 +1E14;LATIN CAPITAL LETTER E WITH MACRON AND GRAVE;Lu;0;L;0112 0300;;;;N;;;;1E15; +1E15;LATIN SMALL LETTER E WITH MACRON AND GRAVE;Ll;0;L;0113 0300;;;;N;;;1E14;;1E14 +1E16;LATIN CAPITAL LETTER E WITH MACRON AND ACUTE;Lu;0;L;0112 0301;;;;N;;;;1E17; +1E17;LATIN SMALL LETTER E WITH MACRON AND ACUTE;Ll;0;L;0113 0301;;;;N;;;1E16;;1E16 +1E18;LATIN CAPITAL LETTER E WITH CIRCUMFLEX BELOW;Lu;0;L;0045 032D;;;;N;;;;1E19; +1E19;LATIN SMALL LETTER E WITH CIRCUMFLEX BELOW;Ll;0;L;0065 032D;;;;N;;;1E18;;1E18 +1E1A;LATIN CAPITAL LETTER E WITH TILDE BELOW;Lu;0;L;0045 0330;;;;N;;;;1E1B; +1E1B;LATIN SMALL LETTER E WITH TILDE BELOW;Ll;0;L;0065 0330;;;;N;;;1E1A;;1E1A +1E1C;LATIN CAPITAL LETTER E WITH CEDILLA AND BREVE;Lu;0;L;0228 0306;;;;N;;;;1E1D; +1E1D;LATIN SMALL LETTER E WITH CEDILLA AND BREVE;Ll;0;L;0229 0306;;;;N;;;1E1C;;1E1C +1E1E;LATIN CAPITAL LETTER F WITH DOT ABOVE;Lu;0;L;0046 0307;;;;N;;;;1E1F; +1E1F;LATIN SMALL LETTER F WITH DOT ABOVE;Ll;0;L;0066 0307;;;;N;;;1E1E;;1E1E +1E20;LATIN CAPITAL LETTER G WITH MACRON;Lu;0;L;0047 0304;;;;N;;;;1E21; +1E21;LATIN SMALL LETTER G WITH MACRON;Ll;0;L;0067 0304;;;;N;;;1E20;;1E20 +1E22;LATIN CAPITAL LETTER H WITH DOT ABOVE;Lu;0;L;0048 0307;;;;N;;;;1E23; +1E23;LATIN SMALL LETTER H WITH DOT ABOVE;Ll;0;L;0068 0307;;;;N;;;1E22;;1E22 +1E24;LATIN CAPITAL LETTER H WITH DOT BELOW;Lu;0;L;0048 0323;;;;N;;;;1E25; +1E25;LATIN SMALL LETTER H WITH DOT BELOW;Ll;0;L;0068 0323;;;;N;;;1E24;;1E24 +1E26;LATIN CAPITAL LETTER H WITH DIAERESIS;Lu;0;L;0048 0308;;;;N;;;;1E27; +1E27;LATIN SMALL LETTER H WITH DIAERESIS;Ll;0;L;0068 0308;;;;N;;;1E26;;1E26 +1E28;LATIN CAPITAL LETTER H WITH CEDILLA;Lu;0;L;0048 0327;;;;N;;;;1E29; +1E29;LATIN SMALL LETTER H WITH CEDILLA;Ll;0;L;0068 0327;;;;N;;;1E28;;1E28 +1E2A;LATIN CAPITAL LETTER H WITH BREVE BELOW;Lu;0;L;0048 032E;;;;N;;;;1E2B; +1E2B;LATIN SMALL LETTER H WITH BREVE BELOW;Ll;0;L;0068 032E;;;;N;;;1E2A;;1E2A +1E2C;LATIN CAPITAL LETTER I WITH TILDE BELOW;Lu;0;L;0049 0330;;;;N;;;;1E2D; +1E2D;LATIN SMALL LETTER I WITH TILDE BELOW;Ll;0;L;0069 0330;;;;N;;;1E2C;;1E2C +1E2E;LATIN CAPITAL LETTER I WITH DIAERESIS AND ACUTE;Lu;0;L;00CF 0301;;;;N;;;;1E2F; +1E2F;LATIN SMALL LETTER I WITH DIAERESIS AND ACUTE;Ll;0;L;00EF 0301;;;;N;;;1E2E;;1E2E +1E30;LATIN CAPITAL LETTER K WITH ACUTE;Lu;0;L;004B 0301;;;;N;;;;1E31; +1E31;LATIN SMALL LETTER K WITH ACUTE;Ll;0;L;006B 0301;;;;N;;;1E30;;1E30 +1E32;LATIN CAPITAL LETTER K WITH DOT BELOW;Lu;0;L;004B 0323;;;;N;;;;1E33; +1E33;LATIN SMALL LETTER K WITH DOT BELOW;Ll;0;L;006B 0323;;;;N;;;1E32;;1E32 +1E34;LATIN CAPITAL LETTER K WITH LINE BELOW;Lu;0;L;004B 0331;;;;N;;;;1E35; +1E35;LATIN SMALL LETTER K WITH LINE BELOW;Ll;0;L;006B 0331;;;;N;;;1E34;;1E34 +1E36;LATIN CAPITAL LETTER L WITH DOT BELOW;Lu;0;L;004C 0323;;;;N;;;;1E37; +1E37;LATIN SMALL LETTER L WITH DOT BELOW;Ll;0;L;006C 0323;;;;N;;;1E36;;1E36 +1E38;LATIN CAPITAL LETTER L WITH DOT BELOW AND MACRON;Lu;0;L;1E36 0304;;;;N;;;;1E39; +1E39;LATIN SMALL LETTER L WITH DOT BELOW AND MACRON;Ll;0;L;1E37 0304;;;;N;;;1E38;;1E38 +1E3A;LATIN CAPITAL LETTER L WITH LINE BELOW;Lu;0;L;004C 0331;;;;N;;;;1E3B; +1E3B;LATIN SMALL LETTER L WITH LINE BELOW;Ll;0;L;006C 0331;;;;N;;;1E3A;;1E3A +1E3C;LATIN CAPITAL LETTER L WITH CIRCUMFLEX BELOW;Lu;0;L;004C 032D;;;;N;;;;1E3D; +1E3D;LATIN SMALL LETTER L WITH CIRCUMFLEX BELOW;Ll;0;L;006C 032D;;;;N;;;1E3C;;1E3C +1E3E;LATIN CAPITAL LETTER M WITH ACUTE;Lu;0;L;004D 0301;;;;N;;;;1E3F; +1E3F;LATIN SMALL LETTER M WITH ACUTE;Ll;0;L;006D 0301;;;;N;;;1E3E;;1E3E +1E40;LATIN CAPITAL LETTER M WITH DOT ABOVE;Lu;0;L;004D 0307;;;;N;;;;1E41; +1E41;LATIN SMALL LETTER M WITH DOT ABOVE;Ll;0;L;006D 0307;;;;N;;;1E40;;1E40 +1E42;LATIN CAPITAL LETTER M WITH DOT BELOW;Lu;0;L;004D 0323;;;;N;;;;1E43; +1E43;LATIN SMALL LETTER M WITH DOT BELOW;Ll;0;L;006D 0323;;;;N;;;1E42;;1E42 +1E44;LATIN CAPITAL LETTER N WITH DOT ABOVE;Lu;0;L;004E 0307;;;;N;;;;1E45; +1E45;LATIN SMALL LETTER N WITH DOT ABOVE;Ll;0;L;006E 0307;;;;N;;;1E44;;1E44 +1E46;LATIN CAPITAL LETTER N WITH DOT BELOW;Lu;0;L;004E 0323;;;;N;;;;1E47; +1E47;LATIN SMALL LETTER N WITH DOT BELOW;Ll;0;L;006E 0323;;;;N;;;1E46;;1E46 +1E48;LATIN CAPITAL LETTER N WITH LINE BELOW;Lu;0;L;004E 0331;;;;N;;;;1E49; +1E49;LATIN SMALL LETTER N WITH LINE BELOW;Ll;0;L;006E 0331;;;;N;;;1E48;;1E48 +1E4A;LATIN CAPITAL LETTER N WITH CIRCUMFLEX BELOW;Lu;0;L;004E 032D;;;;N;;;;1E4B; +1E4B;LATIN SMALL LETTER N WITH CIRCUMFLEX BELOW;Ll;0;L;006E 032D;;;;N;;;1E4A;;1E4A +1E4C;LATIN CAPITAL LETTER O WITH TILDE AND ACUTE;Lu;0;L;00D5 0301;;;;N;;;;1E4D; +1E4D;LATIN SMALL LETTER O WITH TILDE AND ACUTE;Ll;0;L;00F5 0301;;;;N;;;1E4C;;1E4C +1E4E;LATIN CAPITAL LETTER O WITH TILDE AND DIAERESIS;Lu;0;L;00D5 0308;;;;N;;;;1E4F; +1E4F;LATIN SMALL LETTER O WITH TILDE AND DIAERESIS;Ll;0;L;00F5 0308;;;;N;;;1E4E;;1E4E +1E50;LATIN CAPITAL LETTER O WITH MACRON AND GRAVE;Lu;0;L;014C 0300;;;;N;;;;1E51; +1E51;LATIN SMALL LETTER O WITH MACRON AND GRAVE;Ll;0;L;014D 0300;;;;N;;;1E50;;1E50 +1E52;LATIN CAPITAL LETTER O WITH MACRON AND ACUTE;Lu;0;L;014C 0301;;;;N;;;;1E53; +1E53;LATIN SMALL LETTER O WITH MACRON AND ACUTE;Ll;0;L;014D 0301;;;;N;;;1E52;;1E52 +1E54;LATIN CAPITAL LETTER P WITH ACUTE;Lu;0;L;0050 0301;;;;N;;;;1E55; +1E55;LATIN SMALL LETTER P WITH ACUTE;Ll;0;L;0070 0301;;;;N;;;1E54;;1E54 +1E56;LATIN CAPITAL LETTER P WITH DOT ABOVE;Lu;0;L;0050 0307;;;;N;;;;1E57; +1E57;LATIN SMALL LETTER P WITH DOT ABOVE;Ll;0;L;0070 0307;;;;N;;;1E56;;1E56 +1E58;LATIN CAPITAL LETTER R WITH DOT ABOVE;Lu;0;L;0052 0307;;;;N;;;;1E59; +1E59;LATIN SMALL LETTER R WITH DOT ABOVE;Ll;0;L;0072 0307;;;;N;;;1E58;;1E58 +1E5A;LATIN CAPITAL LETTER R WITH DOT BELOW;Lu;0;L;0052 0323;;;;N;;;;1E5B; +1E5B;LATIN SMALL LETTER R WITH DOT BELOW;Ll;0;L;0072 0323;;;;N;;;1E5A;;1E5A +1E5C;LATIN CAPITAL LETTER R WITH DOT BELOW AND MACRON;Lu;0;L;1E5A 0304;;;;N;;;;1E5D; +1E5D;LATIN SMALL LETTER R WITH DOT BELOW AND MACRON;Ll;0;L;1E5B 0304;;;;N;;;1E5C;;1E5C +1E5E;LATIN CAPITAL LETTER R WITH LINE BELOW;Lu;0;L;0052 0331;;;;N;;;;1E5F; +1E5F;LATIN SMALL LETTER R WITH LINE BELOW;Ll;0;L;0072 0331;;;;N;;;1E5E;;1E5E +1E60;LATIN CAPITAL LETTER S WITH DOT ABOVE;Lu;0;L;0053 0307;;;;N;;;;1E61; +1E61;LATIN SMALL LETTER S WITH DOT ABOVE;Ll;0;L;0073 0307;;;;N;;;1E60;;1E60 +1E62;LATIN CAPITAL LETTER S WITH DOT BELOW;Lu;0;L;0053 0323;;;;N;;;;1E63; +1E63;LATIN SMALL LETTER S WITH DOT BELOW;Ll;0;L;0073 0323;;;;N;;;1E62;;1E62 +1E64;LATIN CAPITAL LETTER S WITH ACUTE AND DOT ABOVE;Lu;0;L;015A 0307;;;;N;;;;1E65; +1E65;LATIN SMALL LETTER S WITH ACUTE AND DOT ABOVE;Ll;0;L;015B 0307;;;;N;;;1E64;;1E64 +1E66;LATIN CAPITAL LETTER S WITH CARON AND DOT ABOVE;Lu;0;L;0160 0307;;;;N;;;;1E67; +1E67;LATIN SMALL LETTER S WITH CARON AND DOT ABOVE;Ll;0;L;0161 0307;;;;N;;;1E66;;1E66 +1E68;LATIN CAPITAL LETTER S WITH DOT BELOW AND DOT ABOVE;Lu;0;L;1E62 0307;;;;N;;;;1E69; +1E69;LATIN SMALL LETTER S WITH DOT BELOW AND DOT ABOVE;Ll;0;L;1E63 0307;;;;N;;;1E68;;1E68 +1E6A;LATIN CAPITAL LETTER T WITH DOT ABOVE;Lu;0;L;0054 0307;;;;N;;;;1E6B; +1E6B;LATIN SMALL LETTER T WITH DOT ABOVE;Ll;0;L;0074 0307;;;;N;;;1E6A;;1E6A +1E6C;LATIN CAPITAL LETTER T WITH DOT BELOW;Lu;0;L;0054 0323;;;;N;;;;1E6D; +1E6D;LATIN SMALL LETTER T WITH DOT BELOW;Ll;0;L;0074 0323;;;;N;;;1E6C;;1E6C +1E6E;LATIN CAPITAL LETTER T WITH LINE BELOW;Lu;0;L;0054 0331;;;;N;;;;1E6F; +1E6F;LATIN SMALL LETTER T WITH LINE BELOW;Ll;0;L;0074 0331;;;;N;;;1E6E;;1E6E +1E70;LATIN CAPITAL LETTER T WITH CIRCUMFLEX BELOW;Lu;0;L;0054 032D;;;;N;;;;1E71; +1E71;LATIN SMALL LETTER T WITH CIRCUMFLEX BELOW;Ll;0;L;0074 032D;;;;N;;;1E70;;1E70 +1E72;LATIN CAPITAL LETTER U WITH DIAERESIS BELOW;Lu;0;L;0055 0324;;;;N;;;;1E73; +1E73;LATIN SMALL LETTER U WITH DIAERESIS BELOW;Ll;0;L;0075 0324;;;;N;;;1E72;;1E72 +1E74;LATIN CAPITAL LETTER U WITH TILDE BELOW;Lu;0;L;0055 0330;;;;N;;;;1E75; +1E75;LATIN SMALL LETTER U WITH TILDE BELOW;Ll;0;L;0075 0330;;;;N;;;1E74;;1E74 +1E76;LATIN CAPITAL LETTER U WITH CIRCUMFLEX BELOW;Lu;0;L;0055 032D;;;;N;;;;1E77; +1E77;LATIN SMALL LETTER U WITH CIRCUMFLEX BELOW;Ll;0;L;0075 032D;;;;N;;;1E76;;1E76 +1E78;LATIN CAPITAL LETTER U WITH TILDE AND ACUTE;Lu;0;L;0168 0301;;;;N;;;;1E79; +1E79;LATIN SMALL LETTER U WITH TILDE AND ACUTE;Ll;0;L;0169 0301;;;;N;;;1E78;;1E78 +1E7A;LATIN CAPITAL LETTER U WITH MACRON AND DIAERESIS;Lu;0;L;016A 0308;;;;N;;;;1E7B; +1E7B;LATIN SMALL LETTER U WITH MACRON AND DIAERESIS;Ll;0;L;016B 0308;;;;N;;;1E7A;;1E7A +1E7C;LATIN CAPITAL LETTER V WITH TILDE;Lu;0;L;0056 0303;;;;N;;;;1E7D; +1E7D;LATIN SMALL LETTER V WITH TILDE;Ll;0;L;0076 0303;;;;N;;;1E7C;;1E7C +1E7E;LATIN CAPITAL LETTER V WITH DOT BELOW;Lu;0;L;0056 0323;;;;N;;;;1E7F; +1E7F;LATIN SMALL LETTER V WITH DOT BELOW;Ll;0;L;0076 0323;;;;N;;;1E7E;;1E7E +1E80;LATIN CAPITAL LETTER W WITH GRAVE;Lu;0;L;0057 0300;;;;N;;;;1E81; +1E81;LATIN SMALL LETTER W WITH GRAVE;Ll;0;L;0077 0300;;;;N;;;1E80;;1E80 +1E82;LATIN CAPITAL LETTER W WITH ACUTE;Lu;0;L;0057 0301;;;;N;;;;1E83; +1E83;LATIN SMALL LETTER W WITH ACUTE;Ll;0;L;0077 0301;;;;N;;;1E82;;1E82 +1E84;LATIN CAPITAL LETTER W WITH DIAERESIS;Lu;0;L;0057 0308;;;;N;;;;1E85; +1E85;LATIN SMALL LETTER W WITH DIAERESIS;Ll;0;L;0077 0308;;;;N;;;1E84;;1E84 +1E86;LATIN CAPITAL LETTER W WITH DOT ABOVE;Lu;0;L;0057 0307;;;;N;;;;1E87; +1E87;LATIN SMALL LETTER W WITH DOT ABOVE;Ll;0;L;0077 0307;;;;N;;;1E86;;1E86 +1E88;LATIN CAPITAL LETTER W WITH DOT BELOW;Lu;0;L;0057 0323;;;;N;;;;1E89; +1E89;LATIN SMALL LETTER W WITH DOT BELOW;Ll;0;L;0077 0323;;;;N;;;1E88;;1E88 +1E8A;LATIN CAPITAL LETTER X WITH DOT ABOVE;Lu;0;L;0058 0307;;;;N;;;;1E8B; +1E8B;LATIN SMALL LETTER X WITH DOT ABOVE;Ll;0;L;0078 0307;;;;N;;;1E8A;;1E8A +1E8C;LATIN CAPITAL LETTER X WITH DIAERESIS;Lu;0;L;0058 0308;;;;N;;;;1E8D; +1E8D;LATIN SMALL LETTER X WITH DIAERESIS;Ll;0;L;0078 0308;;;;N;;;1E8C;;1E8C +1E8E;LATIN CAPITAL LETTER Y WITH DOT ABOVE;Lu;0;L;0059 0307;;;;N;;;;1E8F; +1E8F;LATIN SMALL LETTER Y WITH DOT ABOVE;Ll;0;L;0079 0307;;;;N;;;1E8E;;1E8E +1E90;LATIN CAPITAL LETTER Z WITH CIRCUMFLEX;Lu;0;L;005A 0302;;;;N;;;;1E91; +1E91;LATIN SMALL LETTER Z WITH CIRCUMFLEX;Ll;0;L;007A 0302;;;;N;;;1E90;;1E90 +1E92;LATIN CAPITAL LETTER Z WITH DOT BELOW;Lu;0;L;005A 0323;;;;N;;;;1E93; +1E93;LATIN SMALL LETTER Z WITH DOT BELOW;Ll;0;L;007A 0323;;;;N;;;1E92;;1E92 +1E94;LATIN CAPITAL LETTER Z WITH LINE BELOW;Lu;0;L;005A 0331;;;;N;;;;1E95; +1E95;LATIN SMALL LETTER Z WITH LINE BELOW;Ll;0;L;007A 0331;;;;N;;;1E94;;1E94 +1E96;LATIN SMALL LETTER H WITH LINE BELOW;Ll;0;L;0068 0331;;;;N;;;;; +1E97;LATIN SMALL LETTER T WITH DIAERESIS;Ll;0;L;0074 0308;;;;N;;;;; +1E98;LATIN SMALL LETTER W WITH RING ABOVE;Ll;0;L;0077 030A;;;;N;;;;; +1E99;LATIN SMALL LETTER Y WITH RING ABOVE;Ll;0;L;0079 030A;;;;N;;;;; +1E9A;LATIN SMALL LETTER A WITH RIGHT HALF RING;Ll;0;L; 0061 02BE;;;;N;;;;; +1E9B;LATIN SMALL LETTER LONG S WITH DOT ABOVE;Ll;0;L;017F 0307;;;;N;;;1E60;;1E60 +1EA0;LATIN CAPITAL LETTER A WITH DOT BELOW;Lu;0;L;0041 0323;;;;N;;;;1EA1; +1EA1;LATIN SMALL LETTER A WITH DOT BELOW;Ll;0;L;0061 0323;;;;N;;;1EA0;;1EA0 +1EA2;LATIN CAPITAL LETTER A WITH HOOK ABOVE;Lu;0;L;0041 0309;;;;N;;;;1EA3; +1EA3;LATIN SMALL LETTER A WITH HOOK ABOVE;Ll;0;L;0061 0309;;;;N;;;1EA2;;1EA2 +1EA4;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00C2 0301;;;;N;;;;1EA5; +1EA5;LATIN SMALL LETTER A WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00E2 0301;;;;N;;;1EA4;;1EA4 +1EA6;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00C2 0300;;;;N;;;;1EA7; +1EA7;LATIN SMALL LETTER A WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00E2 0300;;;;N;;;1EA6;;1EA6 +1EA8;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00C2 0309;;;;N;;;;1EA9; +1EA9;LATIN SMALL LETTER A WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00E2 0309;;;;N;;;1EA8;;1EA8 +1EAA;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND TILDE;Lu;0;L;00C2 0303;;;;N;;;;1EAB; +1EAB;LATIN SMALL LETTER A WITH CIRCUMFLEX AND TILDE;Ll;0;L;00E2 0303;;;;N;;;1EAA;;1EAA +1EAC;LATIN CAPITAL LETTER A WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1EA0 0302;;;;N;;;;1EAD; +1EAD;LATIN SMALL LETTER A WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1EA1 0302;;;;N;;;1EAC;;1EAC +1EAE;LATIN CAPITAL LETTER A WITH BREVE AND ACUTE;Lu;0;L;0102 0301;;;;N;;;;1EAF; +1EAF;LATIN SMALL LETTER A WITH BREVE AND ACUTE;Ll;0;L;0103 0301;;;;N;;;1EAE;;1EAE +1EB0;LATIN CAPITAL LETTER A WITH BREVE AND GRAVE;Lu;0;L;0102 0300;;;;N;;;;1EB1; +1EB1;LATIN SMALL LETTER A WITH BREVE AND GRAVE;Ll;0;L;0103 0300;;;;N;;;1EB0;;1EB0 +1EB2;LATIN CAPITAL LETTER A WITH BREVE AND HOOK ABOVE;Lu;0;L;0102 0309;;;;N;;;;1EB3; +1EB3;LATIN SMALL LETTER A WITH BREVE AND HOOK ABOVE;Ll;0;L;0103 0309;;;;N;;;1EB2;;1EB2 +1EB4;LATIN CAPITAL LETTER A WITH BREVE AND TILDE;Lu;0;L;0102 0303;;;;N;;;;1EB5; +1EB5;LATIN SMALL LETTER A WITH BREVE AND TILDE;Ll;0;L;0103 0303;;;;N;;;1EB4;;1EB4 +1EB6;LATIN CAPITAL LETTER A WITH BREVE AND DOT BELOW;Lu;0;L;1EA0 0306;;;;N;;;;1EB7; +1EB7;LATIN SMALL LETTER A WITH BREVE AND DOT BELOW;Ll;0;L;1EA1 0306;;;;N;;;1EB6;;1EB6 +1EB8;LATIN CAPITAL LETTER E WITH DOT BELOW;Lu;0;L;0045 0323;;;;N;;;;1EB9; +1EB9;LATIN SMALL LETTER E WITH DOT BELOW;Ll;0;L;0065 0323;;;;N;;;1EB8;;1EB8 +1EBA;LATIN CAPITAL LETTER E WITH HOOK ABOVE;Lu;0;L;0045 0309;;;;N;;;;1EBB; +1EBB;LATIN SMALL LETTER E WITH HOOK ABOVE;Ll;0;L;0065 0309;;;;N;;;1EBA;;1EBA +1EBC;LATIN CAPITAL LETTER E WITH TILDE;Lu;0;L;0045 0303;;;;N;;;;1EBD; +1EBD;LATIN SMALL LETTER E WITH TILDE;Ll;0;L;0065 0303;;;;N;;;1EBC;;1EBC +1EBE;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00CA 0301;;;;N;;;;1EBF; +1EBF;LATIN SMALL LETTER E WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00EA 0301;;;;N;;;1EBE;;1EBE +1EC0;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00CA 0300;;;;N;;;;1EC1; +1EC1;LATIN SMALL LETTER E WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00EA 0300;;;;N;;;1EC0;;1EC0 +1EC2;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00CA 0309;;;;N;;;;1EC3; +1EC3;LATIN SMALL LETTER E WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00EA 0309;;;;N;;;1EC2;;1EC2 +1EC4;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND TILDE;Lu;0;L;00CA 0303;;;;N;;;;1EC5; +1EC5;LATIN SMALL LETTER E WITH CIRCUMFLEX AND TILDE;Ll;0;L;00EA 0303;;;;N;;;1EC4;;1EC4 +1EC6;LATIN CAPITAL LETTER E WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1EB8 0302;;;;N;;;;1EC7; +1EC7;LATIN SMALL LETTER E WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1EB9 0302;;;;N;;;1EC6;;1EC6 +1EC8;LATIN CAPITAL LETTER I WITH HOOK ABOVE;Lu;0;L;0049 0309;;;;N;;;;1EC9; +1EC9;LATIN SMALL LETTER I WITH HOOK ABOVE;Ll;0;L;0069 0309;;;;N;;;1EC8;;1EC8 +1ECA;LATIN CAPITAL LETTER I WITH DOT BELOW;Lu;0;L;0049 0323;;;;N;;;;1ECB; +1ECB;LATIN SMALL LETTER I WITH DOT BELOW;Ll;0;L;0069 0323;;;;N;;;1ECA;;1ECA +1ECC;LATIN CAPITAL LETTER O WITH DOT BELOW;Lu;0;L;004F 0323;;;;N;;;;1ECD; +1ECD;LATIN SMALL LETTER O WITH DOT BELOW;Ll;0;L;006F 0323;;;;N;;;1ECC;;1ECC +1ECE;LATIN CAPITAL LETTER O WITH HOOK ABOVE;Lu;0;L;004F 0309;;;;N;;;;1ECF; +1ECF;LATIN SMALL LETTER O WITH HOOK ABOVE;Ll;0;L;006F 0309;;;;N;;;1ECE;;1ECE +1ED0;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND ACUTE;Lu;0;L;00D4 0301;;;;N;;;;1ED1; +1ED1;LATIN SMALL LETTER O WITH CIRCUMFLEX AND ACUTE;Ll;0;L;00F4 0301;;;;N;;;1ED0;;1ED0 +1ED2;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND GRAVE;Lu;0;L;00D4 0300;;;;N;;;;1ED3; +1ED3;LATIN SMALL LETTER O WITH CIRCUMFLEX AND GRAVE;Ll;0;L;00F4 0300;;;;N;;;1ED2;;1ED2 +1ED4;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE;Lu;0;L;00D4 0309;;;;N;;;;1ED5; +1ED5;LATIN SMALL LETTER O WITH CIRCUMFLEX AND HOOK ABOVE;Ll;0;L;00F4 0309;;;;N;;;1ED4;;1ED4 +1ED6;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND TILDE;Lu;0;L;00D4 0303;;;;N;;;;1ED7; +1ED7;LATIN SMALL LETTER O WITH CIRCUMFLEX AND TILDE;Ll;0;L;00F4 0303;;;;N;;;1ED6;;1ED6 +1ED8;LATIN CAPITAL LETTER O WITH CIRCUMFLEX AND DOT BELOW;Lu;0;L;1ECC 0302;;;;N;;;;1ED9; +1ED9;LATIN SMALL LETTER O WITH CIRCUMFLEX AND DOT BELOW;Ll;0;L;1ECD 0302;;;;N;;;1ED8;;1ED8 +1EDA;LATIN CAPITAL LETTER O WITH HORN AND ACUTE;Lu;0;L;01A0 0301;;;;N;;;;1EDB; +1EDB;LATIN SMALL LETTER O WITH HORN AND ACUTE;Ll;0;L;01A1 0301;;;;N;;;1EDA;;1EDA +1EDC;LATIN CAPITAL LETTER O WITH HORN AND GRAVE;Lu;0;L;01A0 0300;;;;N;;;;1EDD; +1EDD;LATIN SMALL LETTER O WITH HORN AND GRAVE;Ll;0;L;01A1 0300;;;;N;;;1EDC;;1EDC +1EDE;LATIN CAPITAL LETTER O WITH HORN AND HOOK ABOVE;Lu;0;L;01A0 0309;;;;N;;;;1EDF; +1EDF;LATIN SMALL LETTER O WITH HORN AND HOOK ABOVE;Ll;0;L;01A1 0309;;;;N;;;1EDE;;1EDE +1EE0;LATIN CAPITAL LETTER O WITH HORN AND TILDE;Lu;0;L;01A0 0303;;;;N;;;;1EE1; +1EE1;LATIN SMALL LETTER O WITH HORN AND TILDE;Ll;0;L;01A1 0303;;;;N;;;1EE0;;1EE0 +1EE2;LATIN CAPITAL LETTER O WITH HORN AND DOT BELOW;Lu;0;L;01A0 0323;;;;N;;;;1EE3; +1EE3;LATIN SMALL LETTER O WITH HORN AND DOT BELOW;Ll;0;L;01A1 0323;;;;N;;;1EE2;;1EE2 +1EE4;LATIN CAPITAL LETTER U WITH DOT BELOW;Lu;0;L;0055 0323;;;;N;;;;1EE5; +1EE5;LATIN SMALL LETTER U WITH DOT BELOW;Ll;0;L;0075 0323;;;;N;;;1EE4;;1EE4 +1EE6;LATIN CAPITAL LETTER U WITH HOOK ABOVE;Lu;0;L;0055 0309;;;;N;;;;1EE7; +1EE7;LATIN SMALL LETTER U WITH HOOK ABOVE;Ll;0;L;0075 0309;;;;N;;;1EE6;;1EE6 +1EE8;LATIN CAPITAL LETTER U WITH HORN AND ACUTE;Lu;0;L;01AF 0301;;;;N;;;;1EE9; +1EE9;LATIN SMALL LETTER U WITH HORN AND ACUTE;Ll;0;L;01B0 0301;;;;N;;;1EE8;;1EE8 +1EEA;LATIN CAPITAL LETTER U WITH HORN AND GRAVE;Lu;0;L;01AF 0300;;;;N;;;;1EEB; +1EEB;LATIN SMALL LETTER U WITH HORN AND GRAVE;Ll;0;L;01B0 0300;;;;N;;;1EEA;;1EEA +1EEC;LATIN CAPITAL LETTER U WITH HORN AND HOOK ABOVE;Lu;0;L;01AF 0309;;;;N;;;;1EED; +1EED;LATIN SMALL LETTER U WITH HORN AND HOOK ABOVE;Ll;0;L;01B0 0309;;;;N;;;1EEC;;1EEC +1EEE;LATIN CAPITAL LETTER U WITH HORN AND TILDE;Lu;0;L;01AF 0303;;;;N;;;;1EEF; +1EEF;LATIN SMALL LETTER U WITH HORN AND TILDE;Ll;0;L;01B0 0303;;;;N;;;1EEE;;1EEE +1EF0;LATIN CAPITAL LETTER U WITH HORN AND DOT BELOW;Lu;0;L;01AF 0323;;;;N;;;;1EF1; +1EF1;LATIN SMALL LETTER U WITH HORN AND DOT BELOW;Ll;0;L;01B0 0323;;;;N;;;1EF0;;1EF0 +1EF2;LATIN CAPITAL LETTER Y WITH GRAVE;Lu;0;L;0059 0300;;;;N;;;;1EF3; +1EF3;LATIN SMALL LETTER Y WITH GRAVE;Ll;0;L;0079 0300;;;;N;;;1EF2;;1EF2 +1EF4;LATIN CAPITAL LETTER Y WITH DOT BELOW;Lu;0;L;0059 0323;;;;N;;;;1EF5; +1EF5;LATIN SMALL LETTER Y WITH DOT BELOW;Ll;0;L;0079 0323;;;;N;;;1EF4;;1EF4 +1EF6;LATIN CAPITAL LETTER Y WITH HOOK ABOVE;Lu;0;L;0059 0309;;;;N;;;;1EF7; +1EF7;LATIN SMALL LETTER Y WITH HOOK ABOVE;Ll;0;L;0079 0309;;;;N;;;1EF6;;1EF6 +1EF8;LATIN CAPITAL LETTER Y WITH TILDE;Lu;0;L;0059 0303;;;;N;;;;1EF9; +1EF9;LATIN SMALL LETTER Y WITH TILDE;Ll;0;L;0079 0303;;;;N;;;1EF8;;1EF8 +1F00;GREEK SMALL LETTER ALPHA WITH PSILI;Ll;0;L;03B1 0313;;;;N;;;1F08;;1F08 +1F01;GREEK SMALL LETTER ALPHA WITH DASIA;Ll;0;L;03B1 0314;;;;N;;;1F09;;1F09 +1F02;GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA;Ll;0;L;1F00 0300;;;;N;;;1F0A;;1F0A +1F03;GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA;Ll;0;L;1F01 0300;;;;N;;;1F0B;;1F0B +1F04;GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA;Ll;0;L;1F00 0301;;;;N;;;1F0C;;1F0C +1F05;GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA;Ll;0;L;1F01 0301;;;;N;;;1F0D;;1F0D +1F06;GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI;Ll;0;L;1F00 0342;;;;N;;;1F0E;;1F0E +1F07;GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI;Ll;0;L;1F01 0342;;;;N;;;1F0F;;1F0F +1F08;GREEK CAPITAL LETTER ALPHA WITH PSILI;Lu;0;L;0391 0313;;;;N;;;;1F00; +1F09;GREEK CAPITAL LETTER ALPHA WITH DASIA;Lu;0;L;0391 0314;;;;N;;;;1F01; +1F0A;GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA;Lu;0;L;1F08 0300;;;;N;;;;1F02; +1F0B;GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA;Lu;0;L;1F09 0300;;;;N;;;;1F03; +1F0C;GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA;Lu;0;L;1F08 0301;;;;N;;;;1F04; +1F0D;GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA;Lu;0;L;1F09 0301;;;;N;;;;1F05; +1F0E;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI;Lu;0;L;1F08 0342;;;;N;;;;1F06; +1F0F;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI;Lu;0;L;1F09 0342;;;;N;;;;1F07; +1F10;GREEK SMALL LETTER EPSILON WITH PSILI;Ll;0;L;03B5 0313;;;;N;;;1F18;;1F18 +1F11;GREEK SMALL LETTER EPSILON WITH DASIA;Ll;0;L;03B5 0314;;;;N;;;1F19;;1F19 +1F12;GREEK SMALL LETTER EPSILON WITH PSILI AND VARIA;Ll;0;L;1F10 0300;;;;N;;;1F1A;;1F1A +1F13;GREEK SMALL LETTER EPSILON WITH DASIA AND VARIA;Ll;0;L;1F11 0300;;;;N;;;1F1B;;1F1B +1F14;GREEK SMALL LETTER EPSILON WITH PSILI AND OXIA;Ll;0;L;1F10 0301;;;;N;;;1F1C;;1F1C +1F15;GREEK SMALL LETTER EPSILON WITH DASIA AND OXIA;Ll;0;L;1F11 0301;;;;N;;;1F1D;;1F1D +1F18;GREEK CAPITAL LETTER EPSILON WITH PSILI;Lu;0;L;0395 0313;;;;N;;;;1F10; +1F19;GREEK CAPITAL LETTER EPSILON WITH DASIA;Lu;0;L;0395 0314;;;;N;;;;1F11; +1F1A;GREEK CAPITAL LETTER EPSILON WITH PSILI AND VARIA;Lu;0;L;1F18 0300;;;;N;;;;1F12; +1F1B;GREEK CAPITAL LETTER EPSILON WITH DASIA AND VARIA;Lu;0;L;1F19 0300;;;;N;;;;1F13; +1F1C;GREEK CAPITAL LETTER EPSILON WITH PSILI AND OXIA;Lu;0;L;1F18 0301;;;;N;;;;1F14; +1F1D;GREEK CAPITAL LETTER EPSILON WITH DASIA AND OXIA;Lu;0;L;1F19 0301;;;;N;;;;1F15; +1F20;GREEK SMALL LETTER ETA WITH PSILI;Ll;0;L;03B7 0313;;;;N;;;1F28;;1F28 +1F21;GREEK SMALL LETTER ETA WITH DASIA;Ll;0;L;03B7 0314;;;;N;;;1F29;;1F29 +1F22;GREEK SMALL LETTER ETA WITH PSILI AND VARIA;Ll;0;L;1F20 0300;;;;N;;;1F2A;;1F2A +1F23;GREEK SMALL LETTER ETA WITH DASIA AND VARIA;Ll;0;L;1F21 0300;;;;N;;;1F2B;;1F2B +1F24;GREEK SMALL LETTER ETA WITH PSILI AND OXIA;Ll;0;L;1F20 0301;;;;N;;;1F2C;;1F2C +1F25;GREEK SMALL LETTER ETA WITH DASIA AND OXIA;Ll;0;L;1F21 0301;;;;N;;;1F2D;;1F2D +1F26;GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI;Ll;0;L;1F20 0342;;;;N;;;1F2E;;1F2E +1F27;GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI;Ll;0;L;1F21 0342;;;;N;;;1F2F;;1F2F +1F28;GREEK CAPITAL LETTER ETA WITH PSILI;Lu;0;L;0397 0313;;;;N;;;;1F20; +1F29;GREEK CAPITAL LETTER ETA WITH DASIA;Lu;0;L;0397 0314;;;;N;;;;1F21; +1F2A;GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA;Lu;0;L;1F28 0300;;;;N;;;;1F22; +1F2B;GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA;Lu;0;L;1F29 0300;;;;N;;;;1F23; +1F2C;GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA;Lu;0;L;1F28 0301;;;;N;;;;1F24; +1F2D;GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA;Lu;0;L;1F29 0301;;;;N;;;;1F25; +1F2E;GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI;Lu;0;L;1F28 0342;;;;N;;;;1F26; +1F2F;GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI;Lu;0;L;1F29 0342;;;;N;;;;1F27; +1F30;GREEK SMALL LETTER IOTA WITH PSILI;Ll;0;L;03B9 0313;;;;N;;;1F38;;1F38 +1F31;GREEK SMALL LETTER IOTA WITH DASIA;Ll;0;L;03B9 0314;;;;N;;;1F39;;1F39 +1F32;GREEK SMALL LETTER IOTA WITH PSILI AND VARIA;Ll;0;L;1F30 0300;;;;N;;;1F3A;;1F3A +1F33;GREEK SMALL LETTER IOTA WITH DASIA AND VARIA;Ll;0;L;1F31 0300;;;;N;;;1F3B;;1F3B +1F34;GREEK SMALL LETTER IOTA WITH PSILI AND OXIA;Ll;0;L;1F30 0301;;;;N;;;1F3C;;1F3C +1F35;GREEK SMALL LETTER IOTA WITH DASIA AND OXIA;Ll;0;L;1F31 0301;;;;N;;;1F3D;;1F3D +1F36;GREEK SMALL LETTER IOTA WITH PSILI AND PERISPOMENI;Ll;0;L;1F30 0342;;;;N;;;1F3E;;1F3E +1F37;GREEK SMALL LETTER IOTA WITH DASIA AND PERISPOMENI;Ll;0;L;1F31 0342;;;;N;;;1F3F;;1F3F +1F38;GREEK CAPITAL LETTER IOTA WITH PSILI;Lu;0;L;0399 0313;;;;N;;;;1F30; +1F39;GREEK CAPITAL LETTER IOTA WITH DASIA;Lu;0;L;0399 0314;;;;N;;;;1F31; +1F3A;GREEK CAPITAL LETTER IOTA WITH PSILI AND VARIA;Lu;0;L;1F38 0300;;;;N;;;;1F32; +1F3B;GREEK CAPITAL LETTER IOTA WITH DASIA AND VARIA;Lu;0;L;1F39 0300;;;;N;;;;1F33; +1F3C;GREEK CAPITAL LETTER IOTA WITH PSILI AND OXIA;Lu;0;L;1F38 0301;;;;N;;;;1F34; +1F3D;GREEK CAPITAL LETTER IOTA WITH DASIA AND OXIA;Lu;0;L;1F39 0301;;;;N;;;;1F35; +1F3E;GREEK CAPITAL LETTER IOTA WITH PSILI AND PERISPOMENI;Lu;0;L;1F38 0342;;;;N;;;;1F36; +1F3F;GREEK CAPITAL LETTER IOTA WITH DASIA AND PERISPOMENI;Lu;0;L;1F39 0342;;;;N;;;;1F37; +1F40;GREEK SMALL LETTER OMICRON WITH PSILI;Ll;0;L;03BF 0313;;;;N;;;1F48;;1F48 +1F41;GREEK SMALL LETTER OMICRON WITH DASIA;Ll;0;L;03BF 0314;;;;N;;;1F49;;1F49 +1F42;GREEK SMALL LETTER OMICRON WITH PSILI AND VARIA;Ll;0;L;1F40 0300;;;;N;;;1F4A;;1F4A +1F43;GREEK SMALL LETTER OMICRON WITH DASIA AND VARIA;Ll;0;L;1F41 0300;;;;N;;;1F4B;;1F4B +1F44;GREEK SMALL LETTER OMICRON WITH PSILI AND OXIA;Ll;0;L;1F40 0301;;;;N;;;1F4C;;1F4C +1F45;GREEK SMALL LETTER OMICRON WITH DASIA AND OXIA;Ll;0;L;1F41 0301;;;;N;;;1F4D;;1F4D +1F48;GREEK CAPITAL LETTER OMICRON WITH PSILI;Lu;0;L;039F 0313;;;;N;;;;1F40; +1F49;GREEK CAPITAL LETTER OMICRON WITH DASIA;Lu;0;L;039F 0314;;;;N;;;;1F41; +1F4A;GREEK CAPITAL LETTER OMICRON WITH PSILI AND VARIA;Lu;0;L;1F48 0300;;;;N;;;;1F42; +1F4B;GREEK CAPITAL LETTER OMICRON WITH DASIA AND VARIA;Lu;0;L;1F49 0300;;;;N;;;;1F43; +1F4C;GREEK CAPITAL LETTER OMICRON WITH PSILI AND OXIA;Lu;0;L;1F48 0301;;;;N;;;;1F44; +1F4D;GREEK CAPITAL LETTER OMICRON WITH DASIA AND OXIA;Lu;0;L;1F49 0301;;;;N;;;;1F45; +1F50;GREEK SMALL LETTER UPSILON WITH PSILI;Ll;0;L;03C5 0313;;;;N;;;;; +1F51;GREEK SMALL LETTER UPSILON WITH DASIA;Ll;0;L;03C5 0314;;;;N;;;1F59;;1F59 +1F52;GREEK SMALL LETTER UPSILON WITH PSILI AND VARIA;Ll;0;L;1F50 0300;;;;N;;;;; +1F53;GREEK SMALL LETTER UPSILON WITH DASIA AND VARIA;Ll;0;L;1F51 0300;;;;N;;;1F5B;;1F5B +1F54;GREEK SMALL LETTER UPSILON WITH PSILI AND OXIA;Ll;0;L;1F50 0301;;;;N;;;;; +1F55;GREEK SMALL LETTER UPSILON WITH DASIA AND OXIA;Ll;0;L;1F51 0301;;;;N;;;1F5D;;1F5D +1F56;GREEK SMALL LETTER UPSILON WITH PSILI AND PERISPOMENI;Ll;0;L;1F50 0342;;;;N;;;;; +1F57;GREEK SMALL LETTER UPSILON WITH DASIA AND PERISPOMENI;Ll;0;L;1F51 0342;;;;N;;;1F5F;;1F5F +1F59;GREEK CAPITAL LETTER UPSILON WITH DASIA;Lu;0;L;03A5 0314;;;;N;;;;1F51; +1F5B;GREEK CAPITAL LETTER UPSILON WITH DASIA AND VARIA;Lu;0;L;1F59 0300;;;;N;;;;1F53; +1F5D;GREEK CAPITAL LETTER UPSILON WITH DASIA AND OXIA;Lu;0;L;1F59 0301;;;;N;;;;1F55; +1F5F;GREEK CAPITAL LETTER UPSILON WITH DASIA AND PERISPOMENI;Lu;0;L;1F59 0342;;;;N;;;;1F57; +1F60;GREEK SMALL LETTER OMEGA WITH PSILI;Ll;0;L;03C9 0313;;;;N;;;1F68;;1F68 +1F61;GREEK SMALL LETTER OMEGA WITH DASIA;Ll;0;L;03C9 0314;;;;N;;;1F69;;1F69 +1F62;GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA;Ll;0;L;1F60 0300;;;;N;;;1F6A;;1F6A +1F63;GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA;Ll;0;L;1F61 0300;;;;N;;;1F6B;;1F6B +1F64;GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA;Ll;0;L;1F60 0301;;;;N;;;1F6C;;1F6C +1F65;GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA;Ll;0;L;1F61 0301;;;;N;;;1F6D;;1F6D +1F66;GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI;Ll;0;L;1F60 0342;;;;N;;;1F6E;;1F6E +1F67;GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI;Ll;0;L;1F61 0342;;;;N;;;1F6F;;1F6F +1F68;GREEK CAPITAL LETTER OMEGA WITH PSILI;Lu;0;L;03A9 0313;;;;N;;;;1F60; +1F69;GREEK CAPITAL LETTER OMEGA WITH DASIA;Lu;0;L;03A9 0314;;;;N;;;;1F61; +1F6A;GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA;Lu;0;L;1F68 0300;;;;N;;;;1F62; +1F6B;GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA;Lu;0;L;1F69 0300;;;;N;;;;1F63; +1F6C;GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA;Lu;0;L;1F68 0301;;;;N;;;;1F64; +1F6D;GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA;Lu;0;L;1F69 0301;;;;N;;;;1F65; +1F6E;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI;Lu;0;L;1F68 0342;;;;N;;;;1F66; +1F6F;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI;Lu;0;L;1F69 0342;;;;N;;;;1F67; +1F70;GREEK SMALL LETTER ALPHA WITH VARIA;Ll;0;L;03B1 0300;;;;N;;;1FBA;;1FBA +1F71;GREEK SMALL LETTER ALPHA WITH OXIA;Ll;0;L;03AC;;;;N;;;1FBB;;1FBB +1F72;GREEK SMALL LETTER EPSILON WITH VARIA;Ll;0;L;03B5 0300;;;;N;;;1FC8;;1FC8 +1F73;GREEK SMALL LETTER EPSILON WITH OXIA;Ll;0;L;03AD;;;;N;;;1FC9;;1FC9 +1F74;GREEK SMALL LETTER ETA WITH VARIA;Ll;0;L;03B7 0300;;;;N;;;1FCA;;1FCA +1F75;GREEK SMALL LETTER ETA WITH OXIA;Ll;0;L;03AE;;;;N;;;1FCB;;1FCB +1F76;GREEK SMALL LETTER IOTA WITH VARIA;Ll;0;L;03B9 0300;;;;N;;;1FDA;;1FDA +1F77;GREEK SMALL LETTER IOTA WITH OXIA;Ll;0;L;03AF;;;;N;;;1FDB;;1FDB +1F78;GREEK SMALL LETTER OMICRON WITH VARIA;Ll;0;L;03BF 0300;;;;N;;;1FF8;;1FF8 +1F79;GREEK SMALL LETTER OMICRON WITH OXIA;Ll;0;L;03CC;;;;N;;;1FF9;;1FF9 +1F7A;GREEK SMALL LETTER UPSILON WITH VARIA;Ll;0;L;03C5 0300;;;;N;;;1FEA;;1FEA +1F7B;GREEK SMALL LETTER UPSILON WITH OXIA;Ll;0;L;03CD;;;;N;;;1FEB;;1FEB +1F7C;GREEK SMALL LETTER OMEGA WITH VARIA;Ll;0;L;03C9 0300;;;;N;;;1FFA;;1FFA +1F7D;GREEK SMALL LETTER OMEGA WITH OXIA;Ll;0;L;03CE;;;;N;;;1FFB;;1FFB +1F80;GREEK SMALL LETTER ALPHA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F00 0345;;;;N;;;1F88;;1F88 +1F81;GREEK SMALL LETTER ALPHA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F01 0345;;;;N;;;1F89;;1F89 +1F82;GREEK SMALL LETTER ALPHA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F02 0345;;;;N;;;1F8A;;1F8A +1F83;GREEK SMALL LETTER ALPHA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F03 0345;;;;N;;;1F8B;;1F8B +1F84;GREEK SMALL LETTER ALPHA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F04 0345;;;;N;;;1F8C;;1F8C +1F85;GREEK SMALL LETTER ALPHA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F05 0345;;;;N;;;1F8D;;1F8D +1F86;GREEK SMALL LETTER ALPHA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F06 0345;;;;N;;;1F8E;;1F8E +1F87;GREEK SMALL LETTER ALPHA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F07 0345;;;;N;;;1F8F;;1F8F +1F88;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F08 0345;;;;N;;;;1F80; +1F89;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F09 0345;;;;N;;;;1F81; +1F8A;GREEK CAPITAL LETTER ALPHA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F0A 0345;;;;N;;;;1F82; +1F8B;GREEK CAPITAL LETTER ALPHA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F0B 0345;;;;N;;;;1F83; +1F8C;GREEK CAPITAL LETTER ALPHA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F0C 0345;;;;N;;;;1F84; +1F8D;GREEK CAPITAL LETTER ALPHA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F0D 0345;;;;N;;;;1F85; +1F8E;GREEK CAPITAL LETTER ALPHA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F0E 0345;;;;N;;;;1F86; +1F8F;GREEK CAPITAL LETTER ALPHA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F0F 0345;;;;N;;;;1F87; +1F90;GREEK SMALL LETTER ETA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F20 0345;;;;N;;;1F98;;1F98 +1F91;GREEK SMALL LETTER ETA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F21 0345;;;;N;;;1F99;;1F99 +1F92;GREEK SMALL LETTER ETA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F22 0345;;;;N;;;1F9A;;1F9A +1F93;GREEK SMALL LETTER ETA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F23 0345;;;;N;;;1F9B;;1F9B +1F94;GREEK SMALL LETTER ETA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F24 0345;;;;N;;;1F9C;;1F9C +1F95;GREEK SMALL LETTER ETA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F25 0345;;;;N;;;1F9D;;1F9D +1F96;GREEK SMALL LETTER ETA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F26 0345;;;;N;;;1F9E;;1F9E +1F97;GREEK SMALL LETTER ETA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F27 0345;;;;N;;;1F9F;;1F9F +1F98;GREEK CAPITAL LETTER ETA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F28 0345;;;;N;;;;1F90; +1F99;GREEK CAPITAL LETTER ETA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F29 0345;;;;N;;;;1F91; +1F9A;GREEK CAPITAL LETTER ETA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F2A 0345;;;;N;;;;1F92; +1F9B;GREEK CAPITAL LETTER ETA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F2B 0345;;;;N;;;;1F93; +1F9C;GREEK CAPITAL LETTER ETA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F2C 0345;;;;N;;;;1F94; +1F9D;GREEK CAPITAL LETTER ETA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F2D 0345;;;;N;;;;1F95; +1F9E;GREEK CAPITAL LETTER ETA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F2E 0345;;;;N;;;;1F96; +1F9F;GREEK CAPITAL LETTER ETA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F2F 0345;;;;N;;;;1F97; +1FA0;GREEK SMALL LETTER OMEGA WITH PSILI AND YPOGEGRAMMENI;Ll;0;L;1F60 0345;;;;N;;;1FA8;;1FA8 +1FA1;GREEK SMALL LETTER OMEGA WITH DASIA AND YPOGEGRAMMENI;Ll;0;L;1F61 0345;;;;N;;;1FA9;;1FA9 +1FA2;GREEK SMALL LETTER OMEGA WITH PSILI AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F62 0345;;;;N;;;1FAA;;1FAA +1FA3;GREEK SMALL LETTER OMEGA WITH DASIA AND VARIA AND YPOGEGRAMMENI;Ll;0;L;1F63 0345;;;;N;;;1FAB;;1FAB +1FA4;GREEK SMALL LETTER OMEGA WITH PSILI AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F64 0345;;;;N;;;1FAC;;1FAC +1FA5;GREEK SMALL LETTER OMEGA WITH DASIA AND OXIA AND YPOGEGRAMMENI;Ll;0;L;1F65 0345;;;;N;;;1FAD;;1FAD +1FA6;GREEK SMALL LETTER OMEGA WITH PSILI AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F66 0345;;;;N;;;1FAE;;1FAE +1FA7;GREEK SMALL LETTER OMEGA WITH DASIA AND PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1F67 0345;;;;N;;;1FAF;;1FAF +1FA8;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PROSGEGRAMMENI;Lt;0;L;1F68 0345;;;;N;;;;1FA0; +1FA9;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PROSGEGRAMMENI;Lt;0;L;1F69 0345;;;;N;;;;1FA1; +1FAA;GREEK CAPITAL LETTER OMEGA WITH PSILI AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F6A 0345;;;;N;;;;1FA2; +1FAB;GREEK CAPITAL LETTER OMEGA WITH DASIA AND VARIA AND PROSGEGRAMMENI;Lt;0;L;1F6B 0345;;;;N;;;;1FA3; +1FAC;GREEK CAPITAL LETTER OMEGA WITH PSILI AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F6C 0345;;;;N;;;;1FA4; +1FAD;GREEK CAPITAL LETTER OMEGA WITH DASIA AND OXIA AND PROSGEGRAMMENI;Lt;0;L;1F6D 0345;;;;N;;;;1FA5; +1FAE;GREEK CAPITAL LETTER OMEGA WITH PSILI AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F6E 0345;;;;N;;;;1FA6; +1FAF;GREEK CAPITAL LETTER OMEGA WITH DASIA AND PERISPOMENI AND PROSGEGRAMMENI;Lt;0;L;1F6F 0345;;;;N;;;;1FA7; +1FB0;GREEK SMALL LETTER ALPHA WITH VRACHY;Ll;0;L;03B1 0306;;;;N;;;1FB8;;1FB8 +1FB1;GREEK SMALL LETTER ALPHA WITH MACRON;Ll;0;L;03B1 0304;;;;N;;;1FB9;;1FB9 +1FB2;GREEK SMALL LETTER ALPHA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F70 0345;;;;N;;;;; +1FB3;GREEK SMALL LETTER ALPHA WITH YPOGEGRAMMENI;Ll;0;L;03B1 0345;;;;N;;;1FBC;;1FBC +1FB4;GREEK SMALL LETTER ALPHA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03AC 0345;;;;N;;;;; +1FB6;GREEK SMALL LETTER ALPHA WITH PERISPOMENI;Ll;0;L;03B1 0342;;;;N;;;;; +1FB7;GREEK SMALL LETTER ALPHA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FB6 0345;;;;N;;;;; +1FB8;GREEK CAPITAL LETTER ALPHA WITH VRACHY;Lu;0;L;0391 0306;;;;N;;;;1FB0; +1FB9;GREEK CAPITAL LETTER ALPHA WITH MACRON;Lu;0;L;0391 0304;;;;N;;;;1FB1; +1FBA;GREEK CAPITAL LETTER ALPHA WITH VARIA;Lu;0;L;0391 0300;;;;N;;;;1F70; +1FBB;GREEK CAPITAL LETTER ALPHA WITH OXIA;Lu;0;L;0386;;;;N;;;;1F71; +1FBC;GREEK CAPITAL LETTER ALPHA WITH PROSGEGRAMMENI;Lt;0;L;0391 0345;;;;N;;;;1FB3; +1FBD;GREEK KORONIS;Sk;0;ON; 0020 0313;;;;N;;;;; +1FBE;GREEK PROSGEGRAMMENI;Ll;0;L;03B9;;;;N;;;0399;;0399 +1FBF;GREEK PSILI;Sk;0;ON; 0020 0313;;;;N;;;;; +1FC0;GREEK PERISPOMENI;Sk;0;ON; 0020 0342;;;;N;;;;; +1FC1;GREEK DIALYTIKA AND PERISPOMENI;Sk;0;ON;00A8 0342;;;;N;;;;; +1FC2;GREEK SMALL LETTER ETA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F74 0345;;;;N;;;;; +1FC3;GREEK SMALL LETTER ETA WITH YPOGEGRAMMENI;Ll;0;L;03B7 0345;;;;N;;;1FCC;;1FCC +1FC4;GREEK SMALL LETTER ETA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03AE 0345;;;;N;;;;; +1FC6;GREEK SMALL LETTER ETA WITH PERISPOMENI;Ll;0;L;03B7 0342;;;;N;;;;; +1FC7;GREEK SMALL LETTER ETA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FC6 0345;;;;N;;;;; +1FC8;GREEK CAPITAL LETTER EPSILON WITH VARIA;Lu;0;L;0395 0300;;;;N;;;;1F72; +1FC9;GREEK CAPITAL LETTER EPSILON WITH OXIA;Lu;0;L;0388;;;;N;;;;1F73; +1FCA;GREEK CAPITAL LETTER ETA WITH VARIA;Lu;0;L;0397 0300;;;;N;;;;1F74; +1FCB;GREEK CAPITAL LETTER ETA WITH OXIA;Lu;0;L;0389;;;;N;;;;1F75; +1FCC;GREEK CAPITAL LETTER ETA WITH PROSGEGRAMMENI;Lt;0;L;0397 0345;;;;N;;;;1FC3; +1FCD;GREEK PSILI AND VARIA;Sk;0;ON;1FBF 0300;;;;N;;;;; +1FCE;GREEK PSILI AND OXIA;Sk;0;ON;1FBF 0301;;;;N;;;;; +1FCF;GREEK PSILI AND PERISPOMENI;Sk;0;ON;1FBF 0342;;;;N;;;;; +1FD0;GREEK SMALL LETTER IOTA WITH VRACHY;Ll;0;L;03B9 0306;;;;N;;;1FD8;;1FD8 +1FD1;GREEK SMALL LETTER IOTA WITH MACRON;Ll;0;L;03B9 0304;;;;N;;;1FD9;;1FD9 +1FD2;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND VARIA;Ll;0;L;03CA 0300;;;;N;;;;; +1FD3;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND OXIA;Ll;0;L;0390;;;;N;;;;; +1FD6;GREEK SMALL LETTER IOTA WITH PERISPOMENI;Ll;0;L;03B9 0342;;;;N;;;;; +1FD7;GREEK SMALL LETTER IOTA WITH DIALYTIKA AND PERISPOMENI;Ll;0;L;03CA 0342;;;;N;;;;; +1FD8;GREEK CAPITAL LETTER IOTA WITH VRACHY;Lu;0;L;0399 0306;;;;N;;;;1FD0; +1FD9;GREEK CAPITAL LETTER IOTA WITH MACRON;Lu;0;L;0399 0304;;;;N;;;;1FD1; +1FDA;GREEK CAPITAL LETTER IOTA WITH VARIA;Lu;0;L;0399 0300;;;;N;;;;1F76; +1FDB;GREEK CAPITAL LETTER IOTA WITH OXIA;Lu;0;L;038A;;;;N;;;;1F77; +1FDD;GREEK DASIA AND VARIA;Sk;0;ON;1FFE 0300;;;;N;;;;; +1FDE;GREEK DASIA AND OXIA;Sk;0;ON;1FFE 0301;;;;N;;;;; +1FDF;GREEK DASIA AND PERISPOMENI;Sk;0;ON;1FFE 0342;;;;N;;;;; +1FE0;GREEK SMALL LETTER UPSILON WITH VRACHY;Ll;0;L;03C5 0306;;;;N;;;1FE8;;1FE8 +1FE1;GREEK SMALL LETTER UPSILON WITH MACRON;Ll;0;L;03C5 0304;;;;N;;;1FE9;;1FE9 +1FE2;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND VARIA;Ll;0;L;03CB 0300;;;;N;;;;; +1FE3;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND OXIA;Ll;0;L;03B0;;;;N;;;;; +1FE4;GREEK SMALL LETTER RHO WITH PSILI;Ll;0;L;03C1 0313;;;;N;;;;; +1FE5;GREEK SMALL LETTER RHO WITH DASIA;Ll;0;L;03C1 0314;;;;N;;;1FEC;;1FEC +1FE6;GREEK SMALL LETTER UPSILON WITH PERISPOMENI;Ll;0;L;03C5 0342;;;;N;;;;; +1FE7;GREEK SMALL LETTER UPSILON WITH DIALYTIKA AND PERISPOMENI;Ll;0;L;03CB 0342;;;;N;;;;; +1FE8;GREEK CAPITAL LETTER UPSILON WITH VRACHY;Lu;0;L;03A5 0306;;;;N;;;;1FE0; +1FE9;GREEK CAPITAL LETTER UPSILON WITH MACRON;Lu;0;L;03A5 0304;;;;N;;;;1FE1; +1FEA;GREEK CAPITAL LETTER UPSILON WITH VARIA;Lu;0;L;03A5 0300;;;;N;;;;1F7A; +1FEB;GREEK CAPITAL LETTER UPSILON WITH OXIA;Lu;0;L;038E;;;;N;;;;1F7B; +1FEC;GREEK CAPITAL LETTER RHO WITH DASIA;Lu;0;L;03A1 0314;;;;N;;;;1FE5; +1FED;GREEK DIALYTIKA AND VARIA;Sk;0;ON;00A8 0300;;;;N;;;;; +1FEE;GREEK DIALYTIKA AND OXIA;Sk;0;ON;0385;;;;N;;;;; +1FEF;GREEK VARIA;Sk;0;ON;0060;;;;N;;;;; +1FF2;GREEK SMALL LETTER OMEGA WITH VARIA AND YPOGEGRAMMENI;Ll;0;L;1F7C 0345;;;;N;;;;; +1FF3;GREEK SMALL LETTER OMEGA WITH YPOGEGRAMMENI;Ll;0;L;03C9 0345;;;;N;;;1FFC;;1FFC +1FF4;GREEK SMALL LETTER OMEGA WITH OXIA AND YPOGEGRAMMENI;Ll;0;L;03CE 0345;;;;N;;;;; +1FF6;GREEK SMALL LETTER OMEGA WITH PERISPOMENI;Ll;0;L;03C9 0342;;;;N;;;;; +1FF7;GREEK SMALL LETTER OMEGA WITH PERISPOMENI AND YPOGEGRAMMENI;Ll;0;L;1FF6 0345;;;;N;;;;; +1FF8;GREEK CAPITAL LETTER OMICRON WITH VARIA;Lu;0;L;039F 0300;;;;N;;;;1F78; +1FF9;GREEK CAPITAL LETTER OMICRON WITH OXIA;Lu;0;L;038C;;;;N;;;;1F79; +1FFA;GREEK CAPITAL LETTER OMEGA WITH VARIA;Lu;0;L;03A9 0300;;;;N;;;;1F7C; +1FFB;GREEK CAPITAL LETTER OMEGA WITH OXIA;Lu;0;L;038F;;;;N;;;;1F7D; +1FFC;GREEK CAPITAL LETTER OMEGA WITH PROSGEGRAMMENI;Lt;0;L;03A9 0345;;;;N;;;;1FF3; +1FFD;GREEK OXIA;Sk;0;ON;00B4;;;;N;;;;; +1FFE;GREEK DASIA;Sk;0;ON; 0020 0314;;;;N;;;;; +2000;EN QUAD;Zs;0;WS;2002;;;;N;;;;; +2001;EM QUAD;Zs;0;WS;2003;;;;N;;;;; +2002;EN SPACE;Zs;0;WS; 0020;;;;N;;;;; +2003;EM SPACE;Zs;0;WS; 0020;;;;N;;;;; +2004;THREE-PER-EM SPACE;Zs;0;WS; 0020;;;;N;;;;; +2005;FOUR-PER-EM SPACE;Zs;0;WS; 0020;;;;N;;;;; +2006;SIX-PER-EM SPACE;Zs;0;WS; 0020;;;;N;;;;; +2007;FIGURE SPACE;Zs;0;WS; 0020;;;;N;;;;; +2008;PUNCTUATION SPACE;Zs;0;WS; 0020;;;;N;;;;; +2009;THIN SPACE;Zs;0;WS; 0020;;;;N;;;;; +200A;HAIR SPACE;Zs;0;WS; 0020;;;;N;;;;; +200B;ZERO WIDTH SPACE;Zs;0;BN;;;;;N;;;;; +200C;ZERO WIDTH NON-JOINER;Cf;0;BN;;;;;N;;;;; +200D;ZERO WIDTH JOINER;Cf;0;BN;;;;;N;;;;; +200E;LEFT-TO-RIGHT MARK;Cf;0;L;;;;;N;;;;; +200F;RIGHT-TO-LEFT MARK;Cf;0;R;;;;;N;;;;; +2010;HYPHEN;Pd;0;ON;;;;;N;;;;; +2011;NON-BREAKING HYPHEN;Pd;0;ON; 2010;;;;N;;;;; +2012;FIGURE DASH;Pd;0;ON;;;;;N;;;;; +2013;EN DASH;Pd;0;ON;;;;;N;;;;; +2014;EM DASH;Pd;0;ON;;;;;N;;;;; +2015;HORIZONTAL BAR;Pd;0;ON;;;;;N;QUOTATION DASH;;;; +2016;DOUBLE VERTICAL LINE;Po;0;ON;;;;;N;DOUBLE VERTICAL BAR;;;; +2017;DOUBLE LOW LINE;Po;0;ON; 0020 0333;;;;N;SPACING DOUBLE UNDERSCORE;;;; +2018;LEFT SINGLE QUOTATION MARK;Pi;0;ON;;;;;N;SINGLE TURNED COMMA QUOTATION MARK;;;; +2019;RIGHT SINGLE QUOTATION MARK;Pf;0;ON;;;;;N;SINGLE COMMA QUOTATION MARK;;;; +201A;SINGLE LOW-9 QUOTATION MARK;Ps;0;ON;;;;;N;LOW SINGLE COMMA QUOTATION MARK;;;; +201B;SINGLE HIGH-REVERSED-9 QUOTATION MARK;Pi;0;ON;;;;;N;SINGLE REVERSED COMMA QUOTATION MARK;;;; +201C;LEFT DOUBLE QUOTATION MARK;Pi;0;ON;;;;;N;DOUBLE TURNED COMMA QUOTATION MARK;;;; +201D;RIGHT DOUBLE QUOTATION MARK;Pf;0;ON;;;;;N;DOUBLE COMMA QUOTATION MARK;;;; +201E;DOUBLE LOW-9 QUOTATION MARK;Ps;0;ON;;;;;N;LOW DOUBLE COMMA QUOTATION MARK;;;; +201F;DOUBLE HIGH-REVERSED-9 QUOTATION MARK;Pi;0;ON;;;;;N;DOUBLE REVERSED COMMA QUOTATION MARK;;;; +2020;DAGGER;Po;0;ON;;;;;N;;;;; +2021;DOUBLE DAGGER;Po;0;ON;;;;;N;;;;; +2022;BULLET;Po;0;ON;;;;;N;;;;; +2023;TRIANGULAR BULLET;Po;0;ON;;;;;N;;;;; +2024;ONE DOT LEADER;Po;0;ON; 002E;;;;N;;;;; +2025;TWO DOT LEADER;Po;0;ON; 002E 002E;;;;N;;;;; +2026;HORIZONTAL ELLIPSIS;Po;0;ON; 002E 002E 002E;;;;N;;;;; +2027;HYPHENATION POINT;Po;0;ON;;;;;N;;;;; +2028;LINE SEPARATOR;Zl;0;WS;;;;;N;;;;; +2029;PARAGRAPH SEPARATOR;Zp;0;B;;;;;N;;;;; +202A;LEFT-TO-RIGHT EMBEDDING;Cf;0;LRE;;;;;N;;;;; +202B;RIGHT-TO-LEFT EMBEDDING;Cf;0;RLE;;;;;N;;;;; +202C;POP DIRECTIONAL FORMATTING;Cf;0;PDF;;;;;N;;;;; +202D;LEFT-TO-RIGHT OVERRIDE;Cf;0;LRO;;;;;N;;;;; +202E;RIGHT-TO-LEFT OVERRIDE;Cf;0;RLO;;;;;N;;;;; +202F;NARROW NO-BREAK SPACE;Zs;0;WS; 0020;;;;N;;;;; +2030;PER MILLE SIGN;Po;0;ET;;;;;N;;;;; +2031;PER TEN THOUSAND SIGN;Po;0;ET;;;;;N;;;;; +2032;PRIME;Po;0;ET;;;;;N;;;;; +2033;DOUBLE PRIME;Po;0;ET; 2032 2032;;;;N;;;;; +2034;TRIPLE PRIME;Po;0;ET; 2032 2032 2032;;;;N;;;;; +2035;REVERSED PRIME;Po;0;ON;;;;;N;;;;; +2036;REVERSED DOUBLE PRIME;Po;0;ON; 2035 2035;;;;N;;;;; +2037;REVERSED TRIPLE PRIME;Po;0;ON; 2035 2035 2035;;;;N;;;;; +2038;CARET;Po;0;ON;;;;;N;;;;; +2039;SINGLE LEFT-POINTING ANGLE QUOTATION MARK;Pi;0;ON;;;;;Y;LEFT POINTING SINGLE GUILLEMET;;;; +203A;SINGLE RIGHT-POINTING ANGLE QUOTATION MARK;Pf;0;ON;;;;;Y;RIGHT POINTING SINGLE GUILLEMET;;;; +203B;REFERENCE MARK;Po;0;ON;;;;;N;;;;; +203C;DOUBLE EXCLAMATION MARK;Po;0;ON; 0021 0021;;;;N;;;;; +203D;INTERROBANG;Po;0;ON;;;;;N;;;;; +203E;OVERLINE;Po;0;ON; 0020 0305;;;;N;SPACING OVERSCORE;;;; +203F;UNDERTIE;Pc;0;ON;;;;;N;;Enotikon;;; +2040;CHARACTER TIE;Pc;0;ON;;;;;N;;;;; +2041;CARET INSERTION POINT;Po;0;ON;;;;;N;;;;; +2042;ASTERISM;Po;0;ON;;;;;N;;;;; +2043;HYPHEN BULLET;Po;0;ON;;;;;N;;;;; +2044;FRACTION SLASH;Sm;0;ON;;;;;N;;;;; +2045;LEFT SQUARE BRACKET WITH QUILL;Ps;0;ON;;;;;Y;;;;; +2046;RIGHT SQUARE BRACKET WITH QUILL;Pe;0;ON;;;;;Y;;;;; +2047;DOUBLE QUESTION MARK;Po;0;ON; 003F 003F;;;;N;;;;; +2048;QUESTION EXCLAMATION MARK;Po;0;ON; 003F 0021;;;;N;;;;; +2049;EXCLAMATION QUESTION MARK;Po;0;ON; 0021 003F;;;;N;;;;; +204A;TIRONIAN SIGN ET;Po;0;ON;;;;;N;;;;; +204B;REVERSED PILCROW SIGN;Po;0;ON;;;;;N;;;;; +204C;BLACK LEFTWARDS BULLET;Po;0;ON;;;;;N;;;;; +204D;BLACK RIGHTWARDS BULLET;Po;0;ON;;;;;N;;;;; +204E;LOW ASTERISK;Po;0;ON;;;;;N;;;;; +204F;REVERSED SEMICOLON;Po;0;ON;;;;;N;;;;; +2050;CLOSE UP;Po;0;ON;;;;;N;;;;; +2051;TWO ASTERISKS ALIGNED VERTICALLY;Po;0;ON;;;;;N;;;;; +2052;COMMERCIAL MINUS SIGN;Sm;0;ON;;;;;N;;;;; +2057;QUADRUPLE PRIME;Po;0;ON; 2032 2032 2032 2032;;;;N;;;;; +205F;MEDIUM MATHEMATICAL SPACE;Zs;0;WS; 0020;;;;N;;;;; +2060;WORD JOINER;Cf;0;BN;;;;;N;;;;; +2061;FUNCTION APPLICATION;Cf;0;BN;;;;;N;;;;; +2062;INVISIBLE TIMES;Cf;0;BN;;;;;N;;;;; +2063;INVISIBLE SEPARATOR;Cf;0;BN;;;;;N;;;;; +206A;INHIBIT SYMMETRIC SWAPPING;Cf;0;BN;;;;;N;;;;; +206B;ACTIVATE SYMMETRIC SWAPPING;Cf;0;BN;;;;;N;;;;; +206C;INHIBIT ARABIC FORM SHAPING;Cf;0;BN;;;;;N;;;;; +206D;ACTIVATE ARABIC FORM SHAPING;Cf;0;BN;;;;;N;;;;; +206E;NATIONAL DIGIT SHAPES;Cf;0;BN;;;;;N;;;;; +206F;NOMINAL DIGIT SHAPES;Cf;0;BN;;;;;N;;;;; +2070;SUPERSCRIPT ZERO;No;0;EN; 0030;0;0;0;N;SUPERSCRIPT DIGIT ZERO;;;; +2071;SUPERSCRIPT LATIN SMALL LETTER I;Ll;0;L; 0069;;;;N;;;;; +2074;SUPERSCRIPT FOUR;No;0;EN; 0034;4;4;4;N;SUPERSCRIPT DIGIT FOUR;;;; +2075;SUPERSCRIPT FIVE;No;0;EN; 0035;5;5;5;N;SUPERSCRIPT DIGIT FIVE;;;; +2076;SUPERSCRIPT SIX;No;0;EN; 0036;6;6;6;N;SUPERSCRIPT DIGIT SIX;;;; +2077;SUPERSCRIPT SEVEN;No;0;EN; 0037;7;7;7;N;SUPERSCRIPT DIGIT SEVEN;;;; +2078;SUPERSCRIPT EIGHT;No;0;EN; 0038;8;8;8;N;SUPERSCRIPT DIGIT EIGHT;;;; +2079;SUPERSCRIPT NINE;No;0;EN; 0039;9;9;9;N;SUPERSCRIPT DIGIT NINE;;;; +207A;SUPERSCRIPT PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +207B;SUPERSCRIPT MINUS;Sm;0;ET; 2212;;;;N;SUPERSCRIPT HYPHEN-MINUS;;;; +207C;SUPERSCRIPT EQUALS SIGN;Sm;0;ON; 003D;;;;N;;;;; +207D;SUPERSCRIPT LEFT PARENTHESIS;Ps;0;ON; 0028;;;;Y;SUPERSCRIPT OPENING PARENTHESIS;;;; +207E;SUPERSCRIPT RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;Y;SUPERSCRIPT CLOSING PARENTHESIS;;;; +207F;SUPERSCRIPT LATIN SMALL LETTER N;Ll;0;L; 006E;;;;N;;;;; +2080;SUBSCRIPT ZERO;No;0;EN; 0030;0;0;0;N;SUBSCRIPT DIGIT ZERO;;;; +2081;SUBSCRIPT ONE;No;0;EN; 0031;1;1;1;N;SUBSCRIPT DIGIT ONE;;;; +2082;SUBSCRIPT TWO;No;0;EN; 0032;2;2;2;N;SUBSCRIPT DIGIT TWO;;;; +2083;SUBSCRIPT THREE;No;0;EN; 0033;3;3;3;N;SUBSCRIPT DIGIT THREE;;;; +2084;SUBSCRIPT FOUR;No;0;EN; 0034;4;4;4;N;SUBSCRIPT DIGIT FOUR;;;; +2085;SUBSCRIPT FIVE;No;0;EN; 0035;5;5;5;N;SUBSCRIPT DIGIT FIVE;;;; +2086;SUBSCRIPT SIX;No;0;EN; 0036;6;6;6;N;SUBSCRIPT DIGIT SIX;;;; +2087;SUBSCRIPT SEVEN;No;0;EN; 0037;7;7;7;N;SUBSCRIPT DIGIT SEVEN;;;; +2088;SUBSCRIPT EIGHT;No;0;EN; 0038;8;8;8;N;SUBSCRIPT DIGIT EIGHT;;;; +2089;SUBSCRIPT NINE;No;0;EN; 0039;9;9;9;N;SUBSCRIPT DIGIT NINE;;;; +208A;SUBSCRIPT PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +208B;SUBSCRIPT MINUS;Sm;0;ET; 2212;;;;N;SUBSCRIPT HYPHEN-MINUS;;;; +208C;SUBSCRIPT EQUALS SIGN;Sm;0;ON; 003D;;;;N;;;;; +208D;SUBSCRIPT LEFT PARENTHESIS;Ps;0;ON; 0028;;;;Y;SUBSCRIPT OPENING PARENTHESIS;;;; +208E;SUBSCRIPT RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;Y;SUBSCRIPT CLOSING PARENTHESIS;;;; +20A0;EURO-CURRENCY SIGN;Sc;0;ET;;;;;N;;;;; +20A1;COLON SIGN;Sc;0;ET;;;;;N;;;;; +20A2;CRUZEIRO SIGN;Sc;0;ET;;;;;N;;;;; +20A3;FRENCH FRANC SIGN;Sc;0;ET;;;;;N;;;;; +20A4;LIRA SIGN;Sc;0;ET;;;;;N;;;;; +20A5;MILL SIGN;Sc;0;ET;;;;;N;;;;; +20A6;NAIRA SIGN;Sc;0;ET;;;;;N;;;;; +20A7;PESETA SIGN;Sc;0;ET;;;;;N;;;;; +20A8;RUPEE SIGN;Sc;0;ET; 0052 0073;;;;N;;;;; +20A9;WON SIGN;Sc;0;ET;;;;;N;;;;; +20AA;NEW SHEQEL SIGN;Sc;0;ET;;;;;N;;;;; +20AB;DONG SIGN;Sc;0;ET;;;;;N;;;;; +20AC;EURO SIGN;Sc;0;ET;;;;;N;;;;; +20AD;KIP SIGN;Sc;0;ET;;;;;N;;;;; +20AE;TUGRIK SIGN;Sc;0;ET;;;;;N;;;;; +20AF;DRACHMA SIGN;Sc;0;ET;;;;;N;;;;; +20B0;GERMAN PENNY SIGN;Sc;0;ET;;;;;N;;;;; +20B1;PESO SIGN;Sc;0;ET;;;;;N;;;;; +20D0;COMBINING LEFT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT HARPOON ABOVE;;;; +20D1;COMBINING RIGHT HARPOON ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT HARPOON ABOVE;;;; +20D2;COMBINING LONG VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING LONG VERTICAL BAR OVERLAY;;;; +20D3;COMBINING SHORT VERTICAL LINE OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING SHORT VERTICAL BAR OVERLAY;;;; +20D4;COMBINING ANTICLOCKWISE ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING ANTICLOCKWISE ARROW ABOVE;;;; +20D5;COMBINING CLOCKWISE ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING CLOCKWISE ARROW ABOVE;;;; +20D6;COMBINING LEFT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT ARROW ABOVE;;;; +20D7;COMBINING RIGHT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING RIGHT ARROW ABOVE;;;; +20D8;COMBINING RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING RING OVERLAY;;;; +20D9;COMBINING CLOCKWISE RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING CLOCKWISE RING OVERLAY;;;; +20DA;COMBINING ANTICLOCKWISE RING OVERLAY;Mn;1;NSM;;;;;N;NON-SPACING ANTICLOCKWISE RING OVERLAY;;;; +20DB;COMBINING THREE DOTS ABOVE;Mn;230;NSM;;;;;N;NON-SPACING THREE DOTS ABOVE;;;; +20DC;COMBINING FOUR DOTS ABOVE;Mn;230;NSM;;;;;N;NON-SPACING FOUR DOTS ABOVE;;;; +20DD;COMBINING ENCLOSING CIRCLE;Me;0;NSM;;;;;N;ENCLOSING CIRCLE;;;; +20DE;COMBINING ENCLOSING SQUARE;Me;0;NSM;;;;;N;ENCLOSING SQUARE;;;; +20DF;COMBINING ENCLOSING DIAMOND;Me;0;NSM;;;;;N;ENCLOSING DIAMOND;;;; +20E0;COMBINING ENCLOSING CIRCLE BACKSLASH;Me;0;NSM;;;;;N;ENCLOSING CIRCLE SLASH;;;; +20E1;COMBINING LEFT RIGHT ARROW ABOVE;Mn;230;NSM;;;;;N;NON-SPACING LEFT RIGHT ARROW ABOVE;;;; +20E2;COMBINING ENCLOSING SCREEN;Me;0;NSM;;;;;N;;;;; +20E3;COMBINING ENCLOSING KEYCAP;Me;0;NSM;;;;;N;;;;; +20E4;COMBINING ENCLOSING UPWARD POINTING TRIANGLE;Me;0;NSM;;;;;N;;;;; +20E5;COMBINING REVERSE SOLIDUS OVERLAY;Mn;1;NSM;;;;;N;;;;; +20E6;COMBINING DOUBLE VERTICAL STROKE OVERLAY;Mn;1;NSM;;;;;N;;;;; +20E7;COMBINING ANNUITY SYMBOL;Mn;230;NSM;;;;;N;;;;; +20E8;COMBINING TRIPLE UNDERDOT;Mn;220;NSM;;;;;N;;;;; +20E9;COMBINING WIDE BRIDGE ABOVE;Mn;230;NSM;;;;;N;;;;; +20EA;COMBINING LEFTWARDS ARROW OVERLAY;Mn;1;NSM;;;;;N;;;;; +2100;ACCOUNT OF;So;0;ON; 0061 002F 0063;;;;N;;;;; +2101;ADDRESSED TO THE SUBJECT;So;0;ON; 0061 002F 0073;;;;N;;;;; +2102;DOUBLE-STRUCK CAPITAL C;Lu;0;L; 0043;;;;N;DOUBLE-STRUCK C;;;; +2103;DEGREE CELSIUS;So;0;ON; 00B0 0043;;;;N;DEGREES CENTIGRADE;;;; +2104;CENTRE LINE SYMBOL;So;0;ON;;;;;N;C L SYMBOL;;;; +2105;CARE OF;So;0;ON; 0063 002F 006F;;;;N;;;;; +2106;CADA UNA;So;0;ON; 0063 002F 0075;;;;N;;;;; +2107;EULER CONSTANT;Lu;0;L; 0190;;;;N;EULERS;;;; +2108;SCRUPLE;So;0;ON;;;;;N;;;;; +2109;DEGREE FAHRENHEIT;So;0;ON; 00B0 0046;;;;N;DEGREES FAHRENHEIT;;;; +210A;SCRIPT SMALL G;Ll;0;L; 0067;;;;N;;;;; +210B;SCRIPT CAPITAL H;Lu;0;L; 0048;;;;N;SCRIPT H;;;; +210C;BLACK-LETTER CAPITAL H;Lu;0;L; 0048;;;;N;BLACK-LETTER H;;;; +210D;DOUBLE-STRUCK CAPITAL H;Lu;0;L; 0048;;;;N;DOUBLE-STRUCK H;;;; +210E;PLANCK CONSTANT;Ll;0;L; 0068;;;;N;;;;; +210F;PLANCK CONSTANT OVER TWO PI;Ll;0;L; 0127;;;;N;PLANCK CONSTANT OVER 2 PI;;;; +2110;SCRIPT CAPITAL I;Lu;0;L; 0049;;;;N;SCRIPT I;;;; +2111;BLACK-LETTER CAPITAL I;Lu;0;L; 0049;;;;N;BLACK-LETTER I;;;; +2112;SCRIPT CAPITAL L;Lu;0;L; 004C;;;;N;SCRIPT L;;;; +2113;SCRIPT SMALL L;Ll;0;L; 006C;;;;N;;;;; +2114;L B BAR SYMBOL;So;0;ON;;;;;N;;;;; +2115;DOUBLE-STRUCK CAPITAL N;Lu;0;L; 004E;;;;N;DOUBLE-STRUCK N;;;; +2116;NUMERO SIGN;So;0;ON; 004E 006F;;;;N;NUMERO;;;; +2117;SOUND RECORDING COPYRIGHT;So;0;ON;;;;;N;;;;; +2118;SCRIPT CAPITAL P;So;0;ON;;;;;N;SCRIPT P;;;; +2119;DOUBLE-STRUCK CAPITAL P;Lu;0;L; 0050;;;;N;DOUBLE-STRUCK P;;;; +211A;DOUBLE-STRUCK CAPITAL Q;Lu;0;L; 0051;;;;N;DOUBLE-STRUCK Q;;;; +211B;SCRIPT CAPITAL R;Lu;0;L; 0052;;;;N;SCRIPT R;;;; +211C;BLACK-LETTER CAPITAL R;Lu;0;L; 0052;;;;N;BLACK-LETTER R;;;; +211D;DOUBLE-STRUCK CAPITAL R;Lu;0;L; 0052;;;;N;DOUBLE-STRUCK R;;;; +211E;PRESCRIPTION TAKE;So;0;ON;;;;;N;;;;; +211F;RESPONSE;So;0;ON;;;;;N;;;;; +2120;SERVICE MARK;So;0;ON; 0053 004D;;;;N;;;;; +2121;TELEPHONE SIGN;So;0;ON; 0054 0045 004C;;;;N;T E L SYMBOL;;;; +2122;TRADE MARK SIGN;So;0;ON; 0054 004D;;;;N;TRADEMARK;;;; +2123;VERSICLE;So;0;ON;;;;;N;;;;; +2124;DOUBLE-STRUCK CAPITAL Z;Lu;0;L; 005A;;;;N;DOUBLE-STRUCK Z;;;; +2125;OUNCE SIGN;So;0;ON;;;;;N;OUNCE;;;; +2126;OHM SIGN;Lu;0;L;03A9;;;;N;OHM;;;03C9; +2127;INVERTED OHM SIGN;So;0;ON;;;;;N;MHO;;;; +2128;BLACK-LETTER CAPITAL Z;Lu;0;L; 005A;;;;N;BLACK-LETTER Z;;;; +2129;TURNED GREEK SMALL LETTER IOTA;So;0;ON;;;;;N;;;;; +212A;KELVIN SIGN;Lu;0;L;004B;;;;N;DEGREES KELVIN;;;006B; +212B;ANGSTROM SIGN;Lu;0;L;00C5;;;;N;ANGSTROM UNIT;;;00E5; +212C;SCRIPT CAPITAL B;Lu;0;L; 0042;;;;N;SCRIPT B;;;; +212D;BLACK-LETTER CAPITAL C;Lu;0;L; 0043;;;;N;BLACK-LETTER C;;;; +212E;ESTIMATED SYMBOL;So;0;ET;;;;;N;;;;; +212F;SCRIPT SMALL E;Ll;0;L; 0065;;;;N;;;;; +2130;SCRIPT CAPITAL E;Lu;0;L; 0045;;;;N;SCRIPT E;;;; +2131;SCRIPT CAPITAL F;Lu;0;L; 0046;;;;N;SCRIPT F;;;; +2132;TURNED CAPITAL F;So;0;ON;;;;;N;TURNED F;;;; +2133;SCRIPT CAPITAL M;Lu;0;L; 004D;;;;N;SCRIPT M;;;; +2134;SCRIPT SMALL O;Ll;0;L; 006F;;;;N;;;;; +2135;ALEF SYMBOL;Lo;0;L; 05D0;;;;N;FIRST TRANSFINITE CARDINAL;;;; +2136;BET SYMBOL;Lo;0;L; 05D1;;;;N;SECOND TRANSFINITE CARDINAL;;;; +2137;GIMEL SYMBOL;Lo;0;L; 05D2;;;;N;THIRD TRANSFINITE CARDINAL;;;; +2138;DALET SYMBOL;Lo;0;L; 05D3;;;;N;FOURTH TRANSFINITE CARDINAL;;;; +2139;INFORMATION SOURCE;Ll;0;L; 0069;;;;N;;;;; +213A;ROTATED CAPITAL Q;So;0;ON;;;;;N;;;;; +213D;DOUBLE-STRUCK SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +213E;DOUBLE-STRUCK CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +213F;DOUBLE-STRUCK CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +2140;DOUBLE-STRUCK N-ARY SUMMATION;Sm;0;ON; 2211;;;;Y;;;;; +2141;TURNED SANS-SERIF CAPITAL G;Sm;0;ON;;;;;N;;;;; +2142;TURNED SANS-SERIF CAPITAL L;Sm;0;ON;;;;;N;;;;; +2143;REVERSED SANS-SERIF CAPITAL L;Sm;0;ON;;;;;N;;;;; +2144;TURNED SANS-SERIF CAPITAL Y;Sm;0;ON;;;;;N;;;;; +2145;DOUBLE-STRUCK ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +2146;DOUBLE-STRUCK ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +2147;DOUBLE-STRUCK ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +2148;DOUBLE-STRUCK ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +2149;DOUBLE-STRUCK ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +214A;PROPERTY LINE;So;0;ON;;;;;N;;;;; +214B;TURNED AMPERSAND;Sm;0;ON;;;;;N;;;;; +2153;VULGAR FRACTION ONE THIRD;No;0;ON; 0031 2044 0033;;;1/3;N;FRACTION ONE THIRD;;;; +2154;VULGAR FRACTION TWO THIRDS;No;0;ON; 0032 2044 0033;;;2/3;N;FRACTION TWO THIRDS;;;; +2155;VULGAR FRACTION ONE FIFTH;No;0;ON; 0031 2044 0035;;;1/5;N;FRACTION ONE FIFTH;;;; +2156;VULGAR FRACTION TWO FIFTHS;No;0;ON; 0032 2044 0035;;;2/5;N;FRACTION TWO FIFTHS;;;; +2157;VULGAR FRACTION THREE FIFTHS;No;0;ON; 0033 2044 0035;;;3/5;N;FRACTION THREE FIFTHS;;;; +2158;VULGAR FRACTION FOUR FIFTHS;No;0;ON; 0034 2044 0035;;;4/5;N;FRACTION FOUR FIFTHS;;;; +2159;VULGAR FRACTION ONE SIXTH;No;0;ON; 0031 2044 0036;;;1/6;N;FRACTION ONE SIXTH;;;; +215A;VULGAR FRACTION FIVE SIXTHS;No;0;ON; 0035 2044 0036;;;5/6;N;FRACTION FIVE SIXTHS;;;; +215B;VULGAR FRACTION ONE EIGHTH;No;0;ON; 0031 2044 0038;;;1/8;N;FRACTION ONE EIGHTH;;;; +215C;VULGAR FRACTION THREE EIGHTHS;No;0;ON; 0033 2044 0038;;;3/8;N;FRACTION THREE EIGHTHS;;;; +215D;VULGAR FRACTION FIVE EIGHTHS;No;0;ON; 0035 2044 0038;;;5/8;N;FRACTION FIVE EIGHTHS;;;; +215E;VULGAR FRACTION SEVEN EIGHTHS;No;0;ON; 0037 2044 0038;;;7/8;N;FRACTION SEVEN EIGHTHS;;;; +215F;FRACTION NUMERATOR ONE;No;0;ON; 0031 2044;;;1;N;;;;; +2160;ROMAN NUMERAL ONE;Nl;0;L; 0049;;;1;N;;;;2170; +2161;ROMAN NUMERAL TWO;Nl;0;L; 0049 0049;;;2;N;;;;2171; +2162;ROMAN NUMERAL THREE;Nl;0;L; 0049 0049 0049;;;3;N;;;;2172; +2163;ROMAN NUMERAL FOUR;Nl;0;L; 0049 0056;;;4;N;;;;2173; +2164;ROMAN NUMERAL FIVE;Nl;0;L; 0056;;;5;N;;;;2174; +2165;ROMAN NUMERAL SIX;Nl;0;L; 0056 0049;;;6;N;;;;2175; +2166;ROMAN NUMERAL SEVEN;Nl;0;L; 0056 0049 0049;;;7;N;;;;2176; +2167;ROMAN NUMERAL EIGHT;Nl;0;L; 0056 0049 0049 0049;;;8;N;;;;2177; +2168;ROMAN NUMERAL NINE;Nl;0;L; 0049 0058;;;9;N;;;;2178; +2169;ROMAN NUMERAL TEN;Nl;0;L; 0058;;;10;N;;;;2179; +216A;ROMAN NUMERAL ELEVEN;Nl;0;L; 0058 0049;;;11;N;;;;217A; +216B;ROMAN NUMERAL TWELVE;Nl;0;L; 0058 0049 0049;;;12;N;;;;217B; +216C;ROMAN NUMERAL FIFTY;Nl;0;L; 004C;;;50;N;;;;217C; +216D;ROMAN NUMERAL ONE HUNDRED;Nl;0;L; 0043;;;100;N;;;;217D; +216E;ROMAN NUMERAL FIVE HUNDRED;Nl;0;L; 0044;;;500;N;;;;217E; +216F;ROMAN NUMERAL ONE THOUSAND;Nl;0;L; 004D;;;1000;N;;;;217F; +2170;SMALL ROMAN NUMERAL ONE;Nl;0;L; 0069;;;1;N;;;2160;;2160 +2171;SMALL ROMAN NUMERAL TWO;Nl;0;L; 0069 0069;;;2;N;;;2161;;2161 +2172;SMALL ROMAN NUMERAL THREE;Nl;0;L; 0069 0069 0069;;;3;N;;;2162;;2162 +2173;SMALL ROMAN NUMERAL FOUR;Nl;0;L; 0069 0076;;;4;N;;;2163;;2163 +2174;SMALL ROMAN NUMERAL FIVE;Nl;0;L; 0076;;;5;N;;;2164;;2164 +2175;SMALL ROMAN NUMERAL SIX;Nl;0;L; 0076 0069;;;6;N;;;2165;;2165 +2176;SMALL ROMAN NUMERAL SEVEN;Nl;0;L; 0076 0069 0069;;;7;N;;;2166;;2166 +2177;SMALL ROMAN NUMERAL EIGHT;Nl;0;L; 0076 0069 0069 0069;;;8;N;;;2167;;2167 +2178;SMALL ROMAN NUMERAL NINE;Nl;0;L; 0069 0078;;;9;N;;;2168;;2168 +2179;SMALL ROMAN NUMERAL TEN;Nl;0;L; 0078;;;10;N;;;2169;;2169 +217A;SMALL ROMAN NUMERAL ELEVEN;Nl;0;L; 0078 0069;;;11;N;;;216A;;216A +217B;SMALL ROMAN NUMERAL TWELVE;Nl;0;L; 0078 0069 0069;;;12;N;;;216B;;216B +217C;SMALL ROMAN NUMERAL FIFTY;Nl;0;L; 006C;;;50;N;;;216C;;216C +217D;SMALL ROMAN NUMERAL ONE HUNDRED;Nl;0;L; 0063;;;100;N;;;216D;;216D +217E;SMALL ROMAN NUMERAL FIVE HUNDRED;Nl;0;L; 0064;;;500;N;;;216E;;216E +217F;SMALL ROMAN NUMERAL ONE THOUSAND;Nl;0;L; 006D;;;1000;N;;;216F;;216F +2180;ROMAN NUMERAL ONE THOUSAND C D;Nl;0;L;;;;1000;N;;;;; +2181;ROMAN NUMERAL FIVE THOUSAND;Nl;0;L;;;;5000;N;;;;; +2182;ROMAN NUMERAL TEN THOUSAND;Nl;0;L;;;;10000;N;;;;; +2183;ROMAN NUMERAL REVERSED ONE HUNDRED;Nl;0;L;;;;;N;;;;; +2190;LEFTWARDS ARROW;Sm;0;ON;;;;;N;LEFT ARROW;;;; +2191;UPWARDS ARROW;Sm;0;ON;;;;;N;UP ARROW;;;; +2192;RIGHTWARDS ARROW;Sm;0;ON;;;;;N;RIGHT ARROW;;;; +2193;DOWNWARDS ARROW;Sm;0;ON;;;;;N;DOWN ARROW;;;; +2194;LEFT RIGHT ARROW;Sm;0;ON;;;;;N;;;;; +2195;UP DOWN ARROW;So;0;ON;;;;;N;;;;; +2196;NORTH WEST ARROW;So;0;ON;;;;;N;UPPER LEFT ARROW;;;; +2197;NORTH EAST ARROW;So;0;ON;;;;;N;UPPER RIGHT ARROW;;;; +2198;SOUTH EAST ARROW;So;0;ON;;;;;N;LOWER RIGHT ARROW;;;; +2199;SOUTH WEST ARROW;So;0;ON;;;;;N;LOWER LEFT ARROW;;;; +219A;LEFTWARDS ARROW WITH STROKE;Sm;0;ON;2190 0338;;;;N;LEFT ARROW WITH STROKE;;;; +219B;RIGHTWARDS ARROW WITH STROKE;Sm;0;ON;2192 0338;;;;N;RIGHT ARROW WITH STROKE;;;; +219C;LEFTWARDS WAVE ARROW;So;0;ON;;;;;N;LEFT WAVE ARROW;;;; +219D;RIGHTWARDS WAVE ARROW;So;0;ON;;;;;N;RIGHT WAVE ARROW;;;; +219E;LEFTWARDS TWO HEADED ARROW;So;0;ON;;;;;N;LEFT TWO HEADED ARROW;;;; +219F;UPWARDS TWO HEADED ARROW;So;0;ON;;;;;N;UP TWO HEADED ARROW;;;; +21A0;RIGHTWARDS TWO HEADED ARROW;Sm;0;ON;;;;;N;RIGHT TWO HEADED ARROW;;;; +21A1;DOWNWARDS TWO HEADED ARROW;So;0;ON;;;;;N;DOWN TWO HEADED ARROW;;;; +21A2;LEFTWARDS ARROW WITH TAIL;So;0;ON;;;;;N;LEFT ARROW WITH TAIL;;;; +21A3;RIGHTWARDS ARROW WITH TAIL;Sm;0;ON;;;;;N;RIGHT ARROW WITH TAIL;;;; +21A4;LEFTWARDS ARROW FROM BAR;So;0;ON;;;;;N;LEFT ARROW FROM BAR;;;; +21A5;UPWARDS ARROW FROM BAR;So;0;ON;;;;;N;UP ARROW FROM BAR;;;; +21A6;RIGHTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;RIGHT ARROW FROM BAR;;;; +21A7;DOWNWARDS ARROW FROM BAR;So;0;ON;;;;;N;DOWN ARROW FROM BAR;;;; +21A8;UP DOWN ARROW WITH BASE;So;0;ON;;;;;N;;;;; +21A9;LEFTWARDS ARROW WITH HOOK;So;0;ON;;;;;N;LEFT ARROW WITH HOOK;;;; +21AA;RIGHTWARDS ARROW WITH HOOK;So;0;ON;;;;;N;RIGHT ARROW WITH HOOK;;;; +21AB;LEFTWARDS ARROW WITH LOOP;So;0;ON;;;;;N;LEFT ARROW WITH LOOP;;;; +21AC;RIGHTWARDS ARROW WITH LOOP;So;0;ON;;;;;N;RIGHT ARROW WITH LOOP;;;; +21AD;LEFT RIGHT WAVE ARROW;So;0;ON;;;;;N;;;;; +21AE;LEFT RIGHT ARROW WITH STROKE;Sm;0;ON;2194 0338;;;;N;;;;; +21AF;DOWNWARDS ZIGZAG ARROW;So;0;ON;;;;;N;DOWN ZIGZAG ARROW;;;; +21B0;UPWARDS ARROW WITH TIP LEFTWARDS;So;0;ON;;;;;N;UP ARROW WITH TIP LEFT;;;; +21B1;UPWARDS ARROW WITH TIP RIGHTWARDS;So;0;ON;;;;;N;UP ARROW WITH TIP RIGHT;;;; +21B2;DOWNWARDS ARROW WITH TIP LEFTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH TIP LEFT;;;; +21B3;DOWNWARDS ARROW WITH TIP RIGHTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH TIP RIGHT;;;; +21B4;RIGHTWARDS ARROW WITH CORNER DOWNWARDS;So;0;ON;;;;;N;RIGHT ARROW WITH CORNER DOWN;;;; +21B5;DOWNWARDS ARROW WITH CORNER LEFTWARDS;So;0;ON;;;;;N;DOWN ARROW WITH CORNER LEFT;;;; +21B6;ANTICLOCKWISE TOP SEMICIRCLE ARROW;So;0;ON;;;;;N;;;;; +21B7;CLOCKWISE TOP SEMICIRCLE ARROW;So;0;ON;;;;;N;;;;; +21B8;NORTH WEST ARROW TO LONG BAR;So;0;ON;;;;;N;UPPER LEFT ARROW TO LONG BAR;;;; +21B9;LEFTWARDS ARROW TO BAR OVER RIGHTWARDS ARROW TO BAR;So;0;ON;;;;;N;LEFT ARROW TO BAR OVER RIGHT ARROW TO BAR;;;; +21BA;ANTICLOCKWISE OPEN CIRCLE ARROW;So;0;ON;;;;;N;;;;; +21BB;CLOCKWISE OPEN CIRCLE ARROW;So;0;ON;;;;;N;;;;; +21BC;LEFTWARDS HARPOON WITH BARB UPWARDS;So;0;ON;;;;;N;LEFT HARPOON WITH BARB UP;;;; +21BD;LEFTWARDS HARPOON WITH BARB DOWNWARDS;So;0;ON;;;;;N;LEFT HARPOON WITH BARB DOWN;;;; +21BE;UPWARDS HARPOON WITH BARB RIGHTWARDS;So;0;ON;;;;;N;UP HARPOON WITH BARB RIGHT;;;; +21BF;UPWARDS HARPOON WITH BARB LEFTWARDS;So;0;ON;;;;;N;UP HARPOON WITH BARB LEFT;;;; +21C0;RIGHTWARDS HARPOON WITH BARB UPWARDS;So;0;ON;;;;;N;RIGHT HARPOON WITH BARB UP;;;; +21C1;RIGHTWARDS HARPOON WITH BARB DOWNWARDS;So;0;ON;;;;;N;RIGHT HARPOON WITH BARB DOWN;;;; +21C2;DOWNWARDS HARPOON WITH BARB RIGHTWARDS;So;0;ON;;;;;N;DOWN HARPOON WITH BARB RIGHT;;;; +21C3;DOWNWARDS HARPOON WITH BARB LEFTWARDS;So;0;ON;;;;;N;DOWN HARPOON WITH BARB LEFT;;;; +21C4;RIGHTWARDS ARROW OVER LEFTWARDS ARROW;So;0;ON;;;;;N;RIGHT ARROW OVER LEFT ARROW;;;; +21C5;UPWARDS ARROW LEFTWARDS OF DOWNWARDS ARROW;So;0;ON;;;;;N;UP ARROW LEFT OF DOWN ARROW;;;; +21C6;LEFTWARDS ARROW OVER RIGHTWARDS ARROW;So;0;ON;;;;;N;LEFT ARROW OVER RIGHT ARROW;;;; +21C7;LEFTWARDS PAIRED ARROWS;So;0;ON;;;;;N;LEFT PAIRED ARROWS;;;; +21C8;UPWARDS PAIRED ARROWS;So;0;ON;;;;;N;UP PAIRED ARROWS;;;; +21C9;RIGHTWARDS PAIRED ARROWS;So;0;ON;;;;;N;RIGHT PAIRED ARROWS;;;; +21CA;DOWNWARDS PAIRED ARROWS;So;0;ON;;;;;N;DOWN PAIRED ARROWS;;;; +21CB;LEFTWARDS HARPOON OVER RIGHTWARDS HARPOON;So;0;ON;;;;;N;LEFT HARPOON OVER RIGHT HARPOON;;;; +21CC;RIGHTWARDS HARPOON OVER LEFTWARDS HARPOON;So;0;ON;;;;;N;RIGHT HARPOON OVER LEFT HARPOON;;;; +21CD;LEFTWARDS DOUBLE ARROW WITH STROKE;So;0;ON;21D0 0338;;;;N;LEFT DOUBLE ARROW WITH STROKE;;;; +21CE;LEFT RIGHT DOUBLE ARROW WITH STROKE;Sm;0;ON;21D4 0338;;;;N;;;;; +21CF;RIGHTWARDS DOUBLE ARROW WITH STROKE;Sm;0;ON;21D2 0338;;;;N;RIGHT DOUBLE ARROW WITH STROKE;;;; +21D0;LEFTWARDS DOUBLE ARROW;So;0;ON;;;;;N;LEFT DOUBLE ARROW;;;; +21D1;UPWARDS DOUBLE ARROW;So;0;ON;;;;;N;UP DOUBLE ARROW;;;; +21D2;RIGHTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;RIGHT DOUBLE ARROW;;;; +21D3;DOWNWARDS DOUBLE ARROW;So;0;ON;;;;;N;DOWN DOUBLE ARROW;;;; +21D4;LEFT RIGHT DOUBLE ARROW;Sm;0;ON;;;;;N;;;;; +21D5;UP DOWN DOUBLE ARROW;So;0;ON;;;;;N;;;;; +21D6;NORTH WEST DOUBLE ARROW;So;0;ON;;;;;N;UPPER LEFT DOUBLE ARROW;;;; +21D7;NORTH EAST DOUBLE ARROW;So;0;ON;;;;;N;UPPER RIGHT DOUBLE ARROW;;;; +21D8;SOUTH EAST DOUBLE ARROW;So;0;ON;;;;;N;LOWER RIGHT DOUBLE ARROW;;;; +21D9;SOUTH WEST DOUBLE ARROW;So;0;ON;;;;;N;LOWER LEFT DOUBLE ARROW;;;; +21DA;LEFTWARDS TRIPLE ARROW;So;0;ON;;;;;N;LEFT TRIPLE ARROW;;;; +21DB;RIGHTWARDS TRIPLE ARROW;So;0;ON;;;;;N;RIGHT TRIPLE ARROW;;;; +21DC;LEFTWARDS SQUIGGLE ARROW;So;0;ON;;;;;N;LEFT SQUIGGLE ARROW;;;; +21DD;RIGHTWARDS SQUIGGLE ARROW;So;0;ON;;;;;N;RIGHT SQUIGGLE ARROW;;;; +21DE;UPWARDS ARROW WITH DOUBLE STROKE;So;0;ON;;;;;N;UP ARROW WITH DOUBLE STROKE;;;; +21DF;DOWNWARDS ARROW WITH DOUBLE STROKE;So;0;ON;;;;;N;DOWN ARROW WITH DOUBLE STROKE;;;; +21E0;LEFTWARDS DASHED ARROW;So;0;ON;;;;;N;LEFT DASHED ARROW;;;; +21E1;UPWARDS DASHED ARROW;So;0;ON;;;;;N;UP DASHED ARROW;;;; +21E2;RIGHTWARDS DASHED ARROW;So;0;ON;;;;;N;RIGHT DASHED ARROW;;;; +21E3;DOWNWARDS DASHED ARROW;So;0;ON;;;;;N;DOWN DASHED ARROW;;;; +21E4;LEFTWARDS ARROW TO BAR;So;0;ON;;;;;N;LEFT ARROW TO BAR;;;; +21E5;RIGHTWARDS ARROW TO BAR;So;0;ON;;;;;N;RIGHT ARROW TO BAR;;;; +21E6;LEFTWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE LEFT ARROW;;;; +21E7;UPWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE UP ARROW;;;; +21E8;RIGHTWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE RIGHT ARROW;;;; +21E9;DOWNWARDS WHITE ARROW;So;0;ON;;;;;N;WHITE DOWN ARROW;;;; +21EA;UPWARDS WHITE ARROW FROM BAR;So;0;ON;;;;;N;WHITE UP ARROW FROM BAR;;;; +21EB;UPWARDS WHITE ARROW ON PEDESTAL;So;0;ON;;;;;N;;;;; +21EC;UPWARDS WHITE ARROW ON PEDESTAL WITH HORIZONTAL BAR;So;0;ON;;;;;N;;;;; +21ED;UPWARDS WHITE ARROW ON PEDESTAL WITH VERTICAL BAR;So;0;ON;;;;;N;;;;; +21EE;UPWARDS WHITE DOUBLE ARROW;So;0;ON;;;;;N;;;;; +21EF;UPWARDS WHITE DOUBLE ARROW ON PEDESTAL;So;0;ON;;;;;N;;;;; +21F0;RIGHTWARDS WHITE ARROW FROM WALL;So;0;ON;;;;;N;;;;; +21F1;NORTH WEST ARROW TO CORNER;So;0;ON;;;;;N;;;;; +21F2;SOUTH EAST ARROW TO CORNER;So;0;ON;;;;;N;;;;; +21F3;UP DOWN WHITE ARROW;So;0;ON;;;;;N;;;;; +21F4;RIGHT ARROW WITH SMALL CIRCLE;Sm;0;ON;;;;;N;;;;; +21F5;DOWNWARDS ARROW LEFTWARDS OF UPWARDS ARROW;Sm;0;ON;;;;;N;;;;; +21F6;THREE RIGHTWARDS ARROWS;Sm;0;ON;;;;;N;;;;; +21F7;LEFTWARDS ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21F8;RIGHTWARDS ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21F9;LEFT RIGHT ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21FA;LEFTWARDS ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21FB;RIGHTWARDS ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21FC;LEFT RIGHT ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +21FD;LEFTWARDS OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;; +21FE;RIGHTWARDS OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;; +21FF;LEFT RIGHT OPEN-HEADED ARROW;Sm;0;ON;;;;;N;;;;; +2200;FOR ALL;Sm;0;ON;;;;;N;;;;; +2201;COMPLEMENT;Sm;0;ON;;;;;Y;;;;; +2202;PARTIAL DIFFERENTIAL;Sm;0;ON;;;;;Y;;;;; +2203;THERE EXISTS;Sm;0;ON;;;;;Y;;;;; +2204;THERE DOES NOT EXIST;Sm;0;ON;2203 0338;;;;Y;;;;; +2205;EMPTY SET;Sm;0;ON;;;;;N;;;;; +2206;INCREMENT;Sm;0;ON;;;;;N;;;;; +2207;NABLA;Sm;0;ON;;;;;N;;;;; +2208;ELEMENT OF;Sm;0;ON;;;;;Y;;;;; +2209;NOT AN ELEMENT OF;Sm;0;ON;2208 0338;;;;Y;;;;; +220A;SMALL ELEMENT OF;Sm;0;ON;;;;;Y;;;;; +220B;CONTAINS AS MEMBER;Sm;0;ON;;;;;Y;;;;; +220C;DOES NOT CONTAIN AS MEMBER;Sm;0;ON;220B 0338;;;;Y;;;;; +220D;SMALL CONTAINS AS MEMBER;Sm;0;ON;;;;;Y;;;;; +220E;END OF PROOF;Sm;0;ON;;;;;N;;;;; +220F;N-ARY PRODUCT;Sm;0;ON;;;;;N;;;;; +2210;N-ARY COPRODUCT;Sm;0;ON;;;;;N;;;;; +2211;N-ARY SUMMATION;Sm;0;ON;;;;;Y;;;;; +2212;MINUS SIGN;Sm;0;ET;;;;;N;;;;; +2213;MINUS-OR-PLUS SIGN;Sm;0;ET;;;;;N;;;;; +2214;DOT PLUS;Sm;0;ON;;;;;N;;;;; +2215;DIVISION SLASH;Sm;0;ON;;;;;Y;;;;; +2216;SET MINUS;Sm;0;ON;;;;;Y;;;;; +2217;ASTERISK OPERATOR;Sm;0;ON;;;;;N;;;;; +2218;RING OPERATOR;Sm;0;ON;;;;;N;;;;; +2219;BULLET OPERATOR;Sm;0;ON;;;;;N;;;;; +221A;SQUARE ROOT;Sm;0;ON;;;;;Y;;;;; +221B;CUBE ROOT;Sm;0;ON;;;;;Y;;;;; +221C;FOURTH ROOT;Sm;0;ON;;;;;Y;;;;; +221D;PROPORTIONAL TO;Sm;0;ON;;;;;Y;;;;; +221E;INFINITY;Sm;0;ON;;;;;N;;;;; +221F;RIGHT ANGLE;Sm;0;ON;;;;;Y;;;;; +2220;ANGLE;Sm;0;ON;;;;;Y;;;;; +2221;MEASURED ANGLE;Sm;0;ON;;;;;Y;;;;; +2222;SPHERICAL ANGLE;Sm;0;ON;;;;;Y;;;;; +2223;DIVIDES;Sm;0;ON;;;;;N;;;;; +2224;DOES NOT DIVIDE;Sm;0;ON;2223 0338;;;;Y;;;;; +2225;PARALLEL TO;Sm;0;ON;;;;;N;;;;; +2226;NOT PARALLEL TO;Sm;0;ON;2225 0338;;;;Y;;;;; +2227;LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2228;LOGICAL OR;Sm;0;ON;;;;;N;;;;; +2229;INTERSECTION;Sm;0;ON;;;;;N;;;;; +222A;UNION;Sm;0;ON;;;;;N;;;;; +222B;INTEGRAL;Sm;0;ON;;;;;Y;;;;; +222C;DOUBLE INTEGRAL;Sm;0;ON; 222B 222B;;;;Y;;;;; +222D;TRIPLE INTEGRAL;Sm;0;ON; 222B 222B 222B;;;;Y;;;;; +222E;CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;; +222F;SURFACE INTEGRAL;Sm;0;ON; 222E 222E;;;;Y;;;;; +2230;VOLUME INTEGRAL;Sm;0;ON; 222E 222E 222E;;;;Y;;;;; +2231;CLOCKWISE INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2232;CLOCKWISE CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2233;ANTICLOCKWISE CONTOUR INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2234;THEREFORE;Sm;0;ON;;;;;N;;;;; +2235;BECAUSE;Sm;0;ON;;;;;N;;;;; +2236;RATIO;Sm;0;ON;;;;;N;;;;; +2237;PROPORTION;Sm;0;ON;;;;;N;;;;; +2238;DOT MINUS;Sm;0;ON;;;;;N;;;;; +2239;EXCESS;Sm;0;ON;;;;;Y;;;;; +223A;GEOMETRIC PROPORTION;Sm;0;ON;;;;;N;;;;; +223B;HOMOTHETIC;Sm;0;ON;;;;;Y;;;;; +223C;TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +223D;REVERSED TILDE;Sm;0;ON;;;;;Y;;lazy S;;; +223E;INVERTED LAZY S;Sm;0;ON;;;;;Y;;;;; +223F;SINE WAVE;Sm;0;ON;;;;;Y;;;;; +2240;WREATH PRODUCT;Sm;0;ON;;;;;Y;;;;; +2241;NOT TILDE;Sm;0;ON;223C 0338;;;;Y;;;;; +2242;MINUS TILDE;Sm;0;ON;;;;;Y;;;;; +2243;ASYMPTOTICALLY EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2244;NOT ASYMPTOTICALLY EQUAL TO;Sm;0;ON;2243 0338;;;;Y;;;;; +2245;APPROXIMATELY EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2246;APPROXIMATELY BUT NOT ACTUALLY EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2247;NEITHER APPROXIMATELY NOR ACTUALLY EQUAL TO;Sm;0;ON;2245 0338;;;;Y;;;;; +2248;ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2249;NOT ALMOST EQUAL TO;Sm;0;ON;2248 0338;;;;Y;;;;; +224A;ALMOST EQUAL OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +224B;TRIPLE TILDE;Sm;0;ON;;;;;Y;;;;; +224C;ALL EQUAL TO;Sm;0;ON;;;;;Y;;;;; +224D;EQUIVALENT TO;Sm;0;ON;;;;;N;;;;; +224E;GEOMETRICALLY EQUIVALENT TO;Sm;0;ON;;;;;N;;;;; +224F;DIFFERENCE BETWEEN;Sm;0;ON;;;;;N;;;;; +2250;APPROACHES THE LIMIT;Sm;0;ON;;;;;N;;;;; +2251;GEOMETRICALLY EQUAL TO;Sm;0;ON;;;;;N;;;;; +2252;APPROXIMATELY EQUAL TO OR THE IMAGE OF;Sm;0;ON;;;;;Y;;;;; +2253;IMAGE OF OR APPROXIMATELY EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2254;COLON EQUALS;Sm;0;ON;;;;;Y;COLON EQUAL;;;; +2255;EQUALS COLON;Sm;0;ON;;;;;Y;EQUAL COLON;;;; +2256;RING IN EQUAL TO;Sm;0;ON;;;;;N;;;;; +2257;RING EQUAL TO;Sm;0;ON;;;;;N;;;;; +2258;CORRESPONDS TO;Sm;0;ON;;;;;N;;;;; +2259;ESTIMATES;Sm;0;ON;;;;;N;;;;; +225A;EQUIANGULAR TO;Sm;0;ON;;;;;N;;;;; +225B;STAR EQUALS;Sm;0;ON;;;;;N;;;;; +225C;DELTA EQUAL TO;Sm;0;ON;;;;;N;;;;; +225D;EQUAL TO BY DEFINITION;Sm;0;ON;;;;;N;;;;; +225E;MEASURED BY;Sm;0;ON;;;;;N;;;;; +225F;QUESTIONED EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2260;NOT EQUAL TO;Sm;0;ON;003D 0338;;;;Y;;;;; +2261;IDENTICAL TO;Sm;0;ON;;;;;N;;;;; +2262;NOT IDENTICAL TO;Sm;0;ON;2261 0338;;;;Y;;;;; +2263;STRICTLY EQUIVALENT TO;Sm;0;ON;;;;;N;;;;; +2264;LESS-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN OR EQUAL TO;;;; +2265;GREATER-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN OR EQUAL TO;;;; +2266;LESS-THAN OVER EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN OVER EQUAL TO;;;; +2267;GREATER-THAN OVER EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN OVER EQUAL TO;;;; +2268;LESS-THAN BUT NOT EQUAL TO;Sm;0;ON;;;;;Y;LESS THAN BUT NOT EQUAL TO;;;; +2269;GREATER-THAN BUT NOT EQUAL TO;Sm;0;ON;;;;;Y;GREATER THAN BUT NOT EQUAL TO;;;; +226A;MUCH LESS-THAN;Sm;0;ON;;;;;Y;MUCH LESS THAN;;;; +226B;MUCH GREATER-THAN;Sm;0;ON;;;;;Y;MUCH GREATER THAN;;;; +226C;BETWEEN;Sm;0;ON;;;;;N;;;;; +226D;NOT EQUIVALENT TO;Sm;0;ON;224D 0338;;;;N;;;;; +226E;NOT LESS-THAN;Sm;0;ON;003C 0338;;;;Y;NOT LESS THAN;;;; +226F;NOT GREATER-THAN;Sm;0;ON;003E 0338;;;;Y;NOT GREATER THAN;;;; +2270;NEITHER LESS-THAN NOR EQUAL TO;Sm;0;ON;2264 0338;;;;Y;NEITHER LESS THAN NOR EQUAL TO;;;; +2271;NEITHER GREATER-THAN NOR EQUAL TO;Sm;0;ON;2265 0338;;;;Y;NEITHER GREATER THAN NOR EQUAL TO;;;; +2272;LESS-THAN OR EQUIVALENT TO;Sm;0;ON;;;;;Y;LESS THAN OR EQUIVALENT TO;;;; +2273;GREATER-THAN OR EQUIVALENT TO;Sm;0;ON;;;;;Y;GREATER THAN OR EQUIVALENT TO;;;; +2274;NEITHER LESS-THAN NOR EQUIVALENT TO;Sm;0;ON;2272 0338;;;;Y;NEITHER LESS THAN NOR EQUIVALENT TO;;;; +2275;NEITHER GREATER-THAN NOR EQUIVALENT TO;Sm;0;ON;2273 0338;;;;Y;NEITHER GREATER THAN NOR EQUIVALENT TO;;;; +2276;LESS-THAN OR GREATER-THAN;Sm;0;ON;;;;;Y;LESS THAN OR GREATER THAN;;;; +2277;GREATER-THAN OR LESS-THAN;Sm;0;ON;;;;;Y;GREATER THAN OR LESS THAN;;;; +2278;NEITHER LESS-THAN NOR GREATER-THAN;Sm;0;ON;2276 0338;;;;Y;NEITHER LESS THAN NOR GREATER THAN;;;; +2279;NEITHER GREATER-THAN NOR LESS-THAN;Sm;0;ON;2277 0338;;;;Y;NEITHER GREATER THAN NOR LESS THAN;;;; +227A;PRECEDES;Sm;0;ON;;;;;Y;;;;; +227B;SUCCEEDS;Sm;0;ON;;;;;Y;;;;; +227C;PRECEDES OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +227D;SUCCEEDS OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +227E;PRECEDES OR EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;; +227F;SUCCEEDS OR EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;; +2280;DOES NOT PRECEDE;Sm;0;ON;227A 0338;;;;Y;;;;; +2281;DOES NOT SUCCEED;Sm;0;ON;227B 0338;;;;Y;;;;; +2282;SUBSET OF;Sm;0;ON;;;;;Y;;;;; +2283;SUPERSET OF;Sm;0;ON;;;;;Y;;;;; +2284;NOT A SUBSET OF;Sm;0;ON;2282 0338;;;;Y;;;;; +2285;NOT A SUPERSET OF;Sm;0;ON;2283 0338;;;;Y;;;;; +2286;SUBSET OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2287;SUPERSET OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2288;NEITHER A SUBSET OF NOR EQUAL TO;Sm;0;ON;2286 0338;;;;Y;;;;; +2289;NEITHER A SUPERSET OF NOR EQUAL TO;Sm;0;ON;2287 0338;;;;Y;;;;; +228A;SUBSET OF WITH NOT EQUAL TO;Sm;0;ON;;;;;Y;SUBSET OF OR NOT EQUAL TO;;;; +228B;SUPERSET OF WITH NOT EQUAL TO;Sm;0;ON;;;;;Y;SUPERSET OF OR NOT EQUAL TO;;;; +228C;MULTISET;Sm;0;ON;;;;;Y;;;;; +228D;MULTISET MULTIPLICATION;Sm;0;ON;;;;;N;;;;; +228E;MULTISET UNION;Sm;0;ON;;;;;N;;;;; +228F;SQUARE IMAGE OF;Sm;0;ON;;;;;Y;;;;; +2290;SQUARE ORIGINAL OF;Sm;0;ON;;;;;Y;;;;; +2291;SQUARE IMAGE OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2292;SQUARE ORIGINAL OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2293;SQUARE CAP;Sm;0;ON;;;;;N;;;;; +2294;SQUARE CUP;Sm;0;ON;;;;;N;;;;; +2295;CIRCLED PLUS;Sm;0;ON;;;;;N;;;;; +2296;CIRCLED MINUS;Sm;0;ON;;;;;N;;;;; +2297;CIRCLED TIMES;Sm;0;ON;;;;;N;;;;; +2298;CIRCLED DIVISION SLASH;Sm;0;ON;;;;;Y;;;;; +2299;CIRCLED DOT OPERATOR;Sm;0;ON;;;;;N;;;;; +229A;CIRCLED RING OPERATOR;Sm;0;ON;;;;;N;;;;; +229B;CIRCLED ASTERISK OPERATOR;Sm;0;ON;;;;;N;;;;; +229C;CIRCLED EQUALS;Sm;0;ON;;;;;N;;;;; +229D;CIRCLED DASH;Sm;0;ON;;;;;N;;;;; +229E;SQUARED PLUS;Sm;0;ON;;;;;N;;;;; +229F;SQUARED MINUS;Sm;0;ON;;;;;N;;;;; +22A0;SQUARED TIMES;Sm;0;ON;;;;;N;;;;; +22A1;SQUARED DOT OPERATOR;Sm;0;ON;;;;;N;;;;; +22A2;RIGHT TACK;Sm;0;ON;;;;;Y;;;;; +22A3;LEFT TACK;Sm;0;ON;;;;;Y;;;;; +22A4;DOWN TACK;Sm;0;ON;;;;;N;;;;; +22A5;UP TACK;Sm;0;ON;;;;;N;;;;; +22A6;ASSERTION;Sm;0;ON;;;;;Y;;;;; +22A7;MODELS;Sm;0;ON;;;;;Y;;;;; +22A8;TRUE;Sm;0;ON;;;;;Y;;;;; +22A9;FORCES;Sm;0;ON;;;;;Y;;;;; +22AA;TRIPLE VERTICAL BAR RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +22AB;DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +22AC;DOES NOT PROVE;Sm;0;ON;22A2 0338;;;;Y;;;;; +22AD;NOT TRUE;Sm;0;ON;22A8 0338;;;;Y;;;;; +22AE;DOES NOT FORCE;Sm;0;ON;22A9 0338;;;;Y;;;;; +22AF;NEGATED DOUBLE VERTICAL BAR DOUBLE RIGHT TURNSTILE;Sm;0;ON;22AB 0338;;;;Y;;;;; +22B0;PRECEDES UNDER RELATION;Sm;0;ON;;;;;Y;;;;; +22B1;SUCCEEDS UNDER RELATION;Sm;0;ON;;;;;Y;;;;; +22B2;NORMAL SUBGROUP OF;Sm;0;ON;;;;;Y;;;;; +22B3;CONTAINS AS NORMAL SUBGROUP;Sm;0;ON;;;;;Y;;;;; +22B4;NORMAL SUBGROUP OF OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +22B5;CONTAINS AS NORMAL SUBGROUP OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +22B6;ORIGINAL OF;Sm;0;ON;;;;;Y;;;;; +22B7;IMAGE OF;Sm;0;ON;;;;;Y;;;;; +22B8;MULTIMAP;Sm;0;ON;;;;;Y;;;;; +22B9;HERMITIAN CONJUGATE MATRIX;Sm;0;ON;;;;;N;;;;; +22BA;INTERCALATE;Sm;0;ON;;;;;N;;;;; +22BB;XOR;Sm;0;ON;;;;;N;;;;; +22BC;NAND;Sm;0;ON;;;;;N;;;;; +22BD;NOR;Sm;0;ON;;;;;N;;;;; +22BE;RIGHT ANGLE WITH ARC;Sm;0;ON;;;;;Y;;;;; +22BF;RIGHT TRIANGLE;Sm;0;ON;;;;;Y;;;;; +22C0;N-ARY LOGICAL AND;Sm;0;ON;;;;;N;;;;; +22C1;N-ARY LOGICAL OR;Sm;0;ON;;;;;N;;;;; +22C2;N-ARY INTERSECTION;Sm;0;ON;;;;;N;;;;; +22C3;N-ARY UNION;Sm;0;ON;;;;;N;;;;; +22C4;DIAMOND OPERATOR;Sm;0;ON;;;;;N;;;;; +22C5;DOT OPERATOR;Sm;0;ON;;;;;N;;;;; +22C6;STAR OPERATOR;Sm;0;ON;;;;;N;;;;; +22C7;DIVISION TIMES;Sm;0;ON;;;;;N;;;;; +22C8;BOWTIE;Sm;0;ON;;;;;N;;;;; +22C9;LEFT NORMAL FACTOR SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;; +22CA;RIGHT NORMAL FACTOR SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;; +22CB;LEFT SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;; +22CC;RIGHT SEMIDIRECT PRODUCT;Sm;0;ON;;;;;Y;;;;; +22CD;REVERSED TILDE EQUALS;Sm;0;ON;;;;;Y;;;;; +22CE;CURLY LOGICAL OR;Sm;0;ON;;;;;N;;;;; +22CF;CURLY LOGICAL AND;Sm;0;ON;;;;;N;;;;; +22D0;DOUBLE SUBSET;Sm;0;ON;;;;;Y;;;;; +22D1;DOUBLE SUPERSET;Sm;0;ON;;;;;Y;;;;; +22D2;DOUBLE INTERSECTION;Sm;0;ON;;;;;N;;;;; +22D3;DOUBLE UNION;Sm;0;ON;;;;;N;;;;; +22D4;PITCHFORK;Sm;0;ON;;;;;N;;;;; +22D5;EQUAL AND PARALLEL TO;Sm;0;ON;;;;;N;;;;; +22D6;LESS-THAN WITH DOT;Sm;0;ON;;;;;Y;LESS THAN WITH DOT;;;; +22D7;GREATER-THAN WITH DOT;Sm;0;ON;;;;;Y;GREATER THAN WITH DOT;;;; +22D8;VERY MUCH LESS-THAN;Sm;0;ON;;;;;Y;VERY MUCH LESS THAN;;;; +22D9;VERY MUCH GREATER-THAN;Sm;0;ON;;;;;Y;VERY MUCH GREATER THAN;;;; +22DA;LESS-THAN EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;LESS THAN EQUAL TO OR GREATER THAN;;;; +22DB;GREATER-THAN EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;GREATER THAN EQUAL TO OR LESS THAN;;;; +22DC;EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;EQUAL TO OR LESS THAN;;;; +22DD;EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;EQUAL TO OR GREATER THAN;;;; +22DE;EQUAL TO OR PRECEDES;Sm;0;ON;;;;;Y;;;;; +22DF;EQUAL TO OR SUCCEEDS;Sm;0;ON;;;;;Y;;;;; +22E0;DOES NOT PRECEDE OR EQUAL;Sm;0;ON;227C 0338;;;;Y;;;;; +22E1;DOES NOT SUCCEED OR EQUAL;Sm;0;ON;227D 0338;;;;Y;;;;; +22E2;NOT SQUARE IMAGE OF OR EQUAL TO;Sm;0;ON;2291 0338;;;;Y;;;;; +22E3;NOT SQUARE ORIGINAL OF OR EQUAL TO;Sm;0;ON;2292 0338;;;;Y;;;;; +22E4;SQUARE IMAGE OF OR NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +22E5;SQUARE ORIGINAL OF OR NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +22E6;LESS-THAN BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;LESS THAN BUT NOT EQUIVALENT TO;;;; +22E7;GREATER-THAN BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;GREATER THAN BUT NOT EQUIVALENT TO;;;; +22E8;PRECEDES BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;; +22E9;SUCCEEDS BUT NOT EQUIVALENT TO;Sm;0;ON;;;;;Y;;;;; +22EA;NOT NORMAL SUBGROUP OF;Sm;0;ON;22B2 0338;;;;Y;;;;; +22EB;DOES NOT CONTAIN AS NORMAL SUBGROUP;Sm;0;ON;22B3 0338;;;;Y;;;;; +22EC;NOT NORMAL SUBGROUP OF OR EQUAL TO;Sm;0;ON;22B4 0338;;;;Y;;;;; +22ED;DOES NOT CONTAIN AS NORMAL SUBGROUP OR EQUAL;Sm;0;ON;22B5 0338;;;;Y;;;;; +22EE;VERTICAL ELLIPSIS;Sm;0;ON;;;;;N;;;;; +22EF;MIDLINE HORIZONTAL ELLIPSIS;Sm;0;ON;;;;;N;;;;; +22F0;UP RIGHT DIAGONAL ELLIPSIS;Sm;0;ON;;;;;Y;;;;; +22F1;DOWN RIGHT DIAGONAL ELLIPSIS;Sm;0;ON;;;;;Y;;;;; +22F2;ELEMENT OF WITH LONG HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22F3;ELEMENT OF WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22F4;SMALL ELEMENT OF WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22F5;ELEMENT OF WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +22F6;ELEMENT OF WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +22F7;SMALL ELEMENT OF WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +22F8;ELEMENT OF WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +22F9;ELEMENT OF WITH TWO HORIZONTAL STROKES;Sm;0;ON;;;;;Y;;;;; +22FA;CONTAINS WITH LONG HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22FB;CONTAINS WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22FC;SMALL CONTAINS WITH VERTICAL BAR AT END OF HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +22FD;CONTAINS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +22FE;SMALL CONTAINS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +22FF;Z NOTATION BAG MEMBERSHIP;Sm;0;ON;;;;;Y;;;;; +2300;DIAMETER SIGN;So;0;ON;;;;;N;;;;; +2301;ELECTRIC ARROW;So;0;ON;;;;;N;;;;; +2302;HOUSE;So;0;ON;;;;;N;;;;; +2303;UP ARROWHEAD;So;0;ON;;;;;N;;;;; +2304;DOWN ARROWHEAD;So;0;ON;;;;;N;;;;; +2305;PROJECTIVE;So;0;ON;;;;;N;;;;; +2306;PERSPECTIVE;So;0;ON;;;;;N;;;;; +2307;WAVY LINE;So;0;ON;;;;;N;;;;; +2308;LEFT CEILING;Sm;0;ON;;;;;Y;;;;; +2309;RIGHT CEILING;Sm;0;ON;;;;;Y;;;;; +230A;LEFT FLOOR;Sm;0;ON;;;;;Y;;;;; +230B;RIGHT FLOOR;Sm;0;ON;;;;;Y;;;;; +230C;BOTTOM RIGHT CROP;So;0;ON;;;;;N;;;;; +230D;BOTTOM LEFT CROP;So;0;ON;;;;;N;;;;; +230E;TOP RIGHT CROP;So;0;ON;;;;;N;;;;; +230F;TOP LEFT CROP;So;0;ON;;;;;N;;;;; +2310;REVERSED NOT SIGN;So;0;ON;;;;;N;;;;; +2311;SQUARE LOZENGE;So;0;ON;;;;;N;;;;; +2312;ARC;So;0;ON;;;;;N;;;;; +2313;SEGMENT;So;0;ON;;;;;N;;;;; +2314;SECTOR;So;0;ON;;;;;N;;;;; +2315;TELEPHONE RECORDER;So;0;ON;;;;;N;;;;; +2316;POSITION INDICATOR;So;0;ON;;;;;N;;;;; +2317;VIEWDATA SQUARE;So;0;ON;;;;;N;;;;; +2318;PLACE OF INTEREST SIGN;So;0;ON;;;;;N;COMMAND KEY;;;; +2319;TURNED NOT SIGN;So;0;ON;;;;;N;;;;; +231A;WATCH;So;0;ON;;;;;N;;;;; +231B;HOURGLASS;So;0;ON;;;;;N;;;;; +231C;TOP LEFT CORNER;So;0;ON;;;;;N;;;;; +231D;TOP RIGHT CORNER;So;0;ON;;;;;N;;;;; +231E;BOTTOM LEFT CORNER;So;0;ON;;;;;N;;;;; +231F;BOTTOM RIGHT CORNER;So;0;ON;;;;;N;;;;; +2320;TOP HALF INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2321;BOTTOM HALF INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2322;FROWN;So;0;ON;;;;;N;;;;; +2323;SMILE;So;0;ON;;;;;N;;;;; +2324;UP ARROWHEAD BETWEEN TWO HORIZONTAL BARS;So;0;ON;;;;;N;ENTER KEY;;;; +2325;OPTION KEY;So;0;ON;;;;;N;;;;; +2326;ERASE TO THE RIGHT;So;0;ON;;;;;N;DELETE TO THE RIGHT KEY;;;; +2327;X IN A RECTANGLE BOX;So;0;ON;;;;;N;CLEAR KEY;;;; +2328;KEYBOARD;So;0;ON;;;;;N;;;;; +2329;LEFT-POINTING ANGLE BRACKET;Ps;0;ON;3008;;;;Y;BRA;;;; +232A;RIGHT-POINTING ANGLE BRACKET;Pe;0;ON;3009;;;;Y;KET;;;; +232B;ERASE TO THE LEFT;So;0;ON;;;;;N;DELETE TO THE LEFT KEY;;;; +232C;BENZENE RING;So;0;ON;;;;;N;;;;; +232D;CYLINDRICITY;So;0;ON;;;;;N;;;;; +232E;ALL AROUND-PROFILE;So;0;ON;;;;;N;;;;; +232F;SYMMETRY;So;0;ON;;;;;N;;;;; +2330;TOTAL RUNOUT;So;0;ON;;;;;N;;;;; +2331;DIMENSION ORIGIN;So;0;ON;;;;;N;;;;; +2332;CONICAL TAPER;So;0;ON;;;;;N;;;;; +2333;SLOPE;So;0;ON;;;;;N;;;;; +2334;COUNTERBORE;So;0;ON;;;;;N;;;;; +2335;COUNTERSINK;So;0;ON;;;;;N;;;;; +2336;APL FUNCTIONAL SYMBOL I-BEAM;So;0;L;;;;;N;;;;; +2337;APL FUNCTIONAL SYMBOL SQUISH QUAD;So;0;L;;;;;N;;;;; +2338;APL FUNCTIONAL SYMBOL QUAD EQUAL;So;0;L;;;;;N;;;;; +2339;APL FUNCTIONAL SYMBOL QUAD DIVIDE;So;0;L;;;;;N;;;;; +233A;APL FUNCTIONAL SYMBOL QUAD DIAMOND;So;0;L;;;;;N;;;;; +233B;APL FUNCTIONAL SYMBOL QUAD JOT;So;0;L;;;;;N;;;;; +233C;APL FUNCTIONAL SYMBOL QUAD CIRCLE;So;0;L;;;;;N;;;;; +233D;APL FUNCTIONAL SYMBOL CIRCLE STILE;So;0;L;;;;;N;;;;; +233E;APL FUNCTIONAL SYMBOL CIRCLE JOT;So;0;L;;;;;N;;;;; +233F;APL FUNCTIONAL SYMBOL SLASH BAR;So;0;L;;;;;N;;;;; +2340;APL FUNCTIONAL SYMBOL BACKSLASH BAR;So;0;L;;;;;N;;;;; +2341;APL FUNCTIONAL SYMBOL QUAD SLASH;So;0;L;;;;;N;;;;; +2342;APL FUNCTIONAL SYMBOL QUAD BACKSLASH;So;0;L;;;;;N;;;;; +2343;APL FUNCTIONAL SYMBOL QUAD LESS-THAN;So;0;L;;;;;N;;;;; +2344;APL FUNCTIONAL SYMBOL QUAD GREATER-THAN;So;0;L;;;;;N;;;;; +2345;APL FUNCTIONAL SYMBOL LEFTWARDS VANE;So;0;L;;;;;N;;;;; +2346;APL FUNCTIONAL SYMBOL RIGHTWARDS VANE;So;0;L;;;;;N;;;;; +2347;APL FUNCTIONAL SYMBOL QUAD LEFTWARDS ARROW;So;0;L;;;;;N;;;;; +2348;APL FUNCTIONAL SYMBOL QUAD RIGHTWARDS ARROW;So;0;L;;;;;N;;;;; +2349;APL FUNCTIONAL SYMBOL CIRCLE BACKSLASH;So;0;L;;;;;N;;;;; +234A;APL FUNCTIONAL SYMBOL DOWN TACK UNDERBAR;So;0;L;;;;;N;;*;;; +234B;APL FUNCTIONAL SYMBOL DELTA STILE;So;0;L;;;;;N;;;;; +234C;APL FUNCTIONAL SYMBOL QUAD DOWN CARET;So;0;L;;;;;N;;;;; +234D;APL FUNCTIONAL SYMBOL QUAD DELTA;So;0;L;;;;;N;;;;; +234E;APL FUNCTIONAL SYMBOL DOWN TACK JOT;So;0;L;;;;;N;;*;;; +234F;APL FUNCTIONAL SYMBOL UPWARDS VANE;So;0;L;;;;;N;;;;; +2350;APL FUNCTIONAL SYMBOL QUAD UPWARDS ARROW;So;0;L;;;;;N;;;;; +2351;APL FUNCTIONAL SYMBOL UP TACK OVERBAR;So;0;L;;;;;N;;*;;; +2352;APL FUNCTIONAL SYMBOL DEL STILE;So;0;L;;;;;N;;;;; +2353;APL FUNCTIONAL SYMBOL QUAD UP CARET;So;0;L;;;;;N;;;;; +2354;APL FUNCTIONAL SYMBOL QUAD DEL;So;0;L;;;;;N;;;;; +2355;APL FUNCTIONAL SYMBOL UP TACK JOT;So;0;L;;;;;N;;*;;; +2356;APL FUNCTIONAL SYMBOL DOWNWARDS VANE;So;0;L;;;;;N;;;;; +2357;APL FUNCTIONAL SYMBOL QUAD DOWNWARDS ARROW;So;0;L;;;;;N;;;;; +2358;APL FUNCTIONAL SYMBOL QUOTE UNDERBAR;So;0;L;;;;;N;;;;; +2359;APL FUNCTIONAL SYMBOL DELTA UNDERBAR;So;0;L;;;;;N;;;;; +235A;APL FUNCTIONAL SYMBOL DIAMOND UNDERBAR;So;0;L;;;;;N;;;;; +235B;APL FUNCTIONAL SYMBOL JOT UNDERBAR;So;0;L;;;;;N;;;;; +235C;APL FUNCTIONAL SYMBOL CIRCLE UNDERBAR;So;0;L;;;;;N;;;;; +235D;APL FUNCTIONAL SYMBOL UP SHOE JOT;So;0;L;;;;;N;;;;; +235E;APL FUNCTIONAL SYMBOL QUOTE QUAD;So;0;L;;;;;N;;;;; +235F;APL FUNCTIONAL SYMBOL CIRCLE STAR;So;0;L;;;;;N;;;;; +2360;APL FUNCTIONAL SYMBOL QUAD COLON;So;0;L;;;;;N;;;;; +2361;APL FUNCTIONAL SYMBOL UP TACK DIAERESIS;So;0;L;;;;;N;;*;;; +2362;APL FUNCTIONAL SYMBOL DEL DIAERESIS;So;0;L;;;;;N;;;;; +2363;APL FUNCTIONAL SYMBOL STAR DIAERESIS;So;0;L;;;;;N;;;;; +2364;APL FUNCTIONAL SYMBOL JOT DIAERESIS;So;0;L;;;;;N;;;;; +2365;APL FUNCTIONAL SYMBOL CIRCLE DIAERESIS;So;0;L;;;;;N;;;;; +2366;APL FUNCTIONAL SYMBOL DOWN SHOE STILE;So;0;L;;;;;N;;;;; +2367;APL FUNCTIONAL SYMBOL LEFT SHOE STILE;So;0;L;;;;;N;;;;; +2368;APL FUNCTIONAL SYMBOL TILDE DIAERESIS;So;0;L;;;;;N;;;;; +2369;APL FUNCTIONAL SYMBOL GREATER-THAN DIAERESIS;So;0;L;;;;;N;;;;; +236A;APL FUNCTIONAL SYMBOL COMMA BAR;So;0;L;;;;;N;;;;; +236B;APL FUNCTIONAL SYMBOL DEL TILDE;So;0;L;;;;;N;;;;; +236C;APL FUNCTIONAL SYMBOL ZILDE;So;0;L;;;;;N;;;;; +236D;APL FUNCTIONAL SYMBOL STILE TILDE;So;0;L;;;;;N;;;;; +236E;APL FUNCTIONAL SYMBOL SEMICOLON UNDERBAR;So;0;L;;;;;N;;;;; +236F;APL FUNCTIONAL SYMBOL QUAD NOT EQUAL;So;0;L;;;;;N;;;;; +2370;APL FUNCTIONAL SYMBOL QUAD QUESTION;So;0;L;;;;;N;;;;; +2371;APL FUNCTIONAL SYMBOL DOWN CARET TILDE;So;0;L;;;;;N;;;;; +2372;APL FUNCTIONAL SYMBOL UP CARET TILDE;So;0;L;;;;;N;;;;; +2373;APL FUNCTIONAL SYMBOL IOTA;So;0;L;;;;;N;;;;; +2374;APL FUNCTIONAL SYMBOL RHO;So;0;L;;;;;N;;;;; +2375;APL FUNCTIONAL SYMBOL OMEGA;So;0;L;;;;;N;;;;; +2376;APL FUNCTIONAL SYMBOL ALPHA UNDERBAR;So;0;L;;;;;N;;;;; +2377;APL FUNCTIONAL SYMBOL EPSILON UNDERBAR;So;0;L;;;;;N;;;;; +2378;APL FUNCTIONAL SYMBOL IOTA UNDERBAR;So;0;L;;;;;N;;;;; +2379;APL FUNCTIONAL SYMBOL OMEGA UNDERBAR;So;0;L;;;;;N;;;;; +237A;APL FUNCTIONAL SYMBOL ALPHA;So;0;L;;;;;N;;;;; +237B;NOT CHECK MARK;So;0;ON;;;;;N;;;;; +237C;RIGHT ANGLE WITH DOWNWARDS ZIGZAG ARROW;Sm;0;ON;;;;;N;;;;; +237D;SHOULDERED OPEN BOX;So;0;ON;;;;;N;;;;; +237E;BELL SYMBOL;So;0;ON;;;;;N;;;;; +237F;VERTICAL LINE WITH MIDDLE DOT;So;0;ON;;;;;N;;;;; +2380;INSERTION SYMBOL;So;0;ON;;;;;N;;;;; +2381;CONTINUOUS UNDERLINE SYMBOL;So;0;ON;;;;;N;;;;; +2382;DISCONTINUOUS UNDERLINE SYMBOL;So;0;ON;;;;;N;;;;; +2383;EMPHASIS SYMBOL;So;0;ON;;;;;N;;;;; +2384;COMPOSITION SYMBOL;So;0;ON;;;;;N;;;;; +2385;WHITE SQUARE WITH CENTRE VERTICAL LINE;So;0;ON;;;;;N;;;;; +2386;ENTER SYMBOL;So;0;ON;;;;;N;;;;; +2387;ALTERNATIVE KEY SYMBOL;So;0;ON;;;;;N;;;;; +2388;HELM SYMBOL;So;0;ON;;;;;N;;;;; +2389;CIRCLED HORIZONTAL BAR WITH NOTCH;So;0;ON;;;;;N;;pause;;; +238A;CIRCLED TRIANGLE DOWN;So;0;ON;;;;;N;;break;;; +238B;BROKEN CIRCLE WITH NORTHWEST ARROW;So;0;ON;;;;;N;;escape;;; +238C;UNDO SYMBOL;So;0;ON;;;;;N;;;;; +238D;MONOSTABLE SYMBOL;So;0;ON;;;;;N;;;;; +238E;HYSTERESIS SYMBOL;So;0;ON;;;;;N;;;;; +238F;OPEN-CIRCUIT-OUTPUT H-TYPE SYMBOL;So;0;ON;;;;;N;;;;; +2390;OPEN-CIRCUIT-OUTPUT L-TYPE SYMBOL;So;0;ON;;;;;N;;;;; +2391;PASSIVE-PULL-DOWN-OUTPUT SYMBOL;So;0;ON;;;;;N;;;;; +2392;PASSIVE-PULL-UP-OUTPUT SYMBOL;So;0;ON;;;;;N;;;;; +2393;DIRECT CURRENT SYMBOL FORM TWO;So;0;ON;;;;;N;;;;; +2394;SOFTWARE-FUNCTION SYMBOL;So;0;ON;;;;;N;;;;; +2395;APL FUNCTIONAL SYMBOL QUAD;So;0;L;;;;;N;;;;; +2396;DECIMAL SEPARATOR KEY SYMBOL;So;0;ON;;;;;N;;;;; +2397;PREVIOUS PAGE;So;0;ON;;;;;N;;;;; +2398;NEXT PAGE;So;0;ON;;;;;N;;;;; +2399;PRINT SCREEN SYMBOL;So;0;ON;;;;;N;;;;; +239A;CLEAR SCREEN SYMBOL;So;0;ON;;;;;N;;;;; +239B;LEFT PARENTHESIS UPPER HOOK;Sm;0;ON;;;;;N;;;;; +239C;LEFT PARENTHESIS EXTENSION;Sm;0;ON;;;;;N;;;;; +239D;LEFT PARENTHESIS LOWER HOOK;Sm;0;ON;;;;;N;;;;; +239E;RIGHT PARENTHESIS UPPER HOOK;Sm;0;ON;;;;;N;;;;; +239F;RIGHT PARENTHESIS EXTENSION;Sm;0;ON;;;;;N;;;;; +23A0;RIGHT PARENTHESIS LOWER HOOK;Sm;0;ON;;;;;N;;;;; +23A1;LEFT SQUARE BRACKET UPPER CORNER;Sm;0;ON;;;;;N;;;;; +23A2;LEFT SQUARE BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;; +23A3;LEFT SQUARE BRACKET LOWER CORNER;Sm;0;ON;;;;;N;;;;; +23A4;RIGHT SQUARE BRACKET UPPER CORNER;Sm;0;ON;;;;;N;;;;; +23A5;RIGHT SQUARE BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;; +23A6;RIGHT SQUARE BRACKET LOWER CORNER;Sm;0;ON;;;;;N;;;;; +23A7;LEFT CURLY BRACKET UPPER HOOK;Sm;0;ON;;;;;N;;;;; +23A8;LEFT CURLY BRACKET MIDDLE PIECE;Sm;0;ON;;;;;N;;;;; +23A9;LEFT CURLY BRACKET LOWER HOOK;Sm;0;ON;;;;;N;;;;; +23AA;CURLY BRACKET EXTENSION;Sm;0;ON;;;;;N;;;;; +23AB;RIGHT CURLY BRACKET UPPER HOOK;Sm;0;ON;;;;;N;;;;; +23AC;RIGHT CURLY BRACKET MIDDLE PIECE;Sm;0;ON;;;;;N;;;;; +23AD;RIGHT CURLY BRACKET LOWER HOOK;Sm;0;ON;;;;;N;;;;; +23AE;INTEGRAL EXTENSION;Sm;0;ON;;;;;N;;;;; +23AF;HORIZONTAL LINE EXTENSION;Sm;0;ON;;;;;N;;;;; +23B0;UPPER LEFT OR LOWER RIGHT CURLY BRACKET SECTION;Sm;0;ON;;;;;N;;;;; +23B1;UPPER RIGHT OR LOWER LEFT CURLY BRACKET SECTION;Sm;0;ON;;;;;N;;;;; +23B2;SUMMATION TOP;Sm;0;ON;;;;;N;;;;; +23B3;SUMMATION BOTTOM;Sm;0;ON;;;;;N;;;;; +23B4;TOP SQUARE BRACKET;Ps;0;ON;;;;;N;;;;; +23B5;BOTTOM SQUARE BRACKET;Pe;0;ON;;;;;N;;;;; +23B6;BOTTOM SQUARE BRACKET OVER TOP SQUARE BRACKET;Po;0;ON;;;;;N;;;;; +23B7;RADICAL SYMBOL BOTTOM;So;0;ON;;;;;N;;;;; +23B8;LEFT VERTICAL BOX LINE;So;0;ON;;;;;N;;;;; +23B9;RIGHT VERTICAL BOX LINE;So;0;ON;;;;;N;;;;; +23BA;HORIZONTAL SCAN LINE-1;So;0;ON;;;;;N;;;;; +23BB;HORIZONTAL SCAN LINE-3;So;0;ON;;;;;N;;;;; +23BC;HORIZONTAL SCAN LINE-7;So;0;ON;;;;;N;;;;; +23BD;HORIZONTAL SCAN LINE-9;So;0;ON;;;;;N;;;;; +23BE;DENTISTRY SYMBOL LIGHT VERTICAL AND TOP RIGHT;So;0;ON;;;;;N;;;;; +23BF;DENTISTRY SYMBOL LIGHT VERTICAL AND BOTTOM RIGHT;So;0;ON;;;;;N;;;;; +23C0;DENTISTRY SYMBOL LIGHT VERTICAL WITH CIRCLE;So;0;ON;;;;;N;;;;; +23C1;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH CIRCLE;So;0;ON;;;;;N;;;;; +23C2;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH CIRCLE;So;0;ON;;;;;N;;;;; +23C3;DENTISTRY SYMBOL LIGHT VERTICAL WITH TRIANGLE;So;0;ON;;;;;N;;;;; +23C4;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH TRIANGLE;So;0;ON;;;;;N;;;;; +23C5;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH TRIANGLE;So;0;ON;;;;;N;;;;; +23C6;DENTISTRY SYMBOL LIGHT VERTICAL AND WAVE;So;0;ON;;;;;N;;;;; +23C7;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL WITH WAVE;So;0;ON;;;;;N;;;;; +23C8;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL WITH WAVE;So;0;ON;;;;;N;;;;; +23C9;DENTISTRY SYMBOL LIGHT DOWN AND HORIZONTAL;So;0;ON;;;;;N;;;;; +23CA;DENTISTRY SYMBOL LIGHT UP AND HORIZONTAL;So;0;ON;;;;;N;;;;; +23CB;DENTISTRY SYMBOL LIGHT VERTICAL AND TOP LEFT;So;0;ON;;;;;N;;;;; +23CC;DENTISTRY SYMBOL LIGHT VERTICAL AND BOTTOM LEFT;So;0;ON;;;;;N;;;;; +23CD;SQUARE FOOT;So;0;ON;;;;;N;;;;; +23CE;RETURN SYMBOL;So;0;ON;;;;;N;;;;; +2400;SYMBOL FOR NULL;So;0;ON;;;;;N;GRAPHIC FOR NULL;;;; +2401;SYMBOL FOR START OF HEADING;So;0;ON;;;;;N;GRAPHIC FOR START OF HEADING;;;; +2402;SYMBOL FOR START OF TEXT;So;0;ON;;;;;N;GRAPHIC FOR START OF TEXT;;;; +2403;SYMBOL FOR END OF TEXT;So;0;ON;;;;;N;GRAPHIC FOR END OF TEXT;;;; +2404;SYMBOL FOR END OF TRANSMISSION;So;0;ON;;;;;N;GRAPHIC FOR END OF TRANSMISSION;;;; +2405;SYMBOL FOR ENQUIRY;So;0;ON;;;;;N;GRAPHIC FOR ENQUIRY;;;; +2406;SYMBOL FOR ACKNOWLEDGE;So;0;ON;;;;;N;GRAPHIC FOR ACKNOWLEDGE;;;; +2407;SYMBOL FOR BELL;So;0;ON;;;;;N;GRAPHIC FOR BELL;;;; +2408;SYMBOL FOR BACKSPACE;So;0;ON;;;;;N;GRAPHIC FOR BACKSPACE;;;; +2409;SYMBOL FOR HORIZONTAL TABULATION;So;0;ON;;;;;N;GRAPHIC FOR HORIZONTAL TABULATION;;;; +240A;SYMBOL FOR LINE FEED;So;0;ON;;;;;N;GRAPHIC FOR LINE FEED;;;; +240B;SYMBOL FOR VERTICAL TABULATION;So;0;ON;;;;;N;GRAPHIC FOR VERTICAL TABULATION;;;; +240C;SYMBOL FOR FORM FEED;So;0;ON;;;;;N;GRAPHIC FOR FORM FEED;;;; +240D;SYMBOL FOR CARRIAGE RETURN;So;0;ON;;;;;N;GRAPHIC FOR CARRIAGE RETURN;;;; +240E;SYMBOL FOR SHIFT OUT;So;0;ON;;;;;N;GRAPHIC FOR SHIFT OUT;;;; +240F;SYMBOL FOR SHIFT IN;So;0;ON;;;;;N;GRAPHIC FOR SHIFT IN;;;; +2410;SYMBOL FOR DATA LINK ESCAPE;So;0;ON;;;;;N;GRAPHIC FOR DATA LINK ESCAPE;;;; +2411;SYMBOL FOR DEVICE CONTROL ONE;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL ONE;;;; +2412;SYMBOL FOR DEVICE CONTROL TWO;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL TWO;;;; +2413;SYMBOL FOR DEVICE CONTROL THREE;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL THREE;;;; +2414;SYMBOL FOR DEVICE CONTROL FOUR;So;0;ON;;;;;N;GRAPHIC FOR DEVICE CONTROL FOUR;;;; +2415;SYMBOL FOR NEGATIVE ACKNOWLEDGE;So;0;ON;;;;;N;GRAPHIC FOR NEGATIVE ACKNOWLEDGE;;;; +2416;SYMBOL FOR SYNCHRONOUS IDLE;So;0;ON;;;;;N;GRAPHIC FOR SYNCHRONOUS IDLE;;;; +2417;SYMBOL FOR END OF TRANSMISSION BLOCK;So;0;ON;;;;;N;GRAPHIC FOR END OF TRANSMISSION BLOCK;;;; +2418;SYMBOL FOR CANCEL;So;0;ON;;;;;N;GRAPHIC FOR CANCEL;;;; +2419;SYMBOL FOR END OF MEDIUM;So;0;ON;;;;;N;GRAPHIC FOR END OF MEDIUM;;;; +241A;SYMBOL FOR SUBSTITUTE;So;0;ON;;;;;N;GRAPHIC FOR SUBSTITUTE;;;; +241B;SYMBOL FOR ESCAPE;So;0;ON;;;;;N;GRAPHIC FOR ESCAPE;;;; +241C;SYMBOL FOR FILE SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR FILE SEPARATOR;;;; +241D;SYMBOL FOR GROUP SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR GROUP SEPARATOR;;;; +241E;SYMBOL FOR RECORD SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR RECORD SEPARATOR;;;; +241F;SYMBOL FOR UNIT SEPARATOR;So;0;ON;;;;;N;GRAPHIC FOR UNIT SEPARATOR;;;; +2420;SYMBOL FOR SPACE;So;0;ON;;;;;N;GRAPHIC FOR SPACE;;;; +2421;SYMBOL FOR DELETE;So;0;ON;;;;;N;GRAPHIC FOR DELETE;;;; +2422;BLANK SYMBOL;So;0;ON;;;;;N;BLANK;;;; +2423;OPEN BOX;So;0;ON;;;;;N;;;;; +2424;SYMBOL FOR NEWLINE;So;0;ON;;;;;N;GRAPHIC FOR NEWLINE;;;; +2425;SYMBOL FOR DELETE FORM TWO;So;0;ON;;;;;N;;;;; +2426;SYMBOL FOR SUBSTITUTE FORM TWO;So;0;ON;;;;;N;;;;; +2440;OCR HOOK;So;0;ON;;;;;N;;;;; +2441;OCR CHAIR;So;0;ON;;;;;N;;;;; +2442;OCR FORK;So;0;ON;;;;;N;;;;; +2443;OCR INVERTED FORK;So;0;ON;;;;;N;;;;; +2444;OCR BELT BUCKLE;So;0;ON;;;;;N;;;;; +2445;OCR BOW TIE;So;0;ON;;;;;N;;;;; +2446;OCR BRANCH BANK IDENTIFICATION;So;0;ON;;;;;N;;;;; +2447;OCR AMOUNT OF CHECK;So;0;ON;;;;;N;;;;; +2448;OCR DASH;So;0;ON;;;;;N;;;;; +2449;OCR CUSTOMER ACCOUNT NUMBER;So;0;ON;;;;;N;;;;; +244A;OCR DOUBLE BACKSLASH;So;0;ON;;;;;N;;;;; +2460;CIRCLED DIGIT ONE;No;0;EN; 0031;;1;1;N;;;;; +2461;CIRCLED DIGIT TWO;No;0;EN; 0032;;2;2;N;;;;; +2462;CIRCLED DIGIT THREE;No;0;EN; 0033;;3;3;N;;;;; +2463;CIRCLED DIGIT FOUR;No;0;EN; 0034;;4;4;N;;;;; +2464;CIRCLED DIGIT FIVE;No;0;EN; 0035;;5;5;N;;;;; +2465;CIRCLED DIGIT SIX;No;0;EN; 0036;;6;6;N;;;;; +2466;CIRCLED DIGIT SEVEN;No;0;EN; 0037;;7;7;N;;;;; +2467;CIRCLED DIGIT EIGHT;No;0;EN; 0038;;8;8;N;;;;; +2468;CIRCLED DIGIT NINE;No;0;EN; 0039;;9;9;N;;;;; +2469;CIRCLED NUMBER TEN;No;0;EN; 0031 0030;;;10;N;;;;; +246A;CIRCLED NUMBER ELEVEN;No;0;EN; 0031 0031;;;11;N;;;;; +246B;CIRCLED NUMBER TWELVE;No;0;EN; 0031 0032;;;12;N;;;;; +246C;CIRCLED NUMBER THIRTEEN;No;0;EN; 0031 0033;;;13;N;;;;; +246D;CIRCLED NUMBER FOURTEEN;No;0;EN; 0031 0034;;;14;N;;;;; +246E;CIRCLED NUMBER FIFTEEN;No;0;EN; 0031 0035;;;15;N;;;;; +246F;CIRCLED NUMBER SIXTEEN;No;0;EN; 0031 0036;;;16;N;;;;; +2470;CIRCLED NUMBER SEVENTEEN;No;0;EN; 0031 0037;;;17;N;;;;; +2471;CIRCLED NUMBER EIGHTEEN;No;0;EN; 0031 0038;;;18;N;;;;; +2472;CIRCLED NUMBER NINETEEN;No;0;EN; 0031 0039;;;19;N;;;;; +2473;CIRCLED NUMBER TWENTY;No;0;EN; 0032 0030;;;20;N;;;;; +2474;PARENTHESIZED DIGIT ONE;No;0;EN; 0028 0031 0029;;1;1;N;;;;; +2475;PARENTHESIZED DIGIT TWO;No;0;EN; 0028 0032 0029;;2;2;N;;;;; +2476;PARENTHESIZED DIGIT THREE;No;0;EN; 0028 0033 0029;;3;3;N;;;;; +2477;PARENTHESIZED DIGIT FOUR;No;0;EN; 0028 0034 0029;;4;4;N;;;;; +2478;PARENTHESIZED DIGIT FIVE;No;0;EN; 0028 0035 0029;;5;5;N;;;;; +2479;PARENTHESIZED DIGIT SIX;No;0;EN; 0028 0036 0029;;6;6;N;;;;; +247A;PARENTHESIZED DIGIT SEVEN;No;0;EN; 0028 0037 0029;;7;7;N;;;;; +247B;PARENTHESIZED DIGIT EIGHT;No;0;EN; 0028 0038 0029;;8;8;N;;;;; +247C;PARENTHESIZED DIGIT NINE;No;0;EN; 0028 0039 0029;;9;9;N;;;;; +247D;PARENTHESIZED NUMBER TEN;No;0;EN; 0028 0031 0030 0029;;;10;N;;;;; +247E;PARENTHESIZED NUMBER ELEVEN;No;0;EN; 0028 0031 0031 0029;;;11;N;;;;; +247F;PARENTHESIZED NUMBER TWELVE;No;0;EN; 0028 0031 0032 0029;;;12;N;;;;; +2480;PARENTHESIZED NUMBER THIRTEEN;No;0;EN; 0028 0031 0033 0029;;;13;N;;;;; +2481;PARENTHESIZED NUMBER FOURTEEN;No;0;EN; 0028 0031 0034 0029;;;14;N;;;;; +2482;PARENTHESIZED NUMBER FIFTEEN;No;0;EN; 0028 0031 0035 0029;;;15;N;;;;; +2483;PARENTHESIZED NUMBER SIXTEEN;No;0;EN; 0028 0031 0036 0029;;;16;N;;;;; +2484;PARENTHESIZED NUMBER SEVENTEEN;No;0;EN; 0028 0031 0037 0029;;;17;N;;;;; +2485;PARENTHESIZED NUMBER EIGHTEEN;No;0;EN; 0028 0031 0038 0029;;;18;N;;;;; +2486;PARENTHESIZED NUMBER NINETEEN;No;0;EN; 0028 0031 0039 0029;;;19;N;;;;; +2487;PARENTHESIZED NUMBER TWENTY;No;0;EN; 0028 0032 0030 0029;;;20;N;;;;; +2488;DIGIT ONE FULL STOP;No;0;EN; 0031 002E;;1;1;N;DIGIT ONE PERIOD;;;; +2489;DIGIT TWO FULL STOP;No;0;EN; 0032 002E;;2;2;N;DIGIT TWO PERIOD;;;; +248A;DIGIT THREE FULL STOP;No;0;EN; 0033 002E;;3;3;N;DIGIT THREE PERIOD;;;; +248B;DIGIT FOUR FULL STOP;No;0;EN; 0034 002E;;4;4;N;DIGIT FOUR PERIOD;;;; +248C;DIGIT FIVE FULL STOP;No;0;EN; 0035 002E;;5;5;N;DIGIT FIVE PERIOD;;;; +248D;DIGIT SIX FULL STOP;No;0;EN; 0036 002E;;6;6;N;DIGIT SIX PERIOD;;;; +248E;DIGIT SEVEN FULL STOP;No;0;EN; 0037 002E;;7;7;N;DIGIT SEVEN PERIOD;;;; +248F;DIGIT EIGHT FULL STOP;No;0;EN; 0038 002E;;8;8;N;DIGIT EIGHT PERIOD;;;; +2490;DIGIT NINE FULL STOP;No;0;EN; 0039 002E;;9;9;N;DIGIT NINE PERIOD;;;; +2491;NUMBER TEN FULL STOP;No;0;EN; 0031 0030 002E;;;10;N;NUMBER TEN PERIOD;;;; +2492;NUMBER ELEVEN FULL STOP;No;0;EN; 0031 0031 002E;;;11;N;NUMBER ELEVEN PERIOD;;;; +2493;NUMBER TWELVE FULL STOP;No;0;EN; 0031 0032 002E;;;12;N;NUMBER TWELVE PERIOD;;;; +2494;NUMBER THIRTEEN FULL STOP;No;0;EN; 0031 0033 002E;;;13;N;NUMBER THIRTEEN PERIOD;;;; +2495;NUMBER FOURTEEN FULL STOP;No;0;EN; 0031 0034 002E;;;14;N;NUMBER FOURTEEN PERIOD;;;; +2496;NUMBER FIFTEEN FULL STOP;No;0;EN; 0031 0035 002E;;;15;N;NUMBER FIFTEEN PERIOD;;;; +2497;NUMBER SIXTEEN FULL STOP;No;0;EN; 0031 0036 002E;;;16;N;NUMBER SIXTEEN PERIOD;;;; +2498;NUMBER SEVENTEEN FULL STOP;No;0;EN; 0031 0037 002E;;;17;N;NUMBER SEVENTEEN PERIOD;;;; +2499;NUMBER EIGHTEEN FULL STOP;No;0;EN; 0031 0038 002E;;;18;N;NUMBER EIGHTEEN PERIOD;;;; +249A;NUMBER NINETEEN FULL STOP;No;0;EN; 0031 0039 002E;;;19;N;NUMBER NINETEEN PERIOD;;;; +249B;NUMBER TWENTY FULL STOP;No;0;EN; 0032 0030 002E;;;20;N;NUMBER TWENTY PERIOD;;;; +249C;PARENTHESIZED LATIN SMALL LETTER A;So;0;L; 0028 0061 0029;;;;N;;;;; +249D;PARENTHESIZED LATIN SMALL LETTER B;So;0;L; 0028 0062 0029;;;;N;;;;; +249E;PARENTHESIZED LATIN SMALL LETTER C;So;0;L; 0028 0063 0029;;;;N;;;;; +249F;PARENTHESIZED LATIN SMALL LETTER D;So;0;L; 0028 0064 0029;;;;N;;;;; +24A0;PARENTHESIZED LATIN SMALL LETTER E;So;0;L; 0028 0065 0029;;;;N;;;;; +24A1;PARENTHESIZED LATIN SMALL LETTER F;So;0;L; 0028 0066 0029;;;;N;;;;; +24A2;PARENTHESIZED LATIN SMALL LETTER G;So;0;L; 0028 0067 0029;;;;N;;;;; +24A3;PARENTHESIZED LATIN SMALL LETTER H;So;0;L; 0028 0068 0029;;;;N;;;;; +24A4;PARENTHESIZED LATIN SMALL LETTER I;So;0;L; 0028 0069 0029;;;;N;;;;; +24A5;PARENTHESIZED LATIN SMALL LETTER J;So;0;L; 0028 006A 0029;;;;N;;;;; +24A6;PARENTHESIZED LATIN SMALL LETTER K;So;0;L; 0028 006B 0029;;;;N;;;;; +24A7;PARENTHESIZED LATIN SMALL LETTER L;So;0;L; 0028 006C 0029;;;;N;;;;; +24A8;PARENTHESIZED LATIN SMALL LETTER M;So;0;L; 0028 006D 0029;;;;N;;;;; +24A9;PARENTHESIZED LATIN SMALL LETTER N;So;0;L; 0028 006E 0029;;;;N;;;;; +24AA;PARENTHESIZED LATIN SMALL LETTER O;So;0;L; 0028 006F 0029;;;;N;;;;; +24AB;PARENTHESIZED LATIN SMALL LETTER P;So;0;L; 0028 0070 0029;;;;N;;;;; +24AC;PARENTHESIZED LATIN SMALL LETTER Q;So;0;L; 0028 0071 0029;;;;N;;;;; +24AD;PARENTHESIZED LATIN SMALL LETTER R;So;0;L; 0028 0072 0029;;;;N;;;;; +24AE;PARENTHESIZED LATIN SMALL LETTER S;So;0;L; 0028 0073 0029;;;;N;;;;; +24AF;PARENTHESIZED LATIN SMALL LETTER T;So;0;L; 0028 0074 0029;;;;N;;;;; +24B0;PARENTHESIZED LATIN SMALL LETTER U;So;0;L; 0028 0075 0029;;;;N;;;;; +24B1;PARENTHESIZED LATIN SMALL LETTER V;So;0;L; 0028 0076 0029;;;;N;;;;; +24B2;PARENTHESIZED LATIN SMALL LETTER W;So;0;L; 0028 0077 0029;;;;N;;;;; +24B3;PARENTHESIZED LATIN SMALL LETTER X;So;0;L; 0028 0078 0029;;;;N;;;;; +24B4;PARENTHESIZED LATIN SMALL LETTER Y;So;0;L; 0028 0079 0029;;;;N;;;;; +24B5;PARENTHESIZED LATIN SMALL LETTER Z;So;0;L; 0028 007A 0029;;;;N;;;;; +24B6;CIRCLED LATIN CAPITAL LETTER A;So;0;L; 0041;;;;N;;;;24D0; +24B7;CIRCLED LATIN CAPITAL LETTER B;So;0;L; 0042;;;;N;;;;24D1; +24B8;CIRCLED LATIN CAPITAL LETTER C;So;0;L; 0043;;;;N;;;;24D2; +24B9;CIRCLED LATIN CAPITAL LETTER D;So;0;L; 0044;;;;N;;;;24D3; +24BA;CIRCLED LATIN CAPITAL LETTER E;So;0;L; 0045;;;;N;;;;24D4; +24BB;CIRCLED LATIN CAPITAL LETTER F;So;0;L; 0046;;;;N;;;;24D5; +24BC;CIRCLED LATIN CAPITAL LETTER G;So;0;L; 0047;;;;N;;;;24D6; +24BD;CIRCLED LATIN CAPITAL LETTER H;So;0;L; 0048;;;;N;;;;24D7; +24BE;CIRCLED LATIN CAPITAL LETTER I;So;0;L; 0049;;;;N;;;;24D8; +24BF;CIRCLED LATIN CAPITAL LETTER J;So;0;L; 004A;;;;N;;;;24D9; +24C0;CIRCLED LATIN CAPITAL LETTER K;So;0;L; 004B;;;;N;;;;24DA; +24C1;CIRCLED LATIN CAPITAL LETTER L;So;0;L; 004C;;;;N;;;;24DB; +24C2;CIRCLED LATIN CAPITAL LETTER M;So;0;L; 004D;;;;N;;;;24DC; +24C3;CIRCLED LATIN CAPITAL LETTER N;So;0;L; 004E;;;;N;;;;24DD; +24C4;CIRCLED LATIN CAPITAL LETTER O;So;0;L; 004F;;;;N;;;;24DE; +24C5;CIRCLED LATIN CAPITAL LETTER P;So;0;L; 0050;;;;N;;;;24DF; +24C6;CIRCLED LATIN CAPITAL LETTER Q;So;0;L; 0051;;;;N;;;;24E0; +24C7;CIRCLED LATIN CAPITAL LETTER R;So;0;L; 0052;;;;N;;;;24E1; +24C8;CIRCLED LATIN CAPITAL LETTER S;So;0;L; 0053;;;;N;;;;24E2; +24C9;CIRCLED LATIN CAPITAL LETTER T;So;0;L; 0054;;;;N;;;;24E3; +24CA;CIRCLED LATIN CAPITAL LETTER U;So;0;L; 0055;;;;N;;;;24E4; +24CB;CIRCLED LATIN CAPITAL LETTER V;So;0;L; 0056;;;;N;;;;24E5; +24CC;CIRCLED LATIN CAPITAL LETTER W;So;0;L; 0057;;;;N;;;;24E6; +24CD;CIRCLED LATIN CAPITAL LETTER X;So;0;L; 0058;;;;N;;;;24E7; +24CE;CIRCLED LATIN CAPITAL LETTER Y;So;0;L; 0059;;;;N;;;;24E8; +24CF;CIRCLED LATIN CAPITAL LETTER Z;So;0;L; 005A;;;;N;;;;24E9; +24D0;CIRCLED LATIN SMALL LETTER A;So;0;L; 0061;;;;N;;;24B6;;24B6 +24D1;CIRCLED LATIN SMALL LETTER B;So;0;L; 0062;;;;N;;;24B7;;24B7 +24D2;CIRCLED LATIN SMALL LETTER C;So;0;L; 0063;;;;N;;;24B8;;24B8 +24D3;CIRCLED LATIN SMALL LETTER D;So;0;L; 0064;;;;N;;;24B9;;24B9 +24D4;CIRCLED LATIN SMALL LETTER E;So;0;L; 0065;;;;N;;;24BA;;24BA +24D5;CIRCLED LATIN SMALL LETTER F;So;0;L; 0066;;;;N;;;24BB;;24BB +24D6;CIRCLED LATIN SMALL LETTER G;So;0;L; 0067;;;;N;;;24BC;;24BC +24D7;CIRCLED LATIN SMALL LETTER H;So;0;L; 0068;;;;N;;;24BD;;24BD +24D8;CIRCLED LATIN SMALL LETTER I;So;0;L; 0069;;;;N;;;24BE;;24BE +24D9;CIRCLED LATIN SMALL LETTER J;So;0;L; 006A;;;;N;;;24BF;;24BF +24DA;CIRCLED LATIN SMALL LETTER K;So;0;L; 006B;;;;N;;;24C0;;24C0 +24DB;CIRCLED LATIN SMALL LETTER L;So;0;L; 006C;;;;N;;;24C1;;24C1 +24DC;CIRCLED LATIN SMALL LETTER M;So;0;L; 006D;;;;N;;;24C2;;24C2 +24DD;CIRCLED LATIN SMALL LETTER N;So;0;L; 006E;;;;N;;;24C3;;24C3 +24DE;CIRCLED LATIN SMALL LETTER O;So;0;L; 006F;;;;N;;;24C4;;24C4 +24DF;CIRCLED LATIN SMALL LETTER P;So;0;L; 0070;;;;N;;;24C5;;24C5 +24E0;CIRCLED LATIN SMALL LETTER Q;So;0;L; 0071;;;;N;;;24C6;;24C6 +24E1;CIRCLED LATIN SMALL LETTER R;So;0;L; 0072;;;;N;;;24C7;;24C7 +24E2;CIRCLED LATIN SMALL LETTER S;So;0;L; 0073;;;;N;;;24C8;;24C8 +24E3;CIRCLED LATIN SMALL LETTER T;So;0;L; 0074;;;;N;;;24C9;;24C9 +24E4;CIRCLED LATIN SMALL LETTER U;So;0;L; 0075;;;;N;;;24CA;;24CA +24E5;CIRCLED LATIN SMALL LETTER V;So;0;L; 0076;;;;N;;;24CB;;24CB +24E6;CIRCLED LATIN SMALL LETTER W;So;0;L; 0077;;;;N;;;24CC;;24CC +24E7;CIRCLED LATIN SMALL LETTER X;So;0;L; 0078;;;;N;;;24CD;;24CD +24E8;CIRCLED LATIN SMALL LETTER Y;So;0;L; 0079;;;;N;;;24CE;;24CE +24E9;CIRCLED LATIN SMALL LETTER Z;So;0;L; 007A;;;;N;;;24CF;;24CF +24EA;CIRCLED DIGIT ZERO;No;0;EN; 0030;;0;0;N;;;;; +24EB;NEGATIVE CIRCLED NUMBER ELEVEN;No;0;ON;;;;11;N;;;;; +24EC;NEGATIVE CIRCLED NUMBER TWELVE;No;0;ON;;;;12;N;;;;; +24ED;NEGATIVE CIRCLED NUMBER THIRTEEN;No;0;ON;;;;13;N;;;;; +24EE;NEGATIVE CIRCLED NUMBER FOURTEEN;No;0;ON;;;;14;N;;;;; +24EF;NEGATIVE CIRCLED NUMBER FIFTEEN;No;0;ON;;;;15;N;;;;; +24F0;NEGATIVE CIRCLED NUMBER SIXTEEN;No;0;ON;;;;16;N;;;;; +24F1;NEGATIVE CIRCLED NUMBER SEVENTEEN;No;0;ON;;;;17;N;;;;; +24F2;NEGATIVE CIRCLED NUMBER EIGHTEEN;No;0;ON;;;;18;N;;;;; +24F3;NEGATIVE CIRCLED NUMBER NINETEEN;No;0;ON;;;;19;N;;;;; +24F4;NEGATIVE CIRCLED NUMBER TWENTY;No;0;ON;;;;20;N;;;;; +24F5;DOUBLE CIRCLED DIGIT ONE;No;0;ON;;;1;1;N;;;;; +24F6;DOUBLE CIRCLED DIGIT TWO;No;0;ON;;;2;2;N;;;;; +24F7;DOUBLE CIRCLED DIGIT THREE;No;0;ON;;;3;3;N;;;;; +24F8;DOUBLE CIRCLED DIGIT FOUR;No;0;ON;;;4;4;N;;;;; +24F9;DOUBLE CIRCLED DIGIT FIVE;No;0;ON;;;5;5;N;;;;; +24FA;DOUBLE CIRCLED DIGIT SIX;No;0;ON;;;6;6;N;;;;; +24FB;DOUBLE CIRCLED DIGIT SEVEN;No;0;ON;;;7;7;N;;;;; +24FC;DOUBLE CIRCLED DIGIT EIGHT;No;0;ON;;;8;8;N;;;;; +24FD;DOUBLE CIRCLED DIGIT NINE;No;0;ON;;;9;9;N;;;;; +24FE;DOUBLE CIRCLED NUMBER TEN;No;0;ON;;;;10;N;;;;; +2500;BOX DRAWINGS LIGHT HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT HORIZONTAL;;;; +2501;BOX DRAWINGS HEAVY HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY HORIZONTAL;;;; +2502;BOX DRAWINGS LIGHT VERTICAL;So;0;ON;;;;;N;FORMS LIGHT VERTICAL;;;; +2503;BOX DRAWINGS HEAVY VERTICAL;So;0;ON;;;;;N;FORMS HEAVY VERTICAL;;;; +2504;BOX DRAWINGS LIGHT TRIPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT TRIPLE DASH HORIZONTAL;;;; +2505;BOX DRAWINGS HEAVY TRIPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY TRIPLE DASH HORIZONTAL;;;; +2506;BOX DRAWINGS LIGHT TRIPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT TRIPLE DASH VERTICAL;;;; +2507;BOX DRAWINGS HEAVY TRIPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY TRIPLE DASH VERTICAL;;;; +2508;BOX DRAWINGS LIGHT QUADRUPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT QUADRUPLE DASH HORIZONTAL;;;; +2509;BOX DRAWINGS HEAVY QUADRUPLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY QUADRUPLE DASH HORIZONTAL;;;; +250A;BOX DRAWINGS LIGHT QUADRUPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT QUADRUPLE DASH VERTICAL;;;; +250B;BOX DRAWINGS HEAVY QUADRUPLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY QUADRUPLE DASH VERTICAL;;;; +250C;BOX DRAWINGS LIGHT DOWN AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT DOWN AND RIGHT;;;; +250D;BOX DRAWINGS DOWN LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND RIGHT HEAVY;;;; +250E;BOX DRAWINGS DOWN HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND RIGHT LIGHT;;;; +250F;BOX DRAWINGS HEAVY DOWN AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY DOWN AND RIGHT;;;; +2510;BOX DRAWINGS LIGHT DOWN AND LEFT;So;0;ON;;;;;N;FORMS LIGHT DOWN AND LEFT;;;; +2511;BOX DRAWINGS DOWN LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND LEFT HEAVY;;;; +2512;BOX DRAWINGS DOWN HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND LEFT LIGHT;;;; +2513;BOX DRAWINGS HEAVY DOWN AND LEFT;So;0;ON;;;;;N;FORMS HEAVY DOWN AND LEFT;;;; +2514;BOX DRAWINGS LIGHT UP AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT UP AND RIGHT;;;; +2515;BOX DRAWINGS UP LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND RIGHT HEAVY;;;; +2516;BOX DRAWINGS UP HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND RIGHT LIGHT;;;; +2517;BOX DRAWINGS HEAVY UP AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY UP AND RIGHT;;;; +2518;BOX DRAWINGS LIGHT UP AND LEFT;So;0;ON;;;;;N;FORMS LIGHT UP AND LEFT;;;; +2519;BOX DRAWINGS UP LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND LEFT HEAVY;;;; +251A;BOX DRAWINGS UP HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND LEFT LIGHT;;;; +251B;BOX DRAWINGS HEAVY UP AND LEFT;So;0;ON;;;;;N;FORMS HEAVY UP AND LEFT;;;; +251C;BOX DRAWINGS LIGHT VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND RIGHT;;;; +251D;BOX DRAWINGS VERTICAL LIGHT AND RIGHT HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND RIGHT HEAVY;;;; +251E;BOX DRAWINGS UP HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND RIGHT DOWN LIGHT;;;; +251F;BOX DRAWINGS DOWN HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND RIGHT UP LIGHT;;;; +2520;BOX DRAWINGS VERTICAL HEAVY AND RIGHT LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND RIGHT LIGHT;;;; +2521;BOX DRAWINGS DOWN LIGHT AND RIGHT UP HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND RIGHT UP HEAVY;;;; +2522;BOX DRAWINGS UP LIGHT AND RIGHT DOWN HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND RIGHT DOWN HEAVY;;;; +2523;BOX DRAWINGS HEAVY VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND RIGHT;;;; +2524;BOX DRAWINGS LIGHT VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND LEFT;;;; +2525;BOX DRAWINGS VERTICAL LIGHT AND LEFT HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND LEFT HEAVY;;;; +2526;BOX DRAWINGS UP HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND LEFT DOWN LIGHT;;;; +2527;BOX DRAWINGS DOWN HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND LEFT UP LIGHT;;;; +2528;BOX DRAWINGS VERTICAL HEAVY AND LEFT LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND LEFT LIGHT;;;; +2529;BOX DRAWINGS DOWN LIGHT AND LEFT UP HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND LEFT UP HEAVY;;;; +252A;BOX DRAWINGS UP LIGHT AND LEFT DOWN HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND LEFT DOWN HEAVY;;;; +252B;BOX DRAWINGS HEAVY VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND LEFT;;;; +252C;BOX DRAWINGS LIGHT DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT DOWN AND HORIZONTAL;;;; +252D;BOX DRAWINGS LEFT HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT DOWN LIGHT;;;; +252E;BOX DRAWINGS RIGHT HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT DOWN LIGHT;;;; +252F;BOX DRAWINGS DOWN LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND HORIZONTAL HEAVY;;;; +2530;BOX DRAWINGS DOWN HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND HORIZONTAL LIGHT;;;; +2531;BOX DRAWINGS RIGHT LIGHT AND LEFT DOWN HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT DOWN HEAVY;;;; +2532;BOX DRAWINGS LEFT LIGHT AND RIGHT DOWN HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT DOWN HEAVY;;;; +2533;BOX DRAWINGS HEAVY DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY DOWN AND HORIZONTAL;;;; +2534;BOX DRAWINGS LIGHT UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT UP AND HORIZONTAL;;;; +2535;BOX DRAWINGS LEFT HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT UP LIGHT;;;; +2536;BOX DRAWINGS RIGHT HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT UP LIGHT;;;; +2537;BOX DRAWINGS UP LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND HORIZONTAL HEAVY;;;; +2538;BOX DRAWINGS UP HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND HORIZONTAL LIGHT;;;; +2539;BOX DRAWINGS RIGHT LIGHT AND LEFT UP HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT UP HEAVY;;;; +253A;BOX DRAWINGS LEFT LIGHT AND RIGHT UP HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT UP HEAVY;;;; +253B;BOX DRAWINGS HEAVY UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY UP AND HORIZONTAL;;;; +253C;BOX DRAWINGS LIGHT VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT VERTICAL AND HORIZONTAL;;;; +253D;BOX DRAWINGS LEFT HEAVY AND RIGHT VERTICAL LIGHT;So;0;ON;;;;;N;FORMS LEFT HEAVY AND RIGHT VERTICAL LIGHT;;;; +253E;BOX DRAWINGS RIGHT HEAVY AND LEFT VERTICAL LIGHT;So;0;ON;;;;;N;FORMS RIGHT HEAVY AND LEFT VERTICAL LIGHT;;;; +253F;BOX DRAWINGS VERTICAL LIGHT AND HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS VERTICAL LIGHT AND HORIZONTAL HEAVY;;;; +2540;BOX DRAWINGS UP HEAVY AND DOWN HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS UP HEAVY AND DOWN HORIZONTAL LIGHT;;;; +2541;BOX DRAWINGS DOWN HEAVY AND UP HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS DOWN HEAVY AND UP HORIZONTAL LIGHT;;;; +2542;BOX DRAWINGS VERTICAL HEAVY AND HORIZONTAL LIGHT;So;0;ON;;;;;N;FORMS VERTICAL HEAVY AND HORIZONTAL LIGHT;;;; +2543;BOX DRAWINGS LEFT UP HEAVY AND RIGHT DOWN LIGHT;So;0;ON;;;;;N;FORMS LEFT UP HEAVY AND RIGHT DOWN LIGHT;;;; +2544;BOX DRAWINGS RIGHT UP HEAVY AND LEFT DOWN LIGHT;So;0;ON;;;;;N;FORMS RIGHT UP HEAVY AND LEFT DOWN LIGHT;;;; +2545;BOX DRAWINGS LEFT DOWN HEAVY AND RIGHT UP LIGHT;So;0;ON;;;;;N;FORMS LEFT DOWN HEAVY AND RIGHT UP LIGHT;;;; +2546;BOX DRAWINGS RIGHT DOWN HEAVY AND LEFT UP LIGHT;So;0;ON;;;;;N;FORMS RIGHT DOWN HEAVY AND LEFT UP LIGHT;;;; +2547;BOX DRAWINGS DOWN LIGHT AND UP HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS DOWN LIGHT AND UP HORIZONTAL HEAVY;;;; +2548;BOX DRAWINGS UP LIGHT AND DOWN HORIZONTAL HEAVY;So;0;ON;;;;;N;FORMS UP LIGHT AND DOWN HORIZONTAL HEAVY;;;; +2549;BOX DRAWINGS RIGHT LIGHT AND LEFT VERTICAL HEAVY;So;0;ON;;;;;N;FORMS RIGHT LIGHT AND LEFT VERTICAL HEAVY;;;; +254A;BOX DRAWINGS LEFT LIGHT AND RIGHT VERTICAL HEAVY;So;0;ON;;;;;N;FORMS LEFT LIGHT AND RIGHT VERTICAL HEAVY;;;; +254B;BOX DRAWINGS HEAVY VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY VERTICAL AND HORIZONTAL;;;; +254C;BOX DRAWINGS LIGHT DOUBLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS LIGHT DOUBLE DASH HORIZONTAL;;;; +254D;BOX DRAWINGS HEAVY DOUBLE DASH HORIZONTAL;So;0;ON;;;;;N;FORMS HEAVY DOUBLE DASH HORIZONTAL;;;; +254E;BOX DRAWINGS LIGHT DOUBLE DASH VERTICAL;So;0;ON;;;;;N;FORMS LIGHT DOUBLE DASH VERTICAL;;;; +254F;BOX DRAWINGS HEAVY DOUBLE DASH VERTICAL;So;0;ON;;;;;N;FORMS HEAVY DOUBLE DASH VERTICAL;;;; +2550;BOX DRAWINGS DOUBLE HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE HORIZONTAL;;;; +2551;BOX DRAWINGS DOUBLE VERTICAL;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL;;;; +2552;BOX DRAWINGS DOWN SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND RIGHT DOUBLE;;;; +2553;BOX DRAWINGS DOWN DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND RIGHT SINGLE;;;; +2554;BOX DRAWINGS DOUBLE DOWN AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND RIGHT;;;; +2555;BOX DRAWINGS DOWN SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND LEFT DOUBLE;;;; +2556;BOX DRAWINGS DOWN DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND LEFT SINGLE;;;; +2557;BOX DRAWINGS DOUBLE DOWN AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND LEFT;;;; +2558;BOX DRAWINGS UP SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND RIGHT DOUBLE;;;; +2559;BOX DRAWINGS UP DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND RIGHT SINGLE;;;; +255A;BOX DRAWINGS DOUBLE UP AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE UP AND RIGHT;;;; +255B;BOX DRAWINGS UP SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND LEFT DOUBLE;;;; +255C;BOX DRAWINGS UP DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND LEFT SINGLE;;;; +255D;BOX DRAWINGS DOUBLE UP AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE UP AND LEFT;;;; +255E;BOX DRAWINGS VERTICAL SINGLE AND RIGHT DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND RIGHT DOUBLE;;;; +255F;BOX DRAWINGS VERTICAL DOUBLE AND RIGHT SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND RIGHT SINGLE;;;; +2560;BOX DRAWINGS DOUBLE VERTICAL AND RIGHT;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND RIGHT;;;; +2561;BOX DRAWINGS VERTICAL SINGLE AND LEFT DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND LEFT DOUBLE;;;; +2562;BOX DRAWINGS VERTICAL DOUBLE AND LEFT SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND LEFT SINGLE;;;; +2563;BOX DRAWINGS DOUBLE VERTICAL AND LEFT;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND LEFT;;;; +2564;BOX DRAWINGS DOWN SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS DOWN SINGLE AND HORIZONTAL DOUBLE;;;; +2565;BOX DRAWINGS DOWN DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS DOWN DOUBLE AND HORIZONTAL SINGLE;;;; +2566;BOX DRAWINGS DOUBLE DOWN AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE DOWN AND HORIZONTAL;;;; +2567;BOX DRAWINGS UP SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS UP SINGLE AND HORIZONTAL DOUBLE;;;; +2568;BOX DRAWINGS UP DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS UP DOUBLE AND HORIZONTAL SINGLE;;;; +2569;BOX DRAWINGS DOUBLE UP AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE UP AND HORIZONTAL;;;; +256A;BOX DRAWINGS VERTICAL SINGLE AND HORIZONTAL DOUBLE;So;0;ON;;;;;N;FORMS VERTICAL SINGLE AND HORIZONTAL DOUBLE;;;; +256B;BOX DRAWINGS VERTICAL DOUBLE AND HORIZONTAL SINGLE;So;0;ON;;;;;N;FORMS VERTICAL DOUBLE AND HORIZONTAL SINGLE;;;; +256C;BOX DRAWINGS DOUBLE VERTICAL AND HORIZONTAL;So;0;ON;;;;;N;FORMS DOUBLE VERTICAL AND HORIZONTAL;;;; +256D;BOX DRAWINGS LIGHT ARC DOWN AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT ARC DOWN AND RIGHT;;;; +256E;BOX DRAWINGS LIGHT ARC DOWN AND LEFT;So;0;ON;;;;;N;FORMS LIGHT ARC DOWN AND LEFT;;;; +256F;BOX DRAWINGS LIGHT ARC UP AND LEFT;So;0;ON;;;;;N;FORMS LIGHT ARC UP AND LEFT;;;; +2570;BOX DRAWINGS LIGHT ARC UP AND RIGHT;So;0;ON;;;;;N;FORMS LIGHT ARC UP AND RIGHT;;;; +2571;BOX DRAWINGS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL UPPER RIGHT TO LOWER LEFT;;;; +2572;BOX DRAWINGS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL UPPER LEFT TO LOWER RIGHT;;;; +2573;BOX DRAWINGS LIGHT DIAGONAL CROSS;So;0;ON;;;;;N;FORMS LIGHT DIAGONAL CROSS;;;; +2574;BOX DRAWINGS LIGHT LEFT;So;0;ON;;;;;N;FORMS LIGHT LEFT;;;; +2575;BOX DRAWINGS LIGHT UP;So;0;ON;;;;;N;FORMS LIGHT UP;;;; +2576;BOX DRAWINGS LIGHT RIGHT;So;0;ON;;;;;N;FORMS LIGHT RIGHT;;;; +2577;BOX DRAWINGS LIGHT DOWN;So;0;ON;;;;;N;FORMS LIGHT DOWN;;;; +2578;BOX DRAWINGS HEAVY LEFT;So;0;ON;;;;;N;FORMS HEAVY LEFT;;;; +2579;BOX DRAWINGS HEAVY UP;So;0;ON;;;;;N;FORMS HEAVY UP;;;; +257A;BOX DRAWINGS HEAVY RIGHT;So;0;ON;;;;;N;FORMS HEAVY RIGHT;;;; +257B;BOX DRAWINGS HEAVY DOWN;So;0;ON;;;;;N;FORMS HEAVY DOWN;;;; +257C;BOX DRAWINGS LIGHT LEFT AND HEAVY RIGHT;So;0;ON;;;;;N;FORMS LIGHT LEFT AND HEAVY RIGHT;;;; +257D;BOX DRAWINGS LIGHT UP AND HEAVY DOWN;So;0;ON;;;;;N;FORMS LIGHT UP AND HEAVY DOWN;;;; +257E;BOX DRAWINGS HEAVY LEFT AND LIGHT RIGHT;So;0;ON;;;;;N;FORMS HEAVY LEFT AND LIGHT RIGHT;;;; +257F;BOX DRAWINGS HEAVY UP AND LIGHT DOWN;So;0;ON;;;;;N;FORMS HEAVY UP AND LIGHT DOWN;;;; +2580;UPPER HALF BLOCK;So;0;ON;;;;;N;;;;; +2581;LOWER ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;; +2582;LOWER ONE QUARTER BLOCK;So;0;ON;;;;;N;;;;; +2583;LOWER THREE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +2584;LOWER HALF BLOCK;So;0;ON;;;;;N;;;;; +2585;LOWER FIVE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +2586;LOWER THREE QUARTERS BLOCK;So;0;ON;;;;;N;LOWER THREE QUARTER BLOCK;;;; +2587;LOWER SEVEN EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +2588;FULL BLOCK;So;0;ON;;;;;N;;;;; +2589;LEFT SEVEN EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +258A;LEFT THREE QUARTERS BLOCK;So;0;ON;;;;;N;LEFT THREE QUARTER BLOCK;;;; +258B;LEFT FIVE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +258C;LEFT HALF BLOCK;So;0;ON;;;;;N;;;;; +258D;LEFT THREE EIGHTHS BLOCK;So;0;ON;;;;;N;;;;; +258E;LEFT ONE QUARTER BLOCK;So;0;ON;;;;;N;;;;; +258F;LEFT ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;; +2590;RIGHT HALF BLOCK;So;0;ON;;;;;N;;;;; +2591;LIGHT SHADE;So;0;ON;;;;;N;;;;; +2592;MEDIUM SHADE;So;0;ON;;;;;N;;;;; +2593;DARK SHADE;So;0;ON;;;;;N;;;;; +2594;UPPER ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;; +2595;RIGHT ONE EIGHTH BLOCK;So;0;ON;;;;;N;;;;; +2596;QUADRANT LOWER LEFT;So;0;ON;;;;;N;;;;; +2597;QUADRANT LOWER RIGHT;So;0;ON;;;;;N;;;;; +2598;QUADRANT UPPER LEFT;So;0;ON;;;;;N;;;;; +2599;QUADRANT UPPER LEFT AND LOWER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;; +259A;QUADRANT UPPER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;; +259B;QUADRANT UPPER LEFT AND UPPER RIGHT AND LOWER LEFT;So;0;ON;;;;;N;;;;; +259C;QUADRANT UPPER LEFT AND UPPER RIGHT AND LOWER RIGHT;So;0;ON;;;;;N;;;;; +259D;QUADRANT UPPER RIGHT;So;0;ON;;;;;N;;;;; +259E;QUADRANT UPPER RIGHT AND LOWER LEFT;So;0;ON;;;;;N;;;;; +259F;QUADRANT UPPER RIGHT AND LOWER LEFT AND LOWER RIGHT;So;0;ON;;;;;N;;;;; +25A0;BLACK SQUARE;So;0;ON;;;;;N;;;;; +25A1;WHITE SQUARE;So;0;ON;;;;;N;;;;; +25A2;WHITE SQUARE WITH ROUNDED CORNERS;So;0;ON;;;;;N;;;;; +25A3;WHITE SQUARE CONTAINING BLACK SMALL SQUARE;So;0;ON;;;;;N;;;;; +25A4;SQUARE WITH HORIZONTAL FILL;So;0;ON;;;;;N;;;;; +25A5;SQUARE WITH VERTICAL FILL;So;0;ON;;;;;N;;;;; +25A6;SQUARE WITH ORTHOGONAL CROSSHATCH FILL;So;0;ON;;;;;N;;;;; +25A7;SQUARE WITH UPPER LEFT TO LOWER RIGHT FILL;So;0;ON;;;;;N;;;;; +25A8;SQUARE WITH UPPER RIGHT TO LOWER LEFT FILL;So;0;ON;;;;;N;;;;; +25A9;SQUARE WITH DIAGONAL CROSSHATCH FILL;So;0;ON;;;;;N;;;;; +25AA;BLACK SMALL SQUARE;So;0;ON;;;;;N;;;;; +25AB;WHITE SMALL SQUARE;So;0;ON;;;;;N;;;;; +25AC;BLACK RECTANGLE;So;0;ON;;;;;N;;;;; +25AD;WHITE RECTANGLE;So;0;ON;;;;;N;;;;; +25AE;BLACK VERTICAL RECTANGLE;So;0;ON;;;;;N;;;;; +25AF;WHITE VERTICAL RECTANGLE;So;0;ON;;;;;N;;;;; +25B0;BLACK PARALLELOGRAM;So;0;ON;;;;;N;;;;; +25B1;WHITE PARALLELOGRAM;So;0;ON;;;;;N;;;;; +25B2;BLACK UP-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK UP POINTING TRIANGLE;;;; +25B3;WHITE UP-POINTING TRIANGLE;So;0;ON;;;;;N;WHITE UP POINTING TRIANGLE;;;; +25B4;BLACK UP-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK UP POINTING SMALL TRIANGLE;;;; +25B5;WHITE UP-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE UP POINTING SMALL TRIANGLE;;;; +25B6;BLACK RIGHT-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK RIGHT POINTING TRIANGLE;;;; +25B7;WHITE RIGHT-POINTING TRIANGLE;Sm;0;ON;;;;;N;WHITE RIGHT POINTING TRIANGLE;;;; +25B8;BLACK RIGHT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK RIGHT POINTING SMALL TRIANGLE;;;; +25B9;WHITE RIGHT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE RIGHT POINTING SMALL TRIANGLE;;;; +25BA;BLACK RIGHT-POINTING POINTER;So;0;ON;;;;;N;BLACK RIGHT POINTING POINTER;;;; +25BB;WHITE RIGHT-POINTING POINTER;So;0;ON;;;;;N;WHITE RIGHT POINTING POINTER;;;; +25BC;BLACK DOWN-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK DOWN POINTING TRIANGLE;;;; +25BD;WHITE DOWN-POINTING TRIANGLE;So;0;ON;;;;;N;WHITE DOWN POINTING TRIANGLE;;;; +25BE;BLACK DOWN-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK DOWN POINTING SMALL TRIANGLE;;;; +25BF;WHITE DOWN-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE DOWN POINTING SMALL TRIANGLE;;;; +25C0;BLACK LEFT-POINTING TRIANGLE;So;0;ON;;;;;N;BLACK LEFT POINTING TRIANGLE;;;; +25C1;WHITE LEFT-POINTING TRIANGLE;Sm;0;ON;;;;;N;WHITE LEFT POINTING TRIANGLE;;;; +25C2;BLACK LEFT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;BLACK LEFT POINTING SMALL TRIANGLE;;;; +25C3;WHITE LEFT-POINTING SMALL TRIANGLE;So;0;ON;;;;;N;WHITE LEFT POINTING SMALL TRIANGLE;;;; +25C4;BLACK LEFT-POINTING POINTER;So;0;ON;;;;;N;BLACK LEFT POINTING POINTER;;;; +25C5;WHITE LEFT-POINTING POINTER;So;0;ON;;;;;N;WHITE LEFT POINTING POINTER;;;; +25C6;BLACK DIAMOND;So;0;ON;;;;;N;;;;; +25C7;WHITE DIAMOND;So;0;ON;;;;;N;;;;; +25C8;WHITE DIAMOND CONTAINING BLACK SMALL DIAMOND;So;0;ON;;;;;N;;;;; +25C9;FISHEYE;So;0;ON;;;;;N;;;;; +25CA;LOZENGE;So;0;ON;;;;;N;;;;; +25CB;WHITE CIRCLE;So;0;ON;;;;;N;;;;; +25CC;DOTTED CIRCLE;So;0;ON;;;;;N;;;;; +25CD;CIRCLE WITH VERTICAL FILL;So;0;ON;;;;;N;;;;; +25CE;BULLSEYE;So;0;ON;;;;;N;;;;; +25CF;BLACK CIRCLE;So;0;ON;;;;;N;;;;; +25D0;CIRCLE WITH LEFT HALF BLACK;So;0;ON;;;;;N;;;;; +25D1;CIRCLE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;;;;; +25D2;CIRCLE WITH LOWER HALF BLACK;So;0;ON;;;;;N;;;;; +25D3;CIRCLE WITH UPPER HALF BLACK;So;0;ON;;;;;N;;;;; +25D4;CIRCLE WITH UPPER RIGHT QUADRANT BLACK;So;0;ON;;;;;N;;;;; +25D5;CIRCLE WITH ALL BUT UPPER LEFT QUADRANT BLACK;So;0;ON;;;;;N;;;;; +25D6;LEFT HALF BLACK CIRCLE;So;0;ON;;;;;N;;;;; +25D7;RIGHT HALF BLACK CIRCLE;So;0;ON;;;;;N;;;;; +25D8;INVERSE BULLET;So;0;ON;;;;;N;;;;; +25D9;INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;; +25DA;UPPER HALF INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;; +25DB;LOWER HALF INVERSE WHITE CIRCLE;So;0;ON;;;;;N;;;;; +25DC;UPPER LEFT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;; +25DD;UPPER RIGHT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;; +25DE;LOWER RIGHT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;; +25DF;LOWER LEFT QUADRANT CIRCULAR ARC;So;0;ON;;;;;N;;;;; +25E0;UPPER HALF CIRCLE;So;0;ON;;;;;N;;;;; +25E1;LOWER HALF CIRCLE;So;0;ON;;;;;N;;;;; +25E2;BLACK LOWER RIGHT TRIANGLE;So;0;ON;;;;;N;;;;; +25E3;BLACK LOWER LEFT TRIANGLE;So;0;ON;;;;;N;;;;; +25E4;BLACK UPPER LEFT TRIANGLE;So;0;ON;;;;;N;;;;; +25E5;BLACK UPPER RIGHT TRIANGLE;So;0;ON;;;;;N;;;;; +25E6;WHITE BULLET;So;0;ON;;;;;N;;;;; +25E7;SQUARE WITH LEFT HALF BLACK;So;0;ON;;;;;N;;;;; +25E8;SQUARE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;;;;; +25E9;SQUARE WITH UPPER LEFT DIAGONAL HALF BLACK;So;0;ON;;;;;N;;;;; +25EA;SQUARE WITH LOWER RIGHT DIAGONAL HALF BLACK;So;0;ON;;;;;N;;;;; +25EB;WHITE SQUARE WITH VERTICAL BISECTING LINE;So;0;ON;;;;;N;;;;; +25EC;WHITE UP-POINTING TRIANGLE WITH DOT;So;0;ON;;;;;N;WHITE UP POINTING TRIANGLE WITH DOT;;;; +25ED;UP-POINTING TRIANGLE WITH LEFT HALF BLACK;So;0;ON;;;;;N;UP POINTING TRIANGLE WITH LEFT HALF BLACK;;;; +25EE;UP-POINTING TRIANGLE WITH RIGHT HALF BLACK;So;0;ON;;;;;N;UP POINTING TRIANGLE WITH RIGHT HALF BLACK;;;; +25EF;LARGE CIRCLE;So;0;ON;;;;;N;;;;; +25F0;WHITE SQUARE WITH UPPER LEFT QUADRANT;So;0;ON;;;;;N;;;;; +25F1;WHITE SQUARE WITH LOWER LEFT QUADRANT;So;0;ON;;;;;N;;;;; +25F2;WHITE SQUARE WITH LOWER RIGHT QUADRANT;So;0;ON;;;;;N;;;;; +25F3;WHITE SQUARE WITH UPPER RIGHT QUADRANT;So;0;ON;;;;;N;;;;; +25F4;WHITE CIRCLE WITH UPPER LEFT QUADRANT;So;0;ON;;;;;N;;;;; +25F5;WHITE CIRCLE WITH LOWER LEFT QUADRANT;So;0;ON;;;;;N;;;;; +25F6;WHITE CIRCLE WITH LOWER RIGHT QUADRANT;So;0;ON;;;;;N;;;;; +25F7;WHITE CIRCLE WITH UPPER RIGHT QUADRANT;So;0;ON;;;;;N;;;;; +25F8;UPPER LEFT TRIANGLE;Sm;0;ON;;;;;N;;;;; +25F9;UPPER RIGHT TRIANGLE;Sm;0;ON;;;;;N;;;;; +25FA;LOWER LEFT TRIANGLE;Sm;0;ON;;;;;N;;;;; +25FB;WHITE MEDIUM SQUARE;Sm;0;ON;;;;;N;;;;; +25FC;BLACK MEDIUM SQUARE;Sm;0;ON;;;;;N;;;;; +25FD;WHITE MEDIUM SMALL SQUARE;Sm;0;ON;;;;;N;;;;; +25FE;BLACK MEDIUM SMALL SQUARE;Sm;0;ON;;;;;N;;;;; +25FF;LOWER RIGHT TRIANGLE;Sm;0;ON;;;;;N;;;;; +2600;BLACK SUN WITH RAYS;So;0;ON;;;;;N;;;;; +2601;CLOUD;So;0;ON;;;;;N;;;;; +2602;UMBRELLA;So;0;ON;;;;;N;;;;; +2603;SNOWMAN;So;0;ON;;;;;N;;;;; +2604;COMET;So;0;ON;;;;;N;;;;; +2605;BLACK STAR;So;0;ON;;;;;N;;;;; +2606;WHITE STAR;So;0;ON;;;;;N;;;;; +2607;LIGHTNING;So;0;ON;;;;;N;;;;; +2608;THUNDERSTORM;So;0;ON;;;;;N;;;;; +2609;SUN;So;0;ON;;;;;N;;;;; +260A;ASCENDING NODE;So;0;ON;;;;;N;;;;; +260B;DESCENDING NODE;So;0;ON;;;;;N;;;;; +260C;CONJUNCTION;So;0;ON;;;;;N;;;;; +260D;OPPOSITION;So;0;ON;;;;;N;;;;; +260E;BLACK TELEPHONE;So;0;ON;;;;;N;;;;; +260F;WHITE TELEPHONE;So;0;ON;;;;;N;;;;; +2610;BALLOT BOX;So;0;ON;;;;;N;;;;; +2611;BALLOT BOX WITH CHECK;So;0;ON;;;;;N;;;;; +2612;BALLOT BOX WITH X;So;0;ON;;;;;N;;;;; +2613;SALTIRE;So;0;ON;;;;;N;;;;; +2616;WHITE SHOGI PIECE;So;0;ON;;;;;N;;;;; +2617;BLACK SHOGI PIECE;So;0;ON;;;;;N;;;;; +2619;REVERSED ROTATED FLORAL HEART BULLET;So;0;ON;;;;;N;;;;; +261A;BLACK LEFT POINTING INDEX;So;0;ON;;;;;N;;;;; +261B;BLACK RIGHT POINTING INDEX;So;0;ON;;;;;N;;;;; +261C;WHITE LEFT POINTING INDEX;So;0;ON;;;;;N;;;;; +261D;WHITE UP POINTING INDEX;So;0;ON;;;;;N;;;;; +261E;WHITE RIGHT POINTING INDEX;So;0;ON;;;;;N;;;;; +261F;WHITE DOWN POINTING INDEX;So;0;ON;;;;;N;;;;; +2620;SKULL AND CROSSBONES;So;0;ON;;;;;N;;;;; +2621;CAUTION SIGN;So;0;ON;;;;;N;;;;; +2622;RADIOACTIVE SIGN;So;0;ON;;;;;N;;;;; +2623;BIOHAZARD SIGN;So;0;ON;;;;;N;;;;; +2624;CADUCEUS;So;0;ON;;;;;N;;;;; +2625;ANKH;So;0;ON;;;;;N;;;;; +2626;ORTHODOX CROSS;So;0;ON;;;;;N;;;;; +2627;CHI RHO;So;0;ON;;;;;N;;;;; +2628;CROSS OF LORRAINE;So;0;ON;;;;;N;;;;; +2629;CROSS OF JERUSALEM;So;0;ON;;;;;N;;;;; +262A;STAR AND CRESCENT;So;0;ON;;;;;N;;;;; +262B;FARSI SYMBOL;So;0;ON;;;;;N;SYMBOL OF IRAN;;;; +262C;ADI SHAKTI;So;0;ON;;;;;N;;;;; +262D;HAMMER AND SICKLE;So;0;ON;;;;;N;;;;; +262E;PEACE SYMBOL;So;0;ON;;;;;N;;;;; +262F;YIN YANG;So;0;ON;;;;;N;;;;; +2630;TRIGRAM FOR HEAVEN;So;0;ON;;;;;N;;;;; +2631;TRIGRAM FOR LAKE;So;0;ON;;;;;N;;;;; +2632;TRIGRAM FOR FIRE;So;0;ON;;;;;N;;;;; +2633;TRIGRAM FOR THUNDER;So;0;ON;;;;;N;;;;; +2634;TRIGRAM FOR WIND;So;0;ON;;;;;N;;;;; +2635;TRIGRAM FOR WATER;So;0;ON;;;;;N;;;;; +2636;TRIGRAM FOR MOUNTAIN;So;0;ON;;;;;N;;;;; +2637;TRIGRAM FOR EARTH;So;0;ON;;;;;N;;;;; +2638;WHEEL OF DHARMA;So;0;ON;;;;;N;;;;; +2639;WHITE FROWNING FACE;So;0;ON;;;;;N;;;;; +263A;WHITE SMILING FACE;So;0;ON;;;;;N;;;;; +263B;BLACK SMILING FACE;So;0;ON;;;;;N;;;;; +263C;WHITE SUN WITH RAYS;So;0;ON;;;;;N;;;;; +263D;FIRST QUARTER MOON;So;0;ON;;;;;N;;;;; +263E;LAST QUARTER MOON;So;0;ON;;;;;N;;;;; +263F;MERCURY;So;0;ON;;;;;N;;;;; +2640;FEMALE SIGN;So;0;ON;;;;;N;;;;; +2641;EARTH;So;0;ON;;;;;N;;;;; +2642;MALE SIGN;So;0;ON;;;;;N;;;;; +2643;JUPITER;So;0;ON;;;;;N;;;;; +2644;SATURN;So;0;ON;;;;;N;;;;; +2645;URANUS;So;0;ON;;;;;N;;;;; +2646;NEPTUNE;So;0;ON;;;;;N;;;;; +2647;PLUTO;So;0;ON;;;;;N;;;;; +2648;ARIES;So;0;ON;;;;;N;;;;; +2649;TAURUS;So;0;ON;;;;;N;;;;; +264A;GEMINI;So;0;ON;;;;;N;;;;; +264B;CANCER;So;0;ON;;;;;N;;;;; +264C;LEO;So;0;ON;;;;;N;;;;; +264D;VIRGO;So;0;ON;;;;;N;;;;; +264E;LIBRA;So;0;ON;;;;;N;;;;; +264F;SCORPIUS;So;0;ON;;;;;N;;;;; +2650;SAGITTARIUS;So;0;ON;;;;;N;;;;; +2651;CAPRICORN;So;0;ON;;;;;N;;;;; +2652;AQUARIUS;So;0;ON;;;;;N;;;;; +2653;PISCES;So;0;ON;;;;;N;;;;; +2654;WHITE CHESS KING;So;0;ON;;;;;N;;;;; +2655;WHITE CHESS QUEEN;So;0;ON;;;;;N;;;;; +2656;WHITE CHESS ROOK;So;0;ON;;;;;N;;;;; +2657;WHITE CHESS BISHOP;So;0;ON;;;;;N;;;;; +2658;WHITE CHESS KNIGHT;So;0;ON;;;;;N;;;;; +2659;WHITE CHESS PAWN;So;0;ON;;;;;N;;;;; +265A;BLACK CHESS KING;So;0;ON;;;;;N;;;;; +265B;BLACK CHESS QUEEN;So;0;ON;;;;;N;;;;; +265C;BLACK CHESS ROOK;So;0;ON;;;;;N;;;;; +265D;BLACK CHESS BISHOP;So;0;ON;;;;;N;;;;; +265E;BLACK CHESS KNIGHT;So;0;ON;;;;;N;;;;; +265F;BLACK CHESS PAWN;So;0;ON;;;;;N;;;;; +2660;BLACK SPADE SUIT;So;0;ON;;;;;N;;;;; +2661;WHITE HEART SUIT;So;0;ON;;;;;N;;;;; +2662;WHITE DIAMOND SUIT;So;0;ON;;;;;N;;;;; +2663;BLACK CLUB SUIT;So;0;ON;;;;;N;;;;; +2664;WHITE SPADE SUIT;So;0;ON;;;;;N;;;;; +2665;BLACK HEART SUIT;So;0;ON;;;;;N;;;;; +2666;BLACK DIAMOND SUIT;So;0;ON;;;;;N;;;;; +2667;WHITE CLUB SUIT;So;0;ON;;;;;N;;;;; +2668;HOT SPRINGS;So;0;ON;;;;;N;;;;; +2669;QUARTER NOTE;So;0;ON;;;;;N;;;;; +266A;EIGHTH NOTE;So;0;ON;;;;;N;;;;; +266B;BEAMED EIGHTH NOTES;So;0;ON;;;;;N;BARRED EIGHTH NOTES;;;; +266C;BEAMED SIXTEENTH NOTES;So;0;ON;;;;;N;BARRED SIXTEENTH NOTES;;;; +266D;MUSIC FLAT SIGN;So;0;ON;;;;;N;FLAT;;;; +266E;MUSIC NATURAL SIGN;So;0;ON;;;;;N;NATURAL;;;; +266F;MUSIC SHARP SIGN;Sm;0;ON;;;;;N;SHARP;;;; +2670;WEST SYRIAC CROSS;So;0;ON;;;;;N;;;;; +2671;EAST SYRIAC CROSS;So;0;ON;;;;;N;;;;; +2672;UNIVERSAL RECYCLING SYMBOL;So;0;ON;;;;;N;;;;; +2673;RECYCLING SYMBOL FOR TYPE-1 PLASTICS;So;0;ON;;;;;N;;pete;;; +2674;RECYCLING SYMBOL FOR TYPE-2 PLASTICS;So;0;ON;;;;;N;;hdpe;;; +2675;RECYCLING SYMBOL FOR TYPE-3 PLASTICS;So;0;ON;;;;;N;;pvc;;; +2676;RECYCLING SYMBOL FOR TYPE-4 PLASTICS;So;0;ON;;;;;N;;ldpe;;; +2677;RECYCLING SYMBOL FOR TYPE-5 PLASTICS;So;0;ON;;;;;N;;pp;;; +2678;RECYCLING SYMBOL FOR TYPE-6 PLASTICS;So;0;ON;;;;;N;;ps;;; +2679;RECYCLING SYMBOL FOR TYPE-7 PLASTICS;So;0;ON;;;;;N;;other;;; +267A;RECYCLING SYMBOL FOR GENERIC MATERIALS;So;0;ON;;;;;N;;;;; +267B;BLACK UNIVERSAL RECYCLING SYMBOL;So;0;ON;;;;;N;;;;; +267C;RECYCLED PAPER SYMBOL;So;0;ON;;;;;N;;;;; +267D;PARTIALLY-RECYCLED PAPER SYMBOL;So;0;ON;;;;;N;;;;; +2680;DIE FACE-1;So;0;ON;;;;;N;;;;; +2681;DIE FACE-2;So;0;ON;;;;;N;;;;; +2682;DIE FACE-3;So;0;ON;;;;;N;;;;; +2683;DIE FACE-4;So;0;ON;;;;;N;;;;; +2684;DIE FACE-5;So;0;ON;;;;;N;;;;; +2685;DIE FACE-6;So;0;ON;;;;;N;;;;; +2686;WHITE CIRCLE WITH DOT RIGHT;So;0;ON;;;;;N;;;;; +2687;WHITE CIRCLE WITH TWO DOTS;So;0;ON;;;;;N;;;;; +2688;BLACK CIRCLE WITH WHITE DOT RIGHT;So;0;ON;;;;;N;;;;; +2689;BLACK CIRCLE WITH TWO WHITE DOTS;So;0;ON;;;;;N;;;;; +2701;UPPER BLADE SCISSORS;So;0;ON;;;;;N;;;;; +2702;BLACK SCISSORS;So;0;ON;;;;;N;;;;; +2703;LOWER BLADE SCISSORS;So;0;ON;;;;;N;;;;; +2704;WHITE SCISSORS;So;0;ON;;;;;N;;;;; +2706;TELEPHONE LOCATION SIGN;So;0;ON;;;;;N;;;;; +2707;TAPE DRIVE;So;0;ON;;;;;N;;;;; +2708;AIRPLANE;So;0;ON;;;;;N;;;;; +2709;ENVELOPE;So;0;ON;;;;;N;;;;; +270C;VICTORY HAND;So;0;ON;;;;;N;;;;; +270D;WRITING HAND;So;0;ON;;;;;N;;;;; +270E;LOWER RIGHT PENCIL;So;0;ON;;;;;N;;;;; +270F;PENCIL;So;0;ON;;;;;N;;;;; +2710;UPPER RIGHT PENCIL;So;0;ON;;;;;N;;;;; +2711;WHITE NIB;So;0;ON;;;;;N;;;;; +2712;BLACK NIB;So;0;ON;;;;;N;;;;; +2713;CHECK MARK;So;0;ON;;;;;N;;;;; +2714;HEAVY CHECK MARK;So;0;ON;;;;;N;;;;; +2715;MULTIPLICATION X;So;0;ON;;;;;N;;;;; +2716;HEAVY MULTIPLICATION X;So;0;ON;;;;;N;;;;; +2717;BALLOT X;So;0;ON;;;;;N;;;;; +2718;HEAVY BALLOT X;So;0;ON;;;;;N;;;;; +2719;OUTLINED GREEK CROSS;So;0;ON;;;;;N;;;;; +271A;HEAVY GREEK CROSS;So;0;ON;;;;;N;;;;; +271B;OPEN CENTRE CROSS;So;0;ON;;;;;N;OPEN CENTER CROSS;;;; +271C;HEAVY OPEN CENTRE CROSS;So;0;ON;;;;;N;HEAVY OPEN CENTER CROSS;;;; +271D;LATIN CROSS;So;0;ON;;;;;N;;;;; +271E;SHADOWED WHITE LATIN CROSS;So;0;ON;;;;;N;;;;; +271F;OUTLINED LATIN CROSS;So;0;ON;;;;;N;;;;; +2720;MALTESE CROSS;So;0;ON;;;;;N;;;;; +2721;STAR OF DAVID;So;0;ON;;;;;N;;;;; +2722;FOUR TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2723;FOUR BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2724;HEAVY FOUR BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2725;FOUR CLUB-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2726;BLACK FOUR POINTED STAR;So;0;ON;;;;;N;;;;; +2727;WHITE FOUR POINTED STAR;So;0;ON;;;;;N;;;;; +2729;STRESS OUTLINED WHITE STAR;So;0;ON;;;;;N;;;;; +272A;CIRCLED WHITE STAR;So;0;ON;;;;;N;;;;; +272B;OPEN CENTRE BLACK STAR;So;0;ON;;;;;N;OPEN CENTER BLACK STAR;;;; +272C;BLACK CENTRE WHITE STAR;So;0;ON;;;;;N;BLACK CENTER WHITE STAR;;;; +272D;OUTLINED BLACK STAR;So;0;ON;;;;;N;;;;; +272E;HEAVY OUTLINED BLACK STAR;So;0;ON;;;;;N;;;;; +272F;PINWHEEL STAR;So;0;ON;;;;;N;;;;; +2730;SHADOWED WHITE STAR;So;0;ON;;;;;N;;;;; +2731;HEAVY ASTERISK;So;0;ON;;;;;N;;;;; +2732;OPEN CENTRE ASTERISK;So;0;ON;;;;;N;OPEN CENTER ASTERISK;;;; +2733;EIGHT SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +2734;EIGHT POINTED BLACK STAR;So;0;ON;;;;;N;;;;; +2735;EIGHT POINTED PINWHEEL STAR;So;0;ON;;;;;N;;;;; +2736;SIX POINTED BLACK STAR;So;0;ON;;;;;N;;;;; +2737;EIGHT POINTED RECTILINEAR BLACK STAR;So;0;ON;;;;;N;;;;; +2738;HEAVY EIGHT POINTED RECTILINEAR BLACK STAR;So;0;ON;;;;;N;;;;; +2739;TWELVE POINTED BLACK STAR;So;0;ON;;;;;N;;;;; +273A;SIXTEEN POINTED ASTERISK;So;0;ON;;;;;N;;;;; +273B;TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +273C;OPEN CENTRE TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;OPEN CENTER TEARDROP-SPOKED ASTERISK;;;; +273D;HEAVY TEARDROP-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +273E;SIX PETALLED BLACK AND WHITE FLORETTE;So;0;ON;;;;;N;;;;; +273F;BLACK FLORETTE;So;0;ON;;;;;N;;;;; +2740;WHITE FLORETTE;So;0;ON;;;;;N;;;;; +2741;EIGHT PETALLED OUTLINED BLACK FLORETTE;So;0;ON;;;;;N;;;;; +2742;CIRCLED OPEN CENTRE EIGHT POINTED STAR;So;0;ON;;;;;N;CIRCLED OPEN CENTER EIGHT POINTED STAR;;;; +2743;HEAVY TEARDROP-SPOKED PINWHEEL ASTERISK;So;0;ON;;;;;N;;;;; +2744;SNOWFLAKE;So;0;ON;;;;;N;;;;; +2745;TIGHT TRIFOLIATE SNOWFLAKE;So;0;ON;;;;;N;;;;; +2746;HEAVY CHEVRON SNOWFLAKE;So;0;ON;;;;;N;;;;; +2747;SPARKLE;So;0;ON;;;;;N;;;;; +2748;HEAVY SPARKLE;So;0;ON;;;;;N;;;;; +2749;BALLOON-SPOKED ASTERISK;So;0;ON;;;;;N;;;;; +274A;EIGHT TEARDROP-SPOKED PROPELLER ASTERISK;So;0;ON;;;;;N;;;;; +274B;HEAVY EIGHT TEARDROP-SPOKED PROPELLER ASTERISK;So;0;ON;;;;;N;;;;; +274D;SHADOWED WHITE CIRCLE;So;0;ON;;;;;N;;;;; +274F;LOWER RIGHT DROP-SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;; +2750;UPPER RIGHT DROP-SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;; +2751;LOWER RIGHT SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;; +2752;UPPER RIGHT SHADOWED WHITE SQUARE;So;0;ON;;;;;N;;;;; +2756;BLACK DIAMOND MINUS WHITE X;So;0;ON;;;;;N;;;;; +2758;LIGHT VERTICAL BAR;So;0;ON;;;;;N;;;;; +2759;MEDIUM VERTICAL BAR;So;0;ON;;;;;N;;;;; +275A;HEAVY VERTICAL BAR;So;0;ON;;;;;N;;;;; +275B;HEAVY SINGLE TURNED COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +275C;HEAVY SINGLE COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +275D;HEAVY DOUBLE TURNED COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +275E;HEAVY DOUBLE COMMA QUOTATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +2761;CURVED STEM PARAGRAPH SIGN ORNAMENT;So;0;ON;;;;;N;;;;; +2762;HEAVY EXCLAMATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +2763;HEAVY HEART EXCLAMATION MARK ORNAMENT;So;0;ON;;;;;N;;;;; +2764;HEAVY BLACK HEART;So;0;ON;;;;;N;;;;; +2765;ROTATED HEAVY BLACK HEART BULLET;So;0;ON;;;;;N;;;;; +2766;FLORAL HEART;So;0;ON;;;;;N;;;;; +2767;ROTATED FLORAL HEART BULLET;So;0;ON;;;;;N;;;;; +2768;MEDIUM LEFT PARENTHESIS ORNAMENT;Ps;0;ON;;;;;Y;;;;; +2769;MEDIUM RIGHT PARENTHESIS ORNAMENT;Pe;0;ON;;;;;Y;;;;; +276A;MEDIUM FLATTENED LEFT PARENTHESIS ORNAMENT;Ps;0;ON;;;;;Y;;;;; +276B;MEDIUM FLATTENED RIGHT PARENTHESIS ORNAMENT;Pe;0;ON;;;;;Y;;;;; +276C;MEDIUM LEFT-POINTING ANGLE BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;; +276D;MEDIUM RIGHT-POINTING ANGLE BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;; +276E;HEAVY LEFT-POINTING ANGLE QUOTATION MARK ORNAMENT;Ps;0;ON;;;;;Y;;;;; +276F;HEAVY RIGHT-POINTING ANGLE QUOTATION MARK ORNAMENT;Pe;0;ON;;;;;Y;;;;; +2770;HEAVY LEFT-POINTING ANGLE BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;; +2771;HEAVY RIGHT-POINTING ANGLE BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;; +2772;LIGHT LEFT TORTOISE SHELL BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;; +2773;LIGHT RIGHT TORTOISE SHELL BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;; +2774;MEDIUM LEFT CURLY BRACKET ORNAMENT;Ps;0;ON;;;;;Y;;;;; +2775;MEDIUM RIGHT CURLY BRACKET ORNAMENT;Pe;0;ON;;;;;Y;;;;; +2776;DINGBAT NEGATIVE CIRCLED DIGIT ONE;No;0;ON;;;1;1;N;INVERSE CIRCLED DIGIT ONE;;;; +2777;DINGBAT NEGATIVE CIRCLED DIGIT TWO;No;0;ON;;;2;2;N;INVERSE CIRCLED DIGIT TWO;;;; +2778;DINGBAT NEGATIVE CIRCLED DIGIT THREE;No;0;ON;;;3;3;N;INVERSE CIRCLED DIGIT THREE;;;; +2779;DINGBAT NEGATIVE CIRCLED DIGIT FOUR;No;0;ON;;;4;4;N;INVERSE CIRCLED DIGIT FOUR;;;; +277A;DINGBAT NEGATIVE CIRCLED DIGIT FIVE;No;0;ON;;;5;5;N;INVERSE CIRCLED DIGIT FIVE;;;; +277B;DINGBAT NEGATIVE CIRCLED DIGIT SIX;No;0;ON;;;6;6;N;INVERSE CIRCLED DIGIT SIX;;;; +277C;DINGBAT NEGATIVE CIRCLED DIGIT SEVEN;No;0;ON;;;7;7;N;INVERSE CIRCLED DIGIT SEVEN;;;; +277D;DINGBAT NEGATIVE CIRCLED DIGIT EIGHT;No;0;ON;;;8;8;N;INVERSE CIRCLED DIGIT EIGHT;;;; +277E;DINGBAT NEGATIVE CIRCLED DIGIT NINE;No;0;ON;;;9;9;N;INVERSE CIRCLED DIGIT NINE;;;; +277F;DINGBAT NEGATIVE CIRCLED NUMBER TEN;No;0;ON;;;;10;N;INVERSE CIRCLED NUMBER TEN;;;; +2780;DINGBAT CIRCLED SANS-SERIF DIGIT ONE;No;0;ON;;;1;1;N;CIRCLED SANS-SERIF DIGIT ONE;;;; +2781;DINGBAT CIRCLED SANS-SERIF DIGIT TWO;No;0;ON;;;2;2;N;CIRCLED SANS-SERIF DIGIT TWO;;;; +2782;DINGBAT CIRCLED SANS-SERIF DIGIT THREE;No;0;ON;;;3;3;N;CIRCLED SANS-SERIF DIGIT THREE;;;; +2783;DINGBAT CIRCLED SANS-SERIF DIGIT FOUR;No;0;ON;;;4;4;N;CIRCLED SANS-SERIF DIGIT FOUR;;;; +2784;DINGBAT CIRCLED SANS-SERIF DIGIT FIVE;No;0;ON;;;5;5;N;CIRCLED SANS-SERIF DIGIT FIVE;;;; +2785;DINGBAT CIRCLED SANS-SERIF DIGIT SIX;No;0;ON;;;6;6;N;CIRCLED SANS-SERIF DIGIT SIX;;;; +2786;DINGBAT CIRCLED SANS-SERIF DIGIT SEVEN;No;0;ON;;;7;7;N;CIRCLED SANS-SERIF DIGIT SEVEN;;;; +2787;DINGBAT CIRCLED SANS-SERIF DIGIT EIGHT;No;0;ON;;;8;8;N;CIRCLED SANS-SERIF DIGIT EIGHT;;;; +2788;DINGBAT CIRCLED SANS-SERIF DIGIT NINE;No;0;ON;;;9;9;N;CIRCLED SANS-SERIF DIGIT NINE;;;; +2789;DINGBAT CIRCLED SANS-SERIF NUMBER TEN;No;0;ON;;;;10;N;CIRCLED SANS-SERIF NUMBER TEN;;;; +278A;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT ONE;No;0;ON;;;1;1;N;INVERSE CIRCLED SANS-SERIF DIGIT ONE;;;; +278B;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT TWO;No;0;ON;;;2;2;N;INVERSE CIRCLED SANS-SERIF DIGIT TWO;;;; +278C;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT THREE;No;0;ON;;;3;3;N;INVERSE CIRCLED SANS-SERIF DIGIT THREE;;;; +278D;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT FOUR;No;0;ON;;;4;4;N;INVERSE CIRCLED SANS-SERIF DIGIT FOUR;;;; +278E;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT FIVE;No;0;ON;;;5;5;N;INVERSE CIRCLED SANS-SERIF DIGIT FIVE;;;; +278F;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT SIX;No;0;ON;;;6;6;N;INVERSE CIRCLED SANS-SERIF DIGIT SIX;;;; +2790;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT SEVEN;No;0;ON;;;7;7;N;INVERSE CIRCLED SANS-SERIF DIGIT SEVEN;;;; +2791;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT EIGHT;No;0;ON;;;8;8;N;INVERSE CIRCLED SANS-SERIF DIGIT EIGHT;;;; +2792;DINGBAT NEGATIVE CIRCLED SANS-SERIF DIGIT NINE;No;0;ON;;;9;9;N;INVERSE CIRCLED SANS-SERIF DIGIT NINE;;;; +2793;DINGBAT NEGATIVE CIRCLED SANS-SERIF NUMBER TEN;No;0;ON;;;;10;N;INVERSE CIRCLED SANS-SERIF NUMBER TEN;;;; +2794;HEAVY WIDE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY WIDE-HEADED RIGHT ARROW;;;; +2798;HEAVY SOUTH EAST ARROW;So;0;ON;;;;;N;HEAVY LOWER RIGHT ARROW;;;; +2799;HEAVY RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY RIGHT ARROW;;;; +279A;HEAVY NORTH EAST ARROW;So;0;ON;;;;;N;HEAVY UPPER RIGHT ARROW;;;; +279B;DRAFTING POINT RIGHTWARDS ARROW;So;0;ON;;;;;N;DRAFTING POINT RIGHT ARROW;;;; +279C;HEAVY ROUND-TIPPED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY ROUND-TIPPED RIGHT ARROW;;;; +279D;TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;TRIANGLE-HEADED RIGHT ARROW;;;; +279E;HEAVY TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY TRIANGLE-HEADED RIGHT ARROW;;;; +279F;DASHED TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;DASHED TRIANGLE-HEADED RIGHT ARROW;;;; +27A0;HEAVY DASHED TRIANGLE-HEADED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY DASHED TRIANGLE-HEADED RIGHT ARROW;;;; +27A1;BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;BLACK RIGHT ARROW;;;; +27A2;THREE-D TOP-LIGHTED RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;THREE-D TOP-LIGHTED RIGHT ARROWHEAD;;;; +27A3;THREE-D BOTTOM-LIGHTED RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;THREE-D BOTTOM-LIGHTED RIGHT ARROWHEAD;;;; +27A4;BLACK RIGHTWARDS ARROWHEAD;So;0;ON;;;;;N;BLACK RIGHT ARROWHEAD;;;; +27A5;HEAVY BLACK CURVED DOWNWARDS AND RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK CURVED DOWN AND RIGHT ARROW;;;; +27A6;HEAVY BLACK CURVED UPWARDS AND RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK CURVED UP AND RIGHT ARROW;;;; +27A7;SQUAT BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;SQUAT BLACK RIGHT ARROW;;;; +27A8;HEAVY CONCAVE-POINTED BLACK RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY CONCAVE-POINTED BLACK RIGHT ARROW;;;; +27A9;RIGHT-SHADED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;RIGHT-SHADED WHITE RIGHT ARROW;;;; +27AA;LEFT-SHADED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;LEFT-SHADED WHITE RIGHT ARROW;;;; +27AB;BACK-TILTED SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;BACK-TILTED SHADOWED WHITE RIGHT ARROW;;;; +27AC;FRONT-TILTED SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;FRONT-TILTED SHADOWED WHITE RIGHT ARROW;;;; +27AD;HEAVY LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY LOWER RIGHT-SHADOWED WHITE RIGHT ARROW;;;; +27AE;HEAVY UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY UPPER RIGHT-SHADOWED WHITE RIGHT ARROW;;;; +27AF;NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;NOTCHED LOWER RIGHT-SHADOWED WHITE RIGHT ARROW;;;; +27B1;NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;NOTCHED UPPER RIGHT-SHADOWED WHITE RIGHT ARROW;;;; +27B2;CIRCLED HEAVY WHITE RIGHTWARDS ARROW;So;0;ON;;;;;N;CIRCLED HEAVY WHITE RIGHT ARROW;;;; +27B3;WHITE-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;WHITE-FEATHERED RIGHT ARROW;;;; +27B4;BLACK-FEATHERED SOUTH EAST ARROW;So;0;ON;;;;;N;BLACK-FEATHERED LOWER RIGHT ARROW;;;; +27B5;BLACK-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;BLACK-FEATHERED RIGHT ARROW;;;; +27B6;BLACK-FEATHERED NORTH EAST ARROW;So;0;ON;;;;;N;BLACK-FEATHERED UPPER RIGHT ARROW;;;; +27B7;HEAVY BLACK-FEATHERED SOUTH EAST ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED LOWER RIGHT ARROW;;;; +27B8;HEAVY BLACK-FEATHERED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED RIGHT ARROW;;;; +27B9;HEAVY BLACK-FEATHERED NORTH EAST ARROW;So;0;ON;;;;;N;HEAVY BLACK-FEATHERED UPPER RIGHT ARROW;;;; +27BA;TEARDROP-BARBED RIGHTWARDS ARROW;So;0;ON;;;;;N;TEARDROP-BARBED RIGHT ARROW;;;; +27BB;HEAVY TEARDROP-SHANKED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY TEARDROP-SHANKED RIGHT ARROW;;;; +27BC;WEDGE-TAILED RIGHTWARDS ARROW;So;0;ON;;;;;N;WEDGE-TAILED RIGHT ARROW;;;; +27BD;HEAVY WEDGE-TAILED RIGHTWARDS ARROW;So;0;ON;;;;;N;HEAVY WEDGE-TAILED RIGHT ARROW;;;; +27BE;OPEN-OUTLINED RIGHTWARDS ARROW;So;0;ON;;;;;N;OPEN-OUTLINED RIGHT ARROW;;;; +27D0;WHITE DIAMOND WITH CENTRED DOT;Sm;0;ON;;;;;N;;;;; +27D1;AND WITH DOT;Sm;0;ON;;;;;N;;;;; +27D2;ELEMENT OF OPENING UPWARDS;Sm;0;ON;;;;;N;;;;; +27D3;LOWER RIGHT CORNER WITH DOT;Sm;0;ON;;;;;Y;;;;; +27D4;UPPER LEFT CORNER WITH DOT;Sm;0;ON;;;;;Y;;;;; +27D5;LEFT OUTER JOIN;Sm;0;ON;;;;;Y;;;;; +27D6;RIGHT OUTER JOIN;Sm;0;ON;;;;;Y;;;;; +27D7;FULL OUTER JOIN;Sm;0;ON;;;;;N;;;;; +27D8;LARGE UP TACK;Sm;0;ON;;;;;N;;;;; +27D9;LARGE DOWN TACK;Sm;0;ON;;;;;N;;;;; +27DA;LEFT AND RIGHT DOUBLE TURNSTILE;Sm;0;ON;;;;;N;;;;; +27DB;LEFT AND RIGHT TACK;Sm;0;ON;;;;;N;;;;; +27DC;LEFT MULTIMAP;Sm;0;ON;;;;;Y;;;;; +27DD;LONG RIGHT TACK;Sm;0;ON;;;;;Y;;;;; +27DE;LONG LEFT TACK;Sm;0;ON;;;;;Y;;;;; +27DF;UP TACK WITH CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;; +27E0;LOZENGE DIVIDED BY HORIZONTAL RULE;Sm;0;ON;;;;;N;;;;; +27E1;WHITE CONCAVE-SIDED DIAMOND;Sm;0;ON;;;;;N;;;;; +27E2;WHITE CONCAVE-SIDED DIAMOND WITH LEFTWARDS TICK;Sm;0;ON;;;;;Y;;;;; +27E3;WHITE CONCAVE-SIDED DIAMOND WITH RIGHTWARDS TICK;Sm;0;ON;;;;;Y;;;;; +27E4;WHITE SQUARE WITH LEFTWARDS TICK;Sm;0;ON;;;;;Y;;;;; +27E5;WHITE SQUARE WITH RIGHTWARDS TICK;Sm;0;ON;;;;;Y;;;;; +27E6;MATHEMATICAL LEFT WHITE SQUARE BRACKET;Ps;0;ON;;;;;Y;;;;; +27E7;MATHEMATICAL RIGHT WHITE SQUARE BRACKET;Pe;0;ON;;;;;Y;;;;; +27E8;MATHEMATICAL LEFT ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;; +27E9;MATHEMATICAL RIGHT ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;; +27EA;MATHEMATICAL LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;; +27EB;MATHEMATICAL RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;; +27F0;UPWARDS QUADRUPLE ARROW;Sm;0;ON;;;;;N;;;;; +27F1;DOWNWARDS QUADRUPLE ARROW;Sm;0;ON;;;;;N;;;;; +27F2;ANTICLOCKWISE GAPPED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;; +27F3;CLOCKWISE GAPPED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;; +27F4;RIGHT ARROW WITH CIRCLED PLUS;Sm;0;ON;;;;;N;;;;; +27F5;LONG LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +27F6;LONG RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +27F7;LONG LEFT RIGHT ARROW;Sm;0;ON;;;;;N;;;;; +27F8;LONG LEFTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;;;;; +27F9;LONG RIGHTWARDS DOUBLE ARROW;Sm;0;ON;;;;;N;;;;; +27FA;LONG LEFT RIGHT DOUBLE ARROW;Sm;0;ON;;;;;N;;;;; +27FB;LONG LEFTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +27FC;LONG RIGHTWARDS ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +27FD;LONG LEFTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +27FE;LONG RIGHTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +27FF;LONG RIGHTWARDS SQUIGGLE ARROW;Sm;0;ON;;;;;N;;;;; +2800;BRAILLE PATTERN BLANK;So;0;ON;;;;;N;;;;; +2801;BRAILLE PATTERN DOTS-1;So;0;ON;;;;;N;;;;; +2802;BRAILLE PATTERN DOTS-2;So;0;ON;;;;;N;;;;; +2803;BRAILLE PATTERN DOTS-12;So;0;ON;;;;;N;;;;; +2804;BRAILLE PATTERN DOTS-3;So;0;ON;;;;;N;;;;; +2805;BRAILLE PATTERN DOTS-13;So;0;ON;;;;;N;;;;; +2806;BRAILLE PATTERN DOTS-23;So;0;ON;;;;;N;;;;; +2807;BRAILLE PATTERN DOTS-123;So;0;ON;;;;;N;;;;; +2808;BRAILLE PATTERN DOTS-4;So;0;ON;;;;;N;;;;; +2809;BRAILLE PATTERN DOTS-14;So;0;ON;;;;;N;;;;; +280A;BRAILLE PATTERN DOTS-24;So;0;ON;;;;;N;;;;; +280B;BRAILLE PATTERN DOTS-124;So;0;ON;;;;;N;;;;; +280C;BRAILLE PATTERN DOTS-34;So;0;ON;;;;;N;;;;; +280D;BRAILLE PATTERN DOTS-134;So;0;ON;;;;;N;;;;; +280E;BRAILLE PATTERN DOTS-234;So;0;ON;;;;;N;;;;; +280F;BRAILLE PATTERN DOTS-1234;So;0;ON;;;;;N;;;;; +2810;BRAILLE PATTERN DOTS-5;So;0;ON;;;;;N;;;;; +2811;BRAILLE PATTERN DOTS-15;So;0;ON;;;;;N;;;;; +2812;BRAILLE PATTERN DOTS-25;So;0;ON;;;;;N;;;;; +2813;BRAILLE PATTERN DOTS-125;So;0;ON;;;;;N;;;;; +2814;BRAILLE PATTERN DOTS-35;So;0;ON;;;;;N;;;;; +2815;BRAILLE PATTERN DOTS-135;So;0;ON;;;;;N;;;;; +2816;BRAILLE PATTERN DOTS-235;So;0;ON;;;;;N;;;;; +2817;BRAILLE PATTERN DOTS-1235;So;0;ON;;;;;N;;;;; +2818;BRAILLE PATTERN DOTS-45;So;0;ON;;;;;N;;;;; +2819;BRAILLE PATTERN DOTS-145;So;0;ON;;;;;N;;;;; +281A;BRAILLE PATTERN DOTS-245;So;0;ON;;;;;N;;;;; +281B;BRAILLE PATTERN DOTS-1245;So;0;ON;;;;;N;;;;; +281C;BRAILLE PATTERN DOTS-345;So;0;ON;;;;;N;;;;; +281D;BRAILLE PATTERN DOTS-1345;So;0;ON;;;;;N;;;;; +281E;BRAILLE PATTERN DOTS-2345;So;0;ON;;;;;N;;;;; +281F;BRAILLE PATTERN DOTS-12345;So;0;ON;;;;;N;;;;; +2820;BRAILLE PATTERN DOTS-6;So;0;ON;;;;;N;;;;; +2821;BRAILLE PATTERN DOTS-16;So;0;ON;;;;;N;;;;; +2822;BRAILLE PATTERN DOTS-26;So;0;ON;;;;;N;;;;; +2823;BRAILLE PATTERN DOTS-126;So;0;ON;;;;;N;;;;; +2824;BRAILLE PATTERN DOTS-36;So;0;ON;;;;;N;;;;; +2825;BRAILLE PATTERN DOTS-136;So;0;ON;;;;;N;;;;; +2826;BRAILLE PATTERN DOTS-236;So;0;ON;;;;;N;;;;; +2827;BRAILLE PATTERN DOTS-1236;So;0;ON;;;;;N;;;;; +2828;BRAILLE PATTERN DOTS-46;So;0;ON;;;;;N;;;;; +2829;BRAILLE PATTERN DOTS-146;So;0;ON;;;;;N;;;;; +282A;BRAILLE PATTERN DOTS-246;So;0;ON;;;;;N;;;;; +282B;BRAILLE PATTERN DOTS-1246;So;0;ON;;;;;N;;;;; +282C;BRAILLE PATTERN DOTS-346;So;0;ON;;;;;N;;;;; +282D;BRAILLE PATTERN DOTS-1346;So;0;ON;;;;;N;;;;; +282E;BRAILLE PATTERN DOTS-2346;So;0;ON;;;;;N;;;;; +282F;BRAILLE PATTERN DOTS-12346;So;0;ON;;;;;N;;;;; +2830;BRAILLE PATTERN DOTS-56;So;0;ON;;;;;N;;;;; +2831;BRAILLE PATTERN DOTS-156;So;0;ON;;;;;N;;;;; +2832;BRAILLE PATTERN DOTS-256;So;0;ON;;;;;N;;;;; +2833;BRAILLE PATTERN DOTS-1256;So;0;ON;;;;;N;;;;; +2834;BRAILLE PATTERN DOTS-356;So;0;ON;;;;;N;;;;; +2835;BRAILLE PATTERN DOTS-1356;So;0;ON;;;;;N;;;;; +2836;BRAILLE PATTERN DOTS-2356;So;0;ON;;;;;N;;;;; +2837;BRAILLE PATTERN DOTS-12356;So;0;ON;;;;;N;;;;; +2838;BRAILLE PATTERN DOTS-456;So;0;ON;;;;;N;;;;; +2839;BRAILLE PATTERN DOTS-1456;So;0;ON;;;;;N;;;;; +283A;BRAILLE PATTERN DOTS-2456;So;0;ON;;;;;N;;;;; +283B;BRAILLE PATTERN DOTS-12456;So;0;ON;;;;;N;;;;; +283C;BRAILLE PATTERN DOTS-3456;So;0;ON;;;;;N;;;;; +283D;BRAILLE PATTERN DOTS-13456;So;0;ON;;;;;N;;;;; +283E;BRAILLE PATTERN DOTS-23456;So;0;ON;;;;;N;;;;; +283F;BRAILLE PATTERN DOTS-123456;So;0;ON;;;;;N;;;;; +2840;BRAILLE PATTERN DOTS-7;So;0;ON;;;;;N;;;;; +2841;BRAILLE PATTERN DOTS-17;So;0;ON;;;;;N;;;;; +2842;BRAILLE PATTERN DOTS-27;So;0;ON;;;;;N;;;;; +2843;BRAILLE PATTERN DOTS-127;So;0;ON;;;;;N;;;;; +2844;BRAILLE PATTERN DOTS-37;So;0;ON;;;;;N;;;;; +2845;BRAILLE PATTERN DOTS-137;So;0;ON;;;;;N;;;;; +2846;BRAILLE PATTERN DOTS-237;So;0;ON;;;;;N;;;;; +2847;BRAILLE PATTERN DOTS-1237;So;0;ON;;;;;N;;;;; +2848;BRAILLE PATTERN DOTS-47;So;0;ON;;;;;N;;;;; +2849;BRAILLE PATTERN DOTS-147;So;0;ON;;;;;N;;;;; +284A;BRAILLE PATTERN DOTS-247;So;0;ON;;;;;N;;;;; +284B;BRAILLE PATTERN DOTS-1247;So;0;ON;;;;;N;;;;; +284C;BRAILLE PATTERN DOTS-347;So;0;ON;;;;;N;;;;; +284D;BRAILLE PATTERN DOTS-1347;So;0;ON;;;;;N;;;;; +284E;BRAILLE PATTERN DOTS-2347;So;0;ON;;;;;N;;;;; +284F;BRAILLE PATTERN DOTS-12347;So;0;ON;;;;;N;;;;; +2850;BRAILLE PATTERN DOTS-57;So;0;ON;;;;;N;;;;; +2851;BRAILLE PATTERN DOTS-157;So;0;ON;;;;;N;;;;; +2852;BRAILLE PATTERN DOTS-257;So;0;ON;;;;;N;;;;; +2853;BRAILLE PATTERN DOTS-1257;So;0;ON;;;;;N;;;;; +2854;BRAILLE PATTERN DOTS-357;So;0;ON;;;;;N;;;;; +2855;BRAILLE PATTERN DOTS-1357;So;0;ON;;;;;N;;;;; +2856;BRAILLE PATTERN DOTS-2357;So;0;ON;;;;;N;;;;; +2857;BRAILLE PATTERN DOTS-12357;So;0;ON;;;;;N;;;;; +2858;BRAILLE PATTERN DOTS-457;So;0;ON;;;;;N;;;;; +2859;BRAILLE PATTERN DOTS-1457;So;0;ON;;;;;N;;;;; +285A;BRAILLE PATTERN DOTS-2457;So;0;ON;;;;;N;;;;; +285B;BRAILLE PATTERN DOTS-12457;So;0;ON;;;;;N;;;;; +285C;BRAILLE PATTERN DOTS-3457;So;0;ON;;;;;N;;;;; +285D;BRAILLE PATTERN DOTS-13457;So;0;ON;;;;;N;;;;; +285E;BRAILLE PATTERN DOTS-23457;So;0;ON;;;;;N;;;;; +285F;BRAILLE PATTERN DOTS-123457;So;0;ON;;;;;N;;;;; +2860;BRAILLE PATTERN DOTS-67;So;0;ON;;;;;N;;;;; +2861;BRAILLE PATTERN DOTS-167;So;0;ON;;;;;N;;;;; +2862;BRAILLE PATTERN DOTS-267;So;0;ON;;;;;N;;;;; +2863;BRAILLE PATTERN DOTS-1267;So;0;ON;;;;;N;;;;; +2864;BRAILLE PATTERN DOTS-367;So;0;ON;;;;;N;;;;; +2865;BRAILLE PATTERN DOTS-1367;So;0;ON;;;;;N;;;;; +2866;BRAILLE PATTERN DOTS-2367;So;0;ON;;;;;N;;;;; +2867;BRAILLE PATTERN DOTS-12367;So;0;ON;;;;;N;;;;; +2868;BRAILLE PATTERN DOTS-467;So;0;ON;;;;;N;;;;; +2869;BRAILLE PATTERN DOTS-1467;So;0;ON;;;;;N;;;;; +286A;BRAILLE PATTERN DOTS-2467;So;0;ON;;;;;N;;;;; +286B;BRAILLE PATTERN DOTS-12467;So;0;ON;;;;;N;;;;; +286C;BRAILLE PATTERN DOTS-3467;So;0;ON;;;;;N;;;;; +286D;BRAILLE PATTERN DOTS-13467;So;0;ON;;;;;N;;;;; +286E;BRAILLE PATTERN DOTS-23467;So;0;ON;;;;;N;;;;; +286F;BRAILLE PATTERN DOTS-123467;So;0;ON;;;;;N;;;;; +2870;BRAILLE PATTERN DOTS-567;So;0;ON;;;;;N;;;;; +2871;BRAILLE PATTERN DOTS-1567;So;0;ON;;;;;N;;;;; +2872;BRAILLE PATTERN DOTS-2567;So;0;ON;;;;;N;;;;; +2873;BRAILLE PATTERN DOTS-12567;So;0;ON;;;;;N;;;;; +2874;BRAILLE PATTERN DOTS-3567;So;0;ON;;;;;N;;;;; +2875;BRAILLE PATTERN DOTS-13567;So;0;ON;;;;;N;;;;; +2876;BRAILLE PATTERN DOTS-23567;So;0;ON;;;;;N;;;;; +2877;BRAILLE PATTERN DOTS-123567;So;0;ON;;;;;N;;;;; +2878;BRAILLE PATTERN DOTS-4567;So;0;ON;;;;;N;;;;; +2879;BRAILLE PATTERN DOTS-14567;So;0;ON;;;;;N;;;;; +287A;BRAILLE PATTERN DOTS-24567;So;0;ON;;;;;N;;;;; +287B;BRAILLE PATTERN DOTS-124567;So;0;ON;;;;;N;;;;; +287C;BRAILLE PATTERN DOTS-34567;So;0;ON;;;;;N;;;;; +287D;BRAILLE PATTERN DOTS-134567;So;0;ON;;;;;N;;;;; +287E;BRAILLE PATTERN DOTS-234567;So;0;ON;;;;;N;;;;; +287F;BRAILLE PATTERN DOTS-1234567;So;0;ON;;;;;N;;;;; +2880;BRAILLE PATTERN DOTS-8;So;0;ON;;;;;N;;;;; +2881;BRAILLE PATTERN DOTS-18;So;0;ON;;;;;N;;;;; +2882;BRAILLE PATTERN DOTS-28;So;0;ON;;;;;N;;;;; +2883;BRAILLE PATTERN DOTS-128;So;0;ON;;;;;N;;;;; +2884;BRAILLE PATTERN DOTS-38;So;0;ON;;;;;N;;;;; +2885;BRAILLE PATTERN DOTS-138;So;0;ON;;;;;N;;;;; +2886;BRAILLE PATTERN DOTS-238;So;0;ON;;;;;N;;;;; +2887;BRAILLE PATTERN DOTS-1238;So;0;ON;;;;;N;;;;; +2888;BRAILLE PATTERN DOTS-48;So;0;ON;;;;;N;;;;; +2889;BRAILLE PATTERN DOTS-148;So;0;ON;;;;;N;;;;; +288A;BRAILLE PATTERN DOTS-248;So;0;ON;;;;;N;;;;; +288B;BRAILLE PATTERN DOTS-1248;So;0;ON;;;;;N;;;;; +288C;BRAILLE PATTERN DOTS-348;So;0;ON;;;;;N;;;;; +288D;BRAILLE PATTERN DOTS-1348;So;0;ON;;;;;N;;;;; +288E;BRAILLE PATTERN DOTS-2348;So;0;ON;;;;;N;;;;; +288F;BRAILLE PATTERN DOTS-12348;So;0;ON;;;;;N;;;;; +2890;BRAILLE PATTERN DOTS-58;So;0;ON;;;;;N;;;;; +2891;BRAILLE PATTERN DOTS-158;So;0;ON;;;;;N;;;;; +2892;BRAILLE PATTERN DOTS-258;So;0;ON;;;;;N;;;;; +2893;BRAILLE PATTERN DOTS-1258;So;0;ON;;;;;N;;;;; +2894;BRAILLE PATTERN DOTS-358;So;0;ON;;;;;N;;;;; +2895;BRAILLE PATTERN DOTS-1358;So;0;ON;;;;;N;;;;; +2896;BRAILLE PATTERN DOTS-2358;So;0;ON;;;;;N;;;;; +2897;BRAILLE PATTERN DOTS-12358;So;0;ON;;;;;N;;;;; +2898;BRAILLE PATTERN DOTS-458;So;0;ON;;;;;N;;;;; +2899;BRAILLE PATTERN DOTS-1458;So;0;ON;;;;;N;;;;; +289A;BRAILLE PATTERN DOTS-2458;So;0;ON;;;;;N;;;;; +289B;BRAILLE PATTERN DOTS-12458;So;0;ON;;;;;N;;;;; +289C;BRAILLE PATTERN DOTS-3458;So;0;ON;;;;;N;;;;; +289D;BRAILLE PATTERN DOTS-13458;So;0;ON;;;;;N;;;;; +289E;BRAILLE PATTERN DOTS-23458;So;0;ON;;;;;N;;;;; +289F;BRAILLE PATTERN DOTS-123458;So;0;ON;;;;;N;;;;; +28A0;BRAILLE PATTERN DOTS-68;So;0;ON;;;;;N;;;;; +28A1;BRAILLE PATTERN DOTS-168;So;0;ON;;;;;N;;;;; +28A2;BRAILLE PATTERN DOTS-268;So;0;ON;;;;;N;;;;; +28A3;BRAILLE PATTERN DOTS-1268;So;0;ON;;;;;N;;;;; +28A4;BRAILLE PATTERN DOTS-368;So;0;ON;;;;;N;;;;; +28A5;BRAILLE PATTERN DOTS-1368;So;0;ON;;;;;N;;;;; +28A6;BRAILLE PATTERN DOTS-2368;So;0;ON;;;;;N;;;;; +28A7;BRAILLE PATTERN DOTS-12368;So;0;ON;;;;;N;;;;; +28A8;BRAILLE PATTERN DOTS-468;So;0;ON;;;;;N;;;;; +28A9;BRAILLE PATTERN DOTS-1468;So;0;ON;;;;;N;;;;; +28AA;BRAILLE PATTERN DOTS-2468;So;0;ON;;;;;N;;;;; +28AB;BRAILLE PATTERN DOTS-12468;So;0;ON;;;;;N;;;;; +28AC;BRAILLE PATTERN DOTS-3468;So;0;ON;;;;;N;;;;; +28AD;BRAILLE PATTERN DOTS-13468;So;0;ON;;;;;N;;;;; +28AE;BRAILLE PATTERN DOTS-23468;So;0;ON;;;;;N;;;;; +28AF;BRAILLE PATTERN DOTS-123468;So;0;ON;;;;;N;;;;; +28B0;BRAILLE PATTERN DOTS-568;So;0;ON;;;;;N;;;;; +28B1;BRAILLE PATTERN DOTS-1568;So;0;ON;;;;;N;;;;; +28B2;BRAILLE PATTERN DOTS-2568;So;0;ON;;;;;N;;;;; +28B3;BRAILLE PATTERN DOTS-12568;So;0;ON;;;;;N;;;;; +28B4;BRAILLE PATTERN DOTS-3568;So;0;ON;;;;;N;;;;; +28B5;BRAILLE PATTERN DOTS-13568;So;0;ON;;;;;N;;;;; +28B6;BRAILLE PATTERN DOTS-23568;So;0;ON;;;;;N;;;;; +28B7;BRAILLE PATTERN DOTS-123568;So;0;ON;;;;;N;;;;; +28B8;BRAILLE PATTERN DOTS-4568;So;0;ON;;;;;N;;;;; +28B9;BRAILLE PATTERN DOTS-14568;So;0;ON;;;;;N;;;;; +28BA;BRAILLE PATTERN DOTS-24568;So;0;ON;;;;;N;;;;; +28BB;BRAILLE PATTERN DOTS-124568;So;0;ON;;;;;N;;;;; +28BC;BRAILLE PATTERN DOTS-34568;So;0;ON;;;;;N;;;;; +28BD;BRAILLE PATTERN DOTS-134568;So;0;ON;;;;;N;;;;; +28BE;BRAILLE PATTERN DOTS-234568;So;0;ON;;;;;N;;;;; +28BF;BRAILLE PATTERN DOTS-1234568;So;0;ON;;;;;N;;;;; +28C0;BRAILLE PATTERN DOTS-78;So;0;ON;;;;;N;;;;; +28C1;BRAILLE PATTERN DOTS-178;So;0;ON;;;;;N;;;;; +28C2;BRAILLE PATTERN DOTS-278;So;0;ON;;;;;N;;;;; +28C3;BRAILLE PATTERN DOTS-1278;So;0;ON;;;;;N;;;;; +28C4;BRAILLE PATTERN DOTS-378;So;0;ON;;;;;N;;;;; +28C5;BRAILLE PATTERN DOTS-1378;So;0;ON;;;;;N;;;;; +28C6;BRAILLE PATTERN DOTS-2378;So;0;ON;;;;;N;;;;; +28C7;BRAILLE PATTERN DOTS-12378;So;0;ON;;;;;N;;;;; +28C8;BRAILLE PATTERN DOTS-478;So;0;ON;;;;;N;;;;; +28C9;BRAILLE PATTERN DOTS-1478;So;0;ON;;;;;N;;;;; +28CA;BRAILLE PATTERN DOTS-2478;So;0;ON;;;;;N;;;;; +28CB;BRAILLE PATTERN DOTS-12478;So;0;ON;;;;;N;;;;; +28CC;BRAILLE PATTERN DOTS-3478;So;0;ON;;;;;N;;;;; +28CD;BRAILLE PATTERN DOTS-13478;So;0;ON;;;;;N;;;;; +28CE;BRAILLE PATTERN DOTS-23478;So;0;ON;;;;;N;;;;; +28CF;BRAILLE PATTERN DOTS-123478;So;0;ON;;;;;N;;;;; +28D0;BRAILLE PATTERN DOTS-578;So;0;ON;;;;;N;;;;; +28D1;BRAILLE PATTERN DOTS-1578;So;0;ON;;;;;N;;;;; +28D2;BRAILLE PATTERN DOTS-2578;So;0;ON;;;;;N;;;;; +28D3;BRAILLE PATTERN DOTS-12578;So;0;ON;;;;;N;;;;; +28D4;BRAILLE PATTERN DOTS-3578;So;0;ON;;;;;N;;;;; +28D5;BRAILLE PATTERN DOTS-13578;So;0;ON;;;;;N;;;;; +28D6;BRAILLE PATTERN DOTS-23578;So;0;ON;;;;;N;;;;; +28D7;BRAILLE PATTERN DOTS-123578;So;0;ON;;;;;N;;;;; +28D8;BRAILLE PATTERN DOTS-4578;So;0;ON;;;;;N;;;;; +28D9;BRAILLE PATTERN DOTS-14578;So;0;ON;;;;;N;;;;; +28DA;BRAILLE PATTERN DOTS-24578;So;0;ON;;;;;N;;;;; +28DB;BRAILLE PATTERN DOTS-124578;So;0;ON;;;;;N;;;;; +28DC;BRAILLE PATTERN DOTS-34578;So;0;ON;;;;;N;;;;; +28DD;BRAILLE PATTERN DOTS-134578;So;0;ON;;;;;N;;;;; +28DE;BRAILLE PATTERN DOTS-234578;So;0;ON;;;;;N;;;;; +28DF;BRAILLE PATTERN DOTS-1234578;So;0;ON;;;;;N;;;;; +28E0;BRAILLE PATTERN DOTS-678;So;0;ON;;;;;N;;;;; +28E1;BRAILLE PATTERN DOTS-1678;So;0;ON;;;;;N;;;;; +28E2;BRAILLE PATTERN DOTS-2678;So;0;ON;;;;;N;;;;; +28E3;BRAILLE PATTERN DOTS-12678;So;0;ON;;;;;N;;;;; +28E4;BRAILLE PATTERN DOTS-3678;So;0;ON;;;;;N;;;;; +28E5;BRAILLE PATTERN DOTS-13678;So;0;ON;;;;;N;;;;; +28E6;BRAILLE PATTERN DOTS-23678;So;0;ON;;;;;N;;;;; +28E7;BRAILLE PATTERN DOTS-123678;So;0;ON;;;;;N;;;;; +28E8;BRAILLE PATTERN DOTS-4678;So;0;ON;;;;;N;;;;; +28E9;BRAILLE PATTERN DOTS-14678;So;0;ON;;;;;N;;;;; +28EA;BRAILLE PATTERN DOTS-24678;So;0;ON;;;;;N;;;;; +28EB;BRAILLE PATTERN DOTS-124678;So;0;ON;;;;;N;;;;; +28EC;BRAILLE PATTERN DOTS-34678;So;0;ON;;;;;N;;;;; +28ED;BRAILLE PATTERN DOTS-134678;So;0;ON;;;;;N;;;;; +28EE;BRAILLE PATTERN DOTS-234678;So;0;ON;;;;;N;;;;; +28EF;BRAILLE PATTERN DOTS-1234678;So;0;ON;;;;;N;;;;; +28F0;BRAILLE PATTERN DOTS-5678;So;0;ON;;;;;N;;;;; +28F1;BRAILLE PATTERN DOTS-15678;So;0;ON;;;;;N;;;;; +28F2;BRAILLE PATTERN DOTS-25678;So;0;ON;;;;;N;;;;; +28F3;BRAILLE PATTERN DOTS-125678;So;0;ON;;;;;N;;;;; +28F4;BRAILLE PATTERN DOTS-35678;So;0;ON;;;;;N;;;;; +28F5;BRAILLE PATTERN DOTS-135678;So;0;ON;;;;;N;;;;; +28F6;BRAILLE PATTERN DOTS-235678;So;0;ON;;;;;N;;;;; +28F7;BRAILLE PATTERN DOTS-1235678;So;0;ON;;;;;N;;;;; +28F8;BRAILLE PATTERN DOTS-45678;So;0;ON;;;;;N;;;;; +28F9;BRAILLE PATTERN DOTS-145678;So;0;ON;;;;;N;;;;; +28FA;BRAILLE PATTERN DOTS-245678;So;0;ON;;;;;N;;;;; +28FB;BRAILLE PATTERN DOTS-1245678;So;0;ON;;;;;N;;;;; +28FC;BRAILLE PATTERN DOTS-345678;So;0;ON;;;;;N;;;;; +28FD;BRAILLE PATTERN DOTS-1345678;So;0;ON;;;;;N;;;;; +28FE;BRAILLE PATTERN DOTS-2345678;So;0;ON;;;;;N;;;;; +28FF;BRAILLE PATTERN DOTS-12345678;So;0;ON;;;;;N;;;;; +2900;RIGHTWARDS TWO-HEADED ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2901;RIGHTWARDS TWO-HEADED ARROW WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2902;LEFTWARDS DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2903;RIGHTWARDS DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2904;LEFT RIGHT DOUBLE ARROW WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2905;RIGHTWARDS TWO-HEADED ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +2906;LEFTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +2907;RIGHTWARDS DOUBLE ARROW FROM BAR;Sm;0;ON;;;;;N;;;;; +2908;DOWNWARDS ARROW WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;; +2909;UPWARDS ARROW WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;; +290A;UPWARDS TRIPLE ARROW;Sm;0;ON;;;;;N;;;;; +290B;DOWNWARDS TRIPLE ARROW;Sm;0;ON;;;;;N;;;;; +290C;LEFTWARDS DOUBLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +290D;RIGHTWARDS DOUBLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +290E;LEFTWARDS TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +290F;RIGHTWARDS TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +2910;RIGHTWARDS TWO-HEADED TRIPLE DASH ARROW;Sm;0;ON;;;;;N;;;;; +2911;RIGHTWARDS ARROW WITH DOTTED STEM;Sm;0;ON;;;;;N;;;;; +2912;UPWARDS ARROW TO BAR;Sm;0;ON;;;;;N;;;;; +2913;DOWNWARDS ARROW TO BAR;Sm;0;ON;;;;;N;;;;; +2914;RIGHTWARDS ARROW WITH TAIL WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2915;RIGHTWARDS ARROW WITH TAIL WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2916;RIGHTWARDS TWO-HEADED ARROW WITH TAIL;Sm;0;ON;;;;;N;;;;; +2917;RIGHTWARDS TWO-HEADED ARROW WITH TAIL WITH VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2918;RIGHTWARDS TWO-HEADED ARROW WITH TAIL WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2919;LEFTWARDS ARROW-TAIL;Sm;0;ON;;;;;N;;;;; +291A;RIGHTWARDS ARROW-TAIL;Sm;0;ON;;;;;N;;;;; +291B;LEFTWARDS DOUBLE ARROW-TAIL;Sm;0;ON;;;;;N;;;;; +291C;RIGHTWARDS DOUBLE ARROW-TAIL;Sm;0;ON;;;;;N;;;;; +291D;LEFTWARDS ARROW TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +291E;RIGHTWARDS ARROW TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +291F;LEFTWARDS ARROW FROM BAR TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +2920;RIGHTWARDS ARROW FROM BAR TO BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +2921;NORTH WEST AND SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2922;NORTH EAST AND SOUTH WEST ARROW;Sm;0;ON;;;;;N;;;;; +2923;NORTH WEST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;; +2924;NORTH EAST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;; +2925;SOUTH EAST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;; +2926;SOUTH WEST ARROW WITH HOOK;Sm;0;ON;;;;;N;;;;; +2927;NORTH WEST ARROW AND NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2928;NORTH EAST ARROW AND SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2929;SOUTH EAST ARROW AND SOUTH WEST ARROW;Sm;0;ON;;;;;N;;;;; +292A;SOUTH WEST ARROW AND NORTH WEST ARROW;Sm;0;ON;;;;;N;;;;; +292B;RISING DIAGONAL CROSSING FALLING DIAGONAL;Sm;0;ON;;;;;N;;;;; +292C;FALLING DIAGONAL CROSSING RISING DIAGONAL;Sm;0;ON;;;;;N;;;;; +292D;SOUTH EAST ARROW CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +292E;NORTH EAST ARROW CROSSING SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +292F;FALLING DIAGONAL CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2930;RISING DIAGONAL CROSSING SOUTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2931;NORTH EAST ARROW CROSSING NORTH WEST ARROW;Sm;0;ON;;;;;N;;;;; +2932;NORTH WEST ARROW CROSSING NORTH EAST ARROW;Sm;0;ON;;;;;N;;;;; +2933;WAVE ARROW POINTING DIRECTLY RIGHT;Sm;0;ON;;;;;N;;;;; +2934;ARROW POINTING RIGHTWARDS THEN CURVING UPWARDS;Sm;0;ON;;;;;N;;;;; +2935;ARROW POINTING RIGHTWARDS THEN CURVING DOWNWARDS;Sm;0;ON;;;;;N;;;;; +2936;ARROW POINTING DOWNWARDS THEN CURVING LEFTWARDS;Sm;0;ON;;;;;N;;;;; +2937;ARROW POINTING DOWNWARDS THEN CURVING RIGHTWARDS;Sm;0;ON;;;;;N;;;;; +2938;RIGHT-SIDE ARC CLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +2939;LEFT-SIDE ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +293A;TOP ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +293B;BOTTOM ARC ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +293C;TOP ARC CLOCKWISE ARROW WITH MINUS;Sm;0;ON;;;;;N;;;;; +293D;TOP ARC ANTICLOCKWISE ARROW WITH PLUS;Sm;0;ON;;;;;N;;;;; +293E;LOWER RIGHT SEMICIRCULAR CLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +293F;LOWER LEFT SEMICIRCULAR ANTICLOCKWISE ARROW;Sm;0;ON;;;;;N;;;;; +2940;ANTICLOCKWISE CLOSED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;; +2941;CLOCKWISE CLOSED CIRCLE ARROW;Sm;0;ON;;;;;N;;;;; +2942;RIGHTWARDS ARROW ABOVE SHORT LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2943;LEFTWARDS ARROW ABOVE SHORT RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2944;SHORT RIGHTWARDS ARROW ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2945;RIGHTWARDS ARROW WITH PLUS BELOW;Sm;0;ON;;;;;N;;;;; +2946;LEFTWARDS ARROW WITH PLUS BELOW;Sm;0;ON;;;;;N;;;;; +2947;RIGHTWARDS ARROW THROUGH X;Sm;0;ON;;;;;N;;;;; +2948;LEFT RIGHT ARROW THROUGH SMALL CIRCLE;Sm;0;ON;;;;;N;;;;; +2949;UPWARDS TWO-HEADED ARROW FROM SMALL CIRCLE;Sm;0;ON;;;;;N;;;;; +294A;LEFT BARB UP RIGHT BARB DOWN HARPOON;Sm;0;ON;;;;;N;;;;; +294B;LEFT BARB DOWN RIGHT BARB UP HARPOON;Sm;0;ON;;;;;N;;;;; +294C;UP BARB RIGHT DOWN BARB LEFT HARPOON;Sm;0;ON;;;;;N;;;;; +294D;UP BARB LEFT DOWN BARB RIGHT HARPOON;Sm;0;ON;;;;;N;;;;; +294E;LEFT BARB UP RIGHT BARB UP HARPOON;Sm;0;ON;;;;;N;;;;; +294F;UP BARB RIGHT DOWN BARB RIGHT HARPOON;Sm;0;ON;;;;;N;;;;; +2950;LEFT BARB DOWN RIGHT BARB DOWN HARPOON;Sm;0;ON;;;;;N;;;;; +2951;UP BARB LEFT DOWN BARB LEFT HARPOON;Sm;0;ON;;;;;N;;;;; +2952;LEFTWARDS HARPOON WITH BARB UP TO BAR;Sm;0;ON;;;;;N;;;;; +2953;RIGHTWARDS HARPOON WITH BARB UP TO BAR;Sm;0;ON;;;;;N;;;;; +2954;UPWARDS HARPOON WITH BARB RIGHT TO BAR;Sm;0;ON;;;;;N;;;;; +2955;DOWNWARDS HARPOON WITH BARB RIGHT TO BAR;Sm;0;ON;;;;;N;;;;; +2956;LEFTWARDS HARPOON WITH BARB DOWN TO BAR;Sm;0;ON;;;;;N;;;;; +2957;RIGHTWARDS HARPOON WITH BARB DOWN TO BAR;Sm;0;ON;;;;;N;;;;; +2958;UPWARDS HARPOON WITH BARB LEFT TO BAR;Sm;0;ON;;;;;N;;;;; +2959;DOWNWARDS HARPOON WITH BARB LEFT TO BAR;Sm;0;ON;;;;;N;;;;; +295A;LEFTWARDS HARPOON WITH BARB UP FROM BAR;Sm;0;ON;;;;;N;;;;; +295B;RIGHTWARDS HARPOON WITH BARB UP FROM BAR;Sm;0;ON;;;;;N;;;;; +295C;UPWARDS HARPOON WITH BARB RIGHT FROM BAR;Sm;0;ON;;;;;N;;;;; +295D;DOWNWARDS HARPOON WITH BARB RIGHT FROM BAR;Sm;0;ON;;;;;N;;;;; +295E;LEFTWARDS HARPOON WITH BARB DOWN FROM BAR;Sm;0;ON;;;;;N;;;;; +295F;RIGHTWARDS HARPOON WITH BARB DOWN FROM BAR;Sm;0;ON;;;;;N;;;;; +2960;UPWARDS HARPOON WITH BARB LEFT FROM BAR;Sm;0;ON;;;;;N;;;;; +2961;DOWNWARDS HARPOON WITH BARB LEFT FROM BAR;Sm;0;ON;;;;;N;;;;; +2962;LEFTWARDS HARPOON WITH BARB UP ABOVE LEFTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;; +2963;UPWARDS HARPOON WITH BARB LEFT BESIDE UPWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;; +2964;RIGHTWARDS HARPOON WITH BARB UP ABOVE RIGHTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;; +2965;DOWNWARDS HARPOON WITH BARB LEFT BESIDE DOWNWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;; +2966;LEFTWARDS HARPOON WITH BARB UP ABOVE RIGHTWARDS HARPOON WITH BARB UP;Sm;0;ON;;;;;N;;;;; +2967;LEFTWARDS HARPOON WITH BARB DOWN ABOVE RIGHTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;; +2968;RIGHTWARDS HARPOON WITH BARB UP ABOVE LEFTWARDS HARPOON WITH BARB UP;Sm;0;ON;;;;;N;;;;; +2969;RIGHTWARDS HARPOON WITH BARB DOWN ABOVE LEFTWARDS HARPOON WITH BARB DOWN;Sm;0;ON;;;;;N;;;;; +296A;LEFTWARDS HARPOON WITH BARB UP ABOVE LONG DASH;Sm;0;ON;;;;;N;;;;; +296B;LEFTWARDS HARPOON WITH BARB DOWN BELOW LONG DASH;Sm;0;ON;;;;;N;;;;; +296C;RIGHTWARDS HARPOON WITH BARB UP ABOVE LONG DASH;Sm;0;ON;;;;;N;;;;; +296D;RIGHTWARDS HARPOON WITH BARB DOWN BELOW LONG DASH;Sm;0;ON;;;;;N;;;;; +296E;UPWARDS HARPOON WITH BARB LEFT BESIDE DOWNWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;; +296F;DOWNWARDS HARPOON WITH BARB LEFT BESIDE UPWARDS HARPOON WITH BARB RIGHT;Sm;0;ON;;;;;N;;;;; +2970;RIGHT DOUBLE ARROW WITH ROUNDED HEAD;Sm;0;ON;;;;;N;;;;; +2971;EQUALS SIGN ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2972;TILDE OPERATOR ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2973;LEFTWARDS ARROW ABOVE TILDE OPERATOR;Sm;0;ON;;;;;N;;;;; +2974;RIGHTWARDS ARROW ABOVE TILDE OPERATOR;Sm;0;ON;;;;;N;;;;; +2975;RIGHTWARDS ARROW ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;N;;;;; +2976;LESS-THAN ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2977;LEFTWARDS ARROW THROUGH LESS-THAN;Sm;0;ON;;;;;N;;;;; +2978;GREATER-THAN ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +2979;SUBSET ABOVE RIGHTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +297A;LEFTWARDS ARROW THROUGH SUBSET;Sm;0;ON;;;;;N;;;;; +297B;SUPERSET ABOVE LEFTWARDS ARROW;Sm;0;ON;;;;;N;;;;; +297C;LEFT FISH TAIL;Sm;0;ON;;;;;N;;;;; +297D;RIGHT FISH TAIL;Sm;0;ON;;;;;N;;;;; +297E;UP FISH TAIL;Sm;0;ON;;;;;N;;;;; +297F;DOWN FISH TAIL;Sm;0;ON;;;;;N;;;;; +2980;TRIPLE VERTICAL BAR DELIMITER;Sm;0;ON;;;;;N;;;;; +2981;Z NOTATION SPOT;Sm;0;ON;;;;;N;;;;; +2982;Z NOTATION TYPE COLON;Sm;0;ON;;;;;N;;;;; +2983;LEFT WHITE CURLY BRACKET;Ps;0;ON;;;;;Y;;;;; +2984;RIGHT WHITE CURLY BRACKET;Pe;0;ON;;;;;Y;;;;; +2985;LEFT WHITE PARENTHESIS;Ps;0;ON;;;;;Y;;;;; +2986;RIGHT WHITE PARENTHESIS;Pe;0;ON;;;;;Y;;;;; +2987;Z NOTATION LEFT IMAGE BRACKET;Ps;0;ON;;;;;Y;;;;; +2988;Z NOTATION RIGHT IMAGE BRACKET;Pe;0;ON;;;;;Y;;;;; +2989;Z NOTATION LEFT BINDING BRACKET;Ps;0;ON;;;;;Y;;;;; +298A;Z NOTATION RIGHT BINDING BRACKET;Pe;0;ON;;;;;Y;;;;; +298B;LEFT SQUARE BRACKET WITH UNDERBAR;Ps;0;ON;;;;;Y;;;;; +298C;RIGHT SQUARE BRACKET WITH UNDERBAR;Pe;0;ON;;;;;Y;;;;; +298D;LEFT SQUARE BRACKET WITH TICK IN TOP CORNER;Ps;0;ON;;;;;Y;;;;; +298E;RIGHT SQUARE BRACKET WITH TICK IN BOTTOM CORNER;Pe;0;ON;;;;;Y;;;;; +298F;LEFT SQUARE BRACKET WITH TICK IN BOTTOM CORNER;Ps;0;ON;;;;;Y;;;;; +2990;RIGHT SQUARE BRACKET WITH TICK IN TOP CORNER;Pe;0;ON;;;;;Y;;;;; +2991;LEFT ANGLE BRACKET WITH DOT;Ps;0;ON;;;;;Y;;;;; +2992;RIGHT ANGLE BRACKET WITH DOT;Pe;0;ON;;;;;Y;;;;; +2993;LEFT ARC LESS-THAN BRACKET;Ps;0;ON;;;;;Y;;;;; +2994;RIGHT ARC GREATER-THAN BRACKET;Pe;0;ON;;;;;Y;;;;; +2995;DOUBLE LEFT ARC GREATER-THAN BRACKET;Ps;0;ON;;;;;Y;;;;; +2996;DOUBLE RIGHT ARC LESS-THAN BRACKET;Pe;0;ON;;;;;Y;;;;; +2997;LEFT BLACK TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;;;;; +2998;RIGHT BLACK TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;;;;; +2999;DOTTED FENCE;Sm;0;ON;;;;;N;;;;; +299A;VERTICAL ZIGZAG LINE;Sm;0;ON;;;;;N;;;;; +299B;MEASURED ANGLE OPENING LEFT;Sm;0;ON;;;;;Y;;;;; +299C;RIGHT ANGLE VARIANT WITH SQUARE;Sm;0;ON;;;;;Y;;;;; +299D;MEASURED RIGHT ANGLE WITH DOT;Sm;0;ON;;;;;Y;;;;; +299E;ANGLE WITH S INSIDE;Sm;0;ON;;;;;Y;;;;; +299F;ACUTE ANGLE;Sm;0;ON;;;;;Y;;;;; +29A0;SPHERICAL ANGLE OPENING LEFT;Sm;0;ON;;;;;Y;;;;; +29A1;SPHERICAL ANGLE OPENING UP;Sm;0;ON;;;;;Y;;;;; +29A2;TURNED ANGLE;Sm;0;ON;;;;;Y;;;;; +29A3;REVERSED ANGLE;Sm;0;ON;;;;;Y;;;;; +29A4;ANGLE WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +29A5;REVERSED ANGLE WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +29A6;OBLIQUE ANGLE OPENING UP;Sm;0;ON;;;;;Y;;;;; +29A7;OBLIQUE ANGLE OPENING DOWN;Sm;0;ON;;;;;Y;;;;; +29A8;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING UP AND RIGHT;Sm;0;ON;;;;;Y;;;;; +29A9;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING UP AND LEFT;Sm;0;ON;;;;;Y;;;;; +29AA;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING DOWN AND RIGHT;Sm;0;ON;;;;;Y;;;;; +29AB;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING DOWN AND LEFT;Sm;0;ON;;;;;Y;;;;; +29AC;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING RIGHT AND UP;Sm;0;ON;;;;;Y;;;;; +29AD;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING LEFT AND UP;Sm;0;ON;;;;;Y;;;;; +29AE;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING RIGHT AND DOWN;Sm;0;ON;;;;;Y;;;;; +29AF;MEASURED ANGLE WITH OPEN ARM ENDING IN ARROW POINTING LEFT AND DOWN;Sm;0;ON;;;;;Y;;;;; +29B0;REVERSED EMPTY SET;Sm;0;ON;;;;;N;;;;; +29B1;EMPTY SET WITH OVERBAR;Sm;0;ON;;;;;N;;;;; +29B2;EMPTY SET WITH SMALL CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;; +29B3;EMPTY SET WITH RIGHT ARROW ABOVE;Sm;0;ON;;;;;N;;;;; +29B4;EMPTY SET WITH LEFT ARROW ABOVE;Sm;0;ON;;;;;N;;;;; +29B5;CIRCLE WITH HORIZONTAL BAR;Sm;0;ON;;;;;N;;;;; +29B6;CIRCLED VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +29B7;CIRCLED PARALLEL;Sm;0;ON;;;;;N;;;;; +29B8;CIRCLED REVERSE SOLIDUS;Sm;0;ON;;;;;Y;;;;; +29B9;CIRCLED PERPENDICULAR;Sm;0;ON;;;;;N;;;;; +29BA;CIRCLE DIVIDED BY HORIZONTAL BAR AND TOP HALF DIVIDED BY VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +29BB;CIRCLE WITH SUPERIMPOSED X;Sm;0;ON;;;;;N;;;;; +29BC;CIRCLED ANTICLOCKWISE-ROTATED DIVISION SIGN;Sm;0;ON;;;;;N;;;;; +29BD;UP ARROW THROUGH CIRCLE;Sm;0;ON;;;;;N;;;;; +29BE;CIRCLED WHITE BULLET;Sm;0;ON;;;;;N;;;;; +29BF;CIRCLED BULLET;Sm;0;ON;;;;;N;;;;; +29C0;CIRCLED LESS-THAN;Sm;0;ON;;;;;Y;;;;; +29C1;CIRCLED GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +29C2;CIRCLE WITH SMALL CIRCLE TO THE RIGHT;Sm;0;ON;;;;;Y;;;;; +29C3;CIRCLE WITH TWO HORIZONTAL STROKES TO THE RIGHT;Sm;0;ON;;;;;Y;;;;; +29C4;SQUARED RISING DIAGONAL SLASH;Sm;0;ON;;;;;Y;;;;; +29C5;SQUARED FALLING DIAGONAL SLASH;Sm;0;ON;;;;;Y;;;;; +29C6;SQUARED ASTERISK;Sm;0;ON;;;;;N;;;;; +29C7;SQUARED SMALL CIRCLE;Sm;0;ON;;;;;N;;;;; +29C8;SQUARED SQUARE;Sm;0;ON;;;;;N;;;;; +29C9;TWO JOINED SQUARES;Sm;0;ON;;;;;Y;;;;; +29CA;TRIANGLE WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +29CB;TRIANGLE WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +29CC;S IN TRIANGLE;Sm;0;ON;;;;;N;;;;; +29CD;TRIANGLE WITH SERIFS AT BOTTOM;Sm;0;ON;;;;;N;;;;; +29CE;RIGHT TRIANGLE ABOVE LEFT TRIANGLE;Sm;0;ON;;;;;Y;;;;; +29CF;LEFT TRIANGLE BESIDE VERTICAL BAR;Sm;0;ON;;;;;Y;;;;; +29D0;VERTICAL BAR BESIDE RIGHT TRIANGLE;Sm;0;ON;;;;;Y;;;;; +29D1;BOWTIE WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29D2;BOWTIE WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29D3;BLACK BOWTIE;Sm;0;ON;;;;;N;;;;; +29D4;TIMES WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29D5;TIMES WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29D6;WHITE HOURGLASS;Sm;0;ON;;;;;N;;;;; +29D7;BLACK HOURGLASS;Sm;0;ON;;;;;N;;;;; +29D8;LEFT WIGGLY FENCE;Ps;0;ON;;;;;Y;;;;; +29D9;RIGHT WIGGLY FENCE;Pe;0;ON;;;;;Y;;;;; +29DA;LEFT DOUBLE WIGGLY FENCE;Ps;0;ON;;;;;Y;;;;; +29DB;RIGHT DOUBLE WIGGLY FENCE;Pe;0;ON;;;;;Y;;;;; +29DC;INCOMPLETE INFINITY;Sm;0;ON;;;;;Y;;;;; +29DD;TIE OVER INFINITY;Sm;0;ON;;;;;N;;;;; +29DE;INFINITY NEGATED WITH VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +29DF;DOUBLE-ENDED MULTIMAP;Sm;0;ON;;;;;N;;;;; +29E0;SQUARE WITH CONTOURED OUTLINE;Sm;0;ON;;;;;N;;;;; +29E1;INCREASES AS;Sm;0;ON;;;;;Y;;;;; +29E2;SHUFFLE PRODUCT;Sm;0;ON;;;;;N;;;;; +29E3;EQUALS SIGN AND SLANTED PARALLEL;Sm;0;ON;;;;;Y;;;;; +29E4;EQUALS SIGN AND SLANTED PARALLEL WITH TILDE ABOVE;Sm;0;ON;;;;;Y;;;;; +29E5;IDENTICAL TO AND SLANTED PARALLEL;Sm;0;ON;;;;;Y;;;;; +29E6;GLEICH STARK;Sm;0;ON;;;;;N;;;;; +29E7;THERMODYNAMIC;Sm;0;ON;;;;;N;;;;; +29E8;DOWN-POINTING TRIANGLE WITH LEFT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29E9;DOWN-POINTING TRIANGLE WITH RIGHT HALF BLACK;Sm;0;ON;;;;;Y;;;;; +29EA;BLACK DIAMOND WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;; +29EB;BLACK LOZENGE;Sm;0;ON;;;;;N;;;;; +29EC;WHITE CIRCLE WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;; +29ED;BLACK CIRCLE WITH DOWN ARROW;Sm;0;ON;;;;;N;;;;; +29EE;ERROR-BARRED WHITE SQUARE;Sm;0;ON;;;;;N;;;;; +29EF;ERROR-BARRED BLACK SQUARE;Sm;0;ON;;;;;N;;;;; +29F0;ERROR-BARRED WHITE DIAMOND;Sm;0;ON;;;;;N;;;;; +29F1;ERROR-BARRED BLACK DIAMOND;Sm;0;ON;;;;;N;;;;; +29F2;ERROR-BARRED WHITE CIRCLE;Sm;0;ON;;;;;N;;;;; +29F3;ERROR-BARRED BLACK CIRCLE;Sm;0;ON;;;;;N;;;;; +29F4;RULE-DELAYED;Sm;0;ON;;;;;Y;;;;; +29F5;REVERSE SOLIDUS OPERATOR;Sm;0;ON;;;;;Y;;;;; +29F6;SOLIDUS WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +29F7;REVERSE SOLIDUS WITH HORIZONTAL STROKE;Sm;0;ON;;;;;Y;;;;; +29F8;BIG SOLIDUS;Sm;0;ON;;;;;Y;;;;; +29F9;BIG REVERSE SOLIDUS;Sm;0;ON;;;;;Y;;;;; +29FA;DOUBLE PLUS;Sm;0;ON;;;;;N;;;;; +29FB;TRIPLE PLUS;Sm;0;ON;;;;;N;;;;; +29FC;LEFT-POINTING CURVED ANGLE BRACKET;Ps;0;ON;;;;;Y;;;;; +29FD;RIGHT-POINTING CURVED ANGLE BRACKET;Pe;0;ON;;;;;Y;;;;; +29FE;TINY;Sm;0;ON;;;;;N;;;;; +29FF;MINY;Sm;0;ON;;;;;N;;;;; +2A00;N-ARY CIRCLED DOT OPERATOR;Sm;0;ON;;;;;N;;;;; +2A01;N-ARY CIRCLED PLUS OPERATOR;Sm;0;ON;;;;;N;;;;; +2A02;N-ARY CIRCLED TIMES OPERATOR;Sm;0;ON;;;;;N;;;;; +2A03;N-ARY UNION OPERATOR WITH DOT;Sm;0;ON;;;;;N;;;;; +2A04;N-ARY UNION OPERATOR WITH PLUS;Sm;0;ON;;;;;N;;;;; +2A05;N-ARY SQUARE INTERSECTION OPERATOR;Sm;0;ON;;;;;N;;;;; +2A06;N-ARY SQUARE UNION OPERATOR;Sm;0;ON;;;;;N;;;;; +2A07;TWO LOGICAL AND OPERATOR;Sm;0;ON;;;;;N;;;;; +2A08;TWO LOGICAL OR OPERATOR;Sm;0;ON;;;;;N;;;;; +2A09;N-ARY TIMES OPERATOR;Sm;0;ON;;;;;N;;;;; +2A0A;MODULO TWO SUM;Sm;0;ON;;;;;Y;;;;; +2A0B;SUMMATION WITH INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2A0C;QUADRUPLE INTEGRAL OPERATOR;Sm;0;ON; 222B 222B 222B 222B;;;;Y;;;;; +2A0D;FINITE PART INTEGRAL;Sm;0;ON;;;;;Y;;;;; +2A0E;INTEGRAL WITH DOUBLE STROKE;Sm;0;ON;;;;;Y;;;;; +2A0F;INTEGRAL AVERAGE WITH SLASH;Sm;0;ON;;;;;Y;;;;; +2A10;CIRCULATION FUNCTION;Sm;0;ON;;;;;Y;;;;; +2A11;ANTICLOCKWISE INTEGRATION;Sm;0;ON;;;;;Y;;;;; +2A12;LINE INTEGRATION WITH RECTANGULAR PATH AROUND POLE;Sm;0;ON;;;;;Y;;;;; +2A13;LINE INTEGRATION WITH SEMICIRCULAR PATH AROUND POLE;Sm;0;ON;;;;;Y;;;;; +2A14;LINE INTEGRATION NOT INCLUDING THE POLE;Sm;0;ON;;;;;Y;;;;; +2A15;INTEGRAL AROUND A POINT OPERATOR;Sm;0;ON;;;;;Y;;;;; +2A16;QUATERNION INTEGRAL OPERATOR;Sm;0;ON;;;;;Y;;;;; +2A17;INTEGRAL WITH LEFTWARDS ARROW WITH HOOK;Sm;0;ON;;;;;Y;;;;; +2A18;INTEGRAL WITH TIMES SIGN;Sm;0;ON;;;;;Y;;;;; +2A19;INTEGRAL WITH INTERSECTION;Sm;0;ON;;;;;Y;;;;; +2A1A;INTEGRAL WITH UNION;Sm;0;ON;;;;;Y;;;;; +2A1B;INTEGRAL WITH OVERBAR;Sm;0;ON;;;;;Y;;;;; +2A1C;INTEGRAL WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +2A1D;JOIN;Sm;0;ON;;;;;N;;;;; +2A1E;LARGE LEFT TRIANGLE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2A1F;Z NOTATION SCHEMA COMPOSITION;Sm;0;ON;;;;;Y;;;;; +2A20;Z NOTATION SCHEMA PIPING;Sm;0;ON;;;;;Y;;;;; +2A21;Z NOTATION SCHEMA PROJECTION;Sm;0;ON;;;;;Y;;;;; +2A22;PLUS SIGN WITH SMALL CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;; +2A23;PLUS SIGN WITH CIRCUMFLEX ACCENT ABOVE;Sm;0;ON;;;;;N;;;;; +2A24;PLUS SIGN WITH TILDE ABOVE;Sm;0;ON;;;;;Y;;;;; +2A25;PLUS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;; +2A26;PLUS SIGN WITH TILDE BELOW;Sm;0;ON;;;;;Y;;;;; +2A27;PLUS SIGN WITH SUBSCRIPT TWO;Sm;0;ON;;;;;N;;;;; +2A28;PLUS SIGN WITH BLACK TRIANGLE;Sm;0;ON;;;;;N;;;;; +2A29;MINUS SIGN WITH COMMA ABOVE;Sm;0;ON;;;;;Y;;;;; +2A2A;MINUS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;; +2A2B;MINUS SIGN WITH FALLING DOTS;Sm;0;ON;;;;;Y;;;;; +2A2C;MINUS SIGN WITH RISING DOTS;Sm;0;ON;;;;;Y;;;;; +2A2D;PLUS SIGN IN LEFT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;; +2A2E;PLUS SIGN IN RIGHT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;; +2A2F;VECTOR OR CROSS PRODUCT;Sm;0;ON;;;;;N;;;;; +2A30;MULTIPLICATION SIGN WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +2A31;MULTIPLICATION SIGN WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A32;SEMIDIRECT PRODUCT WITH BOTTOM CLOSED;Sm;0;ON;;;;;N;;;;; +2A33;SMASH PRODUCT;Sm;0;ON;;;;;N;;;;; +2A34;MULTIPLICATION SIGN IN LEFT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;; +2A35;MULTIPLICATION SIGN IN RIGHT HALF CIRCLE;Sm;0;ON;;;;;Y;;;;; +2A36;CIRCLED MULTIPLICATION SIGN WITH CIRCUMFLEX ACCENT;Sm;0;ON;;;;;N;;;;; +2A37;MULTIPLICATION SIGN IN DOUBLE CIRCLE;Sm;0;ON;;;;;N;;;;; +2A38;CIRCLED DIVISION SIGN;Sm;0;ON;;;;;N;;;;; +2A39;PLUS SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;; +2A3A;MINUS SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;; +2A3B;MULTIPLICATION SIGN IN TRIANGLE;Sm;0;ON;;;;;N;;;;; +2A3C;INTERIOR PRODUCT;Sm;0;ON;;;;;Y;;;;; +2A3D;RIGHTHAND INTERIOR PRODUCT;Sm;0;ON;;;;;Y;;;;; +2A3E;Z NOTATION RELATIONAL COMPOSITION;Sm;0;ON;;;;;Y;;;;; +2A3F;AMALGAMATION OR COPRODUCT;Sm;0;ON;;;;;N;;;;; +2A40;INTERSECTION WITH DOT;Sm;0;ON;;;;;N;;;;; +2A41;UNION WITH MINUS SIGN;Sm;0;ON;;;;;N;;;;; +2A42;UNION WITH OVERBAR;Sm;0;ON;;;;;N;;;;; +2A43;INTERSECTION WITH OVERBAR;Sm;0;ON;;;;;N;;;;; +2A44;INTERSECTION WITH LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2A45;UNION WITH LOGICAL OR;Sm;0;ON;;;;;N;;;;; +2A46;UNION ABOVE INTERSECTION;Sm;0;ON;;;;;N;;;;; +2A47;INTERSECTION ABOVE UNION;Sm;0;ON;;;;;N;;;;; +2A48;UNION ABOVE BAR ABOVE INTERSECTION;Sm;0;ON;;;;;N;;;;; +2A49;INTERSECTION ABOVE BAR ABOVE UNION;Sm;0;ON;;;;;N;;;;; +2A4A;UNION BESIDE AND JOINED WITH UNION;Sm;0;ON;;;;;N;;;;; +2A4B;INTERSECTION BESIDE AND JOINED WITH INTERSECTION;Sm;0;ON;;;;;N;;;;; +2A4C;CLOSED UNION WITH SERIFS;Sm;0;ON;;;;;N;;;;; +2A4D;CLOSED INTERSECTION WITH SERIFS;Sm;0;ON;;;;;N;;;;; +2A4E;DOUBLE SQUARE INTERSECTION;Sm;0;ON;;;;;N;;;;; +2A4F;DOUBLE SQUARE UNION;Sm;0;ON;;;;;N;;;;; +2A50;CLOSED UNION WITH SERIFS AND SMASH PRODUCT;Sm;0;ON;;;;;N;;;;; +2A51;LOGICAL AND WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +2A52;LOGICAL OR WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +2A53;DOUBLE LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2A54;DOUBLE LOGICAL OR;Sm;0;ON;;;;;N;;;;; +2A55;TWO INTERSECTING LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2A56;TWO INTERSECTING LOGICAL OR;Sm;0;ON;;;;;N;;;;; +2A57;SLOPING LARGE OR;Sm;0;ON;;;;;Y;;;;; +2A58;SLOPING LARGE AND;Sm;0;ON;;;;;Y;;;;; +2A59;LOGICAL OR OVERLAPPING LOGICAL AND;Sm;0;ON;;;;;N;;;;; +2A5A;LOGICAL AND WITH MIDDLE STEM;Sm;0;ON;;;;;N;;;;; +2A5B;LOGICAL OR WITH MIDDLE STEM;Sm;0;ON;;;;;N;;;;; +2A5C;LOGICAL AND WITH HORIZONTAL DASH;Sm;0;ON;;;;;N;;;;; +2A5D;LOGICAL OR WITH HORIZONTAL DASH;Sm;0;ON;;;;;N;;;;; +2A5E;LOGICAL AND WITH DOUBLE OVERBAR;Sm;0;ON;;;;;N;;;;; +2A5F;LOGICAL AND WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A60;LOGICAL AND WITH DOUBLE UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A61;SMALL VEE WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A62;LOGICAL OR WITH DOUBLE OVERBAR;Sm;0;ON;;;;;N;;;;; +2A63;LOGICAL OR WITH DOUBLE UNDERBAR;Sm;0;ON;;;;;N;;;;; +2A64;Z NOTATION DOMAIN ANTIRESTRICTION;Sm;0;ON;;;;;Y;;;;; +2A65;Z NOTATION RANGE ANTIRESTRICTION;Sm;0;ON;;;;;Y;;;;; +2A66;EQUALS SIGN WITH DOT BELOW;Sm;0;ON;;;;;N;;;;; +2A67;IDENTICAL WITH DOT ABOVE;Sm;0;ON;;;;;N;;;;; +2A68;TRIPLE HORIZONTAL BAR WITH DOUBLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2A69;TRIPLE HORIZONTAL BAR WITH TRIPLE VERTICAL STROKE;Sm;0;ON;;;;;N;;;;; +2A6A;TILDE OPERATOR WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2A6B;TILDE OPERATOR WITH RISING DOTS;Sm;0;ON;;;;;Y;;;;; +2A6C;SIMILAR MINUS SIMILAR;Sm;0;ON;;;;;Y;;;;; +2A6D;CONGRUENT WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2A6E;EQUALS WITH ASTERISK;Sm;0;ON;;;;;N;;;;; +2A6F;ALMOST EQUAL TO WITH CIRCUMFLEX ACCENT;Sm;0;ON;;;;;Y;;;;; +2A70;APPROXIMATELY EQUAL OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A71;EQUALS SIGN ABOVE PLUS SIGN;Sm;0;ON;;;;;N;;;;; +2A72;PLUS SIGN ABOVE EQUALS SIGN;Sm;0;ON;;;;;N;;;;; +2A73;EQUALS SIGN ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2A74;DOUBLE COLON EQUAL;Sm;0;ON; 003A 003A 003D;;;;Y;;;;; +2A75;TWO CONSECUTIVE EQUALS SIGNS;Sm;0;ON; 003D 003D;;;;N;;;;; +2A76;THREE CONSECUTIVE EQUALS SIGNS;Sm;0;ON; 003D 003D 003D;;;;N;;;;; +2A77;EQUALS SIGN WITH TWO DOTS ABOVE AND TWO DOTS BELOW;Sm;0;ON;;;;;N;;;;; +2A78;EQUIVALENT WITH FOUR DOTS ABOVE;Sm;0;ON;;;;;N;;;;; +2A79;LESS-THAN WITH CIRCLE INSIDE;Sm;0;ON;;;;;Y;;;;; +2A7A;GREATER-THAN WITH CIRCLE INSIDE;Sm;0;ON;;;;;Y;;;;; +2A7B;LESS-THAN WITH QUESTION MARK ABOVE;Sm;0;ON;;;;;Y;;;;; +2A7C;GREATER-THAN WITH QUESTION MARK ABOVE;Sm;0;ON;;;;;Y;;;;; +2A7D;LESS-THAN OR SLANTED EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A7E;GREATER-THAN OR SLANTED EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A7F;LESS-THAN OR SLANTED EQUAL TO WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;; +2A80;GREATER-THAN OR SLANTED EQUAL TO WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;; +2A81;LESS-THAN OR SLANTED EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2A82;GREATER-THAN OR SLANTED EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2A83;LESS-THAN OR SLANTED EQUAL TO WITH DOT ABOVE RIGHT;Sm;0;ON;;;;;Y;;;;; +2A84;GREATER-THAN OR SLANTED EQUAL TO WITH DOT ABOVE LEFT;Sm;0;ON;;;;;Y;;;;; +2A85;LESS-THAN OR APPROXIMATE;Sm;0;ON;;;;;Y;;;;; +2A86;GREATER-THAN OR APPROXIMATE;Sm;0;ON;;;;;Y;;;;; +2A87;LESS-THAN AND SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A88;GREATER-THAN AND SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2A89;LESS-THAN AND NOT APPROXIMATE;Sm;0;ON;;;;;Y;;;;; +2A8A;GREATER-THAN AND NOT APPROXIMATE;Sm;0;ON;;;;;Y;;;;; +2A8B;LESS-THAN ABOVE DOUBLE-LINE EQUAL ABOVE GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A8C;GREATER-THAN ABOVE DOUBLE-LINE EQUAL ABOVE LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A8D;LESS-THAN ABOVE SIMILAR OR EQUAL;Sm;0;ON;;;;;Y;;;;; +2A8E;GREATER-THAN ABOVE SIMILAR OR EQUAL;Sm;0;ON;;;;;Y;;;;; +2A8F;LESS-THAN ABOVE SIMILAR ABOVE GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A90;GREATER-THAN ABOVE SIMILAR ABOVE LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A91;LESS-THAN ABOVE GREATER-THAN ABOVE DOUBLE-LINE EQUAL;Sm;0;ON;;;;;Y;;;;; +2A92;GREATER-THAN ABOVE LESS-THAN ABOVE DOUBLE-LINE EQUAL;Sm;0;ON;;;;;Y;;;;; +2A93;LESS-THAN ABOVE SLANTED EQUAL ABOVE GREATER-THAN ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;; +2A94;GREATER-THAN ABOVE SLANTED EQUAL ABOVE LESS-THAN ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;; +2A95;SLANTED EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A96;SLANTED EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A97;SLANTED EQUAL TO OR LESS-THAN WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;; +2A98;SLANTED EQUAL TO OR GREATER-THAN WITH DOT INSIDE;Sm;0;ON;;;;;Y;;;;; +2A99;DOUBLE-LINE EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A9A;DOUBLE-LINE EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A9B;DOUBLE-LINE SLANTED EQUAL TO OR LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A9C;DOUBLE-LINE SLANTED EQUAL TO OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A9D;SIMILAR OR LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2A9E;SIMILAR OR GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2A9F;SIMILAR ABOVE LESS-THAN ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AA0;SIMILAR ABOVE GREATER-THAN ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AA1;DOUBLE NESTED LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2AA2;DOUBLE NESTED GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2AA3;DOUBLE NESTED LESS-THAN WITH UNDERBAR;Sm;0;ON;;;;;Y;;;;; +2AA4;GREATER-THAN OVERLAPPING LESS-THAN;Sm;0;ON;;;;;N;;;;; +2AA5;GREATER-THAN BESIDE LESS-THAN;Sm;0;ON;;;;;N;;;;; +2AA6;LESS-THAN CLOSED BY CURVE;Sm;0;ON;;;;;Y;;;;; +2AA7;GREATER-THAN CLOSED BY CURVE;Sm;0;ON;;;;;Y;;;;; +2AA8;LESS-THAN CLOSED BY CURVE ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;; +2AA9;GREATER-THAN CLOSED BY CURVE ABOVE SLANTED EQUAL;Sm;0;ON;;;;;Y;;;;; +2AAA;SMALLER THAN;Sm;0;ON;;;;;Y;;;;; +2AAB;LARGER THAN;Sm;0;ON;;;;;Y;;;;; +2AAC;SMALLER THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AAD;LARGER THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AAE;EQUALS SIGN WITH BUMPY ABOVE;Sm;0;ON;;;;;N;;;;; +2AAF;PRECEDES ABOVE SINGLE-LINE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AB0;SUCCEEDS ABOVE SINGLE-LINE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AB1;PRECEDES ABOVE SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB2;SUCCEEDS ABOVE SINGLE-LINE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB3;PRECEDES ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AB4;SUCCEEDS ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AB5;PRECEDES ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB6;SUCCEEDS ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB7;PRECEDES ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB8;SUCCEEDS ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AB9;PRECEDES ABOVE NOT ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ABA;SUCCEEDS ABOVE NOT ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ABB;DOUBLE PRECEDES;Sm;0;ON;;;;;Y;;;;; +2ABC;DOUBLE SUCCEEDS;Sm;0;ON;;;;;Y;;;;; +2ABD;SUBSET WITH DOT;Sm;0;ON;;;;;Y;;;;; +2ABE;SUPERSET WITH DOT;Sm;0;ON;;;;;Y;;;;; +2ABF;SUBSET WITH PLUS SIGN BELOW;Sm;0;ON;;;;;Y;;;;; +2AC0;SUPERSET WITH PLUS SIGN BELOW;Sm;0;ON;;;;;Y;;;;; +2AC1;SUBSET WITH MULTIPLICATION SIGN BELOW;Sm;0;ON;;;;;Y;;;;; +2AC2;SUPERSET WITH MULTIPLICATION SIGN BELOW;Sm;0;ON;;;;;Y;;;;; +2AC3;SUBSET OF OR EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2AC4;SUPERSET OF OR EQUAL TO WITH DOT ABOVE;Sm;0;ON;;;;;Y;;;;; +2AC5;SUBSET OF ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AC6;SUPERSET OF ABOVE EQUALS SIGN;Sm;0;ON;;;;;Y;;;;; +2AC7;SUBSET OF ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2AC8;SUPERSET OF ABOVE TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2AC9;SUBSET OF ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ACA;SUPERSET OF ABOVE ALMOST EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ACB;SUBSET OF ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ACC;SUPERSET OF ABOVE NOT EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2ACD;SQUARE LEFT OPEN BOX OPERATOR;Sm;0;ON;;;;;Y;;;;; +2ACE;SQUARE RIGHT OPEN BOX OPERATOR;Sm;0;ON;;;;;Y;;;;; +2ACF;CLOSED SUBSET;Sm;0;ON;;;;;Y;;;;; +2AD0;CLOSED SUPERSET;Sm;0;ON;;;;;Y;;;;; +2AD1;CLOSED SUBSET OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AD2;CLOSED SUPERSET OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AD3;SUBSET ABOVE SUPERSET;Sm;0;ON;;;;;Y;;;;; +2AD4;SUPERSET ABOVE SUBSET;Sm;0;ON;;;;;Y;;;;; +2AD5;SUBSET ABOVE SUBSET;Sm;0;ON;;;;;Y;;;;; +2AD6;SUPERSET ABOVE SUPERSET;Sm;0;ON;;;;;Y;;;;; +2AD7;SUPERSET BESIDE SUBSET;Sm;0;ON;;;;;N;;;;; +2AD8;SUPERSET BESIDE AND JOINED BY DASH WITH SUBSET;Sm;0;ON;;;;;N;;;;; +2AD9;ELEMENT OF OPENING DOWNWARDS;Sm;0;ON;;;;;N;;;;; +2ADA;PITCHFORK WITH TEE TOP;Sm;0;ON;;;;;N;;;;; +2ADB;TRANSVERSAL INTERSECTION;Sm;0;ON;;;;;N;;;;; +2ADC;FORKING;Sm;0;ON;2ADD 0338;;;;Y;;not independent;;; +2ADD;NONFORKING;Sm;0;ON;;;;;N;;independent;;; +2ADE;SHORT LEFT TACK;Sm;0;ON;;;;;Y;;;;; +2ADF;SHORT DOWN TACK;Sm;0;ON;;;;;N;;;;; +2AE0;SHORT UP TACK;Sm;0;ON;;;;;N;;;;; +2AE1;PERPENDICULAR WITH S;Sm;0;ON;;;;;N;;;;; +2AE2;VERTICAL BAR TRIPLE RIGHT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +2AE3;DOUBLE VERTICAL BAR LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +2AE4;VERTICAL BAR DOUBLE LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +2AE5;DOUBLE VERTICAL BAR DOUBLE LEFT TURNSTILE;Sm;0;ON;;;;;Y;;;;; +2AE6;LONG DASH FROM LEFT MEMBER OF DOUBLE VERTICAL;Sm;0;ON;;;;;Y;;;;; +2AE7;SHORT DOWN TACK WITH OVERBAR;Sm;0;ON;;;;;N;;;;; +2AE8;SHORT UP TACK WITH UNDERBAR;Sm;0;ON;;;;;N;;;;; +2AE9;SHORT UP TACK ABOVE SHORT DOWN TACK;Sm;0;ON;;;;;N;;;;; +2AEA;DOUBLE DOWN TACK;Sm;0;ON;;;;;N;;;;; +2AEB;DOUBLE UP TACK;Sm;0;ON;;;;;N;;;;; +2AEC;DOUBLE STROKE NOT SIGN;Sm;0;ON;;;;;Y;;;;; +2AED;REVERSED DOUBLE STROKE NOT SIGN;Sm;0;ON;;;;;Y;;;;; +2AEE;DOES NOT DIVIDE WITH REVERSED NEGATION SLASH;Sm;0;ON;;;;;Y;;;;; +2AEF;VERTICAL LINE WITH CIRCLE ABOVE;Sm;0;ON;;;;;N;;;;; +2AF0;VERTICAL LINE WITH CIRCLE BELOW;Sm;0;ON;;;;;N;;;;; +2AF1;DOWN TACK WITH CIRCLE BELOW;Sm;0;ON;;;;;N;;;;; +2AF2;PARALLEL WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;; +2AF3;PARALLEL WITH TILDE OPERATOR;Sm;0;ON;;;;;Y;;;;; +2AF4;TRIPLE VERTICAL BAR BINARY RELATION;Sm;0;ON;;;;;N;;;;; +2AF5;TRIPLE VERTICAL BAR WITH HORIZONTAL STROKE;Sm;0;ON;;;;;N;;;;; +2AF6;TRIPLE COLON OPERATOR;Sm;0;ON;;;;;N;;;;; +2AF7;TRIPLE NESTED LESS-THAN;Sm;0;ON;;;;;Y;;;;; +2AF8;TRIPLE NESTED GREATER-THAN;Sm;0;ON;;;;;Y;;;;; +2AF9;DOUBLE-LINE SLANTED LESS-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AFA;DOUBLE-LINE SLANTED GREATER-THAN OR EQUAL TO;Sm;0;ON;;;;;Y;;;;; +2AFB;TRIPLE SOLIDUS BINARY RELATION;Sm;0;ON;;;;;Y;;;;; +2AFC;LARGE TRIPLE VERTICAL BAR OPERATOR;Sm;0;ON;;;;;N;;;;; +2AFD;DOUBLE SOLIDUS OPERATOR;Sm;0;ON;;;;;Y;;;;; +2AFE;WHITE VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +2AFF;N-ARY WHITE VERTICAL BAR;Sm;0;ON;;;;;N;;;;; +2E80;CJK RADICAL REPEAT;So;0;ON;;;;;N;;;;; +2E81;CJK RADICAL CLIFF;So;0;ON;;;;;N;;;;; +2E82;CJK RADICAL SECOND ONE;So;0;ON;;;;;N;;;;; +2E83;CJK RADICAL SECOND TWO;So;0;ON;;;;;N;;;;; +2E84;CJK RADICAL SECOND THREE;So;0;ON;;;;;N;;;;; +2E85;CJK RADICAL PERSON;So;0;ON;;;;;N;;;;; +2E86;CJK RADICAL BOX;So;0;ON;;;;;N;;;;; +2E87;CJK RADICAL TABLE;So;0;ON;;;;;N;;;;; +2E88;CJK RADICAL KNIFE ONE;So;0;ON;;;;;N;;;;; +2E89;CJK RADICAL KNIFE TWO;So;0;ON;;;;;N;;;;; +2E8A;CJK RADICAL DIVINATION;So;0;ON;;;;;N;;;;; +2E8B;CJK RADICAL SEAL;So;0;ON;;;;;N;;;;; +2E8C;CJK RADICAL SMALL ONE;So;0;ON;;;;;N;;;;; +2E8D;CJK RADICAL SMALL TWO;So;0;ON;;;;;N;;;;; +2E8E;CJK RADICAL LAME ONE;So;0;ON;;;;;N;;;;; +2E8F;CJK RADICAL LAME TWO;So;0;ON;;;;;N;;;;; +2E90;CJK RADICAL LAME THREE;So;0;ON;;;;;N;;;;; +2E91;CJK RADICAL LAME FOUR;So;0;ON;;;;;N;;;;; +2E92;CJK RADICAL SNAKE;So;0;ON;;;;;N;;;;; +2E93;CJK RADICAL THREAD;So;0;ON;;;;;N;;;;; +2E94;CJK RADICAL SNOUT ONE;So;0;ON;;;;;N;;;;; +2E95;CJK RADICAL SNOUT TWO;So;0;ON;;;;;N;;;;; +2E96;CJK RADICAL HEART ONE;So;0;ON;;;;;N;;;;; +2E97;CJK RADICAL HEART TWO;So;0;ON;;;;;N;;;;; +2E98;CJK RADICAL HAND;So;0;ON;;;;;N;;;;; +2E99;CJK RADICAL RAP;So;0;ON;;;;;N;;;;; +2E9B;CJK RADICAL CHOKE;So;0;ON;;;;;N;;;;; +2E9C;CJK RADICAL SUN;So;0;ON;;;;;N;;;;; +2E9D;CJK RADICAL MOON;So;0;ON;;;;;N;;;;; +2E9E;CJK RADICAL DEATH;So;0;ON;;;;;N;;;;; +2E9F;CJK RADICAL MOTHER;So;0;ON; 6BCD;;;;N;;;;; +2EA0;CJK RADICAL CIVILIAN;So;0;ON;;;;;N;;;;; +2EA1;CJK RADICAL WATER ONE;So;0;ON;;;;;N;;;;; +2EA2;CJK RADICAL WATER TWO;So;0;ON;;;;;N;;;;; +2EA3;CJK RADICAL FIRE;So;0;ON;;;;;N;;;;; +2EA4;CJK RADICAL PAW ONE;So;0;ON;;;;;N;;;;; +2EA5;CJK RADICAL PAW TWO;So;0;ON;;;;;N;;;;; +2EA6;CJK RADICAL SIMPLIFIED HALF TREE TRUNK;So;0;ON;;;;;N;;;;; +2EA7;CJK RADICAL COW;So;0;ON;;;;;N;;;;; +2EA8;CJK RADICAL DOG;So;0;ON;;;;;N;;;;; +2EA9;CJK RADICAL JADE;So;0;ON;;;;;N;;;;; +2EAA;CJK RADICAL BOLT OF CLOTH;So;0;ON;;;;;N;;;;; +2EAB;CJK RADICAL EYE;So;0;ON;;;;;N;;;;; +2EAC;CJK RADICAL SPIRIT ONE;So;0;ON;;;;;N;;;;; +2EAD;CJK RADICAL SPIRIT TWO;So;0;ON;;;;;N;;;;; +2EAE;CJK RADICAL BAMBOO;So;0;ON;;;;;N;;;;; +2EAF;CJK RADICAL SILK;So;0;ON;;;;;N;;;;; +2EB0;CJK RADICAL C-SIMPLIFIED SILK;So;0;ON;;;;;N;;;;; +2EB1;CJK RADICAL NET ONE;So;0;ON;;;;;N;;;;; +2EB2;CJK RADICAL NET TWO;So;0;ON;;;;;N;;;;; +2EB3;CJK RADICAL NET THREE;So;0;ON;;;;;N;;;;; +2EB4;CJK RADICAL NET FOUR;So;0;ON;;;;;N;;;;; +2EB5;CJK RADICAL MESH;So;0;ON;;;;;N;;;;; +2EB6;CJK RADICAL SHEEP;So;0;ON;;;;;N;;;;; +2EB7;CJK RADICAL RAM;So;0;ON;;;;;N;;;;; +2EB8;CJK RADICAL EWE;So;0;ON;;;;;N;;;;; +2EB9;CJK RADICAL OLD;So;0;ON;;;;;N;;;;; +2EBA;CJK RADICAL BRUSH ONE;So;0;ON;;;;;N;;;;; +2EBB;CJK RADICAL BRUSH TWO;So;0;ON;;;;;N;;;;; +2EBC;CJK RADICAL MEAT;So;0;ON;;;;;N;;;;; +2EBD;CJK RADICAL MORTAR;So;0;ON;;;;;N;;;;; +2EBE;CJK RADICAL GRASS ONE;So;0;ON;;;;;N;;;;; +2EBF;CJK RADICAL GRASS TWO;So;0;ON;;;;;N;;;;; +2EC0;CJK RADICAL GRASS THREE;So;0;ON;;;;;N;;;;; +2EC1;CJK RADICAL TIGER;So;0;ON;;;;;N;;;;; +2EC2;CJK RADICAL CLOTHES;So;0;ON;;;;;N;;;;; +2EC3;CJK RADICAL WEST ONE;So;0;ON;;;;;N;;;;; +2EC4;CJK RADICAL WEST TWO;So;0;ON;;;;;N;;;;; +2EC5;CJK RADICAL C-SIMPLIFIED SEE;So;0;ON;;;;;N;;;;; +2EC6;CJK RADICAL SIMPLIFIED HORN;So;0;ON;;;;;N;;;;; +2EC7;CJK RADICAL HORN;So;0;ON;;;;;N;;;;; +2EC8;CJK RADICAL C-SIMPLIFIED SPEECH;So;0;ON;;;;;N;;;;; +2EC9;CJK RADICAL C-SIMPLIFIED SHELL;So;0;ON;;;;;N;;;;; +2ECA;CJK RADICAL FOOT;So;0;ON;;;;;N;;;;; +2ECB;CJK RADICAL C-SIMPLIFIED CART;So;0;ON;;;;;N;;;;; +2ECC;CJK RADICAL SIMPLIFIED WALK;So;0;ON;;;;;N;;;;; +2ECD;CJK RADICAL WALK ONE;So;0;ON;;;;;N;;;;; +2ECE;CJK RADICAL WALK TWO;So;0;ON;;;;;N;;;;; +2ECF;CJK RADICAL CITY;So;0;ON;;;;;N;;;;; +2ED0;CJK RADICAL C-SIMPLIFIED GOLD;So;0;ON;;;;;N;;;;; +2ED1;CJK RADICAL LONG ONE;So;0;ON;;;;;N;;;;; +2ED2;CJK RADICAL LONG TWO;So;0;ON;;;;;N;;;;; +2ED3;CJK RADICAL C-SIMPLIFIED LONG;So;0;ON;;;;;N;;;;; +2ED4;CJK RADICAL C-SIMPLIFIED GATE;So;0;ON;;;;;N;;;;; +2ED5;CJK RADICAL MOUND ONE;So;0;ON;;;;;N;;;;; +2ED6;CJK RADICAL MOUND TWO;So;0;ON;;;;;N;;;;; +2ED7;CJK RADICAL RAIN;So;0;ON;;;;;N;;;;; +2ED8;CJK RADICAL BLUE;So;0;ON;;;;;N;;;;; +2ED9;CJK RADICAL C-SIMPLIFIED TANNED LEATHER;So;0;ON;;;;;N;;;;; +2EDA;CJK RADICAL C-SIMPLIFIED LEAF;So;0;ON;;;;;N;;;;; +2EDB;CJK RADICAL C-SIMPLIFIED WIND;So;0;ON;;;;;N;;;;; +2EDC;CJK RADICAL C-SIMPLIFIED FLY;So;0;ON;;;;;N;;;;; +2EDD;CJK RADICAL EAT ONE;So;0;ON;;;;;N;;;;; +2EDE;CJK RADICAL EAT TWO;So;0;ON;;;;;N;;;;; +2EDF;CJK RADICAL EAT THREE;So;0;ON;;;;;N;;;;; +2EE0;CJK RADICAL C-SIMPLIFIED EAT;So;0;ON;;;;;N;;;;; +2EE1;CJK RADICAL HEAD;So;0;ON;;;;;N;;;;; +2EE2;CJK RADICAL C-SIMPLIFIED HORSE;So;0;ON;;;;;N;;;;; +2EE3;CJK RADICAL BONE;So;0;ON;;;;;N;;;;; +2EE4;CJK RADICAL GHOST;So;0;ON;;;;;N;;;;; +2EE5;CJK RADICAL C-SIMPLIFIED FISH;So;0;ON;;;;;N;;;;; +2EE6;CJK RADICAL C-SIMPLIFIED BIRD;So;0;ON;;;;;N;;;;; +2EE7;CJK RADICAL C-SIMPLIFIED SALT;So;0;ON;;;;;N;;;;; +2EE8;CJK RADICAL SIMPLIFIED WHEAT;So;0;ON;;;;;N;;;;; +2EE9;CJK RADICAL SIMPLIFIED YELLOW;So;0;ON;;;;;N;;;;; +2EEA;CJK RADICAL C-SIMPLIFIED FROG;So;0;ON;;;;;N;;;;; +2EEB;CJK RADICAL J-SIMPLIFIED EVEN;So;0;ON;;;;;N;;;;; +2EEC;CJK RADICAL C-SIMPLIFIED EVEN;So;0;ON;;;;;N;;;;; +2EED;CJK RADICAL J-SIMPLIFIED TOOTH;So;0;ON;;;;;N;;;;; +2EEE;CJK RADICAL C-SIMPLIFIED TOOTH;So;0;ON;;;;;N;;;;; +2EEF;CJK RADICAL J-SIMPLIFIED DRAGON;So;0;ON;;;;;N;;;;; +2EF0;CJK RADICAL C-SIMPLIFIED DRAGON;So;0;ON;;;;;N;;;;; +2EF1;CJK RADICAL TURTLE;So;0;ON;;;;;N;;;;; +2EF2;CJK RADICAL J-SIMPLIFIED TURTLE;So;0;ON;;;;;N;;;;; +2EF3;CJK RADICAL C-SIMPLIFIED TURTLE;So;0;ON; 9F9F;;;;N;;;;; +2F00;KANGXI RADICAL ONE;So;0;ON; 4E00;;;;N;;;;; +2F01;KANGXI RADICAL LINE;So;0;ON; 4E28;;;;N;;;;; +2F02;KANGXI RADICAL DOT;So;0;ON; 4E36;;;;N;;;;; +2F03;KANGXI RADICAL SLASH;So;0;ON; 4E3F;;;;N;;;;; +2F04;KANGXI RADICAL SECOND;So;0;ON; 4E59;;;;N;;;;; +2F05;KANGXI RADICAL HOOK;So;0;ON; 4E85;;;;N;;;;; +2F06;KANGXI RADICAL TWO;So;0;ON; 4E8C;;;;N;;;;; +2F07;KANGXI RADICAL LID;So;0;ON; 4EA0;;;;N;;;;; +2F08;KANGXI RADICAL MAN;So;0;ON; 4EBA;;;;N;;;;; +2F09;KANGXI RADICAL LEGS;So;0;ON; 513F;;;;N;;;;; +2F0A;KANGXI RADICAL ENTER;So;0;ON; 5165;;;;N;;;;; +2F0B;KANGXI RADICAL EIGHT;So;0;ON; 516B;;;;N;;;;; +2F0C;KANGXI RADICAL DOWN BOX;So;0;ON; 5182;;;;N;;;;; +2F0D;KANGXI RADICAL COVER;So;0;ON; 5196;;;;N;;;;; +2F0E;KANGXI RADICAL ICE;So;0;ON; 51AB;;;;N;;;;; +2F0F;KANGXI RADICAL TABLE;So;0;ON; 51E0;;;;N;;;;; +2F10;KANGXI RADICAL OPEN BOX;So;0;ON; 51F5;;;;N;;;;; +2F11;KANGXI RADICAL KNIFE;So;0;ON; 5200;;;;N;;;;; +2F12;KANGXI RADICAL POWER;So;0;ON; 529B;;;;N;;;;; +2F13;KANGXI RADICAL WRAP;So;0;ON; 52F9;;;;N;;;;; +2F14;KANGXI RADICAL SPOON;So;0;ON; 5315;;;;N;;;;; +2F15;KANGXI RADICAL RIGHT OPEN BOX;So;0;ON; 531A;;;;N;;;;; +2F16;KANGXI RADICAL HIDING ENCLOSURE;So;0;ON; 5338;;;;N;;;;; +2F17;KANGXI RADICAL TEN;So;0;ON; 5341;;;;N;;;;; +2F18;KANGXI RADICAL DIVINATION;So;0;ON; 535C;;;;N;;;;; +2F19;KANGXI RADICAL SEAL;So;0;ON; 5369;;;;N;;;;; +2F1A;KANGXI RADICAL CLIFF;So;0;ON; 5382;;;;N;;;;; +2F1B;KANGXI RADICAL PRIVATE;So;0;ON; 53B6;;;;N;;;;; +2F1C;KANGXI RADICAL AGAIN;So;0;ON; 53C8;;;;N;;;;; +2F1D;KANGXI RADICAL MOUTH;So;0;ON; 53E3;;;;N;;;;; +2F1E;KANGXI RADICAL ENCLOSURE;So;0;ON; 56D7;;;;N;;;;; +2F1F;KANGXI RADICAL EARTH;So;0;ON; 571F;;;;N;;;;; +2F20;KANGXI RADICAL SCHOLAR;So;0;ON; 58EB;;;;N;;;;; +2F21;KANGXI RADICAL GO;So;0;ON; 5902;;;;N;;;;; +2F22;KANGXI RADICAL GO SLOWLY;So;0;ON; 590A;;;;N;;;;; +2F23;KANGXI RADICAL EVENING;So;0;ON; 5915;;;;N;;;;; +2F24;KANGXI RADICAL BIG;So;0;ON; 5927;;;;N;;;;; +2F25;KANGXI RADICAL WOMAN;So;0;ON; 5973;;;;N;;;;; +2F26;KANGXI RADICAL CHILD;So;0;ON; 5B50;;;;N;;;;; +2F27;KANGXI RADICAL ROOF;So;0;ON; 5B80;;;;N;;;;; +2F28;KANGXI RADICAL INCH;So;0;ON; 5BF8;;;;N;;;;; +2F29;KANGXI RADICAL SMALL;So;0;ON; 5C0F;;;;N;;;;; +2F2A;KANGXI RADICAL LAME;So;0;ON; 5C22;;;;N;;;;; +2F2B;KANGXI RADICAL CORPSE;So;0;ON; 5C38;;;;N;;;;; +2F2C;KANGXI RADICAL SPROUT;So;0;ON; 5C6E;;;;N;;;;; +2F2D;KANGXI RADICAL MOUNTAIN;So;0;ON; 5C71;;;;N;;;;; +2F2E;KANGXI RADICAL RIVER;So;0;ON; 5DDB;;;;N;;;;; +2F2F;KANGXI RADICAL WORK;So;0;ON; 5DE5;;;;N;;;;; +2F30;KANGXI RADICAL ONESELF;So;0;ON; 5DF1;;;;N;;;;; +2F31;KANGXI RADICAL TURBAN;So;0;ON; 5DFE;;;;N;;;;; +2F32;KANGXI RADICAL DRY;So;0;ON; 5E72;;;;N;;;;; +2F33;KANGXI RADICAL SHORT THREAD;So;0;ON; 5E7A;;;;N;;;;; +2F34;KANGXI RADICAL DOTTED CLIFF;So;0;ON; 5E7F;;;;N;;;;; +2F35;KANGXI RADICAL LONG STRIDE;So;0;ON; 5EF4;;;;N;;;;; +2F36;KANGXI RADICAL TWO HANDS;So;0;ON; 5EFE;;;;N;;;;; +2F37;KANGXI RADICAL SHOOT;So;0;ON; 5F0B;;;;N;;;;; +2F38;KANGXI RADICAL BOW;So;0;ON; 5F13;;;;N;;;;; +2F39;KANGXI RADICAL SNOUT;So;0;ON; 5F50;;;;N;;;;; +2F3A;KANGXI RADICAL BRISTLE;So;0;ON; 5F61;;;;N;;;;; +2F3B;KANGXI RADICAL STEP;So;0;ON; 5F73;;;;N;;;;; +2F3C;KANGXI RADICAL HEART;So;0;ON; 5FC3;;;;N;;;;; +2F3D;KANGXI RADICAL HALBERD;So;0;ON; 6208;;;;N;;;;; +2F3E;KANGXI RADICAL DOOR;So;0;ON; 6236;;;;N;;;;; +2F3F;KANGXI RADICAL HAND;So;0;ON; 624B;;;;N;;;;; +2F40;KANGXI RADICAL BRANCH;So;0;ON; 652F;;;;N;;;;; +2F41;KANGXI RADICAL RAP;So;0;ON; 6534;;;;N;;;;; +2F42;KANGXI RADICAL SCRIPT;So;0;ON; 6587;;;;N;;;;; +2F43;KANGXI RADICAL DIPPER;So;0;ON; 6597;;;;N;;;;; +2F44;KANGXI RADICAL AXE;So;0;ON; 65A4;;;;N;;;;; +2F45;KANGXI RADICAL SQUARE;So;0;ON; 65B9;;;;N;;;;; +2F46;KANGXI RADICAL NOT;So;0;ON; 65E0;;;;N;;;;; +2F47;KANGXI RADICAL SUN;So;0;ON; 65E5;;;;N;;;;; +2F48;KANGXI RADICAL SAY;So;0;ON; 66F0;;;;N;;;;; +2F49;KANGXI RADICAL MOON;So;0;ON; 6708;;;;N;;;;; +2F4A;KANGXI RADICAL TREE;So;0;ON; 6728;;;;N;;;;; +2F4B;KANGXI RADICAL LACK;So;0;ON; 6B20;;;;N;;;;; +2F4C;KANGXI RADICAL STOP;So;0;ON; 6B62;;;;N;;;;; +2F4D;KANGXI RADICAL DEATH;So;0;ON; 6B79;;;;N;;;;; +2F4E;KANGXI RADICAL WEAPON;So;0;ON; 6BB3;;;;N;;;;; +2F4F;KANGXI RADICAL DO NOT;So;0;ON; 6BCB;;;;N;;;;; +2F50;KANGXI RADICAL COMPARE;So;0;ON; 6BD4;;;;N;;;;; +2F51;KANGXI RADICAL FUR;So;0;ON; 6BDB;;;;N;;;;; +2F52;KANGXI RADICAL CLAN;So;0;ON; 6C0F;;;;N;;;;; +2F53;KANGXI RADICAL STEAM;So;0;ON; 6C14;;;;N;;;;; +2F54;KANGXI RADICAL WATER;So;0;ON; 6C34;;;;N;;;;; +2F55;KANGXI RADICAL FIRE;So;0;ON; 706B;;;;N;;;;; +2F56;KANGXI RADICAL CLAW;So;0;ON; 722A;;;;N;;;;; +2F57;KANGXI RADICAL FATHER;So;0;ON; 7236;;;;N;;;;; +2F58;KANGXI RADICAL DOUBLE X;So;0;ON; 723B;;;;N;;;;; +2F59;KANGXI RADICAL HALF TREE TRUNK;So;0;ON; 723F;;;;N;;;;; +2F5A;KANGXI RADICAL SLICE;So;0;ON; 7247;;;;N;;;;; +2F5B;KANGXI RADICAL FANG;So;0;ON; 7259;;;;N;;;;; +2F5C;KANGXI RADICAL COW;So;0;ON; 725B;;;;N;;;;; +2F5D;KANGXI RADICAL DOG;So;0;ON; 72AC;;;;N;;;;; +2F5E;KANGXI RADICAL PROFOUND;So;0;ON; 7384;;;;N;;;;; +2F5F;KANGXI RADICAL JADE;So;0;ON; 7389;;;;N;;;;; +2F60;KANGXI RADICAL MELON;So;0;ON; 74DC;;;;N;;;;; +2F61;KANGXI RADICAL TILE;So;0;ON; 74E6;;;;N;;;;; +2F62;KANGXI RADICAL SWEET;So;0;ON; 7518;;;;N;;;;; +2F63;KANGXI RADICAL LIFE;So;0;ON; 751F;;;;N;;;;; +2F64;KANGXI RADICAL USE;So;0;ON; 7528;;;;N;;;;; +2F65;KANGXI RADICAL FIELD;So;0;ON; 7530;;;;N;;;;; +2F66;KANGXI RADICAL BOLT OF CLOTH;So;0;ON; 758B;;;;N;;;;; +2F67;KANGXI RADICAL SICKNESS;So;0;ON; 7592;;;;N;;;;; +2F68;KANGXI RADICAL DOTTED TENT;So;0;ON; 7676;;;;N;;;;; +2F69;KANGXI RADICAL WHITE;So;0;ON; 767D;;;;N;;;;; +2F6A;KANGXI RADICAL SKIN;So;0;ON; 76AE;;;;N;;;;; +2F6B;KANGXI RADICAL DISH;So;0;ON; 76BF;;;;N;;;;; +2F6C;KANGXI RADICAL EYE;So;0;ON; 76EE;;;;N;;;;; +2F6D;KANGXI RADICAL SPEAR;So;0;ON; 77DB;;;;N;;;;; +2F6E;KANGXI RADICAL ARROW;So;0;ON; 77E2;;;;N;;;;; +2F6F;KANGXI RADICAL STONE;So;0;ON; 77F3;;;;N;;;;; +2F70;KANGXI RADICAL SPIRIT;So;0;ON; 793A;;;;N;;;;; +2F71;KANGXI RADICAL TRACK;So;0;ON; 79B8;;;;N;;;;; +2F72;KANGXI RADICAL GRAIN;So;0;ON; 79BE;;;;N;;;;; +2F73;KANGXI RADICAL CAVE;So;0;ON; 7A74;;;;N;;;;; +2F74;KANGXI RADICAL STAND;So;0;ON; 7ACB;;;;N;;;;; +2F75;KANGXI RADICAL BAMBOO;So;0;ON; 7AF9;;;;N;;;;; +2F76;KANGXI RADICAL RICE;So;0;ON; 7C73;;;;N;;;;; +2F77;KANGXI RADICAL SILK;So;0;ON; 7CF8;;;;N;;;;; +2F78;KANGXI RADICAL JAR;So;0;ON; 7F36;;;;N;;;;; +2F79;KANGXI RADICAL NET;So;0;ON; 7F51;;;;N;;;;; +2F7A;KANGXI RADICAL SHEEP;So;0;ON; 7F8A;;;;N;;;;; +2F7B;KANGXI RADICAL FEATHER;So;0;ON; 7FBD;;;;N;;;;; +2F7C;KANGXI RADICAL OLD;So;0;ON; 8001;;;;N;;;;; +2F7D;KANGXI RADICAL AND;So;0;ON; 800C;;;;N;;;;; +2F7E;KANGXI RADICAL PLOW;So;0;ON; 8012;;;;N;;;;; +2F7F;KANGXI RADICAL EAR;So;0;ON; 8033;;;;N;;;;; +2F80;KANGXI RADICAL BRUSH;So;0;ON; 807F;;;;N;;;;; +2F81;KANGXI RADICAL MEAT;So;0;ON; 8089;;;;N;;;;; +2F82;KANGXI RADICAL MINISTER;So;0;ON; 81E3;;;;N;;;;; +2F83;KANGXI RADICAL SELF;So;0;ON; 81EA;;;;N;;;;; +2F84;KANGXI RADICAL ARRIVE;So;0;ON; 81F3;;;;N;;;;; +2F85;KANGXI RADICAL MORTAR;So;0;ON; 81FC;;;;N;;;;; +2F86;KANGXI RADICAL TONGUE;So;0;ON; 820C;;;;N;;;;; +2F87;KANGXI RADICAL OPPOSE;So;0;ON; 821B;;;;N;;;;; +2F88;KANGXI RADICAL BOAT;So;0;ON; 821F;;;;N;;;;; +2F89;KANGXI RADICAL STOPPING;So;0;ON; 826E;;;;N;;;;; +2F8A;KANGXI RADICAL COLOR;So;0;ON; 8272;;;;N;;;;; +2F8B;KANGXI RADICAL GRASS;So;0;ON; 8278;;;;N;;;;; +2F8C;KANGXI RADICAL TIGER;So;0;ON; 864D;;;;N;;;;; +2F8D;KANGXI RADICAL INSECT;So;0;ON; 866B;;;;N;;;;; +2F8E;KANGXI RADICAL BLOOD;So;0;ON; 8840;;;;N;;;;; +2F8F;KANGXI RADICAL WALK ENCLOSURE;So;0;ON; 884C;;;;N;;;;; +2F90;KANGXI RADICAL CLOTHES;So;0;ON; 8863;;;;N;;;;; +2F91;KANGXI RADICAL WEST;So;0;ON; 897E;;;;N;;;;; +2F92;KANGXI RADICAL SEE;So;0;ON; 898B;;;;N;;;;; +2F93;KANGXI RADICAL HORN;So;0;ON; 89D2;;;;N;;;;; +2F94;KANGXI RADICAL SPEECH;So;0;ON; 8A00;;;;N;;;;; +2F95;KANGXI RADICAL VALLEY;So;0;ON; 8C37;;;;N;;;;; +2F96;KANGXI RADICAL BEAN;So;0;ON; 8C46;;;;N;;;;; +2F97;KANGXI RADICAL PIG;So;0;ON; 8C55;;;;N;;;;; +2F98;KANGXI RADICAL BADGER;So;0;ON; 8C78;;;;N;;;;; +2F99;KANGXI RADICAL SHELL;So;0;ON; 8C9D;;;;N;;;;; +2F9A;KANGXI RADICAL RED;So;0;ON; 8D64;;;;N;;;;; +2F9B;KANGXI RADICAL RUN;So;0;ON; 8D70;;;;N;;;;; +2F9C;KANGXI RADICAL FOOT;So;0;ON; 8DB3;;;;N;;;;; +2F9D;KANGXI RADICAL BODY;So;0;ON; 8EAB;;;;N;;;;; +2F9E;KANGXI RADICAL CART;So;0;ON; 8ECA;;;;N;;;;; +2F9F;KANGXI RADICAL BITTER;So;0;ON; 8F9B;;;;N;;;;; +2FA0;KANGXI RADICAL MORNING;So;0;ON; 8FB0;;;;N;;;;; +2FA1;KANGXI RADICAL WALK;So;0;ON; 8FB5;;;;N;;;;; +2FA2;KANGXI RADICAL CITY;So;0;ON; 9091;;;;N;;;;; +2FA3;KANGXI RADICAL WINE;So;0;ON; 9149;;;;N;;;;; +2FA4;KANGXI RADICAL DISTINGUISH;So;0;ON; 91C6;;;;N;;;;; +2FA5;KANGXI RADICAL VILLAGE;So;0;ON; 91CC;;;;N;;;;; +2FA6;KANGXI RADICAL GOLD;So;0;ON; 91D1;;;;N;;;;; +2FA7;KANGXI RADICAL LONG;So;0;ON; 9577;;;;N;;;;; +2FA8;KANGXI RADICAL GATE;So;0;ON; 9580;;;;N;;;;; +2FA9;KANGXI RADICAL MOUND;So;0;ON; 961C;;;;N;;;;; +2FAA;KANGXI RADICAL SLAVE;So;0;ON; 96B6;;;;N;;;;; +2FAB;KANGXI RADICAL SHORT TAILED BIRD;So;0;ON; 96B9;;;;N;;;;; +2FAC;KANGXI RADICAL RAIN;So;0;ON; 96E8;;;;N;;;;; +2FAD;KANGXI RADICAL BLUE;So;0;ON; 9751;;;;N;;;;; +2FAE;KANGXI RADICAL WRONG;So;0;ON; 975E;;;;N;;;;; +2FAF;KANGXI RADICAL FACE;So;0;ON; 9762;;;;N;;;;; +2FB0;KANGXI RADICAL LEATHER;So;0;ON; 9769;;;;N;;;;; +2FB1;KANGXI RADICAL TANNED LEATHER;So;0;ON; 97CB;;;;N;;;;; +2FB2;KANGXI RADICAL LEEK;So;0;ON; 97ED;;;;N;;;;; +2FB3;KANGXI RADICAL SOUND;So;0;ON; 97F3;;;;N;;;;; +2FB4;KANGXI RADICAL LEAF;So;0;ON; 9801;;;;N;;;;; +2FB5;KANGXI RADICAL WIND;So;0;ON; 98A8;;;;N;;;;; +2FB6;KANGXI RADICAL FLY;So;0;ON; 98DB;;;;N;;;;; +2FB7;KANGXI RADICAL EAT;So;0;ON; 98DF;;;;N;;;;; +2FB8;KANGXI RADICAL HEAD;So;0;ON; 9996;;;;N;;;;; +2FB9;KANGXI RADICAL FRAGRANT;So;0;ON; 9999;;;;N;;;;; +2FBA;KANGXI RADICAL HORSE;So;0;ON; 99AC;;;;N;;;;; +2FBB;KANGXI RADICAL BONE;So;0;ON; 9AA8;;;;N;;;;; +2FBC;KANGXI RADICAL TALL;So;0;ON; 9AD8;;;;N;;;;; +2FBD;KANGXI RADICAL HAIR;So;0;ON; 9ADF;;;;N;;;;; +2FBE;KANGXI RADICAL FIGHT;So;0;ON; 9B25;;;;N;;;;; +2FBF;KANGXI RADICAL SACRIFICIAL WINE;So;0;ON; 9B2F;;;;N;;;;; +2FC0;KANGXI RADICAL CAULDRON;So;0;ON; 9B32;;;;N;;;;; +2FC1;KANGXI RADICAL GHOST;So;0;ON; 9B3C;;;;N;;;;; +2FC2;KANGXI RADICAL FISH;So;0;ON; 9B5A;;;;N;;;;; +2FC3;KANGXI RADICAL BIRD;So;0;ON; 9CE5;;;;N;;;;; +2FC4;KANGXI RADICAL SALT;So;0;ON; 9E75;;;;N;;;;; +2FC5;KANGXI RADICAL DEER;So;0;ON; 9E7F;;;;N;;;;; +2FC6;KANGXI RADICAL WHEAT;So;0;ON; 9EA5;;;;N;;;;; +2FC7;KANGXI RADICAL HEMP;So;0;ON; 9EBB;;;;N;;;;; +2FC8;KANGXI RADICAL YELLOW;So;0;ON; 9EC3;;;;N;;;;; +2FC9;KANGXI RADICAL MILLET;So;0;ON; 9ECD;;;;N;;;;; +2FCA;KANGXI RADICAL BLACK;So;0;ON; 9ED1;;;;N;;;;; +2FCB;KANGXI RADICAL EMBROIDERY;So;0;ON; 9EF9;;;;N;;;;; +2FCC;KANGXI RADICAL FROG;So;0;ON; 9EFD;;;;N;;;;; +2FCD;KANGXI RADICAL TRIPOD;So;0;ON; 9F0E;;;;N;;;;; +2FCE;KANGXI RADICAL DRUM;So;0;ON; 9F13;;;;N;;;;; +2FCF;KANGXI RADICAL RAT;So;0;ON; 9F20;;;;N;;;;; +2FD0;KANGXI RADICAL NOSE;So;0;ON; 9F3B;;;;N;;;;; +2FD1;KANGXI RADICAL EVEN;So;0;ON; 9F4A;;;;N;;;;; +2FD2;KANGXI RADICAL TOOTH;So;0;ON; 9F52;;;;N;;;;; +2FD3;KANGXI RADICAL DRAGON;So;0;ON; 9F8D;;;;N;;;;; +2FD4;KANGXI RADICAL TURTLE;So;0;ON; 9F9C;;;;N;;;;; +2FD5;KANGXI RADICAL FLUTE;So;0;ON; 9FA0;;;;N;;;;; +2FF0;IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO RIGHT;So;0;ON;;;;;N;;;;; +2FF1;IDEOGRAPHIC DESCRIPTION CHARACTER ABOVE TO BELOW;So;0;ON;;;;;N;;;;; +2FF2;IDEOGRAPHIC DESCRIPTION CHARACTER LEFT TO MIDDLE AND RIGHT;So;0;ON;;;;;N;;;;; +2FF3;IDEOGRAPHIC DESCRIPTION CHARACTER ABOVE TO MIDDLE AND BELOW;So;0;ON;;;;;N;;;;; +2FF4;IDEOGRAPHIC DESCRIPTION CHARACTER FULL SURROUND;So;0;ON;;;;;N;;;;; +2FF5;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM ABOVE;So;0;ON;;;;;N;;;;; +2FF6;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM BELOW;So;0;ON;;;;;N;;;;; +2FF7;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM LEFT;So;0;ON;;;;;N;;;;; +2FF8;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM UPPER LEFT;So;0;ON;;;;;N;;;;; +2FF9;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM UPPER RIGHT;So;0;ON;;;;;N;;;;; +2FFA;IDEOGRAPHIC DESCRIPTION CHARACTER SURROUND FROM LOWER LEFT;So;0;ON;;;;;N;;;;; +2FFB;IDEOGRAPHIC DESCRIPTION CHARACTER OVERLAID;So;0;ON;;;;;N;;;;; +3000;IDEOGRAPHIC SPACE;Zs;0;WS; 0020;;;;N;;;;; +3001;IDEOGRAPHIC COMMA;Po;0;ON;;;;;N;;;;; +3002;IDEOGRAPHIC FULL STOP;Po;0;ON;;;;;N;IDEOGRAPHIC PERIOD;;;; +3003;DITTO MARK;Po;0;ON;;;;;N;;;;; +3004;JAPANESE INDUSTRIAL STANDARD SYMBOL;So;0;ON;;;;;N;;;;; +3005;IDEOGRAPHIC ITERATION MARK;Lm;0;L;;;;;N;;;;; +3006;IDEOGRAPHIC CLOSING MARK;Lo;0;L;;;;;N;;;;; +3007;IDEOGRAPHIC NUMBER ZERO;Nl;0;L;;;;0;N;;;;; +3008;LEFT ANGLE BRACKET;Ps;0;ON;;;;;Y;OPENING ANGLE BRACKET;;;; +3009;RIGHT ANGLE BRACKET;Pe;0;ON;;;;;Y;CLOSING ANGLE BRACKET;;;; +300A;LEFT DOUBLE ANGLE BRACKET;Ps;0;ON;;;;;Y;OPENING DOUBLE ANGLE BRACKET;;;; +300B;RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON;;;;;Y;CLOSING DOUBLE ANGLE BRACKET;;;; +300C;LEFT CORNER BRACKET;Ps;0;ON;;;;;Y;OPENING CORNER BRACKET;;;; +300D;RIGHT CORNER BRACKET;Pe;0;ON;;;;;Y;CLOSING CORNER BRACKET;;;; +300E;LEFT WHITE CORNER BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE CORNER BRACKET;;;; +300F;RIGHT WHITE CORNER BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE CORNER BRACKET;;;; +3010;LEFT BLACK LENTICULAR BRACKET;Ps;0;ON;;;;;Y;OPENING BLACK LENTICULAR BRACKET;;;; +3011;RIGHT BLACK LENTICULAR BRACKET;Pe;0;ON;;;;;Y;CLOSING BLACK LENTICULAR BRACKET;;;; +3012;POSTAL MARK;So;0;ON;;;;;N;;;;; +3013;GETA MARK;So;0;ON;;;;;N;;;;; +3014;LEFT TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;OPENING TORTOISE SHELL BRACKET;;;; +3015;RIGHT TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;CLOSING TORTOISE SHELL BRACKET;;;; +3016;LEFT WHITE LENTICULAR BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE LENTICULAR BRACKET;;;; +3017;RIGHT WHITE LENTICULAR BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE LENTICULAR BRACKET;;;; +3018;LEFT WHITE TORTOISE SHELL BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE TORTOISE SHELL BRACKET;;;; +3019;RIGHT WHITE TORTOISE SHELL BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE TORTOISE SHELL BRACKET;;;; +301A;LEFT WHITE SQUARE BRACKET;Ps;0;ON;;;;;Y;OPENING WHITE SQUARE BRACKET;;;; +301B;RIGHT WHITE SQUARE BRACKET;Pe;0;ON;;;;;Y;CLOSING WHITE SQUARE BRACKET;;;; +301C;WAVE DASH;Pd;0;ON;;;;;N;;;;; +301D;REVERSED DOUBLE PRIME QUOTATION MARK;Ps;0;ON;;;;;N;;;;; +301E;DOUBLE PRIME QUOTATION MARK;Pe;0;ON;;;;;N;;;;; +301F;LOW DOUBLE PRIME QUOTATION MARK;Pe;0;ON;;;;;N;;;;; +3020;POSTAL MARK FACE;So;0;ON;;;;;N;;;;; +3021;HANGZHOU NUMERAL ONE;Nl;0;L;;;;1;N;;;;; +3022;HANGZHOU NUMERAL TWO;Nl;0;L;;;;2;N;;;;; +3023;HANGZHOU NUMERAL THREE;Nl;0;L;;;;3;N;;;;; +3024;HANGZHOU NUMERAL FOUR;Nl;0;L;;;;4;N;;;;; +3025;HANGZHOU NUMERAL FIVE;Nl;0;L;;;;5;N;;;;; +3026;HANGZHOU NUMERAL SIX;Nl;0;L;;;;6;N;;;;; +3027;HANGZHOU NUMERAL SEVEN;Nl;0;L;;;;7;N;;;;; +3028;HANGZHOU NUMERAL EIGHT;Nl;0;L;;;;8;N;;;;; +3029;HANGZHOU NUMERAL NINE;Nl;0;L;;;;9;N;;;;; +302A;IDEOGRAPHIC LEVEL TONE MARK;Mn;218;NSM;;;;;N;;;;; +302B;IDEOGRAPHIC RISING TONE MARK;Mn;228;NSM;;;;;N;;;;; +302C;IDEOGRAPHIC DEPARTING TONE MARK;Mn;232;NSM;;;;;N;;;;; +302D;IDEOGRAPHIC ENTERING TONE MARK;Mn;222;NSM;;;;;N;;;;; +302E;HANGUL SINGLE DOT TONE MARK;Mn;224;NSM;;;;;N;;;;; +302F;HANGUL DOUBLE DOT TONE MARK;Mn;224;NSM;;;;;N;;;;; +3030;WAVY DASH;Pd;0;ON;;;;;N;;;;; +3031;VERTICAL KANA REPEAT MARK;Lm;0;L;;;;;N;;;;; +3032;VERTICAL KANA REPEAT WITH VOICED SOUND MARK;Lm;0;L;;;;;N;;;;; +3033;VERTICAL KANA REPEAT MARK UPPER HALF;Lm;0;L;;;;;N;;;;; +3034;VERTICAL KANA REPEAT WITH VOICED SOUND MARK UPPER HALF;Lm;0;L;;;;;N;;;;; +3035;VERTICAL KANA REPEAT MARK LOWER HALF;Lm;0;L;;;;;N;;;;; +3036;CIRCLED POSTAL MARK;So;0;ON; 3012;;;;N;;;;; +3037;IDEOGRAPHIC TELEGRAPH LINE FEED SEPARATOR SYMBOL;So;0;ON;;;;;N;;;;; +3038;HANGZHOU NUMERAL TEN;Nl;0;L; 5341;;;10;N;;;;; +3039;HANGZHOU NUMERAL TWENTY;Nl;0;L; 5344;;;20;N;;;;; +303A;HANGZHOU NUMERAL THIRTY;Nl;0;L; 5345;;;30;N;;;;; +303B;VERTICAL IDEOGRAPHIC ITERATION MARK;Lm;0;L;;;;;N;;;;; +303C;MASU MARK;Lo;0;L;;;;;N;;;;; +303D;PART ALTERNATION MARK;Po;0;ON;;;;;N;;;;; +303E;IDEOGRAPHIC VARIATION INDICATOR;So;0;ON;;;;;N;;;;; +303F;IDEOGRAPHIC HALF FILL SPACE;So;0;ON;;;;;N;;;;; +3041;HIRAGANA LETTER SMALL A;Lo;0;L;;;;;N;;;;; +3042;HIRAGANA LETTER A;Lo;0;L;;;;;N;;;;; +3043;HIRAGANA LETTER SMALL I;Lo;0;L;;;;;N;;;;; +3044;HIRAGANA LETTER I;Lo;0;L;;;;;N;;;;; +3045;HIRAGANA LETTER SMALL U;Lo;0;L;;;;;N;;;;; +3046;HIRAGANA LETTER U;Lo;0;L;;;;;N;;;;; +3047;HIRAGANA LETTER SMALL E;Lo;0;L;;;;;N;;;;; +3048;HIRAGANA LETTER E;Lo;0;L;;;;;N;;;;; +3049;HIRAGANA LETTER SMALL O;Lo;0;L;;;;;N;;;;; +304A;HIRAGANA LETTER O;Lo;0;L;;;;;N;;;;; +304B;HIRAGANA LETTER KA;Lo;0;L;;;;;N;;;;; +304C;HIRAGANA LETTER GA;Lo;0;L;304B 3099;;;;N;;;;; +304D;HIRAGANA LETTER KI;Lo;0;L;;;;;N;;;;; +304E;HIRAGANA LETTER GI;Lo;0;L;304D 3099;;;;N;;;;; +304F;HIRAGANA LETTER KU;Lo;0;L;;;;;N;;;;; +3050;HIRAGANA LETTER GU;Lo;0;L;304F 3099;;;;N;;;;; +3051;HIRAGANA LETTER KE;Lo;0;L;;;;;N;;;;; +3052;HIRAGANA LETTER GE;Lo;0;L;3051 3099;;;;N;;;;; +3053;HIRAGANA LETTER KO;Lo;0;L;;;;;N;;;;; +3054;HIRAGANA LETTER GO;Lo;0;L;3053 3099;;;;N;;;;; +3055;HIRAGANA LETTER SA;Lo;0;L;;;;;N;;;;; +3056;HIRAGANA LETTER ZA;Lo;0;L;3055 3099;;;;N;;;;; +3057;HIRAGANA LETTER SI;Lo;0;L;;;;;N;;;;; +3058;HIRAGANA LETTER ZI;Lo;0;L;3057 3099;;;;N;;;;; +3059;HIRAGANA LETTER SU;Lo;0;L;;;;;N;;;;; +305A;HIRAGANA LETTER ZU;Lo;0;L;3059 3099;;;;N;;;;; +305B;HIRAGANA LETTER SE;Lo;0;L;;;;;N;;;;; +305C;HIRAGANA LETTER ZE;Lo;0;L;305B 3099;;;;N;;;;; +305D;HIRAGANA LETTER SO;Lo;0;L;;;;;N;;;;; +305E;HIRAGANA LETTER ZO;Lo;0;L;305D 3099;;;;N;;;;; +305F;HIRAGANA LETTER TA;Lo;0;L;;;;;N;;;;; +3060;HIRAGANA LETTER DA;Lo;0;L;305F 3099;;;;N;;;;; +3061;HIRAGANA LETTER TI;Lo;0;L;;;;;N;;;;; +3062;HIRAGANA LETTER DI;Lo;0;L;3061 3099;;;;N;;;;; +3063;HIRAGANA LETTER SMALL TU;Lo;0;L;;;;;N;;;;; +3064;HIRAGANA LETTER TU;Lo;0;L;;;;;N;;;;; +3065;HIRAGANA LETTER DU;Lo;0;L;3064 3099;;;;N;;;;; +3066;HIRAGANA LETTER TE;Lo;0;L;;;;;N;;;;; +3067;HIRAGANA LETTER DE;Lo;0;L;3066 3099;;;;N;;;;; +3068;HIRAGANA LETTER TO;Lo;0;L;;;;;N;;;;; +3069;HIRAGANA LETTER DO;Lo;0;L;3068 3099;;;;N;;;;; +306A;HIRAGANA LETTER NA;Lo;0;L;;;;;N;;;;; +306B;HIRAGANA LETTER NI;Lo;0;L;;;;;N;;;;; +306C;HIRAGANA LETTER NU;Lo;0;L;;;;;N;;;;; +306D;HIRAGANA LETTER NE;Lo;0;L;;;;;N;;;;; +306E;HIRAGANA LETTER NO;Lo;0;L;;;;;N;;;;; +306F;HIRAGANA LETTER HA;Lo;0;L;;;;;N;;;;; +3070;HIRAGANA LETTER BA;Lo;0;L;306F 3099;;;;N;;;;; +3071;HIRAGANA LETTER PA;Lo;0;L;306F 309A;;;;N;;;;; +3072;HIRAGANA LETTER HI;Lo;0;L;;;;;N;;;;; +3073;HIRAGANA LETTER BI;Lo;0;L;3072 3099;;;;N;;;;; +3074;HIRAGANA LETTER PI;Lo;0;L;3072 309A;;;;N;;;;; +3075;HIRAGANA LETTER HU;Lo;0;L;;;;;N;;;;; +3076;HIRAGANA LETTER BU;Lo;0;L;3075 3099;;;;N;;;;; +3077;HIRAGANA LETTER PU;Lo;0;L;3075 309A;;;;N;;;;; +3078;HIRAGANA LETTER HE;Lo;0;L;;;;;N;;;;; +3079;HIRAGANA LETTER BE;Lo;0;L;3078 3099;;;;N;;;;; +307A;HIRAGANA LETTER PE;Lo;0;L;3078 309A;;;;N;;;;; +307B;HIRAGANA LETTER HO;Lo;0;L;;;;;N;;;;; +307C;HIRAGANA LETTER BO;Lo;0;L;307B 3099;;;;N;;;;; +307D;HIRAGANA LETTER PO;Lo;0;L;307B 309A;;;;N;;;;; +307E;HIRAGANA LETTER MA;Lo;0;L;;;;;N;;;;; +307F;HIRAGANA LETTER MI;Lo;0;L;;;;;N;;;;; +3080;HIRAGANA LETTER MU;Lo;0;L;;;;;N;;;;; +3081;HIRAGANA LETTER ME;Lo;0;L;;;;;N;;;;; +3082;HIRAGANA LETTER MO;Lo;0;L;;;;;N;;;;; +3083;HIRAGANA LETTER SMALL YA;Lo;0;L;;;;;N;;;;; +3084;HIRAGANA LETTER YA;Lo;0;L;;;;;N;;;;; +3085;HIRAGANA LETTER SMALL YU;Lo;0;L;;;;;N;;;;; +3086;HIRAGANA LETTER YU;Lo;0;L;;;;;N;;;;; +3087;HIRAGANA LETTER SMALL YO;Lo;0;L;;;;;N;;;;; +3088;HIRAGANA LETTER YO;Lo;0;L;;;;;N;;;;; +3089;HIRAGANA LETTER RA;Lo;0;L;;;;;N;;;;; +308A;HIRAGANA LETTER RI;Lo;0;L;;;;;N;;;;; +308B;HIRAGANA LETTER RU;Lo;0;L;;;;;N;;;;; +308C;HIRAGANA LETTER RE;Lo;0;L;;;;;N;;;;; +308D;HIRAGANA LETTER RO;Lo;0;L;;;;;N;;;;; +308E;HIRAGANA LETTER SMALL WA;Lo;0;L;;;;;N;;;;; +308F;HIRAGANA LETTER WA;Lo;0;L;;;;;N;;;;; +3090;HIRAGANA LETTER WI;Lo;0;L;;;;;N;;;;; +3091;HIRAGANA LETTER WE;Lo;0;L;;;;;N;;;;; +3092;HIRAGANA LETTER WO;Lo;0;L;;;;;N;;;;; +3093;HIRAGANA LETTER N;Lo;0;L;;;;;N;;;;; +3094;HIRAGANA LETTER VU;Lo;0;L;3046 3099;;;;N;;;;; +3095;HIRAGANA LETTER SMALL KA;Lo;0;L;;;;;N;;;;; +3096;HIRAGANA LETTER SMALL KE;Lo;0;L;;;;;N;;;;; +3099;COMBINING KATAKANA-HIRAGANA VOICED SOUND MARK;Mn;8;NSM;;;;;N;NON-SPACING KATAKANA-HIRAGANA VOICED SOUND MARK;;;; +309A;COMBINING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;Mn;8;NSM;;;;;N;NON-SPACING KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;;;; +309B;KATAKANA-HIRAGANA VOICED SOUND MARK;Sk;0;ON; 0020 3099;;;;N;;;;; +309C;KATAKANA-HIRAGANA SEMI-VOICED SOUND MARK;Sk;0;ON; 0020 309A;;;;N;;;;; +309D;HIRAGANA ITERATION MARK;Lm;0;L;;;;;N;;;;; +309E;HIRAGANA VOICED ITERATION MARK;Lm;0;L;309D 3099;;;;N;;;;; +309F;HIRAGANA DIGRAPH YORI;Lo;0;L; 3088 308A;;;;N;;;;; +30A0;KATAKANA-HIRAGANA DOUBLE HYPHEN;Pd;0;ON;;;;;N;;;;; +30A1;KATAKANA LETTER SMALL A;Lo;0;L;;;;;N;;;;; +30A2;KATAKANA LETTER A;Lo;0;L;;;;;N;;;;; +30A3;KATAKANA LETTER SMALL I;Lo;0;L;;;;;N;;;;; +30A4;KATAKANA LETTER I;Lo;0;L;;;;;N;;;;; +30A5;KATAKANA LETTER SMALL U;Lo;0;L;;;;;N;;;;; +30A6;KATAKANA LETTER U;Lo;0;L;;;;;N;;;;; +30A7;KATAKANA LETTER SMALL E;Lo;0;L;;;;;N;;;;; +30A8;KATAKANA LETTER E;Lo;0;L;;;;;N;;;;; +30A9;KATAKANA LETTER SMALL O;Lo;0;L;;;;;N;;;;; +30AA;KATAKANA LETTER O;Lo;0;L;;;;;N;;;;; +30AB;KATAKANA LETTER KA;Lo;0;L;;;;;N;;;;; +30AC;KATAKANA LETTER GA;Lo;0;L;30AB 3099;;;;N;;;;; +30AD;KATAKANA LETTER KI;Lo;0;L;;;;;N;;;;; +30AE;KATAKANA LETTER GI;Lo;0;L;30AD 3099;;;;N;;;;; +30AF;KATAKANA LETTER KU;Lo;0;L;;;;;N;;;;; +30B0;KATAKANA LETTER GU;Lo;0;L;30AF 3099;;;;N;;;;; +30B1;KATAKANA LETTER KE;Lo;0;L;;;;;N;;;;; +30B2;KATAKANA LETTER GE;Lo;0;L;30B1 3099;;;;N;;;;; +30B3;KATAKANA LETTER KO;Lo;0;L;;;;;N;;;;; +30B4;KATAKANA LETTER GO;Lo;0;L;30B3 3099;;;;N;;;;; +30B5;KATAKANA LETTER SA;Lo;0;L;;;;;N;;;;; +30B6;KATAKANA LETTER ZA;Lo;0;L;30B5 3099;;;;N;;;;; +30B7;KATAKANA LETTER SI;Lo;0;L;;;;;N;;;;; +30B8;KATAKANA LETTER ZI;Lo;0;L;30B7 3099;;;;N;;;;; +30B9;KATAKANA LETTER SU;Lo;0;L;;;;;N;;;;; +30BA;KATAKANA LETTER ZU;Lo;0;L;30B9 3099;;;;N;;;;; +30BB;KATAKANA LETTER SE;Lo;0;L;;;;;N;;;;; +30BC;KATAKANA LETTER ZE;Lo;0;L;30BB 3099;;;;N;;;;; +30BD;KATAKANA LETTER SO;Lo;0;L;;;;;N;;;;; +30BE;KATAKANA LETTER ZO;Lo;0;L;30BD 3099;;;;N;;;;; +30BF;KATAKANA LETTER TA;Lo;0;L;;;;;N;;;;; +30C0;KATAKANA LETTER DA;Lo;0;L;30BF 3099;;;;N;;;;; +30C1;KATAKANA LETTER TI;Lo;0;L;;;;;N;;;;; +30C2;KATAKANA LETTER DI;Lo;0;L;30C1 3099;;;;N;;;;; +30C3;KATAKANA LETTER SMALL TU;Lo;0;L;;;;;N;;;;; +30C4;KATAKANA LETTER TU;Lo;0;L;;;;;N;;;;; +30C5;KATAKANA LETTER DU;Lo;0;L;30C4 3099;;;;N;;;;; +30C6;KATAKANA LETTER TE;Lo;0;L;;;;;N;;;;; +30C7;KATAKANA LETTER DE;Lo;0;L;30C6 3099;;;;N;;;;; +30C8;KATAKANA LETTER TO;Lo;0;L;;;;;N;;;;; +30C9;KATAKANA LETTER DO;Lo;0;L;30C8 3099;;;;N;;;;; +30CA;KATAKANA LETTER NA;Lo;0;L;;;;;N;;;;; +30CB;KATAKANA LETTER NI;Lo;0;L;;;;;N;;;;; +30CC;KATAKANA LETTER NU;Lo;0;L;;;;;N;;;;; +30CD;KATAKANA LETTER NE;Lo;0;L;;;;;N;;;;; +30CE;KATAKANA LETTER NO;Lo;0;L;;;;;N;;;;; +30CF;KATAKANA LETTER HA;Lo;0;L;;;;;N;;;;; +30D0;KATAKANA LETTER BA;Lo;0;L;30CF 3099;;;;N;;;;; +30D1;KATAKANA LETTER PA;Lo;0;L;30CF 309A;;;;N;;;;; +30D2;KATAKANA LETTER HI;Lo;0;L;;;;;N;;;;; +30D3;KATAKANA LETTER BI;Lo;0;L;30D2 3099;;;;N;;;;; +30D4;KATAKANA LETTER PI;Lo;0;L;30D2 309A;;;;N;;;;; +30D5;KATAKANA LETTER HU;Lo;0;L;;;;;N;;;;; +30D6;KATAKANA LETTER BU;Lo;0;L;30D5 3099;;;;N;;;;; +30D7;KATAKANA LETTER PU;Lo;0;L;30D5 309A;;;;N;;;;; +30D8;KATAKANA LETTER HE;Lo;0;L;;;;;N;;;;; +30D9;KATAKANA LETTER BE;Lo;0;L;30D8 3099;;;;N;;;;; +30DA;KATAKANA LETTER PE;Lo;0;L;30D8 309A;;;;N;;;;; +30DB;KATAKANA LETTER HO;Lo;0;L;;;;;N;;;;; +30DC;KATAKANA LETTER BO;Lo;0;L;30DB 3099;;;;N;;;;; +30DD;KATAKANA LETTER PO;Lo;0;L;30DB 309A;;;;N;;;;; +30DE;KATAKANA LETTER MA;Lo;0;L;;;;;N;;;;; +30DF;KATAKANA LETTER MI;Lo;0;L;;;;;N;;;;; +30E0;KATAKANA LETTER MU;Lo;0;L;;;;;N;;;;; +30E1;KATAKANA LETTER ME;Lo;0;L;;;;;N;;;;; +30E2;KATAKANA LETTER MO;Lo;0;L;;;;;N;;;;; +30E3;KATAKANA LETTER SMALL YA;Lo;0;L;;;;;N;;;;; +30E4;KATAKANA LETTER YA;Lo;0;L;;;;;N;;;;; +30E5;KATAKANA LETTER SMALL YU;Lo;0;L;;;;;N;;;;; +30E6;KATAKANA LETTER YU;Lo;0;L;;;;;N;;;;; +30E7;KATAKANA LETTER SMALL YO;Lo;0;L;;;;;N;;;;; +30E8;KATAKANA LETTER YO;Lo;0;L;;;;;N;;;;; +30E9;KATAKANA LETTER RA;Lo;0;L;;;;;N;;;;; +30EA;KATAKANA LETTER RI;Lo;0;L;;;;;N;;;;; +30EB;KATAKANA LETTER RU;Lo;0;L;;;;;N;;;;; +30EC;KATAKANA LETTER RE;Lo;0;L;;;;;N;;;;; +30ED;KATAKANA LETTER RO;Lo;0;L;;;;;N;;;;; +30EE;KATAKANA LETTER SMALL WA;Lo;0;L;;;;;N;;;;; +30EF;KATAKANA LETTER WA;Lo;0;L;;;;;N;;;;; +30F0;KATAKANA LETTER WI;Lo;0;L;;;;;N;;;;; +30F1;KATAKANA LETTER WE;Lo;0;L;;;;;N;;;;; +30F2;KATAKANA LETTER WO;Lo;0;L;;;;;N;;;;; +30F3;KATAKANA LETTER N;Lo;0;L;;;;;N;;;;; +30F4;KATAKANA LETTER VU;Lo;0;L;30A6 3099;;;;N;;;;; +30F5;KATAKANA LETTER SMALL KA;Lo;0;L;;;;;N;;;;; +30F6;KATAKANA LETTER SMALL KE;Lo;0;L;;;;;N;;;;; +30F7;KATAKANA LETTER VA;Lo;0;L;30EF 3099;;;;N;;;;; +30F8;KATAKANA LETTER VI;Lo;0;L;30F0 3099;;;;N;;;;; +30F9;KATAKANA LETTER VE;Lo;0;L;30F1 3099;;;;N;;;;; +30FA;KATAKANA LETTER VO;Lo;0;L;30F2 3099;;;;N;;;;; +30FB;KATAKANA MIDDLE DOT;Pc;0;ON;;;;;N;;;;; +30FC;KATAKANA-HIRAGANA PROLONGED SOUND MARK;Lm;0;L;;;;;N;;;;; +30FD;KATAKANA ITERATION MARK;Lm;0;L;;;;;N;;;;; +30FE;KATAKANA VOICED ITERATION MARK;Lm;0;L;30FD 3099;;;;N;;;;; +30FF;KATAKANA DIGRAPH KOTO;Lo;0;L; 30B3 30C8;;;;N;;;;; +3105;BOPOMOFO LETTER B;Lo;0;L;;;;;N;;;;; +3106;BOPOMOFO LETTER P;Lo;0;L;;;;;N;;;;; +3107;BOPOMOFO LETTER M;Lo;0;L;;;;;N;;;;; +3108;BOPOMOFO LETTER F;Lo;0;L;;;;;N;;;;; +3109;BOPOMOFO LETTER D;Lo;0;L;;;;;N;;;;; +310A;BOPOMOFO LETTER T;Lo;0;L;;;;;N;;;;; +310B;BOPOMOFO LETTER N;Lo;0;L;;;;;N;;;;; +310C;BOPOMOFO LETTER L;Lo;0;L;;;;;N;;;;; +310D;BOPOMOFO LETTER G;Lo;0;L;;;;;N;;;;; +310E;BOPOMOFO LETTER K;Lo;0;L;;;;;N;;;;; +310F;BOPOMOFO LETTER H;Lo;0;L;;;;;N;;;;; +3110;BOPOMOFO LETTER J;Lo;0;L;;;;;N;;;;; +3111;BOPOMOFO LETTER Q;Lo;0;L;;;;;N;;;;; +3112;BOPOMOFO LETTER X;Lo;0;L;;;;;N;;;;; +3113;BOPOMOFO LETTER ZH;Lo;0;L;;;;;N;;;;; +3114;BOPOMOFO LETTER CH;Lo;0;L;;;;;N;;;;; +3115;BOPOMOFO LETTER SH;Lo;0;L;;;;;N;;;;; +3116;BOPOMOFO LETTER R;Lo;0;L;;;;;N;;;;; +3117;BOPOMOFO LETTER Z;Lo;0;L;;;;;N;;;;; +3118;BOPOMOFO LETTER C;Lo;0;L;;;;;N;;;;; +3119;BOPOMOFO LETTER S;Lo;0;L;;;;;N;;;;; +311A;BOPOMOFO LETTER A;Lo;0;L;;;;;N;;;;; +311B;BOPOMOFO LETTER O;Lo;0;L;;;;;N;;;;; +311C;BOPOMOFO LETTER E;Lo;0;L;;;;;N;;;;; +311D;BOPOMOFO LETTER EH;Lo;0;L;;;;;N;;;;; +311E;BOPOMOFO LETTER AI;Lo;0;L;;;;;N;;;;; +311F;BOPOMOFO LETTER EI;Lo;0;L;;;;;N;;;;; +3120;BOPOMOFO LETTER AU;Lo;0;L;;;;;N;;;;; +3121;BOPOMOFO LETTER OU;Lo;0;L;;;;;N;;;;; +3122;BOPOMOFO LETTER AN;Lo;0;L;;;;;N;;;;; +3123;BOPOMOFO LETTER EN;Lo;0;L;;;;;N;;;;; +3124;BOPOMOFO LETTER ANG;Lo;0;L;;;;;N;;;;; +3125;BOPOMOFO LETTER ENG;Lo;0;L;;;;;N;;;;; +3126;BOPOMOFO LETTER ER;Lo;0;L;;;;;N;;;;; +3127;BOPOMOFO LETTER I;Lo;0;L;;;;;N;;;;; +3128;BOPOMOFO LETTER U;Lo;0;L;;;;;N;;;;; +3129;BOPOMOFO LETTER IU;Lo;0;L;;;;;N;;;;; +312A;BOPOMOFO LETTER V;Lo;0;L;;;;;N;;;;; +312B;BOPOMOFO LETTER NG;Lo;0;L;;;;;N;;;;; +312C;BOPOMOFO LETTER GN;Lo;0;L;;;;;N;;;;; +3131;HANGUL LETTER KIYEOK;Lo;0;L; 1100;;;;N;HANGUL LETTER GIYEOG;;;; +3132;HANGUL LETTER SSANGKIYEOK;Lo;0;L; 1101;;;;N;HANGUL LETTER SSANG GIYEOG;;;; +3133;HANGUL LETTER KIYEOK-SIOS;Lo;0;L; 11AA;;;;N;HANGUL LETTER GIYEOG SIOS;;;; +3134;HANGUL LETTER NIEUN;Lo;0;L; 1102;;;;N;;;;; +3135;HANGUL LETTER NIEUN-CIEUC;Lo;0;L; 11AC;;;;N;HANGUL LETTER NIEUN JIEUJ;;;; +3136;HANGUL LETTER NIEUN-HIEUH;Lo;0;L; 11AD;;;;N;HANGUL LETTER NIEUN HIEUH;;;; +3137;HANGUL LETTER TIKEUT;Lo;0;L; 1103;;;;N;HANGUL LETTER DIGEUD;;;; +3138;HANGUL LETTER SSANGTIKEUT;Lo;0;L; 1104;;;;N;HANGUL LETTER SSANG DIGEUD;;;; +3139;HANGUL LETTER RIEUL;Lo;0;L; 1105;;;;N;HANGUL LETTER LIEUL;;;; +313A;HANGUL LETTER RIEUL-KIYEOK;Lo;0;L; 11B0;;;;N;HANGUL LETTER LIEUL GIYEOG;;;; +313B;HANGUL LETTER RIEUL-MIEUM;Lo;0;L; 11B1;;;;N;HANGUL LETTER LIEUL MIEUM;;;; +313C;HANGUL LETTER RIEUL-PIEUP;Lo;0;L; 11B2;;;;N;HANGUL LETTER LIEUL BIEUB;;;; +313D;HANGUL LETTER RIEUL-SIOS;Lo;0;L; 11B3;;;;N;HANGUL LETTER LIEUL SIOS;;;; +313E;HANGUL LETTER RIEUL-THIEUTH;Lo;0;L; 11B4;;;;N;HANGUL LETTER LIEUL TIEUT;;;; +313F;HANGUL LETTER RIEUL-PHIEUPH;Lo;0;L; 11B5;;;;N;HANGUL LETTER LIEUL PIEUP;;;; +3140;HANGUL LETTER RIEUL-HIEUH;Lo;0;L; 111A;;;;N;HANGUL LETTER LIEUL HIEUH;;;; +3141;HANGUL LETTER MIEUM;Lo;0;L; 1106;;;;N;;;;; +3142;HANGUL LETTER PIEUP;Lo;0;L; 1107;;;;N;HANGUL LETTER BIEUB;;;; +3143;HANGUL LETTER SSANGPIEUP;Lo;0;L; 1108;;;;N;HANGUL LETTER SSANG BIEUB;;;; +3144;HANGUL LETTER PIEUP-SIOS;Lo;0;L; 1121;;;;N;HANGUL LETTER BIEUB SIOS;;;; +3145;HANGUL LETTER SIOS;Lo;0;L; 1109;;;;N;;;;; +3146;HANGUL LETTER SSANGSIOS;Lo;0;L; 110A;;;;N;HANGUL LETTER SSANG SIOS;;;; +3147;HANGUL LETTER IEUNG;Lo;0;L; 110B;;;;N;;;;; +3148;HANGUL LETTER CIEUC;Lo;0;L; 110C;;;;N;HANGUL LETTER JIEUJ;;;; +3149;HANGUL LETTER SSANGCIEUC;Lo;0;L; 110D;;;;N;HANGUL LETTER SSANG JIEUJ;;;; +314A;HANGUL LETTER CHIEUCH;Lo;0;L; 110E;;;;N;HANGUL LETTER CIEUC;;;; +314B;HANGUL LETTER KHIEUKH;Lo;0;L; 110F;;;;N;HANGUL LETTER KIYEOK;;;; +314C;HANGUL LETTER THIEUTH;Lo;0;L; 1110;;;;N;HANGUL LETTER TIEUT;;;; +314D;HANGUL LETTER PHIEUPH;Lo;0;L; 1111;;;;N;HANGUL LETTER PIEUP;;;; +314E;HANGUL LETTER HIEUH;Lo;0;L; 1112;;;;N;;;;; +314F;HANGUL LETTER A;Lo;0;L; 1161;;;;N;;;;; +3150;HANGUL LETTER AE;Lo;0;L; 1162;;;;N;;;;; +3151;HANGUL LETTER YA;Lo;0;L; 1163;;;;N;;;;; +3152;HANGUL LETTER YAE;Lo;0;L; 1164;;;;N;;;;; +3153;HANGUL LETTER EO;Lo;0;L; 1165;;;;N;;;;; +3154;HANGUL LETTER E;Lo;0;L; 1166;;;;N;;;;; +3155;HANGUL LETTER YEO;Lo;0;L; 1167;;;;N;;;;; +3156;HANGUL LETTER YE;Lo;0;L; 1168;;;;N;;;;; +3157;HANGUL LETTER O;Lo;0;L; 1169;;;;N;;;;; +3158;HANGUL LETTER WA;Lo;0;L; 116A;;;;N;;;;; +3159;HANGUL LETTER WAE;Lo;0;L; 116B;;;;N;;;;; +315A;HANGUL LETTER OE;Lo;0;L; 116C;;;;N;;;;; +315B;HANGUL LETTER YO;Lo;0;L; 116D;;;;N;;;;; +315C;HANGUL LETTER U;Lo;0;L; 116E;;;;N;;;;; +315D;HANGUL LETTER WEO;Lo;0;L; 116F;;;;N;;;;; +315E;HANGUL LETTER WE;Lo;0;L; 1170;;;;N;;;;; +315F;HANGUL LETTER WI;Lo;0;L; 1171;;;;N;;;;; +3160;HANGUL LETTER YU;Lo;0;L; 1172;;;;N;;;;; +3161;HANGUL LETTER EU;Lo;0;L; 1173;;;;N;;;;; +3162;HANGUL LETTER YI;Lo;0;L; 1174;;;;N;;;;; +3163;HANGUL LETTER I;Lo;0;L; 1175;;;;N;;;;; +3164;HANGUL FILLER;Lo;0;L; 1160;;;;N;HANGUL CAE OM;;;; +3165;HANGUL LETTER SSANGNIEUN;Lo;0;L; 1114;;;;N;HANGUL LETTER SSANG NIEUN;;;; +3166;HANGUL LETTER NIEUN-TIKEUT;Lo;0;L; 1115;;;;N;HANGUL LETTER NIEUN DIGEUD;;;; +3167;HANGUL LETTER NIEUN-SIOS;Lo;0;L; 11C7;;;;N;HANGUL LETTER NIEUN SIOS;;;; +3168;HANGUL LETTER NIEUN-PANSIOS;Lo;0;L; 11C8;;;;N;HANGUL LETTER NIEUN BAN CHI EUM;;;; +3169;HANGUL LETTER RIEUL-KIYEOK-SIOS;Lo;0;L; 11CC;;;;N;HANGUL LETTER LIEUL GIYEOG SIOS;;;; +316A;HANGUL LETTER RIEUL-TIKEUT;Lo;0;L; 11CE;;;;N;HANGUL LETTER LIEUL DIGEUD;;;; +316B;HANGUL LETTER RIEUL-PIEUP-SIOS;Lo;0;L; 11D3;;;;N;HANGUL LETTER LIEUL BIEUB SIOS;;;; +316C;HANGUL LETTER RIEUL-PANSIOS;Lo;0;L; 11D7;;;;N;HANGUL LETTER LIEUL BAN CHI EUM;;;; +316D;HANGUL LETTER RIEUL-YEORINHIEUH;Lo;0;L; 11D9;;;;N;HANGUL LETTER LIEUL YEOLIN HIEUH;;;; +316E;HANGUL LETTER MIEUM-PIEUP;Lo;0;L; 111C;;;;N;HANGUL LETTER MIEUM BIEUB;;;; +316F;HANGUL LETTER MIEUM-SIOS;Lo;0;L; 11DD;;;;N;HANGUL LETTER MIEUM SIOS;;;; +3170;HANGUL LETTER MIEUM-PANSIOS;Lo;0;L; 11DF;;;;N;HANGUL LETTER BIEUB BAN CHI EUM;;;; +3171;HANGUL LETTER KAPYEOUNMIEUM;Lo;0;L; 111D;;;;N;HANGUL LETTER MIEUM SUN GYEONG EUM;;;; +3172;HANGUL LETTER PIEUP-KIYEOK;Lo;0;L; 111E;;;;N;HANGUL LETTER BIEUB GIYEOG;;;; +3173;HANGUL LETTER PIEUP-TIKEUT;Lo;0;L; 1120;;;;N;HANGUL LETTER BIEUB DIGEUD;;;; +3174;HANGUL LETTER PIEUP-SIOS-KIYEOK;Lo;0;L; 1122;;;;N;HANGUL LETTER BIEUB SIOS GIYEOG;;;; +3175;HANGUL LETTER PIEUP-SIOS-TIKEUT;Lo;0;L; 1123;;;;N;HANGUL LETTER BIEUB SIOS DIGEUD;;;; +3176;HANGUL LETTER PIEUP-CIEUC;Lo;0;L; 1127;;;;N;HANGUL LETTER BIEUB JIEUJ;;;; +3177;HANGUL LETTER PIEUP-THIEUTH;Lo;0;L; 1129;;;;N;HANGUL LETTER BIEUB TIEUT;;;; +3178;HANGUL LETTER KAPYEOUNPIEUP;Lo;0;L; 112B;;;;N;HANGUL LETTER BIEUB SUN GYEONG EUM;;;; +3179;HANGUL LETTER KAPYEOUNSSANGPIEUP;Lo;0;L; 112C;;;;N;HANGUL LETTER SSANG BIEUB SUN GYEONG EUM;;;; +317A;HANGUL LETTER SIOS-KIYEOK;Lo;0;L; 112D;;;;N;HANGUL LETTER SIOS GIYEOG;;;; +317B;HANGUL LETTER SIOS-NIEUN;Lo;0;L; 112E;;;;N;HANGUL LETTER SIOS NIEUN;;;; +317C;HANGUL LETTER SIOS-TIKEUT;Lo;0;L; 112F;;;;N;HANGUL LETTER SIOS DIGEUD;;;; +317D;HANGUL LETTER SIOS-PIEUP;Lo;0;L; 1132;;;;N;HANGUL LETTER SIOS BIEUB;;;; +317E;HANGUL LETTER SIOS-CIEUC;Lo;0;L; 1136;;;;N;HANGUL LETTER SIOS JIEUJ;;;; +317F;HANGUL LETTER PANSIOS;Lo;0;L; 1140;;;;N;HANGUL LETTER BAN CHI EUM;;;; +3180;HANGUL LETTER SSANGIEUNG;Lo;0;L; 1147;;;;N;HANGUL LETTER SSANG IEUNG;;;; +3181;HANGUL LETTER YESIEUNG;Lo;0;L; 114C;;;;N;HANGUL LETTER NGIEUNG;;;; +3182;HANGUL LETTER YESIEUNG-SIOS;Lo;0;L; 11F1;;;;N;HANGUL LETTER NGIEUNG SIOS;;;; +3183;HANGUL LETTER YESIEUNG-PANSIOS;Lo;0;L; 11F2;;;;N;HANGUL LETTER NGIEUNG BAN CHI EUM;;;; +3184;HANGUL LETTER KAPYEOUNPHIEUPH;Lo;0;L; 1157;;;;N;HANGUL LETTER PIEUP SUN GYEONG EUM;;;; +3185;HANGUL LETTER SSANGHIEUH;Lo;0;L; 1158;;;;N;HANGUL LETTER SSANG HIEUH;;;; +3186;HANGUL LETTER YEORINHIEUH;Lo;0;L; 1159;;;;N;HANGUL LETTER YEOLIN HIEUH;;;; +3187;HANGUL LETTER YO-YA;Lo;0;L; 1184;;;;N;HANGUL LETTER YOYA;;;; +3188;HANGUL LETTER YO-YAE;Lo;0;L; 1185;;;;N;HANGUL LETTER YOYAE;;;; +3189;HANGUL LETTER YO-I;Lo;0;L; 1188;;;;N;HANGUL LETTER YOI;;;; +318A;HANGUL LETTER YU-YEO;Lo;0;L; 1191;;;;N;HANGUL LETTER YUYEO;;;; +318B;HANGUL LETTER YU-YE;Lo;0;L; 1192;;;;N;HANGUL LETTER YUYE;;;; +318C;HANGUL LETTER YU-I;Lo;0;L; 1194;;;;N;HANGUL LETTER YUI;;;; +318D;HANGUL LETTER ARAEA;Lo;0;L; 119E;;;;N;HANGUL LETTER ALAE A;;;; +318E;HANGUL LETTER ARAEAE;Lo;0;L; 11A1;;;;N;HANGUL LETTER ALAE AE;;;; +3190;IDEOGRAPHIC ANNOTATION LINKING MARK;So;0;L;;;;;N;KANBUN TATETEN;Kanbun Tateten;;; +3191;IDEOGRAPHIC ANNOTATION REVERSE MARK;So;0;L;;;;;N;KAERITEN RE;Kaeriten;;; +3192;IDEOGRAPHIC ANNOTATION ONE MARK;No;0;L; 4E00;;;1;N;KAERITEN ITI;Kaeriten;;; +3193;IDEOGRAPHIC ANNOTATION TWO MARK;No;0;L; 4E8C;;;2;N;KAERITEN NI;Kaeriten;;; +3194;IDEOGRAPHIC ANNOTATION THREE MARK;No;0;L; 4E09;;;3;N;KAERITEN SAN;Kaeriten;;; +3195;IDEOGRAPHIC ANNOTATION FOUR MARK;No;0;L; 56DB;;;4;N;KAERITEN SI;Kaeriten;;; +3196;IDEOGRAPHIC ANNOTATION TOP MARK;So;0;L; 4E0A;;;;N;KAERITEN ZYOU;Kaeriten;;; +3197;IDEOGRAPHIC ANNOTATION MIDDLE MARK;So;0;L; 4E2D;;;;N;KAERITEN TYUU;Kaeriten;;; +3198;IDEOGRAPHIC ANNOTATION BOTTOM MARK;So;0;L; 4E0B;;;;N;KAERITEN GE;Kaeriten;;; +3199;IDEOGRAPHIC ANNOTATION FIRST MARK;So;0;L; 7532;;;;N;KAERITEN KOU;Kaeriten;;; +319A;IDEOGRAPHIC ANNOTATION SECOND MARK;So;0;L; 4E59;;;;N;KAERITEN OTU;Kaeriten;;; +319B;IDEOGRAPHIC ANNOTATION THIRD MARK;So;0;L; 4E19;;;;N;KAERITEN HEI;Kaeriten;;; +319C;IDEOGRAPHIC ANNOTATION FOURTH MARK;So;0;L; 4E01;;;;N;KAERITEN TEI;Kaeriten;;; +319D;IDEOGRAPHIC ANNOTATION HEAVEN MARK;So;0;L; 5929;;;;N;KAERITEN TEN;Kaeriten;;; +319E;IDEOGRAPHIC ANNOTATION EARTH MARK;So;0;L; 5730;;;;N;KAERITEN TI;Kaeriten;;; +319F;IDEOGRAPHIC ANNOTATION MAN MARK;So;0;L; 4EBA;;;;N;KAERITEN ZIN;Kaeriten;;; +31A0;BOPOMOFO LETTER BU;Lo;0;L;;;;;N;;;;; +31A1;BOPOMOFO LETTER ZI;Lo;0;L;;;;;N;;;;; +31A2;BOPOMOFO LETTER JI;Lo;0;L;;;;;N;;;;; +31A3;BOPOMOFO LETTER GU;Lo;0;L;;;;;N;;;;; +31A4;BOPOMOFO LETTER EE;Lo;0;L;;;;;N;;;;; +31A5;BOPOMOFO LETTER ENN;Lo;0;L;;;;;N;;;;; +31A6;BOPOMOFO LETTER OO;Lo;0;L;;;;;N;;;;; +31A7;BOPOMOFO LETTER ONN;Lo;0;L;;;;;N;;;;; +31A8;BOPOMOFO LETTER IR;Lo;0;L;;;;;N;;;;; +31A9;BOPOMOFO LETTER ANN;Lo;0;L;;;;;N;;;;; +31AA;BOPOMOFO LETTER INN;Lo;0;L;;;;;N;;;;; +31AB;BOPOMOFO LETTER UNN;Lo;0;L;;;;;N;;;;; +31AC;BOPOMOFO LETTER IM;Lo;0;L;;;;;N;;;;; +31AD;BOPOMOFO LETTER NGG;Lo;0;L;;;;;N;;;;; +31AE;BOPOMOFO LETTER AINN;Lo;0;L;;;;;N;;;;; +31AF;BOPOMOFO LETTER AUNN;Lo;0;L;;;;;N;;;;; +31B0;BOPOMOFO LETTER AM;Lo;0;L;;;;;N;;;;; +31B1;BOPOMOFO LETTER OM;Lo;0;L;;;;;N;;;;; +31B2;BOPOMOFO LETTER ONG;Lo;0;L;;;;;N;;;;; +31B3;BOPOMOFO LETTER INNN;Lo;0;L;;;;;N;;;;; +31B4;BOPOMOFO FINAL LETTER P;Lo;0;L;;;;;N;;;;; +31B5;BOPOMOFO FINAL LETTER T;Lo;0;L;;;;;N;;;;; +31B6;BOPOMOFO FINAL LETTER K;Lo;0;L;;;;;N;;;;; +31B7;BOPOMOFO FINAL LETTER H;Lo;0;L;;;;;N;;;;; +31F0;KATAKANA LETTER SMALL KU;Lo;0;L;;;;;N;;;;; +31F1;KATAKANA LETTER SMALL SI;Lo;0;L;;;;;N;;;;; +31F2;KATAKANA LETTER SMALL SU;Lo;0;L;;;;;N;;;;; +31F3;KATAKANA LETTER SMALL TO;Lo;0;L;;;;;N;;;;; +31F4;KATAKANA LETTER SMALL NU;Lo;0;L;;;;;N;;;;; +31F5;KATAKANA LETTER SMALL HA;Lo;0;L;;;;;N;;;;; +31F6;KATAKANA LETTER SMALL HI;Lo;0;L;;;;;N;;;;; +31F7;KATAKANA LETTER SMALL HU;Lo;0;L;;;;;N;;;;; +31F8;KATAKANA LETTER SMALL HE;Lo;0;L;;;;;N;;;;; +31F9;KATAKANA LETTER SMALL HO;Lo;0;L;;;;;N;;;;; +31FA;KATAKANA LETTER SMALL MU;Lo;0;L;;;;;N;;;;; +31FB;KATAKANA LETTER SMALL RA;Lo;0;L;;;;;N;;;;; +31FC;KATAKANA LETTER SMALL RI;Lo;0;L;;;;;N;;;;; +31FD;KATAKANA LETTER SMALL RU;Lo;0;L;;;;;N;;;;; +31FE;KATAKANA LETTER SMALL RE;Lo;0;L;;;;;N;;;;; +31FF;KATAKANA LETTER SMALL RO;Lo;0;L;;;;;N;;;;; +3200;PARENTHESIZED HANGUL KIYEOK;So;0;L; 0028 1100 0029;;;;N;PARENTHESIZED HANGUL GIYEOG;;;; +3201;PARENTHESIZED HANGUL NIEUN;So;0;L; 0028 1102 0029;;;;N;;;;; +3202;PARENTHESIZED HANGUL TIKEUT;So;0;L; 0028 1103 0029;;;;N;PARENTHESIZED HANGUL DIGEUD;;;; +3203;PARENTHESIZED HANGUL RIEUL;So;0;L; 0028 1105 0029;;;;N;PARENTHESIZED HANGUL LIEUL;;;; +3204;PARENTHESIZED HANGUL MIEUM;So;0;L; 0028 1106 0029;;;;N;;;;; +3205;PARENTHESIZED HANGUL PIEUP;So;0;L; 0028 1107 0029;;;;N;PARENTHESIZED HANGUL BIEUB;;;; +3206;PARENTHESIZED HANGUL SIOS;So;0;L; 0028 1109 0029;;;;N;;;;; +3207;PARENTHESIZED HANGUL IEUNG;So;0;L; 0028 110B 0029;;;;N;;;;; +3208;PARENTHESIZED HANGUL CIEUC;So;0;L; 0028 110C 0029;;;;N;PARENTHESIZED HANGUL JIEUJ;;;; +3209;PARENTHESIZED HANGUL CHIEUCH;So;0;L; 0028 110E 0029;;;;N;PARENTHESIZED HANGUL CIEUC;;;; +320A;PARENTHESIZED HANGUL KHIEUKH;So;0;L; 0028 110F 0029;;;;N;PARENTHESIZED HANGUL KIYEOK;;;; +320B;PARENTHESIZED HANGUL THIEUTH;So;0;L; 0028 1110 0029;;;;N;PARENTHESIZED HANGUL TIEUT;;;; +320C;PARENTHESIZED HANGUL PHIEUPH;So;0;L; 0028 1111 0029;;;;N;PARENTHESIZED HANGUL PIEUP;;;; +320D;PARENTHESIZED HANGUL HIEUH;So;0;L; 0028 1112 0029;;;;N;;;;; +320E;PARENTHESIZED HANGUL KIYEOK A;So;0;L; 0028 1100 1161 0029;;;;N;PARENTHESIZED HANGUL GA;;;; +320F;PARENTHESIZED HANGUL NIEUN A;So;0;L; 0028 1102 1161 0029;;;;N;PARENTHESIZED HANGUL NA;;;; +3210;PARENTHESIZED HANGUL TIKEUT A;So;0;L; 0028 1103 1161 0029;;;;N;PARENTHESIZED HANGUL DA;;;; +3211;PARENTHESIZED HANGUL RIEUL A;So;0;L; 0028 1105 1161 0029;;;;N;PARENTHESIZED HANGUL LA;;;; +3212;PARENTHESIZED HANGUL MIEUM A;So;0;L; 0028 1106 1161 0029;;;;N;PARENTHESIZED HANGUL MA;;;; +3213;PARENTHESIZED HANGUL PIEUP A;So;0;L; 0028 1107 1161 0029;;;;N;PARENTHESIZED HANGUL BA;;;; +3214;PARENTHESIZED HANGUL SIOS A;So;0;L; 0028 1109 1161 0029;;;;N;PARENTHESIZED HANGUL SA;;;; +3215;PARENTHESIZED HANGUL IEUNG A;So;0;L; 0028 110B 1161 0029;;;;N;PARENTHESIZED HANGUL A;;;; +3216;PARENTHESIZED HANGUL CIEUC A;So;0;L; 0028 110C 1161 0029;;;;N;PARENTHESIZED HANGUL JA;;;; +3217;PARENTHESIZED HANGUL CHIEUCH A;So;0;L; 0028 110E 1161 0029;;;;N;PARENTHESIZED HANGUL CA;;;; +3218;PARENTHESIZED HANGUL KHIEUKH A;So;0;L; 0028 110F 1161 0029;;;;N;PARENTHESIZED HANGUL KA;;;; +3219;PARENTHESIZED HANGUL THIEUTH A;So;0;L; 0028 1110 1161 0029;;;;N;PARENTHESIZED HANGUL TA;;;; +321A;PARENTHESIZED HANGUL PHIEUPH A;So;0;L; 0028 1111 1161 0029;;;;N;PARENTHESIZED HANGUL PA;;;; +321B;PARENTHESIZED HANGUL HIEUH A;So;0;L; 0028 1112 1161 0029;;;;N;PARENTHESIZED HANGUL HA;;;; +321C;PARENTHESIZED HANGUL CIEUC U;So;0;L; 0028 110C 116E 0029;;;;N;PARENTHESIZED HANGUL JU;;;; +3220;PARENTHESIZED IDEOGRAPH ONE;No;0;L; 0028 4E00 0029;;;1;N;;;;; +3221;PARENTHESIZED IDEOGRAPH TWO;No;0;L; 0028 4E8C 0029;;;2;N;;;;; +3222;PARENTHESIZED IDEOGRAPH THREE;No;0;L; 0028 4E09 0029;;;3;N;;;;; +3223;PARENTHESIZED IDEOGRAPH FOUR;No;0;L; 0028 56DB 0029;;;4;N;;;;; +3224;PARENTHESIZED IDEOGRAPH FIVE;No;0;L; 0028 4E94 0029;;;5;N;;;;; +3225;PARENTHESIZED IDEOGRAPH SIX;No;0;L; 0028 516D 0029;;;6;N;;;;; +3226;PARENTHESIZED IDEOGRAPH SEVEN;No;0;L; 0028 4E03 0029;;;7;N;;;;; +3227;PARENTHESIZED IDEOGRAPH EIGHT;No;0;L; 0028 516B 0029;;;8;N;;;;; +3228;PARENTHESIZED IDEOGRAPH NINE;No;0;L; 0028 4E5D 0029;;;9;N;;;;; +3229;PARENTHESIZED IDEOGRAPH TEN;No;0;L; 0028 5341 0029;;;10;N;;;;; +322A;PARENTHESIZED IDEOGRAPH MOON;So;0;L; 0028 6708 0029;;;;N;;;;; +322B;PARENTHESIZED IDEOGRAPH FIRE;So;0;L; 0028 706B 0029;;;;N;;;;; +322C;PARENTHESIZED IDEOGRAPH WATER;So;0;L; 0028 6C34 0029;;;;N;;;;; +322D;PARENTHESIZED IDEOGRAPH WOOD;So;0;L; 0028 6728 0029;;;;N;;;;; +322E;PARENTHESIZED IDEOGRAPH METAL;So;0;L; 0028 91D1 0029;;;;N;;;;; +322F;PARENTHESIZED IDEOGRAPH EARTH;So;0;L; 0028 571F 0029;;;;N;;;;; +3230;PARENTHESIZED IDEOGRAPH SUN;So;0;L; 0028 65E5 0029;;;;N;;;;; +3231;PARENTHESIZED IDEOGRAPH STOCK;So;0;L; 0028 682A 0029;;;;N;;;;; +3232;PARENTHESIZED IDEOGRAPH HAVE;So;0;L; 0028 6709 0029;;;;N;;;;; +3233;PARENTHESIZED IDEOGRAPH SOCIETY;So;0;L; 0028 793E 0029;;;;N;;;;; +3234;PARENTHESIZED IDEOGRAPH NAME;So;0;L; 0028 540D 0029;;;;N;;;;; +3235;PARENTHESIZED IDEOGRAPH SPECIAL;So;0;L; 0028 7279 0029;;;;N;;;;; +3236;PARENTHESIZED IDEOGRAPH FINANCIAL;So;0;L; 0028 8CA1 0029;;;;N;;;;; +3237;PARENTHESIZED IDEOGRAPH CONGRATULATION;So;0;L; 0028 795D 0029;;;;N;;;;; +3238;PARENTHESIZED IDEOGRAPH LABOR;So;0;L; 0028 52B4 0029;;;;N;;;;; +3239;PARENTHESIZED IDEOGRAPH REPRESENT;So;0;L; 0028 4EE3 0029;;;;N;;;;; +323A;PARENTHESIZED IDEOGRAPH CALL;So;0;L; 0028 547C 0029;;;;N;;;;; +323B;PARENTHESIZED IDEOGRAPH STUDY;So;0;L; 0028 5B66 0029;;;;N;;;;; +323C;PARENTHESIZED IDEOGRAPH SUPERVISE;So;0;L; 0028 76E3 0029;;;;N;;;;; +323D;PARENTHESIZED IDEOGRAPH ENTERPRISE;So;0;L; 0028 4F01 0029;;;;N;;;;; +323E;PARENTHESIZED IDEOGRAPH RESOURCE;So;0;L; 0028 8CC7 0029;;;;N;;;;; +323F;PARENTHESIZED IDEOGRAPH ALLIANCE;So;0;L; 0028 5354 0029;;;;N;;;;; +3240;PARENTHESIZED IDEOGRAPH FESTIVAL;So;0;L; 0028 796D 0029;;;;N;;;;; +3241;PARENTHESIZED IDEOGRAPH REST;So;0;L; 0028 4F11 0029;;;;N;;;;; +3242;PARENTHESIZED IDEOGRAPH SELF;So;0;L; 0028 81EA 0029;;;;N;;;;; +3243;PARENTHESIZED IDEOGRAPH REACH;So;0;L; 0028 81F3 0029;;;;N;;;;; +3251;CIRCLED NUMBER TWENTY ONE;No;0;ON; 0032 0031;;;21;N;;;;; +3252;CIRCLED NUMBER TWENTY TWO;No;0;ON; 0032 0032;;;22;N;;;;; +3253;CIRCLED NUMBER TWENTY THREE;No;0;ON; 0032 0033;;;23;N;;;;; +3254;CIRCLED NUMBER TWENTY FOUR;No;0;ON; 0032 0034;;;24;N;;;;; +3255;CIRCLED NUMBER TWENTY FIVE;No;0;ON; 0032 0035;;;25;N;;;;; +3256;CIRCLED NUMBER TWENTY SIX;No;0;ON; 0032 0036;;;26;N;;;;; +3257;CIRCLED NUMBER TWENTY SEVEN;No;0;ON; 0032 0037;;;27;N;;;;; +3258;CIRCLED NUMBER TWENTY EIGHT;No;0;ON; 0032 0038;;;28;N;;;;; +3259;CIRCLED NUMBER TWENTY NINE;No;0;ON; 0032 0039;;;29;N;;;;; +325A;CIRCLED NUMBER THIRTY;No;0;ON; 0033 0030;;;30;N;;;;; +325B;CIRCLED NUMBER THIRTY ONE;No;0;ON; 0033 0031;;;31;N;;;;; +325C;CIRCLED NUMBER THIRTY TWO;No;0;ON; 0033 0032;;;32;N;;;;; +325D;CIRCLED NUMBER THIRTY THREE;No;0;ON; 0033 0033;;;33;N;;;;; +325E;CIRCLED NUMBER THIRTY FOUR;No;0;ON; 0033 0034;;;34;N;;;;; +325F;CIRCLED NUMBER THIRTY FIVE;No;0;ON; 0033 0035;;;35;N;;;;; +3260;CIRCLED HANGUL KIYEOK;So;0;L; 1100;;;;N;CIRCLED HANGUL GIYEOG;;;; +3261;CIRCLED HANGUL NIEUN;So;0;L; 1102;;;;N;;;;; +3262;CIRCLED HANGUL TIKEUT;So;0;L; 1103;;;;N;CIRCLED HANGUL DIGEUD;;;; +3263;CIRCLED HANGUL RIEUL;So;0;L; 1105;;;;N;CIRCLED HANGUL LIEUL;;;; +3264;CIRCLED HANGUL MIEUM;So;0;L; 1106;;;;N;;;;; +3265;CIRCLED HANGUL PIEUP;So;0;L; 1107;;;;N;CIRCLED HANGUL BIEUB;;;; +3266;CIRCLED HANGUL SIOS;So;0;L; 1109;;;;N;;;;; +3267;CIRCLED HANGUL IEUNG;So;0;L; 110B;;;;N;;;;; +3268;CIRCLED HANGUL CIEUC;So;0;L; 110C;;;;N;CIRCLED HANGUL JIEUJ;;;; +3269;CIRCLED HANGUL CHIEUCH;So;0;L; 110E;;;;N;CIRCLED HANGUL CIEUC;;;; +326A;CIRCLED HANGUL KHIEUKH;So;0;L; 110F;;;;N;CIRCLED HANGUL KIYEOK;;;; +326B;CIRCLED HANGUL THIEUTH;So;0;L; 1110;;;;N;CIRCLED HANGUL TIEUT;;;; +326C;CIRCLED HANGUL PHIEUPH;So;0;L; 1111;;;;N;CIRCLED HANGUL PIEUP;;;; +326D;CIRCLED HANGUL HIEUH;So;0;L; 1112;;;;N;;;;; +326E;CIRCLED HANGUL KIYEOK A;So;0;L; 1100 1161;;;;N;CIRCLED HANGUL GA;;;; +326F;CIRCLED HANGUL NIEUN A;So;0;L; 1102 1161;;;;N;CIRCLED HANGUL NA;;;; +3270;CIRCLED HANGUL TIKEUT A;So;0;L; 1103 1161;;;;N;CIRCLED HANGUL DA;;;; +3271;CIRCLED HANGUL RIEUL A;So;0;L; 1105 1161;;;;N;CIRCLED HANGUL LA;;;; +3272;CIRCLED HANGUL MIEUM A;So;0;L; 1106 1161;;;;N;CIRCLED HANGUL MA;;;; +3273;CIRCLED HANGUL PIEUP A;So;0;L; 1107 1161;;;;N;CIRCLED HANGUL BA;;;; +3274;CIRCLED HANGUL SIOS A;So;0;L; 1109 1161;;;;N;CIRCLED HANGUL SA;;;; +3275;CIRCLED HANGUL IEUNG A;So;0;L; 110B 1161;;;;N;CIRCLED HANGUL A;;;; +3276;CIRCLED HANGUL CIEUC A;So;0;L; 110C 1161;;;;N;CIRCLED HANGUL JA;;;; +3277;CIRCLED HANGUL CHIEUCH A;So;0;L; 110E 1161;;;;N;CIRCLED HANGUL CA;;;; +3278;CIRCLED HANGUL KHIEUKH A;So;0;L; 110F 1161;;;;N;CIRCLED HANGUL KA;;;; +3279;CIRCLED HANGUL THIEUTH A;So;0;L; 1110 1161;;;;N;CIRCLED HANGUL TA;;;; +327A;CIRCLED HANGUL PHIEUPH A;So;0;L; 1111 1161;;;;N;CIRCLED HANGUL PA;;;; +327B;CIRCLED HANGUL HIEUH A;So;0;L; 1112 1161;;;;N;CIRCLED HANGUL HA;;;; +327F;KOREAN STANDARD SYMBOL;So;0;L;;;;;N;;;;; +3280;CIRCLED IDEOGRAPH ONE;No;0;L; 4E00;;;1;N;;;;; +3281;CIRCLED IDEOGRAPH TWO;No;0;L; 4E8C;;;2;N;;;;; +3282;CIRCLED IDEOGRAPH THREE;No;0;L; 4E09;;;3;N;;;;; +3283;CIRCLED IDEOGRAPH FOUR;No;0;L; 56DB;;;4;N;;;;; +3284;CIRCLED IDEOGRAPH FIVE;No;0;L; 4E94;;;5;N;;;;; +3285;CIRCLED IDEOGRAPH SIX;No;0;L; 516D;;;6;N;;;;; +3286;CIRCLED IDEOGRAPH SEVEN;No;0;L; 4E03;;;7;N;;;;; +3287;CIRCLED IDEOGRAPH EIGHT;No;0;L; 516B;;;8;N;;;;; +3288;CIRCLED IDEOGRAPH NINE;No;0;L; 4E5D;;;9;N;;;;; +3289;CIRCLED IDEOGRAPH TEN;No;0;L; 5341;;;10;N;;;;; +328A;CIRCLED IDEOGRAPH MOON;So;0;L; 6708;;;;N;;;;; +328B;CIRCLED IDEOGRAPH FIRE;So;0;L; 706B;;;;N;;;;; +328C;CIRCLED IDEOGRAPH WATER;So;0;L; 6C34;;;;N;;;;; +328D;CIRCLED IDEOGRAPH WOOD;So;0;L; 6728;;;;N;;;;; +328E;CIRCLED IDEOGRAPH METAL;So;0;L; 91D1;;;;N;;;;; +328F;CIRCLED IDEOGRAPH EARTH;So;0;L; 571F;;;;N;;;;; +3290;CIRCLED IDEOGRAPH SUN;So;0;L; 65E5;;;;N;;;;; +3291;CIRCLED IDEOGRAPH STOCK;So;0;L; 682A;;;;N;;;;; +3292;CIRCLED IDEOGRAPH HAVE;So;0;L; 6709;;;;N;;;;; +3293;CIRCLED IDEOGRAPH SOCIETY;So;0;L; 793E;;;;N;;;;; +3294;CIRCLED IDEOGRAPH NAME;So;0;L; 540D;;;;N;;;;; +3295;CIRCLED IDEOGRAPH SPECIAL;So;0;L; 7279;;;;N;;;;; +3296;CIRCLED IDEOGRAPH FINANCIAL;So;0;L; 8CA1;;;;N;;;;; +3297;CIRCLED IDEOGRAPH CONGRATULATION;So;0;L; 795D;;;;N;;;;; +3298;CIRCLED IDEOGRAPH LABOR;So;0;L; 52B4;;;;N;;;;; +3299;CIRCLED IDEOGRAPH SECRET;So;0;L; 79D8;;;;N;;;;; +329A;CIRCLED IDEOGRAPH MALE;So;0;L; 7537;;;;N;;;;; +329B;CIRCLED IDEOGRAPH FEMALE;So;0;L; 5973;;;;N;;;;; +329C;CIRCLED IDEOGRAPH SUITABLE;So;0;L; 9069;;;;N;;;;; +329D;CIRCLED IDEOGRAPH EXCELLENT;So;0;L; 512A;;;;N;;;;; +329E;CIRCLED IDEOGRAPH PRINT;So;0;L; 5370;;;;N;;;;; +329F;CIRCLED IDEOGRAPH ATTENTION;So;0;L; 6CE8;;;;N;;;;; +32A0;CIRCLED IDEOGRAPH ITEM;So;0;L; 9805;;;;N;;;;; +32A1;CIRCLED IDEOGRAPH REST;So;0;L; 4F11;;;;N;;;;; +32A2;CIRCLED IDEOGRAPH COPY;So;0;L; 5199;;;;N;;;;; +32A3;CIRCLED IDEOGRAPH CORRECT;So;0;L; 6B63;;;;N;;;;; +32A4;CIRCLED IDEOGRAPH HIGH;So;0;L; 4E0A;;;;N;;;;; +32A5;CIRCLED IDEOGRAPH CENTRE;So;0;L; 4E2D;;;;N;CIRCLED IDEOGRAPH CENTER;;;; +32A6;CIRCLED IDEOGRAPH LOW;So;0;L; 4E0B;;;;N;;;;; +32A7;CIRCLED IDEOGRAPH LEFT;So;0;L; 5DE6;;;;N;;;;; +32A8;CIRCLED IDEOGRAPH RIGHT;So;0;L; 53F3;;;;N;;;;; +32A9;CIRCLED IDEOGRAPH MEDICINE;So;0;L; 533B;;;;N;;;;; +32AA;CIRCLED IDEOGRAPH RELIGION;So;0;L; 5B97;;;;N;;;;; +32AB;CIRCLED IDEOGRAPH STUDY;So;0;L; 5B66;;;;N;;;;; +32AC;CIRCLED IDEOGRAPH SUPERVISE;So;0;L; 76E3;;;;N;;;;; +32AD;CIRCLED IDEOGRAPH ENTERPRISE;So;0;L; 4F01;;;;N;;;;; +32AE;CIRCLED IDEOGRAPH RESOURCE;So;0;L; 8CC7;;;;N;;;;; +32AF;CIRCLED IDEOGRAPH ALLIANCE;So;0;L; 5354;;;;N;;;;; +32B0;CIRCLED IDEOGRAPH NIGHT;So;0;L; 591C;;;;N;;;;; +32B1;CIRCLED NUMBER THIRTY SIX;No;0;ON; 0033 0036;;;36;N;;;;; +32B2;CIRCLED NUMBER THIRTY SEVEN;No;0;ON; 0033 0037;;;37;N;;;;; +32B3;CIRCLED NUMBER THIRTY EIGHT;No;0;ON; 0033 0038;;;38;N;;;;; +32B4;CIRCLED NUMBER THIRTY NINE;No;0;ON; 0033 0039;;;39;N;;;;; +32B5;CIRCLED NUMBER FORTY;No;0;ON; 0034 0030;;;40;N;;;;; +32B6;CIRCLED NUMBER FORTY ONE;No;0;ON; 0034 0031;;;41;N;;;;; +32B7;CIRCLED NUMBER FORTY TWO;No;0;ON; 0034 0032;;;42;N;;;;; +32B8;CIRCLED NUMBER FORTY THREE;No;0;ON; 0034 0033;;;43;N;;;;; +32B9;CIRCLED NUMBER FORTY FOUR;No;0;ON; 0034 0034;;;44;N;;;;; +32BA;CIRCLED NUMBER FORTY FIVE;No;0;ON; 0034 0035;;;45;N;;;;; +32BB;CIRCLED NUMBER FORTY SIX;No;0;ON; 0034 0036;;;46;N;;;;; +32BC;CIRCLED NUMBER FORTY SEVEN;No;0;ON; 0034 0037;;;47;N;;;;; +32BD;CIRCLED NUMBER FORTY EIGHT;No;0;ON; 0034 0038;;;48;N;;;;; +32BE;CIRCLED NUMBER FORTY NINE;No;0;ON; 0034 0039;;;49;N;;;;; +32BF;CIRCLED NUMBER FIFTY;No;0;ON; 0035 0030;;;50;N;;;;; +32C0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JANUARY;So;0;L; 0031 6708;;;;N;;;;; +32C1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR FEBRUARY;So;0;L; 0032 6708;;;;N;;;;; +32C2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR MARCH;So;0;L; 0033 6708;;;;N;;;;; +32C3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR APRIL;So;0;L; 0034 6708;;;;N;;;;; +32C4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR MAY;So;0;L; 0035 6708;;;;N;;;;; +32C5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JUNE;So;0;L; 0036 6708;;;;N;;;;; +32C6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR JULY;So;0;L; 0037 6708;;;;N;;;;; +32C7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR AUGUST;So;0;L; 0038 6708;;;;N;;;;; +32C8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR SEPTEMBER;So;0;L; 0039 6708;;;;N;;;;; +32C9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR OCTOBER;So;0;L; 0031 0030 6708;;;;N;;;;; +32CA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR NOVEMBER;So;0;L; 0031 0031 6708;;;;N;;;;; +32CB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DECEMBER;So;0;L; 0031 0032 6708;;;;N;;;;; +32D0;CIRCLED KATAKANA A;So;0;L; 30A2;;;;N;;;;; +32D1;CIRCLED KATAKANA I;So;0;L; 30A4;;;;N;;;;; +32D2;CIRCLED KATAKANA U;So;0;L; 30A6;;;;N;;;;; +32D3;CIRCLED KATAKANA E;So;0;L; 30A8;;;;N;;;;; +32D4;CIRCLED KATAKANA O;So;0;L; 30AA;;;;N;;;;; +32D5;CIRCLED KATAKANA KA;So;0;L; 30AB;;;;N;;;;; +32D6;CIRCLED KATAKANA KI;So;0;L; 30AD;;;;N;;;;; +32D7;CIRCLED KATAKANA KU;So;0;L; 30AF;;;;N;;;;; +32D8;CIRCLED KATAKANA KE;So;0;L; 30B1;;;;N;;;;; +32D9;CIRCLED KATAKANA KO;So;0;L; 30B3;;;;N;;;;; +32DA;CIRCLED KATAKANA SA;So;0;L; 30B5;;;;N;;;;; +32DB;CIRCLED KATAKANA SI;So;0;L; 30B7;;;;N;;;;; +32DC;CIRCLED KATAKANA SU;So;0;L; 30B9;;;;N;;;;; +32DD;CIRCLED KATAKANA SE;So;0;L; 30BB;;;;N;;;;; +32DE;CIRCLED KATAKANA SO;So;0;L; 30BD;;;;N;;;;; +32DF;CIRCLED KATAKANA TA;So;0;L; 30BF;;;;N;;;;; +32E0;CIRCLED KATAKANA TI;So;0;L; 30C1;;;;N;;;;; +32E1;CIRCLED KATAKANA TU;So;0;L; 30C4;;;;N;;;;; +32E2;CIRCLED KATAKANA TE;So;0;L; 30C6;;;;N;;;;; +32E3;CIRCLED KATAKANA TO;So;0;L; 30C8;;;;N;;;;; +32E4;CIRCLED KATAKANA NA;So;0;L; 30CA;;;;N;;;;; +32E5;CIRCLED KATAKANA NI;So;0;L; 30CB;;;;N;;;;; +32E6;CIRCLED KATAKANA NU;So;0;L; 30CC;;;;N;;;;; +32E7;CIRCLED KATAKANA NE;So;0;L; 30CD;;;;N;;;;; +32E8;CIRCLED KATAKANA NO;So;0;L; 30CE;;;;N;;;;; +32E9;CIRCLED KATAKANA HA;So;0;L; 30CF;;;;N;;;;; +32EA;CIRCLED KATAKANA HI;So;0;L; 30D2;;;;N;;;;; +32EB;CIRCLED KATAKANA HU;So;0;L; 30D5;;;;N;;;;; +32EC;CIRCLED KATAKANA HE;So;0;L; 30D8;;;;N;;;;; +32ED;CIRCLED KATAKANA HO;So;0;L; 30DB;;;;N;;;;; +32EE;CIRCLED KATAKANA MA;So;0;L; 30DE;;;;N;;;;; +32EF;CIRCLED KATAKANA MI;So;0;L; 30DF;;;;N;;;;; +32F0;CIRCLED KATAKANA MU;So;0;L; 30E0;;;;N;;;;; +32F1;CIRCLED KATAKANA ME;So;0;L; 30E1;;;;N;;;;; +32F2;CIRCLED KATAKANA MO;So;0;L; 30E2;;;;N;;;;; +32F3;CIRCLED KATAKANA YA;So;0;L; 30E4;;;;N;;;;; +32F4;CIRCLED KATAKANA YU;So;0;L; 30E6;;;;N;;;;; +32F5;CIRCLED KATAKANA YO;So;0;L; 30E8;;;;N;;;;; +32F6;CIRCLED KATAKANA RA;So;0;L; 30E9;;;;N;;;;; +32F7;CIRCLED KATAKANA RI;So;0;L; 30EA;;;;N;;;;; +32F8;CIRCLED KATAKANA RU;So;0;L; 30EB;;;;N;;;;; +32F9;CIRCLED KATAKANA RE;So;0;L; 30EC;;;;N;;;;; +32FA;CIRCLED KATAKANA RO;So;0;L; 30ED;;;;N;;;;; +32FB;CIRCLED KATAKANA WA;So;0;L; 30EF;;;;N;;;;; +32FC;CIRCLED KATAKANA WI;So;0;L; 30F0;;;;N;;;;; +32FD;CIRCLED KATAKANA WE;So;0;L; 30F1;;;;N;;;;; +32FE;CIRCLED KATAKANA WO;So;0;L; 30F2;;;;N;;;;; +3300;SQUARE APAATO;So;0;L; 30A2 30D1 30FC 30C8;;;;N;SQUARED APAATO;;;; +3301;SQUARE ARUHUA;So;0;L; 30A2 30EB 30D5 30A1;;;;N;SQUARED ARUHUA;;;; +3302;SQUARE ANPEA;So;0;L; 30A2 30F3 30DA 30A2;;;;N;SQUARED ANPEA;;;; +3303;SQUARE AARU;So;0;L; 30A2 30FC 30EB;;;;N;SQUARED AARU;;;; +3304;SQUARE ININGU;So;0;L; 30A4 30CB 30F3 30B0;;;;N;SQUARED ININGU;;;; +3305;SQUARE INTI;So;0;L; 30A4 30F3 30C1;;;;N;SQUARED INTI;;;; +3306;SQUARE UON;So;0;L; 30A6 30A9 30F3;;;;N;SQUARED UON;;;; +3307;SQUARE ESUKUUDO;So;0;L; 30A8 30B9 30AF 30FC 30C9;;;;N;SQUARED ESUKUUDO;;;; +3308;SQUARE EEKAA;So;0;L; 30A8 30FC 30AB 30FC;;;;N;SQUARED EEKAA;;;; +3309;SQUARE ONSU;So;0;L; 30AA 30F3 30B9;;;;N;SQUARED ONSU;;;; +330A;SQUARE OOMU;So;0;L; 30AA 30FC 30E0;;;;N;SQUARED OOMU;;;; +330B;SQUARE KAIRI;So;0;L; 30AB 30A4 30EA;;;;N;SQUARED KAIRI;;;; +330C;SQUARE KARATTO;So;0;L; 30AB 30E9 30C3 30C8;;;;N;SQUARED KARATTO;;;; +330D;SQUARE KARORII;So;0;L; 30AB 30ED 30EA 30FC;;;;N;SQUARED KARORII;;;; +330E;SQUARE GARON;So;0;L; 30AC 30ED 30F3;;;;N;SQUARED GARON;;;; +330F;SQUARE GANMA;So;0;L; 30AC 30F3 30DE;;;;N;SQUARED GANMA;;;; +3310;SQUARE GIGA;So;0;L; 30AE 30AC;;;;N;SQUARED GIGA;;;; +3311;SQUARE GINII;So;0;L; 30AE 30CB 30FC;;;;N;SQUARED GINII;;;; +3312;SQUARE KYURII;So;0;L; 30AD 30E5 30EA 30FC;;;;N;SQUARED KYURII;;;; +3313;SQUARE GIRUDAA;So;0;L; 30AE 30EB 30C0 30FC;;;;N;SQUARED GIRUDAA;;;; +3314;SQUARE KIRO;So;0;L; 30AD 30ED;;;;N;SQUARED KIRO;;;; +3315;SQUARE KIROGURAMU;So;0;L; 30AD 30ED 30B0 30E9 30E0;;;;N;SQUARED KIROGURAMU;;;; +3316;SQUARE KIROMEETORU;So;0;L; 30AD 30ED 30E1 30FC 30C8 30EB;;;;N;SQUARED KIROMEETORU;;;; +3317;SQUARE KIROWATTO;So;0;L; 30AD 30ED 30EF 30C3 30C8;;;;N;SQUARED KIROWATTO;;;; +3318;SQUARE GURAMU;So;0;L; 30B0 30E9 30E0;;;;N;SQUARED GURAMU;;;; +3319;SQUARE GURAMUTON;So;0;L; 30B0 30E9 30E0 30C8 30F3;;;;N;SQUARED GURAMUTON;;;; +331A;SQUARE KURUZEIRO;So;0;L; 30AF 30EB 30BC 30A4 30ED;;;;N;SQUARED KURUZEIRO;;;; +331B;SQUARE KUROONE;So;0;L; 30AF 30ED 30FC 30CD;;;;N;SQUARED KUROONE;;;; +331C;SQUARE KEESU;So;0;L; 30B1 30FC 30B9;;;;N;SQUARED KEESU;;;; +331D;SQUARE KORUNA;So;0;L; 30B3 30EB 30CA;;;;N;SQUARED KORUNA;;;; +331E;SQUARE KOOPO;So;0;L; 30B3 30FC 30DD;;;;N;SQUARED KOOPO;;;; +331F;SQUARE SAIKURU;So;0;L; 30B5 30A4 30AF 30EB;;;;N;SQUARED SAIKURU;;;; +3320;SQUARE SANTIIMU;So;0;L; 30B5 30F3 30C1 30FC 30E0;;;;N;SQUARED SANTIIMU;;;; +3321;SQUARE SIRINGU;So;0;L; 30B7 30EA 30F3 30B0;;;;N;SQUARED SIRINGU;;;; +3322;SQUARE SENTI;So;0;L; 30BB 30F3 30C1;;;;N;SQUARED SENTI;;;; +3323;SQUARE SENTO;So;0;L; 30BB 30F3 30C8;;;;N;SQUARED SENTO;;;; +3324;SQUARE DAASU;So;0;L; 30C0 30FC 30B9;;;;N;SQUARED DAASU;;;; +3325;SQUARE DESI;So;0;L; 30C7 30B7;;;;N;SQUARED DESI;;;; +3326;SQUARE DORU;So;0;L; 30C9 30EB;;;;N;SQUARED DORU;;;; +3327;SQUARE TON;So;0;L; 30C8 30F3;;;;N;SQUARED TON;;;; +3328;SQUARE NANO;So;0;L; 30CA 30CE;;;;N;SQUARED NANO;;;; +3329;SQUARE NOTTO;So;0;L; 30CE 30C3 30C8;;;;N;SQUARED NOTTO;;;; +332A;SQUARE HAITU;So;0;L; 30CF 30A4 30C4;;;;N;SQUARED HAITU;;;; +332B;SQUARE PAASENTO;So;0;L; 30D1 30FC 30BB 30F3 30C8;;;;N;SQUARED PAASENTO;;;; +332C;SQUARE PAATU;So;0;L; 30D1 30FC 30C4;;;;N;SQUARED PAATU;;;; +332D;SQUARE BAARERU;So;0;L; 30D0 30FC 30EC 30EB;;;;N;SQUARED BAARERU;;;; +332E;SQUARE PIASUTORU;So;0;L; 30D4 30A2 30B9 30C8 30EB;;;;N;SQUARED PIASUTORU;;;; +332F;SQUARE PIKURU;So;0;L; 30D4 30AF 30EB;;;;N;SQUARED PIKURU;;;; +3330;SQUARE PIKO;So;0;L; 30D4 30B3;;;;N;SQUARED PIKO;;;; +3331;SQUARE BIRU;So;0;L; 30D3 30EB;;;;N;SQUARED BIRU;;;; +3332;SQUARE HUARADDO;So;0;L; 30D5 30A1 30E9 30C3 30C9;;;;N;SQUARED HUARADDO;;;; +3333;SQUARE HUIITO;So;0;L; 30D5 30A3 30FC 30C8;;;;N;SQUARED HUIITO;;;; +3334;SQUARE BUSSYERU;So;0;L; 30D6 30C3 30B7 30A7 30EB;;;;N;SQUARED BUSSYERU;;;; +3335;SQUARE HURAN;So;0;L; 30D5 30E9 30F3;;;;N;SQUARED HURAN;;;; +3336;SQUARE HEKUTAARU;So;0;L; 30D8 30AF 30BF 30FC 30EB;;;;N;SQUARED HEKUTAARU;;;; +3337;SQUARE PESO;So;0;L; 30DA 30BD;;;;N;SQUARED PESO;;;; +3338;SQUARE PENIHI;So;0;L; 30DA 30CB 30D2;;;;N;SQUARED PENIHI;;;; +3339;SQUARE HERUTU;So;0;L; 30D8 30EB 30C4;;;;N;SQUARED HERUTU;;;; +333A;SQUARE PENSU;So;0;L; 30DA 30F3 30B9;;;;N;SQUARED PENSU;;;; +333B;SQUARE PEEZI;So;0;L; 30DA 30FC 30B8;;;;N;SQUARED PEEZI;;;; +333C;SQUARE BEETA;So;0;L; 30D9 30FC 30BF;;;;N;SQUARED BEETA;;;; +333D;SQUARE POINTO;So;0;L; 30DD 30A4 30F3 30C8;;;;N;SQUARED POINTO;;;; +333E;SQUARE BORUTO;So;0;L; 30DC 30EB 30C8;;;;N;SQUARED BORUTO;;;; +333F;SQUARE HON;So;0;L; 30DB 30F3;;;;N;SQUARED HON;;;; +3340;SQUARE PONDO;So;0;L; 30DD 30F3 30C9;;;;N;SQUARED PONDO;;;; +3341;SQUARE HOORU;So;0;L; 30DB 30FC 30EB;;;;N;SQUARED HOORU;;;; +3342;SQUARE HOON;So;0;L; 30DB 30FC 30F3;;;;N;SQUARED HOON;;;; +3343;SQUARE MAIKURO;So;0;L; 30DE 30A4 30AF 30ED;;;;N;SQUARED MAIKURO;;;; +3344;SQUARE MAIRU;So;0;L; 30DE 30A4 30EB;;;;N;SQUARED MAIRU;;;; +3345;SQUARE MAHHA;So;0;L; 30DE 30C3 30CF;;;;N;SQUARED MAHHA;;;; +3346;SQUARE MARUKU;So;0;L; 30DE 30EB 30AF;;;;N;SQUARED MARUKU;;;; +3347;SQUARE MANSYON;So;0;L; 30DE 30F3 30B7 30E7 30F3;;;;N;SQUARED MANSYON;;;; +3348;SQUARE MIKURON;So;0;L; 30DF 30AF 30ED 30F3;;;;N;SQUARED MIKURON;;;; +3349;SQUARE MIRI;So;0;L; 30DF 30EA;;;;N;SQUARED MIRI;;;; +334A;SQUARE MIRIBAARU;So;0;L; 30DF 30EA 30D0 30FC 30EB;;;;N;SQUARED MIRIBAARU;;;; +334B;SQUARE MEGA;So;0;L; 30E1 30AC;;;;N;SQUARED MEGA;;;; +334C;SQUARE MEGATON;So;0;L; 30E1 30AC 30C8 30F3;;;;N;SQUARED MEGATON;;;; +334D;SQUARE MEETORU;So;0;L; 30E1 30FC 30C8 30EB;;;;N;SQUARED MEETORU;;;; +334E;SQUARE YAADO;So;0;L; 30E4 30FC 30C9;;;;N;SQUARED YAADO;;;; +334F;SQUARE YAARU;So;0;L; 30E4 30FC 30EB;;;;N;SQUARED YAARU;;;; +3350;SQUARE YUAN;So;0;L; 30E6 30A2 30F3;;;;N;SQUARED YUAN;;;; +3351;SQUARE RITTORU;So;0;L; 30EA 30C3 30C8 30EB;;;;N;SQUARED RITTORU;;;; +3352;SQUARE RIRA;So;0;L; 30EA 30E9;;;;N;SQUARED RIRA;;;; +3353;SQUARE RUPII;So;0;L; 30EB 30D4 30FC;;;;N;SQUARED RUPII;;;; +3354;SQUARE RUUBURU;So;0;L; 30EB 30FC 30D6 30EB;;;;N;SQUARED RUUBURU;;;; +3355;SQUARE REMU;So;0;L; 30EC 30E0;;;;N;SQUARED REMU;;;; +3356;SQUARE RENTOGEN;So;0;L; 30EC 30F3 30C8 30B2 30F3;;;;N;SQUARED RENTOGEN;;;; +3357;SQUARE WATTO;So;0;L; 30EF 30C3 30C8;;;;N;SQUARED WATTO;;;; +3358;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ZERO;So;0;L; 0030 70B9;;;;N;;;;; +3359;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ONE;So;0;L; 0031 70B9;;;;N;;;;; +335A;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWO;So;0;L; 0032 70B9;;;;N;;;;; +335B;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THREE;So;0;L; 0033 70B9;;;;N;;;;; +335C;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOUR;So;0;L; 0034 70B9;;;;N;;;;; +335D;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIVE;So;0;L; 0035 70B9;;;;N;;;;; +335E;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIX;So;0;L; 0036 70B9;;;;N;;;;; +335F;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVEN;So;0;L; 0037 70B9;;;;N;;;;; +3360;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHT;So;0;L; 0038 70B9;;;;N;;;;; +3361;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINE;So;0;L; 0039 70B9;;;;N;;;;; +3362;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TEN;So;0;L; 0031 0030 70B9;;;;N;;;;; +3363;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR ELEVEN;So;0;L; 0031 0031 70B9;;;;N;;;;; +3364;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWELVE;So;0;L; 0031 0032 70B9;;;;N;;;;; +3365;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR THIRTEEN;So;0;L; 0031 0033 70B9;;;;N;;;;; +3366;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FOURTEEN;So;0;L; 0031 0034 70B9;;;;N;;;;; +3367;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR FIFTEEN;So;0;L; 0031 0035 70B9;;;;N;;;;; +3368;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SIXTEEN;So;0;L; 0031 0036 70B9;;;;N;;;;; +3369;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR SEVENTEEN;So;0;L; 0031 0037 70B9;;;;N;;;;; +336A;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR EIGHTEEN;So;0;L; 0031 0038 70B9;;;;N;;;;; +336B;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR NINETEEN;So;0;L; 0031 0039 70B9;;;;N;;;;; +336C;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY;So;0;L; 0032 0030 70B9;;;;N;;;;; +336D;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-ONE;So;0;L; 0032 0031 70B9;;;;N;;;;; +336E;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-TWO;So;0;L; 0032 0032 70B9;;;;N;;;;; +336F;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-THREE;So;0;L; 0032 0033 70B9;;;;N;;;;; +3370;IDEOGRAPHIC TELEGRAPH SYMBOL FOR HOUR TWENTY-FOUR;So;0;L; 0032 0034 70B9;;;;N;;;;; +3371;SQUARE HPA;So;0;L; 0068 0050 0061;;;;N;;;;; +3372;SQUARE DA;So;0;L; 0064 0061;;;;N;;;;; +3373;SQUARE AU;So;0;L; 0041 0055;;;;N;;;;; +3374;SQUARE BAR;So;0;L; 0062 0061 0072;;;;N;;;;; +3375;SQUARE OV;So;0;L; 006F 0056;;;;N;;;;; +3376;SQUARE PC;So;0;L; 0070 0063;;;;N;;;;; +337B;SQUARE ERA NAME HEISEI;So;0;L; 5E73 6210;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME HEISEI;;;; +337C;SQUARE ERA NAME SYOUWA;So;0;L; 662D 548C;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME SYOUWA;;;; +337D;SQUARE ERA NAME TAISYOU;So;0;L; 5927 6B63;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME TAISYOU;;;; +337E;SQUARE ERA NAME MEIZI;So;0;L; 660E 6CBB;;;;N;SQUARED TWO IDEOGRAPHS ERA NAME MEIZI;;;; +337F;SQUARE CORPORATION;So;0;L; 682A 5F0F 4F1A 793E;;;;N;SQUARED FOUR IDEOGRAPHS CORPORATION;;;; +3380;SQUARE PA AMPS;So;0;L; 0070 0041;;;;N;SQUARED PA AMPS;;;; +3381;SQUARE NA;So;0;L; 006E 0041;;;;N;SQUARED NA;;;; +3382;SQUARE MU A;So;0;L; 03BC 0041;;;;N;SQUARED MU A;;;; +3383;SQUARE MA;So;0;L; 006D 0041;;;;N;SQUARED MA;;;; +3384;SQUARE KA;So;0;L; 006B 0041;;;;N;SQUARED KA;;;; +3385;SQUARE KB;So;0;L; 004B 0042;;;;N;SQUARED KB;;;; +3386;SQUARE MB;So;0;L; 004D 0042;;;;N;SQUARED MB;;;; +3387;SQUARE GB;So;0;L; 0047 0042;;;;N;SQUARED GB;;;; +3388;SQUARE CAL;So;0;L; 0063 0061 006C;;;;N;SQUARED CAL;;;; +3389;SQUARE KCAL;So;0;L; 006B 0063 0061 006C;;;;N;SQUARED KCAL;;;; +338A;SQUARE PF;So;0;L; 0070 0046;;;;N;SQUARED PF;;;; +338B;SQUARE NF;So;0;L; 006E 0046;;;;N;SQUARED NF;;;; +338C;SQUARE MU F;So;0;L; 03BC 0046;;;;N;SQUARED MU F;;;; +338D;SQUARE MU G;So;0;L; 03BC 0067;;;;N;SQUARED MU G;;;; +338E;SQUARE MG;So;0;L; 006D 0067;;;;N;SQUARED MG;;;; +338F;SQUARE KG;So;0;L; 006B 0067;;;;N;SQUARED KG;;;; +3390;SQUARE HZ;So;0;L; 0048 007A;;;;N;SQUARED HZ;;;; +3391;SQUARE KHZ;So;0;L; 006B 0048 007A;;;;N;SQUARED KHZ;;;; +3392;SQUARE MHZ;So;0;L; 004D 0048 007A;;;;N;SQUARED MHZ;;;; +3393;SQUARE GHZ;So;0;L; 0047 0048 007A;;;;N;SQUARED GHZ;;;; +3394;SQUARE THZ;So;0;L; 0054 0048 007A;;;;N;SQUARED THZ;;;; +3395;SQUARE MU L;So;0;L; 03BC 2113;;;;N;SQUARED MU L;;;; +3396;SQUARE ML;So;0;L; 006D 2113;;;;N;SQUARED ML;;;; +3397;SQUARE DL;So;0;L; 0064 2113;;;;N;SQUARED DL;;;; +3398;SQUARE KL;So;0;L; 006B 2113;;;;N;SQUARED KL;;;; +3399;SQUARE FM;So;0;L; 0066 006D;;;;N;SQUARED FM;;;; +339A;SQUARE NM;So;0;L; 006E 006D;;;;N;SQUARED NM;;;; +339B;SQUARE MU M;So;0;L; 03BC 006D;;;;N;SQUARED MU M;;;; +339C;SQUARE MM;So;0;L; 006D 006D;;;;N;SQUARED MM;;;; +339D;SQUARE CM;So;0;L; 0063 006D;;;;N;SQUARED CM;;;; +339E;SQUARE KM;So;0;L; 006B 006D;;;;N;SQUARED KM;;;; +339F;SQUARE MM SQUARED;So;0;L; 006D 006D 00B2;;;;N;SQUARED MM SQUARED;;;; +33A0;SQUARE CM SQUARED;So;0;L; 0063 006D 00B2;;;;N;SQUARED CM SQUARED;;;; +33A1;SQUARE M SQUARED;So;0;L; 006D 00B2;;;;N;SQUARED M SQUARED;;;; +33A2;SQUARE KM SQUARED;So;0;L; 006B 006D 00B2;;;;N;SQUARED KM SQUARED;;;; +33A3;SQUARE MM CUBED;So;0;L; 006D 006D 00B3;;;;N;SQUARED MM CUBED;;;; +33A4;SQUARE CM CUBED;So;0;L; 0063 006D 00B3;;;;N;SQUARED CM CUBED;;;; +33A5;SQUARE M CUBED;So;0;L; 006D 00B3;;;;N;SQUARED M CUBED;;;; +33A6;SQUARE KM CUBED;So;0;L; 006B 006D 00B3;;;;N;SQUARED KM CUBED;;;; +33A7;SQUARE M OVER S;So;0;L; 006D 2215 0073;;;;N;SQUARED M OVER S;;;; +33A8;SQUARE M OVER S SQUARED;So;0;L; 006D 2215 0073 00B2;;;;N;SQUARED M OVER S SQUARED;;;; +33A9;SQUARE PA;So;0;L; 0050 0061;;;;N;SQUARED PA;;;; +33AA;SQUARE KPA;So;0;L; 006B 0050 0061;;;;N;SQUARED KPA;;;; +33AB;SQUARE MPA;So;0;L; 004D 0050 0061;;;;N;SQUARED MPA;;;; +33AC;SQUARE GPA;So;0;L; 0047 0050 0061;;;;N;SQUARED GPA;;;; +33AD;SQUARE RAD;So;0;L; 0072 0061 0064;;;;N;SQUARED RAD;;;; +33AE;SQUARE RAD OVER S;So;0;L; 0072 0061 0064 2215 0073;;;;N;SQUARED RAD OVER S;;;; +33AF;SQUARE RAD OVER S SQUARED;So;0;L; 0072 0061 0064 2215 0073 00B2;;;;N;SQUARED RAD OVER S SQUARED;;;; +33B0;SQUARE PS;So;0;L; 0070 0073;;;;N;SQUARED PS;;;; +33B1;SQUARE NS;So;0;L; 006E 0073;;;;N;SQUARED NS;;;; +33B2;SQUARE MU S;So;0;L; 03BC 0073;;;;N;SQUARED MU S;;;; +33B3;SQUARE MS;So;0;L; 006D 0073;;;;N;SQUARED MS;;;; +33B4;SQUARE PV;So;0;L; 0070 0056;;;;N;SQUARED PV;;;; +33B5;SQUARE NV;So;0;L; 006E 0056;;;;N;SQUARED NV;;;; +33B6;SQUARE MU V;So;0;L; 03BC 0056;;;;N;SQUARED MU V;;;; +33B7;SQUARE MV;So;0;L; 006D 0056;;;;N;SQUARED MV;;;; +33B8;SQUARE KV;So;0;L; 006B 0056;;;;N;SQUARED KV;;;; +33B9;SQUARE MV MEGA;So;0;L; 004D 0056;;;;N;SQUARED MV MEGA;;;; +33BA;SQUARE PW;So;0;L; 0070 0057;;;;N;SQUARED PW;;;; +33BB;SQUARE NW;So;0;L; 006E 0057;;;;N;SQUARED NW;;;; +33BC;SQUARE MU W;So;0;L; 03BC 0057;;;;N;SQUARED MU W;;;; +33BD;SQUARE MW;So;0;L; 006D 0057;;;;N;SQUARED MW;;;; +33BE;SQUARE KW;So;0;L; 006B 0057;;;;N;SQUARED KW;;;; +33BF;SQUARE MW MEGA;So;0;L; 004D 0057;;;;N;SQUARED MW MEGA;;;; +33C0;SQUARE K OHM;So;0;L; 006B 03A9;;;;N;SQUARED K OHM;;;; +33C1;SQUARE M OHM;So;0;L; 004D 03A9;;;;N;SQUARED M OHM;;;; +33C2;SQUARE AM;So;0;L; 0061 002E 006D 002E;;;;N;SQUARED AM;;;; +33C3;SQUARE BQ;So;0;L; 0042 0071;;;;N;SQUARED BQ;;;; +33C4;SQUARE CC;So;0;L; 0063 0063;;;;N;SQUARED CC;;;; +33C5;SQUARE CD;So;0;L; 0063 0064;;;;N;SQUARED CD;;;; +33C6;SQUARE C OVER KG;So;0;L; 0043 2215 006B 0067;;;;N;SQUARED C OVER KG;;;; +33C7;SQUARE CO;So;0;L; 0043 006F 002E;;;;N;SQUARED CO;;;; +33C8;SQUARE DB;So;0;L; 0064 0042;;;;N;SQUARED DB;;;; +33C9;SQUARE GY;So;0;L; 0047 0079;;;;N;SQUARED GY;;;; +33CA;SQUARE HA;So;0;L; 0068 0061;;;;N;SQUARED HA;;;; +33CB;SQUARE HP;So;0;L; 0048 0050;;;;N;SQUARED HP;;;; +33CC;SQUARE IN;So;0;L; 0069 006E;;;;N;SQUARED IN;;;; +33CD;SQUARE KK;So;0;L; 004B 004B;;;;N;SQUARED KK;;;; +33CE;SQUARE KM CAPITAL;So;0;L; 004B 004D;;;;N;SQUARED KM CAPITAL;;;; +33CF;SQUARE KT;So;0;L; 006B 0074;;;;N;SQUARED KT;;;; +33D0;SQUARE LM;So;0;L; 006C 006D;;;;N;SQUARED LM;;;; +33D1;SQUARE LN;So;0;L; 006C 006E;;;;N;SQUARED LN;;;; +33D2;SQUARE LOG;So;0;L; 006C 006F 0067;;;;N;SQUARED LOG;;;; +33D3;SQUARE LX;So;0;L; 006C 0078;;;;N;SQUARED LX;;;; +33D4;SQUARE MB SMALL;So;0;L; 006D 0062;;;;N;SQUARED MB SMALL;;;; +33D5;SQUARE MIL;So;0;L; 006D 0069 006C;;;;N;SQUARED MIL;;;; +33D6;SQUARE MOL;So;0;L; 006D 006F 006C;;;;N;SQUARED MOL;;;; +33D7;SQUARE PH;So;0;L; 0050 0048;;;;N;SQUARED PH;;;; +33D8;SQUARE PM;So;0;L; 0070 002E 006D 002E;;;;N;SQUARED PM;;;; +33D9;SQUARE PPM;So;0;L; 0050 0050 004D;;;;N;SQUARED PPM;;;; +33DA;SQUARE PR;So;0;L; 0050 0052;;;;N;SQUARED PR;;;; +33DB;SQUARE SR;So;0;L; 0073 0072;;;;N;SQUARED SR;;;; +33DC;SQUARE SV;So;0;L; 0053 0076;;;;N;SQUARED SV;;;; +33DD;SQUARE WB;So;0;L; 0057 0062;;;;N;SQUARED WB;;;; +33E0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ONE;So;0;L; 0031 65E5;;;;N;;;;; +33E1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWO;So;0;L; 0032 65E5;;;;N;;;;; +33E2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THREE;So;0;L; 0033 65E5;;;;N;;;;; +33E3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOUR;So;0;L; 0034 65E5;;;;N;;;;; +33E4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIVE;So;0;L; 0035 65E5;;;;N;;;;; +33E5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIX;So;0;L; 0036 65E5;;;;N;;;;; +33E6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVEN;So;0;L; 0037 65E5;;;;N;;;;; +33E7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHT;So;0;L; 0038 65E5;;;;N;;;;; +33E8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINE;So;0;L; 0039 65E5;;;;N;;;;; +33E9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TEN;So;0;L; 0031 0030 65E5;;;;N;;;;; +33EA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY ELEVEN;So;0;L; 0031 0031 65E5;;;;N;;;;; +33EB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWELVE;So;0;L; 0031 0032 65E5;;;;N;;;;; +33EC;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTEEN;So;0;L; 0031 0033 65E5;;;;N;;;;; +33ED;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FOURTEEN;So;0;L; 0031 0034 65E5;;;;N;;;;; +33EE;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY FIFTEEN;So;0;L; 0031 0035 65E5;;;;N;;;;; +33EF;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SIXTEEN;So;0;L; 0031 0036 65E5;;;;N;;;;; +33F0;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY SEVENTEEN;So;0;L; 0031 0037 65E5;;;;N;;;;; +33F1;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY EIGHTEEN;So;0;L; 0031 0038 65E5;;;;N;;;;; +33F2;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY NINETEEN;So;0;L; 0031 0039 65E5;;;;N;;;;; +33F3;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY;So;0;L; 0032 0030 65E5;;;;N;;;;; +33F4;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-ONE;So;0;L; 0032 0031 65E5;;;;N;;;;; +33F5;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-TWO;So;0;L; 0032 0032 65E5;;;;N;;;;; +33F6;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-THREE;So;0;L; 0032 0033 65E5;;;;N;;;;; +33F7;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FOUR;So;0;L; 0032 0034 65E5;;;;N;;;;; +33F8;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-FIVE;So;0;L; 0032 0035 65E5;;;;N;;;;; +33F9;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SIX;So;0;L; 0032 0036 65E5;;;;N;;;;; +33FA;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-SEVEN;So;0;L; 0032 0037 65E5;;;;N;;;;; +33FB;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-EIGHT;So;0;L; 0032 0038 65E5;;;;N;;;;; +33FC;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY TWENTY-NINE;So;0;L; 0032 0039 65E5;;;;N;;;;; +33FD;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY;So;0;L; 0033 0030 65E5;;;;N;;;;; +33FE;IDEOGRAPHIC TELEGRAPH SYMBOL FOR DAY THIRTY-ONE;So;0;L; 0033 0031 65E5;;;;N;;;;; +3400;;Lo;0;L;;;;;N;;;;; +4DB5;;Lo;0;L;;;;;N;;;;; +4E00;;Lo;0;L;;;;;N;;;;; +9FA5;;Lo;0;L;;;;;N;;;;; +A000;YI SYLLABLE IT;Lo;0;L;;;;;N;;;;; +A001;YI SYLLABLE IX;Lo;0;L;;;;;N;;;;; +A002;YI SYLLABLE I;Lo;0;L;;;;;N;;;;; +A003;YI SYLLABLE IP;Lo;0;L;;;;;N;;;;; +A004;YI SYLLABLE IET;Lo;0;L;;;;;N;;;;; +A005;YI SYLLABLE IEX;Lo;0;L;;;;;N;;;;; +A006;YI SYLLABLE IE;Lo;0;L;;;;;N;;;;; +A007;YI SYLLABLE IEP;Lo;0;L;;;;;N;;;;; +A008;YI SYLLABLE AT;Lo;0;L;;;;;N;;;;; +A009;YI SYLLABLE AX;Lo;0;L;;;;;N;;;;; +A00A;YI SYLLABLE A;Lo;0;L;;;;;N;;;;; +A00B;YI SYLLABLE AP;Lo;0;L;;;;;N;;;;; +A00C;YI SYLLABLE UOX;Lo;0;L;;;;;N;;;;; +A00D;YI SYLLABLE UO;Lo;0;L;;;;;N;;;;; +A00E;YI SYLLABLE UOP;Lo;0;L;;;;;N;;;;; +A00F;YI SYLLABLE OT;Lo;0;L;;;;;N;;;;; +A010;YI SYLLABLE OX;Lo;0;L;;;;;N;;;;; +A011;YI SYLLABLE O;Lo;0;L;;;;;N;;;;; +A012;YI SYLLABLE OP;Lo;0;L;;;;;N;;;;; +A013;YI SYLLABLE EX;Lo;0;L;;;;;N;;;;; +A014;YI SYLLABLE E;Lo;0;L;;;;;N;;;;; +A015;YI SYLLABLE WU;Lo;0;L;;;;;N;;;;; +A016;YI SYLLABLE BIT;Lo;0;L;;;;;N;;;;; +A017;YI SYLLABLE BIX;Lo;0;L;;;;;N;;;;; +A018;YI SYLLABLE BI;Lo;0;L;;;;;N;;;;; +A019;YI SYLLABLE BIP;Lo;0;L;;;;;N;;;;; +A01A;YI SYLLABLE BIET;Lo;0;L;;;;;N;;;;; +A01B;YI SYLLABLE BIEX;Lo;0;L;;;;;N;;;;; +A01C;YI SYLLABLE BIE;Lo;0;L;;;;;N;;;;; +A01D;YI SYLLABLE BIEP;Lo;0;L;;;;;N;;;;; +A01E;YI SYLLABLE BAT;Lo;0;L;;;;;N;;;;; +A01F;YI SYLLABLE BAX;Lo;0;L;;;;;N;;;;; +A020;YI SYLLABLE BA;Lo;0;L;;;;;N;;;;; +A021;YI SYLLABLE BAP;Lo;0;L;;;;;N;;;;; +A022;YI SYLLABLE BUOX;Lo;0;L;;;;;N;;;;; +A023;YI SYLLABLE BUO;Lo;0;L;;;;;N;;;;; +A024;YI SYLLABLE BUOP;Lo;0;L;;;;;N;;;;; +A025;YI SYLLABLE BOT;Lo;0;L;;;;;N;;;;; +A026;YI SYLLABLE BOX;Lo;0;L;;;;;N;;;;; +A027;YI SYLLABLE BO;Lo;0;L;;;;;N;;;;; +A028;YI SYLLABLE BOP;Lo;0;L;;;;;N;;;;; +A029;YI SYLLABLE BEX;Lo;0;L;;;;;N;;;;; +A02A;YI SYLLABLE BE;Lo;0;L;;;;;N;;;;; +A02B;YI SYLLABLE BEP;Lo;0;L;;;;;N;;;;; +A02C;YI SYLLABLE BUT;Lo;0;L;;;;;N;;;;; +A02D;YI SYLLABLE BUX;Lo;0;L;;;;;N;;;;; +A02E;YI SYLLABLE BU;Lo;0;L;;;;;N;;;;; +A02F;YI SYLLABLE BUP;Lo;0;L;;;;;N;;;;; +A030;YI SYLLABLE BURX;Lo;0;L;;;;;N;;;;; +A031;YI SYLLABLE BUR;Lo;0;L;;;;;N;;;;; +A032;YI SYLLABLE BYT;Lo;0;L;;;;;N;;;;; +A033;YI SYLLABLE BYX;Lo;0;L;;;;;N;;;;; +A034;YI SYLLABLE BY;Lo;0;L;;;;;N;;;;; +A035;YI SYLLABLE BYP;Lo;0;L;;;;;N;;;;; +A036;YI SYLLABLE BYRX;Lo;0;L;;;;;N;;;;; +A037;YI SYLLABLE BYR;Lo;0;L;;;;;N;;;;; +A038;YI SYLLABLE PIT;Lo;0;L;;;;;N;;;;; +A039;YI SYLLABLE PIX;Lo;0;L;;;;;N;;;;; +A03A;YI SYLLABLE PI;Lo;0;L;;;;;N;;;;; +A03B;YI SYLLABLE PIP;Lo;0;L;;;;;N;;;;; +A03C;YI SYLLABLE PIEX;Lo;0;L;;;;;N;;;;; +A03D;YI SYLLABLE PIE;Lo;0;L;;;;;N;;;;; +A03E;YI SYLLABLE PIEP;Lo;0;L;;;;;N;;;;; +A03F;YI SYLLABLE PAT;Lo;0;L;;;;;N;;;;; +A040;YI SYLLABLE PAX;Lo;0;L;;;;;N;;;;; +A041;YI SYLLABLE PA;Lo;0;L;;;;;N;;;;; +A042;YI SYLLABLE PAP;Lo;0;L;;;;;N;;;;; +A043;YI SYLLABLE PUOX;Lo;0;L;;;;;N;;;;; +A044;YI SYLLABLE PUO;Lo;0;L;;;;;N;;;;; +A045;YI SYLLABLE PUOP;Lo;0;L;;;;;N;;;;; +A046;YI SYLLABLE POT;Lo;0;L;;;;;N;;;;; +A047;YI SYLLABLE POX;Lo;0;L;;;;;N;;;;; +A048;YI SYLLABLE PO;Lo;0;L;;;;;N;;;;; +A049;YI SYLLABLE POP;Lo;0;L;;;;;N;;;;; +A04A;YI SYLLABLE PUT;Lo;0;L;;;;;N;;;;; +A04B;YI SYLLABLE PUX;Lo;0;L;;;;;N;;;;; +A04C;YI SYLLABLE PU;Lo;0;L;;;;;N;;;;; +A04D;YI SYLLABLE PUP;Lo;0;L;;;;;N;;;;; +A04E;YI SYLLABLE PURX;Lo;0;L;;;;;N;;;;; +A04F;YI SYLLABLE PUR;Lo;0;L;;;;;N;;;;; +A050;YI SYLLABLE PYT;Lo;0;L;;;;;N;;;;; +A051;YI SYLLABLE PYX;Lo;0;L;;;;;N;;;;; +A052;YI SYLLABLE PY;Lo;0;L;;;;;N;;;;; +A053;YI SYLLABLE PYP;Lo;0;L;;;;;N;;;;; +A054;YI SYLLABLE PYRX;Lo;0;L;;;;;N;;;;; +A055;YI SYLLABLE PYR;Lo;0;L;;;;;N;;;;; +A056;YI SYLLABLE BBIT;Lo;0;L;;;;;N;;;;; +A057;YI SYLLABLE BBIX;Lo;0;L;;;;;N;;;;; +A058;YI SYLLABLE BBI;Lo;0;L;;;;;N;;;;; +A059;YI SYLLABLE BBIP;Lo;0;L;;;;;N;;;;; +A05A;YI SYLLABLE BBIET;Lo;0;L;;;;;N;;;;; +A05B;YI SYLLABLE BBIEX;Lo;0;L;;;;;N;;;;; +A05C;YI SYLLABLE BBIE;Lo;0;L;;;;;N;;;;; +A05D;YI SYLLABLE BBIEP;Lo;0;L;;;;;N;;;;; +A05E;YI SYLLABLE BBAT;Lo;0;L;;;;;N;;;;; +A05F;YI SYLLABLE BBAX;Lo;0;L;;;;;N;;;;; +A060;YI SYLLABLE BBA;Lo;0;L;;;;;N;;;;; +A061;YI SYLLABLE BBAP;Lo;0;L;;;;;N;;;;; +A062;YI SYLLABLE BBUOX;Lo;0;L;;;;;N;;;;; +A063;YI SYLLABLE BBUO;Lo;0;L;;;;;N;;;;; +A064;YI SYLLABLE BBUOP;Lo;0;L;;;;;N;;;;; +A065;YI SYLLABLE BBOT;Lo;0;L;;;;;N;;;;; +A066;YI SYLLABLE BBOX;Lo;0;L;;;;;N;;;;; +A067;YI SYLLABLE BBO;Lo;0;L;;;;;N;;;;; +A068;YI SYLLABLE BBOP;Lo;0;L;;;;;N;;;;; +A069;YI SYLLABLE BBEX;Lo;0;L;;;;;N;;;;; +A06A;YI SYLLABLE BBE;Lo;0;L;;;;;N;;;;; +A06B;YI SYLLABLE BBEP;Lo;0;L;;;;;N;;;;; +A06C;YI SYLLABLE BBUT;Lo;0;L;;;;;N;;;;; +A06D;YI SYLLABLE BBUX;Lo;0;L;;;;;N;;;;; +A06E;YI SYLLABLE BBU;Lo;0;L;;;;;N;;;;; +A06F;YI SYLLABLE BBUP;Lo;0;L;;;;;N;;;;; +A070;YI SYLLABLE BBURX;Lo;0;L;;;;;N;;;;; +A071;YI SYLLABLE BBUR;Lo;0;L;;;;;N;;;;; +A072;YI SYLLABLE BBYT;Lo;0;L;;;;;N;;;;; +A073;YI SYLLABLE BBYX;Lo;0;L;;;;;N;;;;; +A074;YI SYLLABLE BBY;Lo;0;L;;;;;N;;;;; +A075;YI SYLLABLE BBYP;Lo;0;L;;;;;N;;;;; +A076;YI SYLLABLE NBIT;Lo;0;L;;;;;N;;;;; +A077;YI SYLLABLE NBIX;Lo;0;L;;;;;N;;;;; +A078;YI SYLLABLE NBI;Lo;0;L;;;;;N;;;;; +A079;YI SYLLABLE NBIP;Lo;0;L;;;;;N;;;;; +A07A;YI SYLLABLE NBIEX;Lo;0;L;;;;;N;;;;; +A07B;YI SYLLABLE NBIE;Lo;0;L;;;;;N;;;;; +A07C;YI SYLLABLE NBIEP;Lo;0;L;;;;;N;;;;; +A07D;YI SYLLABLE NBAT;Lo;0;L;;;;;N;;;;; +A07E;YI SYLLABLE NBAX;Lo;0;L;;;;;N;;;;; +A07F;YI SYLLABLE NBA;Lo;0;L;;;;;N;;;;; +A080;YI SYLLABLE NBAP;Lo;0;L;;;;;N;;;;; +A081;YI SYLLABLE NBOT;Lo;0;L;;;;;N;;;;; +A082;YI SYLLABLE NBOX;Lo;0;L;;;;;N;;;;; +A083;YI SYLLABLE NBO;Lo;0;L;;;;;N;;;;; +A084;YI SYLLABLE NBOP;Lo;0;L;;;;;N;;;;; +A085;YI SYLLABLE NBUT;Lo;0;L;;;;;N;;;;; +A086;YI SYLLABLE NBUX;Lo;0;L;;;;;N;;;;; +A087;YI SYLLABLE NBU;Lo;0;L;;;;;N;;;;; +A088;YI SYLLABLE NBUP;Lo;0;L;;;;;N;;;;; +A089;YI SYLLABLE NBURX;Lo;0;L;;;;;N;;;;; +A08A;YI SYLLABLE NBUR;Lo;0;L;;;;;N;;;;; +A08B;YI SYLLABLE NBYT;Lo;0;L;;;;;N;;;;; +A08C;YI SYLLABLE NBYX;Lo;0;L;;;;;N;;;;; +A08D;YI SYLLABLE NBY;Lo;0;L;;;;;N;;;;; +A08E;YI SYLLABLE NBYP;Lo;0;L;;;;;N;;;;; +A08F;YI SYLLABLE NBYRX;Lo;0;L;;;;;N;;;;; +A090;YI SYLLABLE NBYR;Lo;0;L;;;;;N;;;;; +A091;YI SYLLABLE HMIT;Lo;0;L;;;;;N;;;;; +A092;YI SYLLABLE HMIX;Lo;0;L;;;;;N;;;;; +A093;YI SYLLABLE HMI;Lo;0;L;;;;;N;;;;; +A094;YI SYLLABLE HMIP;Lo;0;L;;;;;N;;;;; +A095;YI SYLLABLE HMIEX;Lo;0;L;;;;;N;;;;; +A096;YI SYLLABLE HMIE;Lo;0;L;;;;;N;;;;; +A097;YI SYLLABLE HMIEP;Lo;0;L;;;;;N;;;;; +A098;YI SYLLABLE HMAT;Lo;0;L;;;;;N;;;;; +A099;YI SYLLABLE HMAX;Lo;0;L;;;;;N;;;;; +A09A;YI SYLLABLE HMA;Lo;0;L;;;;;N;;;;; +A09B;YI SYLLABLE HMAP;Lo;0;L;;;;;N;;;;; +A09C;YI SYLLABLE HMUOX;Lo;0;L;;;;;N;;;;; +A09D;YI SYLLABLE HMUO;Lo;0;L;;;;;N;;;;; +A09E;YI SYLLABLE HMUOP;Lo;0;L;;;;;N;;;;; +A09F;YI SYLLABLE HMOT;Lo;0;L;;;;;N;;;;; +A0A0;YI SYLLABLE HMOX;Lo;0;L;;;;;N;;;;; +A0A1;YI SYLLABLE HMO;Lo;0;L;;;;;N;;;;; +A0A2;YI SYLLABLE HMOP;Lo;0;L;;;;;N;;;;; +A0A3;YI SYLLABLE HMUT;Lo;0;L;;;;;N;;;;; +A0A4;YI SYLLABLE HMUX;Lo;0;L;;;;;N;;;;; +A0A5;YI SYLLABLE HMU;Lo;0;L;;;;;N;;;;; +A0A6;YI SYLLABLE HMUP;Lo;0;L;;;;;N;;;;; +A0A7;YI SYLLABLE HMURX;Lo;0;L;;;;;N;;;;; +A0A8;YI SYLLABLE HMUR;Lo;0;L;;;;;N;;;;; +A0A9;YI SYLLABLE HMYX;Lo;0;L;;;;;N;;;;; +A0AA;YI SYLLABLE HMY;Lo;0;L;;;;;N;;;;; +A0AB;YI SYLLABLE HMYP;Lo;0;L;;;;;N;;;;; +A0AC;YI SYLLABLE HMYRX;Lo;0;L;;;;;N;;;;; +A0AD;YI SYLLABLE HMYR;Lo;0;L;;;;;N;;;;; +A0AE;YI SYLLABLE MIT;Lo;0;L;;;;;N;;;;; +A0AF;YI SYLLABLE MIX;Lo;0;L;;;;;N;;;;; +A0B0;YI SYLLABLE MI;Lo;0;L;;;;;N;;;;; +A0B1;YI SYLLABLE MIP;Lo;0;L;;;;;N;;;;; +A0B2;YI SYLLABLE MIEX;Lo;0;L;;;;;N;;;;; +A0B3;YI SYLLABLE MIE;Lo;0;L;;;;;N;;;;; +A0B4;YI SYLLABLE MIEP;Lo;0;L;;;;;N;;;;; +A0B5;YI SYLLABLE MAT;Lo;0;L;;;;;N;;;;; +A0B6;YI SYLLABLE MAX;Lo;0;L;;;;;N;;;;; +A0B7;YI SYLLABLE MA;Lo;0;L;;;;;N;;;;; +A0B8;YI SYLLABLE MAP;Lo;0;L;;;;;N;;;;; +A0B9;YI SYLLABLE MUOT;Lo;0;L;;;;;N;;;;; +A0BA;YI SYLLABLE MUOX;Lo;0;L;;;;;N;;;;; +A0BB;YI SYLLABLE MUO;Lo;0;L;;;;;N;;;;; +A0BC;YI SYLLABLE MUOP;Lo;0;L;;;;;N;;;;; +A0BD;YI SYLLABLE MOT;Lo;0;L;;;;;N;;;;; +A0BE;YI SYLLABLE MOX;Lo;0;L;;;;;N;;;;; +A0BF;YI SYLLABLE MO;Lo;0;L;;;;;N;;;;; +A0C0;YI SYLLABLE MOP;Lo;0;L;;;;;N;;;;; +A0C1;YI SYLLABLE MEX;Lo;0;L;;;;;N;;;;; +A0C2;YI SYLLABLE ME;Lo;0;L;;;;;N;;;;; +A0C3;YI SYLLABLE MUT;Lo;0;L;;;;;N;;;;; +A0C4;YI SYLLABLE MUX;Lo;0;L;;;;;N;;;;; +A0C5;YI SYLLABLE MU;Lo;0;L;;;;;N;;;;; +A0C6;YI SYLLABLE MUP;Lo;0;L;;;;;N;;;;; +A0C7;YI SYLLABLE MURX;Lo;0;L;;;;;N;;;;; +A0C8;YI SYLLABLE MUR;Lo;0;L;;;;;N;;;;; +A0C9;YI SYLLABLE MYT;Lo;0;L;;;;;N;;;;; +A0CA;YI SYLLABLE MYX;Lo;0;L;;;;;N;;;;; +A0CB;YI SYLLABLE MY;Lo;0;L;;;;;N;;;;; +A0CC;YI SYLLABLE MYP;Lo;0;L;;;;;N;;;;; +A0CD;YI SYLLABLE FIT;Lo;0;L;;;;;N;;;;; +A0CE;YI SYLLABLE FIX;Lo;0;L;;;;;N;;;;; +A0CF;YI SYLLABLE FI;Lo;0;L;;;;;N;;;;; +A0D0;YI SYLLABLE FIP;Lo;0;L;;;;;N;;;;; +A0D1;YI SYLLABLE FAT;Lo;0;L;;;;;N;;;;; +A0D2;YI SYLLABLE FAX;Lo;0;L;;;;;N;;;;; +A0D3;YI SYLLABLE FA;Lo;0;L;;;;;N;;;;; +A0D4;YI SYLLABLE FAP;Lo;0;L;;;;;N;;;;; +A0D5;YI SYLLABLE FOX;Lo;0;L;;;;;N;;;;; +A0D6;YI SYLLABLE FO;Lo;0;L;;;;;N;;;;; +A0D7;YI SYLLABLE FOP;Lo;0;L;;;;;N;;;;; +A0D8;YI SYLLABLE FUT;Lo;0;L;;;;;N;;;;; +A0D9;YI SYLLABLE FUX;Lo;0;L;;;;;N;;;;; +A0DA;YI SYLLABLE FU;Lo;0;L;;;;;N;;;;; +A0DB;YI SYLLABLE FUP;Lo;0;L;;;;;N;;;;; +A0DC;YI SYLLABLE FURX;Lo;0;L;;;;;N;;;;; +A0DD;YI SYLLABLE FUR;Lo;0;L;;;;;N;;;;; +A0DE;YI SYLLABLE FYT;Lo;0;L;;;;;N;;;;; +A0DF;YI SYLLABLE FYX;Lo;0;L;;;;;N;;;;; +A0E0;YI SYLLABLE FY;Lo;0;L;;;;;N;;;;; +A0E1;YI SYLLABLE FYP;Lo;0;L;;;;;N;;;;; +A0E2;YI SYLLABLE VIT;Lo;0;L;;;;;N;;;;; +A0E3;YI SYLLABLE VIX;Lo;0;L;;;;;N;;;;; +A0E4;YI SYLLABLE VI;Lo;0;L;;;;;N;;;;; +A0E5;YI SYLLABLE VIP;Lo;0;L;;;;;N;;;;; +A0E6;YI SYLLABLE VIET;Lo;0;L;;;;;N;;;;; +A0E7;YI SYLLABLE VIEX;Lo;0;L;;;;;N;;;;; +A0E8;YI SYLLABLE VIE;Lo;0;L;;;;;N;;;;; +A0E9;YI SYLLABLE VIEP;Lo;0;L;;;;;N;;;;; +A0EA;YI SYLLABLE VAT;Lo;0;L;;;;;N;;;;; +A0EB;YI SYLLABLE VAX;Lo;0;L;;;;;N;;;;; +A0EC;YI SYLLABLE VA;Lo;0;L;;;;;N;;;;; +A0ED;YI SYLLABLE VAP;Lo;0;L;;;;;N;;;;; +A0EE;YI SYLLABLE VOT;Lo;0;L;;;;;N;;;;; +A0EF;YI SYLLABLE VOX;Lo;0;L;;;;;N;;;;; +A0F0;YI SYLLABLE VO;Lo;0;L;;;;;N;;;;; +A0F1;YI SYLLABLE VOP;Lo;0;L;;;;;N;;;;; +A0F2;YI SYLLABLE VEX;Lo;0;L;;;;;N;;;;; +A0F3;YI SYLLABLE VEP;Lo;0;L;;;;;N;;;;; +A0F4;YI SYLLABLE VUT;Lo;0;L;;;;;N;;;;; +A0F5;YI SYLLABLE VUX;Lo;0;L;;;;;N;;;;; +A0F6;YI SYLLABLE VU;Lo;0;L;;;;;N;;;;; +A0F7;YI SYLLABLE VUP;Lo;0;L;;;;;N;;;;; +A0F8;YI SYLLABLE VURX;Lo;0;L;;;;;N;;;;; +A0F9;YI SYLLABLE VUR;Lo;0;L;;;;;N;;;;; +A0FA;YI SYLLABLE VYT;Lo;0;L;;;;;N;;;;; +A0FB;YI SYLLABLE VYX;Lo;0;L;;;;;N;;;;; +A0FC;YI SYLLABLE VY;Lo;0;L;;;;;N;;;;; +A0FD;YI SYLLABLE VYP;Lo;0;L;;;;;N;;;;; +A0FE;YI SYLLABLE VYRX;Lo;0;L;;;;;N;;;;; +A0FF;YI SYLLABLE VYR;Lo;0;L;;;;;N;;;;; +A100;YI SYLLABLE DIT;Lo;0;L;;;;;N;;;;; +A101;YI SYLLABLE DIX;Lo;0;L;;;;;N;;;;; +A102;YI SYLLABLE DI;Lo;0;L;;;;;N;;;;; +A103;YI SYLLABLE DIP;Lo;0;L;;;;;N;;;;; +A104;YI SYLLABLE DIEX;Lo;0;L;;;;;N;;;;; +A105;YI SYLLABLE DIE;Lo;0;L;;;;;N;;;;; +A106;YI SYLLABLE DIEP;Lo;0;L;;;;;N;;;;; +A107;YI SYLLABLE DAT;Lo;0;L;;;;;N;;;;; +A108;YI SYLLABLE DAX;Lo;0;L;;;;;N;;;;; +A109;YI SYLLABLE DA;Lo;0;L;;;;;N;;;;; +A10A;YI SYLLABLE DAP;Lo;0;L;;;;;N;;;;; +A10B;YI SYLLABLE DUOX;Lo;0;L;;;;;N;;;;; +A10C;YI SYLLABLE DUO;Lo;0;L;;;;;N;;;;; +A10D;YI SYLLABLE DOT;Lo;0;L;;;;;N;;;;; +A10E;YI SYLLABLE DOX;Lo;0;L;;;;;N;;;;; +A10F;YI SYLLABLE DO;Lo;0;L;;;;;N;;;;; +A110;YI SYLLABLE DOP;Lo;0;L;;;;;N;;;;; +A111;YI SYLLABLE DEX;Lo;0;L;;;;;N;;;;; +A112;YI SYLLABLE DE;Lo;0;L;;;;;N;;;;; +A113;YI SYLLABLE DEP;Lo;0;L;;;;;N;;;;; +A114;YI SYLLABLE DUT;Lo;0;L;;;;;N;;;;; +A115;YI SYLLABLE DUX;Lo;0;L;;;;;N;;;;; +A116;YI SYLLABLE DU;Lo;0;L;;;;;N;;;;; +A117;YI SYLLABLE DUP;Lo;0;L;;;;;N;;;;; +A118;YI SYLLABLE DURX;Lo;0;L;;;;;N;;;;; +A119;YI SYLLABLE DUR;Lo;0;L;;;;;N;;;;; +A11A;YI SYLLABLE TIT;Lo;0;L;;;;;N;;;;; +A11B;YI SYLLABLE TIX;Lo;0;L;;;;;N;;;;; +A11C;YI SYLLABLE TI;Lo;0;L;;;;;N;;;;; +A11D;YI SYLLABLE TIP;Lo;0;L;;;;;N;;;;; +A11E;YI SYLLABLE TIEX;Lo;0;L;;;;;N;;;;; +A11F;YI SYLLABLE TIE;Lo;0;L;;;;;N;;;;; +A120;YI SYLLABLE TIEP;Lo;0;L;;;;;N;;;;; +A121;YI SYLLABLE TAT;Lo;0;L;;;;;N;;;;; +A122;YI SYLLABLE TAX;Lo;0;L;;;;;N;;;;; +A123;YI SYLLABLE TA;Lo;0;L;;;;;N;;;;; +A124;YI SYLLABLE TAP;Lo;0;L;;;;;N;;;;; +A125;YI SYLLABLE TUOT;Lo;0;L;;;;;N;;;;; +A126;YI SYLLABLE TUOX;Lo;0;L;;;;;N;;;;; +A127;YI SYLLABLE TUO;Lo;0;L;;;;;N;;;;; +A128;YI SYLLABLE TUOP;Lo;0;L;;;;;N;;;;; +A129;YI SYLLABLE TOT;Lo;0;L;;;;;N;;;;; +A12A;YI SYLLABLE TOX;Lo;0;L;;;;;N;;;;; +A12B;YI SYLLABLE TO;Lo;0;L;;;;;N;;;;; +A12C;YI SYLLABLE TOP;Lo;0;L;;;;;N;;;;; +A12D;YI SYLLABLE TEX;Lo;0;L;;;;;N;;;;; +A12E;YI SYLLABLE TE;Lo;0;L;;;;;N;;;;; +A12F;YI SYLLABLE TEP;Lo;0;L;;;;;N;;;;; +A130;YI SYLLABLE TUT;Lo;0;L;;;;;N;;;;; +A131;YI SYLLABLE TUX;Lo;0;L;;;;;N;;;;; +A132;YI SYLLABLE TU;Lo;0;L;;;;;N;;;;; +A133;YI SYLLABLE TUP;Lo;0;L;;;;;N;;;;; +A134;YI SYLLABLE TURX;Lo;0;L;;;;;N;;;;; +A135;YI SYLLABLE TUR;Lo;0;L;;;;;N;;;;; +A136;YI SYLLABLE DDIT;Lo;0;L;;;;;N;;;;; +A137;YI SYLLABLE DDIX;Lo;0;L;;;;;N;;;;; +A138;YI SYLLABLE DDI;Lo;0;L;;;;;N;;;;; +A139;YI SYLLABLE DDIP;Lo;0;L;;;;;N;;;;; +A13A;YI SYLLABLE DDIEX;Lo;0;L;;;;;N;;;;; +A13B;YI SYLLABLE DDIE;Lo;0;L;;;;;N;;;;; +A13C;YI SYLLABLE DDIEP;Lo;0;L;;;;;N;;;;; +A13D;YI SYLLABLE DDAT;Lo;0;L;;;;;N;;;;; +A13E;YI SYLLABLE DDAX;Lo;0;L;;;;;N;;;;; +A13F;YI SYLLABLE DDA;Lo;0;L;;;;;N;;;;; +A140;YI SYLLABLE DDAP;Lo;0;L;;;;;N;;;;; +A141;YI SYLLABLE DDUOX;Lo;0;L;;;;;N;;;;; +A142;YI SYLLABLE DDUO;Lo;0;L;;;;;N;;;;; +A143;YI SYLLABLE DDUOP;Lo;0;L;;;;;N;;;;; +A144;YI SYLLABLE DDOT;Lo;0;L;;;;;N;;;;; +A145;YI SYLLABLE DDOX;Lo;0;L;;;;;N;;;;; +A146;YI SYLLABLE DDO;Lo;0;L;;;;;N;;;;; +A147;YI SYLLABLE DDOP;Lo;0;L;;;;;N;;;;; +A148;YI SYLLABLE DDEX;Lo;0;L;;;;;N;;;;; +A149;YI SYLLABLE DDE;Lo;0;L;;;;;N;;;;; +A14A;YI SYLLABLE DDEP;Lo;0;L;;;;;N;;;;; +A14B;YI SYLLABLE DDUT;Lo;0;L;;;;;N;;;;; +A14C;YI SYLLABLE DDUX;Lo;0;L;;;;;N;;;;; +A14D;YI SYLLABLE DDU;Lo;0;L;;;;;N;;;;; +A14E;YI SYLLABLE DDUP;Lo;0;L;;;;;N;;;;; +A14F;YI SYLLABLE DDURX;Lo;0;L;;;;;N;;;;; +A150;YI SYLLABLE DDUR;Lo;0;L;;;;;N;;;;; +A151;YI SYLLABLE NDIT;Lo;0;L;;;;;N;;;;; +A152;YI SYLLABLE NDIX;Lo;0;L;;;;;N;;;;; +A153;YI SYLLABLE NDI;Lo;0;L;;;;;N;;;;; +A154;YI SYLLABLE NDIP;Lo;0;L;;;;;N;;;;; +A155;YI SYLLABLE NDIEX;Lo;0;L;;;;;N;;;;; +A156;YI SYLLABLE NDIE;Lo;0;L;;;;;N;;;;; +A157;YI SYLLABLE NDAT;Lo;0;L;;;;;N;;;;; +A158;YI SYLLABLE NDAX;Lo;0;L;;;;;N;;;;; +A159;YI SYLLABLE NDA;Lo;0;L;;;;;N;;;;; +A15A;YI SYLLABLE NDAP;Lo;0;L;;;;;N;;;;; +A15B;YI SYLLABLE NDOT;Lo;0;L;;;;;N;;;;; +A15C;YI SYLLABLE NDOX;Lo;0;L;;;;;N;;;;; +A15D;YI SYLLABLE NDO;Lo;0;L;;;;;N;;;;; +A15E;YI SYLLABLE NDOP;Lo;0;L;;;;;N;;;;; +A15F;YI SYLLABLE NDEX;Lo;0;L;;;;;N;;;;; +A160;YI SYLLABLE NDE;Lo;0;L;;;;;N;;;;; +A161;YI SYLLABLE NDEP;Lo;0;L;;;;;N;;;;; +A162;YI SYLLABLE NDUT;Lo;0;L;;;;;N;;;;; +A163;YI SYLLABLE NDUX;Lo;0;L;;;;;N;;;;; +A164;YI SYLLABLE NDU;Lo;0;L;;;;;N;;;;; +A165;YI SYLLABLE NDUP;Lo;0;L;;;;;N;;;;; +A166;YI SYLLABLE NDURX;Lo;0;L;;;;;N;;;;; +A167;YI SYLLABLE NDUR;Lo;0;L;;;;;N;;;;; +A168;YI SYLLABLE HNIT;Lo;0;L;;;;;N;;;;; +A169;YI SYLLABLE HNIX;Lo;0;L;;;;;N;;;;; +A16A;YI SYLLABLE HNI;Lo;0;L;;;;;N;;;;; +A16B;YI SYLLABLE HNIP;Lo;0;L;;;;;N;;;;; +A16C;YI SYLLABLE HNIET;Lo;0;L;;;;;N;;;;; +A16D;YI SYLLABLE HNIEX;Lo;0;L;;;;;N;;;;; +A16E;YI SYLLABLE HNIE;Lo;0;L;;;;;N;;;;; +A16F;YI SYLLABLE HNIEP;Lo;0;L;;;;;N;;;;; +A170;YI SYLLABLE HNAT;Lo;0;L;;;;;N;;;;; +A171;YI SYLLABLE HNAX;Lo;0;L;;;;;N;;;;; +A172;YI SYLLABLE HNA;Lo;0;L;;;;;N;;;;; +A173;YI SYLLABLE HNAP;Lo;0;L;;;;;N;;;;; +A174;YI SYLLABLE HNUOX;Lo;0;L;;;;;N;;;;; +A175;YI SYLLABLE HNUO;Lo;0;L;;;;;N;;;;; +A176;YI SYLLABLE HNOT;Lo;0;L;;;;;N;;;;; +A177;YI SYLLABLE HNOX;Lo;0;L;;;;;N;;;;; +A178;YI SYLLABLE HNOP;Lo;0;L;;;;;N;;;;; +A179;YI SYLLABLE HNEX;Lo;0;L;;;;;N;;;;; +A17A;YI SYLLABLE HNE;Lo;0;L;;;;;N;;;;; +A17B;YI SYLLABLE HNEP;Lo;0;L;;;;;N;;;;; +A17C;YI SYLLABLE HNUT;Lo;0;L;;;;;N;;;;; +A17D;YI SYLLABLE NIT;Lo;0;L;;;;;N;;;;; +A17E;YI SYLLABLE NIX;Lo;0;L;;;;;N;;;;; +A17F;YI SYLLABLE NI;Lo;0;L;;;;;N;;;;; +A180;YI SYLLABLE NIP;Lo;0;L;;;;;N;;;;; +A181;YI SYLLABLE NIEX;Lo;0;L;;;;;N;;;;; +A182;YI SYLLABLE NIE;Lo;0;L;;;;;N;;;;; +A183;YI SYLLABLE NIEP;Lo;0;L;;;;;N;;;;; +A184;YI SYLLABLE NAX;Lo;0;L;;;;;N;;;;; +A185;YI SYLLABLE NA;Lo;0;L;;;;;N;;;;; +A186;YI SYLLABLE NAP;Lo;0;L;;;;;N;;;;; +A187;YI SYLLABLE NUOX;Lo;0;L;;;;;N;;;;; +A188;YI SYLLABLE NUO;Lo;0;L;;;;;N;;;;; +A189;YI SYLLABLE NUOP;Lo;0;L;;;;;N;;;;; +A18A;YI SYLLABLE NOT;Lo;0;L;;;;;N;;;;; +A18B;YI SYLLABLE NOX;Lo;0;L;;;;;N;;;;; +A18C;YI SYLLABLE NO;Lo;0;L;;;;;N;;;;; +A18D;YI SYLLABLE NOP;Lo;0;L;;;;;N;;;;; +A18E;YI SYLLABLE NEX;Lo;0;L;;;;;N;;;;; +A18F;YI SYLLABLE NE;Lo;0;L;;;;;N;;;;; +A190;YI SYLLABLE NEP;Lo;0;L;;;;;N;;;;; +A191;YI SYLLABLE NUT;Lo;0;L;;;;;N;;;;; +A192;YI SYLLABLE NUX;Lo;0;L;;;;;N;;;;; +A193;YI SYLLABLE NU;Lo;0;L;;;;;N;;;;; +A194;YI SYLLABLE NUP;Lo;0;L;;;;;N;;;;; +A195;YI SYLLABLE NURX;Lo;0;L;;;;;N;;;;; +A196;YI SYLLABLE NUR;Lo;0;L;;;;;N;;;;; +A197;YI SYLLABLE HLIT;Lo;0;L;;;;;N;;;;; +A198;YI SYLLABLE HLIX;Lo;0;L;;;;;N;;;;; +A199;YI SYLLABLE HLI;Lo;0;L;;;;;N;;;;; +A19A;YI SYLLABLE HLIP;Lo;0;L;;;;;N;;;;; +A19B;YI SYLLABLE HLIEX;Lo;0;L;;;;;N;;;;; +A19C;YI SYLLABLE HLIE;Lo;0;L;;;;;N;;;;; +A19D;YI SYLLABLE HLIEP;Lo;0;L;;;;;N;;;;; +A19E;YI SYLLABLE HLAT;Lo;0;L;;;;;N;;;;; +A19F;YI SYLLABLE HLAX;Lo;0;L;;;;;N;;;;; +A1A0;YI SYLLABLE HLA;Lo;0;L;;;;;N;;;;; +A1A1;YI SYLLABLE HLAP;Lo;0;L;;;;;N;;;;; +A1A2;YI SYLLABLE HLUOX;Lo;0;L;;;;;N;;;;; +A1A3;YI SYLLABLE HLUO;Lo;0;L;;;;;N;;;;; +A1A4;YI SYLLABLE HLUOP;Lo;0;L;;;;;N;;;;; +A1A5;YI SYLLABLE HLOX;Lo;0;L;;;;;N;;;;; +A1A6;YI SYLLABLE HLO;Lo;0;L;;;;;N;;;;; +A1A7;YI SYLLABLE HLOP;Lo;0;L;;;;;N;;;;; +A1A8;YI SYLLABLE HLEX;Lo;0;L;;;;;N;;;;; +A1A9;YI SYLLABLE HLE;Lo;0;L;;;;;N;;;;; +A1AA;YI SYLLABLE HLEP;Lo;0;L;;;;;N;;;;; +A1AB;YI SYLLABLE HLUT;Lo;0;L;;;;;N;;;;; +A1AC;YI SYLLABLE HLUX;Lo;0;L;;;;;N;;;;; +A1AD;YI SYLLABLE HLU;Lo;0;L;;;;;N;;;;; +A1AE;YI SYLLABLE HLUP;Lo;0;L;;;;;N;;;;; +A1AF;YI SYLLABLE HLURX;Lo;0;L;;;;;N;;;;; +A1B0;YI SYLLABLE HLUR;Lo;0;L;;;;;N;;;;; +A1B1;YI SYLLABLE HLYT;Lo;0;L;;;;;N;;;;; +A1B2;YI SYLLABLE HLYX;Lo;0;L;;;;;N;;;;; +A1B3;YI SYLLABLE HLY;Lo;0;L;;;;;N;;;;; +A1B4;YI SYLLABLE HLYP;Lo;0;L;;;;;N;;;;; +A1B5;YI SYLLABLE HLYRX;Lo;0;L;;;;;N;;;;; +A1B6;YI SYLLABLE HLYR;Lo;0;L;;;;;N;;;;; +A1B7;YI SYLLABLE LIT;Lo;0;L;;;;;N;;;;; +A1B8;YI SYLLABLE LIX;Lo;0;L;;;;;N;;;;; +A1B9;YI SYLLABLE LI;Lo;0;L;;;;;N;;;;; +A1BA;YI SYLLABLE LIP;Lo;0;L;;;;;N;;;;; +A1BB;YI SYLLABLE LIET;Lo;0;L;;;;;N;;;;; +A1BC;YI SYLLABLE LIEX;Lo;0;L;;;;;N;;;;; +A1BD;YI SYLLABLE LIE;Lo;0;L;;;;;N;;;;; +A1BE;YI SYLLABLE LIEP;Lo;0;L;;;;;N;;;;; +A1BF;YI SYLLABLE LAT;Lo;0;L;;;;;N;;;;; +A1C0;YI SYLLABLE LAX;Lo;0;L;;;;;N;;;;; +A1C1;YI SYLLABLE LA;Lo;0;L;;;;;N;;;;; +A1C2;YI SYLLABLE LAP;Lo;0;L;;;;;N;;;;; +A1C3;YI SYLLABLE LUOT;Lo;0;L;;;;;N;;;;; +A1C4;YI SYLLABLE LUOX;Lo;0;L;;;;;N;;;;; +A1C5;YI SYLLABLE LUO;Lo;0;L;;;;;N;;;;; +A1C6;YI SYLLABLE LUOP;Lo;0;L;;;;;N;;;;; +A1C7;YI SYLLABLE LOT;Lo;0;L;;;;;N;;;;; +A1C8;YI SYLLABLE LOX;Lo;0;L;;;;;N;;;;; +A1C9;YI SYLLABLE LO;Lo;0;L;;;;;N;;;;; +A1CA;YI SYLLABLE LOP;Lo;0;L;;;;;N;;;;; +A1CB;YI SYLLABLE LEX;Lo;0;L;;;;;N;;;;; +A1CC;YI SYLLABLE LE;Lo;0;L;;;;;N;;;;; +A1CD;YI SYLLABLE LEP;Lo;0;L;;;;;N;;;;; +A1CE;YI SYLLABLE LUT;Lo;0;L;;;;;N;;;;; +A1CF;YI SYLLABLE LUX;Lo;0;L;;;;;N;;;;; +A1D0;YI SYLLABLE LU;Lo;0;L;;;;;N;;;;; +A1D1;YI SYLLABLE LUP;Lo;0;L;;;;;N;;;;; +A1D2;YI SYLLABLE LURX;Lo;0;L;;;;;N;;;;; +A1D3;YI SYLLABLE LUR;Lo;0;L;;;;;N;;;;; +A1D4;YI SYLLABLE LYT;Lo;0;L;;;;;N;;;;; +A1D5;YI SYLLABLE LYX;Lo;0;L;;;;;N;;;;; +A1D6;YI SYLLABLE LY;Lo;0;L;;;;;N;;;;; +A1D7;YI SYLLABLE LYP;Lo;0;L;;;;;N;;;;; +A1D8;YI SYLLABLE LYRX;Lo;0;L;;;;;N;;;;; +A1D9;YI SYLLABLE LYR;Lo;0;L;;;;;N;;;;; +A1DA;YI SYLLABLE GIT;Lo;0;L;;;;;N;;;;; +A1DB;YI SYLLABLE GIX;Lo;0;L;;;;;N;;;;; +A1DC;YI SYLLABLE GI;Lo;0;L;;;;;N;;;;; +A1DD;YI SYLLABLE GIP;Lo;0;L;;;;;N;;;;; +A1DE;YI SYLLABLE GIET;Lo;0;L;;;;;N;;;;; +A1DF;YI SYLLABLE GIEX;Lo;0;L;;;;;N;;;;; +A1E0;YI SYLLABLE GIE;Lo;0;L;;;;;N;;;;; +A1E1;YI SYLLABLE GIEP;Lo;0;L;;;;;N;;;;; +A1E2;YI SYLLABLE GAT;Lo;0;L;;;;;N;;;;; +A1E3;YI SYLLABLE GAX;Lo;0;L;;;;;N;;;;; +A1E4;YI SYLLABLE GA;Lo;0;L;;;;;N;;;;; +A1E5;YI SYLLABLE GAP;Lo;0;L;;;;;N;;;;; +A1E6;YI SYLLABLE GUOT;Lo;0;L;;;;;N;;;;; +A1E7;YI SYLLABLE GUOX;Lo;0;L;;;;;N;;;;; +A1E8;YI SYLLABLE GUO;Lo;0;L;;;;;N;;;;; +A1E9;YI SYLLABLE GUOP;Lo;0;L;;;;;N;;;;; +A1EA;YI SYLLABLE GOT;Lo;0;L;;;;;N;;;;; +A1EB;YI SYLLABLE GOX;Lo;0;L;;;;;N;;;;; +A1EC;YI SYLLABLE GO;Lo;0;L;;;;;N;;;;; +A1ED;YI SYLLABLE GOP;Lo;0;L;;;;;N;;;;; +A1EE;YI SYLLABLE GET;Lo;0;L;;;;;N;;;;; +A1EF;YI SYLLABLE GEX;Lo;0;L;;;;;N;;;;; +A1F0;YI SYLLABLE GE;Lo;0;L;;;;;N;;;;; +A1F1;YI SYLLABLE GEP;Lo;0;L;;;;;N;;;;; +A1F2;YI SYLLABLE GUT;Lo;0;L;;;;;N;;;;; +A1F3;YI SYLLABLE GUX;Lo;0;L;;;;;N;;;;; +A1F4;YI SYLLABLE GU;Lo;0;L;;;;;N;;;;; +A1F5;YI SYLLABLE GUP;Lo;0;L;;;;;N;;;;; +A1F6;YI SYLLABLE GURX;Lo;0;L;;;;;N;;;;; +A1F7;YI SYLLABLE GUR;Lo;0;L;;;;;N;;;;; +A1F8;YI SYLLABLE KIT;Lo;0;L;;;;;N;;;;; +A1F9;YI SYLLABLE KIX;Lo;0;L;;;;;N;;;;; +A1FA;YI SYLLABLE KI;Lo;0;L;;;;;N;;;;; +A1FB;YI SYLLABLE KIP;Lo;0;L;;;;;N;;;;; +A1FC;YI SYLLABLE KIEX;Lo;0;L;;;;;N;;;;; +A1FD;YI SYLLABLE KIE;Lo;0;L;;;;;N;;;;; +A1FE;YI SYLLABLE KIEP;Lo;0;L;;;;;N;;;;; +A1FF;YI SYLLABLE KAT;Lo;0;L;;;;;N;;;;; +A200;YI SYLLABLE KAX;Lo;0;L;;;;;N;;;;; +A201;YI SYLLABLE KA;Lo;0;L;;;;;N;;;;; +A202;YI SYLLABLE KAP;Lo;0;L;;;;;N;;;;; +A203;YI SYLLABLE KUOX;Lo;0;L;;;;;N;;;;; +A204;YI SYLLABLE KUO;Lo;0;L;;;;;N;;;;; +A205;YI SYLLABLE KUOP;Lo;0;L;;;;;N;;;;; +A206;YI SYLLABLE KOT;Lo;0;L;;;;;N;;;;; +A207;YI SYLLABLE KOX;Lo;0;L;;;;;N;;;;; +A208;YI SYLLABLE KO;Lo;0;L;;;;;N;;;;; +A209;YI SYLLABLE KOP;Lo;0;L;;;;;N;;;;; +A20A;YI SYLLABLE KET;Lo;0;L;;;;;N;;;;; +A20B;YI SYLLABLE KEX;Lo;0;L;;;;;N;;;;; +A20C;YI SYLLABLE KE;Lo;0;L;;;;;N;;;;; +A20D;YI SYLLABLE KEP;Lo;0;L;;;;;N;;;;; +A20E;YI SYLLABLE KUT;Lo;0;L;;;;;N;;;;; +A20F;YI SYLLABLE KUX;Lo;0;L;;;;;N;;;;; +A210;YI SYLLABLE KU;Lo;0;L;;;;;N;;;;; +A211;YI SYLLABLE KUP;Lo;0;L;;;;;N;;;;; +A212;YI SYLLABLE KURX;Lo;0;L;;;;;N;;;;; +A213;YI SYLLABLE KUR;Lo;0;L;;;;;N;;;;; +A214;YI SYLLABLE GGIT;Lo;0;L;;;;;N;;;;; +A215;YI SYLLABLE GGIX;Lo;0;L;;;;;N;;;;; +A216;YI SYLLABLE GGI;Lo;0;L;;;;;N;;;;; +A217;YI SYLLABLE GGIEX;Lo;0;L;;;;;N;;;;; +A218;YI SYLLABLE GGIE;Lo;0;L;;;;;N;;;;; +A219;YI SYLLABLE GGIEP;Lo;0;L;;;;;N;;;;; +A21A;YI SYLLABLE GGAT;Lo;0;L;;;;;N;;;;; +A21B;YI SYLLABLE GGAX;Lo;0;L;;;;;N;;;;; +A21C;YI SYLLABLE GGA;Lo;0;L;;;;;N;;;;; +A21D;YI SYLLABLE GGAP;Lo;0;L;;;;;N;;;;; +A21E;YI SYLLABLE GGUOT;Lo;0;L;;;;;N;;;;; +A21F;YI SYLLABLE GGUOX;Lo;0;L;;;;;N;;;;; +A220;YI SYLLABLE GGUO;Lo;0;L;;;;;N;;;;; +A221;YI SYLLABLE GGUOP;Lo;0;L;;;;;N;;;;; +A222;YI SYLLABLE GGOT;Lo;0;L;;;;;N;;;;; +A223;YI SYLLABLE GGOX;Lo;0;L;;;;;N;;;;; +A224;YI SYLLABLE GGO;Lo;0;L;;;;;N;;;;; +A225;YI SYLLABLE GGOP;Lo;0;L;;;;;N;;;;; +A226;YI SYLLABLE GGET;Lo;0;L;;;;;N;;;;; +A227;YI SYLLABLE GGEX;Lo;0;L;;;;;N;;;;; +A228;YI SYLLABLE GGE;Lo;0;L;;;;;N;;;;; +A229;YI SYLLABLE GGEP;Lo;0;L;;;;;N;;;;; +A22A;YI SYLLABLE GGUT;Lo;0;L;;;;;N;;;;; +A22B;YI SYLLABLE GGUX;Lo;0;L;;;;;N;;;;; +A22C;YI SYLLABLE GGU;Lo;0;L;;;;;N;;;;; +A22D;YI SYLLABLE GGUP;Lo;0;L;;;;;N;;;;; +A22E;YI SYLLABLE GGURX;Lo;0;L;;;;;N;;;;; +A22F;YI SYLLABLE GGUR;Lo;0;L;;;;;N;;;;; +A230;YI SYLLABLE MGIEX;Lo;0;L;;;;;N;;;;; +A231;YI SYLLABLE MGIE;Lo;0;L;;;;;N;;;;; +A232;YI SYLLABLE MGAT;Lo;0;L;;;;;N;;;;; +A233;YI SYLLABLE MGAX;Lo;0;L;;;;;N;;;;; +A234;YI SYLLABLE MGA;Lo;0;L;;;;;N;;;;; +A235;YI SYLLABLE MGAP;Lo;0;L;;;;;N;;;;; +A236;YI SYLLABLE MGUOX;Lo;0;L;;;;;N;;;;; +A237;YI SYLLABLE MGUO;Lo;0;L;;;;;N;;;;; +A238;YI SYLLABLE MGUOP;Lo;0;L;;;;;N;;;;; +A239;YI SYLLABLE MGOT;Lo;0;L;;;;;N;;;;; +A23A;YI SYLLABLE MGOX;Lo;0;L;;;;;N;;;;; +A23B;YI SYLLABLE MGO;Lo;0;L;;;;;N;;;;; +A23C;YI SYLLABLE MGOP;Lo;0;L;;;;;N;;;;; +A23D;YI SYLLABLE MGEX;Lo;0;L;;;;;N;;;;; +A23E;YI SYLLABLE MGE;Lo;0;L;;;;;N;;;;; +A23F;YI SYLLABLE MGEP;Lo;0;L;;;;;N;;;;; +A240;YI SYLLABLE MGUT;Lo;0;L;;;;;N;;;;; +A241;YI SYLLABLE MGUX;Lo;0;L;;;;;N;;;;; +A242;YI SYLLABLE MGU;Lo;0;L;;;;;N;;;;; +A243;YI SYLLABLE MGUP;Lo;0;L;;;;;N;;;;; +A244;YI SYLLABLE MGURX;Lo;0;L;;;;;N;;;;; +A245;YI SYLLABLE MGUR;Lo;0;L;;;;;N;;;;; +A246;YI SYLLABLE HXIT;Lo;0;L;;;;;N;;;;; +A247;YI SYLLABLE HXIX;Lo;0;L;;;;;N;;;;; +A248;YI SYLLABLE HXI;Lo;0;L;;;;;N;;;;; +A249;YI SYLLABLE HXIP;Lo;0;L;;;;;N;;;;; +A24A;YI SYLLABLE HXIET;Lo;0;L;;;;;N;;;;; +A24B;YI SYLLABLE HXIEX;Lo;0;L;;;;;N;;;;; +A24C;YI SYLLABLE HXIE;Lo;0;L;;;;;N;;;;; +A24D;YI SYLLABLE HXIEP;Lo;0;L;;;;;N;;;;; +A24E;YI SYLLABLE HXAT;Lo;0;L;;;;;N;;;;; +A24F;YI SYLLABLE HXAX;Lo;0;L;;;;;N;;;;; +A250;YI SYLLABLE HXA;Lo;0;L;;;;;N;;;;; +A251;YI SYLLABLE HXAP;Lo;0;L;;;;;N;;;;; +A252;YI SYLLABLE HXUOT;Lo;0;L;;;;;N;;;;; +A253;YI SYLLABLE HXUOX;Lo;0;L;;;;;N;;;;; +A254;YI SYLLABLE HXUO;Lo;0;L;;;;;N;;;;; +A255;YI SYLLABLE HXUOP;Lo;0;L;;;;;N;;;;; +A256;YI SYLLABLE HXOT;Lo;0;L;;;;;N;;;;; +A257;YI SYLLABLE HXOX;Lo;0;L;;;;;N;;;;; +A258;YI SYLLABLE HXO;Lo;0;L;;;;;N;;;;; +A259;YI SYLLABLE HXOP;Lo;0;L;;;;;N;;;;; +A25A;YI SYLLABLE HXEX;Lo;0;L;;;;;N;;;;; +A25B;YI SYLLABLE HXE;Lo;0;L;;;;;N;;;;; +A25C;YI SYLLABLE HXEP;Lo;0;L;;;;;N;;;;; +A25D;YI SYLLABLE NGIEX;Lo;0;L;;;;;N;;;;; +A25E;YI SYLLABLE NGIE;Lo;0;L;;;;;N;;;;; +A25F;YI SYLLABLE NGIEP;Lo;0;L;;;;;N;;;;; +A260;YI SYLLABLE NGAT;Lo;0;L;;;;;N;;;;; +A261;YI SYLLABLE NGAX;Lo;0;L;;;;;N;;;;; +A262;YI SYLLABLE NGA;Lo;0;L;;;;;N;;;;; +A263;YI SYLLABLE NGAP;Lo;0;L;;;;;N;;;;; +A264;YI SYLLABLE NGUOT;Lo;0;L;;;;;N;;;;; +A265;YI SYLLABLE NGUOX;Lo;0;L;;;;;N;;;;; +A266;YI SYLLABLE NGUO;Lo;0;L;;;;;N;;;;; +A267;YI SYLLABLE NGOT;Lo;0;L;;;;;N;;;;; +A268;YI SYLLABLE NGOX;Lo;0;L;;;;;N;;;;; +A269;YI SYLLABLE NGO;Lo;0;L;;;;;N;;;;; +A26A;YI SYLLABLE NGOP;Lo;0;L;;;;;N;;;;; +A26B;YI SYLLABLE NGEX;Lo;0;L;;;;;N;;;;; +A26C;YI SYLLABLE NGE;Lo;0;L;;;;;N;;;;; +A26D;YI SYLLABLE NGEP;Lo;0;L;;;;;N;;;;; +A26E;YI SYLLABLE HIT;Lo;0;L;;;;;N;;;;; +A26F;YI SYLLABLE HIEX;Lo;0;L;;;;;N;;;;; +A270;YI SYLLABLE HIE;Lo;0;L;;;;;N;;;;; +A271;YI SYLLABLE HAT;Lo;0;L;;;;;N;;;;; +A272;YI SYLLABLE HAX;Lo;0;L;;;;;N;;;;; +A273;YI SYLLABLE HA;Lo;0;L;;;;;N;;;;; +A274;YI SYLLABLE HAP;Lo;0;L;;;;;N;;;;; +A275;YI SYLLABLE HUOT;Lo;0;L;;;;;N;;;;; +A276;YI SYLLABLE HUOX;Lo;0;L;;;;;N;;;;; +A277;YI SYLLABLE HUO;Lo;0;L;;;;;N;;;;; +A278;YI SYLLABLE HUOP;Lo;0;L;;;;;N;;;;; +A279;YI SYLLABLE HOT;Lo;0;L;;;;;N;;;;; +A27A;YI SYLLABLE HOX;Lo;0;L;;;;;N;;;;; +A27B;YI SYLLABLE HO;Lo;0;L;;;;;N;;;;; +A27C;YI SYLLABLE HOP;Lo;0;L;;;;;N;;;;; +A27D;YI SYLLABLE HEX;Lo;0;L;;;;;N;;;;; +A27E;YI SYLLABLE HE;Lo;0;L;;;;;N;;;;; +A27F;YI SYLLABLE HEP;Lo;0;L;;;;;N;;;;; +A280;YI SYLLABLE WAT;Lo;0;L;;;;;N;;;;; +A281;YI SYLLABLE WAX;Lo;0;L;;;;;N;;;;; +A282;YI SYLLABLE WA;Lo;0;L;;;;;N;;;;; +A283;YI SYLLABLE WAP;Lo;0;L;;;;;N;;;;; +A284;YI SYLLABLE WUOX;Lo;0;L;;;;;N;;;;; +A285;YI SYLLABLE WUO;Lo;0;L;;;;;N;;;;; +A286;YI SYLLABLE WUOP;Lo;0;L;;;;;N;;;;; +A287;YI SYLLABLE WOX;Lo;0;L;;;;;N;;;;; +A288;YI SYLLABLE WO;Lo;0;L;;;;;N;;;;; +A289;YI SYLLABLE WOP;Lo;0;L;;;;;N;;;;; +A28A;YI SYLLABLE WEX;Lo;0;L;;;;;N;;;;; +A28B;YI SYLLABLE WE;Lo;0;L;;;;;N;;;;; +A28C;YI SYLLABLE WEP;Lo;0;L;;;;;N;;;;; +A28D;YI SYLLABLE ZIT;Lo;0;L;;;;;N;;;;; +A28E;YI SYLLABLE ZIX;Lo;0;L;;;;;N;;;;; +A28F;YI SYLLABLE ZI;Lo;0;L;;;;;N;;;;; +A290;YI SYLLABLE ZIP;Lo;0;L;;;;;N;;;;; +A291;YI SYLLABLE ZIEX;Lo;0;L;;;;;N;;;;; +A292;YI SYLLABLE ZIE;Lo;0;L;;;;;N;;;;; +A293;YI SYLLABLE ZIEP;Lo;0;L;;;;;N;;;;; +A294;YI SYLLABLE ZAT;Lo;0;L;;;;;N;;;;; +A295;YI SYLLABLE ZAX;Lo;0;L;;;;;N;;;;; +A296;YI SYLLABLE ZA;Lo;0;L;;;;;N;;;;; +A297;YI SYLLABLE ZAP;Lo;0;L;;;;;N;;;;; +A298;YI SYLLABLE ZUOX;Lo;0;L;;;;;N;;;;; +A299;YI SYLLABLE ZUO;Lo;0;L;;;;;N;;;;; +A29A;YI SYLLABLE ZUOP;Lo;0;L;;;;;N;;;;; +A29B;YI SYLLABLE ZOT;Lo;0;L;;;;;N;;;;; +A29C;YI SYLLABLE ZOX;Lo;0;L;;;;;N;;;;; +A29D;YI SYLLABLE ZO;Lo;0;L;;;;;N;;;;; +A29E;YI SYLLABLE ZOP;Lo;0;L;;;;;N;;;;; +A29F;YI SYLLABLE ZEX;Lo;0;L;;;;;N;;;;; +A2A0;YI SYLLABLE ZE;Lo;0;L;;;;;N;;;;; +A2A1;YI SYLLABLE ZEP;Lo;0;L;;;;;N;;;;; +A2A2;YI SYLLABLE ZUT;Lo;0;L;;;;;N;;;;; +A2A3;YI SYLLABLE ZUX;Lo;0;L;;;;;N;;;;; +A2A4;YI SYLLABLE ZU;Lo;0;L;;;;;N;;;;; +A2A5;YI SYLLABLE ZUP;Lo;0;L;;;;;N;;;;; +A2A6;YI SYLLABLE ZURX;Lo;0;L;;;;;N;;;;; +A2A7;YI SYLLABLE ZUR;Lo;0;L;;;;;N;;;;; +A2A8;YI SYLLABLE ZYT;Lo;0;L;;;;;N;;;;; +A2A9;YI SYLLABLE ZYX;Lo;0;L;;;;;N;;;;; +A2AA;YI SYLLABLE ZY;Lo;0;L;;;;;N;;;;; +A2AB;YI SYLLABLE ZYP;Lo;0;L;;;;;N;;;;; +A2AC;YI SYLLABLE ZYRX;Lo;0;L;;;;;N;;;;; +A2AD;YI SYLLABLE ZYR;Lo;0;L;;;;;N;;;;; +A2AE;YI SYLLABLE CIT;Lo;0;L;;;;;N;;;;; +A2AF;YI SYLLABLE CIX;Lo;0;L;;;;;N;;;;; +A2B0;YI SYLLABLE CI;Lo;0;L;;;;;N;;;;; +A2B1;YI SYLLABLE CIP;Lo;0;L;;;;;N;;;;; +A2B2;YI SYLLABLE CIET;Lo;0;L;;;;;N;;;;; +A2B3;YI SYLLABLE CIEX;Lo;0;L;;;;;N;;;;; +A2B4;YI SYLLABLE CIE;Lo;0;L;;;;;N;;;;; +A2B5;YI SYLLABLE CIEP;Lo;0;L;;;;;N;;;;; +A2B6;YI SYLLABLE CAT;Lo;0;L;;;;;N;;;;; +A2B7;YI SYLLABLE CAX;Lo;0;L;;;;;N;;;;; +A2B8;YI SYLLABLE CA;Lo;0;L;;;;;N;;;;; +A2B9;YI SYLLABLE CAP;Lo;0;L;;;;;N;;;;; +A2BA;YI SYLLABLE CUOX;Lo;0;L;;;;;N;;;;; +A2BB;YI SYLLABLE CUO;Lo;0;L;;;;;N;;;;; +A2BC;YI SYLLABLE CUOP;Lo;0;L;;;;;N;;;;; +A2BD;YI SYLLABLE COT;Lo;0;L;;;;;N;;;;; +A2BE;YI SYLLABLE COX;Lo;0;L;;;;;N;;;;; +A2BF;YI SYLLABLE CO;Lo;0;L;;;;;N;;;;; +A2C0;YI SYLLABLE COP;Lo;0;L;;;;;N;;;;; +A2C1;YI SYLLABLE CEX;Lo;0;L;;;;;N;;;;; +A2C2;YI SYLLABLE CE;Lo;0;L;;;;;N;;;;; +A2C3;YI SYLLABLE CEP;Lo;0;L;;;;;N;;;;; +A2C4;YI SYLLABLE CUT;Lo;0;L;;;;;N;;;;; +A2C5;YI SYLLABLE CUX;Lo;0;L;;;;;N;;;;; +A2C6;YI SYLLABLE CU;Lo;0;L;;;;;N;;;;; +A2C7;YI SYLLABLE CUP;Lo;0;L;;;;;N;;;;; +A2C8;YI SYLLABLE CURX;Lo;0;L;;;;;N;;;;; +A2C9;YI SYLLABLE CUR;Lo;0;L;;;;;N;;;;; +A2CA;YI SYLLABLE CYT;Lo;0;L;;;;;N;;;;; +A2CB;YI SYLLABLE CYX;Lo;0;L;;;;;N;;;;; +A2CC;YI SYLLABLE CY;Lo;0;L;;;;;N;;;;; +A2CD;YI SYLLABLE CYP;Lo;0;L;;;;;N;;;;; +A2CE;YI SYLLABLE CYRX;Lo;0;L;;;;;N;;;;; +A2CF;YI SYLLABLE CYR;Lo;0;L;;;;;N;;;;; +A2D0;YI SYLLABLE ZZIT;Lo;0;L;;;;;N;;;;; +A2D1;YI SYLLABLE ZZIX;Lo;0;L;;;;;N;;;;; +A2D2;YI SYLLABLE ZZI;Lo;0;L;;;;;N;;;;; +A2D3;YI SYLLABLE ZZIP;Lo;0;L;;;;;N;;;;; +A2D4;YI SYLLABLE ZZIET;Lo;0;L;;;;;N;;;;; +A2D5;YI SYLLABLE ZZIEX;Lo;0;L;;;;;N;;;;; +A2D6;YI SYLLABLE ZZIE;Lo;0;L;;;;;N;;;;; +A2D7;YI SYLLABLE ZZIEP;Lo;0;L;;;;;N;;;;; +A2D8;YI SYLLABLE ZZAT;Lo;0;L;;;;;N;;;;; +A2D9;YI SYLLABLE ZZAX;Lo;0;L;;;;;N;;;;; +A2DA;YI SYLLABLE ZZA;Lo;0;L;;;;;N;;;;; +A2DB;YI SYLLABLE ZZAP;Lo;0;L;;;;;N;;;;; +A2DC;YI SYLLABLE ZZOX;Lo;0;L;;;;;N;;;;; +A2DD;YI SYLLABLE ZZO;Lo;0;L;;;;;N;;;;; +A2DE;YI SYLLABLE ZZOP;Lo;0;L;;;;;N;;;;; +A2DF;YI SYLLABLE ZZEX;Lo;0;L;;;;;N;;;;; +A2E0;YI SYLLABLE ZZE;Lo;0;L;;;;;N;;;;; +A2E1;YI SYLLABLE ZZEP;Lo;0;L;;;;;N;;;;; +A2E2;YI SYLLABLE ZZUX;Lo;0;L;;;;;N;;;;; +A2E3;YI SYLLABLE ZZU;Lo;0;L;;;;;N;;;;; +A2E4;YI SYLLABLE ZZUP;Lo;0;L;;;;;N;;;;; +A2E5;YI SYLLABLE ZZURX;Lo;0;L;;;;;N;;;;; +A2E6;YI SYLLABLE ZZUR;Lo;0;L;;;;;N;;;;; +A2E7;YI SYLLABLE ZZYT;Lo;0;L;;;;;N;;;;; +A2E8;YI SYLLABLE ZZYX;Lo;0;L;;;;;N;;;;; +A2E9;YI SYLLABLE ZZY;Lo;0;L;;;;;N;;;;; +A2EA;YI SYLLABLE ZZYP;Lo;0;L;;;;;N;;;;; +A2EB;YI SYLLABLE ZZYRX;Lo;0;L;;;;;N;;;;; +A2EC;YI SYLLABLE ZZYR;Lo;0;L;;;;;N;;;;; +A2ED;YI SYLLABLE NZIT;Lo;0;L;;;;;N;;;;; +A2EE;YI SYLLABLE NZIX;Lo;0;L;;;;;N;;;;; +A2EF;YI SYLLABLE NZI;Lo;0;L;;;;;N;;;;; +A2F0;YI SYLLABLE NZIP;Lo;0;L;;;;;N;;;;; +A2F1;YI SYLLABLE NZIEX;Lo;0;L;;;;;N;;;;; +A2F2;YI SYLLABLE NZIE;Lo;0;L;;;;;N;;;;; +A2F3;YI SYLLABLE NZIEP;Lo;0;L;;;;;N;;;;; +A2F4;YI SYLLABLE NZAT;Lo;0;L;;;;;N;;;;; +A2F5;YI SYLLABLE NZAX;Lo;0;L;;;;;N;;;;; +A2F6;YI SYLLABLE NZA;Lo;0;L;;;;;N;;;;; +A2F7;YI SYLLABLE NZAP;Lo;0;L;;;;;N;;;;; +A2F8;YI SYLLABLE NZUOX;Lo;0;L;;;;;N;;;;; +A2F9;YI SYLLABLE NZUO;Lo;0;L;;;;;N;;;;; +A2FA;YI SYLLABLE NZOX;Lo;0;L;;;;;N;;;;; +A2FB;YI SYLLABLE NZOP;Lo;0;L;;;;;N;;;;; +A2FC;YI SYLLABLE NZEX;Lo;0;L;;;;;N;;;;; +A2FD;YI SYLLABLE NZE;Lo;0;L;;;;;N;;;;; +A2FE;YI SYLLABLE NZUX;Lo;0;L;;;;;N;;;;; +A2FF;YI SYLLABLE NZU;Lo;0;L;;;;;N;;;;; +A300;YI SYLLABLE NZUP;Lo;0;L;;;;;N;;;;; +A301;YI SYLLABLE NZURX;Lo;0;L;;;;;N;;;;; +A302;YI SYLLABLE NZUR;Lo;0;L;;;;;N;;;;; +A303;YI SYLLABLE NZYT;Lo;0;L;;;;;N;;;;; +A304;YI SYLLABLE NZYX;Lo;0;L;;;;;N;;;;; +A305;YI SYLLABLE NZY;Lo;0;L;;;;;N;;;;; +A306;YI SYLLABLE NZYP;Lo;0;L;;;;;N;;;;; +A307;YI SYLLABLE NZYRX;Lo;0;L;;;;;N;;;;; +A308;YI SYLLABLE NZYR;Lo;0;L;;;;;N;;;;; +A309;YI SYLLABLE SIT;Lo;0;L;;;;;N;;;;; +A30A;YI SYLLABLE SIX;Lo;0;L;;;;;N;;;;; +A30B;YI SYLLABLE SI;Lo;0;L;;;;;N;;;;; +A30C;YI SYLLABLE SIP;Lo;0;L;;;;;N;;;;; +A30D;YI SYLLABLE SIEX;Lo;0;L;;;;;N;;;;; +A30E;YI SYLLABLE SIE;Lo;0;L;;;;;N;;;;; +A30F;YI SYLLABLE SIEP;Lo;0;L;;;;;N;;;;; +A310;YI SYLLABLE SAT;Lo;0;L;;;;;N;;;;; +A311;YI SYLLABLE SAX;Lo;0;L;;;;;N;;;;; +A312;YI SYLLABLE SA;Lo;0;L;;;;;N;;;;; +A313;YI SYLLABLE SAP;Lo;0;L;;;;;N;;;;; +A314;YI SYLLABLE SUOX;Lo;0;L;;;;;N;;;;; +A315;YI SYLLABLE SUO;Lo;0;L;;;;;N;;;;; +A316;YI SYLLABLE SUOP;Lo;0;L;;;;;N;;;;; +A317;YI SYLLABLE SOT;Lo;0;L;;;;;N;;;;; +A318;YI SYLLABLE SOX;Lo;0;L;;;;;N;;;;; +A319;YI SYLLABLE SO;Lo;0;L;;;;;N;;;;; +A31A;YI SYLLABLE SOP;Lo;0;L;;;;;N;;;;; +A31B;YI SYLLABLE SEX;Lo;0;L;;;;;N;;;;; +A31C;YI SYLLABLE SE;Lo;0;L;;;;;N;;;;; +A31D;YI SYLLABLE SEP;Lo;0;L;;;;;N;;;;; +A31E;YI SYLLABLE SUT;Lo;0;L;;;;;N;;;;; +A31F;YI SYLLABLE SUX;Lo;0;L;;;;;N;;;;; +A320;YI SYLLABLE SU;Lo;0;L;;;;;N;;;;; +A321;YI SYLLABLE SUP;Lo;0;L;;;;;N;;;;; +A322;YI SYLLABLE SURX;Lo;0;L;;;;;N;;;;; +A323;YI SYLLABLE SUR;Lo;0;L;;;;;N;;;;; +A324;YI SYLLABLE SYT;Lo;0;L;;;;;N;;;;; +A325;YI SYLLABLE SYX;Lo;0;L;;;;;N;;;;; +A326;YI SYLLABLE SY;Lo;0;L;;;;;N;;;;; +A327;YI SYLLABLE SYP;Lo;0;L;;;;;N;;;;; +A328;YI SYLLABLE SYRX;Lo;0;L;;;;;N;;;;; +A329;YI SYLLABLE SYR;Lo;0;L;;;;;N;;;;; +A32A;YI SYLLABLE SSIT;Lo;0;L;;;;;N;;;;; +A32B;YI SYLLABLE SSIX;Lo;0;L;;;;;N;;;;; +A32C;YI SYLLABLE SSI;Lo;0;L;;;;;N;;;;; +A32D;YI SYLLABLE SSIP;Lo;0;L;;;;;N;;;;; +A32E;YI SYLLABLE SSIEX;Lo;0;L;;;;;N;;;;; +A32F;YI SYLLABLE SSIE;Lo;0;L;;;;;N;;;;; +A330;YI SYLLABLE SSIEP;Lo;0;L;;;;;N;;;;; +A331;YI SYLLABLE SSAT;Lo;0;L;;;;;N;;;;; +A332;YI SYLLABLE SSAX;Lo;0;L;;;;;N;;;;; +A333;YI SYLLABLE SSA;Lo;0;L;;;;;N;;;;; +A334;YI SYLLABLE SSAP;Lo;0;L;;;;;N;;;;; +A335;YI SYLLABLE SSOT;Lo;0;L;;;;;N;;;;; +A336;YI SYLLABLE SSOX;Lo;0;L;;;;;N;;;;; +A337;YI SYLLABLE SSO;Lo;0;L;;;;;N;;;;; +A338;YI SYLLABLE SSOP;Lo;0;L;;;;;N;;;;; +A339;YI SYLLABLE SSEX;Lo;0;L;;;;;N;;;;; +A33A;YI SYLLABLE SSE;Lo;0;L;;;;;N;;;;; +A33B;YI SYLLABLE SSEP;Lo;0;L;;;;;N;;;;; +A33C;YI SYLLABLE SSUT;Lo;0;L;;;;;N;;;;; +A33D;YI SYLLABLE SSUX;Lo;0;L;;;;;N;;;;; +A33E;YI SYLLABLE SSU;Lo;0;L;;;;;N;;;;; +A33F;YI SYLLABLE SSUP;Lo;0;L;;;;;N;;;;; +A340;YI SYLLABLE SSYT;Lo;0;L;;;;;N;;;;; +A341;YI SYLLABLE SSYX;Lo;0;L;;;;;N;;;;; +A342;YI SYLLABLE SSY;Lo;0;L;;;;;N;;;;; +A343;YI SYLLABLE SSYP;Lo;0;L;;;;;N;;;;; +A344;YI SYLLABLE SSYRX;Lo;0;L;;;;;N;;;;; +A345;YI SYLLABLE SSYR;Lo;0;L;;;;;N;;;;; +A346;YI SYLLABLE ZHAT;Lo;0;L;;;;;N;;;;; +A347;YI SYLLABLE ZHAX;Lo;0;L;;;;;N;;;;; +A348;YI SYLLABLE ZHA;Lo;0;L;;;;;N;;;;; +A349;YI SYLLABLE ZHAP;Lo;0;L;;;;;N;;;;; +A34A;YI SYLLABLE ZHUOX;Lo;0;L;;;;;N;;;;; +A34B;YI SYLLABLE ZHUO;Lo;0;L;;;;;N;;;;; +A34C;YI SYLLABLE ZHUOP;Lo;0;L;;;;;N;;;;; +A34D;YI SYLLABLE ZHOT;Lo;0;L;;;;;N;;;;; +A34E;YI SYLLABLE ZHOX;Lo;0;L;;;;;N;;;;; +A34F;YI SYLLABLE ZHO;Lo;0;L;;;;;N;;;;; +A350;YI SYLLABLE ZHOP;Lo;0;L;;;;;N;;;;; +A351;YI SYLLABLE ZHET;Lo;0;L;;;;;N;;;;; +A352;YI SYLLABLE ZHEX;Lo;0;L;;;;;N;;;;; +A353;YI SYLLABLE ZHE;Lo;0;L;;;;;N;;;;; +A354;YI SYLLABLE ZHEP;Lo;0;L;;;;;N;;;;; +A355;YI SYLLABLE ZHUT;Lo;0;L;;;;;N;;;;; +A356;YI SYLLABLE ZHUX;Lo;0;L;;;;;N;;;;; +A357;YI SYLLABLE ZHU;Lo;0;L;;;;;N;;;;; +A358;YI SYLLABLE ZHUP;Lo;0;L;;;;;N;;;;; +A359;YI SYLLABLE ZHURX;Lo;0;L;;;;;N;;;;; +A35A;YI SYLLABLE ZHUR;Lo;0;L;;;;;N;;;;; +A35B;YI SYLLABLE ZHYT;Lo;0;L;;;;;N;;;;; +A35C;YI SYLLABLE ZHYX;Lo;0;L;;;;;N;;;;; +A35D;YI SYLLABLE ZHY;Lo;0;L;;;;;N;;;;; +A35E;YI SYLLABLE ZHYP;Lo;0;L;;;;;N;;;;; +A35F;YI SYLLABLE ZHYRX;Lo;0;L;;;;;N;;;;; +A360;YI SYLLABLE ZHYR;Lo;0;L;;;;;N;;;;; +A361;YI SYLLABLE CHAT;Lo;0;L;;;;;N;;;;; +A362;YI SYLLABLE CHAX;Lo;0;L;;;;;N;;;;; +A363;YI SYLLABLE CHA;Lo;0;L;;;;;N;;;;; +A364;YI SYLLABLE CHAP;Lo;0;L;;;;;N;;;;; +A365;YI SYLLABLE CHUOT;Lo;0;L;;;;;N;;;;; +A366;YI SYLLABLE CHUOX;Lo;0;L;;;;;N;;;;; +A367;YI SYLLABLE CHUO;Lo;0;L;;;;;N;;;;; +A368;YI SYLLABLE CHUOP;Lo;0;L;;;;;N;;;;; +A369;YI SYLLABLE CHOT;Lo;0;L;;;;;N;;;;; +A36A;YI SYLLABLE CHOX;Lo;0;L;;;;;N;;;;; +A36B;YI SYLLABLE CHO;Lo;0;L;;;;;N;;;;; +A36C;YI SYLLABLE CHOP;Lo;0;L;;;;;N;;;;; +A36D;YI SYLLABLE CHET;Lo;0;L;;;;;N;;;;; +A36E;YI SYLLABLE CHEX;Lo;0;L;;;;;N;;;;; +A36F;YI SYLLABLE CHE;Lo;0;L;;;;;N;;;;; +A370;YI SYLLABLE CHEP;Lo;0;L;;;;;N;;;;; +A371;YI SYLLABLE CHUX;Lo;0;L;;;;;N;;;;; +A372;YI SYLLABLE CHU;Lo;0;L;;;;;N;;;;; +A373;YI SYLLABLE CHUP;Lo;0;L;;;;;N;;;;; +A374;YI SYLLABLE CHURX;Lo;0;L;;;;;N;;;;; +A375;YI SYLLABLE CHUR;Lo;0;L;;;;;N;;;;; +A376;YI SYLLABLE CHYT;Lo;0;L;;;;;N;;;;; +A377;YI SYLLABLE CHYX;Lo;0;L;;;;;N;;;;; +A378;YI SYLLABLE CHY;Lo;0;L;;;;;N;;;;; +A379;YI SYLLABLE CHYP;Lo;0;L;;;;;N;;;;; +A37A;YI SYLLABLE CHYRX;Lo;0;L;;;;;N;;;;; +A37B;YI SYLLABLE CHYR;Lo;0;L;;;;;N;;;;; +A37C;YI SYLLABLE RRAX;Lo;0;L;;;;;N;;;;; +A37D;YI SYLLABLE RRA;Lo;0;L;;;;;N;;;;; +A37E;YI SYLLABLE RRUOX;Lo;0;L;;;;;N;;;;; +A37F;YI SYLLABLE RRUO;Lo;0;L;;;;;N;;;;; +A380;YI SYLLABLE RROT;Lo;0;L;;;;;N;;;;; +A381;YI SYLLABLE RROX;Lo;0;L;;;;;N;;;;; +A382;YI SYLLABLE RRO;Lo;0;L;;;;;N;;;;; +A383;YI SYLLABLE RROP;Lo;0;L;;;;;N;;;;; +A384;YI SYLLABLE RRET;Lo;0;L;;;;;N;;;;; +A385;YI SYLLABLE RREX;Lo;0;L;;;;;N;;;;; +A386;YI SYLLABLE RRE;Lo;0;L;;;;;N;;;;; +A387;YI SYLLABLE RREP;Lo;0;L;;;;;N;;;;; +A388;YI SYLLABLE RRUT;Lo;0;L;;;;;N;;;;; +A389;YI SYLLABLE RRUX;Lo;0;L;;;;;N;;;;; +A38A;YI SYLLABLE RRU;Lo;0;L;;;;;N;;;;; +A38B;YI SYLLABLE RRUP;Lo;0;L;;;;;N;;;;; +A38C;YI SYLLABLE RRURX;Lo;0;L;;;;;N;;;;; +A38D;YI SYLLABLE RRUR;Lo;0;L;;;;;N;;;;; +A38E;YI SYLLABLE RRYT;Lo;0;L;;;;;N;;;;; +A38F;YI SYLLABLE RRYX;Lo;0;L;;;;;N;;;;; +A390;YI SYLLABLE RRY;Lo;0;L;;;;;N;;;;; +A391;YI SYLLABLE RRYP;Lo;0;L;;;;;N;;;;; +A392;YI SYLLABLE RRYRX;Lo;0;L;;;;;N;;;;; +A393;YI SYLLABLE RRYR;Lo;0;L;;;;;N;;;;; +A394;YI SYLLABLE NRAT;Lo;0;L;;;;;N;;;;; +A395;YI SYLLABLE NRAX;Lo;0;L;;;;;N;;;;; +A396;YI SYLLABLE NRA;Lo;0;L;;;;;N;;;;; +A397;YI SYLLABLE NRAP;Lo;0;L;;;;;N;;;;; +A398;YI SYLLABLE NROX;Lo;0;L;;;;;N;;;;; +A399;YI SYLLABLE NRO;Lo;0;L;;;;;N;;;;; +A39A;YI SYLLABLE NROP;Lo;0;L;;;;;N;;;;; +A39B;YI SYLLABLE NRET;Lo;0;L;;;;;N;;;;; +A39C;YI SYLLABLE NREX;Lo;0;L;;;;;N;;;;; +A39D;YI SYLLABLE NRE;Lo;0;L;;;;;N;;;;; +A39E;YI SYLLABLE NREP;Lo;0;L;;;;;N;;;;; +A39F;YI SYLLABLE NRUT;Lo;0;L;;;;;N;;;;; +A3A0;YI SYLLABLE NRUX;Lo;0;L;;;;;N;;;;; +A3A1;YI SYLLABLE NRU;Lo;0;L;;;;;N;;;;; +A3A2;YI SYLLABLE NRUP;Lo;0;L;;;;;N;;;;; +A3A3;YI SYLLABLE NRURX;Lo;0;L;;;;;N;;;;; +A3A4;YI SYLLABLE NRUR;Lo;0;L;;;;;N;;;;; +A3A5;YI SYLLABLE NRYT;Lo;0;L;;;;;N;;;;; +A3A6;YI SYLLABLE NRYX;Lo;0;L;;;;;N;;;;; +A3A7;YI SYLLABLE NRY;Lo;0;L;;;;;N;;;;; +A3A8;YI SYLLABLE NRYP;Lo;0;L;;;;;N;;;;; +A3A9;YI SYLLABLE NRYRX;Lo;0;L;;;;;N;;;;; +A3AA;YI SYLLABLE NRYR;Lo;0;L;;;;;N;;;;; +A3AB;YI SYLLABLE SHAT;Lo;0;L;;;;;N;;;;; +A3AC;YI SYLLABLE SHAX;Lo;0;L;;;;;N;;;;; +A3AD;YI SYLLABLE SHA;Lo;0;L;;;;;N;;;;; +A3AE;YI SYLLABLE SHAP;Lo;0;L;;;;;N;;;;; +A3AF;YI SYLLABLE SHUOX;Lo;0;L;;;;;N;;;;; +A3B0;YI SYLLABLE SHUO;Lo;0;L;;;;;N;;;;; +A3B1;YI SYLLABLE SHUOP;Lo;0;L;;;;;N;;;;; +A3B2;YI SYLLABLE SHOT;Lo;0;L;;;;;N;;;;; +A3B3;YI SYLLABLE SHOX;Lo;0;L;;;;;N;;;;; +A3B4;YI SYLLABLE SHO;Lo;0;L;;;;;N;;;;; +A3B5;YI SYLLABLE SHOP;Lo;0;L;;;;;N;;;;; +A3B6;YI SYLLABLE SHET;Lo;0;L;;;;;N;;;;; +A3B7;YI SYLLABLE SHEX;Lo;0;L;;;;;N;;;;; +A3B8;YI SYLLABLE SHE;Lo;0;L;;;;;N;;;;; +A3B9;YI SYLLABLE SHEP;Lo;0;L;;;;;N;;;;; +A3BA;YI SYLLABLE SHUT;Lo;0;L;;;;;N;;;;; +A3BB;YI SYLLABLE SHUX;Lo;0;L;;;;;N;;;;; +A3BC;YI SYLLABLE SHU;Lo;0;L;;;;;N;;;;; +A3BD;YI SYLLABLE SHUP;Lo;0;L;;;;;N;;;;; +A3BE;YI SYLLABLE SHURX;Lo;0;L;;;;;N;;;;; +A3BF;YI SYLLABLE SHUR;Lo;0;L;;;;;N;;;;; +A3C0;YI SYLLABLE SHYT;Lo;0;L;;;;;N;;;;; +A3C1;YI SYLLABLE SHYX;Lo;0;L;;;;;N;;;;; +A3C2;YI SYLLABLE SHY;Lo;0;L;;;;;N;;;;; +A3C3;YI SYLLABLE SHYP;Lo;0;L;;;;;N;;;;; +A3C4;YI SYLLABLE SHYRX;Lo;0;L;;;;;N;;;;; +A3C5;YI SYLLABLE SHYR;Lo;0;L;;;;;N;;;;; +A3C6;YI SYLLABLE RAT;Lo;0;L;;;;;N;;;;; +A3C7;YI SYLLABLE RAX;Lo;0;L;;;;;N;;;;; +A3C8;YI SYLLABLE RA;Lo;0;L;;;;;N;;;;; +A3C9;YI SYLLABLE RAP;Lo;0;L;;;;;N;;;;; +A3CA;YI SYLLABLE RUOX;Lo;0;L;;;;;N;;;;; +A3CB;YI SYLLABLE RUO;Lo;0;L;;;;;N;;;;; +A3CC;YI SYLLABLE RUOP;Lo;0;L;;;;;N;;;;; +A3CD;YI SYLLABLE ROT;Lo;0;L;;;;;N;;;;; +A3CE;YI SYLLABLE ROX;Lo;0;L;;;;;N;;;;; +A3CF;YI SYLLABLE RO;Lo;0;L;;;;;N;;;;; +A3D0;YI SYLLABLE ROP;Lo;0;L;;;;;N;;;;; +A3D1;YI SYLLABLE REX;Lo;0;L;;;;;N;;;;; +A3D2;YI SYLLABLE RE;Lo;0;L;;;;;N;;;;; +A3D3;YI SYLLABLE REP;Lo;0;L;;;;;N;;;;; +A3D4;YI SYLLABLE RUT;Lo;0;L;;;;;N;;;;; +A3D5;YI SYLLABLE RUX;Lo;0;L;;;;;N;;;;; +A3D6;YI SYLLABLE RU;Lo;0;L;;;;;N;;;;; +A3D7;YI SYLLABLE RUP;Lo;0;L;;;;;N;;;;; +A3D8;YI SYLLABLE RURX;Lo;0;L;;;;;N;;;;; +A3D9;YI SYLLABLE RUR;Lo;0;L;;;;;N;;;;; +A3DA;YI SYLLABLE RYT;Lo;0;L;;;;;N;;;;; +A3DB;YI SYLLABLE RYX;Lo;0;L;;;;;N;;;;; +A3DC;YI SYLLABLE RY;Lo;0;L;;;;;N;;;;; +A3DD;YI SYLLABLE RYP;Lo;0;L;;;;;N;;;;; +A3DE;YI SYLLABLE RYRX;Lo;0;L;;;;;N;;;;; +A3DF;YI SYLLABLE RYR;Lo;0;L;;;;;N;;;;; +A3E0;YI SYLLABLE JIT;Lo;0;L;;;;;N;;;;; +A3E1;YI SYLLABLE JIX;Lo;0;L;;;;;N;;;;; +A3E2;YI SYLLABLE JI;Lo;0;L;;;;;N;;;;; +A3E3;YI SYLLABLE JIP;Lo;0;L;;;;;N;;;;; +A3E4;YI SYLLABLE JIET;Lo;0;L;;;;;N;;;;; +A3E5;YI SYLLABLE JIEX;Lo;0;L;;;;;N;;;;; +A3E6;YI SYLLABLE JIE;Lo;0;L;;;;;N;;;;; +A3E7;YI SYLLABLE JIEP;Lo;0;L;;;;;N;;;;; +A3E8;YI SYLLABLE JUOT;Lo;0;L;;;;;N;;;;; +A3E9;YI SYLLABLE JUOX;Lo;0;L;;;;;N;;;;; +A3EA;YI SYLLABLE JUO;Lo;0;L;;;;;N;;;;; +A3EB;YI SYLLABLE JUOP;Lo;0;L;;;;;N;;;;; +A3EC;YI SYLLABLE JOT;Lo;0;L;;;;;N;;;;; +A3ED;YI SYLLABLE JOX;Lo;0;L;;;;;N;;;;; +A3EE;YI SYLLABLE JO;Lo;0;L;;;;;N;;;;; +A3EF;YI SYLLABLE JOP;Lo;0;L;;;;;N;;;;; +A3F0;YI SYLLABLE JUT;Lo;0;L;;;;;N;;;;; +A3F1;YI SYLLABLE JUX;Lo;0;L;;;;;N;;;;; +A3F2;YI SYLLABLE JU;Lo;0;L;;;;;N;;;;; +A3F3;YI SYLLABLE JUP;Lo;0;L;;;;;N;;;;; +A3F4;YI SYLLABLE JURX;Lo;0;L;;;;;N;;;;; +A3F5;YI SYLLABLE JUR;Lo;0;L;;;;;N;;;;; +A3F6;YI SYLLABLE JYT;Lo;0;L;;;;;N;;;;; +A3F7;YI SYLLABLE JYX;Lo;0;L;;;;;N;;;;; +A3F8;YI SYLLABLE JY;Lo;0;L;;;;;N;;;;; +A3F9;YI SYLLABLE JYP;Lo;0;L;;;;;N;;;;; +A3FA;YI SYLLABLE JYRX;Lo;0;L;;;;;N;;;;; +A3FB;YI SYLLABLE JYR;Lo;0;L;;;;;N;;;;; +A3FC;YI SYLLABLE QIT;Lo;0;L;;;;;N;;;;; +A3FD;YI SYLLABLE QIX;Lo;0;L;;;;;N;;;;; +A3FE;YI SYLLABLE QI;Lo;0;L;;;;;N;;;;; +A3FF;YI SYLLABLE QIP;Lo;0;L;;;;;N;;;;; +A400;YI SYLLABLE QIET;Lo;0;L;;;;;N;;;;; +A401;YI SYLLABLE QIEX;Lo;0;L;;;;;N;;;;; +A402;YI SYLLABLE QIE;Lo;0;L;;;;;N;;;;; +A403;YI SYLLABLE QIEP;Lo;0;L;;;;;N;;;;; +A404;YI SYLLABLE QUOT;Lo;0;L;;;;;N;;;;; +A405;YI SYLLABLE QUOX;Lo;0;L;;;;;N;;;;; +A406;YI SYLLABLE QUO;Lo;0;L;;;;;N;;;;; +A407;YI SYLLABLE QUOP;Lo;0;L;;;;;N;;;;; +A408;YI SYLLABLE QOT;Lo;0;L;;;;;N;;;;; +A409;YI SYLLABLE QOX;Lo;0;L;;;;;N;;;;; +A40A;YI SYLLABLE QO;Lo;0;L;;;;;N;;;;; +A40B;YI SYLLABLE QOP;Lo;0;L;;;;;N;;;;; +A40C;YI SYLLABLE QUT;Lo;0;L;;;;;N;;;;; +A40D;YI SYLLABLE QUX;Lo;0;L;;;;;N;;;;; +A40E;YI SYLLABLE QU;Lo;0;L;;;;;N;;;;; +A40F;YI SYLLABLE QUP;Lo;0;L;;;;;N;;;;; +A410;YI SYLLABLE QURX;Lo;0;L;;;;;N;;;;; +A411;YI SYLLABLE QUR;Lo;0;L;;;;;N;;;;; +A412;YI SYLLABLE QYT;Lo;0;L;;;;;N;;;;; +A413;YI SYLLABLE QYX;Lo;0;L;;;;;N;;;;; +A414;YI SYLLABLE QY;Lo;0;L;;;;;N;;;;; +A415;YI SYLLABLE QYP;Lo;0;L;;;;;N;;;;; +A416;YI SYLLABLE QYRX;Lo;0;L;;;;;N;;;;; +A417;YI SYLLABLE QYR;Lo;0;L;;;;;N;;;;; +A418;YI SYLLABLE JJIT;Lo;0;L;;;;;N;;;;; +A419;YI SYLLABLE JJIX;Lo;0;L;;;;;N;;;;; +A41A;YI SYLLABLE JJI;Lo;0;L;;;;;N;;;;; +A41B;YI SYLLABLE JJIP;Lo;0;L;;;;;N;;;;; +A41C;YI SYLLABLE JJIET;Lo;0;L;;;;;N;;;;; +A41D;YI SYLLABLE JJIEX;Lo;0;L;;;;;N;;;;; +A41E;YI SYLLABLE JJIE;Lo;0;L;;;;;N;;;;; +A41F;YI SYLLABLE JJIEP;Lo;0;L;;;;;N;;;;; +A420;YI SYLLABLE JJUOX;Lo;0;L;;;;;N;;;;; +A421;YI SYLLABLE JJUO;Lo;0;L;;;;;N;;;;; +A422;YI SYLLABLE JJUOP;Lo;0;L;;;;;N;;;;; +A423;YI SYLLABLE JJOT;Lo;0;L;;;;;N;;;;; +A424;YI SYLLABLE JJOX;Lo;0;L;;;;;N;;;;; +A425;YI SYLLABLE JJO;Lo;0;L;;;;;N;;;;; +A426;YI SYLLABLE JJOP;Lo;0;L;;;;;N;;;;; +A427;YI SYLLABLE JJUT;Lo;0;L;;;;;N;;;;; +A428;YI SYLLABLE JJUX;Lo;0;L;;;;;N;;;;; +A429;YI SYLLABLE JJU;Lo;0;L;;;;;N;;;;; +A42A;YI SYLLABLE JJUP;Lo;0;L;;;;;N;;;;; +A42B;YI SYLLABLE JJURX;Lo;0;L;;;;;N;;;;; +A42C;YI SYLLABLE JJUR;Lo;0;L;;;;;N;;;;; +A42D;YI SYLLABLE JJYT;Lo;0;L;;;;;N;;;;; +A42E;YI SYLLABLE JJYX;Lo;0;L;;;;;N;;;;; +A42F;YI SYLLABLE JJY;Lo;0;L;;;;;N;;;;; +A430;YI SYLLABLE JJYP;Lo;0;L;;;;;N;;;;; +A431;YI SYLLABLE NJIT;Lo;0;L;;;;;N;;;;; +A432;YI SYLLABLE NJIX;Lo;0;L;;;;;N;;;;; +A433;YI SYLLABLE NJI;Lo;0;L;;;;;N;;;;; +A434;YI SYLLABLE NJIP;Lo;0;L;;;;;N;;;;; +A435;YI SYLLABLE NJIET;Lo;0;L;;;;;N;;;;; +A436;YI SYLLABLE NJIEX;Lo;0;L;;;;;N;;;;; +A437;YI SYLLABLE NJIE;Lo;0;L;;;;;N;;;;; +A438;YI SYLLABLE NJIEP;Lo;0;L;;;;;N;;;;; +A439;YI SYLLABLE NJUOX;Lo;0;L;;;;;N;;;;; +A43A;YI SYLLABLE NJUO;Lo;0;L;;;;;N;;;;; +A43B;YI SYLLABLE NJOT;Lo;0;L;;;;;N;;;;; +A43C;YI SYLLABLE NJOX;Lo;0;L;;;;;N;;;;; +A43D;YI SYLLABLE NJO;Lo;0;L;;;;;N;;;;; +A43E;YI SYLLABLE NJOP;Lo;0;L;;;;;N;;;;; +A43F;YI SYLLABLE NJUX;Lo;0;L;;;;;N;;;;; +A440;YI SYLLABLE NJU;Lo;0;L;;;;;N;;;;; +A441;YI SYLLABLE NJUP;Lo;0;L;;;;;N;;;;; +A442;YI SYLLABLE NJURX;Lo;0;L;;;;;N;;;;; +A443;YI SYLLABLE NJUR;Lo;0;L;;;;;N;;;;; +A444;YI SYLLABLE NJYT;Lo;0;L;;;;;N;;;;; +A445;YI SYLLABLE NJYX;Lo;0;L;;;;;N;;;;; +A446;YI SYLLABLE NJY;Lo;0;L;;;;;N;;;;; +A447;YI SYLLABLE NJYP;Lo;0;L;;;;;N;;;;; +A448;YI SYLLABLE NJYRX;Lo;0;L;;;;;N;;;;; +A449;YI SYLLABLE NJYR;Lo;0;L;;;;;N;;;;; +A44A;YI SYLLABLE NYIT;Lo;0;L;;;;;N;;;;; +A44B;YI SYLLABLE NYIX;Lo;0;L;;;;;N;;;;; +A44C;YI SYLLABLE NYI;Lo;0;L;;;;;N;;;;; +A44D;YI SYLLABLE NYIP;Lo;0;L;;;;;N;;;;; +A44E;YI SYLLABLE NYIET;Lo;0;L;;;;;N;;;;; +A44F;YI SYLLABLE NYIEX;Lo;0;L;;;;;N;;;;; +A450;YI SYLLABLE NYIE;Lo;0;L;;;;;N;;;;; +A451;YI SYLLABLE NYIEP;Lo;0;L;;;;;N;;;;; +A452;YI SYLLABLE NYUOX;Lo;0;L;;;;;N;;;;; +A453;YI SYLLABLE NYUO;Lo;0;L;;;;;N;;;;; +A454;YI SYLLABLE NYUOP;Lo;0;L;;;;;N;;;;; +A455;YI SYLLABLE NYOT;Lo;0;L;;;;;N;;;;; +A456;YI SYLLABLE NYOX;Lo;0;L;;;;;N;;;;; +A457;YI SYLLABLE NYO;Lo;0;L;;;;;N;;;;; +A458;YI SYLLABLE NYOP;Lo;0;L;;;;;N;;;;; +A459;YI SYLLABLE NYUT;Lo;0;L;;;;;N;;;;; +A45A;YI SYLLABLE NYUX;Lo;0;L;;;;;N;;;;; +A45B;YI SYLLABLE NYU;Lo;0;L;;;;;N;;;;; +A45C;YI SYLLABLE NYUP;Lo;0;L;;;;;N;;;;; +A45D;YI SYLLABLE XIT;Lo;0;L;;;;;N;;;;; +A45E;YI SYLLABLE XIX;Lo;0;L;;;;;N;;;;; +A45F;YI SYLLABLE XI;Lo;0;L;;;;;N;;;;; +A460;YI SYLLABLE XIP;Lo;0;L;;;;;N;;;;; +A461;YI SYLLABLE XIET;Lo;0;L;;;;;N;;;;; +A462;YI SYLLABLE XIEX;Lo;0;L;;;;;N;;;;; +A463;YI SYLLABLE XIE;Lo;0;L;;;;;N;;;;; +A464;YI SYLLABLE XIEP;Lo;0;L;;;;;N;;;;; +A465;YI SYLLABLE XUOX;Lo;0;L;;;;;N;;;;; +A466;YI SYLLABLE XUO;Lo;0;L;;;;;N;;;;; +A467;YI SYLLABLE XOT;Lo;0;L;;;;;N;;;;; +A468;YI SYLLABLE XOX;Lo;0;L;;;;;N;;;;; +A469;YI SYLLABLE XO;Lo;0;L;;;;;N;;;;; +A46A;YI SYLLABLE XOP;Lo;0;L;;;;;N;;;;; +A46B;YI SYLLABLE XYT;Lo;0;L;;;;;N;;;;; +A46C;YI SYLLABLE XYX;Lo;0;L;;;;;N;;;;; +A46D;YI SYLLABLE XY;Lo;0;L;;;;;N;;;;; +A46E;YI SYLLABLE XYP;Lo;0;L;;;;;N;;;;; +A46F;YI SYLLABLE XYRX;Lo;0;L;;;;;N;;;;; +A470;YI SYLLABLE XYR;Lo;0;L;;;;;N;;;;; +A471;YI SYLLABLE YIT;Lo;0;L;;;;;N;;;;; +A472;YI SYLLABLE YIX;Lo;0;L;;;;;N;;;;; +A473;YI SYLLABLE YI;Lo;0;L;;;;;N;;;;; +A474;YI SYLLABLE YIP;Lo;0;L;;;;;N;;;;; +A475;YI SYLLABLE YIET;Lo;0;L;;;;;N;;;;; +A476;YI SYLLABLE YIEX;Lo;0;L;;;;;N;;;;; +A477;YI SYLLABLE YIE;Lo;0;L;;;;;N;;;;; +A478;YI SYLLABLE YIEP;Lo;0;L;;;;;N;;;;; +A479;YI SYLLABLE YUOT;Lo;0;L;;;;;N;;;;; +A47A;YI SYLLABLE YUOX;Lo;0;L;;;;;N;;;;; +A47B;YI SYLLABLE YUO;Lo;0;L;;;;;N;;;;; +A47C;YI SYLLABLE YUOP;Lo;0;L;;;;;N;;;;; +A47D;YI SYLLABLE YOT;Lo;0;L;;;;;N;;;;; +A47E;YI SYLLABLE YOX;Lo;0;L;;;;;N;;;;; +A47F;YI SYLLABLE YO;Lo;0;L;;;;;N;;;;; +A480;YI SYLLABLE YOP;Lo;0;L;;;;;N;;;;; +A481;YI SYLLABLE YUT;Lo;0;L;;;;;N;;;;; +A482;YI SYLLABLE YUX;Lo;0;L;;;;;N;;;;; +A483;YI SYLLABLE YU;Lo;0;L;;;;;N;;;;; +A484;YI SYLLABLE YUP;Lo;0;L;;;;;N;;;;; +A485;YI SYLLABLE YURX;Lo;0;L;;;;;N;;;;; +A486;YI SYLLABLE YUR;Lo;0;L;;;;;N;;;;; +A487;YI SYLLABLE YYT;Lo;0;L;;;;;N;;;;; +A488;YI SYLLABLE YYX;Lo;0;L;;;;;N;;;;; +A489;YI SYLLABLE YY;Lo;0;L;;;;;N;;;;; +A48A;YI SYLLABLE YYP;Lo;0;L;;;;;N;;;;; +A48B;YI SYLLABLE YYRX;Lo;0;L;;;;;N;;;;; +A48C;YI SYLLABLE YYR;Lo;0;L;;;;;N;;;;; +A490;YI RADICAL QOT;So;0;ON;;;;;N;;;;; +A491;YI RADICAL LI;So;0;ON;;;;;N;;;;; +A492;YI RADICAL KIT;So;0;ON;;;;;N;;;;; +A493;YI RADICAL NYIP;So;0;ON;;;;;N;;;;; +A494;YI RADICAL CYP;So;0;ON;;;;;N;;;;; +A495;YI RADICAL SSI;So;0;ON;;;;;N;;;;; +A496;YI RADICAL GGOP;So;0;ON;;;;;N;;;;; +A497;YI RADICAL GEP;So;0;ON;;;;;N;;;;; +A498;YI RADICAL MI;So;0;ON;;;;;N;;;;; +A499;YI RADICAL HXIT;So;0;ON;;;;;N;;;;; +A49A;YI RADICAL LYR;So;0;ON;;;;;N;;;;; +A49B;YI RADICAL BBUT;So;0;ON;;;;;N;;;;; +A49C;YI RADICAL MOP;So;0;ON;;;;;N;;;;; +A49D;YI RADICAL YO;So;0;ON;;;;;N;;;;; +A49E;YI RADICAL PUT;So;0;ON;;;;;N;;;;; +A49F;YI RADICAL HXUO;So;0;ON;;;;;N;;;;; +A4A0;YI RADICAL TAT;So;0;ON;;;;;N;;;;; +A4A1;YI RADICAL GA;So;0;ON;;;;;N;;;;; +A4A2;YI RADICAL ZUP;So;0;ON;;;;;N;;;;; +A4A3;YI RADICAL CYT;So;0;ON;;;;;N;;;;; +A4A4;YI RADICAL DDUR;So;0;ON;;;;;N;;;;; +A4A5;YI RADICAL BUR;So;0;ON;;;;;N;;;;; +A4A6;YI RADICAL GGUO;So;0;ON;;;;;N;;;;; +A4A7;YI RADICAL NYOP;So;0;ON;;;;;N;;;;; +A4A8;YI RADICAL TU;So;0;ON;;;;;N;;;;; +A4A9;YI RADICAL OP;So;0;ON;;;;;N;;;;; +A4AA;YI RADICAL JJUT;So;0;ON;;;;;N;;;;; +A4AB;YI RADICAL ZOT;So;0;ON;;;;;N;;;;; +A4AC;YI RADICAL PYT;So;0;ON;;;;;N;;;;; +A4AD;YI RADICAL HMO;So;0;ON;;;;;N;;;;; +A4AE;YI RADICAL YIT;So;0;ON;;;;;N;;;;; +A4AF;YI RADICAL VUR;So;0;ON;;;;;N;;;;; +A4B0;YI RADICAL SHY;So;0;ON;;;;;N;;;;; +A4B1;YI RADICAL VEP;So;0;ON;;;;;N;;;;; +A4B2;YI RADICAL ZA;So;0;ON;;;;;N;;;;; +A4B3;YI RADICAL JO;So;0;ON;;;;;N;;;;; +A4B4;YI RADICAL NZUP;So;0;ON;;;;;N;;;;; +A4B5;YI RADICAL JJY;So;0;ON;;;;;N;;;;; +A4B6;YI RADICAL GOT;So;0;ON;;;;;N;;;;; +A4B7;YI RADICAL JJIE;So;0;ON;;;;;N;;;;; +A4B8;YI RADICAL WO;So;0;ON;;;;;N;;;;; +A4B9;YI RADICAL DU;So;0;ON;;;;;N;;;;; +A4BA;YI RADICAL SHUR;So;0;ON;;;;;N;;;;; +A4BB;YI RADICAL LIE;So;0;ON;;;;;N;;;;; +A4BC;YI RADICAL CY;So;0;ON;;;;;N;;;;; +A4BD;YI RADICAL CUOP;So;0;ON;;;;;N;;;;; +A4BE;YI RADICAL CIP;So;0;ON;;;;;N;;;;; +A4BF;YI RADICAL HXOP;So;0;ON;;;;;N;;;;; +A4C0;YI RADICAL SHAT;So;0;ON;;;;;N;;;;; +A4C1;YI RADICAL ZUR;So;0;ON;;;;;N;;;;; +A4C2;YI RADICAL SHOP;So;0;ON;;;;;N;;;;; +A4C3;YI RADICAL CHE;So;0;ON;;;;;N;;;;; +A4C4;YI RADICAL ZZIET;So;0;ON;;;;;N;;;;; +A4C5;YI RADICAL NBIE;So;0;ON;;;;;N;;;;; +A4C6;YI RADICAL KE;So;0;ON;;;;;N;;;;; +AC00;;Lo;0;L;;;;;N;;;;; +D7A3;;Lo;0;L;;;;;N;;;;; +D800;;Cs;0;L;;;;;N;;;;; +DB7F;;Cs;0;L;;;;;N;;;;; +DB80;;Cs;0;L;;;;;N;;;;; +DBFF;;Cs;0;L;;;;;N;;;;; +DC00;;Cs;0;L;;;;;N;;;;; +DFFF;;Cs;0;L;;;;;N;;;;; +E000;;Co;0;L;;;;;N;;;;; +F8FF;;Co;0;L;;;;;N;;;;; +F900;CJK COMPATIBILITY IDEOGRAPH-F900;Lo;0;L;8C48;;;;N;;;;; +F901;CJK COMPATIBILITY IDEOGRAPH-F901;Lo;0;L;66F4;;;;N;;;;; +F902;CJK COMPATIBILITY IDEOGRAPH-F902;Lo;0;L;8ECA;;;;N;;;;; +F903;CJK COMPATIBILITY IDEOGRAPH-F903;Lo;0;L;8CC8;;;;N;;;;; +F904;CJK COMPATIBILITY IDEOGRAPH-F904;Lo;0;L;6ED1;;;;N;;;;; +F905;CJK COMPATIBILITY IDEOGRAPH-F905;Lo;0;L;4E32;;;;N;;;;; +F906;CJK COMPATIBILITY IDEOGRAPH-F906;Lo;0;L;53E5;;;;N;;;;; +F907;CJK COMPATIBILITY IDEOGRAPH-F907;Lo;0;L;9F9C;;;;N;;;;; +F908;CJK COMPATIBILITY IDEOGRAPH-F908;Lo;0;L;9F9C;;;;N;;;;; +F909;CJK COMPATIBILITY IDEOGRAPH-F909;Lo;0;L;5951;;;;N;;;;; +F90A;CJK COMPATIBILITY IDEOGRAPH-F90A;Lo;0;L;91D1;;;;N;;;;; +F90B;CJK COMPATIBILITY IDEOGRAPH-F90B;Lo;0;L;5587;;;;N;;;;; +F90C;CJK COMPATIBILITY IDEOGRAPH-F90C;Lo;0;L;5948;;;;N;;;;; +F90D;CJK COMPATIBILITY IDEOGRAPH-F90D;Lo;0;L;61F6;;;;N;;;;; +F90E;CJK COMPATIBILITY IDEOGRAPH-F90E;Lo;0;L;7669;;;;N;;;;; +F90F;CJK COMPATIBILITY IDEOGRAPH-F90F;Lo;0;L;7F85;;;;N;;;;; +F910;CJK COMPATIBILITY IDEOGRAPH-F910;Lo;0;L;863F;;;;N;;;;; +F911;CJK COMPATIBILITY IDEOGRAPH-F911;Lo;0;L;87BA;;;;N;;;;; +F912;CJK COMPATIBILITY IDEOGRAPH-F912;Lo;0;L;88F8;;;;N;;;;; +F913;CJK COMPATIBILITY IDEOGRAPH-F913;Lo;0;L;908F;;;;N;;;;; +F914;CJK COMPATIBILITY IDEOGRAPH-F914;Lo;0;L;6A02;;;;N;;;;; +F915;CJK COMPATIBILITY IDEOGRAPH-F915;Lo;0;L;6D1B;;;;N;;;;; +F916;CJK COMPATIBILITY IDEOGRAPH-F916;Lo;0;L;70D9;;;;N;;;;; +F917;CJK COMPATIBILITY IDEOGRAPH-F917;Lo;0;L;73DE;;;;N;;;;; +F918;CJK COMPATIBILITY IDEOGRAPH-F918;Lo;0;L;843D;;;;N;;;;; +F919;CJK COMPATIBILITY IDEOGRAPH-F919;Lo;0;L;916A;;;;N;;;;; +F91A;CJK COMPATIBILITY IDEOGRAPH-F91A;Lo;0;L;99F1;;;;N;;;;; +F91B;CJK COMPATIBILITY IDEOGRAPH-F91B;Lo;0;L;4E82;;;;N;;;;; +F91C;CJK COMPATIBILITY IDEOGRAPH-F91C;Lo;0;L;5375;;;;N;;;;; +F91D;CJK COMPATIBILITY IDEOGRAPH-F91D;Lo;0;L;6B04;;;;N;;;;; +F91E;CJK COMPATIBILITY IDEOGRAPH-F91E;Lo;0;L;721B;;;;N;;;;; +F91F;CJK COMPATIBILITY IDEOGRAPH-F91F;Lo;0;L;862D;;;;N;;;;; +F920;CJK COMPATIBILITY IDEOGRAPH-F920;Lo;0;L;9E1E;;;;N;;;;; +F921;CJK COMPATIBILITY IDEOGRAPH-F921;Lo;0;L;5D50;;;;N;;;;; +F922;CJK COMPATIBILITY IDEOGRAPH-F922;Lo;0;L;6FEB;;;;N;;;;; +F923;CJK COMPATIBILITY IDEOGRAPH-F923;Lo;0;L;85CD;;;;N;;;;; +F924;CJK COMPATIBILITY IDEOGRAPH-F924;Lo;0;L;8964;;;;N;;;;; +F925;CJK COMPATIBILITY IDEOGRAPH-F925;Lo;0;L;62C9;;;;N;;;;; +F926;CJK COMPATIBILITY IDEOGRAPH-F926;Lo;0;L;81D8;;;;N;;;;; +F927;CJK COMPATIBILITY IDEOGRAPH-F927;Lo;0;L;881F;;;;N;;;;; +F928;CJK COMPATIBILITY IDEOGRAPH-F928;Lo;0;L;5ECA;;;;N;;;;; +F929;CJK COMPATIBILITY IDEOGRAPH-F929;Lo;0;L;6717;;;;N;;;;; +F92A;CJK COMPATIBILITY IDEOGRAPH-F92A;Lo;0;L;6D6A;;;;N;;;;; +F92B;CJK COMPATIBILITY IDEOGRAPH-F92B;Lo;0;L;72FC;;;;N;;;;; +F92C;CJK COMPATIBILITY IDEOGRAPH-F92C;Lo;0;L;90CE;;;;N;;;;; +F92D;CJK COMPATIBILITY IDEOGRAPH-F92D;Lo;0;L;4F86;;;;N;;;;; +F92E;CJK COMPATIBILITY IDEOGRAPH-F92E;Lo;0;L;51B7;;;;N;;;;; +F92F;CJK COMPATIBILITY IDEOGRAPH-F92F;Lo;0;L;52DE;;;;N;;;;; +F930;CJK COMPATIBILITY IDEOGRAPH-F930;Lo;0;L;64C4;;;;N;;;;; +F931;CJK COMPATIBILITY IDEOGRAPH-F931;Lo;0;L;6AD3;;;;N;;;;; +F932;CJK COMPATIBILITY IDEOGRAPH-F932;Lo;0;L;7210;;;;N;;;;; +F933;CJK COMPATIBILITY IDEOGRAPH-F933;Lo;0;L;76E7;;;;N;;;;; +F934;CJK COMPATIBILITY IDEOGRAPH-F934;Lo;0;L;8001;;;;N;;;;; +F935;CJK COMPATIBILITY IDEOGRAPH-F935;Lo;0;L;8606;;;;N;;;;; +F936;CJK COMPATIBILITY IDEOGRAPH-F936;Lo;0;L;865C;;;;N;;;;; +F937;CJK COMPATIBILITY IDEOGRAPH-F937;Lo;0;L;8DEF;;;;N;;;;; +F938;CJK COMPATIBILITY IDEOGRAPH-F938;Lo;0;L;9732;;;;N;;;;; +F939;CJK COMPATIBILITY IDEOGRAPH-F939;Lo;0;L;9B6F;;;;N;;;;; +F93A;CJK COMPATIBILITY IDEOGRAPH-F93A;Lo;0;L;9DFA;;;;N;;;;; +F93B;CJK COMPATIBILITY IDEOGRAPH-F93B;Lo;0;L;788C;;;;N;;;;; +F93C;CJK COMPATIBILITY IDEOGRAPH-F93C;Lo;0;L;797F;;;;N;;;;; +F93D;CJK COMPATIBILITY IDEOGRAPH-F93D;Lo;0;L;7DA0;;;;N;;;;; +F93E;CJK COMPATIBILITY IDEOGRAPH-F93E;Lo;0;L;83C9;;;;N;;;;; +F93F;CJK COMPATIBILITY IDEOGRAPH-F93F;Lo;0;L;9304;;;;N;;;;; +F940;CJK COMPATIBILITY IDEOGRAPH-F940;Lo;0;L;9E7F;;;;N;;;;; +F941;CJK COMPATIBILITY IDEOGRAPH-F941;Lo;0;L;8AD6;;;;N;;;;; +F942;CJK COMPATIBILITY IDEOGRAPH-F942;Lo;0;L;58DF;;;;N;;;;; +F943;CJK COMPATIBILITY IDEOGRAPH-F943;Lo;0;L;5F04;;;;N;;;;; +F944;CJK COMPATIBILITY IDEOGRAPH-F944;Lo;0;L;7C60;;;;N;;;;; +F945;CJK COMPATIBILITY IDEOGRAPH-F945;Lo;0;L;807E;;;;N;;;;; +F946;CJK COMPATIBILITY IDEOGRAPH-F946;Lo;0;L;7262;;;;N;;;;; +F947;CJK COMPATIBILITY IDEOGRAPH-F947;Lo;0;L;78CA;;;;N;;;;; +F948;CJK COMPATIBILITY IDEOGRAPH-F948;Lo;0;L;8CC2;;;;N;;;;; +F949;CJK COMPATIBILITY IDEOGRAPH-F949;Lo;0;L;96F7;;;;N;;;;; +F94A;CJK COMPATIBILITY IDEOGRAPH-F94A;Lo;0;L;58D8;;;;N;;;;; +F94B;CJK COMPATIBILITY IDEOGRAPH-F94B;Lo;0;L;5C62;;;;N;;;;; +F94C;CJK COMPATIBILITY IDEOGRAPH-F94C;Lo;0;L;6A13;;;;N;;;;; +F94D;CJK COMPATIBILITY IDEOGRAPH-F94D;Lo;0;L;6DDA;;;;N;;;;; +F94E;CJK COMPATIBILITY IDEOGRAPH-F94E;Lo;0;L;6F0F;;;;N;;;;; +F94F;CJK COMPATIBILITY IDEOGRAPH-F94F;Lo;0;L;7D2F;;;;N;;;;; +F950;CJK COMPATIBILITY IDEOGRAPH-F950;Lo;0;L;7E37;;;;N;;;;; +F951;CJK COMPATIBILITY IDEOGRAPH-F951;Lo;0;L;964B;;;;N;;;;; +F952;CJK COMPATIBILITY IDEOGRAPH-F952;Lo;0;L;52D2;;;;N;;;;; +F953;CJK COMPATIBILITY IDEOGRAPH-F953;Lo;0;L;808B;;;;N;;;;; +F954;CJK COMPATIBILITY IDEOGRAPH-F954;Lo;0;L;51DC;;;;N;;;;; +F955;CJK COMPATIBILITY IDEOGRAPH-F955;Lo;0;L;51CC;;;;N;;;;; +F956;CJK COMPATIBILITY IDEOGRAPH-F956;Lo;0;L;7A1C;;;;N;;;;; +F957;CJK COMPATIBILITY IDEOGRAPH-F957;Lo;0;L;7DBE;;;;N;;;;; +F958;CJK COMPATIBILITY IDEOGRAPH-F958;Lo;0;L;83F1;;;;N;;;;; +F959;CJK COMPATIBILITY IDEOGRAPH-F959;Lo;0;L;9675;;;;N;;;;; +F95A;CJK COMPATIBILITY IDEOGRAPH-F95A;Lo;0;L;8B80;;;;N;;;;; +F95B;CJK COMPATIBILITY IDEOGRAPH-F95B;Lo;0;L;62CF;;;;N;;;;; +F95C;CJK COMPATIBILITY IDEOGRAPH-F95C;Lo;0;L;6A02;;;;N;;;;; +F95D;CJK COMPATIBILITY IDEOGRAPH-F95D;Lo;0;L;8AFE;;;;N;;;;; +F95E;CJK COMPATIBILITY IDEOGRAPH-F95E;Lo;0;L;4E39;;;;N;;;;; +F95F;CJK COMPATIBILITY IDEOGRAPH-F95F;Lo;0;L;5BE7;;;;N;;;;; +F960;CJK COMPATIBILITY IDEOGRAPH-F960;Lo;0;L;6012;;;;N;;;;; +F961;CJK COMPATIBILITY IDEOGRAPH-F961;Lo;0;L;7387;;;;N;;;;; +F962;CJK COMPATIBILITY IDEOGRAPH-F962;Lo;0;L;7570;;;;N;;;;; +F963;CJK COMPATIBILITY IDEOGRAPH-F963;Lo;0;L;5317;;;;N;;;;; +F964;CJK COMPATIBILITY IDEOGRAPH-F964;Lo;0;L;78FB;;;;N;;;;; +F965;CJK COMPATIBILITY IDEOGRAPH-F965;Lo;0;L;4FBF;;;;N;;;;; +F966;CJK COMPATIBILITY IDEOGRAPH-F966;Lo;0;L;5FA9;;;;N;;;;; +F967;CJK COMPATIBILITY IDEOGRAPH-F967;Lo;0;L;4E0D;;;;N;;;;; +F968;CJK COMPATIBILITY IDEOGRAPH-F968;Lo;0;L;6CCC;;;;N;;;;; +F969;CJK COMPATIBILITY IDEOGRAPH-F969;Lo;0;L;6578;;;;N;;;;; +F96A;CJK COMPATIBILITY IDEOGRAPH-F96A;Lo;0;L;7D22;;;;N;;;;; +F96B;CJK COMPATIBILITY IDEOGRAPH-F96B;Lo;0;L;53C3;;;;N;;;;; +F96C;CJK COMPATIBILITY IDEOGRAPH-F96C;Lo;0;L;585E;;;;N;;;;; +F96D;CJK COMPATIBILITY IDEOGRAPH-F96D;Lo;0;L;7701;;;;N;;;;; +F96E;CJK COMPATIBILITY IDEOGRAPH-F96E;Lo;0;L;8449;;;;N;;;;; +F96F;CJK COMPATIBILITY IDEOGRAPH-F96F;Lo;0;L;8AAA;;;;N;;;;; +F970;CJK COMPATIBILITY IDEOGRAPH-F970;Lo;0;L;6BBA;;;;N;;;;; +F971;CJK COMPATIBILITY IDEOGRAPH-F971;Lo;0;L;8FB0;;;;N;;;;; +F972;CJK COMPATIBILITY IDEOGRAPH-F972;Lo;0;L;6C88;;;;N;;;;; +F973;CJK COMPATIBILITY IDEOGRAPH-F973;Lo;0;L;62FE;;;;N;;;;; +F974;CJK COMPATIBILITY IDEOGRAPH-F974;Lo;0;L;82E5;;;;N;;;;; +F975;CJK COMPATIBILITY IDEOGRAPH-F975;Lo;0;L;63A0;;;;N;;;;; +F976;CJK COMPATIBILITY IDEOGRAPH-F976;Lo;0;L;7565;;;;N;;;;; +F977;CJK COMPATIBILITY IDEOGRAPH-F977;Lo;0;L;4EAE;;;;N;;;;; +F978;CJK COMPATIBILITY IDEOGRAPH-F978;Lo;0;L;5169;;;;N;;;;; +F979;CJK COMPATIBILITY IDEOGRAPH-F979;Lo;0;L;51C9;;;;N;;;;; +F97A;CJK COMPATIBILITY IDEOGRAPH-F97A;Lo;0;L;6881;;;;N;;;;; +F97B;CJK COMPATIBILITY IDEOGRAPH-F97B;Lo;0;L;7CE7;;;;N;;;;; +F97C;CJK COMPATIBILITY IDEOGRAPH-F97C;Lo;0;L;826F;;;;N;;;;; +F97D;CJK COMPATIBILITY IDEOGRAPH-F97D;Lo;0;L;8AD2;;;;N;;;;; +F97E;CJK COMPATIBILITY IDEOGRAPH-F97E;Lo;0;L;91CF;;;;N;;;;; +F97F;CJK COMPATIBILITY IDEOGRAPH-F97F;Lo;0;L;52F5;;;;N;;;;; +F980;CJK COMPATIBILITY IDEOGRAPH-F980;Lo;0;L;5442;;;;N;;;;; +F981;CJK COMPATIBILITY IDEOGRAPH-F981;Lo;0;L;5973;;;;N;;;;; +F982;CJK COMPATIBILITY IDEOGRAPH-F982;Lo;0;L;5EEC;;;;N;;;;; +F983;CJK COMPATIBILITY IDEOGRAPH-F983;Lo;0;L;65C5;;;;N;;;;; +F984;CJK COMPATIBILITY IDEOGRAPH-F984;Lo;0;L;6FFE;;;;N;;;;; +F985;CJK COMPATIBILITY IDEOGRAPH-F985;Lo;0;L;792A;;;;N;;;;; +F986;CJK COMPATIBILITY IDEOGRAPH-F986;Lo;0;L;95AD;;;;N;;;;; +F987;CJK COMPATIBILITY IDEOGRAPH-F987;Lo;0;L;9A6A;;;;N;;;;; +F988;CJK COMPATIBILITY IDEOGRAPH-F988;Lo;0;L;9E97;;;;N;;;;; +F989;CJK COMPATIBILITY IDEOGRAPH-F989;Lo;0;L;9ECE;;;;N;;;;; +F98A;CJK COMPATIBILITY IDEOGRAPH-F98A;Lo;0;L;529B;;;;N;;;;; +F98B;CJK COMPATIBILITY IDEOGRAPH-F98B;Lo;0;L;66C6;;;;N;;;;; +F98C;CJK COMPATIBILITY IDEOGRAPH-F98C;Lo;0;L;6B77;;;;N;;;;; +F98D;CJK COMPATIBILITY IDEOGRAPH-F98D;Lo;0;L;8F62;;;;N;;;;; +F98E;CJK COMPATIBILITY IDEOGRAPH-F98E;Lo;0;L;5E74;;;;N;;;;; +F98F;CJK COMPATIBILITY IDEOGRAPH-F98F;Lo;0;L;6190;;;;N;;;;; +F990;CJK COMPATIBILITY IDEOGRAPH-F990;Lo;0;L;6200;;;;N;;;;; +F991;CJK COMPATIBILITY IDEOGRAPH-F991;Lo;0;L;649A;;;;N;;;;; +F992;CJK COMPATIBILITY IDEOGRAPH-F992;Lo;0;L;6F23;;;;N;;;;; +F993;CJK COMPATIBILITY IDEOGRAPH-F993;Lo;0;L;7149;;;;N;;;;; +F994;CJK COMPATIBILITY IDEOGRAPH-F994;Lo;0;L;7489;;;;N;;;;; +F995;CJK COMPATIBILITY IDEOGRAPH-F995;Lo;0;L;79CA;;;;N;;;;; +F996;CJK COMPATIBILITY IDEOGRAPH-F996;Lo;0;L;7DF4;;;;N;;;;; +F997;CJK COMPATIBILITY IDEOGRAPH-F997;Lo;0;L;806F;;;;N;;;;; +F998;CJK COMPATIBILITY IDEOGRAPH-F998;Lo;0;L;8F26;;;;N;;;;; +F999;CJK COMPATIBILITY IDEOGRAPH-F999;Lo;0;L;84EE;;;;N;;;;; +F99A;CJK COMPATIBILITY IDEOGRAPH-F99A;Lo;0;L;9023;;;;N;;;;; +F99B;CJK COMPATIBILITY IDEOGRAPH-F99B;Lo;0;L;934A;;;;N;;;;; +F99C;CJK COMPATIBILITY IDEOGRAPH-F99C;Lo;0;L;5217;;;;N;;;;; +F99D;CJK COMPATIBILITY IDEOGRAPH-F99D;Lo;0;L;52A3;;;;N;;;;; +F99E;CJK COMPATIBILITY IDEOGRAPH-F99E;Lo;0;L;54BD;;;;N;;;;; +F99F;CJK COMPATIBILITY IDEOGRAPH-F99F;Lo;0;L;70C8;;;;N;;;;; +F9A0;CJK COMPATIBILITY IDEOGRAPH-F9A0;Lo;0;L;88C2;;;;N;;;;; +F9A1;CJK COMPATIBILITY IDEOGRAPH-F9A1;Lo;0;L;8AAA;;;;N;;;;; +F9A2;CJK COMPATIBILITY IDEOGRAPH-F9A2;Lo;0;L;5EC9;;;;N;;;;; +F9A3;CJK COMPATIBILITY IDEOGRAPH-F9A3;Lo;0;L;5FF5;;;;N;;;;; +F9A4;CJK COMPATIBILITY IDEOGRAPH-F9A4;Lo;0;L;637B;;;;N;;;;; +F9A5;CJK COMPATIBILITY IDEOGRAPH-F9A5;Lo;0;L;6BAE;;;;N;;;;; +F9A6;CJK COMPATIBILITY IDEOGRAPH-F9A6;Lo;0;L;7C3E;;;;N;;;;; +F9A7;CJK COMPATIBILITY IDEOGRAPH-F9A7;Lo;0;L;7375;;;;N;;;;; +F9A8;CJK COMPATIBILITY IDEOGRAPH-F9A8;Lo;0;L;4EE4;;;;N;;;;; +F9A9;CJK COMPATIBILITY IDEOGRAPH-F9A9;Lo;0;L;56F9;;;;N;;;;; +F9AA;CJK COMPATIBILITY IDEOGRAPH-F9AA;Lo;0;L;5BE7;;;;N;;;;; +F9AB;CJK COMPATIBILITY IDEOGRAPH-F9AB;Lo;0;L;5DBA;;;;N;;;;; +F9AC;CJK COMPATIBILITY IDEOGRAPH-F9AC;Lo;0;L;601C;;;;N;;;;; +F9AD;CJK COMPATIBILITY IDEOGRAPH-F9AD;Lo;0;L;73B2;;;;N;;;;; +F9AE;CJK COMPATIBILITY IDEOGRAPH-F9AE;Lo;0;L;7469;;;;N;;;;; +F9AF;CJK COMPATIBILITY IDEOGRAPH-F9AF;Lo;0;L;7F9A;;;;N;;;;; +F9B0;CJK COMPATIBILITY IDEOGRAPH-F9B0;Lo;0;L;8046;;;;N;;;;; +F9B1;CJK COMPATIBILITY IDEOGRAPH-F9B1;Lo;0;L;9234;;;;N;;;;; +F9B2;CJK COMPATIBILITY IDEOGRAPH-F9B2;Lo;0;L;96F6;;;;N;;;;; +F9B3;CJK COMPATIBILITY IDEOGRAPH-F9B3;Lo;0;L;9748;;;;N;;;;; +F9B4;CJK COMPATIBILITY IDEOGRAPH-F9B4;Lo;0;L;9818;;;;N;;;;; +F9B5;CJK COMPATIBILITY IDEOGRAPH-F9B5;Lo;0;L;4F8B;;;;N;;;;; +F9B6;CJK COMPATIBILITY IDEOGRAPH-F9B6;Lo;0;L;79AE;;;;N;;;;; +F9B7;CJK COMPATIBILITY IDEOGRAPH-F9B7;Lo;0;L;91B4;;;;N;;;;; +F9B8;CJK COMPATIBILITY IDEOGRAPH-F9B8;Lo;0;L;96B8;;;;N;;;;; +F9B9;CJK COMPATIBILITY IDEOGRAPH-F9B9;Lo;0;L;60E1;;;;N;;;;; +F9BA;CJK COMPATIBILITY IDEOGRAPH-F9BA;Lo;0;L;4E86;;;;N;;;;; +F9BB;CJK COMPATIBILITY IDEOGRAPH-F9BB;Lo;0;L;50DA;;;;N;;;;; +F9BC;CJK COMPATIBILITY IDEOGRAPH-F9BC;Lo;0;L;5BEE;;;;N;;;;; +F9BD;CJK COMPATIBILITY IDEOGRAPH-F9BD;Lo;0;L;5C3F;;;;N;;;;; +F9BE;CJK COMPATIBILITY IDEOGRAPH-F9BE;Lo;0;L;6599;;;;N;;;;; +F9BF;CJK COMPATIBILITY IDEOGRAPH-F9BF;Lo;0;L;6A02;;;;N;;;;; +F9C0;CJK COMPATIBILITY IDEOGRAPH-F9C0;Lo;0;L;71CE;;;;N;;;;; +F9C1;CJK COMPATIBILITY IDEOGRAPH-F9C1;Lo;0;L;7642;;;;N;;;;; +F9C2;CJK COMPATIBILITY IDEOGRAPH-F9C2;Lo;0;L;84FC;;;;N;;;;; +F9C3;CJK COMPATIBILITY IDEOGRAPH-F9C3;Lo;0;L;907C;;;;N;;;;; +F9C4;CJK COMPATIBILITY IDEOGRAPH-F9C4;Lo;0;L;9F8D;;;;N;;;;; +F9C5;CJK COMPATIBILITY IDEOGRAPH-F9C5;Lo;0;L;6688;;;;N;;;;; +F9C6;CJK COMPATIBILITY IDEOGRAPH-F9C6;Lo;0;L;962E;;;;N;;;;; +F9C7;CJK COMPATIBILITY IDEOGRAPH-F9C7;Lo;0;L;5289;;;;N;;;;; +F9C8;CJK COMPATIBILITY IDEOGRAPH-F9C8;Lo;0;L;677B;;;;N;;;;; +F9C9;CJK COMPATIBILITY IDEOGRAPH-F9C9;Lo;0;L;67F3;;;;N;;;;; +F9CA;CJK COMPATIBILITY IDEOGRAPH-F9CA;Lo;0;L;6D41;;;;N;;;;; +F9CB;CJK COMPATIBILITY IDEOGRAPH-F9CB;Lo;0;L;6E9C;;;;N;;;;; +F9CC;CJK COMPATIBILITY IDEOGRAPH-F9CC;Lo;0;L;7409;;;;N;;;;; +F9CD;CJK COMPATIBILITY IDEOGRAPH-F9CD;Lo;0;L;7559;;;;N;;;;; +F9CE;CJK COMPATIBILITY IDEOGRAPH-F9CE;Lo;0;L;786B;;;;N;;;;; +F9CF;CJK COMPATIBILITY IDEOGRAPH-F9CF;Lo;0;L;7D10;;;;N;;;;; +F9D0;CJK COMPATIBILITY IDEOGRAPH-F9D0;Lo;0;L;985E;;;;N;;;;; +F9D1;CJK COMPATIBILITY IDEOGRAPH-F9D1;Lo;0;L;516D;;;;N;;;;; +F9D2;CJK COMPATIBILITY IDEOGRAPH-F9D2;Lo;0;L;622E;;;;N;;;;; +F9D3;CJK COMPATIBILITY IDEOGRAPH-F9D3;Lo;0;L;9678;;;;N;;;;; +F9D4;CJK COMPATIBILITY IDEOGRAPH-F9D4;Lo;0;L;502B;;;;N;;;;; +F9D5;CJK COMPATIBILITY IDEOGRAPH-F9D5;Lo;0;L;5D19;;;;N;;;;; +F9D6;CJK COMPATIBILITY IDEOGRAPH-F9D6;Lo;0;L;6DEA;;;;N;;;;; +F9D7;CJK COMPATIBILITY IDEOGRAPH-F9D7;Lo;0;L;8F2A;;;;N;;;;; +F9D8;CJK COMPATIBILITY IDEOGRAPH-F9D8;Lo;0;L;5F8B;;;;N;;;;; +F9D9;CJK COMPATIBILITY IDEOGRAPH-F9D9;Lo;0;L;6144;;;;N;;;;; +F9DA;CJK COMPATIBILITY IDEOGRAPH-F9DA;Lo;0;L;6817;;;;N;;;;; +F9DB;CJK COMPATIBILITY IDEOGRAPH-F9DB;Lo;0;L;7387;;;;N;;;;; +F9DC;CJK COMPATIBILITY IDEOGRAPH-F9DC;Lo;0;L;9686;;;;N;;;;; +F9DD;CJK COMPATIBILITY IDEOGRAPH-F9DD;Lo;0;L;5229;;;;N;;;;; +F9DE;CJK COMPATIBILITY IDEOGRAPH-F9DE;Lo;0;L;540F;;;;N;;;;; +F9DF;CJK COMPATIBILITY IDEOGRAPH-F9DF;Lo;0;L;5C65;;;;N;;;;; +F9E0;CJK COMPATIBILITY IDEOGRAPH-F9E0;Lo;0;L;6613;;;;N;;;;; +F9E1;CJK COMPATIBILITY IDEOGRAPH-F9E1;Lo;0;L;674E;;;;N;;;;; +F9E2;CJK COMPATIBILITY IDEOGRAPH-F9E2;Lo;0;L;68A8;;;;N;;;;; +F9E3;CJK COMPATIBILITY IDEOGRAPH-F9E3;Lo;0;L;6CE5;;;;N;;;;; +F9E4;CJK COMPATIBILITY IDEOGRAPH-F9E4;Lo;0;L;7406;;;;N;;;;; +F9E5;CJK COMPATIBILITY IDEOGRAPH-F9E5;Lo;0;L;75E2;;;;N;;;;; +F9E6;CJK COMPATIBILITY IDEOGRAPH-F9E6;Lo;0;L;7F79;;;;N;;;;; +F9E7;CJK COMPATIBILITY IDEOGRAPH-F9E7;Lo;0;L;88CF;;;;N;;;;; +F9E8;CJK COMPATIBILITY IDEOGRAPH-F9E8;Lo;0;L;88E1;;;;N;;;;; +F9E9;CJK COMPATIBILITY IDEOGRAPH-F9E9;Lo;0;L;91CC;;;;N;;;;; +F9EA;CJK COMPATIBILITY IDEOGRAPH-F9EA;Lo;0;L;96E2;;;;N;;;;; +F9EB;CJK COMPATIBILITY IDEOGRAPH-F9EB;Lo;0;L;533F;;;;N;;;;; +F9EC;CJK COMPATIBILITY IDEOGRAPH-F9EC;Lo;0;L;6EBA;;;;N;;;;; +F9ED;CJK COMPATIBILITY IDEOGRAPH-F9ED;Lo;0;L;541D;;;;N;;;;; +F9EE;CJK COMPATIBILITY IDEOGRAPH-F9EE;Lo;0;L;71D0;;;;N;;;;; +F9EF;CJK COMPATIBILITY IDEOGRAPH-F9EF;Lo;0;L;7498;;;;N;;;;; +F9F0;CJK COMPATIBILITY IDEOGRAPH-F9F0;Lo;0;L;85FA;;;;N;;;;; +F9F1;CJK COMPATIBILITY IDEOGRAPH-F9F1;Lo;0;L;96A3;;;;N;;;;; +F9F2;CJK COMPATIBILITY IDEOGRAPH-F9F2;Lo;0;L;9C57;;;;N;;;;; +F9F3;CJK COMPATIBILITY IDEOGRAPH-F9F3;Lo;0;L;9E9F;;;;N;;;;; +F9F4;CJK COMPATIBILITY IDEOGRAPH-F9F4;Lo;0;L;6797;;;;N;;;;; +F9F5;CJK COMPATIBILITY IDEOGRAPH-F9F5;Lo;0;L;6DCB;;;;N;;;;; +F9F6;CJK COMPATIBILITY IDEOGRAPH-F9F6;Lo;0;L;81E8;;;;N;;;;; +F9F7;CJK COMPATIBILITY IDEOGRAPH-F9F7;Lo;0;L;7ACB;;;;N;;;;; +F9F8;CJK COMPATIBILITY IDEOGRAPH-F9F8;Lo;0;L;7B20;;;;N;;;;; +F9F9;CJK COMPATIBILITY IDEOGRAPH-F9F9;Lo;0;L;7C92;;;;N;;;;; +F9FA;CJK COMPATIBILITY IDEOGRAPH-F9FA;Lo;0;L;72C0;;;;N;;;;; +F9FB;CJK COMPATIBILITY IDEOGRAPH-F9FB;Lo;0;L;7099;;;;N;;;;; +F9FC;CJK COMPATIBILITY IDEOGRAPH-F9FC;Lo;0;L;8B58;;;;N;;;;; +F9FD;CJK COMPATIBILITY IDEOGRAPH-F9FD;Lo;0;L;4EC0;;;;N;;;;; +F9FE;CJK COMPATIBILITY IDEOGRAPH-F9FE;Lo;0;L;8336;;;;N;;;;; +F9FF;CJK COMPATIBILITY IDEOGRAPH-F9FF;Lo;0;L;523A;;;;N;;;;; +FA00;CJK COMPATIBILITY IDEOGRAPH-FA00;Lo;0;L;5207;;;;N;;;;; +FA01;CJK COMPATIBILITY IDEOGRAPH-FA01;Lo;0;L;5EA6;;;;N;;;;; +FA02;CJK COMPATIBILITY IDEOGRAPH-FA02;Lo;0;L;62D3;;;;N;;;;; +FA03;CJK COMPATIBILITY IDEOGRAPH-FA03;Lo;0;L;7CD6;;;;N;;;;; +FA04;CJK COMPATIBILITY IDEOGRAPH-FA04;Lo;0;L;5B85;;;;N;;;;; +FA05;CJK COMPATIBILITY IDEOGRAPH-FA05;Lo;0;L;6D1E;;;;N;;;;; +FA06;CJK COMPATIBILITY IDEOGRAPH-FA06;Lo;0;L;66B4;;;;N;;;;; +FA07;CJK COMPATIBILITY IDEOGRAPH-FA07;Lo;0;L;8F3B;;;;N;;;;; +FA08;CJK COMPATIBILITY IDEOGRAPH-FA08;Lo;0;L;884C;;;;N;;;;; +FA09;CJK COMPATIBILITY IDEOGRAPH-FA09;Lo;0;L;964D;;;;N;;;;; +FA0A;CJK COMPATIBILITY IDEOGRAPH-FA0A;Lo;0;L;898B;;;;N;;;;; +FA0B;CJK COMPATIBILITY IDEOGRAPH-FA0B;Lo;0;L;5ED3;;;;N;;;;; +FA0C;CJK COMPATIBILITY IDEOGRAPH-FA0C;Lo;0;L;5140;;;;N;;;;; +FA0D;CJK COMPATIBILITY IDEOGRAPH-FA0D;Lo;0;L;55C0;;;;N;;;;; +FA0E;CJK COMPATIBILITY IDEOGRAPH-FA0E;Lo;0;L;;;;;N;;;;; +FA0F;CJK COMPATIBILITY IDEOGRAPH-FA0F;Lo;0;L;;;;;N;;;;; +FA10;CJK COMPATIBILITY IDEOGRAPH-FA10;Lo;0;L;585A;;;;N;;;;; +FA11;CJK COMPATIBILITY IDEOGRAPH-FA11;Lo;0;L;;;;;N;;;;; +FA12;CJK COMPATIBILITY IDEOGRAPH-FA12;Lo;0;L;6674;;;;N;;;;; +FA13;CJK COMPATIBILITY IDEOGRAPH-FA13;Lo;0;L;;;;;N;;;;; +FA14;CJK COMPATIBILITY IDEOGRAPH-FA14;Lo;0;L;;;;;N;;;;; +FA15;CJK COMPATIBILITY IDEOGRAPH-FA15;Lo;0;L;51DE;;;;N;;;;; +FA16;CJK COMPATIBILITY IDEOGRAPH-FA16;Lo;0;L;732A;;;;N;;;;; +FA17;CJK COMPATIBILITY IDEOGRAPH-FA17;Lo;0;L;76CA;;;;N;;;;; +FA18;CJK COMPATIBILITY IDEOGRAPH-FA18;Lo;0;L;793C;;;;N;;;;; +FA19;CJK COMPATIBILITY IDEOGRAPH-FA19;Lo;0;L;795E;;;;N;;;;; +FA1A;CJK COMPATIBILITY IDEOGRAPH-FA1A;Lo;0;L;7965;;;;N;;;;; +FA1B;CJK COMPATIBILITY IDEOGRAPH-FA1B;Lo;0;L;798F;;;;N;;;;; +FA1C;CJK COMPATIBILITY IDEOGRAPH-FA1C;Lo;0;L;9756;;;;N;;;;; +FA1D;CJK COMPATIBILITY IDEOGRAPH-FA1D;Lo;0;L;7CBE;;;;N;;;;; +FA1E;CJK COMPATIBILITY IDEOGRAPH-FA1E;Lo;0;L;7FBD;;;;N;;;;; +FA1F;CJK COMPATIBILITY IDEOGRAPH-FA1F;Lo;0;L;;;;;N;;*;;; +FA20;CJK COMPATIBILITY IDEOGRAPH-FA20;Lo;0;L;8612;;;;N;;;;; +FA21;CJK COMPATIBILITY IDEOGRAPH-FA21;Lo;0;L;;;;;N;;;;; +FA22;CJK COMPATIBILITY IDEOGRAPH-FA22;Lo;0;L;8AF8;;;;N;;;;; +FA23;CJK COMPATIBILITY IDEOGRAPH-FA23;Lo;0;L;;;;;N;;*;;; +FA24;CJK COMPATIBILITY IDEOGRAPH-FA24;Lo;0;L;;;;;N;;;;; +FA25;CJK COMPATIBILITY IDEOGRAPH-FA25;Lo;0;L;9038;;;;N;;;;; +FA26;CJK COMPATIBILITY IDEOGRAPH-FA26;Lo;0;L;90FD;;;;N;;;;; +FA27;CJK COMPATIBILITY IDEOGRAPH-FA27;Lo;0;L;;;;;N;;;;; +FA28;CJK COMPATIBILITY IDEOGRAPH-FA28;Lo;0;L;;;;;N;;;;; +FA29;CJK COMPATIBILITY IDEOGRAPH-FA29;Lo;0;L;;;;;N;;;;; +FA2A;CJK COMPATIBILITY IDEOGRAPH-FA2A;Lo;0;L;98EF;;;;N;;;;; +FA2B;CJK COMPATIBILITY IDEOGRAPH-FA2B;Lo;0;L;98FC;;;;N;;;;; +FA2C;CJK COMPATIBILITY IDEOGRAPH-FA2C;Lo;0;L;9928;;;;N;;;;; +FA2D;CJK COMPATIBILITY IDEOGRAPH-FA2D;Lo;0;L;9DB4;;;;N;;;;; +FA30;CJK COMPATIBILITY IDEOGRAPH-FA30;Lo;0;L;4FAE;;;;N;;;;; +FA31;CJK COMPATIBILITY IDEOGRAPH-FA31;Lo;0;L;50E7;;;;N;;;;; +FA32;CJK COMPATIBILITY IDEOGRAPH-FA32;Lo;0;L;514D;;;;N;;;;; +FA33;CJK COMPATIBILITY IDEOGRAPH-FA33;Lo;0;L;52C9;;;;N;;;;; +FA34;CJK COMPATIBILITY IDEOGRAPH-FA34;Lo;0;L;52E4;;;;N;;;;; +FA35;CJK COMPATIBILITY IDEOGRAPH-FA35;Lo;0;L;5351;;;;N;;;;; +FA36;CJK COMPATIBILITY IDEOGRAPH-FA36;Lo;0;L;559D;;;;N;;;;; +FA37;CJK COMPATIBILITY IDEOGRAPH-FA37;Lo;0;L;5606;;;;N;;;;; +FA38;CJK COMPATIBILITY IDEOGRAPH-FA38;Lo;0;L;5668;;;;N;;;;; +FA39;CJK COMPATIBILITY IDEOGRAPH-FA39;Lo;0;L;5840;;;;N;;;;; +FA3A;CJK COMPATIBILITY IDEOGRAPH-FA3A;Lo;0;L;58A8;;;;N;;;;; +FA3B;CJK COMPATIBILITY IDEOGRAPH-FA3B;Lo;0;L;5C64;;;;N;;;;; +FA3C;CJK COMPATIBILITY IDEOGRAPH-FA3C;Lo;0;L;5C6E;;;;N;;;;; +FA3D;CJK COMPATIBILITY IDEOGRAPH-FA3D;Lo;0;L;6094;;;;N;;;;; +FA3E;CJK COMPATIBILITY IDEOGRAPH-FA3E;Lo;0;L;6168;;;;N;;;;; +FA3F;CJK COMPATIBILITY IDEOGRAPH-FA3F;Lo;0;L;618E;;;;N;;;;; +FA40;CJK COMPATIBILITY IDEOGRAPH-FA40;Lo;0;L;61F2;;;;N;;;;; +FA41;CJK COMPATIBILITY IDEOGRAPH-FA41;Lo;0;L;654F;;;;N;;;;; +FA42;CJK COMPATIBILITY IDEOGRAPH-FA42;Lo;0;L;65E2;;;;N;;;;; +FA43;CJK COMPATIBILITY IDEOGRAPH-FA43;Lo;0;L;6691;;;;N;;;;; +FA44;CJK COMPATIBILITY IDEOGRAPH-FA44;Lo;0;L;6885;;;;N;;;;; +FA45;CJK COMPATIBILITY IDEOGRAPH-FA45;Lo;0;L;6D77;;;;N;;;;; +FA46;CJK COMPATIBILITY IDEOGRAPH-FA46;Lo;0;L;6E1A;;;;N;;;;; +FA47;CJK COMPATIBILITY IDEOGRAPH-FA47;Lo;0;L;6F22;;;;N;;;;; +FA48;CJK COMPATIBILITY IDEOGRAPH-FA48;Lo;0;L;716E;;;;N;;;;; +FA49;CJK COMPATIBILITY IDEOGRAPH-FA49;Lo;0;L;722B;;;;N;;;;; +FA4A;CJK COMPATIBILITY IDEOGRAPH-FA4A;Lo;0;L;7422;;;;N;;;;; +FA4B;CJK COMPATIBILITY IDEOGRAPH-FA4B;Lo;0;L;7891;;;;N;;;;; +FA4C;CJK COMPATIBILITY IDEOGRAPH-FA4C;Lo;0;L;793E;;;;N;;;;; +FA4D;CJK COMPATIBILITY IDEOGRAPH-FA4D;Lo;0;L;7949;;;;N;;;;; +FA4E;CJK COMPATIBILITY IDEOGRAPH-FA4E;Lo;0;L;7948;;;;N;;;;; +FA4F;CJK COMPATIBILITY IDEOGRAPH-FA4F;Lo;0;L;7950;;;;N;;;;; +FA50;CJK COMPATIBILITY IDEOGRAPH-FA50;Lo;0;L;7956;;;;N;;;;; +FA51;CJK COMPATIBILITY IDEOGRAPH-FA51;Lo;0;L;795D;;;;N;;;;; +FA52;CJK COMPATIBILITY IDEOGRAPH-FA52;Lo;0;L;798D;;;;N;;;;; +FA53;CJK COMPATIBILITY IDEOGRAPH-FA53;Lo;0;L;798E;;;;N;;;;; +FA54;CJK COMPATIBILITY IDEOGRAPH-FA54;Lo;0;L;7A40;;;;N;;;;; +FA55;CJK COMPATIBILITY IDEOGRAPH-FA55;Lo;0;L;7A81;;;;N;;;;; +FA56;CJK COMPATIBILITY IDEOGRAPH-FA56;Lo;0;L;7BC0;;;;N;;;;; +FA57;CJK COMPATIBILITY IDEOGRAPH-FA57;Lo;0;L;7DF4;;;;N;;;;; +FA58;CJK COMPATIBILITY IDEOGRAPH-FA58;Lo;0;L;7E09;;;;N;;;;; +FA59;CJK COMPATIBILITY IDEOGRAPH-FA59;Lo;0;L;7E41;;;;N;;;;; +FA5A;CJK COMPATIBILITY IDEOGRAPH-FA5A;Lo;0;L;7F72;;;;N;;;;; +FA5B;CJK COMPATIBILITY IDEOGRAPH-FA5B;Lo;0;L;8005;;;;N;;;;; +FA5C;CJK COMPATIBILITY IDEOGRAPH-FA5C;Lo;0;L;81ED;;;;N;;;;; +FA5D;CJK COMPATIBILITY IDEOGRAPH-FA5D;Lo;0;L;8279;;;;N;;;;; +FA5E;CJK COMPATIBILITY IDEOGRAPH-FA5E;Lo;0;L;8279;;;;N;;;;; +FA5F;CJK COMPATIBILITY IDEOGRAPH-FA5F;Lo;0;L;8457;;;;N;;;;; +FA60;CJK COMPATIBILITY IDEOGRAPH-FA60;Lo;0;L;8910;;;;N;;;;; +FA61;CJK COMPATIBILITY IDEOGRAPH-FA61;Lo;0;L;8996;;;;N;;;;; +FA62;CJK COMPATIBILITY IDEOGRAPH-FA62;Lo;0;L;8B01;;;;N;;;;; +FA63;CJK COMPATIBILITY IDEOGRAPH-FA63;Lo;0;L;8B39;;;;N;;;;; +FA64;CJK COMPATIBILITY IDEOGRAPH-FA64;Lo;0;L;8CD3;;;;N;;;;; +FA65;CJK COMPATIBILITY IDEOGRAPH-FA65;Lo;0;L;8D08;;;;N;;;;; +FA66;CJK COMPATIBILITY IDEOGRAPH-FA66;Lo;0;L;8FB6;;;;N;;;;; +FA67;CJK COMPATIBILITY IDEOGRAPH-FA67;Lo;0;L;9038;;;;N;;;;; +FA68;CJK COMPATIBILITY IDEOGRAPH-FA68;Lo;0;L;96E3;;;;N;;;;; +FA69;CJK COMPATIBILITY IDEOGRAPH-FA69;Lo;0;L;97FF;;;;N;;;;; +FA6A;CJK COMPATIBILITY IDEOGRAPH-FA6A;Lo;0;L;983B;;;;N;;;;; +FB00;LATIN SMALL LIGATURE FF;Ll;0;L; 0066 0066;;;;N;;;;; +FB01;LATIN SMALL LIGATURE FI;Ll;0;L; 0066 0069;;;;N;;;;; +FB02;LATIN SMALL LIGATURE FL;Ll;0;L; 0066 006C;;;;N;;;;; +FB03;LATIN SMALL LIGATURE FFI;Ll;0;L; 0066 0066 0069;;;;N;;;;; +FB04;LATIN SMALL LIGATURE FFL;Ll;0;L; 0066 0066 006C;;;;N;;;;; +FB05;LATIN SMALL LIGATURE LONG S T;Ll;0;L; 017F 0074;;;;N;;;;; +FB06;LATIN SMALL LIGATURE ST;Ll;0;L; 0073 0074;;;;N;;;;; +FB13;ARMENIAN SMALL LIGATURE MEN NOW;Ll;0;L; 0574 0576;;;;N;;;;; +FB14;ARMENIAN SMALL LIGATURE MEN ECH;Ll;0;L; 0574 0565;;;;N;;;;; +FB15;ARMENIAN SMALL LIGATURE MEN INI;Ll;0;L; 0574 056B;;;;N;;;;; +FB16;ARMENIAN SMALL LIGATURE VEW NOW;Ll;0;L; 057E 0576;;;;N;;;;; +FB17;ARMENIAN SMALL LIGATURE MEN XEH;Ll;0;L; 0574 056D;;;;N;;;;; +FB1D;HEBREW LETTER YOD WITH HIRIQ;Lo;0;R;05D9 05B4;;;;N;;;;; +FB1E;HEBREW POINT JUDEO-SPANISH VARIKA;Mn;26;NSM;;;;;N;HEBREW POINT VARIKA;;;; +FB1F;HEBREW LIGATURE YIDDISH YOD YOD PATAH;Lo;0;R;05F2 05B7;;;;N;;;;; +FB20;HEBREW LETTER ALTERNATIVE AYIN;Lo;0;R; 05E2;;;;N;;;;; +FB21;HEBREW LETTER WIDE ALEF;Lo;0;R; 05D0;;;;N;;;;; +FB22;HEBREW LETTER WIDE DALET;Lo;0;R; 05D3;;;;N;;;;; +FB23;HEBREW LETTER WIDE HE;Lo;0;R; 05D4;;;;N;;;;; +FB24;HEBREW LETTER WIDE KAF;Lo;0;R; 05DB;;;;N;;;;; +FB25;HEBREW LETTER WIDE LAMED;Lo;0;R; 05DC;;;;N;;;;; +FB26;HEBREW LETTER WIDE FINAL MEM;Lo;0;R; 05DD;;;;N;;;;; +FB27;HEBREW LETTER WIDE RESH;Lo;0;R; 05E8;;;;N;;;;; +FB28;HEBREW LETTER WIDE TAV;Lo;0;R; 05EA;;;;N;;;;; +FB29;HEBREW LETTER ALTERNATIVE PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +FB2A;HEBREW LETTER SHIN WITH SHIN DOT;Lo;0;R;05E9 05C1;;;;N;;;;; +FB2B;HEBREW LETTER SHIN WITH SIN DOT;Lo;0;R;05E9 05C2;;;;N;;;;; +FB2C;HEBREW LETTER SHIN WITH DAGESH AND SHIN DOT;Lo;0;R;FB49 05C1;;;;N;;;;; +FB2D;HEBREW LETTER SHIN WITH DAGESH AND SIN DOT;Lo;0;R;FB49 05C2;;;;N;;;;; +FB2E;HEBREW LETTER ALEF WITH PATAH;Lo;0;R;05D0 05B7;;;;N;;;;; +FB2F;HEBREW LETTER ALEF WITH QAMATS;Lo;0;R;05D0 05B8;;;;N;;;;; +FB30;HEBREW LETTER ALEF WITH MAPIQ;Lo;0;R;05D0 05BC;;;;N;;;;; +FB31;HEBREW LETTER BET WITH DAGESH;Lo;0;R;05D1 05BC;;;;N;;;;; +FB32;HEBREW LETTER GIMEL WITH DAGESH;Lo;0;R;05D2 05BC;;;;N;;;;; +FB33;HEBREW LETTER DALET WITH DAGESH;Lo;0;R;05D3 05BC;;;;N;;;;; +FB34;HEBREW LETTER HE WITH MAPIQ;Lo;0;R;05D4 05BC;;;;N;;;;; +FB35;HEBREW LETTER VAV WITH DAGESH;Lo;0;R;05D5 05BC;;;;N;;;;; +FB36;HEBREW LETTER ZAYIN WITH DAGESH;Lo;0;R;05D6 05BC;;;;N;;;;; +FB38;HEBREW LETTER TET WITH DAGESH;Lo;0;R;05D8 05BC;;;;N;;;;; +FB39;HEBREW LETTER YOD WITH DAGESH;Lo;0;R;05D9 05BC;;;;N;;;;; +FB3A;HEBREW LETTER FINAL KAF WITH DAGESH;Lo;0;R;05DA 05BC;;;;N;;;;; +FB3B;HEBREW LETTER KAF WITH DAGESH;Lo;0;R;05DB 05BC;;;;N;;;;; +FB3C;HEBREW LETTER LAMED WITH DAGESH;Lo;0;R;05DC 05BC;;;;N;;;;; +FB3E;HEBREW LETTER MEM WITH DAGESH;Lo;0;R;05DE 05BC;;;;N;;;;; +FB40;HEBREW LETTER NUN WITH DAGESH;Lo;0;R;05E0 05BC;;;;N;;;;; +FB41;HEBREW LETTER SAMEKH WITH DAGESH;Lo;0;R;05E1 05BC;;;;N;;;;; +FB43;HEBREW LETTER FINAL PE WITH DAGESH;Lo;0;R;05E3 05BC;;;;N;;;;; +FB44;HEBREW LETTER PE WITH DAGESH;Lo;0;R;05E4 05BC;;;;N;;;;; +FB46;HEBREW LETTER TSADI WITH DAGESH;Lo;0;R;05E6 05BC;;;;N;;;;; +FB47;HEBREW LETTER QOF WITH DAGESH;Lo;0;R;05E7 05BC;;;;N;;;;; +FB48;HEBREW LETTER RESH WITH DAGESH;Lo;0;R;05E8 05BC;;;;N;;;;; +FB49;HEBREW LETTER SHIN WITH DAGESH;Lo;0;R;05E9 05BC;;;;N;;;;; +FB4A;HEBREW LETTER TAV WITH DAGESH;Lo;0;R;05EA 05BC;;;;N;;;;; +FB4B;HEBREW LETTER VAV WITH HOLAM;Lo;0;R;05D5 05B9;;;;N;;;;; +FB4C;HEBREW LETTER BET WITH RAFE;Lo;0;R;05D1 05BF;;;;N;;;;; +FB4D;HEBREW LETTER KAF WITH RAFE;Lo;0;R;05DB 05BF;;;;N;;;;; +FB4E;HEBREW LETTER PE WITH RAFE;Lo;0;R;05E4 05BF;;;;N;;;;; +FB4F;HEBREW LIGATURE ALEF LAMED;Lo;0;R; 05D0 05DC;;;;N;;;;; +FB50;ARABIC LETTER ALEF WASLA ISOLATED FORM;Lo;0;AL; 0671;;;;N;;;;; +FB51;ARABIC LETTER ALEF WASLA FINAL FORM;Lo;0;AL; 0671;;;;N;;;;; +FB52;ARABIC LETTER BEEH ISOLATED FORM;Lo;0;AL; 067B;;;;N;;;;; +FB53;ARABIC LETTER BEEH FINAL FORM;Lo;0;AL; 067B;;;;N;;;;; +FB54;ARABIC LETTER BEEH INITIAL FORM;Lo;0;AL; 067B;;;;N;;;;; +FB55;ARABIC LETTER BEEH MEDIAL FORM;Lo;0;AL; 067B;;;;N;;;;; +FB56;ARABIC LETTER PEH ISOLATED FORM;Lo;0;AL; 067E;;;;N;;;;; +FB57;ARABIC LETTER PEH FINAL FORM;Lo;0;AL; 067E;;;;N;;;;; +FB58;ARABIC LETTER PEH INITIAL FORM;Lo;0;AL; 067E;;;;N;;;;; +FB59;ARABIC LETTER PEH MEDIAL FORM;Lo;0;AL; 067E;;;;N;;;;; +FB5A;ARABIC LETTER BEHEH ISOLATED FORM;Lo;0;AL; 0680;;;;N;;;;; +FB5B;ARABIC LETTER BEHEH FINAL FORM;Lo;0;AL; 0680;;;;N;;;;; +FB5C;ARABIC LETTER BEHEH INITIAL FORM;Lo;0;AL; 0680;;;;N;;;;; +FB5D;ARABIC LETTER BEHEH MEDIAL FORM;Lo;0;AL; 0680;;;;N;;;;; +FB5E;ARABIC LETTER TTEHEH ISOLATED FORM;Lo;0;AL; 067A;;;;N;;;;; +FB5F;ARABIC LETTER TTEHEH FINAL FORM;Lo;0;AL; 067A;;;;N;;;;; +FB60;ARABIC LETTER TTEHEH INITIAL FORM;Lo;0;AL; 067A;;;;N;;;;; +FB61;ARABIC LETTER TTEHEH MEDIAL FORM;Lo;0;AL; 067A;;;;N;;;;; +FB62;ARABIC LETTER TEHEH ISOLATED FORM;Lo;0;AL; 067F;;;;N;;;;; +FB63;ARABIC LETTER TEHEH FINAL FORM;Lo;0;AL; 067F;;;;N;;;;; +FB64;ARABIC LETTER TEHEH INITIAL FORM;Lo;0;AL; 067F;;;;N;;;;; +FB65;ARABIC LETTER TEHEH MEDIAL FORM;Lo;0;AL; 067F;;;;N;;;;; +FB66;ARABIC LETTER TTEH ISOLATED FORM;Lo;0;AL; 0679;;;;N;;;;; +FB67;ARABIC LETTER TTEH FINAL FORM;Lo;0;AL; 0679;;;;N;;;;; +FB68;ARABIC LETTER TTEH INITIAL FORM;Lo;0;AL; 0679;;;;N;;;;; +FB69;ARABIC LETTER TTEH MEDIAL FORM;Lo;0;AL; 0679;;;;N;;;;; +FB6A;ARABIC LETTER VEH ISOLATED FORM;Lo;0;AL; 06A4;;;;N;;;;; +FB6B;ARABIC LETTER VEH FINAL FORM;Lo;0;AL; 06A4;;;;N;;;;; +FB6C;ARABIC LETTER VEH INITIAL FORM;Lo;0;AL; 06A4;;;;N;;;;; +FB6D;ARABIC LETTER VEH MEDIAL FORM;Lo;0;AL; 06A4;;;;N;;;;; +FB6E;ARABIC LETTER PEHEH ISOLATED FORM;Lo;0;AL; 06A6;;;;N;;;;; +FB6F;ARABIC LETTER PEHEH FINAL FORM;Lo;0;AL; 06A6;;;;N;;;;; +FB70;ARABIC LETTER PEHEH INITIAL FORM;Lo;0;AL; 06A6;;;;N;;;;; +FB71;ARABIC LETTER PEHEH MEDIAL FORM;Lo;0;AL; 06A6;;;;N;;;;; +FB72;ARABIC LETTER DYEH ISOLATED FORM;Lo;0;AL; 0684;;;;N;;;;; +FB73;ARABIC LETTER DYEH FINAL FORM;Lo;0;AL; 0684;;;;N;;;;; +FB74;ARABIC LETTER DYEH INITIAL FORM;Lo;0;AL; 0684;;;;N;;;;; +FB75;ARABIC LETTER DYEH MEDIAL FORM;Lo;0;AL; 0684;;;;N;;;;; +FB76;ARABIC LETTER NYEH ISOLATED FORM;Lo;0;AL; 0683;;;;N;;;;; +FB77;ARABIC LETTER NYEH FINAL FORM;Lo;0;AL; 0683;;;;N;;;;; +FB78;ARABIC LETTER NYEH INITIAL FORM;Lo;0;AL; 0683;;;;N;;;;; +FB79;ARABIC LETTER NYEH MEDIAL FORM;Lo;0;AL; 0683;;;;N;;;;; +FB7A;ARABIC LETTER TCHEH ISOLATED FORM;Lo;0;AL; 0686;;;;N;;;;; +FB7B;ARABIC LETTER TCHEH FINAL FORM;Lo;0;AL; 0686;;;;N;;;;; +FB7C;ARABIC LETTER TCHEH INITIAL FORM;Lo;0;AL; 0686;;;;N;;;;; +FB7D;ARABIC LETTER TCHEH MEDIAL FORM;Lo;0;AL; 0686;;;;N;;;;; +FB7E;ARABIC LETTER TCHEHEH ISOLATED FORM;Lo;0;AL; 0687;;;;N;;;;; +FB7F;ARABIC LETTER TCHEHEH FINAL FORM;Lo;0;AL; 0687;;;;N;;;;; +FB80;ARABIC LETTER TCHEHEH INITIAL FORM;Lo;0;AL; 0687;;;;N;;;;; +FB81;ARABIC LETTER TCHEHEH MEDIAL FORM;Lo;0;AL; 0687;;;;N;;;;; +FB82;ARABIC LETTER DDAHAL ISOLATED FORM;Lo;0;AL; 068D;;;;N;;;;; +FB83;ARABIC LETTER DDAHAL FINAL FORM;Lo;0;AL; 068D;;;;N;;;;; +FB84;ARABIC LETTER DAHAL ISOLATED FORM;Lo;0;AL; 068C;;;;N;;;;; +FB85;ARABIC LETTER DAHAL FINAL FORM;Lo;0;AL; 068C;;;;N;;;;; +FB86;ARABIC LETTER DUL ISOLATED FORM;Lo;0;AL; 068E;;;;N;;;;; +FB87;ARABIC LETTER DUL FINAL FORM;Lo;0;AL; 068E;;;;N;;;;; +FB88;ARABIC LETTER DDAL ISOLATED FORM;Lo;0;AL; 0688;;;;N;;;;; +FB89;ARABIC LETTER DDAL FINAL FORM;Lo;0;AL; 0688;;;;N;;;;; +FB8A;ARABIC LETTER JEH ISOLATED FORM;Lo;0;AL; 0698;;;;N;;;;; +FB8B;ARABIC LETTER JEH FINAL FORM;Lo;0;AL; 0698;;;;N;;;;; +FB8C;ARABIC LETTER RREH ISOLATED FORM;Lo;0;AL; 0691;;;;N;;;;; +FB8D;ARABIC LETTER RREH FINAL FORM;Lo;0;AL; 0691;;;;N;;;;; +FB8E;ARABIC LETTER KEHEH ISOLATED FORM;Lo;0;AL; 06A9;;;;N;;;;; +FB8F;ARABIC LETTER KEHEH FINAL FORM;Lo;0;AL; 06A9;;;;N;;;;; +FB90;ARABIC LETTER KEHEH INITIAL FORM;Lo;0;AL; 06A9;;;;N;;;;; +FB91;ARABIC LETTER KEHEH MEDIAL FORM;Lo;0;AL; 06A9;;;;N;;;;; +FB92;ARABIC LETTER GAF ISOLATED FORM;Lo;0;AL; 06AF;;;;N;;;;; +FB93;ARABIC LETTER GAF FINAL FORM;Lo;0;AL; 06AF;;;;N;;;;; +FB94;ARABIC LETTER GAF INITIAL FORM;Lo;0;AL; 06AF;;;;N;;;;; +FB95;ARABIC LETTER GAF MEDIAL FORM;Lo;0;AL; 06AF;;;;N;;;;; +FB96;ARABIC LETTER GUEH ISOLATED FORM;Lo;0;AL; 06B3;;;;N;;;;; +FB97;ARABIC LETTER GUEH FINAL FORM;Lo;0;AL; 06B3;;;;N;;;;; +FB98;ARABIC LETTER GUEH INITIAL FORM;Lo;0;AL; 06B3;;;;N;;;;; +FB99;ARABIC LETTER GUEH MEDIAL FORM;Lo;0;AL; 06B3;;;;N;;;;; +FB9A;ARABIC LETTER NGOEH ISOLATED FORM;Lo;0;AL; 06B1;;;;N;;;;; +FB9B;ARABIC LETTER NGOEH FINAL FORM;Lo;0;AL; 06B1;;;;N;;;;; +FB9C;ARABIC LETTER NGOEH INITIAL FORM;Lo;0;AL; 06B1;;;;N;;;;; +FB9D;ARABIC LETTER NGOEH MEDIAL FORM;Lo;0;AL; 06B1;;;;N;;;;; +FB9E;ARABIC LETTER NOON GHUNNA ISOLATED FORM;Lo;0;AL; 06BA;;;;N;;;;; +FB9F;ARABIC LETTER NOON GHUNNA FINAL FORM;Lo;0;AL; 06BA;;;;N;;;;; +FBA0;ARABIC LETTER RNOON ISOLATED FORM;Lo;0;AL; 06BB;;;;N;;;;; +FBA1;ARABIC LETTER RNOON FINAL FORM;Lo;0;AL; 06BB;;;;N;;;;; +FBA2;ARABIC LETTER RNOON INITIAL FORM;Lo;0;AL; 06BB;;;;N;;;;; +FBA3;ARABIC LETTER RNOON MEDIAL FORM;Lo;0;AL; 06BB;;;;N;;;;; +FBA4;ARABIC LETTER HEH WITH YEH ABOVE ISOLATED FORM;Lo;0;AL; 06C0;;;;N;;;;; +FBA5;ARABIC LETTER HEH WITH YEH ABOVE FINAL FORM;Lo;0;AL; 06C0;;;;N;;;;; +FBA6;ARABIC LETTER HEH GOAL ISOLATED FORM;Lo;0;AL; 06C1;;;;N;;;;; +FBA7;ARABIC LETTER HEH GOAL FINAL FORM;Lo;0;AL; 06C1;;;;N;;;;; +FBA8;ARABIC LETTER HEH GOAL INITIAL FORM;Lo;0;AL; 06C1;;;;N;;;;; +FBA9;ARABIC LETTER HEH GOAL MEDIAL FORM;Lo;0;AL; 06C1;;;;N;;;;; +FBAA;ARABIC LETTER HEH DOACHASHMEE ISOLATED FORM;Lo;0;AL; 06BE;;;;N;;;;; +FBAB;ARABIC LETTER HEH DOACHASHMEE FINAL FORM;Lo;0;AL; 06BE;;;;N;;;;; +FBAC;ARABIC LETTER HEH DOACHASHMEE INITIAL FORM;Lo;0;AL; 06BE;;;;N;;;;; +FBAD;ARABIC LETTER HEH DOACHASHMEE MEDIAL FORM;Lo;0;AL; 06BE;;;;N;;;;; +FBAE;ARABIC LETTER YEH BARREE ISOLATED FORM;Lo;0;AL; 06D2;;;;N;;;;; +FBAF;ARABIC LETTER YEH BARREE FINAL FORM;Lo;0;AL; 06D2;;;;N;;;;; +FBB0;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 06D3;;;;N;;;;; +FBB1;ARABIC LETTER YEH BARREE WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 06D3;;;;N;;;;; +FBD3;ARABIC LETTER NG ISOLATED FORM;Lo;0;AL; 06AD;;;;N;;;;; +FBD4;ARABIC LETTER NG FINAL FORM;Lo;0;AL; 06AD;;;;N;;;;; +FBD5;ARABIC LETTER NG INITIAL FORM;Lo;0;AL; 06AD;;;;N;;;;; +FBD6;ARABIC LETTER NG MEDIAL FORM;Lo;0;AL; 06AD;;;;N;;;;; +FBD7;ARABIC LETTER U ISOLATED FORM;Lo;0;AL; 06C7;;;;N;;;;; +FBD8;ARABIC LETTER U FINAL FORM;Lo;0;AL; 06C7;;;;N;;;;; +FBD9;ARABIC LETTER OE ISOLATED FORM;Lo;0;AL; 06C6;;;;N;;;;; +FBDA;ARABIC LETTER OE FINAL FORM;Lo;0;AL; 06C6;;;;N;;;;; +FBDB;ARABIC LETTER YU ISOLATED FORM;Lo;0;AL; 06C8;;;;N;;;;; +FBDC;ARABIC LETTER YU FINAL FORM;Lo;0;AL; 06C8;;;;N;;;;; +FBDD;ARABIC LETTER U WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0677;;;;N;;;;; +FBDE;ARABIC LETTER VE ISOLATED FORM;Lo;0;AL; 06CB;;;;N;;;;; +FBDF;ARABIC LETTER VE FINAL FORM;Lo;0;AL; 06CB;;;;N;;;;; +FBE0;ARABIC LETTER KIRGHIZ OE ISOLATED FORM;Lo;0;AL; 06C5;;;;N;;;;; +FBE1;ARABIC LETTER KIRGHIZ OE FINAL FORM;Lo;0;AL; 06C5;;;;N;;;;; +FBE2;ARABIC LETTER KIRGHIZ YU ISOLATED FORM;Lo;0;AL; 06C9;;;;N;;;;; +FBE3;ARABIC LETTER KIRGHIZ YU FINAL FORM;Lo;0;AL; 06C9;;;;N;;;;; +FBE4;ARABIC LETTER E ISOLATED FORM;Lo;0;AL; 06D0;;;;N;;;;; +FBE5;ARABIC LETTER E FINAL FORM;Lo;0;AL; 06D0;;;;N;;;;; +FBE6;ARABIC LETTER E INITIAL FORM;Lo;0;AL; 06D0;;;;N;;;;; +FBE7;ARABIC LETTER E MEDIAL FORM;Lo;0;AL; 06D0;;;;N;;;;; +FBE8;ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA INITIAL FORM;Lo;0;AL; 0649;;;;N;;;;; +FBE9;ARABIC LETTER UIGHUR KAZAKH KIRGHIZ ALEF MAKSURA MEDIAL FORM;Lo;0;AL; 0649;;;;N;;;;; +FBEA;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF ISOLATED FORM;Lo;0;AL; 0626 0627;;;;N;;;;; +FBEB;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF FINAL FORM;Lo;0;AL; 0626 0627;;;;N;;;;; +FBEC;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE ISOLATED FORM;Lo;0;AL; 0626 06D5;;;;N;;;;; +FBED;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH AE FINAL FORM;Lo;0;AL; 0626 06D5;;;;N;;;;; +FBEE;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW ISOLATED FORM;Lo;0;AL; 0626 0648;;;;N;;;;; +FBEF;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH WAW FINAL FORM;Lo;0;AL; 0626 0648;;;;N;;;;; +FBF0;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U ISOLATED FORM;Lo;0;AL; 0626 06C7;;;;N;;;;; +FBF1;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH U FINAL FORM;Lo;0;AL; 0626 06C7;;;;N;;;;; +FBF2;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE ISOLATED FORM;Lo;0;AL; 0626 06C6;;;;N;;;;; +FBF3;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH OE FINAL FORM;Lo;0;AL; 0626 06C6;;;;N;;;;; +FBF4;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU ISOLATED FORM;Lo;0;AL; 0626 06C8;;;;N;;;;; +FBF5;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YU FINAL FORM;Lo;0;AL; 0626 06C8;;;;N;;;;; +FBF6;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E ISOLATED FORM;Lo;0;AL; 0626 06D0;;;;N;;;;; +FBF7;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E FINAL FORM;Lo;0;AL; 0626 06D0;;;;N;;;;; +FBF8;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH E INITIAL FORM;Lo;0;AL; 0626 06D0;;;;N;;;;; +FBF9;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FBFA;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FBFB;ARABIC LIGATURE UIGHUR KIRGHIZ YEH WITH HAMZA ABOVE WITH ALEF MAKSURA INITIAL FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FBFC;ARABIC LETTER FARSI YEH ISOLATED FORM;Lo;0;AL; 06CC;;;;N;;;;; +FBFD;ARABIC LETTER FARSI YEH FINAL FORM;Lo;0;AL; 06CC;;;;N;;;;; +FBFE;ARABIC LETTER FARSI YEH INITIAL FORM;Lo;0;AL; 06CC;;;;N;;;;; +FBFF;ARABIC LETTER FARSI YEH MEDIAL FORM;Lo;0;AL; 06CC;;;;N;;;;; +FC00;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM ISOLATED FORM;Lo;0;AL; 0626 062C;;;;N;;;;; +FC01;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH ISOLATED FORM;Lo;0;AL; 0626 062D;;;;N;;;;; +FC02;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM ISOLATED FORM;Lo;0;AL; 0626 0645;;;;N;;;;; +FC03;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FC04;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH ISOLATED FORM;Lo;0;AL; 0626 064A;;;;N;;;;; +FC05;ARABIC LIGATURE BEH WITH JEEM ISOLATED FORM;Lo;0;AL; 0628 062C;;;;N;;;;; +FC06;ARABIC LIGATURE BEH WITH HAH ISOLATED FORM;Lo;0;AL; 0628 062D;;;;N;;;;; +FC07;ARABIC LIGATURE BEH WITH KHAH ISOLATED FORM;Lo;0;AL; 0628 062E;;;;N;;;;; +FC08;ARABIC LIGATURE BEH WITH MEEM ISOLATED FORM;Lo;0;AL; 0628 0645;;;;N;;;;; +FC09;ARABIC LIGATURE BEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0628 0649;;;;N;;;;; +FC0A;ARABIC LIGATURE BEH WITH YEH ISOLATED FORM;Lo;0;AL; 0628 064A;;;;N;;;;; +FC0B;ARABIC LIGATURE TEH WITH JEEM ISOLATED FORM;Lo;0;AL; 062A 062C;;;;N;;;;; +FC0C;ARABIC LIGATURE TEH WITH HAH ISOLATED FORM;Lo;0;AL; 062A 062D;;;;N;;;;; +FC0D;ARABIC LIGATURE TEH WITH KHAH ISOLATED FORM;Lo;0;AL; 062A 062E;;;;N;;;;; +FC0E;ARABIC LIGATURE TEH WITH MEEM ISOLATED FORM;Lo;0;AL; 062A 0645;;;;N;;;;; +FC0F;ARABIC LIGATURE TEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062A 0649;;;;N;;;;; +FC10;ARABIC LIGATURE TEH WITH YEH ISOLATED FORM;Lo;0;AL; 062A 064A;;;;N;;;;; +FC11;ARABIC LIGATURE THEH WITH JEEM ISOLATED FORM;Lo;0;AL; 062B 062C;;;;N;;;;; +FC12;ARABIC LIGATURE THEH WITH MEEM ISOLATED FORM;Lo;0;AL; 062B 0645;;;;N;;;;; +FC13;ARABIC LIGATURE THEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062B 0649;;;;N;;;;; +FC14;ARABIC LIGATURE THEH WITH YEH ISOLATED FORM;Lo;0;AL; 062B 064A;;;;N;;;;; +FC15;ARABIC LIGATURE JEEM WITH HAH ISOLATED FORM;Lo;0;AL; 062C 062D;;;;N;;;;; +FC16;ARABIC LIGATURE JEEM WITH MEEM ISOLATED FORM;Lo;0;AL; 062C 0645;;;;N;;;;; +FC17;ARABIC LIGATURE HAH WITH JEEM ISOLATED FORM;Lo;0;AL; 062D 062C;;;;N;;;;; +FC18;ARABIC LIGATURE HAH WITH MEEM ISOLATED FORM;Lo;0;AL; 062D 0645;;;;N;;;;; +FC19;ARABIC LIGATURE KHAH WITH JEEM ISOLATED FORM;Lo;0;AL; 062E 062C;;;;N;;;;; +FC1A;ARABIC LIGATURE KHAH WITH HAH ISOLATED FORM;Lo;0;AL; 062E 062D;;;;N;;;;; +FC1B;ARABIC LIGATURE KHAH WITH MEEM ISOLATED FORM;Lo;0;AL; 062E 0645;;;;N;;;;; +FC1C;ARABIC LIGATURE SEEN WITH JEEM ISOLATED FORM;Lo;0;AL; 0633 062C;;;;N;;;;; +FC1D;ARABIC LIGATURE SEEN WITH HAH ISOLATED FORM;Lo;0;AL; 0633 062D;;;;N;;;;; +FC1E;ARABIC LIGATURE SEEN WITH KHAH ISOLATED FORM;Lo;0;AL; 0633 062E;;;;N;;;;; +FC1F;ARABIC LIGATURE SEEN WITH MEEM ISOLATED FORM;Lo;0;AL; 0633 0645;;;;N;;;;; +FC20;ARABIC LIGATURE SAD WITH HAH ISOLATED FORM;Lo;0;AL; 0635 062D;;;;N;;;;; +FC21;ARABIC LIGATURE SAD WITH MEEM ISOLATED FORM;Lo;0;AL; 0635 0645;;;;N;;;;; +FC22;ARABIC LIGATURE DAD WITH JEEM ISOLATED FORM;Lo;0;AL; 0636 062C;;;;N;;;;; +FC23;ARABIC LIGATURE DAD WITH HAH ISOLATED FORM;Lo;0;AL; 0636 062D;;;;N;;;;; +FC24;ARABIC LIGATURE DAD WITH KHAH ISOLATED FORM;Lo;0;AL; 0636 062E;;;;N;;;;; +FC25;ARABIC LIGATURE DAD WITH MEEM ISOLATED FORM;Lo;0;AL; 0636 0645;;;;N;;;;; +FC26;ARABIC LIGATURE TAH WITH HAH ISOLATED FORM;Lo;0;AL; 0637 062D;;;;N;;;;; +FC27;ARABIC LIGATURE TAH WITH MEEM ISOLATED FORM;Lo;0;AL; 0637 0645;;;;N;;;;; +FC28;ARABIC LIGATURE ZAH WITH MEEM ISOLATED FORM;Lo;0;AL; 0638 0645;;;;N;;;;; +FC29;ARABIC LIGATURE AIN WITH JEEM ISOLATED FORM;Lo;0;AL; 0639 062C;;;;N;;;;; +FC2A;ARABIC LIGATURE AIN WITH MEEM ISOLATED FORM;Lo;0;AL; 0639 0645;;;;N;;;;; +FC2B;ARABIC LIGATURE GHAIN WITH JEEM ISOLATED FORM;Lo;0;AL; 063A 062C;;;;N;;;;; +FC2C;ARABIC LIGATURE GHAIN WITH MEEM ISOLATED FORM;Lo;0;AL; 063A 0645;;;;N;;;;; +FC2D;ARABIC LIGATURE FEH WITH JEEM ISOLATED FORM;Lo;0;AL; 0641 062C;;;;N;;;;; +FC2E;ARABIC LIGATURE FEH WITH HAH ISOLATED FORM;Lo;0;AL; 0641 062D;;;;N;;;;; +FC2F;ARABIC LIGATURE FEH WITH KHAH ISOLATED FORM;Lo;0;AL; 0641 062E;;;;N;;;;; +FC30;ARABIC LIGATURE FEH WITH MEEM ISOLATED FORM;Lo;0;AL; 0641 0645;;;;N;;;;; +FC31;ARABIC LIGATURE FEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0641 0649;;;;N;;;;; +FC32;ARABIC LIGATURE FEH WITH YEH ISOLATED FORM;Lo;0;AL; 0641 064A;;;;N;;;;; +FC33;ARABIC LIGATURE QAF WITH HAH ISOLATED FORM;Lo;0;AL; 0642 062D;;;;N;;;;; +FC34;ARABIC LIGATURE QAF WITH MEEM ISOLATED FORM;Lo;0;AL; 0642 0645;;;;N;;;;; +FC35;ARABIC LIGATURE QAF WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0642 0649;;;;N;;;;; +FC36;ARABIC LIGATURE QAF WITH YEH ISOLATED FORM;Lo;0;AL; 0642 064A;;;;N;;;;; +FC37;ARABIC LIGATURE KAF WITH ALEF ISOLATED FORM;Lo;0;AL; 0643 0627;;;;N;;;;; +FC38;ARABIC LIGATURE KAF WITH JEEM ISOLATED FORM;Lo;0;AL; 0643 062C;;;;N;;;;; +FC39;ARABIC LIGATURE KAF WITH HAH ISOLATED FORM;Lo;0;AL; 0643 062D;;;;N;;;;; +FC3A;ARABIC LIGATURE KAF WITH KHAH ISOLATED FORM;Lo;0;AL; 0643 062E;;;;N;;;;; +FC3B;ARABIC LIGATURE KAF WITH LAM ISOLATED FORM;Lo;0;AL; 0643 0644;;;;N;;;;; +FC3C;ARABIC LIGATURE KAF WITH MEEM ISOLATED FORM;Lo;0;AL; 0643 0645;;;;N;;;;; +FC3D;ARABIC LIGATURE KAF WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0643 0649;;;;N;;;;; +FC3E;ARABIC LIGATURE KAF WITH YEH ISOLATED FORM;Lo;0;AL; 0643 064A;;;;N;;;;; +FC3F;ARABIC LIGATURE LAM WITH JEEM ISOLATED FORM;Lo;0;AL; 0644 062C;;;;N;;;;; +FC40;ARABIC LIGATURE LAM WITH HAH ISOLATED FORM;Lo;0;AL; 0644 062D;;;;N;;;;; +FC41;ARABIC LIGATURE LAM WITH KHAH ISOLATED FORM;Lo;0;AL; 0644 062E;;;;N;;;;; +FC42;ARABIC LIGATURE LAM WITH MEEM ISOLATED FORM;Lo;0;AL; 0644 0645;;;;N;;;;; +FC43;ARABIC LIGATURE LAM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0644 0649;;;;N;;;;; +FC44;ARABIC LIGATURE LAM WITH YEH ISOLATED FORM;Lo;0;AL; 0644 064A;;;;N;;;;; +FC45;ARABIC LIGATURE MEEM WITH JEEM ISOLATED FORM;Lo;0;AL; 0645 062C;;;;N;;;;; +FC46;ARABIC LIGATURE MEEM WITH HAH ISOLATED FORM;Lo;0;AL; 0645 062D;;;;N;;;;; +FC47;ARABIC LIGATURE MEEM WITH KHAH ISOLATED FORM;Lo;0;AL; 0645 062E;;;;N;;;;; +FC48;ARABIC LIGATURE MEEM WITH MEEM ISOLATED FORM;Lo;0;AL; 0645 0645;;;;N;;;;; +FC49;ARABIC LIGATURE MEEM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0645 0649;;;;N;;;;; +FC4A;ARABIC LIGATURE MEEM WITH YEH ISOLATED FORM;Lo;0;AL; 0645 064A;;;;N;;;;; +FC4B;ARABIC LIGATURE NOON WITH JEEM ISOLATED FORM;Lo;0;AL; 0646 062C;;;;N;;;;; +FC4C;ARABIC LIGATURE NOON WITH HAH ISOLATED FORM;Lo;0;AL; 0646 062D;;;;N;;;;; +FC4D;ARABIC LIGATURE NOON WITH KHAH ISOLATED FORM;Lo;0;AL; 0646 062E;;;;N;;;;; +FC4E;ARABIC LIGATURE NOON WITH MEEM ISOLATED FORM;Lo;0;AL; 0646 0645;;;;N;;;;; +FC4F;ARABIC LIGATURE NOON WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0646 0649;;;;N;;;;; +FC50;ARABIC LIGATURE NOON WITH YEH ISOLATED FORM;Lo;0;AL; 0646 064A;;;;N;;;;; +FC51;ARABIC LIGATURE HEH WITH JEEM ISOLATED FORM;Lo;0;AL; 0647 062C;;;;N;;;;; +FC52;ARABIC LIGATURE HEH WITH MEEM ISOLATED FORM;Lo;0;AL; 0647 0645;;;;N;;;;; +FC53;ARABIC LIGATURE HEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0647 0649;;;;N;;;;; +FC54;ARABIC LIGATURE HEH WITH YEH ISOLATED FORM;Lo;0;AL; 0647 064A;;;;N;;;;; +FC55;ARABIC LIGATURE YEH WITH JEEM ISOLATED FORM;Lo;0;AL; 064A 062C;;;;N;;;;; +FC56;ARABIC LIGATURE YEH WITH HAH ISOLATED FORM;Lo;0;AL; 064A 062D;;;;N;;;;; +FC57;ARABIC LIGATURE YEH WITH KHAH ISOLATED FORM;Lo;0;AL; 064A 062E;;;;N;;;;; +FC58;ARABIC LIGATURE YEH WITH MEEM ISOLATED FORM;Lo;0;AL; 064A 0645;;;;N;;;;; +FC59;ARABIC LIGATURE YEH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 064A 0649;;;;N;;;;; +FC5A;ARABIC LIGATURE YEH WITH YEH ISOLATED FORM;Lo;0;AL; 064A 064A;;;;N;;;;; +FC5B;ARABIC LIGATURE THAL WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL; 0630 0670;;;;N;;;;; +FC5C;ARABIC LIGATURE REH WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL; 0631 0670;;;;N;;;;; +FC5D;ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL; 0649 0670;;;;N;;;;; +FC5E;ARABIC LIGATURE SHADDA WITH DAMMATAN ISOLATED FORM;Lo;0;AL; 0020 064C 0651;;;;N;;;;; +FC5F;ARABIC LIGATURE SHADDA WITH KASRATAN ISOLATED FORM;Lo;0;AL; 0020 064D 0651;;;;N;;;;; +FC60;ARABIC LIGATURE SHADDA WITH FATHA ISOLATED FORM;Lo;0;AL; 0020 064E 0651;;;;N;;;;; +FC61;ARABIC LIGATURE SHADDA WITH DAMMA ISOLATED FORM;Lo;0;AL; 0020 064F 0651;;;;N;;;;; +FC62;ARABIC LIGATURE SHADDA WITH KASRA ISOLATED FORM;Lo;0;AL; 0020 0650 0651;;;;N;;;;; +FC63;ARABIC LIGATURE SHADDA WITH SUPERSCRIPT ALEF ISOLATED FORM;Lo;0;AL; 0020 0651 0670;;;;N;;;;; +FC64;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH REH FINAL FORM;Lo;0;AL; 0626 0631;;;;N;;;;; +FC65;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ZAIN FINAL FORM;Lo;0;AL; 0626 0632;;;;N;;;;; +FC66;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM FINAL FORM;Lo;0;AL; 0626 0645;;;;N;;;;; +FC67;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH NOON FINAL FORM;Lo;0;AL; 0626 0646;;;;N;;;;; +FC68;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0626 0649;;;;N;;;;; +FC69;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH YEH FINAL FORM;Lo;0;AL; 0626 064A;;;;N;;;;; +FC6A;ARABIC LIGATURE BEH WITH REH FINAL FORM;Lo;0;AL; 0628 0631;;;;N;;;;; +FC6B;ARABIC LIGATURE BEH WITH ZAIN FINAL FORM;Lo;0;AL; 0628 0632;;;;N;;;;; +FC6C;ARABIC LIGATURE BEH WITH MEEM FINAL FORM;Lo;0;AL; 0628 0645;;;;N;;;;; +FC6D;ARABIC LIGATURE BEH WITH NOON FINAL FORM;Lo;0;AL; 0628 0646;;;;N;;;;; +FC6E;ARABIC LIGATURE BEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0628 0649;;;;N;;;;; +FC6F;ARABIC LIGATURE BEH WITH YEH FINAL FORM;Lo;0;AL; 0628 064A;;;;N;;;;; +FC70;ARABIC LIGATURE TEH WITH REH FINAL FORM;Lo;0;AL; 062A 0631;;;;N;;;;; +FC71;ARABIC LIGATURE TEH WITH ZAIN FINAL FORM;Lo;0;AL; 062A 0632;;;;N;;;;; +FC72;ARABIC LIGATURE TEH WITH MEEM FINAL FORM;Lo;0;AL; 062A 0645;;;;N;;;;; +FC73;ARABIC LIGATURE TEH WITH NOON FINAL FORM;Lo;0;AL; 062A 0646;;;;N;;;;; +FC74;ARABIC LIGATURE TEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062A 0649;;;;N;;;;; +FC75;ARABIC LIGATURE TEH WITH YEH FINAL FORM;Lo;0;AL; 062A 064A;;;;N;;;;; +FC76;ARABIC LIGATURE THEH WITH REH FINAL FORM;Lo;0;AL; 062B 0631;;;;N;;;;; +FC77;ARABIC LIGATURE THEH WITH ZAIN FINAL FORM;Lo;0;AL; 062B 0632;;;;N;;;;; +FC78;ARABIC LIGATURE THEH WITH MEEM FINAL FORM;Lo;0;AL; 062B 0645;;;;N;;;;; +FC79;ARABIC LIGATURE THEH WITH NOON FINAL FORM;Lo;0;AL; 062B 0646;;;;N;;;;; +FC7A;ARABIC LIGATURE THEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062B 0649;;;;N;;;;; +FC7B;ARABIC LIGATURE THEH WITH YEH FINAL FORM;Lo;0;AL; 062B 064A;;;;N;;;;; +FC7C;ARABIC LIGATURE FEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0641 0649;;;;N;;;;; +FC7D;ARABIC LIGATURE FEH WITH YEH FINAL FORM;Lo;0;AL; 0641 064A;;;;N;;;;; +FC7E;ARABIC LIGATURE QAF WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0642 0649;;;;N;;;;; +FC7F;ARABIC LIGATURE QAF WITH YEH FINAL FORM;Lo;0;AL; 0642 064A;;;;N;;;;; +FC80;ARABIC LIGATURE KAF WITH ALEF FINAL FORM;Lo;0;AL; 0643 0627;;;;N;;;;; +FC81;ARABIC LIGATURE KAF WITH LAM FINAL FORM;Lo;0;AL; 0643 0644;;;;N;;;;; +FC82;ARABIC LIGATURE KAF WITH MEEM FINAL FORM;Lo;0;AL; 0643 0645;;;;N;;;;; +FC83;ARABIC LIGATURE KAF WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0643 0649;;;;N;;;;; +FC84;ARABIC LIGATURE KAF WITH YEH FINAL FORM;Lo;0;AL; 0643 064A;;;;N;;;;; +FC85;ARABIC LIGATURE LAM WITH MEEM FINAL FORM;Lo;0;AL; 0644 0645;;;;N;;;;; +FC86;ARABIC LIGATURE LAM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0644 0649;;;;N;;;;; +FC87;ARABIC LIGATURE LAM WITH YEH FINAL FORM;Lo;0;AL; 0644 064A;;;;N;;;;; +FC88;ARABIC LIGATURE MEEM WITH ALEF FINAL FORM;Lo;0;AL; 0645 0627;;;;N;;;;; +FC89;ARABIC LIGATURE MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0645 0645;;;;N;;;;; +FC8A;ARABIC LIGATURE NOON WITH REH FINAL FORM;Lo;0;AL; 0646 0631;;;;N;;;;; +FC8B;ARABIC LIGATURE NOON WITH ZAIN FINAL FORM;Lo;0;AL; 0646 0632;;;;N;;;;; +FC8C;ARABIC LIGATURE NOON WITH MEEM FINAL FORM;Lo;0;AL; 0646 0645;;;;N;;;;; +FC8D;ARABIC LIGATURE NOON WITH NOON FINAL FORM;Lo;0;AL; 0646 0646;;;;N;;;;; +FC8E;ARABIC LIGATURE NOON WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0646 0649;;;;N;;;;; +FC8F;ARABIC LIGATURE NOON WITH YEH FINAL FORM;Lo;0;AL; 0646 064A;;;;N;;;;; +FC90;ARABIC LIGATURE ALEF MAKSURA WITH SUPERSCRIPT ALEF FINAL FORM;Lo;0;AL; 0649 0670;;;;N;;;;; +FC91;ARABIC LIGATURE YEH WITH REH FINAL FORM;Lo;0;AL; 064A 0631;;;;N;;;;; +FC92;ARABIC LIGATURE YEH WITH ZAIN FINAL FORM;Lo;0;AL; 064A 0632;;;;N;;;;; +FC93;ARABIC LIGATURE YEH WITH MEEM FINAL FORM;Lo;0;AL; 064A 0645;;;;N;;;;; +FC94;ARABIC LIGATURE YEH WITH NOON FINAL FORM;Lo;0;AL; 064A 0646;;;;N;;;;; +FC95;ARABIC LIGATURE YEH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 064A 0649;;;;N;;;;; +FC96;ARABIC LIGATURE YEH WITH YEH FINAL FORM;Lo;0;AL; 064A 064A;;;;N;;;;; +FC97;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH JEEM INITIAL FORM;Lo;0;AL; 0626 062C;;;;N;;;;; +FC98;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HAH INITIAL FORM;Lo;0;AL; 0626 062D;;;;N;;;;; +FC99;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH KHAH INITIAL FORM;Lo;0;AL; 0626 062E;;;;N;;;;; +FC9A;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM INITIAL FORM;Lo;0;AL; 0626 0645;;;;N;;;;; +FC9B;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH INITIAL FORM;Lo;0;AL; 0626 0647;;;;N;;;;; +FC9C;ARABIC LIGATURE BEH WITH JEEM INITIAL FORM;Lo;0;AL; 0628 062C;;;;N;;;;; +FC9D;ARABIC LIGATURE BEH WITH HAH INITIAL FORM;Lo;0;AL; 0628 062D;;;;N;;;;; +FC9E;ARABIC LIGATURE BEH WITH KHAH INITIAL FORM;Lo;0;AL; 0628 062E;;;;N;;;;; +FC9F;ARABIC LIGATURE BEH WITH MEEM INITIAL FORM;Lo;0;AL; 0628 0645;;;;N;;;;; +FCA0;ARABIC LIGATURE BEH WITH HEH INITIAL FORM;Lo;0;AL; 0628 0647;;;;N;;;;; +FCA1;ARABIC LIGATURE TEH WITH JEEM INITIAL FORM;Lo;0;AL; 062A 062C;;;;N;;;;; +FCA2;ARABIC LIGATURE TEH WITH HAH INITIAL FORM;Lo;0;AL; 062A 062D;;;;N;;;;; +FCA3;ARABIC LIGATURE TEH WITH KHAH INITIAL FORM;Lo;0;AL; 062A 062E;;;;N;;;;; +FCA4;ARABIC LIGATURE TEH WITH MEEM INITIAL FORM;Lo;0;AL; 062A 0645;;;;N;;;;; +FCA5;ARABIC LIGATURE TEH WITH HEH INITIAL FORM;Lo;0;AL; 062A 0647;;;;N;;;;; +FCA6;ARABIC LIGATURE THEH WITH MEEM INITIAL FORM;Lo;0;AL; 062B 0645;;;;N;;;;; +FCA7;ARABIC LIGATURE JEEM WITH HAH INITIAL FORM;Lo;0;AL; 062C 062D;;;;N;;;;; +FCA8;ARABIC LIGATURE JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 062C 0645;;;;N;;;;; +FCA9;ARABIC LIGATURE HAH WITH JEEM INITIAL FORM;Lo;0;AL; 062D 062C;;;;N;;;;; +FCAA;ARABIC LIGATURE HAH WITH MEEM INITIAL FORM;Lo;0;AL; 062D 0645;;;;N;;;;; +FCAB;ARABIC LIGATURE KHAH WITH JEEM INITIAL FORM;Lo;0;AL; 062E 062C;;;;N;;;;; +FCAC;ARABIC LIGATURE KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 062E 0645;;;;N;;;;; +FCAD;ARABIC LIGATURE SEEN WITH JEEM INITIAL FORM;Lo;0;AL; 0633 062C;;;;N;;;;; +FCAE;ARABIC LIGATURE SEEN WITH HAH INITIAL FORM;Lo;0;AL; 0633 062D;;;;N;;;;; +FCAF;ARABIC LIGATURE SEEN WITH KHAH INITIAL FORM;Lo;0;AL; 0633 062E;;;;N;;;;; +FCB0;ARABIC LIGATURE SEEN WITH MEEM INITIAL FORM;Lo;0;AL; 0633 0645;;;;N;;;;; +FCB1;ARABIC LIGATURE SAD WITH HAH INITIAL FORM;Lo;0;AL; 0635 062D;;;;N;;;;; +FCB2;ARABIC LIGATURE SAD WITH KHAH INITIAL FORM;Lo;0;AL; 0635 062E;;;;N;;;;; +FCB3;ARABIC LIGATURE SAD WITH MEEM INITIAL FORM;Lo;0;AL; 0635 0645;;;;N;;;;; +FCB4;ARABIC LIGATURE DAD WITH JEEM INITIAL FORM;Lo;0;AL; 0636 062C;;;;N;;;;; +FCB5;ARABIC LIGATURE DAD WITH HAH INITIAL FORM;Lo;0;AL; 0636 062D;;;;N;;;;; +FCB6;ARABIC LIGATURE DAD WITH KHAH INITIAL FORM;Lo;0;AL; 0636 062E;;;;N;;;;; +FCB7;ARABIC LIGATURE DAD WITH MEEM INITIAL FORM;Lo;0;AL; 0636 0645;;;;N;;;;; +FCB8;ARABIC LIGATURE TAH WITH HAH INITIAL FORM;Lo;0;AL; 0637 062D;;;;N;;;;; +FCB9;ARABIC LIGATURE ZAH WITH MEEM INITIAL FORM;Lo;0;AL; 0638 0645;;;;N;;;;; +FCBA;ARABIC LIGATURE AIN WITH JEEM INITIAL FORM;Lo;0;AL; 0639 062C;;;;N;;;;; +FCBB;ARABIC LIGATURE AIN WITH MEEM INITIAL FORM;Lo;0;AL; 0639 0645;;;;N;;;;; +FCBC;ARABIC LIGATURE GHAIN WITH JEEM INITIAL FORM;Lo;0;AL; 063A 062C;;;;N;;;;; +FCBD;ARABIC LIGATURE GHAIN WITH MEEM INITIAL FORM;Lo;0;AL; 063A 0645;;;;N;;;;; +FCBE;ARABIC LIGATURE FEH WITH JEEM INITIAL FORM;Lo;0;AL; 0641 062C;;;;N;;;;; +FCBF;ARABIC LIGATURE FEH WITH HAH INITIAL FORM;Lo;0;AL; 0641 062D;;;;N;;;;; +FCC0;ARABIC LIGATURE FEH WITH KHAH INITIAL FORM;Lo;0;AL; 0641 062E;;;;N;;;;; +FCC1;ARABIC LIGATURE FEH WITH MEEM INITIAL FORM;Lo;0;AL; 0641 0645;;;;N;;;;; +FCC2;ARABIC LIGATURE QAF WITH HAH INITIAL FORM;Lo;0;AL; 0642 062D;;;;N;;;;; +FCC3;ARABIC LIGATURE QAF WITH MEEM INITIAL FORM;Lo;0;AL; 0642 0645;;;;N;;;;; +FCC4;ARABIC LIGATURE KAF WITH JEEM INITIAL FORM;Lo;0;AL; 0643 062C;;;;N;;;;; +FCC5;ARABIC LIGATURE KAF WITH HAH INITIAL FORM;Lo;0;AL; 0643 062D;;;;N;;;;; +FCC6;ARABIC LIGATURE KAF WITH KHAH INITIAL FORM;Lo;0;AL; 0643 062E;;;;N;;;;; +FCC7;ARABIC LIGATURE KAF WITH LAM INITIAL FORM;Lo;0;AL; 0643 0644;;;;N;;;;; +FCC8;ARABIC LIGATURE KAF WITH MEEM INITIAL FORM;Lo;0;AL; 0643 0645;;;;N;;;;; +FCC9;ARABIC LIGATURE LAM WITH JEEM INITIAL FORM;Lo;0;AL; 0644 062C;;;;N;;;;; +FCCA;ARABIC LIGATURE LAM WITH HAH INITIAL FORM;Lo;0;AL; 0644 062D;;;;N;;;;; +FCCB;ARABIC LIGATURE LAM WITH KHAH INITIAL FORM;Lo;0;AL; 0644 062E;;;;N;;;;; +FCCC;ARABIC LIGATURE LAM WITH MEEM INITIAL FORM;Lo;0;AL; 0644 0645;;;;N;;;;; +FCCD;ARABIC LIGATURE LAM WITH HEH INITIAL FORM;Lo;0;AL; 0644 0647;;;;N;;;;; +FCCE;ARABIC LIGATURE MEEM WITH JEEM INITIAL FORM;Lo;0;AL; 0645 062C;;;;N;;;;; +FCCF;ARABIC LIGATURE MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0645 062D;;;;N;;;;; +FCD0;ARABIC LIGATURE MEEM WITH KHAH INITIAL FORM;Lo;0;AL; 0645 062E;;;;N;;;;; +FCD1;ARABIC LIGATURE MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0645 0645;;;;N;;;;; +FCD2;ARABIC LIGATURE NOON WITH JEEM INITIAL FORM;Lo;0;AL; 0646 062C;;;;N;;;;; +FCD3;ARABIC LIGATURE NOON WITH HAH INITIAL FORM;Lo;0;AL; 0646 062D;;;;N;;;;; +FCD4;ARABIC LIGATURE NOON WITH KHAH INITIAL FORM;Lo;0;AL; 0646 062E;;;;N;;;;; +FCD5;ARABIC LIGATURE NOON WITH MEEM INITIAL FORM;Lo;0;AL; 0646 0645;;;;N;;;;; +FCD6;ARABIC LIGATURE NOON WITH HEH INITIAL FORM;Lo;0;AL; 0646 0647;;;;N;;;;; +FCD7;ARABIC LIGATURE HEH WITH JEEM INITIAL FORM;Lo;0;AL; 0647 062C;;;;N;;;;; +FCD8;ARABIC LIGATURE HEH WITH MEEM INITIAL FORM;Lo;0;AL; 0647 0645;;;;N;;;;; +FCD9;ARABIC LIGATURE HEH WITH SUPERSCRIPT ALEF INITIAL FORM;Lo;0;AL; 0647 0670;;;;N;;;;; +FCDA;ARABIC LIGATURE YEH WITH JEEM INITIAL FORM;Lo;0;AL; 064A 062C;;;;N;;;;; +FCDB;ARABIC LIGATURE YEH WITH HAH INITIAL FORM;Lo;0;AL; 064A 062D;;;;N;;;;; +FCDC;ARABIC LIGATURE YEH WITH KHAH INITIAL FORM;Lo;0;AL; 064A 062E;;;;N;;;;; +FCDD;ARABIC LIGATURE YEH WITH MEEM INITIAL FORM;Lo;0;AL; 064A 0645;;;;N;;;;; +FCDE;ARABIC LIGATURE YEH WITH HEH INITIAL FORM;Lo;0;AL; 064A 0647;;;;N;;;;; +FCDF;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH MEEM MEDIAL FORM;Lo;0;AL; 0626 0645;;;;N;;;;; +FCE0;ARABIC LIGATURE YEH WITH HAMZA ABOVE WITH HEH MEDIAL FORM;Lo;0;AL; 0626 0647;;;;N;;;;; +FCE1;ARABIC LIGATURE BEH WITH MEEM MEDIAL FORM;Lo;0;AL; 0628 0645;;;;N;;;;; +FCE2;ARABIC LIGATURE BEH WITH HEH MEDIAL FORM;Lo;0;AL; 0628 0647;;;;N;;;;; +FCE3;ARABIC LIGATURE TEH WITH MEEM MEDIAL FORM;Lo;0;AL; 062A 0645;;;;N;;;;; +FCE4;ARABIC LIGATURE TEH WITH HEH MEDIAL FORM;Lo;0;AL; 062A 0647;;;;N;;;;; +FCE5;ARABIC LIGATURE THEH WITH MEEM MEDIAL FORM;Lo;0;AL; 062B 0645;;;;N;;;;; +FCE6;ARABIC LIGATURE THEH WITH HEH MEDIAL FORM;Lo;0;AL; 062B 0647;;;;N;;;;; +FCE7;ARABIC LIGATURE SEEN WITH MEEM MEDIAL FORM;Lo;0;AL; 0633 0645;;;;N;;;;; +FCE8;ARABIC LIGATURE SEEN WITH HEH MEDIAL FORM;Lo;0;AL; 0633 0647;;;;N;;;;; +FCE9;ARABIC LIGATURE SHEEN WITH MEEM MEDIAL FORM;Lo;0;AL; 0634 0645;;;;N;;;;; +FCEA;ARABIC LIGATURE SHEEN WITH HEH MEDIAL FORM;Lo;0;AL; 0634 0647;;;;N;;;;; +FCEB;ARABIC LIGATURE KAF WITH LAM MEDIAL FORM;Lo;0;AL; 0643 0644;;;;N;;;;; +FCEC;ARABIC LIGATURE KAF WITH MEEM MEDIAL FORM;Lo;0;AL; 0643 0645;;;;N;;;;; +FCED;ARABIC LIGATURE LAM WITH MEEM MEDIAL FORM;Lo;0;AL; 0644 0645;;;;N;;;;; +FCEE;ARABIC LIGATURE NOON WITH MEEM MEDIAL FORM;Lo;0;AL; 0646 0645;;;;N;;;;; +FCEF;ARABIC LIGATURE NOON WITH HEH MEDIAL FORM;Lo;0;AL; 0646 0647;;;;N;;;;; +FCF0;ARABIC LIGATURE YEH WITH MEEM MEDIAL FORM;Lo;0;AL; 064A 0645;;;;N;;;;; +FCF1;ARABIC LIGATURE YEH WITH HEH MEDIAL FORM;Lo;0;AL; 064A 0647;;;;N;;;;; +FCF2;ARABIC LIGATURE SHADDA WITH FATHA MEDIAL FORM;Lo;0;AL; 0640 064E 0651;;;;N;;;;; +FCF3;ARABIC LIGATURE SHADDA WITH DAMMA MEDIAL FORM;Lo;0;AL; 0640 064F 0651;;;;N;;;;; +FCF4;ARABIC LIGATURE SHADDA WITH KASRA MEDIAL FORM;Lo;0;AL; 0640 0650 0651;;;;N;;;;; +FCF5;ARABIC LIGATURE TAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0637 0649;;;;N;;;;; +FCF6;ARABIC LIGATURE TAH WITH YEH ISOLATED FORM;Lo;0;AL; 0637 064A;;;;N;;;;; +FCF7;ARABIC LIGATURE AIN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0639 0649;;;;N;;;;; +FCF8;ARABIC LIGATURE AIN WITH YEH ISOLATED FORM;Lo;0;AL; 0639 064A;;;;N;;;;; +FCF9;ARABIC LIGATURE GHAIN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 063A 0649;;;;N;;;;; +FCFA;ARABIC LIGATURE GHAIN WITH YEH ISOLATED FORM;Lo;0;AL; 063A 064A;;;;N;;;;; +FCFB;ARABIC LIGATURE SEEN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0633 0649;;;;N;;;;; +FCFC;ARABIC LIGATURE SEEN WITH YEH ISOLATED FORM;Lo;0;AL; 0633 064A;;;;N;;;;; +FCFD;ARABIC LIGATURE SHEEN WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0634 0649;;;;N;;;;; +FCFE;ARABIC LIGATURE SHEEN WITH YEH ISOLATED FORM;Lo;0;AL; 0634 064A;;;;N;;;;; +FCFF;ARABIC LIGATURE HAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062D 0649;;;;N;;;;; +FD00;ARABIC LIGATURE HAH WITH YEH ISOLATED FORM;Lo;0;AL; 062D 064A;;;;N;;;;; +FD01;ARABIC LIGATURE JEEM WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062C 0649;;;;N;;;;; +FD02;ARABIC LIGATURE JEEM WITH YEH ISOLATED FORM;Lo;0;AL; 062C 064A;;;;N;;;;; +FD03;ARABIC LIGATURE KHAH WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 062E 0649;;;;N;;;;; +FD04;ARABIC LIGATURE KHAH WITH YEH ISOLATED FORM;Lo;0;AL; 062E 064A;;;;N;;;;; +FD05;ARABIC LIGATURE SAD WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0635 0649;;;;N;;;;; +FD06;ARABIC LIGATURE SAD WITH YEH ISOLATED FORM;Lo;0;AL; 0635 064A;;;;N;;;;; +FD07;ARABIC LIGATURE DAD WITH ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0636 0649;;;;N;;;;; +FD08;ARABIC LIGATURE DAD WITH YEH ISOLATED FORM;Lo;0;AL; 0636 064A;;;;N;;;;; +FD09;ARABIC LIGATURE SHEEN WITH JEEM ISOLATED FORM;Lo;0;AL; 0634 062C;;;;N;;;;; +FD0A;ARABIC LIGATURE SHEEN WITH HAH ISOLATED FORM;Lo;0;AL; 0634 062D;;;;N;;;;; +FD0B;ARABIC LIGATURE SHEEN WITH KHAH ISOLATED FORM;Lo;0;AL; 0634 062E;;;;N;;;;; +FD0C;ARABIC LIGATURE SHEEN WITH MEEM ISOLATED FORM;Lo;0;AL; 0634 0645;;;;N;;;;; +FD0D;ARABIC LIGATURE SHEEN WITH REH ISOLATED FORM;Lo;0;AL; 0634 0631;;;;N;;;;; +FD0E;ARABIC LIGATURE SEEN WITH REH ISOLATED FORM;Lo;0;AL; 0633 0631;;;;N;;;;; +FD0F;ARABIC LIGATURE SAD WITH REH ISOLATED FORM;Lo;0;AL; 0635 0631;;;;N;;;;; +FD10;ARABIC LIGATURE DAD WITH REH ISOLATED FORM;Lo;0;AL; 0636 0631;;;;N;;;;; +FD11;ARABIC LIGATURE TAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0637 0649;;;;N;;;;; +FD12;ARABIC LIGATURE TAH WITH YEH FINAL FORM;Lo;0;AL; 0637 064A;;;;N;;;;; +FD13;ARABIC LIGATURE AIN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0639 0649;;;;N;;;;; +FD14;ARABIC LIGATURE AIN WITH YEH FINAL FORM;Lo;0;AL; 0639 064A;;;;N;;;;; +FD15;ARABIC LIGATURE GHAIN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 063A 0649;;;;N;;;;; +FD16;ARABIC LIGATURE GHAIN WITH YEH FINAL FORM;Lo;0;AL; 063A 064A;;;;N;;;;; +FD17;ARABIC LIGATURE SEEN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0633 0649;;;;N;;;;; +FD18;ARABIC LIGATURE SEEN WITH YEH FINAL FORM;Lo;0;AL; 0633 064A;;;;N;;;;; +FD19;ARABIC LIGATURE SHEEN WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0634 0649;;;;N;;;;; +FD1A;ARABIC LIGATURE SHEEN WITH YEH FINAL FORM;Lo;0;AL; 0634 064A;;;;N;;;;; +FD1B;ARABIC LIGATURE HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062D 0649;;;;N;;;;; +FD1C;ARABIC LIGATURE HAH WITH YEH FINAL FORM;Lo;0;AL; 062D 064A;;;;N;;;;; +FD1D;ARABIC LIGATURE JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062C 0649;;;;N;;;;; +FD1E;ARABIC LIGATURE JEEM WITH YEH FINAL FORM;Lo;0;AL; 062C 064A;;;;N;;;;; +FD1F;ARABIC LIGATURE KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062E 0649;;;;N;;;;; +FD20;ARABIC LIGATURE KHAH WITH YEH FINAL FORM;Lo;0;AL; 062E 064A;;;;N;;;;; +FD21;ARABIC LIGATURE SAD WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0635 0649;;;;N;;;;; +FD22;ARABIC LIGATURE SAD WITH YEH FINAL FORM;Lo;0;AL; 0635 064A;;;;N;;;;; +FD23;ARABIC LIGATURE DAD WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0636 0649;;;;N;;;;; +FD24;ARABIC LIGATURE DAD WITH YEH FINAL FORM;Lo;0;AL; 0636 064A;;;;N;;;;; +FD25;ARABIC LIGATURE SHEEN WITH JEEM FINAL FORM;Lo;0;AL; 0634 062C;;;;N;;;;; +FD26;ARABIC LIGATURE SHEEN WITH HAH FINAL FORM;Lo;0;AL; 0634 062D;;;;N;;;;; +FD27;ARABIC LIGATURE SHEEN WITH KHAH FINAL FORM;Lo;0;AL; 0634 062E;;;;N;;;;; +FD28;ARABIC LIGATURE SHEEN WITH MEEM FINAL FORM;Lo;0;AL; 0634 0645;;;;N;;;;; +FD29;ARABIC LIGATURE SHEEN WITH REH FINAL FORM;Lo;0;AL; 0634 0631;;;;N;;;;; +FD2A;ARABIC LIGATURE SEEN WITH REH FINAL FORM;Lo;0;AL; 0633 0631;;;;N;;;;; +FD2B;ARABIC LIGATURE SAD WITH REH FINAL FORM;Lo;0;AL; 0635 0631;;;;N;;;;; +FD2C;ARABIC LIGATURE DAD WITH REH FINAL FORM;Lo;0;AL; 0636 0631;;;;N;;;;; +FD2D;ARABIC LIGATURE SHEEN WITH JEEM INITIAL FORM;Lo;0;AL; 0634 062C;;;;N;;;;; +FD2E;ARABIC LIGATURE SHEEN WITH HAH INITIAL FORM;Lo;0;AL; 0634 062D;;;;N;;;;; +FD2F;ARABIC LIGATURE SHEEN WITH KHAH INITIAL FORM;Lo;0;AL; 0634 062E;;;;N;;;;; +FD30;ARABIC LIGATURE SHEEN WITH MEEM INITIAL FORM;Lo;0;AL; 0634 0645;;;;N;;;;; +FD31;ARABIC LIGATURE SEEN WITH HEH INITIAL FORM;Lo;0;AL; 0633 0647;;;;N;;;;; +FD32;ARABIC LIGATURE SHEEN WITH HEH INITIAL FORM;Lo;0;AL; 0634 0647;;;;N;;;;; +FD33;ARABIC LIGATURE TAH WITH MEEM INITIAL FORM;Lo;0;AL; 0637 0645;;;;N;;;;; +FD34;ARABIC LIGATURE SEEN WITH JEEM MEDIAL FORM;Lo;0;AL; 0633 062C;;;;N;;;;; +FD35;ARABIC LIGATURE SEEN WITH HAH MEDIAL FORM;Lo;0;AL; 0633 062D;;;;N;;;;; +FD36;ARABIC LIGATURE SEEN WITH KHAH MEDIAL FORM;Lo;0;AL; 0633 062E;;;;N;;;;; +FD37;ARABIC LIGATURE SHEEN WITH JEEM MEDIAL FORM;Lo;0;AL; 0634 062C;;;;N;;;;; +FD38;ARABIC LIGATURE SHEEN WITH HAH MEDIAL FORM;Lo;0;AL; 0634 062D;;;;N;;;;; +FD39;ARABIC LIGATURE SHEEN WITH KHAH MEDIAL FORM;Lo;0;AL; 0634 062E;;;;N;;;;; +FD3A;ARABIC LIGATURE TAH WITH MEEM MEDIAL FORM;Lo;0;AL; 0637 0645;;;;N;;;;; +FD3B;ARABIC LIGATURE ZAH WITH MEEM MEDIAL FORM;Lo;0;AL; 0638 0645;;;;N;;;;; +FD3C;ARABIC LIGATURE ALEF WITH FATHATAN FINAL FORM;Lo;0;AL; 0627 064B;;;;N;;;;; +FD3D;ARABIC LIGATURE ALEF WITH FATHATAN ISOLATED FORM;Lo;0;AL; 0627 064B;;;;N;;;;; +FD3E;ORNATE LEFT PARENTHESIS;Ps;0;ON;;;;;N;;;;; +FD3F;ORNATE RIGHT PARENTHESIS;Pe;0;ON;;;;;N;;;;; +FD50;ARABIC LIGATURE TEH WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 062A 062C 0645;;;;N;;;;; +FD51;ARABIC LIGATURE TEH WITH HAH WITH JEEM FINAL FORM;Lo;0;AL; 062A 062D 062C;;;;N;;;;; +FD52;ARABIC LIGATURE TEH WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL; 062A 062D 062C;;;;N;;;;; +FD53;ARABIC LIGATURE TEH WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 062A 062D 0645;;;;N;;;;; +FD54;ARABIC LIGATURE TEH WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 062A 062E 0645;;;;N;;;;; +FD55;ARABIC LIGATURE TEH WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL; 062A 0645 062C;;;;N;;;;; +FD56;ARABIC LIGATURE TEH WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 062A 0645 062D;;;;N;;;;; +FD57;ARABIC LIGATURE TEH WITH MEEM WITH KHAH INITIAL FORM;Lo;0;AL; 062A 0645 062E;;;;N;;;;; +FD58;ARABIC LIGATURE JEEM WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 062C 0645 062D;;;;N;;;;; +FD59;ARABIC LIGATURE JEEM WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 062C 0645 062D;;;;N;;;;; +FD5A;ARABIC LIGATURE HAH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 062D 0645 064A;;;;N;;;;; +FD5B;ARABIC LIGATURE HAH WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062D 0645 0649;;;;N;;;;; +FD5C;ARABIC LIGATURE SEEN WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL; 0633 062D 062C;;;;N;;;;; +FD5D;ARABIC LIGATURE SEEN WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL; 0633 062C 062D;;;;N;;;;; +FD5E;ARABIC LIGATURE SEEN WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0633 062C 0649;;;;N;;;;; +FD5F;ARABIC LIGATURE SEEN WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 0633 0645 062D;;;;N;;;;; +FD60;ARABIC LIGATURE SEEN WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0633 0645 062D;;;;N;;;;; +FD61;ARABIC LIGATURE SEEN WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL; 0633 0645 062C;;;;N;;;;; +FD62;ARABIC LIGATURE SEEN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0633 0645 0645;;;;N;;;;; +FD63;ARABIC LIGATURE SEEN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0633 0645 0645;;;;N;;;;; +FD64;ARABIC LIGATURE SAD WITH HAH WITH HAH FINAL FORM;Lo;0;AL; 0635 062D 062D;;;;N;;;;; +FD65;ARABIC LIGATURE SAD WITH HAH WITH HAH INITIAL FORM;Lo;0;AL; 0635 062D 062D;;;;N;;;;; +FD66;ARABIC LIGATURE SAD WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0635 0645 0645;;;;N;;;;; +FD67;ARABIC LIGATURE SHEEN WITH HAH WITH MEEM FINAL FORM;Lo;0;AL; 0634 062D 0645;;;;N;;;;; +FD68;ARABIC LIGATURE SHEEN WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 0634 062D 0645;;;;N;;;;; +FD69;ARABIC LIGATURE SHEEN WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 0634 062C 064A;;;;N;;;;; +FD6A;ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH FINAL FORM;Lo;0;AL; 0634 0645 062E;;;;N;;;;; +FD6B;ARABIC LIGATURE SHEEN WITH MEEM WITH KHAH INITIAL FORM;Lo;0;AL; 0634 0645 062E;;;;N;;;;; +FD6C;ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0634 0645 0645;;;;N;;;;; +FD6D;ARABIC LIGATURE SHEEN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0634 0645 0645;;;;N;;;;; +FD6E;ARABIC LIGATURE DAD WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0636 062D 0649;;;;N;;;;; +FD6F;ARABIC LIGATURE DAD WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL; 0636 062E 0645;;;;N;;;;; +FD70;ARABIC LIGATURE DAD WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 0636 062E 0645;;;;N;;;;; +FD71;ARABIC LIGATURE TAH WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 0637 0645 062D;;;;N;;;;; +FD72;ARABIC LIGATURE TAH WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0637 0645 062D;;;;N;;;;; +FD73;ARABIC LIGATURE TAH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0637 0645 0645;;;;N;;;;; +FD74;ARABIC LIGATURE TAH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0637 0645 064A;;;;N;;;;; +FD75;ARABIC LIGATURE AIN WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL; 0639 062C 0645;;;;N;;;;; +FD76;ARABIC LIGATURE AIN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0639 0645 0645;;;;N;;;;; +FD77;ARABIC LIGATURE AIN WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0639 0645 0645;;;;N;;;;; +FD78;ARABIC LIGATURE AIN WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0639 0645 0649;;;;N;;;;; +FD79;ARABIC LIGATURE GHAIN WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 063A 0645 0645;;;;N;;;;; +FD7A;ARABIC LIGATURE GHAIN WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 063A 0645 064A;;;;N;;;;; +FD7B;ARABIC LIGATURE GHAIN WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 063A 0645 0649;;;;N;;;;; +FD7C;ARABIC LIGATURE FEH WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL; 0641 062E 0645;;;;N;;;;; +FD7D;ARABIC LIGATURE FEH WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 0641 062E 0645;;;;N;;;;; +FD7E;ARABIC LIGATURE QAF WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 0642 0645 062D;;;;N;;;;; +FD7F;ARABIC LIGATURE QAF WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0642 0645 0645;;;;N;;;;; +FD80;ARABIC LIGATURE LAM WITH HAH WITH MEEM FINAL FORM;Lo;0;AL; 0644 062D 0645;;;;N;;;;; +FD81;ARABIC LIGATURE LAM WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0644 062D 064A;;;;N;;;;; +FD82;ARABIC LIGATURE LAM WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0644 062D 0649;;;;N;;;;; +FD83;ARABIC LIGATURE LAM WITH JEEM WITH JEEM INITIAL FORM;Lo;0;AL; 0644 062C 062C;;;;N;;;;; +FD84;ARABIC LIGATURE LAM WITH JEEM WITH JEEM FINAL FORM;Lo;0;AL; 0644 062C 062C;;;;N;;;;; +FD85;ARABIC LIGATURE LAM WITH KHAH WITH MEEM FINAL FORM;Lo;0;AL; 0644 062E 0645;;;;N;;;;; +FD86;ARABIC LIGATURE LAM WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 0644 062E 0645;;;;N;;;;; +FD87;ARABIC LIGATURE LAM WITH MEEM WITH HAH FINAL FORM;Lo;0;AL; 0644 0645 062D;;;;N;;;;; +FD88;ARABIC LIGATURE LAM WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0644 0645 062D;;;;N;;;;; +FD89;ARABIC LIGATURE MEEM WITH HAH WITH JEEM INITIAL FORM;Lo;0;AL; 0645 062D 062C;;;;N;;;;; +FD8A;ARABIC LIGATURE MEEM WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 0645 062D 0645;;;;N;;;;; +FD8B;ARABIC LIGATURE MEEM WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0645 062D 064A;;;;N;;;;; +FD8C;ARABIC LIGATURE MEEM WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL; 0645 062C 062D;;;;N;;;;; +FD8D;ARABIC LIGATURE MEEM WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0645 062C 0645;;;;N;;;;; +FD8E;ARABIC LIGATURE MEEM WITH KHAH WITH JEEM INITIAL FORM;Lo;0;AL; 0645 062E 062C;;;;N;;;;; +FD8F;ARABIC LIGATURE MEEM WITH KHAH WITH MEEM INITIAL FORM;Lo;0;AL; 0645 062E 0645;;;;N;;;;; +FD92;ARABIC LIGATURE MEEM WITH JEEM WITH KHAH INITIAL FORM;Lo;0;AL; 0645 062C 062E;;;;N;;;;; +FD93;ARABIC LIGATURE HEH WITH MEEM WITH JEEM INITIAL FORM;Lo;0;AL; 0647 0645 062C;;;;N;;;;; +FD94;ARABIC LIGATURE HEH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0647 0645 0645;;;;N;;;;; +FD95;ARABIC LIGATURE NOON WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 0646 062D 0645;;;;N;;;;; +FD96;ARABIC LIGATURE NOON WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0646 062D 0649;;;;N;;;;; +FD97;ARABIC LIGATURE NOON WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL; 0646 062C 0645;;;;N;;;;; +FD98;ARABIC LIGATURE NOON WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0646 062C 0645;;;;N;;;;; +FD99;ARABIC LIGATURE NOON WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0646 062C 0649;;;;N;;;;; +FD9A;ARABIC LIGATURE NOON WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0646 0645 064A;;;;N;;;;; +FD9B;ARABIC LIGATURE NOON WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0646 0645 0649;;;;N;;;;; +FD9C;ARABIC LIGATURE YEH WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 064A 0645 0645;;;;N;;;;; +FD9D;ARABIC LIGATURE YEH WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 064A 0645 0645;;;;N;;;;; +FD9E;ARABIC LIGATURE BEH WITH KHAH WITH YEH FINAL FORM;Lo;0;AL; 0628 062E 064A;;;;N;;;;; +FD9F;ARABIC LIGATURE TEH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 062A 062C 064A;;;;N;;;;; +FDA0;ARABIC LIGATURE TEH WITH JEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062A 062C 0649;;;;N;;;;; +FDA1;ARABIC LIGATURE TEH WITH KHAH WITH YEH FINAL FORM;Lo;0;AL; 062A 062E 064A;;;;N;;;;; +FDA2;ARABIC LIGATURE TEH WITH KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062A 062E 0649;;;;N;;;;; +FDA3;ARABIC LIGATURE TEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 062A 0645 064A;;;;N;;;;; +FDA4;ARABIC LIGATURE TEH WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062A 0645 0649;;;;N;;;;; +FDA5;ARABIC LIGATURE JEEM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 062C 0645 064A;;;;N;;;;; +FDA6;ARABIC LIGATURE JEEM WITH HAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062C 062D 0649;;;;N;;;;; +FDA7;ARABIC LIGATURE JEEM WITH MEEM WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 062C 0645 0649;;;;N;;;;; +FDA8;ARABIC LIGATURE SEEN WITH KHAH WITH ALEF MAKSURA FINAL FORM;Lo;0;AL; 0633 062E 0649;;;;N;;;;; +FDA9;ARABIC LIGATURE SAD WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0635 062D 064A;;;;N;;;;; +FDAA;ARABIC LIGATURE SHEEN WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0634 062D 064A;;;;N;;;;; +FDAB;ARABIC LIGATURE DAD WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0636 062D 064A;;;;N;;;;; +FDAC;ARABIC LIGATURE LAM WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 0644 062C 064A;;;;N;;;;; +FDAD;ARABIC LIGATURE LAM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0644 0645 064A;;;;N;;;;; +FDAE;ARABIC LIGATURE YEH WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 064A 062D 064A;;;;N;;;;; +FDAF;ARABIC LIGATURE YEH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 064A 062C 064A;;;;N;;;;; +FDB0;ARABIC LIGATURE YEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 064A 0645 064A;;;;N;;;;; +FDB1;ARABIC LIGATURE MEEM WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0645 0645 064A;;;;N;;;;; +FDB2;ARABIC LIGATURE QAF WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0642 0645 064A;;;;N;;;;; +FDB3;ARABIC LIGATURE NOON WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0646 062D 064A;;;;N;;;;; +FDB4;ARABIC LIGATURE QAF WITH MEEM WITH HAH INITIAL FORM;Lo;0;AL; 0642 0645 062D;;;;N;;;;; +FDB5;ARABIC LIGATURE LAM WITH HAH WITH MEEM INITIAL FORM;Lo;0;AL; 0644 062D 0645;;;;N;;;;; +FDB6;ARABIC LIGATURE AIN WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0639 0645 064A;;;;N;;;;; +FDB7;ARABIC LIGATURE KAF WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0643 0645 064A;;;;N;;;;; +FDB8;ARABIC LIGATURE NOON WITH JEEM WITH HAH INITIAL FORM;Lo;0;AL; 0646 062C 062D;;;;N;;;;; +FDB9;ARABIC LIGATURE MEEM WITH KHAH WITH YEH FINAL FORM;Lo;0;AL; 0645 062E 064A;;;;N;;;;; +FDBA;ARABIC LIGATURE LAM WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0644 062C 0645;;;;N;;;;; +FDBB;ARABIC LIGATURE KAF WITH MEEM WITH MEEM FINAL FORM;Lo;0;AL; 0643 0645 0645;;;;N;;;;; +FDBC;ARABIC LIGATURE LAM WITH JEEM WITH MEEM FINAL FORM;Lo;0;AL; 0644 062C 0645;;;;N;;;;; +FDBD;ARABIC LIGATURE NOON WITH JEEM WITH HAH FINAL FORM;Lo;0;AL; 0646 062C 062D;;;;N;;;;; +FDBE;ARABIC LIGATURE JEEM WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 062C 062D 064A;;;;N;;;;; +FDBF;ARABIC LIGATURE HAH WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 062D 062C 064A;;;;N;;;;; +FDC0;ARABIC LIGATURE MEEM WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 0645 062C 064A;;;;N;;;;; +FDC1;ARABIC LIGATURE FEH WITH MEEM WITH YEH FINAL FORM;Lo;0;AL; 0641 0645 064A;;;;N;;;;; +FDC2;ARABIC LIGATURE BEH WITH HAH WITH YEH FINAL FORM;Lo;0;AL; 0628 062D 064A;;;;N;;;;; +FDC3;ARABIC LIGATURE KAF WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0643 0645 0645;;;;N;;;;; +FDC4;ARABIC LIGATURE AIN WITH JEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0639 062C 0645;;;;N;;;;; +FDC5;ARABIC LIGATURE SAD WITH MEEM WITH MEEM INITIAL FORM;Lo;0;AL; 0635 0645 0645;;;;N;;;;; +FDC6;ARABIC LIGATURE SEEN WITH KHAH WITH YEH FINAL FORM;Lo;0;AL; 0633 062E 064A;;;;N;;;;; +FDC7;ARABIC LIGATURE NOON WITH JEEM WITH YEH FINAL FORM;Lo;0;AL; 0646 062C 064A;;;;N;;;;; +FDF0;ARABIC LIGATURE SALLA USED AS KORANIC STOP SIGN ISOLATED FORM;Lo;0;AL; 0635 0644 06D2;;;;N;;;;; +FDF1;ARABIC LIGATURE QALA USED AS KORANIC STOP SIGN ISOLATED FORM;Lo;0;AL; 0642 0644 06D2;;;;N;;;;; +FDF2;ARABIC LIGATURE ALLAH ISOLATED FORM;Lo;0;AL; 0627 0644 0644 0647;;;;N;;;;; +FDF3;ARABIC LIGATURE AKBAR ISOLATED FORM;Lo;0;AL; 0627 0643 0628 0631;;;;N;;;;; +FDF4;ARABIC LIGATURE MOHAMMAD ISOLATED FORM;Lo;0;AL; 0645 062D 0645 062F;;;;N;;;;; +FDF5;ARABIC LIGATURE SALAM ISOLATED FORM;Lo;0;AL; 0635 0644 0639 0645;;;;N;;;;; +FDF6;ARABIC LIGATURE RASOUL ISOLATED FORM;Lo;0;AL; 0631 0633 0648 0644;;;;N;;;;; +FDF7;ARABIC LIGATURE ALAYHE ISOLATED FORM;Lo;0;AL; 0639 0644 064A 0647;;;;N;;;;; +FDF8;ARABIC LIGATURE WASALLAM ISOLATED FORM;Lo;0;AL; 0648 0633 0644 0645;;;;N;;;;; +FDF9;ARABIC LIGATURE SALLA ISOLATED FORM;Lo;0;AL; 0635 0644 0649;;;;N;;;;; +FDFA;ARABIC LIGATURE SALLALLAHOU ALAYHE WASALLAM;Lo;0;AL; 0635 0644 0649 0020 0627 0644 0644 0647 0020 0639 0644 064A 0647 0020 0648 0633 0644 0645;;;;N;ARABIC LETTER SALLALLAHOU ALAYHE WASALLAM;;;; +FDFB;ARABIC LIGATURE JALLAJALALOUHOU;Lo;0;AL; 062C 0644 0020 062C 0644 0627 0644 0647;;;;N;ARABIC LETTER JALLAJALALOUHOU;;;; +FDFC;RIAL SIGN;Sc;0;AL; 0631 06CC 0627 0644;;;;N;;;;; +FE00;VARIATION SELECTOR-1;Mn;0;NSM;;;;;N;;;;; +FE01;VARIATION SELECTOR-2;Mn;0;NSM;;;;;N;;;;; +FE02;VARIATION SELECTOR-3;Mn;0;NSM;;;;;N;;;;; +FE03;VARIATION SELECTOR-4;Mn;0;NSM;;;;;N;;;;; +FE04;VARIATION SELECTOR-5;Mn;0;NSM;;;;;N;;;;; +FE05;VARIATION SELECTOR-6;Mn;0;NSM;;;;;N;;;;; +FE06;VARIATION SELECTOR-7;Mn;0;NSM;;;;;N;;;;; +FE07;VARIATION SELECTOR-8;Mn;0;NSM;;;;;N;;;;; +FE08;VARIATION SELECTOR-9;Mn;0;NSM;;;;;N;;;;; +FE09;VARIATION SELECTOR-10;Mn;0;NSM;;;;;N;;;;; +FE0A;VARIATION SELECTOR-11;Mn;0;NSM;;;;;N;;;;; +FE0B;VARIATION SELECTOR-12;Mn;0;NSM;;;;;N;;;;; +FE0C;VARIATION SELECTOR-13;Mn;0;NSM;;;;;N;;;;; +FE0D;VARIATION SELECTOR-14;Mn;0;NSM;;;;;N;;;;; +FE0E;VARIATION SELECTOR-15;Mn;0;NSM;;;;;N;;;;; +FE0F;VARIATION SELECTOR-16;Mn;0;NSM;;;;;N;;;;; +FE20;COMBINING LIGATURE LEFT HALF;Mn;230;NSM;;;;;N;;;;; +FE21;COMBINING LIGATURE RIGHT HALF;Mn;230;NSM;;;;;N;;;;; +FE22;COMBINING DOUBLE TILDE LEFT HALF;Mn;230;NSM;;;;;N;;;;; +FE23;COMBINING DOUBLE TILDE RIGHT HALF;Mn;230;NSM;;;;;N;;;;; +FE30;PRESENTATION FORM FOR VERTICAL TWO DOT LEADER;Po;0;ON; 2025;;;;N;GLYPH FOR VERTICAL TWO DOT LEADER;;;; +FE31;PRESENTATION FORM FOR VERTICAL EM DASH;Pd;0;ON; 2014;;;;N;GLYPH FOR VERTICAL EM DASH;;;; +FE32;PRESENTATION FORM FOR VERTICAL EN DASH;Pd;0;ON; 2013;;;;N;GLYPH FOR VERTICAL EN DASH;;;; +FE33;PRESENTATION FORM FOR VERTICAL LOW LINE;Pc;0;ON; 005F;;;;N;GLYPH FOR VERTICAL SPACING UNDERSCORE;;;; +FE34;PRESENTATION FORM FOR VERTICAL WAVY LOW LINE;Pc;0;ON; 005F;;;;N;GLYPH FOR VERTICAL SPACING WAVY UNDERSCORE;;;; +FE35;PRESENTATION FORM FOR VERTICAL LEFT PARENTHESIS;Ps;0;ON; 0028;;;;N;GLYPH FOR VERTICAL OPENING PARENTHESIS;;;; +FE36;PRESENTATION FORM FOR VERTICAL RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;N;GLYPH FOR VERTICAL CLOSING PARENTHESIS;;;; +FE37;PRESENTATION FORM FOR VERTICAL LEFT CURLY BRACKET;Ps;0;ON; 007B;;;;N;GLYPH FOR VERTICAL OPENING CURLY BRACKET;;;; +FE38;PRESENTATION FORM FOR VERTICAL RIGHT CURLY BRACKET;Pe;0;ON; 007D;;;;N;GLYPH FOR VERTICAL CLOSING CURLY BRACKET;;;; +FE39;PRESENTATION FORM FOR VERTICAL LEFT TORTOISE SHELL BRACKET;Ps;0;ON; 3014;;;;N;GLYPH FOR VERTICAL OPENING TORTOISE SHELL BRACKET;;;; +FE3A;PRESENTATION FORM FOR VERTICAL RIGHT TORTOISE SHELL BRACKET;Pe;0;ON; 3015;;;;N;GLYPH FOR VERTICAL CLOSING TORTOISE SHELL BRACKET;;;; +FE3B;PRESENTATION FORM FOR VERTICAL LEFT BLACK LENTICULAR BRACKET;Ps;0;ON; 3010;;;;N;GLYPH FOR VERTICAL OPENING BLACK LENTICULAR BRACKET;;;; +FE3C;PRESENTATION FORM FOR VERTICAL RIGHT BLACK LENTICULAR BRACKET;Pe;0;ON; 3011;;;;N;GLYPH FOR VERTICAL CLOSING BLACK LENTICULAR BRACKET;;;; +FE3D;PRESENTATION FORM FOR VERTICAL LEFT DOUBLE ANGLE BRACKET;Ps;0;ON; 300A;;;;N;GLYPH FOR VERTICAL OPENING DOUBLE ANGLE BRACKET;;;; +FE3E;PRESENTATION FORM FOR VERTICAL RIGHT DOUBLE ANGLE BRACKET;Pe;0;ON; 300B;;;;N;GLYPH FOR VERTICAL CLOSING DOUBLE ANGLE BRACKET;;;; +FE3F;PRESENTATION FORM FOR VERTICAL LEFT ANGLE BRACKET;Ps;0;ON; 3008;;;;N;GLYPH FOR VERTICAL OPENING ANGLE BRACKET;;;; +FE40;PRESENTATION FORM FOR VERTICAL RIGHT ANGLE BRACKET;Pe;0;ON; 3009;;;;N;GLYPH FOR VERTICAL CLOSING ANGLE BRACKET;;;; +FE41;PRESENTATION FORM FOR VERTICAL LEFT CORNER BRACKET;Ps;0;ON; 300C;;;;N;GLYPH FOR VERTICAL OPENING CORNER BRACKET;;;; +FE42;PRESENTATION FORM FOR VERTICAL RIGHT CORNER BRACKET;Pe;0;ON; 300D;;;;N;GLYPH FOR VERTICAL CLOSING CORNER BRACKET;;;; +FE43;PRESENTATION FORM FOR VERTICAL LEFT WHITE CORNER BRACKET;Ps;0;ON; 300E;;;;N;GLYPH FOR VERTICAL OPENING WHITE CORNER BRACKET;;;; +FE44;PRESENTATION FORM FOR VERTICAL RIGHT WHITE CORNER BRACKET;Pe;0;ON; 300F;;;;N;GLYPH FOR VERTICAL CLOSING WHITE CORNER BRACKET;;;; +FE45;SESAME DOT;Po;0;ON;;;;;N;;;;; +FE46;WHITE SESAME DOT;Po;0;ON;;;;;N;;;;; +FE49;DASHED OVERLINE;Po;0;ON; 203E;;;;N;SPACING DASHED OVERSCORE;;;; +FE4A;CENTRELINE OVERLINE;Po;0;ON; 203E;;;;N;SPACING CENTERLINE OVERSCORE;;;; +FE4B;WAVY OVERLINE;Po;0;ON; 203E;;;;N;SPACING WAVY OVERSCORE;;;; +FE4C;DOUBLE WAVY OVERLINE;Po;0;ON; 203E;;;;N;SPACING DOUBLE WAVY OVERSCORE;;;; +FE4D;DASHED LOW LINE;Pc;0;ON; 005F;;;;N;SPACING DASHED UNDERSCORE;;;; +FE4E;CENTRELINE LOW LINE;Pc;0;ON; 005F;;;;N;SPACING CENTERLINE UNDERSCORE;;;; +FE4F;WAVY LOW LINE;Pc;0;ON; 005F;;;;N;SPACING WAVY UNDERSCORE;;;; +FE50;SMALL COMMA;Po;0;CS; 002C;;;;N;;;;; +FE51;SMALL IDEOGRAPHIC COMMA;Po;0;ON; 3001;;;;N;;;;; +FE52;SMALL FULL STOP;Po;0;CS; 002E;;;;N;SMALL PERIOD;;;; +FE54;SMALL SEMICOLON;Po;0;ON; 003B;;;;N;;;;; +FE55;SMALL COLON;Po;0;CS; 003A;;;;N;;;;; +FE56;SMALL QUESTION MARK;Po;0;ON; 003F;;;;N;;;;; +FE57;SMALL EXCLAMATION MARK;Po;0;ON; 0021;;;;N;;;;; +FE58;SMALL EM DASH;Pd;0;ON; 2014;;;;N;;;;; +FE59;SMALL LEFT PARENTHESIS;Ps;0;ON; 0028;;;;N;SMALL OPENING PARENTHESIS;;;; +FE5A;SMALL RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;N;SMALL CLOSING PARENTHESIS;;;; +FE5B;SMALL LEFT CURLY BRACKET;Ps;0;ON; 007B;;;;N;SMALL OPENING CURLY BRACKET;;;; +FE5C;SMALL RIGHT CURLY BRACKET;Pe;0;ON; 007D;;;;N;SMALL CLOSING CURLY BRACKET;;;; +FE5D;SMALL LEFT TORTOISE SHELL BRACKET;Ps;0;ON; 3014;;;;N;SMALL OPENING TORTOISE SHELL BRACKET;;;; +FE5E;SMALL RIGHT TORTOISE SHELL BRACKET;Pe;0;ON; 3015;;;;N;SMALL CLOSING TORTOISE SHELL BRACKET;;;; +FE5F;SMALL NUMBER SIGN;Po;0;ET; 0023;;;;N;;;;; +FE60;SMALL AMPERSAND;Po;0;ON; 0026;;;;N;;;;; +FE61;SMALL ASTERISK;Po;0;ON; 002A;;;;N;;;;; +FE62;SMALL PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +FE63;SMALL HYPHEN-MINUS;Pd;0;ET; 002D;;;;N;;;;; +FE64;SMALL LESS-THAN SIGN;Sm;0;ON; 003C;;;;N;;;;; +FE65;SMALL GREATER-THAN SIGN;Sm;0;ON; 003E;;;;N;;;;; +FE66;SMALL EQUALS SIGN;Sm;0;ON; 003D;;;;N;;;;; +FE68;SMALL REVERSE SOLIDUS;Po;0;ON; 005C;;;;N;SMALL BACKSLASH;;;; +FE69;SMALL DOLLAR SIGN;Sc;0;ET; 0024;;;;N;;;;; +FE6A;SMALL PERCENT SIGN;Po;0;ET; 0025;;;;N;;;;; +FE6B;SMALL COMMERCIAL AT;Po;0;ON; 0040;;;;N;;;;; +FE70;ARABIC FATHATAN ISOLATED FORM;Lo;0;AL; 0020 064B;;;;N;ARABIC SPACING FATHATAN;;;; +FE71;ARABIC TATWEEL WITH FATHATAN ABOVE;Lo;0;AL; 0640 064B;;;;N;ARABIC FATHATAN ON TATWEEL;;;; +FE72;ARABIC DAMMATAN ISOLATED FORM;Lo;0;AL; 0020 064C;;;;N;ARABIC SPACING DAMMATAN;;;; +FE73;ARABIC TAIL FRAGMENT;Lo;0;AL;;;;;N;;;;; +FE74;ARABIC KASRATAN ISOLATED FORM;Lo;0;AL; 0020 064D;;;;N;ARABIC SPACING KASRATAN;;;; +FE76;ARABIC FATHA ISOLATED FORM;Lo;0;AL; 0020 064E;;;;N;ARABIC SPACING FATHAH;;;; +FE77;ARABIC FATHA MEDIAL FORM;Lo;0;AL; 0640 064E;;;;N;ARABIC FATHAH ON TATWEEL;;;; +FE78;ARABIC DAMMA ISOLATED FORM;Lo;0;AL; 0020 064F;;;;N;ARABIC SPACING DAMMAH;;;; +FE79;ARABIC DAMMA MEDIAL FORM;Lo;0;AL; 0640 064F;;;;N;ARABIC DAMMAH ON TATWEEL;;;; +FE7A;ARABIC KASRA ISOLATED FORM;Lo;0;AL; 0020 0650;;;;N;ARABIC SPACING KASRAH;;;; +FE7B;ARABIC KASRA MEDIAL FORM;Lo;0;AL; 0640 0650;;;;N;ARABIC KASRAH ON TATWEEL;;;; +FE7C;ARABIC SHADDA ISOLATED FORM;Lo;0;AL; 0020 0651;;;;N;ARABIC SPACING SHADDAH;;;; +FE7D;ARABIC SHADDA MEDIAL FORM;Lo;0;AL; 0640 0651;;;;N;ARABIC SHADDAH ON TATWEEL;;;; +FE7E;ARABIC SUKUN ISOLATED FORM;Lo;0;AL; 0020 0652;;;;N;ARABIC SPACING SUKUN;;;; +FE7F;ARABIC SUKUN MEDIAL FORM;Lo;0;AL; 0640 0652;;;;N;ARABIC SUKUN ON TATWEEL;;;; +FE80;ARABIC LETTER HAMZA ISOLATED FORM;Lo;0;AL; 0621;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH;;;; +FE81;ARABIC LETTER ALEF WITH MADDA ABOVE ISOLATED FORM;Lo;0;AL; 0622;;;;N;GLYPH FOR ISOLATE ARABIC MADDAH ON ALEF;;;; +FE82;ARABIC LETTER ALEF WITH MADDA ABOVE FINAL FORM;Lo;0;AL; 0622;;;;N;GLYPH FOR FINAL ARABIC MADDAH ON ALEF;;;; +FE83;ARABIC LETTER ALEF WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0623;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON ALEF;;;; +FE84;ARABIC LETTER ALEF WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 0623;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON ALEF;;;; +FE85;ARABIC LETTER WAW WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0624;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON WAW;;;; +FE86;ARABIC LETTER WAW WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 0624;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON WAW;;;; +FE87;ARABIC LETTER ALEF WITH HAMZA BELOW ISOLATED FORM;Lo;0;AL; 0625;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH UNDER ALEF;;;; +FE88;ARABIC LETTER ALEF WITH HAMZA BELOW FINAL FORM;Lo;0;AL; 0625;;;;N;GLYPH FOR FINAL ARABIC HAMZAH UNDER ALEF;;;; +FE89;ARABIC LETTER YEH WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0626;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON YA;;;; +FE8A;ARABIC LETTER YEH WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 0626;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON YA;;;; +FE8B;ARABIC LETTER YEH WITH HAMZA ABOVE INITIAL FORM;Lo;0;AL; 0626;;;;N;GLYPH FOR INITIAL ARABIC HAMZAH ON YA;;;; +FE8C;ARABIC LETTER YEH WITH HAMZA ABOVE MEDIAL FORM;Lo;0;AL; 0626;;;;N;GLYPH FOR MEDIAL ARABIC HAMZAH ON YA;;;; +FE8D;ARABIC LETTER ALEF ISOLATED FORM;Lo;0;AL; 0627;;;;N;GLYPH FOR ISOLATE ARABIC ALEF;;;; +FE8E;ARABIC LETTER ALEF FINAL FORM;Lo;0;AL; 0627;;;;N;GLYPH FOR FINAL ARABIC ALEF;;;; +FE8F;ARABIC LETTER BEH ISOLATED FORM;Lo;0;AL; 0628;;;;N;GLYPH FOR ISOLATE ARABIC BAA;;;; +FE90;ARABIC LETTER BEH FINAL FORM;Lo;0;AL; 0628;;;;N;GLYPH FOR FINAL ARABIC BAA;;;; +FE91;ARABIC LETTER BEH INITIAL FORM;Lo;0;AL; 0628;;;;N;GLYPH FOR INITIAL ARABIC BAA;;;; +FE92;ARABIC LETTER BEH MEDIAL FORM;Lo;0;AL; 0628;;;;N;GLYPH FOR MEDIAL ARABIC BAA;;;; +FE93;ARABIC LETTER TEH MARBUTA ISOLATED FORM;Lo;0;AL; 0629;;;;N;GLYPH FOR ISOLATE ARABIC TAA MARBUTAH;;;; +FE94;ARABIC LETTER TEH MARBUTA FINAL FORM;Lo;0;AL; 0629;;;;N;GLYPH FOR FINAL ARABIC TAA MARBUTAH;;;; +FE95;ARABIC LETTER TEH ISOLATED FORM;Lo;0;AL; 062A;;;;N;GLYPH FOR ISOLATE ARABIC TAA;;;; +FE96;ARABIC LETTER TEH FINAL FORM;Lo;0;AL; 062A;;;;N;GLYPH FOR FINAL ARABIC TAA;;;; +FE97;ARABIC LETTER TEH INITIAL FORM;Lo;0;AL; 062A;;;;N;GLYPH FOR INITIAL ARABIC TAA;;;; +FE98;ARABIC LETTER TEH MEDIAL FORM;Lo;0;AL; 062A;;;;N;GLYPH FOR MEDIAL ARABIC TAA;;;; +FE99;ARABIC LETTER THEH ISOLATED FORM;Lo;0;AL; 062B;;;;N;GLYPH FOR ISOLATE ARABIC THAA;;;; +FE9A;ARABIC LETTER THEH FINAL FORM;Lo;0;AL; 062B;;;;N;GLYPH FOR FINAL ARABIC THAA;;;; +FE9B;ARABIC LETTER THEH INITIAL FORM;Lo;0;AL; 062B;;;;N;GLYPH FOR INITIAL ARABIC THAA;;;; +FE9C;ARABIC LETTER THEH MEDIAL FORM;Lo;0;AL; 062B;;;;N;GLYPH FOR MEDIAL ARABIC THAA;;;; +FE9D;ARABIC LETTER JEEM ISOLATED FORM;Lo;0;AL; 062C;;;;N;GLYPH FOR ISOLATE ARABIC JEEM;;;; +FE9E;ARABIC LETTER JEEM FINAL FORM;Lo;0;AL; 062C;;;;N;GLYPH FOR FINAL ARABIC JEEM;;;; +FE9F;ARABIC LETTER JEEM INITIAL FORM;Lo;0;AL; 062C;;;;N;GLYPH FOR INITIAL ARABIC JEEM;;;; +FEA0;ARABIC LETTER JEEM MEDIAL FORM;Lo;0;AL; 062C;;;;N;GLYPH FOR MEDIAL ARABIC JEEM;;;; +FEA1;ARABIC LETTER HAH ISOLATED FORM;Lo;0;AL; 062D;;;;N;GLYPH FOR ISOLATE ARABIC HAA;;;; +FEA2;ARABIC LETTER HAH FINAL FORM;Lo;0;AL; 062D;;;;N;GLYPH FOR FINAL ARABIC HAA;;;; +FEA3;ARABIC LETTER HAH INITIAL FORM;Lo;0;AL; 062D;;;;N;GLYPH FOR INITIAL ARABIC HAA;;;; +FEA4;ARABIC LETTER HAH MEDIAL FORM;Lo;0;AL; 062D;;;;N;GLYPH FOR MEDIAL ARABIC HAA;;;; +FEA5;ARABIC LETTER KHAH ISOLATED FORM;Lo;0;AL; 062E;;;;N;GLYPH FOR ISOLATE ARABIC KHAA;;;; +FEA6;ARABIC LETTER KHAH FINAL FORM;Lo;0;AL; 062E;;;;N;GLYPH FOR FINAL ARABIC KHAA;;;; +FEA7;ARABIC LETTER KHAH INITIAL FORM;Lo;0;AL; 062E;;;;N;GLYPH FOR INITIAL ARABIC KHAA;;;; +FEA8;ARABIC LETTER KHAH MEDIAL FORM;Lo;0;AL; 062E;;;;N;GLYPH FOR MEDIAL ARABIC KHAA;;;; +FEA9;ARABIC LETTER DAL ISOLATED FORM;Lo;0;AL; 062F;;;;N;GLYPH FOR ISOLATE ARABIC DAL;;;; +FEAA;ARABIC LETTER DAL FINAL FORM;Lo;0;AL; 062F;;;;N;GLYPH FOR FINAL ARABIC DAL;;;; +FEAB;ARABIC LETTER THAL ISOLATED FORM;Lo;0;AL; 0630;;;;N;GLYPH FOR ISOLATE ARABIC THAL;;;; +FEAC;ARABIC LETTER THAL FINAL FORM;Lo;0;AL; 0630;;;;N;GLYPH FOR FINAL ARABIC THAL;;;; +FEAD;ARABIC LETTER REH ISOLATED FORM;Lo;0;AL; 0631;;;;N;GLYPH FOR ISOLATE ARABIC RA;;;; +FEAE;ARABIC LETTER REH FINAL FORM;Lo;0;AL; 0631;;;;N;GLYPH FOR FINAL ARABIC RA;;;; +FEAF;ARABIC LETTER ZAIN ISOLATED FORM;Lo;0;AL; 0632;;;;N;GLYPH FOR ISOLATE ARABIC ZAIN;;;; +FEB0;ARABIC LETTER ZAIN FINAL FORM;Lo;0;AL; 0632;;;;N;GLYPH FOR FINAL ARABIC ZAIN;;;; +FEB1;ARABIC LETTER SEEN ISOLATED FORM;Lo;0;AL; 0633;;;;N;GLYPH FOR ISOLATE ARABIC SEEN;;;; +FEB2;ARABIC LETTER SEEN FINAL FORM;Lo;0;AL; 0633;;;;N;GLYPH FOR FINAL ARABIC SEEN;;;; +FEB3;ARABIC LETTER SEEN INITIAL FORM;Lo;0;AL; 0633;;;;N;GLYPH FOR INITIAL ARABIC SEEN;;;; +FEB4;ARABIC LETTER SEEN MEDIAL FORM;Lo;0;AL; 0633;;;;N;GLYPH FOR MEDIAL ARABIC SEEN;;;; +FEB5;ARABIC LETTER SHEEN ISOLATED FORM;Lo;0;AL; 0634;;;;N;GLYPH FOR ISOLATE ARABIC SHEEN;;;; +FEB6;ARABIC LETTER SHEEN FINAL FORM;Lo;0;AL; 0634;;;;N;GLYPH FOR FINAL ARABIC SHEEN;;;; +FEB7;ARABIC LETTER SHEEN INITIAL FORM;Lo;0;AL; 0634;;;;N;GLYPH FOR INITIAL ARABIC SHEEN;;;; +FEB8;ARABIC LETTER SHEEN MEDIAL FORM;Lo;0;AL; 0634;;;;N;GLYPH FOR MEDIAL ARABIC SHEEN;;;; +FEB9;ARABIC LETTER SAD ISOLATED FORM;Lo;0;AL; 0635;;;;N;GLYPH FOR ISOLATE ARABIC SAD;;;; +FEBA;ARABIC LETTER SAD FINAL FORM;Lo;0;AL; 0635;;;;N;GLYPH FOR FINAL ARABIC SAD;;;; +FEBB;ARABIC LETTER SAD INITIAL FORM;Lo;0;AL; 0635;;;;N;GLYPH FOR INITIAL ARABIC SAD;;;; +FEBC;ARABIC LETTER SAD MEDIAL FORM;Lo;0;AL; 0635;;;;N;GLYPH FOR MEDIAL ARABIC SAD;;;; +FEBD;ARABIC LETTER DAD ISOLATED FORM;Lo;0;AL; 0636;;;;N;GLYPH FOR ISOLATE ARABIC DAD;;;; +FEBE;ARABIC LETTER DAD FINAL FORM;Lo;0;AL; 0636;;;;N;GLYPH FOR FINAL ARABIC DAD;;;; +FEBF;ARABIC LETTER DAD INITIAL FORM;Lo;0;AL; 0636;;;;N;GLYPH FOR INITIAL ARABIC DAD;;;; +FEC0;ARABIC LETTER DAD MEDIAL FORM;Lo;0;AL; 0636;;;;N;GLYPH FOR MEDIAL ARABIC DAD;;;; +FEC1;ARABIC LETTER TAH ISOLATED FORM;Lo;0;AL; 0637;;;;N;GLYPH FOR ISOLATE ARABIC TAH;;;; +FEC2;ARABIC LETTER TAH FINAL FORM;Lo;0;AL; 0637;;;;N;GLYPH FOR FINAL ARABIC TAH;;;; +FEC3;ARABIC LETTER TAH INITIAL FORM;Lo;0;AL; 0637;;;;N;GLYPH FOR INITIAL ARABIC TAH;;;; +FEC4;ARABIC LETTER TAH MEDIAL FORM;Lo;0;AL; 0637;;;;N;GLYPH FOR MEDIAL ARABIC TAH;;;; +FEC5;ARABIC LETTER ZAH ISOLATED FORM;Lo;0;AL; 0638;;;;N;GLYPH FOR ISOLATE ARABIC DHAH;;;; +FEC6;ARABIC LETTER ZAH FINAL FORM;Lo;0;AL; 0638;;;;N;GLYPH FOR FINAL ARABIC DHAH;;;; +FEC7;ARABIC LETTER ZAH INITIAL FORM;Lo;0;AL; 0638;;;;N;GLYPH FOR INITIAL ARABIC DHAH;;;; +FEC8;ARABIC LETTER ZAH MEDIAL FORM;Lo;0;AL; 0638;;;;N;GLYPH FOR MEDIAL ARABIC DHAH;;;; +FEC9;ARABIC LETTER AIN ISOLATED FORM;Lo;0;AL; 0639;;;;N;GLYPH FOR ISOLATE ARABIC AIN;;;; +FECA;ARABIC LETTER AIN FINAL FORM;Lo;0;AL; 0639;;;;N;GLYPH FOR FINAL ARABIC AIN;;;; +FECB;ARABIC LETTER AIN INITIAL FORM;Lo;0;AL; 0639;;;;N;GLYPH FOR INITIAL ARABIC AIN;;;; +FECC;ARABIC LETTER AIN MEDIAL FORM;Lo;0;AL; 0639;;;;N;GLYPH FOR MEDIAL ARABIC AIN;;;; +FECD;ARABIC LETTER GHAIN ISOLATED FORM;Lo;0;AL; 063A;;;;N;GLYPH FOR ISOLATE ARABIC GHAIN;;;; +FECE;ARABIC LETTER GHAIN FINAL FORM;Lo;0;AL; 063A;;;;N;GLYPH FOR FINAL ARABIC GHAIN;;;; +FECF;ARABIC LETTER GHAIN INITIAL FORM;Lo;0;AL; 063A;;;;N;GLYPH FOR INITIAL ARABIC GHAIN;;;; +FED0;ARABIC LETTER GHAIN MEDIAL FORM;Lo;0;AL; 063A;;;;N;GLYPH FOR MEDIAL ARABIC GHAIN;;;; +FED1;ARABIC LETTER FEH ISOLATED FORM;Lo;0;AL; 0641;;;;N;GLYPH FOR ISOLATE ARABIC FA;;;; +FED2;ARABIC LETTER FEH FINAL FORM;Lo;0;AL; 0641;;;;N;GLYPH FOR FINAL ARABIC FA;;;; +FED3;ARABIC LETTER FEH INITIAL FORM;Lo;0;AL; 0641;;;;N;GLYPH FOR INITIAL ARABIC FA;;;; +FED4;ARABIC LETTER FEH MEDIAL FORM;Lo;0;AL; 0641;;;;N;GLYPH FOR MEDIAL ARABIC FA;;;; +FED5;ARABIC LETTER QAF ISOLATED FORM;Lo;0;AL; 0642;;;;N;GLYPH FOR ISOLATE ARABIC QAF;;;; +FED6;ARABIC LETTER QAF FINAL FORM;Lo;0;AL; 0642;;;;N;GLYPH FOR FINAL ARABIC QAF;;;; +FED7;ARABIC LETTER QAF INITIAL FORM;Lo;0;AL; 0642;;;;N;GLYPH FOR INITIAL ARABIC QAF;;;; +FED8;ARABIC LETTER QAF MEDIAL FORM;Lo;0;AL; 0642;;;;N;GLYPH FOR MEDIAL ARABIC QAF;;;; +FED9;ARABIC LETTER KAF ISOLATED FORM;Lo;0;AL; 0643;;;;N;GLYPH FOR ISOLATE ARABIC CAF;;;; +FEDA;ARABIC LETTER KAF FINAL FORM;Lo;0;AL; 0643;;;;N;GLYPH FOR FINAL ARABIC CAF;;;; +FEDB;ARABIC LETTER KAF INITIAL FORM;Lo;0;AL; 0643;;;;N;GLYPH FOR INITIAL ARABIC CAF;;;; +FEDC;ARABIC LETTER KAF MEDIAL FORM;Lo;0;AL; 0643;;;;N;GLYPH FOR MEDIAL ARABIC CAF;;;; +FEDD;ARABIC LETTER LAM ISOLATED FORM;Lo;0;AL; 0644;;;;N;GLYPH FOR ISOLATE ARABIC LAM;;;; +FEDE;ARABIC LETTER LAM FINAL FORM;Lo;0;AL; 0644;;;;N;GLYPH FOR FINAL ARABIC LAM;;;; +FEDF;ARABIC LETTER LAM INITIAL FORM;Lo;0;AL; 0644;;;;N;GLYPH FOR INITIAL ARABIC LAM;;;; +FEE0;ARABIC LETTER LAM MEDIAL FORM;Lo;0;AL; 0644;;;;N;GLYPH FOR MEDIAL ARABIC LAM;;;; +FEE1;ARABIC LETTER MEEM ISOLATED FORM;Lo;0;AL; 0645;;;;N;GLYPH FOR ISOLATE ARABIC MEEM;;;; +FEE2;ARABIC LETTER MEEM FINAL FORM;Lo;0;AL; 0645;;;;N;GLYPH FOR FINAL ARABIC MEEM;;;; +FEE3;ARABIC LETTER MEEM INITIAL FORM;Lo;0;AL; 0645;;;;N;GLYPH FOR INITIAL ARABIC MEEM;;;; +FEE4;ARABIC LETTER MEEM MEDIAL FORM;Lo;0;AL; 0645;;;;N;GLYPH FOR MEDIAL ARABIC MEEM;;;; +FEE5;ARABIC LETTER NOON ISOLATED FORM;Lo;0;AL; 0646;;;;N;GLYPH FOR ISOLATE ARABIC NOON;;;; +FEE6;ARABIC LETTER NOON FINAL FORM;Lo;0;AL; 0646;;;;N;GLYPH FOR FINAL ARABIC NOON;;;; +FEE7;ARABIC LETTER NOON INITIAL FORM;Lo;0;AL; 0646;;;;N;GLYPH FOR INITIAL ARABIC NOON;;;; +FEE8;ARABIC LETTER NOON MEDIAL FORM;Lo;0;AL; 0646;;;;N;GLYPH FOR MEDIAL ARABIC NOON;;;; +FEE9;ARABIC LETTER HEH ISOLATED FORM;Lo;0;AL; 0647;;;;N;GLYPH FOR ISOLATE ARABIC HA;;;; +FEEA;ARABIC LETTER HEH FINAL FORM;Lo;0;AL; 0647;;;;N;GLYPH FOR FINAL ARABIC HA;;;; +FEEB;ARABIC LETTER HEH INITIAL FORM;Lo;0;AL; 0647;;;;N;GLYPH FOR INITIAL ARABIC HA;;;; +FEEC;ARABIC LETTER HEH MEDIAL FORM;Lo;0;AL; 0647;;;;N;GLYPH FOR MEDIAL ARABIC HA;;;; +FEED;ARABIC LETTER WAW ISOLATED FORM;Lo;0;AL; 0648;;;;N;GLYPH FOR ISOLATE ARABIC WAW;;;; +FEEE;ARABIC LETTER WAW FINAL FORM;Lo;0;AL; 0648;;;;N;GLYPH FOR FINAL ARABIC WAW;;;; +FEEF;ARABIC LETTER ALEF MAKSURA ISOLATED FORM;Lo;0;AL; 0649;;;;N;GLYPH FOR ISOLATE ARABIC ALEF MAQSURAH;;;; +FEF0;ARABIC LETTER ALEF MAKSURA FINAL FORM;Lo;0;AL; 0649;;;;N;GLYPH FOR FINAL ARABIC ALEF MAQSURAH;;;; +FEF1;ARABIC LETTER YEH ISOLATED FORM;Lo;0;AL; 064A;;;;N;GLYPH FOR ISOLATE ARABIC YA;;;; +FEF2;ARABIC LETTER YEH FINAL FORM;Lo;0;AL; 064A;;;;N;GLYPH FOR FINAL ARABIC YA;;;; +FEF3;ARABIC LETTER YEH INITIAL FORM;Lo;0;AL; 064A;;;;N;GLYPH FOR INITIAL ARABIC YA;;;; +FEF4;ARABIC LETTER YEH MEDIAL FORM;Lo;0;AL; 064A;;;;N;GLYPH FOR MEDIAL ARABIC YA;;;; +FEF5;ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE ISOLATED FORM;Lo;0;AL; 0644 0622;;;;N;GLYPH FOR ISOLATE ARABIC MADDAH ON LIGATURE LAM ALEF;;;; +FEF6;ARABIC LIGATURE LAM WITH ALEF WITH MADDA ABOVE FINAL FORM;Lo;0;AL; 0644 0622;;;;N;GLYPH FOR FINAL ARABIC MADDAH ON LIGATURE LAM ALEF;;;; +FEF7;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE ISOLATED FORM;Lo;0;AL; 0644 0623;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH ON LIGATURE LAM ALEF;;;; +FEF8;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA ABOVE FINAL FORM;Lo;0;AL; 0644 0623;;;;N;GLYPH FOR FINAL ARABIC HAMZAH ON LIGATURE LAM ALEF;;;; +FEF9;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW ISOLATED FORM;Lo;0;AL; 0644 0625;;;;N;GLYPH FOR ISOLATE ARABIC HAMZAH UNDER LIGATURE LAM ALEF;;;; +FEFA;ARABIC LIGATURE LAM WITH ALEF WITH HAMZA BELOW FINAL FORM;Lo;0;AL; 0644 0625;;;;N;GLYPH FOR FINAL ARABIC HAMZAH UNDER LIGATURE LAM ALEF;;;; +FEFB;ARABIC LIGATURE LAM WITH ALEF ISOLATED FORM;Lo;0;AL; 0644 0627;;;;N;GLYPH FOR ISOLATE ARABIC LIGATURE LAM ALEF;;;; +FEFC;ARABIC LIGATURE LAM WITH ALEF FINAL FORM;Lo;0;AL; 0644 0627;;;;N;GLYPH FOR FINAL ARABIC LIGATURE LAM ALEF;;;; +FEFF;ZERO WIDTH NO-BREAK SPACE;Cf;0;BN;;;;;N;BYTE ORDER MARK;;;; +FF01;FULLWIDTH EXCLAMATION MARK;Po;0;ON; 0021;;;;N;;;;; +FF02;FULLWIDTH QUOTATION MARK;Po;0;ON; 0022;;;;N;;;;; +FF03;FULLWIDTH NUMBER SIGN;Po;0;ET; 0023;;;;N;;;;; +FF04;FULLWIDTH DOLLAR SIGN;Sc;0;ET; 0024;;;;N;;;;; +FF05;FULLWIDTH PERCENT SIGN;Po;0;ET; 0025;;;;N;;;;; +FF06;FULLWIDTH AMPERSAND;Po;0;ON; 0026;;;;N;;;;; +FF07;FULLWIDTH APOSTROPHE;Po;0;ON; 0027;;;;N;;;;; +FF08;FULLWIDTH LEFT PARENTHESIS;Ps;0;ON; 0028;;;;Y;FULLWIDTH OPENING PARENTHESIS;;;; +FF09;FULLWIDTH RIGHT PARENTHESIS;Pe;0;ON; 0029;;;;Y;FULLWIDTH CLOSING PARENTHESIS;;;; +FF0A;FULLWIDTH ASTERISK;Po;0;ON; 002A;;;;N;;;;; +FF0B;FULLWIDTH PLUS SIGN;Sm;0;ET; 002B;;;;N;;;;; +FF0C;FULLWIDTH COMMA;Po;0;CS; 002C;;;;N;;;;; +FF0D;FULLWIDTH HYPHEN-MINUS;Pd;0;ET; 002D;;;;N;;;;; +FF0E;FULLWIDTH FULL STOP;Po;0;CS; 002E;;;;N;FULLWIDTH PERIOD;;;; +FF0F;FULLWIDTH SOLIDUS;Po;0;ES; 002F;;;;N;FULLWIDTH SLASH;;;; +FF10;FULLWIDTH DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +FF11;FULLWIDTH DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +FF12;FULLWIDTH DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +FF13;FULLWIDTH DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +FF14;FULLWIDTH DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +FF15;FULLWIDTH DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +FF16;FULLWIDTH DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +FF17;FULLWIDTH DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +FF18;FULLWIDTH DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +FF19;FULLWIDTH DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +FF1A;FULLWIDTH COLON;Po;0;CS; 003A;;;;N;;;;; +FF1B;FULLWIDTH SEMICOLON;Po;0;ON; 003B;;;;N;;;;; +FF1C;FULLWIDTH LESS-THAN SIGN;Sm;0;ON; 003C;;;;Y;;;;; +FF1D;FULLWIDTH EQUALS SIGN;Sm;0;ON; 003D;;;;N;;;;; +FF1E;FULLWIDTH GREATER-THAN SIGN;Sm;0;ON; 003E;;;;Y;;;;; +FF1F;FULLWIDTH QUESTION MARK;Po;0;ON; 003F;;;;N;;;;; +FF20;FULLWIDTH COMMERCIAL AT;Po;0;ON; 0040;;;;N;;;;; +FF21;FULLWIDTH LATIN CAPITAL LETTER A;Lu;0;L; 0041;;;;N;;;;FF41; +FF22;FULLWIDTH LATIN CAPITAL LETTER B;Lu;0;L; 0042;;;;N;;;;FF42; +FF23;FULLWIDTH LATIN CAPITAL LETTER C;Lu;0;L; 0043;;;;N;;;;FF43; +FF24;FULLWIDTH LATIN CAPITAL LETTER D;Lu;0;L; 0044;;;;N;;;;FF44; +FF25;FULLWIDTH LATIN CAPITAL LETTER E;Lu;0;L; 0045;;;;N;;;;FF45; +FF26;FULLWIDTH LATIN CAPITAL LETTER F;Lu;0;L; 0046;;;;N;;;;FF46; +FF27;FULLWIDTH LATIN CAPITAL LETTER G;Lu;0;L; 0047;;;;N;;;;FF47; +FF28;FULLWIDTH LATIN CAPITAL LETTER H;Lu;0;L; 0048;;;;N;;;;FF48; +FF29;FULLWIDTH LATIN CAPITAL LETTER I;Lu;0;L; 0049;;;;N;;;;FF49; +FF2A;FULLWIDTH LATIN CAPITAL LETTER J;Lu;0;L; 004A;;;;N;;;;FF4A; +FF2B;FULLWIDTH LATIN CAPITAL LETTER K;Lu;0;L; 004B;;;;N;;;;FF4B; +FF2C;FULLWIDTH LATIN CAPITAL LETTER L;Lu;0;L; 004C;;;;N;;;;FF4C; +FF2D;FULLWIDTH LATIN CAPITAL LETTER M;Lu;0;L; 004D;;;;N;;;;FF4D; +FF2E;FULLWIDTH LATIN CAPITAL LETTER N;Lu;0;L; 004E;;;;N;;;;FF4E; +FF2F;FULLWIDTH LATIN CAPITAL LETTER O;Lu;0;L; 004F;;;;N;;;;FF4F; +FF30;FULLWIDTH LATIN CAPITAL LETTER P;Lu;0;L; 0050;;;;N;;;;FF50; +FF31;FULLWIDTH LATIN CAPITAL LETTER Q;Lu;0;L; 0051;;;;N;;;;FF51; +FF32;FULLWIDTH LATIN CAPITAL LETTER R;Lu;0;L; 0052;;;;N;;;;FF52; +FF33;FULLWIDTH LATIN CAPITAL LETTER S;Lu;0;L; 0053;;;;N;;;;FF53; +FF34;FULLWIDTH LATIN CAPITAL LETTER T;Lu;0;L; 0054;;;;N;;;;FF54; +FF35;FULLWIDTH LATIN CAPITAL LETTER U;Lu;0;L; 0055;;;;N;;;;FF55; +FF36;FULLWIDTH LATIN CAPITAL LETTER V;Lu;0;L; 0056;;;;N;;;;FF56; +FF37;FULLWIDTH LATIN CAPITAL LETTER W;Lu;0;L; 0057;;;;N;;;;FF57; +FF38;FULLWIDTH LATIN CAPITAL LETTER X;Lu;0;L; 0058;;;;N;;;;FF58; +FF39;FULLWIDTH LATIN CAPITAL LETTER Y;Lu;0;L; 0059;;;;N;;;;FF59; +FF3A;FULLWIDTH LATIN CAPITAL LETTER Z;Lu;0;L; 005A;;;;N;;;;FF5A; +FF3B;FULLWIDTH LEFT SQUARE BRACKET;Ps;0;ON; 005B;;;;Y;FULLWIDTH OPENING SQUARE BRACKET;;;; +FF3C;FULLWIDTH REVERSE SOLIDUS;Po;0;ON; 005C;;;;N;FULLWIDTH BACKSLASH;;;; +FF3D;FULLWIDTH RIGHT SQUARE BRACKET;Pe;0;ON; 005D;;;;Y;FULLWIDTH CLOSING SQUARE BRACKET;;;; +FF3E;FULLWIDTH CIRCUMFLEX ACCENT;Sk;0;ON; 005E;;;;N;FULLWIDTH SPACING CIRCUMFLEX;;;; +FF3F;FULLWIDTH LOW LINE;Pc;0;ON; 005F;;;;N;FULLWIDTH SPACING UNDERSCORE;;;; +FF40;FULLWIDTH GRAVE ACCENT;Sk;0;ON; 0060;;;;N;FULLWIDTH SPACING GRAVE;;;; +FF41;FULLWIDTH LATIN SMALL LETTER A;Ll;0;L; 0061;;;;N;;;FF21;;FF21 +FF42;FULLWIDTH LATIN SMALL LETTER B;Ll;0;L; 0062;;;;N;;;FF22;;FF22 +FF43;FULLWIDTH LATIN SMALL LETTER C;Ll;0;L; 0063;;;;N;;;FF23;;FF23 +FF44;FULLWIDTH LATIN SMALL LETTER D;Ll;0;L; 0064;;;;N;;;FF24;;FF24 +FF45;FULLWIDTH LATIN SMALL LETTER E;Ll;0;L; 0065;;;;N;;;FF25;;FF25 +FF46;FULLWIDTH LATIN SMALL LETTER F;Ll;0;L; 0066;;;;N;;;FF26;;FF26 +FF47;FULLWIDTH LATIN SMALL LETTER G;Ll;0;L; 0067;;;;N;;;FF27;;FF27 +FF48;FULLWIDTH LATIN SMALL LETTER H;Ll;0;L; 0068;;;;N;;;FF28;;FF28 +FF49;FULLWIDTH LATIN SMALL LETTER I;Ll;0;L; 0069;;;;N;;;FF29;;FF29 +FF4A;FULLWIDTH LATIN SMALL LETTER J;Ll;0;L; 006A;;;;N;;;FF2A;;FF2A +FF4B;FULLWIDTH LATIN SMALL LETTER K;Ll;0;L; 006B;;;;N;;;FF2B;;FF2B +FF4C;FULLWIDTH LATIN SMALL LETTER L;Ll;0;L; 006C;;;;N;;;FF2C;;FF2C +FF4D;FULLWIDTH LATIN SMALL LETTER M;Ll;0;L; 006D;;;;N;;;FF2D;;FF2D +FF4E;FULLWIDTH LATIN SMALL LETTER N;Ll;0;L; 006E;;;;N;;;FF2E;;FF2E +FF4F;FULLWIDTH LATIN SMALL LETTER O;Ll;0;L; 006F;;;;N;;;FF2F;;FF2F +FF50;FULLWIDTH LATIN SMALL LETTER P;Ll;0;L; 0070;;;;N;;;FF30;;FF30 +FF51;FULLWIDTH LATIN SMALL LETTER Q;Ll;0;L; 0071;;;;N;;;FF31;;FF31 +FF52;FULLWIDTH LATIN SMALL LETTER R;Ll;0;L; 0072;;;;N;;;FF32;;FF32 +FF53;FULLWIDTH LATIN SMALL LETTER S;Ll;0;L; 0073;;;;N;;;FF33;;FF33 +FF54;FULLWIDTH LATIN SMALL LETTER T;Ll;0;L; 0074;;;;N;;;FF34;;FF34 +FF55;FULLWIDTH LATIN SMALL LETTER U;Ll;0;L; 0075;;;;N;;;FF35;;FF35 +FF56;FULLWIDTH LATIN SMALL LETTER V;Ll;0;L; 0076;;;;N;;;FF36;;FF36 +FF57;FULLWIDTH LATIN SMALL LETTER W;Ll;0;L; 0077;;;;N;;;FF37;;FF37 +FF58;FULLWIDTH LATIN SMALL LETTER X;Ll;0;L; 0078;;;;N;;;FF38;;FF38 +FF59;FULLWIDTH LATIN SMALL LETTER Y;Ll;0;L; 0079;;;;N;;;FF39;;FF39 +FF5A;FULLWIDTH LATIN SMALL LETTER Z;Ll;0;L; 007A;;;;N;;;FF3A;;FF3A +FF5B;FULLWIDTH LEFT CURLY BRACKET;Ps;0;ON; 007B;;;;Y;FULLWIDTH OPENING CURLY BRACKET;;;; +FF5C;FULLWIDTH VERTICAL LINE;Sm;0;ON; 007C;;;;N;FULLWIDTH VERTICAL BAR;;;; +FF5D;FULLWIDTH RIGHT CURLY BRACKET;Pe;0;ON; 007D;;;;Y;FULLWIDTH CLOSING CURLY BRACKET;;;; +FF5E;FULLWIDTH TILDE;Sm;0;ON; 007E;;;;N;FULLWIDTH SPACING TILDE;;;; +FF5F;FULLWIDTH LEFT WHITE PARENTHESIS;Ps;0;ON; 2985;;;;Y;;*;;; +FF60;FULLWIDTH RIGHT WHITE PARENTHESIS;Pe;0;ON; 2986;;;;Y;;*;;; +FF61;HALFWIDTH IDEOGRAPHIC FULL STOP;Po;0;ON; 3002;;;;N;HALFWIDTH IDEOGRAPHIC PERIOD;;;; +FF62;HALFWIDTH LEFT CORNER BRACKET;Ps;0;ON; 300C;;;;Y;HALFWIDTH OPENING CORNER BRACKET;;;; +FF63;HALFWIDTH RIGHT CORNER BRACKET;Pe;0;ON; 300D;;;;Y;HALFWIDTH CLOSING CORNER BRACKET;;;; +FF64;HALFWIDTH IDEOGRAPHIC COMMA;Po;0;ON; 3001;;;;N;;;;; +FF65;HALFWIDTH KATAKANA MIDDLE DOT;Pc;0;ON; 30FB;;;;N;;;;; +FF66;HALFWIDTH KATAKANA LETTER WO;Lo;0;L; 30F2;;;;N;;;;; +FF67;HALFWIDTH KATAKANA LETTER SMALL A;Lo;0;L; 30A1;;;;N;;;;; +FF68;HALFWIDTH KATAKANA LETTER SMALL I;Lo;0;L; 30A3;;;;N;;;;; +FF69;HALFWIDTH KATAKANA LETTER SMALL U;Lo;0;L; 30A5;;;;N;;;;; +FF6A;HALFWIDTH KATAKANA LETTER SMALL E;Lo;0;L; 30A7;;;;N;;;;; +FF6B;HALFWIDTH KATAKANA LETTER SMALL O;Lo;0;L; 30A9;;;;N;;;;; +FF6C;HALFWIDTH KATAKANA LETTER SMALL YA;Lo;0;L; 30E3;;;;N;;;;; +FF6D;HALFWIDTH KATAKANA LETTER SMALL YU;Lo;0;L; 30E5;;;;N;;;;; +FF6E;HALFWIDTH KATAKANA LETTER SMALL YO;Lo;0;L; 30E7;;;;N;;;;; +FF6F;HALFWIDTH KATAKANA LETTER SMALL TU;Lo;0;L; 30C3;;;;N;;;;; +FF70;HALFWIDTH KATAKANA-HIRAGANA PROLONGED SOUND MARK;Lm;0;L; 30FC;;;;N;;;;; +FF71;HALFWIDTH KATAKANA LETTER A;Lo;0;L; 30A2;;;;N;;;;; +FF72;HALFWIDTH KATAKANA LETTER I;Lo;0;L; 30A4;;;;N;;;;; +FF73;HALFWIDTH KATAKANA LETTER U;Lo;0;L; 30A6;;;;N;;;;; +FF74;HALFWIDTH KATAKANA LETTER E;Lo;0;L; 30A8;;;;N;;;;; +FF75;HALFWIDTH KATAKANA LETTER O;Lo;0;L; 30AA;;;;N;;;;; +FF76;HALFWIDTH KATAKANA LETTER KA;Lo;0;L; 30AB;;;;N;;;;; +FF77;HALFWIDTH KATAKANA LETTER KI;Lo;0;L; 30AD;;;;N;;;;; +FF78;HALFWIDTH KATAKANA LETTER KU;Lo;0;L; 30AF;;;;N;;;;; +FF79;HALFWIDTH KATAKANA LETTER KE;Lo;0;L; 30B1;;;;N;;;;; +FF7A;HALFWIDTH KATAKANA LETTER KO;Lo;0;L; 30B3;;;;N;;;;; +FF7B;HALFWIDTH KATAKANA LETTER SA;Lo;0;L; 30B5;;;;N;;;;; +FF7C;HALFWIDTH KATAKANA LETTER SI;Lo;0;L; 30B7;;;;N;;;;; +FF7D;HALFWIDTH KATAKANA LETTER SU;Lo;0;L; 30B9;;;;N;;;;; +FF7E;HALFWIDTH KATAKANA LETTER SE;Lo;0;L; 30BB;;;;N;;;;; +FF7F;HALFWIDTH KATAKANA LETTER SO;Lo;0;L; 30BD;;;;N;;;;; +FF80;HALFWIDTH KATAKANA LETTER TA;Lo;0;L; 30BF;;;;N;;;;; +FF81;HALFWIDTH KATAKANA LETTER TI;Lo;0;L; 30C1;;;;N;;;;; +FF82;HALFWIDTH KATAKANA LETTER TU;Lo;0;L; 30C4;;;;N;;;;; +FF83;HALFWIDTH KATAKANA LETTER TE;Lo;0;L; 30C6;;;;N;;;;; +FF84;HALFWIDTH KATAKANA LETTER TO;Lo;0;L; 30C8;;;;N;;;;; +FF85;HALFWIDTH KATAKANA LETTER NA;Lo;0;L; 30CA;;;;N;;;;; +FF86;HALFWIDTH KATAKANA LETTER NI;Lo;0;L; 30CB;;;;N;;;;; +FF87;HALFWIDTH KATAKANA LETTER NU;Lo;0;L; 30CC;;;;N;;;;; +FF88;HALFWIDTH KATAKANA LETTER NE;Lo;0;L; 30CD;;;;N;;;;; +FF89;HALFWIDTH KATAKANA LETTER NO;Lo;0;L; 30CE;;;;N;;;;; +FF8A;HALFWIDTH KATAKANA LETTER HA;Lo;0;L; 30CF;;;;N;;;;; +FF8B;HALFWIDTH KATAKANA LETTER HI;Lo;0;L; 30D2;;;;N;;;;; +FF8C;HALFWIDTH KATAKANA LETTER HU;Lo;0;L; 30D5;;;;N;;;;; +FF8D;HALFWIDTH KATAKANA LETTER HE;Lo;0;L; 30D8;;;;N;;;;; +FF8E;HALFWIDTH KATAKANA LETTER HO;Lo;0;L; 30DB;;;;N;;;;; +FF8F;HALFWIDTH KATAKANA LETTER MA;Lo;0;L; 30DE;;;;N;;;;; +FF90;HALFWIDTH KATAKANA LETTER MI;Lo;0;L; 30DF;;;;N;;;;; +FF91;HALFWIDTH KATAKANA LETTER MU;Lo;0;L; 30E0;;;;N;;;;; +FF92;HALFWIDTH KATAKANA LETTER ME;Lo;0;L; 30E1;;;;N;;;;; +FF93;HALFWIDTH KATAKANA LETTER MO;Lo;0;L; 30E2;;;;N;;;;; +FF94;HALFWIDTH KATAKANA LETTER YA;Lo;0;L; 30E4;;;;N;;;;; +FF95;HALFWIDTH KATAKANA LETTER YU;Lo;0;L; 30E6;;;;N;;;;; +FF96;HALFWIDTH KATAKANA LETTER YO;Lo;0;L; 30E8;;;;N;;;;; +FF97;HALFWIDTH KATAKANA LETTER RA;Lo;0;L; 30E9;;;;N;;;;; +FF98;HALFWIDTH KATAKANA LETTER RI;Lo;0;L; 30EA;;;;N;;;;; +FF99;HALFWIDTH KATAKANA LETTER RU;Lo;0;L; 30EB;;;;N;;;;; +FF9A;HALFWIDTH KATAKANA LETTER RE;Lo;0;L; 30EC;;;;N;;;;; +FF9B;HALFWIDTH KATAKANA LETTER RO;Lo;0;L; 30ED;;;;N;;;;; +FF9C;HALFWIDTH KATAKANA LETTER WA;Lo;0;L; 30EF;;;;N;;;;; +FF9D;HALFWIDTH KATAKANA LETTER N;Lo;0;L; 30F3;;;;N;;;;; +FF9E;HALFWIDTH KATAKANA VOICED SOUND MARK;Lm;0;L; 3099;;;;N;;halfwidth katakana-hiragana voiced sound mark;;; +FF9F;HALFWIDTH KATAKANA SEMI-VOICED SOUND MARK;Lm;0;L; 309A;;;;N;;halfwidth katakana-hiragana semi-voiced sound mark;;; +FFA0;HALFWIDTH HANGUL FILLER;Lo;0;L; 3164;;;;N;HALFWIDTH HANGUL CAE OM;;;; +FFA1;HALFWIDTH HANGUL LETTER KIYEOK;Lo;0;L; 3131;;;;N;HALFWIDTH HANGUL LETTER GIYEOG;;;; +FFA2;HALFWIDTH HANGUL LETTER SSANGKIYEOK;Lo;0;L; 3132;;;;N;HALFWIDTH HANGUL LETTER SSANG GIYEOG;;;; +FFA3;HALFWIDTH HANGUL LETTER KIYEOK-SIOS;Lo;0;L; 3133;;;;N;HALFWIDTH HANGUL LETTER GIYEOG SIOS;;;; +FFA4;HALFWIDTH HANGUL LETTER NIEUN;Lo;0;L; 3134;;;;N;;;;; +FFA5;HALFWIDTH HANGUL LETTER NIEUN-CIEUC;Lo;0;L; 3135;;;;N;HALFWIDTH HANGUL LETTER NIEUN JIEUJ;;;; +FFA6;HALFWIDTH HANGUL LETTER NIEUN-HIEUH;Lo;0;L; 3136;;;;N;HALFWIDTH HANGUL LETTER NIEUN HIEUH;;;; +FFA7;HALFWIDTH HANGUL LETTER TIKEUT;Lo;0;L; 3137;;;;N;HALFWIDTH HANGUL LETTER DIGEUD;;;; +FFA8;HALFWIDTH HANGUL LETTER SSANGTIKEUT;Lo;0;L; 3138;;;;N;HALFWIDTH HANGUL LETTER SSANG DIGEUD;;;; +FFA9;HALFWIDTH HANGUL LETTER RIEUL;Lo;0;L; 3139;;;;N;HALFWIDTH HANGUL LETTER LIEUL;;;; +FFAA;HALFWIDTH HANGUL LETTER RIEUL-KIYEOK;Lo;0;L; 313A;;;;N;HALFWIDTH HANGUL LETTER LIEUL GIYEOG;;;; +FFAB;HALFWIDTH HANGUL LETTER RIEUL-MIEUM;Lo;0;L; 313B;;;;N;HALFWIDTH HANGUL LETTER LIEUL MIEUM;;;; +FFAC;HALFWIDTH HANGUL LETTER RIEUL-PIEUP;Lo;0;L; 313C;;;;N;HALFWIDTH HANGUL LETTER LIEUL BIEUB;;;; +FFAD;HALFWIDTH HANGUL LETTER RIEUL-SIOS;Lo;0;L; 313D;;;;N;HALFWIDTH HANGUL LETTER LIEUL SIOS;;;; +FFAE;HALFWIDTH HANGUL LETTER RIEUL-THIEUTH;Lo;0;L; 313E;;;;N;HALFWIDTH HANGUL LETTER LIEUL TIEUT;;;; +FFAF;HALFWIDTH HANGUL LETTER RIEUL-PHIEUPH;Lo;0;L; 313F;;;;N;HALFWIDTH HANGUL LETTER LIEUL PIEUP;;;; +FFB0;HALFWIDTH HANGUL LETTER RIEUL-HIEUH;Lo;0;L; 3140;;;;N;HALFWIDTH HANGUL LETTER LIEUL HIEUH;;;; +FFB1;HALFWIDTH HANGUL LETTER MIEUM;Lo;0;L; 3141;;;;N;;;;; +FFB2;HALFWIDTH HANGUL LETTER PIEUP;Lo;0;L; 3142;;;;N;HALFWIDTH HANGUL LETTER BIEUB;;;; +FFB3;HALFWIDTH HANGUL LETTER SSANGPIEUP;Lo;0;L; 3143;;;;N;HALFWIDTH HANGUL LETTER SSANG BIEUB;;;; +FFB4;HALFWIDTH HANGUL LETTER PIEUP-SIOS;Lo;0;L; 3144;;;;N;HALFWIDTH HANGUL LETTER BIEUB SIOS;;;; +FFB5;HALFWIDTH HANGUL LETTER SIOS;Lo;0;L; 3145;;;;N;;;;; +FFB6;HALFWIDTH HANGUL LETTER SSANGSIOS;Lo;0;L; 3146;;;;N;HALFWIDTH HANGUL LETTER SSANG SIOS;;;; +FFB7;HALFWIDTH HANGUL LETTER IEUNG;Lo;0;L; 3147;;;;N;;;;; +FFB8;HALFWIDTH HANGUL LETTER CIEUC;Lo;0;L; 3148;;;;N;HALFWIDTH HANGUL LETTER JIEUJ;;;; +FFB9;HALFWIDTH HANGUL LETTER SSANGCIEUC;Lo;0;L; 3149;;;;N;HALFWIDTH HANGUL LETTER SSANG JIEUJ;;;; +FFBA;HALFWIDTH HANGUL LETTER CHIEUCH;Lo;0;L; 314A;;;;N;HALFWIDTH HANGUL LETTER CIEUC;;;; +FFBB;HALFWIDTH HANGUL LETTER KHIEUKH;Lo;0;L; 314B;;;;N;HALFWIDTH HANGUL LETTER KIYEOK;;;; +FFBC;HALFWIDTH HANGUL LETTER THIEUTH;Lo;0;L; 314C;;;;N;HALFWIDTH HANGUL LETTER TIEUT;;;; +FFBD;HALFWIDTH HANGUL LETTER PHIEUPH;Lo;0;L; 314D;;;;N;HALFWIDTH HANGUL LETTER PIEUP;;;; +FFBE;HALFWIDTH HANGUL LETTER HIEUH;Lo;0;L; 314E;;;;N;;;;; +FFC2;HALFWIDTH HANGUL LETTER A;Lo;0;L; 314F;;;;N;;;;; +FFC3;HALFWIDTH HANGUL LETTER AE;Lo;0;L; 3150;;;;N;;;;; +FFC4;HALFWIDTH HANGUL LETTER YA;Lo;0;L; 3151;;;;N;;;;; +FFC5;HALFWIDTH HANGUL LETTER YAE;Lo;0;L; 3152;;;;N;;;;; +FFC6;HALFWIDTH HANGUL LETTER EO;Lo;0;L; 3153;;;;N;;;;; +FFC7;HALFWIDTH HANGUL LETTER E;Lo;0;L; 3154;;;;N;;;;; +FFCA;HALFWIDTH HANGUL LETTER YEO;Lo;0;L; 3155;;;;N;;;;; +FFCB;HALFWIDTH HANGUL LETTER YE;Lo;0;L; 3156;;;;N;;;;; +FFCC;HALFWIDTH HANGUL LETTER O;Lo;0;L; 3157;;;;N;;;;; +FFCD;HALFWIDTH HANGUL LETTER WA;Lo;0;L; 3158;;;;N;;;;; +FFCE;HALFWIDTH HANGUL LETTER WAE;Lo;0;L; 3159;;;;N;;;;; +FFCF;HALFWIDTH HANGUL LETTER OE;Lo;0;L; 315A;;;;N;;;;; +FFD2;HALFWIDTH HANGUL LETTER YO;Lo;0;L; 315B;;;;N;;;;; +FFD3;HALFWIDTH HANGUL LETTER U;Lo;0;L; 315C;;;;N;;;;; +FFD4;HALFWIDTH HANGUL LETTER WEO;Lo;0;L; 315D;;;;N;;;;; +FFD5;HALFWIDTH HANGUL LETTER WE;Lo;0;L; 315E;;;;N;;;;; +FFD6;HALFWIDTH HANGUL LETTER WI;Lo;0;L; 315F;;;;N;;;;; +FFD7;HALFWIDTH HANGUL LETTER YU;Lo;0;L; 3160;;;;N;;;;; +FFDA;HALFWIDTH HANGUL LETTER EU;Lo;0;L; 3161;;;;N;;;;; +FFDB;HALFWIDTH HANGUL LETTER YI;Lo;0;L; 3162;;;;N;;;;; +FFDC;HALFWIDTH HANGUL LETTER I;Lo;0;L; 3163;;;;N;;;;; +FFE0;FULLWIDTH CENT SIGN;Sc;0;ET; 00A2;;;;N;;;;; +FFE1;FULLWIDTH POUND SIGN;Sc;0;ET; 00A3;;;;N;;;;; +FFE2;FULLWIDTH NOT SIGN;Sm;0;ON; 00AC;;;;N;;;;; +FFE3;FULLWIDTH MACRON;Sk;0;ON; 00AF;;;;N;FULLWIDTH SPACING MACRON;*;;; +FFE4;FULLWIDTH BROKEN BAR;So;0;ON; 00A6;;;;N;FULLWIDTH BROKEN VERTICAL BAR;;;; +FFE5;FULLWIDTH YEN SIGN;Sc;0;ET; 00A5;;;;N;;;;; +FFE6;FULLWIDTH WON SIGN;Sc;0;ET; 20A9;;;;N;;;;; +FFE8;HALFWIDTH FORMS LIGHT VERTICAL;So;0;ON; 2502;;;;N;;;;; +FFE9;HALFWIDTH LEFTWARDS ARROW;Sm;0;ON; 2190;;;;N;;;;; +FFEA;HALFWIDTH UPWARDS ARROW;Sm;0;ON; 2191;;;;N;;;;; +FFEB;HALFWIDTH RIGHTWARDS ARROW;Sm;0;ON; 2192;;;;N;;;;; +FFEC;HALFWIDTH DOWNWARDS ARROW;Sm;0;ON; 2193;;;;N;;;;; +FFED;HALFWIDTH BLACK SQUARE;So;0;ON; 25A0;;;;N;;;;; +FFEE;HALFWIDTH WHITE CIRCLE;So;0;ON; 25CB;;;;N;;;;; +FFF9;INTERLINEAR ANNOTATION ANCHOR;Cf;0;BN;;;;;N;;;;; +FFFA;INTERLINEAR ANNOTATION SEPARATOR;Cf;0;BN;;;;;N;;;;; +FFFB;INTERLINEAR ANNOTATION TERMINATOR;Cf;0;BN;;;;;N;;;;; +FFFC;OBJECT REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;; +FFFD;REPLACEMENT CHARACTER;So;0;ON;;;;;N;;;;; +10300;OLD ITALIC LETTER A;Lo;0;L;;;;;N;;;;; +10301;OLD ITALIC LETTER BE;Lo;0;L;;;;;N;;;;; +10302;OLD ITALIC LETTER KE;Lo;0;L;;;;;N;;;;; +10303;OLD ITALIC LETTER DE;Lo;0;L;;;;;N;;;;; +10304;OLD ITALIC LETTER E;Lo;0;L;;;;;N;;;;; +10305;OLD ITALIC LETTER VE;Lo;0;L;;;;;N;;;;; +10306;OLD ITALIC LETTER ZE;Lo;0;L;;;;;N;;;;; +10307;OLD ITALIC LETTER HE;Lo;0;L;;;;;N;;;;; +10308;OLD ITALIC LETTER THE;Lo;0;L;;;;;N;;;;; +10309;OLD ITALIC LETTER I;Lo;0;L;;;;;N;;;;; +1030A;OLD ITALIC LETTER KA;Lo;0;L;;;;;N;;;;; +1030B;OLD ITALIC LETTER EL;Lo;0;L;;;;;N;;;;; +1030C;OLD ITALIC LETTER EM;Lo;0;L;;;;;N;;;;; +1030D;OLD ITALIC LETTER EN;Lo;0;L;;;;;N;;;;; +1030E;OLD ITALIC LETTER ESH;Lo;0;L;;;;;N;;;;; +1030F;OLD ITALIC LETTER O;Lo;0;L;;;;;N;;Faliscan;;; +10310;OLD ITALIC LETTER PE;Lo;0;L;;;;;N;;;;; +10311;OLD ITALIC LETTER SHE;Lo;0;L;;;;;N;;;;; +10312;OLD ITALIC LETTER KU;Lo;0;L;;;;;N;;;;; +10313;OLD ITALIC LETTER ER;Lo;0;L;;;;;N;;;;; +10314;OLD ITALIC LETTER ES;Lo;0;L;;;;;N;;;;; +10315;OLD ITALIC LETTER TE;Lo;0;L;;;;;N;;;;; +10316;OLD ITALIC LETTER U;Lo;0;L;;;;;N;;;;; +10317;OLD ITALIC LETTER EKS;Lo;0;L;;;;;N;;Faliscan;;; +10318;OLD ITALIC LETTER PHE;Lo;0;L;;;;;N;;;;; +10319;OLD ITALIC LETTER KHE;Lo;0;L;;;;;N;;;;; +1031A;OLD ITALIC LETTER EF;Lo;0;L;;;;;N;;;;; +1031B;OLD ITALIC LETTER ERS;Lo;0;L;;;;;N;;Umbrian;;; +1031C;OLD ITALIC LETTER CHE;Lo;0;L;;;;;N;;Umbrian;;; +1031D;OLD ITALIC LETTER II;Lo;0;L;;;;;N;;Oscan;;; +1031E;OLD ITALIC LETTER UU;Lo;0;L;;;;;N;;Oscan;;; +10320;OLD ITALIC NUMERAL ONE;No;0;L;;;;1;N;;;;; +10321;OLD ITALIC NUMERAL FIVE;No;0;L;;;;5;N;;;;; +10322;OLD ITALIC NUMERAL TEN;No;0;L;;;;10;N;;;;; +10323;OLD ITALIC NUMERAL FIFTY;No;0;L;;;;50;N;;;;; +10330;GOTHIC LETTER AHSA;Lo;0;L;;;;;N;;;;; +10331;GOTHIC LETTER BAIRKAN;Lo;0;L;;;;;N;;;;; +10332;GOTHIC LETTER GIBA;Lo;0;L;;;;;N;;;;; +10333;GOTHIC LETTER DAGS;Lo;0;L;;;;;N;;;;; +10334;GOTHIC LETTER AIHVUS;Lo;0;L;;;;;N;;;;; +10335;GOTHIC LETTER QAIRTHRA;Lo;0;L;;;;;N;;;;; +10336;GOTHIC LETTER IUJA;Lo;0;L;;;;;N;;;;; +10337;GOTHIC LETTER HAGL;Lo;0;L;;;;;N;;;;; +10338;GOTHIC LETTER THIUTH;Lo;0;L;;;;;N;;;;; +10339;GOTHIC LETTER EIS;Lo;0;L;;;;;N;;;;; +1033A;GOTHIC LETTER KUSMA;Lo;0;L;;;;;N;;;;; +1033B;GOTHIC LETTER LAGUS;Lo;0;L;;;;;N;;;;; +1033C;GOTHIC LETTER MANNA;Lo;0;L;;;;;N;;;;; +1033D;GOTHIC LETTER NAUTHS;Lo;0;L;;;;;N;;;;; +1033E;GOTHIC LETTER JER;Lo;0;L;;;;;N;;;;; +1033F;GOTHIC LETTER URUS;Lo;0;L;;;;;N;;;;; +10340;GOTHIC LETTER PAIRTHRA;Lo;0;L;;;;;N;;;;; +10341;GOTHIC LETTER NINETY;Lo;0;L;;;;;N;;;;; +10342;GOTHIC LETTER RAIDA;Lo;0;L;;;;;N;;;;; +10343;GOTHIC LETTER SAUIL;Lo;0;L;;;;;N;;;;; +10344;GOTHIC LETTER TEIWS;Lo;0;L;;;;;N;;;;; +10345;GOTHIC LETTER WINJA;Lo;0;L;;;;;N;;;;; +10346;GOTHIC LETTER FAIHU;Lo;0;L;;;;;N;;;;; +10347;GOTHIC LETTER IGGWS;Lo;0;L;;;;;N;;;;; +10348;GOTHIC LETTER HWAIR;Lo;0;L;;;;;N;;;;; +10349;GOTHIC LETTER OTHAL;Lo;0;L;;;;;N;;;;; +1034A;GOTHIC LETTER NINE HUNDRED;Nl;0;L;;;;;N;;;;; +10400;DESERET CAPITAL LETTER LONG I;Lu;0;L;;;;;N;;;;10428; +10401;DESERET CAPITAL LETTER LONG E;Lu;0;L;;;;;N;;;;10429; +10402;DESERET CAPITAL LETTER LONG A;Lu;0;L;;;;;N;;;;1042A; +10403;DESERET CAPITAL LETTER LONG AH;Lu;0;L;;;;;N;;;;1042B; +10404;DESERET CAPITAL LETTER LONG O;Lu;0;L;;;;;N;;;;1042C; +10405;DESERET CAPITAL LETTER LONG OO;Lu;0;L;;;;;N;;;;1042D; +10406;DESERET CAPITAL LETTER SHORT I;Lu;0;L;;;;;N;;;;1042E; +10407;DESERET CAPITAL LETTER SHORT E;Lu;0;L;;;;;N;;;;1042F; +10408;DESERET CAPITAL LETTER SHORT A;Lu;0;L;;;;;N;;;;10430; +10409;DESERET CAPITAL LETTER SHORT AH;Lu;0;L;;;;;N;;;;10431; +1040A;DESERET CAPITAL LETTER SHORT O;Lu;0;L;;;;;N;;;;10432; +1040B;DESERET CAPITAL LETTER SHORT OO;Lu;0;L;;;;;N;;;;10433; +1040C;DESERET CAPITAL LETTER AY;Lu;0;L;;;;;N;;;;10434; +1040D;DESERET CAPITAL LETTER OW;Lu;0;L;;;;;N;;;;10435; +1040E;DESERET CAPITAL LETTER WU;Lu;0;L;;;;;N;;;;10436; +1040F;DESERET CAPITAL LETTER YEE;Lu;0;L;;;;;N;;;;10437; +10410;DESERET CAPITAL LETTER H;Lu;0;L;;;;;N;;;;10438; +10411;DESERET CAPITAL LETTER PEE;Lu;0;L;;;;;N;;;;10439; +10412;DESERET CAPITAL LETTER BEE;Lu;0;L;;;;;N;;;;1043A; +10413;DESERET CAPITAL LETTER TEE;Lu;0;L;;;;;N;;;;1043B; +10414;DESERET CAPITAL LETTER DEE;Lu;0;L;;;;;N;;;;1043C; +10415;DESERET CAPITAL LETTER CHEE;Lu;0;L;;;;;N;;;;1043D; +10416;DESERET CAPITAL LETTER JEE;Lu;0;L;;;;;N;;;;1043E; +10417;DESERET CAPITAL LETTER KAY;Lu;0;L;;;;;N;;;;1043F; +10418;DESERET CAPITAL LETTER GAY;Lu;0;L;;;;;N;;;;10440; +10419;DESERET CAPITAL LETTER EF;Lu;0;L;;;;;N;;;;10441; +1041A;DESERET CAPITAL LETTER VEE;Lu;0;L;;;;;N;;;;10442; +1041B;DESERET CAPITAL LETTER ETH;Lu;0;L;;;;;N;;;;10443; +1041C;DESERET CAPITAL LETTER THEE;Lu;0;L;;;;;N;;;;10444; +1041D;DESERET CAPITAL LETTER ES;Lu;0;L;;;;;N;;;;10445; +1041E;DESERET CAPITAL LETTER ZEE;Lu;0;L;;;;;N;;;;10446; +1041F;DESERET CAPITAL LETTER ESH;Lu;0;L;;;;;N;;;;10447; +10420;DESERET CAPITAL LETTER ZHEE;Lu;0;L;;;;;N;;;;10448; +10421;DESERET CAPITAL LETTER ER;Lu;0;L;;;;;N;;;;10449; +10422;DESERET CAPITAL LETTER EL;Lu;0;L;;;;;N;;;;1044A; +10423;DESERET CAPITAL LETTER EM;Lu;0;L;;;;;N;;;;1044B; +10424;DESERET CAPITAL LETTER EN;Lu;0;L;;;;;N;;;;1044C; +10425;DESERET CAPITAL LETTER ENG;Lu;0;L;;;;;N;;;;1044D; +10428;DESERET SMALL LETTER LONG I;Ll;0;L;;;;;N;;;10400;;10400 +10429;DESERET SMALL LETTER LONG E;Ll;0;L;;;;;N;;;10401;;10401 +1042A;DESERET SMALL LETTER LONG A;Ll;0;L;;;;;N;;;10402;;10402 +1042B;DESERET SMALL LETTER LONG AH;Ll;0;L;;;;;N;;;10403;;10403 +1042C;DESERET SMALL LETTER LONG O;Ll;0;L;;;;;N;;;10404;;10404 +1042D;DESERET SMALL LETTER LONG OO;Ll;0;L;;;;;N;;;10405;;10405 +1042E;DESERET SMALL LETTER SHORT I;Ll;0;L;;;;;N;;;10406;;10406 +1042F;DESERET SMALL LETTER SHORT E;Ll;0;L;;;;;N;;;10407;;10407 +10430;DESERET SMALL LETTER SHORT A;Ll;0;L;;;;;N;;;10408;;10408 +10431;DESERET SMALL LETTER SHORT AH;Ll;0;L;;;;;N;;;10409;;10409 +10432;DESERET SMALL LETTER SHORT O;Ll;0;L;;;;;N;;;1040A;;1040A +10433;DESERET SMALL LETTER SHORT OO;Ll;0;L;;;;;N;;;1040B;;1040B +10434;DESERET SMALL LETTER AY;Ll;0;L;;;;;N;;;1040C;;1040C +10435;DESERET SMALL LETTER OW;Ll;0;L;;;;;N;;;1040D;;1040D +10436;DESERET SMALL LETTER WU;Ll;0;L;;;;;N;;;1040E;;1040E +10437;DESERET SMALL LETTER YEE;Ll;0;L;;;;;N;;;1040F;;1040F +10438;DESERET SMALL LETTER H;Ll;0;L;;;;;N;;;10410;;10410 +10439;DESERET SMALL LETTER PEE;Ll;0;L;;;;;N;;;10411;;10411 +1043A;DESERET SMALL LETTER BEE;Ll;0;L;;;;;N;;;10412;;10412 +1043B;DESERET SMALL LETTER TEE;Ll;0;L;;;;;N;;;10413;;10413 +1043C;DESERET SMALL LETTER DEE;Ll;0;L;;;;;N;;;10414;;10414 +1043D;DESERET SMALL LETTER CHEE;Ll;0;L;;;;;N;;;10415;;10415 +1043E;DESERET SMALL LETTER JEE;Ll;0;L;;;;;N;;;10416;;10416 +1043F;DESERET SMALL LETTER KAY;Ll;0;L;;;;;N;;;10417;;10417 +10440;DESERET SMALL LETTER GAY;Ll;0;L;;;;;N;;;10418;;10418 +10441;DESERET SMALL LETTER EF;Ll;0;L;;;;;N;;;10419;;10419 +10442;DESERET SMALL LETTER VEE;Ll;0;L;;;;;N;;;1041A;;1041A +10443;DESERET SMALL LETTER ETH;Ll;0;L;;;;;N;;;1041B;;1041B +10444;DESERET SMALL LETTER THEE;Ll;0;L;;;;;N;;;1041C;;1041C +10445;DESERET SMALL LETTER ES;Ll;0;L;;;;;N;;;1041D;;1041D +10446;DESERET SMALL LETTER ZEE;Ll;0;L;;;;;N;;;1041E;;1041E +10447;DESERET SMALL LETTER ESH;Ll;0;L;;;;;N;;;1041F;;1041F +10448;DESERET SMALL LETTER ZHEE;Ll;0;L;;;;;N;;;10420;;10420 +10449;DESERET SMALL LETTER ER;Ll;0;L;;;;;N;;;10421;;10421 +1044A;DESERET SMALL LETTER EL;Ll;0;L;;;;;N;;;10422;;10422 +1044B;DESERET SMALL LETTER EM;Ll;0;L;;;;;N;;;10423;;10423 +1044C;DESERET SMALL LETTER EN;Ll;0;L;;;;;N;;;10424;;10424 +1044D;DESERET SMALL LETTER ENG;Ll;0;L;;;;;N;;;10425;;10425 +1D000;BYZANTINE MUSICAL SYMBOL PSILI;So;0;L;;;;;N;;;;; +1D001;BYZANTINE MUSICAL SYMBOL DASEIA;So;0;L;;;;;N;;;;; +1D002;BYZANTINE MUSICAL SYMBOL PERISPOMENI;So;0;L;;;;;N;;;;; +1D003;BYZANTINE MUSICAL SYMBOL OXEIA EKFONITIKON;So;0;L;;;;;N;;;;; +1D004;BYZANTINE MUSICAL SYMBOL OXEIA DIPLI;So;0;L;;;;;N;;;;; +1D005;BYZANTINE MUSICAL SYMBOL VAREIA EKFONITIKON;So;0;L;;;;;N;;;;; +1D006;BYZANTINE MUSICAL SYMBOL VAREIA DIPLI;So;0;L;;;;;N;;;;; +1D007;BYZANTINE MUSICAL SYMBOL KATHISTI;So;0;L;;;;;N;;;;; +1D008;BYZANTINE MUSICAL SYMBOL SYRMATIKI;So;0;L;;;;;N;;;;; +1D009;BYZANTINE MUSICAL SYMBOL PARAKLITIKI;So;0;L;;;;;N;;;;; +1D00A;BYZANTINE MUSICAL SYMBOL YPOKRISIS;So;0;L;;;;;N;;;;; +1D00B;BYZANTINE MUSICAL SYMBOL YPOKRISIS DIPLI;So;0;L;;;;;N;;;;; +1D00C;BYZANTINE MUSICAL SYMBOL KREMASTI;So;0;L;;;;;N;;;;; +1D00D;BYZANTINE MUSICAL SYMBOL APESO EKFONITIKON;So;0;L;;;;;N;;;;; +1D00E;BYZANTINE MUSICAL SYMBOL EXO EKFONITIKON;So;0;L;;;;;N;;;;; +1D00F;BYZANTINE MUSICAL SYMBOL TELEIA;So;0;L;;;;;N;;;;; +1D010;BYZANTINE MUSICAL SYMBOL KENTIMATA;So;0;L;;;;;N;;;;; +1D011;BYZANTINE MUSICAL SYMBOL APOSTROFOS;So;0;L;;;;;N;;;;; +1D012;BYZANTINE MUSICAL SYMBOL APOSTROFOS DIPLI;So;0;L;;;;;N;;;;; +1D013;BYZANTINE MUSICAL SYMBOL SYNEVMA;So;0;L;;;;;N;;;;; +1D014;BYZANTINE MUSICAL SYMBOL THITA;So;0;L;;;;;N;;;;; +1D015;BYZANTINE MUSICAL SYMBOL OLIGON ARCHAION;So;0;L;;;;;N;;;;; +1D016;BYZANTINE MUSICAL SYMBOL GORGON ARCHAION;So;0;L;;;;;N;;;;; +1D017;BYZANTINE MUSICAL SYMBOL PSILON;So;0;L;;;;;N;;;;; +1D018;BYZANTINE MUSICAL SYMBOL CHAMILON;So;0;L;;;;;N;;;;; +1D019;BYZANTINE MUSICAL SYMBOL VATHY;So;0;L;;;;;N;;;;; +1D01A;BYZANTINE MUSICAL SYMBOL ISON ARCHAION;So;0;L;;;;;N;;;;; +1D01B;BYZANTINE MUSICAL SYMBOL KENTIMA ARCHAION;So;0;L;;;;;N;;;;; +1D01C;BYZANTINE MUSICAL SYMBOL KENTIMATA ARCHAION;So;0;L;;;;;N;;;;; +1D01D;BYZANTINE MUSICAL SYMBOL SAXIMATA;So;0;L;;;;;N;;;;; +1D01E;BYZANTINE MUSICAL SYMBOL PARICHON;So;0;L;;;;;N;;;;; +1D01F;BYZANTINE MUSICAL SYMBOL STAVROS APODEXIA;So;0;L;;;;;N;;;;; +1D020;BYZANTINE MUSICAL SYMBOL OXEIAI ARCHAION;So;0;L;;;;;N;;;;; +1D021;BYZANTINE MUSICAL SYMBOL VAREIAI ARCHAION;So;0;L;;;;;N;;;;; +1D022;BYZANTINE MUSICAL SYMBOL APODERMA ARCHAION;So;0;L;;;;;N;;;;; +1D023;BYZANTINE MUSICAL SYMBOL APOTHEMA;So;0;L;;;;;N;;;;; +1D024;BYZANTINE MUSICAL SYMBOL KLASMA;So;0;L;;;;;N;;;;; +1D025;BYZANTINE MUSICAL SYMBOL REVMA;So;0;L;;;;;N;;;;; +1D026;BYZANTINE MUSICAL SYMBOL PIASMA ARCHAION;So;0;L;;;;;N;;;;; +1D027;BYZANTINE MUSICAL SYMBOL TINAGMA;So;0;L;;;;;N;;;;; +1D028;BYZANTINE MUSICAL SYMBOL ANATRICHISMA;So;0;L;;;;;N;;;;; +1D029;BYZANTINE MUSICAL SYMBOL SEISMA;So;0;L;;;;;N;;;;; +1D02A;BYZANTINE MUSICAL SYMBOL SYNAGMA ARCHAION;So;0;L;;;;;N;;;;; +1D02B;BYZANTINE MUSICAL SYMBOL SYNAGMA META STAVROU;So;0;L;;;;;N;;;;; +1D02C;BYZANTINE MUSICAL SYMBOL OYRANISMA ARCHAION;So;0;L;;;;;N;;;;; +1D02D;BYZANTINE MUSICAL SYMBOL THEMA;So;0;L;;;;;N;;;;; +1D02E;BYZANTINE MUSICAL SYMBOL LEMOI;So;0;L;;;;;N;;;;; +1D02F;BYZANTINE MUSICAL SYMBOL DYO;So;0;L;;;;;N;;;;; +1D030;BYZANTINE MUSICAL SYMBOL TRIA;So;0;L;;;;;N;;;;; +1D031;BYZANTINE MUSICAL SYMBOL TESSERA;So;0;L;;;;;N;;;;; +1D032;BYZANTINE MUSICAL SYMBOL KRATIMATA;So;0;L;;;;;N;;;;; +1D033;BYZANTINE MUSICAL SYMBOL APESO EXO NEO;So;0;L;;;;;N;;;;; +1D034;BYZANTINE MUSICAL SYMBOL FTHORA ARCHAION;So;0;L;;;;;N;;;;; +1D035;BYZANTINE MUSICAL SYMBOL IMIFTHORA;So;0;L;;;;;N;;;;; +1D036;BYZANTINE MUSICAL SYMBOL TROMIKON ARCHAION;So;0;L;;;;;N;;;;; +1D037;BYZANTINE MUSICAL SYMBOL KATAVA TROMIKON;So;0;L;;;;;N;;;;; +1D038;BYZANTINE MUSICAL SYMBOL PELASTON;So;0;L;;;;;N;;;;; +1D039;BYZANTINE MUSICAL SYMBOL PSIFISTON;So;0;L;;;;;N;;;;; +1D03A;BYZANTINE MUSICAL SYMBOL KONTEVMA;So;0;L;;;;;N;;;;; +1D03B;BYZANTINE MUSICAL SYMBOL CHOREVMA ARCHAION;So;0;L;;;;;N;;;;; +1D03C;BYZANTINE MUSICAL SYMBOL RAPISMA;So;0;L;;;;;N;;;;; +1D03D;BYZANTINE MUSICAL SYMBOL PARAKALESMA ARCHAION;So;0;L;;;;;N;;;;; +1D03E;BYZANTINE MUSICAL SYMBOL PARAKLITIKI ARCHAION;So;0;L;;;;;N;;;;; +1D03F;BYZANTINE MUSICAL SYMBOL ICHADIN;So;0;L;;;;;N;;;;; +1D040;BYZANTINE MUSICAL SYMBOL NANA;So;0;L;;;;;N;;;;; +1D041;BYZANTINE MUSICAL SYMBOL PETASMA;So;0;L;;;;;N;;;;; +1D042;BYZANTINE MUSICAL SYMBOL KONTEVMA ALLO;So;0;L;;;;;N;;;;; +1D043;BYZANTINE MUSICAL SYMBOL TROMIKON ALLO;So;0;L;;;;;N;;;;; +1D044;BYZANTINE MUSICAL SYMBOL STRAGGISMATA;So;0;L;;;;;N;;;;; +1D045;BYZANTINE MUSICAL SYMBOL GRONTHISMATA;So;0;L;;;;;N;;;;; +1D046;BYZANTINE MUSICAL SYMBOL ISON NEO;So;0;L;;;;;N;;;;; +1D047;BYZANTINE MUSICAL SYMBOL OLIGON NEO;So;0;L;;;;;N;;;;; +1D048;BYZANTINE MUSICAL SYMBOL OXEIA NEO;So;0;L;;;;;N;;;;; +1D049;BYZANTINE MUSICAL SYMBOL PETASTI;So;0;L;;;;;N;;;;; +1D04A;BYZANTINE MUSICAL SYMBOL KOUFISMA;So;0;L;;;;;N;;;;; +1D04B;BYZANTINE MUSICAL SYMBOL PETASTOKOUFISMA;So;0;L;;;;;N;;;;; +1D04C;BYZANTINE MUSICAL SYMBOL KRATIMOKOUFISMA;So;0;L;;;;;N;;;;; +1D04D;BYZANTINE MUSICAL SYMBOL PELASTON NEO;So;0;L;;;;;N;;;;; +1D04E;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO ANO;So;0;L;;;;;N;;;;; +1D04F;BYZANTINE MUSICAL SYMBOL KENTIMA NEO ANO;So;0;L;;;;;N;;;;; +1D050;BYZANTINE MUSICAL SYMBOL YPSILI;So;0;L;;;;;N;;;;; +1D051;BYZANTINE MUSICAL SYMBOL APOSTROFOS NEO;So;0;L;;;;;N;;;;; +1D052;BYZANTINE MUSICAL SYMBOL APOSTROFOI SYNDESMOS NEO;So;0;L;;;;;N;;;;; +1D053;BYZANTINE MUSICAL SYMBOL YPORROI;So;0;L;;;;;N;;;;; +1D054;BYZANTINE MUSICAL SYMBOL KRATIMOYPORROON;So;0;L;;;;;N;;;;; +1D055;BYZANTINE MUSICAL SYMBOL ELAFRON;So;0;L;;;;;N;;;;; +1D056;BYZANTINE MUSICAL SYMBOL CHAMILI;So;0;L;;;;;N;;;;; +1D057;BYZANTINE MUSICAL SYMBOL MIKRON ISON;So;0;L;;;;;N;;;;; +1D058;BYZANTINE MUSICAL SYMBOL VAREIA NEO;So;0;L;;;;;N;;;;; +1D059;BYZANTINE MUSICAL SYMBOL PIASMA NEO;So;0;L;;;;;N;;;;; +1D05A;BYZANTINE MUSICAL SYMBOL PSIFISTON NEO;So;0;L;;;;;N;;;;; +1D05B;BYZANTINE MUSICAL SYMBOL OMALON;So;0;L;;;;;N;;;;; +1D05C;BYZANTINE MUSICAL SYMBOL ANTIKENOMA;So;0;L;;;;;N;;;;; +1D05D;BYZANTINE MUSICAL SYMBOL LYGISMA;So;0;L;;;;;N;;;;; +1D05E;BYZANTINE MUSICAL SYMBOL PARAKLITIKI NEO;So;0;L;;;;;N;;;;; +1D05F;BYZANTINE MUSICAL SYMBOL PARAKALESMA NEO;So;0;L;;;;;N;;;;; +1D060;BYZANTINE MUSICAL SYMBOL ETERON PARAKALESMA;So;0;L;;;;;N;;;;; +1D061;BYZANTINE MUSICAL SYMBOL KYLISMA;So;0;L;;;;;N;;;;; +1D062;BYZANTINE MUSICAL SYMBOL ANTIKENOKYLISMA;So;0;L;;;;;N;;;;; +1D063;BYZANTINE MUSICAL SYMBOL TROMIKON NEO;So;0;L;;;;;N;;;;; +1D064;BYZANTINE MUSICAL SYMBOL EKSTREPTON;So;0;L;;;;;N;;;;; +1D065;BYZANTINE MUSICAL SYMBOL SYNAGMA NEO;So;0;L;;;;;N;;;;; +1D066;BYZANTINE MUSICAL SYMBOL SYRMA;So;0;L;;;;;N;;;;; +1D067;BYZANTINE MUSICAL SYMBOL CHOREVMA NEO;So;0;L;;;;;N;;;;; +1D068;BYZANTINE MUSICAL SYMBOL EPEGERMA;So;0;L;;;;;N;;;;; +1D069;BYZANTINE MUSICAL SYMBOL SEISMA NEO;So;0;L;;;;;N;;;;; +1D06A;BYZANTINE MUSICAL SYMBOL XIRON KLASMA;So;0;L;;;;;N;;;;; +1D06B;BYZANTINE MUSICAL SYMBOL TROMIKOPSIFISTON;So;0;L;;;;;N;;;;; +1D06C;BYZANTINE MUSICAL SYMBOL PSIFISTOLYGISMA;So;0;L;;;;;N;;;;; +1D06D;BYZANTINE MUSICAL SYMBOL TROMIKOLYGISMA;So;0;L;;;;;N;;;;; +1D06E;BYZANTINE MUSICAL SYMBOL TROMIKOPARAKALESMA;So;0;L;;;;;N;;;;; +1D06F;BYZANTINE MUSICAL SYMBOL PSIFISTOPARAKALESMA;So;0;L;;;;;N;;;;; +1D070;BYZANTINE MUSICAL SYMBOL TROMIKOSYNAGMA;So;0;L;;;;;N;;;;; +1D071;BYZANTINE MUSICAL SYMBOL PSIFISTOSYNAGMA;So;0;L;;;;;N;;;;; +1D072;BYZANTINE MUSICAL SYMBOL GORGOSYNTHETON;So;0;L;;;;;N;;;;; +1D073;BYZANTINE MUSICAL SYMBOL ARGOSYNTHETON;So;0;L;;;;;N;;;;; +1D074;BYZANTINE MUSICAL SYMBOL ETERON ARGOSYNTHETON;So;0;L;;;;;N;;;;; +1D075;BYZANTINE MUSICAL SYMBOL OYRANISMA NEO;So;0;L;;;;;N;;;;; +1D076;BYZANTINE MUSICAL SYMBOL THEMATISMOS ESO;So;0;L;;;;;N;;;;; +1D077;BYZANTINE MUSICAL SYMBOL THEMATISMOS EXO;So;0;L;;;;;N;;;;; +1D078;BYZANTINE MUSICAL SYMBOL THEMA APLOUN;So;0;L;;;;;N;;;;; +1D079;BYZANTINE MUSICAL SYMBOL THES KAI APOTHES;So;0;L;;;;;N;;;;; +1D07A;BYZANTINE MUSICAL SYMBOL KATAVASMA;So;0;L;;;;;N;;;;; +1D07B;BYZANTINE MUSICAL SYMBOL ENDOFONON;So;0;L;;;;;N;;;;; +1D07C;BYZANTINE MUSICAL SYMBOL YFEN KATO;So;0;L;;;;;N;;;;; +1D07D;BYZANTINE MUSICAL SYMBOL YFEN ANO;So;0;L;;;;;N;;;;; +1D07E;BYZANTINE MUSICAL SYMBOL STAVROS;So;0;L;;;;;N;;;;; +1D07F;BYZANTINE MUSICAL SYMBOL KLASMA ANO;So;0;L;;;;;N;;;;; +1D080;BYZANTINE MUSICAL SYMBOL DIPLI ARCHAION;So;0;L;;;;;N;;;;; +1D081;BYZANTINE MUSICAL SYMBOL KRATIMA ARCHAION;So;0;L;;;;;N;;;;; +1D082;BYZANTINE MUSICAL SYMBOL KRATIMA ALLO;So;0;L;;;;;N;;;;; +1D083;BYZANTINE MUSICAL SYMBOL KRATIMA NEO;So;0;L;;;;;N;;;;; +1D084;BYZANTINE MUSICAL SYMBOL APODERMA NEO;So;0;L;;;;;N;;;;; +1D085;BYZANTINE MUSICAL SYMBOL APLI;So;0;L;;;;;N;;;;; +1D086;BYZANTINE MUSICAL SYMBOL DIPLI;So;0;L;;;;;N;;;;; +1D087;BYZANTINE MUSICAL SYMBOL TRIPLI;So;0;L;;;;;N;;;;; +1D088;BYZANTINE MUSICAL SYMBOL TETRAPLI;So;0;L;;;;;N;;;;; +1D089;BYZANTINE MUSICAL SYMBOL KORONIS;So;0;L;;;;;N;;;;; +1D08A;BYZANTINE MUSICAL SYMBOL LEIMMA ENOS CHRONOU;So;0;L;;;;;N;;;;; +1D08B;BYZANTINE MUSICAL SYMBOL LEIMMA DYO CHRONON;So;0;L;;;;;N;;;;; +1D08C;BYZANTINE MUSICAL SYMBOL LEIMMA TRION CHRONON;So;0;L;;;;;N;;;;; +1D08D;BYZANTINE MUSICAL SYMBOL LEIMMA TESSARON CHRONON;So;0;L;;;;;N;;;;; +1D08E;BYZANTINE MUSICAL SYMBOL LEIMMA IMISEOS CHRONOU;So;0;L;;;;;N;;;;; +1D08F;BYZANTINE MUSICAL SYMBOL GORGON NEO ANO;So;0;L;;;;;N;;;;; +1D090;BYZANTINE MUSICAL SYMBOL GORGON PARESTIGMENON ARISTERA;So;0;L;;;;;N;;;;; +1D091;BYZANTINE MUSICAL SYMBOL GORGON PARESTIGMENON DEXIA;So;0;L;;;;;N;;;;; +1D092;BYZANTINE MUSICAL SYMBOL DIGORGON;So;0;L;;;;;N;;;;; +1D093;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON ARISTERA KATO;So;0;L;;;;;N;;;;; +1D094;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON ARISTERA ANO;So;0;L;;;;;N;;;;; +1D095;BYZANTINE MUSICAL SYMBOL DIGORGON PARESTIGMENON DEXIA;So;0;L;;;;;N;;;;; +1D096;BYZANTINE MUSICAL SYMBOL TRIGORGON;So;0;L;;;;;N;;;;; +1D097;BYZANTINE MUSICAL SYMBOL ARGON;So;0;L;;;;;N;;;;; +1D098;BYZANTINE MUSICAL SYMBOL IMIDIARGON;So;0;L;;;;;N;;;;; +1D099;BYZANTINE MUSICAL SYMBOL DIARGON;So;0;L;;;;;N;;;;; +1D09A;BYZANTINE MUSICAL SYMBOL AGOGI POLI ARGI;So;0;L;;;;;N;;;;; +1D09B;BYZANTINE MUSICAL SYMBOL AGOGI ARGOTERI;So;0;L;;;;;N;;;;; +1D09C;BYZANTINE MUSICAL SYMBOL AGOGI ARGI;So;0;L;;;;;N;;;;; +1D09D;BYZANTINE MUSICAL SYMBOL AGOGI METRIA;So;0;L;;;;;N;;;;; +1D09E;BYZANTINE MUSICAL SYMBOL AGOGI MESI;So;0;L;;;;;N;;;;; +1D09F;BYZANTINE MUSICAL SYMBOL AGOGI GORGI;So;0;L;;;;;N;;;;; +1D0A0;BYZANTINE MUSICAL SYMBOL AGOGI GORGOTERI;So;0;L;;;;;N;;;;; +1D0A1;BYZANTINE MUSICAL SYMBOL AGOGI POLI GORGI;So;0;L;;;;;N;;;;; +1D0A2;BYZANTINE MUSICAL SYMBOL MARTYRIA PROTOS ICHOS;So;0;L;;;;;N;;;;; +1D0A3;BYZANTINE MUSICAL SYMBOL MARTYRIA ALLI PROTOS ICHOS;So;0;L;;;;;N;;;;; +1D0A4;BYZANTINE MUSICAL SYMBOL MARTYRIA DEYTEROS ICHOS;So;0;L;;;;;N;;;;; +1D0A5;BYZANTINE MUSICAL SYMBOL MARTYRIA ALLI DEYTEROS ICHOS;So;0;L;;;;;N;;;;; +1D0A6;BYZANTINE MUSICAL SYMBOL MARTYRIA TRITOS ICHOS;So;0;L;;;;;N;;;;; +1D0A7;BYZANTINE MUSICAL SYMBOL MARTYRIA TRIFONIAS;So;0;L;;;;;N;;;;; +1D0A8;BYZANTINE MUSICAL SYMBOL MARTYRIA TETARTOS ICHOS;So;0;L;;;;;N;;;;; +1D0A9;BYZANTINE MUSICAL SYMBOL MARTYRIA TETARTOS LEGETOS ICHOS;So;0;L;;;;;N;;;;; +1D0AA;BYZANTINE MUSICAL SYMBOL MARTYRIA LEGETOS ICHOS;So;0;L;;;;;N;;;;; +1D0AB;BYZANTINE MUSICAL SYMBOL MARTYRIA PLAGIOS ICHOS;So;0;L;;;;;N;;;;; +1D0AC;BYZANTINE MUSICAL SYMBOL ISAKIA TELOUS ICHIMATOS;So;0;L;;;;;N;;;;; +1D0AD;BYZANTINE MUSICAL SYMBOL APOSTROFOI TELOUS ICHIMATOS;So;0;L;;;;;N;;;;; +1D0AE;BYZANTINE MUSICAL SYMBOL FANEROSIS TETRAFONIAS;So;0;L;;;;;N;;;;; +1D0AF;BYZANTINE MUSICAL SYMBOL FANEROSIS MONOFONIAS;So;0;L;;;;;N;;;;; +1D0B0;BYZANTINE MUSICAL SYMBOL FANEROSIS DIFONIAS;So;0;L;;;;;N;;;;; +1D0B1;BYZANTINE MUSICAL SYMBOL MARTYRIA VARYS ICHOS;So;0;L;;;;;N;;;;; +1D0B2;BYZANTINE MUSICAL SYMBOL MARTYRIA PROTOVARYS ICHOS;So;0;L;;;;;N;;;;; +1D0B3;BYZANTINE MUSICAL SYMBOL MARTYRIA PLAGIOS TETARTOS ICHOS;So;0;L;;;;;N;;;;; +1D0B4;BYZANTINE MUSICAL SYMBOL GORTHMIKON N APLOUN;So;0;L;;;;;N;;;;; +1D0B5;BYZANTINE MUSICAL SYMBOL GORTHMIKON N DIPLOUN;So;0;L;;;;;N;;;;; +1D0B6;BYZANTINE MUSICAL SYMBOL ENARXIS KAI FTHORA VOU;So;0;L;;;;;N;;;;; +1D0B7;BYZANTINE MUSICAL SYMBOL IMIFONON;So;0;L;;;;;N;;;;; +1D0B8;BYZANTINE MUSICAL SYMBOL IMIFTHORON;So;0;L;;;;;N;;;;; +1D0B9;BYZANTINE MUSICAL SYMBOL FTHORA ARCHAION DEYTEROU ICHOU;So;0;L;;;;;N;;;;; +1D0BA;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI PA;So;0;L;;;;;N;;;;; +1D0BB;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NANA;So;0;L;;;;;N;;;;; +1D0BC;BYZANTINE MUSICAL SYMBOL FTHORA NAOS ICHOS;So;0;L;;;;;N;;;;; +1D0BD;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI DI;So;0;L;;;;;N;;;;; +1D0BE;BYZANTINE MUSICAL SYMBOL FTHORA SKLIRON DIATONON DI;So;0;L;;;;;N;;;;; +1D0BF;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI KE;So;0;L;;;;;N;;;;; +1D0C0;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI ZO;So;0;L;;;;;N;;;;; +1D0C1;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NI KATO;So;0;L;;;;;N;;;;; +1D0C2;BYZANTINE MUSICAL SYMBOL FTHORA DIATONIKI NI ANO;So;0;L;;;;;N;;;;; +1D0C3;BYZANTINE MUSICAL SYMBOL FTHORA MALAKON CHROMA DIFONIAS;So;0;L;;;;;N;;;;; +1D0C4;BYZANTINE MUSICAL SYMBOL FTHORA MALAKON CHROMA MONOFONIAS;So;0;L;;;;;N;;;;; +1D0C5;BYZANTINE MUSICAL SYMBOL FHTORA SKLIRON CHROMA VASIS;So;0;L;;;;;N;;;;; +1D0C6;BYZANTINE MUSICAL SYMBOL FTHORA SKLIRON CHROMA SYNAFI;So;0;L;;;;;N;;;;; +1D0C7;BYZANTINE MUSICAL SYMBOL FTHORA NENANO;So;0;L;;;;;N;;;;; +1D0C8;BYZANTINE MUSICAL SYMBOL CHROA ZYGOS;So;0;L;;;;;N;;;;; +1D0C9;BYZANTINE MUSICAL SYMBOL CHROA KLITON;So;0;L;;;;;N;;;;; +1D0CA;BYZANTINE MUSICAL SYMBOL CHROA SPATHI;So;0;L;;;;;N;;;;; +1D0CB;BYZANTINE MUSICAL SYMBOL FTHORA I YFESIS TETARTIMORION;So;0;L;;;;;N;;;;; +1D0CC;BYZANTINE MUSICAL SYMBOL FTHORA ENARMONIOS ANTIFONIA;So;0;L;;;;;N;;;;; +1D0CD;BYZANTINE MUSICAL SYMBOL YFESIS TRITIMORION;So;0;L;;;;;N;;;;; +1D0CE;BYZANTINE MUSICAL SYMBOL DIESIS TRITIMORION;So;0;L;;;;;N;;;;; +1D0CF;BYZANTINE MUSICAL SYMBOL DIESIS TETARTIMORION;So;0;L;;;;;N;;;;; +1D0D0;BYZANTINE MUSICAL SYMBOL DIESIS APLI DYO DODEKATA;So;0;L;;;;;N;;;;; +1D0D1;BYZANTINE MUSICAL SYMBOL DIESIS MONOGRAMMOS TESSERA DODEKATA;So;0;L;;;;;N;;;;; +1D0D2;BYZANTINE MUSICAL SYMBOL DIESIS DIGRAMMOS EX DODEKATA;So;0;L;;;;;N;;;;; +1D0D3;BYZANTINE MUSICAL SYMBOL DIESIS TRIGRAMMOS OKTO DODEKATA;So;0;L;;;;;N;;;;; +1D0D4;BYZANTINE MUSICAL SYMBOL YFESIS APLI DYO DODEKATA;So;0;L;;;;;N;;;;; +1D0D5;BYZANTINE MUSICAL SYMBOL YFESIS MONOGRAMMOS TESSERA DODEKATA;So;0;L;;;;;N;;;;; +1D0D6;BYZANTINE MUSICAL SYMBOL YFESIS DIGRAMMOS EX DODEKATA;So;0;L;;;;;N;;;;; +1D0D7;BYZANTINE MUSICAL SYMBOL YFESIS TRIGRAMMOS OKTO DODEKATA;So;0;L;;;;;N;;;;; +1D0D8;BYZANTINE MUSICAL SYMBOL GENIKI DIESIS;So;0;L;;;;;N;;;;; +1D0D9;BYZANTINE MUSICAL SYMBOL GENIKI YFESIS;So;0;L;;;;;N;;;;; +1D0DA;BYZANTINE MUSICAL SYMBOL DIASTOLI APLI MIKRI;So;0;L;;;;;N;;;;; +1D0DB;BYZANTINE MUSICAL SYMBOL DIASTOLI APLI MEGALI;So;0;L;;;;;N;;;;; +1D0DC;BYZANTINE MUSICAL SYMBOL DIASTOLI DIPLI;So;0;L;;;;;N;;;;; +1D0DD;BYZANTINE MUSICAL SYMBOL DIASTOLI THESEOS;So;0;L;;;;;N;;;;; +1D0DE;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS;So;0;L;;;;;N;;;;; +1D0DF;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS DISIMOU;So;0;L;;;;;N;;;;; +1D0E0;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS TRISIMOU;So;0;L;;;;;N;;;;; +1D0E1;BYZANTINE MUSICAL SYMBOL SIMANSIS THESEOS TETRASIMOU;So;0;L;;;;;N;;;;; +1D0E2;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS;So;0;L;;;;;N;;;;; +1D0E3;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS DISIMOU;So;0;L;;;;;N;;;;; +1D0E4;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS TRISIMOU;So;0;L;;;;;N;;;;; +1D0E5;BYZANTINE MUSICAL SYMBOL SIMANSIS ARSEOS TETRASIMOU;So;0;L;;;;;N;;;;; +1D0E6;BYZANTINE MUSICAL SYMBOL DIGRAMMA GG;So;0;L;;;;;N;;;;; +1D0E7;BYZANTINE MUSICAL SYMBOL DIFTOGGOS OU;So;0;L;;;;;N;;;;; +1D0E8;BYZANTINE MUSICAL SYMBOL STIGMA;So;0;L;;;;;N;;;;; +1D0E9;BYZANTINE MUSICAL SYMBOL ARKTIKO PA;So;0;L;;;;;N;;;;; +1D0EA;BYZANTINE MUSICAL SYMBOL ARKTIKO VOU;So;0;L;;;;;N;;;;; +1D0EB;BYZANTINE MUSICAL SYMBOL ARKTIKO GA;So;0;L;;;;;N;;;;; +1D0EC;BYZANTINE MUSICAL SYMBOL ARKTIKO DI;So;0;L;;;;;N;;;;; +1D0ED;BYZANTINE MUSICAL SYMBOL ARKTIKO KE;So;0;L;;;;;N;;;;; +1D0EE;BYZANTINE MUSICAL SYMBOL ARKTIKO ZO;So;0;L;;;;;N;;;;; +1D0EF;BYZANTINE MUSICAL SYMBOL ARKTIKO NI;So;0;L;;;;;N;;;;; +1D0F0;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO MESO;So;0;L;;;;;N;;;;; +1D0F1;BYZANTINE MUSICAL SYMBOL KENTIMA NEO MESO;So;0;L;;;;;N;;;;; +1D0F2;BYZANTINE MUSICAL SYMBOL KENTIMATA NEO KATO;So;0;L;;;;;N;;;;; +1D0F3;BYZANTINE MUSICAL SYMBOL KENTIMA NEO KATO;So;0;L;;;;;N;;;;; +1D0F4;BYZANTINE MUSICAL SYMBOL KLASMA KATO;So;0;L;;;;;N;;;;; +1D0F5;BYZANTINE MUSICAL SYMBOL GORGON NEO KATO;So;0;L;;;;;N;;;;; +1D100;MUSICAL SYMBOL SINGLE BARLINE;So;0;L;;;;;N;;;;; +1D101;MUSICAL SYMBOL DOUBLE BARLINE;So;0;L;;;;;N;;;;; +1D102;MUSICAL SYMBOL FINAL BARLINE;So;0;L;;;;;N;;;;; +1D103;MUSICAL SYMBOL REVERSE FINAL BARLINE;So;0;L;;;;;N;;;;; +1D104;MUSICAL SYMBOL DASHED BARLINE;So;0;L;;;;;N;;;;; +1D105;MUSICAL SYMBOL SHORT BARLINE;So;0;L;;;;;N;;;;; +1D106;MUSICAL SYMBOL LEFT REPEAT SIGN;So;0;L;;;;;N;;;;; +1D107;MUSICAL SYMBOL RIGHT REPEAT SIGN;So;0;L;;;;;N;;;;; +1D108;MUSICAL SYMBOL REPEAT DOTS;So;0;L;;;;;N;;;;; +1D109;MUSICAL SYMBOL DAL SEGNO;So;0;L;;;;;N;;;;; +1D10A;MUSICAL SYMBOL DA CAPO;So;0;L;;;;;N;;;;; +1D10B;MUSICAL SYMBOL SEGNO;So;0;L;;;;;N;;;;; +1D10C;MUSICAL SYMBOL CODA;So;0;L;;;;;N;;;;; +1D10D;MUSICAL SYMBOL REPEATED FIGURE-1;So;0;L;;;;;N;;;;; +1D10E;MUSICAL SYMBOL REPEATED FIGURE-2;So;0;L;;;;;N;;;;; +1D10F;MUSICAL SYMBOL REPEATED FIGURE-3;So;0;L;;;;;N;;;;; +1D110;MUSICAL SYMBOL FERMATA;So;0;L;;;;;N;;;;; +1D111;MUSICAL SYMBOL FERMATA BELOW;So;0;L;;;;;N;;;;; +1D112;MUSICAL SYMBOL BREATH MARK;So;0;L;;;;;N;;;;; +1D113;MUSICAL SYMBOL CAESURA;So;0;L;;;;;N;;;;; +1D114;MUSICAL SYMBOL BRACE;So;0;L;;;;;N;;;;; +1D115;MUSICAL SYMBOL BRACKET;So;0;L;;;;;N;;;;; +1D116;MUSICAL SYMBOL ONE-LINE STAFF;So;0;L;;;;;N;;;;; +1D117;MUSICAL SYMBOL TWO-LINE STAFF;So;0;L;;;;;N;;;;; +1D118;MUSICAL SYMBOL THREE-LINE STAFF;So;0;L;;;;;N;;;;; +1D119;MUSICAL SYMBOL FOUR-LINE STAFF;So;0;L;;;;;N;;;;; +1D11A;MUSICAL SYMBOL FIVE-LINE STAFF;So;0;L;;;;;N;;;;; +1D11B;MUSICAL SYMBOL SIX-LINE STAFF;So;0;L;;;;;N;;;;; +1D11C;MUSICAL SYMBOL SIX-STRING FRETBOARD;So;0;L;;;;;N;;;;; +1D11D;MUSICAL SYMBOL FOUR-STRING FRETBOARD;So;0;L;;;;;N;;;;; +1D11E;MUSICAL SYMBOL G CLEF;So;0;L;;;;;N;;;;; +1D11F;MUSICAL SYMBOL G CLEF OTTAVA ALTA;So;0;L;;;;;N;;;;; +1D120;MUSICAL SYMBOL G CLEF OTTAVA BASSA;So;0;L;;;;;N;;;;; +1D121;MUSICAL SYMBOL C CLEF;So;0;L;;;;;N;;;;; +1D122;MUSICAL SYMBOL F CLEF;So;0;L;;;;;N;;;;; +1D123;MUSICAL SYMBOL F CLEF OTTAVA ALTA;So;0;L;;;;;N;;;;; +1D124;MUSICAL SYMBOL F CLEF OTTAVA BASSA;So;0;L;;;;;N;;;;; +1D125;MUSICAL SYMBOL DRUM CLEF-1;So;0;L;;;;;N;;;;; +1D126;MUSICAL SYMBOL DRUM CLEF-2;So;0;L;;;;;N;;;;; +1D12A;MUSICAL SYMBOL DOUBLE SHARP;So;0;L;;;;;N;;;;; +1D12B;MUSICAL SYMBOL DOUBLE FLAT;So;0;L;;;;;N;;;;; +1D12C;MUSICAL SYMBOL FLAT UP;So;0;L;;;;;N;;;;; +1D12D;MUSICAL SYMBOL FLAT DOWN;So;0;L;;;;;N;;;;; +1D12E;MUSICAL SYMBOL NATURAL UP;So;0;L;;;;;N;;;;; +1D12F;MUSICAL SYMBOL NATURAL DOWN;So;0;L;;;;;N;;;;; +1D130;MUSICAL SYMBOL SHARP UP;So;0;L;;;;;N;;;;; +1D131;MUSICAL SYMBOL SHARP DOWN;So;0;L;;;;;N;;;;; +1D132;MUSICAL SYMBOL QUARTER TONE SHARP;So;0;L;;;;;N;;;;; +1D133;MUSICAL SYMBOL QUARTER TONE FLAT;So;0;L;;;;;N;;;;; +1D134;MUSICAL SYMBOL COMMON TIME;So;0;L;;;;;N;;;;; +1D135;MUSICAL SYMBOL CUT TIME;So;0;L;;;;;N;;;;; +1D136;MUSICAL SYMBOL OTTAVA ALTA;So;0;L;;;;;N;;;;; +1D137;MUSICAL SYMBOL OTTAVA BASSA;So;0;L;;;;;N;;;;; +1D138;MUSICAL SYMBOL QUINDICESIMA ALTA;So;0;L;;;;;N;;;;; +1D139;MUSICAL SYMBOL QUINDICESIMA BASSA;So;0;L;;;;;N;;;;; +1D13A;MUSICAL SYMBOL MULTI REST;So;0;L;;;;;N;;;;; +1D13B;MUSICAL SYMBOL WHOLE REST;So;0;L;;;;;N;;;;; +1D13C;MUSICAL SYMBOL HALF REST;So;0;L;;;;;N;;;;; +1D13D;MUSICAL SYMBOL QUARTER REST;So;0;L;;;;;N;;;;; +1D13E;MUSICAL SYMBOL EIGHTH REST;So;0;L;;;;;N;;;;; +1D13F;MUSICAL SYMBOL SIXTEENTH REST;So;0;L;;;;;N;;;;; +1D140;MUSICAL SYMBOL THIRTY-SECOND REST;So;0;L;;;;;N;;;;; +1D141;MUSICAL SYMBOL SIXTY-FOURTH REST;So;0;L;;;;;N;;;;; +1D142;MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH REST;So;0;L;;;;;N;;;;; +1D143;MUSICAL SYMBOL X NOTEHEAD;So;0;L;;;;;N;;;;; +1D144;MUSICAL SYMBOL PLUS NOTEHEAD;So;0;L;;;;;N;;;;; +1D145;MUSICAL SYMBOL CIRCLE X NOTEHEAD;So;0;L;;;;;N;;;;; +1D146;MUSICAL SYMBOL SQUARE NOTEHEAD WHITE;So;0;L;;;;;N;;;;; +1D147;MUSICAL SYMBOL SQUARE NOTEHEAD BLACK;So;0;L;;;;;N;;;;; +1D148;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP WHITE;So;0;L;;;;;N;;;;; +1D149;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP BLACK;So;0;L;;;;;N;;;;; +1D14A;MUSICAL SYMBOL TRIANGLE NOTEHEAD LEFT WHITE;So;0;L;;;;;N;;;;; +1D14B;MUSICAL SYMBOL TRIANGLE NOTEHEAD LEFT BLACK;So;0;L;;;;;N;;;;; +1D14C;MUSICAL SYMBOL TRIANGLE NOTEHEAD RIGHT WHITE;So;0;L;;;;;N;;;;; +1D14D;MUSICAL SYMBOL TRIANGLE NOTEHEAD RIGHT BLACK;So;0;L;;;;;N;;;;; +1D14E;MUSICAL SYMBOL TRIANGLE NOTEHEAD DOWN WHITE;So;0;L;;;;;N;;;;; +1D14F;MUSICAL SYMBOL TRIANGLE NOTEHEAD DOWN BLACK;So;0;L;;;;;N;;;;; +1D150;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP RIGHT WHITE;So;0;L;;;;;N;;;;; +1D151;MUSICAL SYMBOL TRIANGLE NOTEHEAD UP RIGHT BLACK;So;0;L;;;;;N;;;;; +1D152;MUSICAL SYMBOL MOON NOTEHEAD WHITE;So;0;L;;;;;N;;;;; +1D153;MUSICAL SYMBOL MOON NOTEHEAD BLACK;So;0;L;;;;;N;;;;; +1D154;MUSICAL SYMBOL TRIANGLE-ROUND NOTEHEAD DOWN WHITE;So;0;L;;;;;N;;;;; +1D155;MUSICAL SYMBOL TRIANGLE-ROUND NOTEHEAD DOWN BLACK;So;0;L;;;;;N;;;;; +1D156;MUSICAL SYMBOL PARENTHESIS NOTEHEAD;So;0;L;;;;;N;;;;; +1D157;MUSICAL SYMBOL VOID NOTEHEAD;So;0;L;;;;;N;;;;; +1D158;MUSICAL SYMBOL NOTEHEAD BLACK;So;0;L;;;;;N;;;;; +1D159;MUSICAL SYMBOL NULL NOTEHEAD;So;0;L;;;;;N;;;;; +1D15A;MUSICAL SYMBOL CLUSTER NOTEHEAD WHITE;So;0;L;;;;;N;;;;; +1D15B;MUSICAL SYMBOL CLUSTER NOTEHEAD BLACK;So;0;L;;;;;N;;;;; +1D15C;MUSICAL SYMBOL BREVE;So;0;L;;;;;N;;;;; +1D15D;MUSICAL SYMBOL WHOLE NOTE;So;0;L;;;;;N;;;;; +1D15E;MUSICAL SYMBOL HALF NOTE;So;0;L;1D157 1D165;;;;N;;;;; +1D15F;MUSICAL SYMBOL QUARTER NOTE;So;0;L;1D158 1D165;;;;N;;;;; +1D160;MUSICAL SYMBOL EIGHTH NOTE;So;0;L;1D15F 1D16E;;;;N;;;;; +1D161;MUSICAL SYMBOL SIXTEENTH NOTE;So;0;L;1D15F 1D16F;;;;N;;;;; +1D162;MUSICAL SYMBOL THIRTY-SECOND NOTE;So;0;L;1D15F 1D170;;;;N;;;;; +1D163;MUSICAL SYMBOL SIXTY-FOURTH NOTE;So;0;L;1D15F 1D171;;;;N;;;;; +1D164;MUSICAL SYMBOL ONE HUNDRED TWENTY-EIGHTH NOTE;So;0;L;1D15F 1D172;;;;N;;;;; +1D165;MUSICAL SYMBOL COMBINING STEM;Mc;216;L;;;;;N;;;;; +1D166;MUSICAL SYMBOL COMBINING SPRECHGESANG STEM;Mc;216;L;;;;;N;;;;; +1D167;MUSICAL SYMBOL COMBINING TREMOLO-1;Mn;1;NSM;;;;;N;;;;; +1D168;MUSICAL SYMBOL COMBINING TREMOLO-2;Mn;1;NSM;;;;;N;;;;; +1D169;MUSICAL SYMBOL COMBINING TREMOLO-3;Mn;1;NSM;;;;;N;;;;; +1D16A;MUSICAL SYMBOL FINGERED TREMOLO-1;So;0;L;;;;;N;;;;; +1D16B;MUSICAL SYMBOL FINGERED TREMOLO-2;So;0;L;;;;;N;;;;; +1D16C;MUSICAL SYMBOL FINGERED TREMOLO-3;So;0;L;;;;;N;;;;; +1D16D;MUSICAL SYMBOL COMBINING AUGMENTATION DOT;Mc;226;L;;;;;N;;;;; +1D16E;MUSICAL SYMBOL COMBINING FLAG-1;Mc;216;L;;;;;N;;;;; +1D16F;MUSICAL SYMBOL COMBINING FLAG-2;Mc;216;L;;;;;N;;;;; +1D170;MUSICAL SYMBOL COMBINING FLAG-3;Mc;216;L;;;;;N;;;;; +1D171;MUSICAL SYMBOL COMBINING FLAG-4;Mc;216;L;;;;;N;;;;; +1D172;MUSICAL SYMBOL COMBINING FLAG-5;Mc;216;L;;;;;N;;;;; +1D173;MUSICAL SYMBOL BEGIN BEAM;Cf;0;BN;;;;;N;;;;; +1D174;MUSICAL SYMBOL END BEAM;Cf;0;BN;;;;;N;;;;; +1D175;MUSICAL SYMBOL BEGIN TIE;Cf;0;BN;;;;;N;;;;; +1D176;MUSICAL SYMBOL END TIE;Cf;0;BN;;;;;N;;;;; +1D177;MUSICAL SYMBOL BEGIN SLUR;Cf;0;BN;;;;;N;;;;; +1D178;MUSICAL SYMBOL END SLUR;Cf;0;BN;;;;;N;;;;; +1D179;MUSICAL SYMBOL BEGIN PHRASE;Cf;0;BN;;;;;N;;;;; +1D17A;MUSICAL SYMBOL END PHRASE;Cf;0;BN;;;;;N;;;;; +1D17B;MUSICAL SYMBOL COMBINING ACCENT;Mn;220;NSM;;;;;N;;;;; +1D17C;MUSICAL SYMBOL COMBINING STACCATO;Mn;220;NSM;;;;;N;;;;; +1D17D;MUSICAL SYMBOL COMBINING TENUTO;Mn;220;NSM;;;;;N;;;;; +1D17E;MUSICAL SYMBOL COMBINING STACCATISSIMO;Mn;220;NSM;;;;;N;;;;; +1D17F;MUSICAL SYMBOL COMBINING MARCATO;Mn;220;NSM;;;;;N;;;;; +1D180;MUSICAL SYMBOL COMBINING MARCATO-STACCATO;Mn;220;NSM;;;;;N;;;;; +1D181;MUSICAL SYMBOL COMBINING ACCENT-STACCATO;Mn;220;NSM;;;;;N;;;;; +1D182;MUSICAL SYMBOL COMBINING LOURE;Mn;220;NSM;;;;;N;;;;; +1D183;MUSICAL SYMBOL ARPEGGIATO UP;So;0;L;;;;;N;;;;; +1D184;MUSICAL SYMBOL ARPEGGIATO DOWN;So;0;L;;;;;N;;;;; +1D185;MUSICAL SYMBOL COMBINING DOIT;Mn;230;NSM;;;;;N;;;;; +1D186;MUSICAL SYMBOL COMBINING RIP;Mn;230;NSM;;;;;N;;;;; +1D187;MUSICAL SYMBOL COMBINING FLIP;Mn;230;NSM;;;;;N;;;;; +1D188;MUSICAL SYMBOL COMBINING SMEAR;Mn;230;NSM;;;;;N;;;;; +1D189;MUSICAL SYMBOL COMBINING BEND;Mn;230;NSM;;;;;N;;;;; +1D18A;MUSICAL SYMBOL COMBINING DOUBLE TONGUE;Mn;220;NSM;;;;;N;;;;; +1D18B;MUSICAL SYMBOL COMBINING TRIPLE TONGUE;Mn;220;NSM;;;;;N;;;;; +1D18C;MUSICAL SYMBOL RINFORZANDO;So;0;L;;;;;N;;;;; +1D18D;MUSICAL SYMBOL SUBITO;So;0;L;;;;;N;;;;; +1D18E;MUSICAL SYMBOL Z;So;0;L;;;;;N;;;;; +1D18F;MUSICAL SYMBOL PIANO;So;0;L;;;;;N;;;;; +1D190;MUSICAL SYMBOL MEZZO;So;0;L;;;;;N;;;;; +1D191;MUSICAL SYMBOL FORTE;So;0;L;;;;;N;;;;; +1D192;MUSICAL SYMBOL CRESCENDO;So;0;L;;;;;N;;;;; +1D193;MUSICAL SYMBOL DECRESCENDO;So;0;L;;;;;N;;;;; +1D194;MUSICAL SYMBOL GRACE NOTE SLASH;So;0;L;;;;;N;;;;; +1D195;MUSICAL SYMBOL GRACE NOTE NO SLASH;So;0;L;;;;;N;;;;; +1D196;MUSICAL SYMBOL TR;So;0;L;;;;;N;;;;; +1D197;MUSICAL SYMBOL TURN;So;0;L;;;;;N;;;;; +1D198;MUSICAL SYMBOL INVERTED TURN;So;0;L;;;;;N;;;;; +1D199;MUSICAL SYMBOL TURN SLASH;So;0;L;;;;;N;;;;; +1D19A;MUSICAL SYMBOL TURN UP;So;0;L;;;;;N;;;;; +1D19B;MUSICAL SYMBOL ORNAMENT STROKE-1;So;0;L;;;;;N;;;;; +1D19C;MUSICAL SYMBOL ORNAMENT STROKE-2;So;0;L;;;;;N;;;;; +1D19D;MUSICAL SYMBOL ORNAMENT STROKE-3;So;0;L;;;;;N;;;;; +1D19E;MUSICAL SYMBOL ORNAMENT STROKE-4;So;0;L;;;;;N;;;;; +1D19F;MUSICAL SYMBOL ORNAMENT STROKE-5;So;0;L;;;;;N;;;;; +1D1A0;MUSICAL SYMBOL ORNAMENT STROKE-6;So;0;L;;;;;N;;;;; +1D1A1;MUSICAL SYMBOL ORNAMENT STROKE-7;So;0;L;;;;;N;;;;; +1D1A2;MUSICAL SYMBOL ORNAMENT STROKE-8;So;0;L;;;;;N;;;;; +1D1A3;MUSICAL SYMBOL ORNAMENT STROKE-9;So;0;L;;;;;N;;;;; +1D1A4;MUSICAL SYMBOL ORNAMENT STROKE-10;So;0;L;;;;;N;;;;; +1D1A5;MUSICAL SYMBOL ORNAMENT STROKE-11;So;0;L;;;;;N;;;;; +1D1A6;MUSICAL SYMBOL HAUPTSTIMME;So;0;L;;;;;N;;;;; +1D1A7;MUSICAL SYMBOL NEBENSTIMME;So;0;L;;;;;N;;;;; +1D1A8;MUSICAL SYMBOL END OF STIMME;So;0;L;;;;;N;;;;; +1D1A9;MUSICAL SYMBOL DEGREE SLASH;So;0;L;;;;;N;;;;; +1D1AA;MUSICAL SYMBOL COMBINING DOWN BOW;Mn;230;NSM;;;;;N;;;;; +1D1AB;MUSICAL SYMBOL COMBINING UP BOW;Mn;230;NSM;;;;;N;;;;; +1D1AC;MUSICAL SYMBOL COMBINING HARMONIC;Mn;230;NSM;;;;;N;;;;; +1D1AD;MUSICAL SYMBOL COMBINING SNAP PIZZICATO;Mn;230;NSM;;;;;N;;;;; +1D1AE;MUSICAL SYMBOL PEDAL MARK;So;0;L;;;;;N;;;;; +1D1AF;MUSICAL SYMBOL PEDAL UP MARK;So;0;L;;;;;N;;;;; +1D1B0;MUSICAL SYMBOL HALF PEDAL MARK;So;0;L;;;;;N;;;;; +1D1B1;MUSICAL SYMBOL GLISSANDO UP;So;0;L;;;;;N;;;;; +1D1B2;MUSICAL SYMBOL GLISSANDO DOWN;So;0;L;;;;;N;;;;; +1D1B3;MUSICAL SYMBOL WITH FINGERNAILS;So;0;L;;;;;N;;;;; +1D1B4;MUSICAL SYMBOL DAMP;So;0;L;;;;;N;;;;; +1D1B5;MUSICAL SYMBOL DAMP ALL;So;0;L;;;;;N;;;;; +1D1B6;MUSICAL SYMBOL MAXIMA;So;0;L;;;;;N;;;;; +1D1B7;MUSICAL SYMBOL LONGA;So;0;L;;;;;N;;;;; +1D1B8;MUSICAL SYMBOL BREVIS;So;0;L;;;;;N;;;;; +1D1B9;MUSICAL SYMBOL SEMIBREVIS WHITE;So;0;L;;;;;N;;;;; +1D1BA;MUSICAL SYMBOL SEMIBREVIS BLACK;So;0;L;;;;;N;;;;; +1D1BB;MUSICAL SYMBOL MINIMA;So;0;L;1D1B9 1D165;;;;N;;;;; +1D1BC;MUSICAL SYMBOL MINIMA BLACK;So;0;L;1D1BA 1D165;;;;N;;;;; +1D1BD;MUSICAL SYMBOL SEMIMINIMA WHITE;So;0;L;1D1BB 1D16E;;;;N;;;;; +1D1BE;MUSICAL SYMBOL SEMIMINIMA BLACK;So;0;L;1D1BC 1D16E;;;;N;;;;; +1D1BF;MUSICAL SYMBOL FUSA WHITE;So;0;L;1D1BB 1D16F;;;;N;;;;; +1D1C0;MUSICAL SYMBOL FUSA BLACK;So;0;L;1D1BC 1D16F;;;;N;;;;; +1D1C1;MUSICAL SYMBOL LONGA PERFECTA REST;So;0;L;;;;;N;;;;; +1D1C2;MUSICAL SYMBOL LONGA IMPERFECTA REST;So;0;L;;;;;N;;;;; +1D1C3;MUSICAL SYMBOL BREVIS REST;So;0;L;;;;;N;;;;; +1D1C4;MUSICAL SYMBOL SEMIBREVIS REST;So;0;L;;;;;N;;;;; +1D1C5;MUSICAL SYMBOL MINIMA REST;So;0;L;;;;;N;;;;; +1D1C6;MUSICAL SYMBOL SEMIMINIMA REST;So;0;L;;;;;N;;;;; +1D1C7;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE PERFECTA;So;0;L;;;;;N;;;;; +1D1C8;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE IMPERFECTA;So;0;L;;;;;N;;;;; +1D1C9;MUSICAL SYMBOL TEMPUS PERFECTUM CUM PROLATIONE PERFECTA DIMINUTION-1;So;0;L;;;;;N;;;;; +1D1CA;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE PERFECTA;So;0;L;;;;;N;;;;; +1D1CB;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA;So;0;L;;;;;N;;;;; +1D1CC;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-1;So;0;L;;;;;N;;;;; +1D1CD;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-2;So;0;L;;;;;N;;;;; +1D1CE;MUSICAL SYMBOL TEMPUS IMPERFECTUM CUM PROLATIONE IMPERFECTA DIMINUTION-3;So;0;L;;;;;N;;;;; +1D1CF;MUSICAL SYMBOL CROIX;So;0;L;;;;;N;;;;; +1D1D0;MUSICAL SYMBOL GREGORIAN C CLEF;So;0;L;;;;;N;;;;; +1D1D1;MUSICAL SYMBOL GREGORIAN F CLEF;So;0;L;;;;;N;;;;; +1D1D2;MUSICAL SYMBOL SQUARE B;So;0;L;;;;;N;;;;; +1D1D3;MUSICAL SYMBOL VIRGA;So;0;L;;;;;N;;;;; +1D1D4;MUSICAL SYMBOL PODATUS;So;0;L;;;;;N;;;;; +1D1D5;MUSICAL SYMBOL CLIVIS;So;0;L;;;;;N;;;;; +1D1D6;MUSICAL SYMBOL SCANDICUS;So;0;L;;;;;N;;;;; +1D1D7;MUSICAL SYMBOL CLIMACUS;So;0;L;;;;;N;;;;; +1D1D8;MUSICAL SYMBOL TORCULUS;So;0;L;;;;;N;;;;; +1D1D9;MUSICAL SYMBOL PORRECTUS;So;0;L;;;;;N;;;;; +1D1DA;MUSICAL SYMBOL PORRECTUS FLEXUS;So;0;L;;;;;N;;;;; +1D1DB;MUSICAL SYMBOL SCANDICUS FLEXUS;So;0;L;;;;;N;;;;; +1D1DC;MUSICAL SYMBOL TORCULUS RESUPINUS;So;0;L;;;;;N;;;;; +1D1DD;MUSICAL SYMBOL PES SUBPUNCTIS;So;0;L;;;;;N;;;;; +1D400;MATHEMATICAL BOLD CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D401;MATHEMATICAL BOLD CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D402;MATHEMATICAL BOLD CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D403;MATHEMATICAL BOLD CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D404;MATHEMATICAL BOLD CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D405;MATHEMATICAL BOLD CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D406;MATHEMATICAL BOLD CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D407;MATHEMATICAL BOLD CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D408;MATHEMATICAL BOLD CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D409;MATHEMATICAL BOLD CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D40A;MATHEMATICAL BOLD CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D40B;MATHEMATICAL BOLD CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D40C;MATHEMATICAL BOLD CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D40D;MATHEMATICAL BOLD CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D40E;MATHEMATICAL BOLD CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D40F;MATHEMATICAL BOLD CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D410;MATHEMATICAL BOLD CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D411;MATHEMATICAL BOLD CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D412;MATHEMATICAL BOLD CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D413;MATHEMATICAL BOLD CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D414;MATHEMATICAL BOLD CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D415;MATHEMATICAL BOLD CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D416;MATHEMATICAL BOLD CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D417;MATHEMATICAL BOLD CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D418;MATHEMATICAL BOLD CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D419;MATHEMATICAL BOLD CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D41A;MATHEMATICAL BOLD SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D41B;MATHEMATICAL BOLD SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D41C;MATHEMATICAL BOLD SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D41D;MATHEMATICAL BOLD SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D41E;MATHEMATICAL BOLD SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D41F;MATHEMATICAL BOLD SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D420;MATHEMATICAL BOLD SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D421;MATHEMATICAL BOLD SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D422;MATHEMATICAL BOLD SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D423;MATHEMATICAL BOLD SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D424;MATHEMATICAL BOLD SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D425;MATHEMATICAL BOLD SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D426;MATHEMATICAL BOLD SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D427;MATHEMATICAL BOLD SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D428;MATHEMATICAL BOLD SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D429;MATHEMATICAL BOLD SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D42A;MATHEMATICAL BOLD SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D42B;MATHEMATICAL BOLD SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D42C;MATHEMATICAL BOLD SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D42D;MATHEMATICAL BOLD SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D42E;MATHEMATICAL BOLD SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D42F;MATHEMATICAL BOLD SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D430;MATHEMATICAL BOLD SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D431;MATHEMATICAL BOLD SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D432;MATHEMATICAL BOLD SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D433;MATHEMATICAL BOLD SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D434;MATHEMATICAL ITALIC CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D435;MATHEMATICAL ITALIC CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D436;MATHEMATICAL ITALIC CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D437;MATHEMATICAL ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D438;MATHEMATICAL ITALIC CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D439;MATHEMATICAL ITALIC CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D43A;MATHEMATICAL ITALIC CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D43B;MATHEMATICAL ITALIC CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D43C;MATHEMATICAL ITALIC CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D43D;MATHEMATICAL ITALIC CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D43E;MATHEMATICAL ITALIC CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D43F;MATHEMATICAL ITALIC CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D440;MATHEMATICAL ITALIC CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D441;MATHEMATICAL ITALIC CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D442;MATHEMATICAL ITALIC CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D443;MATHEMATICAL ITALIC CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D444;MATHEMATICAL ITALIC CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D445;MATHEMATICAL ITALIC CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D446;MATHEMATICAL ITALIC CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D447;MATHEMATICAL ITALIC CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D448;MATHEMATICAL ITALIC CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D449;MATHEMATICAL ITALIC CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D44A;MATHEMATICAL ITALIC CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D44B;MATHEMATICAL ITALIC CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D44C;MATHEMATICAL ITALIC CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D44D;MATHEMATICAL ITALIC CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D44E;MATHEMATICAL ITALIC SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D44F;MATHEMATICAL ITALIC SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D450;MATHEMATICAL ITALIC SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D451;MATHEMATICAL ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D452;MATHEMATICAL ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D453;MATHEMATICAL ITALIC SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D454;MATHEMATICAL ITALIC SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D456;MATHEMATICAL ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D457;MATHEMATICAL ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D458;MATHEMATICAL ITALIC SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D459;MATHEMATICAL ITALIC SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D45A;MATHEMATICAL ITALIC SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D45B;MATHEMATICAL ITALIC SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D45C;MATHEMATICAL ITALIC SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D45D;MATHEMATICAL ITALIC SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D45E;MATHEMATICAL ITALIC SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D45F;MATHEMATICAL ITALIC SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D460;MATHEMATICAL ITALIC SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D461;MATHEMATICAL ITALIC SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D462;MATHEMATICAL ITALIC SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D463;MATHEMATICAL ITALIC SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D464;MATHEMATICAL ITALIC SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D465;MATHEMATICAL ITALIC SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D466;MATHEMATICAL ITALIC SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D467;MATHEMATICAL ITALIC SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D468;MATHEMATICAL BOLD ITALIC CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D469;MATHEMATICAL BOLD ITALIC CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D46A;MATHEMATICAL BOLD ITALIC CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D46B;MATHEMATICAL BOLD ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D46C;MATHEMATICAL BOLD ITALIC CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D46D;MATHEMATICAL BOLD ITALIC CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D46E;MATHEMATICAL BOLD ITALIC CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D46F;MATHEMATICAL BOLD ITALIC CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D470;MATHEMATICAL BOLD ITALIC CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D471;MATHEMATICAL BOLD ITALIC CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D472;MATHEMATICAL BOLD ITALIC CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D473;MATHEMATICAL BOLD ITALIC CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D474;MATHEMATICAL BOLD ITALIC CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D475;MATHEMATICAL BOLD ITALIC CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D476;MATHEMATICAL BOLD ITALIC CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D477;MATHEMATICAL BOLD ITALIC CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D478;MATHEMATICAL BOLD ITALIC CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D479;MATHEMATICAL BOLD ITALIC CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D47A;MATHEMATICAL BOLD ITALIC CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D47B;MATHEMATICAL BOLD ITALIC CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D47C;MATHEMATICAL BOLD ITALIC CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D47D;MATHEMATICAL BOLD ITALIC CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D47E;MATHEMATICAL BOLD ITALIC CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D47F;MATHEMATICAL BOLD ITALIC CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D480;MATHEMATICAL BOLD ITALIC CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D481;MATHEMATICAL BOLD ITALIC CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D482;MATHEMATICAL BOLD ITALIC SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D483;MATHEMATICAL BOLD ITALIC SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D484;MATHEMATICAL BOLD ITALIC SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D485;MATHEMATICAL BOLD ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D486;MATHEMATICAL BOLD ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D487;MATHEMATICAL BOLD ITALIC SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D488;MATHEMATICAL BOLD ITALIC SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D489;MATHEMATICAL BOLD ITALIC SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D48A;MATHEMATICAL BOLD ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D48B;MATHEMATICAL BOLD ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D48C;MATHEMATICAL BOLD ITALIC SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D48D;MATHEMATICAL BOLD ITALIC SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D48E;MATHEMATICAL BOLD ITALIC SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D48F;MATHEMATICAL BOLD ITALIC SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D490;MATHEMATICAL BOLD ITALIC SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D491;MATHEMATICAL BOLD ITALIC SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D492;MATHEMATICAL BOLD ITALIC SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D493;MATHEMATICAL BOLD ITALIC SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D494;MATHEMATICAL BOLD ITALIC SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D495;MATHEMATICAL BOLD ITALIC SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D496;MATHEMATICAL BOLD ITALIC SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D497;MATHEMATICAL BOLD ITALIC SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D498;MATHEMATICAL BOLD ITALIC SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D499;MATHEMATICAL BOLD ITALIC SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D49A;MATHEMATICAL BOLD ITALIC SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D49B;MATHEMATICAL BOLD ITALIC SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D49C;MATHEMATICAL SCRIPT CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D49E;MATHEMATICAL SCRIPT CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D49F;MATHEMATICAL SCRIPT CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D4A2;MATHEMATICAL SCRIPT CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D4A5;MATHEMATICAL SCRIPT CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D4A6;MATHEMATICAL SCRIPT CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D4A9;MATHEMATICAL SCRIPT CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D4AA;MATHEMATICAL SCRIPT CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D4AB;MATHEMATICAL SCRIPT CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D4AC;MATHEMATICAL SCRIPT CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D4AE;MATHEMATICAL SCRIPT CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D4AF;MATHEMATICAL SCRIPT CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D4B0;MATHEMATICAL SCRIPT CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D4B1;MATHEMATICAL SCRIPT CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D4B2;MATHEMATICAL SCRIPT CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D4B3;MATHEMATICAL SCRIPT CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D4B4;MATHEMATICAL SCRIPT CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D4B5;MATHEMATICAL SCRIPT CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D4B6;MATHEMATICAL SCRIPT SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D4B7;MATHEMATICAL SCRIPT SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D4B8;MATHEMATICAL SCRIPT SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D4B9;MATHEMATICAL SCRIPT SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D4BB;MATHEMATICAL SCRIPT SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D4BD;MATHEMATICAL SCRIPT SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D4BE;MATHEMATICAL SCRIPT SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D4BF;MATHEMATICAL SCRIPT SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D4C0;MATHEMATICAL SCRIPT SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D4C2;MATHEMATICAL SCRIPT SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D4C3;MATHEMATICAL SCRIPT SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D4C5;MATHEMATICAL SCRIPT SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D4C6;MATHEMATICAL SCRIPT SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D4C7;MATHEMATICAL SCRIPT SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D4C8;MATHEMATICAL SCRIPT SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D4C9;MATHEMATICAL SCRIPT SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D4CA;MATHEMATICAL SCRIPT SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D4CB;MATHEMATICAL SCRIPT SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D4CC;MATHEMATICAL SCRIPT SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D4CD;MATHEMATICAL SCRIPT SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D4CE;MATHEMATICAL SCRIPT SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D4CF;MATHEMATICAL SCRIPT SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D4D0;MATHEMATICAL BOLD SCRIPT CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D4D1;MATHEMATICAL BOLD SCRIPT CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D4D2;MATHEMATICAL BOLD SCRIPT CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D4D3;MATHEMATICAL BOLD SCRIPT CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D4D4;MATHEMATICAL BOLD SCRIPT CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D4D5;MATHEMATICAL BOLD SCRIPT CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D4D6;MATHEMATICAL BOLD SCRIPT CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D4D7;MATHEMATICAL BOLD SCRIPT CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D4D8;MATHEMATICAL BOLD SCRIPT CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D4D9;MATHEMATICAL BOLD SCRIPT CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D4DA;MATHEMATICAL BOLD SCRIPT CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D4DB;MATHEMATICAL BOLD SCRIPT CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D4DC;MATHEMATICAL BOLD SCRIPT CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D4DD;MATHEMATICAL BOLD SCRIPT CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D4DE;MATHEMATICAL BOLD SCRIPT CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D4DF;MATHEMATICAL BOLD SCRIPT CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D4E0;MATHEMATICAL BOLD SCRIPT CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D4E1;MATHEMATICAL BOLD SCRIPT CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D4E2;MATHEMATICAL BOLD SCRIPT CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D4E3;MATHEMATICAL BOLD SCRIPT CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D4E4;MATHEMATICAL BOLD SCRIPT CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D4E5;MATHEMATICAL BOLD SCRIPT CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D4E6;MATHEMATICAL BOLD SCRIPT CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D4E7;MATHEMATICAL BOLD SCRIPT CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D4E8;MATHEMATICAL BOLD SCRIPT CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D4E9;MATHEMATICAL BOLD SCRIPT CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D4EA;MATHEMATICAL BOLD SCRIPT SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D4EB;MATHEMATICAL BOLD SCRIPT SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D4EC;MATHEMATICAL BOLD SCRIPT SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D4ED;MATHEMATICAL BOLD SCRIPT SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D4EE;MATHEMATICAL BOLD SCRIPT SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D4EF;MATHEMATICAL BOLD SCRIPT SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D4F0;MATHEMATICAL BOLD SCRIPT SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D4F1;MATHEMATICAL BOLD SCRIPT SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D4F2;MATHEMATICAL BOLD SCRIPT SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D4F3;MATHEMATICAL BOLD SCRIPT SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D4F4;MATHEMATICAL BOLD SCRIPT SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D4F5;MATHEMATICAL BOLD SCRIPT SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D4F6;MATHEMATICAL BOLD SCRIPT SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D4F7;MATHEMATICAL BOLD SCRIPT SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D4F8;MATHEMATICAL BOLD SCRIPT SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D4F9;MATHEMATICAL BOLD SCRIPT SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D4FA;MATHEMATICAL BOLD SCRIPT SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D4FB;MATHEMATICAL BOLD SCRIPT SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D4FC;MATHEMATICAL BOLD SCRIPT SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D4FD;MATHEMATICAL BOLD SCRIPT SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D4FE;MATHEMATICAL BOLD SCRIPT SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D4FF;MATHEMATICAL BOLD SCRIPT SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D500;MATHEMATICAL BOLD SCRIPT SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D501;MATHEMATICAL BOLD SCRIPT SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D502;MATHEMATICAL BOLD SCRIPT SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D503;MATHEMATICAL BOLD SCRIPT SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D504;MATHEMATICAL FRAKTUR CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D505;MATHEMATICAL FRAKTUR CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D507;MATHEMATICAL FRAKTUR CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D508;MATHEMATICAL FRAKTUR CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D509;MATHEMATICAL FRAKTUR CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D50A;MATHEMATICAL FRAKTUR CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D50D;MATHEMATICAL FRAKTUR CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D50E;MATHEMATICAL FRAKTUR CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D50F;MATHEMATICAL FRAKTUR CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D510;MATHEMATICAL FRAKTUR CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D511;MATHEMATICAL FRAKTUR CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D512;MATHEMATICAL FRAKTUR CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D513;MATHEMATICAL FRAKTUR CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D514;MATHEMATICAL FRAKTUR CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D516;MATHEMATICAL FRAKTUR CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D517;MATHEMATICAL FRAKTUR CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D518;MATHEMATICAL FRAKTUR CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D519;MATHEMATICAL FRAKTUR CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D51A;MATHEMATICAL FRAKTUR CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D51B;MATHEMATICAL FRAKTUR CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D51C;MATHEMATICAL FRAKTUR CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D51E;MATHEMATICAL FRAKTUR SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D51F;MATHEMATICAL FRAKTUR SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D520;MATHEMATICAL FRAKTUR SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D521;MATHEMATICAL FRAKTUR SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D522;MATHEMATICAL FRAKTUR SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D523;MATHEMATICAL FRAKTUR SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D524;MATHEMATICAL FRAKTUR SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D525;MATHEMATICAL FRAKTUR SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D526;MATHEMATICAL FRAKTUR SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D527;MATHEMATICAL FRAKTUR SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D528;MATHEMATICAL FRAKTUR SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D529;MATHEMATICAL FRAKTUR SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D52A;MATHEMATICAL FRAKTUR SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D52B;MATHEMATICAL FRAKTUR SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D52C;MATHEMATICAL FRAKTUR SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D52D;MATHEMATICAL FRAKTUR SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D52E;MATHEMATICAL FRAKTUR SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D52F;MATHEMATICAL FRAKTUR SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D530;MATHEMATICAL FRAKTUR SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D531;MATHEMATICAL FRAKTUR SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D532;MATHEMATICAL FRAKTUR SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D533;MATHEMATICAL FRAKTUR SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D534;MATHEMATICAL FRAKTUR SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D535;MATHEMATICAL FRAKTUR SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D536;MATHEMATICAL FRAKTUR SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D537;MATHEMATICAL FRAKTUR SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D538;MATHEMATICAL DOUBLE-STRUCK CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D539;MATHEMATICAL DOUBLE-STRUCK CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D53B;MATHEMATICAL DOUBLE-STRUCK CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D53C;MATHEMATICAL DOUBLE-STRUCK CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D53D;MATHEMATICAL DOUBLE-STRUCK CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D53E;MATHEMATICAL DOUBLE-STRUCK CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D540;MATHEMATICAL DOUBLE-STRUCK CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D541;MATHEMATICAL DOUBLE-STRUCK CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D542;MATHEMATICAL DOUBLE-STRUCK CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D543;MATHEMATICAL DOUBLE-STRUCK CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D544;MATHEMATICAL DOUBLE-STRUCK CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D546;MATHEMATICAL DOUBLE-STRUCK CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D54A;MATHEMATICAL DOUBLE-STRUCK CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D54B;MATHEMATICAL DOUBLE-STRUCK CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D54C;MATHEMATICAL DOUBLE-STRUCK CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D54D;MATHEMATICAL DOUBLE-STRUCK CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D54E;MATHEMATICAL DOUBLE-STRUCK CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D54F;MATHEMATICAL DOUBLE-STRUCK CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D550;MATHEMATICAL DOUBLE-STRUCK CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D552;MATHEMATICAL DOUBLE-STRUCK SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D553;MATHEMATICAL DOUBLE-STRUCK SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D554;MATHEMATICAL DOUBLE-STRUCK SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D555;MATHEMATICAL DOUBLE-STRUCK SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D556;MATHEMATICAL DOUBLE-STRUCK SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D557;MATHEMATICAL DOUBLE-STRUCK SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D558;MATHEMATICAL DOUBLE-STRUCK SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D559;MATHEMATICAL DOUBLE-STRUCK SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D55A;MATHEMATICAL DOUBLE-STRUCK SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D55B;MATHEMATICAL DOUBLE-STRUCK SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D55C;MATHEMATICAL DOUBLE-STRUCK SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D55D;MATHEMATICAL DOUBLE-STRUCK SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D55E;MATHEMATICAL DOUBLE-STRUCK SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D55F;MATHEMATICAL DOUBLE-STRUCK SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D560;MATHEMATICAL DOUBLE-STRUCK SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D561;MATHEMATICAL DOUBLE-STRUCK SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D562;MATHEMATICAL DOUBLE-STRUCK SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D563;MATHEMATICAL DOUBLE-STRUCK SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D564;MATHEMATICAL DOUBLE-STRUCK SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D565;MATHEMATICAL DOUBLE-STRUCK SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D566;MATHEMATICAL DOUBLE-STRUCK SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D567;MATHEMATICAL DOUBLE-STRUCK SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D568;MATHEMATICAL DOUBLE-STRUCK SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D569;MATHEMATICAL DOUBLE-STRUCK SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D56A;MATHEMATICAL DOUBLE-STRUCK SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D56B;MATHEMATICAL DOUBLE-STRUCK SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D56C;MATHEMATICAL BOLD FRAKTUR CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D56D;MATHEMATICAL BOLD FRAKTUR CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D56E;MATHEMATICAL BOLD FRAKTUR CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D56F;MATHEMATICAL BOLD FRAKTUR CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D570;MATHEMATICAL BOLD FRAKTUR CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D571;MATHEMATICAL BOLD FRAKTUR CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D572;MATHEMATICAL BOLD FRAKTUR CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D573;MATHEMATICAL BOLD FRAKTUR CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D574;MATHEMATICAL BOLD FRAKTUR CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D575;MATHEMATICAL BOLD FRAKTUR CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D576;MATHEMATICAL BOLD FRAKTUR CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D577;MATHEMATICAL BOLD FRAKTUR CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D578;MATHEMATICAL BOLD FRAKTUR CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D579;MATHEMATICAL BOLD FRAKTUR CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D57A;MATHEMATICAL BOLD FRAKTUR CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D57B;MATHEMATICAL BOLD FRAKTUR CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D57C;MATHEMATICAL BOLD FRAKTUR CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D57D;MATHEMATICAL BOLD FRAKTUR CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D57E;MATHEMATICAL BOLD FRAKTUR CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D57F;MATHEMATICAL BOLD FRAKTUR CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D580;MATHEMATICAL BOLD FRAKTUR CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D581;MATHEMATICAL BOLD FRAKTUR CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D582;MATHEMATICAL BOLD FRAKTUR CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D583;MATHEMATICAL BOLD FRAKTUR CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D584;MATHEMATICAL BOLD FRAKTUR CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D585;MATHEMATICAL BOLD FRAKTUR CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D586;MATHEMATICAL BOLD FRAKTUR SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D587;MATHEMATICAL BOLD FRAKTUR SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D588;MATHEMATICAL BOLD FRAKTUR SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D589;MATHEMATICAL BOLD FRAKTUR SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D58A;MATHEMATICAL BOLD FRAKTUR SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D58B;MATHEMATICAL BOLD FRAKTUR SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D58C;MATHEMATICAL BOLD FRAKTUR SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D58D;MATHEMATICAL BOLD FRAKTUR SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D58E;MATHEMATICAL BOLD FRAKTUR SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D58F;MATHEMATICAL BOLD FRAKTUR SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D590;MATHEMATICAL BOLD FRAKTUR SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D591;MATHEMATICAL BOLD FRAKTUR SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D592;MATHEMATICAL BOLD FRAKTUR SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D593;MATHEMATICAL BOLD FRAKTUR SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D594;MATHEMATICAL BOLD FRAKTUR SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D595;MATHEMATICAL BOLD FRAKTUR SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D596;MATHEMATICAL BOLD FRAKTUR SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D597;MATHEMATICAL BOLD FRAKTUR SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D598;MATHEMATICAL BOLD FRAKTUR SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D599;MATHEMATICAL BOLD FRAKTUR SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D59A;MATHEMATICAL BOLD FRAKTUR SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D59B;MATHEMATICAL BOLD FRAKTUR SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D59C;MATHEMATICAL BOLD FRAKTUR SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D59D;MATHEMATICAL BOLD FRAKTUR SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D59E;MATHEMATICAL BOLD FRAKTUR SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D59F;MATHEMATICAL BOLD FRAKTUR SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D5A0;MATHEMATICAL SANS-SERIF CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D5A1;MATHEMATICAL SANS-SERIF CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D5A2;MATHEMATICAL SANS-SERIF CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D5A3;MATHEMATICAL SANS-SERIF CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D5A4;MATHEMATICAL SANS-SERIF CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D5A5;MATHEMATICAL SANS-SERIF CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D5A6;MATHEMATICAL SANS-SERIF CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D5A7;MATHEMATICAL SANS-SERIF CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D5A8;MATHEMATICAL SANS-SERIF CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D5A9;MATHEMATICAL SANS-SERIF CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D5AA;MATHEMATICAL SANS-SERIF CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D5AB;MATHEMATICAL SANS-SERIF CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D5AC;MATHEMATICAL SANS-SERIF CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D5AD;MATHEMATICAL SANS-SERIF CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D5AE;MATHEMATICAL SANS-SERIF CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D5AF;MATHEMATICAL SANS-SERIF CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D5B0;MATHEMATICAL SANS-SERIF CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D5B1;MATHEMATICAL SANS-SERIF CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D5B2;MATHEMATICAL SANS-SERIF CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D5B3;MATHEMATICAL SANS-SERIF CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D5B4;MATHEMATICAL SANS-SERIF CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D5B5;MATHEMATICAL SANS-SERIF CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D5B6;MATHEMATICAL SANS-SERIF CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D5B7;MATHEMATICAL SANS-SERIF CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D5B8;MATHEMATICAL SANS-SERIF CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D5B9;MATHEMATICAL SANS-SERIF CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D5BA;MATHEMATICAL SANS-SERIF SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D5BB;MATHEMATICAL SANS-SERIF SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D5BC;MATHEMATICAL SANS-SERIF SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D5BD;MATHEMATICAL SANS-SERIF SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D5BE;MATHEMATICAL SANS-SERIF SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D5BF;MATHEMATICAL SANS-SERIF SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D5C0;MATHEMATICAL SANS-SERIF SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D5C1;MATHEMATICAL SANS-SERIF SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D5C2;MATHEMATICAL SANS-SERIF SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D5C3;MATHEMATICAL SANS-SERIF SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D5C4;MATHEMATICAL SANS-SERIF SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D5C5;MATHEMATICAL SANS-SERIF SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D5C6;MATHEMATICAL SANS-SERIF SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D5C7;MATHEMATICAL SANS-SERIF SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D5C8;MATHEMATICAL SANS-SERIF SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D5C9;MATHEMATICAL SANS-SERIF SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D5CA;MATHEMATICAL SANS-SERIF SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D5CB;MATHEMATICAL SANS-SERIF SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D5CC;MATHEMATICAL SANS-SERIF SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D5CD;MATHEMATICAL SANS-SERIF SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D5CE;MATHEMATICAL SANS-SERIF SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D5CF;MATHEMATICAL SANS-SERIF SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D5D0;MATHEMATICAL SANS-SERIF SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D5D1;MATHEMATICAL SANS-SERIF SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D5D2;MATHEMATICAL SANS-SERIF SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D5D3;MATHEMATICAL SANS-SERIF SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D5D4;MATHEMATICAL SANS-SERIF BOLD CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D5D5;MATHEMATICAL SANS-SERIF BOLD CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D5D6;MATHEMATICAL SANS-SERIF BOLD CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D5D7;MATHEMATICAL SANS-SERIF BOLD CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D5D8;MATHEMATICAL SANS-SERIF BOLD CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D5D9;MATHEMATICAL SANS-SERIF BOLD CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D5DA;MATHEMATICAL SANS-SERIF BOLD CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D5DB;MATHEMATICAL SANS-SERIF BOLD CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D5DC;MATHEMATICAL SANS-SERIF BOLD CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D5DD;MATHEMATICAL SANS-SERIF BOLD CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D5DE;MATHEMATICAL SANS-SERIF BOLD CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D5DF;MATHEMATICAL SANS-SERIF BOLD CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D5E0;MATHEMATICAL SANS-SERIF BOLD CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D5E1;MATHEMATICAL SANS-SERIF BOLD CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D5E2;MATHEMATICAL SANS-SERIF BOLD CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D5E3;MATHEMATICAL SANS-SERIF BOLD CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D5E4;MATHEMATICAL SANS-SERIF BOLD CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D5E5;MATHEMATICAL SANS-SERIF BOLD CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D5E6;MATHEMATICAL SANS-SERIF BOLD CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D5E7;MATHEMATICAL SANS-SERIF BOLD CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D5E8;MATHEMATICAL SANS-SERIF BOLD CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D5E9;MATHEMATICAL SANS-SERIF BOLD CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D5EA;MATHEMATICAL SANS-SERIF BOLD CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D5EB;MATHEMATICAL SANS-SERIF BOLD CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D5EC;MATHEMATICAL SANS-SERIF BOLD CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D5ED;MATHEMATICAL SANS-SERIF BOLD CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D5EE;MATHEMATICAL SANS-SERIF BOLD SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D5EF;MATHEMATICAL SANS-SERIF BOLD SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D5F0;MATHEMATICAL SANS-SERIF BOLD SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D5F1;MATHEMATICAL SANS-SERIF BOLD SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D5F2;MATHEMATICAL SANS-SERIF BOLD SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D5F3;MATHEMATICAL SANS-SERIF BOLD SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D5F4;MATHEMATICAL SANS-SERIF BOLD SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D5F5;MATHEMATICAL SANS-SERIF BOLD SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D5F6;MATHEMATICAL SANS-SERIF BOLD SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D5F7;MATHEMATICAL SANS-SERIF BOLD SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D5F8;MATHEMATICAL SANS-SERIF BOLD SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D5F9;MATHEMATICAL SANS-SERIF BOLD SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D5FA;MATHEMATICAL SANS-SERIF BOLD SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D5FB;MATHEMATICAL SANS-SERIF BOLD SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D5FC;MATHEMATICAL SANS-SERIF BOLD SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D5FD;MATHEMATICAL SANS-SERIF BOLD SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D5FE;MATHEMATICAL SANS-SERIF BOLD SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D5FF;MATHEMATICAL SANS-SERIF BOLD SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D600;MATHEMATICAL SANS-SERIF BOLD SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D601;MATHEMATICAL SANS-SERIF BOLD SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D602;MATHEMATICAL SANS-SERIF BOLD SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D603;MATHEMATICAL SANS-SERIF BOLD SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D604;MATHEMATICAL SANS-SERIF BOLD SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D605;MATHEMATICAL SANS-SERIF BOLD SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D606;MATHEMATICAL SANS-SERIF BOLD SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D607;MATHEMATICAL SANS-SERIF BOLD SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D608;MATHEMATICAL SANS-SERIF ITALIC CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D609;MATHEMATICAL SANS-SERIF ITALIC CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D60A;MATHEMATICAL SANS-SERIF ITALIC CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D60B;MATHEMATICAL SANS-SERIF ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D60C;MATHEMATICAL SANS-SERIF ITALIC CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D60D;MATHEMATICAL SANS-SERIF ITALIC CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D60E;MATHEMATICAL SANS-SERIF ITALIC CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D60F;MATHEMATICAL SANS-SERIF ITALIC CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D610;MATHEMATICAL SANS-SERIF ITALIC CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D611;MATHEMATICAL SANS-SERIF ITALIC CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D612;MATHEMATICAL SANS-SERIF ITALIC CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D613;MATHEMATICAL SANS-SERIF ITALIC CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D614;MATHEMATICAL SANS-SERIF ITALIC CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D615;MATHEMATICAL SANS-SERIF ITALIC CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D616;MATHEMATICAL SANS-SERIF ITALIC CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D617;MATHEMATICAL SANS-SERIF ITALIC CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D618;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D619;MATHEMATICAL SANS-SERIF ITALIC CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D61A;MATHEMATICAL SANS-SERIF ITALIC CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D61B;MATHEMATICAL SANS-SERIF ITALIC CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D61C;MATHEMATICAL SANS-SERIF ITALIC CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D61D;MATHEMATICAL SANS-SERIF ITALIC CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D61E;MATHEMATICAL SANS-SERIF ITALIC CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D61F;MATHEMATICAL SANS-SERIF ITALIC CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D620;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D621;MATHEMATICAL SANS-SERIF ITALIC CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D622;MATHEMATICAL SANS-SERIF ITALIC SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D623;MATHEMATICAL SANS-SERIF ITALIC SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D624;MATHEMATICAL SANS-SERIF ITALIC SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D625;MATHEMATICAL SANS-SERIF ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D626;MATHEMATICAL SANS-SERIF ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D627;MATHEMATICAL SANS-SERIF ITALIC SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D628;MATHEMATICAL SANS-SERIF ITALIC SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D629;MATHEMATICAL SANS-SERIF ITALIC SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D62A;MATHEMATICAL SANS-SERIF ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D62B;MATHEMATICAL SANS-SERIF ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D62C;MATHEMATICAL SANS-SERIF ITALIC SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D62D;MATHEMATICAL SANS-SERIF ITALIC SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D62E;MATHEMATICAL SANS-SERIF ITALIC SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D62F;MATHEMATICAL SANS-SERIF ITALIC SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D630;MATHEMATICAL SANS-SERIF ITALIC SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D631;MATHEMATICAL SANS-SERIF ITALIC SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D632;MATHEMATICAL SANS-SERIF ITALIC SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D633;MATHEMATICAL SANS-SERIF ITALIC SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D634;MATHEMATICAL SANS-SERIF ITALIC SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D635;MATHEMATICAL SANS-SERIF ITALIC SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D636;MATHEMATICAL SANS-SERIF ITALIC SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D637;MATHEMATICAL SANS-SERIF ITALIC SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D638;MATHEMATICAL SANS-SERIF ITALIC SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D639;MATHEMATICAL SANS-SERIF ITALIC SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D63A;MATHEMATICAL SANS-SERIF ITALIC SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D63B;MATHEMATICAL SANS-SERIF ITALIC SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D63C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D63D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D63E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D63F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D640;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D641;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D642;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D643;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D644;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D645;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D646;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D647;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D648;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D649;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D64A;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D64B;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D64C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D64D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D64E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D64F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D650;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D651;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D652;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D653;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D654;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D655;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D656;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D657;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D658;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D659;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D65A;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D65B;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D65C;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D65D;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D65E;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D65F;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D660;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D661;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D662;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D663;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D664;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D665;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D666;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D667;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D668;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D669;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D66A;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D66B;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D66C;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D66D;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D66E;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D66F;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D670;MATHEMATICAL MONOSPACE CAPITAL A;Lu;0;L; 0041;;;;N;;;;; +1D671;MATHEMATICAL MONOSPACE CAPITAL B;Lu;0;L; 0042;;;;N;;;;; +1D672;MATHEMATICAL MONOSPACE CAPITAL C;Lu;0;L; 0043;;;;N;;;;; +1D673;MATHEMATICAL MONOSPACE CAPITAL D;Lu;0;L; 0044;;;;N;;;;; +1D674;MATHEMATICAL MONOSPACE CAPITAL E;Lu;0;L; 0045;;;;N;;;;; +1D675;MATHEMATICAL MONOSPACE CAPITAL F;Lu;0;L; 0046;;;;N;;;;; +1D676;MATHEMATICAL MONOSPACE CAPITAL G;Lu;0;L; 0047;;;;N;;;;; +1D677;MATHEMATICAL MONOSPACE CAPITAL H;Lu;0;L; 0048;;;;N;;;;; +1D678;MATHEMATICAL MONOSPACE CAPITAL I;Lu;0;L; 0049;;;;N;;;;; +1D679;MATHEMATICAL MONOSPACE CAPITAL J;Lu;0;L; 004A;;;;N;;;;; +1D67A;MATHEMATICAL MONOSPACE CAPITAL K;Lu;0;L; 004B;;;;N;;;;; +1D67B;MATHEMATICAL MONOSPACE CAPITAL L;Lu;0;L; 004C;;;;N;;;;; +1D67C;MATHEMATICAL MONOSPACE CAPITAL M;Lu;0;L; 004D;;;;N;;;;; +1D67D;MATHEMATICAL MONOSPACE CAPITAL N;Lu;0;L; 004E;;;;N;;;;; +1D67E;MATHEMATICAL MONOSPACE CAPITAL O;Lu;0;L; 004F;;;;N;;;;; +1D67F;MATHEMATICAL MONOSPACE CAPITAL P;Lu;0;L; 0050;;;;N;;;;; +1D680;MATHEMATICAL MONOSPACE CAPITAL Q;Lu;0;L; 0051;;;;N;;;;; +1D681;MATHEMATICAL MONOSPACE CAPITAL R;Lu;0;L; 0052;;;;N;;;;; +1D682;MATHEMATICAL MONOSPACE CAPITAL S;Lu;0;L; 0053;;;;N;;;;; +1D683;MATHEMATICAL MONOSPACE CAPITAL T;Lu;0;L; 0054;;;;N;;;;; +1D684;MATHEMATICAL MONOSPACE CAPITAL U;Lu;0;L; 0055;;;;N;;;;; +1D685;MATHEMATICAL MONOSPACE CAPITAL V;Lu;0;L; 0056;;;;N;;;;; +1D686;MATHEMATICAL MONOSPACE CAPITAL W;Lu;0;L; 0057;;;;N;;;;; +1D687;MATHEMATICAL MONOSPACE CAPITAL X;Lu;0;L; 0058;;;;N;;;;; +1D688;MATHEMATICAL MONOSPACE CAPITAL Y;Lu;0;L; 0059;;;;N;;;;; +1D689;MATHEMATICAL MONOSPACE CAPITAL Z;Lu;0;L; 005A;;;;N;;;;; +1D68A;MATHEMATICAL MONOSPACE SMALL A;Ll;0;L; 0061;;;;N;;;;; +1D68B;MATHEMATICAL MONOSPACE SMALL B;Ll;0;L; 0062;;;;N;;;;; +1D68C;MATHEMATICAL MONOSPACE SMALL C;Ll;0;L; 0063;;;;N;;;;; +1D68D;MATHEMATICAL MONOSPACE SMALL D;Ll;0;L; 0064;;;;N;;;;; +1D68E;MATHEMATICAL MONOSPACE SMALL E;Ll;0;L; 0065;;;;N;;;;; +1D68F;MATHEMATICAL MONOSPACE SMALL F;Ll;0;L; 0066;;;;N;;;;; +1D690;MATHEMATICAL MONOSPACE SMALL G;Ll;0;L; 0067;;;;N;;;;; +1D691;MATHEMATICAL MONOSPACE SMALL H;Ll;0;L; 0068;;;;N;;;;; +1D692;MATHEMATICAL MONOSPACE SMALL I;Ll;0;L; 0069;;;;N;;;;; +1D693;MATHEMATICAL MONOSPACE SMALL J;Ll;0;L; 006A;;;;N;;;;; +1D694;MATHEMATICAL MONOSPACE SMALL K;Ll;0;L; 006B;;;;N;;;;; +1D695;MATHEMATICAL MONOSPACE SMALL L;Ll;0;L; 006C;;;;N;;;;; +1D696;MATHEMATICAL MONOSPACE SMALL M;Ll;0;L; 006D;;;;N;;;;; +1D697;MATHEMATICAL MONOSPACE SMALL N;Ll;0;L; 006E;;;;N;;;;; +1D698;MATHEMATICAL MONOSPACE SMALL O;Ll;0;L; 006F;;;;N;;;;; +1D699;MATHEMATICAL MONOSPACE SMALL P;Ll;0;L; 0070;;;;N;;;;; +1D69A;MATHEMATICAL MONOSPACE SMALL Q;Ll;0;L; 0071;;;;N;;;;; +1D69B;MATHEMATICAL MONOSPACE SMALL R;Ll;0;L; 0072;;;;N;;;;; +1D69C;MATHEMATICAL MONOSPACE SMALL S;Ll;0;L; 0073;;;;N;;;;; +1D69D;MATHEMATICAL MONOSPACE SMALL T;Ll;0;L; 0074;;;;N;;;;; +1D69E;MATHEMATICAL MONOSPACE SMALL U;Ll;0;L; 0075;;;;N;;;;; +1D69F;MATHEMATICAL MONOSPACE SMALL V;Ll;0;L; 0076;;;;N;;;;; +1D6A0;MATHEMATICAL MONOSPACE SMALL W;Ll;0;L; 0077;;;;N;;;;; +1D6A1;MATHEMATICAL MONOSPACE SMALL X;Ll;0;L; 0078;;;;N;;;;; +1D6A2;MATHEMATICAL MONOSPACE SMALL Y;Ll;0;L; 0079;;;;N;;;;; +1D6A3;MATHEMATICAL MONOSPACE SMALL Z;Ll;0;L; 007A;;;;N;;;;; +1D6A8;MATHEMATICAL BOLD CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D6A9;MATHEMATICAL BOLD CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D6AA;MATHEMATICAL BOLD CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D6AB;MATHEMATICAL BOLD CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D6AC;MATHEMATICAL BOLD CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D6AD;MATHEMATICAL BOLD CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D6AE;MATHEMATICAL BOLD CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D6AF;MATHEMATICAL BOLD CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D6B0;MATHEMATICAL BOLD CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D6B1;MATHEMATICAL BOLD CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D6B2;MATHEMATICAL BOLD CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D6B3;MATHEMATICAL BOLD CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D6B4;MATHEMATICAL BOLD CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D6B5;MATHEMATICAL BOLD CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D6B6;MATHEMATICAL BOLD CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D6B7;MATHEMATICAL BOLD CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D6B8;MATHEMATICAL BOLD CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D6B9;MATHEMATICAL BOLD CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D6BA;MATHEMATICAL BOLD CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D6BB;MATHEMATICAL BOLD CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D6BC;MATHEMATICAL BOLD CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D6BD;MATHEMATICAL BOLD CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D6BE;MATHEMATICAL BOLD CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D6BF;MATHEMATICAL BOLD CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D6C0;MATHEMATICAL BOLD CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D6C1;MATHEMATICAL BOLD NABLA;Sm;0;L; 2207;;;;N;;;;; +1D6C2;MATHEMATICAL BOLD SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D6C3;MATHEMATICAL BOLD SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D6C4;MATHEMATICAL BOLD SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D6C5;MATHEMATICAL BOLD SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D6C6;MATHEMATICAL BOLD SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D6C7;MATHEMATICAL BOLD SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D6C8;MATHEMATICAL BOLD SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D6C9;MATHEMATICAL BOLD SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D6CA;MATHEMATICAL BOLD SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D6CB;MATHEMATICAL BOLD SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D6CC;MATHEMATICAL BOLD SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D6CD;MATHEMATICAL BOLD SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D6CE;MATHEMATICAL BOLD SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D6CF;MATHEMATICAL BOLD SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D6D0;MATHEMATICAL BOLD SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D6D1;MATHEMATICAL BOLD SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D6D2;MATHEMATICAL BOLD SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D6D3;MATHEMATICAL BOLD SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D6D4;MATHEMATICAL BOLD SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D6D5;MATHEMATICAL BOLD SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D6D6;MATHEMATICAL BOLD SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D6D7;MATHEMATICAL BOLD SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D6D8;MATHEMATICAL BOLD SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D6D9;MATHEMATICAL BOLD SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D6DA;MATHEMATICAL BOLD SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D6DB;MATHEMATICAL BOLD PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D6DC;MATHEMATICAL BOLD EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D6DD;MATHEMATICAL BOLD THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D6DE;MATHEMATICAL BOLD KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D6DF;MATHEMATICAL BOLD PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D6E0;MATHEMATICAL BOLD RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D6E1;MATHEMATICAL BOLD PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D6E2;MATHEMATICAL ITALIC CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D6E3;MATHEMATICAL ITALIC CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D6E4;MATHEMATICAL ITALIC CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D6E5;MATHEMATICAL ITALIC CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D6E6;MATHEMATICAL ITALIC CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D6E7;MATHEMATICAL ITALIC CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D6E8;MATHEMATICAL ITALIC CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D6E9;MATHEMATICAL ITALIC CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D6EA;MATHEMATICAL ITALIC CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D6EB;MATHEMATICAL ITALIC CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D6EC;MATHEMATICAL ITALIC CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D6ED;MATHEMATICAL ITALIC CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D6EE;MATHEMATICAL ITALIC CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D6EF;MATHEMATICAL ITALIC CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D6F0;MATHEMATICAL ITALIC CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D6F1;MATHEMATICAL ITALIC CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D6F2;MATHEMATICAL ITALIC CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D6F3;MATHEMATICAL ITALIC CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D6F4;MATHEMATICAL ITALIC CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D6F5;MATHEMATICAL ITALIC CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D6F6;MATHEMATICAL ITALIC CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D6F7;MATHEMATICAL ITALIC CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D6F8;MATHEMATICAL ITALIC CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D6F9;MATHEMATICAL ITALIC CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D6FA;MATHEMATICAL ITALIC CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D6FB;MATHEMATICAL ITALIC NABLA;Sm;0;L; 2207;;;;N;;;;; +1D6FC;MATHEMATICAL ITALIC SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D6FD;MATHEMATICAL ITALIC SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D6FE;MATHEMATICAL ITALIC SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D6FF;MATHEMATICAL ITALIC SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D700;MATHEMATICAL ITALIC SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D701;MATHEMATICAL ITALIC SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D702;MATHEMATICAL ITALIC SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D703;MATHEMATICAL ITALIC SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D704;MATHEMATICAL ITALIC SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D705;MATHEMATICAL ITALIC SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D706;MATHEMATICAL ITALIC SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D707;MATHEMATICAL ITALIC SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D708;MATHEMATICAL ITALIC SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D709;MATHEMATICAL ITALIC SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D70A;MATHEMATICAL ITALIC SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D70B;MATHEMATICAL ITALIC SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D70C;MATHEMATICAL ITALIC SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D70D;MATHEMATICAL ITALIC SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D70E;MATHEMATICAL ITALIC SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D70F;MATHEMATICAL ITALIC SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D710;MATHEMATICAL ITALIC SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D711;MATHEMATICAL ITALIC SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D712;MATHEMATICAL ITALIC SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D713;MATHEMATICAL ITALIC SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D714;MATHEMATICAL ITALIC SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D715;MATHEMATICAL ITALIC PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D716;MATHEMATICAL ITALIC EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D717;MATHEMATICAL ITALIC THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D718;MATHEMATICAL ITALIC KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D719;MATHEMATICAL ITALIC PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D71A;MATHEMATICAL ITALIC RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D71B;MATHEMATICAL ITALIC PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D71C;MATHEMATICAL BOLD ITALIC CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D71D;MATHEMATICAL BOLD ITALIC CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D71E;MATHEMATICAL BOLD ITALIC CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D71F;MATHEMATICAL BOLD ITALIC CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D720;MATHEMATICAL BOLD ITALIC CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D721;MATHEMATICAL BOLD ITALIC CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D722;MATHEMATICAL BOLD ITALIC CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D723;MATHEMATICAL BOLD ITALIC CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D724;MATHEMATICAL BOLD ITALIC CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D725;MATHEMATICAL BOLD ITALIC CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D726;MATHEMATICAL BOLD ITALIC CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D727;MATHEMATICAL BOLD ITALIC CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D728;MATHEMATICAL BOLD ITALIC CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D729;MATHEMATICAL BOLD ITALIC CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D72A;MATHEMATICAL BOLD ITALIC CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D72B;MATHEMATICAL BOLD ITALIC CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D72C;MATHEMATICAL BOLD ITALIC CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D72D;MATHEMATICAL BOLD ITALIC CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D72E;MATHEMATICAL BOLD ITALIC CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D72F;MATHEMATICAL BOLD ITALIC CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D730;MATHEMATICAL BOLD ITALIC CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D731;MATHEMATICAL BOLD ITALIC CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D732;MATHEMATICAL BOLD ITALIC CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D733;MATHEMATICAL BOLD ITALIC CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D734;MATHEMATICAL BOLD ITALIC CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D735;MATHEMATICAL BOLD ITALIC NABLA;Sm;0;L; 2207;;;;N;;;;; +1D736;MATHEMATICAL BOLD ITALIC SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D737;MATHEMATICAL BOLD ITALIC SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D738;MATHEMATICAL BOLD ITALIC SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D739;MATHEMATICAL BOLD ITALIC SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D73A;MATHEMATICAL BOLD ITALIC SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D73B;MATHEMATICAL BOLD ITALIC SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D73C;MATHEMATICAL BOLD ITALIC SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D73D;MATHEMATICAL BOLD ITALIC SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D73E;MATHEMATICAL BOLD ITALIC SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D73F;MATHEMATICAL BOLD ITALIC SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D740;MATHEMATICAL BOLD ITALIC SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D741;MATHEMATICAL BOLD ITALIC SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D742;MATHEMATICAL BOLD ITALIC SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D743;MATHEMATICAL BOLD ITALIC SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D744;MATHEMATICAL BOLD ITALIC SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D745;MATHEMATICAL BOLD ITALIC SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D746;MATHEMATICAL BOLD ITALIC SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D747;MATHEMATICAL BOLD ITALIC SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D748;MATHEMATICAL BOLD ITALIC SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D749;MATHEMATICAL BOLD ITALIC SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D74A;MATHEMATICAL BOLD ITALIC SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D74B;MATHEMATICAL BOLD ITALIC SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D74C;MATHEMATICAL BOLD ITALIC SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D74D;MATHEMATICAL BOLD ITALIC SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D74E;MATHEMATICAL BOLD ITALIC SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D74F;MATHEMATICAL BOLD ITALIC PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D750;MATHEMATICAL BOLD ITALIC EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D751;MATHEMATICAL BOLD ITALIC THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D752;MATHEMATICAL BOLD ITALIC KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D753;MATHEMATICAL BOLD ITALIC PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D754;MATHEMATICAL BOLD ITALIC RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D755;MATHEMATICAL BOLD ITALIC PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D756;MATHEMATICAL SANS-SERIF BOLD CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D757;MATHEMATICAL SANS-SERIF BOLD CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D758;MATHEMATICAL SANS-SERIF BOLD CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D759;MATHEMATICAL SANS-SERIF BOLD CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D75A;MATHEMATICAL SANS-SERIF BOLD CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D75B;MATHEMATICAL SANS-SERIF BOLD CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D75C;MATHEMATICAL SANS-SERIF BOLD CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D75D;MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D75E;MATHEMATICAL SANS-SERIF BOLD CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D75F;MATHEMATICAL SANS-SERIF BOLD CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D760;MATHEMATICAL SANS-SERIF BOLD CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D761;MATHEMATICAL SANS-SERIF BOLD CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D762;MATHEMATICAL SANS-SERIF BOLD CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D763;MATHEMATICAL SANS-SERIF BOLD CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D764;MATHEMATICAL SANS-SERIF BOLD CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D765;MATHEMATICAL SANS-SERIF BOLD CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D766;MATHEMATICAL SANS-SERIF BOLD CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D767;MATHEMATICAL SANS-SERIF BOLD CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D768;MATHEMATICAL SANS-SERIF BOLD CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D769;MATHEMATICAL SANS-SERIF BOLD CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D76A;MATHEMATICAL SANS-SERIF BOLD CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D76B;MATHEMATICAL SANS-SERIF BOLD CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D76C;MATHEMATICAL SANS-SERIF BOLD CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D76D;MATHEMATICAL SANS-SERIF BOLD CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D76E;MATHEMATICAL SANS-SERIF BOLD CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D76F;MATHEMATICAL SANS-SERIF BOLD NABLA;Sm;0;L; 2207;;;;N;;;;; +1D770;MATHEMATICAL SANS-SERIF BOLD SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D771;MATHEMATICAL SANS-SERIF BOLD SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D772;MATHEMATICAL SANS-SERIF BOLD SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D773;MATHEMATICAL SANS-SERIF BOLD SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D774;MATHEMATICAL SANS-SERIF BOLD SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D775;MATHEMATICAL SANS-SERIF BOLD SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D776;MATHEMATICAL SANS-SERIF BOLD SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D777;MATHEMATICAL SANS-SERIF BOLD SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D778;MATHEMATICAL SANS-SERIF BOLD SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D779;MATHEMATICAL SANS-SERIF BOLD SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D77A;MATHEMATICAL SANS-SERIF BOLD SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D77B;MATHEMATICAL SANS-SERIF BOLD SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D77C;MATHEMATICAL SANS-SERIF BOLD SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D77D;MATHEMATICAL SANS-SERIF BOLD SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D77E;MATHEMATICAL SANS-SERIF BOLD SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D77F;MATHEMATICAL SANS-SERIF BOLD SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D780;MATHEMATICAL SANS-SERIF BOLD SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D781;MATHEMATICAL SANS-SERIF BOLD SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D782;MATHEMATICAL SANS-SERIF BOLD SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D783;MATHEMATICAL SANS-SERIF BOLD SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D784;MATHEMATICAL SANS-SERIF BOLD SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D785;MATHEMATICAL SANS-SERIF BOLD SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D786;MATHEMATICAL SANS-SERIF BOLD SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D787;MATHEMATICAL SANS-SERIF BOLD SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D788;MATHEMATICAL SANS-SERIF BOLD SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D789;MATHEMATICAL SANS-SERIF BOLD PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D78A;MATHEMATICAL SANS-SERIF BOLD EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D78B;MATHEMATICAL SANS-SERIF BOLD THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D78C;MATHEMATICAL SANS-SERIF BOLD KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D78D;MATHEMATICAL SANS-SERIF BOLD PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D78E;MATHEMATICAL SANS-SERIF BOLD RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D78F;MATHEMATICAL SANS-SERIF BOLD PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D790;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ALPHA;Lu;0;L; 0391;;;;N;;;;; +1D791;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL BETA;Lu;0;L; 0392;;;;N;;;;; +1D792;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL GAMMA;Lu;0;L; 0393;;;;N;;;;; +1D793;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL DELTA;Lu;0;L; 0394;;;;N;;;;; +1D794;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL EPSILON;Lu;0;L; 0395;;;;N;;;;; +1D795;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ZETA;Lu;0;L; 0396;;;;N;;;;; +1D796;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL ETA;Lu;0;L; 0397;;;;N;;;;; +1D797;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA;Lu;0;L; 0398;;;;N;;;;; +1D798;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL IOTA;Lu;0;L; 0399;;;;N;;;;; +1D799;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL KAPPA;Lu;0;L; 039A;;;;N;;;;; +1D79A;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL LAMDA;Lu;0;L; 039B;;;;N;;;;; +1D79B;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL MU;Lu;0;L; 039C;;;;N;;;;; +1D79C;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL NU;Lu;0;L; 039D;;;;N;;;;; +1D79D;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL XI;Lu;0;L; 039E;;;;N;;;;; +1D79E;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMICRON;Lu;0;L; 039F;;;;N;;;;; +1D79F;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PI;Lu;0;L; 03A0;;;;N;;;;; +1D7A0;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL RHO;Lu;0;L; 03A1;;;;N;;;;; +1D7A1;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL THETA SYMBOL;Lu;0;L; 03F4;;;;N;;;;; +1D7A2;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL SIGMA;Lu;0;L; 03A3;;;;N;;;;; +1D7A3;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL TAU;Lu;0;L; 03A4;;;;N;;;;; +1D7A4;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL UPSILON;Lu;0;L; 03A5;;;;N;;;;; +1D7A5;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PHI;Lu;0;L; 03A6;;;;N;;;;; +1D7A6;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL CHI;Lu;0;L; 03A7;;;;N;;;;; +1D7A7;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL PSI;Lu;0;L; 03A8;;;;N;;;;; +1D7A8;MATHEMATICAL SANS-SERIF BOLD ITALIC CAPITAL OMEGA;Lu;0;L; 03A9;;;;N;;;;; +1D7A9;MATHEMATICAL SANS-SERIF BOLD ITALIC NABLA;Sm;0;L; 2207;;;;N;;;;; +1D7AA;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ALPHA;Ll;0;L; 03B1;;;;N;;;;; +1D7AB;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL BETA;Ll;0;L; 03B2;;;;N;;;;; +1D7AC;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL GAMMA;Ll;0;L; 03B3;;;;N;;;;; +1D7AD;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL DELTA;Ll;0;L; 03B4;;;;N;;;;; +1D7AE;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL EPSILON;Ll;0;L; 03B5;;;;N;;;;; +1D7AF;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ZETA;Ll;0;L; 03B6;;;;N;;;;; +1D7B0;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL ETA;Ll;0;L; 03B7;;;;N;;;;; +1D7B1;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL THETA;Ll;0;L; 03B8;;;;N;;;;; +1D7B2;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL IOTA;Ll;0;L; 03B9;;;;N;;;;; +1D7B3;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL KAPPA;Ll;0;L; 03BA;;;;N;;;;; +1D7B4;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL LAMDA;Ll;0;L; 03BB;;;;N;;;;; +1D7B5;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL MU;Ll;0;L; 03BC;;;;N;;;;; +1D7B6;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL NU;Ll;0;L; 03BD;;;;N;;;;; +1D7B7;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL XI;Ll;0;L; 03BE;;;;N;;;;; +1D7B8;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMICRON;Ll;0;L; 03BF;;;;N;;;;; +1D7B9;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PI;Ll;0;L; 03C0;;;;N;;;;; +1D7BA;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL RHO;Ll;0;L; 03C1;;;;N;;;;; +1D7BB;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL FINAL SIGMA;Ll;0;L; 03C2;;;;N;;;;; +1D7BC;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL SIGMA;Ll;0;L; 03C3;;;;N;;;;; +1D7BD;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL TAU;Ll;0;L; 03C4;;;;N;;;;; +1D7BE;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL UPSILON;Ll;0;L; 03C5;;;;N;;;;; +1D7BF;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PHI;Ll;0;L; 03C6;;;;N;;;;; +1D7C0;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL CHI;Ll;0;L; 03C7;;;;N;;;;; +1D7C1;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL PSI;Ll;0;L; 03C8;;;;N;;;;; +1D7C2;MATHEMATICAL SANS-SERIF BOLD ITALIC SMALL OMEGA;Ll;0;L; 03C9;;;;N;;;;; +1D7C3;MATHEMATICAL SANS-SERIF BOLD ITALIC PARTIAL DIFFERENTIAL;Sm;0;L; 2202;;;;N;;;;; +1D7C4;MATHEMATICAL SANS-SERIF BOLD ITALIC EPSILON SYMBOL;Ll;0;L; 03F5;;;;N;;;;; +1D7C5;MATHEMATICAL SANS-SERIF BOLD ITALIC THETA SYMBOL;Ll;0;L; 03D1;;;;N;;;;; +1D7C6;MATHEMATICAL SANS-SERIF BOLD ITALIC KAPPA SYMBOL;Ll;0;L; 03F0;;;;N;;;;; +1D7C7;MATHEMATICAL SANS-SERIF BOLD ITALIC PHI SYMBOL;Ll;0;L; 03D5;;;;N;;;;; +1D7C8;MATHEMATICAL SANS-SERIF BOLD ITALIC RHO SYMBOL;Ll;0;L; 03F1;;;;N;;;;; +1D7C9;MATHEMATICAL SANS-SERIF BOLD ITALIC PI SYMBOL;Ll;0;L; 03D6;;;;N;;;;; +1D7CE;MATHEMATICAL BOLD DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7CF;MATHEMATICAL BOLD DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7D0;MATHEMATICAL BOLD DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7D1;MATHEMATICAL BOLD DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7D2;MATHEMATICAL BOLD DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7D3;MATHEMATICAL BOLD DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7D4;MATHEMATICAL BOLD DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7D5;MATHEMATICAL BOLD DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7D6;MATHEMATICAL BOLD DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7D7;MATHEMATICAL BOLD DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +1D7D8;MATHEMATICAL DOUBLE-STRUCK DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7D9;MATHEMATICAL DOUBLE-STRUCK DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7DA;MATHEMATICAL DOUBLE-STRUCK DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7DB;MATHEMATICAL DOUBLE-STRUCK DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7DC;MATHEMATICAL DOUBLE-STRUCK DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7DD;MATHEMATICAL DOUBLE-STRUCK DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7DE;MATHEMATICAL DOUBLE-STRUCK DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7DF;MATHEMATICAL DOUBLE-STRUCK DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7E0;MATHEMATICAL DOUBLE-STRUCK DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7E1;MATHEMATICAL DOUBLE-STRUCK DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +1D7E2;MATHEMATICAL SANS-SERIF DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7E3;MATHEMATICAL SANS-SERIF DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7E4;MATHEMATICAL SANS-SERIF DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7E5;MATHEMATICAL SANS-SERIF DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7E6;MATHEMATICAL SANS-SERIF DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7E7;MATHEMATICAL SANS-SERIF DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7E8;MATHEMATICAL SANS-SERIF DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7E9;MATHEMATICAL SANS-SERIF DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7EA;MATHEMATICAL SANS-SERIF DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7EB;MATHEMATICAL SANS-SERIF DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +1D7EC;MATHEMATICAL SANS-SERIF BOLD DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7ED;MATHEMATICAL SANS-SERIF BOLD DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7EE;MATHEMATICAL SANS-SERIF BOLD DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7EF;MATHEMATICAL SANS-SERIF BOLD DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7F0;MATHEMATICAL SANS-SERIF BOLD DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7F1;MATHEMATICAL SANS-SERIF BOLD DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7F2;MATHEMATICAL SANS-SERIF BOLD DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7F3;MATHEMATICAL SANS-SERIF BOLD DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7F4;MATHEMATICAL SANS-SERIF BOLD DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7F5;MATHEMATICAL SANS-SERIF BOLD DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +1D7F6;MATHEMATICAL MONOSPACE DIGIT ZERO;Nd;0;EN; 0030;0;0;0;N;;;;; +1D7F7;MATHEMATICAL MONOSPACE DIGIT ONE;Nd;0;EN; 0031;1;1;1;N;;;;; +1D7F8;MATHEMATICAL MONOSPACE DIGIT TWO;Nd;0;EN; 0032;2;2;2;N;;;;; +1D7F9;MATHEMATICAL MONOSPACE DIGIT THREE;Nd;0;EN; 0033;3;3;3;N;;;;; +1D7FA;MATHEMATICAL MONOSPACE DIGIT FOUR;Nd;0;EN; 0034;4;4;4;N;;;;; +1D7FB;MATHEMATICAL MONOSPACE DIGIT FIVE;Nd;0;EN; 0035;5;5;5;N;;;;; +1D7FC;MATHEMATICAL MONOSPACE DIGIT SIX;Nd;0;EN; 0036;6;6;6;N;;;;; +1D7FD;MATHEMATICAL MONOSPACE DIGIT SEVEN;Nd;0;EN; 0037;7;7;7;N;;;;; +1D7FE;MATHEMATICAL MONOSPACE DIGIT EIGHT;Nd;0;EN; 0038;8;8;8;N;;;;; +1D7FF;MATHEMATICAL MONOSPACE DIGIT NINE;Nd;0;EN; 0039;9;9;9;N;;;;; +20000;;Lo;0;L;;;;;N;;;;; +2A6D6;;Lo;0;L;;;;;N;;;;; +2F800;CJK COMPATIBILITY IDEOGRAPH-2F800;Lo;0;L;4E3D;;;;N;;;;; +2F801;CJK COMPATIBILITY IDEOGRAPH-2F801;Lo;0;L;4E38;;;;N;;;;; +2F802;CJK COMPATIBILITY IDEOGRAPH-2F802;Lo;0;L;4E41;;;;N;;;;; +2F803;CJK COMPATIBILITY IDEOGRAPH-2F803;Lo;0;L;20122;;;;N;;;;; +2F804;CJK COMPATIBILITY IDEOGRAPH-2F804;Lo;0;L;4F60;;;;N;;;;; +2F805;CJK COMPATIBILITY IDEOGRAPH-2F805;Lo;0;L;4FAE;;;;N;;;;; +2F806;CJK COMPATIBILITY IDEOGRAPH-2F806;Lo;0;L;4FBB;;;;N;;;;; +2F807;CJK COMPATIBILITY IDEOGRAPH-2F807;Lo;0;L;5002;;;;N;;;;; +2F808;CJK COMPATIBILITY IDEOGRAPH-2F808;Lo;0;L;507A;;;;N;;;;; +2F809;CJK COMPATIBILITY IDEOGRAPH-2F809;Lo;0;L;5099;;;;N;;;;; +2F80A;CJK COMPATIBILITY IDEOGRAPH-2F80A;Lo;0;L;50E7;;;;N;;;;; +2F80B;CJK COMPATIBILITY IDEOGRAPH-2F80B;Lo;0;L;50CF;;;;N;;;;; +2F80C;CJK COMPATIBILITY IDEOGRAPH-2F80C;Lo;0;L;349E;;;;N;;;;; +2F80D;CJK COMPATIBILITY IDEOGRAPH-2F80D;Lo;0;L;2063A;;;;N;;;;; +2F80E;CJK COMPATIBILITY IDEOGRAPH-2F80E;Lo;0;L;514D;;;;N;;;;; +2F80F;CJK COMPATIBILITY IDEOGRAPH-2F80F;Lo;0;L;5154;;;;N;;;;; +2F810;CJK COMPATIBILITY IDEOGRAPH-2F810;Lo;0;L;5164;;;;N;;;;; +2F811;CJK COMPATIBILITY IDEOGRAPH-2F811;Lo;0;L;5177;;;;N;;;;; +2F812;CJK COMPATIBILITY IDEOGRAPH-2F812;Lo;0;L;2051C;;;;N;;;;; +2F813;CJK COMPATIBILITY IDEOGRAPH-2F813;Lo;0;L;34B9;;;;N;;;;; +2F814;CJK COMPATIBILITY IDEOGRAPH-2F814;Lo;0;L;5167;;;;N;;;;; +2F815;CJK COMPATIBILITY IDEOGRAPH-2F815;Lo;0;L;518D;;;;N;;;;; +2F816;CJK COMPATIBILITY IDEOGRAPH-2F816;Lo;0;L;2054B;;;;N;;;;; +2F817;CJK COMPATIBILITY IDEOGRAPH-2F817;Lo;0;L;5197;;;;N;;;;; +2F818;CJK COMPATIBILITY IDEOGRAPH-2F818;Lo;0;L;51A4;;;;N;;;;; +2F819;CJK COMPATIBILITY IDEOGRAPH-2F819;Lo;0;L;4ECC;;;;N;;;;; +2F81A;CJK COMPATIBILITY IDEOGRAPH-2F81A;Lo;0;L;51AC;;;;N;;;;; +2F81B;CJK COMPATIBILITY IDEOGRAPH-2F81B;Lo;0;L;51B5;;;;N;;;;; +2F81C;CJK COMPATIBILITY IDEOGRAPH-2F81C;Lo;0;L;291DF;;;;N;;;;; +2F81D;CJK COMPATIBILITY IDEOGRAPH-2F81D;Lo;0;L;51F5;;;;N;;;;; +2F81E;CJK COMPATIBILITY IDEOGRAPH-2F81E;Lo;0;L;5203;;;;N;;;;; +2F81F;CJK COMPATIBILITY IDEOGRAPH-2F81F;Lo;0;L;34DF;;;;N;;;;; +2F820;CJK COMPATIBILITY IDEOGRAPH-2F820;Lo;0;L;523B;;;;N;;;;; +2F821;CJK COMPATIBILITY IDEOGRAPH-2F821;Lo;0;L;5246;;;;N;;;;; +2F822;CJK COMPATIBILITY IDEOGRAPH-2F822;Lo;0;L;5272;;;;N;;;;; +2F823;CJK COMPATIBILITY IDEOGRAPH-2F823;Lo;0;L;5277;;;;N;;;;; +2F824;CJK COMPATIBILITY IDEOGRAPH-2F824;Lo;0;L;3515;;;;N;;;;; +2F825;CJK COMPATIBILITY IDEOGRAPH-2F825;Lo;0;L;52C7;;;;N;;;;; +2F826;CJK COMPATIBILITY IDEOGRAPH-2F826;Lo;0;L;52C9;;;;N;;;;; +2F827;CJK COMPATIBILITY IDEOGRAPH-2F827;Lo;0;L;52E4;;;;N;;;;; +2F828;CJK COMPATIBILITY IDEOGRAPH-2F828;Lo;0;L;52FA;;;;N;;;;; +2F829;CJK COMPATIBILITY IDEOGRAPH-2F829;Lo;0;L;5305;;;;N;;;;; +2F82A;CJK COMPATIBILITY IDEOGRAPH-2F82A;Lo;0;L;5306;;;;N;;;;; +2F82B;CJK COMPATIBILITY IDEOGRAPH-2F82B;Lo;0;L;5317;;;;N;;;;; +2F82C;CJK COMPATIBILITY IDEOGRAPH-2F82C;Lo;0;L;5349;;;;N;;;;; +2F82D;CJK COMPATIBILITY IDEOGRAPH-2F82D;Lo;0;L;5351;;;;N;;;;; +2F82E;CJK COMPATIBILITY IDEOGRAPH-2F82E;Lo;0;L;535A;;;;N;;;;; +2F82F;CJK COMPATIBILITY IDEOGRAPH-2F82F;Lo;0;L;5373;;;;N;;;;; +2F830;CJK COMPATIBILITY IDEOGRAPH-2F830;Lo;0;L;537D;;;;N;;;;; +2F831;CJK COMPATIBILITY IDEOGRAPH-2F831;Lo;0;L;537F;;;;N;;;;; +2F832;CJK COMPATIBILITY IDEOGRAPH-2F832;Lo;0;L;537F;;;;N;;;;; +2F833;CJK COMPATIBILITY IDEOGRAPH-2F833;Lo;0;L;537F;;;;N;;;;; +2F834;CJK COMPATIBILITY IDEOGRAPH-2F834;Lo;0;L;20A2C;;;;N;;;;; +2F835;CJK COMPATIBILITY IDEOGRAPH-2F835;Lo;0;L;7070;;;;N;;;;; +2F836;CJK COMPATIBILITY IDEOGRAPH-2F836;Lo;0;L;53CA;;;;N;;;;; +2F837;CJK COMPATIBILITY IDEOGRAPH-2F837;Lo;0;L;53DF;;;;N;;;;; +2F838;CJK COMPATIBILITY IDEOGRAPH-2F838;Lo;0;L;20B63;;;;N;;;;; +2F839;CJK COMPATIBILITY IDEOGRAPH-2F839;Lo;0;L;53EB;;;;N;;;;; +2F83A;CJK COMPATIBILITY IDEOGRAPH-2F83A;Lo;0;L;53F1;;;;N;;;;; +2F83B;CJK COMPATIBILITY IDEOGRAPH-2F83B;Lo;0;L;5406;;;;N;;;;; +2F83C;CJK COMPATIBILITY IDEOGRAPH-2F83C;Lo;0;L;549E;;;;N;;;;; +2F83D;CJK COMPATIBILITY IDEOGRAPH-2F83D;Lo;0;L;5438;;;;N;;;;; +2F83E;CJK COMPATIBILITY IDEOGRAPH-2F83E;Lo;0;L;5448;;;;N;;;;; +2F83F;CJK COMPATIBILITY IDEOGRAPH-2F83F;Lo;0;L;5468;;;;N;;;;; +2F840;CJK COMPATIBILITY IDEOGRAPH-2F840;Lo;0;L;54A2;;;;N;;;;; +2F841;CJK COMPATIBILITY IDEOGRAPH-2F841;Lo;0;L;54F6;;;;N;;;;; +2F842;CJK COMPATIBILITY IDEOGRAPH-2F842;Lo;0;L;5510;;;;N;;;;; +2F843;CJK COMPATIBILITY IDEOGRAPH-2F843;Lo;0;L;5553;;;;N;;;;; +2F844;CJK COMPATIBILITY IDEOGRAPH-2F844;Lo;0;L;5563;;;;N;;;;; +2F845;CJK COMPATIBILITY IDEOGRAPH-2F845;Lo;0;L;5584;;;;N;;;;; +2F846;CJK COMPATIBILITY IDEOGRAPH-2F846;Lo;0;L;5584;;;;N;;;;; +2F847;CJK COMPATIBILITY IDEOGRAPH-2F847;Lo;0;L;5599;;;;N;;;;; +2F848;CJK COMPATIBILITY IDEOGRAPH-2F848;Lo;0;L;55AB;;;;N;;;;; +2F849;CJK COMPATIBILITY IDEOGRAPH-2F849;Lo;0;L;55B3;;;;N;;;;; +2F84A;CJK COMPATIBILITY IDEOGRAPH-2F84A;Lo;0;L;55C2;;;;N;;;;; +2F84B;CJK COMPATIBILITY IDEOGRAPH-2F84B;Lo;0;L;5716;;;;N;;;;; +2F84C;CJK COMPATIBILITY IDEOGRAPH-2F84C;Lo;0;L;5606;;;;N;;;;; +2F84D;CJK COMPATIBILITY IDEOGRAPH-2F84D;Lo;0;L;5717;;;;N;;;;; +2F84E;CJK COMPATIBILITY IDEOGRAPH-2F84E;Lo;0;L;5651;;;;N;;;;; +2F84F;CJK COMPATIBILITY IDEOGRAPH-2F84F;Lo;0;L;5674;;;;N;;;;; +2F850;CJK COMPATIBILITY IDEOGRAPH-2F850;Lo;0;L;5207;;;;N;;;;; +2F851;CJK COMPATIBILITY IDEOGRAPH-2F851;Lo;0;L;58EE;;;;N;;;;; +2F852;CJK COMPATIBILITY IDEOGRAPH-2F852;Lo;0;L;57CE;;;;N;;;;; +2F853;CJK COMPATIBILITY IDEOGRAPH-2F853;Lo;0;L;57F4;;;;N;;;;; +2F854;CJK COMPATIBILITY IDEOGRAPH-2F854;Lo;0;L;580D;;;;N;;;;; +2F855;CJK COMPATIBILITY IDEOGRAPH-2F855;Lo;0;L;578B;;;;N;;;;; +2F856;CJK COMPATIBILITY IDEOGRAPH-2F856;Lo;0;L;5832;;;;N;;;;; +2F857;CJK COMPATIBILITY IDEOGRAPH-2F857;Lo;0;L;5831;;;;N;;;;; +2F858;CJK COMPATIBILITY IDEOGRAPH-2F858;Lo;0;L;58AC;;;;N;;;;; +2F859;CJK COMPATIBILITY IDEOGRAPH-2F859;Lo;0;L;214E4;;;;N;;;;; +2F85A;CJK COMPATIBILITY IDEOGRAPH-2F85A;Lo;0;L;58F2;;;;N;;;;; +2F85B;CJK COMPATIBILITY IDEOGRAPH-2F85B;Lo;0;L;58F7;;;;N;;;;; +2F85C;CJK COMPATIBILITY IDEOGRAPH-2F85C;Lo;0;L;5906;;;;N;;;;; +2F85D;CJK COMPATIBILITY IDEOGRAPH-2F85D;Lo;0;L;591A;;;;N;;;;; +2F85E;CJK COMPATIBILITY IDEOGRAPH-2F85E;Lo;0;L;5922;;;;N;;;;; +2F85F;CJK COMPATIBILITY IDEOGRAPH-2F85F;Lo;0;L;5962;;;;N;;;;; +2F860;CJK COMPATIBILITY IDEOGRAPH-2F860;Lo;0;L;216A8;;;;N;;;;; +2F861;CJK COMPATIBILITY IDEOGRAPH-2F861;Lo;0;L;216EA;;;;N;;;;; +2F862;CJK COMPATIBILITY IDEOGRAPH-2F862;Lo;0;L;59EC;;;;N;;;;; +2F863;CJK COMPATIBILITY IDEOGRAPH-2F863;Lo;0;L;5A1B;;;;N;;;;; +2F864;CJK COMPATIBILITY IDEOGRAPH-2F864;Lo;0;L;5A27;;;;N;;;;; +2F865;CJK COMPATIBILITY IDEOGRAPH-2F865;Lo;0;L;59D8;;;;N;;;;; +2F866;CJK COMPATIBILITY IDEOGRAPH-2F866;Lo;0;L;5A66;;;;N;;;;; +2F867;CJK COMPATIBILITY IDEOGRAPH-2F867;Lo;0;L;36EE;;;;N;;;;; +2F868;CJK COMPATIBILITY IDEOGRAPH-2F868;Lo;0;L;2136A;;;;N;;;;; +2F869;CJK COMPATIBILITY IDEOGRAPH-2F869;Lo;0;L;5B08;;;;N;;;;; +2F86A;CJK COMPATIBILITY IDEOGRAPH-2F86A;Lo;0;L;5B3E;;;;N;;;;; +2F86B;CJK COMPATIBILITY IDEOGRAPH-2F86B;Lo;0;L;5B3E;;;;N;;;;; +2F86C;CJK COMPATIBILITY IDEOGRAPH-2F86C;Lo;0;L;219C8;;;;N;;;;; +2F86D;CJK COMPATIBILITY IDEOGRAPH-2F86D;Lo;0;L;5BC3;;;;N;;;;; +2F86E;CJK COMPATIBILITY IDEOGRAPH-2F86E;Lo;0;L;5BD8;;;;N;;;;; +2F86F;CJK COMPATIBILITY IDEOGRAPH-2F86F;Lo;0;L;5BE7;;;;N;;;;; +2F870;CJK COMPATIBILITY IDEOGRAPH-2F870;Lo;0;L;5BF3;;;;N;;;;; +2F871;CJK COMPATIBILITY IDEOGRAPH-2F871;Lo;0;L;21B18;;;;N;;;;; +2F872;CJK COMPATIBILITY IDEOGRAPH-2F872;Lo;0;L;5BFF;;;;N;;;;; +2F873;CJK COMPATIBILITY IDEOGRAPH-2F873;Lo;0;L;5C06;;;;N;;;;; +2F874;CJK COMPATIBILITY IDEOGRAPH-2F874;Lo;0;L;5F33;;;;N;;;;; +2F875;CJK COMPATIBILITY IDEOGRAPH-2F875;Lo;0;L;5C22;;;;N;;;;; +2F876;CJK COMPATIBILITY IDEOGRAPH-2F876;Lo;0;L;3781;;;;N;;;;; +2F877;CJK COMPATIBILITY IDEOGRAPH-2F877;Lo;0;L;5C60;;;;N;;;;; +2F878;CJK COMPATIBILITY IDEOGRAPH-2F878;Lo;0;L;5C6E;;;;N;;;;; +2F879;CJK COMPATIBILITY IDEOGRAPH-2F879;Lo;0;L;5CC0;;;;N;;;;; +2F87A;CJK COMPATIBILITY IDEOGRAPH-2F87A;Lo;0;L;5C8D;;;;N;;;;; +2F87B;CJK COMPATIBILITY IDEOGRAPH-2F87B;Lo;0;L;21DE4;;;;N;;;;; +2F87C;CJK COMPATIBILITY IDEOGRAPH-2F87C;Lo;0;L;5D43;;;;N;;;;; +2F87D;CJK COMPATIBILITY IDEOGRAPH-2F87D;Lo;0;L;21DE6;;;;N;;;;; +2F87E;CJK COMPATIBILITY IDEOGRAPH-2F87E;Lo;0;L;5D6E;;;;N;;;;; +2F87F;CJK COMPATIBILITY IDEOGRAPH-2F87F;Lo;0;L;5D6B;;;;N;;;;; +2F880;CJK COMPATIBILITY IDEOGRAPH-2F880;Lo;0;L;5D7C;;;;N;;;;; +2F881;CJK COMPATIBILITY IDEOGRAPH-2F881;Lo;0;L;5DE1;;;;N;;;;; +2F882;CJK COMPATIBILITY IDEOGRAPH-2F882;Lo;0;L;5DE2;;;;N;;;;; +2F883;CJK COMPATIBILITY IDEOGRAPH-2F883;Lo;0;L;382F;;;;N;;;;; +2F884;CJK COMPATIBILITY IDEOGRAPH-2F884;Lo;0;L;5DFD;;;;N;;;;; +2F885;CJK COMPATIBILITY IDEOGRAPH-2F885;Lo;0;L;5E28;;;;N;;;;; +2F886;CJK COMPATIBILITY IDEOGRAPH-2F886;Lo;0;L;5E3D;;;;N;;;;; +2F887;CJK COMPATIBILITY IDEOGRAPH-2F887;Lo;0;L;5E69;;;;N;;;;; +2F888;CJK COMPATIBILITY IDEOGRAPH-2F888;Lo;0;L;3862;;;;N;;;;; +2F889;CJK COMPATIBILITY IDEOGRAPH-2F889;Lo;0;L;22183;;;;N;;;;; +2F88A;CJK COMPATIBILITY IDEOGRAPH-2F88A;Lo;0;L;387C;;;;N;;;;; +2F88B;CJK COMPATIBILITY IDEOGRAPH-2F88B;Lo;0;L;5EB0;;;;N;;;;; +2F88C;CJK COMPATIBILITY IDEOGRAPH-2F88C;Lo;0;L;5EB3;;;;N;;;;; +2F88D;CJK COMPATIBILITY IDEOGRAPH-2F88D;Lo;0;L;5EB6;;;;N;;;;; +2F88E;CJK COMPATIBILITY IDEOGRAPH-2F88E;Lo;0;L;5ECA;;;;N;;;;; +2F88F;CJK COMPATIBILITY IDEOGRAPH-2F88F;Lo;0;L;2A392;;;;N;;;;; +2F890;CJK COMPATIBILITY IDEOGRAPH-2F890;Lo;0;L;5EFE;;;;N;;;;; +2F891;CJK COMPATIBILITY IDEOGRAPH-2F891;Lo;0;L;22331;;;;N;;;;; +2F892;CJK COMPATIBILITY IDEOGRAPH-2F892;Lo;0;L;22331;;;;N;;;;; +2F893;CJK COMPATIBILITY IDEOGRAPH-2F893;Lo;0;L;8201;;;;N;;;;; +2F894;CJK COMPATIBILITY IDEOGRAPH-2F894;Lo;0;L;5F22;;;;N;;;;; +2F895;CJK COMPATIBILITY IDEOGRAPH-2F895;Lo;0;L;5F22;;;;N;;;;; +2F896;CJK COMPATIBILITY IDEOGRAPH-2F896;Lo;0;L;38C7;;;;N;;;;; +2F897;CJK COMPATIBILITY IDEOGRAPH-2F897;Lo;0;L;232B8;;;;N;;;;; +2F898;CJK COMPATIBILITY IDEOGRAPH-2F898;Lo;0;L;261DA;;;;N;;;;; +2F899;CJK COMPATIBILITY IDEOGRAPH-2F899;Lo;0;L;5F62;;;;N;;;;; +2F89A;CJK COMPATIBILITY IDEOGRAPH-2F89A;Lo;0;L;5F6B;;;;N;;;;; +2F89B;CJK COMPATIBILITY IDEOGRAPH-2F89B;Lo;0;L;38E3;;;;N;;;;; +2F89C;CJK COMPATIBILITY IDEOGRAPH-2F89C;Lo;0;L;5F9A;;;;N;;;;; +2F89D;CJK COMPATIBILITY IDEOGRAPH-2F89D;Lo;0;L;5FCD;;;;N;;;;; +2F89E;CJK COMPATIBILITY IDEOGRAPH-2F89E;Lo;0;L;5FD7;;;;N;;;;; +2F89F;CJK COMPATIBILITY IDEOGRAPH-2F89F;Lo;0;L;5FF9;;;;N;;;;; +2F8A0;CJK COMPATIBILITY IDEOGRAPH-2F8A0;Lo;0;L;6081;;;;N;;;;; +2F8A1;CJK COMPATIBILITY IDEOGRAPH-2F8A1;Lo;0;L;393A;;;;N;;;;; +2F8A2;CJK COMPATIBILITY IDEOGRAPH-2F8A2;Lo;0;L;391C;;;;N;;;;; +2F8A3;CJK COMPATIBILITY IDEOGRAPH-2F8A3;Lo;0;L;6094;;;;N;;;;; +2F8A4;CJK COMPATIBILITY IDEOGRAPH-2F8A4;Lo;0;L;226D4;;;;N;;;;; +2F8A5;CJK COMPATIBILITY IDEOGRAPH-2F8A5;Lo;0;L;60C7;;;;N;;;;; +2F8A6;CJK COMPATIBILITY IDEOGRAPH-2F8A6;Lo;0;L;6148;;;;N;;;;; +2F8A7;CJK COMPATIBILITY IDEOGRAPH-2F8A7;Lo;0;L;614C;;;;N;;;;; +2F8A8;CJK COMPATIBILITY IDEOGRAPH-2F8A8;Lo;0;L;614E;;;;N;;;;; +2F8A9;CJK COMPATIBILITY IDEOGRAPH-2F8A9;Lo;0;L;614C;;;;N;;;;; +2F8AA;CJK COMPATIBILITY IDEOGRAPH-2F8AA;Lo;0;L;617A;;;;N;;;;; +2F8AB;CJK COMPATIBILITY IDEOGRAPH-2F8AB;Lo;0;L;618E;;;;N;;;;; +2F8AC;CJK COMPATIBILITY IDEOGRAPH-2F8AC;Lo;0;L;61B2;;;;N;;;;; +2F8AD;CJK COMPATIBILITY IDEOGRAPH-2F8AD;Lo;0;L;61A4;;;;N;;;;; +2F8AE;CJK COMPATIBILITY IDEOGRAPH-2F8AE;Lo;0;L;61AF;;;;N;;;;; +2F8AF;CJK COMPATIBILITY IDEOGRAPH-2F8AF;Lo;0;L;61DE;;;;N;;;;; +2F8B0;CJK COMPATIBILITY IDEOGRAPH-2F8B0;Lo;0;L;61F2;;;;N;;;;; +2F8B1;CJK COMPATIBILITY IDEOGRAPH-2F8B1;Lo;0;L;61F6;;;;N;;;;; +2F8B2;CJK COMPATIBILITY IDEOGRAPH-2F8B2;Lo;0;L;6210;;;;N;;;;; +2F8B3;CJK COMPATIBILITY IDEOGRAPH-2F8B3;Lo;0;L;621B;;;;N;;;;; +2F8B4;CJK COMPATIBILITY IDEOGRAPH-2F8B4;Lo;0;L;625D;;;;N;;;;; +2F8B5;CJK COMPATIBILITY IDEOGRAPH-2F8B5;Lo;0;L;62B1;;;;N;;;;; +2F8B6;CJK COMPATIBILITY IDEOGRAPH-2F8B6;Lo;0;L;62D4;;;;N;;;;; +2F8B7;CJK COMPATIBILITY IDEOGRAPH-2F8B7;Lo;0;L;6350;;;;N;;;;; +2F8B8;CJK COMPATIBILITY IDEOGRAPH-2F8B8;Lo;0;L;22B0C;;;;N;;;;; +2F8B9;CJK COMPATIBILITY IDEOGRAPH-2F8B9;Lo;0;L;633D;;;;N;;;;; +2F8BA;CJK COMPATIBILITY IDEOGRAPH-2F8BA;Lo;0;L;62FC;;;;N;;;;; +2F8BB;CJK COMPATIBILITY IDEOGRAPH-2F8BB;Lo;0;L;6368;;;;N;;;;; +2F8BC;CJK COMPATIBILITY IDEOGRAPH-2F8BC;Lo;0;L;6383;;;;N;;;;; +2F8BD;CJK COMPATIBILITY IDEOGRAPH-2F8BD;Lo;0;L;63E4;;;;N;;;;; +2F8BE;CJK COMPATIBILITY IDEOGRAPH-2F8BE;Lo;0;L;22BF1;;;;N;;;;; +2F8BF;CJK COMPATIBILITY IDEOGRAPH-2F8BF;Lo;0;L;6422;;;;N;;;;; +2F8C0;CJK COMPATIBILITY IDEOGRAPH-2F8C0;Lo;0;L;63C5;;;;N;;;;; +2F8C1;CJK COMPATIBILITY IDEOGRAPH-2F8C1;Lo;0;L;63A9;;;;N;;;;; +2F8C2;CJK COMPATIBILITY IDEOGRAPH-2F8C2;Lo;0;L;3A2E;;;;N;;;;; +2F8C3;CJK COMPATIBILITY IDEOGRAPH-2F8C3;Lo;0;L;6469;;;;N;;;;; +2F8C4;CJK COMPATIBILITY IDEOGRAPH-2F8C4;Lo;0;L;647E;;;;N;;;;; +2F8C5;CJK COMPATIBILITY IDEOGRAPH-2F8C5;Lo;0;L;649D;;;;N;;;;; +2F8C6;CJK COMPATIBILITY IDEOGRAPH-2F8C6;Lo;0;L;6477;;;;N;;;;; +2F8C7;CJK COMPATIBILITY IDEOGRAPH-2F8C7;Lo;0;L;3A6C;;;;N;;;;; +2F8C8;CJK COMPATIBILITY IDEOGRAPH-2F8C8;Lo;0;L;654F;;;;N;;;;; +2F8C9;CJK COMPATIBILITY IDEOGRAPH-2F8C9;Lo;0;L;656C;;;;N;;;;; +2F8CA;CJK COMPATIBILITY IDEOGRAPH-2F8CA;Lo;0;L;2300A;;;;N;;;;; +2F8CB;CJK COMPATIBILITY IDEOGRAPH-2F8CB;Lo;0;L;65E3;;;;N;;;;; +2F8CC;CJK COMPATIBILITY IDEOGRAPH-2F8CC;Lo;0;L;66F8;;;;N;;;;; +2F8CD;CJK COMPATIBILITY IDEOGRAPH-2F8CD;Lo;0;L;6649;;;;N;;;;; +2F8CE;CJK COMPATIBILITY IDEOGRAPH-2F8CE;Lo;0;L;3B19;;;;N;;;;; +2F8CF;CJK COMPATIBILITY IDEOGRAPH-2F8CF;Lo;0;L;6691;;;;N;;;;; +2F8D0;CJK COMPATIBILITY IDEOGRAPH-2F8D0;Lo;0;L;3B08;;;;N;;;;; +2F8D1;CJK COMPATIBILITY IDEOGRAPH-2F8D1;Lo;0;L;3AE4;;;;N;;;;; +2F8D2;CJK COMPATIBILITY IDEOGRAPH-2F8D2;Lo;0;L;5192;;;;N;;;;; +2F8D3;CJK COMPATIBILITY IDEOGRAPH-2F8D3;Lo;0;L;5195;;;;N;;;;; +2F8D4;CJK COMPATIBILITY IDEOGRAPH-2F8D4;Lo;0;L;6700;;;;N;;;;; +2F8D5;CJK COMPATIBILITY IDEOGRAPH-2F8D5;Lo;0;L;669C;;;;N;;;;; +2F8D6;CJK COMPATIBILITY IDEOGRAPH-2F8D6;Lo;0;L;80AD;;;;N;;;;; +2F8D7;CJK COMPATIBILITY IDEOGRAPH-2F8D7;Lo;0;L;43D9;;;;N;;;;; +2F8D8;CJK COMPATIBILITY IDEOGRAPH-2F8D8;Lo;0;L;6717;;;;N;;;;; +2F8D9;CJK COMPATIBILITY IDEOGRAPH-2F8D9;Lo;0;L;671B;;;;N;;;;; +2F8DA;CJK COMPATIBILITY IDEOGRAPH-2F8DA;Lo;0;L;6721;;;;N;;;;; +2F8DB;CJK COMPATIBILITY IDEOGRAPH-2F8DB;Lo;0;L;675E;;;;N;;;;; +2F8DC;CJK COMPATIBILITY IDEOGRAPH-2F8DC;Lo;0;L;6753;;;;N;;;;; +2F8DD;CJK COMPATIBILITY IDEOGRAPH-2F8DD;Lo;0;L;233C3;;;;N;;;;; +2F8DE;CJK COMPATIBILITY IDEOGRAPH-2F8DE;Lo;0;L;3B49;;;;N;;;;; +2F8DF;CJK COMPATIBILITY IDEOGRAPH-2F8DF;Lo;0;L;67FA;;;;N;;;;; +2F8E0;CJK COMPATIBILITY IDEOGRAPH-2F8E0;Lo;0;L;6785;;;;N;;;;; +2F8E1;CJK COMPATIBILITY IDEOGRAPH-2F8E1;Lo;0;L;6852;;;;N;;;;; +2F8E2;CJK COMPATIBILITY IDEOGRAPH-2F8E2;Lo;0;L;6885;;;;N;;;;; +2F8E3;CJK COMPATIBILITY IDEOGRAPH-2F8E3;Lo;0;L;2346D;;;;N;;;;; +2F8E4;CJK COMPATIBILITY IDEOGRAPH-2F8E4;Lo;0;L;688E;;;;N;;;;; +2F8E5;CJK COMPATIBILITY IDEOGRAPH-2F8E5;Lo;0;L;681F;;;;N;;;;; +2F8E6;CJK COMPATIBILITY IDEOGRAPH-2F8E6;Lo;0;L;6914;;;;N;;;;; +2F8E7;CJK COMPATIBILITY IDEOGRAPH-2F8E7;Lo;0;L;3B9D;;;;N;;;;; +2F8E8;CJK COMPATIBILITY IDEOGRAPH-2F8E8;Lo;0;L;6942;;;;N;;;;; +2F8E9;CJK COMPATIBILITY IDEOGRAPH-2F8E9;Lo;0;L;69A3;;;;N;;;;; +2F8EA;CJK COMPATIBILITY IDEOGRAPH-2F8EA;Lo;0;L;69EA;;;;N;;;;; +2F8EB;CJK COMPATIBILITY IDEOGRAPH-2F8EB;Lo;0;L;6AA8;;;;N;;;;; +2F8EC;CJK COMPATIBILITY IDEOGRAPH-2F8EC;Lo;0;L;236A3;;;;N;;;;; +2F8ED;CJK COMPATIBILITY IDEOGRAPH-2F8ED;Lo;0;L;6ADB;;;;N;;;;; +2F8EE;CJK COMPATIBILITY IDEOGRAPH-2F8EE;Lo;0;L;3C18;;;;N;;;;; +2F8EF;CJK COMPATIBILITY IDEOGRAPH-2F8EF;Lo;0;L;6B21;;;;N;;;;; +2F8F0;CJK COMPATIBILITY IDEOGRAPH-2F8F0;Lo;0;L;238A7;;;;N;;;;; +2F8F1;CJK COMPATIBILITY IDEOGRAPH-2F8F1;Lo;0;L;6B54;;;;N;;;;; +2F8F2;CJK COMPATIBILITY IDEOGRAPH-2F8F2;Lo;0;L;3C4E;;;;N;;;;; +2F8F3;CJK COMPATIBILITY IDEOGRAPH-2F8F3;Lo;0;L;6B72;;;;N;;;;; +2F8F4;CJK COMPATIBILITY IDEOGRAPH-2F8F4;Lo;0;L;6B9F;;;;N;;;;; +2F8F5;CJK COMPATIBILITY IDEOGRAPH-2F8F5;Lo;0;L;6BBA;;;;N;;;;; +2F8F6;CJK COMPATIBILITY IDEOGRAPH-2F8F6;Lo;0;L;6BBB;;;;N;;;;; +2F8F7;CJK COMPATIBILITY IDEOGRAPH-2F8F7;Lo;0;L;23A8D;;;;N;;;;; +2F8F8;CJK COMPATIBILITY IDEOGRAPH-2F8F8;Lo;0;L;21D0B;;;;N;;;;; +2F8F9;CJK COMPATIBILITY IDEOGRAPH-2F8F9;Lo;0;L;23AFA;;;;N;;;;; +2F8FA;CJK COMPATIBILITY IDEOGRAPH-2F8FA;Lo;0;L;6C4E;;;;N;;;;; +2F8FB;CJK COMPATIBILITY IDEOGRAPH-2F8FB;Lo;0;L;23CBC;;;;N;;;;; +2F8FC;CJK COMPATIBILITY IDEOGRAPH-2F8FC;Lo;0;L;6CBF;;;;N;;;;; +2F8FD;CJK COMPATIBILITY IDEOGRAPH-2F8FD;Lo;0;L;6CCD;;;;N;;;;; +2F8FE;CJK COMPATIBILITY IDEOGRAPH-2F8FE;Lo;0;L;6C67;;;;N;;;;; +2F8FF;CJK COMPATIBILITY IDEOGRAPH-2F8FF;Lo;0;L;6D16;;;;N;;;;; +2F900;CJK COMPATIBILITY IDEOGRAPH-2F900;Lo;0;L;6D3E;;;;N;;;;; +2F901;CJK COMPATIBILITY IDEOGRAPH-2F901;Lo;0;L;6D77;;;;N;;;;; +2F902;CJK COMPATIBILITY IDEOGRAPH-2F902;Lo;0;L;6D41;;;;N;;;;; +2F903;CJK COMPATIBILITY IDEOGRAPH-2F903;Lo;0;L;6D69;;;;N;;;;; +2F904;CJK COMPATIBILITY IDEOGRAPH-2F904;Lo;0;L;6D78;;;;N;;;;; +2F905;CJK COMPATIBILITY IDEOGRAPH-2F905;Lo;0;L;6D85;;;;N;;;;; +2F906;CJK COMPATIBILITY IDEOGRAPH-2F906;Lo;0;L;23D1E;;;;N;;;;; +2F907;CJK COMPATIBILITY IDEOGRAPH-2F907;Lo;0;L;6D34;;;;N;;;;; +2F908;CJK COMPATIBILITY IDEOGRAPH-2F908;Lo;0;L;6E2F;;;;N;;;;; +2F909;CJK COMPATIBILITY IDEOGRAPH-2F909;Lo;0;L;6E6E;;;;N;;;;; +2F90A;CJK COMPATIBILITY IDEOGRAPH-2F90A;Lo;0;L;3D33;;;;N;;;;; +2F90B;CJK COMPATIBILITY IDEOGRAPH-2F90B;Lo;0;L;6ECB;;;;N;;;;; +2F90C;CJK COMPATIBILITY IDEOGRAPH-2F90C;Lo;0;L;6EC7;;;;N;;;;; +2F90D;CJK COMPATIBILITY IDEOGRAPH-2F90D;Lo;0;L;23ED1;;;;N;;;;; +2F90E;CJK COMPATIBILITY IDEOGRAPH-2F90E;Lo;0;L;6DF9;;;;N;;;;; +2F90F;CJK COMPATIBILITY IDEOGRAPH-2F90F;Lo;0;L;6F6E;;;;N;;;;; +2F910;CJK COMPATIBILITY IDEOGRAPH-2F910;Lo;0;L;23F5E;;;;N;;;;; +2F911;CJK COMPATIBILITY IDEOGRAPH-2F911;Lo;0;L;23F8E;;;;N;;;;; +2F912;CJK COMPATIBILITY IDEOGRAPH-2F912;Lo;0;L;6FC6;;;;N;;;;; +2F913;CJK COMPATIBILITY IDEOGRAPH-2F913;Lo;0;L;7039;;;;N;;;;; +2F914;CJK COMPATIBILITY IDEOGRAPH-2F914;Lo;0;L;701E;;;;N;;;;; +2F915;CJK COMPATIBILITY IDEOGRAPH-2F915;Lo;0;L;701B;;;;N;;;;; +2F916;CJK COMPATIBILITY IDEOGRAPH-2F916;Lo;0;L;3D96;;;;N;;;;; +2F917;CJK COMPATIBILITY IDEOGRAPH-2F917;Lo;0;L;704A;;;;N;;;;; +2F918;CJK COMPATIBILITY IDEOGRAPH-2F918;Lo;0;L;707D;;;;N;;;;; +2F919;CJK COMPATIBILITY IDEOGRAPH-2F919;Lo;0;L;7077;;;;N;;;;; +2F91A;CJK COMPATIBILITY IDEOGRAPH-2F91A;Lo;0;L;70AD;;;;N;;;;; +2F91B;CJK COMPATIBILITY IDEOGRAPH-2F91B;Lo;0;L;20525;;;;N;;;;; +2F91C;CJK COMPATIBILITY IDEOGRAPH-2F91C;Lo;0;L;7145;;;;N;;;;; +2F91D;CJK COMPATIBILITY IDEOGRAPH-2F91D;Lo;0;L;24263;;;;N;;;;; +2F91E;CJK COMPATIBILITY IDEOGRAPH-2F91E;Lo;0;L;719C;;;;N;;;;; +2F91F;CJK COMPATIBILITY IDEOGRAPH-2F91F;Lo;0;L;43AB;;;;N;;;;; +2F920;CJK COMPATIBILITY IDEOGRAPH-2F920;Lo;0;L;7228;;;;N;;;;; +2F921;CJK COMPATIBILITY IDEOGRAPH-2F921;Lo;0;L;7235;;;;N;;;;; +2F922;CJK COMPATIBILITY IDEOGRAPH-2F922;Lo;0;L;7250;;;;N;;;;; +2F923;CJK COMPATIBILITY IDEOGRAPH-2F923;Lo;0;L;24608;;;;N;;;;; +2F924;CJK COMPATIBILITY IDEOGRAPH-2F924;Lo;0;L;7280;;;;N;;;;; +2F925;CJK COMPATIBILITY IDEOGRAPH-2F925;Lo;0;L;7295;;;;N;;;;; +2F926;CJK COMPATIBILITY IDEOGRAPH-2F926;Lo;0;L;24735;;;;N;;;;; +2F927;CJK COMPATIBILITY IDEOGRAPH-2F927;Lo;0;L;24814;;;;N;;;;; +2F928;CJK COMPATIBILITY IDEOGRAPH-2F928;Lo;0;L;737A;;;;N;;;;; +2F929;CJK COMPATIBILITY IDEOGRAPH-2F929;Lo;0;L;738B;;;;N;;;;; +2F92A;CJK COMPATIBILITY IDEOGRAPH-2F92A;Lo;0;L;3EAC;;;;N;;;;; +2F92B;CJK COMPATIBILITY IDEOGRAPH-2F92B;Lo;0;L;73A5;;;;N;;;;; +2F92C;CJK COMPATIBILITY IDEOGRAPH-2F92C;Lo;0;L;3EB8;;;;N;;;;; +2F92D;CJK COMPATIBILITY IDEOGRAPH-2F92D;Lo;0;L;3EB8;;;;N;;;;; +2F92E;CJK COMPATIBILITY IDEOGRAPH-2F92E;Lo;0;L;7447;;;;N;;;;; +2F92F;CJK COMPATIBILITY IDEOGRAPH-2F92F;Lo;0;L;745C;;;;N;;;;; +2F930;CJK COMPATIBILITY IDEOGRAPH-2F930;Lo;0;L;7471;;;;N;;;;; +2F931;CJK COMPATIBILITY IDEOGRAPH-2F931;Lo;0;L;7485;;;;N;;;;; +2F932;CJK COMPATIBILITY IDEOGRAPH-2F932;Lo;0;L;74CA;;;;N;;;;; +2F933;CJK COMPATIBILITY IDEOGRAPH-2F933;Lo;0;L;3F1B;;;;N;;;;; +2F934;CJK COMPATIBILITY IDEOGRAPH-2F934;Lo;0;L;7524;;;;N;;;;; +2F935;CJK COMPATIBILITY IDEOGRAPH-2F935;Lo;0;L;24C36;;;;N;;;;; +2F936;CJK COMPATIBILITY IDEOGRAPH-2F936;Lo;0;L;753E;;;;N;;;;; +2F937;CJK COMPATIBILITY IDEOGRAPH-2F937;Lo;0;L;24C92;;;;N;;;;; +2F938;CJK COMPATIBILITY IDEOGRAPH-2F938;Lo;0;L;7570;;;;N;;;;; +2F939;CJK COMPATIBILITY IDEOGRAPH-2F939;Lo;0;L;2219F;;;;N;;;;; +2F93A;CJK COMPATIBILITY IDEOGRAPH-2F93A;Lo;0;L;7610;;;;N;;;;; +2F93B;CJK COMPATIBILITY IDEOGRAPH-2F93B;Lo;0;L;24FA1;;;;N;;;;; +2F93C;CJK COMPATIBILITY IDEOGRAPH-2F93C;Lo;0;L;24FB8;;;;N;;;;; +2F93D;CJK COMPATIBILITY IDEOGRAPH-2F93D;Lo;0;L;25044;;;;N;;;;; +2F93E;CJK COMPATIBILITY IDEOGRAPH-2F93E;Lo;0;L;3FFC;;;;N;;;;; +2F93F;CJK COMPATIBILITY IDEOGRAPH-2F93F;Lo;0;L;4008;;;;N;;;;; +2F940;CJK COMPATIBILITY IDEOGRAPH-2F940;Lo;0;L;76F4;;;;N;;;;; +2F941;CJK COMPATIBILITY IDEOGRAPH-2F941;Lo;0;L;250F3;;;;N;;;;; +2F942;CJK COMPATIBILITY IDEOGRAPH-2F942;Lo;0;L;250F2;;;;N;;;;; +2F943;CJK COMPATIBILITY IDEOGRAPH-2F943;Lo;0;L;25119;;;;N;;;;; +2F944;CJK COMPATIBILITY IDEOGRAPH-2F944;Lo;0;L;25133;;;;N;;;;; +2F945;CJK COMPATIBILITY IDEOGRAPH-2F945;Lo;0;L;771E;;;;N;;;;; +2F946;CJK COMPATIBILITY IDEOGRAPH-2F946;Lo;0;L;771F;;;;N;;;;; +2F947;CJK COMPATIBILITY IDEOGRAPH-2F947;Lo;0;L;771F;;;;N;;;;; +2F948;CJK COMPATIBILITY IDEOGRAPH-2F948;Lo;0;L;774A;;;;N;;;;; +2F949;CJK COMPATIBILITY IDEOGRAPH-2F949;Lo;0;L;4039;;;;N;;;;; +2F94A;CJK COMPATIBILITY IDEOGRAPH-2F94A;Lo;0;L;778B;;;;N;;;;; +2F94B;CJK COMPATIBILITY IDEOGRAPH-2F94B;Lo;0;L;4046;;;;N;;;;; +2F94C;CJK COMPATIBILITY IDEOGRAPH-2F94C;Lo;0;L;4096;;;;N;;;;; +2F94D;CJK COMPATIBILITY IDEOGRAPH-2F94D;Lo;0;L;2541D;;;;N;;;;; +2F94E;CJK COMPATIBILITY IDEOGRAPH-2F94E;Lo;0;L;784E;;;;N;;;;; +2F94F;CJK COMPATIBILITY IDEOGRAPH-2F94F;Lo;0;L;788C;;;;N;;;;; +2F950;CJK COMPATIBILITY IDEOGRAPH-2F950;Lo;0;L;78CC;;;;N;;;;; +2F951;CJK COMPATIBILITY IDEOGRAPH-2F951;Lo;0;L;40E3;;;;N;;;;; +2F952;CJK COMPATIBILITY IDEOGRAPH-2F952;Lo;0;L;25626;;;;N;;;;; +2F953;CJK COMPATIBILITY IDEOGRAPH-2F953;Lo;0;L;7956;;;;N;;;;; +2F954;CJK COMPATIBILITY IDEOGRAPH-2F954;Lo;0;L;2569A;;;;N;;;;; +2F955;CJK COMPATIBILITY IDEOGRAPH-2F955;Lo;0;L;256C5;;;;N;;;;; +2F956;CJK COMPATIBILITY IDEOGRAPH-2F956;Lo;0;L;798F;;;;N;;;;; +2F957;CJK COMPATIBILITY IDEOGRAPH-2F957;Lo;0;L;79EB;;;;N;;;;; +2F958;CJK COMPATIBILITY IDEOGRAPH-2F958;Lo;0;L;412F;;;;N;;;;; +2F959;CJK COMPATIBILITY IDEOGRAPH-2F959;Lo;0;L;7A40;;;;N;;;;; +2F95A;CJK COMPATIBILITY IDEOGRAPH-2F95A;Lo;0;L;7A4A;;;;N;;;;; +2F95B;CJK COMPATIBILITY IDEOGRAPH-2F95B;Lo;0;L;7A4F;;;;N;;;;; +2F95C;CJK COMPATIBILITY IDEOGRAPH-2F95C;Lo;0;L;2597C;;;;N;;;;; +2F95D;CJK COMPATIBILITY IDEOGRAPH-2F95D;Lo;0;L;25AA7;;;;N;;;;; +2F95E;CJK COMPATIBILITY IDEOGRAPH-2F95E;Lo;0;L;25AA7;;;;N;;;;; +2F95F;CJK COMPATIBILITY IDEOGRAPH-2F95F;Lo;0;L;7AAE;;;;N;;;;; +2F960;CJK COMPATIBILITY IDEOGRAPH-2F960;Lo;0;L;4202;;;;N;;;;; +2F961;CJK COMPATIBILITY IDEOGRAPH-2F961;Lo;0;L;25BAB;;;;N;;;;; +2F962;CJK COMPATIBILITY IDEOGRAPH-2F962;Lo;0;L;7BC6;;;;N;;;;; +2F963;CJK COMPATIBILITY IDEOGRAPH-2F963;Lo;0;L;7BC9;;;;N;;;;; +2F964;CJK COMPATIBILITY IDEOGRAPH-2F964;Lo;0;L;4227;;;;N;;;;; +2F965;CJK COMPATIBILITY IDEOGRAPH-2F965;Lo;0;L;25C80;;;;N;;;;; +2F966;CJK COMPATIBILITY IDEOGRAPH-2F966;Lo;0;L;7CD2;;;;N;;;;; +2F967;CJK COMPATIBILITY IDEOGRAPH-2F967;Lo;0;L;42A0;;;;N;;;;; +2F968;CJK COMPATIBILITY IDEOGRAPH-2F968;Lo;0;L;7CE8;;;;N;;;;; +2F969;CJK COMPATIBILITY IDEOGRAPH-2F969;Lo;0;L;7CE3;;;;N;;;;; +2F96A;CJK COMPATIBILITY IDEOGRAPH-2F96A;Lo;0;L;7D00;;;;N;;;;; +2F96B;CJK COMPATIBILITY IDEOGRAPH-2F96B;Lo;0;L;25F86;;;;N;;;;; +2F96C;CJK COMPATIBILITY IDEOGRAPH-2F96C;Lo;0;L;7D63;;;;N;;;;; +2F96D;CJK COMPATIBILITY IDEOGRAPH-2F96D;Lo;0;L;4301;;;;N;;;;; +2F96E;CJK COMPATIBILITY IDEOGRAPH-2F96E;Lo;0;L;7DC7;;;;N;;;;; +2F96F;CJK COMPATIBILITY IDEOGRAPH-2F96F;Lo;0;L;7E02;;;;N;;;;; +2F970;CJK COMPATIBILITY IDEOGRAPH-2F970;Lo;0;L;7E45;;;;N;;;;; +2F971;CJK COMPATIBILITY IDEOGRAPH-2F971;Lo;0;L;4334;;;;N;;;;; +2F972;CJK COMPATIBILITY IDEOGRAPH-2F972;Lo;0;L;26228;;;;N;;;;; +2F973;CJK COMPATIBILITY IDEOGRAPH-2F973;Lo;0;L;26247;;;;N;;;;; +2F974;CJK COMPATIBILITY IDEOGRAPH-2F974;Lo;0;L;4359;;;;N;;;;; +2F975;CJK COMPATIBILITY IDEOGRAPH-2F975;Lo;0;L;262D9;;;;N;;;;; +2F976;CJK COMPATIBILITY IDEOGRAPH-2F976;Lo;0;L;7F7A;;;;N;;;;; +2F977;CJK COMPATIBILITY IDEOGRAPH-2F977;Lo;0;L;2633E;;;;N;;;;; +2F978;CJK COMPATIBILITY IDEOGRAPH-2F978;Lo;0;L;7F95;;;;N;;;;; +2F979;CJK COMPATIBILITY IDEOGRAPH-2F979;Lo;0;L;7FFA;;;;N;;;;; +2F97A;CJK COMPATIBILITY IDEOGRAPH-2F97A;Lo;0;L;8005;;;;N;;;;; +2F97B;CJK COMPATIBILITY IDEOGRAPH-2F97B;Lo;0;L;264DA;;;;N;;;;; +2F97C;CJK COMPATIBILITY IDEOGRAPH-2F97C;Lo;0;L;26523;;;;N;;;;; +2F97D;CJK COMPATIBILITY IDEOGRAPH-2F97D;Lo;0;L;8060;;;;N;;;;; +2F97E;CJK COMPATIBILITY IDEOGRAPH-2F97E;Lo;0;L;265A8;;;;N;;;;; +2F97F;CJK COMPATIBILITY IDEOGRAPH-2F97F;Lo;0;L;8070;;;;N;;;;; +2F980;CJK COMPATIBILITY IDEOGRAPH-2F980;Lo;0;L;2335F;;;;N;;;;; +2F981;CJK COMPATIBILITY IDEOGRAPH-2F981;Lo;0;L;43D5;;;;N;;;;; +2F982;CJK COMPATIBILITY IDEOGRAPH-2F982;Lo;0;L;80B2;;;;N;;;;; +2F983;CJK COMPATIBILITY IDEOGRAPH-2F983;Lo;0;L;8103;;;;N;;;;; +2F984;CJK COMPATIBILITY IDEOGRAPH-2F984;Lo;0;L;440B;;;;N;;;;; +2F985;CJK COMPATIBILITY IDEOGRAPH-2F985;Lo;0;L;813E;;;;N;;;;; +2F986;CJK COMPATIBILITY IDEOGRAPH-2F986;Lo;0;L;5AB5;;;;N;;;;; +2F987;CJK COMPATIBILITY IDEOGRAPH-2F987;Lo;0;L;267A7;;;;N;;;;; +2F988;CJK COMPATIBILITY IDEOGRAPH-2F988;Lo;0;L;267B5;;;;N;;;;; +2F989;CJK COMPATIBILITY IDEOGRAPH-2F989;Lo;0;L;23393;;;;N;;;;; +2F98A;CJK COMPATIBILITY IDEOGRAPH-2F98A;Lo;0;L;2339C;;;;N;;;;; +2F98B;CJK COMPATIBILITY IDEOGRAPH-2F98B;Lo;0;L;8201;;;;N;;;;; +2F98C;CJK COMPATIBILITY IDEOGRAPH-2F98C;Lo;0;L;8204;;;;N;;;;; +2F98D;CJK COMPATIBILITY IDEOGRAPH-2F98D;Lo;0;L;8F9E;;;;N;;;;; +2F98E;CJK COMPATIBILITY IDEOGRAPH-2F98E;Lo;0;L;446B;;;;N;;;;; +2F98F;CJK COMPATIBILITY IDEOGRAPH-2F98F;Lo;0;L;8291;;;;N;;;;; +2F990;CJK COMPATIBILITY IDEOGRAPH-2F990;Lo;0;L;828B;;;;N;;;;; +2F991;CJK COMPATIBILITY IDEOGRAPH-2F991;Lo;0;L;829D;;;;N;;;;; +2F992;CJK COMPATIBILITY IDEOGRAPH-2F992;Lo;0;L;52B3;;;;N;;;;; +2F993;CJK COMPATIBILITY IDEOGRAPH-2F993;Lo;0;L;82B1;;;;N;;;;; +2F994;CJK COMPATIBILITY IDEOGRAPH-2F994;Lo;0;L;82B3;;;;N;;;;; +2F995;CJK COMPATIBILITY IDEOGRAPH-2F995;Lo;0;L;82BD;;;;N;;;;; +2F996;CJK COMPATIBILITY IDEOGRAPH-2F996;Lo;0;L;82E6;;;;N;;;;; +2F997;CJK COMPATIBILITY IDEOGRAPH-2F997;Lo;0;L;26B3C;;;;N;;;;; +2F998;CJK COMPATIBILITY IDEOGRAPH-2F998;Lo;0;L;82E5;;;;N;;;;; +2F999;CJK COMPATIBILITY IDEOGRAPH-2F999;Lo;0;L;831D;;;;N;;;;; +2F99A;CJK COMPATIBILITY IDEOGRAPH-2F99A;Lo;0;L;8363;;;;N;;;;; +2F99B;CJK COMPATIBILITY IDEOGRAPH-2F99B;Lo;0;L;83AD;;;;N;;;;; +2F99C;CJK COMPATIBILITY IDEOGRAPH-2F99C;Lo;0;L;8323;;;;N;;;;; +2F99D;CJK COMPATIBILITY IDEOGRAPH-2F99D;Lo;0;L;83BD;;;;N;;;;; +2F99E;CJK COMPATIBILITY IDEOGRAPH-2F99E;Lo;0;L;83E7;;;;N;;;;; +2F99F;CJK COMPATIBILITY IDEOGRAPH-2F99F;Lo;0;L;8457;;;;N;;;;; +2F9A0;CJK COMPATIBILITY IDEOGRAPH-2F9A0;Lo;0;L;8353;;;;N;;;;; +2F9A1;CJK COMPATIBILITY IDEOGRAPH-2F9A1;Lo;0;L;83CA;;;;N;;;;; +2F9A2;CJK COMPATIBILITY IDEOGRAPH-2F9A2;Lo;0;L;83CC;;;;N;;;;; +2F9A3;CJK COMPATIBILITY IDEOGRAPH-2F9A3;Lo;0;L;83DC;;;;N;;;;; +2F9A4;CJK COMPATIBILITY IDEOGRAPH-2F9A4;Lo;0;L;26C36;;;;N;;;;; +2F9A5;CJK COMPATIBILITY IDEOGRAPH-2F9A5;Lo;0;L;26D6B;;;;N;;;;; +2F9A6;CJK COMPATIBILITY IDEOGRAPH-2F9A6;Lo;0;L;26CD5;;;;N;;;;; +2F9A7;CJK COMPATIBILITY IDEOGRAPH-2F9A7;Lo;0;L;452B;;;;N;;;;; +2F9A8;CJK COMPATIBILITY IDEOGRAPH-2F9A8;Lo;0;L;84F1;;;;N;;;;; +2F9A9;CJK COMPATIBILITY IDEOGRAPH-2F9A9;Lo;0;L;84F3;;;;N;;;;; +2F9AA;CJK COMPATIBILITY IDEOGRAPH-2F9AA;Lo;0;L;8516;;;;N;;;;; +2F9AB;CJK COMPATIBILITY IDEOGRAPH-2F9AB;Lo;0;L;273CA;;;;N;;;;; +2F9AC;CJK COMPATIBILITY IDEOGRAPH-2F9AC;Lo;0;L;8564;;;;N;;;;; +2F9AD;CJK COMPATIBILITY IDEOGRAPH-2F9AD;Lo;0;L;26F2C;;;;N;;;;; +2F9AE;CJK COMPATIBILITY IDEOGRAPH-2F9AE;Lo;0;L;455D;;;;N;;;;; +2F9AF;CJK COMPATIBILITY IDEOGRAPH-2F9AF;Lo;0;L;4561;;;;N;;;;; +2F9B0;CJK COMPATIBILITY IDEOGRAPH-2F9B0;Lo;0;L;26FB1;;;;N;;;;; +2F9B1;CJK COMPATIBILITY IDEOGRAPH-2F9B1;Lo;0;L;270D2;;;;N;;;;; +2F9B2;CJK COMPATIBILITY IDEOGRAPH-2F9B2;Lo;0;L;456B;;;;N;;;;; +2F9B3;CJK COMPATIBILITY IDEOGRAPH-2F9B3;Lo;0;L;8650;;;;N;;;;; +2F9B4;CJK COMPATIBILITY IDEOGRAPH-2F9B4;Lo;0;L;865C;;;;N;;;;; +2F9B5;CJK COMPATIBILITY IDEOGRAPH-2F9B5;Lo;0;L;8667;;;;N;;;;; +2F9B6;CJK COMPATIBILITY IDEOGRAPH-2F9B6;Lo;0;L;8669;;;;N;;;;; +2F9B7;CJK COMPATIBILITY IDEOGRAPH-2F9B7;Lo;0;L;86A9;;;;N;;;;; +2F9B8;CJK COMPATIBILITY IDEOGRAPH-2F9B8;Lo;0;L;8688;;;;N;;;;; +2F9B9;CJK COMPATIBILITY IDEOGRAPH-2F9B9;Lo;0;L;870E;;;;N;;;;; +2F9BA;CJK COMPATIBILITY IDEOGRAPH-2F9BA;Lo;0;L;86E2;;;;N;;;;; +2F9BB;CJK COMPATIBILITY IDEOGRAPH-2F9BB;Lo;0;L;8779;;;;N;;;;; +2F9BC;CJK COMPATIBILITY IDEOGRAPH-2F9BC;Lo;0;L;8728;;;;N;;;;; +2F9BD;CJK COMPATIBILITY IDEOGRAPH-2F9BD;Lo;0;L;876B;;;;N;;;;; +2F9BE;CJK COMPATIBILITY IDEOGRAPH-2F9BE;Lo;0;L;8786;;;;N;;;;; +2F9BF;CJK COMPATIBILITY IDEOGRAPH-2F9BF;Lo;0;L;4D57;;;;N;;;;; +2F9C0;CJK COMPATIBILITY IDEOGRAPH-2F9C0;Lo;0;L;87E1;;;;N;;;;; +2F9C1;CJK COMPATIBILITY IDEOGRAPH-2F9C1;Lo;0;L;8801;;;;N;;;;; +2F9C2;CJK COMPATIBILITY IDEOGRAPH-2F9C2;Lo;0;L;45F9;;;;N;;;;; +2F9C3;CJK COMPATIBILITY IDEOGRAPH-2F9C3;Lo;0;L;8860;;;;N;;;;; +2F9C4;CJK COMPATIBILITY IDEOGRAPH-2F9C4;Lo;0;L;8863;;;;N;;;;; +2F9C5;CJK COMPATIBILITY IDEOGRAPH-2F9C5;Lo;0;L;27667;;;;N;;;;; +2F9C6;CJK COMPATIBILITY IDEOGRAPH-2F9C6;Lo;0;L;88D7;;;;N;;;;; +2F9C7;CJK COMPATIBILITY IDEOGRAPH-2F9C7;Lo;0;L;88DE;;;;N;;;;; +2F9C8;CJK COMPATIBILITY IDEOGRAPH-2F9C8;Lo;0;L;4635;;;;N;;;;; +2F9C9;CJK COMPATIBILITY IDEOGRAPH-2F9C9;Lo;0;L;88FA;;;;N;;;;; +2F9CA;CJK COMPATIBILITY IDEOGRAPH-2F9CA;Lo;0;L;34BB;;;;N;;;;; +2F9CB;CJK COMPATIBILITY IDEOGRAPH-2F9CB;Lo;0;L;278AE;;;;N;;;;; +2F9CC;CJK COMPATIBILITY IDEOGRAPH-2F9CC;Lo;0;L;27966;;;;N;;;;; +2F9CD;CJK COMPATIBILITY IDEOGRAPH-2F9CD;Lo;0;L;46BE;;;;N;;;;; +2F9CE;CJK COMPATIBILITY IDEOGRAPH-2F9CE;Lo;0;L;46C7;;;;N;;;;; +2F9CF;CJK COMPATIBILITY IDEOGRAPH-2F9CF;Lo;0;L;8AA0;;;;N;;;;; +2F9D0;CJK COMPATIBILITY IDEOGRAPH-2F9D0;Lo;0;L;8AED;;;;N;;;;; +2F9D1;CJK COMPATIBILITY IDEOGRAPH-2F9D1;Lo;0;L;8B8A;;;;N;;;;; +2F9D2;CJK COMPATIBILITY IDEOGRAPH-2F9D2;Lo;0;L;8C55;;;;N;;;;; +2F9D3;CJK COMPATIBILITY IDEOGRAPH-2F9D3;Lo;0;L;27CA8;;;;N;;;;; +2F9D4;CJK COMPATIBILITY IDEOGRAPH-2F9D4;Lo;0;L;8CAB;;;;N;;;;; +2F9D5;CJK COMPATIBILITY IDEOGRAPH-2F9D5;Lo;0;L;8CC1;;;;N;;;;; +2F9D6;CJK COMPATIBILITY IDEOGRAPH-2F9D6;Lo;0;L;8D1B;;;;N;;;;; +2F9D7;CJK COMPATIBILITY IDEOGRAPH-2F9D7;Lo;0;L;8D77;;;;N;;;;; +2F9D8;CJK COMPATIBILITY IDEOGRAPH-2F9D8;Lo;0;L;27F2F;;;;N;;;;; +2F9D9;CJK COMPATIBILITY IDEOGRAPH-2F9D9;Lo;0;L;20804;;;;N;;;;; +2F9DA;CJK COMPATIBILITY IDEOGRAPH-2F9DA;Lo;0;L;8DCB;;;;N;;;;; +2F9DB;CJK COMPATIBILITY IDEOGRAPH-2F9DB;Lo;0;L;8DBC;;;;N;;;;; +2F9DC;CJK COMPATIBILITY IDEOGRAPH-2F9DC;Lo;0;L;8DF0;;;;N;;;;; +2F9DD;CJK COMPATIBILITY IDEOGRAPH-2F9DD;Lo;0;L;208DE;;;;N;;;;; +2F9DE;CJK COMPATIBILITY IDEOGRAPH-2F9DE;Lo;0;L;8ED4;;;;N;;;;; +2F9DF;CJK COMPATIBILITY IDEOGRAPH-2F9DF;Lo;0;L;8F38;;;;N;;;;; +2F9E0;CJK COMPATIBILITY IDEOGRAPH-2F9E0;Lo;0;L;285D2;;;;N;;;;; +2F9E1;CJK COMPATIBILITY IDEOGRAPH-2F9E1;Lo;0;L;285ED;;;;N;;;;; +2F9E2;CJK COMPATIBILITY IDEOGRAPH-2F9E2;Lo;0;L;9094;;;;N;;;;; +2F9E3;CJK COMPATIBILITY IDEOGRAPH-2F9E3;Lo;0;L;90F1;;;;N;;;;; +2F9E4;CJK COMPATIBILITY IDEOGRAPH-2F9E4;Lo;0;L;9111;;;;N;;;;; +2F9E5;CJK COMPATIBILITY IDEOGRAPH-2F9E5;Lo;0;L;2872E;;;;N;;;;; +2F9E6;CJK COMPATIBILITY IDEOGRAPH-2F9E6;Lo;0;L;911B;;;;N;;;;; +2F9E7;CJK COMPATIBILITY IDEOGRAPH-2F9E7;Lo;0;L;9238;;;;N;;;;; +2F9E8;CJK COMPATIBILITY IDEOGRAPH-2F9E8;Lo;0;L;92D7;;;;N;;;;; +2F9E9;CJK COMPATIBILITY IDEOGRAPH-2F9E9;Lo;0;L;92D8;;;;N;;;;; +2F9EA;CJK COMPATIBILITY IDEOGRAPH-2F9EA;Lo;0;L;927C;;;;N;;;;; +2F9EB;CJK COMPATIBILITY IDEOGRAPH-2F9EB;Lo;0;L;93F9;;;;N;;;;; +2F9EC;CJK COMPATIBILITY IDEOGRAPH-2F9EC;Lo;0;L;9415;;;;N;;;;; +2F9ED;CJK COMPATIBILITY IDEOGRAPH-2F9ED;Lo;0;L;28BFA;;;;N;;;;; +2F9EE;CJK COMPATIBILITY IDEOGRAPH-2F9EE;Lo;0;L;958B;;;;N;;;;; +2F9EF;CJK COMPATIBILITY IDEOGRAPH-2F9EF;Lo;0;L;4995;;;;N;;;;; +2F9F0;CJK COMPATIBILITY IDEOGRAPH-2F9F0;Lo;0;L;95B7;;;;N;;;;; +2F9F1;CJK COMPATIBILITY IDEOGRAPH-2F9F1;Lo;0;L;28D77;;;;N;;;;; +2F9F2;CJK COMPATIBILITY IDEOGRAPH-2F9F2;Lo;0;L;49E6;;;;N;;;;; +2F9F3;CJK COMPATIBILITY IDEOGRAPH-2F9F3;Lo;0;L;96C3;;;;N;;;;; +2F9F4;CJK COMPATIBILITY IDEOGRAPH-2F9F4;Lo;0;L;5DB2;;;;N;;;;; +2F9F5;CJK COMPATIBILITY IDEOGRAPH-2F9F5;Lo;0;L;9723;;;;N;;;;; +2F9F6;CJK COMPATIBILITY IDEOGRAPH-2F9F6;Lo;0;L;29145;;;;N;;;;; +2F9F7;CJK COMPATIBILITY IDEOGRAPH-2F9F7;Lo;0;L;2921A;;;;N;;;;; +2F9F8;CJK COMPATIBILITY IDEOGRAPH-2F9F8;Lo;0;L;4A6E;;;;N;;;;; +2F9F9;CJK COMPATIBILITY IDEOGRAPH-2F9F9;Lo;0;L;4A76;;;;N;;;;; +2F9FA;CJK COMPATIBILITY IDEOGRAPH-2F9FA;Lo;0;L;97E0;;;;N;;;;; +2F9FB;CJK COMPATIBILITY IDEOGRAPH-2F9FB;Lo;0;L;2940A;;;;N;;;;; +2F9FC;CJK COMPATIBILITY IDEOGRAPH-2F9FC;Lo;0;L;4AB2;;;;N;;;;; +2F9FD;CJK COMPATIBILITY IDEOGRAPH-2F9FD;Lo;0;L;29496;;;;N;;;;; +2F9FE;CJK COMPATIBILITY IDEOGRAPH-2F9FE;Lo;0;L;980B;;;;N;;;;; +2F9FF;CJK COMPATIBILITY IDEOGRAPH-2F9FF;Lo;0;L;980B;;;;N;;;;; +2FA00;CJK COMPATIBILITY IDEOGRAPH-2FA00;Lo;0;L;9829;;;;N;;;;; +2FA01;CJK COMPATIBILITY IDEOGRAPH-2FA01;Lo;0;L;295B6;;;;N;;;;; +2FA02;CJK COMPATIBILITY IDEOGRAPH-2FA02;Lo;0;L;98E2;;;;N;;;;; +2FA03;CJK COMPATIBILITY IDEOGRAPH-2FA03;Lo;0;L;4B33;;;;N;;;;; +2FA04;CJK COMPATIBILITY IDEOGRAPH-2FA04;Lo;0;L;9929;;;;N;;;;; +2FA05;CJK COMPATIBILITY IDEOGRAPH-2FA05;Lo;0;L;99A7;;;;N;;;;; +2FA06;CJK COMPATIBILITY IDEOGRAPH-2FA06;Lo;0;L;99C2;;;;N;;;;; +2FA07;CJK COMPATIBILITY IDEOGRAPH-2FA07;Lo;0;L;99FE;;;;N;;;;; +2FA08;CJK COMPATIBILITY IDEOGRAPH-2FA08;Lo;0;L;4BCE;;;;N;;;;; +2FA09;CJK COMPATIBILITY IDEOGRAPH-2FA09;Lo;0;L;29B30;;;;N;;;;; +2FA0A;CJK COMPATIBILITY IDEOGRAPH-2FA0A;Lo;0;L;9B12;;;;N;;;;; +2FA0B;CJK COMPATIBILITY IDEOGRAPH-2FA0B;Lo;0;L;9C40;;;;N;;;;; +2FA0C;CJK COMPATIBILITY IDEOGRAPH-2FA0C;Lo;0;L;9CFD;;;;N;;;;; +2FA0D;CJK COMPATIBILITY IDEOGRAPH-2FA0D;Lo;0;L;4CCE;;;;N;;;;; +2FA0E;CJK COMPATIBILITY IDEOGRAPH-2FA0E;Lo;0;L;4CED;;;;N;;;;; +2FA0F;CJK COMPATIBILITY IDEOGRAPH-2FA0F;Lo;0;L;9D67;;;;N;;;;; +2FA10;CJK COMPATIBILITY IDEOGRAPH-2FA10;Lo;0;L;2A0CE;;;;N;;;;; +2FA11;CJK COMPATIBILITY IDEOGRAPH-2FA11;Lo;0;L;4CF8;;;;N;;;;; +2FA12;CJK COMPATIBILITY IDEOGRAPH-2FA12;Lo;0;L;2A105;;;;N;;;;; +2FA13;CJK COMPATIBILITY IDEOGRAPH-2FA13;Lo;0;L;2A20E;;;;N;;;;; +2FA14;CJK COMPATIBILITY IDEOGRAPH-2FA14;Lo;0;L;2A291;;;;N;;;;; +2FA15;CJK COMPATIBILITY IDEOGRAPH-2FA15;Lo;0;L;9EBB;;;;N;;;;; +2FA16;CJK COMPATIBILITY IDEOGRAPH-2FA16;Lo;0;L;4D56;;;;N;;;;; +2FA17;CJK COMPATIBILITY IDEOGRAPH-2FA17;Lo;0;L;9EF9;;;;N;;;;; +2FA18;CJK COMPATIBILITY IDEOGRAPH-2FA18;Lo;0;L;9EFE;;;;N;;;;; +2FA19;CJK COMPATIBILITY IDEOGRAPH-2FA19;Lo;0;L;9F05;;;;N;;;;; +2FA1A;CJK COMPATIBILITY IDEOGRAPH-2FA1A;Lo;0;L;9F0F;;;;N;;;;; +2FA1B;CJK COMPATIBILITY IDEOGRAPH-2FA1B;Lo;0;L;9F16;;;;N;;;;; +2FA1C;CJK COMPATIBILITY IDEOGRAPH-2FA1C;Lo;0;L;9F3B;;;;N;;;;; +2FA1D;CJK COMPATIBILITY IDEOGRAPH-2FA1D;Lo;0;L;2A600;;;;N;;;;; +E0001;LANGUAGE TAG;Cf;0;BN;;;;;N;;;;; +E0020;TAG SPACE;Cf;0;BN;;;;;N;;;;; +E0021;TAG EXCLAMATION MARK;Cf;0;BN;;;;;N;;;;; +E0022;TAG QUOTATION MARK;Cf;0;BN;;;;;N;;;;; +E0023;TAG NUMBER SIGN;Cf;0;BN;;;;;N;;;;; +E0024;TAG DOLLAR SIGN;Cf;0;BN;;;;;N;;;;; +E0025;TAG PERCENT SIGN;Cf;0;BN;;;;;N;;;;; +E0026;TAG AMPERSAND;Cf;0;BN;;;;;N;;;;; +E0027;TAG APOSTROPHE;Cf;0;BN;;;;;N;;;;; +E0028;TAG LEFT PARENTHESIS;Cf;0;BN;;;;;N;;;;; +E0029;TAG RIGHT PARENTHESIS;Cf;0;BN;;;;;N;;;;; +E002A;TAG ASTERISK;Cf;0;BN;;;;;N;;;;; +E002B;TAG PLUS SIGN;Cf;0;BN;;;;;N;;;;; +E002C;TAG COMMA;Cf;0;BN;;;;;N;;;;; +E002D;TAG HYPHEN-MINUS;Cf;0;BN;;;;;N;;;;; +E002E;TAG FULL STOP;Cf;0;BN;;;;;N;;;;; +E002F;TAG SOLIDUS;Cf;0;BN;;;;;N;;;;; +E0030;TAG DIGIT ZERO;Cf;0;BN;;;;;N;;;;; +E0031;TAG DIGIT ONE;Cf;0;BN;;;;;N;;;;; +E0032;TAG DIGIT TWO;Cf;0;BN;;;;;N;;;;; +E0033;TAG DIGIT THREE;Cf;0;BN;;;;;N;;;;; +E0034;TAG DIGIT FOUR;Cf;0;BN;;;;;N;;;;; +E0035;TAG DIGIT FIVE;Cf;0;BN;;;;;N;;;;; +E0036;TAG DIGIT SIX;Cf;0;BN;;;;;N;;;;; +E0037;TAG DIGIT SEVEN;Cf;0;BN;;;;;N;;;;; +E0038;TAG DIGIT EIGHT;Cf;0;BN;;;;;N;;;;; +E0039;TAG DIGIT NINE;Cf;0;BN;;;;;N;;;;; +E003A;TAG COLON;Cf;0;BN;;;;;N;;;;; +E003B;TAG SEMICOLON;Cf;0;BN;;;;;N;;;;; +E003C;TAG LESS-THAN SIGN;Cf;0;BN;;;;;N;;;;; +E003D;TAG EQUALS SIGN;Cf;0;BN;;;;;N;;;;; +E003E;TAG GREATER-THAN SIGN;Cf;0;BN;;;;;N;;;;; +E003F;TAG QUESTION MARK;Cf;0;BN;;;;;N;;;;; +E0040;TAG COMMERCIAL AT;Cf;0;BN;;;;;N;;;;; +E0041;TAG LATIN CAPITAL LETTER A;Cf;0;BN;;;;;N;;;;; +E0042;TAG LATIN CAPITAL LETTER B;Cf;0;BN;;;;;N;;;;; +E0043;TAG LATIN CAPITAL LETTER C;Cf;0;BN;;;;;N;;;;; +E0044;TAG LATIN CAPITAL LETTER D;Cf;0;BN;;;;;N;;;;; +E0045;TAG LATIN CAPITAL LETTER E;Cf;0;BN;;;;;N;;;;; +E0046;TAG LATIN CAPITAL LETTER F;Cf;0;BN;;;;;N;;;;; +E0047;TAG LATIN CAPITAL LETTER G;Cf;0;BN;;;;;N;;;;; +E0048;TAG LATIN CAPITAL LETTER H;Cf;0;BN;;;;;N;;;;; +E0049;TAG LATIN CAPITAL LETTER I;Cf;0;BN;;;;;N;;;;; +E004A;TAG LATIN CAPITAL LETTER J;Cf;0;BN;;;;;N;;;;; +E004B;TAG LATIN CAPITAL LETTER K;Cf;0;BN;;;;;N;;;;; +E004C;TAG LATIN CAPITAL LETTER L;Cf;0;BN;;;;;N;;;;; +E004D;TAG LATIN CAPITAL LETTER M;Cf;0;BN;;;;;N;;;;; +E004E;TAG LATIN CAPITAL LETTER N;Cf;0;BN;;;;;N;;;;; +E004F;TAG LATIN CAPITAL LETTER O;Cf;0;BN;;;;;N;;;;; +E0050;TAG LATIN CAPITAL LETTER P;Cf;0;BN;;;;;N;;;;; +E0051;TAG LATIN CAPITAL LETTER Q;Cf;0;BN;;;;;N;;;;; +E0052;TAG LATIN CAPITAL LETTER R;Cf;0;BN;;;;;N;;;;; +E0053;TAG LATIN CAPITAL LETTER S;Cf;0;BN;;;;;N;;;;; +E0054;TAG LATIN CAPITAL LETTER T;Cf;0;BN;;;;;N;;;;; +E0055;TAG LATIN CAPITAL LETTER U;Cf;0;BN;;;;;N;;;;; +E0056;TAG LATIN CAPITAL LETTER V;Cf;0;BN;;;;;N;;;;; +E0057;TAG LATIN CAPITAL LETTER W;Cf;0;BN;;;;;N;;;;; +E0058;TAG LATIN CAPITAL LETTER X;Cf;0;BN;;;;;N;;;;; +E0059;TAG LATIN CAPITAL LETTER Y;Cf;0;BN;;;;;N;;;;; +E005A;TAG LATIN CAPITAL LETTER Z;Cf;0;BN;;;;;N;;;;; +E005B;TAG LEFT SQUARE BRACKET;Cf;0;BN;;;;;N;;;;; +E005C;TAG REVERSE SOLIDUS;Cf;0;BN;;;;;N;;;;; +E005D;TAG RIGHT SQUARE BRACKET;Cf;0;BN;;;;;N;;;;; +E005E;TAG CIRCUMFLEX ACCENT;Cf;0;BN;;;;;N;;;;; +E005F;TAG LOW LINE;Cf;0;BN;;;;;N;;;;; +E0060;TAG GRAVE ACCENT;Cf;0;BN;;;;;N;;;;; +E0061;TAG LATIN SMALL LETTER A;Cf;0;BN;;;;;N;;;;; +E0062;TAG LATIN SMALL LETTER B;Cf;0;BN;;;;;N;;;;; +E0063;TAG LATIN SMALL LETTER C;Cf;0;BN;;;;;N;;;;; +E0064;TAG LATIN SMALL LETTER D;Cf;0;BN;;;;;N;;;;; +E0065;TAG LATIN SMALL LETTER E;Cf;0;BN;;;;;N;;;;; +E0066;TAG LATIN SMALL LETTER F;Cf;0;BN;;;;;N;;;;; +E0067;TAG LATIN SMALL LETTER G;Cf;0;BN;;;;;N;;;;; +E0068;TAG LATIN SMALL LETTER H;Cf;0;BN;;;;;N;;;;; +E0069;TAG LATIN SMALL LETTER I;Cf;0;BN;;;;;N;;;;; +E006A;TAG LATIN SMALL LETTER J;Cf;0;BN;;;;;N;;;;; +E006B;TAG LATIN SMALL LETTER K;Cf;0;BN;;;;;N;;;;; +E006C;TAG LATIN SMALL LETTER L;Cf;0;BN;;;;;N;;;;; +E006D;TAG LATIN SMALL LETTER M;Cf;0;BN;;;;;N;;;;; +E006E;TAG LATIN SMALL LETTER N;Cf;0;BN;;;;;N;;;;; +E006F;TAG LATIN SMALL LETTER O;Cf;0;BN;;;;;N;;;;; +E0070;TAG LATIN SMALL LETTER P;Cf;0;BN;;;;;N;;;;; +E0071;TAG LATIN SMALL LETTER Q;Cf;0;BN;;;;;N;;;;; +E0072;TAG LATIN SMALL LETTER R;Cf;0;BN;;;;;N;;;;; +E0073;TAG LATIN SMALL LETTER S;Cf;0;BN;;;;;N;;;;; +E0074;TAG LATIN SMALL LETTER T;Cf;0;BN;;;;;N;;;;; +E0075;TAG LATIN SMALL LETTER U;Cf;0;BN;;;;;N;;;;; +E0076;TAG LATIN SMALL LETTER V;Cf;0;BN;;;;;N;;;;; +E0077;TAG LATIN SMALL LETTER W;Cf;0;BN;;;;;N;;;;; +E0078;TAG LATIN SMALL LETTER X;Cf;0;BN;;;;;N;;;;; +E0079;TAG LATIN SMALL LETTER Y;Cf;0;BN;;;;;N;;;;; +E007A;TAG LATIN SMALL LETTER Z;Cf;0;BN;;;;;N;;;;; +E007B;TAG LEFT CURLY BRACKET;Cf;0;BN;;;;;N;;;;; +E007C;TAG VERTICAL LINE;Cf;0;BN;;;;;N;;;;; +E007D;TAG RIGHT CURLY BRACKET;Cf;0;BN;;;;;N;;;;; +E007E;TAG TILDE;Cf;0;BN;;;;;N;;;;; +E007F;CANCEL TAG;Cf;0;BN;;;;;N;;;;; +F0000;;Co;0;L;;;;;N;;;;; +FFFFD;;Co;0;L;;;;;N;;;;; +100000;;Co;0;L;;;;;N;;;;; +10FFFD;;Co;0;L;;;;;N;;;;; diff --git a/src/lib/krb5/unicode/deps b/src/lib/krb5/unicode/deps new file mode 100644 index 0000000000..5db5ceac1a --- /dev/null +++ b/src/lib/krb5/unicode/deps @@ -0,0 +1,14 @@ +# +# Generated makefile dependencies follow. +# +ucstr.so ucstr.po $(OUTPRE)ucstr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-unicode.h \ + $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(srcdir)/ucdata/ucdata.h ucstr.c diff --git a/src/lib/krb5/unicode/ucdata/MUTTUCData.txt b/src/lib/krb5/unicode/ucdata/MUTTUCData.txt new file mode 100644 index 0000000000..82c4659411 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/MUTTUCData.txt @@ -0,0 +1,303 @@ +# +# $Id: MUTTUCData.txt,v 1.3 1999/10/29 00:04:35 mleisher Exp $ +# +# Copyright 1999 Computing Research Labs, New Mexico State University +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY +# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT +# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR +# THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# +# Implementation specific character properties. +# +# +# Space, other. +# +0009;;Ss;;;;;;;;;;;; +000A;;Ss;;;;;;;;;;;; +000B;;Ss;;;;;;;;;;;; +000C;;Ss;;;;;;;;;;;; +000D;;Ss;;;;;;;;;;;; +# +# Non-breaking. +# +00A0;;Nb;;;;;;;;;;;; +2007;;Nb;;;;;;;;;;;; +2011;;Nb;;;;;;;;;;;; +FEFF;;Nb;;;;;;;;;;;; +# +# Symmetric. +# +0028;;Sy;;;;;;;;;;;; +0029;;Sy;;;;;;;;;;;; +005B;;Sy;;;;;;;;;;;; +005D;;Sy;;;;;;;;;;;; +007B;;Sy;;;;;;;;;;;; +007D;;Sy;;;;;;;;;;;; +00AB;;Sy;;;;;;;;;;;; +00BB;;Sy;;;;;;;;;;;; +0F3A;;Sy;;;;;;;;;;;; +0F3B;;Sy;;;;;;;;;;;; +0F3C;;Sy;;;;;;;;;;;; +0F3D;;Sy;;;;;;;;;;;; +0F3E;;Sy;;;;;;;;;;;; +0F3F;;Sy;;;;;;;;;;;; +2018;;Sy;;;;;;;;;;;; +2019;;Sy;;;;;;;;;;;; +201A;;Sy;;;;;;;;;;;; +201B;;Sy;;;;;;;;;;;; +201C;;Sy;;;;;;;;;;;; +201D;;Sy;;;;;;;;;;;; +201E;;Sy;;;;;;;;;;;; +201F;;Sy;;;;;;;;;;;; +2039;;Sy;;;;;;;;;;;; +203A;;Sy;;;;;;;;;;;; +2045;;Sy;;;;;;;;;;;; +2046;;Sy;;;;;;;;;;;; +207D;;Sy;;;;;;;;;;;; +207E;;Sy;;;;;;;;;;;; +208D;;Sy;;;;;;;;;;;; +208E;;Sy;;;;;;;;;;;; +2329;;Sy;;;;;;;;;;;; +232A;;Sy;;;;;;;;;;;; +3008;;Sy;;;;;;;;;;;; +3009;;Sy;;;;;;;;;;;; +300A;;Sy;;;;;;;;;;;; +300B;;Sy;;;;;;;;;;;; +300C;;Sy;;;;;;;;;;;; +300D;;Sy;;;;;;;;;;;; +300E;;Sy;;;;;;;;;;;; +300F;;Sy;;;;;;;;;;;; +3010;;Sy;;;;;;;;;;;; +3011;;Sy;;;;;;;;;;;; +3014;;Sy;;;;;;;;;;;; +3015;;Sy;;;;;;;;;;;; +3016;;Sy;;;;;;;;;;;; +3017;;Sy;;;;;;;;;;;; +3018;;Sy;;;;;;;;;;;; +3019;;Sy;;;;;;;;;;;; +301A;;Sy;;;;;;;;;;;; +301B;;Sy;;;;;;;;;;;; +301D;;Sy;;;;;;;;;;;; +301E;;Sy;;;;;;;;;;;; +301F;;Sy;;;;;;;;;;;; +FD3E;;Sy;;;;;;;;;;;; +FD3F;;Sy;;;;;;;;;;;; +FE35;;Sy;;;;;;;;;;;; +FE36;;Sy;;;;;;;;;;;; +FE37;;Sy;;;;;;;;;;;; +FE38;;Sy;;;;;;;;;;;; +FE39;;Sy;;;;;;;;;;;; +FE3A;;Sy;;;;;;;;;;;; +FE3B;;Sy;;;;;;;;;;;; +FE3C;;Sy;;;;;;;;;;;; +FE3D;;Sy;;;;;;;;;;;; +FE3E;;Sy;;;;;;;;;;;; +FE3F;;Sy;;;;;;;;;;;; +FE40;;Sy;;;;;;;;;;;; +FE41;;Sy;;;;;;;;;;;; +FE42;;Sy;;;;;;;;;;;; +FE43;;Sy;;;;;;;;;;;; +FE44;;Sy;;;;;;;;;;;; +FE59;;Sy;;;;;;;;;;;; +FE5A;;Sy;;;;;;;;;;;; +FE5B;;Sy;;;;;;;;;;;; +FE5C;;Sy;;;;;;;;;;;; +FE5D;;Sy;;;;;;;;;;;; +FE5E;;Sy;;;;;;;;;;;; +FF08;;Sy;;;;;;;;;;;; +FF09;;Sy;;;;;;;;;;;; +FF3B;;Sy;;;;;;;;;;;; +FF3D;;Sy;;;;;;;;;;;; +FF5B;;Sy;;;;;;;;;;;; +FF5D;;Sy;;;;;;;;;;;; +FF62;;Sy;;;;;;;;;;;; +FF63;;Sy;;;;;;;;;;;; +# +# Hex digit. +# +0030;;Hd;;;;;;;;;;;; +0031;;Hd;;;;;;;;;;;; +0032;;Hd;;;;;;;;;;;; +0033;;Hd;;;;;;;;;;;; +0034;;Hd;;;;;;;;;;;; +0035;;Hd;;;;;;;;;;;; +0036;;Hd;;;;;;;;;;;; +0037;;Hd;;;;;;;;;;;; +0038;;Hd;;;;;;;;;;;; +0039;;Hd;;;;;;;;;;;; +0041;;Hd;;;;;;;;;;;; +0042;;Hd;;;;;;;;;;;; +0043;;Hd;;;;;;;;;;;; +0044;;Hd;;;;;;;;;;;; +0045;;Hd;;;;;;;;;;;; +0046;;Hd;;;;;;;;;;;; +0061;;Hd;;;;;;;;;;;; +0062;;Hd;;;;;;;;;;;; +0063;;Hd;;;;;;;;;;;; +0064;;Hd;;;;;;;;;;;; +0065;;Hd;;;;;;;;;;;; +0066;;Hd;;;;;;;;;;;; +FF10;;Hd;;;;;;;;;;;; +FF11;;Hd;;;;;;;;;;;; +FF12;;Hd;;;;;;;;;;;; +FF13;;Hd;;;;;;;;;;;; +FF14;;Hd;;;;;;;;;;;; +FF15;;Hd;;;;;;;;;;;; +FF16;;Hd;;;;;;;;;;;; +FF17;;Hd;;;;;;;;;;;; +FF18;;Hd;;;;;;;;;;;; +FF19;;Hd;;;;;;;;;;;; +FF21;;Hd;;;;;;;;;;;; +FF22;;Hd;;;;;;;;;;;; +FF23;;Hd;;;;;;;;;;;; +FF24;;Hd;;;;;;;;;;;; +FF25;;Hd;;;;;;;;;;;; +FF26;;Hd;;;;;;;;;;;; +FF41;;Hd;;;;;;;;;;;; +FF42;;Hd;;;;;;;;;;;; +FF43;;Hd;;;;;;;;;;;; +FF44;;Hd;;;;;;;;;;;; +FF45;;Hd;;;;;;;;;;;; +FF46;;Hd;;;;;;;;;;;; +# +# Quote marks. +# +0022;;Qm;;;;;;;;;;;; +0027;;Qm;;;;;;;;;;;; +00AB;;Qm;;;;;;;;;;;; +00BB;;Qm;;;;;;;;;;;; +2018;;Qm;;;;;;;;;;;; +2019;;Qm;;;;;;;;;;;; +201A;;Qm;;;;;;;;;;;; +201B;;Qm;;;;;;;;;;;; +201C;;Qm;;;;;;;;;;;; +201D;;Qm;;;;;;;;;;;; +201E;;Qm;;;;;;;;;;;; +201F;;Qm;;;;;;;;;;;; +2039;;Qm;;;;;;;;;;;; +203A;;Qm;;;;;;;;;;;; +300C;;Qm;;;;;;;;;;;; +300D;;Qm;;;;;;;;;;;; +300E;;Qm;;;;;;;;;;;; +300F;;Qm;;;;;;;;;;;; +301D;;Qm;;;;;;;;;;;; +301E;;Qm;;;;;;;;;;;; +301F;;Qm;;;;;;;;;;;; +FE41;;Qm;;;;;;;;;;;; +FE42;;Qm;;;;;;;;;;;; +FE43;;Qm;;;;;;;;;;;; +FE44;;Qm;;;;;;;;;;;; +FF02;;Qm;;;;;;;;;;;; +FF07;;Qm;;;;;;;;;;;; +FF62;;Qm;;;;;;;;;;;; +FF63;;Qm;;;;;;;;;;;; +# +# Special Devanagari forms +# +E900;DEVANAGARI KSHA LIGATURE;Lo;0;L;0915 094D 0937;;;;N;;;;; +E901;DEVANAGARI GNYA LIGATURE;Lo;0;L;091C 094D 091E;;;;N;;;;; +E902;DEVANAGARI TTA LIGATURE;Lo;0;L;0924 094D 0924;;;;N;;;;; +E903;DEVANAGARI TRA LIGATURE;Lo;0;L;0924 094D 0930;;;;N;;;;; +E904;DEVANAGARI SHCHA LIGATURE;Lo;0;L;0936 094D 091B;;;;N;;;;; +E905;DEVANAGARI SHRA LIGATURE;Lo;0;L;0936 094D 0930;;;;N;;;;; +E906;DEVANAGARI SHVA LIGATURE;Lo;0;L;0936 094D 0935;;;;N;;;;; +E907;DEVANAGARI KRA LIGATURE;Lo;0;L;;;;;N;;;;; +E908;DEVANAGARI JRA LIGATURE;Lo;0;L;;;;;N;;;;; +E909;DEVANAGARI ZRA LIGATURE;Lo;0;L;;;;;N;;;;; +E90A;DEVANAGARI PHRA LIGATURE;Lo;0;L;;;;;N;;;;; +E90B;DEVANAGARI FRA LIGATURE;Lo;0;L;;;;;N;;;;; +E90C;DEVANAGARI PRA LIGATURE;Lo;0;L;;;;;N;;;;; +E90D;DEVANAGARI SRA LIGATURE;Lo;0;L;;;;;N;;;;; +E90E;DEVANAGARI RU LIGATURE;Lo;0;L;;;;;N;;;;; +E90F;DEVANAGARI RUU LIGATURE;Lo;0;L;;;;;N;;;;; +E915;DEVANAGARI HALF LETTER KA;Lo;0;L;;;;;N;;;;; +E916;DEVANAGARI HALF LETTER KHA;Lo;0;L;;;;;N;;;;; +E917;DEVANAGARI HALF LETTER GA;Lo;0;L;;;;;N;;;;; +E918;DEVANAGARI HALF LETTER GHA;Lo;0;L;;;;;N;;;;; +E919;DEVANAGARI HALF LETTER NGA;Lo;0;L;;;;;N;;;;; +E91A;DEVANAGARI HALF LETTER CA;Lo;0;L;;;;;N;;;;; +E91B;DEVANAGARI HALF LETTER CHA;Lo;0;L;;;;;N;;;;; +E91C;DEVANAGARI HALF LETTER JA;Lo;0;L;;;;;N;;;;; +E91D;DEVANAGARI HALF LETTER JHA;Lo;0;L;;;;;N;;;;; +E91E;DEVANAGARI HALF LETTER NYA;Lo;0;L;;;;;N;;;;; +E91F;DEVANAGARI HALF LETTER TTA;Lo;0;L;;;;;N;;;;; +E920;DEVANAGARI HALF LETTER TTHA;Lo;0;L;;;;;N;;;;; +E921;DEVANAGARI HALF LETTER DDA;Lo;0;L;;;;;N;;;;; +E922;DEVANAGARI HALF LETTER DDHA;Lo;0;L;;;;;N;;;;; +E923;DEVANAGARI HALF LETTER NNA;Lo;0;L;;;;;N;;;;; +E924;DEVANAGARI HALF LETTER TA;Lo;0;L;;;;;N;;;;; +E925;DEVANAGARI HALF LETTER THA;Lo;0;L;;;;;N;;;;; +E926;DEVANAGARI HALF LETTER DA;Lo;0;L;;;;;N;;;;; +E927;DEVANAGARI HALF LETTER DHA;Lo;0;L;;;;;N;;;;; +E928;DEVANAGARI HALF LETTER NA;Lo;0;L;;;;;N;;;;; +E929;DEVANAGARI HALF LETTER NNNA;Lo;0;L;0928 093C;;;;N;;;;; +E92A;DEVANAGARI HALF LETTER PA;Lo;0;L;;;;;N;;;;; +E92B;DEVANAGARI HALF LETTER PHA;Lo;0;L;;;;;N;;;;; +E92C;DEVANAGARI HALF LETTER BA;Lo;0;L;;;;;N;;;;; +E92D;DEVANAGARI HALF LETTER BHA;Lo;0;L;;;;;N;;;;; +E92E;DEVANAGARI HALF LETTER MA;Lo;0;L;;;;;N;;;;; +E92F;DEVANAGARI HALF LETTER YA;Lo;0;L;;;;;N;;;;; +E930;DEVANAGARI HALF LETTER RA;Lo;0;L;;;;;N;;;;; +E931;DEVANAGARI HALF LETTER RRA;Lo;0;L;0930 093C;;;;N;;;;; +E932;DEVANAGARI HALF LETTER LA;Lo;0;L;;;;;N;;;;; +E933;DEVANAGARI HALF LETTER LLA;Lo;0;L;;;;;N;;;;; +E934;DEVANAGARI HALF LETTER LLLA;Lo;0;L;0933 093C;;;;N;;;;; +E935;DEVANAGARI HALF LETTER VA;Lo;0;L;;;;;N;;;;; +E936;DEVANAGARI HALF LETTER SHA;Lo;0;L;;;;;N;;;;; +E937;DEVANAGARI HALF LETTER SSA;Lo;0;L;;;;;N;;;;; +E938;DEVANAGARI HALF LETTER SA;Lo;0;L;;;;;N;;;;; +E939;DEVANAGARI HALF LETTER HA;Lo;0;L;;;;;N;;;;; +E940;DEVANAGARI KKA LIGATURE;Lo;0;L;0915 094D 0915;;;;N;;;;; +E941;DEVANAGARI KTA LIGATURE;Lo;0;L;0915 094D 0924;;;;N;;;;; +E942;DEVANAGARI NGKA LIGATURE;Lo;0;L;0919 094D 0915;;;;N;;;;; +E943;DEVANAGARI NGKHA LIGATURE;Lo;0;L;0919 094D 0916;;;;N;;;;; +E944;DEVANAGARI NGGA LIGATURE;Lo;0;L;0919 094D 0917;;;;N;;;;; +E945;DEVANAGARI NGGHA LIGATURE;Lo;0;L;0919 094D 0918;;;;N;;;;; +E946;DEVANAGARI NYJA LIGATURE;Lo;0;L;091E 094D 091C;;;;N;;;;; +E947;DEVANAGARI DGHA LIGATURE;Lo;0;L;0926 094D 0918;;;;N;;;;; +E948;DEVANAGARI DDA LIGATURE;Lo;0;L;0926 094D 0926;;;;N;;;;; +E949;DEVANAGARI DDHA LIGATURE;Lo;0;L;0926 094D 0927;;;;N;;;;; +E94A;DEVANAGARI DBA LIGATURE;Lo;0;L;0926 094D 092C;;;;N;;;;; +E94B;DEVANAGARI DBHA LIGATURE;Lo;0;L;0926 094D 092D;;;;N;;;;; +E94C;DEVANAGARI DMA LIGATURE;Lo;0;L;0926 094D 092E;;;;N;;;;; +E94D;DEVANAGARI DYA LIGATURE;Lo;0;L;0926 094D 092F;;;;N;;;;; +E94E;DEVANAGARI DVA LIGATURE;Lo;0;L;0926 094D 0935;;;;N;;;;; +E94F;DEVANAGARI TT-TTA LIGATURE;Lo;0;L;091F 094D 091F;;;;N;;;;; +E950;DEVANAGARI TT-TTHA LIGATURE;Lo;0;L;091F 094D 0920;;;;N;;;;; +E951;DEVANAGARI TTH-TTHA LIGATURE;Lo;0;L;0920 094D 0920;;;;N;;;;; +E952;DEVANAGARI DD-GA LIGATURE;Lo;0;L;0921 094D 0917;;;;N;;;;; +E953;DEVANAGARI DD-DDA LIGATURE;Lo;0;L;0921 094D 0921;;;;N;;;;; +E954;DEVANAGARI DD-DDHA LIGATURE;Lo;0;L;0921 094D 0922;;;;N;;;;; +E955;DEVANAGARI NNA LIGATURE;Lo;0;L;0928 094D 0928;;;;N;;;;; +E956;DEVANAGARI HMA LIGATURE;Lo;0;L;0939 094D 092E;;;;N;;;;; +E957;DEVANAGARI HYA LIGATURE;Lo;0;L;0939 094D 092F;;;;N;;;;; +E958;DEVANAGARI HLA LIGATURE;Lo;0;L;0939 094D 0932;;;;N;;;;; +E959;DEVANAGARI HVA LIGATURE;Lo;0;L;0939 094D 0935;;;;N;;;;; +E95A;DEVANAGARI STRA LIGATURE;Lo;0;L;0938 094D 0924 094D 0930;;;;N;;;;; +E970;DEVANAGARI HALF KSHA LIGATURE;Lo;0;L;0915 094D 0937;;;;N;;;;; +E971;DEVANAGARI HALF GNYA LIGATURE;Lo;0;L;091C 094D 091E;;;;N;;;;; +E972;DEVANAGARI HALF TTA LIGATURE;Lo;0;L;0924 094D 0924;;;;N;;;;; +E973;DEVANAGARI HALF TRA LIGATURE;Lo;0;L;0924 094D 0930;;;;N;;;;; +E974;DEVANAGARI HALF SHCHA LIGATURE;Lo;0;L;0936 094D 091B;;;;N;;;;; +E975;DEVANAGARI HALF SHRA LIGATURE;Lo;0;L;0936 094D 0930;;;;N;;;;; +E976;DEVANAGARI HALF SHVA LIGATURE;Lo;0;L;0936 094D 0935;;;;N;;;;; +E97B;DEVANAGARI SIGN RRA-REPHA;Mn;36;L;;;;;N;;;;; +E97C;DEVANAGARI HAR LIGATURE;Lo;0;L;0939 0943;;;;N;;;;; +E97D;DEVANAGARI SIGN EYELASH RA;Lo;0;L;;;;;N;;;;; +E97E;DEVANAGARI SIGN REPHA;Mn;36;L;;;;;N;;;;; +E97F;DEVANAGARI SIGN SUBJOINED RA;Mn;36;L;;;;;N;;;;; diff --git a/src/lib/krb5/unicode/ucdata/README b/src/lib/krb5/unicode/ucdata/README new file mode 100644 index 0000000000..6a02cc1857 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/README @@ -0,0 +1,313 @@ +# +# $Id: README,v 1.33 2001/01/02 18:46:19 mleisher Exp $ +# + + MUTT UCData Package 2.5 + ----------------------- + +This is a package that supports ctype-like operations for Unicode UCS-2 text +(and surrogates), case mapping, decomposition lookup, and provides a +bidirectional reordering algorithm. To use it, you will need to get the +latest "UnicodeData-*.txt" (or later) file from the Unicode Web or FTP site. + +The character information portion of the package consists of three parts: + + 1. A program called "ucgendat" which generates five data files from the + UnicodeData-*.txt file. The files are: + + A. case.dat - the case mappings. + B. ctype.dat - the character property tables. + C. comp.dat - the character composition pairs. + D. decomp.dat - the character decompositions. + E. cmbcl.dat - the non-zero combining classes. + F. num.dat - the codes representing numbers. + + 2. The "ucdata.[ch]" files which implement the functions needed to + check to see if a character matches groups of properties, to map between + upper, lower, and title case, to look up the decomposition of a + character, look up the combining class of a character, and get the number + value of a character. + + 3. The UCData.java class which provides the same API (with minor changes for + the numbers) and loads the same binary data files as the C code. + +A short reference to the functions available is in the "api.txt" file. + +Techie Details +============== + +The "ucgendat" program parses files from the command line which are all in the +Unicode Character Database (UCDB) format. An additional properties file, +"MUTTUCData.txt", provides some extra properties for some characters. + +The program looks for the two character properties fields (2 and 4), the +combining class field (3), the decomposition field (5), the numeric value +field (8), and the case mapping fields (12, 13, and 14). The decompositions +are recursively expanded before being written out. + +The decomposition table contains all the canonical decompositions. This means +all decompositions that do not have tags such as "" or "". + +The data is almost all stored as unsigned longs (32-bits assumed) and the +routines that load the data take care of endian swaps when necessary. This +also means that supplementary characters (>= 0x10000) can be placed in the +data files the "ucgendat" program parses. + +The data is written as external files and broken into six parts so it can be +selectively updated at runtime if necessary. + +The data files currently generated from the "ucgendat" program total about 56K +in size all together. + +The format of the binary data files is documented in the "format.txt" file. + +========================================================================== + + The "Pretty Good Bidi Algorithm" + -------------------------------- + +This routine provides an alternative to the Unicode Bidi algorithm. The +difference is that this version of the PGBA does not handle the explicit +directional codes (LRE, RLE, LRO, RLO, PDF). It should now produce the same +results as the Unicode BiDi algorithm for implicit reordering. Included are +functions for doing cursor motion in both logical and visual order. + +This implementation is provided to demonstrate an effective alternate method +for implicit reordering. To make this useful for an application, it probably +needs some changes to the memory allocation and deallocation, as well as data +structure additions for rendering. + +Mark Leisher +19 November 1999 + +----------------------------------------------------------------------------- + +CHANGES +======= +Version 2.5 +----------- +1. Changed the number lookup to set the denominator to 1 in cases of digits. + This restores functional compatibility with John Cowan's UCType package. + +2. Added support for the AL property. + +3. Modified load and reload functions to return error codes. + +Version 2.4 +----------- +1. Improved some bidi algorithm documentation in the code. + +2. Fixed a code mixup that produced a non-working version. + +Version 2.3 +----------- +1. Fixed a misspelling in the ucpgba.h header file. + +2. Fixed a bug which caused trailing weak non-digit sequences to be left out of + the reordered string in the bidi algorithm. + +3. Fixed a problem with weak sequences containing non-spacing marks in the + bidi algorithm. + +4. Fixed a problem with text runs of the opposite direction of the string + surrounding a weak + neutral text run appearing in the wrong order in the + bidi algorithm. + +5. Added a default overall direction parameter to the reordering function for + cases of strings with no strong directional characters in the bidi + algorithm. + +6. The bidi API documentation was improved. + +7. Added a man page for the bidi API. + +Version 2.2 +----------- +1. Fixed a problem with the bidi algorithm locating directional section + boundaries. + +2. Fixed a problem with the bidi algorithm starting the reordering correctly. + +3. Fixed a problem with the bidi algorithm determining end boundaries for LTR + segments. + +4. Fixed a problem with the bidi algorithm reordering weak (digits and number + separators) segments. + +5. Added automatic switching of symmetrically paired characters when + reversing RTL segments. + +6. Added a missing symmetric character to the extra character properties in + MUTTUCData.txt. + +7. Added support for doing logical and visual cursor traversal. + +Version 2.1 +----------- +1. Updated the ucgendat program to handle the Unicode 3.0 character database + properties. The AL and BM bidi properties gets marked as strong RTL and + Other Neutral, the NSM, LRE, RLE, PDF, LRO, and RLO controls all get marked + as Other Neutral. + +2. Fixed some problems with testing against signed values in the UCData.java + code and some minor cleanup. + +3. Added the "Pretty Good Bidi Algorithm." + +Version 2.0 +----------- +1. Removed the old Java stuff for a new class that loads directly from the + same data files as the C code does. + +2. Fixed a problem with choosing the correct field when mapping case. + +3. Adjust some search routines to start their search in the correct position. + +4. Moved the copyright year to 1999. + +Version 1.9 +----------- +1. Fixed a problem with an incorrect amount of storage being allocated for the + combining class nodes. + +2. Fixed an invalid initialization in the number code. + +3. Changed the Java template file formatting a bit. + +4. Added tables and function for getting decompositions in the Java class. + +Version 1.8 +----------- +1. Fixed a problem with adding certain ranges. + +2. Added two more macros for testing for identifiers. + +3. Tested with the UnicodeData-2.1.5.txt file. + +Version 1.7 +----------- +1. Fixed a problem with looking up decompositions in "ucgendat." + +Version 1.6 +----------- +1. Added two new properties introduced with UnicodeData-2.1.4.txt. + +2. Changed the "ucgendat.c" program a little to automatically align the + property data on a 4-byte boundary when new properties are added. + +3. Changed the "ucgendat.c" programs to only generate canonical + decompositions. + +4. Added two new macros ucisinitialpunct() and ucisfinalpunct() to check for + initial and final punctuation characters. + +5. Minor additions and changes to the documentation. + +Version 1.5 +----------- +1. Changed all file open calls to include binary mode with "b" for DOS/WIN + platforms. + +2. Wrapped the unistd.h include so it won't be included when compiled under + Win32. + +3. Fixed a bad range check for hex digits in ucgendat.c. + +4. Fixed a bad endian swap for combining classes. + +5. Added code to make a number table and associated lookup functions. + Functions added are ucnumber(), ucdigit(), and ucgetnumber(). The last + function is to maintain compatibility with John Cowan's "uctype" package. + +Version 1.4 +----------- +1. Fixed a bug with adding a range. + +2. Fixed a bug with inserting a range in order. + +3. Fixed incorrectly specified ucisdefined() and ucisundefined() macros. + +4. Added the missing unload for the combining class data. + +5. Fixed a bad macro placement in ucisweak(). + +Version 1.3 +----------- +1. Bug with case mapping calculations fixed. + +2. Bug with empty character property entries fixed. + +3. Bug with incorrect type in the combining class lookup fixed. + +4. Some corrections done to api.txt. + +5. Bug in certain character property lookups fixed. + +6. Added a character property table that records the defined characters. + +7. Replaced ucisunknown() with ucisdefined() and ucisundefined(). + +Version 1.2 +----------- +1. Added code to ucgendat to generate a combining class table. + +2. Fixed an endian problem with the byte count of decompositions. + +3. Fixed some minor problems in the "format.txt" file. + +4. Removed some bogus "Ss" values from MUTTUCData.txt file. + +5. Added API function to get combining class. + +6. Changed the open mode to "rb" so binary data files will be opened correctly + on DOS/WIN as well as other platforms. + +7. Added the "api.txt" file. + +Version 1.1 +----------- +1. Added ucisxdigit() which I overlooked. + +2. Added UC_LT to the ucisalpha() macro which I overlooked. + +3. Change uciscntrl() to include UC_CF. + +4. Added ucisocntrl() and ucfntcntrl() macros. + +5. Added a ucisblank() which I overlooked. + +6. Added missing properties to ucissymbol() and ucisnumber(). + +7. Added ucisgraph() and ucisprint(). + +8. Changed the "Mr" property to "Sy" to mark this subset of mirroring + characters as symmetric to avoid trampling the Unicode/ISO10646 sense of + mirroring. + +9. Added another property called "Ss" which includes control characters + traditionally seen as spaces in the isspace() macro. + +10. Added a bunch of macros to be API compatible with John Cowan's package. + +ACKNOWLEDGEMENTS +================ + +Thanks go to John Cowan for pointing out lots of +missing things and giving me stuff, particularly a bunch of new macros. + +Thanks go to Bob Verbrugge for pointing out +various bugs. + +Thanks go to Christophe Pierret for pointing +out that file modes need to have "b" for DOS/WIN machines, pointing out +unistd.h is not a Win 32 header, and pointing out a problem with ucisalnum(). + +Thanks go to Kent Johnson for finding a bug that caused +incomplete decompositions to be generated by the "ucgendat" program. + +Thanks go to Valeriy E. Ushakov for spotting an allocation +error and an initialization error. + +Thanks go to Stig Venaas for providing a patch to +support return types on load and reload, and for major updates to handle +canonical composition and decomposition. diff --git a/src/lib/krb5/unicode/ucdata/api.txt b/src/lib/krb5/unicode/ucdata/api.txt new file mode 100644 index 0000000000..59170ba42d --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/api.txt @@ -0,0 +1,401 @@ +# +# $Id: api.txt,v 1.3 2001/01/02 18:46:20 mleisher Exp $ +# + + The MUTT UCData API + ------------------- + + +#### +NOTE: This library has been customized for use with OpenLDAP. The character +data tables are hardcoded into the library and the load/unload/reload +functions are no-ops. Also, the MUTT API claimed to be compatible with +John Cowan's library but its ucnumber behavior was broken. This has been +fixed in the OpenLDAP release. + +By default, the implementation specific properties in MUTTUCData.txt are +not incorporated into the OpenLDAP build. You can supply them to ucgendat +and recreate uctable.h if you need them. + -- hyc@openldap.org +#### + + +----------------------------------------------------------------------------- + +Macros that combine to select data tables for ucdata_load(), ucdata_unload(), +and ucdata_reload(). + +#define UCDATA_CASE 0x01 +#define UCDATA_CTYPE 0x02 +#define UCDATA_DECOMP 0x04 +#define UCDATA_CMBCL 0x08 +#define UCDATA_NUM 0x10 +#define UCDATA_COMP 0x20 +#define UCATA_ALL (UCDATA_CASE|UCDATA_CTYPE|UCDATA_DECOMP|\ + UCDATA_CMBCL|UCDATA_NUM|UCDATA_COMP) +----------------------------------------------------------------------------- + +void ucdata_load(char *paths, int masks) + + This function initializes the UCData library by locating the data files in + one of the colon-separated directories in the `paths' parameter. The data + files to be loaded are specified in the `masks' parameter as a bitwise + combination of the macros listed above. + + This should be called before using any of the other functions. + + NOTE: the ucdata_setup(char *paths) function is now a macro that expands + into this function at compile time. + +----------------------------------------------------------------------------- + +void ucdata_unload(int masks) + + This function unloads the data tables specified in the `masks' parameter. + + This function should be called when the application is done using the UCData + package. + + NOTE: the ucdata_cleanup() function is now a macro that expands into this + function at compile time. + +----------------------------------------------------------------------------- + +void ucdata_reload(char *paths, int masks) + + This function reloads the data files from one of the colon-separated + directories in the `paths' parameter. The data files to be reloaded are + specified in the `masks' parameter as a bitwise combination of the macros + listed above. + + If the data files have already been loaded, they are unloaded before the + data files are loaded again. + +----------------------------------------------------------------------------- + +int ucdecomp(unsigned long code, unsigned long *num, unsigned long **decomp) + + This function determines if a character has a decomposition and returns the + decomposition information if it exists. + + If a zero is returned, there is no decomposition. If a non-zero is + returned, then the `num' and `decomp' variables are filled in with the + appropriate values. + + Example call: + + unsigned long i, num, *decomp; + + if (ucdecomp(0x1d5, &num, &decomp) != 0) { + for (i = 0; i < num; i++) + printf("0x%08lX,", decomp[i]); + putchar('\n'); + } + +int uccanondecomp(const unsigned long *in, int inlen, unsigned long **out, + int *outlen) + + This function decomposes an input string and does canonical reordering of + the characters at the same time. + + If a -1 is returned, memory allocation was not successful. If a zero is + returned, no decomposition occured. Any other value means the output string + contains the fully decomposed string in canonical order. + + If the "outlen" parameter comes back with a value > 0, then the string + returned in the "out" parameter needs to be deallocated by the caller. + +----------------------------------------------------------------------------- + +int ucdecomp_hangul(unsigned long code, unsigned long *num, + unsigned long decomp[]) + + This function determines if a Hangul syllable has a decomposition and + returns the decomposition information. + + An array of at least size 3 should be passed to the function for the + decomposition of the syllable. + + If a zero is returned, the character is not a Hangul syllable. If a + non-zero is returned, the `num' field will be 2 or 3 and the syllable will + be decomposed into the `decomp' array arithmetically. + + Example call: + + unsigned long i, num, decomp[3]; + + if (ucdecomp_hangul(0xb1ba, &num, &decomp) != 0) { + for (i = 0; i < num; i++) + printf("0x%08lX,", decomp[i]); + putchar('\n'); + } + +----------------------------------------------------------------------------- + +int uccomp(unsigned long ch1, unsigned long ch2, unsigned long *comp) + + This function takes a pair of characters and determines if they combine to + form another character. + + If a zero is returned, no composition is formed by the character pair. Any + other value indicates the "comp" parameter has a value. + +int uccomp_hangul(unsigned long *str, int len) + + This function composes the Hangul Jamo in the string. The composition is + done in-place. + + The return value provides the new length of the string. This will be + smaller than "len" if compositions occured. + +int uccanoncomp(unsigned long *str, int len) + + This function does a canonical composition of characters in the string. + + The return value is the new length of the string. + +----------------------------------------------------------------------------- + +struct ucnumber { + int numerator; + int denominator; +}; + +int ucnumber_lookup(unsigned long code, struct ucnumber *num) + + This function determines if the code is a number and fills in the `num' + field with the numerator and denominator. If the code happens to be a + single digit, the denominator field will be 1. + +#### +The original code would set numerator = denominator for regular digits. +However, the Readme also claimed to be compatible with John Cowan's uctype +library, but this behavior is both nonsensical and incompatible with the +Cowan library. As such, it has been fixed here as described above. + -- hyc@openldap.org +#### + + If the function returns 0, the code is not a number. Any other return + value means the code is a number. + +int ucdigit_lookup(unsigned long code, int *digit) + + This function determines if the code is a digit and fills in the `digit' + field with the digit value. + + If the function returns 0, the code is not a number. Any other return + value means the code is a number. + +struct ucnumber ucgetnumber(unsigned long code) + + This is a compatibility function with John Cowan's "uctype" package. It + uses ucnumber_lookup(). + +int ucgetdigit(unsigned long code) + + This is a compatibility function with John Cowan's "uctype" package. It + uses ucdigit_lookup(). + +----------------------------------------------------------------------------- + +unsigned long uctoupper(unsigned long code) + + This function returns the code unchanged if it is already upper case or has + no upper case equivalent. Otherwise the upper case equivalent is returned. + +----------------------------------------------------------------------------- + +unsigned long uctolower(unsigned long code) + + This function returns the code unchanged if it is already lower case or has + no lower case equivalent. Otherwise the lower case equivalent is returned. + +----------------------------------------------------------------------------- + +unsigned long uctotitle(unsigned long code) + + This function returns the code unchanged if it is already title case or has + no title case equivalent. Otherwise the title case equivalent is returned. + +----------------------------------------------------------------------------- + +int ucisalpha(unsigned long code) +int ucisalnum(unsigned long code) +int ucisdigit(unsigned long code) +int uciscntrl(unsigned long code) +int ucisspace(unsigned long code) +int ucisblank(unsigned long code) +int ucispunct(unsigned long code) +int ucisgraph(unsigned long code) +int ucisprint(unsigned long code) +int ucisxdigit(unsigned long code) + +int ucisupper(unsigned long code) +int ucislower(unsigned long code) +int ucistitle(unsigned long code) + + These functions (actually macros) determine if a character has these + properties. These behave in a fashion very similar to the venerable ctype + package. + +----------------------------------------------------------------------------- + +int ucisisocntrl(unsigned long code) + + Is the character a C0 control character (< 32) ? + +int ucisfmtcntrl(unsigned long code) + + Is the character a format control character? + +int ucissymbol(unsigned long code) + + Is the character a symbol? + +int ucisnumber(unsigned long code) + + Is the character a number or digit? + +int ucisnonspacing(unsigned long code) + + Is the character non-spacing? + +int ucisopenpunct(unsigned long code) + + Is the character an open/left punctuation (i.e. '[') + +int ucisclosepunct(unsigned long code) + + Is the character an close/right punctuation (i.e. ']') + +int ucisinitialpunct(unsigned long code) + + Is the character an initial punctuation (i.e. U+2018 LEFT SINGLE QUOTATION + MARK) + +int ucisfinalpunct(unsigned long code) + + Is the character a final punctuation (i.e. U+2019 RIGHT SINGLE QUOTATION + MARK) + +int uciscomposite(unsigned long code) + + Can the character be decomposed into a set of other characters? + +int ucisquote(unsigned long code) + + Is the character one of the many quotation marks? + +int ucissymmetric(unsigned long code) + + Is the character one that has an opposite form (i.e. <>) + +int ucismirroring(unsigned long code) + + Is the character mirroring (superset of symmetric)? + +int ucisnonbreaking(unsigned long code) + + Is the character non-breaking (i.e. non-breaking space)? + +int ucisrtl(unsigned long code) + + Does the character have strong right-to-left directionality (i.e. Arabic + letters)? + +int ucisltr(unsigned long code) + + Does the character have strong left-to-right directionality (i.e. Latin + letters)? + +int ucisstrong(unsigned long code) + + Does the character have strong directionality? + +int ucisweak(unsigned long code) + + Does the character have weak directionality (i.e. numbers)? + +int ucisneutral(unsigned long code) + + Does the character have neutral directionality (i.e. whitespace)? + +int ucisseparator(unsigned long code) + + Is the character a block or segment separator? + +int ucislsep(unsigned long code) + + Is the character a line separator? + +int ucispsep(unsigned long code) + + Is the character a paragraph separator? + +int ucismark(unsigned long code) + + Is the character a mark of some kind? + +int ucisnsmark(unsigned long code) + + Is the character a non-spacing mark? + +int ucisspmark(unsigned long code) + + Is the character a spacing mark? + +int ucismodif(unsigned long code) + + Is the character a modifier letter? + +int ucismodifsymbol(unsigned long code) + + Is the character a modifier symbol? + +int ucisletnum(unsigned long code) + + Is the character a number represented by a letter? + +int ucisconnect(unsigned long code) + + Is the character connecting punctuation? + +int ucisdash(unsigned long code) + + Is the character dash punctuation? + +int ucismath(unsigned long code) + + Is the character a math character? + +int uciscurrency(unsigned long code) + + Is the character a currency character? + +int ucisenclosing(unsigned long code) + + Is the character enclosing (i.e. enclosing box)? + +int ucisprivate(unsigned long code) + + Is the character from the Private Use Area? + +int ucissurrogate(unsigned long code) + + Is the character one of the surrogate codes? + +int ucisdefined(unsigned long code) + + Is the character defined (appeared in one of the data files)? + +int ucisundefined(unsigned long code) + + Is the character not defined (non-Unicode)? + +int ucishan(unsigned long code) + + Is the character a Han ideograph? + +int ucishangul(unsigned long code) + + Is the character a pre-composed Hangul syllable? diff --git a/src/lib/krb5/unicode/ucdata/bidiapi.txt b/src/lib/krb5/unicode/ucdata/bidiapi.txt new file mode 100644 index 0000000000..dffd12e5fe --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/bidiapi.txt @@ -0,0 +1,84 @@ +# +# $Id: bidiapi.txt,v 1.2 1999/11/19 15:24:29 mleisher Exp $ +# + + "Pretty Good Bidi Algorithm" API + +The PGBA (Pretty Good Bidi Algorithm) is an effective alternative to the +Unicode BiDi algorithm. It currently provides only implicit reordering and +does not yet support explicit reordering codes that the Unicode BiDi algorithm +supports. In addition to reordering, the PGBA includes cursor movement +support for both visual and logical navigation. + +----------------------------------------------------------------------------- + +#define UCPGBA_LTR 0 +#define UCPGBA_RTL 1 + + These macros appear in the `direction' field of the data structures. + +#define UCPGBA_CURSOR_VISUAL 0 +#define UCPGBA_CURSOR_LOGICAL 1 + + These macros are used to set the cursor movement for each reordered string. + +----------------------------------------------------------------------------- + +ucstring_t *ucstring_create(unsigned long *source, unsigned long start, + unsigned long end, int default_direction, + int cursor_motion) + + This function will create a reordered string by using the implicit + directionality of the characters in the specified substring. + + The `default_direction' parameter should be one of UCPGBA_LTR or UCPGBA_RTL + and is used only in cases where a string contains no characters with strong + directionality. + + The `cursor_motion' parameter should be one of UCPGBA_CURSOR_VISUAL or + UCPGBA_CURSOR_LOGICAL, and is used to specify the initial cursor motion + behavior. This behavior can be switched at any time using + ustring_set_cursor_motion(). + +----------------------------------------------------------------------------- + +void ucstring_free(ucstring_t *string) + + This function will deallocate the memory used by the string, incuding the + string itself. + +----------------------------------------------------------------------------- + +void ucstring_cursor_info(ustring_t *string, int *direction, + unsigned long *position) + + This function will return the text position of the internal cursor and the + directionality of the text at that position. The position returned is the + original text position of the character. + +----------------------------------------------------------------------------- + +int ucstring_set_cursor_motion(ucstring_t *string, int cursor_motion) + + This function will change the cursor motion type and return the previous + cursor motion type. + +----------------------------------------------------------------------------- + +int ucstring_cursor_right(ucstring_t *string, int count) + + This function will move the internal cursor to the right according to the + type of cursor motion set for the string. + + If no cursor motion is performed, it returns 0. Otherwise it will return a + 1. + +----------------------------------------------------------------------------- + +int ucstring_cursor_left(ucstring_t *string, int count) + + This function will move the internal cursor to the left according to the + type of cursor motion set for the string. + + If no cursor motion is performed, it returns 0. Otherwise it will return a + 1. diff --git a/src/lib/krb5/unicode/ucdata/format.txt b/src/lib/krb5/unicode/ucdata/format.txt new file mode 100644 index 0000000000..e285b39089 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/format.txt @@ -0,0 +1,267 @@ +# +# $Id: format.txt,v 1.2 2001/01/02 18:46:20 mleisher Exp $ +# + +CHARACTER DATA +============== + +This package generates some data files that contain character properties useful +for text processing. + +CHARACTER PROPERTIES +==================== + +The first data file is called "ctype.dat" and contains a compressed form of +the character properties found in the Unicode Character Database (UCDB). +Additional properties can be specified in limited UCDB format in another file +to avoid modifying the original UCDB. + +The following is a property name and code table to be used with the character +data: + +NAME CODE DESCRIPTION +--------------------- +Mn 0 Mark, Non-Spacing +Mc 1 Mark, Spacing Combining +Me 2 Mark, Enclosing +Nd 3 Number, Decimal Digit +Nl 4 Number, Letter +No 5 Number, Other +Zs 6 Separator, Space +Zl 7 Separator, Line +Zp 8 Separator, Paragraph +Cc 9 Other, Control +Cf 10 Other, Format +Cs 11 Other, Surrogate +Co 12 Other, Private Use +Cn 13 Other, Not Assigned +Lu 14 Letter, Uppercase +Ll 15 Letter, Lowercase +Lt 16 Letter, Titlecase +Lm 17 Letter, Modifier +Lo 18 Letter, Other +Pc 19 Punctuation, Connector +Pd 20 Punctuation, Dash +Ps 21 Punctuation, Open +Pe 22 Punctuation, Close +Po 23 Punctuation, Other +Sm 24 Symbol, Math +Sc 25 Symbol, Currency +Sk 26 Symbol, Modifier +So 27 Symbol, Other +L 28 Left-To-Right +R 29 Right-To-Left +EN 30 European Number +ES 31 European Number Separator +ET 32 European Number Terminator +AN 33 Arabic Number +CS 34 Common Number Separator +B 35 Block Separator +S 36 Segment Separator +WS 37 Whitespace +ON 38 Other Neutrals +Pi 47 Punctuation, Initial +Pf 48 Punctuation, Final +# +# Implementation specific properties. +# +Cm 39 Composite +Nb 40 Non-Breaking +Sy 41 Symmetric (characters which are part of open/close pairs) +Hd 42 Hex Digit +Qm 43 Quote Mark +Mr 44 Mirroring +Ss 45 Space, Other (controls viewed as spaces in ctype isspace()) +Cp 46 Defined character + +The actual binary data is formatted as follows: + + Assumptions: unsigned short is at least 16-bits in size and unsigned long + is at least 32-bits in size. + + unsigned short ByteOrderMark + unsigned short OffsetArraySize + unsigned long Bytes + unsigned short Offsets[OffsetArraySize + 1] + unsigned long Ranges[N], N = value of Offsets[OffsetArraySize] + + The Bytes field provides the total byte count used for the Offsets[] and + Ranges[] arrays. The Offsets[] array is aligned on a 4-byte boundary and + there is always one extra node on the end to hold the final index of the + Ranges[] array. The Ranges[] array contains pairs of 4-byte values + representing a range of Unicode characters. The pairs are arranged in + increasing order by the first character code in the range. + + Determining if a particular character is in the property list requires a + simple binary search to determine if a character is in any of the ranges + for the property. + + If the ByteOrderMark is equal to 0xFFFE, then the data was generated on a + machine with a different endian order and the values must be byte-swapped. + + To swap a 16-bit value: + c = (c >> 8) | ((c & 0xff) << 8) + + To swap a 32-bit value: + c = ((c & 0xff) << 24) | (((c >> 8) & 0xff) << 16) | + (((c >> 16) & 0xff) << 8) | (c >> 24) + +CASE MAPPINGS +============= + +The next data file is called "case.dat" and contains three case mapping tables +in the following order: upper, lower, and title case. Each table is in +increasing order by character code and each mapping contains 3 unsigned longs +which represent the possible mappings. + +The format for the binary form of these tables is: + + unsigned short ByteOrderMark + unsigned short NumMappingNodes, count of all mapping nodes + unsigned short CaseTableSizes[2], upper and lower mapping node counts + unsigned long CaseTables[NumMappingNodes] + + The starting indexes of the case tables are calculated as following: + + UpperIndex = 0; + LowerIndex = CaseTableSizes[0] * 3; + TitleIndex = LowerIndex + CaseTableSizes[1] * 3; + + The order of the fields for the three tables are: + + Upper case + ---------- + unsigned long upper; + unsigned long lower; + unsigned long title; + + Lower case + ---------- + unsigned long lower; + unsigned long upper; + unsigned long title; + + Title case + ---------- + unsigned long title; + unsigned long upper; + unsigned long lower; + + If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the + same way as described in the CHARACTER PROPERTIES section. + + Because the tables are in increasing order by character code, locating a + mapping requires a simple binary search on one of the 3 codes that make up + each node. + + It is important to note that there can only be 65536 mapping nodes which + divided into 3 portions allows 21845 nodes for each case mapping table. The + distribution of mappings may be more or less than 21845 per table, but only + 65536 are allowed. + +COMPOSITIONS +============ + +This data file is called "comp.dat" and contains data that tracks character +pairs that have a single Unicode value representing the combination of the two +characters. + +The format for the binary form of this table is: + + unsigned short ByteOrderMark + unsigned short NumCompositionNodes, count of composition nodes + unsigned long Bytes, total number of bytes used for composition nodes + unsigned long CompositionNodes[NumCompositionNodes * 4] + + If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the + same way as described in the CHARACTER PROPERTIES section. + + The CompositionNodes[] array consists of groups of 4 unsigned longs. The + first of these is the character code representing the combination of two + other character codes, the second records the number of character codes that + make up the composition (not currently used), and the last two are the pair + of character codes whose combination is represented by the character code in + the first field. + +DECOMPOSITIONS +============== + +The next data file is called "decomp.dat" and contains the decomposition data +for all characters with decompositions containing more than one character and +are *not* compatibility decompositions. Compatibility decompositions are +signaled in the UCDB format by the use of the tag in the +decomposition field. Each list of character codes represents a full +decomposition of a composite character. The nodes are arranged in increasing +order by character code. + +The format for the binary form of this table is: + + unsigned short ByteOrderMark + unsigned short NumDecompNodes, count of all decomposition nodes + unsigned long Bytes + unsigned long DecompNodes[(NumDecompNodes * 2) + 1] + unsigned long Decomp[N], N = sum of all counts in DecompNodes[] + + If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the + same way as described in the CHARACTER PROPERTIES section. + + The DecompNodes[] array consists of pairs of unsigned longs, the first of + which is the character code and the second is the initial index of the list + of character codes representing the decomposition. + + Locating the decomposition of a composite character requires a binary search + for a character code in the DecompNodes[] array and using its index to + locate the start of the decomposition. The length of the decomposition list + is the index in the following element in DecompNode[] minus the current + index. + +COMBINING CLASSES +================= + +The fourth data file is called "cmbcl.dat" and contains the characters with +non-zero combining classes. + +The format for the binary form of this table is: + + unsigned short ByteOrderMark + unsigned short NumCCLNodes + unsigned long Bytes + unsigned long CCLNodes[NumCCLNodes * 3] + + If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the + same way as described in the CHARACTER PROPERTIES section. + + The CCLNodes[] array consists of groups of three unsigned longs. The first + and second are the beginning and ending of a range and the third is the + combining class of that range. + + If a character is not found in this table, then the combining class is + assumed to be 0. + + It is important to note that only 65536 distinct ranges plus combining class + can be specified because the NumCCLNodes is usually a 16-bit number. + +NUMBER TABLE +============ + +The final data file is called "num.dat" and contains the characters that have +a numeric value associated with them. + +The format for the binary form of the table is: + + unsigned short ByteOrderMark + unsigned short NumNumberNodes + unsigned long Bytes + unsigned long NumberNodes[NumNumberNodes] + unsigned short ValueNodes[(Bytes - (NumNumberNodes * sizeof(unsigned long))) + / sizeof(short)] + + If the ByteOrderMark is equal to 0xFFFE, endian swapping is required in the + same way as described in the CHARACTER PROPERTIES section. + + The NumberNodes array contains pairs of values, the first of which is the + character code and the second an index into the ValueNodes array. The + ValueNodes array contains pairs of integers which represent the numerator + and denominator of the numeric value of the character. If the character + happens to map to an integer, both the values in ValueNodes will be the + same. diff --git a/src/lib/krb5/unicode/ucdata/ucdata.c b/src/lib/krb5/unicode/ucdata/ucdata.c new file mode 100644 index 0000000000..590ad2feea --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/ucdata.c @@ -0,0 +1,1494 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.c,v 1.36 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 2001 Computing Research Labs, New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: ucdata.c,v 1.4 2001/01/02 18:46:20 mleisher Exp $" */ + +#include "k5-int.h" +#include "k5-utf8.h" +#include "k5-unicode.h" + +#include "ucdata.h" + +#ifndef HARDCODE_DATA +#define HARDCODE_DATA 1 +#endif + +#if HARDCODE_DATA +#include "uctable.h" +#endif + +/************************************************************************** + * + * Miscellaneous types, data, and support functions. + * + **************************************************************************/ + +typedef struct { + krb5_ui_2 bom; + krb5_ui_2 cnt; + union { + krb5_ui_4 bytes; + krb5_ui_2 len[2]; + } size; +} _ucheader_t; + +/* + * A simple array of 32-bit masks for lookup. + */ +static krb5_ui_4 masks32[32] = { + 0x00000001UL, 0x00000002UL, 0x00000004UL, 0x00000008UL, + 0x00000010UL, 0x00000020UL, 0x00000040UL, 0x00000080UL, + 0x00000100UL, 0x00000200UL, 0x00000400UL, 0x00000800UL, + 0x00001000UL, 0x00002000UL, 0x00004000UL, 0x00008000UL, + 0x00010000UL, 0x00020000UL, 0x00040000UL, 0x00080000UL, + 0x00100000UL, 0x00200000UL, 0x00400000UL, 0x00800000UL, + 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL, + 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL +}; + +#define endian_short(cc) (((cc) >> 8) | (((cc) & 0xff) << 8)) +#define endian_long(cc) ((((cc) & 0xff) << 24)|((((cc) >> 8) & 0xff) << 16)|\ + ((((cc) >> 16) & 0xff) << 8)|((cc) >> 24)) + +#if !HARDCODE_DATA +static FILE * +_ucopenfile(char *paths, char *filename, char *mode) +{ + FILE *f; + char *fp, *dp, *pp, path[BUFSIZ]; + + if (filename == 0 || *filename == 0) + return 0; + + dp = paths; + while (dp && *dp) { + pp = path; + while (*dp && *dp != ':') + *pp++ = *dp++; + *pp++ = *LDAP_DIRSEP; + + fp = filename; + while (*fp) + *pp++ = *fp++; + *pp = 0; + + if ((f = fopen(path, mode)) != 0) + return f; + + if (*dp == ':') + dp++; + } + + return 0; +} +#endif + +/************************************************************************** + * + * Support for the character properties. + * + **************************************************************************/ + +#if !HARDCODE_DATA + +static krb5_ui_4 _ucprop_size; +static krb5_ui_2 *_ucprop_offsets; +static krb5_ui_4 *_ucprop_ranges; + +/* + * Return -1 on error, 0 if okay + */ +static int +_ucprop_load(char *paths, int reload) +{ + FILE *in; + krb5_ui_4 size, i; + _ucheader_t hdr; + + if (_ucprop_size > 0) { + if (!reload) + /* + * The character properties have already been loaded. + */ + return 0; + + /* + * Unload the current character property data in preparation for + * loading a new copy. Only the first array has to be deallocated + * because all the memory for the arrays is allocated as a single + * block. + */ + free((char *) _ucprop_offsets); + _ucprop_size = 0; + } + + if ((in = _ucopenfile(paths, "ctype.dat", "rb")) == 0) + return -1; + + /* + * Load the header. + */ + fread((char *) &hdr, sizeof(_ucheader_t), 1, in); + + if (hdr.bom == 0xfffe) { + hdr.cnt = endian_short(hdr.cnt); + hdr.size.bytes = endian_long(hdr.size.bytes); + } + + if ((_ucprop_size = hdr.cnt) == 0) { + fclose(in); + return -1; + } + + /* + * Allocate all the storage needed for the lookup table. + */ + _ucprop_offsets = (krb5_ui_2 *) malloc(hdr.size.bytes); + + /* + * Calculate the offset into the storage for the ranges. The offsets + * array is on a 4-byte boundary and one larger than the value provided in + * the header count field. This means the offset to the ranges must be + * calculated after aligning the count to a 4-byte boundary. + */ + if ((size = ((hdr.cnt + 1) * sizeof(krb5_ui_2))) & 3) + size += 4 - (size & 3); + size >>= 1; + _ucprop_ranges = (krb5_ui_4 *) (_ucprop_offsets + size); + + /* + * Load the offset array. + */ + fread((char *) _ucprop_offsets, sizeof(krb5_ui_2), size, in); + + /* + * Do an endian swap if necessary. Don't forget there is an extra node on + * the end with the final index. + */ + if (hdr.bom == 0xfffe) { + for (i = 0; i <= _ucprop_size; i++) + _ucprop_offsets[i] = endian_short(_ucprop_offsets[i]); + } + + /* + * Load the ranges. The number of elements is in the last array position + * of the offsets. + */ + fread((char *) _ucprop_ranges, sizeof(krb5_ui_4), + _ucprop_offsets[_ucprop_size], in); + + fclose(in); + + /* + * Do an endian swap if necessary. + */ + if (hdr.bom == 0xfffe) { + for (i = 0; i < _ucprop_offsets[_ucprop_size]; i++) + _ucprop_ranges[i] = endian_long(_ucprop_ranges[i]); + } + return 0; +} + +static void +_ucprop_unload(void) +{ + if (_ucprop_size == 0) + return; + + /* + * Only need to free the offsets because the memory is allocated as a + * single block. + */ + free((char *) _ucprop_offsets); + _ucprop_size = 0; +} +#endif + +static int +_ucprop_lookup(krb5_ui_4 code, krb5_ui_4 n) +{ + long l, r, m; + + if (_ucprop_size == 0) + return 0; + + /* + * There is an extra node on the end of the offsets to allow this routine + * to work right. If the index is 0xffff, then there are no nodes for the + * property. + */ + if ((l = _ucprop_offsets[n]) == 0xffff) + return 0; + + /* + * Locate the next offset that is not 0xffff. The sentinel at the end of + * the array is the max index value. + */ + for (m = 1; + n + m < _ucprop_size && _ucprop_offsets[n + m] == 0xffff; m++) ; + + r = _ucprop_offsets[n + m] - 1; + + while (l <= r) { + /* + * Determine a "mid" point and adjust to make sure the mid point is at + * the beginning of a range pair. + */ + m = (l + r) >> 1; + m -= (m & 1); + if (code > _ucprop_ranges[m + 1]) + l = m + 2; + else if (code < _ucprop_ranges[m]) + r = m - 2; + else if (code >= _ucprop_ranges[m] && code <= _ucprop_ranges[m + 1]) + return 1; + } + return 0; +} + +int +ucisprop(krb5_ui_4 code, krb5_ui_4 mask1, krb5_ui_4 mask2) +{ + krb5_ui_4 i; + + if (mask1 == 0 && mask2 == 0) + return 0; + + for (i = 0; mask1 && i < 32; i++) { + if ((mask1 & masks32[i]) && _ucprop_lookup(code, i)) + return 1; + } + + for (i = 32; mask2 && i < _ucprop_size; i++) { + if ((mask2 & masks32[i & 31]) && _ucprop_lookup(code, i)) + return 1; + } + + return 0; +} + +/************************************************************************** + * + * Support for case mapping. + * + **************************************************************************/ + +#if !HARDCODE_DATA + +/* These record the number of slots in the map. + * There are 3 words per slot. + */ +static krb5_ui_4 _uccase_size; +static krb5_ui_2 _uccase_len[2]; +static krb5_ui_4 *_uccase_map; + +/* + * Return -1 on error, 0 if okay + */ +static int +_uccase_load(char *paths, int reload) +{ + FILE *in; + krb5_ui_4 i; + _ucheader_t hdr; + + if (_uccase_size > 0) { + if (!reload) + /* + * The case mappings have already been loaded. + */ + return 0; + + free((char *) _uccase_map); + _uccase_size = 0; + } + + if ((in = _ucopenfile(paths, "case.dat", "rb")) == 0) + return -1; + + /* + * Load the header. + */ + fread((char *) &hdr, sizeof(_ucheader_t), 1, in); + + if (hdr.bom == 0xfffe) { + hdr.cnt = endian_short(hdr.cnt); + hdr.size.len[0] = endian_short(hdr.size.len[0]); + hdr.size.len[1] = endian_short(hdr.size.len[1]); + } + + /* + * Set the node count and lengths of the upper and lower case mapping + * tables. + */ + _uccase_size = hdr.cnt; + _uccase_len[0] = hdr.size.len[0]; + _uccase_len[1] = hdr.size.len[1]; + + _uccase_map = (krb5_ui_4 *) + malloc(_uccase_size * 3 * sizeof(krb5_ui_4)); + + /* + * Load the case mapping table. + */ + fread((char *) _uccase_map, sizeof(krb5_ui_4), _uccase_size * 3, in); + + /* + * Do an endian swap if necessary. + */ + if (hdr.bom == 0xfffe) { + for (i = 0; i < _uccase_size * 3; i++) + _uccase_map[i] = endian_long(_uccase_map[i]); + } + fclose(in); + return 0; +} + +static void +_uccase_unload(void) +{ + if (_uccase_size == 0) + return; + + free((char *) _uccase_map); + _uccase_size = 0; +} +#endif + +static krb5_ui_4 +_uccase_lookup(krb5_ui_4 code, long l, long r, int field) +{ + long m; + const krb5_ui_4 *tmp; + + /* + * Do the binary search. + */ + while (l <= r) { + /* + * Determine a "mid" point and adjust to make sure the mid point is at + * the beginning of a case mapping triple. + */ + m = (l + r) >> 1; + tmp = &_uccase_map[m*3]; + if (code > *tmp) + l = m + 1; + else if (code < *tmp) + r = m - 1; + else if (code == *tmp) + return tmp[field]; + } + + return code; +} + +krb5_ui_4 +uctoupper(krb5_ui_4 code) +{ + int field; + long l, r; + + if (ucisupper(code)) + return code; + + if (ucislower(code)) { + /* + * The character is lower case. + */ + field = 2; + l = _uccase_len[0]; + r = (l + _uccase_len[1]) - 1; + } else { + /* + * The character is title case. + */ + field = 1; + l = _uccase_len[0] + _uccase_len[1]; + r = _uccase_size - 1; + } + return _uccase_lookup(code, l, r, field); +} + +krb5_ui_4 +uctolower(krb5_ui_4 code) +{ + int field; + long l, r; + + if (ucislower(code)) + return code; + + if (ucisupper(code)) { + /* + * The character is upper case. + */ + field = 1; + l = 0; + r = _uccase_len[0] - 1; + } else { + /* + * The character is title case. + */ + field = 2; + l = _uccase_len[0] + _uccase_len[1]; + r = _uccase_size - 1; + } + return _uccase_lookup(code, l, r, field); +} + +krb5_ui_4 +uctotitle(krb5_ui_4 code) +{ + int field; + long l, r; + + if (ucistitle(code)) + return code; + + /* + * The offset will always be the same for converting to title case. + */ + field = 2; + + if (ucisupper(code)) { + /* + * The character is upper case. + */ + l = 0; + r = _uccase_len[0] - 1; + } else { + /* + * The character is lower case. + */ + l = _uccase_len[0]; + r = (l + _uccase_len[1]) - 1; + } + return _uccase_lookup(code, l, r, field); +} + +/************************************************************************** + * + * Support for compositions. + * + **************************************************************************/ + +#if !HARDCODE_DATA + +static krb5_ui_4 _uccomp_size; +static krb5_ui_4 *_uccomp_data; + +/* + * Return -1 on error, 0 if okay + */ +static int +_uccomp_load(char *paths, int reload) +{ + FILE *in; + krb5_ui_4 size, i; + _ucheader_t hdr; + + if (_uccomp_size > 0) { + if (!reload) + /* + * The compositions have already been loaded. + */ + return 0; + + free((char *) _uccomp_data); + _uccomp_size = 0; + } + + if ((in = _ucopenfile(paths, "comp.dat", "rb")) == 0) + return -1; + + /* + * Load the header. + */ + fread((char *) &hdr, sizeof(_ucheader_t), 1, in); + + if (hdr.bom == 0xfffe) { + hdr.cnt = endian_short(hdr.cnt); + hdr.size.bytes = endian_long(hdr.size.bytes); + } + + _uccomp_size = hdr.cnt; + _uccomp_data = (krb5_ui_4 *) malloc(hdr.size.bytes); + + /* + * Read the composition data in. + */ + size = hdr.size.bytes / sizeof(krb5_ui_4); + fread((char *) _uccomp_data, sizeof(krb5_ui_4), size, in); + + /* + * Do an endian swap if necessary. + */ + if (hdr.bom == 0xfffe) { + for (i = 0; i < size; i++) + _uccomp_data[i] = endian_long(_uccomp_data[i]); + } + + /* + * Assume that the data is ordered on count, so that all compositions + * of length 2 come first. Only handling length 2 for now. + */ + for (i = 1; i < size; i += 4) + if (_uccomp_data[i] != 2) + break; + _uccomp_size = i - 1; + + fclose(in); + return 0; +} + +static void +_uccomp_unload(void) +{ + if (_uccomp_size == 0) + return; + + free((char *) _uccomp_data); + _uccomp_size = 0; +} +#endif + +int +uccomp(krb5_ui_4 node1, krb5_ui_4 node2, krb5_ui_4 *comp) +{ + int l, r, m; + + l = 0; + r = _uccomp_size - 1; + + while (l <= r) { + m = ((r + l) >> 1); + m -= m & 3; + if (node1 > _uccomp_data[m+2]) + l = m + 4; + else if (node1 < _uccomp_data[m+2]) + r = m - 4; + else if (node2 > _uccomp_data[m+3]) + l = m + 4; + else if (node2 < _uccomp_data[m+3]) + r = m - 4; + else { + *comp = _uccomp_data[m]; + return 1; + } + } + return 0; +} + +int +uccomp_hangul(krb5_ui_4 *str, int len) +{ + const int SBase = 0xAC00, LBase = 0x1100, + VBase = 0x1161, TBase = 0x11A7, + LCount = 19, VCount = 21, TCount = 28, + NCount = VCount * TCount, /* 588 */ + SCount = LCount * NCount; /* 11172 */ + + int i, rlen; + krb5_ui_4 ch, last, lindex, sindex; + + last = str[0]; + rlen = 1; + for ( i = 1; i < len; i++ ) { + ch = str[i]; + + /* check if two current characters are L and V */ + lindex = last - LBase; + if (lindex < (krb5_ui_4) LCount) { + krb5_ui_4 vindex = ch - VBase; + if (vindex < (krb5_ui_4) VCount) { + /* make syllable of form LV */ + last = SBase + (lindex * VCount + vindex) * TCount; + str[rlen-1] = last; /* reset last */ + continue; + } + } + + /* check if two current characters are LV and T */ + sindex = last - SBase; + if (sindex < (krb5_ui_4) SCount + && (sindex % TCount) == 0) + { + krb5_ui_4 tindex = ch - TBase; + if (tindex <= (krb5_ui_4) TCount) { + /* make syllable of form LVT */ + last += tindex; + str[rlen-1] = last; /* reset last */ + continue; + } + } + + /* if neither case was true, just add the character */ + last = ch; + str[rlen] = ch; + rlen++; + } + return rlen; +} + +int +uccanoncomp(krb5_ui_4 *str, int len) +{ + int i, stpos, copos; + krb5_ui_4 cl, prevcl, st, ch, co; + + st = str[0]; + stpos = 0; + copos = 1; + prevcl = uccombining_class(st) == 0 ? 0 : 256; + + for (i = 1; i < len; i++) { + ch = str[i]; + cl = uccombining_class(ch); + if (uccomp(st, ch, &co) && (prevcl < cl || prevcl == 0)) + st = str[stpos] = co; + else { + if (cl == 0) { + stpos = copos; + st = ch; + } + prevcl = cl; + str[copos++] = ch; + } + } + + return uccomp_hangul(str, copos); +} + +/************************************************************************** + * + * Support for decompositions. + * + **************************************************************************/ + +#if !HARDCODE_DATA + +static krb5_ui_4 _ucdcmp_size; +static krb5_ui_4 *_ucdcmp_nodes; +static krb5_ui_4 *_ucdcmp_decomp; + +static krb5_ui_4 _uckdcmp_size; +static krb5_ui_4 *_uckdcmp_nodes; +static krb5_ui_4 *_uckdcmp_decomp; + +/* + * Return -1 on error, 0 if okay + */ +static int +_ucdcmp_load(char *paths, int reload) +{ + FILE *in; + krb5_ui_4 size, i; + _ucheader_t hdr; + + if (_ucdcmp_size > 0) { + if (!reload) + /* + * The decompositions have already been loaded. + */ + return 0; + + free((char *) _ucdcmp_nodes); + _ucdcmp_size = 0; + } + + if ((in = _ucopenfile(paths, "decomp.dat", "rb")) == 0) + return -1; + + /* + * Load the header. + */ + fread((char *) &hdr, sizeof(_ucheader_t), 1, in); + + if (hdr.bom == 0xfffe) { + hdr.cnt = endian_short(hdr.cnt); + hdr.size.bytes = endian_long(hdr.size.bytes); + } + + _ucdcmp_size = hdr.cnt << 1; + _ucdcmp_nodes = (krb5_ui_4 *) malloc(hdr.size.bytes); + _ucdcmp_decomp = _ucdcmp_nodes + (_ucdcmp_size + 1); + + /* + * Read the decomposition data in. + */ + size = hdr.size.bytes / sizeof(krb5_ui_4); + fread((char *) _ucdcmp_nodes, sizeof(krb5_ui_4), size, in); + + /* + * Do an endian swap if necessary. + */ + if (hdr.bom == 0xfffe) { + for (i = 0; i < size; i++) + _ucdcmp_nodes[i] = endian_long(_ucdcmp_nodes[i]); + } + fclose(in); + return 0; +} + +/* + * Return -1 on error, 0 if okay + */ +static int +_uckdcmp_load(char *paths, int reload) +{ + FILE *in; + krb5_ui_4 size, i; + _ucheader_t hdr; + + if (_uckdcmp_size > 0) { + if (!reload) + /* + * The decompositions have already been loaded. + */ + return 0; + + free((char *) _uckdcmp_nodes); + _uckdcmp_size = 0; + } + + if ((in = _ucopenfile(paths, "kdecomp.dat", "rb")) == 0) + return -1; + + /* + * Load the header. + */ + fread((char *) &hdr, sizeof(_ucheader_t), 1, in); + + if (hdr.bom == 0xfffe) { + hdr.cnt = endian_short(hdr.cnt); + hdr.size.bytes = endian_long(hdr.size.bytes); + } + + _uckdcmp_size = hdr.cnt << 1; + _uckdcmp_nodes = (krb5_ui_4 *) malloc(hdr.size.bytes); + _uckdcmp_decomp = _uckdcmp_nodes + (_uckdcmp_size + 1); + + /* + * Read the decomposition data in. + */ + size = hdr.size.bytes / sizeof(krb5_ui_4); + fread((char *) _uckdcmp_nodes, sizeof(krb5_ui_4), size, in); + + /* + * Do an endian swap if necessary. + */ + if (hdr.bom == 0xfffe) { + for (i = 0; i < size; i++) + _uckdcmp_nodes[i] = endian_long(_uckdcmp_nodes[i]); + } + fclose(in); + return 0; +} + +static void +_ucdcmp_unload(void) +{ + if (_ucdcmp_size == 0) + return; + + /* + * Only need to free the offsets because the memory is allocated as a + * single block. + */ + free((char *) _ucdcmp_nodes); + _ucdcmp_size = 0; +} + +static void +_uckdcmp_unload(void) +{ + if (_uckdcmp_size == 0) + return; + + /* + * Only need to free the offsets because the memory is allocated as a + * single block. + */ + free((char *) _uckdcmp_nodes); + _uckdcmp_size = 0; +} +#endif + +int +ucdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp) +{ + long l, r, m; + + if (code < _ucdcmp_nodes[0]) { + return 0; + } + + l = 0; + r = _ucdcmp_nodes[_ucdcmp_size] - 1; + + while (l <= r) { + /* + * Determine a "mid" point and adjust to make sure the mid point is at + * the beginning of a code+offset pair. + */ + m = (l + r) >> 1; + m -= (m & 1); + if (code > _ucdcmp_nodes[m]) + l = m + 2; + else if (code < _ucdcmp_nodes[m]) + r = m - 2; + else if (code == _ucdcmp_nodes[m]) { + *num = _ucdcmp_nodes[m + 3] - _ucdcmp_nodes[m + 1]; + *decomp = (krb5_ui_4*)&_ucdcmp_decomp[_ucdcmp_nodes[m + 1]]; + return 1; + } + } + return 0; +} + +int +uckdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp) +{ + long l, r, m; + + if (code < _uckdcmp_nodes[0]) { + return 0; + } + + l = 0; + r = _uckdcmp_nodes[_uckdcmp_size] - 1; + + while (l <= r) { + /* + * Determine a "mid" point and adjust to make sure the mid point is at + * the beginning of a code+offset pair. + */ + m = (l + r) >> 1; + m -= (m & 1); + if (code > _uckdcmp_nodes[m]) + l = m + 2; + else if (code < _uckdcmp_nodes[m]) + r = m - 2; + else if (code == _uckdcmp_nodes[m]) { + *num = _uckdcmp_nodes[m + 3] - _uckdcmp_nodes[m + 1]; + *decomp = (krb5_ui_4*)&_uckdcmp_decomp[_uckdcmp_nodes[m + 1]]; + return 1; + } + } + return 0; +} + +int +ucdecomp_hangul(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 decomp[]) +{ + if (!ucishangul(code)) + return 0; + + code -= 0xac00; + decomp[0] = 0x1100 + (krb5_ui_4) (code / 588); + decomp[1] = 0x1161 + (krb5_ui_4) ((code % 588) / 28); + decomp[2] = 0x11a7 + (krb5_ui_4) (code % 28); + *num = (decomp[2] != 0x11a7) ? 3 : 2; + + return 1; +} + +/* mode == 0 for canonical, mode == 1 for compatibility */ +static int +uccanoncompatdecomp(const krb5_ui_4 *in, int inlen, + krb5_ui_4 **out, int *outlen, short mode) +{ + int l, size; + unsigned i, j, k; + krb5_ui_4 num, class, *decomp, hangdecomp[3]; + + size = inlen * 2; + *out = (krb5_ui_4 *) malloc(size * sizeof(**out)); + if (*out == NULL) + return *outlen = -1; + + i = 0; + for (j = 0; j < (unsigned) inlen; j++) { + if (mode ? uckdecomp(in[j], &num, &decomp) : ucdecomp(in[j], &num, &decomp)) { + if ( size - i < num) { + size = inlen + i - j + num - 1; + *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out)); + if (*out == NULL) + return *outlen = -1; + } + for (k = 0; k < num; k++) { + class = uccombining_class(decomp[k]); + if (class == 0) { + (*out)[i] = decomp[k]; + } else { + for (l = i; l > 0; l--) + if (class >= uccombining_class((*out)[l-1])) + break; + memcpy(*out + l + 1, *out + l, (i - l) * sizeof(**out)); + (*out)[l] = decomp[k]; + } + i++; + } + } else if (ucdecomp_hangul(in[j], &num, hangdecomp)) { + if (size - i < num) { + size = inlen + i - j + num - 1; + *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out)); + if (*out == NULL) + return *outlen = -1; + } + for (k = 0; k < num; k++) { + (*out)[i] = hangdecomp[k]; + i++; + } + } else { + if (size - i < 1) { + size = inlen + i - j; + *out = (krb5_ui_4 *) realloc(*out, size * sizeof(**out)); + if (*out == NULL) + return *outlen = -1; + } + class = uccombining_class(in[j]); + if (class == 0) { + (*out)[i] = in[j]; + } else { + for (l = i; l > 0; l--) + if (class >= uccombining_class((*out)[l-1])) + break; + memcpy(*out + l + 1, *out + l, (i - l) * sizeof(**out)); + (*out)[l] = in[j]; + } + i++; + } + } + return *outlen = i; +} + +int +uccanondecomp(const krb5_ui_4 *in, int inlen, + krb5_ui_4 **out, int *outlen) +{ + return uccanoncompatdecomp(in, inlen, out, outlen, 0); +} + +int +uccompatdecomp(const krb5_ui_4 *in, int inlen, + krb5_ui_4 **out, int *outlen) +{ + return uccanoncompatdecomp(in, inlen, out, outlen, 1); +} + +/************************************************************************** + * + * Support for combining classes. + * + **************************************************************************/ + +#if !HARDCODE_DATA +static krb5_ui_4 _uccmcl_size; +static krb5_ui_4 *_uccmcl_nodes; + +/* + * Return -1 on error, 0 if okay + */ +static int +_uccmcl_load(char *paths, int reload) +{ + FILE *in; + krb5_ui_4 i; + _ucheader_t hdr; + + if (_uccmcl_size > 0) { + if (!reload) + /* + * The combining classes have already been loaded. + */ + return 0; + + free((char *) _uccmcl_nodes); + _uccmcl_size = 0; + } + + if ((in = _ucopenfile(paths, "cmbcl.dat", "rb")) == 0) + return -1; + + /* + * Load the header. + */ + fread((char *) &hdr, sizeof(_ucheader_t), 1, in); + + if (hdr.bom == 0xfffe) { + hdr.cnt = endian_short(hdr.cnt); + hdr.size.bytes = endian_long(hdr.size.bytes); + } + + _uccmcl_size = hdr.cnt * 3; + _uccmcl_nodes = (krb5_ui_4 *) malloc(hdr.size.bytes); + + /* + * Read the combining classes in. + */ + fread((char *) _uccmcl_nodes, sizeof(krb5_ui_4), _uccmcl_size, in); + + /* + * Do an endian swap if necessary. + */ + if (hdr.bom == 0xfffe) { + for (i = 0; i < _uccmcl_size; i++) + _uccmcl_nodes[i] = endian_long(_uccmcl_nodes[i]); + } + fclose(in); + return 0; +} + +static void +_uccmcl_unload(void) +{ + if (_uccmcl_size == 0) + return; + + free((char *) _uccmcl_nodes); + _uccmcl_size = 0; +} +#endif + +krb5_ui_4 +uccombining_class(krb5_ui_4 code) +{ + long l, r, m; + + l = 0; + r = _uccmcl_size - 1; + + while (l <= r) { + m = (l + r) >> 1; + m -= (m % 3); + if (code > _uccmcl_nodes[m + 1]) + l = m + 3; + else if (code < _uccmcl_nodes[m]) + r = m - 3; + else if (code >= _uccmcl_nodes[m] && code <= _uccmcl_nodes[m + 1]) + return _uccmcl_nodes[m + 2]; + } + return 0; +} + +/************************************************************************** + * + * Support for numeric values. + * + **************************************************************************/ + +#if !HARDCODE_DATA +static krb5_ui_4 *_ucnum_nodes; +static krb5_ui_4 _ucnum_size; +static short *_ucnum_vals; + +/* + * Return -1 on error, 0 if okay + */ +static int +_ucnumb_load(char *paths, int reload) +{ + FILE *in; + krb5_ui_4 size, i; + _ucheader_t hdr; + + if (_ucnum_size > 0) { + if (!reload) + /* + * The numbers have already been loaded. + */ + return 0; + + free((char *) _ucnum_nodes); + _ucnum_size = 0; + } + + if ((in = _ucopenfile(paths, "num.dat", "rb")) == 0) + return -1; + + /* + * Load the header. + */ + fread((char *) &hdr, sizeof(_ucheader_t), 1, in); + + if (hdr.bom == 0xfffe) { + hdr.cnt = endian_short(hdr.cnt); + hdr.size.bytes = endian_long(hdr.size.bytes); + } + + _ucnum_size = hdr.cnt; + _ucnum_nodes = (krb5_ui_4 *) malloc(hdr.size.bytes); + _ucnum_vals = (short *) (_ucnum_nodes + _ucnum_size); + + /* + * Read the combining classes in. + */ + fread((char *) _ucnum_nodes, sizeof(unsigned char), hdr.size.bytes, in); + + /* + * Do an endian swap if necessary. + */ + if (hdr.bom == 0xfffe) { + for (i = 0; i < _ucnum_size; i++) + _ucnum_nodes[i] = endian_long(_ucnum_nodes[i]); + + /* + * Determine the number of values that have to be adjusted. + */ + size = (hdr.size.bytes - + (_ucnum_size * (sizeof(krb5_ui_4) << 1))) / + sizeof(short); + + for (i = 0; i < size; i++) + _ucnum_vals[i] = endian_short(_ucnum_vals[i]); + } + fclose(in); + return 0; +} + +static void +_ucnumb_unload(void) +{ + if (_ucnum_size == 0) + return; + + free((char *) _ucnum_nodes); + _ucnum_size = 0; +} +#endif + +int +ucnumber_lookup(krb5_ui_4 code, struct ucnumber *num) +{ + long l, r, m; + short *vp; + + l = 0; + r = _ucnum_size - 1; + while (l <= r) { + /* + * Determine a "mid" point and adjust to make sure the mid point is at + * the beginning of a code+offset pair. + */ + m = (l + r) >> 1; + m -= (m & 1); + if (code > _ucnum_nodes[m]) + l = m + 2; + else if (code < _ucnum_nodes[m]) + r = m - 2; + else { + vp = (short *)_ucnum_vals + _ucnum_nodes[m + 1]; + num->numerator = (int) *vp++; + num->denominator = (int) *vp; + return 1; + } + } + return 0; +} + +int +ucdigit_lookup(krb5_ui_4 code, int *digit) +{ + long l, r, m; + short *vp; + + l = 0; + r = _ucnum_size - 1; + while (l <= r) { + /* + * Determine a "mid" point and adjust to make sure the mid point is at + * the beginning of a code+offset pair. + */ + m = (l + r) >> 1; + m -= (m & 1); + if (code > _ucnum_nodes[m]) + l = m + 2; + else if (code < _ucnum_nodes[m]) + r = m - 2; + else { + vp = (short *)_ucnum_vals + _ucnum_nodes[m + 1]; + if (*vp == *(vp + 1)) { + *digit = *vp; + return 1; + } + return 0; + } + } + return 0; +} + +struct ucnumber +ucgetnumber(krb5_ui_4 code) +{ + struct ucnumber num; + + /* + * Initialize with some arbitrary value, because the caller simply cannot + * tell for sure if the code is a number without calling the ucisnumber() + * macro before calling this function. + */ + num.numerator = num.denominator = -111; + + (void) ucnumber_lookup(code, &num); + + return num; +} + +int +ucgetdigit(krb5_ui_4 code) +{ + int dig; + + /* + * Initialize with some arbitrary value, because the caller simply cannot + * tell for sure if the code is a number without calling the ucisdigit() + * macro before calling this function. + */ + dig = -111; + + (void) ucdigit_lookup(code, &dig); + + return dig; +} + +/************************************************************************** + * + * Setup and cleanup routines. + * + **************************************************************************/ + +#if HARDCODE_DATA +int ucdata_load(char *paths, int masks) { return 0; } +void ucdata_unload(int masks) { } +int ucdata_reload(char *paths, int masks) { return 0; } +#else +/* + * Return 0 if okay, negative on error + */ +int +ucdata_load(char *paths, int masks) +{ + int error = 0; + + if (masks & UCDATA_CTYPE) + error |= _ucprop_load(paths, 0) < 0 ? UCDATA_CTYPE : 0; + if (masks & UCDATA_CASE) + error |= _uccase_load(paths, 0) < 0 ? UCDATA_CASE : 0; + if (masks & UCDATA_DECOMP) + error |= _ucdcmp_load(paths, 0) < 0 ? UCDATA_DECOMP : 0; + if (masks & UCDATA_CMBCL) + error |= _uccmcl_load(paths, 0) < 0 ? UCDATA_CMBCL : 0; + if (masks & UCDATA_NUM) + error |= _ucnumb_load(paths, 0) < 0 ? UCDATA_NUM : 0; + if (masks & UCDATA_COMP) + error |= _uccomp_load(paths, 0) < 0 ? UCDATA_COMP : 0; + if (masks & UCDATA_KDECOMP) + error |= _uckdcmp_load(paths, 0) < 0 ? UCDATA_KDECOMP : 0; + + return -error; +} + +void +ucdata_unload(int masks) +{ + if (masks & UCDATA_CTYPE) + _ucprop_unload(); + if (masks & UCDATA_CASE) + _uccase_unload(); + if (masks & UCDATA_DECOMP) + _ucdcmp_unload(); + if (masks & UCDATA_CMBCL) + _uccmcl_unload(); + if (masks & UCDATA_NUM) + _ucnumb_unload(); + if (masks & UCDATA_COMP) + _uccomp_unload(); + if (masks & UCDATA_KDECOMP) + _uckdcmp_unload(); +} + +/* + * Return 0 if okay, negative on error + */ +int +ucdata_reload(char *paths, int masks) +{ + int error = 0; + + if (masks & UCDATA_CTYPE) + error |= _ucprop_load(paths, 1) < 0 ? UCDATA_CTYPE : 0; + if (masks & UCDATA_CASE) + error |= _uccase_load(paths, 1) < 0 ? UCDATA_CASE : 0; + if (masks & UCDATA_DECOMP) + error |= _ucdcmp_load(paths, 1) < 0 ? UCDATA_DECOMP : 0; + if (masks & UCDATA_CMBCL) + error |= _uccmcl_load(paths, 1) < 0 ? UCDATA_CMBCL : 0; + if (masks & UCDATA_NUM) + error |= _ucnumb_load(paths, 1) < 0 ? UCDATA_NUM : 0; + if (masks & UCDATA_COMP) + error |= _uccomp_load(paths, 1) < 0 ? UCDATA_COMP : 0; + if (masks & UCDATA_KDECOMP) + error |= _uckdcmp_load(paths, 1) < 0 ? UCDATA_KDECOMP : 0; + + return -error; +} +#endif + +#ifdef TEST + +void +main(void) +{ + int dig; + krb5_ui_4 i, lo, *dec; + struct ucnumber num; + +/* ucdata_setup("."); */ + + if (ucisweak(0x30)) + printf("WEAK\n"); + else + printf("NOT WEAK\n"); + + printf("LOWER 0x%04lX\n", uctolower(0xff3a)); + printf("UPPER 0x%04lX\n", uctoupper(0xff5a)); + + if (ucisalpha(0x1d5)) + printf("ALPHA\n"); + else + printf("NOT ALPHA\n"); + + if (ucisupper(0x1d5)) { + printf("UPPER\n"); + lo = uctolower(0x1d5); + printf("0x%04lx\n", lo); + lo = uctotitle(0x1d5); + printf("0x%04lx\n", lo); + } else + printf("NOT UPPER\n"); + + if (ucistitle(0x1d5)) + printf("TITLE\n"); + else + printf("NOT TITLE\n"); + + if (uciscomposite(0x1d5)) + printf("COMPOSITE\n"); + else + printf("NOT COMPOSITE\n"); + + if (ucdecomp(0x1d5, &lo, &dec)) { + for (i = 0; i < lo; i++) + printf("0x%04lx ", dec[i]); + putchar('\n'); + } + + if ((lo = uccombining_class(0x41)) != 0) + printf("0x41 CCL %ld\n", lo); + + if (ucisxdigit(0xfeff)) + printf("0xFEFF HEX DIGIT\n"); + else + printf("0xFEFF NOT HEX DIGIT\n"); + + if (ucisdefined(0x10000)) + printf("0x10000 DEFINED\n"); + else + printf("0x10000 NOT DEFINED\n"); + + if (ucnumber_lookup(0x30, &num)) { + if (num.denominator != 1) + printf("UCNUMBER: 0x30 = %d/%d\n", num.numerator, num.denominator); + else + printf("UCNUMBER: 0x30 = %d\n", num.numerator); + } else + printf("UCNUMBER: 0x30 NOT A NUMBER\n"); + + if (ucnumber_lookup(0xbc, &num)) { + if (num.denominator != 1) + printf("UCNUMBER: 0xbc = %d/%d\n", num.numerator, num.denominator); + else + printf("UCNUMBER: 0xbc = %d\n", num.numerator); + } else + printf("UCNUMBER: 0xbc NOT A NUMBER\n"); + + + if (ucnumber_lookup(0xff19, &num)) { + if (num.denominator != 1) + printf("UCNUMBER: 0xff19 = %d/%d\n", num.numerator, num.denominator); + else + printf("UCNUMBER: 0xff19 = %d\n", num.numerator); + } else + printf("UCNUMBER: 0xff19 NOT A NUMBER\n"); + + if (ucnumber_lookup(0x4e00, &num)) { + if (num.denominator != 1) + printf("UCNUMBER: 0x4e00 = %d/%d\n", num.numerator, num.denominator); + else + printf("UCNUMBER: 0x4e00 = %d\n", num.numerator); + } else + printf("UCNUMBER: 0x4e00 NOT A NUMBER\n"); + + if (ucdigit_lookup(0x06f9, &dig)) + printf("UCDIGIT: 0x6f9 = %d\n", dig); + else + printf("UCDIGIT: 0x6f9 NOT A NUMBER\n"); + + dig = ucgetdigit(0x0969); + printf("UCGETDIGIT: 0x969 = %d\n", dig); + + num = ucgetnumber(0x30); + if (num.denominator != 1) + printf("UCGETNUMBER: 0x30 = %d/%d\n", num.numerator, num.denominator); + else + printf("UCGETNUMBER: 0x30 = %d\n", num.numerator); + + num = ucgetnumber(0xbc); + if (num.denominator != 1) + printf("UCGETNUMBER: 0xbc = %d/%d\n", num.numerator, num.denominator); + else + printf("UCGETNUMBER: 0xbc = %d\n", num.numerator); + + num = ucgetnumber(0xff19); + if (num.denominator != 1) + printf("UCGETNUMBER: 0xff19 = %d/%d\n", num.numerator, num.denominator); + else + printf("UCGETNUMBER: 0xff19 = %d\n", num.numerator); + +/* ucdata_cleanup(); */ + exit(0); +} + +#endif /* TEST */ diff --git a/src/lib/krb5/unicode/ucdata/ucdata.h b/src/lib/krb5/unicode/ucdata/ucdata.h new file mode 100644 index 0000000000..ff3bb34564 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/ucdata.h @@ -0,0 +1,351 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucdata.h,v 1.21 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 2001 Computing Research Labs, New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: ucdata.h,v 1.6 2001/01/02 18:46:20 mleisher Exp $ */ + +#ifndef _h_ucdata +#define _h_ucdata + +#define UCDATA_VERSION "2.4" + +/************************************************************************** + * + * Masks and macros for character properties. + * + **************************************************************************/ + +/* + * Values that can appear in the `mask1' parameter of the ucisprop() + * function. + */ +#define UC_MN 0x00000001 /* Mark, Non-Spacing */ +#define UC_MC 0x00000002 /* Mark, Spacing Combining */ +#define UC_ME 0x00000004 /* Mark, Enclosing */ +#define UC_ND 0x00000008 /* Number, Decimal Digit */ +#define UC_NL 0x00000010 /* Number, Letter */ +#define UC_NO 0x00000020 /* Number, Other */ +#define UC_ZS 0x00000040 /* Separator, Space */ +#define UC_ZL 0x00000080 /* Separator, Line */ +#define UC_ZP 0x00000100 /* Separator, Paragraph */ +#define UC_CC 0x00000200 /* Other, Control */ +#define UC_CF 0x00000400 /* Other, Format */ +#define UC_OS 0x00000800 /* Other, Surrogate */ +#define UC_CO 0x00001000 /* Other, Private Use */ +#define UC_CN 0x00002000 /* Other, Not Assigned */ +#define UC_LU 0x00004000 /* Letter, Uppercase */ +#define UC_LL 0x00008000 /* Letter, Lowercase */ +#define UC_LT 0x00010000 /* Letter, Titlecase */ +#define UC_LM 0x00020000 /* Letter, Modifier */ +#define UC_LO 0x00040000 /* Letter, Other */ +#define UC_PC 0x00080000 /* Punctuation, Connector */ +#define UC_PD 0x00100000 /* Punctuation, Dash */ +#define UC_PS 0x00200000 /* Punctuation, Open */ +#define UC_PE 0x00400000 /* Punctuation, Close */ +#define UC_PO 0x00800000 /* Punctuation, Other */ +#define UC_SM 0x01000000 /* Symbol, Math */ +#define UC_SC 0x02000000 /* Symbol, Currency */ +#define UC_SK 0x04000000 /* Symbol, Modifier */ +#define UC_SO 0x08000000 /* Symbol, Other */ +#define UC_L 0x10000000 /* Left-To-Right */ +#define UC_R 0x20000000 /* Right-To-Left */ +#define UC_EN 0x40000000 /* European Number */ +#define UC_ES 0x80000000 /* European Number Separator */ + +/* + * Values that can appear in the `mask2' parameter of the ucisprop() + * function. + */ +#define UC_ET 0x00000001 /* European Number Terminator */ +#define UC_AN 0x00000002 /* Arabic Number */ +#define UC_CS 0x00000004 /* Common Number Separator */ +#define UC_B 0x00000008 /* Block Separator */ +#define UC_S 0x00000010 /* Segment Separator */ +#define UC_WS 0x00000020 /* Whitespace */ +#define UC_ON 0x00000040 /* Other Neutrals */ +/* + * Implementation specific character properties. + */ +#define UC_CM 0x00000080 /* Composite */ +#define UC_NB 0x00000100 /* Non-Breaking */ +#define UC_SY 0x00000200 /* Symmetric */ +#define UC_HD 0x00000400 /* Hex Digit */ +#define UC_QM 0x00000800 /* Quote Mark */ +#define UC_MR 0x00001000 /* Mirroring */ +#define UC_SS 0x00002000 /* Space, other */ + +#define UC_CP 0x00004000 /* Defined */ + +/* + * Added for UnicodeData-2.1.3. + */ +#define UC_PI 0x00008000 /* Punctuation, Initial */ +#define UC_PF 0x00010000 /* Punctuation, Final */ + +/* + * This is the primary function for testing to see if a character has some set + * of properties. The macros that test for various character properties all + * call this function with some set of masks. + */ +int +ucisprop (krb5_ui_4 code, krb5_ui_4 mask1, krb5_ui_4 mask2); + +#define ucisalpha(cc) ucisprop(cc, UC_LU|UC_LL|UC_LM|UC_LO|UC_LT, 0) +#define ucisdigit(cc) ucisprop(cc, UC_ND, 0) +#define ucisalnum(cc) ucisprop(cc, UC_LU|UC_LL|UC_LM|UC_LO|UC_LT|UC_ND, 0) +#define uciscntrl(cc) ucisprop(cc, UC_CC|UC_CF, 0) +#define ucisspace(cc) ucisprop(cc, UC_ZS|UC_SS, 0) +#define ucisblank(cc) ucisprop(cc, UC_ZS, 0) +#define ucispunct(cc) ucisprop(cc, UC_PD|UC_PS|UC_PE|UC_PO, UC_PI|UC_PF) +#define ucisgraph(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME|UC_ND|UC_NL|UC_NO|\ + UC_LU|UC_LL|UC_LT|UC_LM|UC_LO|UC_PC|UC_PD|\ + UC_PS|UC_PE|UC_PO|UC_SM|UC_SM|UC_SC|UC_SK|\ + UC_SO, UC_PI|UC_PF) +#define ucisprint(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME|UC_ND|UC_NL|UC_NO|\ + UC_LU|UC_LL|UC_LT|UC_LM|UC_LO|UC_PC|UC_PD|\ + UC_PS|UC_PE|UC_PO|UC_SM|UC_SM|UC_SC|UC_SK|\ + UC_SO|UC_ZS, UC_PI|UC_PF) +#define ucisupper(cc) ucisprop(cc, UC_LU, 0) +#define ucislower(cc) ucisprop(cc, UC_LL, 0) +#define ucistitle(cc) ucisprop(cc, UC_LT, 0) +#define ucisxdigit(cc) ucisprop(cc, 0, UC_HD) + +#define ucisisocntrl(cc) ucisprop(cc, UC_CC, 0) +#define ucisfmtcntrl(cc) ucisprop(cc, UC_CF, 0) + +#define ucissymbol(cc) ucisprop(cc, UC_SM|UC_SC|UC_SO|UC_SK, 0) +#define ucisnumber(cc) ucisprop(cc, UC_ND|UC_NO|UC_NL, 0) +#define ucisnonspacing(cc) ucisprop(cc, UC_MN, 0) +#define ucisopenpunct(cc) ucisprop(cc, UC_PS, 0) +#define ucisclosepunct(cc) ucisprop(cc, UC_PE, 0) +#define ucisinitialpunct(cc) ucisprop(cc, 0, UC_PI) +#define ucisfinalpunct(cc) ucisprop(cc, 0, UC_PF) + +#define uciscomposite(cc) ucisprop(cc, 0, UC_CM) +#define ucishex(cc) ucisprop(cc, 0, UC_HD) +#define ucisquote(cc) ucisprop(cc, 0, UC_QM) +#define ucissymmetric(cc) ucisprop(cc, 0, UC_SY) +#define ucismirroring(cc) ucisprop(cc, 0, UC_MR) +#define ucisnonbreaking(cc) ucisprop(cc, 0, UC_NB) + +/* + * Directionality macros. + */ +#define ucisrtl(cc) ucisprop(cc, UC_R, 0) +#define ucisltr(cc) ucisprop(cc, UC_L, 0) +#define ucisstrong(cc) ucisprop(cc, UC_L|UC_R, 0) +#define ucisweak(cc) ucisprop(cc, UC_EN|UC_ES, UC_ET|UC_AN|UC_CS) +#define ucisneutral(cc) ucisprop(cc, 0, UC_B|UC_S|UC_WS|UC_ON) +#define ucisseparator(cc) ucisprop(cc, 0, UC_B|UC_S) + +/* + * Other macros inspired by John Cowan. + */ +#define ucismark(cc) ucisprop(cc, UC_MN|UC_MC|UC_ME, 0) +#define ucismodif(cc) ucisprop(cc, UC_LM, 0) +#define ucisletnum(cc) ucisprop(cc, UC_NL, 0) +#define ucisconnect(cc) ucisprop(cc, UC_PC, 0) +#define ucisdash(cc) ucisprop(cc, UC_PD, 0) +#define ucismath(cc) ucisprop(cc, UC_SM, 0) +#define uciscurrency(cc) ucisprop(cc, UC_SC, 0) +#define ucismodifsymbol(cc) ucisprop(cc, UC_SK, 0) +#define ucisnsmark(cc) ucisprop(cc, UC_MN, 0) +#define ucisspmark(cc) ucisprop(cc, UC_MC, 0) +#define ucisenclosing(cc) ucisprop(cc, UC_ME, 0) +#define ucisprivate(cc) ucisprop(cc, UC_CO, 0) +#define ucissurrogate(cc) ucisprop(cc, UC_OS, 0) +#define ucislsep(cc) ucisprop(cc, UC_ZL, 0) +#define ucispsep(cc) ucisprop(cc, UC_ZP, 0) + +#define ucisidentstart(cc) ucisprop(cc, UC_LU|UC_LL|UC_LT|UC_LO|UC_NL, 0) +#define ucisidentpart(cc) ucisprop(cc, UC_LU|UC_LL|UC_LT|UC_LO|UC_NL|\ + UC_MN|UC_MC|UC_ND|UC_PC|UC_CF, 0) + +#define ucisdefined(cc) ucisprop(cc, 0, UC_CP) +#define ucisundefined(cc) !ucisprop(cc, 0, UC_CP) + +/* + * Other miscellaneous character property macros. + */ +#define ucishan(cc) (((cc) >= 0x4e00 && (cc) <= 0x9fff) ||\ + ((cc) >= 0xf900 && (cc) <= 0xfaff)) +#define ucishangul(cc) ((cc) >= 0xac00 && (cc) <= 0xd7ff) + +/************************************************************************** + * + * Functions for case conversion. + * + **************************************************************************/ + +krb5_ui_4 uctoupper(krb5_ui_4 code); +krb5_ui_4 uctolower(krb5_ui_4 code); +krb5_ui_4 uctotitle(krb5_ui_4 code); + +/************************************************************************** + * + * Functions for getting compositions. + * + **************************************************************************/ + +/* + * This routine determines if there exists a composition of node1 and node2. + * If it returns 0, there is no composition. Any other value indicates a + * composition was returned in comp. + */ +int uccomp(krb5_ui_4 node1, krb5_ui_4 node2, krb5_ui_4 *comp); + +/* + * Does Hangul composition on the string str with length len, and returns + * the length of the composed string. + */ +int uccomp_hangul(krb5_ui_4 *str, int len); + +/* + * Does canonical composition on the string str with length len, and returns + * the length of the composed string. + */ +int uccanoncomp(krb5_ui_4 *str, int len); + +/************************************************************************** + * + * Functions for getting decompositions. + * + **************************************************************************/ + +/* + * This routine determines if the code has a decomposition. If it returns 0, + * there is no decomposition. Any other value indicates a decomposition was + * returned. + */ +int ucdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp); + +/* + * Equivalent to ucdecomp() except that it includes compatibility + * decompositions. + */ +int uckdecomp(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 **decomp); + +/* + * If the code is a Hangul syllable, this routine decomposes it into the array + * passed. The array size should be at least 3. + */ +int ucdecomp_hangul(krb5_ui_4 code, krb5_ui_4 *num, krb5_ui_4 decomp[]); + +/* + * This routine does canonical decomposition of the string in of length + * inlen, and returns the decomposed string in out with length outlen. + * The memory for out is allocated by this routine. It returns the length + * of the decomposed string if okay, and -1 on error. + */ +int uccanondecomp (const krb5_ui_4 *in, int inlen, + krb5_ui_4 **out, int *outlen); + +/* + * Equivalent to uccanondecomp() except that it includes compatibility + * decompositions. + */ +int uccompatdecomp(const krb5_ui_4 *in, int inlen, + krb5_ui_4 **out, int *outlen); + +/************************************************************************** + * + * Functions for getting combining classes. + * + **************************************************************************/ + +/* + * This will return the combining class for a character to be used with the + * Canonical Ordering algorithm. + */ +krb5_ui_4 uccombining_class(krb5_ui_4 code); + +/************************************************************************** + * + * Functions for getting numbers and digits. + * + **************************************************************************/ + +struct ucnumber { + int numerator; + int denominator; +}; + +int +ucnumber_lookup (krb5_ui_4 code, struct ucnumber *num); + +int +ucdigit_lookup (krb5_ui_4 code, int *digit); + +/* + * For compatibility with John Cowan's "uctype" package. + */ +struct ucnumber ucgetnumber (krb5_ui_4 code); +int ucgetdigit (krb5_ui_4 code); + +/************************************************************************** + * + * Functions library initialization and cleanup. + * + **************************************************************************/ + +/* + * Macros for specifying the data tables to be loaded, unloaded, or reloaded + * by the ucdata_load(), ucdata_unload(), and ucdata_reload() routines. + */ +#define UCDATA_CASE 0x01 +#define UCDATA_CTYPE 0x02 +#define UCDATA_DECOMP 0x04 +#define UCDATA_CMBCL 0x08 +#define UCDATA_NUM 0x10 +#define UCDATA_COMP 0x20 +#define UCDATA_KDECOMP 0x40 + +#define UCDATA_ALL (UCDATA_CASE|UCDATA_CTYPE|UCDATA_DECOMP|\ + UCDATA_CMBCL|UCDATA_NUM|UCDATA_COMP|UCDATA_KDECOMP) + +/* + * Functions to load, unload, and reload specific data files. + */ +int ucdata_load (char *paths, int mask); +void ucdata_unload (int mask); +int ucdata_reload (char *paths, int mask); + +#ifdef UCDATA_DEPRECATED +/* + * Deprecated functions, now just compatibility macros. + */ +#define ucdata_setup(p) ucdata_load(p, UCDATA_ALL) +#define ucdata_cleanup() ucdata_unload(UCDATA_ALL) +#endif + +#endif /* _h_ucdata */ diff --git a/src/lib/krb5/unicode/ucdata/ucdata.man b/src/lib/krb5/unicode/ucdata/ucdata.man new file mode 100644 index 0000000000..54df484832 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/ucdata.man @@ -0,0 +1,504 @@ +.\" +.\" $Id: ucdata.man,v 1.5 2001/01/02 18:46:20 mleisher Exp $ +.\" +.TH ucdata 3 "03 January 2001" +.SH NAME +ucdata \- package for providing Unicode/ISO10646 character information + +.SH SYNOPSIS +#include +.sp +void ucdata_load(char * paths, int masks) +.sp +void ucdata_unload(int masks) +.sp +void ucdata_reload(char * paths, int masks) +.sp +int ucdecomp(unsigned long code, unsigned long *num, unsigned long **decomp) +.sp +int uccanondecomp(const unsigned long *in, int inlen, unsigned long **out, +int *outlen) +.sp +int ucdecomp_hangul(unsigned long code, unsigned long *num, +unsigned long decomp[]) +.sp +int uccomp(unsigned long ch1, unsigned long ch2, unsigned long *comp) +.sp +int uccomp_hangul(unsigned long *str, int len) +.sp +int uccanoncomp(unsiged long *str, int len) +.nf +struct ucnumber { + int numerator; + int denominator; +}; +.sp +int ucnumber_lookup(unsigned long code, struct ucnumber *num) +.sp +int ucdigit_lookup(unsigned long code, int *digit) +.sp +struct ucnumber ucgetnumber(unsigned long code) +.sp +int ucgetdigit(unsigned long code) +.sp +unsigned long uctoupper(unsigned long code) +.sp +unsigned long uctolower(unsigned long code) +.sp +unsigned long uctotitle(unsigned long code) +.sp +int ucisalpha(unsigned long code) +.sp +int ucisalnum(unsigned long code) +.sp +int ucisdigit(unsigned long code) +.sp +int uciscntrl(unsigned long code) +.sp +int ucisspace(unsigned long code) +.sp +int ucisblank(unsigned long code) +.sp +int ucispunct(unsigned long code) +.sp +int ucisgraph(unsigned long code) +.sp +int ucisprint(unsigned long code) +.sp +int ucisxdigit(unsigned long code) +.sp +int ucisupper(unsigned long code) +.sp +int ucislower(unsigned long code) +.sp +int ucistitle(unsigned long code) +.sp +int ucisisocntrl(unsigned long code) +.sp +int ucisfmtcntrl(unsigned long code) +.sp +int ucissymbol(unsigned long code) +.sp +int ucisnumber(unsigned long code) +.sp +int ucisnonspacing(unsigned long code) +.sp +int ucisopenpunct(unsigned long code) +.sp +int ucisclosepunct(unsigned long code) +.sp +int ucisinitialpunct(unsigned long code) +.sp +int ucisfinalpunct(unsigned long code) +.sp +int uciscomposite(unsigned long code) +.sp +int ucisquote(unsigned long code) +.sp +int ucissymmetric(unsigned long code) +.sp +int ucismirroring(unsigned long code) +.sp +int ucisnonbreaking(unsigned long code) +.sp +int ucisrtl(unsigned long code) +.sp +int ucisltr(unsigned long code) +.sp +int ucisstrong(unsigned long code) +.sp +int ucisweak(unsigned long code) +.sp +int ucisneutral(unsigned long code) +.sp +int ucisseparator(unsigned long code) +.sp +int ucislsep(unsigned long code) +.sp +int ucispsep(unsigned long code) +.sp +int ucismark(unsigned long code) +.sp +int ucisnsmark(unsigned long code) +.sp +int ucisspmark(unsigned long code) +.sp +int ucismodif(unsigned long code) +.sp +int ucismodifsymbol(unsigned long code) +.sp +int ucisletnum(unsigned long code) +.sp +int ucisconnect(unsigned long code) +.sp +int ucisdash(unsigned long code) +.sp +int ucismath(unsigned long code) +.sp +int uciscurrency(unsigned long code) +.sp +int ucisenclosing(unsigned long code) +.sp +int ucisprivate(unsigned long code) +.sp +int ucissurrogate(unsigned long code) +.sp +int ucisidentstart(unsigned long code) +.sp +int ucisidentpart(unsigned long code) +.sp +int ucisdefined(unsigned long code) +.sp +int ucisundefined(unsigned long code) +.sp +int ucishan(unsigned long code) +.sp +int ucishangul(unsigned long code) + +.SH DESCRIPTION +.TP 4 +.BR Macros +.br +UCDATA_CASE +.br +UCDATA_CTYPE +.br +UCDATA_DECOMP +.br +UCDATA_CMBCL +.br +UCDATA_NUM +.br +UCDATA_ALL +.br +.TP 4 +.BR ucdata_load() +This function initializes the UCData library by locating the data files in one +of the colon-separated directories in the `paths' parameter. The data files +to be loaded are specified in the `masks' parameter as a bitwise combination +of the macros listed above. +.sp +This should be called before using any of the other functions. +.TP 4 +.BR ucdata_unload() +This function unloads the data tables specified in the `masks' parameter. +.sp +This function should be called when the application is done using the UCData +package. +.TP 4 +.BR ucdata_reload() +This function reloads the data files from one of the colon-separated +directories in the `paths' parameter. The data files to be reloaded are +specified in the `masks' parameter as a bitwise combination of the macros +listed above. +.TP 4 +.BR ucdecomp() +This function determines if a character has a decomposition and returns the +decomposition information if it exists. +.sp +If a zero is returned, there is no decomposition. If a non-zero is +returned, then the `num' and `decomp' variables are filled in with the +appropriate values. +.sp +Example call: +.sp +.nf + unsigned long i, num, *decomp; + + if (ucdecomp(0x1d5, &num, &decomp) != 0) { + for (i = 0; i < num; i++) + printf("0x%08lX,", decomp[i]); + putchar('\n'); + } +.TP 4 +.BR uccanondecomp() +This function will decompose a string, insuring the characters are in +canonical order for comparison. +.sp +If a decomposed string is returned, the caller is responsible for deallocating +the string. +.sp +If a -1 is returned, memory allocation failed. If a zero is returned, no +decomposition was done. Any other value means a decomposition string was +created and the values returned in the `out' and `outlen' parameters. +.TP 4 +.BR ucdecomp_hangul() +This function determines if a Hangul syllable has a +decomposition and returns the decomposition information. +.sp +An array of at least size 3 should be passed to the function +for the decomposition of the syllable. +.sp +If a zero is returned, the character is not a Hangul +syllable. If a non-zero is returned, the `num' field +will be 2 or 3 and the syllable will be decomposed into +the `decomp' array arithmetically. +.sp +Example call: +.sp +.nf + unsigned long i, num, decomp[3]; + + if (ucdecomp_hangul(0xb1ba, &num, &decomp) != 0) { + for (i = 0; i < num; i++) + printf("0x%08lX,", decomp[i]); + putchar('\n'); + } +.TP 4 +.BR uccomp() +This function determines if a pair of characters have a composition, and +returns that composition if one exists. +.sp +A zero is returned is no composition exists for the character pair. Any other +value indicates the `comp' field holds the character code representing the +composition of the two character codes. +.TP 4 +.BR uccomp_hangul() +This composes the Hangul Jamo in-place in the string. +.sp +The returned value is the new length of the string. +.TP 4 +.BR uccanoncomp() +This function does a full composition in-place in the string, including the +Hangul composition. +.sp +The returned value is the new length of the string. +.TP 4 +.BR ucnumber_lookup() +This function determines if the code is a number and +fills in the `num' field with the numerator and +denominator. If the code happens to be a single digit, +the numerator and denominator fields will be the same. +.sp +If the function returns 0, the code is not a number. +Any other return value means the code is a number. +.TP 4 +.BR ucdigit_lookup() +This function determines if the code is a digit and +fills in the `digit' field with the digit value. +.sp +If the function returns 0, the code is not a number. +Any other return value means the code is a number. +.TP 4 +.BR ucgetnumber() +This is a compatibility function with John Cowan's +"uctype" package. It uses ucnumber_lookup(). +.TP 4 +.BR ucgetdigit() +This is a compatibility function with John Cowan's +"uctype" package. It uses ucdigit_lookup(). +.TP 4 +.BR uctoupper() +This function returns the code unchanged if it is +already upper case or has no upper case equivalent. +Otherwise the upper case equivalent is returned. +.TP 4 +.BR uctolower() +This function returns the code unchanged if it is +already lower case or has no lower case equivalent. +Otherwise the lower case equivalent is returned. +.TP 4 +.BR uctotitle() +This function returns the code unchanged if it is +already title case or has no title case equivalent. +Otherwise the title case equivalent is returned. +.TP 4 +.BR ucisalpha() +Test if \fIcode\fR is an alpha character. +.TP 4 +.BR ucisalnum() +Test if \fIcode\fR is an alpha or digit character. +.TP 4 +.BR ucisdigit() +Test if \fIcode\fR is a digit character. +.TP 4 +.BR uciscntrl() +Test if \fIcode\fR is a control character. +.TP 4 +.BR ucisspace() +Test if \fIcode\fR is a space character. +.TP 4 +.BR ucisblank() +Test if \fIcode\fR is a blank character. +.TP 4 +.BR ucispunct() +Test if \fIcode\fR is a punctuation character. +.TP 4 +.BR ucisgraph() +Test if \fIcode\fR is a graphical (visible) character. +.TP 4 +.BR ucisprint() +Test if \fIcode\fR is a printable character. +.TP 4 +.BR ucisxdigit() +Test if \fIcode\fR is a hexadecimal digit character. +.TP 4 +.BR ucisupper() +Test if \fIcode\fR is an upper case character. +.TP 4 +.BR ucislower() +Test if \fIcode\fR is a lower case character. +.TP 4 +.BR ucistitle() +Test if \fIcode\fR is a title case character. +.TP 4 +.BR ucisisocntrl() +Is the character a C0 control character (< 32)? +.TP 4 +.BR ucisfmtcntrl() +Is the character a format control character? +.TP 4 +.BR ucissymbol() +Is the character a symbol? +.TP 4 +.BR ucisnumber() +Is the character a number or digit? +.TP 4 +.BR ucisnonspacing() +Is the character non-spacing? +.TP 4 +.BR ucisopenpunct() +Is the character an open/left punctuation (i.e. '[') +.TP 4 +.BR ucisclosepunct() +Is the character an close/right punctuation (i.e. ']') +.TP 4 +.BR ucisinitialpunct() +Is the character an initial punctuation (i.e. U+2018 LEFT +SINGLE QUOTATION MARK) +.TP 4 +.BR ucisfinalpunct() +Is the character a final punctuation (i.e. U+2019 RIGHT +SINGLE QUOTATION MARK) +.TP 4 +.BR uciscomposite() +Can the character be decomposed into a set of other +characters? +.TP 4 +.BR ucisquote() +Is the character one of the many quotation marks? +.TP 4 +.BR ucissymmetric() +Is the character one that has an opposite form +(i.e. <>) +.TP 4 +.BR ucismirroring() +Is the character mirroring (superset of symmetric)? +.TP 4 +.BR ucisnonbreaking() +Is the character non-breaking (i.e. non-breaking +space)? +.TP 4 +.BR ucisrtl() +Does the character have strong right-to-left +directionality (i.e. Arabic letters)? +.TP 4 +.BR ucisltr() +Does the character have strong left-to-right +directionality (i.e. Latin letters)? +.TP 4 +.BR ucisstrong() +Does the character have strong directionality? +.TP 4 +.BR ucisweak() +Does the character have weak directionality +(i.e. numbers)? +.TP 4 +.BR ucisneutral() +Does the character have neutral directionality +(i.e. whitespace)? +.TP 4 +.BR ucisseparator() +Is the character a block or segment separator? +.TP 4 +.BR ucislsep() +Is the character a line separator? +.TP 4 +.BR ucispsep() +Is the character a paragraph separator? +.TP 4 +.BR ucismark() +Is the character a mark of some kind? +.TP 4 +.BR ucisnsmark() +Is the character a non-spacing mark? +.TP 4 +.BR ucisspmark() +Is the character a spacing mark? +.TP 4 +.BR ucismodif() +Is the character a modifier letter? +.TP 4 +.BR ucismodifsymbol() +Is the character a modifier symbol? +.TP 4 +.BR ucisletnum() +Is the character a number represented by a letter? +.TP 4 +.BR ucisconnect() +Is the character connecting punctuation? +.TP 4 +.BR ucisdash() +Is the character dash punctuation? +.TP 4 +.BR ucismath() +Is the character a math character? +.TP 4 +.BR uciscurrency() +Is the character a currency character? +.TP 4 +.BR ucisenclosing() +Is the character enclosing (i.e. enclosing box)? +.TP 4 +.BR ucisprivate() +Is the character from the Private Use Area? +.TP 4 +.BR ucissurrogate() +Is the character one of the surrogate codes? +.TP 4 +.BR ucisidentstart() +Is the character a legal initial character of an identifier? +.TP 4 +.BR ucisidentpart() +Is the character a legal identifier character? +.TP 4 +.BR ucisdefined() +Is the character defined (appeared in one of the data +files)? +.TP 4 +.BR ucisundefined() +Is the character not defined (non-Unicode)? +.TP 4 +.BR ucishan() +Is the character a Han ideograph? +.TP 4 +.BR ucishangul() +Is the character a pre-composed Hangul syllable? + +.SH "SEE ALSO" +ctype(3) + +.SH ACKNOWLEDGMENTS +These are people who have helped with patches or +alerted me about problems. +.sp +John Cowan +.br +Bob Verbrugge +.br +Christophe Pierret +.br +Kent Johnson +.br +Valeriy E. Ushakov +.br +Stig Venaas + +.SH AUTHOR +Mark Leisher +.br +Computing Research Lab +.br +New Mexico State University +.br +Email: mleisher@crl.nmsu.edu diff --git a/src/lib/krb5/unicode/ucdata/ucgendat.c b/src/lib/krb5/unicode/ucdata/ucgendat.c new file mode 100644 index 0000000000..42b0ecd034 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/ucgendat.c @@ -0,0 +1,1942 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucgendat.c,v 1.43 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 2001 Computing Research Labs, New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: ucgendat.c,v 1.4 2001/01/02 18:46:20 mleisher Exp $" */ + +#include "k5-int.h" +#include "k5-utf8.h" +#include "k5-unicode.h" + +#ifndef HARDCODE_DATA +#define HARDCODE_DATA 1 +#endif + +#undef ishdigit +#define ishdigit(cc) (((cc) >= '0' && (cc) <= '9') ||\ + ((cc) >= 'A' && (cc) <= 'F') ||\ + ((cc) >= 'a' && (cc) <= 'f')) + +/* + * A header written to the output file with the byte-order-mark and the number + * of property nodes. + */ +static krb5_ui_2 hdr[2] = {0xfeff, 0}; + +#define NUMPROPS 50 +#define NEEDPROPS (NUMPROPS + (4 - (NUMPROPS & 3))) + +typedef struct { + char *name; + int len; +} _prop_t; + +/* + * List of properties expected to be found in the Unicode Character Database + * including some implementation specific properties. + * + * The implementation specific properties are: + * Cm = Composed (can be decomposed) + * Nb = Non-breaking + * Sy = Symmetric (has left and right forms) + * Hd = Hex digit + * Qm = Quote marks + * Mr = Mirroring + * Ss = Space, other + * Cp = Defined character + */ +static _prop_t props[NUMPROPS] = { + {"Mn", 2}, {"Mc", 2}, {"Me", 2}, {"Nd", 2}, {"Nl", 2}, {"No", 2}, + {"Zs", 2}, {"Zl", 2}, {"Zp", 2}, {"Cc", 2}, {"Cf", 2}, {"Cs", 2}, + {"Co", 2}, {"Cn", 2}, {"Lu", 2}, {"Ll", 2}, {"Lt", 2}, {"Lm", 2}, + {"Lo", 2}, {"Pc", 2}, {"Pd", 2}, {"Ps", 2}, {"Pe", 2}, {"Po", 2}, + {"Sm", 2}, {"Sc", 2}, {"Sk", 2}, {"So", 2}, {"L", 1}, {"R", 1}, + {"EN", 2}, {"ES", 2}, {"ET", 2}, {"AN", 2}, {"CS", 2}, {"B", 1}, + {"S", 1}, {"WS", 2}, {"ON", 2}, + {"Cm", 2}, {"Nb", 2}, {"Sy", 2}, {"Hd", 2}, {"Qm", 2}, {"Mr", 2}, + {"Ss", 2}, {"Cp", 2}, {"Pi", 2}, {"Pf", 2}, {"AL", 2} +}; + +typedef struct { + krb5_ui_4 *ranges; + krb5_ui_2 used; + krb5_ui_2 size; +} _ranges_t; + +static _ranges_t proptbl[NUMPROPS]; + +/* + * Make sure this array is sized to be on a 4-byte boundary at compile time. + */ +static krb5_ui_2 propcnt[NEEDPROPS]; + +/* + * Array used to collect a decomposition before adding it to the decomposition + * table. + */ +static krb5_ui_4 dectmp[64]; +static krb5_ui_4 dectmp_size; + +typedef struct { + krb5_ui_4 code; + krb5_ui_2 size; + krb5_ui_2 used; + krb5_ui_4 *decomp; +} _decomp_t; + +/* + * List of decomposition. Created and expanded in order as the characters are + * encountered. First list contains canonical mappings, second also includes + * compatibility mappings. + */ +static _decomp_t *decomps; +static krb5_ui_4 decomps_used; +static krb5_ui_4 decomps_size; + +static _decomp_t *kdecomps; +static krb5_ui_4 kdecomps_used; +static krb5_ui_4 kdecomps_size; + +/* + * Composition exclusion table stuff. + */ +#define COMPEX_SET(c) (compexs[(c) >> 5] |= (1 << ((c) & 31))) +#define COMPEX_TEST(c) (compexs[(c) >> 5] & (1 << ((c) & 31))) +static krb5_ui_4 compexs[8192]; + +/* + * Struct for holding a composition pair, and array of composition pairs + */ +typedef struct { + krb5_ui_4 comp; + krb5_ui_4 count; + krb5_ui_4 code1; + krb5_ui_4 code2; +} _comp_t; + +static _comp_t *comps; +static krb5_ui_4 comps_used; + +/* + * Types and lists for handling lists of case mappings. + */ +typedef struct { + krb5_ui_4 key; + krb5_ui_4 other1; + krb5_ui_4 other2; +} _case_t; + +static _case_t *upper; +static _case_t *lower; +static _case_t *title; +static krb5_ui_4 upper_used; +static krb5_ui_4 upper_size; +static krb5_ui_4 lower_used; +static krb5_ui_4 lower_size; +static krb5_ui_4 title_used; +static krb5_ui_4 title_size; + +/* + * Array used to collect case mappings before adding them to a list. + */ +static krb5_ui_4 cases[3]; + +/* + * An array to hold ranges for combining classes. + */ +static krb5_ui_4 *ccl; +static krb5_ui_4 ccl_used; +static krb5_ui_4 ccl_size; + +/* + * Structures for handling numbers. + */ +typedef struct { + krb5_ui_4 code; + krb5_ui_4 idx; +} _codeidx_t; + +typedef struct { + short numerator; + short denominator; +} _num_t; + +/* + * Arrays to hold the mapping of codes to numbers. + */ +static _codeidx_t *ncodes; +static krb5_ui_4 ncodes_used; +static krb5_ui_4 ncodes_size; + +static _num_t *nums; +static krb5_ui_4 nums_used; +static krb5_ui_4 nums_size; + +/* + * Array for holding numbers. + */ +static _num_t *nums; +static krb5_ui_4 nums_used; +static krb5_ui_4 nums_size; + +static void +add_range(krb5_ui_4 start, krb5_ui_4 end, char *p1, char *p2) +{ + int i, j, k, len; + _ranges_t *rlp; + char *name; + + for (k = 0; k < 2; k++) { + if (k == 0) { + name = p1; + len = 2; + } else { + if (p2 == 0) + break; + + name = p2; + len = 1; + } + + for (i = 0; i < NUMPROPS; i++) { + if (props[i].len == len && memcmp(props[i].name, name, len) == 0) + break; + } + + if (i == NUMPROPS) + continue; + + rlp = &proptbl[i]; + + /* + * Resize the range list if necessary. + */ + if (rlp->used == rlp->size) { + if (rlp->size == 0) + rlp->ranges = (krb5_ui_4 *) + malloc(sizeof(krb5_ui_4) << 3); + else + rlp->ranges = (krb5_ui_4 *) + realloc((char *) rlp->ranges, + sizeof(krb5_ui_4) * (rlp->size + 8)); + rlp->size += 8; + } + + /* + * If this is the first code for this property list, just add it + * and return. + */ + if (rlp->used == 0) { + rlp->ranges[0] = start; + rlp->ranges[1] = end; + rlp->used += 2; + continue; + } + + /* + * Optimize the case of adding the range to the end. + */ + j = rlp->used - 1; + if (start > rlp->ranges[j]) { + j = rlp->used; + rlp->ranges[j++] = start; + rlp->ranges[j++] = end; + rlp->used = j; + continue; + } + + /* + * Need to locate the insertion point. + */ + for (i = 0; + i < rlp->used && start > rlp->ranges[i + 1] + 1; i += 2) ; + + /* + * If the start value lies in the current range, then simply set the + * new end point of the range to the end value passed as a parameter. + */ + if (rlp->ranges[i] <= start && start <= rlp->ranges[i + 1] + 1) { + rlp->ranges[i + 1] = end; + return; + } + + /* + * Shift following values up by two. + */ + for (j = rlp->used; j > i; j -= 2) { + rlp->ranges[j] = rlp->ranges[j - 2]; + rlp->ranges[j + 1] = rlp->ranges[j - 1]; + } + + /* + * Add the new range at the insertion point. + */ + rlp->ranges[i] = start; + rlp->ranges[i + 1] = end; + rlp->used += 2; + } +} + +static void +ordered_range_insert(krb5_ui_4 c, char *name, int len) +{ + int i, j; + krb5_ui_4 s, e; + _ranges_t *rlp; + + if (len == 0) + return; + + /* + * Deal with directionality codes introduced in Unicode 3.0. + */ + if ((len == 2 && memcmp(name, "BN", 2) == 0) || + (len == 3 && + (memcmp(name, "NSM", 3) == 0 || memcmp(name, "PDF", 3) == 0 || + memcmp(name, "LRE", 3) == 0 || memcmp(name, "LRO", 3) == 0 || + memcmp(name, "RLE", 3) == 0 || memcmp(name, "RLO", 3) == 0))) { + /* + * Mark all of these as Other Neutral to preserve compatibility with + * older versions. + */ + len = 2; + name = "ON"; + } + + for (i = 0; i < NUMPROPS; i++) { + if (props[i].len == len && memcmp(props[i].name, name, len) == 0) + break; + } + + if (i == NUMPROPS) + return; + + /* + * Have a match, so insert the code in order. + */ + rlp = &proptbl[i]; + + /* + * Resize the range list if necessary. + */ + if (rlp->used == rlp->size) { + if (rlp->size == 0) + rlp->ranges = (krb5_ui_4 *) + malloc(sizeof(krb5_ui_4) << 3); + else + rlp->ranges = (krb5_ui_4 *) + realloc((char *) rlp->ranges, + sizeof(krb5_ui_4) * (rlp->size + 8)); + rlp->size += 8; + } + + /* + * If this is the first code for this property list, just add it + * and return. + */ + if (rlp->used == 0) { + rlp->ranges[0] = rlp->ranges[1] = c; + rlp->used += 2; + return; + } + + /* + * Optimize the cases of extending the last range and adding new ranges to + * the end. + */ + j = rlp->used - 1; + e = rlp->ranges[j]; + s = rlp->ranges[j - 1]; + + if (c == e + 1) { + /* + * Extend the last range. + */ + rlp->ranges[j] = c; + return; + } + + if (c > e + 1) { + /* + * Start another range on the end. + */ + j = rlp->used; + rlp->ranges[j] = rlp->ranges[j + 1] = c; + rlp->used += 2; + return; + } + + if (c >= s) + /* + * The code is a duplicate of a code in the last range, so just return. + */ + return; + + /* + * The code should be inserted somewhere before the last range in the + * list. Locate the insertion point. + */ + for (i = 0; + i < rlp->used && c > rlp->ranges[i + 1] + 1; i += 2) ; + + s = rlp->ranges[i]; + e = rlp->ranges[i + 1]; + + if (c == e + 1) + /* + * Simply extend the current range. + */ + rlp->ranges[i + 1] = c; + else if (c < s) { + /* + * Add a new entry before the current location. Shift all entries + * before the current one up by one to make room. + */ + for (j = rlp->used; j > i; j -= 2) { + rlp->ranges[j] = rlp->ranges[j - 2]; + rlp->ranges[j + 1] = rlp->ranges[j - 1]; + } + rlp->ranges[i] = rlp->ranges[i + 1] = c; + + rlp->used += 2; + } +} + +static void +add_decomp(krb5_ui_4 code, short compat) +{ + krb5_ui_4 i, j, size; + _decomp_t **pdecomps; + krb5_ui_4 *pdecomps_used; + krb5_ui_4 *pdecomps_size; + + if (compat) { + pdecomps = &kdecomps; + pdecomps_used = &kdecomps_used; + pdecomps_size = &kdecomps_size; + } else { + pdecomps = &decomps; + pdecomps_used = &decomps_used; + pdecomps_size = &decomps_size; + } + + /* + * Add the code to the composite property. + */ + if (!compat) { + ordered_range_insert(code, "Cm", 2); + } + + /* + * Locate the insertion point for the code. + */ + for (i = 0; i < *pdecomps_used && code > (*pdecomps)[i].code; i++) ; + + /* + * Allocate space for a new decomposition. + */ + if (*pdecomps_used == *pdecomps_size) { + if (*pdecomps_size == 0) + *pdecomps = (_decomp_t *) malloc(sizeof(_decomp_t) << 3); + else + *pdecomps = (_decomp_t *) + realloc((char *) *pdecomps, + sizeof(_decomp_t) * (*pdecomps_size + 8)); + (void) memset((char *) (*pdecomps + *pdecomps_size), '\0', + sizeof(_decomp_t) << 3); + *pdecomps_size += 8; + } + + if (i < *pdecomps_used && code != (*pdecomps)[i].code) { + /* + * Shift the decomps up by one if the codes don't match. + */ + for (j = *pdecomps_used; j > i; j--) + (void) memcpy((char *) &(*pdecomps)[j], (char *) &(*pdecomps)[j - 1], + sizeof(_decomp_t)); + } + + /* + * Insert or replace a decomposition. + */ + size = dectmp_size + (4 - (dectmp_size & 3)); + if ((*pdecomps)[i].size < size) { + if ((*pdecomps)[i].size == 0) + (*pdecomps)[i].decomp = (krb5_ui_4 *) + malloc(sizeof(krb5_ui_4) * size); + else + (*pdecomps)[i].decomp = (krb5_ui_4 *) + realloc((char *) (*pdecomps)[i].decomp, + sizeof(krb5_ui_4) * size); + (*pdecomps)[i].size = size; + } + + if ((*pdecomps)[i].code != code) + (*pdecomps_used)++; + + (*pdecomps)[i].code = code; + (*pdecomps)[i].used = dectmp_size; + (void) memcpy((char *) (*pdecomps)[i].decomp, (char *) dectmp, + sizeof(krb5_ui_4) * dectmp_size); + + /* + * NOTICE: This needs changing later so it is more general than simply + * pairs. This calculation is done here to simplify allocation elsewhere. + */ + if (!compat && dectmp_size == 2) + comps_used++; +} + +static void +add_title(krb5_ui_4 code) +{ + krb5_ui_4 i, j; + + /* + * Always map the code to itself. + */ + cases[2] = code; + + if (title_used == title_size) { + if (title_size == 0) + title = (_case_t *) malloc(sizeof(_case_t) << 3); + else + title = (_case_t *) realloc((char *) title, + sizeof(_case_t) * (title_size + 8)); + title_size += 8; + } + + /* + * Locate the insertion point. + */ + for (i = 0; i < title_used && code > title[i].key; i++) ; + + if (i < title_used) { + /* + * Shift the array up by one. + */ + for (j = title_used; j > i; j--) + (void) memcpy((char *) &title[j], (char *) &title[j - 1], + sizeof(_case_t)); + } + + title[i].key = cases[2]; /* Title */ + title[i].other1 = cases[0]; /* Upper */ + title[i].other2 = cases[1]; /* Lower */ + + title_used++; +} + +static void +add_upper(krb5_ui_4 code) +{ + krb5_ui_4 i, j; + + /* + * Always map the code to itself. + */ + cases[0] = code; + + /* + * If the title case character is not present, then make it the same as + * the upper case. + */ + if (cases[2] == 0) + cases[2] = code; + + if (upper_used == upper_size) { + if (upper_size == 0) + upper = (_case_t *) malloc(sizeof(_case_t) << 3); + else + upper = (_case_t *) realloc((char *) upper, + sizeof(_case_t) * (upper_size + 8)); + upper_size += 8; + } + + /* + * Locate the insertion point. + */ + for (i = 0; i < upper_used && code > upper[i].key; i++) ; + + if (i < upper_used) { + /* + * Shift the array up by one. + */ + for (j = upper_used; j > i; j--) + (void) memcpy((char *) &upper[j], (char *) &upper[j - 1], + sizeof(_case_t)); + } + + upper[i].key = cases[0]; /* Upper */ + upper[i].other1 = cases[1]; /* Lower */ + upper[i].other2 = cases[2]; /* Title */ + + upper_used++; +} + +static void +add_lower(krb5_ui_4 code) +{ + krb5_ui_4 i, j; + + /* + * Always map the code to itself. + */ + cases[1] = code; + + /* + * If the title case character is empty, then make it the same as the + * upper case. + */ + if (cases[2] == 0) + cases[2] = cases[0]; + + if (lower_used == lower_size) { + if (lower_size == 0) + lower = (_case_t *) malloc(sizeof(_case_t) << 3); + else + lower = (_case_t *) realloc((char *) lower, + sizeof(_case_t) * (lower_size + 8)); + lower_size += 8; + } + + /* + * Locate the insertion point. + */ + for (i = 0; i < lower_used && code > lower[i].key; i++) ; + + if (i < lower_used) { + /* + * Shift the array up by one. + */ + for (j = lower_used; j > i; j--) + (void) memcpy((char *) &lower[j], (char *) &lower[j - 1], + sizeof(_case_t)); + } + + lower[i].key = cases[1]; /* Lower */ + lower[i].other1 = cases[0]; /* Upper */ + lower[i].other2 = cases[2]; /* Title */ + + lower_used++; +} + +static void +ordered_ccl_insert(krb5_ui_4 c, krb5_ui_4 ccl_code) +{ + krb5_ui_4 i, j; + + if (ccl_used == ccl_size) { + if (ccl_size == 0) + ccl = (krb5_ui_4 *) malloc(sizeof(krb5_ui_4) * 24); + else + ccl = (krb5_ui_4 *) + realloc((char *) ccl, sizeof(krb5_ui_4) * (ccl_size + 24)); + ccl_size += 24; + } + + /* + * Optimize adding the first item. + */ + if (ccl_used == 0) { + ccl[0] = ccl[1] = c; + ccl[2] = ccl_code; + ccl_used += 3; + return; + } + + /* + * Handle the special case of extending the range on the end. This + * requires that the combining class codes are the same. + */ + if (ccl_code == ccl[ccl_used - 1] && c == ccl[ccl_used - 2] + 1) { + ccl[ccl_used - 2] = c; + return; + } + + /* + * Handle the special case of adding another range on the end. + */ + if (c > ccl[ccl_used - 2] + 1 || + (c == ccl[ccl_used - 2] + 1 && ccl_code != ccl[ccl_used - 1])) { + ccl[ccl_used++] = c; + ccl[ccl_used++] = c; + ccl[ccl_used++] = ccl_code; + return; + } + + /* + * Locate either the insertion point or range for the code. + */ + for (i = 0; i < ccl_used && c > ccl[i + 1] + 1; i += 3) ; + + if (ccl_code == ccl[i + 2] && c == ccl[i + 1] + 1) { + /* + * Extend an existing range. + */ + ccl[i + 1] = c; + return; + } else if (c < ccl[i]) { + /* + * Start a new range before the current location. + */ + for (j = ccl_used; j > i; j -= 3) { + ccl[j] = ccl[j - 3]; + ccl[j - 1] = ccl[j - 4]; + ccl[j - 2] = ccl[j - 5]; + } + ccl[i] = ccl[i + 1] = c; + ccl[i + 2] = ccl_code; + } +} + +/* + * Adds a number if it does not already exist and returns an index value + * multiplied by 2. + */ +static krb5_ui_4 +make_number(short num, short denom) +{ + krb5_ui_4 n; + + /* + * Determine if the number already exists. + */ + for (n = 0; n < nums_used; n++) { + if (nums[n].numerator == num && nums[n].denominator == denom) + return n << 1; + } + + if (nums_used == nums_size) { + if (nums_size == 0) + nums = (_num_t *) malloc(sizeof(_num_t) << 3); + else + nums = (_num_t *) realloc((char *) nums, + sizeof(_num_t) * (nums_size + 8)); + nums_size += 8; + } + + n = nums_used++; + nums[n].numerator = num; + nums[n].denominator = denom; + + return n << 1; +} + +static void +add_number(krb5_ui_4 code, short num, short denom) +{ + krb5_ui_4 i, j; + + /* + * Insert the code in order. + */ + for (i = 0; i < ncodes_used && code > ncodes[i].code; i++) ; + + /* + * Handle the case of the codes matching and simply replace the number + * that was there before. + */ + if (i < ncodes_used && code == ncodes[i].code) { + ncodes[i].idx = make_number(num, denom); + return; + } + + /* + * Resize the array if necessary. + */ + if (ncodes_used == ncodes_size) { + if (ncodes_size == 0) + ncodes = (_codeidx_t *) malloc(sizeof(_codeidx_t) << 3); + else + ncodes = (_codeidx_t *) + realloc((char *) ncodes, sizeof(_codeidx_t) * (ncodes_size + 8)); + + ncodes_size += 8; + } + + /* + * Shift things around to insert the code if necessary. + */ + if (i < ncodes_used) { + for (j = ncodes_used; j > i; j--) { + ncodes[j].code = ncodes[j - 1].code; + ncodes[j].idx = ncodes[j - 1].idx; + } + } + ncodes[i].code = code; + ncodes[i].idx = make_number(num, denom); + + ncodes_used++; +} + +/* + * This routine assumes that the line is a valid Unicode Character Database + * entry. + */ +static void +read_cdata(FILE *in) +{ + krb5_ui_4 i, lineno, skip, code, ccl_code; + short wnum, neg, number[2], compat; + char line[512], *s, *e; + + lineno = skip = 0; + while (fgets(line, sizeof(line), in)) { + if( (s=strchr(line, '\n')) ) *s = '\0'; + lineno++; + + /* + * Skip blank lines and lines that start with a '#'. + */ + if (line[0] == 0 || line[0] == '#') + continue; + + /* + * If lines need to be skipped, do it here. + */ + if (skip) { + skip--; + continue; + } + + /* + * Collect the code. The code can be up to 6 hex digits in length to + * allow surrogates to be specified. + */ + for (s = line, i = code = 0; *s != ';' && i < 6; i++, s++) { + code <<= 4; + if (*s >= '0' && *s <= '9') + code += *s - '0'; + else if (*s >= 'A' && *s <= 'F') + code += (*s - 'A') + 10; + else if (*s >= 'a' && *s <= 'f') + code += (*s - 'a') + 10; + } + + /* + * Handle the following special cases: + * 1. 4E00-9FA5 CJK Ideographs. + * 2. AC00-D7A3 Hangul Syllables. + * 3. D800-DFFF Surrogates. + * 4. E000-F8FF Private Use Area. + * 5. F900-FA2D Han compatibility. + * ...Plus additional ranges in newer Unicode versions... + */ + switch (code) { + case 0x3400: + /* CJK Ideograph Extension A */ + add_range(0x3400, 0x4db5, "Lo", "L"); + + add_range(0x3400, 0x4db5, "Cp", 0); + + skip = 1; + break; + case 0x4e00: + /* + * The Han ideographs. + */ + add_range(0x4e00, 0x9fff, "Lo", "L"); + + /* + * Add the characters to the defined category. + */ + add_range(0x4e00, 0x9fa5, "Cp", 0); + + skip = 1; + break; + case 0xac00: + /* + * The Hangul syllables. + */ + add_range(0xac00, 0xd7a3, "Lo", "L"); + + /* + * Add the characters to the defined category. + */ + add_range(0xac00, 0xd7a3, "Cp", 0); + + skip = 1; + break; + case 0xd800: + /* + * Make a range of all surrogates and assume some default + * properties. + */ + add_range(0x010000, 0x10ffff, "Cs", "L"); + skip = 5; + break; + case 0xe000: + /* + * The Private Use area. Add with a default set of properties. + */ + add_range(0xe000, 0xf8ff, "Co", "L"); + skip = 1; + break; + case 0xf900: + /* + * The CJK compatibility area. + */ + add_range(0xf900, 0xfaff, "Lo", "L"); + + /* + * Add the characters to the defined category. + */ + add_range(0xf900, 0xfaff, "Cp", 0); + + skip = 1; + break; + case 0x20000: + /* CJK Ideograph Extension B */ + add_range(0x20000, 0x2a6d6, "Lo", "L"); + + add_range(0x20000, 0x2a6d6, "Cp", 0); + + skip = 1; + break; + case 0xf0000: + /* Plane 15 private use */ + add_range(0xf0000, 0xffffd, "Co", "L"); + skip = 1; + break; + + case 0x100000: + /* Plane 16 private use */ + add_range(0x100000, 0x10fffd, "Co", "L"); + skip = 1; + break; + } + + if (skip) + continue; + + /* + * Add the code to the defined category. + */ + ordered_range_insert(code, "Cp", 2); + + /* + * Locate the first character property field. + */ + for (i = 0; *s != 0 && i < 2; s++) { + if (*s == ';') + i++; + } + for (e = s; *e && *e != ';'; e++) ; + + ordered_range_insert(code, s, e - s); + + /* + * Locate the combining class code. + */ + for (s = e; *s != 0 && i < 3; s++) { + if (*s == ';') + i++; + } + + /* + * Convert the combining class code from decimal. + */ + for (ccl_code = 0, e = s; *e && *e != ';'; e++) + ccl_code = (ccl_code * 10) + (*e - '0'); + + /* + * Add the code if it not 0. + */ + if (ccl_code != 0) + ordered_ccl_insert(code, ccl_code); + + /* + * Locate the second character property field. + */ + for (s = e; *s != 0 && i < 4; s++) { + if (*s == ';') + i++; + } + for (e = s; *e && *e != ';'; e++) ; + + ordered_range_insert(code, s, e - s); + + /* + * Check for a decomposition. + */ + s = ++e; + if (*s != ';') { + compat = *s == '<'; + if (compat) { + /* + * Skip compatibility formatting tag. + */ + while (*s++ != '>'); + } + /* + * Collect the codes of the decomposition. + */ + for (dectmp_size = 0; *s != ';'; ) { + /* + * Skip all leading non-hex digits. + */ + while (!ishdigit(*s)) + s++; + + for (dectmp[dectmp_size] = 0; ishdigit(*s); s++) { + dectmp[dectmp_size] <<= 4; + if (*s >= '0' && *s <= '9') + dectmp[dectmp_size] += *s - '0'; + else if (*s >= 'A' && *s <= 'F') + dectmp[dectmp_size] += (*s - 'A') + 10; + else if (*s >= 'a' && *s <= 'f') + dectmp[dectmp_size] += (*s - 'a') + 10; + } + dectmp_size++; + } + + /* + * If there are any codes in the temporary decomposition array, + * then add the character with its decomposition. + */ + if (dectmp_size > 0) { + if (!compat) { + add_decomp(code, 0); + } + add_decomp(code, 1); + } + } + + /* + * Skip to the number field. + */ + for (i = 0; i < 3 && *s; s++) { + if (*s == ';') + i++; + } + + /* + * Scan the number in. + */ + number[0] = number[1] = 0; + for (e = s, neg = wnum = 0; *e && *e != ';'; e++) { + if (*e == '-') { + neg = 1; + continue; + } + + if (*e == '/') { + /* + * Move the the denominator of the fraction. + */ + if (neg) + number[wnum] *= -1; + neg = 0; + e++; + wnum++; + } + number[wnum] = (number[wnum] * 10) + (*e - '0'); + } + + if (e > s) { + /* + * Adjust the denominator in case of integers and add the number. + */ + if (wnum == 0) + number[1] = 1; + + add_number(code, number[0], number[1]); + } + + /* + * Skip to the start of the possible case mappings. + */ + for (s = e, i = 0; i < 4 && *s; s++) { + if (*s == ';') + i++; + } + + /* + * Collect the case mappings. + */ + cases[0] = cases[1] = cases[2] = 0; + for (i = 0; i < 3; i++) { + while (ishdigit(*s)) { + cases[i] <<= 4; + if (*s >= '0' && *s <= '9') + cases[i] += *s - '0'; + else if (*s >= 'A' && *s <= 'F') + cases[i] += (*s - 'A') + 10; + else if (*s >= 'a' && *s <= 'f') + cases[i] += (*s - 'a') + 10; + s++; + } + if (*s == ';') + s++; + } + if (cases[0] && cases[1]) + /* + * Add the upper and lower mappings for a title case character. + */ + add_title(code); + else if (cases[1]) + /* + * Add the lower and title case mappings for the upper case + * character. + */ + add_upper(code); + else if (cases[0]) + /* + * Add the upper and title case mappings for the lower case + * character. + */ + add_lower(code); + } +} + +static _decomp_t * +find_decomp(krb5_ui_4 code, short compat) +{ + long l, r, m; + _decomp_t *decs; + + l = 0; + r = (compat ? kdecomps_used : decomps_used) - 1; + decs = compat ? kdecomps : decomps; + while (l <= r) { + m = (l + r) >> 1; + if (code > decs[m].code) + l = m + 1; + else if (code < decs[m].code) + r = m - 1; + else + return &decs[m]; + } + return 0; +} + +static void +decomp_it(_decomp_t *d, short compat) +{ + krb5_ui_4 i; + _decomp_t *dp; + + for (i = 0; i < d->used; i++) { + if ((dp = find_decomp(d->decomp[i], compat)) != 0) + decomp_it(dp, compat); + else + dectmp[dectmp_size++] = d->decomp[i]; + } +} + +/* + * Expand all decompositions by recursively decomposing each character + * in the decomposition. + */ +static void +expand_decomp(void) +{ + krb5_ui_4 i; + + for (i = 0; i < decomps_used; i++) { + dectmp_size = 0; + decomp_it(&decomps[i], 0); + if (dectmp_size > 0) + add_decomp(decomps[i].code, 0); + } + + for (i = 0; i < kdecomps_used; i++) { + dectmp_size = 0; + decomp_it(&kdecomps[i], 1); + if (dectmp_size > 0) + add_decomp(kdecomps[i].code, 1); + } +} + +static int +cmpcomps(const void *v_comp1, const void *v_comp2) +{ + const _comp_t *comp1 = v_comp1, *comp2 = v_comp2; + long diff = comp1->code1 - comp2->code1; + + if (!diff) + diff = comp1->code2 - comp2->code2; + return (int) diff; +} + +/* + * Load composition exclusion data + */ +static void +read_compexdata(FILE *in) +{ + krb5_ui_2 i; + krb5_ui_4 code; + char line[512], *s; + + (void) memset((char *) compexs, 0, sizeof(compexs)); + + while (fgets(line, sizeof(line), in)) { + if( (s=strchr(line, '\n')) ) *s = '\0'; + /* + * Skip blank lines and lines that start with a '#'. + */ + if (line[0] == 0 || line[0] == '#') + continue; + + /* + * Collect the code. Assume max 6 digits + */ + + for (s = line, i = code = 0; *s != '#' && i < 6; i++, s++) { + if (isspace((unsigned char)*s)) break; + code <<= 4; + if (*s >= '0' && *s <= '9') + code += *s - '0'; + else if (*s >= 'A' && *s <= 'F') + code += (*s - 'A') + 10; + else if (*s >= 'a' && *s <= 'f') + code += (*s - 'a') + 10; + } + COMPEX_SET(code); + } +} + +/* + * Creates array of compositions from decomposition array + */ +static void +create_comps(void) +{ + krb5_ui_4 i, cu; + + comps = (_comp_t *) malloc(comps_used * sizeof(_comp_t)); + + for (i = cu = 0; i < decomps_used; i++) { + if (decomps[i].used != 2 || COMPEX_TEST(decomps[i].code)) + continue; + comps[cu].comp = decomps[i].code; + comps[cu].count = 2; + comps[cu].code1 = decomps[i].decomp[0]; + comps[cu].code2 = decomps[i].decomp[1]; + cu++; + } + comps_used = cu; + qsort(comps, comps_used, sizeof(_comp_t), cmpcomps); +} + +#if HARDCODE_DATA +static void +write_case(FILE *out, _case_t *tab, int num, int first) +{ + int i; + + for (i=0; i 0) { + for (j=0; j 0) + fwrite((char *) proptbl[i].ranges, sizeof(krb5_ui_4), + proptbl[i].used, out); + } + + fclose(out); +#endif + + /***************************************************************** + * + * Generate the case mapping data. + * + *****************************************************************/ + +#if HARDCODE_DATA + fprintf(out, PREF "krb5_ui_4 _uccase_size = %ld;\n\n", + (long) (upper_used + lower_used + title_used)); + + fprintf(out, PREF "krb5_ui_2 _uccase_len[2] = {%ld, %ld};\n\n", + (long) upper_used, (long) lower_used); + fprintf(out, PREF "krb5_ui_4 _uccase_map[] = {"); + + if (upper_used > 0) + /* + * Write the upper case table. + */ + write_case(out, upper, upper_used, 1); + + if (lower_used > 0) + /* + * Write the lower case table. + */ + write_case(out, lower, lower_used, !upper_used); + + if (title_used > 0) + /* + * Write the title case table. + */ + write_case(out, title, title_used, !(upper_used||lower_used)); + + if (!(upper_used || lower_used || title_used)) + fprintf(out, "\t0"); + + fprintf(out, "\n};\n\n"); +#else + /* + * Open the case.dat file. + */ + snprintf(path, sizeof path, "%s" LDAP_DIRSEP "case.dat", opath); + if ((out = fopen(path, "wb")) == 0) + return; + + /* + * Write the case mapping tables. + */ + hdr[1] = upper_used + lower_used + title_used; + casecnt[0] = upper_used; + casecnt[1] = lower_used; + + /* + * Write the header. + */ + fwrite((char *) hdr, sizeof(krb5_ui_2), 2, out); + + /* + * Write the upper and lower case table sizes. + */ + fwrite((char *) casecnt, sizeof(krb5_ui_2), 2, out); + + if (upper_used > 0) + /* + * Write the upper case table. + */ + fwrite((char *) upper, sizeof(_case_t), upper_used, out); + + if (lower_used > 0) + /* + * Write the lower case table. + */ + fwrite((char *) lower, sizeof(_case_t), lower_used, out); + + if (title_used > 0) + /* + * Write the title case table. + */ + fwrite((char *) title, sizeof(_case_t), title_used, out); + + fclose(out); +#endif + + /***************************************************************** + * + * Generate the composition data. + * + *****************************************************************/ + + /* + * Create compositions from decomposition data + */ + create_comps(); + +#if HARDCODE_DATA + fprintf(out, PREF "krb5_ui_4 _uccomp_size = %ld;\n\n", + comps_used * 4L); + + fprintf(out, PREF "krb5_ui_4 _uccomp_data[] = {"); + + /* + * Now, if comps exist, write them out. + */ + if (comps_used > 0) { + for (i=0; i 0) + fwrite((char *) comps, sizeof(_comp_t), comps_used, out); + + fclose(out); +#endif + + /***************************************************************** + * + * Generate the decomposition data. + * + *****************************************************************/ + + /* + * Fully expand all decompositions before generating the output file. + */ + expand_decomp(); + +#if HARDCODE_DATA + fprintf(out, PREF "krb5_ui_4 _ucdcmp_size = %ld;\n\n", + decomps_used * 2L); + + fprintf(out, PREF "krb5_ui_4 _ucdcmp_nodes[] = {"); + + if (decomps_used) { + /* + * Write the list of decomp nodes. + */ + for (i = idx = 0; i < decomps_used; i++) { + fprintf(out, "\n\t0x%08lx, 0x%08lx,", + (unsigned long) decomps[i].code, (unsigned long) idx); + idx += decomps[i].used; + } + + /* + * Write the sentinel index as the last decomp node. + */ + fprintf(out, "\n\t0x%08lx\n};\n\n", (unsigned long) idx); + + fprintf(out, PREF "krb5_ui_4 _ucdcmp_decomp[] = {"); + /* + * Write the decompositions themselves. + */ + k = 0; + for (i = 0; i < decomps_used; i++) + for (j=0; j 0) { + /* + * Write the combining class ranges out. + */ + for (i = 0; i 0) + /* + * Write the combining class ranges out. + */ + fwrite((char *) ccl, sizeof(krb5_ui_4), ccl_used, out); + + fclose(out); +#endif + + /***************************************************************** + * + * Generate the number data. + * + *****************************************************************/ + +#if HARDCODE_DATA + fprintf(out, PREF "krb5_ui_4 _ucnum_size = %lu;\n\n", + (unsigned long)ncodes_used<<1); + + fprintf(out, PREF "krb5_ui_4 _ucnum_nodes[] = {"); + + /* + * Now, if number mappings exist, write them out. + */ + if (ncodes_used > 0) { + for (i = 0; i 0) { + fwrite((char *) ncodes, sizeof(_codeidx_t), ncodes_used, out); + fwrite((char *) nums, sizeof(_num_t), nums_used, out); + } +#endif + + fclose(out); +} + +static void +usage(char *prog) +{ + fprintf(stderr, + "Usage: %s [-o output-directory|-x composition-exclusions]", prog); + fprintf(stderr, " datafile1 datafile2 ...\n\n"); + fprintf(stderr, + "-o output-directory\n\t\tWrite the output files to a different"); + fprintf(stderr, " directory (default: .).\n"); + fprintf(stderr, + "-x composition-exclusion\n\t\tFile of composition codes"); + fprintf(stderr, " that should be excluded.\n"); + exit(1); +} + +int +main(int argc, char *argv[]) +{ + FILE *in; + char *prog, *opath; + + prog = lutil_progname( "ucgendat", argc, argv ); + + opath = 0; + in = stdin; + + argc--; + argv++; + + while (argc > 0) { + if (argv[0][0] == '-') { + switch (argv[0][1]) { + case 'o': + argc--; + argv++; + opath = argv[0]; + break; + case 'x': + argc--; + argv++; + if ((in = fopen(argv[0], "r")) == 0) + fprintf(stderr, + "%s: unable to open composition exclusion file %s\n", + prog, argv[0]); + else { + read_compexdata(in); + fclose(in); + in = 0; + } + break; + default: + usage(prog); + } + } else { + if (in != stdin && in != NULL) + fclose(in); + if ((in = fopen(argv[0], "r")) == 0) + fprintf(stderr, "%s: unable to open ctype file %s\n", + prog, argv[0]); + else { + read_cdata(in); + fclose(in); + in = 0; + } + } + argc--; + argv++; + } + + if (opath == 0) + opath = "."; + write_cdata(opath); + + return 0; +} diff --git a/src/lib/krb5/unicode/ucdata/ucpgba.c b/src/lib/krb5/unicode/ucdata/ucpgba.c new file mode 100644 index 0000000000..6161611b07 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/ucpgba.c @@ -0,0 +1,752 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.c,v 1.9 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 2001 Computing Research Labs, New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: ucpgba.c,v 1.5 2001/01/02 18:46:20 mleisher Exp $ */ + +#include "k5-int.h" +#include "k5-utf8.h" +#include "k5-unicode.h" + +#include +#include + +#include "ucdata.h" +#include "ucpgba.h" + +/* + * These macros are used while reordering of RTL runs of text for the + * special case of non-spacing characters being in runs of weakly + * directional text. They check for weak and non-spacing, and digits and + * non-spacing. + */ +#define ISWEAKSPECIAL(cc) ucisprop(cc, UC_EN|UC_ES|UC_MN, UC_ET|UC_AN|UC_CS) +#define ISDIGITSPECIAL(cc) ucisprop(cc, UC_ND|UC_MN, 0) + +/* + * These macros are used while breaking a string into runs of text in + * different directions. Descriptions: + * + * ISLTR_LTR - Test for members of an LTR run in an LTR context. This looks + * for characters with ltr, non-spacing, weak, and neutral + * properties. + * + * ISRTL_RTL - Test for members of an RTL run in an RTL context. This looks + * for characters with rtl, non-spacing, weak, and neutral + * properties. + * + * ISRTL_NEUTRAL - Test for RTL or neutral characters. + * + * ISWEAK_NEUTRAL - Test for weak or neutral characters. + */ +#define ISLTR_LTR(cc) ucisprop(cc, UC_L|UC_MN|UC_EN|UC_ES,\ + UC_ET|UC_CS|UC_B|UC_S|UC_WS|UC_ON) + +#define ISRTL_RTL(cc) ucisprop(cc, UC_R|UC_MN|UC_EN|UC_ES,\ + UC_ET|UC_AN|UC_CS|UC_B|UC_S|UC_WS|UC_ON) + +#define ISRTL_NEUTRAL(cc) ucisprop(cc, UC_R, UC_B|UC_S|UC_WS|UC_ON) +#define ISWEAK_NEUTRAL(cc) ucisprop(cc, UC_EN|UC_ES, \ + UC_B|UC_S|UC_WS|UC_ON|UC_ET|UC_AN|UC_CS) + +/* + * This table is temporarily hard-coded here until it can be constructed + * automatically somehow. + */ +static unsigned long _symmetric_pairs[] = { + 0x0028, 0x0029, 0x0029, 0x0028, 0x003C, 0x003E, 0x003E, 0x003C, + 0x005B, 0x005D, 0x005D, 0x005B, 0x007B, 0x007D, 0x007D, 0x007B, + 0x2045, 0x2046, 0x2046, 0x2045, 0x207D, 0x207E, 0x207E, 0x207D, + 0x208D, 0x208E, 0x208E, 0x208D, 0x3008, 0x3009, 0x3009, 0x3008, + 0x300A, 0x300B, 0x300B, 0x300A, 0x300C, 0x300D, 0x300D, 0x300C, + 0x300E, 0x300F, 0x300F, 0x300E, 0x3010, 0x3011, 0x3011, 0x3010, + 0x3014, 0x3015, 0x3015, 0x3014, 0x3016, 0x3017, 0x3017, 0x3016, + 0x3018, 0x3019, 0x3019, 0x3018, 0x301A, 0x301B, 0x301B, 0x301A, + 0xFD3E, 0xFD3F, 0xFD3F, 0xFD3E, 0xFE59, 0xFE5A, 0xFE5A, 0xFE59, + 0xFE5B, 0xFE5C, 0xFE5C, 0xFE5B, 0xFE5D, 0xFE5E, 0xFE5E, 0xFE5D, + 0xFF08, 0xFF09, 0xFF09, 0xFF08, 0xFF3B, 0xFF3D, 0xFF3D, 0xFF3B, + 0xFF5B, 0xFF5D, 0xFF5D, 0xFF5B, 0xFF62, 0xFF63, 0xFF63, 0xFF62, +}; + +static int _symmetric_pairs_size = +sizeof(_symmetric_pairs)/sizeof(_symmetric_pairs[0]); + +/* + * This routine looks up the other form of a symmetric pair. + */ +static unsigned long +_ucsymmetric_pair(unsigned long c) +{ + int i; + + for (i = 0; i < _symmetric_pairs_size; i += 2) { + if (_symmetric_pairs[i] == c) + return _symmetric_pairs[i+1]; + } + return c; +} + +/* + * This routine creates a new run, copies the text into it, links it into the + * logical text order chain and returns it to the caller to be linked into + * the visual text order chain. + */ +static ucrun_t * +_add_run(ucstring_t *str, unsigned long *src, + unsigned long start, unsigned long end, int direction) +{ + long i, t; + ucrun_t *run; + + run = (ucrun_t *) malloc(sizeof(ucrun_t)); + run->visual_next = run->visual_prev = 0; + run->direction = direction; + + run->cursor = ~0; + + run->chars = (unsigned long *) + malloc(sizeof(unsigned long) * ((end - start) << 1)); + run->positions = run->chars + (end - start); + + run->source = src; + run->start = start; + run->end = end; + + if (direction == UCPGBA_RTL) { + /* + * Copy the source text into the run in reverse order and select + * replacements for the pairwise punctuation and the <> characters. + */ + for (i = 0, t = end - 1; start < end; start++, t--, i++) { + run->positions[i] = t; + if (ucissymmetric(src[t]) || src[t] == '<' || src[t] == '>') + run->chars[i] = _ucsymmetric_pair(src[t]); + else + run->chars[i] = src[t]; + } + } else { + /* + * Copy the source text into the run directly. + */ + for (i = start; i < end; i++) { + run->positions[i - start] = i; + run->chars[i - start] = src[i]; + } + } + + /* + * Add the run to the logical list for cursor traversal. + */ + if (str->logical_first == 0) + str->logical_first = str->logical_last = run; + else { + run->logical_prev = str->logical_last; + str->logical_last->logical_next = run; + str->logical_last = run; + } + + return run; +} + +static void +_ucadd_rtl_segment(ucstring_t *str, unsigned long *source, unsigned long start, + unsigned long end) +{ + unsigned long s, e; + ucrun_t *run, *lrun; + + /* + * This is used to splice runs into strings with overall LTR direction. + * The `lrun' variable will never be NULL because at least one LTR run was + * added before this RTL run. + */ + lrun = str->visual_last; + + for (e = s = start; s < end;) { + for (; e < end && ISRTL_NEUTRAL(source[e]); e++) ; + + if (e > s) { + run = _add_run(str, source, s, e, UCPGBA_RTL); + + /* + * Add the run to the visual list for cursor traversal. + */ + if (str->visual_first != 0) { + if (str->direction == UCPGBA_LTR) { + run->visual_prev = lrun; + run->visual_next = lrun->visual_next; + if (lrun->visual_next != 0) + lrun->visual_next->visual_prev = run; + lrun->visual_next = run; + if (lrun == str->visual_last) + str->visual_last = run; + } else { + run->visual_next = str->visual_first; + str->visual_first->visual_prev = run; + str->visual_first = run; + } + } else + str->visual_first = str->visual_last = run; + } + + /* + * Handle digits in a special way. This makes sure the weakly + * directional characters appear on the expected sides of a number + * depending on whether that number is Arabic or not. + */ + for (s = e; e < end && ISWEAKSPECIAL(source[e]); e++) { + if (!ISDIGITSPECIAL(source[e]) && + (e + 1 == end || !ISDIGITSPECIAL(source[e + 1]))) + break; + } + + if (e > s) { + run = _add_run(str, source, s, e, UCPGBA_LTR); + + /* + * Add the run to the visual list for cursor traversal. + */ + if (str->visual_first != 0) { + if (str->direction == UCPGBA_LTR) { + run->visual_prev = lrun; + run->visual_next = lrun->visual_next; + if (lrun->visual_next != 0) + lrun->visual_next->visual_prev = run; + lrun->visual_next = run; + if (lrun == str->visual_last) + str->visual_last = run; + } else { + run->visual_next = str->visual_first; + str->visual_first->visual_prev = run; + str->visual_first = run; + } + } else + str->visual_first = str->visual_last = run; + } + + /* + * Collect all weak non-digit sequences for an RTL segment. These + * will appear as part of the next RTL segment or will be added as + * an RTL segment by themselves. + */ + for (s = e; e < end && ucisweak(source[e]) && !ucisdigit(source[e]); + e++) ; + } + + /* + * Capture any weak non-digit sequences that occur at the end of the RTL + * run. + */ + if (e > s) { + run = _add_run(str, source, s, e, UCPGBA_RTL); + + /* + * Add the run to the visual list for cursor traversal. + */ + if (str->visual_first != 0) { + if (str->direction == UCPGBA_LTR) { + run->visual_prev = lrun; + run->visual_next = lrun->visual_next; + if (lrun->visual_next != 0) + lrun->visual_next->visual_prev = run; + lrun->visual_next = run; + if (lrun == str->visual_last) + str->visual_last = run; + } else { + run->visual_next = str->visual_first; + str->visual_first->visual_prev = run; + str->visual_first = run; + } + } else + str->visual_first = str->visual_last = run; + } +} + +static void +_ucadd_ltr_segment(ucstring_t *str, unsigned long *source, unsigned long start, + unsigned long end) +{ + ucrun_t *run; + + run = _add_run(str, source, start, end, UCPGBA_LTR); + + /* + * Add the run to the visual list for cursor traversal. + */ + if (str->visual_first != 0) { + if (str->direction == UCPGBA_LTR) { + run->visual_prev = str->visual_last; + str->visual_last->visual_next = run; + str->visual_last = run; + } else { + run->visual_next = str->visual_first; + str->visual_first->visual_prev = run; + str->visual_first = run; + } + } else + str->visual_first = str->visual_last = run; +} + +ucstring_t * +ucstring_create(unsigned long *source, unsigned long start, unsigned long end, + int default_direction, int cursor_motion) +{ + int rtl_first; + unsigned long s, e, ld; + ucstring_t *str; + + str = (ucstring_t *) malloc(sizeof(ucstring_t)); + + /* + * Set the initial values. + */ + str->cursor_motion = cursor_motion; + str->logical_first = str->logical_last = 0; + str->visual_first = str->visual_last = str->cursor = 0; + str->source = source; + str->start = start; + str->end = end; + + /* + * If the length of the string is 0, then just return it at this point. + */ + if (start == end) + return str; + + /* + * This flag indicates whether the collection loop for RTL is called + * before the LTR loop the first time. + */ + rtl_first = 0; + + /* + * Look for the first character in the string that has strong + * directionality. + */ + for (s = start; s < end && !ucisstrong(source[s]); s++) ; + + if (s == end) + /* + * If the string contains no characters with strong directionality, use + * the default direction. + */ + str->direction = default_direction; + else + str->direction = ucisrtl(source[s]) ? UCPGBA_RTL : UCPGBA_LTR; + + if (str->direction == UCPGBA_RTL) + /* + * Set the flag that causes the RTL collection loop to run first. + */ + rtl_first = 1; + + /* + * This loop now separates the string into runs based on directionality. + */ + for (s = e = 0; s < end; s = e) { + if (!rtl_first) { + /* + * Determine the next run of LTR text. + */ + + ld = s; + while (e < end && ISLTR_LTR(source[e])) { + if (ucisdigit(source[e]) && + !(0x660 <= source[e] && source[e] <= 0x669)) + ld = e; + e++; + } + if (str->direction != UCPGBA_LTR) { + while (e > ld && ISWEAK_NEUTRAL(source[e - 1])) + e--; + } + + /* + * Add the LTR segment to the string. + */ + if (e > s) + _ucadd_ltr_segment(str, source, s, e); + } + + /* + * Determine the next run of RTL text. + */ + ld = s = e; + while (e < end && ISRTL_RTL(source[e])) { + if (ucisdigit(source[e]) && + !(0x660 <= source[e] && source[e] <= 0x669)) + ld = e; + e++; + } + if (str->direction != UCPGBA_RTL) { + while (e > ld && ISWEAK_NEUTRAL(source[e - 1])) + e--; + } + + /* + * Add the RTL segment to the string. + */ + if (e > s) + _ucadd_rtl_segment(str, source, s, e); + + /* + * Clear the flag that allowed the RTL collection loop to run first + * for strings with overall RTL directionality. + */ + rtl_first = 0; + } + + /* + * Set up the initial cursor run. + */ + str->cursor = str->logical_first; + if (str != 0) + str->cursor->cursor = (str->cursor->direction == UCPGBA_RTL) ? + str->cursor->end - str->cursor->start : 0; + + return str; +} + +void +ucstring_free(ucstring_t *s) +{ + ucrun_t *l, *r; + + if (s == 0) + return; + + for (l = 0, r = s->visual_first; r != 0; r = r->visual_next) { + if (r->end > r->start) + free((char *) r->chars); + if (l) + free((char *) l); + l = r; + } + if (l) + free((char *) l); + + free((char *) s); +} + +int +ucstring_set_cursor_motion(ucstring_t *str, int cursor_motion) +{ + int n; + + if (str == 0) + return -1; + + n = str->cursor_motion; + str->cursor_motion = cursor_motion; + return n; +} + +static int +_ucstring_visual_cursor_right(ucstring_t *str, int count) +{ + int cnt = count; + unsigned long size; + ucrun_t *cursor; + + if (str == 0) + return 0; + + cursor = str->cursor; + while (cnt > 0) { + size = cursor->end - cursor->start; + if ((cursor->direction == UCPGBA_RTL && cursor->cursor + 1 == size) || + cursor->cursor + 1 > size) { + /* + * If the next run is NULL, then the cursor is already on the + * far right end already. + */ + if (cursor->visual_next == 0) + /* + * If movement occured, then report it. + */ + return (cnt != count); + + /* + * Move to the next run. + */ + str->cursor = cursor = cursor->visual_next; + cursor->cursor = (cursor->direction == UCPGBA_RTL) ? -1 : 0; + size = cursor->end - cursor->start; + } else + cursor->cursor++; + cnt--; + } + return 1; +} + +static int +_ucstring_logical_cursor_right(ucstring_t *str, int count) +{ + int cnt = count; + unsigned long size; + ucrun_t *cursor; + + if (str == 0) + return 0; + + cursor = str->cursor; + while (cnt > 0) { + size = cursor->end - cursor->start; + if (str->direction == UCPGBA_RTL) { + if (cursor->direction == UCPGBA_RTL) { + if (cursor->cursor + 1 == size) { + if (cursor == str->logical_first) + /* + * Already at the beginning of the string. + */ + return (cnt != count); + + str->cursor = cursor = cursor->logical_prev; + size = cursor->end - cursor->start; + cursor->cursor = (cursor->direction == UCPGBA_LTR) ? + size : 0; + } else + cursor->cursor++; + } else { + if (cursor->cursor == 0) { + if (cursor == str->logical_first) + /* + * At the beginning of the string already. + */ + return (cnt != count); + + str->cursor = cursor = cursor->logical_prev; + size = cursor->end - cursor->start; + cursor->cursor = (cursor->direction == UCPGBA_LTR) ? + size : 0; + } else + cursor->cursor--; + } + } else { + if (cursor->direction == UCPGBA_RTL) { + if (cursor->cursor == 0) { + if (cursor == str->logical_last) + /* + * Already at the end of the string. + */ + return (cnt != count); + + str->cursor = cursor = cursor->logical_next; + size = cursor->end - cursor->start; + cursor->cursor = (cursor->direction == UCPGBA_LTR) ? + 0 : size - 1; + } else + cursor->cursor--; + } else { + if (cursor->cursor + 1 > size) { + if (cursor == str->logical_last) + /* + * Already at the end of the string. + */ + return (cnt != count); + + str->cursor = cursor = cursor->logical_next; + cursor->cursor = (cursor->direction == UCPGBA_LTR) ? + 0 : size - 1; + } else + cursor->cursor++; + } + } + cnt--; + } + return 1; +} + +int +ucstring_cursor_right(ucstring_t *str, int count) +{ + if (str == 0) + return 0; + return (str->cursor_motion == UCPGBA_CURSOR_VISUAL) ? + _ucstring_visual_cursor_right(str, count) : + _ucstring_logical_cursor_right(str, count); +} + +static int +_ucstring_visual_cursor_left(ucstring_t *str, int count) +{ + int cnt = count; + unsigned long size; + ucrun_t *cursor; + + if (str == 0) + return 0; + + cursor = str->cursor; + while (cnt > 0) { + size = cursor->end - cursor->start; + if ((cursor->direction == UCPGBA_LTR && cursor->cursor == 0) || + cursor->cursor - 1 < -1) { + /* + * If the preceding run is NULL, then the cursor is already on the + * far left end already. + */ + if (cursor->visual_prev == 0) + /* + * If movement occured, then report it. + */ + return (cnt != count); + + /* + * Move to the previous run. + */ + str->cursor = cursor = cursor->visual_prev; + size = cursor->end - cursor->start; + cursor->cursor = (cursor->direction == UCPGBA_RTL) ? + size : size - 1; + } else + cursor->cursor--; + cnt--; + } + return 1; +} + +static int +_ucstring_logical_cursor_left(ucstring_t *str, int count) +{ + int cnt = count; + unsigned long size; + ucrun_t *cursor; + + if (str == 0) + return 0; + + cursor = str->cursor; + while (cnt > 0) { + size = cursor->end - cursor->start; + if (str->direction == UCPGBA_RTL) { + if (cursor->direction == UCPGBA_RTL) { + if (cursor->cursor == -1) { + if (cursor == str->logical_last) + /* + * Already at the end of the string. + */ + return (cnt != count); + + str->cursor = cursor = cursor->logical_next; + size = cursor->end - cursor->start; + cursor->cursor = (cursor->direction == UCPGBA_LTR) ? + 0 : size - 1; + } else + cursor->cursor--; + } else { + if (cursor->cursor + 1 > size) { + if (cursor == str->logical_last) + /* + * At the end of the string already. + */ + return (cnt != count); + + str->cursor = cursor = cursor->logical_next; + size = cursor->end - cursor->start; + cursor->cursor = (cursor->direction == UCPGBA_LTR) ? + 0 : size - 1; + } else + cursor->cursor++; + } + } else { + if (cursor->direction == UCPGBA_RTL) { + if (cursor->cursor + 1 == size) { + if (cursor == str->logical_first) + /* + * Already at the beginning of the string. + */ + return (cnt != count); + + str->cursor = cursor = cursor->logical_prev; + size = cursor->end - cursor->start; + cursor->cursor = (cursor->direction == UCPGBA_LTR) ? + size : 0; + } else + cursor->cursor++; + } else { + if (cursor->cursor == 0) { + if (cursor == str->logical_first) + /* + * Already at the beginning of the string. + */ + return (cnt != count); + + str->cursor = cursor = cursor->logical_prev; + cursor->cursor = (cursor->direction == UCPGBA_LTR) ? + size : 0; + } else + cursor->cursor--; + } + } + cnt--; + } + return 1; +} + +int +ucstring_cursor_left(ucstring_t *str, int count) +{ + if (str == 0) + return 0; + return (str->cursor_motion == UCPGBA_CURSOR_VISUAL) ? + _ucstring_visual_cursor_left(str, count) : + _ucstring_logical_cursor_left(str, count); +} + +void +ucstring_cursor_info(ucstring_t *str, int *direction, unsigned long *position) +{ + long c; + unsigned long size; + ucrun_t *cursor; + + if (str == 0 || direction == 0 || position == 0) + return; + + cursor = str->cursor; + + *direction = cursor->direction; + + c = cursor->cursor; + size = cursor->end - cursor->start; + + if (c == size) + *position = (cursor->direction == UCPGBA_RTL) ? + cursor->start : cursor->positions[c - 1]; + else if (c == -1) + *position = (cursor->direction == UCPGBA_RTL) ? + cursor->end : cursor->start; + else + *position = cursor->positions[c]; +} diff --git a/src/lib/krb5/unicode/ucdata/ucpgba.h b/src/lib/krb5/unicode/ucdata/ucpgba.h new file mode 100644 index 0000000000..0761e1d480 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/ucpgba.h @@ -0,0 +1,163 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ucdata/ucpgba.h,v 1.10 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 1999 Computing Research Labs, New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: ucpgba.h,v 1.4 1999/11/19 15:24:30 mleisher Exp $ */ + +#ifndef _h_ucpgba +#define _h_ucpgba + +#include "k5-int.h" + +/*************************************************************************** + * + * Macros and types. + * + ***************************************************************************/ + +/* + * These are the direction values that can appear in render runs and render + * strings. + */ +#define UCPGBA_LTR 0 +#define UCPGBA_RTL 1 + +/* + * These are the flags for cursor motion. + */ +#define UCPGBA_CURSOR_VISUAL 0 +#define UCPGBA_CURSOR_LOGICAL 1 + +/* + * This structure is used to contain runs of text in a particular direction. + */ +typedef struct _ucrun_t { + struct _ucrun_t *visual_prev; /* Pointer to the previous visual run. */ + struct _ucrun_t *visual_next; /* Pointer to the next visual run. */ + + struct _ucrun_t *logical_prev; /* Pointer to the previous logical run. */ + struct _ucrun_t *logical_next; /* Pointer to the next logical run. */ + + int direction; /* Direction of the run. */ + + long cursor; /* Position of "cursor" in the string. */ + + unsigned long *chars; /* List of characters for the run. */ + unsigned long *positions; /* List of original positions in source. */ + + unsigned long *source; /* The source string. */ + unsigned long start; /* Beginning offset in the source string. */ + unsigned long end; /* Ending offset in the source string. */ +} ucrun_t; + +/* + * This represents a string of runs rendered up to a point that is not + * platform specific. + */ +typedef struct _ucstring_t { + int direction; /* Overall direction of the string. */ + + int cursor_motion; /* Logical or visual cursor motion flag. */ + + ucrun_t *cursor; /* The run containing the "cursor." */ + + ucrun_t *logical_first; /* First run in the logical order. */ + ucrun_t *logical_last; /* Last run in the logical order. */ + + ucrun_t *visual_first; /* First run in the visual order. */ + ucrun_t *visual_last; /* Last run in the visual order. */ + + unsigned long *source; /* The source string. */ + unsigned long start; /* The beginning offset in the source. */ + unsigned long end; /* The ending offset in the source. */ +} ucstring_t; + +/*************************************************************************** + * + * API + * + ***************************************************************************/ + +/* + * This creates and reorders the specified substring using the + * "Pretty Good Bidi Algorithm." A default direction is provided for cases + * of a string containing no strong direction characters and the default + * cursor motion should be provided. + */ +ucstring_t * +ucstring_create (unsigned long *source, + unsigned long start, + unsigned long end, + int default_direction, + int cursor_motion); +/* + * This releases the string. + */ +void ucstring_free (ucstring_t *string); + +/* + * This changes the cursor motion flag for the string. + */ +int +ucstring_set_cursor_motion (ucstring_t *string, + int cursor_motion); + +/* + * This function will move the cursor to the right depending on the + * type of cursor motion that was specified for the string. + * + * A 0 is returned if no cursor motion is performed, otherwise a + * 1 is returned. + */ +int +ucstring_cursor_right (ucstring_t *string, int count); + +/* + * This function will move the cursor to the left depending on the + * type of cursor motion that was specified for the string. + * + * A 0 is returned if no cursor motion is performed, otherwise a + * 1 is returned. + */ +int +ucstring_cursor_left (ucstring_t *string, int count); + +/* + * This routine retrieves the direction of the run containing the cursor + * and the actual position in the original text string. + */ +void +ucstring_cursor_info (ucstring_t *string, int *direction, + unsigned long *position); + +#endif /* _h_ucpgba */ diff --git a/src/lib/krb5/unicode/ucdata/ucpgba.man b/src/lib/krb5/unicode/ucdata/ucpgba.man new file mode 100644 index 0000000000..4486509726 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/ucpgba.man @@ -0,0 +1,97 @@ +.\" +.\" $Id: ucpgba.man,v 1.1 1999/11/19 16:08:34 mleisher Exp $ +.\" +.TH ucpgba 3 "19 November 1999" +.SH NAME +ucpgba \- functions for doing bidirectional reordering of Unicode text and +logical and visual cursor motion + +.SH SYNOPSIS +.nf +#include +#include + +ucstring_t *ucstring_create(unsigned long *source, unsigned long start, + unsigned long end, int default_direction, + int cursor_motion) +.sp +void ucstring_free(ucstring_t *string) +.sp +int ucstring_set_cursor_motion(ucstring_t *string, int cursor_motion) +.sp +int ucstring_cursor_right(ucstring_t *string, int count) +.sp +int ucstring_cursor_left(ucstring_t *string, int count) +.sp +void ucstring_cursor_info(ucstring_t *string, int *direction, + unsigned long *position) + +.SH DESCRIPTION +.TP 4 +.BR Macros +UCPGBA_LTR +.br +UCPGBA_RTL +.br +UCPGBA_CURSOR_VISUAL +.br +UCPGBA_CURSOR_LOGICAL + +.TP 4 +.BR ucstring_create() +This function will create a reordered string by using the implicit +directionality of the characters in the specified substring. +.sp +The `default_direction' parameter should be one of UCPGBA_LTR or UCPGBA_RTL +and is used only in cases where a string contains no characters with strong +directionality. +.sp +The `cursor_motion' parameter should be one of UCPGBA_CURSOR_VISUAL or +UCPGBA_CURSOR_LOGICAL, and is used to specify the initial cursor motion +behavior. This behavior can be switched at any time using +ustring_set_cursor_motion(). + +.TP 4 +.BR ucstring_free() +This function will deallocate the memory used by the string, incuding the +string itself. + +.TP 4 +.BR ucstring_cursor_info() +This function will return the text position of the internal cursor and the +directionality of the text at that position. The position returned is the +original text position of the character. + +.TP 4 +.BR ucstring_set_cursor_motion() +This function will change the cursor motion type and return the previous +cursor motion type. + +.TP 4 +.BR ucstring_cursor_right() +This function will move the internal cursor to the right according to the +type of cursor motion set for the string. +.sp +If no cursor motion is performed, it returns 0. Otherwise it will return a 1. + +.TP 4 +.BR ucstring_cursor_left() +This function will move the internal cursor to the left according to the +type of cursor motion set for the string. +.sp +If no cursor motion is performed, it returns 0. Otherwise it will return a 1. + +.SH "SEE ALSO" +ucdata(3) + +.SH ACKNOWLEDGMENTS +These are people who have helped with patches or alerted me about problems. + +.SH AUTHOR +Mark Leisher +.br +Computing Research Lab +.br +New Mexico State University +.br +Email: mleisher@crl.nmsu.edu diff --git a/src/lib/krb5/unicode/ucdata/uctable.h b/src/lib/krb5/unicode/ucdata/uctable.h new file mode 100644 index 0000000000..19d334b4a4 --- /dev/null +++ b/src/lib/krb5/unicode/ucdata/uctable.h @@ -0,0 +1,14306 @@ +static const krb5_ui_4 _ucprop_size = 50; + +static const krb5_ui_2 _ucprop_offsets[] = { + 0x0000, 0x00d0, 0x0138, 0x0140, 0x016a, 0x0176, 0x019e, 0x01ac, + 0x01ae, 0x01b0, 0x01b4, 0x01cc, 0x01ce, 0xffff, 0x01d4, 0x051a, + 0x0862, 0x0876, 0x089e, 0x0a32, 0x0a40, 0x0a58, 0x0ad8, 0x0b54, + 0x0be0, 0x0c54, 0x0c6a, 0x0c96, 0x0d66, 0x0fee, 0x100a, 0x1020, + 0x1024, 0x1054, 0x1058, 0x106e, 0x1078, 0x107e, 0x108e, 0x1240, + 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x13e8, 0x16e4, + 0x16ee, 0x16f6, 0x1720, 0x0000 +}; + +static const krb5_ui_4 _ucprop_ranges[] = { + 0x00000300, 0x0000034f, 0x00000360, 0x0000036f, + 0x00000483, 0x00000486, 0x00000591, 0x000005a1, + 0x000005a3, 0x000005b9, 0x000005bb, 0x000005bd, + 0x000005bf, 0x000005bf, 0x000005c1, 0x000005c2, + 0x000005c4, 0x000005c4, 0x0000064b, 0x00000655, + 0x00000670, 0x00000670, 0x000006d6, 0x000006dc, + 0x000006df, 0x000006e4, 0x000006e7, 0x000006e8, + 0x000006ea, 0x000006ed, 0x00000711, 0x00000711, + 0x00000730, 0x0000074a, 0x000007a6, 0x000007b0, + 0x00000901, 0x00000902, 0x0000093c, 0x0000093c, + 0x00000941, 0x00000948, 0x0000094d, 0x0000094d, + 0x00000951, 0x00000954, 0x00000962, 0x00000963, + 0x00000981, 0x00000981, 0x000009bc, 0x000009bc, + 0x000009c1, 0x000009c4, 0x000009cd, 0x000009cd, + 0x000009e2, 0x000009e3, 0x00000a02, 0x00000a02, + 0x00000a3c, 0x00000a3c, 0x00000a41, 0x00000a42, + 0x00000a47, 0x00000a48, 0x00000a4b, 0x00000a4d, + 0x00000a70, 0x00000a71, 0x00000a81, 0x00000a82, + 0x00000abc, 0x00000abc, 0x00000ac1, 0x00000ac5, + 0x00000ac7, 0x00000ac8, 0x00000acd, 0x00000acd, + 0x00000b01, 0x00000b01, 0x00000b3c, 0x00000b3c, + 0x00000b3f, 0x00000b3f, 0x00000b41, 0x00000b43, + 0x00000b4d, 0x00000b4d, 0x00000b56, 0x00000b56, + 0x00000b82, 0x00000b82, 0x00000bc0, 0x00000bc0, + 0x00000bcd, 0x00000bcd, 0x00000c3e, 0x00000c40, + 0x00000c46, 0x00000c48, 0x00000c4a, 0x00000c4d, + 0x00000c55, 0x00000c56, 0x00000cbf, 0x00000cbf, + 0x00000cc6, 0x00000cc6, 0x00000ccc, 0x00000ccd, + 0x00000d41, 0x00000d43, 0x00000d4d, 0x00000d4d, + 0x00000dca, 0x00000dca, 0x00000dd2, 0x00000dd4, + 0x00000dd6, 0x00000dd6, 0x00000e31, 0x00000e31, + 0x00000e34, 0x00000e3a, 0x00000e47, 0x00000e4e, + 0x00000eb1, 0x00000eb1, 0x00000eb4, 0x00000eb9, + 0x00000ebb, 0x00000ebc, 0x00000ec8, 0x00000ecd, + 0x00000f18, 0x00000f19, 0x00000f35, 0x00000f35, + 0x00000f37, 0x00000f37, 0x00000f39, 0x00000f39, + 0x00000f71, 0x00000f7e, 0x00000f80, 0x00000f84, + 0x00000f86, 0x00000f87, 0x00000f90, 0x00000f97, + 0x00000f99, 0x00000fbc, 0x00000fc6, 0x00000fc6, + 0x0000102d, 0x00001030, 0x00001032, 0x00001032, + 0x00001036, 0x00001037, 0x00001039, 0x00001039, + 0x00001058, 0x00001059, 0x00001712, 0x00001714, + 0x00001732, 0x00001734, 0x00001752, 0x00001753, + 0x00001772, 0x00001773, 0x000017b7, 0x000017bd, + 0x000017c6, 0x000017c6, 0x000017c9, 0x000017d3, + 0x0000180b, 0x0000180d, 0x000018a9, 0x000018a9, + 0x000020d0, 0x000020dc, 0x000020e1, 0x000020e1, + 0x000020e5, 0x000020ea, 0x0000302a, 0x0000302f, + 0x00003099, 0x0000309a, 0x0000fb1e, 0x0000fb1e, + 0x0000fe00, 0x0000fe0f, 0x0000fe20, 0x0000fe23, + 0x0001d167, 0x0001d169, 0x0001d17b, 0x0001d182, + 0x0001d185, 0x0001d18b, 0x0001d1aa, 0x0001d1ad, + 0x00000903, 0x00000903, 0x0000093e, 0x00000940, + 0x00000949, 0x0000094c, 0x00000982, 0x00000983, + 0x000009be, 0x000009c0, 0x000009c7, 0x000009c8, + 0x000009cb, 0x000009cc, 0x000009d7, 0x000009d7, + 0x00000a3e, 0x00000a40, 0x00000a83, 0x00000a83, + 0x00000abe, 0x00000ac0, 0x00000ac9, 0x00000ac9, + 0x00000acb, 0x00000acc, 0x00000b02, 0x00000b03, + 0x00000b3e, 0x00000b3e, 0x00000b40, 0x00000b40, + 0x00000b47, 0x00000b48, 0x00000b4b, 0x00000b4c, + 0x00000b57, 0x00000b57, 0x00000bbe, 0x00000bbf, + 0x00000bc1, 0x00000bc2, 0x00000bc6, 0x00000bc8, + 0x00000bca, 0x00000bcc, 0x00000bd7, 0x00000bd7, + 0x00000c01, 0x00000c03, 0x00000c41, 0x00000c44, + 0x00000c82, 0x00000c83, 0x00000cbe, 0x00000cbe, + 0x00000cc0, 0x00000cc4, 0x00000cc7, 0x00000cc8, + 0x00000cca, 0x00000ccb, 0x00000cd5, 0x00000cd6, + 0x00000d02, 0x00000d03, 0x00000d3e, 0x00000d40, + 0x00000d46, 0x00000d48, 0x00000d4a, 0x00000d4c, + 0x00000d57, 0x00000d57, 0x00000d82, 0x00000d83, + 0x00000dcf, 0x00000dd1, 0x00000dd8, 0x00000ddf, + 0x00000df2, 0x00000df3, 0x00000f3e, 0x00000f3f, + 0x00000f7f, 0x00000f7f, 0x0000102c, 0x0000102c, + 0x00001031, 0x00001031, 0x00001038, 0x00001038, + 0x00001056, 0x00001057, 0x000017b4, 0x000017b6, + 0x000017be, 0x000017c5, 0x000017c7, 0x000017c8, + 0x0001d165, 0x0001d166, 0x0001d16d, 0x0001d172, + 0x00000488, 0x00000489, 0x000006de, 0x000006de, + 0x000020dd, 0x000020e0, 0x000020e2, 0x000020e4, + 0x00000030, 0x00000039, 0x00000660, 0x00000669, + 0x000006f0, 0x000006f9, 0x00000966, 0x0000096f, + 0x000009e6, 0x000009ef, 0x00000a66, 0x00000a6f, + 0x00000ae6, 0x00000aef, 0x00000b66, 0x00000b6f, + 0x00000be7, 0x00000bef, 0x00000c66, 0x00000c6f, + 0x00000ce6, 0x00000cef, 0x00000d66, 0x00000d6f, + 0x00000e50, 0x00000e59, 0x00000ed0, 0x00000ed9, + 0x00000f20, 0x00000f29, 0x00001040, 0x00001049, + 0x00001369, 0x00001371, 0x000017e0, 0x000017e9, + 0x00001810, 0x00001819, 0x0000ff10, 0x0000ff19, + 0x0001d7ce, 0x0001d7ff, 0x000016ee, 0x000016f0, + 0x00002160, 0x00002183, 0x00003007, 0x00003007, + 0x00003021, 0x00003029, 0x00003038, 0x0000303a, + 0x0001034a, 0x0001034a, 0x000000b2, 0x000000b3, + 0x000000b9, 0x000000b9, 0x000000bc, 0x000000be, + 0x000009f4, 0x000009f9, 0x00000bf0, 0x00000bf2, + 0x00000f2a, 0x00000f33, 0x00001372, 0x0000137c, + 0x00002070, 0x00002070, 0x00002074, 0x00002079, + 0x00002080, 0x00002089, 0x00002153, 0x0000215f, + 0x00002460, 0x0000249b, 0x000024ea, 0x000024fe, + 0x00002776, 0x00002793, 0x00003192, 0x00003195, + 0x00003220, 0x00003229, 0x00003251, 0x0000325f, + 0x00003280, 0x00003289, 0x000032b1, 0x000032bf, + 0x00010320, 0x00010323, 0x00000020, 0x00000020, + 0x000000a0, 0x000000a0, 0x00001680, 0x00001680, + 0x00002000, 0x0000200b, 0x0000202f, 0x0000202f, + 0x0000205f, 0x0000205f, 0x00003000, 0x00003000, + 0x00002028, 0x00002028, 0x00002029, 0x00002029, + 0x00000000, 0x0000001f, 0x0000007f, 0x0000009f, + 0x000006dd, 0x000006dd, 0x0000070f, 0x0000070f, + 0x0000180e, 0x0000180e, 0x0000200c, 0x0000200f, + 0x0000202a, 0x0000202e, 0x00002060, 0x00002063, + 0x0000206a, 0x0000206f, 0x0000feff, 0x0000feff, + 0x0000fff9, 0x0000fffb, 0x0001d173, 0x0001d17a, + 0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f, + 0x00010000, 0x0010ffff, 0x0000e000, 0x0000f8ff, + 0x000f0000, 0x000ffffd, 0x00100000, 0x0010fffd, + 0x00000041, 0x0000005a, 0x000000c0, 0x000000d6, + 0x000000d8, 0x000000de, 0x00000100, 0x00000100, + 0x00000102, 0x00000102, 0x00000104, 0x00000104, + 0x00000106, 0x00000106, 0x00000108, 0x00000108, + 0x0000010a, 0x0000010a, 0x0000010c, 0x0000010c, + 0x0000010e, 0x0000010e, 0x00000110, 0x00000110, + 0x00000112, 0x00000112, 0x00000114, 0x00000114, + 0x00000116, 0x00000116, 0x00000118, 0x00000118, + 0x0000011a, 0x0000011a, 0x0000011c, 0x0000011c, + 0x0000011e, 0x0000011e, 0x00000120, 0x00000120, + 0x00000122, 0x00000122, 0x00000124, 0x00000124, + 0x00000126, 0x00000126, 0x00000128, 0x00000128, + 0x0000012a, 0x0000012a, 0x0000012c, 0x0000012c, + 0x0000012e, 0x0000012e, 0x00000130, 0x00000130, + 0x00000132, 0x00000132, 0x00000134, 0x00000134, + 0x00000136, 0x00000136, 0x00000139, 0x00000139, + 0x0000013b, 0x0000013b, 0x0000013d, 0x0000013d, + 0x0000013f, 0x0000013f, 0x00000141, 0x00000141, + 0x00000143, 0x00000143, 0x00000145, 0x00000145, + 0x00000147, 0x00000147, 0x0000014a, 0x0000014a, + 0x0000014c, 0x0000014c, 0x0000014e, 0x0000014e, + 0x00000150, 0x00000150, 0x00000152, 0x00000152, + 0x00000154, 0x00000154, 0x00000156, 0x00000156, + 0x00000158, 0x00000158, 0x0000015a, 0x0000015a, + 0x0000015c, 0x0000015c, 0x0000015e, 0x0000015e, + 0x00000160, 0x00000160, 0x00000162, 0x00000162, + 0x00000164, 0x00000164, 0x00000166, 0x00000166, + 0x00000168, 0x00000168, 0x0000016a, 0x0000016a, + 0x0000016c, 0x0000016c, 0x0000016e, 0x0000016e, + 0x00000170, 0x00000170, 0x00000172, 0x00000172, + 0x00000174, 0x00000174, 0x00000176, 0x00000176, + 0x00000178, 0x00000179, 0x0000017b, 0x0000017b, + 0x0000017d, 0x0000017d, 0x00000181, 0x00000182, + 0x00000184, 0x00000184, 0x00000186, 0x00000187, + 0x00000189, 0x0000018b, 0x0000018e, 0x00000191, + 0x00000193, 0x00000194, 0x00000196, 0x00000198, + 0x0000019c, 0x0000019d, 0x0000019f, 0x000001a0, + 0x000001a2, 0x000001a2, 0x000001a4, 0x000001a4, + 0x000001a6, 0x000001a7, 0x000001a9, 0x000001a9, + 0x000001ac, 0x000001ac, 0x000001ae, 0x000001af, + 0x000001b1, 0x000001b3, 0x000001b5, 0x000001b5, + 0x000001b7, 0x000001b8, 0x000001bc, 0x000001bc, + 0x000001c4, 0x000001c4, 0x000001c7, 0x000001c7, + 0x000001ca, 0x000001ca, 0x000001cd, 0x000001cd, + 0x000001cf, 0x000001cf, 0x000001d1, 0x000001d1, + 0x000001d3, 0x000001d3, 0x000001d5, 0x000001d5, + 0x000001d7, 0x000001d7, 0x000001d9, 0x000001d9, + 0x000001db, 0x000001db, 0x000001de, 0x000001de, + 0x000001e0, 0x000001e0, 0x000001e2, 0x000001e2, + 0x000001e4, 0x000001e4, 0x000001e6, 0x000001e6, + 0x000001e8, 0x000001e8, 0x000001ea, 0x000001ea, + 0x000001ec, 0x000001ec, 0x000001ee, 0x000001ee, + 0x000001f1, 0x000001f1, 0x000001f4, 0x000001f4, + 0x000001f6, 0x000001f8, 0x000001fa, 0x000001fa, + 0x000001fc, 0x000001fc, 0x000001fe, 0x000001fe, + 0x00000200, 0x00000200, 0x00000202, 0x00000202, + 0x00000204, 0x00000204, 0x00000206, 0x00000206, + 0x00000208, 0x00000208, 0x0000020a, 0x0000020a, + 0x0000020c, 0x0000020c, 0x0000020e, 0x0000020e, + 0x00000210, 0x00000210, 0x00000212, 0x00000212, + 0x00000214, 0x00000214, 0x00000216, 0x00000216, + 0x00000218, 0x00000218, 0x0000021a, 0x0000021a, + 0x0000021c, 0x0000021c, 0x0000021e, 0x0000021e, + 0x00000220, 0x00000220, 0x00000222, 0x00000222, + 0x00000224, 0x00000224, 0x00000226, 0x00000226, + 0x00000228, 0x00000228, 0x0000022a, 0x0000022a, + 0x0000022c, 0x0000022c, 0x0000022e, 0x0000022e, + 0x00000230, 0x00000230, 0x00000232, 0x00000232, + 0x00000386, 0x00000386, 0x00000388, 0x0000038a, + 0x0000038c, 0x0000038c, 0x0000038e, 0x0000038f, + 0x00000391, 0x000003a1, 0x000003a3, 0x000003ab, + 0x000003d2, 0x000003d4, 0x000003d8, 0x000003d8, + 0x000003da, 0x000003da, 0x000003dc, 0x000003dc, + 0x000003de, 0x000003de, 0x000003e0, 0x000003e0, + 0x000003e2, 0x000003e2, 0x000003e4, 0x000003e4, + 0x000003e6, 0x000003e6, 0x000003e8, 0x000003e8, + 0x000003ea, 0x000003ea, 0x000003ec, 0x000003ec, + 0x000003ee, 0x000003ee, 0x000003f4, 0x000003f4, + 0x00000400, 0x0000042f, 0x00000460, 0x00000460, + 0x00000462, 0x00000462, 0x00000464, 0x00000464, + 0x00000466, 0x00000466, 0x00000468, 0x00000468, + 0x0000046a, 0x0000046a, 0x0000046c, 0x0000046c, + 0x0000046e, 0x0000046e, 0x00000470, 0x00000470, + 0x00000472, 0x00000472, 0x00000474, 0x00000474, + 0x00000476, 0x00000476, 0x00000478, 0x00000478, + 0x0000047a, 0x0000047a, 0x0000047c, 0x0000047c, + 0x0000047e, 0x0000047e, 0x00000480, 0x00000480, + 0x0000048a, 0x0000048a, 0x0000048c, 0x0000048c, + 0x0000048e, 0x0000048e, 0x00000490, 0x00000490, + 0x00000492, 0x00000492, 0x00000494, 0x00000494, + 0x00000496, 0x00000496, 0x00000498, 0x00000498, + 0x0000049a, 0x0000049a, 0x0000049c, 0x0000049c, + 0x0000049e, 0x0000049e, 0x000004a0, 0x000004a0, + 0x000004a2, 0x000004a2, 0x000004a4, 0x000004a4, + 0x000004a6, 0x000004a6, 0x000004a8, 0x000004a8, + 0x000004aa, 0x000004aa, 0x000004ac, 0x000004ac, + 0x000004ae, 0x000004ae, 0x000004b0, 0x000004b0, + 0x000004b2, 0x000004b2, 0x000004b4, 0x000004b4, + 0x000004b6, 0x000004b6, 0x000004b8, 0x000004b8, + 0x000004ba, 0x000004ba, 0x000004bc, 0x000004bc, + 0x000004be, 0x000004be, 0x000004c0, 0x000004c1, + 0x000004c3, 0x000004c3, 0x000004c5, 0x000004c5, + 0x000004c7, 0x000004c7, 0x000004c9, 0x000004c9, + 0x000004cb, 0x000004cb, 0x000004cd, 0x000004cd, + 0x000004d0, 0x000004d0, 0x000004d2, 0x000004d2, + 0x000004d4, 0x000004d4, 0x000004d6, 0x000004d6, + 0x000004d8, 0x000004d8, 0x000004da, 0x000004da, + 0x000004dc, 0x000004dc, 0x000004de, 0x000004de, + 0x000004e0, 0x000004e0, 0x000004e2, 0x000004e2, + 0x000004e4, 0x000004e4, 0x000004e6, 0x000004e6, + 0x000004e8, 0x000004e8, 0x000004ea, 0x000004ea, + 0x000004ec, 0x000004ec, 0x000004ee, 0x000004ee, + 0x000004f0, 0x000004f0, 0x000004f2, 0x000004f2, + 0x000004f4, 0x000004f4, 0x000004f8, 0x000004f8, + 0x00000500, 0x00000500, 0x00000502, 0x00000502, + 0x00000504, 0x00000504, 0x00000506, 0x00000506, + 0x00000508, 0x00000508, 0x0000050a, 0x0000050a, + 0x0000050c, 0x0000050c, 0x0000050e, 0x0000050e, + 0x00000531, 0x00000556, 0x000010a0, 0x000010c5, + 0x00001e00, 0x00001e00, 0x00001e02, 0x00001e02, + 0x00001e04, 0x00001e04, 0x00001e06, 0x00001e06, + 0x00001e08, 0x00001e08, 0x00001e0a, 0x00001e0a, + 0x00001e0c, 0x00001e0c, 0x00001e0e, 0x00001e0e, + 0x00001e10, 0x00001e10, 0x00001e12, 0x00001e12, + 0x00001e14, 0x00001e14, 0x00001e16, 0x00001e16, + 0x00001e18, 0x00001e18, 0x00001e1a, 0x00001e1a, + 0x00001e1c, 0x00001e1c, 0x00001e1e, 0x00001e1e, + 0x00001e20, 0x00001e20, 0x00001e22, 0x00001e22, + 0x00001e24, 0x00001e24, 0x00001e26, 0x00001e26, + 0x00001e28, 0x00001e28, 0x00001e2a, 0x00001e2a, + 0x00001e2c, 0x00001e2c, 0x00001e2e, 0x00001e2e, + 0x00001e30, 0x00001e30, 0x00001e32, 0x00001e32, + 0x00001e34, 0x00001e34, 0x00001e36, 0x00001e36, + 0x00001e38, 0x00001e38, 0x00001e3a, 0x00001e3a, + 0x00001e3c, 0x00001e3c, 0x00001e3e, 0x00001e3e, + 0x00001e40, 0x00001e40, 0x00001e42, 0x00001e42, + 0x00001e44, 0x00001e44, 0x00001e46, 0x00001e46, + 0x00001e48, 0x00001e48, 0x00001e4a, 0x00001e4a, + 0x00001e4c, 0x00001e4c, 0x00001e4e, 0x00001e4e, + 0x00001e50, 0x00001e50, 0x00001e52, 0x00001e52, + 0x00001e54, 0x00001e54, 0x00001e56, 0x00001e56, + 0x00001e58, 0x00001e58, 0x00001e5a, 0x00001e5a, + 0x00001e5c, 0x00001e5c, 0x00001e5e, 0x00001e5e, + 0x00001e60, 0x00001e60, 0x00001e62, 0x00001e62, + 0x00001e64, 0x00001e64, 0x00001e66, 0x00001e66, + 0x00001e68, 0x00001e68, 0x00001e6a, 0x00001e6a, + 0x00001e6c, 0x00001e6c, 0x00001e6e, 0x00001e6e, + 0x00001e70, 0x00001e70, 0x00001e72, 0x00001e72, + 0x00001e74, 0x00001e74, 0x00001e76, 0x00001e76, + 0x00001e78, 0x00001e78, 0x00001e7a, 0x00001e7a, + 0x00001e7c, 0x00001e7c, 0x00001e7e, 0x00001e7e, + 0x00001e80, 0x00001e80, 0x00001e82, 0x00001e82, + 0x00001e84, 0x00001e84, 0x00001e86, 0x00001e86, + 0x00001e88, 0x00001e88, 0x00001e8a, 0x00001e8a, + 0x00001e8c, 0x00001e8c, 0x00001e8e, 0x00001e8e, + 0x00001e90, 0x00001e90, 0x00001e92, 0x00001e92, + 0x00001e94, 0x00001e94, 0x00001ea0, 0x00001ea0, + 0x00001ea2, 0x00001ea2, 0x00001ea4, 0x00001ea4, + 0x00001ea6, 0x00001ea6, 0x00001ea8, 0x00001ea8, + 0x00001eaa, 0x00001eaa, 0x00001eac, 0x00001eac, + 0x00001eae, 0x00001eae, 0x00001eb0, 0x00001eb0, + 0x00001eb2, 0x00001eb2, 0x00001eb4, 0x00001eb4, + 0x00001eb6, 0x00001eb6, 0x00001eb8, 0x00001eb8, + 0x00001eba, 0x00001eba, 0x00001ebc, 0x00001ebc, + 0x00001ebe, 0x00001ebe, 0x00001ec0, 0x00001ec0, + 0x00001ec2, 0x00001ec2, 0x00001ec4, 0x00001ec4, + 0x00001ec6, 0x00001ec6, 0x00001ec8, 0x00001ec8, + 0x00001eca, 0x00001eca, 0x00001ecc, 0x00001ecc, + 0x00001ece, 0x00001ece, 0x00001ed0, 0x00001ed0, + 0x00001ed2, 0x00001ed2, 0x00001ed4, 0x00001ed4, + 0x00001ed6, 0x00001ed6, 0x00001ed8, 0x00001ed8, + 0x00001eda, 0x00001eda, 0x00001edc, 0x00001edc, + 0x00001ede, 0x00001ede, 0x00001ee0, 0x00001ee0, + 0x00001ee2, 0x00001ee2, 0x00001ee4, 0x00001ee4, + 0x00001ee6, 0x00001ee6, 0x00001ee8, 0x00001ee8, + 0x00001eea, 0x00001eea, 0x00001eec, 0x00001eec, + 0x00001eee, 0x00001eee, 0x00001ef0, 0x00001ef0, + 0x00001ef2, 0x00001ef2, 0x00001ef4, 0x00001ef4, + 0x00001ef6, 0x00001ef6, 0x00001ef8, 0x00001ef8, + 0x00001f08, 0x00001f0f, 0x00001f18, 0x00001f1d, + 0x00001f28, 0x00001f2f, 0x00001f38, 0x00001f3f, + 0x00001f48, 0x00001f4d, 0x00001f59, 0x00001f59, + 0x00001f5b, 0x00001f5b, 0x00001f5d, 0x00001f5d, + 0x00001f5f, 0x00001f5f, 0x00001f68, 0x00001f6f, + 0x00001fb8, 0x00001fbb, 0x00001fc8, 0x00001fcb, + 0x00001fd8, 0x00001fdb, 0x00001fe8, 0x00001fec, + 0x00001ff8, 0x00001ffb, 0x00002102, 0x00002102, + 0x00002107, 0x00002107, 0x0000210b, 0x0000210d, + 0x00002110, 0x00002112, 0x00002115, 0x00002115, + 0x00002119, 0x0000211d, 0x00002124, 0x00002124, + 0x00002126, 0x00002126, 0x00002128, 0x00002128, + 0x0000212a, 0x0000212d, 0x00002130, 0x00002131, + 0x00002133, 0x00002133, 0x0000213e, 0x0000213f, + 0x00002145, 0x00002145, 0x0000ff21, 0x0000ff3a, + 0x00010400, 0x00010425, 0x0001d400, 0x0001d419, + 0x0001d434, 0x0001d44d, 0x0001d468, 0x0001d481, + 0x0001d49c, 0x0001d49c, 0x0001d49e, 0x0001d49f, + 0x0001d4a2, 0x0001d4a2, 0x0001d4a5, 0x0001d4a6, + 0x0001d4a9, 0x0001d4ac, 0x0001d4ae, 0x0001d4b5, + 0x0001d4d0, 0x0001d4e9, 0x0001d504, 0x0001d505, + 0x0001d507, 0x0001d50a, 0x0001d50d, 0x0001d514, + 0x0001d516, 0x0001d51c, 0x0001d538, 0x0001d539, + 0x0001d53b, 0x0001d53e, 0x0001d540, 0x0001d544, + 0x0001d546, 0x0001d546, 0x0001d54a, 0x0001d550, + 0x0001d56c, 0x0001d585, 0x0001d5a0, 0x0001d5b9, + 0x0001d5d4, 0x0001d5ed, 0x0001d608, 0x0001d621, + 0x0001d63c, 0x0001d655, 0x0001d670, 0x0001d689, + 0x0001d6a8, 0x0001d6c0, 0x0001d6e2, 0x0001d6fa, + 0x0001d71c, 0x0001d734, 0x0001d756, 0x0001d76e, + 0x0001d790, 0x0001d7a8, 0x00000061, 0x0000007a, + 0x000000aa, 0x000000aa, 0x000000b5, 0x000000b5, + 0x000000ba, 0x000000ba, 0x000000df, 0x000000f6, + 0x000000f8, 0x000000ff, 0x00000101, 0x00000101, + 0x00000103, 0x00000103, 0x00000105, 0x00000105, + 0x00000107, 0x00000107, 0x00000109, 0x00000109, + 0x0000010b, 0x0000010b, 0x0000010d, 0x0000010d, + 0x0000010f, 0x0000010f, 0x00000111, 0x00000111, + 0x00000113, 0x00000113, 0x00000115, 0x00000115, + 0x00000117, 0x00000117, 0x00000119, 0x00000119, + 0x0000011b, 0x0000011b, 0x0000011d, 0x0000011d, + 0x0000011f, 0x0000011f, 0x00000121, 0x00000121, + 0x00000123, 0x00000123, 0x00000125, 0x00000125, + 0x00000127, 0x00000127, 0x00000129, 0x00000129, + 0x0000012b, 0x0000012b, 0x0000012d, 0x0000012d, + 0x0000012f, 0x0000012f, 0x00000131, 0x00000131, + 0x00000133, 0x00000133, 0x00000135, 0x00000135, + 0x00000137, 0x00000138, 0x0000013a, 0x0000013a, + 0x0000013c, 0x0000013c, 0x0000013e, 0x0000013e, + 0x00000140, 0x00000140, 0x00000142, 0x00000142, + 0x00000144, 0x00000144, 0x00000146, 0x00000146, + 0x00000148, 0x00000149, 0x0000014b, 0x0000014b, + 0x0000014d, 0x0000014d, 0x0000014f, 0x0000014f, + 0x00000151, 0x00000151, 0x00000153, 0x00000153, + 0x00000155, 0x00000155, 0x00000157, 0x00000157, + 0x00000159, 0x00000159, 0x0000015b, 0x0000015b, + 0x0000015d, 0x0000015d, 0x0000015f, 0x0000015f, + 0x00000161, 0x00000161, 0x00000163, 0x00000163, + 0x00000165, 0x00000165, 0x00000167, 0x00000167, + 0x00000169, 0x00000169, 0x0000016b, 0x0000016b, + 0x0000016d, 0x0000016d, 0x0000016f, 0x0000016f, + 0x00000171, 0x00000171, 0x00000173, 0x00000173, + 0x00000175, 0x00000175, 0x00000177, 0x00000177, + 0x0000017a, 0x0000017a, 0x0000017c, 0x0000017c, + 0x0000017e, 0x00000180, 0x00000183, 0x00000183, + 0x00000185, 0x00000185, 0x00000188, 0x00000188, + 0x0000018c, 0x0000018d, 0x00000192, 0x00000192, + 0x00000195, 0x00000195, 0x00000199, 0x0000019b, + 0x0000019e, 0x0000019e, 0x000001a1, 0x000001a1, + 0x000001a3, 0x000001a3, 0x000001a5, 0x000001a5, + 0x000001a8, 0x000001a8, 0x000001aa, 0x000001ab, + 0x000001ad, 0x000001ad, 0x000001b0, 0x000001b0, + 0x000001b4, 0x000001b4, 0x000001b6, 0x000001b6, + 0x000001b9, 0x000001ba, 0x000001bd, 0x000001bf, + 0x000001c6, 0x000001c6, 0x000001c9, 0x000001c9, + 0x000001cc, 0x000001cc, 0x000001ce, 0x000001ce, + 0x000001d0, 0x000001d0, 0x000001d2, 0x000001d2, + 0x000001d4, 0x000001d4, 0x000001d6, 0x000001d6, + 0x000001d8, 0x000001d8, 0x000001da, 0x000001da, + 0x000001dc, 0x000001dd, 0x000001df, 0x000001df, + 0x000001e1, 0x000001e1, 0x000001e3, 0x000001e3, + 0x000001e5, 0x000001e5, 0x000001e7, 0x000001e7, + 0x000001e9, 0x000001e9, 0x000001eb, 0x000001eb, + 0x000001ed, 0x000001ed, 0x000001ef, 0x000001f0, + 0x000001f3, 0x000001f3, 0x000001f5, 0x000001f5, + 0x000001f9, 0x000001f9, 0x000001fb, 0x000001fb, + 0x000001fd, 0x000001fd, 0x000001ff, 0x000001ff, + 0x00000201, 0x00000201, 0x00000203, 0x00000203, + 0x00000205, 0x00000205, 0x00000207, 0x00000207, + 0x00000209, 0x00000209, 0x0000020b, 0x0000020b, + 0x0000020d, 0x0000020d, 0x0000020f, 0x0000020f, + 0x00000211, 0x00000211, 0x00000213, 0x00000213, + 0x00000215, 0x00000215, 0x00000217, 0x00000217, + 0x00000219, 0x00000219, 0x0000021b, 0x0000021b, + 0x0000021d, 0x0000021d, 0x0000021f, 0x0000021f, + 0x00000223, 0x00000223, 0x00000225, 0x00000225, + 0x00000227, 0x00000227, 0x00000229, 0x00000229, + 0x0000022b, 0x0000022b, 0x0000022d, 0x0000022d, + 0x0000022f, 0x0000022f, 0x00000231, 0x00000231, + 0x00000233, 0x00000233, 0x00000250, 0x000002ad, + 0x00000390, 0x00000390, 0x000003ac, 0x000003ce, + 0x000003d0, 0x000003d1, 0x000003d5, 0x000003d7, + 0x000003d9, 0x000003d9, 0x000003db, 0x000003db, + 0x000003dd, 0x000003dd, 0x000003df, 0x000003df, + 0x000003e1, 0x000003e1, 0x000003e3, 0x000003e3, + 0x000003e5, 0x000003e5, 0x000003e7, 0x000003e7, + 0x000003e9, 0x000003e9, 0x000003eb, 0x000003eb, + 0x000003ed, 0x000003ed, 0x000003ef, 0x000003f3, + 0x000003f5, 0x000003f5, 0x00000430, 0x0000045f, + 0x00000461, 0x00000461, 0x00000463, 0x00000463, + 0x00000465, 0x00000465, 0x00000467, 0x00000467, + 0x00000469, 0x00000469, 0x0000046b, 0x0000046b, + 0x0000046d, 0x0000046d, 0x0000046f, 0x0000046f, + 0x00000471, 0x00000471, 0x00000473, 0x00000473, + 0x00000475, 0x00000475, 0x00000477, 0x00000477, + 0x00000479, 0x00000479, 0x0000047b, 0x0000047b, + 0x0000047d, 0x0000047d, 0x0000047f, 0x0000047f, + 0x00000481, 0x00000481, 0x0000048b, 0x0000048b, + 0x0000048d, 0x0000048d, 0x0000048f, 0x0000048f, + 0x00000491, 0x00000491, 0x00000493, 0x00000493, + 0x00000495, 0x00000495, 0x00000497, 0x00000497, + 0x00000499, 0x00000499, 0x0000049b, 0x0000049b, + 0x0000049d, 0x0000049d, 0x0000049f, 0x0000049f, + 0x000004a1, 0x000004a1, 0x000004a3, 0x000004a3, + 0x000004a5, 0x000004a5, 0x000004a7, 0x000004a7, + 0x000004a9, 0x000004a9, 0x000004ab, 0x000004ab, + 0x000004ad, 0x000004ad, 0x000004af, 0x000004af, + 0x000004b1, 0x000004b1, 0x000004b3, 0x000004b3, + 0x000004b5, 0x000004b5, 0x000004b7, 0x000004b7, + 0x000004b9, 0x000004b9, 0x000004bb, 0x000004bb, + 0x000004bd, 0x000004bd, 0x000004bf, 0x000004bf, + 0x000004c2, 0x000004c2, 0x000004c4, 0x000004c4, + 0x000004c6, 0x000004c6, 0x000004c8, 0x000004c8, + 0x000004ca, 0x000004ca, 0x000004cc, 0x000004cc, + 0x000004ce, 0x000004ce, 0x000004d1, 0x000004d1, + 0x000004d3, 0x000004d3, 0x000004d5, 0x000004d5, + 0x000004d7, 0x000004d7, 0x000004d9, 0x000004d9, + 0x000004db, 0x000004db, 0x000004dd, 0x000004dd, + 0x000004df, 0x000004df, 0x000004e1, 0x000004e1, + 0x000004e3, 0x000004e3, 0x000004e5, 0x000004e5, + 0x000004e7, 0x000004e7, 0x000004e9, 0x000004e9, + 0x000004eb, 0x000004eb, 0x000004ed, 0x000004ed, + 0x000004ef, 0x000004ef, 0x000004f1, 0x000004f1, + 0x000004f3, 0x000004f3, 0x000004f5, 0x000004f5, + 0x000004f9, 0x000004f9, 0x00000501, 0x00000501, + 0x00000503, 0x00000503, 0x00000505, 0x00000505, + 0x00000507, 0x00000507, 0x00000509, 0x00000509, + 0x0000050b, 0x0000050b, 0x0000050d, 0x0000050d, + 0x0000050f, 0x0000050f, 0x00000561, 0x00000587, + 0x00001e01, 0x00001e01, 0x00001e03, 0x00001e03, + 0x00001e05, 0x00001e05, 0x00001e07, 0x00001e07, + 0x00001e09, 0x00001e09, 0x00001e0b, 0x00001e0b, + 0x00001e0d, 0x00001e0d, 0x00001e0f, 0x00001e0f, + 0x00001e11, 0x00001e11, 0x00001e13, 0x00001e13, + 0x00001e15, 0x00001e15, 0x00001e17, 0x00001e17, + 0x00001e19, 0x00001e19, 0x00001e1b, 0x00001e1b, + 0x00001e1d, 0x00001e1d, 0x00001e1f, 0x00001e1f, + 0x00001e21, 0x00001e21, 0x00001e23, 0x00001e23, + 0x00001e25, 0x00001e25, 0x00001e27, 0x00001e27, + 0x00001e29, 0x00001e29, 0x00001e2b, 0x00001e2b, + 0x00001e2d, 0x00001e2d, 0x00001e2f, 0x00001e2f, + 0x00001e31, 0x00001e31, 0x00001e33, 0x00001e33, + 0x00001e35, 0x00001e35, 0x00001e37, 0x00001e37, + 0x00001e39, 0x00001e39, 0x00001e3b, 0x00001e3b, + 0x00001e3d, 0x00001e3d, 0x00001e3f, 0x00001e3f, + 0x00001e41, 0x00001e41, 0x00001e43, 0x00001e43, + 0x00001e45, 0x00001e45, 0x00001e47, 0x00001e47, + 0x00001e49, 0x00001e49, 0x00001e4b, 0x00001e4b, + 0x00001e4d, 0x00001e4d, 0x00001e4f, 0x00001e4f, + 0x00001e51, 0x00001e51, 0x00001e53, 0x00001e53, + 0x00001e55, 0x00001e55, 0x00001e57, 0x00001e57, + 0x00001e59, 0x00001e59, 0x00001e5b, 0x00001e5b, + 0x00001e5d, 0x00001e5d, 0x00001e5f, 0x00001e5f, + 0x00001e61, 0x00001e61, 0x00001e63, 0x00001e63, + 0x00001e65, 0x00001e65, 0x00001e67, 0x00001e67, + 0x00001e69, 0x00001e69, 0x00001e6b, 0x00001e6b, + 0x00001e6d, 0x00001e6d, 0x00001e6f, 0x00001e6f, + 0x00001e71, 0x00001e71, 0x00001e73, 0x00001e73, + 0x00001e75, 0x00001e75, 0x00001e77, 0x00001e77, + 0x00001e79, 0x00001e79, 0x00001e7b, 0x00001e7b, + 0x00001e7d, 0x00001e7d, 0x00001e7f, 0x00001e7f, + 0x00001e81, 0x00001e81, 0x00001e83, 0x00001e83, + 0x00001e85, 0x00001e85, 0x00001e87, 0x00001e87, + 0x00001e89, 0x00001e89, 0x00001e8b, 0x00001e8b, + 0x00001e8d, 0x00001e8d, 0x00001e8f, 0x00001e8f, + 0x00001e91, 0x00001e91, 0x00001e93, 0x00001e93, + 0x00001e95, 0x00001e9b, 0x00001ea1, 0x00001ea1, + 0x00001ea3, 0x00001ea3, 0x00001ea5, 0x00001ea5, + 0x00001ea7, 0x00001ea7, 0x00001ea9, 0x00001ea9, + 0x00001eab, 0x00001eab, 0x00001ead, 0x00001ead, + 0x00001eaf, 0x00001eaf, 0x00001eb1, 0x00001eb1, + 0x00001eb3, 0x00001eb3, 0x00001eb5, 0x00001eb5, + 0x00001eb7, 0x00001eb7, 0x00001eb9, 0x00001eb9, + 0x00001ebb, 0x00001ebb, 0x00001ebd, 0x00001ebd, + 0x00001ebf, 0x00001ebf, 0x00001ec1, 0x00001ec1, + 0x00001ec3, 0x00001ec3, 0x00001ec5, 0x00001ec5, + 0x00001ec7, 0x00001ec7, 0x00001ec9, 0x00001ec9, + 0x00001ecb, 0x00001ecb, 0x00001ecd, 0x00001ecd, + 0x00001ecf, 0x00001ecf, 0x00001ed1, 0x00001ed1, + 0x00001ed3, 0x00001ed3, 0x00001ed5, 0x00001ed5, + 0x00001ed7, 0x00001ed7, 0x00001ed9, 0x00001ed9, + 0x00001edb, 0x00001edb, 0x00001edd, 0x00001edd, + 0x00001edf, 0x00001edf, 0x00001ee1, 0x00001ee1, + 0x00001ee3, 0x00001ee3, 0x00001ee5, 0x00001ee5, + 0x00001ee7, 0x00001ee7, 0x00001ee9, 0x00001ee9, + 0x00001eeb, 0x00001eeb, 0x00001eed, 0x00001eed, + 0x00001eef, 0x00001eef, 0x00001ef1, 0x00001ef1, + 0x00001ef3, 0x00001ef3, 0x00001ef5, 0x00001ef5, + 0x00001ef7, 0x00001ef7, 0x00001ef9, 0x00001ef9, + 0x00001f00, 0x00001f07, 0x00001f10, 0x00001f15, + 0x00001f20, 0x00001f27, 0x00001f30, 0x00001f37, + 0x00001f40, 0x00001f45, 0x00001f50, 0x00001f57, + 0x00001f60, 0x00001f67, 0x00001f70, 0x00001f7d, + 0x00001f80, 0x00001f87, 0x00001f90, 0x00001f97, + 0x00001fa0, 0x00001fa7, 0x00001fb0, 0x00001fb4, + 0x00001fb6, 0x00001fb7, 0x00001fbe, 0x00001fbe, + 0x00001fc2, 0x00001fc4, 0x00001fc6, 0x00001fc7, + 0x00001fd0, 0x00001fd3, 0x00001fd6, 0x00001fd7, + 0x00001fe0, 0x00001fe7, 0x00001ff2, 0x00001ff4, + 0x00001ff6, 0x00001ff7, 0x00002071, 0x00002071, + 0x0000207f, 0x0000207f, 0x0000210a, 0x0000210a, + 0x0000210e, 0x0000210f, 0x00002113, 0x00002113, + 0x0000212f, 0x0000212f, 0x00002134, 0x00002134, + 0x00002139, 0x00002139, 0x0000213d, 0x0000213d, + 0x00002146, 0x00002149, 0x0000fb00, 0x0000fb06, + 0x0000fb13, 0x0000fb17, 0x0000ff41, 0x0000ff5a, + 0x00010428, 0x0001044d, 0x0001d41a, 0x0001d433, + 0x0001d44e, 0x0001d454, 0x0001d456, 0x0001d467, + 0x0001d482, 0x0001d49b, 0x0001d4b6, 0x0001d4b9, + 0x0001d4bb, 0x0001d4bb, 0x0001d4bd, 0x0001d4c0, + 0x0001d4c2, 0x0001d4c3, 0x0001d4c5, 0x0001d4cf, + 0x0001d4ea, 0x0001d503, 0x0001d51e, 0x0001d537, + 0x0001d552, 0x0001d56b, 0x0001d586, 0x0001d59f, + 0x0001d5ba, 0x0001d5d3, 0x0001d5ee, 0x0001d607, + 0x0001d622, 0x0001d63b, 0x0001d656, 0x0001d66f, + 0x0001d68a, 0x0001d6a3, 0x0001d6c2, 0x0001d6da, + 0x0001d6dc, 0x0001d6e1, 0x0001d6fc, 0x0001d714, + 0x0001d716, 0x0001d71b, 0x0001d736, 0x0001d74e, + 0x0001d750, 0x0001d755, 0x0001d770, 0x0001d788, + 0x0001d78a, 0x0001d78f, 0x0001d7aa, 0x0001d7c2, + 0x0001d7c4, 0x0001d7c9, 0x000001c5, 0x000001c5, + 0x000001c8, 0x000001c8, 0x000001cb, 0x000001cb, + 0x000001f2, 0x000001f2, 0x00001f88, 0x00001f8f, + 0x00001f98, 0x00001f9f, 0x00001fa8, 0x00001faf, + 0x00001fbc, 0x00001fbc, 0x00001fcc, 0x00001fcc, + 0x00001ffc, 0x00001ffc, 0x000002b0, 0x000002b8, + 0x000002bb, 0x000002c1, 0x000002d0, 0x000002d1, + 0x000002e0, 0x000002e4, 0x000002ee, 0x000002ee, + 0x0000037a, 0x0000037a, 0x00000559, 0x00000559, + 0x00000640, 0x00000640, 0x000006e5, 0x000006e6, + 0x00000e46, 0x00000e46, 0x00000ec6, 0x00000ec6, + 0x000017d7, 0x000017d7, 0x00001843, 0x00001843, + 0x00003005, 0x00003005, 0x00003031, 0x00003035, + 0x0000303b, 0x0000303b, 0x0000309d, 0x0000309e, + 0x000030fc, 0x000030fe, 0x0000ff70, 0x0000ff70, + 0x0000ff9e, 0x0000ff9f, 0x000001bb, 0x000001bb, + 0x000001c0, 0x000001c3, 0x000005d0, 0x000005ea, + 0x000005f0, 0x000005f2, 0x00000621, 0x0000063a, + 0x00000641, 0x0000064a, 0x0000066e, 0x0000066f, + 0x00000671, 0x000006d3, 0x000006d5, 0x000006d5, + 0x000006fa, 0x000006fc, 0x00000710, 0x00000710, + 0x00000712, 0x0000072c, 0x00000780, 0x000007a5, + 0x000007b1, 0x000007b1, 0x00000905, 0x00000939, + 0x0000093d, 0x0000093d, 0x00000950, 0x00000950, + 0x00000958, 0x00000961, 0x00000985, 0x0000098c, + 0x0000098f, 0x00000990, 0x00000993, 0x000009a8, + 0x000009aa, 0x000009b0, 0x000009b2, 0x000009b2, + 0x000009b6, 0x000009b9, 0x000009dc, 0x000009dd, + 0x000009df, 0x000009e1, 0x000009f0, 0x000009f1, + 0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10, + 0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30, + 0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36, + 0x00000a38, 0x00000a39, 0x00000a59, 0x00000a5c, + 0x00000a5e, 0x00000a5e, 0x00000a72, 0x00000a74, + 0x00000a85, 0x00000a8b, 0x00000a8d, 0x00000a8d, + 0x00000a8f, 0x00000a91, 0x00000a93, 0x00000aa8, + 0x00000aaa, 0x00000ab0, 0x00000ab2, 0x00000ab3, + 0x00000ab5, 0x00000ab9, 0x00000abd, 0x00000abd, + 0x00000ad0, 0x00000ad0, 0x00000ae0, 0x00000ae0, + 0x00000b05, 0x00000b0c, 0x00000b0f, 0x00000b10, + 0x00000b13, 0x00000b28, 0x00000b2a, 0x00000b30, + 0x00000b32, 0x00000b33, 0x00000b36, 0x00000b39, + 0x00000b3d, 0x00000b3d, 0x00000b5c, 0x00000b5d, + 0x00000b5f, 0x00000b61, 0x00000b83, 0x00000b83, + 0x00000b85, 0x00000b8a, 0x00000b8e, 0x00000b90, + 0x00000b92, 0x00000b95, 0x00000b99, 0x00000b9a, + 0x00000b9c, 0x00000b9c, 0x00000b9e, 0x00000b9f, + 0x00000ba3, 0x00000ba4, 0x00000ba8, 0x00000baa, + 0x00000bae, 0x00000bb5, 0x00000bb7, 0x00000bb9, + 0x00000c05, 0x00000c0c, 0x00000c0e, 0x00000c10, + 0x00000c12, 0x00000c28, 0x00000c2a, 0x00000c33, + 0x00000c35, 0x00000c39, 0x00000c60, 0x00000c61, + 0x00000c85, 0x00000c8c, 0x00000c8e, 0x00000c90, + 0x00000c92, 0x00000ca8, 0x00000caa, 0x00000cb3, + 0x00000cb5, 0x00000cb9, 0x00000cde, 0x00000cde, + 0x00000ce0, 0x00000ce1, 0x00000d05, 0x00000d0c, + 0x00000d0e, 0x00000d10, 0x00000d12, 0x00000d28, + 0x00000d2a, 0x00000d39, 0x00000d60, 0x00000d61, + 0x00000d85, 0x00000d96, 0x00000d9a, 0x00000db1, + 0x00000db3, 0x00000dbb, 0x00000dbd, 0x00000dbd, + 0x00000dc0, 0x00000dc6, 0x00000e01, 0x00000e30, + 0x00000e32, 0x00000e33, 0x00000e40, 0x00000e45, + 0x00000e81, 0x00000e82, 0x00000e84, 0x00000e84, + 0x00000e87, 0x00000e88, 0x00000e8a, 0x00000e8a, + 0x00000e8d, 0x00000e8d, 0x00000e94, 0x00000e97, + 0x00000e99, 0x00000e9f, 0x00000ea1, 0x00000ea3, + 0x00000ea5, 0x00000ea5, 0x00000ea7, 0x00000ea7, + 0x00000eaa, 0x00000eab, 0x00000ead, 0x00000eb0, + 0x00000eb2, 0x00000eb3, 0x00000ebd, 0x00000ebd, + 0x00000ec0, 0x00000ec4, 0x00000edc, 0x00000edd, + 0x00000f00, 0x00000f00, 0x00000f40, 0x00000f47, + 0x00000f49, 0x00000f6a, 0x00000f88, 0x00000f8b, + 0x00001000, 0x00001021, 0x00001023, 0x00001027, + 0x00001029, 0x0000102a, 0x00001050, 0x00001055, + 0x000010d0, 0x000010f8, 0x00001100, 0x00001159, + 0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9, + 0x00001200, 0x00001206, 0x00001208, 0x00001246, + 0x00001248, 0x00001248, 0x0000124a, 0x0000124d, + 0x00001250, 0x00001256, 0x00001258, 0x00001258, + 0x0000125a, 0x0000125d, 0x00001260, 0x00001286, + 0x00001288, 0x00001288, 0x0000128a, 0x0000128d, + 0x00001290, 0x000012ae, 0x000012b0, 0x000012b0, + 0x000012b2, 0x000012b5, 0x000012b8, 0x000012be, + 0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5, + 0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6, + 0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e, + 0x00001310, 0x00001310, 0x00001312, 0x00001315, + 0x00001318, 0x0000131e, 0x00001320, 0x00001346, + 0x00001348, 0x0000135a, 0x000013a0, 0x000013f4, + 0x00001401, 0x0000166c, 0x0000166f, 0x00001676, + 0x00001681, 0x0000169a, 0x000016a0, 0x000016ea, + 0x00001700, 0x0000170c, 0x0000170e, 0x00001711, + 0x00001720, 0x00001731, 0x00001740, 0x00001751, + 0x00001760, 0x0000176c, 0x0000176e, 0x00001770, + 0x00001780, 0x000017b3, 0x000017dc, 0x000017dc, + 0x00001820, 0x00001842, 0x00001844, 0x00001877, + 0x00001880, 0x000018a8, 0x00002135, 0x00002138, + 0x00003006, 0x00003006, 0x0000303c, 0x0000303c, + 0x00003041, 0x00003096, 0x0000309f, 0x0000309f, + 0x000030a1, 0x000030fa, 0x000030ff, 0x000030ff, + 0x00003105, 0x0000312c, 0x00003131, 0x0000318e, + 0x000031a0, 0x000031b7, 0x000031f0, 0x000031ff, + 0x00003400, 0x00004db5, 0x00004e00, 0x0000a48c, + 0x0000ac00, 0x0000d7a3, 0x0000f900, 0x0000faff, + 0x0000fb1d, 0x0000fb1d, 0x0000fb1f, 0x0000fb28, + 0x0000fb2a, 0x0000fb36, 0x0000fb38, 0x0000fb3c, + 0x0000fb3e, 0x0000fb3e, 0x0000fb40, 0x0000fb41, + 0x0000fb43, 0x0000fb44, 0x0000fb46, 0x0000fbb1, + 0x0000fbd3, 0x0000fd3d, 0x0000fd50, 0x0000fd8f, + 0x0000fd92, 0x0000fdc7, 0x0000fdf0, 0x0000fdfb, + 0x0000fe70, 0x0000fe74, 0x0000fe76, 0x0000fefc, + 0x0000ff66, 0x0000ff6f, 0x0000ff71, 0x0000ff9d, + 0x0000ffa0, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7, + 0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7, + 0x0000ffda, 0x0000ffdc, 0x00010300, 0x0001031e, + 0x00010330, 0x00010349, 0x00020000, 0x0002a6d6, + 0x0002f800, 0x0002fa1d, 0x0000005f, 0x0000005f, + 0x0000203f, 0x00002040, 0x000030fb, 0x000030fb, + 0x0000fe33, 0x0000fe34, 0x0000fe4d, 0x0000fe4f, + 0x0000ff3f, 0x0000ff3f, 0x0000ff65, 0x0000ff65, + 0x0000002d, 0x0000002d, 0x000000ad, 0x000000ad, + 0x0000058a, 0x0000058a, 0x00001806, 0x00001806, + 0x00002010, 0x00002015, 0x0000301c, 0x0000301c, + 0x00003030, 0x00003030, 0x000030a0, 0x000030a0, + 0x0000fe31, 0x0000fe32, 0x0000fe58, 0x0000fe58, + 0x0000fe63, 0x0000fe63, 0x0000ff0d, 0x0000ff0d, + 0x00000028, 0x00000028, 0x0000005b, 0x0000005b, + 0x0000007b, 0x0000007b, 0x00000f3a, 0x00000f3a, + 0x00000f3c, 0x00000f3c, 0x0000169b, 0x0000169b, + 0x0000201a, 0x0000201a, 0x0000201e, 0x0000201e, + 0x00002045, 0x00002045, 0x0000207d, 0x0000207d, + 0x0000208d, 0x0000208d, 0x00002329, 0x00002329, + 0x000023b4, 0x000023b4, 0x00002768, 0x00002768, + 0x0000276a, 0x0000276a, 0x0000276c, 0x0000276c, + 0x0000276e, 0x0000276e, 0x00002770, 0x00002770, + 0x00002772, 0x00002772, 0x00002774, 0x00002774, + 0x000027e6, 0x000027e6, 0x000027e8, 0x000027e8, + 0x000027ea, 0x000027ea, 0x00002983, 0x00002983, + 0x00002985, 0x00002985, 0x00002987, 0x00002987, + 0x00002989, 0x00002989, 0x0000298b, 0x0000298b, + 0x0000298d, 0x0000298d, 0x0000298f, 0x0000298f, + 0x00002991, 0x00002991, 0x00002993, 0x00002993, + 0x00002995, 0x00002995, 0x00002997, 0x00002997, + 0x000029d8, 0x000029d8, 0x000029da, 0x000029da, + 0x000029fc, 0x000029fc, 0x00003008, 0x00003008, + 0x0000300a, 0x0000300a, 0x0000300c, 0x0000300c, + 0x0000300e, 0x0000300e, 0x00003010, 0x00003010, + 0x00003014, 0x00003014, 0x00003016, 0x00003016, + 0x00003018, 0x00003018, 0x0000301a, 0x0000301a, + 0x0000301d, 0x0000301d, 0x0000fd3e, 0x0000fd3e, + 0x0000fe35, 0x0000fe35, 0x0000fe37, 0x0000fe37, + 0x0000fe39, 0x0000fe39, 0x0000fe3b, 0x0000fe3b, + 0x0000fe3d, 0x0000fe3d, 0x0000fe3f, 0x0000fe3f, + 0x0000fe41, 0x0000fe41, 0x0000fe43, 0x0000fe43, + 0x0000fe59, 0x0000fe59, 0x0000fe5b, 0x0000fe5b, + 0x0000fe5d, 0x0000fe5d, 0x0000ff08, 0x0000ff08, + 0x0000ff3b, 0x0000ff3b, 0x0000ff5b, 0x0000ff5b, + 0x0000ff5f, 0x0000ff5f, 0x0000ff62, 0x0000ff62, + 0x00000029, 0x00000029, 0x0000005d, 0x0000005d, + 0x0000007d, 0x0000007d, 0x00000f3b, 0x00000f3b, + 0x00000f3d, 0x00000f3d, 0x0000169c, 0x0000169c, + 0x00002046, 0x00002046, 0x0000207e, 0x0000207e, + 0x0000208e, 0x0000208e, 0x0000232a, 0x0000232a, + 0x000023b5, 0x000023b5, 0x00002769, 0x00002769, + 0x0000276b, 0x0000276b, 0x0000276d, 0x0000276d, + 0x0000276f, 0x0000276f, 0x00002771, 0x00002771, + 0x00002773, 0x00002773, 0x00002775, 0x00002775, + 0x000027e7, 0x000027e7, 0x000027e9, 0x000027e9, + 0x000027eb, 0x000027eb, 0x00002984, 0x00002984, + 0x00002986, 0x00002986, 0x00002988, 0x00002988, + 0x0000298a, 0x0000298a, 0x0000298c, 0x0000298c, + 0x0000298e, 0x0000298e, 0x00002990, 0x00002990, + 0x00002992, 0x00002992, 0x00002994, 0x00002994, + 0x00002996, 0x00002996, 0x00002998, 0x00002998, + 0x000029d9, 0x000029d9, 0x000029db, 0x000029db, + 0x000029fd, 0x000029fd, 0x00003009, 0x00003009, + 0x0000300b, 0x0000300b, 0x0000300d, 0x0000300d, + 0x0000300f, 0x0000300f, 0x00003011, 0x00003011, + 0x00003015, 0x00003015, 0x00003017, 0x00003017, + 0x00003019, 0x00003019, 0x0000301b, 0x0000301b, + 0x0000301e, 0x0000301f, 0x0000fd3f, 0x0000fd3f, + 0x0000fe36, 0x0000fe36, 0x0000fe38, 0x0000fe38, + 0x0000fe3a, 0x0000fe3a, 0x0000fe3c, 0x0000fe3c, + 0x0000fe3e, 0x0000fe3e, 0x0000fe40, 0x0000fe40, + 0x0000fe42, 0x0000fe42, 0x0000fe44, 0x0000fe44, + 0x0000fe5a, 0x0000fe5a, 0x0000fe5c, 0x0000fe5c, + 0x0000fe5e, 0x0000fe5e, 0x0000ff09, 0x0000ff09, + 0x0000ff3d, 0x0000ff3d, 0x0000ff5d, 0x0000ff5d, + 0x0000ff60, 0x0000ff60, 0x0000ff63, 0x0000ff63, + 0x00000021, 0x00000023, 0x00000025, 0x00000027, + 0x0000002a, 0x0000002a, 0x0000002c, 0x0000002c, + 0x0000002e, 0x0000002f, 0x0000003a, 0x0000003b, + 0x0000003f, 0x00000040, 0x0000005c, 0x0000005c, + 0x000000a1, 0x000000a1, 0x000000b7, 0x000000b7, + 0x000000bf, 0x000000bf, 0x0000037e, 0x0000037e, + 0x00000387, 0x00000387, 0x0000055a, 0x0000055f, + 0x00000589, 0x00000589, 0x000005be, 0x000005be, + 0x000005c0, 0x000005c0, 0x000005c3, 0x000005c3, + 0x000005f3, 0x000005f4, 0x0000060c, 0x0000060c, + 0x0000061b, 0x0000061b, 0x0000061f, 0x0000061f, + 0x0000066a, 0x0000066d, 0x000006d4, 0x000006d4, + 0x00000700, 0x0000070d, 0x00000964, 0x00000965, + 0x00000970, 0x00000970, 0x00000df4, 0x00000df4, + 0x00000e4f, 0x00000e4f, 0x00000e5a, 0x00000e5b, + 0x00000f04, 0x00000f12, 0x00000f85, 0x00000f85, + 0x0000104a, 0x0000104f, 0x000010fb, 0x000010fb, + 0x00001361, 0x00001368, 0x0000166d, 0x0000166e, + 0x000016eb, 0x000016ed, 0x00001735, 0x00001736, + 0x000017d4, 0x000017d6, 0x000017d8, 0x000017da, + 0x00001800, 0x00001805, 0x00001807, 0x0000180a, + 0x00002016, 0x00002017, 0x00002020, 0x00002027, + 0x00002030, 0x00002038, 0x0000203b, 0x0000203e, + 0x00002041, 0x00002043, 0x00002047, 0x00002051, + 0x00002057, 0x00002057, 0x000023b6, 0x000023b6, + 0x00003001, 0x00003003, 0x0000303d, 0x0000303d, + 0x0000fe30, 0x0000fe30, 0x0000fe45, 0x0000fe46, + 0x0000fe49, 0x0000fe4c, 0x0000fe50, 0x0000fe52, + 0x0000fe54, 0x0000fe57, 0x0000fe5f, 0x0000fe61, + 0x0000fe68, 0x0000fe68, 0x0000fe6a, 0x0000fe6b, + 0x0000ff01, 0x0000ff03, 0x0000ff05, 0x0000ff07, + 0x0000ff0a, 0x0000ff0a, 0x0000ff0c, 0x0000ff0c, + 0x0000ff0e, 0x0000ff0f, 0x0000ff1a, 0x0000ff1b, + 0x0000ff1f, 0x0000ff20, 0x0000ff3c, 0x0000ff3c, + 0x0000ff61, 0x0000ff61, 0x0000ff64, 0x0000ff64, + 0x0000002b, 0x0000002b, 0x0000003c, 0x0000003e, + 0x0000007c, 0x0000007c, 0x0000007e, 0x0000007e, + 0x000000ac, 0x000000ac, 0x000000b1, 0x000000b1, + 0x000000d7, 0x000000d7, 0x000000f7, 0x000000f7, + 0x000003f6, 0x000003f6, 0x00002044, 0x00002044, + 0x00002052, 0x00002052, 0x0000207a, 0x0000207c, + 0x0000208a, 0x0000208c, 0x00002140, 0x00002144, + 0x0000214b, 0x0000214b, 0x00002190, 0x00002194, + 0x0000219a, 0x0000219b, 0x000021a0, 0x000021a0, + 0x000021a3, 0x000021a3, 0x000021a6, 0x000021a6, + 0x000021ae, 0x000021ae, 0x000021ce, 0x000021cf, + 0x000021d2, 0x000021d2, 0x000021d4, 0x000021d4, + 0x000021f4, 0x000022ff, 0x00002308, 0x0000230b, + 0x00002320, 0x00002321, 0x0000237c, 0x0000237c, + 0x0000239b, 0x000023b3, 0x000025b7, 0x000025b7, + 0x000025c1, 0x000025c1, 0x000025f8, 0x000025ff, + 0x0000266f, 0x0000266f, 0x000027d0, 0x000027e5, + 0x000027f0, 0x000027ff, 0x00002900, 0x00002982, + 0x00002999, 0x000029d7, 0x000029dc, 0x000029fb, + 0x000029fe, 0x00002aff, 0x0000fb29, 0x0000fb29, + 0x0000fe62, 0x0000fe62, 0x0000fe64, 0x0000fe66, + 0x0000ff0b, 0x0000ff0b, 0x0000ff1c, 0x0000ff1e, + 0x0000ff5c, 0x0000ff5c, 0x0000ff5e, 0x0000ff5e, + 0x0000ffe2, 0x0000ffe2, 0x0000ffe9, 0x0000ffec, + 0x0001d6c1, 0x0001d6c1, 0x0001d6db, 0x0001d6db, + 0x0001d6fb, 0x0001d6fb, 0x0001d715, 0x0001d715, + 0x0001d735, 0x0001d735, 0x0001d74f, 0x0001d74f, + 0x0001d76f, 0x0001d76f, 0x0001d789, 0x0001d789, + 0x0001d7a9, 0x0001d7a9, 0x0001d7c3, 0x0001d7c3, + 0x00000024, 0x00000024, 0x000000a2, 0x000000a5, + 0x000009f2, 0x000009f3, 0x00000e3f, 0x00000e3f, + 0x000017db, 0x000017db, 0x000020a0, 0x000020b1, + 0x0000fdfc, 0x0000fdfc, 0x0000fe69, 0x0000fe69, + 0x0000ff04, 0x0000ff04, 0x0000ffe0, 0x0000ffe1, + 0x0000ffe5, 0x0000ffe6, 0x0000005e, 0x0000005e, + 0x00000060, 0x00000060, 0x000000a8, 0x000000a8, + 0x000000af, 0x000000af, 0x000000b4, 0x000000b4, + 0x000000b8, 0x000000b8, 0x000002b9, 0x000002ba, + 0x000002c2, 0x000002cf, 0x000002d2, 0x000002df, + 0x000002e5, 0x000002ed, 0x00000374, 0x00000375, + 0x00000384, 0x00000385, 0x00001fbd, 0x00001fbd, + 0x00001fbf, 0x00001fc1, 0x00001fcd, 0x00001fcf, + 0x00001fdd, 0x00001fdf, 0x00001fed, 0x00001fef, + 0x00001ffd, 0x00001ffe, 0x0000309b, 0x0000309c, + 0x0000ff3e, 0x0000ff3e, 0x0000ff40, 0x0000ff40, + 0x0000ffe3, 0x0000ffe3, 0x000000a6, 0x000000a7, + 0x000000a9, 0x000000a9, 0x000000ae, 0x000000ae, + 0x000000b0, 0x000000b0, 0x000000b6, 0x000000b6, + 0x00000482, 0x00000482, 0x000006e9, 0x000006e9, + 0x000006fd, 0x000006fe, 0x000009fa, 0x000009fa, + 0x00000b70, 0x00000b70, 0x00000f01, 0x00000f03, + 0x00000f13, 0x00000f17, 0x00000f1a, 0x00000f1f, + 0x00000f34, 0x00000f34, 0x00000f36, 0x00000f36, + 0x00000f38, 0x00000f38, 0x00000fbe, 0x00000fc5, + 0x00000fc7, 0x00000fcc, 0x00000fcf, 0x00000fcf, + 0x00002100, 0x00002101, 0x00002103, 0x00002106, + 0x00002108, 0x00002109, 0x00002114, 0x00002114, + 0x00002116, 0x00002118, 0x0000211e, 0x00002123, + 0x00002125, 0x00002125, 0x00002127, 0x00002127, + 0x00002129, 0x00002129, 0x0000212e, 0x0000212e, + 0x00002132, 0x00002132, 0x0000213a, 0x0000213a, + 0x0000214a, 0x0000214a, 0x00002195, 0x00002199, + 0x0000219c, 0x0000219f, 0x000021a1, 0x000021a2, + 0x000021a4, 0x000021a5, 0x000021a7, 0x000021ad, + 0x000021af, 0x000021cd, 0x000021d0, 0x000021d1, + 0x000021d3, 0x000021d3, 0x000021d5, 0x000021f3, + 0x00002300, 0x00002307, 0x0000230c, 0x0000231f, + 0x00002322, 0x00002328, 0x0000232b, 0x0000237b, + 0x0000237d, 0x0000239a, 0x000023b7, 0x000023ce, + 0x00002400, 0x00002426, 0x00002440, 0x0000244a, + 0x0000249c, 0x000024e9, 0x00002500, 0x000025b6, + 0x000025b8, 0x000025c0, 0x000025c2, 0x000025f7, + 0x00002600, 0x00002613, 0x00002616, 0x00002617, + 0x00002619, 0x0000266e, 0x00002670, 0x0000267d, + 0x00002680, 0x00002689, 0x00002701, 0x00002704, + 0x00002706, 0x00002709, 0x0000270c, 0x00002727, + 0x00002729, 0x0000274b, 0x0000274d, 0x0000274d, + 0x0000274f, 0x00002752, 0x00002756, 0x00002756, + 0x00002758, 0x0000275e, 0x00002761, 0x00002767, + 0x00002794, 0x00002794, 0x00002798, 0x000027af, + 0x000027b1, 0x000027be, 0x00002800, 0x000028ff, + 0x00002e80, 0x00002e99, 0x00002e9b, 0x00002ef3, + 0x00002f00, 0x00002fd5, 0x00002ff0, 0x00002ffb, + 0x00003004, 0x00003004, 0x00003012, 0x00003013, + 0x00003020, 0x00003020, 0x00003036, 0x00003037, + 0x0000303e, 0x0000303f, 0x00003190, 0x00003191, + 0x00003196, 0x0000319f, 0x00003200, 0x0000321c, + 0x0000322a, 0x00003243, 0x00003260, 0x0000327b, + 0x0000327f, 0x0000327f, 0x0000328a, 0x000032b0, + 0x000032c0, 0x000032cb, 0x000032d0, 0x000032fe, + 0x00003300, 0x00003376, 0x0000337b, 0x000033dd, + 0x000033e0, 0x000033fe, 0x0000a490, 0x0000a4c6, + 0x0000ffe4, 0x0000ffe4, 0x0000ffe8, 0x0000ffe8, + 0x0000ffed, 0x0000ffee, 0x0000fffc, 0x0000fffd, + 0x0001d000, 0x0001d0f5, 0x0001d100, 0x0001d126, + 0x0001d12a, 0x0001d164, 0x0001d16a, 0x0001d16c, + 0x0001d183, 0x0001d184, 0x0001d18c, 0x0001d1a9, + 0x0001d1ae, 0x0001d1dd, 0x00000041, 0x0000005a, + 0x00000061, 0x0000007a, 0x000000aa, 0x000000aa, + 0x000000b5, 0x000000b5, 0x000000ba, 0x000000ba, + 0x000000c0, 0x000000d6, 0x000000d8, 0x000000f6, + 0x000000f8, 0x00000220, 0x00000222, 0x00000233, + 0x00000250, 0x000002ad, 0x000002b0, 0x000002b8, + 0x000002bb, 0x000002c1, 0x000002d0, 0x000002d1, + 0x000002e0, 0x000002e4, 0x000002ee, 0x000002ee, + 0x0000037a, 0x0000037a, 0x00000386, 0x00000386, + 0x00000388, 0x0000038a, 0x0000038c, 0x0000038c, + 0x0000038e, 0x000003a1, 0x000003a3, 0x000003ce, + 0x000003d0, 0x000003f5, 0x00000400, 0x00000482, + 0x0000048a, 0x000004ce, 0x000004d0, 0x000004f5, + 0x000004f8, 0x000004f9, 0x00000500, 0x0000050f, + 0x00000531, 0x00000556, 0x00000559, 0x0000055f, + 0x00000561, 0x00000587, 0x00000589, 0x00000589, + 0x00000903, 0x00000903, 0x00000905, 0x00000939, + 0x0000093d, 0x00000940, 0x00000949, 0x0000094c, + 0x00000950, 0x00000950, 0x00000958, 0x00000961, + 0x00000964, 0x00000970, 0x00000982, 0x00000983, + 0x00000985, 0x0000098c, 0x0000098f, 0x00000990, + 0x00000993, 0x000009a8, 0x000009aa, 0x000009b0, + 0x000009b2, 0x000009b2, 0x000009b6, 0x000009b9, + 0x000009be, 0x000009c0, 0x000009c7, 0x000009c8, + 0x000009cb, 0x000009cc, 0x000009d7, 0x000009d7, + 0x000009dc, 0x000009dd, 0x000009df, 0x000009e1, + 0x000009e6, 0x000009f1, 0x000009f4, 0x000009fa, + 0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10, + 0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30, + 0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36, + 0x00000a38, 0x00000a39, 0x00000a3e, 0x00000a40, + 0x00000a59, 0x00000a5c, 0x00000a5e, 0x00000a5e, + 0x00000a66, 0x00000a6f, 0x00000a72, 0x00000a74, + 0x00000a83, 0x00000a83, 0x00000a85, 0x00000a8b, + 0x00000a8d, 0x00000a8d, 0x00000a8f, 0x00000a91, + 0x00000a93, 0x00000aa8, 0x00000aaa, 0x00000ab0, + 0x00000ab2, 0x00000ab3, 0x00000ab5, 0x00000ab9, + 0x00000abd, 0x00000ac0, 0x00000ac9, 0x00000ac9, + 0x00000acb, 0x00000acc, 0x00000ad0, 0x00000ad0, + 0x00000ae0, 0x00000ae0, 0x00000ae6, 0x00000aef, + 0x00000b02, 0x00000b03, 0x00000b05, 0x00000b0c, + 0x00000b0f, 0x00000b10, 0x00000b13, 0x00000b28, + 0x00000b2a, 0x00000b30, 0x00000b32, 0x00000b33, + 0x00000b36, 0x00000b39, 0x00000b3d, 0x00000b3e, + 0x00000b40, 0x00000b40, 0x00000b47, 0x00000b48, + 0x00000b4b, 0x00000b4c, 0x00000b57, 0x00000b57, + 0x00000b5c, 0x00000b5d, 0x00000b5f, 0x00000b61, + 0x00000b66, 0x00000b70, 0x00000b83, 0x00000b83, + 0x00000b85, 0x00000b8a, 0x00000b8e, 0x00000b90, + 0x00000b92, 0x00000b95, 0x00000b99, 0x00000b9a, + 0x00000b9c, 0x00000b9c, 0x00000b9e, 0x00000b9f, + 0x00000ba3, 0x00000ba4, 0x00000ba8, 0x00000baa, + 0x00000bae, 0x00000bb5, 0x00000bb7, 0x00000bb9, + 0x00000bbe, 0x00000bbf, 0x00000bc1, 0x00000bc2, + 0x00000bc6, 0x00000bc8, 0x00000bca, 0x00000bcc, + 0x00000bd7, 0x00000bd7, 0x00000be7, 0x00000bf2, + 0x00000c01, 0x00000c03, 0x00000c05, 0x00000c0c, + 0x00000c0e, 0x00000c10, 0x00000c12, 0x00000c28, + 0x00000c2a, 0x00000c33, 0x00000c35, 0x00000c39, + 0x00000c41, 0x00000c44, 0x00000c60, 0x00000c61, + 0x00000c66, 0x00000c6f, 0x00000c82, 0x00000c83, + 0x00000c85, 0x00000c8c, 0x00000c8e, 0x00000c90, + 0x00000c92, 0x00000ca8, 0x00000caa, 0x00000cb3, + 0x00000cb5, 0x00000cb9, 0x00000cbe, 0x00000cbe, + 0x00000cc0, 0x00000cc4, 0x00000cc7, 0x00000cc8, + 0x00000cca, 0x00000ccb, 0x00000cd5, 0x00000cd6, + 0x00000cde, 0x00000cde, 0x00000ce0, 0x00000ce1, + 0x00000ce6, 0x00000cef, 0x00000d02, 0x00000d03, + 0x00000d05, 0x00000d0c, 0x00000d0e, 0x00000d10, + 0x00000d12, 0x00000d28, 0x00000d2a, 0x00000d39, + 0x00000d3e, 0x00000d40, 0x00000d46, 0x00000d48, + 0x00000d4a, 0x00000d4c, 0x00000d57, 0x00000d57, + 0x00000d60, 0x00000d61, 0x00000d66, 0x00000d6f, + 0x00000d82, 0x00000d83, 0x00000d85, 0x00000d96, + 0x00000d9a, 0x00000db1, 0x00000db3, 0x00000dbb, + 0x00000dbd, 0x00000dbd, 0x00000dc0, 0x00000dc6, + 0x00000dcf, 0x00000dd1, 0x00000dd8, 0x00000ddf, + 0x00000df2, 0x00000df4, 0x00000e01, 0x00000e30, + 0x00000e32, 0x00000e33, 0x00000e40, 0x00000e46, + 0x00000e4f, 0x00000e5b, 0x00000e81, 0x00000e82, + 0x00000e84, 0x00000e84, 0x00000e87, 0x00000e88, + 0x00000e8a, 0x00000e8a, 0x00000e8d, 0x00000e8d, + 0x00000e94, 0x00000e97, 0x00000e99, 0x00000e9f, + 0x00000ea1, 0x00000ea3, 0x00000ea5, 0x00000ea5, + 0x00000ea7, 0x00000ea7, 0x00000eaa, 0x00000eab, + 0x00000ead, 0x00000eb0, 0x00000eb2, 0x00000eb3, + 0x00000ebd, 0x00000ebd, 0x00000ec0, 0x00000ec4, + 0x00000ec6, 0x00000ec6, 0x00000ed0, 0x00000ed9, + 0x00000edc, 0x00000edd, 0x00000f00, 0x00000f17, + 0x00000f1a, 0x00000f34, 0x00000f36, 0x00000f36, + 0x00000f38, 0x00000f38, 0x00000f3e, 0x00000f47, + 0x00000f49, 0x00000f6a, 0x00000f7f, 0x00000f7f, + 0x00000f85, 0x00000f85, 0x00000f88, 0x00000f8b, + 0x00000fbe, 0x00000fc5, 0x00000fc7, 0x00000fcc, + 0x00000fcf, 0x00000fcf, 0x00001000, 0x00001021, + 0x00001023, 0x00001027, 0x00001029, 0x0000102a, + 0x0000102c, 0x0000102c, 0x00001031, 0x00001031, + 0x00001038, 0x00001038, 0x00001040, 0x00001057, + 0x000010a0, 0x000010c5, 0x000010d0, 0x000010f8, + 0x000010fb, 0x000010fb, 0x00001100, 0x00001159, + 0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9, + 0x00001200, 0x00001206, 0x00001208, 0x00001246, + 0x00001248, 0x00001248, 0x0000124a, 0x0000124d, + 0x00001250, 0x00001256, 0x00001258, 0x00001258, + 0x0000125a, 0x0000125d, 0x00001260, 0x00001286, + 0x00001288, 0x00001288, 0x0000128a, 0x0000128d, + 0x00001290, 0x000012ae, 0x000012b0, 0x000012b0, + 0x000012b2, 0x000012b5, 0x000012b8, 0x000012be, + 0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5, + 0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6, + 0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e, + 0x00001310, 0x00001310, 0x00001312, 0x00001315, + 0x00001318, 0x0000131e, 0x00001320, 0x00001346, + 0x00001348, 0x0000135a, 0x00001361, 0x0000137c, + 0x000013a0, 0x000013f4, 0x00001401, 0x00001676, + 0x00001681, 0x0000169a, 0x000016a0, 0x000016f0, + 0x00001700, 0x0000170c, 0x0000170e, 0x00001711, + 0x00001720, 0x00001731, 0x00001735, 0x00001736, + 0x00001740, 0x00001751, 0x00001760, 0x0000176c, + 0x0000176e, 0x00001770, 0x00001780, 0x000017b6, + 0x000017be, 0x000017c5, 0x000017c7, 0x000017c8, + 0x000017d4, 0x000017da, 0x000017dc, 0x000017dc, + 0x000017e0, 0x000017e9, 0x00001810, 0x00001819, + 0x00001820, 0x00001877, 0x00001880, 0x000018a8, + 0x00001e00, 0x00001e9b, 0x00001ea0, 0x00001ef9, + 0x00001f00, 0x00001f15, 0x00001f18, 0x00001f1d, + 0x00001f20, 0x00001f45, 0x00001f48, 0x00001f4d, + 0x00001f50, 0x00001f57, 0x00001f59, 0x00001f59, + 0x00001f5b, 0x00001f5b, 0x00001f5d, 0x00001f5d, + 0x00001f5f, 0x00001f7d, 0x00001f80, 0x00001fb4, + 0x00001fb6, 0x00001fbc, 0x00001fbe, 0x00001fbe, + 0x00001fc2, 0x00001fc4, 0x00001fc6, 0x00001fcc, + 0x00001fd0, 0x00001fd3, 0x00001fd6, 0x00001fdb, + 0x00001fe0, 0x00001fec, 0x00001ff2, 0x00001ff4, + 0x00001ff6, 0x00001ffc, 0x0000200e, 0x0000200e, + 0x00002071, 0x00002071, 0x0000207f, 0x0000207f, + 0x00002102, 0x00002102, 0x00002107, 0x00002107, + 0x0000210a, 0x00002113, 0x00002115, 0x00002115, + 0x00002119, 0x0000211d, 0x00002124, 0x00002124, + 0x00002126, 0x00002126, 0x00002128, 0x00002128, + 0x0000212a, 0x0000212d, 0x0000212f, 0x00002131, + 0x00002133, 0x00002139, 0x0000213d, 0x0000213f, + 0x00002145, 0x00002149, 0x00002160, 0x00002183, + 0x00002336, 0x0000237a, 0x00002395, 0x00002395, + 0x0000249c, 0x000024e9, 0x00003005, 0x00003007, + 0x00003021, 0x00003029, 0x00003031, 0x00003035, + 0x00003038, 0x0000303c, 0x00003041, 0x00003096, + 0x0000309d, 0x0000309f, 0x000030a1, 0x000030fa, + 0x000030fc, 0x000030ff, 0x00003105, 0x0000312c, + 0x00003131, 0x0000318e, 0x00003190, 0x000031b7, + 0x000031f0, 0x0000321c, 0x00003220, 0x00003243, + 0x00003260, 0x0000327b, 0x0000327f, 0x000032b0, + 0x000032c0, 0x000032cb, 0x000032d0, 0x000032fe, + 0x00003300, 0x00003376, 0x0000337b, 0x000033dd, + 0x000033e0, 0x000033fe, 0x00003400, 0x00004db5, + 0x00004e00, 0x0000a48c, 0x0000ac00, 0x0000d7a3, + 0x0000e000, 0x0000fb06, 0x0000fb13, 0x0000fb17, + 0x0000ff21, 0x0000ff3a, 0x0000ff41, 0x0000ff5a, + 0x0000ff66, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7, + 0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7, + 0x0000ffda, 0x0000ffdc, 0x00010000, 0x0002a6d6, + 0x0002f800, 0x0002fa1d, 0x000f0000, 0x000ffffd, + 0x00100000, 0x0010fffd, 0x000005be, 0x000005be, + 0x000005c0, 0x000005c0, 0x000005c3, 0x000005c3, + 0x000005d0, 0x000005ea, 0x000005f0, 0x000005f4, + 0x0000200f, 0x0000200f, 0x0000fb1d, 0x0000fb1d, + 0x0000fb1f, 0x0000fb28, 0x0000fb2a, 0x0000fb36, + 0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e, + 0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44, + 0x0000fb46, 0x0000fb4f, 0x00000030, 0x00000039, + 0x000000b2, 0x000000b3, 0x000000b9, 0x000000b9, + 0x000006f0, 0x000006f9, 0x00002070, 0x00002070, + 0x00002074, 0x00002079, 0x00002080, 0x00002089, + 0x00002460, 0x0000249b, 0x000024ea, 0x000024ea, + 0x0000ff10, 0x0000ff19, 0x0001d7ce, 0x0001d7ff, + 0x0000002f, 0x0000002f, 0x0000ff0f, 0x0000ff0f, + 0x00000023, 0x00000025, 0x0000002b, 0x0000002b, + 0x0000002d, 0x0000002d, 0x000000a2, 0x000000a5, + 0x000000b0, 0x000000b1, 0x0000066a, 0x0000066a, + 0x000009f2, 0x000009f3, 0x00000e3f, 0x00000e3f, + 0x000017db, 0x000017db, 0x00002030, 0x00002034, + 0x0000207a, 0x0000207b, 0x0000208a, 0x0000208b, + 0x000020a0, 0x000020b1, 0x0000212e, 0x0000212e, + 0x00002212, 0x00002213, 0x0000fb29, 0x0000fb29, + 0x0000fe5f, 0x0000fe5f, 0x0000fe62, 0x0000fe63, + 0x0000fe69, 0x0000fe6a, 0x0000ff03, 0x0000ff05, + 0x0000ff0b, 0x0000ff0b, 0x0000ff0d, 0x0000ff0d, + 0x0000ffe0, 0x0000ffe1, 0x0000ffe5, 0x0000ffe6, + 0x00000660, 0x00000669, 0x0000066b, 0x0000066c, + 0x0000002c, 0x0000002c, 0x0000002e, 0x0000002e, + 0x0000003a, 0x0000003a, 0x000000a0, 0x000000a0, + 0x0000060c, 0x0000060c, 0x0000fe50, 0x0000fe50, + 0x0000fe52, 0x0000fe52, 0x0000fe55, 0x0000fe55, + 0x0000ff0c, 0x0000ff0c, 0x0000ff0e, 0x0000ff0e, + 0x0000ff1a, 0x0000ff1a, 0x0000000a, 0x0000000a, + 0x0000000d, 0x0000000d, 0x0000001c, 0x0000001e, + 0x00000085, 0x00000085, 0x00002029, 0x00002029, + 0x00000009, 0x00000009, 0x0000000b, 0x0000000b, + 0x0000001f, 0x0000001f, 0x0000000c, 0x0000000c, + 0x00000020, 0x00000020, 0x00001680, 0x00001680, + 0x00002000, 0x0000200a, 0x00002028, 0x00002028, + 0x0000202f, 0x0000202f, 0x0000205f, 0x0000205f, + 0x00003000, 0x00003000, 0x00000000, 0x00000008, + 0x0000000e, 0x0000001b, 0x00000021, 0x00000022, + 0x00000026, 0x0000002a, 0x0000003b, 0x00000040, + 0x0000005b, 0x00000060, 0x0000007b, 0x00000084, + 0x00000086, 0x0000009f, 0x000000a1, 0x000000a1, + 0x000000a6, 0x000000a9, 0x000000ab, 0x000000af, + 0x000000b4, 0x000000b4, 0x000000b6, 0x000000b8, + 0x000000bb, 0x000000bf, 0x000000d7, 0x000000d7, + 0x000000f7, 0x000000f7, 0x000002b9, 0x000002ba, + 0x000002c2, 0x000002cf, 0x000002d2, 0x000002df, + 0x000002e5, 0x000002ed, 0x00000300, 0x0000034f, + 0x00000360, 0x0000036f, 0x00000374, 0x00000375, + 0x0000037e, 0x0000037e, 0x00000384, 0x00000385, + 0x00000387, 0x00000387, 0x000003f6, 0x000003f6, + 0x00000483, 0x00000486, 0x00000488, 0x00000489, + 0x0000058a, 0x0000058a, 0x00000591, 0x000005a1, + 0x000005a3, 0x000005b9, 0x000005bb, 0x000005bd, + 0x000005bf, 0x000005bf, 0x000005c1, 0x000005c2, + 0x000005c4, 0x000005c4, 0x0000064b, 0x00000655, + 0x00000670, 0x00000670, 0x000006d6, 0x000006dc, + 0x000006de, 0x000006e4, 0x000006e7, 0x000006ed, + 0x0000070f, 0x0000070f, 0x00000711, 0x00000711, + 0x00000730, 0x0000074a, 0x000007a6, 0x000007b0, + 0x00000901, 0x00000902, 0x0000093c, 0x0000093c, + 0x00000941, 0x00000948, 0x0000094d, 0x0000094d, + 0x00000951, 0x00000954, 0x00000962, 0x00000963, + 0x00000981, 0x00000981, 0x000009bc, 0x000009bc, + 0x000009c1, 0x000009c4, 0x000009cd, 0x000009cd, + 0x000009e2, 0x000009e3, 0x00000a02, 0x00000a02, + 0x00000a3c, 0x00000a3c, 0x00000a41, 0x00000a42, + 0x00000a47, 0x00000a48, 0x00000a4b, 0x00000a4d, + 0x00000a70, 0x00000a71, 0x00000a81, 0x00000a82, + 0x00000abc, 0x00000abc, 0x00000ac1, 0x00000ac5, + 0x00000ac7, 0x00000ac8, 0x00000acd, 0x00000acd, + 0x00000b01, 0x00000b01, 0x00000b3c, 0x00000b3c, + 0x00000b3f, 0x00000b3f, 0x00000b41, 0x00000b43, + 0x00000b4d, 0x00000b4d, 0x00000b56, 0x00000b56, + 0x00000b82, 0x00000b82, 0x00000bc0, 0x00000bc0, + 0x00000bcd, 0x00000bcd, 0x00000c3e, 0x00000c40, + 0x00000c46, 0x00000c48, 0x00000c4a, 0x00000c4d, + 0x00000c55, 0x00000c56, 0x00000cbf, 0x00000cbf, + 0x00000cc6, 0x00000cc6, 0x00000ccc, 0x00000ccd, + 0x00000d41, 0x00000d43, 0x00000d4d, 0x00000d4d, + 0x00000dca, 0x00000dca, 0x00000dd2, 0x00000dd4, + 0x00000dd6, 0x00000dd6, 0x00000e31, 0x00000e31, + 0x00000e34, 0x00000e3a, 0x00000e47, 0x00000e4e, + 0x00000eb1, 0x00000eb1, 0x00000eb4, 0x00000eb9, + 0x00000ebb, 0x00000ebc, 0x00000ec8, 0x00000ecd, + 0x00000f18, 0x00000f19, 0x00000f35, 0x00000f35, + 0x00000f37, 0x00000f37, 0x00000f39, 0x00000f3d, + 0x00000f71, 0x00000f7e, 0x00000f80, 0x00000f84, + 0x00000f86, 0x00000f87, 0x00000f90, 0x00000f97, + 0x00000f99, 0x00000fbc, 0x00000fc6, 0x00000fc6, + 0x0000102d, 0x00001030, 0x00001032, 0x00001032, + 0x00001036, 0x00001037, 0x00001039, 0x00001039, + 0x00001058, 0x00001059, 0x0000169b, 0x0000169c, + 0x00001712, 0x00001714, 0x00001732, 0x00001734, + 0x00001752, 0x00001753, 0x00001772, 0x00001773, + 0x000017b7, 0x000017bd, 0x000017c6, 0x000017c6, + 0x000017c9, 0x000017d3, 0x00001800, 0x0000180e, + 0x000018a9, 0x000018a9, 0x00001fbd, 0x00001fbd, + 0x00001fbf, 0x00001fc1, 0x00001fcd, 0x00001fcf, + 0x00001fdd, 0x00001fdf, 0x00001fed, 0x00001fef, + 0x00001ffd, 0x00001ffe, 0x0000200b, 0x0000200d, + 0x00002010, 0x00002027, 0x0000202a, 0x0000202e, + 0x00002035, 0x00002052, 0x00002057, 0x00002057, + 0x00002060, 0x00002063, 0x0000206a, 0x0000206f, + 0x0000207c, 0x0000207e, 0x0000208c, 0x0000208e, + 0x000020d0, 0x000020ea, 0x00002100, 0x00002101, + 0x00002103, 0x00002106, 0x00002108, 0x00002109, + 0x00002114, 0x00002114, 0x00002116, 0x00002118, + 0x0000211e, 0x00002123, 0x00002125, 0x00002125, + 0x00002127, 0x00002127, 0x00002129, 0x00002129, + 0x00002132, 0x00002132, 0x0000213a, 0x0000213a, + 0x00002140, 0x00002144, 0x0000214a, 0x0000214b, + 0x00002153, 0x0000215f, 0x00002190, 0x00002211, + 0x00002214, 0x00002335, 0x0000237b, 0x00002394, + 0x00002396, 0x000023ce, 0x00002400, 0x00002426, + 0x00002440, 0x0000244a, 0x000024eb, 0x000024fe, + 0x00002500, 0x00002613, 0x00002616, 0x00002617, + 0x00002619, 0x0000267d, 0x00002680, 0x00002689, + 0x00002701, 0x00002704, 0x00002706, 0x00002709, + 0x0000270c, 0x00002727, 0x00002729, 0x0000274b, + 0x0000274d, 0x0000274d, 0x0000274f, 0x00002752, + 0x00002756, 0x00002756, 0x00002758, 0x0000275e, + 0x00002761, 0x00002794, 0x00002798, 0x000027af, + 0x000027b1, 0x000027be, 0x000027d0, 0x000027eb, + 0x000027f0, 0x00002aff, 0x00002e80, 0x00002e99, + 0x00002e9b, 0x00002ef3, 0x00002f00, 0x00002fd5, + 0x00002ff0, 0x00002ffb, 0x00003001, 0x00003004, + 0x00003008, 0x00003020, 0x0000302a, 0x00003030, + 0x00003036, 0x00003037, 0x0000303d, 0x0000303f, + 0x00003099, 0x0000309c, 0x000030a0, 0x000030a0, + 0x000030fb, 0x000030fb, 0x00003251, 0x0000325f, + 0x000032b1, 0x000032bf, 0x0000a490, 0x0000a4c6, + 0x0000fb1e, 0x0000fb1e, 0x0000fd3e, 0x0000fd3f, + 0x0000fe00, 0x0000fe0f, 0x0000fe20, 0x0000fe23, + 0x0000fe30, 0x0000fe46, 0x0000fe49, 0x0000fe4f, + 0x0000fe51, 0x0000fe51, 0x0000fe54, 0x0000fe54, + 0x0000fe56, 0x0000fe5e, 0x0000fe60, 0x0000fe61, + 0x0000fe64, 0x0000fe66, 0x0000fe68, 0x0000fe68, + 0x0000fe6b, 0x0000fe6b, 0x0000feff, 0x0000feff, + 0x0000ff01, 0x0000ff02, 0x0000ff06, 0x0000ff0a, + 0x0000ff1b, 0x0000ff20, 0x0000ff3b, 0x0000ff40, + 0x0000ff5b, 0x0000ff65, 0x0000ffe2, 0x0000ffe4, + 0x0000ffe8, 0x0000ffee, 0x0000fff9, 0x0000fffd, + 0x0001d167, 0x0001d169, 0x0001d173, 0x0001d182, + 0x0001d185, 0x0001d18b, 0x0001d1aa, 0x0001d1ad, + 0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f, + 0x000000c0, 0x000000c5, 0x000000c7, 0x000000cf, + 0x000000d1, 0x000000d6, 0x000000d9, 0x000000dd, + 0x000000e0, 0x000000e5, 0x000000e7, 0x000000ef, + 0x000000f1, 0x000000f6, 0x000000f9, 0x000000fd, + 0x000000ff, 0x0000010f, 0x00000112, 0x00000125, + 0x00000128, 0x00000130, 0x00000134, 0x00000137, + 0x00000139, 0x0000013e, 0x00000143, 0x00000148, + 0x0000014c, 0x00000151, 0x00000154, 0x00000165, + 0x00000168, 0x0000017e, 0x000001a0, 0x000001a1, + 0x000001af, 0x000001b0, 0x000001cd, 0x000001dc, + 0x000001de, 0x000001e3, 0x000001e6, 0x000001f0, + 0x000001f4, 0x000001f5, 0x000001f8, 0x0000021b, + 0x0000021e, 0x0000021f, 0x00000226, 0x00000233, + 0x00000340, 0x00000341, 0x00000343, 0x00000344, + 0x00000374, 0x00000374, 0x0000037e, 0x0000037e, + 0x00000385, 0x0000038a, 0x0000038c, 0x0000038c, + 0x0000038e, 0x00000390, 0x000003aa, 0x000003b0, + 0x000003ca, 0x000003ce, 0x000003d3, 0x000003d4, + 0x00000400, 0x00000401, 0x00000403, 0x00000403, + 0x00000407, 0x00000407, 0x0000040c, 0x0000040e, + 0x00000419, 0x00000419, 0x00000439, 0x00000439, + 0x00000450, 0x00000451, 0x00000453, 0x00000453, + 0x00000457, 0x00000457, 0x0000045c, 0x0000045e, + 0x00000476, 0x00000477, 0x000004c1, 0x000004c2, + 0x000004d0, 0x000004d3, 0x000004d6, 0x000004d7, + 0x000004da, 0x000004df, 0x000004e2, 0x000004e7, + 0x000004ea, 0x000004f5, 0x000004f8, 0x000004f9, + 0x00000622, 0x00000626, 0x000006c0, 0x000006c0, + 0x000006c2, 0x000006c2, 0x000006d3, 0x000006d3, + 0x00000929, 0x00000929, 0x00000931, 0x00000931, + 0x00000934, 0x00000934, 0x00000958, 0x0000095f, + 0x000009cb, 0x000009cc, 0x000009dc, 0x000009dd, + 0x000009df, 0x000009df, 0x00000a33, 0x00000a33, + 0x00000a36, 0x00000a36, 0x00000a59, 0x00000a5b, + 0x00000a5e, 0x00000a5e, 0x00000b48, 0x00000b48, + 0x00000b4b, 0x00000b4c, 0x00000b5c, 0x00000b5d, + 0x00000b94, 0x00000b94, 0x00000bca, 0x00000bcc, + 0x00000c48, 0x00000c48, 0x00000cc0, 0x00000cc0, + 0x00000cc7, 0x00000cc8, 0x00000cca, 0x00000ccb, + 0x00000d4a, 0x00000d4c, 0x00000dda, 0x00000dda, + 0x00000ddc, 0x00000dde, 0x00000f43, 0x00000f43, + 0x00000f4d, 0x00000f4d, 0x00000f52, 0x00000f52, + 0x00000f57, 0x00000f57, 0x00000f5c, 0x00000f5c, + 0x00000f69, 0x00000f69, 0x00000f73, 0x00000f73, + 0x00000f75, 0x00000f76, 0x00000f78, 0x00000f78, + 0x00000f81, 0x00000f81, 0x00000f93, 0x00000f93, + 0x00000f9d, 0x00000f9d, 0x00000fa2, 0x00000fa2, + 0x00000fa7, 0x00000fa7, 0x00000fac, 0x00000fac, + 0x00000fb9, 0x00000fb9, 0x00001026, 0x00001026, + 0x00001e00, 0x00001e99, 0x00001e9b, 0x00001e9b, + 0x00001ea0, 0x00001ef9, 0x00001f00, 0x00001f15, + 0x00001f18, 0x00001f1d, 0x00001f20, 0x00001f45, + 0x00001f48, 0x00001f4d, 0x00001f50, 0x00001f57, + 0x00001f59, 0x00001f59, 0x00001f5b, 0x00001f5b, + 0x00001f5d, 0x00001f5d, 0x00001f5f, 0x00001f7d, + 0x00001f80, 0x00001fb4, 0x00001fb6, 0x00001fbc, + 0x00001fbe, 0x00001fbe, 0x00001fc1, 0x00001fc4, + 0x00001fc6, 0x00001fd3, 0x00001fd6, 0x00001fdb, + 0x00001fdd, 0x00001fef, 0x00001ff2, 0x00001ff4, + 0x00001ff6, 0x00001ffd, 0x00002000, 0x00002001, + 0x00002126, 0x00002126, 0x0000212a, 0x0000212b, + 0x0000219a, 0x0000219b, 0x000021ae, 0x000021ae, + 0x000021cd, 0x000021cf, 0x00002204, 0x00002204, + 0x00002209, 0x00002209, 0x0000220c, 0x0000220c, + 0x00002224, 0x00002224, 0x00002226, 0x00002226, + 0x00002241, 0x00002241, 0x00002244, 0x00002244, + 0x00002247, 0x00002247, 0x00002249, 0x00002249, + 0x00002260, 0x00002260, 0x00002262, 0x00002262, + 0x0000226d, 0x00002271, 0x00002274, 0x00002275, + 0x00002278, 0x00002279, 0x00002280, 0x00002281, + 0x00002284, 0x00002285, 0x00002288, 0x00002289, + 0x000022ac, 0x000022af, 0x000022e0, 0x000022e3, + 0x000022ea, 0x000022ed, 0x00002329, 0x0000232a, + 0x00002adc, 0x00002adc, 0x0000304c, 0x0000304c, + 0x0000304e, 0x0000304e, 0x00003050, 0x00003050, + 0x00003052, 0x00003052, 0x00003054, 0x00003054, + 0x00003056, 0x00003056, 0x00003058, 0x00003058, + 0x0000305a, 0x0000305a, 0x0000305c, 0x0000305c, + 0x0000305e, 0x0000305e, 0x00003060, 0x00003060, + 0x00003062, 0x00003062, 0x00003065, 0x00003065, + 0x00003067, 0x00003067, 0x00003069, 0x00003069, + 0x00003070, 0x00003071, 0x00003073, 0x00003074, + 0x00003076, 0x00003077, 0x00003079, 0x0000307a, + 0x0000307c, 0x0000307d, 0x00003094, 0x00003094, + 0x0000309e, 0x0000309e, 0x000030ac, 0x000030ac, + 0x000030ae, 0x000030ae, 0x000030b0, 0x000030b0, + 0x000030b2, 0x000030b2, 0x000030b4, 0x000030b4, + 0x000030b6, 0x000030b6, 0x000030b8, 0x000030b8, + 0x000030ba, 0x000030ba, 0x000030bc, 0x000030bc, + 0x000030be, 0x000030be, 0x000030c0, 0x000030c0, + 0x000030c2, 0x000030c2, 0x000030c5, 0x000030c5, + 0x000030c7, 0x000030c7, 0x000030c9, 0x000030c9, + 0x000030d0, 0x000030d1, 0x000030d3, 0x000030d4, + 0x000030d6, 0x000030d7, 0x000030d9, 0x000030da, + 0x000030dc, 0x000030dd, 0x000030f4, 0x000030f4, + 0x000030f7, 0x000030fa, 0x000030fe, 0x000030fe, + 0x0000f902, 0x0000fa0d, 0x0000fa10, 0x0000fa10, + 0x0000fa12, 0x0000fa12, 0x0000fa15, 0x0000fa1e, + 0x0000fa20, 0x0000fa20, 0x0000fa22, 0x0000fa22, + 0x0000fa25, 0x0000fa26, 0x0000fa2a, 0x0000fa2d, + 0x0000fa30, 0x0000fa6a, 0x0000fb1d, 0x0000fb1d, + 0x0000fb1f, 0x0000fb1f, 0x0000fb2a, 0x0000fb36, + 0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e, + 0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44, + 0x0000fb46, 0x0000fb4e, 0x0001d15e, 0x0001d164, + 0x0001d1bb, 0x0001d1c0, 0x0002f800, 0x0002fa1d, + 0x00000000, 0x00000220, 0x00000222, 0x00000233, + 0x00000250, 0x000002ad, 0x000002b0, 0x000002ee, + 0x00000300, 0x0000034f, 0x00000360, 0x0000036f, + 0x00000374, 0x00000375, 0x0000037a, 0x0000037a, + 0x0000037e, 0x0000037e, 0x00000384, 0x0000038a, + 0x0000038c, 0x0000038c, 0x0000038e, 0x000003a1, + 0x000003a3, 0x000003ce, 0x000003d0, 0x000003f6, + 0x00000400, 0x00000486, 0x00000488, 0x000004ce, + 0x000004d0, 0x000004f5, 0x000004f8, 0x000004f9, + 0x00000500, 0x0000050f, 0x00000531, 0x00000556, + 0x00000559, 0x0000055f, 0x00000561, 0x00000587, + 0x00000589, 0x0000058a, 0x00000591, 0x000005a1, + 0x000005a3, 0x000005b9, 0x000005bb, 0x000005c4, + 0x000005d0, 0x000005ea, 0x000005f0, 0x000005f4, + 0x0000060c, 0x0000060c, 0x0000061b, 0x0000061b, + 0x0000061f, 0x0000061f, 0x00000621, 0x0000063a, + 0x00000640, 0x00000655, 0x00000660, 0x000006ed, + 0x000006f0, 0x000006fe, 0x00000700, 0x0000070d, + 0x0000070f, 0x0000072c, 0x00000730, 0x0000074a, + 0x00000780, 0x000007b1, 0x00000901, 0x00000903, + 0x00000905, 0x00000939, 0x0000093c, 0x0000094d, + 0x00000950, 0x00000954, 0x00000958, 0x00000970, + 0x00000981, 0x00000983, 0x00000985, 0x0000098c, + 0x0000098f, 0x00000990, 0x00000993, 0x000009a8, + 0x000009aa, 0x000009b0, 0x000009b2, 0x000009b2, + 0x000009b6, 0x000009b9, 0x000009bc, 0x000009bc, + 0x000009be, 0x000009c4, 0x000009c7, 0x000009c8, + 0x000009cb, 0x000009cd, 0x000009d7, 0x000009d7, + 0x000009dc, 0x000009dd, 0x000009df, 0x000009e3, + 0x000009e6, 0x000009fa, 0x00000a02, 0x00000a02, + 0x00000a05, 0x00000a0a, 0x00000a0f, 0x00000a10, + 0x00000a13, 0x00000a28, 0x00000a2a, 0x00000a30, + 0x00000a32, 0x00000a33, 0x00000a35, 0x00000a36, + 0x00000a38, 0x00000a39, 0x00000a3c, 0x00000a3c, + 0x00000a3e, 0x00000a42, 0x00000a47, 0x00000a48, + 0x00000a4b, 0x00000a4d, 0x00000a59, 0x00000a5c, + 0x00000a5e, 0x00000a5e, 0x00000a66, 0x00000a74, + 0x00000a81, 0x00000a83, 0x00000a85, 0x00000a8b, + 0x00000a8d, 0x00000a8d, 0x00000a8f, 0x00000a91, + 0x00000a93, 0x00000aa8, 0x00000aaa, 0x00000ab0, + 0x00000ab2, 0x00000ab3, 0x00000ab5, 0x00000ab9, + 0x00000abc, 0x00000ac5, 0x00000ac7, 0x00000ac9, + 0x00000acb, 0x00000acd, 0x00000ad0, 0x00000ad0, + 0x00000ae0, 0x00000ae0, 0x00000ae6, 0x00000aef, + 0x00000b01, 0x00000b03, 0x00000b05, 0x00000b0c, + 0x00000b0f, 0x00000b10, 0x00000b13, 0x00000b28, + 0x00000b2a, 0x00000b30, 0x00000b32, 0x00000b33, + 0x00000b36, 0x00000b39, 0x00000b3c, 0x00000b43, + 0x00000b47, 0x00000b48, 0x00000b4b, 0x00000b4d, + 0x00000b56, 0x00000b57, 0x00000b5c, 0x00000b5d, + 0x00000b5f, 0x00000b61, 0x00000b66, 0x00000b70, + 0x00000b82, 0x00000b83, 0x00000b85, 0x00000b8a, + 0x00000b8e, 0x00000b90, 0x00000b92, 0x00000b95, + 0x00000b99, 0x00000b9a, 0x00000b9c, 0x00000b9c, + 0x00000b9e, 0x00000b9f, 0x00000ba3, 0x00000ba4, + 0x00000ba8, 0x00000baa, 0x00000bae, 0x00000bb5, + 0x00000bb7, 0x00000bb9, 0x00000bbe, 0x00000bc2, + 0x00000bc6, 0x00000bc8, 0x00000bca, 0x00000bcd, + 0x00000bd7, 0x00000bd7, 0x00000be7, 0x00000bf2, + 0x00000c01, 0x00000c03, 0x00000c05, 0x00000c0c, + 0x00000c0e, 0x00000c10, 0x00000c12, 0x00000c28, + 0x00000c2a, 0x00000c33, 0x00000c35, 0x00000c39, + 0x00000c3e, 0x00000c44, 0x00000c46, 0x00000c48, + 0x00000c4a, 0x00000c4d, 0x00000c55, 0x00000c56, + 0x00000c60, 0x00000c61, 0x00000c66, 0x00000c6f, + 0x00000c82, 0x00000c83, 0x00000c85, 0x00000c8c, + 0x00000c8e, 0x00000c90, 0x00000c92, 0x00000ca8, + 0x00000caa, 0x00000cb3, 0x00000cb5, 0x00000cb9, + 0x00000cbe, 0x00000cc4, 0x00000cc6, 0x00000cc8, + 0x00000cca, 0x00000ccd, 0x00000cd5, 0x00000cd6, + 0x00000cde, 0x00000cde, 0x00000ce0, 0x00000ce1, + 0x00000ce6, 0x00000cef, 0x00000d02, 0x00000d03, + 0x00000d05, 0x00000d0c, 0x00000d0e, 0x00000d10, + 0x00000d12, 0x00000d28, 0x00000d2a, 0x00000d39, + 0x00000d3e, 0x00000d43, 0x00000d46, 0x00000d48, + 0x00000d4a, 0x00000d4d, 0x00000d57, 0x00000d57, + 0x00000d60, 0x00000d61, 0x00000d66, 0x00000d6f, + 0x00000d82, 0x00000d83, 0x00000d85, 0x00000d96, + 0x00000d9a, 0x00000db1, 0x00000db3, 0x00000dbb, + 0x00000dbd, 0x00000dbd, 0x00000dc0, 0x00000dc6, + 0x00000dca, 0x00000dca, 0x00000dcf, 0x00000dd4, + 0x00000dd6, 0x00000dd6, 0x00000dd8, 0x00000ddf, + 0x00000df2, 0x00000df4, 0x00000e01, 0x00000e3a, + 0x00000e3f, 0x00000e5b, 0x00000e81, 0x00000e82, + 0x00000e84, 0x00000e84, 0x00000e87, 0x00000e88, + 0x00000e8a, 0x00000e8a, 0x00000e8d, 0x00000e8d, + 0x00000e94, 0x00000e97, 0x00000e99, 0x00000e9f, + 0x00000ea1, 0x00000ea3, 0x00000ea5, 0x00000ea5, + 0x00000ea7, 0x00000ea7, 0x00000eaa, 0x00000eab, + 0x00000ead, 0x00000eb9, 0x00000ebb, 0x00000ebd, + 0x00000ec0, 0x00000ec4, 0x00000ec6, 0x00000ec6, + 0x00000ec8, 0x00000ecd, 0x00000ed0, 0x00000ed9, + 0x00000edc, 0x00000edd, 0x00000f00, 0x00000f47, + 0x00000f49, 0x00000f6a, 0x00000f71, 0x00000f8b, + 0x00000f90, 0x00000f97, 0x00000f99, 0x00000fbc, + 0x00000fbe, 0x00000fcc, 0x00000fcf, 0x00000fcf, + 0x00001000, 0x00001021, 0x00001023, 0x00001027, + 0x00001029, 0x0000102a, 0x0000102c, 0x00001032, + 0x00001036, 0x00001039, 0x00001040, 0x00001059, + 0x000010a0, 0x000010c5, 0x000010d0, 0x000010f8, + 0x000010fb, 0x000010fb, 0x00001100, 0x00001159, + 0x0000115f, 0x000011a2, 0x000011a8, 0x000011f9, + 0x00001200, 0x00001206, 0x00001208, 0x00001246, + 0x00001248, 0x00001248, 0x0000124a, 0x0000124d, + 0x00001250, 0x00001256, 0x00001258, 0x00001258, + 0x0000125a, 0x0000125d, 0x00001260, 0x00001286, + 0x00001288, 0x00001288, 0x0000128a, 0x0000128d, + 0x00001290, 0x000012ae, 0x000012b0, 0x000012b0, + 0x000012b2, 0x000012b5, 0x000012b8, 0x000012be, + 0x000012c0, 0x000012c0, 0x000012c2, 0x000012c5, + 0x000012c8, 0x000012ce, 0x000012d0, 0x000012d6, + 0x000012d8, 0x000012ee, 0x000012f0, 0x0000130e, + 0x00001310, 0x00001310, 0x00001312, 0x00001315, + 0x00001318, 0x0000131e, 0x00001320, 0x00001346, + 0x00001348, 0x0000135a, 0x00001361, 0x0000137c, + 0x000013a0, 0x000013f4, 0x00001401, 0x00001676, + 0x00001680, 0x0000169c, 0x000016a0, 0x000016f0, + 0x00001700, 0x0000170c, 0x0000170e, 0x00001714, + 0x00001720, 0x00001736, 0x00001740, 0x00001753, + 0x00001760, 0x0000176c, 0x0000176e, 0x00001770, + 0x00001772, 0x00001773, 0x00001780, 0x000017dc, + 0x000017e0, 0x000017e9, 0x00001800, 0x0000180e, + 0x00001810, 0x00001819, 0x00001820, 0x00001877, + 0x00001880, 0x000018a9, 0x00001e00, 0x00001e9b, + 0x00001ea0, 0x00001ef9, 0x00001f00, 0x00001f15, + 0x00001f18, 0x00001f1d, 0x00001f20, 0x00001f45, + 0x00001f48, 0x00001f4d, 0x00001f50, 0x00001f57, + 0x00001f59, 0x00001f59, 0x00001f5b, 0x00001f5b, + 0x00001f5d, 0x00001f5d, 0x00001f5f, 0x00001f7d, + 0x00001f80, 0x00001fb4, 0x00001fb6, 0x00001fc4, + 0x00001fc6, 0x00001fd3, 0x00001fd6, 0x00001fdb, + 0x00001fdd, 0x00001fef, 0x00001ff2, 0x00001ff4, + 0x00001ff6, 0x00001ffe, 0x00002000, 0x00002052, + 0x00002057, 0x00002057, 0x0000205f, 0x00002063, + 0x0000206a, 0x00002071, 0x00002074, 0x0000208e, + 0x000020a0, 0x000020b1, 0x000020d0, 0x000020ea, + 0x00002100, 0x0000213a, 0x0000213d, 0x0000214b, + 0x00002153, 0x00002183, 0x00002190, 0x000023ce, + 0x00002400, 0x00002426, 0x00002440, 0x0000244a, + 0x00002460, 0x000024fe, 0x00002500, 0x00002613, + 0x00002616, 0x00002617, 0x00002619, 0x0000267d, + 0x00002680, 0x00002689, 0x00002701, 0x00002704, + 0x00002706, 0x00002709, 0x0000270c, 0x00002727, + 0x00002729, 0x0000274b, 0x0000274d, 0x0000274d, + 0x0000274f, 0x00002752, 0x00002756, 0x00002756, + 0x00002758, 0x0000275e, 0x00002761, 0x00002794, + 0x00002798, 0x000027af, 0x000027b1, 0x000027be, + 0x000027d0, 0x000027eb, 0x000027f0, 0x00002aff, + 0x00002e80, 0x00002e99, 0x00002e9b, 0x00002ef3, + 0x00002f00, 0x00002fd5, 0x00002ff0, 0x00002ffb, + 0x00003000, 0x0000303f, 0x00003041, 0x00003096, + 0x00003099, 0x000030ff, 0x00003105, 0x0000312c, + 0x00003131, 0x0000318e, 0x00003190, 0x000031b7, + 0x000031f0, 0x0000321c, 0x00003220, 0x00003243, + 0x00003251, 0x0000327b, 0x0000327f, 0x000032cb, + 0x000032d0, 0x000032fe, 0x00003300, 0x00003376, + 0x0000337b, 0x000033dd, 0x000033e0, 0x000033fe, + 0x00003400, 0x00004db5, 0x00004e00, 0x00009fa5, + 0x0000a000, 0x0000a48c, 0x0000a490, 0x0000a4c6, + 0x0000ac00, 0x0000d7a3, 0x0000f900, 0x0000fb06, + 0x0000fb13, 0x0000fb17, 0x0000fb1d, 0x0000fb36, + 0x0000fb38, 0x0000fb3c, 0x0000fb3e, 0x0000fb3e, + 0x0000fb40, 0x0000fb41, 0x0000fb43, 0x0000fb44, + 0x0000fb46, 0x0000fbb1, 0x0000fbd3, 0x0000fd3f, + 0x0000fd50, 0x0000fd8f, 0x0000fd92, 0x0000fdc7, + 0x0000fdf0, 0x0000fdfc, 0x0000fe00, 0x0000fe0f, + 0x0000fe20, 0x0000fe23, 0x0000fe30, 0x0000fe46, + 0x0000fe49, 0x0000fe52, 0x0000fe54, 0x0000fe66, + 0x0000fe68, 0x0000fe6b, 0x0000fe70, 0x0000fe74, + 0x0000fe76, 0x0000fefc, 0x0000feff, 0x0000feff, + 0x0000ff01, 0x0000ffbe, 0x0000ffc2, 0x0000ffc7, + 0x0000ffca, 0x0000ffcf, 0x0000ffd2, 0x0000ffd7, + 0x0000ffda, 0x0000ffdc, 0x0000ffe0, 0x0000ffe6, + 0x0000ffe8, 0x0000ffee, 0x0000fff9, 0x0000fffd, + 0x00010300, 0x0001031e, 0x00010320, 0x00010323, + 0x00010330, 0x0001034a, 0x00010400, 0x00010425, + 0x00010428, 0x0001044d, 0x0001d000, 0x0001d0f5, + 0x0001d100, 0x0001d126, 0x0001d12a, 0x0001d1dd, + 0x0001d400, 0x0001d454, 0x0001d456, 0x0001d49c, + 0x0001d49e, 0x0001d49f, 0x0001d4a2, 0x0001d4a2, + 0x0001d4a5, 0x0001d4a6, 0x0001d4a9, 0x0001d4ac, + 0x0001d4ae, 0x0001d4b9, 0x0001d4bb, 0x0001d4bb, + 0x0001d4bd, 0x0001d4c0, 0x0001d4c2, 0x0001d4c3, + 0x0001d4c5, 0x0001d505, 0x0001d507, 0x0001d50a, + 0x0001d50d, 0x0001d514, 0x0001d516, 0x0001d51c, + 0x0001d51e, 0x0001d539, 0x0001d53b, 0x0001d53e, + 0x0001d540, 0x0001d544, 0x0001d546, 0x0001d546, + 0x0001d54a, 0x0001d550, 0x0001d552, 0x0001d6a3, + 0x0001d6a8, 0x0001d7c9, 0x0001d7ce, 0x0001d7ff, + 0x00020000, 0x0002a6d6, 0x0002f800, 0x0002fa1d, + 0x000e0001, 0x000e0001, 0x000e0020, 0x000e007f, + 0x000000ab, 0x000000ab, 0x00002018, 0x00002018, + 0x0000201b, 0x0000201c, 0x0000201f, 0x0000201f, + 0x00002039, 0x00002039, 0x000000bb, 0x000000bb, + 0x00002019, 0x00002019, 0x0000201d, 0x0000201d, + 0x0000203a, 0x0000203a, 0x0000061b, 0x0000061b, + 0x0000061f, 0x0000061f, 0x00000621, 0x0000063a, + 0x00000640, 0x0000064a, 0x0000066d, 0x0000066f, + 0x00000671, 0x000006d5, 0x000006dd, 0x000006dd, + 0x000006e5, 0x000006e6, 0x000006fa, 0x000006fe, + 0x00000700, 0x0000070d, 0x00000710, 0x00000710, + 0x00000712, 0x0000072c, 0x00000780, 0x000007a5, + 0x000007b1, 0x000007b1, 0x0000fb50, 0x0000fbb1, + 0x0000fbd3, 0x0000fd3d, 0x0000fd50, 0x0000fd8f, + 0x0000fd92, 0x0000fdc7, 0x0000fdf0, 0x0000fdfc, + 0x0000fe70, 0x0000fe74, 0x0000fe76, 0x0000fefc +}; + +static const krb5_ui_4 _uccase_size = 1504; + +static const krb5_ui_2 _uccase_len[2] = {745, 755}; + +static const krb5_ui_4 _uccase_map[] = { + 0x00000041, 0x00000061, 0x00000041, + 0x00000042, 0x00000062, 0x00000042, + 0x00000043, 0x00000063, 0x00000043, + 0x00000044, 0x00000064, 0x00000044, + 0x00000045, 0x00000065, 0x00000045, + 0x00000046, 0x00000066, 0x00000046, + 0x00000047, 0x00000067, 0x00000047, + 0x00000048, 0x00000068, 0x00000048, + 0x00000049, 0x00000069, 0x00000049, + 0x0000004a, 0x0000006a, 0x0000004a, + 0x0000004b, 0x0000006b, 0x0000004b, + 0x0000004c, 0x0000006c, 0x0000004c, + 0x0000004d, 0x0000006d, 0x0000004d, + 0x0000004e, 0x0000006e, 0x0000004e, + 0x0000004f, 0x0000006f, 0x0000004f, + 0x00000050, 0x00000070, 0x00000050, + 0x00000051, 0x00000071, 0x00000051, + 0x00000052, 0x00000072, 0x00000052, + 0x00000053, 0x00000073, 0x00000053, + 0x00000054, 0x00000074, 0x00000054, + 0x00000055, 0x00000075, 0x00000055, + 0x00000056, 0x00000076, 0x00000056, + 0x00000057, 0x00000077, 0x00000057, + 0x00000058, 0x00000078, 0x00000058, + 0x00000059, 0x00000079, 0x00000059, + 0x0000005a, 0x0000007a, 0x0000005a, + 0x000000c0, 0x000000e0, 0x000000c0, + 0x000000c1, 0x000000e1, 0x000000c1, + 0x000000c2, 0x000000e2, 0x000000c2, + 0x000000c3, 0x000000e3, 0x000000c3, + 0x000000c4, 0x000000e4, 0x000000c4, + 0x000000c5, 0x000000e5, 0x000000c5, + 0x000000c6, 0x000000e6, 0x000000c6, + 0x000000c7, 0x000000e7, 0x000000c7, + 0x000000c8, 0x000000e8, 0x000000c8, + 0x000000c9, 0x000000e9, 0x000000c9, + 0x000000ca, 0x000000ea, 0x000000ca, + 0x000000cb, 0x000000eb, 0x000000cb, + 0x000000cc, 0x000000ec, 0x000000cc, + 0x000000cd, 0x000000ed, 0x000000cd, + 0x000000ce, 0x000000ee, 0x000000ce, + 0x000000cf, 0x000000ef, 0x000000cf, + 0x000000d0, 0x000000f0, 0x000000d0, + 0x000000d1, 0x000000f1, 0x000000d1, + 0x000000d2, 0x000000f2, 0x000000d2, + 0x000000d3, 0x000000f3, 0x000000d3, + 0x000000d4, 0x000000f4, 0x000000d4, + 0x000000d5, 0x000000f5, 0x000000d5, + 0x000000d6, 0x000000f6, 0x000000d6, + 0x000000d8, 0x000000f8, 0x000000d8, + 0x000000d9, 0x000000f9, 0x000000d9, + 0x000000da, 0x000000fa, 0x000000da, + 0x000000db, 0x000000fb, 0x000000db, + 0x000000dc, 0x000000fc, 0x000000dc, + 0x000000dd, 0x000000fd, 0x000000dd, + 0x000000de, 0x000000fe, 0x000000de, + 0x00000100, 0x00000101, 0x00000100, + 0x00000102, 0x00000103, 0x00000102, + 0x00000104, 0x00000105, 0x00000104, + 0x00000106, 0x00000107, 0x00000106, + 0x00000108, 0x00000109, 0x00000108, + 0x0000010a, 0x0000010b, 0x0000010a, + 0x0000010c, 0x0000010d, 0x0000010c, + 0x0000010e, 0x0000010f, 0x0000010e, + 0x00000110, 0x00000111, 0x00000110, + 0x00000112, 0x00000113, 0x00000112, + 0x00000114, 0x00000115, 0x00000114, + 0x00000116, 0x00000117, 0x00000116, + 0x00000118, 0x00000119, 0x00000118, + 0x0000011a, 0x0000011b, 0x0000011a, + 0x0000011c, 0x0000011d, 0x0000011c, + 0x0000011e, 0x0000011f, 0x0000011e, + 0x00000120, 0x00000121, 0x00000120, + 0x00000122, 0x00000123, 0x00000122, + 0x00000124, 0x00000125, 0x00000124, + 0x00000126, 0x00000127, 0x00000126, + 0x00000128, 0x00000129, 0x00000128, + 0x0000012a, 0x0000012b, 0x0000012a, + 0x0000012c, 0x0000012d, 0x0000012c, + 0x0000012e, 0x0000012f, 0x0000012e, + 0x00000130, 0x00000069, 0x00000130, + 0x00000132, 0x00000133, 0x00000132, + 0x00000134, 0x00000135, 0x00000134, + 0x00000136, 0x00000137, 0x00000136, + 0x00000139, 0x0000013a, 0x00000139, + 0x0000013b, 0x0000013c, 0x0000013b, + 0x0000013d, 0x0000013e, 0x0000013d, + 0x0000013f, 0x00000140, 0x0000013f, + 0x00000141, 0x00000142, 0x00000141, + 0x00000143, 0x00000144, 0x00000143, + 0x00000145, 0x00000146, 0x00000145, + 0x00000147, 0x00000148, 0x00000147, + 0x0000014a, 0x0000014b, 0x0000014a, + 0x0000014c, 0x0000014d, 0x0000014c, + 0x0000014e, 0x0000014f, 0x0000014e, + 0x00000150, 0x00000151, 0x00000150, + 0x00000152, 0x00000153, 0x00000152, + 0x00000154, 0x00000155, 0x00000154, + 0x00000156, 0x00000157, 0x00000156, + 0x00000158, 0x00000159, 0x00000158, + 0x0000015a, 0x0000015b, 0x0000015a, + 0x0000015c, 0x0000015d, 0x0000015c, + 0x0000015e, 0x0000015f, 0x0000015e, + 0x00000160, 0x00000161, 0x00000160, + 0x00000162, 0x00000163, 0x00000162, + 0x00000164, 0x00000165, 0x00000164, + 0x00000166, 0x00000167, 0x00000166, + 0x00000168, 0x00000169, 0x00000168, + 0x0000016a, 0x0000016b, 0x0000016a, + 0x0000016c, 0x0000016d, 0x0000016c, + 0x0000016e, 0x0000016f, 0x0000016e, + 0x00000170, 0x00000171, 0x00000170, + 0x00000172, 0x00000173, 0x00000172, + 0x00000174, 0x00000175, 0x00000174, + 0x00000176, 0x00000177, 0x00000176, + 0x00000178, 0x000000ff, 0x00000178, + 0x00000179, 0x0000017a, 0x00000179, + 0x0000017b, 0x0000017c, 0x0000017b, + 0x0000017d, 0x0000017e, 0x0000017d, + 0x00000181, 0x00000253, 0x00000181, + 0x00000182, 0x00000183, 0x00000182, + 0x00000184, 0x00000185, 0x00000184, + 0x00000186, 0x00000254, 0x00000186, + 0x00000187, 0x00000188, 0x00000187, + 0x00000189, 0x00000256, 0x00000189, + 0x0000018a, 0x00000257, 0x0000018a, + 0x0000018b, 0x0000018c, 0x0000018b, + 0x0000018e, 0x000001dd, 0x0000018e, + 0x0000018f, 0x00000259, 0x0000018f, + 0x00000190, 0x0000025b, 0x00000190, + 0x00000191, 0x00000192, 0x00000191, + 0x00000193, 0x00000260, 0x00000193, + 0x00000194, 0x00000263, 0x00000194, + 0x00000196, 0x00000269, 0x00000196, + 0x00000197, 0x00000268, 0x00000197, + 0x00000198, 0x00000199, 0x00000198, + 0x0000019c, 0x0000026f, 0x0000019c, + 0x0000019d, 0x00000272, 0x0000019d, + 0x0000019f, 0x00000275, 0x0000019f, + 0x000001a0, 0x000001a1, 0x000001a0, + 0x000001a2, 0x000001a3, 0x000001a2, + 0x000001a4, 0x000001a5, 0x000001a4, + 0x000001a6, 0x00000280, 0x000001a6, + 0x000001a7, 0x000001a8, 0x000001a7, + 0x000001a9, 0x00000283, 0x000001a9, + 0x000001ac, 0x000001ad, 0x000001ac, + 0x000001ae, 0x00000288, 0x000001ae, + 0x000001af, 0x000001b0, 0x000001af, + 0x000001b1, 0x0000028a, 0x000001b1, + 0x000001b2, 0x0000028b, 0x000001b2, + 0x000001b3, 0x000001b4, 0x000001b3, + 0x000001b5, 0x000001b6, 0x000001b5, + 0x000001b7, 0x00000292, 0x000001b7, + 0x000001b8, 0x000001b9, 0x000001b8, + 0x000001bc, 0x000001bd, 0x000001bc, + 0x000001c4, 0x000001c6, 0x000001c5, + 0x000001c7, 0x000001c9, 0x000001c8, + 0x000001ca, 0x000001cc, 0x000001cb, + 0x000001cd, 0x000001ce, 0x000001cd, + 0x000001cf, 0x000001d0, 0x000001cf, + 0x000001d1, 0x000001d2, 0x000001d1, + 0x000001d3, 0x000001d4, 0x000001d3, + 0x000001d5, 0x000001d6, 0x000001d5, + 0x000001d7, 0x000001d8, 0x000001d7, + 0x000001d9, 0x000001da, 0x000001d9, + 0x000001db, 0x000001dc, 0x000001db, + 0x000001de, 0x000001df, 0x000001de, + 0x000001e0, 0x000001e1, 0x000001e0, + 0x000001e2, 0x000001e3, 0x000001e2, + 0x000001e4, 0x000001e5, 0x000001e4, + 0x000001e6, 0x000001e7, 0x000001e6, + 0x000001e8, 0x000001e9, 0x000001e8, + 0x000001ea, 0x000001eb, 0x000001ea, + 0x000001ec, 0x000001ed, 0x000001ec, + 0x000001ee, 0x000001ef, 0x000001ee, + 0x000001f1, 0x000001f3, 0x000001f2, + 0x000001f4, 0x000001f5, 0x000001f4, + 0x000001f6, 0x00000195, 0x000001f6, + 0x000001f7, 0x000001bf, 0x000001f7, + 0x000001f8, 0x000001f9, 0x000001f8, + 0x000001fa, 0x000001fb, 0x000001fa, + 0x000001fc, 0x000001fd, 0x000001fc, + 0x000001fe, 0x000001ff, 0x000001fe, + 0x00000200, 0x00000201, 0x00000200, + 0x00000202, 0x00000203, 0x00000202, + 0x00000204, 0x00000205, 0x00000204, + 0x00000206, 0x00000207, 0x00000206, + 0x00000208, 0x00000209, 0x00000208, + 0x0000020a, 0x0000020b, 0x0000020a, + 0x0000020c, 0x0000020d, 0x0000020c, + 0x0000020e, 0x0000020f, 0x0000020e, + 0x00000210, 0x00000211, 0x00000210, + 0x00000212, 0x00000213, 0x00000212, + 0x00000214, 0x00000215, 0x00000214, + 0x00000216, 0x00000217, 0x00000216, + 0x00000218, 0x00000219, 0x00000218, + 0x0000021a, 0x0000021b, 0x0000021a, + 0x0000021c, 0x0000021d, 0x0000021c, + 0x0000021e, 0x0000021f, 0x0000021e, + 0x00000220, 0x0000019e, 0x00000220, + 0x00000222, 0x00000223, 0x00000222, + 0x00000224, 0x00000225, 0x00000224, + 0x00000226, 0x00000227, 0x00000226, + 0x00000228, 0x00000229, 0x00000228, + 0x0000022a, 0x0000022b, 0x0000022a, + 0x0000022c, 0x0000022d, 0x0000022c, + 0x0000022e, 0x0000022f, 0x0000022e, + 0x00000230, 0x00000231, 0x00000230, + 0x00000232, 0x00000233, 0x00000232, + 0x00000386, 0x000003ac, 0x00000386, + 0x00000388, 0x000003ad, 0x00000388, + 0x00000389, 0x000003ae, 0x00000389, + 0x0000038a, 0x000003af, 0x0000038a, + 0x0000038c, 0x000003cc, 0x0000038c, + 0x0000038e, 0x000003cd, 0x0000038e, + 0x0000038f, 0x000003ce, 0x0000038f, + 0x00000391, 0x000003b1, 0x00000391, + 0x00000392, 0x000003b2, 0x00000392, + 0x00000393, 0x000003b3, 0x00000393, + 0x00000394, 0x000003b4, 0x00000394, + 0x00000395, 0x000003b5, 0x00000395, + 0x00000396, 0x000003b6, 0x00000396, + 0x00000397, 0x000003b7, 0x00000397, + 0x00000398, 0x000003b8, 0x00000398, + 0x00000399, 0x000003b9, 0x00000399, + 0x0000039a, 0x000003ba, 0x0000039a, + 0x0000039b, 0x000003bb, 0x0000039b, + 0x0000039c, 0x000003bc, 0x0000039c, + 0x0000039d, 0x000003bd, 0x0000039d, + 0x0000039e, 0x000003be, 0x0000039e, + 0x0000039f, 0x000003bf, 0x0000039f, + 0x000003a0, 0x000003c0, 0x000003a0, + 0x000003a1, 0x000003c1, 0x000003a1, + 0x000003a3, 0x000003c3, 0x000003a3, + 0x000003a4, 0x000003c4, 0x000003a4, + 0x000003a5, 0x000003c5, 0x000003a5, + 0x000003a6, 0x000003c6, 0x000003a6, + 0x000003a7, 0x000003c7, 0x000003a7, + 0x000003a8, 0x000003c8, 0x000003a8, + 0x000003a9, 0x000003c9, 0x000003a9, + 0x000003aa, 0x000003ca, 0x000003aa, + 0x000003ab, 0x000003cb, 0x000003ab, + 0x000003d8, 0x000003d9, 0x000003d8, + 0x000003da, 0x000003db, 0x000003da, + 0x000003dc, 0x000003dd, 0x000003dc, + 0x000003de, 0x000003df, 0x000003de, + 0x000003e0, 0x000003e1, 0x000003e0, + 0x000003e2, 0x000003e3, 0x000003e2, + 0x000003e4, 0x000003e5, 0x000003e4, + 0x000003e6, 0x000003e7, 0x000003e6, + 0x000003e8, 0x000003e9, 0x000003e8, + 0x000003ea, 0x000003eb, 0x000003ea, + 0x000003ec, 0x000003ed, 0x000003ec, + 0x000003ee, 0x000003ef, 0x000003ee, + 0x000003f4, 0x000003b8, 0x000003f4, + 0x00000400, 0x00000450, 0x00000400, + 0x00000401, 0x00000451, 0x00000401, + 0x00000402, 0x00000452, 0x00000402, + 0x00000403, 0x00000453, 0x00000403, + 0x00000404, 0x00000454, 0x00000404, + 0x00000405, 0x00000455, 0x00000405, + 0x00000406, 0x00000456, 0x00000406, + 0x00000407, 0x00000457, 0x00000407, + 0x00000408, 0x00000458, 0x00000408, + 0x00000409, 0x00000459, 0x00000409, + 0x0000040a, 0x0000045a, 0x0000040a, + 0x0000040b, 0x0000045b, 0x0000040b, + 0x0000040c, 0x0000045c, 0x0000040c, + 0x0000040d, 0x0000045d, 0x0000040d, + 0x0000040e, 0x0000045e, 0x0000040e, + 0x0000040f, 0x0000045f, 0x0000040f, + 0x00000410, 0x00000430, 0x00000410, + 0x00000411, 0x00000431, 0x00000411, + 0x00000412, 0x00000432, 0x00000412, + 0x00000413, 0x00000433, 0x00000413, + 0x00000414, 0x00000434, 0x00000414, + 0x00000415, 0x00000435, 0x00000415, + 0x00000416, 0x00000436, 0x00000416, + 0x00000417, 0x00000437, 0x00000417, + 0x00000418, 0x00000438, 0x00000418, + 0x00000419, 0x00000439, 0x00000419, + 0x0000041a, 0x0000043a, 0x0000041a, + 0x0000041b, 0x0000043b, 0x0000041b, + 0x0000041c, 0x0000043c, 0x0000041c, + 0x0000041d, 0x0000043d, 0x0000041d, + 0x0000041e, 0x0000043e, 0x0000041e, + 0x0000041f, 0x0000043f, 0x0000041f, + 0x00000420, 0x00000440, 0x00000420, + 0x00000421, 0x00000441, 0x00000421, + 0x00000422, 0x00000442, 0x00000422, + 0x00000423, 0x00000443, 0x00000423, + 0x00000424, 0x00000444, 0x00000424, + 0x00000425, 0x00000445, 0x00000425, + 0x00000426, 0x00000446, 0x00000426, + 0x00000427, 0x00000447, 0x00000427, + 0x00000428, 0x00000448, 0x00000428, + 0x00000429, 0x00000449, 0x00000429, + 0x0000042a, 0x0000044a, 0x0000042a, + 0x0000042b, 0x0000044b, 0x0000042b, + 0x0000042c, 0x0000044c, 0x0000042c, + 0x0000042d, 0x0000044d, 0x0000042d, + 0x0000042e, 0x0000044e, 0x0000042e, + 0x0000042f, 0x0000044f, 0x0000042f, + 0x00000460, 0x00000461, 0x00000460, + 0x00000462, 0x00000463, 0x00000462, + 0x00000464, 0x00000465, 0x00000464, + 0x00000466, 0x00000467, 0x00000466, + 0x00000468, 0x00000469, 0x00000468, + 0x0000046a, 0x0000046b, 0x0000046a, + 0x0000046c, 0x0000046d, 0x0000046c, + 0x0000046e, 0x0000046f, 0x0000046e, + 0x00000470, 0x00000471, 0x00000470, + 0x00000472, 0x00000473, 0x00000472, + 0x00000474, 0x00000475, 0x00000474, + 0x00000476, 0x00000477, 0x00000476, + 0x00000478, 0x00000479, 0x00000478, + 0x0000047a, 0x0000047b, 0x0000047a, + 0x0000047c, 0x0000047d, 0x0000047c, + 0x0000047e, 0x0000047f, 0x0000047e, + 0x00000480, 0x00000481, 0x00000480, + 0x0000048a, 0x0000048b, 0x0000048a, + 0x0000048c, 0x0000048d, 0x0000048c, + 0x0000048e, 0x0000048f, 0x0000048e, + 0x00000490, 0x00000491, 0x00000490, + 0x00000492, 0x00000493, 0x00000492, + 0x00000494, 0x00000495, 0x00000494, + 0x00000496, 0x00000497, 0x00000496, + 0x00000498, 0x00000499, 0x00000498, + 0x0000049a, 0x0000049b, 0x0000049a, + 0x0000049c, 0x0000049d, 0x0000049c, + 0x0000049e, 0x0000049f, 0x0000049e, + 0x000004a0, 0x000004a1, 0x000004a0, + 0x000004a2, 0x000004a3, 0x000004a2, + 0x000004a4, 0x000004a5, 0x000004a4, + 0x000004a6, 0x000004a7, 0x000004a6, + 0x000004a8, 0x000004a9, 0x000004a8, + 0x000004aa, 0x000004ab, 0x000004aa, + 0x000004ac, 0x000004ad, 0x000004ac, + 0x000004ae, 0x000004af, 0x000004ae, + 0x000004b0, 0x000004b1, 0x000004b0, + 0x000004b2, 0x000004b3, 0x000004b2, + 0x000004b4, 0x000004b5, 0x000004b4, + 0x000004b6, 0x000004b7, 0x000004b6, + 0x000004b8, 0x000004b9, 0x000004b8, + 0x000004ba, 0x000004bb, 0x000004ba, + 0x000004bc, 0x000004bd, 0x000004bc, + 0x000004be, 0x000004bf, 0x000004be, + 0x000004c1, 0x000004c2, 0x000004c1, + 0x000004c3, 0x000004c4, 0x000004c3, + 0x000004c5, 0x000004c6, 0x000004c5, + 0x000004c7, 0x000004c8, 0x000004c7, + 0x000004c9, 0x000004ca, 0x000004c9, + 0x000004cb, 0x000004cc, 0x000004cb, + 0x000004cd, 0x000004ce, 0x000004cd, + 0x000004d0, 0x000004d1, 0x000004d0, + 0x000004d2, 0x000004d3, 0x000004d2, + 0x000004d4, 0x000004d5, 0x000004d4, + 0x000004d6, 0x000004d7, 0x000004d6, + 0x000004d8, 0x000004d9, 0x000004d8, + 0x000004da, 0x000004db, 0x000004da, + 0x000004dc, 0x000004dd, 0x000004dc, + 0x000004de, 0x000004df, 0x000004de, + 0x000004e0, 0x000004e1, 0x000004e0, + 0x000004e2, 0x000004e3, 0x000004e2, + 0x000004e4, 0x000004e5, 0x000004e4, + 0x000004e6, 0x000004e7, 0x000004e6, + 0x000004e8, 0x000004e9, 0x000004e8, + 0x000004ea, 0x000004eb, 0x000004ea, + 0x000004ec, 0x000004ed, 0x000004ec, + 0x000004ee, 0x000004ef, 0x000004ee, + 0x000004f0, 0x000004f1, 0x000004f0, + 0x000004f2, 0x000004f3, 0x000004f2, + 0x000004f4, 0x000004f5, 0x000004f4, + 0x000004f8, 0x000004f9, 0x000004f8, + 0x00000500, 0x00000501, 0x00000500, + 0x00000502, 0x00000503, 0x00000502, + 0x00000504, 0x00000505, 0x00000504, + 0x00000506, 0x00000507, 0x00000506, + 0x00000508, 0x00000509, 0x00000508, + 0x0000050a, 0x0000050b, 0x0000050a, + 0x0000050c, 0x0000050d, 0x0000050c, + 0x0000050e, 0x0000050f, 0x0000050e, + 0x00000531, 0x00000561, 0x00000531, + 0x00000532, 0x00000562, 0x00000532, + 0x00000533, 0x00000563, 0x00000533, + 0x00000534, 0x00000564, 0x00000534, + 0x00000535, 0x00000565, 0x00000535, + 0x00000536, 0x00000566, 0x00000536, + 0x00000537, 0x00000567, 0x00000537, + 0x00000538, 0x00000568, 0x00000538, + 0x00000539, 0x00000569, 0x00000539, + 0x0000053a, 0x0000056a, 0x0000053a, + 0x0000053b, 0x0000056b, 0x0000053b, + 0x0000053c, 0x0000056c, 0x0000053c, + 0x0000053d, 0x0000056d, 0x0000053d, + 0x0000053e, 0x0000056e, 0x0000053e, + 0x0000053f, 0x0000056f, 0x0000053f, + 0x00000540, 0x00000570, 0x00000540, + 0x00000541, 0x00000571, 0x00000541, + 0x00000542, 0x00000572, 0x00000542, + 0x00000543, 0x00000573, 0x00000543, + 0x00000544, 0x00000574, 0x00000544, + 0x00000545, 0x00000575, 0x00000545, + 0x00000546, 0x00000576, 0x00000546, + 0x00000547, 0x00000577, 0x00000547, + 0x00000548, 0x00000578, 0x00000548, + 0x00000549, 0x00000579, 0x00000549, + 0x0000054a, 0x0000057a, 0x0000054a, + 0x0000054b, 0x0000057b, 0x0000054b, + 0x0000054c, 0x0000057c, 0x0000054c, + 0x0000054d, 0x0000057d, 0x0000054d, + 0x0000054e, 0x0000057e, 0x0000054e, + 0x0000054f, 0x0000057f, 0x0000054f, + 0x00000550, 0x00000580, 0x00000550, + 0x00000551, 0x00000581, 0x00000551, + 0x00000552, 0x00000582, 0x00000552, + 0x00000553, 0x00000583, 0x00000553, + 0x00000554, 0x00000584, 0x00000554, + 0x00000555, 0x00000585, 0x00000555, + 0x00000556, 0x00000586, 0x00000556, + 0x00001e00, 0x00001e01, 0x00001e00, + 0x00001e02, 0x00001e03, 0x00001e02, + 0x00001e04, 0x00001e05, 0x00001e04, + 0x00001e06, 0x00001e07, 0x00001e06, + 0x00001e08, 0x00001e09, 0x00001e08, + 0x00001e0a, 0x00001e0b, 0x00001e0a, + 0x00001e0c, 0x00001e0d, 0x00001e0c, + 0x00001e0e, 0x00001e0f, 0x00001e0e, + 0x00001e10, 0x00001e11, 0x00001e10, + 0x00001e12, 0x00001e13, 0x00001e12, + 0x00001e14, 0x00001e15, 0x00001e14, + 0x00001e16, 0x00001e17, 0x00001e16, + 0x00001e18, 0x00001e19, 0x00001e18, + 0x00001e1a, 0x00001e1b, 0x00001e1a, + 0x00001e1c, 0x00001e1d, 0x00001e1c, + 0x00001e1e, 0x00001e1f, 0x00001e1e, + 0x00001e20, 0x00001e21, 0x00001e20, + 0x00001e22, 0x00001e23, 0x00001e22, + 0x00001e24, 0x00001e25, 0x00001e24, + 0x00001e26, 0x00001e27, 0x00001e26, + 0x00001e28, 0x00001e29, 0x00001e28, + 0x00001e2a, 0x00001e2b, 0x00001e2a, + 0x00001e2c, 0x00001e2d, 0x00001e2c, + 0x00001e2e, 0x00001e2f, 0x00001e2e, + 0x00001e30, 0x00001e31, 0x00001e30, + 0x00001e32, 0x00001e33, 0x00001e32, + 0x00001e34, 0x00001e35, 0x00001e34, + 0x00001e36, 0x00001e37, 0x00001e36, + 0x00001e38, 0x00001e39, 0x00001e38, + 0x00001e3a, 0x00001e3b, 0x00001e3a, + 0x00001e3c, 0x00001e3d, 0x00001e3c, + 0x00001e3e, 0x00001e3f, 0x00001e3e, + 0x00001e40, 0x00001e41, 0x00001e40, + 0x00001e42, 0x00001e43, 0x00001e42, + 0x00001e44, 0x00001e45, 0x00001e44, + 0x00001e46, 0x00001e47, 0x00001e46, + 0x00001e48, 0x00001e49, 0x00001e48, + 0x00001e4a, 0x00001e4b, 0x00001e4a, + 0x00001e4c, 0x00001e4d, 0x00001e4c, + 0x00001e4e, 0x00001e4f, 0x00001e4e, + 0x00001e50, 0x00001e51, 0x00001e50, + 0x00001e52, 0x00001e53, 0x00001e52, + 0x00001e54, 0x00001e55, 0x00001e54, + 0x00001e56, 0x00001e57, 0x00001e56, + 0x00001e58, 0x00001e59, 0x00001e58, + 0x00001e5a, 0x00001e5b, 0x00001e5a, + 0x00001e5c, 0x00001e5d, 0x00001e5c, + 0x00001e5e, 0x00001e5f, 0x00001e5e, + 0x00001e60, 0x00001e61, 0x00001e60, + 0x00001e62, 0x00001e63, 0x00001e62, + 0x00001e64, 0x00001e65, 0x00001e64, + 0x00001e66, 0x00001e67, 0x00001e66, + 0x00001e68, 0x00001e69, 0x00001e68, + 0x00001e6a, 0x00001e6b, 0x00001e6a, + 0x00001e6c, 0x00001e6d, 0x00001e6c, + 0x00001e6e, 0x00001e6f, 0x00001e6e, + 0x00001e70, 0x00001e71, 0x00001e70, + 0x00001e72, 0x00001e73, 0x00001e72, + 0x00001e74, 0x00001e75, 0x00001e74, + 0x00001e76, 0x00001e77, 0x00001e76, + 0x00001e78, 0x00001e79, 0x00001e78, + 0x00001e7a, 0x00001e7b, 0x00001e7a, + 0x00001e7c, 0x00001e7d, 0x00001e7c, + 0x00001e7e, 0x00001e7f, 0x00001e7e, + 0x00001e80, 0x00001e81, 0x00001e80, + 0x00001e82, 0x00001e83, 0x00001e82, + 0x00001e84, 0x00001e85, 0x00001e84, + 0x00001e86, 0x00001e87, 0x00001e86, + 0x00001e88, 0x00001e89, 0x00001e88, + 0x00001e8a, 0x00001e8b, 0x00001e8a, + 0x00001e8c, 0x00001e8d, 0x00001e8c, + 0x00001e8e, 0x00001e8f, 0x00001e8e, + 0x00001e90, 0x00001e91, 0x00001e90, + 0x00001e92, 0x00001e93, 0x00001e92, + 0x00001e94, 0x00001e95, 0x00001e94, + 0x00001ea0, 0x00001ea1, 0x00001ea0, + 0x00001ea2, 0x00001ea3, 0x00001ea2, + 0x00001ea4, 0x00001ea5, 0x00001ea4, + 0x00001ea6, 0x00001ea7, 0x00001ea6, + 0x00001ea8, 0x00001ea9, 0x00001ea8, + 0x00001eaa, 0x00001eab, 0x00001eaa, + 0x00001eac, 0x00001ead, 0x00001eac, + 0x00001eae, 0x00001eaf, 0x00001eae, + 0x00001eb0, 0x00001eb1, 0x00001eb0, + 0x00001eb2, 0x00001eb3, 0x00001eb2, + 0x00001eb4, 0x00001eb5, 0x00001eb4, + 0x00001eb6, 0x00001eb7, 0x00001eb6, + 0x00001eb8, 0x00001eb9, 0x00001eb8, + 0x00001eba, 0x00001ebb, 0x00001eba, + 0x00001ebc, 0x00001ebd, 0x00001ebc, + 0x00001ebe, 0x00001ebf, 0x00001ebe, + 0x00001ec0, 0x00001ec1, 0x00001ec0, + 0x00001ec2, 0x00001ec3, 0x00001ec2, + 0x00001ec4, 0x00001ec5, 0x00001ec4, + 0x00001ec6, 0x00001ec7, 0x00001ec6, + 0x00001ec8, 0x00001ec9, 0x00001ec8, + 0x00001eca, 0x00001ecb, 0x00001eca, + 0x00001ecc, 0x00001ecd, 0x00001ecc, + 0x00001ece, 0x00001ecf, 0x00001ece, + 0x00001ed0, 0x00001ed1, 0x00001ed0, + 0x00001ed2, 0x00001ed3, 0x00001ed2, + 0x00001ed4, 0x00001ed5, 0x00001ed4, + 0x00001ed6, 0x00001ed7, 0x00001ed6, + 0x00001ed8, 0x00001ed9, 0x00001ed8, + 0x00001eda, 0x00001edb, 0x00001eda, + 0x00001edc, 0x00001edd, 0x00001edc, + 0x00001ede, 0x00001edf, 0x00001ede, + 0x00001ee0, 0x00001ee1, 0x00001ee0, + 0x00001ee2, 0x00001ee3, 0x00001ee2, + 0x00001ee4, 0x00001ee5, 0x00001ee4, + 0x00001ee6, 0x00001ee7, 0x00001ee6, + 0x00001ee8, 0x00001ee9, 0x00001ee8, + 0x00001eea, 0x00001eeb, 0x00001eea, + 0x00001eec, 0x00001eed, 0x00001eec, + 0x00001eee, 0x00001eef, 0x00001eee, + 0x00001ef0, 0x00001ef1, 0x00001ef0, + 0x00001ef2, 0x00001ef3, 0x00001ef2, + 0x00001ef4, 0x00001ef5, 0x00001ef4, + 0x00001ef6, 0x00001ef7, 0x00001ef6, + 0x00001ef8, 0x00001ef9, 0x00001ef8, + 0x00001f08, 0x00001f00, 0x00001f08, + 0x00001f09, 0x00001f01, 0x00001f09, + 0x00001f0a, 0x00001f02, 0x00001f0a, + 0x00001f0b, 0x00001f03, 0x00001f0b, + 0x00001f0c, 0x00001f04, 0x00001f0c, + 0x00001f0d, 0x00001f05, 0x00001f0d, + 0x00001f0e, 0x00001f06, 0x00001f0e, + 0x00001f0f, 0x00001f07, 0x00001f0f, + 0x00001f18, 0x00001f10, 0x00001f18, + 0x00001f19, 0x00001f11, 0x00001f19, + 0x00001f1a, 0x00001f12, 0x00001f1a, + 0x00001f1b, 0x00001f13, 0x00001f1b, + 0x00001f1c, 0x00001f14, 0x00001f1c, + 0x00001f1d, 0x00001f15, 0x00001f1d, + 0x00001f28, 0x00001f20, 0x00001f28, + 0x00001f29, 0x00001f21, 0x00001f29, + 0x00001f2a, 0x00001f22, 0x00001f2a, + 0x00001f2b, 0x00001f23, 0x00001f2b, + 0x00001f2c, 0x00001f24, 0x00001f2c, + 0x00001f2d, 0x00001f25, 0x00001f2d, + 0x00001f2e, 0x00001f26, 0x00001f2e, + 0x00001f2f, 0x00001f27, 0x00001f2f, + 0x00001f38, 0x00001f30, 0x00001f38, + 0x00001f39, 0x00001f31, 0x00001f39, + 0x00001f3a, 0x00001f32, 0x00001f3a, + 0x00001f3b, 0x00001f33, 0x00001f3b, + 0x00001f3c, 0x00001f34, 0x00001f3c, + 0x00001f3d, 0x00001f35, 0x00001f3d, + 0x00001f3e, 0x00001f36, 0x00001f3e, + 0x00001f3f, 0x00001f37, 0x00001f3f, + 0x00001f48, 0x00001f40, 0x00001f48, + 0x00001f49, 0x00001f41, 0x00001f49, + 0x00001f4a, 0x00001f42, 0x00001f4a, + 0x00001f4b, 0x00001f43, 0x00001f4b, + 0x00001f4c, 0x00001f44, 0x00001f4c, + 0x00001f4d, 0x00001f45, 0x00001f4d, + 0x00001f59, 0x00001f51, 0x00001f59, + 0x00001f5b, 0x00001f53, 0x00001f5b, + 0x00001f5d, 0x00001f55, 0x00001f5d, + 0x00001f5f, 0x00001f57, 0x00001f5f, + 0x00001f68, 0x00001f60, 0x00001f68, + 0x00001f69, 0x00001f61, 0x00001f69, + 0x00001f6a, 0x00001f62, 0x00001f6a, + 0x00001f6b, 0x00001f63, 0x00001f6b, + 0x00001f6c, 0x00001f64, 0x00001f6c, + 0x00001f6d, 0x00001f65, 0x00001f6d, + 0x00001f6e, 0x00001f66, 0x00001f6e, + 0x00001f6f, 0x00001f67, 0x00001f6f, + 0x00001f88, 0x00001f80, 0x00001f88, + 0x00001f89, 0x00001f81, 0x00001f89, + 0x00001f8a, 0x00001f82, 0x00001f8a, + 0x00001f8b, 0x00001f83, 0x00001f8b, + 0x00001f8c, 0x00001f84, 0x00001f8c, + 0x00001f8d, 0x00001f85, 0x00001f8d, + 0x00001f8e, 0x00001f86, 0x00001f8e, + 0x00001f8f, 0x00001f87, 0x00001f8f, + 0x00001f98, 0x00001f90, 0x00001f98, + 0x00001f99, 0x00001f91, 0x00001f99, + 0x00001f9a, 0x00001f92, 0x00001f9a, + 0x00001f9b, 0x00001f93, 0x00001f9b, + 0x00001f9c, 0x00001f94, 0x00001f9c, + 0x00001f9d, 0x00001f95, 0x00001f9d, + 0x00001f9e, 0x00001f96, 0x00001f9e, + 0x00001f9f, 0x00001f97, 0x00001f9f, + 0x00001fa8, 0x00001fa0, 0x00001fa8, + 0x00001fa9, 0x00001fa1, 0x00001fa9, + 0x00001faa, 0x00001fa2, 0x00001faa, + 0x00001fab, 0x00001fa3, 0x00001fab, + 0x00001fac, 0x00001fa4, 0x00001fac, + 0x00001fad, 0x00001fa5, 0x00001fad, + 0x00001fae, 0x00001fa6, 0x00001fae, + 0x00001faf, 0x00001fa7, 0x00001faf, + 0x00001fb8, 0x00001fb0, 0x00001fb8, + 0x00001fb9, 0x00001fb1, 0x00001fb9, + 0x00001fba, 0x00001f70, 0x00001fba, + 0x00001fbb, 0x00001f71, 0x00001fbb, + 0x00001fbc, 0x00001fb3, 0x00001fbc, + 0x00001fc8, 0x00001f72, 0x00001fc8, + 0x00001fc9, 0x00001f73, 0x00001fc9, + 0x00001fca, 0x00001f74, 0x00001fca, + 0x00001fcb, 0x00001f75, 0x00001fcb, + 0x00001fcc, 0x00001fc3, 0x00001fcc, + 0x00001fd8, 0x00001fd0, 0x00001fd8, + 0x00001fd9, 0x00001fd1, 0x00001fd9, + 0x00001fda, 0x00001f76, 0x00001fda, + 0x00001fdb, 0x00001f77, 0x00001fdb, + 0x00001fe8, 0x00001fe0, 0x00001fe8, + 0x00001fe9, 0x00001fe1, 0x00001fe9, + 0x00001fea, 0x00001f7a, 0x00001fea, + 0x00001feb, 0x00001f7b, 0x00001feb, + 0x00001fec, 0x00001fe5, 0x00001fec, + 0x00001ff8, 0x00001f78, 0x00001ff8, + 0x00001ff9, 0x00001f79, 0x00001ff9, + 0x00001ffa, 0x00001f7c, 0x00001ffa, + 0x00001ffb, 0x00001f7d, 0x00001ffb, + 0x00001ffc, 0x00001ff3, 0x00001ffc, + 0x00002126, 0x000003c9, 0x00002126, + 0x0000212a, 0x0000006b, 0x0000212a, + 0x0000212b, 0x000000e5, 0x0000212b, + 0x00002160, 0x00002170, 0x00002160, + 0x00002161, 0x00002171, 0x00002161, + 0x00002162, 0x00002172, 0x00002162, + 0x00002163, 0x00002173, 0x00002163, + 0x00002164, 0x00002174, 0x00002164, + 0x00002165, 0x00002175, 0x00002165, + 0x00002166, 0x00002176, 0x00002166, + 0x00002167, 0x00002177, 0x00002167, + 0x00002168, 0x00002178, 0x00002168, + 0x00002169, 0x00002179, 0x00002169, + 0x0000216a, 0x0000217a, 0x0000216a, + 0x0000216b, 0x0000217b, 0x0000216b, + 0x0000216c, 0x0000217c, 0x0000216c, + 0x0000216d, 0x0000217d, 0x0000216d, + 0x0000216e, 0x0000217e, 0x0000216e, + 0x0000216f, 0x0000217f, 0x0000216f, + 0x000024b6, 0x000024d0, 0x000024b6, + 0x000024b7, 0x000024d1, 0x000024b7, + 0x000024b8, 0x000024d2, 0x000024b8, + 0x000024b9, 0x000024d3, 0x000024b9, + 0x000024ba, 0x000024d4, 0x000024ba, + 0x000024bb, 0x000024d5, 0x000024bb, + 0x000024bc, 0x000024d6, 0x000024bc, + 0x000024bd, 0x000024d7, 0x000024bd, + 0x000024be, 0x000024d8, 0x000024be, + 0x000024bf, 0x000024d9, 0x000024bf, + 0x000024c0, 0x000024da, 0x000024c0, + 0x000024c1, 0x000024db, 0x000024c1, + 0x000024c2, 0x000024dc, 0x000024c2, + 0x000024c3, 0x000024dd, 0x000024c3, + 0x000024c4, 0x000024de, 0x000024c4, + 0x000024c5, 0x000024df, 0x000024c5, + 0x000024c6, 0x000024e0, 0x000024c6, + 0x000024c7, 0x000024e1, 0x000024c7, + 0x000024c8, 0x000024e2, 0x000024c8, + 0x000024c9, 0x000024e3, 0x000024c9, + 0x000024ca, 0x000024e4, 0x000024ca, + 0x000024cb, 0x000024e5, 0x000024cb, + 0x000024cc, 0x000024e6, 0x000024cc, + 0x000024cd, 0x000024e7, 0x000024cd, + 0x000024ce, 0x000024e8, 0x000024ce, + 0x000024cf, 0x000024e9, 0x000024cf, + 0x0000ff21, 0x0000ff41, 0x0000ff21, + 0x0000ff22, 0x0000ff42, 0x0000ff22, + 0x0000ff23, 0x0000ff43, 0x0000ff23, + 0x0000ff24, 0x0000ff44, 0x0000ff24, + 0x0000ff25, 0x0000ff45, 0x0000ff25, + 0x0000ff26, 0x0000ff46, 0x0000ff26, + 0x0000ff27, 0x0000ff47, 0x0000ff27, + 0x0000ff28, 0x0000ff48, 0x0000ff28, + 0x0000ff29, 0x0000ff49, 0x0000ff29, + 0x0000ff2a, 0x0000ff4a, 0x0000ff2a, + 0x0000ff2b, 0x0000ff4b, 0x0000ff2b, + 0x0000ff2c, 0x0000ff4c, 0x0000ff2c, + 0x0000ff2d, 0x0000ff4d, 0x0000ff2d, + 0x0000ff2e, 0x0000ff4e, 0x0000ff2e, + 0x0000ff2f, 0x0000ff4f, 0x0000ff2f, + 0x0000ff30, 0x0000ff50, 0x0000ff30, + 0x0000ff31, 0x0000ff51, 0x0000ff31, + 0x0000ff32, 0x0000ff52, 0x0000ff32, + 0x0000ff33, 0x0000ff53, 0x0000ff33, + 0x0000ff34, 0x0000ff54, 0x0000ff34, + 0x0000ff35, 0x0000ff55, 0x0000ff35, + 0x0000ff36, 0x0000ff56, 0x0000ff36, + 0x0000ff37, 0x0000ff57, 0x0000ff37, + 0x0000ff38, 0x0000ff58, 0x0000ff38, + 0x0000ff39, 0x0000ff59, 0x0000ff39, + 0x0000ff3a, 0x0000ff5a, 0x0000ff3a, + 0x00010400, 0x00010428, 0x00010400, + 0x00010401, 0x00010429, 0x00010401, + 0x00010402, 0x0001042a, 0x00010402, + 0x00010403, 0x0001042b, 0x00010403, + 0x00010404, 0x0001042c, 0x00010404, + 0x00010405, 0x0001042d, 0x00010405, + 0x00010406, 0x0001042e, 0x00010406, + 0x00010407, 0x0001042f, 0x00010407, + 0x00010408, 0x00010430, 0x00010408, + 0x00010409, 0x00010431, 0x00010409, + 0x0001040a, 0x00010432, 0x0001040a, + 0x0001040b, 0x00010433, 0x0001040b, + 0x0001040c, 0x00010434, 0x0001040c, + 0x0001040d, 0x00010435, 0x0001040d, + 0x0001040e, 0x00010436, 0x0001040e, + 0x0001040f, 0x00010437, 0x0001040f, + 0x00010410, 0x00010438, 0x00010410, + 0x00010411, 0x00010439, 0x00010411, + 0x00010412, 0x0001043a, 0x00010412, + 0x00010413, 0x0001043b, 0x00010413, + 0x00010414, 0x0001043c, 0x00010414, + 0x00010415, 0x0001043d, 0x00010415, + 0x00010416, 0x0001043e, 0x00010416, + 0x00010417, 0x0001043f, 0x00010417, + 0x00010418, 0x00010440, 0x00010418, + 0x00010419, 0x00010441, 0x00010419, + 0x0001041a, 0x00010442, 0x0001041a, + 0x0001041b, 0x00010443, 0x0001041b, + 0x0001041c, 0x00010444, 0x0001041c, + 0x0001041d, 0x00010445, 0x0001041d, + 0x0001041e, 0x00010446, 0x0001041e, + 0x0001041f, 0x00010447, 0x0001041f, + 0x00010420, 0x00010448, 0x00010420, + 0x00010421, 0x00010449, 0x00010421, + 0x00010422, 0x0001044a, 0x00010422, + 0x00010423, 0x0001044b, 0x00010423, + 0x00010424, 0x0001044c, 0x00010424, + 0x00010425, 0x0001044d, 0x00010425, + 0x00000061, 0x00000041, 0x00000041, + 0x00000062, 0x00000042, 0x00000042, + 0x00000063, 0x00000043, 0x00000043, + 0x00000064, 0x00000044, 0x00000044, + 0x00000065, 0x00000045, 0x00000045, + 0x00000066, 0x00000046, 0x00000046, + 0x00000067, 0x00000047, 0x00000047, + 0x00000068, 0x00000048, 0x00000048, + 0x00000069, 0x00000049, 0x00000049, + 0x0000006a, 0x0000004a, 0x0000004a, + 0x0000006b, 0x0000004b, 0x0000004b, + 0x0000006c, 0x0000004c, 0x0000004c, + 0x0000006d, 0x0000004d, 0x0000004d, + 0x0000006e, 0x0000004e, 0x0000004e, + 0x0000006f, 0x0000004f, 0x0000004f, + 0x00000070, 0x00000050, 0x00000050, + 0x00000071, 0x00000051, 0x00000051, + 0x00000072, 0x00000052, 0x00000052, + 0x00000073, 0x00000053, 0x00000053, + 0x00000074, 0x00000054, 0x00000054, + 0x00000075, 0x00000055, 0x00000055, + 0x00000076, 0x00000056, 0x00000056, + 0x00000077, 0x00000057, 0x00000057, + 0x00000078, 0x00000058, 0x00000058, + 0x00000079, 0x00000059, 0x00000059, + 0x0000007a, 0x0000005a, 0x0000005a, + 0x000000b5, 0x0000039c, 0x0000039c, + 0x000000e0, 0x000000c0, 0x000000c0, + 0x000000e1, 0x000000c1, 0x000000c1, + 0x000000e2, 0x000000c2, 0x000000c2, + 0x000000e3, 0x000000c3, 0x000000c3, + 0x000000e4, 0x000000c4, 0x000000c4, + 0x000000e5, 0x000000c5, 0x000000c5, + 0x000000e6, 0x000000c6, 0x000000c6, + 0x000000e7, 0x000000c7, 0x000000c7, + 0x000000e8, 0x000000c8, 0x000000c8, + 0x000000e9, 0x000000c9, 0x000000c9, + 0x000000ea, 0x000000ca, 0x000000ca, + 0x000000eb, 0x000000cb, 0x000000cb, + 0x000000ec, 0x000000cc, 0x000000cc, + 0x000000ed, 0x000000cd, 0x000000cd, + 0x000000ee, 0x000000ce, 0x000000ce, + 0x000000ef, 0x000000cf, 0x000000cf, + 0x000000f0, 0x000000d0, 0x000000d0, + 0x000000f1, 0x000000d1, 0x000000d1, + 0x000000f2, 0x000000d2, 0x000000d2, + 0x000000f3, 0x000000d3, 0x000000d3, + 0x000000f4, 0x000000d4, 0x000000d4, + 0x000000f5, 0x000000d5, 0x000000d5, + 0x000000f6, 0x000000d6, 0x000000d6, + 0x000000f8, 0x000000d8, 0x000000d8, + 0x000000f9, 0x000000d9, 0x000000d9, + 0x000000fa, 0x000000da, 0x000000da, + 0x000000fb, 0x000000db, 0x000000db, + 0x000000fc, 0x000000dc, 0x000000dc, + 0x000000fd, 0x000000dd, 0x000000dd, + 0x000000fe, 0x000000de, 0x000000de, + 0x000000ff, 0x00000178, 0x00000178, + 0x00000101, 0x00000100, 0x00000100, + 0x00000103, 0x00000102, 0x00000102, + 0x00000105, 0x00000104, 0x00000104, + 0x00000107, 0x00000106, 0x00000106, + 0x00000109, 0x00000108, 0x00000108, + 0x0000010b, 0x0000010a, 0x0000010a, + 0x0000010d, 0x0000010c, 0x0000010c, + 0x0000010f, 0x0000010e, 0x0000010e, + 0x00000111, 0x00000110, 0x00000110, + 0x00000113, 0x00000112, 0x00000112, + 0x00000115, 0x00000114, 0x00000114, + 0x00000117, 0x00000116, 0x00000116, + 0x00000119, 0x00000118, 0x00000118, + 0x0000011b, 0x0000011a, 0x0000011a, + 0x0000011d, 0x0000011c, 0x0000011c, + 0x0000011f, 0x0000011e, 0x0000011e, + 0x00000121, 0x00000120, 0x00000120, + 0x00000123, 0x00000122, 0x00000122, + 0x00000125, 0x00000124, 0x00000124, + 0x00000127, 0x00000126, 0x00000126, + 0x00000129, 0x00000128, 0x00000128, + 0x0000012b, 0x0000012a, 0x0000012a, + 0x0000012d, 0x0000012c, 0x0000012c, + 0x0000012f, 0x0000012e, 0x0000012e, + 0x00000131, 0x00000049, 0x00000049, + 0x00000133, 0x00000132, 0x00000132, + 0x00000135, 0x00000134, 0x00000134, + 0x00000137, 0x00000136, 0x00000136, + 0x0000013a, 0x00000139, 0x00000139, + 0x0000013c, 0x0000013b, 0x0000013b, + 0x0000013e, 0x0000013d, 0x0000013d, + 0x00000140, 0x0000013f, 0x0000013f, + 0x00000142, 0x00000141, 0x00000141, + 0x00000144, 0x00000143, 0x00000143, + 0x00000146, 0x00000145, 0x00000145, + 0x00000148, 0x00000147, 0x00000147, + 0x0000014b, 0x0000014a, 0x0000014a, + 0x0000014d, 0x0000014c, 0x0000014c, + 0x0000014f, 0x0000014e, 0x0000014e, + 0x00000151, 0x00000150, 0x00000150, + 0x00000153, 0x00000152, 0x00000152, + 0x00000155, 0x00000154, 0x00000154, + 0x00000157, 0x00000156, 0x00000156, + 0x00000159, 0x00000158, 0x00000158, + 0x0000015b, 0x0000015a, 0x0000015a, + 0x0000015d, 0x0000015c, 0x0000015c, + 0x0000015f, 0x0000015e, 0x0000015e, + 0x00000161, 0x00000160, 0x00000160, + 0x00000163, 0x00000162, 0x00000162, + 0x00000165, 0x00000164, 0x00000164, + 0x00000167, 0x00000166, 0x00000166, + 0x00000169, 0x00000168, 0x00000168, + 0x0000016b, 0x0000016a, 0x0000016a, + 0x0000016d, 0x0000016c, 0x0000016c, + 0x0000016f, 0x0000016e, 0x0000016e, + 0x00000171, 0x00000170, 0x00000170, + 0x00000173, 0x00000172, 0x00000172, + 0x00000175, 0x00000174, 0x00000174, + 0x00000177, 0x00000176, 0x00000176, + 0x0000017a, 0x00000179, 0x00000179, + 0x0000017c, 0x0000017b, 0x0000017b, + 0x0000017e, 0x0000017d, 0x0000017d, + 0x0000017f, 0x00000053, 0x00000053, + 0x00000183, 0x00000182, 0x00000182, + 0x00000185, 0x00000184, 0x00000184, + 0x00000188, 0x00000187, 0x00000187, + 0x0000018c, 0x0000018b, 0x0000018b, + 0x00000192, 0x00000191, 0x00000191, + 0x00000195, 0x000001f6, 0x000001f6, + 0x00000199, 0x00000198, 0x00000198, + 0x0000019e, 0x00000220, 0x00000220, + 0x000001a1, 0x000001a0, 0x000001a0, + 0x000001a3, 0x000001a2, 0x000001a2, + 0x000001a5, 0x000001a4, 0x000001a4, + 0x000001a8, 0x000001a7, 0x000001a7, + 0x000001ad, 0x000001ac, 0x000001ac, + 0x000001b0, 0x000001af, 0x000001af, + 0x000001b4, 0x000001b3, 0x000001b3, + 0x000001b6, 0x000001b5, 0x000001b5, + 0x000001b9, 0x000001b8, 0x000001b8, + 0x000001bd, 0x000001bc, 0x000001bc, + 0x000001bf, 0x000001f7, 0x000001f7, + 0x000001c6, 0x000001c4, 0x000001c5, + 0x000001c9, 0x000001c7, 0x000001c8, + 0x000001cc, 0x000001ca, 0x000001cb, + 0x000001ce, 0x000001cd, 0x000001cd, + 0x000001d0, 0x000001cf, 0x000001cf, + 0x000001d2, 0x000001d1, 0x000001d1, + 0x000001d4, 0x000001d3, 0x000001d3, + 0x000001d6, 0x000001d5, 0x000001d5, + 0x000001d8, 0x000001d7, 0x000001d7, + 0x000001da, 0x000001d9, 0x000001d9, + 0x000001dc, 0x000001db, 0x000001db, + 0x000001dd, 0x0000018e, 0x0000018e, + 0x000001df, 0x000001de, 0x000001de, + 0x000001e1, 0x000001e0, 0x000001e0, + 0x000001e3, 0x000001e2, 0x000001e2, + 0x000001e5, 0x000001e4, 0x000001e4, + 0x000001e7, 0x000001e6, 0x000001e6, + 0x000001e9, 0x000001e8, 0x000001e8, + 0x000001eb, 0x000001ea, 0x000001ea, + 0x000001ed, 0x000001ec, 0x000001ec, + 0x000001ef, 0x000001ee, 0x000001ee, + 0x000001f3, 0x000001f1, 0x000001f2, + 0x000001f5, 0x000001f4, 0x000001f4, + 0x000001f9, 0x000001f8, 0x000001f8, + 0x000001fb, 0x000001fa, 0x000001fa, + 0x000001fd, 0x000001fc, 0x000001fc, + 0x000001ff, 0x000001fe, 0x000001fe, + 0x00000201, 0x00000200, 0x00000200, + 0x00000203, 0x00000202, 0x00000202, + 0x00000205, 0x00000204, 0x00000204, + 0x00000207, 0x00000206, 0x00000206, + 0x00000209, 0x00000208, 0x00000208, + 0x0000020b, 0x0000020a, 0x0000020a, + 0x0000020d, 0x0000020c, 0x0000020c, + 0x0000020f, 0x0000020e, 0x0000020e, + 0x00000211, 0x00000210, 0x00000210, + 0x00000213, 0x00000212, 0x00000212, + 0x00000215, 0x00000214, 0x00000214, + 0x00000217, 0x00000216, 0x00000216, + 0x00000219, 0x00000218, 0x00000218, + 0x0000021b, 0x0000021a, 0x0000021a, + 0x0000021d, 0x0000021c, 0x0000021c, + 0x0000021f, 0x0000021e, 0x0000021e, + 0x00000223, 0x00000222, 0x00000222, + 0x00000225, 0x00000224, 0x00000224, + 0x00000227, 0x00000226, 0x00000226, + 0x00000229, 0x00000228, 0x00000228, + 0x0000022b, 0x0000022a, 0x0000022a, + 0x0000022d, 0x0000022c, 0x0000022c, + 0x0000022f, 0x0000022e, 0x0000022e, + 0x00000231, 0x00000230, 0x00000230, + 0x00000233, 0x00000232, 0x00000232, + 0x00000253, 0x00000181, 0x00000181, + 0x00000254, 0x00000186, 0x00000186, + 0x00000256, 0x00000189, 0x00000189, + 0x00000257, 0x0000018a, 0x0000018a, + 0x00000259, 0x0000018f, 0x0000018f, + 0x0000025b, 0x00000190, 0x00000190, + 0x00000260, 0x00000193, 0x00000193, + 0x00000263, 0x00000194, 0x00000194, + 0x00000268, 0x00000197, 0x00000197, + 0x00000269, 0x00000196, 0x00000196, + 0x0000026f, 0x0000019c, 0x0000019c, + 0x00000272, 0x0000019d, 0x0000019d, + 0x00000275, 0x0000019f, 0x0000019f, + 0x00000280, 0x000001a6, 0x000001a6, + 0x00000283, 0x000001a9, 0x000001a9, + 0x00000288, 0x000001ae, 0x000001ae, + 0x0000028a, 0x000001b1, 0x000001b1, + 0x0000028b, 0x000001b2, 0x000001b2, + 0x00000292, 0x000001b7, 0x000001b7, + 0x00000345, 0x00000399, 0x00000399, + 0x000003ac, 0x00000386, 0x00000386, + 0x000003ad, 0x00000388, 0x00000388, + 0x000003ae, 0x00000389, 0x00000389, + 0x000003af, 0x0000038a, 0x0000038a, + 0x000003b1, 0x00000391, 0x00000391, + 0x000003b2, 0x00000392, 0x00000392, + 0x000003b3, 0x00000393, 0x00000393, + 0x000003b4, 0x00000394, 0x00000394, + 0x000003b5, 0x00000395, 0x00000395, + 0x000003b6, 0x00000396, 0x00000396, + 0x000003b7, 0x00000397, 0x00000397, + 0x000003b8, 0x00000398, 0x00000398, + 0x000003b9, 0x00000399, 0x00000399, + 0x000003ba, 0x0000039a, 0x0000039a, + 0x000003bb, 0x0000039b, 0x0000039b, + 0x000003bc, 0x0000039c, 0x0000039c, + 0x000003bd, 0x0000039d, 0x0000039d, + 0x000003be, 0x0000039e, 0x0000039e, + 0x000003bf, 0x0000039f, 0x0000039f, + 0x000003c0, 0x000003a0, 0x000003a0, + 0x000003c1, 0x000003a1, 0x000003a1, + 0x000003c2, 0x000003a3, 0x000003a3, + 0x000003c3, 0x000003a3, 0x000003a3, + 0x000003c4, 0x000003a4, 0x000003a4, + 0x000003c5, 0x000003a5, 0x000003a5, + 0x000003c6, 0x000003a6, 0x000003a6, + 0x000003c7, 0x000003a7, 0x000003a7, + 0x000003c8, 0x000003a8, 0x000003a8, + 0x000003c9, 0x000003a9, 0x000003a9, + 0x000003ca, 0x000003aa, 0x000003aa, + 0x000003cb, 0x000003ab, 0x000003ab, + 0x000003cc, 0x0000038c, 0x0000038c, + 0x000003cd, 0x0000038e, 0x0000038e, + 0x000003ce, 0x0000038f, 0x0000038f, + 0x000003d0, 0x00000392, 0x00000392, + 0x000003d1, 0x00000398, 0x00000398, + 0x000003d5, 0x000003a6, 0x000003a6, + 0x000003d6, 0x000003a0, 0x000003a0, + 0x000003d9, 0x000003d8, 0x000003d8, + 0x000003db, 0x000003da, 0x000003da, + 0x000003dd, 0x000003dc, 0x000003dc, + 0x000003df, 0x000003de, 0x000003de, + 0x000003e1, 0x000003e0, 0x000003e0, + 0x000003e3, 0x000003e2, 0x000003e2, + 0x000003e5, 0x000003e4, 0x000003e4, + 0x000003e7, 0x000003e6, 0x000003e6, + 0x000003e9, 0x000003e8, 0x000003e8, + 0x000003eb, 0x000003ea, 0x000003ea, + 0x000003ed, 0x000003ec, 0x000003ec, + 0x000003ef, 0x000003ee, 0x000003ee, + 0x000003f0, 0x0000039a, 0x0000039a, + 0x000003f1, 0x000003a1, 0x000003a1, + 0x000003f2, 0x000003a3, 0x000003a3, + 0x000003f5, 0x00000395, 0x00000395, + 0x00000430, 0x00000410, 0x00000410, + 0x00000431, 0x00000411, 0x00000411, + 0x00000432, 0x00000412, 0x00000412, + 0x00000433, 0x00000413, 0x00000413, + 0x00000434, 0x00000414, 0x00000414, + 0x00000435, 0x00000415, 0x00000415, + 0x00000436, 0x00000416, 0x00000416, + 0x00000437, 0x00000417, 0x00000417, + 0x00000438, 0x00000418, 0x00000418, + 0x00000439, 0x00000419, 0x00000419, + 0x0000043a, 0x0000041a, 0x0000041a, + 0x0000043b, 0x0000041b, 0x0000041b, + 0x0000043c, 0x0000041c, 0x0000041c, + 0x0000043d, 0x0000041d, 0x0000041d, + 0x0000043e, 0x0000041e, 0x0000041e, + 0x0000043f, 0x0000041f, 0x0000041f, + 0x00000440, 0x00000420, 0x00000420, + 0x00000441, 0x00000421, 0x00000421, + 0x00000442, 0x00000422, 0x00000422, + 0x00000443, 0x00000423, 0x00000423, + 0x00000444, 0x00000424, 0x00000424, + 0x00000445, 0x00000425, 0x00000425, + 0x00000446, 0x00000426, 0x00000426, + 0x00000447, 0x00000427, 0x00000427, + 0x00000448, 0x00000428, 0x00000428, + 0x00000449, 0x00000429, 0x00000429, + 0x0000044a, 0x0000042a, 0x0000042a, + 0x0000044b, 0x0000042b, 0x0000042b, + 0x0000044c, 0x0000042c, 0x0000042c, + 0x0000044d, 0x0000042d, 0x0000042d, + 0x0000044e, 0x0000042e, 0x0000042e, + 0x0000044f, 0x0000042f, 0x0000042f, + 0x00000450, 0x00000400, 0x00000400, + 0x00000451, 0x00000401, 0x00000401, + 0x00000452, 0x00000402, 0x00000402, + 0x00000453, 0x00000403, 0x00000403, + 0x00000454, 0x00000404, 0x00000404, + 0x00000455, 0x00000405, 0x00000405, + 0x00000456, 0x00000406, 0x00000406, + 0x00000457, 0x00000407, 0x00000407, + 0x00000458, 0x00000408, 0x00000408, + 0x00000459, 0x00000409, 0x00000409, + 0x0000045a, 0x0000040a, 0x0000040a, + 0x0000045b, 0x0000040b, 0x0000040b, + 0x0000045c, 0x0000040c, 0x0000040c, + 0x0000045d, 0x0000040d, 0x0000040d, + 0x0000045e, 0x0000040e, 0x0000040e, + 0x0000045f, 0x0000040f, 0x0000040f, + 0x00000461, 0x00000460, 0x00000460, + 0x00000463, 0x00000462, 0x00000462, + 0x00000465, 0x00000464, 0x00000464, + 0x00000467, 0x00000466, 0x00000466, + 0x00000469, 0x00000468, 0x00000468, + 0x0000046b, 0x0000046a, 0x0000046a, + 0x0000046d, 0x0000046c, 0x0000046c, + 0x0000046f, 0x0000046e, 0x0000046e, + 0x00000471, 0x00000470, 0x00000470, + 0x00000473, 0x00000472, 0x00000472, + 0x00000475, 0x00000474, 0x00000474, + 0x00000477, 0x00000476, 0x00000476, + 0x00000479, 0x00000478, 0x00000478, + 0x0000047b, 0x0000047a, 0x0000047a, + 0x0000047d, 0x0000047c, 0x0000047c, + 0x0000047f, 0x0000047e, 0x0000047e, + 0x00000481, 0x00000480, 0x00000480, + 0x0000048b, 0x0000048a, 0x0000048a, + 0x0000048d, 0x0000048c, 0x0000048c, + 0x0000048f, 0x0000048e, 0x0000048e, + 0x00000491, 0x00000490, 0x00000490, + 0x00000493, 0x00000492, 0x00000492, + 0x00000495, 0x00000494, 0x00000494, + 0x00000497, 0x00000496, 0x00000496, + 0x00000499, 0x00000498, 0x00000498, + 0x0000049b, 0x0000049a, 0x0000049a, + 0x0000049d, 0x0000049c, 0x0000049c, + 0x0000049f, 0x0000049e, 0x0000049e, + 0x000004a1, 0x000004a0, 0x000004a0, + 0x000004a3, 0x000004a2, 0x000004a2, + 0x000004a5, 0x000004a4, 0x000004a4, + 0x000004a7, 0x000004a6, 0x000004a6, + 0x000004a9, 0x000004a8, 0x000004a8, + 0x000004ab, 0x000004aa, 0x000004aa, + 0x000004ad, 0x000004ac, 0x000004ac, + 0x000004af, 0x000004ae, 0x000004ae, + 0x000004b1, 0x000004b0, 0x000004b0, + 0x000004b3, 0x000004b2, 0x000004b2, + 0x000004b5, 0x000004b4, 0x000004b4, + 0x000004b7, 0x000004b6, 0x000004b6, + 0x000004b9, 0x000004b8, 0x000004b8, + 0x000004bb, 0x000004ba, 0x000004ba, + 0x000004bd, 0x000004bc, 0x000004bc, + 0x000004bf, 0x000004be, 0x000004be, + 0x000004c2, 0x000004c1, 0x000004c1, + 0x000004c4, 0x000004c3, 0x000004c3, + 0x000004c6, 0x000004c5, 0x000004c5, + 0x000004c8, 0x000004c7, 0x000004c7, + 0x000004ca, 0x000004c9, 0x000004c9, + 0x000004cc, 0x000004cb, 0x000004cb, + 0x000004ce, 0x000004cd, 0x000004cd, + 0x000004d1, 0x000004d0, 0x000004d0, + 0x000004d3, 0x000004d2, 0x000004d2, + 0x000004d5, 0x000004d4, 0x000004d4, + 0x000004d7, 0x000004d6, 0x000004d6, + 0x000004d9, 0x000004d8, 0x000004d8, + 0x000004db, 0x000004da, 0x000004da, + 0x000004dd, 0x000004dc, 0x000004dc, + 0x000004df, 0x000004de, 0x000004de, + 0x000004e1, 0x000004e0, 0x000004e0, + 0x000004e3, 0x000004e2, 0x000004e2, + 0x000004e5, 0x000004e4, 0x000004e4, + 0x000004e7, 0x000004e6, 0x000004e6, + 0x000004e9, 0x000004e8, 0x000004e8, + 0x000004eb, 0x000004ea, 0x000004ea, + 0x000004ed, 0x000004ec, 0x000004ec, + 0x000004ef, 0x000004ee, 0x000004ee, + 0x000004f1, 0x000004f0, 0x000004f0, + 0x000004f3, 0x000004f2, 0x000004f2, + 0x000004f5, 0x000004f4, 0x000004f4, + 0x000004f9, 0x000004f8, 0x000004f8, + 0x00000501, 0x00000500, 0x00000500, + 0x00000503, 0x00000502, 0x00000502, + 0x00000505, 0x00000504, 0x00000504, + 0x00000507, 0x00000506, 0x00000506, + 0x00000509, 0x00000508, 0x00000508, + 0x0000050b, 0x0000050a, 0x0000050a, + 0x0000050d, 0x0000050c, 0x0000050c, + 0x0000050f, 0x0000050e, 0x0000050e, + 0x00000561, 0x00000531, 0x00000531, + 0x00000562, 0x00000532, 0x00000532, + 0x00000563, 0x00000533, 0x00000533, + 0x00000564, 0x00000534, 0x00000534, + 0x00000565, 0x00000535, 0x00000535, + 0x00000566, 0x00000536, 0x00000536, + 0x00000567, 0x00000537, 0x00000537, + 0x00000568, 0x00000538, 0x00000538, + 0x00000569, 0x00000539, 0x00000539, + 0x0000056a, 0x0000053a, 0x0000053a, + 0x0000056b, 0x0000053b, 0x0000053b, + 0x0000056c, 0x0000053c, 0x0000053c, + 0x0000056d, 0x0000053d, 0x0000053d, + 0x0000056e, 0x0000053e, 0x0000053e, + 0x0000056f, 0x0000053f, 0x0000053f, + 0x00000570, 0x00000540, 0x00000540, + 0x00000571, 0x00000541, 0x00000541, + 0x00000572, 0x00000542, 0x00000542, + 0x00000573, 0x00000543, 0x00000543, + 0x00000574, 0x00000544, 0x00000544, + 0x00000575, 0x00000545, 0x00000545, + 0x00000576, 0x00000546, 0x00000546, + 0x00000577, 0x00000547, 0x00000547, + 0x00000578, 0x00000548, 0x00000548, + 0x00000579, 0x00000549, 0x00000549, + 0x0000057a, 0x0000054a, 0x0000054a, + 0x0000057b, 0x0000054b, 0x0000054b, + 0x0000057c, 0x0000054c, 0x0000054c, + 0x0000057d, 0x0000054d, 0x0000054d, + 0x0000057e, 0x0000054e, 0x0000054e, + 0x0000057f, 0x0000054f, 0x0000054f, + 0x00000580, 0x00000550, 0x00000550, + 0x00000581, 0x00000551, 0x00000551, + 0x00000582, 0x00000552, 0x00000552, + 0x00000583, 0x00000553, 0x00000553, + 0x00000584, 0x00000554, 0x00000554, + 0x00000585, 0x00000555, 0x00000555, + 0x00000586, 0x00000556, 0x00000556, + 0x00001e01, 0x00001e00, 0x00001e00, + 0x00001e03, 0x00001e02, 0x00001e02, + 0x00001e05, 0x00001e04, 0x00001e04, + 0x00001e07, 0x00001e06, 0x00001e06, + 0x00001e09, 0x00001e08, 0x00001e08, + 0x00001e0b, 0x00001e0a, 0x00001e0a, + 0x00001e0d, 0x00001e0c, 0x00001e0c, + 0x00001e0f, 0x00001e0e, 0x00001e0e, + 0x00001e11, 0x00001e10, 0x00001e10, + 0x00001e13, 0x00001e12, 0x00001e12, + 0x00001e15, 0x00001e14, 0x00001e14, + 0x00001e17, 0x00001e16, 0x00001e16, + 0x00001e19, 0x00001e18, 0x00001e18, + 0x00001e1b, 0x00001e1a, 0x00001e1a, + 0x00001e1d, 0x00001e1c, 0x00001e1c, + 0x00001e1f, 0x00001e1e, 0x00001e1e, + 0x00001e21, 0x00001e20, 0x00001e20, + 0x00001e23, 0x00001e22, 0x00001e22, + 0x00001e25, 0x00001e24, 0x00001e24, + 0x00001e27, 0x00001e26, 0x00001e26, + 0x00001e29, 0x00001e28, 0x00001e28, + 0x00001e2b, 0x00001e2a, 0x00001e2a, + 0x00001e2d, 0x00001e2c, 0x00001e2c, + 0x00001e2f, 0x00001e2e, 0x00001e2e, + 0x00001e31, 0x00001e30, 0x00001e30, + 0x00001e33, 0x00001e32, 0x00001e32, + 0x00001e35, 0x00001e34, 0x00001e34, + 0x00001e37, 0x00001e36, 0x00001e36, + 0x00001e39, 0x00001e38, 0x00001e38, + 0x00001e3b, 0x00001e3a, 0x00001e3a, + 0x00001e3d, 0x00001e3c, 0x00001e3c, + 0x00001e3f, 0x00001e3e, 0x00001e3e, + 0x00001e41, 0x00001e40, 0x00001e40, + 0x00001e43, 0x00001e42, 0x00001e42, + 0x00001e45, 0x00001e44, 0x00001e44, + 0x00001e47, 0x00001e46, 0x00001e46, + 0x00001e49, 0x00001e48, 0x00001e48, + 0x00001e4b, 0x00001e4a, 0x00001e4a, + 0x00001e4d, 0x00001e4c, 0x00001e4c, + 0x00001e4f, 0x00001e4e, 0x00001e4e, + 0x00001e51, 0x00001e50, 0x00001e50, + 0x00001e53, 0x00001e52, 0x00001e52, + 0x00001e55, 0x00001e54, 0x00001e54, + 0x00001e57, 0x00001e56, 0x00001e56, + 0x00001e59, 0x00001e58, 0x00001e58, + 0x00001e5b, 0x00001e5a, 0x00001e5a, + 0x00001e5d, 0x00001e5c, 0x00001e5c, + 0x00001e5f, 0x00001e5e, 0x00001e5e, + 0x00001e61, 0x00001e60, 0x00001e60, + 0x00001e63, 0x00001e62, 0x00001e62, + 0x00001e65, 0x00001e64, 0x00001e64, + 0x00001e67, 0x00001e66, 0x00001e66, + 0x00001e69, 0x00001e68, 0x00001e68, + 0x00001e6b, 0x00001e6a, 0x00001e6a, + 0x00001e6d, 0x00001e6c, 0x00001e6c, + 0x00001e6f, 0x00001e6e, 0x00001e6e, + 0x00001e71, 0x00001e70, 0x00001e70, + 0x00001e73, 0x00001e72, 0x00001e72, + 0x00001e75, 0x00001e74, 0x00001e74, + 0x00001e77, 0x00001e76, 0x00001e76, + 0x00001e79, 0x00001e78, 0x00001e78, + 0x00001e7b, 0x00001e7a, 0x00001e7a, + 0x00001e7d, 0x00001e7c, 0x00001e7c, + 0x00001e7f, 0x00001e7e, 0x00001e7e, + 0x00001e81, 0x00001e80, 0x00001e80, + 0x00001e83, 0x00001e82, 0x00001e82, + 0x00001e85, 0x00001e84, 0x00001e84, + 0x00001e87, 0x00001e86, 0x00001e86, + 0x00001e89, 0x00001e88, 0x00001e88, + 0x00001e8b, 0x00001e8a, 0x00001e8a, + 0x00001e8d, 0x00001e8c, 0x00001e8c, + 0x00001e8f, 0x00001e8e, 0x00001e8e, + 0x00001e91, 0x00001e90, 0x00001e90, + 0x00001e93, 0x00001e92, 0x00001e92, + 0x00001e95, 0x00001e94, 0x00001e94, + 0x00001e9b, 0x00001e60, 0x00001e60, + 0x00001ea1, 0x00001ea0, 0x00001ea0, + 0x00001ea3, 0x00001ea2, 0x00001ea2, + 0x00001ea5, 0x00001ea4, 0x00001ea4, + 0x00001ea7, 0x00001ea6, 0x00001ea6, + 0x00001ea9, 0x00001ea8, 0x00001ea8, + 0x00001eab, 0x00001eaa, 0x00001eaa, + 0x00001ead, 0x00001eac, 0x00001eac, + 0x00001eaf, 0x00001eae, 0x00001eae, + 0x00001eb1, 0x00001eb0, 0x00001eb0, + 0x00001eb3, 0x00001eb2, 0x00001eb2, + 0x00001eb5, 0x00001eb4, 0x00001eb4, + 0x00001eb7, 0x00001eb6, 0x00001eb6, + 0x00001eb9, 0x00001eb8, 0x00001eb8, + 0x00001ebb, 0x00001eba, 0x00001eba, + 0x00001ebd, 0x00001ebc, 0x00001ebc, + 0x00001ebf, 0x00001ebe, 0x00001ebe, + 0x00001ec1, 0x00001ec0, 0x00001ec0, + 0x00001ec3, 0x00001ec2, 0x00001ec2, + 0x00001ec5, 0x00001ec4, 0x00001ec4, + 0x00001ec7, 0x00001ec6, 0x00001ec6, + 0x00001ec9, 0x00001ec8, 0x00001ec8, + 0x00001ecb, 0x00001eca, 0x00001eca, + 0x00001ecd, 0x00001ecc, 0x00001ecc, + 0x00001ecf, 0x00001ece, 0x00001ece, + 0x00001ed1, 0x00001ed0, 0x00001ed0, + 0x00001ed3, 0x00001ed2, 0x00001ed2, + 0x00001ed5, 0x00001ed4, 0x00001ed4, + 0x00001ed7, 0x00001ed6, 0x00001ed6, + 0x00001ed9, 0x00001ed8, 0x00001ed8, + 0x00001edb, 0x00001eda, 0x00001eda, + 0x00001edd, 0x00001edc, 0x00001edc, + 0x00001edf, 0x00001ede, 0x00001ede, + 0x00001ee1, 0x00001ee0, 0x00001ee0, + 0x00001ee3, 0x00001ee2, 0x00001ee2, + 0x00001ee5, 0x00001ee4, 0x00001ee4, + 0x00001ee7, 0x00001ee6, 0x00001ee6, + 0x00001ee9, 0x00001ee8, 0x00001ee8, + 0x00001eeb, 0x00001eea, 0x00001eea, + 0x00001eed, 0x00001eec, 0x00001eec, + 0x00001eef, 0x00001eee, 0x00001eee, + 0x00001ef1, 0x00001ef0, 0x00001ef0, + 0x00001ef3, 0x00001ef2, 0x00001ef2, + 0x00001ef5, 0x00001ef4, 0x00001ef4, + 0x00001ef7, 0x00001ef6, 0x00001ef6, + 0x00001ef9, 0x00001ef8, 0x00001ef8, + 0x00001f00, 0x00001f08, 0x00001f08, + 0x00001f01, 0x00001f09, 0x00001f09, + 0x00001f02, 0x00001f0a, 0x00001f0a, + 0x00001f03, 0x00001f0b, 0x00001f0b, + 0x00001f04, 0x00001f0c, 0x00001f0c, + 0x00001f05, 0x00001f0d, 0x00001f0d, + 0x00001f06, 0x00001f0e, 0x00001f0e, + 0x00001f07, 0x00001f0f, 0x00001f0f, + 0x00001f10, 0x00001f18, 0x00001f18, + 0x00001f11, 0x00001f19, 0x00001f19, + 0x00001f12, 0x00001f1a, 0x00001f1a, + 0x00001f13, 0x00001f1b, 0x00001f1b, + 0x00001f14, 0x00001f1c, 0x00001f1c, + 0x00001f15, 0x00001f1d, 0x00001f1d, + 0x00001f20, 0x00001f28, 0x00001f28, + 0x00001f21, 0x00001f29, 0x00001f29, + 0x00001f22, 0x00001f2a, 0x00001f2a, + 0x00001f23, 0x00001f2b, 0x00001f2b, + 0x00001f24, 0x00001f2c, 0x00001f2c, + 0x00001f25, 0x00001f2d, 0x00001f2d, + 0x00001f26, 0x00001f2e, 0x00001f2e, + 0x00001f27, 0x00001f2f, 0x00001f2f, + 0x00001f30, 0x00001f38, 0x00001f38, + 0x00001f31, 0x00001f39, 0x00001f39, + 0x00001f32, 0x00001f3a, 0x00001f3a, + 0x00001f33, 0x00001f3b, 0x00001f3b, + 0x00001f34, 0x00001f3c, 0x00001f3c, + 0x00001f35, 0x00001f3d, 0x00001f3d, + 0x00001f36, 0x00001f3e, 0x00001f3e, + 0x00001f37, 0x00001f3f, 0x00001f3f, + 0x00001f40, 0x00001f48, 0x00001f48, + 0x00001f41, 0x00001f49, 0x00001f49, + 0x00001f42, 0x00001f4a, 0x00001f4a, + 0x00001f43, 0x00001f4b, 0x00001f4b, + 0x00001f44, 0x00001f4c, 0x00001f4c, + 0x00001f45, 0x00001f4d, 0x00001f4d, + 0x00001f51, 0x00001f59, 0x00001f59, + 0x00001f53, 0x00001f5b, 0x00001f5b, + 0x00001f55, 0x00001f5d, 0x00001f5d, + 0x00001f57, 0x00001f5f, 0x00001f5f, + 0x00001f60, 0x00001f68, 0x00001f68, + 0x00001f61, 0x00001f69, 0x00001f69, + 0x00001f62, 0x00001f6a, 0x00001f6a, + 0x00001f63, 0x00001f6b, 0x00001f6b, + 0x00001f64, 0x00001f6c, 0x00001f6c, + 0x00001f65, 0x00001f6d, 0x00001f6d, + 0x00001f66, 0x00001f6e, 0x00001f6e, + 0x00001f67, 0x00001f6f, 0x00001f6f, + 0x00001f70, 0x00001fba, 0x00001fba, + 0x00001f71, 0x00001fbb, 0x00001fbb, + 0x00001f72, 0x00001fc8, 0x00001fc8, + 0x00001f73, 0x00001fc9, 0x00001fc9, + 0x00001f74, 0x00001fca, 0x00001fca, + 0x00001f75, 0x00001fcb, 0x00001fcb, + 0x00001f76, 0x00001fda, 0x00001fda, + 0x00001f77, 0x00001fdb, 0x00001fdb, + 0x00001f78, 0x00001ff8, 0x00001ff8, + 0x00001f79, 0x00001ff9, 0x00001ff9, + 0x00001f7a, 0x00001fea, 0x00001fea, + 0x00001f7b, 0x00001feb, 0x00001feb, + 0x00001f7c, 0x00001ffa, 0x00001ffa, + 0x00001f7d, 0x00001ffb, 0x00001ffb, + 0x00001f80, 0x00001f88, 0x00001f88, + 0x00001f81, 0x00001f89, 0x00001f89, + 0x00001f82, 0x00001f8a, 0x00001f8a, + 0x00001f83, 0x00001f8b, 0x00001f8b, + 0x00001f84, 0x00001f8c, 0x00001f8c, + 0x00001f85, 0x00001f8d, 0x00001f8d, + 0x00001f86, 0x00001f8e, 0x00001f8e, + 0x00001f87, 0x00001f8f, 0x00001f8f, + 0x00001f90, 0x00001f98, 0x00001f98, + 0x00001f91, 0x00001f99, 0x00001f99, + 0x00001f92, 0x00001f9a, 0x00001f9a, + 0x00001f93, 0x00001f9b, 0x00001f9b, + 0x00001f94, 0x00001f9c, 0x00001f9c, + 0x00001f95, 0x00001f9d, 0x00001f9d, + 0x00001f96, 0x00001f9e, 0x00001f9e, + 0x00001f97, 0x00001f9f, 0x00001f9f, + 0x00001fa0, 0x00001fa8, 0x00001fa8, + 0x00001fa1, 0x00001fa9, 0x00001fa9, + 0x00001fa2, 0x00001faa, 0x00001faa, + 0x00001fa3, 0x00001fab, 0x00001fab, + 0x00001fa4, 0x00001fac, 0x00001fac, + 0x00001fa5, 0x00001fad, 0x00001fad, + 0x00001fa6, 0x00001fae, 0x00001fae, + 0x00001fa7, 0x00001faf, 0x00001faf, + 0x00001fb0, 0x00001fb8, 0x00001fb8, + 0x00001fb1, 0x00001fb9, 0x00001fb9, + 0x00001fb3, 0x00001fbc, 0x00001fbc, + 0x00001fbe, 0x00000399, 0x00000399, + 0x00001fc3, 0x00001fcc, 0x00001fcc, + 0x00001fd0, 0x00001fd8, 0x00001fd8, + 0x00001fd1, 0x00001fd9, 0x00001fd9, + 0x00001fe0, 0x00001fe8, 0x00001fe8, + 0x00001fe1, 0x00001fe9, 0x00001fe9, + 0x00001fe5, 0x00001fec, 0x00001fec, + 0x00001ff3, 0x00001ffc, 0x00001ffc, + 0x00002170, 0x00002160, 0x00002160, + 0x00002171, 0x00002161, 0x00002161, + 0x00002172, 0x00002162, 0x00002162, + 0x00002173, 0x00002163, 0x00002163, + 0x00002174, 0x00002164, 0x00002164, + 0x00002175, 0x00002165, 0x00002165, + 0x00002176, 0x00002166, 0x00002166, + 0x00002177, 0x00002167, 0x00002167, + 0x00002178, 0x00002168, 0x00002168, + 0x00002179, 0x00002169, 0x00002169, + 0x0000217a, 0x0000216a, 0x0000216a, + 0x0000217b, 0x0000216b, 0x0000216b, + 0x0000217c, 0x0000216c, 0x0000216c, + 0x0000217d, 0x0000216d, 0x0000216d, + 0x0000217e, 0x0000216e, 0x0000216e, + 0x0000217f, 0x0000216f, 0x0000216f, + 0x000024d0, 0x000024b6, 0x000024b6, + 0x000024d1, 0x000024b7, 0x000024b7, + 0x000024d2, 0x000024b8, 0x000024b8, + 0x000024d3, 0x000024b9, 0x000024b9, + 0x000024d4, 0x000024ba, 0x000024ba, + 0x000024d5, 0x000024bb, 0x000024bb, + 0x000024d6, 0x000024bc, 0x000024bc, + 0x000024d7, 0x000024bd, 0x000024bd, + 0x000024d8, 0x000024be, 0x000024be, + 0x000024d9, 0x000024bf, 0x000024bf, + 0x000024da, 0x000024c0, 0x000024c0, + 0x000024db, 0x000024c1, 0x000024c1, + 0x000024dc, 0x000024c2, 0x000024c2, + 0x000024dd, 0x000024c3, 0x000024c3, + 0x000024de, 0x000024c4, 0x000024c4, + 0x000024df, 0x000024c5, 0x000024c5, + 0x000024e0, 0x000024c6, 0x000024c6, + 0x000024e1, 0x000024c7, 0x000024c7, + 0x000024e2, 0x000024c8, 0x000024c8, + 0x000024e3, 0x000024c9, 0x000024c9, + 0x000024e4, 0x000024ca, 0x000024ca, + 0x000024e5, 0x000024cb, 0x000024cb, + 0x000024e6, 0x000024cc, 0x000024cc, + 0x000024e7, 0x000024cd, 0x000024cd, + 0x000024e8, 0x000024ce, 0x000024ce, + 0x000024e9, 0x000024cf, 0x000024cf, + 0x0000ff41, 0x0000ff21, 0x0000ff21, + 0x0000ff42, 0x0000ff22, 0x0000ff22, + 0x0000ff43, 0x0000ff23, 0x0000ff23, + 0x0000ff44, 0x0000ff24, 0x0000ff24, + 0x0000ff45, 0x0000ff25, 0x0000ff25, + 0x0000ff46, 0x0000ff26, 0x0000ff26, + 0x0000ff47, 0x0000ff27, 0x0000ff27, + 0x0000ff48, 0x0000ff28, 0x0000ff28, + 0x0000ff49, 0x0000ff29, 0x0000ff29, + 0x0000ff4a, 0x0000ff2a, 0x0000ff2a, + 0x0000ff4b, 0x0000ff2b, 0x0000ff2b, + 0x0000ff4c, 0x0000ff2c, 0x0000ff2c, + 0x0000ff4d, 0x0000ff2d, 0x0000ff2d, + 0x0000ff4e, 0x0000ff2e, 0x0000ff2e, + 0x0000ff4f, 0x0000ff2f, 0x0000ff2f, + 0x0000ff50, 0x0000ff30, 0x0000ff30, + 0x0000ff51, 0x0000ff31, 0x0000ff31, + 0x0000ff52, 0x0000ff32, 0x0000ff32, + 0x0000ff53, 0x0000ff33, 0x0000ff33, + 0x0000ff54, 0x0000ff34, 0x0000ff34, + 0x0000ff55, 0x0000ff35, 0x0000ff35, + 0x0000ff56, 0x0000ff36, 0x0000ff36, + 0x0000ff57, 0x0000ff37, 0x0000ff37, + 0x0000ff58, 0x0000ff38, 0x0000ff38, + 0x0000ff59, 0x0000ff39, 0x0000ff39, + 0x0000ff5a, 0x0000ff3a, 0x0000ff3a, + 0x00010428, 0x00010400, 0x00010400, + 0x00010429, 0x00010401, 0x00010401, + 0x0001042a, 0x00010402, 0x00010402, + 0x0001042b, 0x00010403, 0x00010403, + 0x0001042c, 0x00010404, 0x00010404, + 0x0001042d, 0x00010405, 0x00010405, + 0x0001042e, 0x00010406, 0x00010406, + 0x0001042f, 0x00010407, 0x00010407, + 0x00010430, 0x00010408, 0x00010408, + 0x00010431, 0x00010409, 0x00010409, + 0x00010432, 0x0001040a, 0x0001040a, + 0x00010433, 0x0001040b, 0x0001040b, + 0x00010434, 0x0001040c, 0x0001040c, + 0x00010435, 0x0001040d, 0x0001040d, + 0x00010436, 0x0001040e, 0x0001040e, + 0x00010437, 0x0001040f, 0x0001040f, + 0x00010438, 0x00010410, 0x00010410, + 0x00010439, 0x00010411, 0x00010411, + 0x0001043a, 0x00010412, 0x00010412, + 0x0001043b, 0x00010413, 0x00010413, + 0x0001043c, 0x00010414, 0x00010414, + 0x0001043d, 0x00010415, 0x00010415, + 0x0001043e, 0x00010416, 0x00010416, + 0x0001043f, 0x00010417, 0x00010417, + 0x00010440, 0x00010418, 0x00010418, + 0x00010441, 0x00010419, 0x00010419, + 0x00010442, 0x0001041a, 0x0001041a, + 0x00010443, 0x0001041b, 0x0001041b, + 0x00010444, 0x0001041c, 0x0001041c, + 0x00010445, 0x0001041d, 0x0001041d, + 0x00010446, 0x0001041e, 0x0001041e, + 0x00010447, 0x0001041f, 0x0001041f, + 0x00010448, 0x00010420, 0x00010420, + 0x00010449, 0x00010421, 0x00010421, + 0x0001044a, 0x00010422, 0x00010422, + 0x0001044b, 0x00010423, 0x00010423, + 0x0001044c, 0x00010424, 0x00010424, + 0x0001044d, 0x00010425, 0x00010425, + 0x000001c5, 0x000001c4, 0x000001c6, + 0x000001c8, 0x000001c7, 0x000001c9, + 0x000001cb, 0x000001ca, 0x000001cc, + 0x000001f2, 0x000001f1, 0x000001f3 +}; + +static const krb5_ui_4 _uccomp_size = 3684; + +static const krb5_ui_4 _uccomp_data[] = { + 0x0000226e, 0x00000002, 0x0000003c, 0x00000338, + 0x00002260, 0x00000002, 0x0000003d, 0x00000338, + 0x0000226f, 0x00000002, 0x0000003e, 0x00000338, + 0x000000c0, 0x00000002, 0x00000041, 0x00000300, + 0x000000c1, 0x00000002, 0x00000041, 0x00000301, + 0x000000c2, 0x00000002, 0x00000041, 0x00000302, + 0x000000c3, 0x00000002, 0x00000041, 0x00000303, + 0x00000100, 0x00000002, 0x00000041, 0x00000304, + 0x00000102, 0x00000002, 0x00000041, 0x00000306, + 0x00000226, 0x00000002, 0x00000041, 0x00000307, + 0x000000c4, 0x00000002, 0x00000041, 0x00000308, + 0x00001ea2, 0x00000002, 0x00000041, 0x00000309, + 0x000000c5, 0x00000002, 0x00000041, 0x0000030a, + 0x000001cd, 0x00000002, 0x00000041, 0x0000030c, + 0x00000200, 0x00000002, 0x00000041, 0x0000030f, + 0x00000202, 0x00000002, 0x00000041, 0x00000311, + 0x00001ea0, 0x00000002, 0x00000041, 0x00000323, + 0x00001e00, 0x00000002, 0x00000041, 0x00000325, + 0x00000104, 0x00000002, 0x00000041, 0x00000328, + 0x00001e02, 0x00000002, 0x00000042, 0x00000307, + 0x00001e04, 0x00000002, 0x00000042, 0x00000323, + 0x00001e06, 0x00000002, 0x00000042, 0x00000331, + 0x00000106, 0x00000002, 0x00000043, 0x00000301, + 0x00000108, 0x00000002, 0x00000043, 0x00000302, + 0x0000010a, 0x00000002, 0x00000043, 0x00000307, + 0x0000010c, 0x00000002, 0x00000043, 0x0000030c, + 0x000000c7, 0x00000002, 0x00000043, 0x00000327, + 0x00001e0a, 0x00000002, 0x00000044, 0x00000307, + 0x0000010e, 0x00000002, 0x00000044, 0x0000030c, + 0x00001e0c, 0x00000002, 0x00000044, 0x00000323, + 0x00001e10, 0x00000002, 0x00000044, 0x00000327, + 0x00001e12, 0x00000002, 0x00000044, 0x0000032d, + 0x00001e0e, 0x00000002, 0x00000044, 0x00000331, + 0x000000c8, 0x00000002, 0x00000045, 0x00000300, + 0x000000c9, 0x00000002, 0x00000045, 0x00000301, + 0x000000ca, 0x00000002, 0x00000045, 0x00000302, + 0x00001ebc, 0x00000002, 0x00000045, 0x00000303, + 0x00000112, 0x00000002, 0x00000045, 0x00000304, + 0x00000114, 0x00000002, 0x00000045, 0x00000306, + 0x00000116, 0x00000002, 0x00000045, 0x00000307, + 0x000000cb, 0x00000002, 0x00000045, 0x00000308, + 0x00001eba, 0x00000002, 0x00000045, 0x00000309, + 0x0000011a, 0x00000002, 0x00000045, 0x0000030c, + 0x00000204, 0x00000002, 0x00000045, 0x0000030f, + 0x00000206, 0x00000002, 0x00000045, 0x00000311, + 0x00001eb8, 0x00000002, 0x00000045, 0x00000323, + 0x00000228, 0x00000002, 0x00000045, 0x00000327, + 0x00000118, 0x00000002, 0x00000045, 0x00000328, + 0x00001e18, 0x00000002, 0x00000045, 0x0000032d, + 0x00001e1a, 0x00000002, 0x00000045, 0x00000330, + 0x00001e1e, 0x00000002, 0x00000046, 0x00000307, + 0x000001f4, 0x00000002, 0x00000047, 0x00000301, + 0x0000011c, 0x00000002, 0x00000047, 0x00000302, + 0x00001e20, 0x00000002, 0x00000047, 0x00000304, + 0x0000011e, 0x00000002, 0x00000047, 0x00000306, + 0x00000120, 0x00000002, 0x00000047, 0x00000307, + 0x000001e6, 0x00000002, 0x00000047, 0x0000030c, + 0x00000122, 0x00000002, 0x00000047, 0x00000327, + 0x00000124, 0x00000002, 0x00000048, 0x00000302, + 0x00001e22, 0x00000002, 0x00000048, 0x00000307, + 0x00001e26, 0x00000002, 0x00000048, 0x00000308, + 0x0000021e, 0x00000002, 0x00000048, 0x0000030c, + 0x00001e24, 0x00000002, 0x00000048, 0x00000323, + 0x00001e28, 0x00000002, 0x00000048, 0x00000327, + 0x00001e2a, 0x00000002, 0x00000048, 0x0000032e, + 0x000000cc, 0x00000002, 0x00000049, 0x00000300, + 0x000000cd, 0x00000002, 0x00000049, 0x00000301, + 0x000000ce, 0x00000002, 0x00000049, 0x00000302, + 0x00000128, 0x00000002, 0x00000049, 0x00000303, + 0x0000012a, 0x00000002, 0x00000049, 0x00000304, + 0x0000012c, 0x00000002, 0x00000049, 0x00000306, + 0x00000130, 0x00000002, 0x00000049, 0x00000307, + 0x000000cf, 0x00000002, 0x00000049, 0x00000308, + 0x00001ec8, 0x00000002, 0x00000049, 0x00000309, + 0x000001cf, 0x00000002, 0x00000049, 0x0000030c, + 0x00000208, 0x00000002, 0x00000049, 0x0000030f, + 0x0000020a, 0x00000002, 0x00000049, 0x00000311, + 0x00001eca, 0x00000002, 0x00000049, 0x00000323, + 0x0000012e, 0x00000002, 0x00000049, 0x00000328, + 0x00001e2c, 0x00000002, 0x00000049, 0x00000330, + 0x00000134, 0x00000002, 0x0000004a, 0x00000302, + 0x00001e30, 0x00000002, 0x0000004b, 0x00000301, + 0x000001e8, 0x00000002, 0x0000004b, 0x0000030c, + 0x00001e32, 0x00000002, 0x0000004b, 0x00000323, + 0x00000136, 0x00000002, 0x0000004b, 0x00000327, + 0x00001e34, 0x00000002, 0x0000004b, 0x00000331, + 0x00000139, 0x00000002, 0x0000004c, 0x00000301, + 0x0000013d, 0x00000002, 0x0000004c, 0x0000030c, + 0x00001e36, 0x00000002, 0x0000004c, 0x00000323, + 0x0000013b, 0x00000002, 0x0000004c, 0x00000327, + 0x00001e3c, 0x00000002, 0x0000004c, 0x0000032d, + 0x00001e3a, 0x00000002, 0x0000004c, 0x00000331, + 0x00001e3e, 0x00000002, 0x0000004d, 0x00000301, + 0x00001e40, 0x00000002, 0x0000004d, 0x00000307, + 0x00001e42, 0x00000002, 0x0000004d, 0x00000323, + 0x000001f8, 0x00000002, 0x0000004e, 0x00000300, + 0x00000143, 0x00000002, 0x0000004e, 0x00000301, + 0x000000d1, 0x00000002, 0x0000004e, 0x00000303, + 0x00001e44, 0x00000002, 0x0000004e, 0x00000307, + 0x00000147, 0x00000002, 0x0000004e, 0x0000030c, + 0x00001e46, 0x00000002, 0x0000004e, 0x00000323, + 0x00000145, 0x00000002, 0x0000004e, 0x00000327, + 0x00001e4a, 0x00000002, 0x0000004e, 0x0000032d, + 0x00001e48, 0x00000002, 0x0000004e, 0x00000331, + 0x000000d2, 0x00000002, 0x0000004f, 0x00000300, + 0x000000d3, 0x00000002, 0x0000004f, 0x00000301, + 0x000000d4, 0x00000002, 0x0000004f, 0x00000302, + 0x000000d5, 0x00000002, 0x0000004f, 0x00000303, + 0x0000014c, 0x00000002, 0x0000004f, 0x00000304, + 0x0000014e, 0x00000002, 0x0000004f, 0x00000306, + 0x0000022e, 0x00000002, 0x0000004f, 0x00000307, + 0x000000d6, 0x00000002, 0x0000004f, 0x00000308, + 0x00001ece, 0x00000002, 0x0000004f, 0x00000309, + 0x00000150, 0x00000002, 0x0000004f, 0x0000030b, + 0x000001d1, 0x00000002, 0x0000004f, 0x0000030c, + 0x0000020c, 0x00000002, 0x0000004f, 0x0000030f, + 0x0000020e, 0x00000002, 0x0000004f, 0x00000311, + 0x000001a0, 0x00000002, 0x0000004f, 0x0000031b, + 0x00001ecc, 0x00000002, 0x0000004f, 0x00000323, + 0x000001ea, 0x00000002, 0x0000004f, 0x00000328, + 0x00001e54, 0x00000002, 0x00000050, 0x00000301, + 0x00001e56, 0x00000002, 0x00000050, 0x00000307, + 0x00000154, 0x00000002, 0x00000052, 0x00000301, + 0x00001e58, 0x00000002, 0x00000052, 0x00000307, + 0x00000158, 0x00000002, 0x00000052, 0x0000030c, + 0x00000210, 0x00000002, 0x00000052, 0x0000030f, + 0x00000212, 0x00000002, 0x00000052, 0x00000311, + 0x00001e5a, 0x00000002, 0x00000052, 0x00000323, + 0x00000156, 0x00000002, 0x00000052, 0x00000327, + 0x00001e5e, 0x00000002, 0x00000052, 0x00000331, + 0x0000015a, 0x00000002, 0x00000053, 0x00000301, + 0x0000015c, 0x00000002, 0x00000053, 0x00000302, + 0x00001e60, 0x00000002, 0x00000053, 0x00000307, + 0x00000160, 0x00000002, 0x00000053, 0x0000030c, + 0x00001e62, 0x00000002, 0x00000053, 0x00000323, + 0x00000218, 0x00000002, 0x00000053, 0x00000326, + 0x0000015e, 0x00000002, 0x00000053, 0x00000327, + 0x00001e6a, 0x00000002, 0x00000054, 0x00000307, + 0x00000164, 0x00000002, 0x00000054, 0x0000030c, + 0x00001e6c, 0x00000002, 0x00000054, 0x00000323, + 0x0000021a, 0x00000002, 0x00000054, 0x00000326, + 0x00000162, 0x00000002, 0x00000054, 0x00000327, + 0x00001e70, 0x00000002, 0x00000054, 0x0000032d, + 0x00001e6e, 0x00000002, 0x00000054, 0x00000331, + 0x000000d9, 0x00000002, 0x00000055, 0x00000300, + 0x000000da, 0x00000002, 0x00000055, 0x00000301, + 0x000000db, 0x00000002, 0x00000055, 0x00000302, + 0x00000168, 0x00000002, 0x00000055, 0x00000303, + 0x0000016a, 0x00000002, 0x00000055, 0x00000304, + 0x0000016c, 0x00000002, 0x00000055, 0x00000306, + 0x000000dc, 0x00000002, 0x00000055, 0x00000308, + 0x00001ee6, 0x00000002, 0x00000055, 0x00000309, + 0x0000016e, 0x00000002, 0x00000055, 0x0000030a, + 0x00000170, 0x00000002, 0x00000055, 0x0000030b, + 0x000001d3, 0x00000002, 0x00000055, 0x0000030c, + 0x00000214, 0x00000002, 0x00000055, 0x0000030f, + 0x00000216, 0x00000002, 0x00000055, 0x00000311, + 0x000001af, 0x00000002, 0x00000055, 0x0000031b, + 0x00001ee4, 0x00000002, 0x00000055, 0x00000323, + 0x00001e72, 0x00000002, 0x00000055, 0x00000324, + 0x00000172, 0x00000002, 0x00000055, 0x00000328, + 0x00001e76, 0x00000002, 0x00000055, 0x0000032d, + 0x00001e74, 0x00000002, 0x00000055, 0x00000330, + 0x00001e7c, 0x00000002, 0x00000056, 0x00000303, + 0x00001e7e, 0x00000002, 0x00000056, 0x00000323, + 0x00001e80, 0x00000002, 0x00000057, 0x00000300, + 0x00001e82, 0x00000002, 0x00000057, 0x00000301, + 0x00000174, 0x00000002, 0x00000057, 0x00000302, + 0x00001e86, 0x00000002, 0x00000057, 0x00000307, + 0x00001e84, 0x00000002, 0x00000057, 0x00000308, + 0x00001e88, 0x00000002, 0x00000057, 0x00000323, + 0x00001e8a, 0x00000002, 0x00000058, 0x00000307, + 0x00001e8c, 0x00000002, 0x00000058, 0x00000308, + 0x00001ef2, 0x00000002, 0x00000059, 0x00000300, + 0x000000dd, 0x00000002, 0x00000059, 0x00000301, + 0x00000176, 0x00000002, 0x00000059, 0x00000302, + 0x00001ef8, 0x00000002, 0x00000059, 0x00000303, + 0x00000232, 0x00000002, 0x00000059, 0x00000304, + 0x00001e8e, 0x00000002, 0x00000059, 0x00000307, + 0x00000178, 0x00000002, 0x00000059, 0x00000308, + 0x00001ef6, 0x00000002, 0x00000059, 0x00000309, + 0x00001ef4, 0x00000002, 0x00000059, 0x00000323, + 0x00000179, 0x00000002, 0x0000005a, 0x00000301, + 0x00001e90, 0x00000002, 0x0000005a, 0x00000302, + 0x0000017b, 0x00000002, 0x0000005a, 0x00000307, + 0x0000017d, 0x00000002, 0x0000005a, 0x0000030c, + 0x00001e92, 0x00000002, 0x0000005a, 0x00000323, + 0x00001e94, 0x00000002, 0x0000005a, 0x00000331, + 0x000000e0, 0x00000002, 0x00000061, 0x00000300, + 0x000000e1, 0x00000002, 0x00000061, 0x00000301, + 0x000000e2, 0x00000002, 0x00000061, 0x00000302, + 0x000000e3, 0x00000002, 0x00000061, 0x00000303, + 0x00000101, 0x00000002, 0x00000061, 0x00000304, + 0x00000103, 0x00000002, 0x00000061, 0x00000306, + 0x00000227, 0x00000002, 0x00000061, 0x00000307, + 0x000000e4, 0x00000002, 0x00000061, 0x00000308, + 0x00001ea3, 0x00000002, 0x00000061, 0x00000309, + 0x000000e5, 0x00000002, 0x00000061, 0x0000030a, + 0x000001ce, 0x00000002, 0x00000061, 0x0000030c, + 0x00000201, 0x00000002, 0x00000061, 0x0000030f, + 0x00000203, 0x00000002, 0x00000061, 0x00000311, + 0x00001ea1, 0x00000002, 0x00000061, 0x00000323, + 0x00001e01, 0x00000002, 0x00000061, 0x00000325, + 0x00000105, 0x00000002, 0x00000061, 0x00000328, + 0x00001e03, 0x00000002, 0x00000062, 0x00000307, + 0x00001e05, 0x00000002, 0x00000062, 0x00000323, + 0x00001e07, 0x00000002, 0x00000062, 0x00000331, + 0x00000107, 0x00000002, 0x00000063, 0x00000301, + 0x00000109, 0x00000002, 0x00000063, 0x00000302, + 0x0000010b, 0x00000002, 0x00000063, 0x00000307, + 0x0000010d, 0x00000002, 0x00000063, 0x0000030c, + 0x000000e7, 0x00000002, 0x00000063, 0x00000327, + 0x00001e0b, 0x00000002, 0x00000064, 0x00000307, + 0x0000010f, 0x00000002, 0x00000064, 0x0000030c, + 0x00001e0d, 0x00000002, 0x00000064, 0x00000323, + 0x00001e11, 0x00000002, 0x00000064, 0x00000327, + 0x00001e13, 0x00000002, 0x00000064, 0x0000032d, + 0x00001e0f, 0x00000002, 0x00000064, 0x00000331, + 0x000000e8, 0x00000002, 0x00000065, 0x00000300, + 0x000000e9, 0x00000002, 0x00000065, 0x00000301, + 0x000000ea, 0x00000002, 0x00000065, 0x00000302, + 0x00001ebd, 0x00000002, 0x00000065, 0x00000303, + 0x00000113, 0x00000002, 0x00000065, 0x00000304, + 0x00000115, 0x00000002, 0x00000065, 0x00000306, + 0x00000117, 0x00000002, 0x00000065, 0x00000307, + 0x000000eb, 0x00000002, 0x00000065, 0x00000308, + 0x00001ebb, 0x00000002, 0x00000065, 0x00000309, + 0x0000011b, 0x00000002, 0x00000065, 0x0000030c, + 0x00000205, 0x00000002, 0x00000065, 0x0000030f, + 0x00000207, 0x00000002, 0x00000065, 0x00000311, + 0x00001eb9, 0x00000002, 0x00000065, 0x00000323, + 0x00000229, 0x00000002, 0x00000065, 0x00000327, + 0x00000119, 0x00000002, 0x00000065, 0x00000328, + 0x00001e19, 0x00000002, 0x00000065, 0x0000032d, + 0x00001e1b, 0x00000002, 0x00000065, 0x00000330, + 0x00001e1f, 0x00000002, 0x00000066, 0x00000307, + 0x000001f5, 0x00000002, 0x00000067, 0x00000301, + 0x0000011d, 0x00000002, 0x00000067, 0x00000302, + 0x00001e21, 0x00000002, 0x00000067, 0x00000304, + 0x0000011f, 0x00000002, 0x00000067, 0x00000306, + 0x00000121, 0x00000002, 0x00000067, 0x00000307, + 0x000001e7, 0x00000002, 0x00000067, 0x0000030c, + 0x00000123, 0x00000002, 0x00000067, 0x00000327, + 0x00000125, 0x00000002, 0x00000068, 0x00000302, + 0x00001e23, 0x00000002, 0x00000068, 0x00000307, + 0x00001e27, 0x00000002, 0x00000068, 0x00000308, + 0x0000021f, 0x00000002, 0x00000068, 0x0000030c, + 0x00001e25, 0x00000002, 0x00000068, 0x00000323, + 0x00001e29, 0x00000002, 0x00000068, 0x00000327, + 0x00001e2b, 0x00000002, 0x00000068, 0x0000032e, + 0x00001e96, 0x00000002, 0x00000068, 0x00000331, + 0x000000ec, 0x00000002, 0x00000069, 0x00000300, + 0x000000ed, 0x00000002, 0x00000069, 0x00000301, + 0x000000ee, 0x00000002, 0x00000069, 0x00000302, + 0x00000129, 0x00000002, 0x00000069, 0x00000303, + 0x0000012b, 0x00000002, 0x00000069, 0x00000304, + 0x0000012d, 0x00000002, 0x00000069, 0x00000306, + 0x000000ef, 0x00000002, 0x00000069, 0x00000308, + 0x00001ec9, 0x00000002, 0x00000069, 0x00000309, + 0x000001d0, 0x00000002, 0x00000069, 0x0000030c, + 0x00000209, 0x00000002, 0x00000069, 0x0000030f, + 0x0000020b, 0x00000002, 0x00000069, 0x00000311, + 0x00001ecb, 0x00000002, 0x00000069, 0x00000323, + 0x0000012f, 0x00000002, 0x00000069, 0x00000328, + 0x00001e2d, 0x00000002, 0x00000069, 0x00000330, + 0x00000135, 0x00000002, 0x0000006a, 0x00000302, + 0x000001f0, 0x00000002, 0x0000006a, 0x0000030c, + 0x00001e31, 0x00000002, 0x0000006b, 0x00000301, + 0x000001e9, 0x00000002, 0x0000006b, 0x0000030c, + 0x00001e33, 0x00000002, 0x0000006b, 0x00000323, + 0x00000137, 0x00000002, 0x0000006b, 0x00000327, + 0x00001e35, 0x00000002, 0x0000006b, 0x00000331, + 0x0000013a, 0x00000002, 0x0000006c, 0x00000301, + 0x0000013e, 0x00000002, 0x0000006c, 0x0000030c, + 0x00001e37, 0x00000002, 0x0000006c, 0x00000323, + 0x0000013c, 0x00000002, 0x0000006c, 0x00000327, + 0x00001e3d, 0x00000002, 0x0000006c, 0x0000032d, + 0x00001e3b, 0x00000002, 0x0000006c, 0x00000331, + 0x00001e3f, 0x00000002, 0x0000006d, 0x00000301, + 0x00001e41, 0x00000002, 0x0000006d, 0x00000307, + 0x00001e43, 0x00000002, 0x0000006d, 0x00000323, + 0x000001f9, 0x00000002, 0x0000006e, 0x00000300, + 0x00000144, 0x00000002, 0x0000006e, 0x00000301, + 0x000000f1, 0x00000002, 0x0000006e, 0x00000303, + 0x00001e45, 0x00000002, 0x0000006e, 0x00000307, + 0x00000148, 0x00000002, 0x0000006e, 0x0000030c, + 0x00001e47, 0x00000002, 0x0000006e, 0x00000323, + 0x00000146, 0x00000002, 0x0000006e, 0x00000327, + 0x00001e4b, 0x00000002, 0x0000006e, 0x0000032d, + 0x00001e49, 0x00000002, 0x0000006e, 0x00000331, + 0x000000f2, 0x00000002, 0x0000006f, 0x00000300, + 0x000000f3, 0x00000002, 0x0000006f, 0x00000301, + 0x000000f4, 0x00000002, 0x0000006f, 0x00000302, + 0x000000f5, 0x00000002, 0x0000006f, 0x00000303, + 0x0000014d, 0x00000002, 0x0000006f, 0x00000304, + 0x0000014f, 0x00000002, 0x0000006f, 0x00000306, + 0x0000022f, 0x00000002, 0x0000006f, 0x00000307, + 0x000000f6, 0x00000002, 0x0000006f, 0x00000308, + 0x00001ecf, 0x00000002, 0x0000006f, 0x00000309, + 0x00000151, 0x00000002, 0x0000006f, 0x0000030b, + 0x000001d2, 0x00000002, 0x0000006f, 0x0000030c, + 0x0000020d, 0x00000002, 0x0000006f, 0x0000030f, + 0x0000020f, 0x00000002, 0x0000006f, 0x00000311, + 0x000001a1, 0x00000002, 0x0000006f, 0x0000031b, + 0x00001ecd, 0x00000002, 0x0000006f, 0x00000323, + 0x000001eb, 0x00000002, 0x0000006f, 0x00000328, + 0x00001e55, 0x00000002, 0x00000070, 0x00000301, + 0x00001e57, 0x00000002, 0x00000070, 0x00000307, + 0x00000155, 0x00000002, 0x00000072, 0x00000301, + 0x00001e59, 0x00000002, 0x00000072, 0x00000307, + 0x00000159, 0x00000002, 0x00000072, 0x0000030c, + 0x00000211, 0x00000002, 0x00000072, 0x0000030f, + 0x00000213, 0x00000002, 0x00000072, 0x00000311, + 0x00001e5b, 0x00000002, 0x00000072, 0x00000323, + 0x00000157, 0x00000002, 0x00000072, 0x00000327, + 0x00001e5f, 0x00000002, 0x00000072, 0x00000331, + 0x0000015b, 0x00000002, 0x00000073, 0x00000301, + 0x0000015d, 0x00000002, 0x00000073, 0x00000302, + 0x00001e61, 0x00000002, 0x00000073, 0x00000307, + 0x00000161, 0x00000002, 0x00000073, 0x0000030c, + 0x00001e63, 0x00000002, 0x00000073, 0x00000323, + 0x00000219, 0x00000002, 0x00000073, 0x00000326, + 0x0000015f, 0x00000002, 0x00000073, 0x00000327, + 0x00001e6b, 0x00000002, 0x00000074, 0x00000307, + 0x00001e97, 0x00000002, 0x00000074, 0x00000308, + 0x00000165, 0x00000002, 0x00000074, 0x0000030c, + 0x00001e6d, 0x00000002, 0x00000074, 0x00000323, + 0x0000021b, 0x00000002, 0x00000074, 0x00000326, + 0x00000163, 0x00000002, 0x00000074, 0x00000327, + 0x00001e71, 0x00000002, 0x00000074, 0x0000032d, + 0x00001e6f, 0x00000002, 0x00000074, 0x00000331, + 0x000000f9, 0x00000002, 0x00000075, 0x00000300, + 0x000000fa, 0x00000002, 0x00000075, 0x00000301, + 0x000000fb, 0x00000002, 0x00000075, 0x00000302, + 0x00000169, 0x00000002, 0x00000075, 0x00000303, + 0x0000016b, 0x00000002, 0x00000075, 0x00000304, + 0x0000016d, 0x00000002, 0x00000075, 0x00000306, + 0x000000fc, 0x00000002, 0x00000075, 0x00000308, + 0x00001ee7, 0x00000002, 0x00000075, 0x00000309, + 0x0000016f, 0x00000002, 0x00000075, 0x0000030a, + 0x00000171, 0x00000002, 0x00000075, 0x0000030b, + 0x000001d4, 0x00000002, 0x00000075, 0x0000030c, + 0x00000215, 0x00000002, 0x00000075, 0x0000030f, + 0x00000217, 0x00000002, 0x00000075, 0x00000311, + 0x000001b0, 0x00000002, 0x00000075, 0x0000031b, + 0x00001ee5, 0x00000002, 0x00000075, 0x00000323, + 0x00001e73, 0x00000002, 0x00000075, 0x00000324, + 0x00000173, 0x00000002, 0x00000075, 0x00000328, + 0x00001e77, 0x00000002, 0x00000075, 0x0000032d, + 0x00001e75, 0x00000002, 0x00000075, 0x00000330, + 0x00001e7d, 0x00000002, 0x00000076, 0x00000303, + 0x00001e7f, 0x00000002, 0x00000076, 0x00000323, + 0x00001e81, 0x00000002, 0x00000077, 0x00000300, + 0x00001e83, 0x00000002, 0x00000077, 0x00000301, + 0x00000175, 0x00000002, 0x00000077, 0x00000302, + 0x00001e87, 0x00000002, 0x00000077, 0x00000307, + 0x00001e85, 0x00000002, 0x00000077, 0x00000308, + 0x00001e98, 0x00000002, 0x00000077, 0x0000030a, + 0x00001e89, 0x00000002, 0x00000077, 0x00000323, + 0x00001e8b, 0x00000002, 0x00000078, 0x00000307, + 0x00001e8d, 0x00000002, 0x00000078, 0x00000308, + 0x00001ef3, 0x00000002, 0x00000079, 0x00000300, + 0x000000fd, 0x00000002, 0x00000079, 0x00000301, + 0x00000177, 0x00000002, 0x00000079, 0x00000302, + 0x00001ef9, 0x00000002, 0x00000079, 0x00000303, + 0x00000233, 0x00000002, 0x00000079, 0x00000304, + 0x00001e8f, 0x00000002, 0x00000079, 0x00000307, + 0x000000ff, 0x00000002, 0x00000079, 0x00000308, + 0x00001ef7, 0x00000002, 0x00000079, 0x00000309, + 0x00001e99, 0x00000002, 0x00000079, 0x0000030a, + 0x00001ef5, 0x00000002, 0x00000079, 0x00000323, + 0x0000017a, 0x00000002, 0x0000007a, 0x00000301, + 0x00001e91, 0x00000002, 0x0000007a, 0x00000302, + 0x0000017c, 0x00000002, 0x0000007a, 0x00000307, + 0x0000017e, 0x00000002, 0x0000007a, 0x0000030c, + 0x00001e93, 0x00000002, 0x0000007a, 0x00000323, + 0x00001e95, 0x00000002, 0x0000007a, 0x00000331, + 0x00001fed, 0x00000002, 0x000000a8, 0x00000300, + 0x00000385, 0x00000002, 0x000000a8, 0x00000301, + 0x00001fc1, 0x00000002, 0x000000a8, 0x00000342, + 0x00001ea6, 0x00000002, 0x000000c2, 0x00000300, + 0x00001ea4, 0x00000002, 0x000000c2, 0x00000301, + 0x00001eaa, 0x00000002, 0x000000c2, 0x00000303, + 0x00001ea8, 0x00000002, 0x000000c2, 0x00000309, + 0x000001de, 0x00000002, 0x000000c4, 0x00000304, + 0x000001fa, 0x00000002, 0x000000c5, 0x00000301, + 0x000001fc, 0x00000002, 0x000000c6, 0x00000301, + 0x000001e2, 0x00000002, 0x000000c6, 0x00000304, + 0x00001e08, 0x00000002, 0x000000c7, 0x00000301, + 0x00001ec0, 0x00000002, 0x000000ca, 0x00000300, + 0x00001ebe, 0x00000002, 0x000000ca, 0x00000301, + 0x00001ec4, 0x00000002, 0x000000ca, 0x00000303, + 0x00001ec2, 0x00000002, 0x000000ca, 0x00000309, + 0x00001e2e, 0x00000002, 0x000000cf, 0x00000301, + 0x00001ed2, 0x00000002, 0x000000d4, 0x00000300, + 0x00001ed0, 0x00000002, 0x000000d4, 0x00000301, + 0x00001ed6, 0x00000002, 0x000000d4, 0x00000303, + 0x00001ed4, 0x00000002, 0x000000d4, 0x00000309, + 0x00001e4c, 0x00000002, 0x000000d5, 0x00000301, + 0x0000022c, 0x00000002, 0x000000d5, 0x00000304, + 0x00001e4e, 0x00000002, 0x000000d5, 0x00000308, + 0x0000022a, 0x00000002, 0x000000d6, 0x00000304, + 0x000001fe, 0x00000002, 0x000000d8, 0x00000301, + 0x000001db, 0x00000002, 0x000000dc, 0x00000300, + 0x000001d7, 0x00000002, 0x000000dc, 0x00000301, + 0x000001d5, 0x00000002, 0x000000dc, 0x00000304, + 0x000001d9, 0x00000002, 0x000000dc, 0x0000030c, + 0x00001ea7, 0x00000002, 0x000000e2, 0x00000300, + 0x00001ea5, 0x00000002, 0x000000e2, 0x00000301, + 0x00001eab, 0x00000002, 0x000000e2, 0x00000303, + 0x00001ea9, 0x00000002, 0x000000e2, 0x00000309, + 0x000001df, 0x00000002, 0x000000e4, 0x00000304, + 0x000001fb, 0x00000002, 0x000000e5, 0x00000301, + 0x000001fd, 0x00000002, 0x000000e6, 0x00000301, + 0x000001e3, 0x00000002, 0x000000e6, 0x00000304, + 0x00001e09, 0x00000002, 0x000000e7, 0x00000301, + 0x00001ec1, 0x00000002, 0x000000ea, 0x00000300, + 0x00001ebf, 0x00000002, 0x000000ea, 0x00000301, + 0x00001ec5, 0x00000002, 0x000000ea, 0x00000303, + 0x00001ec3, 0x00000002, 0x000000ea, 0x00000309, + 0x00001e2f, 0x00000002, 0x000000ef, 0x00000301, + 0x00001ed3, 0x00000002, 0x000000f4, 0x00000300, + 0x00001ed1, 0x00000002, 0x000000f4, 0x00000301, + 0x00001ed7, 0x00000002, 0x000000f4, 0x00000303, + 0x00001ed5, 0x00000002, 0x000000f4, 0x00000309, + 0x00001e4d, 0x00000002, 0x000000f5, 0x00000301, + 0x0000022d, 0x00000002, 0x000000f5, 0x00000304, + 0x00001e4f, 0x00000002, 0x000000f5, 0x00000308, + 0x0000022b, 0x00000002, 0x000000f6, 0x00000304, + 0x000001ff, 0x00000002, 0x000000f8, 0x00000301, + 0x000001dc, 0x00000002, 0x000000fc, 0x00000300, + 0x000001d8, 0x00000002, 0x000000fc, 0x00000301, + 0x000001d6, 0x00000002, 0x000000fc, 0x00000304, + 0x000001da, 0x00000002, 0x000000fc, 0x0000030c, + 0x00001eb0, 0x00000002, 0x00000102, 0x00000300, + 0x00001eae, 0x00000002, 0x00000102, 0x00000301, + 0x00001eb4, 0x00000002, 0x00000102, 0x00000303, + 0x00001eb2, 0x00000002, 0x00000102, 0x00000309, + 0x00001eb1, 0x00000002, 0x00000103, 0x00000300, + 0x00001eaf, 0x00000002, 0x00000103, 0x00000301, + 0x00001eb5, 0x00000002, 0x00000103, 0x00000303, + 0x00001eb3, 0x00000002, 0x00000103, 0x00000309, + 0x00001e14, 0x00000002, 0x00000112, 0x00000300, + 0x00001e16, 0x00000002, 0x00000112, 0x00000301, + 0x00001e15, 0x00000002, 0x00000113, 0x00000300, + 0x00001e17, 0x00000002, 0x00000113, 0x00000301, + 0x00001e50, 0x00000002, 0x0000014c, 0x00000300, + 0x00001e52, 0x00000002, 0x0000014c, 0x00000301, + 0x00001e51, 0x00000002, 0x0000014d, 0x00000300, + 0x00001e53, 0x00000002, 0x0000014d, 0x00000301, + 0x00001e64, 0x00000002, 0x0000015a, 0x00000307, + 0x00001e65, 0x00000002, 0x0000015b, 0x00000307, + 0x00001e66, 0x00000002, 0x00000160, 0x00000307, + 0x00001e67, 0x00000002, 0x00000161, 0x00000307, + 0x00001e78, 0x00000002, 0x00000168, 0x00000301, + 0x00001e79, 0x00000002, 0x00000169, 0x00000301, + 0x00001e7a, 0x00000002, 0x0000016a, 0x00000308, + 0x00001e7b, 0x00000002, 0x0000016b, 0x00000308, + 0x00001e9b, 0x00000002, 0x0000017f, 0x00000307, + 0x00001edc, 0x00000002, 0x000001a0, 0x00000300, + 0x00001eda, 0x00000002, 0x000001a0, 0x00000301, + 0x00001ee0, 0x00000002, 0x000001a0, 0x00000303, + 0x00001ede, 0x00000002, 0x000001a0, 0x00000309, + 0x00001ee2, 0x00000002, 0x000001a0, 0x00000323, + 0x00001edd, 0x00000002, 0x000001a1, 0x00000300, + 0x00001edb, 0x00000002, 0x000001a1, 0x00000301, + 0x00001ee1, 0x00000002, 0x000001a1, 0x00000303, + 0x00001edf, 0x00000002, 0x000001a1, 0x00000309, + 0x00001ee3, 0x00000002, 0x000001a1, 0x00000323, + 0x00001eea, 0x00000002, 0x000001af, 0x00000300, + 0x00001ee8, 0x00000002, 0x000001af, 0x00000301, + 0x00001eee, 0x00000002, 0x000001af, 0x00000303, + 0x00001eec, 0x00000002, 0x000001af, 0x00000309, + 0x00001ef0, 0x00000002, 0x000001af, 0x00000323, + 0x00001eeb, 0x00000002, 0x000001b0, 0x00000300, + 0x00001ee9, 0x00000002, 0x000001b0, 0x00000301, + 0x00001eef, 0x00000002, 0x000001b0, 0x00000303, + 0x00001eed, 0x00000002, 0x000001b0, 0x00000309, + 0x00001ef1, 0x00000002, 0x000001b0, 0x00000323, + 0x000001ee, 0x00000002, 0x000001b7, 0x0000030c, + 0x000001ec, 0x00000002, 0x000001ea, 0x00000304, + 0x000001ed, 0x00000002, 0x000001eb, 0x00000304, + 0x000001e0, 0x00000002, 0x00000226, 0x00000304, + 0x000001e1, 0x00000002, 0x00000227, 0x00000304, + 0x00001e1c, 0x00000002, 0x00000228, 0x00000306, + 0x00001e1d, 0x00000002, 0x00000229, 0x00000306, + 0x00000230, 0x00000002, 0x0000022e, 0x00000304, + 0x00000231, 0x00000002, 0x0000022f, 0x00000304, + 0x000001ef, 0x00000002, 0x00000292, 0x0000030c, + 0x00000344, 0x00000002, 0x00000308, 0x00000301, + 0x00001fba, 0x00000002, 0x00000391, 0x00000300, + 0x00000386, 0x00000002, 0x00000391, 0x00000301, + 0x00001fb9, 0x00000002, 0x00000391, 0x00000304, + 0x00001fb8, 0x00000002, 0x00000391, 0x00000306, + 0x00001f08, 0x00000002, 0x00000391, 0x00000313, + 0x00001f09, 0x00000002, 0x00000391, 0x00000314, + 0x00001fbc, 0x00000002, 0x00000391, 0x00000345, + 0x00001fc8, 0x00000002, 0x00000395, 0x00000300, + 0x00000388, 0x00000002, 0x00000395, 0x00000301, + 0x00001f18, 0x00000002, 0x00000395, 0x00000313, + 0x00001f19, 0x00000002, 0x00000395, 0x00000314, + 0x00001fca, 0x00000002, 0x00000397, 0x00000300, + 0x00000389, 0x00000002, 0x00000397, 0x00000301, + 0x00001f28, 0x00000002, 0x00000397, 0x00000313, + 0x00001f29, 0x00000002, 0x00000397, 0x00000314, + 0x00001fcc, 0x00000002, 0x00000397, 0x00000345, + 0x00001fda, 0x00000002, 0x00000399, 0x00000300, + 0x0000038a, 0x00000002, 0x00000399, 0x00000301, + 0x00001fd9, 0x00000002, 0x00000399, 0x00000304, + 0x00001fd8, 0x00000002, 0x00000399, 0x00000306, + 0x000003aa, 0x00000002, 0x00000399, 0x00000308, + 0x00001f38, 0x00000002, 0x00000399, 0x00000313, + 0x00001f39, 0x00000002, 0x00000399, 0x00000314, + 0x00001ff8, 0x00000002, 0x0000039f, 0x00000300, + 0x0000038c, 0x00000002, 0x0000039f, 0x00000301, + 0x00001f48, 0x00000002, 0x0000039f, 0x00000313, + 0x00001f49, 0x00000002, 0x0000039f, 0x00000314, + 0x00001fec, 0x00000002, 0x000003a1, 0x00000314, + 0x00001fea, 0x00000002, 0x000003a5, 0x00000300, + 0x0000038e, 0x00000002, 0x000003a5, 0x00000301, + 0x00001fe9, 0x00000002, 0x000003a5, 0x00000304, + 0x00001fe8, 0x00000002, 0x000003a5, 0x00000306, + 0x000003ab, 0x00000002, 0x000003a5, 0x00000308, + 0x00001f59, 0x00000002, 0x000003a5, 0x00000314, + 0x00001ffa, 0x00000002, 0x000003a9, 0x00000300, + 0x0000038f, 0x00000002, 0x000003a9, 0x00000301, + 0x00001f68, 0x00000002, 0x000003a9, 0x00000313, + 0x00001f69, 0x00000002, 0x000003a9, 0x00000314, + 0x00001ffc, 0x00000002, 0x000003a9, 0x00000345, + 0x00001fb4, 0x00000002, 0x000003ac, 0x00000345, + 0x00001fc4, 0x00000002, 0x000003ae, 0x00000345, + 0x00001f70, 0x00000002, 0x000003b1, 0x00000300, + 0x000003ac, 0x00000002, 0x000003b1, 0x00000301, + 0x00001fb1, 0x00000002, 0x000003b1, 0x00000304, + 0x00001fb0, 0x00000002, 0x000003b1, 0x00000306, + 0x00001f00, 0x00000002, 0x000003b1, 0x00000313, + 0x00001f01, 0x00000002, 0x000003b1, 0x00000314, + 0x00001fb6, 0x00000002, 0x000003b1, 0x00000342, + 0x00001fb3, 0x00000002, 0x000003b1, 0x00000345, + 0x00001f72, 0x00000002, 0x000003b5, 0x00000300, + 0x000003ad, 0x00000002, 0x000003b5, 0x00000301, + 0x00001f10, 0x00000002, 0x000003b5, 0x00000313, + 0x00001f11, 0x00000002, 0x000003b5, 0x00000314, + 0x00001f74, 0x00000002, 0x000003b7, 0x00000300, + 0x000003ae, 0x00000002, 0x000003b7, 0x00000301, + 0x00001f20, 0x00000002, 0x000003b7, 0x00000313, + 0x00001f21, 0x00000002, 0x000003b7, 0x00000314, + 0x00001fc6, 0x00000002, 0x000003b7, 0x00000342, + 0x00001fc3, 0x00000002, 0x000003b7, 0x00000345, + 0x00001f76, 0x00000002, 0x000003b9, 0x00000300, + 0x000003af, 0x00000002, 0x000003b9, 0x00000301, + 0x00001fd1, 0x00000002, 0x000003b9, 0x00000304, + 0x00001fd0, 0x00000002, 0x000003b9, 0x00000306, + 0x000003ca, 0x00000002, 0x000003b9, 0x00000308, + 0x00001f30, 0x00000002, 0x000003b9, 0x00000313, + 0x00001f31, 0x00000002, 0x000003b9, 0x00000314, + 0x00001fd6, 0x00000002, 0x000003b9, 0x00000342, + 0x00001f78, 0x00000002, 0x000003bf, 0x00000300, + 0x000003cc, 0x00000002, 0x000003bf, 0x00000301, + 0x00001f40, 0x00000002, 0x000003bf, 0x00000313, + 0x00001f41, 0x00000002, 0x000003bf, 0x00000314, + 0x00001fe4, 0x00000002, 0x000003c1, 0x00000313, + 0x00001fe5, 0x00000002, 0x000003c1, 0x00000314, + 0x00001f7a, 0x00000002, 0x000003c5, 0x00000300, + 0x000003cd, 0x00000002, 0x000003c5, 0x00000301, + 0x00001fe1, 0x00000002, 0x000003c5, 0x00000304, + 0x00001fe0, 0x00000002, 0x000003c5, 0x00000306, + 0x000003cb, 0x00000002, 0x000003c5, 0x00000308, + 0x00001f50, 0x00000002, 0x000003c5, 0x00000313, + 0x00001f51, 0x00000002, 0x000003c5, 0x00000314, + 0x00001fe6, 0x00000002, 0x000003c5, 0x00000342, + 0x00001f7c, 0x00000002, 0x000003c9, 0x00000300, + 0x000003ce, 0x00000002, 0x000003c9, 0x00000301, + 0x00001f60, 0x00000002, 0x000003c9, 0x00000313, + 0x00001f61, 0x00000002, 0x000003c9, 0x00000314, + 0x00001ff6, 0x00000002, 0x000003c9, 0x00000342, + 0x00001ff3, 0x00000002, 0x000003c9, 0x00000345, + 0x00001fd2, 0x00000002, 0x000003ca, 0x00000300, + 0x00000390, 0x00000002, 0x000003ca, 0x00000301, + 0x00001fd7, 0x00000002, 0x000003ca, 0x00000342, + 0x00001fe2, 0x00000002, 0x000003cb, 0x00000300, + 0x000003b0, 0x00000002, 0x000003cb, 0x00000301, + 0x00001fe7, 0x00000002, 0x000003cb, 0x00000342, + 0x00001ff4, 0x00000002, 0x000003ce, 0x00000345, + 0x000003d3, 0x00000002, 0x000003d2, 0x00000301, + 0x000003d4, 0x00000002, 0x000003d2, 0x00000308, + 0x00000407, 0x00000002, 0x00000406, 0x00000308, + 0x000004d0, 0x00000002, 0x00000410, 0x00000306, + 0x000004d2, 0x00000002, 0x00000410, 0x00000308, + 0x00000403, 0x00000002, 0x00000413, 0x00000301, + 0x00000400, 0x00000002, 0x00000415, 0x00000300, + 0x000004d6, 0x00000002, 0x00000415, 0x00000306, + 0x00000401, 0x00000002, 0x00000415, 0x00000308, + 0x000004c1, 0x00000002, 0x00000416, 0x00000306, + 0x000004dc, 0x00000002, 0x00000416, 0x00000308, + 0x000004de, 0x00000002, 0x00000417, 0x00000308, + 0x0000040d, 0x00000002, 0x00000418, 0x00000300, + 0x000004e2, 0x00000002, 0x00000418, 0x00000304, + 0x00000419, 0x00000002, 0x00000418, 0x00000306, + 0x000004e4, 0x00000002, 0x00000418, 0x00000308, + 0x0000040c, 0x00000002, 0x0000041a, 0x00000301, + 0x000004e6, 0x00000002, 0x0000041e, 0x00000308, + 0x000004ee, 0x00000002, 0x00000423, 0x00000304, + 0x0000040e, 0x00000002, 0x00000423, 0x00000306, + 0x000004f0, 0x00000002, 0x00000423, 0x00000308, + 0x000004f2, 0x00000002, 0x00000423, 0x0000030b, + 0x000004f4, 0x00000002, 0x00000427, 0x00000308, + 0x000004f8, 0x00000002, 0x0000042b, 0x00000308, + 0x000004ec, 0x00000002, 0x0000042d, 0x00000308, + 0x000004d1, 0x00000002, 0x00000430, 0x00000306, + 0x000004d3, 0x00000002, 0x00000430, 0x00000308, + 0x00000453, 0x00000002, 0x00000433, 0x00000301, + 0x00000450, 0x00000002, 0x00000435, 0x00000300, + 0x000004d7, 0x00000002, 0x00000435, 0x00000306, + 0x00000451, 0x00000002, 0x00000435, 0x00000308, + 0x000004c2, 0x00000002, 0x00000436, 0x00000306, + 0x000004dd, 0x00000002, 0x00000436, 0x00000308, + 0x000004df, 0x00000002, 0x00000437, 0x00000308, + 0x0000045d, 0x00000002, 0x00000438, 0x00000300, + 0x000004e3, 0x00000002, 0x00000438, 0x00000304, + 0x00000439, 0x00000002, 0x00000438, 0x00000306, + 0x000004e5, 0x00000002, 0x00000438, 0x00000308, + 0x0000045c, 0x00000002, 0x0000043a, 0x00000301, + 0x000004e7, 0x00000002, 0x0000043e, 0x00000308, + 0x000004ef, 0x00000002, 0x00000443, 0x00000304, + 0x0000045e, 0x00000002, 0x00000443, 0x00000306, + 0x000004f1, 0x00000002, 0x00000443, 0x00000308, + 0x000004f3, 0x00000002, 0x00000443, 0x0000030b, + 0x000004f5, 0x00000002, 0x00000447, 0x00000308, + 0x000004f9, 0x00000002, 0x0000044b, 0x00000308, + 0x000004ed, 0x00000002, 0x0000044d, 0x00000308, + 0x00000457, 0x00000002, 0x00000456, 0x00000308, + 0x00000476, 0x00000002, 0x00000474, 0x0000030f, + 0x00000477, 0x00000002, 0x00000475, 0x0000030f, + 0x000004da, 0x00000002, 0x000004d8, 0x00000308, + 0x000004db, 0x00000002, 0x000004d9, 0x00000308, + 0x000004ea, 0x00000002, 0x000004e8, 0x00000308, + 0x000004eb, 0x00000002, 0x000004e9, 0x00000308, + 0x00000622, 0x00000002, 0x00000627, 0x00000653, + 0x00000623, 0x00000002, 0x00000627, 0x00000654, + 0x00000625, 0x00000002, 0x00000627, 0x00000655, + 0x00000624, 0x00000002, 0x00000648, 0x00000654, + 0x00000626, 0x00000002, 0x0000064a, 0x00000654, + 0x000006c2, 0x00000002, 0x000006c1, 0x00000654, + 0x000006d3, 0x00000002, 0x000006d2, 0x00000654, + 0x000006c0, 0x00000002, 0x000006d5, 0x00000654, + 0x00000929, 0x00000002, 0x00000928, 0x0000093c, + 0x00000931, 0x00000002, 0x00000930, 0x0000093c, + 0x00000934, 0x00000002, 0x00000933, 0x0000093c, + 0x000009cb, 0x00000002, 0x000009c7, 0x000009be, + 0x000009cc, 0x00000002, 0x000009c7, 0x000009d7, + 0x00000b4b, 0x00000002, 0x00000b47, 0x00000b3e, + 0x00000b48, 0x00000002, 0x00000b47, 0x00000b56, + 0x00000b4c, 0x00000002, 0x00000b47, 0x00000b57, + 0x00000b94, 0x00000002, 0x00000b92, 0x00000bd7, + 0x00000bca, 0x00000002, 0x00000bc6, 0x00000bbe, + 0x00000bcc, 0x00000002, 0x00000bc6, 0x00000bd7, + 0x00000bcb, 0x00000002, 0x00000bc7, 0x00000bbe, + 0x00000c48, 0x00000002, 0x00000c46, 0x00000c56, + 0x00000cc0, 0x00000002, 0x00000cbf, 0x00000cd5, + 0x00000cca, 0x00000002, 0x00000cc6, 0x00000cc2, + 0x00000cc7, 0x00000002, 0x00000cc6, 0x00000cd5, + 0x00000cc8, 0x00000002, 0x00000cc6, 0x00000cd6, + 0x00000ccb, 0x00000002, 0x00000cca, 0x00000cd5, + 0x00000d4a, 0x00000002, 0x00000d46, 0x00000d3e, + 0x00000d4c, 0x00000002, 0x00000d46, 0x00000d57, + 0x00000d4b, 0x00000002, 0x00000d47, 0x00000d3e, + 0x00000dda, 0x00000002, 0x00000dd9, 0x00000dca, + 0x00000ddc, 0x00000002, 0x00000dd9, 0x00000dcf, + 0x00000dde, 0x00000002, 0x00000dd9, 0x00000ddf, + 0x00000ddd, 0x00000002, 0x00000ddc, 0x00000dca, + 0x00000f73, 0x00000002, 0x00000f71, 0x00000f72, + 0x00000f75, 0x00000002, 0x00000f71, 0x00000f74, + 0x00000f81, 0x00000002, 0x00000f71, 0x00000f80, + 0x00001026, 0x00000002, 0x00001025, 0x0000102e, + 0x00001e38, 0x00000002, 0x00001e36, 0x00000304, + 0x00001e39, 0x00000002, 0x00001e37, 0x00000304, + 0x00001e5c, 0x00000002, 0x00001e5a, 0x00000304, + 0x00001e5d, 0x00000002, 0x00001e5b, 0x00000304, + 0x00001e68, 0x00000002, 0x00001e62, 0x00000307, + 0x00001e69, 0x00000002, 0x00001e63, 0x00000307, + 0x00001eac, 0x00000002, 0x00001ea0, 0x00000302, + 0x00001eb6, 0x00000002, 0x00001ea0, 0x00000306, + 0x00001ead, 0x00000002, 0x00001ea1, 0x00000302, + 0x00001eb7, 0x00000002, 0x00001ea1, 0x00000306, + 0x00001ec6, 0x00000002, 0x00001eb8, 0x00000302, + 0x00001ec7, 0x00000002, 0x00001eb9, 0x00000302, + 0x00001ed8, 0x00000002, 0x00001ecc, 0x00000302, + 0x00001ed9, 0x00000002, 0x00001ecd, 0x00000302, + 0x00001f02, 0x00000002, 0x00001f00, 0x00000300, + 0x00001f04, 0x00000002, 0x00001f00, 0x00000301, + 0x00001f06, 0x00000002, 0x00001f00, 0x00000342, + 0x00001f80, 0x00000002, 0x00001f00, 0x00000345, + 0x00001f03, 0x00000002, 0x00001f01, 0x00000300, + 0x00001f05, 0x00000002, 0x00001f01, 0x00000301, + 0x00001f07, 0x00000002, 0x00001f01, 0x00000342, + 0x00001f81, 0x00000002, 0x00001f01, 0x00000345, + 0x00001f82, 0x00000002, 0x00001f02, 0x00000345, + 0x00001f83, 0x00000002, 0x00001f03, 0x00000345, + 0x00001f84, 0x00000002, 0x00001f04, 0x00000345, + 0x00001f85, 0x00000002, 0x00001f05, 0x00000345, + 0x00001f86, 0x00000002, 0x00001f06, 0x00000345, + 0x00001f87, 0x00000002, 0x00001f07, 0x00000345, + 0x00001f0a, 0x00000002, 0x00001f08, 0x00000300, + 0x00001f0c, 0x00000002, 0x00001f08, 0x00000301, + 0x00001f0e, 0x00000002, 0x00001f08, 0x00000342, + 0x00001f88, 0x00000002, 0x00001f08, 0x00000345, + 0x00001f0b, 0x00000002, 0x00001f09, 0x00000300, + 0x00001f0d, 0x00000002, 0x00001f09, 0x00000301, + 0x00001f0f, 0x00000002, 0x00001f09, 0x00000342, + 0x00001f89, 0x00000002, 0x00001f09, 0x00000345, + 0x00001f8a, 0x00000002, 0x00001f0a, 0x00000345, + 0x00001f8b, 0x00000002, 0x00001f0b, 0x00000345, + 0x00001f8c, 0x00000002, 0x00001f0c, 0x00000345, + 0x00001f8d, 0x00000002, 0x00001f0d, 0x00000345, + 0x00001f8e, 0x00000002, 0x00001f0e, 0x00000345, + 0x00001f8f, 0x00000002, 0x00001f0f, 0x00000345, + 0x00001f12, 0x00000002, 0x00001f10, 0x00000300, + 0x00001f14, 0x00000002, 0x00001f10, 0x00000301, + 0x00001f13, 0x00000002, 0x00001f11, 0x00000300, + 0x00001f15, 0x00000002, 0x00001f11, 0x00000301, + 0x00001f1a, 0x00000002, 0x00001f18, 0x00000300, + 0x00001f1c, 0x00000002, 0x00001f18, 0x00000301, + 0x00001f1b, 0x00000002, 0x00001f19, 0x00000300, + 0x00001f1d, 0x00000002, 0x00001f19, 0x00000301, + 0x00001f22, 0x00000002, 0x00001f20, 0x00000300, + 0x00001f24, 0x00000002, 0x00001f20, 0x00000301, + 0x00001f26, 0x00000002, 0x00001f20, 0x00000342, + 0x00001f90, 0x00000002, 0x00001f20, 0x00000345, + 0x00001f23, 0x00000002, 0x00001f21, 0x00000300, + 0x00001f25, 0x00000002, 0x00001f21, 0x00000301, + 0x00001f27, 0x00000002, 0x00001f21, 0x00000342, + 0x00001f91, 0x00000002, 0x00001f21, 0x00000345, + 0x00001f92, 0x00000002, 0x00001f22, 0x00000345, + 0x00001f93, 0x00000002, 0x00001f23, 0x00000345, + 0x00001f94, 0x00000002, 0x00001f24, 0x00000345, + 0x00001f95, 0x00000002, 0x00001f25, 0x00000345, + 0x00001f96, 0x00000002, 0x00001f26, 0x00000345, + 0x00001f97, 0x00000002, 0x00001f27, 0x00000345, + 0x00001f2a, 0x00000002, 0x00001f28, 0x00000300, + 0x00001f2c, 0x00000002, 0x00001f28, 0x00000301, + 0x00001f2e, 0x00000002, 0x00001f28, 0x00000342, + 0x00001f98, 0x00000002, 0x00001f28, 0x00000345, + 0x00001f2b, 0x00000002, 0x00001f29, 0x00000300, + 0x00001f2d, 0x00000002, 0x00001f29, 0x00000301, + 0x00001f2f, 0x00000002, 0x00001f29, 0x00000342, + 0x00001f99, 0x00000002, 0x00001f29, 0x00000345, + 0x00001f9a, 0x00000002, 0x00001f2a, 0x00000345, + 0x00001f9b, 0x00000002, 0x00001f2b, 0x00000345, + 0x00001f9c, 0x00000002, 0x00001f2c, 0x00000345, + 0x00001f9d, 0x00000002, 0x00001f2d, 0x00000345, + 0x00001f9e, 0x00000002, 0x00001f2e, 0x00000345, + 0x00001f9f, 0x00000002, 0x00001f2f, 0x00000345, + 0x00001f32, 0x00000002, 0x00001f30, 0x00000300, + 0x00001f34, 0x00000002, 0x00001f30, 0x00000301, + 0x00001f36, 0x00000002, 0x00001f30, 0x00000342, + 0x00001f33, 0x00000002, 0x00001f31, 0x00000300, + 0x00001f35, 0x00000002, 0x00001f31, 0x00000301, + 0x00001f37, 0x00000002, 0x00001f31, 0x00000342, + 0x00001f3a, 0x00000002, 0x00001f38, 0x00000300, + 0x00001f3c, 0x00000002, 0x00001f38, 0x00000301, + 0x00001f3e, 0x00000002, 0x00001f38, 0x00000342, + 0x00001f3b, 0x00000002, 0x00001f39, 0x00000300, + 0x00001f3d, 0x00000002, 0x00001f39, 0x00000301, + 0x00001f3f, 0x00000002, 0x00001f39, 0x00000342, + 0x00001f42, 0x00000002, 0x00001f40, 0x00000300, + 0x00001f44, 0x00000002, 0x00001f40, 0x00000301, + 0x00001f43, 0x00000002, 0x00001f41, 0x00000300, + 0x00001f45, 0x00000002, 0x00001f41, 0x00000301, + 0x00001f4a, 0x00000002, 0x00001f48, 0x00000300, + 0x00001f4c, 0x00000002, 0x00001f48, 0x00000301, + 0x00001f4b, 0x00000002, 0x00001f49, 0x00000300, + 0x00001f4d, 0x00000002, 0x00001f49, 0x00000301, + 0x00001f52, 0x00000002, 0x00001f50, 0x00000300, + 0x00001f54, 0x00000002, 0x00001f50, 0x00000301, + 0x00001f56, 0x00000002, 0x00001f50, 0x00000342, + 0x00001f53, 0x00000002, 0x00001f51, 0x00000300, + 0x00001f55, 0x00000002, 0x00001f51, 0x00000301, + 0x00001f57, 0x00000002, 0x00001f51, 0x00000342, + 0x00001f5b, 0x00000002, 0x00001f59, 0x00000300, + 0x00001f5d, 0x00000002, 0x00001f59, 0x00000301, + 0x00001f5f, 0x00000002, 0x00001f59, 0x00000342, + 0x00001f62, 0x00000002, 0x00001f60, 0x00000300, + 0x00001f64, 0x00000002, 0x00001f60, 0x00000301, + 0x00001f66, 0x00000002, 0x00001f60, 0x00000342, + 0x00001fa0, 0x00000002, 0x00001f60, 0x00000345, + 0x00001f63, 0x00000002, 0x00001f61, 0x00000300, + 0x00001f65, 0x00000002, 0x00001f61, 0x00000301, + 0x00001f67, 0x00000002, 0x00001f61, 0x00000342, + 0x00001fa1, 0x00000002, 0x00001f61, 0x00000345, + 0x00001fa2, 0x00000002, 0x00001f62, 0x00000345, + 0x00001fa3, 0x00000002, 0x00001f63, 0x00000345, + 0x00001fa4, 0x00000002, 0x00001f64, 0x00000345, + 0x00001fa5, 0x00000002, 0x00001f65, 0x00000345, + 0x00001fa6, 0x00000002, 0x00001f66, 0x00000345, + 0x00001fa7, 0x00000002, 0x00001f67, 0x00000345, + 0x00001f6a, 0x00000002, 0x00001f68, 0x00000300, + 0x00001f6c, 0x00000002, 0x00001f68, 0x00000301, + 0x00001f6e, 0x00000002, 0x00001f68, 0x00000342, + 0x00001fa8, 0x00000002, 0x00001f68, 0x00000345, + 0x00001f6b, 0x00000002, 0x00001f69, 0x00000300, + 0x00001f6d, 0x00000002, 0x00001f69, 0x00000301, + 0x00001f6f, 0x00000002, 0x00001f69, 0x00000342, + 0x00001fa9, 0x00000002, 0x00001f69, 0x00000345, + 0x00001faa, 0x00000002, 0x00001f6a, 0x00000345, + 0x00001fab, 0x00000002, 0x00001f6b, 0x00000345, + 0x00001fac, 0x00000002, 0x00001f6c, 0x00000345, + 0x00001fad, 0x00000002, 0x00001f6d, 0x00000345, + 0x00001fae, 0x00000002, 0x00001f6e, 0x00000345, + 0x00001faf, 0x00000002, 0x00001f6f, 0x00000345, + 0x00001fb2, 0x00000002, 0x00001f70, 0x00000345, + 0x00001fc2, 0x00000002, 0x00001f74, 0x00000345, + 0x00001ff2, 0x00000002, 0x00001f7c, 0x00000345, + 0x00001fb7, 0x00000002, 0x00001fb6, 0x00000345, + 0x00001fcd, 0x00000002, 0x00001fbf, 0x00000300, + 0x00001fce, 0x00000002, 0x00001fbf, 0x00000301, + 0x00001fcf, 0x00000002, 0x00001fbf, 0x00000342, + 0x00001fc7, 0x00000002, 0x00001fc6, 0x00000345, + 0x00001ff7, 0x00000002, 0x00001ff6, 0x00000345, + 0x00001fdd, 0x00000002, 0x00001ffe, 0x00000300, + 0x00001fde, 0x00000002, 0x00001ffe, 0x00000301, + 0x00001fdf, 0x00000002, 0x00001ffe, 0x00000342, + 0x0000219a, 0x00000002, 0x00002190, 0x00000338, + 0x0000219b, 0x00000002, 0x00002192, 0x00000338, + 0x000021ae, 0x00000002, 0x00002194, 0x00000338, + 0x000021cd, 0x00000002, 0x000021d0, 0x00000338, + 0x000021cf, 0x00000002, 0x000021d2, 0x00000338, + 0x000021ce, 0x00000002, 0x000021d4, 0x00000338, + 0x00002204, 0x00000002, 0x00002203, 0x00000338, + 0x00002209, 0x00000002, 0x00002208, 0x00000338, + 0x0000220c, 0x00000002, 0x0000220b, 0x00000338, + 0x00002224, 0x00000002, 0x00002223, 0x00000338, + 0x00002226, 0x00000002, 0x00002225, 0x00000338, + 0x00002241, 0x00000002, 0x0000223c, 0x00000338, + 0x00002244, 0x00000002, 0x00002243, 0x00000338, + 0x00002247, 0x00000002, 0x00002245, 0x00000338, + 0x00002249, 0x00000002, 0x00002248, 0x00000338, + 0x0000226d, 0x00000002, 0x0000224d, 0x00000338, + 0x00002262, 0x00000002, 0x00002261, 0x00000338, + 0x00002270, 0x00000002, 0x00002264, 0x00000338, + 0x00002271, 0x00000002, 0x00002265, 0x00000338, + 0x00002274, 0x00000002, 0x00002272, 0x00000338, + 0x00002275, 0x00000002, 0x00002273, 0x00000338, + 0x00002278, 0x00000002, 0x00002276, 0x00000338, + 0x00002279, 0x00000002, 0x00002277, 0x00000338, + 0x00002280, 0x00000002, 0x0000227a, 0x00000338, + 0x00002281, 0x00000002, 0x0000227b, 0x00000338, + 0x000022e0, 0x00000002, 0x0000227c, 0x00000338, + 0x000022e1, 0x00000002, 0x0000227d, 0x00000338, + 0x00002284, 0x00000002, 0x00002282, 0x00000338, + 0x00002285, 0x00000002, 0x00002283, 0x00000338, + 0x00002288, 0x00000002, 0x00002286, 0x00000338, + 0x00002289, 0x00000002, 0x00002287, 0x00000338, + 0x000022e2, 0x00000002, 0x00002291, 0x00000338, + 0x000022e3, 0x00000002, 0x00002292, 0x00000338, + 0x000022ac, 0x00000002, 0x000022a2, 0x00000338, + 0x000022ad, 0x00000002, 0x000022a8, 0x00000338, + 0x000022ae, 0x00000002, 0x000022a9, 0x00000338, + 0x000022af, 0x00000002, 0x000022ab, 0x00000338, + 0x000022ea, 0x00000002, 0x000022b2, 0x00000338, + 0x000022eb, 0x00000002, 0x000022b3, 0x00000338, + 0x000022ec, 0x00000002, 0x000022b4, 0x00000338, + 0x000022ed, 0x00000002, 0x000022b5, 0x00000338, + 0x00003094, 0x00000002, 0x00003046, 0x00003099, + 0x0000304c, 0x00000002, 0x0000304b, 0x00003099, + 0x0000304e, 0x00000002, 0x0000304d, 0x00003099, + 0x00003050, 0x00000002, 0x0000304f, 0x00003099, + 0x00003052, 0x00000002, 0x00003051, 0x00003099, + 0x00003054, 0x00000002, 0x00003053, 0x00003099, + 0x00003056, 0x00000002, 0x00003055, 0x00003099, + 0x00003058, 0x00000002, 0x00003057, 0x00003099, + 0x0000305a, 0x00000002, 0x00003059, 0x00003099, + 0x0000305c, 0x00000002, 0x0000305b, 0x00003099, + 0x0000305e, 0x00000002, 0x0000305d, 0x00003099, + 0x00003060, 0x00000002, 0x0000305f, 0x00003099, + 0x00003062, 0x00000002, 0x00003061, 0x00003099, + 0x00003065, 0x00000002, 0x00003064, 0x00003099, + 0x00003067, 0x00000002, 0x00003066, 0x00003099, + 0x00003069, 0x00000002, 0x00003068, 0x00003099, + 0x00003070, 0x00000002, 0x0000306f, 0x00003099, + 0x00003071, 0x00000002, 0x0000306f, 0x0000309a, + 0x00003073, 0x00000002, 0x00003072, 0x00003099, + 0x00003074, 0x00000002, 0x00003072, 0x0000309a, + 0x00003076, 0x00000002, 0x00003075, 0x00003099, + 0x00003077, 0x00000002, 0x00003075, 0x0000309a, + 0x00003079, 0x00000002, 0x00003078, 0x00003099, + 0x0000307a, 0x00000002, 0x00003078, 0x0000309a, + 0x0000307c, 0x00000002, 0x0000307b, 0x00003099, + 0x0000307d, 0x00000002, 0x0000307b, 0x0000309a, + 0x0000309e, 0x00000002, 0x0000309d, 0x00003099, + 0x000030f4, 0x00000002, 0x000030a6, 0x00003099, + 0x000030ac, 0x00000002, 0x000030ab, 0x00003099, + 0x000030ae, 0x00000002, 0x000030ad, 0x00003099, + 0x000030b0, 0x00000002, 0x000030af, 0x00003099, + 0x000030b2, 0x00000002, 0x000030b1, 0x00003099, + 0x000030b4, 0x00000002, 0x000030b3, 0x00003099, + 0x000030b6, 0x00000002, 0x000030b5, 0x00003099, + 0x000030b8, 0x00000002, 0x000030b7, 0x00003099, + 0x000030ba, 0x00000002, 0x000030b9, 0x00003099, + 0x000030bc, 0x00000002, 0x000030bb, 0x00003099, + 0x000030be, 0x00000002, 0x000030bd, 0x00003099, + 0x000030c0, 0x00000002, 0x000030bf, 0x00003099, + 0x000030c2, 0x00000002, 0x000030c1, 0x00003099, + 0x000030c5, 0x00000002, 0x000030c4, 0x00003099, + 0x000030c7, 0x00000002, 0x000030c6, 0x00003099, + 0x000030c9, 0x00000002, 0x000030c8, 0x00003099, + 0x000030d0, 0x00000002, 0x000030cf, 0x00003099, + 0x000030d1, 0x00000002, 0x000030cf, 0x0000309a, + 0x000030d3, 0x00000002, 0x000030d2, 0x00003099, + 0x000030d4, 0x00000002, 0x000030d2, 0x0000309a, + 0x000030d6, 0x00000002, 0x000030d5, 0x00003099, + 0x000030d7, 0x00000002, 0x000030d5, 0x0000309a, + 0x000030d9, 0x00000002, 0x000030d8, 0x00003099, + 0x000030da, 0x00000002, 0x000030d8, 0x0000309a, + 0x000030dc, 0x00000002, 0x000030db, 0x00003099, + 0x000030dd, 0x00000002, 0x000030db, 0x0000309a, + 0x000030f7, 0x00000002, 0x000030ef, 0x00003099, + 0x000030f8, 0x00000002, 0x000030f0, 0x00003099, + 0x000030f9, 0x00000002, 0x000030f1, 0x00003099, + 0x000030fa, 0x00000002, 0x000030f2, 0x00003099, + 0x000030fe, 0x00000002, 0x000030fd, 0x00003099 +}; + +static const krb5_ui_4 _ucdcmp_size = 3848; + +static const krb5_ui_4 _ucdcmp_nodes[] = { + 0x000000c0, 0x00000000, + 0x000000c1, 0x00000002, + 0x000000c2, 0x00000004, + 0x000000c3, 0x00000006, + 0x000000c4, 0x00000008, + 0x000000c5, 0x0000000a, + 0x000000c7, 0x0000000c, + 0x000000c8, 0x0000000e, + 0x000000c9, 0x00000010, + 0x000000ca, 0x00000012, + 0x000000cb, 0x00000014, + 0x000000cc, 0x00000016, + 0x000000cd, 0x00000018, + 0x000000ce, 0x0000001a, + 0x000000cf, 0x0000001c, + 0x000000d1, 0x0000001e, + 0x000000d2, 0x00000020, + 0x000000d3, 0x00000022, + 0x000000d4, 0x00000024, + 0x000000d5, 0x00000026, + 0x000000d6, 0x00000028, + 0x000000d9, 0x0000002a, + 0x000000da, 0x0000002c, + 0x000000db, 0x0000002e, + 0x000000dc, 0x00000030, + 0x000000dd, 0x00000032, + 0x000000e0, 0x00000034, + 0x000000e1, 0x00000036, + 0x000000e2, 0x00000038, + 0x000000e3, 0x0000003a, + 0x000000e4, 0x0000003c, + 0x000000e5, 0x0000003e, + 0x000000e7, 0x00000040, + 0x000000e8, 0x00000042, + 0x000000e9, 0x00000044, + 0x000000ea, 0x00000046, + 0x000000eb, 0x00000048, + 0x000000ec, 0x0000004a, + 0x000000ed, 0x0000004c, + 0x000000ee, 0x0000004e, + 0x000000ef, 0x00000050, + 0x000000f1, 0x00000052, + 0x000000f2, 0x00000054, + 0x000000f3, 0x00000056, + 0x000000f4, 0x00000058, + 0x000000f5, 0x0000005a, + 0x000000f6, 0x0000005c, + 0x000000f9, 0x0000005e, + 0x000000fa, 0x00000060, + 0x000000fb, 0x00000062, + 0x000000fc, 0x00000064, + 0x000000fd, 0x00000066, + 0x000000ff, 0x00000068, + 0x00000100, 0x0000006a, + 0x00000101, 0x0000006c, + 0x00000102, 0x0000006e, + 0x00000103, 0x00000070, + 0x00000104, 0x00000072, + 0x00000105, 0x00000074, + 0x00000106, 0x00000076, + 0x00000107, 0x00000078, + 0x00000108, 0x0000007a, + 0x00000109, 0x0000007c, + 0x0000010a, 0x0000007e, + 0x0000010b, 0x00000080, + 0x0000010c, 0x00000082, + 0x0000010d, 0x00000084, + 0x0000010e, 0x00000086, + 0x0000010f, 0x00000088, + 0x00000112, 0x0000008a, + 0x00000113, 0x0000008c, + 0x00000114, 0x0000008e, + 0x00000115, 0x00000090, + 0x00000116, 0x00000092, + 0x00000117, 0x00000094, + 0x00000118, 0x00000096, + 0x00000119, 0x00000098, + 0x0000011a, 0x0000009a, + 0x0000011b, 0x0000009c, + 0x0000011c, 0x0000009e, + 0x0000011d, 0x000000a0, + 0x0000011e, 0x000000a2, + 0x0000011f, 0x000000a4, + 0x00000120, 0x000000a6, + 0x00000121, 0x000000a8, + 0x00000122, 0x000000aa, + 0x00000123, 0x000000ac, + 0x00000124, 0x000000ae, + 0x00000125, 0x000000b0, + 0x00000128, 0x000000b2, + 0x00000129, 0x000000b4, + 0x0000012a, 0x000000b6, + 0x0000012b, 0x000000b8, + 0x0000012c, 0x000000ba, + 0x0000012d, 0x000000bc, + 0x0000012e, 0x000000be, + 0x0000012f, 0x000000c0, + 0x00000130, 0x000000c2, + 0x00000134, 0x000000c4, + 0x00000135, 0x000000c6, + 0x00000136, 0x000000c8, + 0x00000137, 0x000000ca, + 0x00000139, 0x000000cc, + 0x0000013a, 0x000000ce, + 0x0000013b, 0x000000d0, + 0x0000013c, 0x000000d2, + 0x0000013d, 0x000000d4, + 0x0000013e, 0x000000d6, + 0x00000143, 0x000000d8, + 0x00000144, 0x000000da, + 0x00000145, 0x000000dc, + 0x00000146, 0x000000de, + 0x00000147, 0x000000e0, + 0x00000148, 0x000000e2, + 0x0000014c, 0x000000e4, + 0x0000014d, 0x000000e6, + 0x0000014e, 0x000000e8, + 0x0000014f, 0x000000ea, + 0x00000150, 0x000000ec, + 0x00000151, 0x000000ee, + 0x00000154, 0x000000f0, + 0x00000155, 0x000000f2, + 0x00000156, 0x000000f4, + 0x00000157, 0x000000f6, + 0x00000158, 0x000000f8, + 0x00000159, 0x000000fa, + 0x0000015a, 0x000000fc, + 0x0000015b, 0x000000fe, + 0x0000015c, 0x00000100, + 0x0000015d, 0x00000102, + 0x0000015e, 0x00000104, + 0x0000015f, 0x00000106, + 0x00000160, 0x00000108, + 0x00000161, 0x0000010a, + 0x00000162, 0x0000010c, + 0x00000163, 0x0000010e, + 0x00000164, 0x00000110, + 0x00000165, 0x00000112, + 0x00000168, 0x00000114, + 0x00000169, 0x00000116, + 0x0000016a, 0x00000118, + 0x0000016b, 0x0000011a, + 0x0000016c, 0x0000011c, + 0x0000016d, 0x0000011e, + 0x0000016e, 0x00000120, + 0x0000016f, 0x00000122, + 0x00000170, 0x00000124, + 0x00000171, 0x00000126, + 0x00000172, 0x00000128, + 0x00000173, 0x0000012a, + 0x00000174, 0x0000012c, + 0x00000175, 0x0000012e, + 0x00000176, 0x00000130, + 0x00000177, 0x00000132, + 0x00000178, 0x00000134, + 0x00000179, 0x00000136, + 0x0000017a, 0x00000138, + 0x0000017b, 0x0000013a, + 0x0000017c, 0x0000013c, + 0x0000017d, 0x0000013e, + 0x0000017e, 0x00000140, + 0x000001a0, 0x00000142, + 0x000001a1, 0x00000144, + 0x000001af, 0x00000146, + 0x000001b0, 0x00000148, + 0x000001cd, 0x0000014a, + 0x000001ce, 0x0000014c, + 0x000001cf, 0x0000014e, + 0x000001d0, 0x00000150, + 0x000001d1, 0x00000152, + 0x000001d2, 0x00000154, + 0x000001d3, 0x00000156, + 0x000001d4, 0x00000158, + 0x000001d5, 0x0000015a, + 0x000001d6, 0x0000015d, + 0x000001d7, 0x00000160, + 0x000001d8, 0x00000163, + 0x000001d9, 0x00000166, + 0x000001da, 0x00000169, + 0x000001db, 0x0000016c, + 0x000001dc, 0x0000016f, + 0x000001de, 0x00000172, + 0x000001df, 0x00000175, + 0x000001e0, 0x00000178, + 0x000001e1, 0x0000017b, + 0x000001e2, 0x0000017e, + 0x000001e3, 0x00000180, + 0x000001e6, 0x00000182, + 0x000001e7, 0x00000184, + 0x000001e8, 0x00000186, + 0x000001e9, 0x00000188, + 0x000001ea, 0x0000018a, + 0x000001eb, 0x0000018c, + 0x000001ec, 0x0000018e, + 0x000001ed, 0x00000191, + 0x000001ee, 0x00000194, + 0x000001ef, 0x00000196, + 0x000001f0, 0x00000198, + 0x000001f4, 0x0000019a, + 0x000001f5, 0x0000019c, + 0x000001f8, 0x0000019e, + 0x000001f9, 0x000001a0, + 0x000001fa, 0x000001a2, + 0x000001fb, 0x000001a5, + 0x000001fc, 0x000001a8, + 0x000001fd, 0x000001aa, + 0x000001fe, 0x000001ac, + 0x000001ff, 0x000001ae, + 0x00000200, 0x000001b0, + 0x00000201, 0x000001b2, + 0x00000202, 0x000001b4, + 0x00000203, 0x000001b6, + 0x00000204, 0x000001b8, + 0x00000205, 0x000001ba, + 0x00000206, 0x000001bc, + 0x00000207, 0x000001be, + 0x00000208, 0x000001c0, + 0x00000209, 0x000001c2, + 0x0000020a, 0x000001c4, + 0x0000020b, 0x000001c6, + 0x0000020c, 0x000001c8, + 0x0000020d, 0x000001ca, + 0x0000020e, 0x000001cc, + 0x0000020f, 0x000001ce, + 0x00000210, 0x000001d0, + 0x00000211, 0x000001d2, + 0x00000212, 0x000001d4, + 0x00000213, 0x000001d6, + 0x00000214, 0x000001d8, + 0x00000215, 0x000001da, + 0x00000216, 0x000001dc, + 0x00000217, 0x000001de, + 0x00000218, 0x000001e0, + 0x00000219, 0x000001e2, + 0x0000021a, 0x000001e4, + 0x0000021b, 0x000001e6, + 0x0000021e, 0x000001e8, + 0x0000021f, 0x000001ea, + 0x00000226, 0x000001ec, + 0x00000227, 0x000001ee, + 0x00000228, 0x000001f0, + 0x00000229, 0x000001f2, + 0x0000022a, 0x000001f4, + 0x0000022b, 0x000001f7, + 0x0000022c, 0x000001fa, + 0x0000022d, 0x000001fd, + 0x0000022e, 0x00000200, + 0x0000022f, 0x00000202, + 0x00000230, 0x00000204, + 0x00000231, 0x00000207, + 0x00000232, 0x0000020a, + 0x00000233, 0x0000020c, + 0x00000340, 0x0000020e, + 0x00000341, 0x0000020f, + 0x00000343, 0x00000210, + 0x00000344, 0x00000211, + 0x00000374, 0x00000213, + 0x0000037e, 0x00000214, + 0x00000385, 0x00000215, + 0x00000386, 0x00000217, + 0x00000387, 0x00000219, + 0x00000388, 0x0000021a, + 0x00000389, 0x0000021c, + 0x0000038a, 0x0000021e, + 0x0000038c, 0x00000220, + 0x0000038e, 0x00000222, + 0x0000038f, 0x00000224, + 0x00000390, 0x00000226, + 0x000003aa, 0x00000229, + 0x000003ab, 0x0000022b, + 0x000003ac, 0x0000022d, + 0x000003ad, 0x0000022f, + 0x000003ae, 0x00000231, + 0x000003af, 0x00000233, + 0x000003b0, 0x00000235, + 0x000003ca, 0x00000238, + 0x000003cb, 0x0000023a, + 0x000003cc, 0x0000023c, + 0x000003cd, 0x0000023e, + 0x000003ce, 0x00000240, + 0x000003d3, 0x00000242, + 0x000003d4, 0x00000244, + 0x00000400, 0x00000246, + 0x00000401, 0x00000248, + 0x00000403, 0x0000024a, + 0x00000407, 0x0000024c, + 0x0000040c, 0x0000024e, + 0x0000040d, 0x00000250, + 0x0000040e, 0x00000252, + 0x00000419, 0x00000254, + 0x00000439, 0x00000256, + 0x00000450, 0x00000258, + 0x00000451, 0x0000025a, + 0x00000453, 0x0000025c, + 0x00000457, 0x0000025e, + 0x0000045c, 0x00000260, + 0x0000045d, 0x00000262, + 0x0000045e, 0x00000264, + 0x00000476, 0x00000266, + 0x00000477, 0x00000268, + 0x000004c1, 0x0000026a, + 0x000004c2, 0x0000026c, + 0x000004d0, 0x0000026e, + 0x000004d1, 0x00000270, + 0x000004d2, 0x00000272, + 0x000004d3, 0x00000274, + 0x000004d6, 0x00000276, + 0x000004d7, 0x00000278, + 0x000004da, 0x0000027a, + 0x000004db, 0x0000027c, + 0x000004dc, 0x0000027e, + 0x000004dd, 0x00000280, + 0x000004de, 0x00000282, + 0x000004df, 0x00000284, + 0x000004e2, 0x00000286, + 0x000004e3, 0x00000288, + 0x000004e4, 0x0000028a, + 0x000004e5, 0x0000028c, + 0x000004e6, 0x0000028e, + 0x000004e7, 0x00000290, + 0x000004ea, 0x00000292, + 0x000004eb, 0x00000294, + 0x000004ec, 0x00000296, + 0x000004ed, 0x00000298, + 0x000004ee, 0x0000029a, + 0x000004ef, 0x0000029c, + 0x000004f0, 0x0000029e, + 0x000004f1, 0x000002a0, + 0x000004f2, 0x000002a2, + 0x000004f3, 0x000002a4, + 0x000004f4, 0x000002a6, + 0x000004f5, 0x000002a8, + 0x000004f8, 0x000002aa, + 0x000004f9, 0x000002ac, + 0x00000622, 0x000002ae, + 0x00000623, 0x000002b0, + 0x00000624, 0x000002b2, + 0x00000625, 0x000002b4, + 0x00000626, 0x000002b6, + 0x000006c0, 0x000002b8, + 0x000006c2, 0x000002ba, + 0x000006d3, 0x000002bc, + 0x00000929, 0x000002be, + 0x00000931, 0x000002c0, + 0x00000934, 0x000002c2, + 0x00000958, 0x000002c4, + 0x00000959, 0x000002c6, + 0x0000095a, 0x000002c8, + 0x0000095b, 0x000002ca, + 0x0000095c, 0x000002cc, + 0x0000095d, 0x000002ce, + 0x0000095e, 0x000002d0, + 0x0000095f, 0x000002d2, + 0x000009cb, 0x000002d4, + 0x000009cc, 0x000002d6, + 0x000009dc, 0x000002d8, + 0x000009dd, 0x000002da, + 0x000009df, 0x000002dc, + 0x00000a33, 0x000002de, + 0x00000a36, 0x000002e0, + 0x00000a59, 0x000002e2, + 0x00000a5a, 0x000002e4, + 0x00000a5b, 0x000002e6, + 0x00000a5e, 0x000002e8, + 0x00000b48, 0x000002ea, + 0x00000b4b, 0x000002ec, + 0x00000b4c, 0x000002ee, + 0x00000b5c, 0x000002f0, + 0x00000b5d, 0x000002f2, + 0x00000b94, 0x000002f4, + 0x00000bca, 0x000002f6, + 0x00000bcb, 0x000002f8, + 0x00000bcc, 0x000002fa, + 0x00000c48, 0x000002fc, + 0x00000cc0, 0x000002fe, + 0x00000cc7, 0x00000300, + 0x00000cc8, 0x00000302, + 0x00000cca, 0x00000304, + 0x00000ccb, 0x00000306, + 0x00000d4a, 0x00000309, + 0x00000d4b, 0x0000030b, + 0x00000d4c, 0x0000030d, + 0x00000dda, 0x0000030f, + 0x00000ddc, 0x00000311, + 0x00000ddd, 0x00000313, + 0x00000dde, 0x00000316, + 0x00000f43, 0x00000318, + 0x00000f4d, 0x0000031a, + 0x00000f52, 0x0000031c, + 0x00000f57, 0x0000031e, + 0x00000f5c, 0x00000320, + 0x00000f69, 0x00000322, + 0x00000f73, 0x00000324, + 0x00000f75, 0x00000326, + 0x00000f76, 0x00000328, + 0x00000f78, 0x0000032a, + 0x00000f81, 0x0000032c, + 0x00000f93, 0x0000032e, + 0x00000f9d, 0x00000330, + 0x00000fa2, 0x00000332, + 0x00000fa7, 0x00000334, + 0x00000fac, 0x00000336, + 0x00000fb9, 0x00000338, + 0x00001026, 0x0000033a, + 0x00001e00, 0x0000033c, + 0x00001e01, 0x0000033e, + 0x00001e02, 0x00000340, + 0x00001e03, 0x00000342, + 0x00001e04, 0x00000344, + 0x00001e05, 0x00000346, + 0x00001e06, 0x00000348, + 0x00001e07, 0x0000034a, + 0x00001e08, 0x0000034c, + 0x00001e09, 0x0000034f, + 0x00001e0a, 0x00000352, + 0x00001e0b, 0x00000354, + 0x00001e0c, 0x00000356, + 0x00001e0d, 0x00000358, + 0x00001e0e, 0x0000035a, + 0x00001e0f, 0x0000035c, + 0x00001e10, 0x0000035e, + 0x00001e11, 0x00000360, + 0x00001e12, 0x00000362, + 0x00001e13, 0x00000364, + 0x00001e14, 0x00000366, + 0x00001e15, 0x00000369, + 0x00001e16, 0x0000036c, + 0x00001e17, 0x0000036f, + 0x00001e18, 0x00000372, + 0x00001e19, 0x00000374, + 0x00001e1a, 0x00000376, + 0x00001e1b, 0x00000378, + 0x00001e1c, 0x0000037a, + 0x00001e1d, 0x0000037d, + 0x00001e1e, 0x00000380, + 0x00001e1f, 0x00000382, + 0x00001e20, 0x00000384, + 0x00001e21, 0x00000386, + 0x00001e22, 0x00000388, + 0x00001e23, 0x0000038a, + 0x00001e24, 0x0000038c, + 0x00001e25, 0x0000038e, + 0x00001e26, 0x00000390, + 0x00001e27, 0x00000392, + 0x00001e28, 0x00000394, + 0x00001e29, 0x00000396, + 0x00001e2a, 0x00000398, + 0x00001e2b, 0x0000039a, + 0x00001e2c, 0x0000039c, + 0x00001e2d, 0x0000039e, + 0x00001e2e, 0x000003a0, + 0x00001e2f, 0x000003a3, + 0x00001e30, 0x000003a6, + 0x00001e31, 0x000003a8, + 0x00001e32, 0x000003aa, + 0x00001e33, 0x000003ac, + 0x00001e34, 0x000003ae, + 0x00001e35, 0x000003b0, + 0x00001e36, 0x000003b2, + 0x00001e37, 0x000003b4, + 0x00001e38, 0x000003b6, + 0x00001e39, 0x000003b9, + 0x00001e3a, 0x000003bc, + 0x00001e3b, 0x000003be, + 0x00001e3c, 0x000003c0, + 0x00001e3d, 0x000003c2, + 0x00001e3e, 0x000003c4, + 0x00001e3f, 0x000003c6, + 0x00001e40, 0x000003c8, + 0x00001e41, 0x000003ca, + 0x00001e42, 0x000003cc, + 0x00001e43, 0x000003ce, + 0x00001e44, 0x000003d0, + 0x00001e45, 0x000003d2, + 0x00001e46, 0x000003d4, + 0x00001e47, 0x000003d6, + 0x00001e48, 0x000003d8, + 0x00001e49, 0x000003da, + 0x00001e4a, 0x000003dc, + 0x00001e4b, 0x000003de, + 0x00001e4c, 0x000003e0, + 0x00001e4d, 0x000003e3, + 0x00001e4e, 0x000003e6, + 0x00001e4f, 0x000003e9, + 0x00001e50, 0x000003ec, + 0x00001e51, 0x000003ef, + 0x00001e52, 0x000003f2, + 0x00001e53, 0x000003f5, + 0x00001e54, 0x000003f8, + 0x00001e55, 0x000003fa, + 0x00001e56, 0x000003fc, + 0x00001e57, 0x000003fe, + 0x00001e58, 0x00000400, + 0x00001e59, 0x00000402, + 0x00001e5a, 0x00000404, + 0x00001e5b, 0x00000406, + 0x00001e5c, 0x00000408, + 0x00001e5d, 0x0000040b, + 0x00001e5e, 0x0000040e, + 0x00001e5f, 0x00000410, + 0x00001e60, 0x00000412, + 0x00001e61, 0x00000414, + 0x00001e62, 0x00000416, + 0x00001e63, 0x00000418, + 0x00001e64, 0x0000041a, + 0x00001e65, 0x0000041d, + 0x00001e66, 0x00000420, + 0x00001e67, 0x00000423, + 0x00001e68, 0x00000426, + 0x00001e69, 0x00000429, + 0x00001e6a, 0x0000042c, + 0x00001e6b, 0x0000042e, + 0x00001e6c, 0x00000430, + 0x00001e6d, 0x00000432, + 0x00001e6e, 0x00000434, + 0x00001e6f, 0x00000436, + 0x00001e70, 0x00000438, + 0x00001e71, 0x0000043a, + 0x00001e72, 0x0000043c, + 0x00001e73, 0x0000043e, + 0x00001e74, 0x00000440, + 0x00001e75, 0x00000442, + 0x00001e76, 0x00000444, + 0x00001e77, 0x00000446, + 0x00001e78, 0x00000448, + 0x00001e79, 0x0000044b, + 0x00001e7a, 0x0000044e, + 0x00001e7b, 0x00000451, + 0x00001e7c, 0x00000454, + 0x00001e7d, 0x00000456, + 0x00001e7e, 0x00000458, + 0x00001e7f, 0x0000045a, + 0x00001e80, 0x0000045c, + 0x00001e81, 0x0000045e, + 0x00001e82, 0x00000460, + 0x00001e83, 0x00000462, + 0x00001e84, 0x00000464, + 0x00001e85, 0x00000466, + 0x00001e86, 0x00000468, + 0x00001e87, 0x0000046a, + 0x00001e88, 0x0000046c, + 0x00001e89, 0x0000046e, + 0x00001e8a, 0x00000470, + 0x00001e8b, 0x00000472, + 0x00001e8c, 0x00000474, + 0x00001e8d, 0x00000476, + 0x00001e8e, 0x00000478, + 0x00001e8f, 0x0000047a, + 0x00001e90, 0x0000047c, + 0x00001e91, 0x0000047e, + 0x00001e92, 0x00000480, + 0x00001e93, 0x00000482, + 0x00001e94, 0x00000484, + 0x00001e95, 0x00000486, + 0x00001e96, 0x00000488, + 0x00001e97, 0x0000048a, + 0x00001e98, 0x0000048c, + 0x00001e99, 0x0000048e, + 0x00001e9b, 0x00000490, + 0x00001ea0, 0x00000492, + 0x00001ea1, 0x00000494, + 0x00001ea2, 0x00000496, + 0x00001ea3, 0x00000498, + 0x00001ea4, 0x0000049a, + 0x00001ea5, 0x0000049d, + 0x00001ea6, 0x000004a0, + 0x00001ea7, 0x000004a3, + 0x00001ea8, 0x000004a6, + 0x00001ea9, 0x000004a9, + 0x00001eaa, 0x000004ac, + 0x00001eab, 0x000004af, + 0x00001eac, 0x000004b2, + 0x00001ead, 0x000004b5, + 0x00001eae, 0x000004b8, + 0x00001eaf, 0x000004bb, + 0x00001eb0, 0x000004be, + 0x00001eb1, 0x000004c1, + 0x00001eb2, 0x000004c4, + 0x00001eb3, 0x000004c7, + 0x00001eb4, 0x000004ca, + 0x00001eb5, 0x000004cd, + 0x00001eb6, 0x000004d0, + 0x00001eb7, 0x000004d3, + 0x00001eb8, 0x000004d6, + 0x00001eb9, 0x000004d8, + 0x00001eba, 0x000004da, + 0x00001ebb, 0x000004dc, + 0x00001ebc, 0x000004de, + 0x00001ebd, 0x000004e0, + 0x00001ebe, 0x000004e2, + 0x00001ebf, 0x000004e5, + 0x00001ec0, 0x000004e8, + 0x00001ec1, 0x000004eb, + 0x00001ec2, 0x000004ee, + 0x00001ec3, 0x000004f1, + 0x00001ec4, 0x000004f4, + 0x00001ec5, 0x000004f7, + 0x00001ec6, 0x000004fa, + 0x00001ec7, 0x000004fd, + 0x00001ec8, 0x00000500, + 0x00001ec9, 0x00000502, + 0x00001eca, 0x00000504, + 0x00001ecb, 0x00000506, + 0x00001ecc, 0x00000508, + 0x00001ecd, 0x0000050a, + 0x00001ece, 0x0000050c, + 0x00001ecf, 0x0000050e, + 0x00001ed0, 0x00000510, + 0x00001ed1, 0x00000513, + 0x00001ed2, 0x00000516, + 0x00001ed3, 0x00000519, + 0x00001ed4, 0x0000051c, + 0x00001ed5, 0x0000051f, + 0x00001ed6, 0x00000522, + 0x00001ed7, 0x00000525, + 0x00001ed8, 0x00000528, + 0x00001ed9, 0x0000052b, + 0x00001eda, 0x0000052e, + 0x00001edb, 0x00000531, + 0x00001edc, 0x00000534, + 0x00001edd, 0x00000537, + 0x00001ede, 0x0000053a, + 0x00001edf, 0x0000053d, + 0x00001ee0, 0x00000540, + 0x00001ee1, 0x00000543, + 0x00001ee2, 0x00000546, + 0x00001ee3, 0x00000549, + 0x00001ee4, 0x0000054c, + 0x00001ee5, 0x0000054e, + 0x00001ee6, 0x00000550, + 0x00001ee7, 0x00000552, + 0x00001ee8, 0x00000554, + 0x00001ee9, 0x00000557, + 0x00001eea, 0x0000055a, + 0x00001eeb, 0x0000055d, + 0x00001eec, 0x00000560, + 0x00001eed, 0x00000563, + 0x00001eee, 0x00000566, + 0x00001eef, 0x00000569, + 0x00001ef0, 0x0000056c, + 0x00001ef1, 0x0000056f, + 0x00001ef2, 0x00000572, + 0x00001ef3, 0x00000574, + 0x00001ef4, 0x00000576, + 0x00001ef5, 0x00000578, + 0x00001ef6, 0x0000057a, + 0x00001ef7, 0x0000057c, + 0x00001ef8, 0x0000057e, + 0x00001ef9, 0x00000580, + 0x00001f00, 0x00000582, + 0x00001f01, 0x00000584, + 0x00001f02, 0x00000586, + 0x00001f03, 0x00000589, + 0x00001f04, 0x0000058c, + 0x00001f05, 0x0000058f, + 0x00001f06, 0x00000592, + 0x00001f07, 0x00000595, + 0x00001f08, 0x00000598, + 0x00001f09, 0x0000059a, + 0x00001f0a, 0x0000059c, + 0x00001f0b, 0x0000059f, + 0x00001f0c, 0x000005a2, + 0x00001f0d, 0x000005a5, + 0x00001f0e, 0x000005a8, + 0x00001f0f, 0x000005ab, + 0x00001f10, 0x000005ae, + 0x00001f11, 0x000005b0, + 0x00001f12, 0x000005b2, + 0x00001f13, 0x000005b5, + 0x00001f14, 0x000005b8, + 0x00001f15, 0x000005bb, + 0x00001f18, 0x000005be, + 0x00001f19, 0x000005c0, + 0x00001f1a, 0x000005c2, + 0x00001f1b, 0x000005c5, + 0x00001f1c, 0x000005c8, + 0x00001f1d, 0x000005cb, + 0x00001f20, 0x000005ce, + 0x00001f21, 0x000005d0, + 0x00001f22, 0x000005d2, + 0x00001f23, 0x000005d5, + 0x00001f24, 0x000005d8, + 0x00001f25, 0x000005db, + 0x00001f26, 0x000005de, + 0x00001f27, 0x000005e1, + 0x00001f28, 0x000005e4, + 0x00001f29, 0x000005e6, + 0x00001f2a, 0x000005e8, + 0x00001f2b, 0x000005eb, + 0x00001f2c, 0x000005ee, + 0x00001f2d, 0x000005f1, + 0x00001f2e, 0x000005f4, + 0x00001f2f, 0x000005f7, + 0x00001f30, 0x000005fa, + 0x00001f31, 0x000005fc, + 0x00001f32, 0x000005fe, + 0x00001f33, 0x00000601, + 0x00001f34, 0x00000604, + 0x00001f35, 0x00000607, + 0x00001f36, 0x0000060a, + 0x00001f37, 0x0000060d, + 0x00001f38, 0x00000610, + 0x00001f39, 0x00000612, + 0x00001f3a, 0x00000614, + 0x00001f3b, 0x00000617, + 0x00001f3c, 0x0000061a, + 0x00001f3d, 0x0000061d, + 0x00001f3e, 0x00000620, + 0x00001f3f, 0x00000623, + 0x00001f40, 0x00000626, + 0x00001f41, 0x00000628, + 0x00001f42, 0x0000062a, + 0x00001f43, 0x0000062d, + 0x00001f44, 0x00000630, + 0x00001f45, 0x00000633, + 0x00001f48, 0x00000636, + 0x00001f49, 0x00000638, + 0x00001f4a, 0x0000063a, + 0x00001f4b, 0x0000063d, + 0x00001f4c, 0x00000640, + 0x00001f4d, 0x00000643, + 0x00001f50, 0x00000646, + 0x00001f51, 0x00000648, + 0x00001f52, 0x0000064a, + 0x00001f53, 0x0000064d, + 0x00001f54, 0x00000650, + 0x00001f55, 0x00000653, + 0x00001f56, 0x00000656, + 0x00001f57, 0x00000659, + 0x00001f59, 0x0000065c, + 0x00001f5b, 0x0000065e, + 0x00001f5d, 0x00000661, + 0x00001f5f, 0x00000664, + 0x00001f60, 0x00000667, + 0x00001f61, 0x00000669, + 0x00001f62, 0x0000066b, + 0x00001f63, 0x0000066e, + 0x00001f64, 0x00000671, + 0x00001f65, 0x00000674, + 0x00001f66, 0x00000677, + 0x00001f67, 0x0000067a, + 0x00001f68, 0x0000067d, + 0x00001f69, 0x0000067f, + 0x00001f6a, 0x00000681, + 0x00001f6b, 0x00000684, + 0x00001f6c, 0x00000687, + 0x00001f6d, 0x0000068a, + 0x00001f6e, 0x0000068d, + 0x00001f6f, 0x00000690, + 0x00001f70, 0x00000693, + 0x00001f71, 0x00000695, + 0x00001f72, 0x00000697, + 0x00001f73, 0x00000699, + 0x00001f74, 0x0000069b, + 0x00001f75, 0x0000069d, + 0x00001f76, 0x0000069f, + 0x00001f77, 0x000006a1, + 0x00001f78, 0x000006a3, + 0x00001f79, 0x000006a5, + 0x00001f7a, 0x000006a7, + 0x00001f7b, 0x000006a9, + 0x00001f7c, 0x000006ab, + 0x00001f7d, 0x000006ad, + 0x00001f80, 0x000006af, + 0x00001f81, 0x000006b2, + 0x00001f82, 0x000006b5, + 0x00001f83, 0x000006b9, + 0x00001f84, 0x000006bd, + 0x00001f85, 0x000006c1, + 0x00001f86, 0x000006c5, + 0x00001f87, 0x000006c9, + 0x00001f88, 0x000006cd, + 0x00001f89, 0x000006d0, + 0x00001f8a, 0x000006d3, + 0x00001f8b, 0x000006d7, + 0x00001f8c, 0x000006db, + 0x00001f8d, 0x000006df, + 0x00001f8e, 0x000006e3, + 0x00001f8f, 0x000006e7, + 0x00001f90, 0x000006eb, + 0x00001f91, 0x000006ee, + 0x00001f92, 0x000006f1, + 0x00001f93, 0x000006f5, + 0x00001f94, 0x000006f9, + 0x00001f95, 0x000006fd, + 0x00001f96, 0x00000701, + 0x00001f97, 0x00000705, + 0x00001f98, 0x00000709, + 0x00001f99, 0x0000070c, + 0x00001f9a, 0x0000070f, + 0x00001f9b, 0x00000713, + 0x00001f9c, 0x00000717, + 0x00001f9d, 0x0000071b, + 0x00001f9e, 0x0000071f, + 0x00001f9f, 0x00000723, + 0x00001fa0, 0x00000727, + 0x00001fa1, 0x0000072a, + 0x00001fa2, 0x0000072d, + 0x00001fa3, 0x00000731, + 0x00001fa4, 0x00000735, + 0x00001fa5, 0x00000739, + 0x00001fa6, 0x0000073d, + 0x00001fa7, 0x00000741, + 0x00001fa8, 0x00000745, + 0x00001fa9, 0x00000748, + 0x00001faa, 0x0000074b, + 0x00001fab, 0x0000074f, + 0x00001fac, 0x00000753, + 0x00001fad, 0x00000757, + 0x00001fae, 0x0000075b, + 0x00001faf, 0x0000075f, + 0x00001fb0, 0x00000763, + 0x00001fb1, 0x00000765, + 0x00001fb2, 0x00000767, + 0x00001fb3, 0x0000076a, + 0x00001fb4, 0x0000076c, + 0x00001fb6, 0x0000076f, + 0x00001fb7, 0x00000771, + 0x00001fb8, 0x00000774, + 0x00001fb9, 0x00000776, + 0x00001fba, 0x00000778, + 0x00001fbb, 0x0000077a, + 0x00001fbc, 0x0000077c, + 0x00001fbe, 0x0000077e, + 0x00001fc1, 0x0000077f, + 0x00001fc2, 0x00000781, + 0x00001fc3, 0x00000784, + 0x00001fc4, 0x00000786, + 0x00001fc6, 0x00000789, + 0x00001fc7, 0x0000078b, + 0x00001fc8, 0x0000078e, + 0x00001fc9, 0x00000790, + 0x00001fca, 0x00000792, + 0x00001fcb, 0x00000794, + 0x00001fcc, 0x00000796, + 0x00001fcd, 0x00000798, + 0x00001fce, 0x0000079a, + 0x00001fcf, 0x0000079c, + 0x00001fd0, 0x0000079e, + 0x00001fd1, 0x000007a0, + 0x00001fd2, 0x000007a2, + 0x00001fd3, 0x000007a5, + 0x00001fd6, 0x000007a8, + 0x00001fd7, 0x000007aa, + 0x00001fd8, 0x000007ad, + 0x00001fd9, 0x000007af, + 0x00001fda, 0x000007b1, + 0x00001fdb, 0x000007b3, + 0x00001fdd, 0x000007b5, + 0x00001fde, 0x000007b7, + 0x00001fdf, 0x000007b9, + 0x00001fe0, 0x000007bb, + 0x00001fe1, 0x000007bd, + 0x00001fe2, 0x000007bf, + 0x00001fe3, 0x000007c2, + 0x00001fe4, 0x000007c5, + 0x00001fe5, 0x000007c7, + 0x00001fe6, 0x000007c9, + 0x00001fe7, 0x000007cb, + 0x00001fe8, 0x000007ce, + 0x00001fe9, 0x000007d0, + 0x00001fea, 0x000007d2, + 0x00001feb, 0x000007d4, + 0x00001fec, 0x000007d6, + 0x00001fed, 0x000007d8, + 0x00001fee, 0x000007da, + 0x00001fef, 0x000007dc, + 0x00001ff2, 0x000007dd, + 0x00001ff3, 0x000007e0, + 0x00001ff4, 0x000007e2, + 0x00001ff6, 0x000007e5, + 0x00001ff7, 0x000007e7, + 0x00001ff8, 0x000007ea, + 0x00001ff9, 0x000007ec, + 0x00001ffa, 0x000007ee, + 0x00001ffb, 0x000007f0, + 0x00001ffc, 0x000007f2, + 0x00001ffd, 0x000007f4, + 0x00002000, 0x000007f5, + 0x00002001, 0x000007f6, + 0x00002126, 0x000007f7, + 0x0000212a, 0x000007f8, + 0x0000212b, 0x000007f9, + 0x0000219a, 0x000007fb, + 0x0000219b, 0x000007fd, + 0x000021ae, 0x000007ff, + 0x000021cd, 0x00000801, + 0x000021ce, 0x00000803, + 0x000021cf, 0x00000805, + 0x00002204, 0x00000807, + 0x00002209, 0x00000809, + 0x0000220c, 0x0000080b, + 0x00002224, 0x0000080d, + 0x00002226, 0x0000080f, + 0x00002241, 0x00000811, + 0x00002244, 0x00000813, + 0x00002247, 0x00000815, + 0x00002249, 0x00000817, + 0x00002260, 0x00000819, + 0x00002262, 0x0000081b, + 0x0000226d, 0x0000081d, + 0x0000226e, 0x0000081f, + 0x0000226f, 0x00000821, + 0x00002270, 0x00000823, + 0x00002271, 0x00000825, + 0x00002274, 0x00000827, + 0x00002275, 0x00000829, + 0x00002278, 0x0000082b, + 0x00002279, 0x0000082d, + 0x00002280, 0x0000082f, + 0x00002281, 0x00000831, + 0x00002284, 0x00000833, + 0x00002285, 0x00000835, + 0x00002288, 0x00000837, + 0x00002289, 0x00000839, + 0x000022ac, 0x0000083b, + 0x000022ad, 0x0000083d, + 0x000022ae, 0x0000083f, + 0x000022af, 0x00000841, + 0x000022e0, 0x00000843, + 0x000022e1, 0x00000845, + 0x000022e2, 0x00000847, + 0x000022e3, 0x00000849, + 0x000022ea, 0x0000084b, + 0x000022eb, 0x0000084d, + 0x000022ec, 0x0000084f, + 0x000022ed, 0x00000851, + 0x00002329, 0x00000853, + 0x0000232a, 0x00000854, + 0x00002adc, 0x00000855, + 0x0000304c, 0x00000857, + 0x0000304e, 0x00000859, + 0x00003050, 0x0000085b, + 0x00003052, 0x0000085d, + 0x00003054, 0x0000085f, + 0x00003056, 0x00000861, + 0x00003058, 0x00000863, + 0x0000305a, 0x00000865, + 0x0000305c, 0x00000867, + 0x0000305e, 0x00000869, + 0x00003060, 0x0000086b, + 0x00003062, 0x0000086d, + 0x00003065, 0x0000086f, + 0x00003067, 0x00000871, + 0x00003069, 0x00000873, + 0x00003070, 0x00000875, + 0x00003071, 0x00000877, + 0x00003073, 0x00000879, + 0x00003074, 0x0000087b, + 0x00003076, 0x0000087d, + 0x00003077, 0x0000087f, + 0x00003079, 0x00000881, + 0x0000307a, 0x00000883, + 0x0000307c, 0x00000885, + 0x0000307d, 0x00000887, + 0x00003094, 0x00000889, + 0x0000309e, 0x0000088b, + 0x000030ac, 0x0000088d, + 0x000030ae, 0x0000088f, + 0x000030b0, 0x00000891, + 0x000030b2, 0x00000893, + 0x000030b4, 0x00000895, + 0x000030b6, 0x00000897, + 0x000030b8, 0x00000899, + 0x000030ba, 0x0000089b, + 0x000030bc, 0x0000089d, + 0x000030be, 0x0000089f, + 0x000030c0, 0x000008a1, + 0x000030c2, 0x000008a3, + 0x000030c5, 0x000008a5, + 0x000030c7, 0x000008a7, + 0x000030c9, 0x000008a9, + 0x000030d0, 0x000008ab, + 0x000030d1, 0x000008ad, + 0x000030d3, 0x000008af, + 0x000030d4, 0x000008b1, + 0x000030d6, 0x000008b3, + 0x000030d7, 0x000008b5, + 0x000030d9, 0x000008b7, + 0x000030da, 0x000008b9, + 0x000030dc, 0x000008bb, + 0x000030dd, 0x000008bd, + 0x000030f4, 0x000008bf, + 0x000030f7, 0x000008c1, + 0x000030f8, 0x000008c3, + 0x000030f9, 0x000008c5, + 0x000030fa, 0x000008c7, + 0x000030fe, 0x000008c9, + 0x0000f902, 0x000008cb, + 0x0000f903, 0x000008cc, + 0x0000f904, 0x000008cd, + 0x0000f905, 0x000008ce, + 0x0000f906, 0x000008cf, + 0x0000f907, 0x000008d0, + 0x0000f908, 0x000008d1, + 0x0000f909, 0x000008d2, + 0x0000f90a, 0x000008d3, + 0x0000f90b, 0x000008d4, + 0x0000f90c, 0x000008d5, + 0x0000f90d, 0x000008d6, + 0x0000f90e, 0x000008d7, + 0x0000f90f, 0x000008d8, + 0x0000f910, 0x000008d9, + 0x0000f911, 0x000008da, + 0x0000f912, 0x000008db, + 0x0000f913, 0x000008dc, + 0x0000f914, 0x000008dd, + 0x0000f915, 0x000008de, + 0x0000f916, 0x000008df, + 0x0000f917, 0x000008e0, + 0x0000f918, 0x000008e1, + 0x0000f919, 0x000008e2, + 0x0000f91a, 0x000008e3, + 0x0000f91b, 0x000008e4, + 0x0000f91c, 0x000008e5, + 0x0000f91d, 0x000008e6, + 0x0000f91e, 0x000008e7, + 0x0000f91f, 0x000008e8, + 0x0000f920, 0x000008e9, + 0x0000f921, 0x000008ea, + 0x0000f922, 0x000008eb, + 0x0000f923, 0x000008ec, + 0x0000f924, 0x000008ed, + 0x0000f925, 0x000008ee, + 0x0000f926, 0x000008ef, + 0x0000f927, 0x000008f0, + 0x0000f928, 0x000008f1, + 0x0000f929, 0x000008f2, + 0x0000f92a, 0x000008f3, + 0x0000f92b, 0x000008f4, + 0x0000f92c, 0x000008f5, + 0x0000f92d, 0x000008f6, + 0x0000f92e, 0x000008f7, + 0x0000f92f, 0x000008f8, + 0x0000f930, 0x000008f9, + 0x0000f931, 0x000008fa, + 0x0000f932, 0x000008fb, + 0x0000f933, 0x000008fc, + 0x0000f934, 0x000008fd, + 0x0000f935, 0x000008fe, + 0x0000f936, 0x000008ff, + 0x0000f937, 0x00000900, + 0x0000f938, 0x00000901, + 0x0000f939, 0x00000902, + 0x0000f93a, 0x00000903, + 0x0000f93b, 0x00000904, + 0x0000f93c, 0x00000905, + 0x0000f93d, 0x00000906, + 0x0000f93e, 0x00000907, + 0x0000f93f, 0x00000908, + 0x0000f940, 0x00000909, + 0x0000f941, 0x0000090a, + 0x0000f942, 0x0000090b, + 0x0000f943, 0x0000090c, + 0x0000f944, 0x0000090d, + 0x0000f945, 0x0000090e, + 0x0000f946, 0x0000090f, + 0x0000f947, 0x00000910, + 0x0000f948, 0x00000911, + 0x0000f949, 0x00000912, + 0x0000f94a, 0x00000913, + 0x0000f94b, 0x00000914, + 0x0000f94c, 0x00000915, + 0x0000f94d, 0x00000916, + 0x0000f94e, 0x00000917, + 0x0000f94f, 0x00000918, + 0x0000f950, 0x00000919, + 0x0000f951, 0x0000091a, + 0x0000f952, 0x0000091b, + 0x0000f953, 0x0000091c, + 0x0000f954, 0x0000091d, + 0x0000f955, 0x0000091e, + 0x0000f956, 0x0000091f, + 0x0000f957, 0x00000920, + 0x0000f958, 0x00000921, + 0x0000f959, 0x00000922, + 0x0000f95a, 0x00000923, + 0x0000f95b, 0x00000924, + 0x0000f95c, 0x00000925, + 0x0000f95d, 0x00000926, + 0x0000f95e, 0x00000927, + 0x0000f95f, 0x00000928, + 0x0000f960, 0x00000929, + 0x0000f961, 0x0000092a, + 0x0000f962, 0x0000092b, + 0x0000f963, 0x0000092c, + 0x0000f964, 0x0000092d, + 0x0000f965, 0x0000092e, + 0x0000f966, 0x0000092f, + 0x0000f967, 0x00000930, + 0x0000f968, 0x00000931, + 0x0000f969, 0x00000932, + 0x0000f96a, 0x00000933, + 0x0000f96b, 0x00000934, + 0x0000f96c, 0x00000935, + 0x0000f96d, 0x00000936, + 0x0000f96e, 0x00000937, + 0x0000f96f, 0x00000938, + 0x0000f970, 0x00000939, + 0x0000f971, 0x0000093a, + 0x0000f972, 0x0000093b, + 0x0000f973, 0x0000093c, + 0x0000f974, 0x0000093d, + 0x0000f975, 0x0000093e, + 0x0000f976, 0x0000093f, + 0x0000f977, 0x00000940, + 0x0000f978, 0x00000941, + 0x0000f979, 0x00000942, + 0x0000f97a, 0x00000943, + 0x0000f97b, 0x00000944, + 0x0000f97c, 0x00000945, + 0x0000f97d, 0x00000946, + 0x0000f97e, 0x00000947, + 0x0000f97f, 0x00000948, + 0x0000f980, 0x00000949, + 0x0000f981, 0x0000094a, + 0x0000f982, 0x0000094b, + 0x0000f983, 0x0000094c, + 0x0000f984, 0x0000094d, + 0x0000f985, 0x0000094e, + 0x0000f986, 0x0000094f, + 0x0000f987, 0x00000950, + 0x0000f988, 0x00000951, + 0x0000f989, 0x00000952, + 0x0000f98a, 0x00000953, + 0x0000f98b, 0x00000954, + 0x0000f98c, 0x00000955, + 0x0000f98d, 0x00000956, + 0x0000f98e, 0x00000957, + 0x0000f98f, 0x00000958, + 0x0000f990, 0x00000959, + 0x0000f991, 0x0000095a, + 0x0000f992, 0x0000095b, + 0x0000f993, 0x0000095c, + 0x0000f994, 0x0000095d, + 0x0000f995, 0x0000095e, + 0x0000f996, 0x0000095f, + 0x0000f997, 0x00000960, + 0x0000f998, 0x00000961, + 0x0000f999, 0x00000962, + 0x0000f99a, 0x00000963, + 0x0000f99b, 0x00000964, + 0x0000f99c, 0x00000965, + 0x0000f99d, 0x00000966, + 0x0000f99e, 0x00000967, + 0x0000f99f, 0x00000968, + 0x0000f9a0, 0x00000969, + 0x0000f9a1, 0x0000096a, + 0x0000f9a2, 0x0000096b, + 0x0000f9a3, 0x0000096c, + 0x0000f9a4, 0x0000096d, + 0x0000f9a5, 0x0000096e, + 0x0000f9a6, 0x0000096f, + 0x0000f9a7, 0x00000970, + 0x0000f9a8, 0x00000971, + 0x0000f9a9, 0x00000972, + 0x0000f9aa, 0x00000973, + 0x0000f9ab, 0x00000974, + 0x0000f9ac, 0x00000975, + 0x0000f9ad, 0x00000976, + 0x0000f9ae, 0x00000977, + 0x0000f9af, 0x00000978, + 0x0000f9b0, 0x00000979, + 0x0000f9b1, 0x0000097a, + 0x0000f9b2, 0x0000097b, + 0x0000f9b3, 0x0000097c, + 0x0000f9b4, 0x0000097d, + 0x0000f9b5, 0x0000097e, + 0x0000f9b6, 0x0000097f, + 0x0000f9b7, 0x00000980, + 0x0000f9b8, 0x00000981, + 0x0000f9b9, 0x00000982, + 0x0000f9ba, 0x00000983, + 0x0000f9bb, 0x00000984, + 0x0000f9bc, 0x00000985, + 0x0000f9bd, 0x00000986, + 0x0000f9be, 0x00000987, + 0x0000f9bf, 0x00000988, + 0x0000f9c0, 0x00000989, + 0x0000f9c1, 0x0000098a, + 0x0000f9c2, 0x0000098b, + 0x0000f9c3, 0x0000098c, + 0x0000f9c4, 0x0000098d, + 0x0000f9c5, 0x0000098e, + 0x0000f9c6, 0x0000098f, + 0x0000f9c7, 0x00000990, + 0x0000f9c8, 0x00000991, + 0x0000f9c9, 0x00000992, + 0x0000f9ca, 0x00000993, + 0x0000f9cb, 0x00000994, + 0x0000f9cc, 0x00000995, + 0x0000f9cd, 0x00000996, + 0x0000f9ce, 0x00000997, + 0x0000f9cf, 0x00000998, + 0x0000f9d0, 0x00000999, + 0x0000f9d1, 0x0000099a, + 0x0000f9d2, 0x0000099b, + 0x0000f9d3, 0x0000099c, + 0x0000f9d4, 0x0000099d, + 0x0000f9d5, 0x0000099e, + 0x0000f9d6, 0x0000099f, + 0x0000f9d7, 0x000009a0, + 0x0000f9d8, 0x000009a1, + 0x0000f9d9, 0x000009a2, + 0x0000f9da, 0x000009a3, + 0x0000f9db, 0x000009a4, + 0x0000f9dc, 0x000009a5, + 0x0000f9dd, 0x000009a6, + 0x0000f9de, 0x000009a7, + 0x0000f9df, 0x000009a8, + 0x0000f9e0, 0x000009a9, + 0x0000f9e1, 0x000009aa, + 0x0000f9e2, 0x000009ab, + 0x0000f9e3, 0x000009ac, + 0x0000f9e4, 0x000009ad, + 0x0000f9e5, 0x000009ae, + 0x0000f9e6, 0x000009af, + 0x0000f9e7, 0x000009b0, + 0x0000f9e8, 0x000009b1, + 0x0000f9e9, 0x000009b2, + 0x0000f9ea, 0x000009b3, + 0x0000f9eb, 0x000009b4, + 0x0000f9ec, 0x000009b5, + 0x0000f9ed, 0x000009b6, + 0x0000f9ee, 0x000009b7, + 0x0000f9ef, 0x000009b8, + 0x0000f9f0, 0x000009b9, + 0x0000f9f1, 0x000009ba, + 0x0000f9f2, 0x000009bb, + 0x0000f9f3, 0x000009bc, + 0x0000f9f4, 0x000009bd, + 0x0000f9f5, 0x000009be, + 0x0000f9f6, 0x000009bf, + 0x0000f9f7, 0x000009c0, + 0x0000f9f8, 0x000009c1, + 0x0000f9f9, 0x000009c2, + 0x0000f9fa, 0x000009c3, + 0x0000f9fb, 0x000009c4, + 0x0000f9fc, 0x000009c5, + 0x0000f9fd, 0x000009c6, + 0x0000f9fe, 0x000009c7, + 0x0000f9ff, 0x000009c8, + 0x0000fa00, 0x000009c9, + 0x0000fa01, 0x000009ca, + 0x0000fa02, 0x000009cb, + 0x0000fa03, 0x000009cc, + 0x0000fa04, 0x000009cd, + 0x0000fa05, 0x000009ce, + 0x0000fa06, 0x000009cf, + 0x0000fa07, 0x000009d0, + 0x0000fa08, 0x000009d1, + 0x0000fa09, 0x000009d2, + 0x0000fa0a, 0x000009d3, + 0x0000fa0b, 0x000009d4, + 0x0000fa0c, 0x000009d5, + 0x0000fa0d, 0x000009d6, + 0x0000fa10, 0x000009d7, + 0x0000fa12, 0x000009d8, + 0x0000fa15, 0x000009d9, + 0x0000fa16, 0x000009da, + 0x0000fa17, 0x000009db, + 0x0000fa18, 0x000009dc, + 0x0000fa19, 0x000009dd, + 0x0000fa1a, 0x000009de, + 0x0000fa1b, 0x000009df, + 0x0000fa1c, 0x000009e0, + 0x0000fa1d, 0x000009e1, + 0x0000fa1e, 0x000009e2, + 0x0000fa20, 0x000009e3, + 0x0000fa22, 0x000009e4, + 0x0000fa25, 0x000009e5, + 0x0000fa26, 0x000009e6, + 0x0000fa2a, 0x000009e7, + 0x0000fa2b, 0x000009e8, + 0x0000fa2c, 0x000009e9, + 0x0000fa2d, 0x000009ea, + 0x0000fa30, 0x000009eb, + 0x0000fa31, 0x000009ec, + 0x0000fa32, 0x000009ed, + 0x0000fa33, 0x000009ee, + 0x0000fa34, 0x000009ef, + 0x0000fa35, 0x000009f0, + 0x0000fa36, 0x000009f1, + 0x0000fa37, 0x000009f2, + 0x0000fa38, 0x000009f3, + 0x0000fa39, 0x000009f4, + 0x0000fa3a, 0x000009f5, + 0x0000fa3b, 0x000009f6, + 0x0000fa3c, 0x000009f7, + 0x0000fa3d, 0x000009f8, + 0x0000fa3e, 0x000009f9, + 0x0000fa3f, 0x000009fa, + 0x0000fa40, 0x000009fb, + 0x0000fa41, 0x000009fc, + 0x0000fa42, 0x000009fd, + 0x0000fa43, 0x000009fe, + 0x0000fa44, 0x000009ff, + 0x0000fa45, 0x00000a00, + 0x0000fa46, 0x00000a01, + 0x0000fa47, 0x00000a02, + 0x0000fa48, 0x00000a03, + 0x0000fa49, 0x00000a04, + 0x0000fa4a, 0x00000a05, + 0x0000fa4b, 0x00000a06, + 0x0000fa4c, 0x00000a07, + 0x0000fa4d, 0x00000a08, + 0x0000fa4e, 0x00000a09, + 0x0000fa4f, 0x00000a0a, + 0x0000fa50, 0x00000a0b, + 0x0000fa51, 0x00000a0c, + 0x0000fa52, 0x00000a0d, + 0x0000fa53, 0x00000a0e, + 0x0000fa54, 0x00000a0f, + 0x0000fa55, 0x00000a10, + 0x0000fa56, 0x00000a11, + 0x0000fa57, 0x00000a12, + 0x0000fa58, 0x00000a13, + 0x0000fa59, 0x00000a14, + 0x0000fa5a, 0x00000a15, + 0x0000fa5b, 0x00000a16, + 0x0000fa5c, 0x00000a17, + 0x0000fa5d, 0x00000a18, + 0x0000fa5e, 0x00000a19, + 0x0000fa5f, 0x00000a1a, + 0x0000fa60, 0x00000a1b, + 0x0000fa61, 0x00000a1c, + 0x0000fa62, 0x00000a1d, + 0x0000fa63, 0x00000a1e, + 0x0000fa64, 0x00000a1f, + 0x0000fa65, 0x00000a20, + 0x0000fa66, 0x00000a21, + 0x0000fa67, 0x00000a22, + 0x0000fa68, 0x00000a23, + 0x0000fa69, 0x00000a24, + 0x0000fa6a, 0x00000a25, + 0x0000fb1d, 0x00000a26, + 0x0000fb1f, 0x00000a28, + 0x0000fb2a, 0x00000a2a, + 0x0000fb2b, 0x00000a2c, + 0x0000fb2c, 0x00000a2e, + 0x0000fb2d, 0x00000a31, + 0x0000fb2e, 0x00000a34, + 0x0000fb2f, 0x00000a36, + 0x0000fb30, 0x00000a38, + 0x0000fb31, 0x00000a3a, + 0x0000fb32, 0x00000a3c, + 0x0000fb33, 0x00000a3e, + 0x0000fb34, 0x00000a40, + 0x0000fb35, 0x00000a42, + 0x0000fb36, 0x00000a44, + 0x0000fb38, 0x00000a46, + 0x0000fb39, 0x00000a48, + 0x0000fb3a, 0x00000a4a, + 0x0000fb3b, 0x00000a4c, + 0x0000fb3c, 0x00000a4e, + 0x0000fb3e, 0x00000a50, + 0x0000fb40, 0x00000a52, + 0x0000fb41, 0x00000a54, + 0x0000fb43, 0x00000a56, + 0x0000fb44, 0x00000a58, + 0x0000fb46, 0x00000a5a, + 0x0000fb47, 0x00000a5c, + 0x0000fb48, 0x00000a5e, + 0x0000fb49, 0x00000a60, + 0x0000fb4a, 0x00000a62, + 0x0000fb4b, 0x00000a64, + 0x0000fb4c, 0x00000a66, + 0x0000fb4d, 0x00000a68, + 0x0000fb4e, 0x00000a6a, + 0x0001d15e, 0x00000a6c, + 0x0001d15f, 0x00000a6e, + 0x0001d160, 0x00000a70, + 0x0001d161, 0x00000a73, + 0x0001d162, 0x00000a76, + 0x0001d163, 0x00000a79, + 0x0001d164, 0x00000a7c, + 0x0001d1bb, 0x00000a7f, + 0x0001d1bc, 0x00000a81, + 0x0001d1bd, 0x00000a83, + 0x0001d1be, 0x00000a86, + 0x0001d1bf, 0x00000a89, + 0x0001d1c0, 0x00000a8c, + 0x0002f800, 0x00000a8f, + 0x0002f801, 0x00000a90, + 0x0002f802, 0x00000a91, + 0x0002f803, 0x00000a92, + 0x0002f804, 0x00000a93, + 0x0002f805, 0x00000a94, + 0x0002f806, 0x00000a95, + 0x0002f807, 0x00000a96, + 0x0002f808, 0x00000a97, + 0x0002f809, 0x00000a98, + 0x0002f80a, 0x00000a99, + 0x0002f80b, 0x00000a9a, + 0x0002f80c, 0x00000a9b, + 0x0002f80d, 0x00000a9c, + 0x0002f80e, 0x00000a9d, + 0x0002f80f, 0x00000a9e, + 0x0002f810, 0x00000a9f, + 0x0002f811, 0x00000aa0, + 0x0002f812, 0x00000aa1, + 0x0002f813, 0x00000aa2, + 0x0002f814, 0x00000aa3, + 0x0002f815, 0x00000aa4, + 0x0002f816, 0x00000aa5, + 0x0002f817, 0x00000aa6, + 0x0002f818, 0x00000aa7, + 0x0002f819, 0x00000aa8, + 0x0002f81a, 0x00000aa9, + 0x0002f81b, 0x00000aaa, + 0x0002f81c, 0x00000aab, + 0x0002f81d, 0x00000aac, + 0x0002f81e, 0x00000aad, + 0x0002f81f, 0x00000aae, + 0x0002f820, 0x00000aaf, + 0x0002f821, 0x00000ab0, + 0x0002f822, 0x00000ab1, + 0x0002f823, 0x00000ab2, + 0x0002f824, 0x00000ab3, + 0x0002f825, 0x00000ab4, + 0x0002f826, 0x00000ab5, + 0x0002f827, 0x00000ab6, + 0x0002f828, 0x00000ab7, + 0x0002f829, 0x00000ab8, + 0x0002f82a, 0x00000ab9, + 0x0002f82b, 0x00000aba, + 0x0002f82c, 0x00000abb, + 0x0002f82d, 0x00000abc, + 0x0002f82e, 0x00000abd, + 0x0002f82f, 0x00000abe, + 0x0002f830, 0x00000abf, + 0x0002f831, 0x00000ac0, + 0x0002f832, 0x00000ac1, + 0x0002f833, 0x00000ac2, + 0x0002f834, 0x00000ac3, + 0x0002f835, 0x00000ac4, + 0x0002f836, 0x00000ac5, + 0x0002f837, 0x00000ac6, + 0x0002f838, 0x00000ac7, + 0x0002f839, 0x00000ac8, + 0x0002f83a, 0x00000ac9, + 0x0002f83b, 0x00000aca, + 0x0002f83c, 0x00000acb, + 0x0002f83d, 0x00000acc, + 0x0002f83e, 0x00000acd, + 0x0002f83f, 0x00000ace, + 0x0002f840, 0x00000acf, + 0x0002f841, 0x00000ad0, + 0x0002f842, 0x00000ad1, + 0x0002f843, 0x00000ad2, + 0x0002f844, 0x00000ad3, + 0x0002f845, 0x00000ad4, + 0x0002f846, 0x00000ad5, + 0x0002f847, 0x00000ad6, + 0x0002f848, 0x00000ad7, + 0x0002f849, 0x00000ad8, + 0x0002f84a, 0x00000ad9, + 0x0002f84b, 0x00000ada, + 0x0002f84c, 0x00000adb, + 0x0002f84d, 0x00000adc, + 0x0002f84e, 0x00000add, + 0x0002f84f, 0x00000ade, + 0x0002f850, 0x00000adf, + 0x0002f851, 0x00000ae0, + 0x0002f852, 0x00000ae1, + 0x0002f853, 0x00000ae2, + 0x0002f854, 0x00000ae3, + 0x0002f855, 0x00000ae4, + 0x0002f856, 0x00000ae5, + 0x0002f857, 0x00000ae6, + 0x0002f858, 0x00000ae7, + 0x0002f859, 0x00000ae8, + 0x0002f85a, 0x00000ae9, + 0x0002f85b, 0x00000aea, + 0x0002f85c, 0x00000aeb, + 0x0002f85d, 0x00000aec, + 0x0002f85e, 0x00000aed, + 0x0002f85f, 0x00000aee, + 0x0002f860, 0x00000aef, + 0x0002f861, 0x00000af0, + 0x0002f862, 0x00000af1, + 0x0002f863, 0x00000af2, + 0x0002f864, 0x00000af3, + 0x0002f865, 0x00000af4, + 0x0002f866, 0x00000af5, + 0x0002f867, 0x00000af6, + 0x0002f868, 0x00000af7, + 0x0002f869, 0x00000af8, + 0x0002f86a, 0x00000af9, + 0x0002f86b, 0x00000afa, + 0x0002f86c, 0x00000afb, + 0x0002f86d, 0x00000afc, + 0x0002f86e, 0x00000afd, + 0x0002f86f, 0x00000afe, + 0x0002f870, 0x00000aff, + 0x0002f871, 0x00000b00, + 0x0002f872, 0x00000b01, + 0x0002f873, 0x00000b02, + 0x0002f874, 0x00000b03, + 0x0002f875, 0x00000b04, + 0x0002f876, 0x00000b05, + 0x0002f877, 0x00000b06, + 0x0002f878, 0x00000b07, + 0x0002f879, 0x00000b08, + 0x0002f87a, 0x00000b09, + 0x0002f87b, 0x00000b0a, + 0x0002f87c, 0x00000b0b, + 0x0002f87d, 0x00000b0c, + 0x0002f87e, 0x00000b0d, + 0x0002f87f, 0x00000b0e, + 0x0002f880, 0x00000b0f, + 0x0002f881, 0x00000b10, + 0x0002f882, 0x00000b11, + 0x0002f883, 0x00000b12, + 0x0002f884, 0x00000b13, + 0x0002f885, 0x00000b14, + 0x0002f886, 0x00000b15, + 0x0002f887, 0x00000b16, + 0x0002f888, 0x00000b17, + 0x0002f889, 0x00000b18, + 0x0002f88a, 0x00000b19, + 0x0002f88b, 0x00000b1a, + 0x0002f88c, 0x00000b1b, + 0x0002f88d, 0x00000b1c, + 0x0002f88e, 0x00000b1d, + 0x0002f88f, 0x00000b1e, + 0x0002f890, 0x00000b1f, + 0x0002f891, 0x00000b20, + 0x0002f892, 0x00000b21, + 0x0002f893, 0x00000b22, + 0x0002f894, 0x00000b23, + 0x0002f895, 0x00000b24, + 0x0002f896, 0x00000b25, + 0x0002f897, 0x00000b26, + 0x0002f898, 0x00000b27, + 0x0002f899, 0x00000b28, + 0x0002f89a, 0x00000b29, + 0x0002f89b, 0x00000b2a, + 0x0002f89c, 0x00000b2b, + 0x0002f89d, 0x00000b2c, + 0x0002f89e, 0x00000b2d, + 0x0002f89f, 0x00000b2e, + 0x0002f8a0, 0x00000b2f, + 0x0002f8a1, 0x00000b30, + 0x0002f8a2, 0x00000b31, + 0x0002f8a3, 0x00000b32, + 0x0002f8a4, 0x00000b33, + 0x0002f8a5, 0x00000b34, + 0x0002f8a6, 0x00000b35, + 0x0002f8a7, 0x00000b36, + 0x0002f8a8, 0x00000b37, + 0x0002f8a9, 0x00000b38, + 0x0002f8aa, 0x00000b39, + 0x0002f8ab, 0x00000b3a, + 0x0002f8ac, 0x00000b3b, + 0x0002f8ad, 0x00000b3c, + 0x0002f8ae, 0x00000b3d, + 0x0002f8af, 0x00000b3e, + 0x0002f8b0, 0x00000b3f, + 0x0002f8b1, 0x00000b40, + 0x0002f8b2, 0x00000b41, + 0x0002f8b3, 0x00000b42, + 0x0002f8b4, 0x00000b43, + 0x0002f8b5, 0x00000b44, + 0x0002f8b6, 0x00000b45, + 0x0002f8b7, 0x00000b46, + 0x0002f8b8, 0x00000b47, + 0x0002f8b9, 0x00000b48, + 0x0002f8ba, 0x00000b49, + 0x0002f8bb, 0x00000b4a, + 0x0002f8bc, 0x00000b4b, + 0x0002f8bd, 0x00000b4c, + 0x0002f8be, 0x00000b4d, + 0x0002f8bf, 0x00000b4e, + 0x0002f8c0, 0x00000b4f, + 0x0002f8c1, 0x00000b50, + 0x0002f8c2, 0x00000b51, + 0x0002f8c3, 0x00000b52, + 0x0002f8c4, 0x00000b53, + 0x0002f8c5, 0x00000b54, + 0x0002f8c6, 0x00000b55, + 0x0002f8c7, 0x00000b56, + 0x0002f8c8, 0x00000b57, + 0x0002f8c9, 0x00000b58, + 0x0002f8ca, 0x00000b59, + 0x0002f8cb, 0x00000b5a, + 0x0002f8cc, 0x00000b5b, + 0x0002f8cd, 0x00000b5c, + 0x0002f8ce, 0x00000b5d, + 0x0002f8cf, 0x00000b5e, + 0x0002f8d0, 0x00000b5f, + 0x0002f8d1, 0x00000b60, + 0x0002f8d2, 0x00000b61, + 0x0002f8d3, 0x00000b62, + 0x0002f8d4, 0x00000b63, + 0x0002f8d5, 0x00000b64, + 0x0002f8d6, 0x00000b65, + 0x0002f8d7, 0x00000b66, + 0x0002f8d8, 0x00000b67, + 0x0002f8d9, 0x00000b68, + 0x0002f8da, 0x00000b69, + 0x0002f8db, 0x00000b6a, + 0x0002f8dc, 0x00000b6b, + 0x0002f8dd, 0x00000b6c, + 0x0002f8de, 0x00000b6d, + 0x0002f8df, 0x00000b6e, + 0x0002f8e0, 0x00000b6f, + 0x0002f8e1, 0x00000b70, + 0x0002f8e2, 0x00000b71, + 0x0002f8e3, 0x00000b72, + 0x0002f8e4, 0x00000b73, + 0x0002f8e5, 0x00000b74, + 0x0002f8e6, 0x00000b75, + 0x0002f8e7, 0x00000b76, + 0x0002f8e8, 0x00000b77, + 0x0002f8e9, 0x00000b78, + 0x0002f8ea, 0x00000b79, + 0x0002f8eb, 0x00000b7a, + 0x0002f8ec, 0x00000b7b, + 0x0002f8ed, 0x00000b7c, + 0x0002f8ee, 0x00000b7d, + 0x0002f8ef, 0x00000b7e, + 0x0002f8f0, 0x00000b7f, + 0x0002f8f1, 0x00000b80, + 0x0002f8f2, 0x00000b81, + 0x0002f8f3, 0x00000b82, + 0x0002f8f4, 0x00000b83, + 0x0002f8f5, 0x00000b84, + 0x0002f8f6, 0x00000b85, + 0x0002f8f7, 0x00000b86, + 0x0002f8f8, 0x00000b87, + 0x0002f8f9, 0x00000b88, + 0x0002f8fa, 0x00000b89, + 0x0002f8fb, 0x00000b8a, + 0x0002f8fc, 0x00000b8b, + 0x0002f8fd, 0x00000b8c, + 0x0002f8fe, 0x00000b8d, + 0x0002f8ff, 0x00000b8e, + 0x0002f900, 0x00000b8f, + 0x0002f901, 0x00000b90, + 0x0002f902, 0x00000b91, + 0x0002f903, 0x00000b92, + 0x0002f904, 0x00000b93, + 0x0002f905, 0x00000b94, + 0x0002f906, 0x00000b95, + 0x0002f907, 0x00000b96, + 0x0002f908, 0x00000b97, + 0x0002f909, 0x00000b98, + 0x0002f90a, 0x00000b99, + 0x0002f90b, 0x00000b9a, + 0x0002f90c, 0x00000b9b, + 0x0002f90d, 0x00000b9c, + 0x0002f90e, 0x00000b9d, + 0x0002f90f, 0x00000b9e, + 0x0002f910, 0x00000b9f, + 0x0002f911, 0x00000ba0, + 0x0002f912, 0x00000ba1, + 0x0002f913, 0x00000ba2, + 0x0002f914, 0x00000ba3, + 0x0002f915, 0x00000ba4, + 0x0002f916, 0x00000ba5, + 0x0002f917, 0x00000ba6, + 0x0002f918, 0x00000ba7, + 0x0002f919, 0x00000ba8, + 0x0002f91a, 0x00000ba9, + 0x0002f91b, 0x00000baa, + 0x0002f91c, 0x00000bab, + 0x0002f91d, 0x00000bac, + 0x0002f91e, 0x00000bad, + 0x0002f91f, 0x00000bae, + 0x0002f920, 0x00000baf, + 0x0002f921, 0x00000bb0, + 0x0002f922, 0x00000bb1, + 0x0002f923, 0x00000bb2, + 0x0002f924, 0x00000bb3, + 0x0002f925, 0x00000bb4, + 0x0002f926, 0x00000bb5, + 0x0002f927, 0x00000bb6, + 0x0002f928, 0x00000bb7, + 0x0002f929, 0x00000bb8, + 0x0002f92a, 0x00000bb9, + 0x0002f92b, 0x00000bba, + 0x0002f92c, 0x00000bbb, + 0x0002f92d, 0x00000bbc, + 0x0002f92e, 0x00000bbd, + 0x0002f92f, 0x00000bbe, + 0x0002f930, 0x00000bbf, + 0x0002f931, 0x00000bc0, + 0x0002f932, 0x00000bc1, + 0x0002f933, 0x00000bc2, + 0x0002f934, 0x00000bc3, + 0x0002f935, 0x00000bc4, + 0x0002f936, 0x00000bc5, + 0x0002f937, 0x00000bc6, + 0x0002f938, 0x00000bc7, + 0x0002f939, 0x00000bc8, + 0x0002f93a, 0x00000bc9, + 0x0002f93b, 0x00000bca, + 0x0002f93c, 0x00000bcb, + 0x0002f93d, 0x00000bcc, + 0x0002f93e, 0x00000bcd, + 0x0002f93f, 0x00000bce, + 0x0002f940, 0x00000bcf, + 0x0002f941, 0x00000bd0, + 0x0002f942, 0x00000bd1, + 0x0002f943, 0x00000bd2, + 0x0002f944, 0x00000bd3, + 0x0002f945, 0x00000bd4, + 0x0002f946, 0x00000bd5, + 0x0002f947, 0x00000bd6, + 0x0002f948, 0x00000bd7, + 0x0002f949, 0x00000bd8, + 0x0002f94a, 0x00000bd9, + 0x0002f94b, 0x00000bda, + 0x0002f94c, 0x00000bdb, + 0x0002f94d, 0x00000bdc, + 0x0002f94e, 0x00000bdd, + 0x0002f94f, 0x00000bde, + 0x0002f950, 0x00000bdf, + 0x0002f951, 0x00000be0, + 0x0002f952, 0x00000be1, + 0x0002f953, 0x00000be2, + 0x0002f954, 0x00000be3, + 0x0002f955, 0x00000be4, + 0x0002f956, 0x00000be5, + 0x0002f957, 0x00000be6, + 0x0002f958, 0x00000be7, + 0x0002f959, 0x00000be8, + 0x0002f95a, 0x00000be9, + 0x0002f95b, 0x00000bea, + 0x0002f95c, 0x00000beb, + 0x0002f95d, 0x00000bec, + 0x0002f95e, 0x00000bed, + 0x0002f95f, 0x00000bee, + 0x0002f960, 0x00000bef, + 0x0002f961, 0x00000bf0, + 0x0002f962, 0x00000bf1, + 0x0002f963, 0x00000bf2, + 0x0002f964, 0x00000bf3, + 0x0002f965, 0x00000bf4, + 0x0002f966, 0x00000bf5, + 0x0002f967, 0x00000bf6, + 0x0002f968, 0x00000bf7, + 0x0002f969, 0x00000bf8, + 0x0002f96a, 0x00000bf9, + 0x0002f96b, 0x00000bfa, + 0x0002f96c, 0x00000bfb, + 0x0002f96d, 0x00000bfc, + 0x0002f96e, 0x00000bfd, + 0x0002f96f, 0x00000bfe, + 0x0002f970, 0x00000bff, + 0x0002f971, 0x00000c00, + 0x0002f972, 0x00000c01, + 0x0002f973, 0x00000c02, + 0x0002f974, 0x00000c03, + 0x0002f975, 0x00000c04, + 0x0002f976, 0x00000c05, + 0x0002f977, 0x00000c06, + 0x0002f978, 0x00000c07, + 0x0002f979, 0x00000c08, + 0x0002f97a, 0x00000c09, + 0x0002f97b, 0x00000c0a, + 0x0002f97c, 0x00000c0b, + 0x0002f97d, 0x00000c0c, + 0x0002f97e, 0x00000c0d, + 0x0002f97f, 0x00000c0e, + 0x0002f980, 0x00000c0f, + 0x0002f981, 0x00000c10, + 0x0002f982, 0x00000c11, + 0x0002f983, 0x00000c12, + 0x0002f984, 0x00000c13, + 0x0002f985, 0x00000c14, + 0x0002f986, 0x00000c15, + 0x0002f987, 0x00000c16, + 0x0002f988, 0x00000c17, + 0x0002f989, 0x00000c18, + 0x0002f98a, 0x00000c19, + 0x0002f98b, 0x00000c1a, + 0x0002f98c, 0x00000c1b, + 0x0002f98d, 0x00000c1c, + 0x0002f98e, 0x00000c1d, + 0x0002f98f, 0x00000c1e, + 0x0002f990, 0x00000c1f, + 0x0002f991, 0x00000c20, + 0x0002f992, 0x00000c21, + 0x0002f993, 0x00000c22, + 0x0002f994, 0x00000c23, + 0x0002f995, 0x00000c24, + 0x0002f996, 0x00000c25, + 0x0002f997, 0x00000c26, + 0x0002f998, 0x00000c27, + 0x0002f999, 0x00000c28, + 0x0002f99a, 0x00000c29, + 0x0002f99b, 0x00000c2a, + 0x0002f99c, 0x00000c2b, + 0x0002f99d, 0x00000c2c, + 0x0002f99e, 0x00000c2d, + 0x0002f99f, 0x00000c2e, + 0x0002f9a0, 0x00000c2f, + 0x0002f9a1, 0x00000c30, + 0x0002f9a2, 0x00000c31, + 0x0002f9a3, 0x00000c32, + 0x0002f9a4, 0x00000c33, + 0x0002f9a5, 0x00000c34, + 0x0002f9a6, 0x00000c35, + 0x0002f9a7, 0x00000c36, + 0x0002f9a8, 0x00000c37, + 0x0002f9a9, 0x00000c38, + 0x0002f9aa, 0x00000c39, + 0x0002f9ab, 0x00000c3a, + 0x0002f9ac, 0x00000c3b, + 0x0002f9ad, 0x00000c3c, + 0x0002f9ae, 0x00000c3d, + 0x0002f9af, 0x00000c3e, + 0x0002f9b0, 0x00000c3f, + 0x0002f9b1, 0x00000c40, + 0x0002f9b2, 0x00000c41, + 0x0002f9b3, 0x00000c42, + 0x0002f9b4, 0x00000c43, + 0x0002f9b5, 0x00000c44, + 0x0002f9b6, 0x00000c45, + 0x0002f9b7, 0x00000c46, + 0x0002f9b8, 0x00000c47, + 0x0002f9b9, 0x00000c48, + 0x0002f9ba, 0x00000c49, + 0x0002f9bb, 0x00000c4a, + 0x0002f9bc, 0x00000c4b, + 0x0002f9bd, 0x00000c4c, + 0x0002f9be, 0x00000c4d, + 0x0002f9bf, 0x00000c4e, + 0x0002f9c0, 0x00000c4f, + 0x0002f9c1, 0x00000c50, + 0x0002f9c2, 0x00000c51, + 0x0002f9c3, 0x00000c52, + 0x0002f9c4, 0x00000c53, + 0x0002f9c5, 0x00000c54, + 0x0002f9c6, 0x00000c55, + 0x0002f9c7, 0x00000c56, + 0x0002f9c8, 0x00000c57, + 0x0002f9c9, 0x00000c58, + 0x0002f9ca, 0x00000c59, + 0x0002f9cb, 0x00000c5a, + 0x0002f9cc, 0x00000c5b, + 0x0002f9cd, 0x00000c5c, + 0x0002f9ce, 0x00000c5d, + 0x0002f9cf, 0x00000c5e, + 0x0002f9d0, 0x00000c5f, + 0x0002f9d1, 0x00000c60, + 0x0002f9d2, 0x00000c61, + 0x0002f9d3, 0x00000c62, + 0x0002f9d4, 0x00000c63, + 0x0002f9d5, 0x00000c64, + 0x0002f9d6, 0x00000c65, + 0x0002f9d7, 0x00000c66, + 0x0002f9d8, 0x00000c67, + 0x0002f9d9, 0x00000c68, + 0x0002f9da, 0x00000c69, + 0x0002f9db, 0x00000c6a, + 0x0002f9dc, 0x00000c6b, + 0x0002f9dd, 0x00000c6c, + 0x0002f9de, 0x00000c6d, + 0x0002f9df, 0x00000c6e, + 0x0002f9e0, 0x00000c6f, + 0x0002f9e1, 0x00000c70, + 0x0002f9e2, 0x00000c71, + 0x0002f9e3, 0x00000c72, + 0x0002f9e4, 0x00000c73, + 0x0002f9e5, 0x00000c74, + 0x0002f9e6, 0x00000c75, + 0x0002f9e7, 0x00000c76, + 0x0002f9e8, 0x00000c77, + 0x0002f9e9, 0x00000c78, + 0x0002f9ea, 0x00000c79, + 0x0002f9eb, 0x00000c7a, + 0x0002f9ec, 0x00000c7b, + 0x0002f9ed, 0x00000c7c, + 0x0002f9ee, 0x00000c7d, + 0x0002f9ef, 0x00000c7e, + 0x0002f9f0, 0x00000c7f, + 0x0002f9f1, 0x00000c80, + 0x0002f9f2, 0x00000c81, + 0x0002f9f3, 0x00000c82, + 0x0002f9f4, 0x00000c83, + 0x0002f9f5, 0x00000c84, + 0x0002f9f6, 0x00000c85, + 0x0002f9f7, 0x00000c86, + 0x0002f9f8, 0x00000c87, + 0x0002f9f9, 0x00000c88, + 0x0002f9fa, 0x00000c89, + 0x0002f9fb, 0x00000c8a, + 0x0002f9fc, 0x00000c8b, + 0x0002f9fd, 0x00000c8c, + 0x0002f9fe, 0x00000c8d, + 0x0002f9ff, 0x00000c8e, + 0x0002fa00, 0x00000c8f, + 0x0002fa01, 0x00000c90, + 0x0002fa02, 0x00000c91, + 0x0002fa03, 0x00000c92, + 0x0002fa04, 0x00000c93, + 0x0002fa05, 0x00000c94, + 0x0002fa06, 0x00000c95, + 0x0002fa07, 0x00000c96, + 0x0002fa08, 0x00000c97, + 0x0002fa09, 0x00000c98, + 0x0002fa0a, 0x00000c99, + 0x0002fa0b, 0x00000c9a, + 0x0002fa0c, 0x00000c9b, + 0x0002fa0d, 0x00000c9c, + 0x0002fa0e, 0x00000c9d, + 0x0002fa0f, 0x00000c9e, + 0x0002fa10, 0x00000c9f, + 0x0002fa11, 0x00000ca0, + 0x0002fa12, 0x00000ca1, + 0x0002fa13, 0x00000ca2, + 0x0002fa14, 0x00000ca3, + 0x0002fa15, 0x00000ca4, + 0x0002fa16, 0x00000ca5, + 0x0002fa17, 0x00000ca6, + 0x0002fa18, 0x00000ca7, + 0x0002fa19, 0x00000ca8, + 0x0002fa1a, 0x00000ca9, + 0x0002fa1b, 0x00000caa, + 0x0002fa1c, 0x00000cab, + 0x0002fa1d, 0x00000cac, + 0x00000cad +}; + +static const krb5_ui_4 _ucdcmp_decomp[] = { + 0x00000041, 0x00000300, 0x00000041, 0x00000301, + 0x00000041, 0x00000302, 0x00000041, 0x00000303, + 0x00000041, 0x00000308, 0x00000041, 0x0000030a, + 0x00000043, 0x00000327, 0x00000045, 0x00000300, + 0x00000045, 0x00000301, 0x00000045, 0x00000302, + 0x00000045, 0x00000308, 0x00000049, 0x00000300, + 0x00000049, 0x00000301, 0x00000049, 0x00000302, + 0x00000049, 0x00000308, 0x0000004e, 0x00000303, + 0x0000004f, 0x00000300, 0x0000004f, 0x00000301, + 0x0000004f, 0x00000302, 0x0000004f, 0x00000303, + 0x0000004f, 0x00000308, 0x00000055, 0x00000300, + 0x00000055, 0x00000301, 0x00000055, 0x00000302, + 0x00000055, 0x00000308, 0x00000059, 0x00000301, + 0x00000061, 0x00000300, 0x00000061, 0x00000301, + 0x00000061, 0x00000302, 0x00000061, 0x00000303, + 0x00000061, 0x00000308, 0x00000061, 0x0000030a, + 0x00000063, 0x00000327, 0x00000065, 0x00000300, + 0x00000065, 0x00000301, 0x00000065, 0x00000302, + 0x00000065, 0x00000308, 0x00000069, 0x00000300, + 0x00000069, 0x00000301, 0x00000069, 0x00000302, + 0x00000069, 0x00000308, 0x0000006e, 0x00000303, + 0x0000006f, 0x00000300, 0x0000006f, 0x00000301, + 0x0000006f, 0x00000302, 0x0000006f, 0x00000303, + 0x0000006f, 0x00000308, 0x00000075, 0x00000300, + 0x00000075, 0x00000301, 0x00000075, 0x00000302, + 0x00000075, 0x00000308, 0x00000079, 0x00000301, + 0x00000079, 0x00000308, 0x00000041, 0x00000304, + 0x00000061, 0x00000304, 0x00000041, 0x00000306, + 0x00000061, 0x00000306, 0x00000041, 0x00000328, + 0x00000061, 0x00000328, 0x00000043, 0x00000301, + 0x00000063, 0x00000301, 0x00000043, 0x00000302, + 0x00000063, 0x00000302, 0x00000043, 0x00000307, + 0x00000063, 0x00000307, 0x00000043, 0x0000030c, + 0x00000063, 0x0000030c, 0x00000044, 0x0000030c, + 0x00000064, 0x0000030c, 0x00000045, 0x00000304, + 0x00000065, 0x00000304, 0x00000045, 0x00000306, + 0x00000065, 0x00000306, 0x00000045, 0x00000307, + 0x00000065, 0x00000307, 0x00000045, 0x00000328, + 0x00000065, 0x00000328, 0x00000045, 0x0000030c, + 0x00000065, 0x0000030c, 0x00000047, 0x00000302, + 0x00000067, 0x00000302, 0x00000047, 0x00000306, + 0x00000067, 0x00000306, 0x00000047, 0x00000307, + 0x00000067, 0x00000307, 0x00000047, 0x00000327, + 0x00000067, 0x00000327, 0x00000048, 0x00000302, + 0x00000068, 0x00000302, 0x00000049, 0x00000303, + 0x00000069, 0x00000303, 0x00000049, 0x00000304, + 0x00000069, 0x00000304, 0x00000049, 0x00000306, + 0x00000069, 0x00000306, 0x00000049, 0x00000328, + 0x00000069, 0x00000328, 0x00000049, 0x00000307, + 0x0000004a, 0x00000302, 0x0000006a, 0x00000302, + 0x0000004b, 0x00000327, 0x0000006b, 0x00000327, + 0x0000004c, 0x00000301, 0x0000006c, 0x00000301, + 0x0000004c, 0x00000327, 0x0000006c, 0x00000327, + 0x0000004c, 0x0000030c, 0x0000006c, 0x0000030c, + 0x0000004e, 0x00000301, 0x0000006e, 0x00000301, + 0x0000004e, 0x00000327, 0x0000006e, 0x00000327, + 0x0000004e, 0x0000030c, 0x0000006e, 0x0000030c, + 0x0000004f, 0x00000304, 0x0000006f, 0x00000304, + 0x0000004f, 0x00000306, 0x0000006f, 0x00000306, + 0x0000004f, 0x0000030b, 0x0000006f, 0x0000030b, + 0x00000052, 0x00000301, 0x00000072, 0x00000301, + 0x00000052, 0x00000327, 0x00000072, 0x00000327, + 0x00000052, 0x0000030c, 0x00000072, 0x0000030c, + 0x00000053, 0x00000301, 0x00000073, 0x00000301, + 0x00000053, 0x00000302, 0x00000073, 0x00000302, + 0x00000053, 0x00000327, 0x00000073, 0x00000327, + 0x00000053, 0x0000030c, 0x00000073, 0x0000030c, + 0x00000054, 0x00000327, 0x00000074, 0x00000327, + 0x00000054, 0x0000030c, 0x00000074, 0x0000030c, + 0x00000055, 0x00000303, 0x00000075, 0x00000303, + 0x00000055, 0x00000304, 0x00000075, 0x00000304, + 0x00000055, 0x00000306, 0x00000075, 0x00000306, + 0x00000055, 0x0000030a, 0x00000075, 0x0000030a, + 0x00000055, 0x0000030b, 0x00000075, 0x0000030b, + 0x00000055, 0x00000328, 0x00000075, 0x00000328, + 0x00000057, 0x00000302, 0x00000077, 0x00000302, + 0x00000059, 0x00000302, 0x00000079, 0x00000302, + 0x00000059, 0x00000308, 0x0000005a, 0x00000301, + 0x0000007a, 0x00000301, 0x0000005a, 0x00000307, + 0x0000007a, 0x00000307, 0x0000005a, 0x0000030c, + 0x0000007a, 0x0000030c, 0x0000004f, 0x0000031b, + 0x0000006f, 0x0000031b, 0x00000055, 0x0000031b, + 0x00000075, 0x0000031b, 0x00000041, 0x0000030c, + 0x00000061, 0x0000030c, 0x00000049, 0x0000030c, + 0x00000069, 0x0000030c, 0x0000004f, 0x0000030c, + 0x0000006f, 0x0000030c, 0x00000055, 0x0000030c, + 0x00000075, 0x0000030c, 0x00000055, 0x00000308, + 0x00000304, 0x00000075, 0x00000308, 0x00000304, + 0x00000055, 0x00000308, 0x00000301, 0x00000075, + 0x00000308, 0x00000301, 0x00000055, 0x00000308, + 0x0000030c, 0x00000075, 0x00000308, 0x0000030c, + 0x00000055, 0x00000308, 0x00000300, 0x00000075, + 0x00000308, 0x00000300, 0x00000041, 0x00000308, + 0x00000304, 0x00000061, 0x00000308, 0x00000304, + 0x00000041, 0x00000307, 0x00000304, 0x00000061, + 0x00000307, 0x00000304, 0x000000c6, 0x00000304, + 0x000000e6, 0x00000304, 0x00000047, 0x0000030c, + 0x00000067, 0x0000030c, 0x0000004b, 0x0000030c, + 0x0000006b, 0x0000030c, 0x0000004f, 0x00000328, + 0x0000006f, 0x00000328, 0x0000004f, 0x00000328, + 0x00000304, 0x0000006f, 0x00000328, 0x00000304, + 0x000001b7, 0x0000030c, 0x00000292, 0x0000030c, + 0x0000006a, 0x0000030c, 0x00000047, 0x00000301, + 0x00000067, 0x00000301, 0x0000004e, 0x00000300, + 0x0000006e, 0x00000300, 0x00000041, 0x0000030a, + 0x00000301, 0x00000061, 0x0000030a, 0x00000301, + 0x000000c6, 0x00000301, 0x000000e6, 0x00000301, + 0x000000d8, 0x00000301, 0x000000f8, 0x00000301, + 0x00000041, 0x0000030f, 0x00000061, 0x0000030f, + 0x00000041, 0x00000311, 0x00000061, 0x00000311, + 0x00000045, 0x0000030f, 0x00000065, 0x0000030f, + 0x00000045, 0x00000311, 0x00000065, 0x00000311, + 0x00000049, 0x0000030f, 0x00000069, 0x0000030f, + 0x00000049, 0x00000311, 0x00000069, 0x00000311, + 0x0000004f, 0x0000030f, 0x0000006f, 0x0000030f, + 0x0000004f, 0x00000311, 0x0000006f, 0x00000311, + 0x00000052, 0x0000030f, 0x00000072, 0x0000030f, + 0x00000052, 0x00000311, 0x00000072, 0x00000311, + 0x00000055, 0x0000030f, 0x00000075, 0x0000030f, + 0x00000055, 0x00000311, 0x00000075, 0x00000311, + 0x00000053, 0x00000326, 0x00000073, 0x00000326, + 0x00000054, 0x00000326, 0x00000074, 0x00000326, + 0x00000048, 0x0000030c, 0x00000068, 0x0000030c, + 0x00000041, 0x00000307, 0x00000061, 0x00000307, + 0x00000045, 0x00000327, 0x00000065, 0x00000327, + 0x0000004f, 0x00000308, 0x00000304, 0x0000006f, + 0x00000308, 0x00000304, 0x0000004f, 0x00000303, + 0x00000304, 0x0000006f, 0x00000303, 0x00000304, + 0x0000004f, 0x00000307, 0x0000006f, 0x00000307, + 0x0000004f, 0x00000307, 0x00000304, 0x0000006f, + 0x00000307, 0x00000304, 0x00000059, 0x00000304, + 0x00000079, 0x00000304, 0x00000300, 0x00000301, + 0x00000313, 0x00000308, 0x00000301, 0x000002b9, + 0x0000003b, 0x000000a8, 0x00000301, 0x00000391, + 0x00000301, 0x000000b7, 0x00000395, 0x00000301, + 0x00000397, 0x00000301, 0x00000399, 0x00000301, + 0x0000039f, 0x00000301, 0x000003a5, 0x00000301, + 0x000003a9, 0x00000301, 0x000003b9, 0x00000308, + 0x00000301, 0x00000399, 0x00000308, 0x000003a5, + 0x00000308, 0x000003b1, 0x00000301, 0x000003b5, + 0x00000301, 0x000003b7, 0x00000301, 0x000003b9, + 0x00000301, 0x000003c5, 0x00000308, 0x00000301, + 0x000003b9, 0x00000308, 0x000003c5, 0x00000308, + 0x000003bf, 0x00000301, 0x000003c5, 0x00000301, + 0x000003c9, 0x00000301, 0x000003d2, 0x00000301, + 0x000003d2, 0x00000308, 0x00000415, 0x00000300, + 0x00000415, 0x00000308, 0x00000413, 0x00000301, + 0x00000406, 0x00000308, 0x0000041a, 0x00000301, + 0x00000418, 0x00000300, 0x00000423, 0x00000306, + 0x00000418, 0x00000306, 0x00000438, 0x00000306, + 0x00000435, 0x00000300, 0x00000435, 0x00000308, + 0x00000433, 0x00000301, 0x00000456, 0x00000308, + 0x0000043a, 0x00000301, 0x00000438, 0x00000300, + 0x00000443, 0x00000306, 0x00000474, 0x0000030f, + 0x00000475, 0x0000030f, 0x00000416, 0x00000306, + 0x00000436, 0x00000306, 0x00000410, 0x00000306, + 0x00000430, 0x00000306, 0x00000410, 0x00000308, + 0x00000430, 0x00000308, 0x00000415, 0x00000306, + 0x00000435, 0x00000306, 0x000004d8, 0x00000308, + 0x000004d9, 0x00000308, 0x00000416, 0x00000308, + 0x00000436, 0x00000308, 0x00000417, 0x00000308, + 0x00000437, 0x00000308, 0x00000418, 0x00000304, + 0x00000438, 0x00000304, 0x00000418, 0x00000308, + 0x00000438, 0x00000308, 0x0000041e, 0x00000308, + 0x0000043e, 0x00000308, 0x000004e8, 0x00000308, + 0x000004e9, 0x00000308, 0x0000042d, 0x00000308, + 0x0000044d, 0x00000308, 0x00000423, 0x00000304, + 0x00000443, 0x00000304, 0x00000423, 0x00000308, + 0x00000443, 0x00000308, 0x00000423, 0x0000030b, + 0x00000443, 0x0000030b, 0x00000427, 0x00000308, + 0x00000447, 0x00000308, 0x0000042b, 0x00000308, + 0x0000044b, 0x00000308, 0x00000627, 0x00000653, + 0x00000627, 0x00000654, 0x00000648, 0x00000654, + 0x00000627, 0x00000655, 0x0000064a, 0x00000654, + 0x000006d5, 0x00000654, 0x000006c1, 0x00000654, + 0x000006d2, 0x00000654, 0x00000928, 0x0000093c, + 0x00000930, 0x0000093c, 0x00000933, 0x0000093c, + 0x00000915, 0x0000093c, 0x00000916, 0x0000093c, + 0x00000917, 0x0000093c, 0x0000091c, 0x0000093c, + 0x00000921, 0x0000093c, 0x00000922, 0x0000093c, + 0x0000092b, 0x0000093c, 0x0000092f, 0x0000093c, + 0x000009c7, 0x000009be, 0x000009c7, 0x000009d7, + 0x000009a1, 0x000009bc, 0x000009a2, 0x000009bc, + 0x000009af, 0x000009bc, 0x00000a32, 0x00000a3c, + 0x00000a38, 0x00000a3c, 0x00000a16, 0x00000a3c, + 0x00000a17, 0x00000a3c, 0x00000a1c, 0x00000a3c, + 0x00000a2b, 0x00000a3c, 0x00000b47, 0x00000b56, + 0x00000b47, 0x00000b3e, 0x00000b47, 0x00000b57, + 0x00000b21, 0x00000b3c, 0x00000b22, 0x00000b3c, + 0x00000b92, 0x00000bd7, 0x00000bc6, 0x00000bbe, + 0x00000bc7, 0x00000bbe, 0x00000bc6, 0x00000bd7, + 0x00000c46, 0x00000c56, 0x00000cbf, 0x00000cd5, + 0x00000cc6, 0x00000cd5, 0x00000cc6, 0x00000cd6, + 0x00000cc6, 0x00000cc2, 0x00000cc6, 0x00000cc2, + 0x00000cd5, 0x00000d46, 0x00000d3e, 0x00000d47, + 0x00000d3e, 0x00000d46, 0x00000d57, 0x00000dd9, + 0x00000dca, 0x00000dd9, 0x00000dcf, 0x00000dd9, + 0x00000dcf, 0x00000dca, 0x00000dd9, 0x00000ddf, + 0x00000f42, 0x00000fb7, 0x00000f4c, 0x00000fb7, + 0x00000f51, 0x00000fb7, 0x00000f56, 0x00000fb7, + 0x00000f5b, 0x00000fb7, 0x00000f40, 0x00000fb5, + 0x00000f71, 0x00000f72, 0x00000f71, 0x00000f74, + 0x00000fb2, 0x00000f80, 0x00000fb3, 0x00000f80, + 0x00000f71, 0x00000f80, 0x00000f92, 0x00000fb7, + 0x00000f9c, 0x00000fb7, 0x00000fa1, 0x00000fb7, + 0x00000fa6, 0x00000fb7, 0x00000fab, 0x00000fb7, + 0x00000f90, 0x00000fb5, 0x00001025, 0x0000102e, + 0x00000041, 0x00000325, 0x00000061, 0x00000325, + 0x00000042, 0x00000307, 0x00000062, 0x00000307, + 0x00000042, 0x00000323, 0x00000062, 0x00000323, + 0x00000042, 0x00000331, 0x00000062, 0x00000331, + 0x00000043, 0x00000327, 0x00000301, 0x00000063, + 0x00000327, 0x00000301, 0x00000044, 0x00000307, + 0x00000064, 0x00000307, 0x00000044, 0x00000323, + 0x00000064, 0x00000323, 0x00000044, 0x00000331, + 0x00000064, 0x00000331, 0x00000044, 0x00000327, + 0x00000064, 0x00000327, 0x00000044, 0x0000032d, + 0x00000064, 0x0000032d, 0x00000045, 0x00000304, + 0x00000300, 0x00000065, 0x00000304, 0x00000300, + 0x00000045, 0x00000304, 0x00000301, 0x00000065, + 0x00000304, 0x00000301, 0x00000045, 0x0000032d, + 0x00000065, 0x0000032d, 0x00000045, 0x00000330, + 0x00000065, 0x00000330, 0x00000045, 0x00000327, + 0x00000306, 0x00000065, 0x00000327, 0x00000306, + 0x00000046, 0x00000307, 0x00000066, 0x00000307, + 0x00000047, 0x00000304, 0x00000067, 0x00000304, + 0x00000048, 0x00000307, 0x00000068, 0x00000307, + 0x00000048, 0x00000323, 0x00000068, 0x00000323, + 0x00000048, 0x00000308, 0x00000068, 0x00000308, + 0x00000048, 0x00000327, 0x00000068, 0x00000327, + 0x00000048, 0x0000032e, 0x00000068, 0x0000032e, + 0x00000049, 0x00000330, 0x00000069, 0x00000330, + 0x00000049, 0x00000308, 0x00000301, 0x00000069, + 0x00000308, 0x00000301, 0x0000004b, 0x00000301, + 0x0000006b, 0x00000301, 0x0000004b, 0x00000323, + 0x0000006b, 0x00000323, 0x0000004b, 0x00000331, + 0x0000006b, 0x00000331, 0x0000004c, 0x00000323, + 0x0000006c, 0x00000323, 0x0000004c, 0x00000323, + 0x00000304, 0x0000006c, 0x00000323, 0x00000304, + 0x0000004c, 0x00000331, 0x0000006c, 0x00000331, + 0x0000004c, 0x0000032d, 0x0000006c, 0x0000032d, + 0x0000004d, 0x00000301, 0x0000006d, 0x00000301, + 0x0000004d, 0x00000307, 0x0000006d, 0x00000307, + 0x0000004d, 0x00000323, 0x0000006d, 0x00000323, + 0x0000004e, 0x00000307, 0x0000006e, 0x00000307, + 0x0000004e, 0x00000323, 0x0000006e, 0x00000323, + 0x0000004e, 0x00000331, 0x0000006e, 0x00000331, + 0x0000004e, 0x0000032d, 0x0000006e, 0x0000032d, + 0x0000004f, 0x00000303, 0x00000301, 0x0000006f, + 0x00000303, 0x00000301, 0x0000004f, 0x00000303, + 0x00000308, 0x0000006f, 0x00000303, 0x00000308, + 0x0000004f, 0x00000304, 0x00000300, 0x0000006f, + 0x00000304, 0x00000300, 0x0000004f, 0x00000304, + 0x00000301, 0x0000006f, 0x00000304, 0x00000301, + 0x00000050, 0x00000301, 0x00000070, 0x00000301, + 0x00000050, 0x00000307, 0x00000070, 0x00000307, + 0x00000052, 0x00000307, 0x00000072, 0x00000307, + 0x00000052, 0x00000323, 0x00000072, 0x00000323, + 0x00000052, 0x00000323, 0x00000304, 0x00000072, + 0x00000323, 0x00000304, 0x00000052, 0x00000331, + 0x00000072, 0x00000331, 0x00000053, 0x00000307, + 0x00000073, 0x00000307, 0x00000053, 0x00000323, + 0x00000073, 0x00000323, 0x00000053, 0x00000301, + 0x00000307, 0x00000073, 0x00000301, 0x00000307, + 0x00000053, 0x0000030c, 0x00000307, 0x00000073, + 0x0000030c, 0x00000307, 0x00000053, 0x00000323, + 0x00000307, 0x00000073, 0x00000323, 0x00000307, + 0x00000054, 0x00000307, 0x00000074, 0x00000307, + 0x00000054, 0x00000323, 0x00000074, 0x00000323, + 0x00000054, 0x00000331, 0x00000074, 0x00000331, + 0x00000054, 0x0000032d, 0x00000074, 0x0000032d, + 0x00000055, 0x00000324, 0x00000075, 0x00000324, + 0x00000055, 0x00000330, 0x00000075, 0x00000330, + 0x00000055, 0x0000032d, 0x00000075, 0x0000032d, + 0x00000055, 0x00000303, 0x00000301, 0x00000075, + 0x00000303, 0x00000301, 0x00000055, 0x00000304, + 0x00000308, 0x00000075, 0x00000304, 0x00000308, + 0x00000056, 0x00000303, 0x00000076, 0x00000303, + 0x00000056, 0x00000323, 0x00000076, 0x00000323, + 0x00000057, 0x00000300, 0x00000077, 0x00000300, + 0x00000057, 0x00000301, 0x00000077, 0x00000301, + 0x00000057, 0x00000308, 0x00000077, 0x00000308, + 0x00000057, 0x00000307, 0x00000077, 0x00000307, + 0x00000057, 0x00000323, 0x00000077, 0x00000323, + 0x00000058, 0x00000307, 0x00000078, 0x00000307, + 0x00000058, 0x00000308, 0x00000078, 0x00000308, + 0x00000059, 0x00000307, 0x00000079, 0x00000307, + 0x0000005a, 0x00000302, 0x0000007a, 0x00000302, + 0x0000005a, 0x00000323, 0x0000007a, 0x00000323, + 0x0000005a, 0x00000331, 0x0000007a, 0x00000331, + 0x00000068, 0x00000331, 0x00000074, 0x00000308, + 0x00000077, 0x0000030a, 0x00000079, 0x0000030a, + 0x0000017f, 0x00000307, 0x00000041, 0x00000323, + 0x00000061, 0x00000323, 0x00000041, 0x00000309, + 0x00000061, 0x00000309, 0x00000041, 0x00000302, + 0x00000301, 0x00000061, 0x00000302, 0x00000301, + 0x00000041, 0x00000302, 0x00000300, 0x00000061, + 0x00000302, 0x00000300, 0x00000041, 0x00000302, + 0x00000309, 0x00000061, 0x00000302, 0x00000309, + 0x00000041, 0x00000302, 0x00000303, 0x00000061, + 0x00000302, 0x00000303, 0x00000041, 0x00000323, + 0x00000302, 0x00000061, 0x00000323, 0x00000302, + 0x00000041, 0x00000306, 0x00000301, 0x00000061, + 0x00000306, 0x00000301, 0x00000041, 0x00000306, + 0x00000300, 0x00000061, 0x00000306, 0x00000300, + 0x00000041, 0x00000306, 0x00000309, 0x00000061, + 0x00000306, 0x00000309, 0x00000041, 0x00000306, + 0x00000303, 0x00000061, 0x00000306, 0x00000303, + 0x00000041, 0x00000323, 0x00000306, 0x00000061, + 0x00000323, 0x00000306, 0x00000045, 0x00000323, + 0x00000065, 0x00000323, 0x00000045, 0x00000309, + 0x00000065, 0x00000309, 0x00000045, 0x00000303, + 0x00000065, 0x00000303, 0x00000045, 0x00000302, + 0x00000301, 0x00000065, 0x00000302, 0x00000301, + 0x00000045, 0x00000302, 0x00000300, 0x00000065, + 0x00000302, 0x00000300, 0x00000045, 0x00000302, + 0x00000309, 0x00000065, 0x00000302, 0x00000309, + 0x00000045, 0x00000302, 0x00000303, 0x00000065, + 0x00000302, 0x00000303, 0x00000045, 0x00000323, + 0x00000302, 0x00000065, 0x00000323, 0x00000302, + 0x00000049, 0x00000309, 0x00000069, 0x00000309, + 0x00000049, 0x00000323, 0x00000069, 0x00000323, + 0x0000004f, 0x00000323, 0x0000006f, 0x00000323, + 0x0000004f, 0x00000309, 0x0000006f, 0x00000309, + 0x0000004f, 0x00000302, 0x00000301, 0x0000006f, + 0x00000302, 0x00000301, 0x0000004f, 0x00000302, + 0x00000300, 0x0000006f, 0x00000302, 0x00000300, + 0x0000004f, 0x00000302, 0x00000309, 0x0000006f, + 0x00000302, 0x00000309, 0x0000004f, 0x00000302, + 0x00000303, 0x0000006f, 0x00000302, 0x00000303, + 0x0000004f, 0x00000323, 0x00000302, 0x0000006f, + 0x00000323, 0x00000302, 0x0000004f, 0x0000031b, + 0x00000301, 0x0000006f, 0x0000031b, 0x00000301, + 0x0000004f, 0x0000031b, 0x00000300, 0x0000006f, + 0x0000031b, 0x00000300, 0x0000004f, 0x0000031b, + 0x00000309, 0x0000006f, 0x0000031b, 0x00000309, + 0x0000004f, 0x0000031b, 0x00000303, 0x0000006f, + 0x0000031b, 0x00000303, 0x0000004f, 0x0000031b, + 0x00000323, 0x0000006f, 0x0000031b, 0x00000323, + 0x00000055, 0x00000323, 0x00000075, 0x00000323, + 0x00000055, 0x00000309, 0x00000075, 0x00000309, + 0x00000055, 0x0000031b, 0x00000301, 0x00000075, + 0x0000031b, 0x00000301, 0x00000055, 0x0000031b, + 0x00000300, 0x00000075, 0x0000031b, 0x00000300, + 0x00000055, 0x0000031b, 0x00000309, 0x00000075, + 0x0000031b, 0x00000309, 0x00000055, 0x0000031b, + 0x00000303, 0x00000075, 0x0000031b, 0x00000303, + 0x00000055, 0x0000031b, 0x00000323, 0x00000075, + 0x0000031b, 0x00000323, 0x00000059, 0x00000300, + 0x00000079, 0x00000300, 0x00000059, 0x00000323, + 0x00000079, 0x00000323, 0x00000059, 0x00000309, + 0x00000079, 0x00000309, 0x00000059, 0x00000303, + 0x00000079, 0x00000303, 0x000003b1, 0x00000313, + 0x000003b1, 0x00000314, 0x000003b1, 0x00000313, + 0x00000300, 0x000003b1, 0x00000314, 0x00000300, + 0x000003b1, 0x00000313, 0x00000301, 0x000003b1, + 0x00000314, 0x00000301, 0x000003b1, 0x00000313, + 0x00000342, 0x000003b1, 0x00000314, 0x00000342, + 0x00000391, 0x00000313, 0x00000391, 0x00000314, + 0x00000391, 0x00000313, 0x00000300, 0x00000391, + 0x00000314, 0x00000300, 0x00000391, 0x00000313, + 0x00000301, 0x00000391, 0x00000314, 0x00000301, + 0x00000391, 0x00000313, 0x00000342, 0x00000391, + 0x00000314, 0x00000342, 0x000003b5, 0x00000313, + 0x000003b5, 0x00000314, 0x000003b5, 0x00000313, + 0x00000300, 0x000003b5, 0x00000314, 0x00000300, + 0x000003b5, 0x00000313, 0x00000301, 0x000003b5, + 0x00000314, 0x00000301, 0x00000395, 0x00000313, + 0x00000395, 0x00000314, 0x00000395, 0x00000313, + 0x00000300, 0x00000395, 0x00000314, 0x00000300, + 0x00000395, 0x00000313, 0x00000301, 0x00000395, + 0x00000314, 0x00000301, 0x000003b7, 0x00000313, + 0x000003b7, 0x00000314, 0x000003b7, 0x00000313, + 0x00000300, 0x000003b7, 0x00000314, 0x00000300, + 0x000003b7, 0x00000313, 0x00000301, 0x000003b7, + 0x00000314, 0x00000301, 0x000003b7, 0x00000313, + 0x00000342, 0x000003b7, 0x00000314, 0x00000342, + 0x00000397, 0x00000313, 0x00000397, 0x00000314, + 0x00000397, 0x00000313, 0x00000300, 0x00000397, + 0x00000314, 0x00000300, 0x00000397, 0x00000313, + 0x00000301, 0x00000397, 0x00000314, 0x00000301, + 0x00000397, 0x00000313, 0x00000342, 0x00000397, + 0x00000314, 0x00000342, 0x000003b9, 0x00000313, + 0x000003b9, 0x00000314, 0x000003b9, 0x00000313, + 0x00000300, 0x000003b9, 0x00000314, 0x00000300, + 0x000003b9, 0x00000313, 0x00000301, 0x000003b9, + 0x00000314, 0x00000301, 0x000003b9, 0x00000313, + 0x00000342, 0x000003b9, 0x00000314, 0x00000342, + 0x00000399, 0x00000313, 0x00000399, 0x00000314, + 0x00000399, 0x00000313, 0x00000300, 0x00000399, + 0x00000314, 0x00000300, 0x00000399, 0x00000313, + 0x00000301, 0x00000399, 0x00000314, 0x00000301, + 0x00000399, 0x00000313, 0x00000342, 0x00000399, + 0x00000314, 0x00000342, 0x000003bf, 0x00000313, + 0x000003bf, 0x00000314, 0x000003bf, 0x00000313, + 0x00000300, 0x000003bf, 0x00000314, 0x00000300, + 0x000003bf, 0x00000313, 0x00000301, 0x000003bf, + 0x00000314, 0x00000301, 0x0000039f, 0x00000313, + 0x0000039f, 0x00000314, 0x0000039f, 0x00000313, + 0x00000300, 0x0000039f, 0x00000314, 0x00000300, + 0x0000039f, 0x00000313, 0x00000301, 0x0000039f, + 0x00000314, 0x00000301, 0x000003c5, 0x00000313, + 0x000003c5, 0x00000314, 0x000003c5, 0x00000313, + 0x00000300, 0x000003c5, 0x00000314, 0x00000300, + 0x000003c5, 0x00000313, 0x00000301, 0x000003c5, + 0x00000314, 0x00000301, 0x000003c5, 0x00000313, + 0x00000342, 0x000003c5, 0x00000314, 0x00000342, + 0x000003a5, 0x00000314, 0x000003a5, 0x00000314, + 0x00000300, 0x000003a5, 0x00000314, 0x00000301, + 0x000003a5, 0x00000314, 0x00000342, 0x000003c9, + 0x00000313, 0x000003c9, 0x00000314, 0x000003c9, + 0x00000313, 0x00000300, 0x000003c9, 0x00000314, + 0x00000300, 0x000003c9, 0x00000313, 0x00000301, + 0x000003c9, 0x00000314, 0x00000301, 0x000003c9, + 0x00000313, 0x00000342, 0x000003c9, 0x00000314, + 0x00000342, 0x000003a9, 0x00000313, 0x000003a9, + 0x00000314, 0x000003a9, 0x00000313, 0x00000300, + 0x000003a9, 0x00000314, 0x00000300, 0x000003a9, + 0x00000313, 0x00000301, 0x000003a9, 0x00000314, + 0x00000301, 0x000003a9, 0x00000313, 0x00000342, + 0x000003a9, 0x00000314, 0x00000342, 0x000003b1, + 0x00000300, 0x000003b1, 0x00000301, 0x000003b5, + 0x00000300, 0x000003b5, 0x00000301, 0x000003b7, + 0x00000300, 0x000003b7, 0x00000301, 0x000003b9, + 0x00000300, 0x000003b9, 0x00000301, 0x000003bf, + 0x00000300, 0x000003bf, 0x00000301, 0x000003c5, + 0x00000300, 0x000003c5, 0x00000301, 0x000003c9, + 0x00000300, 0x000003c9, 0x00000301, 0x000003b1, + 0x00000313, 0x00000345, 0x000003b1, 0x00000314, + 0x00000345, 0x000003b1, 0x00000313, 0x00000300, + 0x00000345, 0x000003b1, 0x00000314, 0x00000300, + 0x00000345, 0x000003b1, 0x00000313, 0x00000301, + 0x00000345, 0x000003b1, 0x00000314, 0x00000301, + 0x00000345, 0x000003b1, 0x00000313, 0x00000342, + 0x00000345, 0x000003b1, 0x00000314, 0x00000342, + 0x00000345, 0x00000391, 0x00000313, 0x00000345, + 0x00000391, 0x00000314, 0x00000345, 0x00000391, + 0x00000313, 0x00000300, 0x00000345, 0x00000391, + 0x00000314, 0x00000300, 0x00000345, 0x00000391, + 0x00000313, 0x00000301, 0x00000345, 0x00000391, + 0x00000314, 0x00000301, 0x00000345, 0x00000391, + 0x00000313, 0x00000342, 0x00000345, 0x00000391, + 0x00000314, 0x00000342, 0x00000345, 0x000003b7, + 0x00000313, 0x00000345, 0x000003b7, 0x00000314, + 0x00000345, 0x000003b7, 0x00000313, 0x00000300, + 0x00000345, 0x000003b7, 0x00000314, 0x00000300, + 0x00000345, 0x000003b7, 0x00000313, 0x00000301, + 0x00000345, 0x000003b7, 0x00000314, 0x00000301, + 0x00000345, 0x000003b7, 0x00000313, 0x00000342, + 0x00000345, 0x000003b7, 0x00000314, 0x00000342, + 0x00000345, 0x00000397, 0x00000313, 0x00000345, + 0x00000397, 0x00000314, 0x00000345, 0x00000397, + 0x00000313, 0x00000300, 0x00000345, 0x00000397, + 0x00000314, 0x00000300, 0x00000345, 0x00000397, + 0x00000313, 0x00000301, 0x00000345, 0x00000397, + 0x00000314, 0x00000301, 0x00000345, 0x00000397, + 0x00000313, 0x00000342, 0x00000345, 0x00000397, + 0x00000314, 0x00000342, 0x00000345, 0x000003c9, + 0x00000313, 0x00000345, 0x000003c9, 0x00000314, + 0x00000345, 0x000003c9, 0x00000313, 0x00000300, + 0x00000345, 0x000003c9, 0x00000314, 0x00000300, + 0x00000345, 0x000003c9, 0x00000313, 0x00000301, + 0x00000345, 0x000003c9, 0x00000314, 0x00000301, + 0x00000345, 0x000003c9, 0x00000313, 0x00000342, + 0x00000345, 0x000003c9, 0x00000314, 0x00000342, + 0x00000345, 0x000003a9, 0x00000313, 0x00000345, + 0x000003a9, 0x00000314, 0x00000345, 0x000003a9, + 0x00000313, 0x00000300, 0x00000345, 0x000003a9, + 0x00000314, 0x00000300, 0x00000345, 0x000003a9, + 0x00000313, 0x00000301, 0x00000345, 0x000003a9, + 0x00000314, 0x00000301, 0x00000345, 0x000003a9, + 0x00000313, 0x00000342, 0x00000345, 0x000003a9, + 0x00000314, 0x00000342, 0x00000345, 0x000003b1, + 0x00000306, 0x000003b1, 0x00000304, 0x000003b1, + 0x00000300, 0x00000345, 0x000003b1, 0x00000345, + 0x000003b1, 0x00000301, 0x00000345, 0x000003b1, + 0x00000342, 0x000003b1, 0x00000342, 0x00000345, + 0x00000391, 0x00000306, 0x00000391, 0x00000304, + 0x00000391, 0x00000300, 0x00000391, 0x00000301, + 0x00000391, 0x00000345, 0x000003b9, 0x000000a8, + 0x00000342, 0x000003b7, 0x00000300, 0x00000345, + 0x000003b7, 0x00000345, 0x000003b7, 0x00000301, + 0x00000345, 0x000003b7, 0x00000342, 0x000003b7, + 0x00000342, 0x00000345, 0x00000395, 0x00000300, + 0x00000395, 0x00000301, 0x00000397, 0x00000300, + 0x00000397, 0x00000301, 0x00000397, 0x00000345, + 0x00001fbf, 0x00000300, 0x00001fbf, 0x00000301, + 0x00001fbf, 0x00000342, 0x000003b9, 0x00000306, + 0x000003b9, 0x00000304, 0x000003b9, 0x00000308, + 0x00000300, 0x000003b9, 0x00000308, 0x00000301, + 0x000003b9, 0x00000342, 0x000003b9, 0x00000308, + 0x00000342, 0x00000399, 0x00000306, 0x00000399, + 0x00000304, 0x00000399, 0x00000300, 0x00000399, + 0x00000301, 0x00001ffe, 0x00000300, 0x00001ffe, + 0x00000301, 0x00001ffe, 0x00000342, 0x000003c5, + 0x00000306, 0x000003c5, 0x00000304, 0x000003c5, + 0x00000308, 0x00000300, 0x000003c5, 0x00000308, + 0x00000301, 0x000003c1, 0x00000313, 0x000003c1, + 0x00000314, 0x000003c5, 0x00000342, 0x000003c5, + 0x00000308, 0x00000342, 0x000003a5, 0x00000306, + 0x000003a5, 0x00000304, 0x000003a5, 0x00000300, + 0x000003a5, 0x00000301, 0x000003a1, 0x00000314, + 0x000000a8, 0x00000300, 0x000000a8, 0x00000301, + 0x00000060, 0x000003c9, 0x00000300, 0x00000345, + 0x000003c9, 0x00000345, 0x000003c9, 0x00000301, + 0x00000345, 0x000003c9, 0x00000342, 0x000003c9, + 0x00000342, 0x00000345, 0x0000039f, 0x00000300, + 0x0000039f, 0x00000301, 0x000003a9, 0x00000300, + 0x000003a9, 0x00000301, 0x000003a9, 0x00000345, + 0x000000b4, 0x00002002, 0x00002003, 0x000003a9, + 0x0000004b, 0x00000041, 0x0000030a, 0x00002190, + 0x00000338, 0x00002192, 0x00000338, 0x00002194, + 0x00000338, 0x000021d0, 0x00000338, 0x000021d4, + 0x00000338, 0x000021d2, 0x00000338, 0x00002203, + 0x00000338, 0x00002208, 0x00000338, 0x0000220b, + 0x00000338, 0x00002223, 0x00000338, 0x00002225, + 0x00000338, 0x0000223c, 0x00000338, 0x00002243, + 0x00000338, 0x00002245, 0x00000338, 0x00002248, + 0x00000338, 0x0000003d, 0x00000338, 0x00002261, + 0x00000338, 0x0000224d, 0x00000338, 0x0000003c, + 0x00000338, 0x0000003e, 0x00000338, 0x00002264, + 0x00000338, 0x00002265, 0x00000338, 0x00002272, + 0x00000338, 0x00002273, 0x00000338, 0x00002276, + 0x00000338, 0x00002277, 0x00000338, 0x0000227a, + 0x00000338, 0x0000227b, 0x00000338, 0x00002282, + 0x00000338, 0x00002283, 0x00000338, 0x00002286, + 0x00000338, 0x00002287, 0x00000338, 0x000022a2, + 0x00000338, 0x000022a8, 0x00000338, 0x000022a9, + 0x00000338, 0x000022ab, 0x00000338, 0x0000227c, + 0x00000338, 0x0000227d, 0x00000338, 0x00002291, + 0x00000338, 0x00002292, 0x00000338, 0x000022b2, + 0x00000338, 0x000022b3, 0x00000338, 0x000022b4, + 0x00000338, 0x000022b5, 0x00000338, 0x00003008, + 0x00003009, 0x00002add, 0x00000338, 0x0000304b, + 0x00003099, 0x0000304d, 0x00003099, 0x0000304f, + 0x00003099, 0x00003051, 0x00003099, 0x00003053, + 0x00003099, 0x00003055, 0x00003099, 0x00003057, + 0x00003099, 0x00003059, 0x00003099, 0x0000305b, + 0x00003099, 0x0000305d, 0x00003099, 0x0000305f, + 0x00003099, 0x00003061, 0x00003099, 0x00003064, + 0x00003099, 0x00003066, 0x00003099, 0x00003068, + 0x00003099, 0x0000306f, 0x00003099, 0x0000306f, + 0x0000309a, 0x00003072, 0x00003099, 0x00003072, + 0x0000309a, 0x00003075, 0x00003099, 0x00003075, + 0x0000309a, 0x00003078, 0x00003099, 0x00003078, + 0x0000309a, 0x0000307b, 0x00003099, 0x0000307b, + 0x0000309a, 0x00003046, 0x00003099, 0x0000309d, + 0x00003099, 0x000030ab, 0x00003099, 0x000030ad, + 0x00003099, 0x000030af, 0x00003099, 0x000030b1, + 0x00003099, 0x000030b3, 0x00003099, 0x000030b5, + 0x00003099, 0x000030b7, 0x00003099, 0x000030b9, + 0x00003099, 0x000030bb, 0x00003099, 0x000030bd, + 0x00003099, 0x000030bf, 0x00003099, 0x000030c1, + 0x00003099, 0x000030c4, 0x00003099, 0x000030c6, + 0x00003099, 0x000030c8, 0x00003099, 0x000030cf, + 0x00003099, 0x000030cf, 0x0000309a, 0x000030d2, + 0x00003099, 0x000030d2, 0x0000309a, 0x000030d5, + 0x00003099, 0x000030d5, 0x0000309a, 0x000030d8, + 0x00003099, 0x000030d8, 0x0000309a, 0x000030db, + 0x00003099, 0x000030db, 0x0000309a, 0x000030a6, + 0x00003099, 0x000030ef, 0x00003099, 0x000030f0, + 0x00003099, 0x000030f1, 0x00003099, 0x000030f2, + 0x00003099, 0x000030fd, 0x00003099, 0x00008eca, + 0x00008cc8, 0x00006ed1, 0x00004e32, 0x000053e5, + 0x00009f9c, 0x00009f9c, 0x00005951, 0x000091d1, + 0x00005587, 0x00005948, 0x000061f6, 0x00007669, + 0x00007f85, 0x0000863f, 0x000087ba, 0x000088f8, + 0x0000908f, 0x00006a02, 0x00006d1b, 0x000070d9, + 0x000073de, 0x0000843d, 0x0000916a, 0x000099f1, + 0x00004e82, 0x00005375, 0x00006b04, 0x0000721b, + 0x0000862d, 0x00009e1e, 0x00005d50, 0x00006feb, + 0x000085cd, 0x00008964, 0x000062c9, 0x000081d8, + 0x0000881f, 0x00005eca, 0x00006717, 0x00006d6a, + 0x000072fc, 0x000090ce, 0x00004f86, 0x000051b7, + 0x000052de, 0x000064c4, 0x00006ad3, 0x00007210, + 0x000076e7, 0x00008001, 0x00008606, 0x0000865c, + 0x00008def, 0x00009732, 0x00009b6f, 0x00009dfa, + 0x0000788c, 0x0000797f, 0x00007da0, 0x000083c9, + 0x00009304, 0x00009e7f, 0x00008ad6, 0x000058df, + 0x00005f04, 0x00007c60, 0x0000807e, 0x00007262, + 0x000078ca, 0x00008cc2, 0x000096f7, 0x000058d8, + 0x00005c62, 0x00006a13, 0x00006dda, 0x00006f0f, + 0x00007d2f, 0x00007e37, 0x0000964b, 0x000052d2, + 0x0000808b, 0x000051dc, 0x000051cc, 0x00007a1c, + 0x00007dbe, 0x000083f1, 0x00009675, 0x00008b80, + 0x000062cf, 0x00006a02, 0x00008afe, 0x00004e39, + 0x00005be7, 0x00006012, 0x00007387, 0x00007570, + 0x00005317, 0x000078fb, 0x00004fbf, 0x00005fa9, + 0x00004e0d, 0x00006ccc, 0x00006578, 0x00007d22, + 0x000053c3, 0x0000585e, 0x00007701, 0x00008449, + 0x00008aaa, 0x00006bba, 0x00008fb0, 0x00006c88, + 0x000062fe, 0x000082e5, 0x000063a0, 0x00007565, + 0x00004eae, 0x00005169, 0x000051c9, 0x00006881, + 0x00007ce7, 0x0000826f, 0x00008ad2, 0x000091cf, + 0x000052f5, 0x00005442, 0x00005973, 0x00005eec, + 0x000065c5, 0x00006ffe, 0x0000792a, 0x000095ad, + 0x00009a6a, 0x00009e97, 0x00009ece, 0x0000529b, + 0x000066c6, 0x00006b77, 0x00008f62, 0x00005e74, + 0x00006190, 0x00006200, 0x0000649a, 0x00006f23, + 0x00007149, 0x00007489, 0x000079ca, 0x00007df4, + 0x0000806f, 0x00008f26, 0x000084ee, 0x00009023, + 0x0000934a, 0x00005217, 0x000052a3, 0x000054bd, + 0x000070c8, 0x000088c2, 0x00008aaa, 0x00005ec9, + 0x00005ff5, 0x0000637b, 0x00006bae, 0x00007c3e, + 0x00007375, 0x00004ee4, 0x000056f9, 0x00005be7, + 0x00005dba, 0x0000601c, 0x000073b2, 0x00007469, + 0x00007f9a, 0x00008046, 0x00009234, 0x000096f6, + 0x00009748, 0x00009818, 0x00004f8b, 0x000079ae, + 0x000091b4, 0x000096b8, 0x000060e1, 0x00004e86, + 0x000050da, 0x00005bee, 0x00005c3f, 0x00006599, + 0x00006a02, 0x000071ce, 0x00007642, 0x000084fc, + 0x0000907c, 0x00009f8d, 0x00006688, 0x0000962e, + 0x00005289, 0x0000677b, 0x000067f3, 0x00006d41, + 0x00006e9c, 0x00007409, 0x00007559, 0x0000786b, + 0x00007d10, 0x0000985e, 0x0000516d, 0x0000622e, + 0x00009678, 0x0000502b, 0x00005d19, 0x00006dea, + 0x00008f2a, 0x00005f8b, 0x00006144, 0x00006817, + 0x00007387, 0x00009686, 0x00005229, 0x0000540f, + 0x00005c65, 0x00006613, 0x0000674e, 0x000068a8, + 0x00006ce5, 0x00007406, 0x000075e2, 0x00007f79, + 0x000088cf, 0x000088e1, 0x000091cc, 0x000096e2, + 0x0000533f, 0x00006eba, 0x0000541d, 0x000071d0, + 0x00007498, 0x000085fa, 0x000096a3, 0x00009c57, + 0x00009e9f, 0x00006797, 0x00006dcb, 0x000081e8, + 0x00007acb, 0x00007b20, 0x00007c92, 0x000072c0, + 0x00007099, 0x00008b58, 0x00004ec0, 0x00008336, + 0x0000523a, 0x00005207, 0x00005ea6, 0x000062d3, + 0x00007cd6, 0x00005b85, 0x00006d1e, 0x000066b4, + 0x00008f3b, 0x0000884c, 0x0000964d, 0x0000898b, + 0x00005ed3, 0x00005140, 0x000055c0, 0x0000585a, + 0x00006674, 0x000051de, 0x0000732a, 0x000076ca, + 0x0000793c, 0x0000795e, 0x00007965, 0x0000798f, + 0x00009756, 0x00007cbe, 0x00007fbd, 0x00008612, + 0x00008af8, 0x00009038, 0x000090fd, 0x000098ef, + 0x000098fc, 0x00009928, 0x00009db4, 0x00004fae, + 0x000050e7, 0x0000514d, 0x000052c9, 0x000052e4, + 0x00005351, 0x0000559d, 0x00005606, 0x00005668, + 0x00005840, 0x000058a8, 0x00005c64, 0x00005c6e, + 0x00006094, 0x00006168, 0x0000618e, 0x000061f2, + 0x0000654f, 0x000065e2, 0x00006691, 0x00006885, + 0x00006d77, 0x00006e1a, 0x00006f22, 0x0000716e, + 0x0000722b, 0x00007422, 0x00007891, 0x0000793e, + 0x00007949, 0x00007948, 0x00007950, 0x00007956, + 0x0000795d, 0x0000798d, 0x0000798e, 0x00007a40, + 0x00007a81, 0x00007bc0, 0x00007df4, 0x00007e09, + 0x00007e41, 0x00007f72, 0x00008005, 0x000081ed, + 0x00008279, 0x00008279, 0x00008457, 0x00008910, + 0x00008996, 0x00008b01, 0x00008b39, 0x00008cd3, + 0x00008d08, 0x00008fb6, 0x00009038, 0x000096e3, + 0x000097ff, 0x0000983b, 0x000005d9, 0x000005b4, + 0x000005f2, 0x000005b7, 0x000005e9, 0x000005c1, + 0x000005e9, 0x000005c2, 0x000005e9, 0x000005bc, + 0x000005c1, 0x000005e9, 0x000005bc, 0x000005c2, + 0x000005d0, 0x000005b7, 0x000005d0, 0x000005b8, + 0x000005d0, 0x000005bc, 0x000005d1, 0x000005bc, + 0x000005d2, 0x000005bc, 0x000005d3, 0x000005bc, + 0x000005d4, 0x000005bc, 0x000005d5, 0x000005bc, + 0x000005d6, 0x000005bc, 0x000005d8, 0x000005bc, + 0x000005d9, 0x000005bc, 0x000005da, 0x000005bc, + 0x000005db, 0x000005bc, 0x000005dc, 0x000005bc, + 0x000005de, 0x000005bc, 0x000005e0, 0x000005bc, + 0x000005e1, 0x000005bc, 0x000005e3, 0x000005bc, + 0x000005e4, 0x000005bc, 0x000005e6, 0x000005bc, + 0x000005e7, 0x000005bc, 0x000005e8, 0x000005bc, + 0x000005e9, 0x000005bc, 0x000005ea, 0x000005bc, + 0x000005d5, 0x000005b9, 0x000005d1, 0x000005bf, + 0x000005db, 0x000005bf, 0x000005e4, 0x000005bf, + 0x0001d157, 0x0001d165, 0x0001d158, 0x0001d165, + 0x0001d158, 0x0001d165, 0x0001d16e, 0x0001d158, + 0x0001d165, 0x0001d16f, 0x0001d158, 0x0001d165, + 0x0001d170, 0x0001d158, 0x0001d165, 0x0001d171, + 0x0001d158, 0x0001d165, 0x0001d172, 0x0001d1b9, + 0x0001d165, 0x0001d1ba, 0x0001d165, 0x0001d1b9, + 0x0001d165, 0x0001d16e, 0x0001d1ba, 0x0001d165, + 0x0001d16e, 0x0001d1b9, 0x0001d165, 0x0001d16f, + 0x0001d1ba, 0x0001d165, 0x0001d16f, 0x00004e3d, + 0x00004e38, 0x00004e41, 0x00020122, 0x00004f60, + 0x00004fae, 0x00004fbb, 0x00005002, 0x0000507a, + 0x00005099, 0x000050e7, 0x000050cf, 0x0000349e, + 0x0002063a, 0x0000514d, 0x00005154, 0x00005164, + 0x00005177, 0x0002051c, 0x000034b9, 0x00005167, + 0x0000518d, 0x0002054b, 0x00005197, 0x000051a4, + 0x00004ecc, 0x000051ac, 0x000051b5, 0x000291df, + 0x000051f5, 0x00005203, 0x000034df, 0x0000523b, + 0x00005246, 0x00005272, 0x00005277, 0x00003515, + 0x000052c7, 0x000052c9, 0x000052e4, 0x000052fa, + 0x00005305, 0x00005306, 0x00005317, 0x00005349, + 0x00005351, 0x0000535a, 0x00005373, 0x0000537d, + 0x0000537f, 0x0000537f, 0x0000537f, 0x00020a2c, + 0x00007070, 0x000053ca, 0x000053df, 0x00020b63, + 0x000053eb, 0x000053f1, 0x00005406, 0x0000549e, + 0x00005438, 0x00005448, 0x00005468, 0x000054a2, + 0x000054f6, 0x00005510, 0x00005553, 0x00005563, + 0x00005584, 0x00005584, 0x00005599, 0x000055ab, + 0x000055b3, 0x000055c2, 0x00005716, 0x00005606, + 0x00005717, 0x00005651, 0x00005674, 0x00005207, + 0x000058ee, 0x000057ce, 0x000057f4, 0x0000580d, + 0x0000578b, 0x00005832, 0x00005831, 0x000058ac, + 0x000214e4, 0x000058f2, 0x000058f7, 0x00005906, + 0x0000591a, 0x00005922, 0x00005962, 0x000216a8, + 0x000216ea, 0x000059ec, 0x00005a1b, 0x00005a27, + 0x000059d8, 0x00005a66, 0x000036ee, 0x0002136a, + 0x00005b08, 0x00005b3e, 0x00005b3e, 0x000219c8, + 0x00005bc3, 0x00005bd8, 0x00005be7, 0x00005bf3, + 0x00021b18, 0x00005bff, 0x00005c06, 0x00005f33, + 0x00005c22, 0x00003781, 0x00005c60, 0x00005c6e, + 0x00005cc0, 0x00005c8d, 0x00021de4, 0x00005d43, + 0x00021de6, 0x00005d6e, 0x00005d6b, 0x00005d7c, + 0x00005de1, 0x00005de2, 0x0000382f, 0x00005dfd, + 0x00005e28, 0x00005e3d, 0x00005e69, 0x00003862, + 0x00022183, 0x0000387c, 0x00005eb0, 0x00005eb3, + 0x00005eb6, 0x00005eca, 0x0002a392, 0x00005efe, + 0x00022331, 0x00022331, 0x00008201, 0x00005f22, + 0x00005f22, 0x000038c7, 0x000232b8, 0x000261da, + 0x00005f62, 0x00005f6b, 0x000038e3, 0x00005f9a, + 0x00005fcd, 0x00005fd7, 0x00005ff9, 0x00006081, + 0x0000393a, 0x0000391c, 0x00006094, 0x000226d4, + 0x000060c7, 0x00006148, 0x0000614c, 0x0000614e, + 0x0000614c, 0x0000617a, 0x0000618e, 0x000061b2, + 0x000061a4, 0x000061af, 0x000061de, 0x000061f2, + 0x000061f6, 0x00006210, 0x0000621b, 0x0000625d, + 0x000062b1, 0x000062d4, 0x00006350, 0x00022b0c, + 0x0000633d, 0x000062fc, 0x00006368, 0x00006383, + 0x000063e4, 0x00022bf1, 0x00006422, 0x000063c5, + 0x000063a9, 0x00003a2e, 0x00006469, 0x0000647e, + 0x0000649d, 0x00006477, 0x00003a6c, 0x0000654f, + 0x0000656c, 0x0002300a, 0x000065e3, 0x000066f8, + 0x00006649, 0x00003b19, 0x00006691, 0x00003b08, + 0x00003ae4, 0x00005192, 0x00005195, 0x00006700, + 0x0000669c, 0x000080ad, 0x000043d9, 0x00006717, + 0x0000671b, 0x00006721, 0x0000675e, 0x00006753, + 0x000233c3, 0x00003b49, 0x000067fa, 0x00006785, + 0x00006852, 0x00006885, 0x0002346d, 0x0000688e, + 0x0000681f, 0x00006914, 0x00003b9d, 0x00006942, + 0x000069a3, 0x000069ea, 0x00006aa8, 0x000236a3, + 0x00006adb, 0x00003c18, 0x00006b21, 0x000238a7, + 0x00006b54, 0x00003c4e, 0x00006b72, 0x00006b9f, + 0x00006bba, 0x00006bbb, 0x00023a8d, 0x00021d0b, + 0x00023afa, 0x00006c4e, 0x00023cbc, 0x00006cbf, + 0x00006ccd, 0x00006c67, 0x00006d16, 0x00006d3e, + 0x00006d77, 0x00006d41, 0x00006d69, 0x00006d78, + 0x00006d85, 0x00023d1e, 0x00006d34, 0x00006e2f, + 0x00006e6e, 0x00003d33, 0x00006ecb, 0x00006ec7, + 0x00023ed1, 0x00006df9, 0x00006f6e, 0x00023f5e, + 0x00023f8e, 0x00006fc6, 0x00007039, 0x0000701e, + 0x0000701b, 0x00003d96, 0x0000704a, 0x0000707d, + 0x00007077, 0x000070ad, 0x00020525, 0x00007145, + 0x00024263, 0x0000719c, 0x000043ab, 0x00007228, + 0x00007235, 0x00007250, 0x00024608, 0x00007280, + 0x00007295, 0x00024735, 0x00024814, 0x0000737a, + 0x0000738b, 0x00003eac, 0x000073a5, 0x00003eb8, + 0x00003eb8, 0x00007447, 0x0000745c, 0x00007471, + 0x00007485, 0x000074ca, 0x00003f1b, 0x00007524, + 0x00024c36, 0x0000753e, 0x00024c92, 0x00007570, + 0x0002219f, 0x00007610, 0x00024fa1, 0x00024fb8, + 0x00025044, 0x00003ffc, 0x00004008, 0x000076f4, + 0x000250f3, 0x000250f2, 0x00025119, 0x00025133, + 0x0000771e, 0x0000771f, 0x0000771f, 0x0000774a, + 0x00004039, 0x0000778b, 0x00004046, 0x00004096, + 0x0002541d, 0x0000784e, 0x0000788c, 0x000078cc, + 0x000040e3, 0x00025626, 0x00007956, 0x0002569a, + 0x000256c5, 0x0000798f, 0x000079eb, 0x0000412f, + 0x00007a40, 0x00007a4a, 0x00007a4f, 0x0002597c, + 0x00025aa7, 0x00025aa7, 0x00007aae, 0x00004202, + 0x00025bab, 0x00007bc6, 0x00007bc9, 0x00004227, + 0x00025c80, 0x00007cd2, 0x000042a0, 0x00007ce8, + 0x00007ce3, 0x00007d00, 0x00025f86, 0x00007d63, + 0x00004301, 0x00007dc7, 0x00007e02, 0x00007e45, + 0x00004334, 0x00026228, 0x00026247, 0x00004359, + 0x000262d9, 0x00007f7a, 0x0002633e, 0x00007f95, + 0x00007ffa, 0x00008005, 0x000264da, 0x00026523, + 0x00008060, 0x000265a8, 0x00008070, 0x0002335f, + 0x000043d5, 0x000080b2, 0x00008103, 0x0000440b, + 0x0000813e, 0x00005ab5, 0x000267a7, 0x000267b5, + 0x00023393, 0x0002339c, 0x00008201, 0x00008204, + 0x00008f9e, 0x0000446b, 0x00008291, 0x0000828b, + 0x0000829d, 0x000052b3, 0x000082b1, 0x000082b3, + 0x000082bd, 0x000082e6, 0x00026b3c, 0x000082e5, + 0x0000831d, 0x00008363, 0x000083ad, 0x00008323, + 0x000083bd, 0x000083e7, 0x00008457, 0x00008353, + 0x000083ca, 0x000083cc, 0x000083dc, 0x00026c36, + 0x00026d6b, 0x00026cd5, 0x0000452b, 0x000084f1, + 0x000084f3, 0x00008516, 0x000273ca, 0x00008564, + 0x00026f2c, 0x0000455d, 0x00004561, 0x00026fb1, + 0x000270d2, 0x0000456b, 0x00008650, 0x0000865c, + 0x00008667, 0x00008669, 0x000086a9, 0x00008688, + 0x0000870e, 0x000086e2, 0x00008779, 0x00008728, + 0x0000876b, 0x00008786, 0x00004d57, 0x000087e1, + 0x00008801, 0x000045f9, 0x00008860, 0x00008863, + 0x00027667, 0x000088d7, 0x000088de, 0x00004635, + 0x000088fa, 0x000034bb, 0x000278ae, 0x00027966, + 0x000046be, 0x000046c7, 0x00008aa0, 0x00008aed, + 0x00008b8a, 0x00008c55, 0x00027ca8, 0x00008cab, + 0x00008cc1, 0x00008d1b, 0x00008d77, 0x00027f2f, + 0x00020804, 0x00008dcb, 0x00008dbc, 0x00008df0, + 0x000208de, 0x00008ed4, 0x00008f38, 0x000285d2, + 0x000285ed, 0x00009094, 0x000090f1, 0x00009111, + 0x0002872e, 0x0000911b, 0x00009238, 0x000092d7, + 0x000092d8, 0x0000927c, 0x000093f9, 0x00009415, + 0x00028bfa, 0x0000958b, 0x00004995, 0x000095b7, + 0x00028d77, 0x000049e6, 0x000096c3, 0x00005db2, + 0x00009723, 0x00029145, 0x0002921a, 0x00004a6e, + 0x00004a76, 0x000097e0, 0x0002940a, 0x00004ab2, + 0x00029496, 0x0000980b, 0x0000980b, 0x00009829, + 0x000295b6, 0x000098e2, 0x00004b33, 0x00009929, + 0x000099a7, 0x000099c2, 0x000099fe, 0x00004bce, + 0x00029b30, 0x00009b12, 0x00009c40, 0x00009cfd, + 0x00004cce, 0x00004ced, 0x00009d67, 0x0002a0ce, + 0x00004cf8, 0x0002a105, 0x0002a20e, 0x0002a291, + 0x00009ebb, 0x00004d56, 0x00009ef9, 0x00009efe, + 0x00009f05, 0x00009f0f, 0x00009f16, 0x00009f3b, + 0x0002a600 +}; + +static const krb5_ui_4 _uckdcmp_size = 10282; + +static const krb5_ui_4 _uckdcmp_nodes[] = { + 0x000000a0, 0x00000000, + 0x000000a8, 0x00000001, + 0x000000aa, 0x00000003, + 0x000000af, 0x00000004, + 0x000000b2, 0x00000006, + 0x000000b3, 0x00000007, + 0x000000b4, 0x00000008, + 0x000000b5, 0x0000000a, + 0x000000b8, 0x0000000b, + 0x000000b9, 0x0000000d, + 0x000000ba, 0x0000000e, + 0x000000bc, 0x0000000f, + 0x000000bd, 0x00000012, + 0x000000be, 0x00000015, + 0x000000c0, 0x00000018, + 0x000000c1, 0x0000001a, + 0x000000c2, 0x0000001c, + 0x000000c3, 0x0000001e, + 0x000000c4, 0x00000020, + 0x000000c5, 0x00000022, + 0x000000c7, 0x00000024, + 0x000000c8, 0x00000026, + 0x000000c9, 0x00000028, + 0x000000ca, 0x0000002a, + 0x000000cb, 0x0000002c, + 0x000000cc, 0x0000002e, + 0x000000cd, 0x00000030, + 0x000000ce, 0x00000032, + 0x000000cf, 0x00000034, + 0x000000d1, 0x00000036, + 0x000000d2, 0x00000038, + 0x000000d3, 0x0000003a, + 0x000000d4, 0x0000003c, + 0x000000d5, 0x0000003e, + 0x000000d6, 0x00000040, + 0x000000d9, 0x00000042, + 0x000000da, 0x00000044, + 0x000000db, 0x00000046, + 0x000000dc, 0x00000048, + 0x000000dd, 0x0000004a, + 0x000000e0, 0x0000004c, + 0x000000e1, 0x0000004e, + 0x000000e2, 0x00000050, + 0x000000e3, 0x00000052, + 0x000000e4, 0x00000054, + 0x000000e5, 0x00000056, + 0x000000e7, 0x00000058, + 0x000000e8, 0x0000005a, + 0x000000e9, 0x0000005c, + 0x000000ea, 0x0000005e, + 0x000000eb, 0x00000060, + 0x000000ec, 0x00000062, + 0x000000ed, 0x00000064, + 0x000000ee, 0x00000066, + 0x000000ef, 0x00000068, + 0x000000f1, 0x0000006a, + 0x000000f2, 0x0000006c, + 0x000000f3, 0x0000006e, + 0x000000f4, 0x00000070, + 0x000000f5, 0x00000072, + 0x000000f6, 0x00000074, + 0x000000f9, 0x00000076, + 0x000000fa, 0x00000078, + 0x000000fb, 0x0000007a, + 0x000000fc, 0x0000007c, + 0x000000fd, 0x0000007e, + 0x000000ff, 0x00000080, + 0x00000100, 0x00000082, + 0x00000101, 0x00000084, + 0x00000102, 0x00000086, + 0x00000103, 0x00000088, + 0x00000104, 0x0000008a, + 0x00000105, 0x0000008c, + 0x00000106, 0x0000008e, + 0x00000107, 0x00000090, + 0x00000108, 0x00000092, + 0x00000109, 0x00000094, + 0x0000010a, 0x00000096, + 0x0000010b, 0x00000098, + 0x0000010c, 0x0000009a, + 0x0000010d, 0x0000009c, + 0x0000010e, 0x0000009e, + 0x0000010f, 0x000000a0, + 0x00000112, 0x000000a2, + 0x00000113, 0x000000a4, + 0x00000114, 0x000000a6, + 0x00000115, 0x000000a8, + 0x00000116, 0x000000aa, + 0x00000117, 0x000000ac, + 0x00000118, 0x000000ae, + 0x00000119, 0x000000b0, + 0x0000011a, 0x000000b2, + 0x0000011b, 0x000000b4, + 0x0000011c, 0x000000b6, + 0x0000011d, 0x000000b8, + 0x0000011e, 0x000000ba, + 0x0000011f, 0x000000bc, + 0x00000120, 0x000000be, + 0x00000121, 0x000000c0, + 0x00000122, 0x000000c2, + 0x00000123, 0x000000c4, + 0x00000124, 0x000000c6, + 0x00000125, 0x000000c8, + 0x00000128, 0x000000ca, + 0x00000129, 0x000000cc, + 0x0000012a, 0x000000ce, + 0x0000012b, 0x000000d0, + 0x0000012c, 0x000000d2, + 0x0000012d, 0x000000d4, + 0x0000012e, 0x000000d6, + 0x0000012f, 0x000000d8, + 0x00000130, 0x000000da, + 0x00000132, 0x000000dc, + 0x00000133, 0x000000de, + 0x00000134, 0x000000e0, + 0x00000135, 0x000000e2, + 0x00000136, 0x000000e4, + 0x00000137, 0x000000e6, + 0x00000139, 0x000000e8, + 0x0000013a, 0x000000ea, + 0x0000013b, 0x000000ec, + 0x0000013c, 0x000000ee, + 0x0000013d, 0x000000f0, + 0x0000013e, 0x000000f2, + 0x0000013f, 0x000000f4, + 0x00000140, 0x000000f6, + 0x00000143, 0x000000f8, + 0x00000144, 0x000000fa, + 0x00000145, 0x000000fc, + 0x00000146, 0x000000fe, + 0x00000147, 0x00000100, + 0x00000148, 0x00000102, + 0x00000149, 0x00000104, + 0x0000014c, 0x00000106, + 0x0000014d, 0x00000108, + 0x0000014e, 0x0000010a, + 0x0000014f, 0x0000010c, + 0x00000150, 0x0000010e, + 0x00000151, 0x00000110, + 0x00000154, 0x00000112, + 0x00000155, 0x00000114, + 0x00000156, 0x00000116, + 0x00000157, 0x00000118, + 0x00000158, 0x0000011a, + 0x00000159, 0x0000011c, + 0x0000015a, 0x0000011e, + 0x0000015b, 0x00000120, + 0x0000015c, 0x00000122, + 0x0000015d, 0x00000124, + 0x0000015e, 0x00000126, + 0x0000015f, 0x00000128, + 0x00000160, 0x0000012a, + 0x00000161, 0x0000012c, + 0x00000162, 0x0000012e, + 0x00000163, 0x00000130, + 0x00000164, 0x00000132, + 0x00000165, 0x00000134, + 0x00000168, 0x00000136, + 0x00000169, 0x00000138, + 0x0000016a, 0x0000013a, + 0x0000016b, 0x0000013c, + 0x0000016c, 0x0000013e, + 0x0000016d, 0x00000140, + 0x0000016e, 0x00000142, + 0x0000016f, 0x00000144, + 0x00000170, 0x00000146, + 0x00000171, 0x00000148, + 0x00000172, 0x0000014a, + 0x00000173, 0x0000014c, + 0x00000174, 0x0000014e, + 0x00000175, 0x00000150, + 0x00000176, 0x00000152, + 0x00000177, 0x00000154, + 0x00000178, 0x00000156, + 0x00000179, 0x00000158, + 0x0000017a, 0x0000015a, + 0x0000017b, 0x0000015c, + 0x0000017c, 0x0000015e, + 0x0000017d, 0x00000160, + 0x0000017e, 0x00000162, + 0x0000017f, 0x00000164, + 0x000001a0, 0x00000165, + 0x000001a1, 0x00000167, + 0x000001af, 0x00000169, + 0x000001b0, 0x0000016b, + 0x000001c4, 0x0000016d, + 0x000001c5, 0x00000170, + 0x000001c6, 0x00000173, + 0x000001c7, 0x00000176, + 0x000001c8, 0x00000178, + 0x000001c9, 0x0000017a, + 0x000001ca, 0x0000017c, + 0x000001cb, 0x0000017e, + 0x000001cc, 0x00000180, + 0x000001cd, 0x00000182, + 0x000001ce, 0x00000184, + 0x000001cf, 0x00000186, + 0x000001d0, 0x00000188, + 0x000001d1, 0x0000018a, + 0x000001d2, 0x0000018c, + 0x000001d3, 0x0000018e, + 0x000001d4, 0x00000190, + 0x000001d5, 0x00000192, + 0x000001d6, 0x00000195, + 0x000001d7, 0x00000198, + 0x000001d8, 0x0000019b, + 0x000001d9, 0x0000019e, + 0x000001da, 0x000001a1, + 0x000001db, 0x000001a4, + 0x000001dc, 0x000001a7, + 0x000001de, 0x000001aa, + 0x000001df, 0x000001ad, + 0x000001e0, 0x000001b0, + 0x000001e1, 0x000001b3, + 0x000001e2, 0x000001b6, + 0x000001e3, 0x000001b8, + 0x000001e6, 0x000001ba, + 0x000001e7, 0x000001bc, + 0x000001e8, 0x000001be, + 0x000001e9, 0x000001c0, + 0x000001ea, 0x000001c2, + 0x000001eb, 0x000001c4, + 0x000001ec, 0x000001c6, + 0x000001ed, 0x000001c9, + 0x000001ee, 0x000001cc, + 0x000001ef, 0x000001ce, + 0x000001f0, 0x000001d0, + 0x000001f1, 0x000001d2, + 0x000001f2, 0x000001d4, + 0x000001f3, 0x000001d6, + 0x000001f4, 0x000001d8, + 0x000001f5, 0x000001da, + 0x000001f8, 0x000001dc, + 0x000001f9, 0x000001de, + 0x000001fa, 0x000001e0, + 0x000001fb, 0x000001e3, + 0x000001fc, 0x000001e6, + 0x000001fd, 0x000001e8, + 0x000001fe, 0x000001ea, + 0x000001ff, 0x000001ec, + 0x00000200, 0x000001ee, + 0x00000201, 0x000001f0, + 0x00000202, 0x000001f2, + 0x00000203, 0x000001f4, + 0x00000204, 0x000001f6, + 0x00000205, 0x000001f8, + 0x00000206, 0x000001fa, + 0x00000207, 0x000001fc, + 0x00000208, 0x000001fe, + 0x00000209, 0x00000200, + 0x0000020a, 0x00000202, + 0x0000020b, 0x00000204, + 0x0000020c, 0x00000206, + 0x0000020d, 0x00000208, + 0x0000020e, 0x0000020a, + 0x0000020f, 0x0000020c, + 0x00000210, 0x0000020e, + 0x00000211, 0x00000210, + 0x00000212, 0x00000212, + 0x00000213, 0x00000214, + 0x00000214, 0x00000216, + 0x00000215, 0x00000218, + 0x00000216, 0x0000021a, + 0x00000217, 0x0000021c, + 0x00000218, 0x0000021e, + 0x00000219, 0x00000220, + 0x0000021a, 0x00000222, + 0x0000021b, 0x00000224, + 0x0000021e, 0x00000226, + 0x0000021f, 0x00000228, + 0x00000226, 0x0000022a, + 0x00000227, 0x0000022c, + 0x00000228, 0x0000022e, + 0x00000229, 0x00000230, + 0x0000022a, 0x00000232, + 0x0000022b, 0x00000235, + 0x0000022c, 0x00000238, + 0x0000022d, 0x0000023b, + 0x0000022e, 0x0000023e, + 0x0000022f, 0x00000240, + 0x00000230, 0x00000242, + 0x00000231, 0x00000245, + 0x00000232, 0x00000248, + 0x00000233, 0x0000024a, + 0x000002b0, 0x0000024c, + 0x000002b1, 0x0000024d, + 0x000002b2, 0x0000024e, + 0x000002b3, 0x0000024f, + 0x000002b4, 0x00000250, + 0x000002b5, 0x00000251, + 0x000002b6, 0x00000252, + 0x000002b7, 0x00000253, + 0x000002b8, 0x00000254, + 0x000002d8, 0x00000255, + 0x000002d9, 0x00000257, + 0x000002da, 0x00000259, + 0x000002db, 0x0000025b, + 0x000002dc, 0x0000025d, + 0x000002dd, 0x0000025f, + 0x000002e0, 0x00000261, + 0x000002e1, 0x00000262, + 0x000002e2, 0x00000263, + 0x000002e3, 0x00000264, + 0x000002e4, 0x00000265, + 0x00000340, 0x00000266, + 0x00000341, 0x00000267, + 0x00000343, 0x00000268, + 0x00000344, 0x00000269, + 0x00000374, 0x0000026b, + 0x0000037a, 0x0000026c, + 0x0000037e, 0x0000026e, + 0x00000384, 0x0000026f, + 0x00000385, 0x00000271, + 0x00000386, 0x00000274, + 0x00000387, 0x00000276, + 0x00000388, 0x00000277, + 0x00000389, 0x00000279, + 0x0000038a, 0x0000027b, + 0x0000038c, 0x0000027d, + 0x0000038e, 0x0000027f, + 0x0000038f, 0x00000281, + 0x00000390, 0x00000283, + 0x000003aa, 0x00000286, + 0x000003ab, 0x00000288, + 0x000003ac, 0x0000028a, + 0x000003ad, 0x0000028c, + 0x000003ae, 0x0000028e, + 0x000003af, 0x00000290, + 0x000003b0, 0x00000292, + 0x000003ca, 0x00000295, + 0x000003cb, 0x00000297, + 0x000003cc, 0x00000299, + 0x000003cd, 0x0000029b, + 0x000003ce, 0x0000029d, + 0x000003d0, 0x0000029f, + 0x000003d1, 0x000002a0, + 0x000003d2, 0x000002a1, + 0x000003d3, 0x000002a2, + 0x000003d4, 0x000002a4, + 0x000003d5, 0x000002a6, + 0x000003d6, 0x000002a7, + 0x000003f0, 0x000002a8, + 0x000003f1, 0x000002a9, + 0x000003f2, 0x000002aa, + 0x000003f4, 0x000002ab, + 0x000003f5, 0x000002ac, + 0x00000400, 0x000002ad, + 0x00000401, 0x000002af, + 0x00000403, 0x000002b1, + 0x00000407, 0x000002b3, + 0x0000040c, 0x000002b5, + 0x0000040d, 0x000002b7, + 0x0000040e, 0x000002b9, + 0x00000419, 0x000002bb, + 0x00000439, 0x000002bd, + 0x00000450, 0x000002bf, + 0x00000451, 0x000002c1, + 0x00000453, 0x000002c3, + 0x00000457, 0x000002c5, + 0x0000045c, 0x000002c7, + 0x0000045d, 0x000002c9, + 0x0000045e, 0x000002cb, + 0x00000476, 0x000002cd, + 0x00000477, 0x000002cf, + 0x000004c1, 0x000002d1, + 0x000004c2, 0x000002d3, + 0x000004d0, 0x000002d5, + 0x000004d1, 0x000002d7, + 0x000004d2, 0x000002d9, + 0x000004d3, 0x000002db, + 0x000004d6, 0x000002dd, + 0x000004d7, 0x000002df, + 0x000004da, 0x000002e1, + 0x000004db, 0x000002e3, + 0x000004dc, 0x000002e5, + 0x000004dd, 0x000002e7, + 0x000004de, 0x000002e9, + 0x000004df, 0x000002eb, + 0x000004e2, 0x000002ed, + 0x000004e3, 0x000002ef, + 0x000004e4, 0x000002f1, + 0x000004e5, 0x000002f3, + 0x000004e6, 0x000002f5, + 0x000004e7, 0x000002f7, + 0x000004ea, 0x000002f9, + 0x000004eb, 0x000002fb, + 0x000004ec, 0x000002fd, + 0x000004ed, 0x000002ff, + 0x000004ee, 0x00000301, + 0x000004ef, 0x00000303, + 0x000004f0, 0x00000305, + 0x000004f1, 0x00000307, + 0x000004f2, 0x00000309, + 0x000004f3, 0x0000030b, + 0x000004f4, 0x0000030d, + 0x000004f5, 0x0000030f, + 0x000004f8, 0x00000311, + 0x000004f9, 0x00000313, + 0x00000587, 0x00000315, + 0x00000622, 0x00000317, + 0x00000623, 0x00000319, + 0x00000624, 0x0000031b, + 0x00000625, 0x0000031d, + 0x00000626, 0x0000031f, + 0x00000675, 0x00000321, + 0x00000676, 0x00000323, + 0x00000677, 0x00000325, + 0x00000678, 0x00000327, + 0x000006c0, 0x00000329, + 0x000006c2, 0x0000032b, + 0x000006d3, 0x0000032d, + 0x00000929, 0x0000032f, + 0x00000931, 0x00000331, + 0x00000934, 0x00000333, + 0x00000958, 0x00000335, + 0x00000959, 0x00000337, + 0x0000095a, 0x00000339, + 0x0000095b, 0x0000033b, + 0x0000095c, 0x0000033d, + 0x0000095d, 0x0000033f, + 0x0000095e, 0x00000341, + 0x0000095f, 0x00000343, + 0x000009cb, 0x00000345, + 0x000009cc, 0x00000347, + 0x000009dc, 0x00000349, + 0x000009dd, 0x0000034b, + 0x000009df, 0x0000034d, + 0x00000a33, 0x0000034f, + 0x00000a36, 0x00000351, + 0x00000a59, 0x00000353, + 0x00000a5a, 0x00000355, + 0x00000a5b, 0x00000357, + 0x00000a5e, 0x00000359, + 0x00000b48, 0x0000035b, + 0x00000b4b, 0x0000035d, + 0x00000b4c, 0x0000035f, + 0x00000b5c, 0x00000361, + 0x00000b5d, 0x00000363, + 0x00000b94, 0x00000365, + 0x00000bca, 0x00000367, + 0x00000bcb, 0x00000369, + 0x00000bcc, 0x0000036b, + 0x00000c48, 0x0000036d, + 0x00000cc0, 0x0000036f, + 0x00000cc7, 0x00000371, + 0x00000cc8, 0x00000373, + 0x00000cca, 0x00000375, + 0x00000ccb, 0x00000377, + 0x00000d4a, 0x0000037a, + 0x00000d4b, 0x0000037c, + 0x00000d4c, 0x0000037e, + 0x00000dda, 0x00000380, + 0x00000ddc, 0x00000382, + 0x00000ddd, 0x00000384, + 0x00000dde, 0x00000387, + 0x00000e33, 0x00000389, + 0x00000eb3, 0x0000038b, + 0x00000edc, 0x0000038d, + 0x00000edd, 0x0000038f, + 0x00000f0c, 0x00000391, + 0x00000f43, 0x00000392, + 0x00000f4d, 0x00000394, + 0x00000f52, 0x00000396, + 0x00000f57, 0x00000398, + 0x00000f5c, 0x0000039a, + 0x00000f69, 0x0000039c, + 0x00000f73, 0x0000039e, + 0x00000f75, 0x000003a0, + 0x00000f76, 0x000003a2, + 0x00000f77, 0x000003a4, + 0x00000f78, 0x000003a7, + 0x00000f79, 0x000003a9, + 0x00000f81, 0x000003ac, + 0x00000f93, 0x000003ae, + 0x00000f9d, 0x000003b0, + 0x00000fa2, 0x000003b2, + 0x00000fa7, 0x000003b4, + 0x00000fac, 0x000003b6, + 0x00000fb9, 0x000003b8, + 0x00001026, 0x000003ba, + 0x00001e00, 0x000003bc, + 0x00001e01, 0x000003be, + 0x00001e02, 0x000003c0, + 0x00001e03, 0x000003c2, + 0x00001e04, 0x000003c4, + 0x00001e05, 0x000003c6, + 0x00001e06, 0x000003c8, + 0x00001e07, 0x000003ca, + 0x00001e08, 0x000003cc, + 0x00001e09, 0x000003cf, + 0x00001e0a, 0x000003d2, + 0x00001e0b, 0x000003d4, + 0x00001e0c, 0x000003d6, + 0x00001e0d, 0x000003d8, + 0x00001e0e, 0x000003da, + 0x00001e0f, 0x000003dc, + 0x00001e10, 0x000003de, + 0x00001e11, 0x000003e0, + 0x00001e12, 0x000003e2, + 0x00001e13, 0x000003e4, + 0x00001e14, 0x000003e6, + 0x00001e15, 0x000003e9, + 0x00001e16, 0x000003ec, + 0x00001e17, 0x000003ef, + 0x00001e18, 0x000003f2, + 0x00001e19, 0x000003f4, + 0x00001e1a, 0x000003f6, + 0x00001e1b, 0x000003f8, + 0x00001e1c, 0x000003fa, + 0x00001e1d, 0x000003fd, + 0x00001e1e, 0x00000400, + 0x00001e1f, 0x00000402, + 0x00001e20, 0x00000404, + 0x00001e21, 0x00000406, + 0x00001e22, 0x00000408, + 0x00001e23, 0x0000040a, + 0x00001e24, 0x0000040c, + 0x00001e25, 0x0000040e, + 0x00001e26, 0x00000410, + 0x00001e27, 0x00000412, + 0x00001e28, 0x00000414, + 0x00001e29, 0x00000416, + 0x00001e2a, 0x00000418, + 0x00001e2b, 0x0000041a, + 0x00001e2c, 0x0000041c, + 0x00001e2d, 0x0000041e, + 0x00001e2e, 0x00000420, + 0x00001e2f, 0x00000423, + 0x00001e30, 0x00000426, + 0x00001e31, 0x00000428, + 0x00001e32, 0x0000042a, + 0x00001e33, 0x0000042c, + 0x00001e34, 0x0000042e, + 0x00001e35, 0x00000430, + 0x00001e36, 0x00000432, + 0x00001e37, 0x00000434, + 0x00001e38, 0x00000436, + 0x00001e39, 0x00000439, + 0x00001e3a, 0x0000043c, + 0x00001e3b, 0x0000043e, + 0x00001e3c, 0x00000440, + 0x00001e3d, 0x00000442, + 0x00001e3e, 0x00000444, + 0x00001e3f, 0x00000446, + 0x00001e40, 0x00000448, + 0x00001e41, 0x0000044a, + 0x00001e42, 0x0000044c, + 0x00001e43, 0x0000044e, + 0x00001e44, 0x00000450, + 0x00001e45, 0x00000452, + 0x00001e46, 0x00000454, + 0x00001e47, 0x00000456, + 0x00001e48, 0x00000458, + 0x00001e49, 0x0000045a, + 0x00001e4a, 0x0000045c, + 0x00001e4b, 0x0000045e, + 0x00001e4c, 0x00000460, + 0x00001e4d, 0x00000463, + 0x00001e4e, 0x00000466, + 0x00001e4f, 0x00000469, + 0x00001e50, 0x0000046c, + 0x00001e51, 0x0000046f, + 0x00001e52, 0x00000472, + 0x00001e53, 0x00000475, + 0x00001e54, 0x00000478, + 0x00001e55, 0x0000047a, + 0x00001e56, 0x0000047c, + 0x00001e57, 0x0000047e, + 0x00001e58, 0x00000480, + 0x00001e59, 0x00000482, + 0x00001e5a, 0x00000484, + 0x00001e5b, 0x00000486, + 0x00001e5c, 0x00000488, + 0x00001e5d, 0x0000048b, + 0x00001e5e, 0x0000048e, + 0x00001e5f, 0x00000490, + 0x00001e60, 0x00000492, + 0x00001e61, 0x00000494, + 0x00001e62, 0x00000496, + 0x00001e63, 0x00000498, + 0x00001e64, 0x0000049a, + 0x00001e65, 0x0000049d, + 0x00001e66, 0x000004a0, + 0x00001e67, 0x000004a3, + 0x00001e68, 0x000004a6, + 0x00001e69, 0x000004a9, + 0x00001e6a, 0x000004ac, + 0x00001e6b, 0x000004ae, + 0x00001e6c, 0x000004b0, + 0x00001e6d, 0x000004b2, + 0x00001e6e, 0x000004b4, + 0x00001e6f, 0x000004b6, + 0x00001e70, 0x000004b8, + 0x00001e71, 0x000004ba, + 0x00001e72, 0x000004bc, + 0x00001e73, 0x000004be, + 0x00001e74, 0x000004c0, + 0x00001e75, 0x000004c2, + 0x00001e76, 0x000004c4, + 0x00001e77, 0x000004c6, + 0x00001e78, 0x000004c8, + 0x00001e79, 0x000004cb, + 0x00001e7a, 0x000004ce, + 0x00001e7b, 0x000004d1, + 0x00001e7c, 0x000004d4, + 0x00001e7d, 0x000004d6, + 0x00001e7e, 0x000004d8, + 0x00001e7f, 0x000004da, + 0x00001e80, 0x000004dc, + 0x00001e81, 0x000004de, + 0x00001e82, 0x000004e0, + 0x00001e83, 0x000004e2, + 0x00001e84, 0x000004e4, + 0x00001e85, 0x000004e6, + 0x00001e86, 0x000004e8, + 0x00001e87, 0x000004ea, + 0x00001e88, 0x000004ec, + 0x00001e89, 0x000004ee, + 0x00001e8a, 0x000004f0, + 0x00001e8b, 0x000004f2, + 0x00001e8c, 0x000004f4, + 0x00001e8d, 0x000004f6, + 0x00001e8e, 0x000004f8, + 0x00001e8f, 0x000004fa, + 0x00001e90, 0x000004fc, + 0x00001e91, 0x000004fe, + 0x00001e92, 0x00000500, + 0x00001e93, 0x00000502, + 0x00001e94, 0x00000504, + 0x00001e95, 0x00000506, + 0x00001e96, 0x00000508, + 0x00001e97, 0x0000050a, + 0x00001e98, 0x0000050c, + 0x00001e99, 0x0000050e, + 0x00001e9a, 0x00000510, + 0x00001e9b, 0x00000512, + 0x00001ea0, 0x00000514, + 0x00001ea1, 0x00000516, + 0x00001ea2, 0x00000518, + 0x00001ea3, 0x0000051a, + 0x00001ea4, 0x0000051c, + 0x00001ea5, 0x0000051f, + 0x00001ea6, 0x00000522, + 0x00001ea7, 0x00000525, + 0x00001ea8, 0x00000528, + 0x00001ea9, 0x0000052b, + 0x00001eaa, 0x0000052e, + 0x00001eab, 0x00000531, + 0x00001eac, 0x00000534, + 0x00001ead, 0x00000537, + 0x00001eae, 0x0000053a, + 0x00001eaf, 0x0000053d, + 0x00001eb0, 0x00000540, + 0x00001eb1, 0x00000543, + 0x00001eb2, 0x00000546, + 0x00001eb3, 0x00000549, + 0x00001eb4, 0x0000054c, + 0x00001eb5, 0x0000054f, + 0x00001eb6, 0x00000552, + 0x00001eb7, 0x00000555, + 0x00001eb8, 0x00000558, + 0x00001eb9, 0x0000055a, + 0x00001eba, 0x0000055c, + 0x00001ebb, 0x0000055e, + 0x00001ebc, 0x00000560, + 0x00001ebd, 0x00000562, + 0x00001ebe, 0x00000564, + 0x00001ebf, 0x00000567, + 0x00001ec0, 0x0000056a, + 0x00001ec1, 0x0000056d, + 0x00001ec2, 0x00000570, + 0x00001ec3, 0x00000573, + 0x00001ec4, 0x00000576, + 0x00001ec5, 0x00000579, + 0x00001ec6, 0x0000057c, + 0x00001ec7, 0x0000057f, + 0x00001ec8, 0x00000582, + 0x00001ec9, 0x00000584, + 0x00001eca, 0x00000586, + 0x00001ecb, 0x00000588, + 0x00001ecc, 0x0000058a, + 0x00001ecd, 0x0000058c, + 0x00001ece, 0x0000058e, + 0x00001ecf, 0x00000590, + 0x00001ed0, 0x00000592, + 0x00001ed1, 0x00000595, + 0x00001ed2, 0x00000598, + 0x00001ed3, 0x0000059b, + 0x00001ed4, 0x0000059e, + 0x00001ed5, 0x000005a1, + 0x00001ed6, 0x000005a4, + 0x00001ed7, 0x000005a7, + 0x00001ed8, 0x000005aa, + 0x00001ed9, 0x000005ad, + 0x00001eda, 0x000005b0, + 0x00001edb, 0x000005b3, + 0x00001edc, 0x000005b6, + 0x00001edd, 0x000005b9, + 0x00001ede, 0x000005bc, + 0x00001edf, 0x000005bf, + 0x00001ee0, 0x000005c2, + 0x00001ee1, 0x000005c5, + 0x00001ee2, 0x000005c8, + 0x00001ee3, 0x000005cb, + 0x00001ee4, 0x000005ce, + 0x00001ee5, 0x000005d0, + 0x00001ee6, 0x000005d2, + 0x00001ee7, 0x000005d4, + 0x00001ee8, 0x000005d6, + 0x00001ee9, 0x000005d9, + 0x00001eea, 0x000005dc, + 0x00001eeb, 0x000005df, + 0x00001eec, 0x000005e2, + 0x00001eed, 0x000005e5, + 0x00001eee, 0x000005e8, + 0x00001eef, 0x000005eb, + 0x00001ef0, 0x000005ee, + 0x00001ef1, 0x000005f1, + 0x00001ef2, 0x000005f4, + 0x00001ef3, 0x000005f6, + 0x00001ef4, 0x000005f8, + 0x00001ef5, 0x000005fa, + 0x00001ef6, 0x000005fc, + 0x00001ef7, 0x000005fe, + 0x00001ef8, 0x00000600, + 0x00001ef9, 0x00000602, + 0x00001f00, 0x00000604, + 0x00001f01, 0x00000606, + 0x00001f02, 0x00000608, + 0x00001f03, 0x0000060b, + 0x00001f04, 0x0000060e, + 0x00001f05, 0x00000611, + 0x00001f06, 0x00000614, + 0x00001f07, 0x00000617, + 0x00001f08, 0x0000061a, + 0x00001f09, 0x0000061c, + 0x00001f0a, 0x0000061e, + 0x00001f0b, 0x00000621, + 0x00001f0c, 0x00000624, + 0x00001f0d, 0x00000627, + 0x00001f0e, 0x0000062a, + 0x00001f0f, 0x0000062d, + 0x00001f10, 0x00000630, + 0x00001f11, 0x00000632, + 0x00001f12, 0x00000634, + 0x00001f13, 0x00000637, + 0x00001f14, 0x0000063a, + 0x00001f15, 0x0000063d, + 0x00001f18, 0x00000640, + 0x00001f19, 0x00000642, + 0x00001f1a, 0x00000644, + 0x00001f1b, 0x00000647, + 0x00001f1c, 0x0000064a, + 0x00001f1d, 0x0000064d, + 0x00001f20, 0x00000650, + 0x00001f21, 0x00000652, + 0x00001f22, 0x00000654, + 0x00001f23, 0x00000657, + 0x00001f24, 0x0000065a, + 0x00001f25, 0x0000065d, + 0x00001f26, 0x00000660, + 0x00001f27, 0x00000663, + 0x00001f28, 0x00000666, + 0x00001f29, 0x00000668, + 0x00001f2a, 0x0000066a, + 0x00001f2b, 0x0000066d, + 0x00001f2c, 0x00000670, + 0x00001f2d, 0x00000673, + 0x00001f2e, 0x00000676, + 0x00001f2f, 0x00000679, + 0x00001f30, 0x0000067c, + 0x00001f31, 0x0000067e, + 0x00001f32, 0x00000680, + 0x00001f33, 0x00000683, + 0x00001f34, 0x00000686, + 0x00001f35, 0x00000689, + 0x00001f36, 0x0000068c, + 0x00001f37, 0x0000068f, + 0x00001f38, 0x00000692, + 0x00001f39, 0x00000694, + 0x00001f3a, 0x00000696, + 0x00001f3b, 0x00000699, + 0x00001f3c, 0x0000069c, + 0x00001f3d, 0x0000069f, + 0x00001f3e, 0x000006a2, + 0x00001f3f, 0x000006a5, + 0x00001f40, 0x000006a8, + 0x00001f41, 0x000006aa, + 0x00001f42, 0x000006ac, + 0x00001f43, 0x000006af, + 0x00001f44, 0x000006b2, + 0x00001f45, 0x000006b5, + 0x00001f48, 0x000006b8, + 0x00001f49, 0x000006ba, + 0x00001f4a, 0x000006bc, + 0x00001f4b, 0x000006bf, + 0x00001f4c, 0x000006c2, + 0x00001f4d, 0x000006c5, + 0x00001f50, 0x000006c8, + 0x00001f51, 0x000006ca, + 0x00001f52, 0x000006cc, + 0x00001f53, 0x000006cf, + 0x00001f54, 0x000006d2, + 0x00001f55, 0x000006d5, + 0x00001f56, 0x000006d8, + 0x00001f57, 0x000006db, + 0x00001f59, 0x000006de, + 0x00001f5b, 0x000006e0, + 0x00001f5d, 0x000006e3, + 0x00001f5f, 0x000006e6, + 0x00001f60, 0x000006e9, + 0x00001f61, 0x000006eb, + 0x00001f62, 0x000006ed, + 0x00001f63, 0x000006f0, + 0x00001f64, 0x000006f3, + 0x00001f65, 0x000006f6, + 0x00001f66, 0x000006f9, + 0x00001f67, 0x000006fc, + 0x00001f68, 0x000006ff, + 0x00001f69, 0x00000701, + 0x00001f6a, 0x00000703, + 0x00001f6b, 0x00000706, + 0x00001f6c, 0x00000709, + 0x00001f6d, 0x0000070c, + 0x00001f6e, 0x0000070f, + 0x00001f6f, 0x00000712, + 0x00001f70, 0x00000715, + 0x00001f71, 0x00000717, + 0x00001f72, 0x00000719, + 0x00001f73, 0x0000071b, + 0x00001f74, 0x0000071d, + 0x00001f75, 0x0000071f, + 0x00001f76, 0x00000721, + 0x00001f77, 0x00000723, + 0x00001f78, 0x00000725, + 0x00001f79, 0x00000727, + 0x00001f7a, 0x00000729, + 0x00001f7b, 0x0000072b, + 0x00001f7c, 0x0000072d, + 0x00001f7d, 0x0000072f, + 0x00001f80, 0x00000731, + 0x00001f81, 0x00000734, + 0x00001f82, 0x00000737, + 0x00001f83, 0x0000073b, + 0x00001f84, 0x0000073f, + 0x00001f85, 0x00000743, + 0x00001f86, 0x00000747, + 0x00001f87, 0x0000074b, + 0x00001f88, 0x0000074f, + 0x00001f89, 0x00000752, + 0x00001f8a, 0x00000755, + 0x00001f8b, 0x00000759, + 0x00001f8c, 0x0000075d, + 0x00001f8d, 0x00000761, + 0x00001f8e, 0x00000765, + 0x00001f8f, 0x00000769, + 0x00001f90, 0x0000076d, + 0x00001f91, 0x00000770, + 0x00001f92, 0x00000773, + 0x00001f93, 0x00000777, + 0x00001f94, 0x0000077b, + 0x00001f95, 0x0000077f, + 0x00001f96, 0x00000783, + 0x00001f97, 0x00000787, + 0x00001f98, 0x0000078b, + 0x00001f99, 0x0000078e, + 0x00001f9a, 0x00000791, + 0x00001f9b, 0x00000795, + 0x00001f9c, 0x00000799, + 0x00001f9d, 0x0000079d, + 0x00001f9e, 0x000007a1, + 0x00001f9f, 0x000007a5, + 0x00001fa0, 0x000007a9, + 0x00001fa1, 0x000007ac, + 0x00001fa2, 0x000007af, + 0x00001fa3, 0x000007b3, + 0x00001fa4, 0x000007b7, + 0x00001fa5, 0x000007bb, + 0x00001fa6, 0x000007bf, + 0x00001fa7, 0x000007c3, + 0x00001fa8, 0x000007c7, + 0x00001fa9, 0x000007ca, + 0x00001faa, 0x000007cd, + 0x00001fab, 0x000007d1, + 0x00001fac, 0x000007d5, + 0x00001fad, 0x000007d9, + 0x00001fae, 0x000007dd, + 0x00001faf, 0x000007e1, + 0x00001fb0, 0x000007e5, + 0x00001fb1, 0x000007e7, + 0x00001fb2, 0x000007e9, + 0x00001fb3, 0x000007ec, + 0x00001fb4, 0x000007ee, + 0x00001fb6, 0x000007f1, + 0x00001fb7, 0x000007f3, + 0x00001fb8, 0x000007f6, + 0x00001fb9, 0x000007f8, + 0x00001fba, 0x000007fa, + 0x00001fbb, 0x000007fc, + 0x00001fbc, 0x000007fe, + 0x00001fbd, 0x00000800, + 0x00001fbe, 0x00000802, + 0x00001fbf, 0x00000803, + 0x00001fc0, 0x00000805, + 0x00001fc1, 0x00000807, + 0x00001fc2, 0x0000080a, + 0x00001fc3, 0x0000080d, + 0x00001fc4, 0x0000080f, + 0x00001fc6, 0x00000812, + 0x00001fc7, 0x00000814, + 0x00001fc8, 0x00000817, + 0x00001fc9, 0x00000819, + 0x00001fca, 0x0000081b, + 0x00001fcb, 0x0000081d, + 0x00001fcc, 0x0000081f, + 0x00001fcd, 0x00000821, + 0x00001fce, 0x00000824, + 0x00001fcf, 0x00000827, + 0x00001fd0, 0x0000082a, + 0x00001fd1, 0x0000082c, + 0x00001fd2, 0x0000082e, + 0x00001fd3, 0x00000831, + 0x00001fd6, 0x00000834, + 0x00001fd7, 0x00000836, + 0x00001fd8, 0x00000839, + 0x00001fd9, 0x0000083b, + 0x00001fda, 0x0000083d, + 0x00001fdb, 0x0000083f, + 0x00001fdd, 0x00000841, + 0x00001fde, 0x00000844, + 0x00001fdf, 0x00000847, + 0x00001fe0, 0x0000084a, + 0x00001fe1, 0x0000084c, + 0x00001fe2, 0x0000084e, + 0x00001fe3, 0x00000851, + 0x00001fe4, 0x00000854, + 0x00001fe5, 0x00000856, + 0x00001fe6, 0x00000858, + 0x00001fe7, 0x0000085a, + 0x00001fe8, 0x0000085d, + 0x00001fe9, 0x0000085f, + 0x00001fea, 0x00000861, + 0x00001feb, 0x00000863, + 0x00001fec, 0x00000865, + 0x00001fed, 0x00000867, + 0x00001fee, 0x0000086a, + 0x00001fef, 0x0000086d, + 0x00001ff2, 0x0000086e, + 0x00001ff3, 0x00000871, + 0x00001ff4, 0x00000873, + 0x00001ff6, 0x00000876, + 0x00001ff7, 0x00000878, + 0x00001ff8, 0x0000087b, + 0x00001ff9, 0x0000087d, + 0x00001ffa, 0x0000087f, + 0x00001ffb, 0x00000881, + 0x00001ffc, 0x00000883, + 0x00001ffd, 0x00000885, + 0x00001ffe, 0x00000887, + 0x00002000, 0x00000889, + 0x00002001, 0x0000088a, + 0x00002002, 0x0000088b, + 0x00002003, 0x0000088c, + 0x00002004, 0x0000088d, + 0x00002005, 0x0000088e, + 0x00002006, 0x0000088f, + 0x00002007, 0x00000890, + 0x00002008, 0x00000891, + 0x00002009, 0x00000892, + 0x0000200a, 0x00000893, + 0x00002011, 0x00000894, + 0x00002017, 0x00000895, + 0x00002024, 0x00000897, + 0x00002025, 0x00000898, + 0x00002026, 0x0000089a, + 0x0000202f, 0x0000089d, + 0x00002033, 0x0000089e, + 0x00002034, 0x000008a0, + 0x00002036, 0x000008a3, + 0x00002037, 0x000008a5, + 0x0000203c, 0x000008a8, + 0x0000203e, 0x000008aa, + 0x00002047, 0x000008ac, + 0x00002048, 0x000008ae, + 0x00002049, 0x000008b0, + 0x00002057, 0x000008b2, + 0x0000205f, 0x000008b6, + 0x00002070, 0x000008b7, + 0x00002071, 0x000008b8, + 0x00002074, 0x000008b9, + 0x00002075, 0x000008ba, + 0x00002076, 0x000008bb, + 0x00002077, 0x000008bc, + 0x00002078, 0x000008bd, + 0x00002079, 0x000008be, + 0x0000207a, 0x000008bf, + 0x0000207b, 0x000008c0, + 0x0000207c, 0x000008c1, + 0x0000207d, 0x000008c2, + 0x0000207e, 0x000008c3, + 0x0000207f, 0x000008c4, + 0x00002080, 0x000008c5, + 0x00002081, 0x000008c6, + 0x00002082, 0x000008c7, + 0x00002083, 0x000008c8, + 0x00002084, 0x000008c9, + 0x00002085, 0x000008ca, + 0x00002086, 0x000008cb, + 0x00002087, 0x000008cc, + 0x00002088, 0x000008cd, + 0x00002089, 0x000008ce, + 0x0000208a, 0x000008cf, + 0x0000208b, 0x000008d0, + 0x0000208c, 0x000008d1, + 0x0000208d, 0x000008d2, + 0x0000208e, 0x000008d3, + 0x000020a8, 0x000008d4, + 0x00002100, 0x000008d6, + 0x00002101, 0x000008d9, + 0x00002102, 0x000008dc, + 0x00002103, 0x000008dd, + 0x00002105, 0x000008df, + 0x00002106, 0x000008e2, + 0x00002107, 0x000008e5, + 0x00002109, 0x000008e6, + 0x0000210a, 0x000008e8, + 0x0000210b, 0x000008e9, + 0x0000210c, 0x000008ea, + 0x0000210d, 0x000008eb, + 0x0000210e, 0x000008ec, + 0x0000210f, 0x000008ed, + 0x00002110, 0x000008ee, + 0x00002111, 0x000008ef, + 0x00002112, 0x000008f0, + 0x00002113, 0x000008f1, + 0x00002115, 0x000008f2, + 0x00002116, 0x000008f3, + 0x00002119, 0x000008f5, + 0x0000211a, 0x000008f6, + 0x0000211b, 0x000008f7, + 0x0000211c, 0x000008f8, + 0x0000211d, 0x000008f9, + 0x00002120, 0x000008fa, + 0x00002121, 0x000008fc, + 0x00002122, 0x000008ff, + 0x00002124, 0x00000901, + 0x00002126, 0x00000902, + 0x00002128, 0x00000903, + 0x0000212a, 0x00000904, + 0x0000212b, 0x00000905, + 0x0000212c, 0x00000907, + 0x0000212d, 0x00000908, + 0x0000212f, 0x00000909, + 0x00002130, 0x0000090a, + 0x00002131, 0x0000090b, + 0x00002133, 0x0000090c, + 0x00002134, 0x0000090d, + 0x00002135, 0x0000090e, + 0x00002136, 0x0000090f, + 0x00002137, 0x00000910, + 0x00002138, 0x00000911, + 0x00002139, 0x00000912, + 0x0000213d, 0x00000913, + 0x0000213e, 0x00000914, + 0x0000213f, 0x00000915, + 0x00002140, 0x00000916, + 0x00002145, 0x00000917, + 0x00002146, 0x00000918, + 0x00002147, 0x00000919, + 0x00002148, 0x0000091a, + 0x00002149, 0x0000091b, + 0x00002153, 0x0000091c, + 0x00002154, 0x0000091f, + 0x00002155, 0x00000922, + 0x00002156, 0x00000925, + 0x00002157, 0x00000928, + 0x00002158, 0x0000092b, + 0x00002159, 0x0000092e, + 0x0000215a, 0x00000931, + 0x0000215b, 0x00000934, + 0x0000215c, 0x00000937, + 0x0000215d, 0x0000093a, + 0x0000215e, 0x0000093d, + 0x0000215f, 0x00000940, + 0x00002160, 0x00000942, + 0x00002161, 0x00000943, + 0x00002162, 0x00000945, + 0x00002163, 0x00000948, + 0x00002164, 0x0000094a, + 0x00002165, 0x0000094b, + 0x00002166, 0x0000094d, + 0x00002167, 0x00000950, + 0x00002168, 0x00000954, + 0x00002169, 0x00000956, + 0x0000216a, 0x00000957, + 0x0000216b, 0x00000959, + 0x0000216c, 0x0000095c, + 0x0000216d, 0x0000095d, + 0x0000216e, 0x0000095e, + 0x0000216f, 0x0000095f, + 0x00002170, 0x00000960, + 0x00002171, 0x00000961, + 0x00002172, 0x00000963, + 0x00002173, 0x00000966, + 0x00002174, 0x00000968, + 0x00002175, 0x00000969, + 0x00002176, 0x0000096b, + 0x00002177, 0x0000096e, + 0x00002178, 0x00000972, + 0x00002179, 0x00000974, + 0x0000217a, 0x00000975, + 0x0000217b, 0x00000977, + 0x0000217c, 0x0000097a, + 0x0000217d, 0x0000097b, + 0x0000217e, 0x0000097c, + 0x0000217f, 0x0000097d, + 0x0000219a, 0x0000097e, + 0x0000219b, 0x00000980, + 0x000021ae, 0x00000982, + 0x000021cd, 0x00000984, + 0x000021ce, 0x00000986, + 0x000021cf, 0x00000988, + 0x00002204, 0x0000098a, + 0x00002209, 0x0000098c, + 0x0000220c, 0x0000098e, + 0x00002224, 0x00000990, + 0x00002226, 0x00000992, + 0x0000222c, 0x00000994, + 0x0000222d, 0x00000996, + 0x0000222f, 0x00000999, + 0x00002230, 0x0000099b, + 0x00002241, 0x0000099e, + 0x00002244, 0x000009a0, + 0x00002247, 0x000009a2, + 0x00002249, 0x000009a4, + 0x00002260, 0x000009a6, + 0x00002262, 0x000009a8, + 0x0000226d, 0x000009aa, + 0x0000226e, 0x000009ac, + 0x0000226f, 0x000009ae, + 0x00002270, 0x000009b0, + 0x00002271, 0x000009b2, + 0x00002274, 0x000009b4, + 0x00002275, 0x000009b6, + 0x00002278, 0x000009b8, + 0x00002279, 0x000009ba, + 0x00002280, 0x000009bc, + 0x00002281, 0x000009be, + 0x00002284, 0x000009c0, + 0x00002285, 0x000009c2, + 0x00002288, 0x000009c4, + 0x00002289, 0x000009c6, + 0x000022ac, 0x000009c8, + 0x000022ad, 0x000009ca, + 0x000022ae, 0x000009cc, + 0x000022af, 0x000009ce, + 0x000022e0, 0x000009d0, + 0x000022e1, 0x000009d2, + 0x000022e2, 0x000009d4, + 0x000022e3, 0x000009d6, + 0x000022ea, 0x000009d8, + 0x000022eb, 0x000009da, + 0x000022ec, 0x000009dc, + 0x000022ed, 0x000009de, + 0x00002329, 0x000009e0, + 0x0000232a, 0x000009e1, + 0x00002460, 0x000009e2, + 0x00002461, 0x000009e3, + 0x00002462, 0x000009e4, + 0x00002463, 0x000009e5, + 0x00002464, 0x000009e6, + 0x00002465, 0x000009e7, + 0x00002466, 0x000009e8, + 0x00002467, 0x000009e9, + 0x00002468, 0x000009ea, + 0x00002469, 0x000009eb, + 0x0000246a, 0x000009ed, + 0x0000246b, 0x000009ef, + 0x0000246c, 0x000009f1, + 0x0000246d, 0x000009f3, + 0x0000246e, 0x000009f5, + 0x0000246f, 0x000009f7, + 0x00002470, 0x000009f9, + 0x00002471, 0x000009fb, + 0x00002472, 0x000009fd, + 0x00002473, 0x000009ff, + 0x00002474, 0x00000a01, + 0x00002475, 0x00000a04, + 0x00002476, 0x00000a07, + 0x00002477, 0x00000a0a, + 0x00002478, 0x00000a0d, + 0x00002479, 0x00000a10, + 0x0000247a, 0x00000a13, + 0x0000247b, 0x00000a16, + 0x0000247c, 0x00000a19, + 0x0000247d, 0x00000a1c, + 0x0000247e, 0x00000a20, + 0x0000247f, 0x00000a24, + 0x00002480, 0x00000a28, + 0x00002481, 0x00000a2c, + 0x00002482, 0x00000a30, + 0x00002483, 0x00000a34, + 0x00002484, 0x00000a38, + 0x00002485, 0x00000a3c, + 0x00002486, 0x00000a40, + 0x00002487, 0x00000a44, + 0x00002488, 0x00000a48, + 0x00002489, 0x00000a4a, + 0x0000248a, 0x00000a4c, + 0x0000248b, 0x00000a4e, + 0x0000248c, 0x00000a50, + 0x0000248d, 0x00000a52, + 0x0000248e, 0x00000a54, + 0x0000248f, 0x00000a56, + 0x00002490, 0x00000a58, + 0x00002491, 0x00000a5a, + 0x00002492, 0x00000a5d, + 0x00002493, 0x00000a60, + 0x00002494, 0x00000a63, + 0x00002495, 0x00000a66, + 0x00002496, 0x00000a69, + 0x00002497, 0x00000a6c, + 0x00002498, 0x00000a6f, + 0x00002499, 0x00000a72, + 0x0000249a, 0x00000a75, + 0x0000249b, 0x00000a78, + 0x0000249c, 0x00000a7b, + 0x0000249d, 0x00000a7e, + 0x0000249e, 0x00000a81, + 0x0000249f, 0x00000a84, + 0x000024a0, 0x00000a87, + 0x000024a1, 0x00000a8a, + 0x000024a2, 0x00000a8d, + 0x000024a3, 0x00000a90, + 0x000024a4, 0x00000a93, + 0x000024a5, 0x00000a96, + 0x000024a6, 0x00000a99, + 0x000024a7, 0x00000a9c, + 0x000024a8, 0x00000a9f, + 0x000024a9, 0x00000aa2, + 0x000024aa, 0x00000aa5, + 0x000024ab, 0x00000aa8, + 0x000024ac, 0x00000aab, + 0x000024ad, 0x00000aae, + 0x000024ae, 0x00000ab1, + 0x000024af, 0x00000ab4, + 0x000024b0, 0x00000ab7, + 0x000024b1, 0x00000aba, + 0x000024b2, 0x00000abd, + 0x000024b3, 0x00000ac0, + 0x000024b4, 0x00000ac3, + 0x000024b5, 0x00000ac6, + 0x000024b6, 0x00000ac9, + 0x000024b7, 0x00000aca, + 0x000024b8, 0x00000acb, + 0x000024b9, 0x00000acc, + 0x000024ba, 0x00000acd, + 0x000024bb, 0x00000ace, + 0x000024bc, 0x00000acf, + 0x000024bd, 0x00000ad0, + 0x000024be, 0x00000ad1, + 0x000024bf, 0x00000ad2, + 0x000024c0, 0x00000ad3, + 0x000024c1, 0x00000ad4, + 0x000024c2, 0x00000ad5, + 0x000024c3, 0x00000ad6, + 0x000024c4, 0x00000ad7, + 0x000024c5, 0x00000ad8, + 0x000024c6, 0x00000ad9, + 0x000024c7, 0x00000ada, + 0x000024c8, 0x00000adb, + 0x000024c9, 0x00000adc, + 0x000024ca, 0x00000add, + 0x000024cb, 0x00000ade, + 0x000024cc, 0x00000adf, + 0x000024cd, 0x00000ae0, + 0x000024ce, 0x00000ae1, + 0x000024cf, 0x00000ae2, + 0x000024d0, 0x00000ae3, + 0x000024d1, 0x00000ae4, + 0x000024d2, 0x00000ae5, + 0x000024d3, 0x00000ae6, + 0x000024d4, 0x00000ae7, + 0x000024d5, 0x00000ae8, + 0x000024d6, 0x00000ae9, + 0x000024d7, 0x00000aea, + 0x000024d8, 0x00000aeb, + 0x000024d9, 0x00000aec, + 0x000024da, 0x00000aed, + 0x000024db, 0x00000aee, + 0x000024dc, 0x00000aef, + 0x000024dd, 0x00000af0, + 0x000024de, 0x00000af1, + 0x000024df, 0x00000af2, + 0x000024e0, 0x00000af3, + 0x000024e1, 0x00000af4, + 0x000024e2, 0x00000af5, + 0x000024e3, 0x00000af6, + 0x000024e4, 0x00000af7, + 0x000024e5, 0x00000af8, + 0x000024e6, 0x00000af9, + 0x000024e7, 0x00000afa, + 0x000024e8, 0x00000afb, + 0x000024e9, 0x00000afc, + 0x000024ea, 0x00000afd, + 0x00002a0c, 0x00000afe, + 0x00002a74, 0x00000b02, + 0x00002a75, 0x00000b05, + 0x00002a76, 0x00000b07, + 0x00002adc, 0x00000b0a, + 0x00002e9f, 0x00000b0c, + 0x00002ef3, 0x00000b0d, + 0x00002f00, 0x00000b0e, + 0x00002f01, 0x00000b0f, + 0x00002f02, 0x00000b10, + 0x00002f03, 0x00000b11, + 0x00002f04, 0x00000b12, + 0x00002f05, 0x00000b13, + 0x00002f06, 0x00000b14, + 0x00002f07, 0x00000b15, + 0x00002f08, 0x00000b16, + 0x00002f09, 0x00000b17, + 0x00002f0a, 0x00000b18, + 0x00002f0b, 0x00000b19, + 0x00002f0c, 0x00000b1a, + 0x00002f0d, 0x00000b1b, + 0x00002f0e, 0x00000b1c, + 0x00002f0f, 0x00000b1d, + 0x00002f10, 0x00000b1e, + 0x00002f11, 0x00000b1f, + 0x00002f12, 0x00000b20, + 0x00002f13, 0x00000b21, + 0x00002f14, 0x00000b22, + 0x00002f15, 0x00000b23, + 0x00002f16, 0x00000b24, + 0x00002f17, 0x00000b25, + 0x00002f18, 0x00000b26, + 0x00002f19, 0x00000b27, + 0x00002f1a, 0x00000b28, + 0x00002f1b, 0x00000b29, + 0x00002f1c, 0x00000b2a, + 0x00002f1d, 0x00000b2b, + 0x00002f1e, 0x00000b2c, + 0x00002f1f, 0x00000b2d, + 0x00002f20, 0x00000b2e, + 0x00002f21, 0x00000b2f, + 0x00002f22, 0x00000b30, + 0x00002f23, 0x00000b31, + 0x00002f24, 0x00000b32, + 0x00002f25, 0x00000b33, + 0x00002f26, 0x00000b34, + 0x00002f27, 0x00000b35, + 0x00002f28, 0x00000b36, + 0x00002f29, 0x00000b37, + 0x00002f2a, 0x00000b38, + 0x00002f2b, 0x00000b39, + 0x00002f2c, 0x00000b3a, + 0x00002f2d, 0x00000b3b, + 0x00002f2e, 0x00000b3c, + 0x00002f2f, 0x00000b3d, + 0x00002f30, 0x00000b3e, + 0x00002f31, 0x00000b3f, + 0x00002f32, 0x00000b40, + 0x00002f33, 0x00000b41, + 0x00002f34, 0x00000b42, + 0x00002f35, 0x00000b43, + 0x00002f36, 0x00000b44, + 0x00002f37, 0x00000b45, + 0x00002f38, 0x00000b46, + 0x00002f39, 0x00000b47, + 0x00002f3a, 0x00000b48, + 0x00002f3b, 0x00000b49, + 0x00002f3c, 0x00000b4a, + 0x00002f3d, 0x00000b4b, + 0x00002f3e, 0x00000b4c, + 0x00002f3f, 0x00000b4d, + 0x00002f40, 0x00000b4e, + 0x00002f41, 0x00000b4f, + 0x00002f42, 0x00000b50, + 0x00002f43, 0x00000b51, + 0x00002f44, 0x00000b52, + 0x00002f45, 0x00000b53, + 0x00002f46, 0x00000b54, + 0x00002f47, 0x00000b55, + 0x00002f48, 0x00000b56, + 0x00002f49, 0x00000b57, + 0x00002f4a, 0x00000b58, + 0x00002f4b, 0x00000b59, + 0x00002f4c, 0x00000b5a, + 0x00002f4d, 0x00000b5b, + 0x00002f4e, 0x00000b5c, + 0x00002f4f, 0x00000b5d, + 0x00002f50, 0x00000b5e, + 0x00002f51, 0x00000b5f, + 0x00002f52, 0x00000b60, + 0x00002f53, 0x00000b61, + 0x00002f54, 0x00000b62, + 0x00002f55, 0x00000b63, + 0x00002f56, 0x00000b64, + 0x00002f57, 0x00000b65, + 0x00002f58, 0x00000b66, + 0x00002f59, 0x00000b67, + 0x00002f5a, 0x00000b68, + 0x00002f5b, 0x00000b69, + 0x00002f5c, 0x00000b6a, + 0x00002f5d, 0x00000b6b, + 0x00002f5e, 0x00000b6c, + 0x00002f5f, 0x00000b6d, + 0x00002f60, 0x00000b6e, + 0x00002f61, 0x00000b6f, + 0x00002f62, 0x00000b70, + 0x00002f63, 0x00000b71, + 0x00002f64, 0x00000b72, + 0x00002f65, 0x00000b73, + 0x00002f66, 0x00000b74, + 0x00002f67, 0x00000b75, + 0x00002f68, 0x00000b76, + 0x00002f69, 0x00000b77, + 0x00002f6a, 0x00000b78, + 0x00002f6b, 0x00000b79, + 0x00002f6c, 0x00000b7a, + 0x00002f6d, 0x00000b7b, + 0x00002f6e, 0x00000b7c, + 0x00002f6f, 0x00000b7d, + 0x00002f70, 0x00000b7e, + 0x00002f71, 0x00000b7f, + 0x00002f72, 0x00000b80, + 0x00002f73, 0x00000b81, + 0x00002f74, 0x00000b82, + 0x00002f75, 0x00000b83, + 0x00002f76, 0x00000b84, + 0x00002f77, 0x00000b85, + 0x00002f78, 0x00000b86, + 0x00002f79, 0x00000b87, + 0x00002f7a, 0x00000b88, + 0x00002f7b, 0x00000b89, + 0x00002f7c, 0x00000b8a, + 0x00002f7d, 0x00000b8b, + 0x00002f7e, 0x00000b8c, + 0x00002f7f, 0x00000b8d, + 0x00002f80, 0x00000b8e, + 0x00002f81, 0x00000b8f, + 0x00002f82, 0x00000b90, + 0x00002f83, 0x00000b91, + 0x00002f84, 0x00000b92, + 0x00002f85, 0x00000b93, + 0x00002f86, 0x00000b94, + 0x00002f87, 0x00000b95, + 0x00002f88, 0x00000b96, + 0x00002f89, 0x00000b97, + 0x00002f8a, 0x00000b98, + 0x00002f8b, 0x00000b99, + 0x00002f8c, 0x00000b9a, + 0x00002f8d, 0x00000b9b, + 0x00002f8e, 0x00000b9c, + 0x00002f8f, 0x00000b9d, + 0x00002f90, 0x00000b9e, + 0x00002f91, 0x00000b9f, + 0x00002f92, 0x00000ba0, + 0x00002f93, 0x00000ba1, + 0x00002f94, 0x00000ba2, + 0x00002f95, 0x00000ba3, + 0x00002f96, 0x00000ba4, + 0x00002f97, 0x00000ba5, + 0x00002f98, 0x00000ba6, + 0x00002f99, 0x00000ba7, + 0x00002f9a, 0x00000ba8, + 0x00002f9b, 0x00000ba9, + 0x00002f9c, 0x00000baa, + 0x00002f9d, 0x00000bab, + 0x00002f9e, 0x00000bac, + 0x00002f9f, 0x00000bad, + 0x00002fa0, 0x00000bae, + 0x00002fa1, 0x00000baf, + 0x00002fa2, 0x00000bb0, + 0x00002fa3, 0x00000bb1, + 0x00002fa4, 0x00000bb2, + 0x00002fa5, 0x00000bb3, + 0x00002fa6, 0x00000bb4, + 0x00002fa7, 0x00000bb5, + 0x00002fa8, 0x00000bb6, + 0x00002fa9, 0x00000bb7, + 0x00002faa, 0x00000bb8, + 0x00002fab, 0x00000bb9, + 0x00002fac, 0x00000bba, + 0x00002fad, 0x00000bbb, + 0x00002fae, 0x00000bbc, + 0x00002faf, 0x00000bbd, + 0x00002fb0, 0x00000bbe, + 0x00002fb1, 0x00000bbf, + 0x00002fb2, 0x00000bc0, + 0x00002fb3, 0x00000bc1, + 0x00002fb4, 0x00000bc2, + 0x00002fb5, 0x00000bc3, + 0x00002fb6, 0x00000bc4, + 0x00002fb7, 0x00000bc5, + 0x00002fb8, 0x00000bc6, + 0x00002fb9, 0x00000bc7, + 0x00002fba, 0x00000bc8, + 0x00002fbb, 0x00000bc9, + 0x00002fbc, 0x00000bca, + 0x00002fbd, 0x00000bcb, + 0x00002fbe, 0x00000bcc, + 0x00002fbf, 0x00000bcd, + 0x00002fc0, 0x00000bce, + 0x00002fc1, 0x00000bcf, + 0x00002fc2, 0x00000bd0, + 0x00002fc3, 0x00000bd1, + 0x00002fc4, 0x00000bd2, + 0x00002fc5, 0x00000bd3, + 0x00002fc6, 0x00000bd4, + 0x00002fc7, 0x00000bd5, + 0x00002fc8, 0x00000bd6, + 0x00002fc9, 0x00000bd7, + 0x00002fca, 0x00000bd8, + 0x00002fcb, 0x00000bd9, + 0x00002fcc, 0x00000bda, + 0x00002fcd, 0x00000bdb, + 0x00002fce, 0x00000bdc, + 0x00002fcf, 0x00000bdd, + 0x00002fd0, 0x00000bde, + 0x00002fd1, 0x00000bdf, + 0x00002fd2, 0x00000be0, + 0x00002fd3, 0x00000be1, + 0x00002fd4, 0x00000be2, + 0x00002fd5, 0x00000be3, + 0x00003000, 0x00000be4, + 0x00003036, 0x00000be5, + 0x00003038, 0x00000be6, + 0x00003039, 0x00000be7, + 0x0000303a, 0x00000be8, + 0x0000304c, 0x00000be9, + 0x0000304e, 0x00000beb, + 0x00003050, 0x00000bed, + 0x00003052, 0x00000bef, + 0x00003054, 0x00000bf1, + 0x00003056, 0x00000bf3, + 0x00003058, 0x00000bf5, + 0x0000305a, 0x00000bf7, + 0x0000305c, 0x00000bf9, + 0x0000305e, 0x00000bfb, + 0x00003060, 0x00000bfd, + 0x00003062, 0x00000bff, + 0x00003065, 0x00000c01, + 0x00003067, 0x00000c03, + 0x00003069, 0x00000c05, + 0x00003070, 0x00000c07, + 0x00003071, 0x00000c09, + 0x00003073, 0x00000c0b, + 0x00003074, 0x00000c0d, + 0x00003076, 0x00000c0f, + 0x00003077, 0x00000c11, + 0x00003079, 0x00000c13, + 0x0000307a, 0x00000c15, + 0x0000307c, 0x00000c17, + 0x0000307d, 0x00000c19, + 0x00003094, 0x00000c1b, + 0x0000309b, 0x00000c1d, + 0x0000309c, 0x00000c1f, + 0x0000309e, 0x00000c21, + 0x0000309f, 0x00000c23, + 0x000030ac, 0x00000c25, + 0x000030ae, 0x00000c27, + 0x000030b0, 0x00000c29, + 0x000030b2, 0x00000c2b, + 0x000030b4, 0x00000c2d, + 0x000030b6, 0x00000c2f, + 0x000030b8, 0x00000c31, + 0x000030ba, 0x00000c33, + 0x000030bc, 0x00000c35, + 0x000030be, 0x00000c37, + 0x000030c0, 0x00000c39, + 0x000030c2, 0x00000c3b, + 0x000030c5, 0x00000c3d, + 0x000030c7, 0x00000c3f, + 0x000030c9, 0x00000c41, + 0x000030d0, 0x00000c43, + 0x000030d1, 0x00000c45, + 0x000030d3, 0x00000c47, + 0x000030d4, 0x00000c49, + 0x000030d6, 0x00000c4b, + 0x000030d7, 0x00000c4d, + 0x000030d9, 0x00000c4f, + 0x000030da, 0x00000c51, + 0x000030dc, 0x00000c53, + 0x000030dd, 0x00000c55, + 0x000030f4, 0x00000c57, + 0x000030f7, 0x00000c59, + 0x000030f8, 0x00000c5b, + 0x000030f9, 0x00000c5d, + 0x000030fa, 0x00000c5f, + 0x000030fe, 0x00000c61, + 0x000030ff, 0x00000c63, + 0x00003131, 0x00000c65, + 0x00003132, 0x00000c66, + 0x00003133, 0x00000c67, + 0x00003134, 0x00000c68, + 0x00003135, 0x00000c69, + 0x00003136, 0x00000c6a, + 0x00003137, 0x00000c6b, + 0x00003138, 0x00000c6c, + 0x00003139, 0x00000c6d, + 0x0000313a, 0x00000c6e, + 0x0000313b, 0x00000c6f, + 0x0000313c, 0x00000c70, + 0x0000313d, 0x00000c71, + 0x0000313e, 0x00000c72, + 0x0000313f, 0x00000c73, + 0x00003140, 0x00000c74, + 0x00003141, 0x00000c75, + 0x00003142, 0x00000c76, + 0x00003143, 0x00000c77, + 0x00003144, 0x00000c78, + 0x00003145, 0x00000c79, + 0x00003146, 0x00000c7a, + 0x00003147, 0x00000c7b, + 0x00003148, 0x00000c7c, + 0x00003149, 0x00000c7d, + 0x0000314a, 0x00000c7e, + 0x0000314b, 0x00000c7f, + 0x0000314c, 0x00000c80, + 0x0000314d, 0x00000c81, + 0x0000314e, 0x00000c82, + 0x0000314f, 0x00000c83, + 0x00003150, 0x00000c84, + 0x00003151, 0x00000c85, + 0x00003152, 0x00000c86, + 0x00003153, 0x00000c87, + 0x00003154, 0x00000c88, + 0x00003155, 0x00000c89, + 0x00003156, 0x00000c8a, + 0x00003157, 0x00000c8b, + 0x00003158, 0x00000c8c, + 0x00003159, 0x00000c8d, + 0x0000315a, 0x00000c8e, + 0x0000315b, 0x00000c8f, + 0x0000315c, 0x00000c90, + 0x0000315d, 0x00000c91, + 0x0000315e, 0x00000c92, + 0x0000315f, 0x00000c93, + 0x00003160, 0x00000c94, + 0x00003161, 0x00000c95, + 0x00003162, 0x00000c96, + 0x00003163, 0x00000c97, + 0x00003164, 0x00000c98, + 0x00003165, 0x00000c99, + 0x00003166, 0x00000c9a, + 0x00003167, 0x00000c9b, + 0x00003168, 0x00000c9c, + 0x00003169, 0x00000c9d, + 0x0000316a, 0x00000c9e, + 0x0000316b, 0x00000c9f, + 0x0000316c, 0x00000ca0, + 0x0000316d, 0x00000ca1, + 0x0000316e, 0x00000ca2, + 0x0000316f, 0x00000ca3, + 0x00003170, 0x00000ca4, + 0x00003171, 0x00000ca5, + 0x00003172, 0x00000ca6, + 0x00003173, 0x00000ca7, + 0x00003174, 0x00000ca8, + 0x00003175, 0x00000ca9, + 0x00003176, 0x00000caa, + 0x00003177, 0x00000cab, + 0x00003178, 0x00000cac, + 0x00003179, 0x00000cad, + 0x0000317a, 0x00000cae, + 0x0000317b, 0x00000caf, + 0x0000317c, 0x00000cb0, + 0x0000317d, 0x00000cb1, + 0x0000317e, 0x00000cb2, + 0x0000317f, 0x00000cb3, + 0x00003180, 0x00000cb4, + 0x00003181, 0x00000cb5, + 0x00003182, 0x00000cb6, + 0x00003183, 0x00000cb7, + 0x00003184, 0x00000cb8, + 0x00003185, 0x00000cb9, + 0x00003186, 0x00000cba, + 0x00003187, 0x00000cbb, + 0x00003188, 0x00000cbc, + 0x00003189, 0x00000cbd, + 0x0000318a, 0x00000cbe, + 0x0000318b, 0x00000cbf, + 0x0000318c, 0x00000cc0, + 0x0000318d, 0x00000cc1, + 0x0000318e, 0x00000cc2, + 0x00003192, 0x00000cc3, + 0x00003193, 0x00000cc4, + 0x00003194, 0x00000cc5, + 0x00003195, 0x00000cc6, + 0x00003196, 0x00000cc7, + 0x00003197, 0x00000cc8, + 0x00003198, 0x00000cc9, + 0x00003199, 0x00000cca, + 0x0000319a, 0x00000ccb, + 0x0000319b, 0x00000ccc, + 0x0000319c, 0x00000ccd, + 0x0000319d, 0x00000cce, + 0x0000319e, 0x00000ccf, + 0x0000319f, 0x00000cd0, + 0x00003200, 0x00000cd1, + 0x00003201, 0x00000cd4, + 0x00003202, 0x00000cd7, + 0x00003203, 0x00000cda, + 0x00003204, 0x00000cdd, + 0x00003205, 0x00000ce0, + 0x00003206, 0x00000ce3, + 0x00003207, 0x00000ce6, + 0x00003208, 0x00000ce9, + 0x00003209, 0x00000cec, + 0x0000320a, 0x00000cef, + 0x0000320b, 0x00000cf2, + 0x0000320c, 0x00000cf5, + 0x0000320d, 0x00000cf8, + 0x0000320e, 0x00000cfb, + 0x0000320f, 0x00000cff, + 0x00003210, 0x00000d03, + 0x00003211, 0x00000d07, + 0x00003212, 0x00000d0b, + 0x00003213, 0x00000d0f, + 0x00003214, 0x00000d13, + 0x00003215, 0x00000d17, + 0x00003216, 0x00000d1b, + 0x00003217, 0x00000d1f, + 0x00003218, 0x00000d23, + 0x00003219, 0x00000d27, + 0x0000321a, 0x00000d2b, + 0x0000321b, 0x00000d2f, + 0x0000321c, 0x00000d33, + 0x00003220, 0x00000d37, + 0x00003221, 0x00000d3a, + 0x00003222, 0x00000d3d, + 0x00003223, 0x00000d40, + 0x00003224, 0x00000d43, + 0x00003225, 0x00000d46, + 0x00003226, 0x00000d49, + 0x00003227, 0x00000d4c, + 0x00003228, 0x00000d4f, + 0x00003229, 0x00000d52, + 0x0000322a, 0x00000d55, + 0x0000322b, 0x00000d58, + 0x0000322c, 0x00000d5b, + 0x0000322d, 0x00000d5e, + 0x0000322e, 0x00000d61, + 0x0000322f, 0x00000d64, + 0x00003230, 0x00000d67, + 0x00003231, 0x00000d6a, + 0x00003232, 0x00000d6d, + 0x00003233, 0x00000d70, + 0x00003234, 0x00000d73, + 0x00003235, 0x00000d76, + 0x00003236, 0x00000d79, + 0x00003237, 0x00000d7c, + 0x00003238, 0x00000d7f, + 0x00003239, 0x00000d82, + 0x0000323a, 0x00000d85, + 0x0000323b, 0x00000d88, + 0x0000323c, 0x00000d8b, + 0x0000323d, 0x00000d8e, + 0x0000323e, 0x00000d91, + 0x0000323f, 0x00000d94, + 0x00003240, 0x00000d97, + 0x00003241, 0x00000d9a, + 0x00003242, 0x00000d9d, + 0x00003243, 0x00000da0, + 0x00003251, 0x00000da3, + 0x00003252, 0x00000da5, + 0x00003253, 0x00000da7, + 0x00003254, 0x00000da9, + 0x00003255, 0x00000dab, + 0x00003256, 0x00000dad, + 0x00003257, 0x00000daf, + 0x00003258, 0x00000db1, + 0x00003259, 0x00000db3, + 0x0000325a, 0x00000db5, + 0x0000325b, 0x00000db7, + 0x0000325c, 0x00000db9, + 0x0000325d, 0x00000dbb, + 0x0000325e, 0x00000dbd, + 0x0000325f, 0x00000dbf, + 0x00003260, 0x00000dc1, + 0x00003261, 0x00000dc2, + 0x00003262, 0x00000dc3, + 0x00003263, 0x00000dc4, + 0x00003264, 0x00000dc5, + 0x00003265, 0x00000dc6, + 0x00003266, 0x00000dc7, + 0x00003267, 0x00000dc8, + 0x00003268, 0x00000dc9, + 0x00003269, 0x00000dca, + 0x0000326a, 0x00000dcb, + 0x0000326b, 0x00000dcc, + 0x0000326c, 0x00000dcd, + 0x0000326d, 0x00000dce, + 0x0000326e, 0x00000dcf, + 0x0000326f, 0x00000dd1, + 0x00003270, 0x00000dd3, + 0x00003271, 0x00000dd5, + 0x00003272, 0x00000dd7, + 0x00003273, 0x00000dd9, + 0x00003274, 0x00000ddb, + 0x00003275, 0x00000ddd, + 0x00003276, 0x00000ddf, + 0x00003277, 0x00000de1, + 0x00003278, 0x00000de3, + 0x00003279, 0x00000de5, + 0x0000327a, 0x00000de7, + 0x0000327b, 0x00000de9, + 0x00003280, 0x00000deb, + 0x00003281, 0x00000dec, + 0x00003282, 0x00000ded, + 0x00003283, 0x00000dee, + 0x00003284, 0x00000def, + 0x00003285, 0x00000df0, + 0x00003286, 0x00000df1, + 0x00003287, 0x00000df2, + 0x00003288, 0x00000df3, + 0x00003289, 0x00000df4, + 0x0000328a, 0x00000df5, + 0x0000328b, 0x00000df6, + 0x0000328c, 0x00000df7, + 0x0000328d, 0x00000df8, + 0x0000328e, 0x00000df9, + 0x0000328f, 0x00000dfa, + 0x00003290, 0x00000dfb, + 0x00003291, 0x00000dfc, + 0x00003292, 0x00000dfd, + 0x00003293, 0x00000dfe, + 0x00003294, 0x00000dff, + 0x00003295, 0x00000e00, + 0x00003296, 0x00000e01, + 0x00003297, 0x00000e02, + 0x00003298, 0x00000e03, + 0x00003299, 0x00000e04, + 0x0000329a, 0x00000e05, + 0x0000329b, 0x00000e06, + 0x0000329c, 0x00000e07, + 0x0000329d, 0x00000e08, + 0x0000329e, 0x00000e09, + 0x0000329f, 0x00000e0a, + 0x000032a0, 0x00000e0b, + 0x000032a1, 0x00000e0c, + 0x000032a2, 0x00000e0d, + 0x000032a3, 0x00000e0e, + 0x000032a4, 0x00000e0f, + 0x000032a5, 0x00000e10, + 0x000032a6, 0x00000e11, + 0x000032a7, 0x00000e12, + 0x000032a8, 0x00000e13, + 0x000032a9, 0x00000e14, + 0x000032aa, 0x00000e15, + 0x000032ab, 0x00000e16, + 0x000032ac, 0x00000e17, + 0x000032ad, 0x00000e18, + 0x000032ae, 0x00000e19, + 0x000032af, 0x00000e1a, + 0x000032b0, 0x00000e1b, + 0x000032b1, 0x00000e1c, + 0x000032b2, 0x00000e1e, + 0x000032b3, 0x00000e20, + 0x000032b4, 0x00000e22, + 0x000032b5, 0x00000e24, + 0x000032b6, 0x00000e26, + 0x000032b7, 0x00000e28, + 0x000032b8, 0x00000e2a, + 0x000032b9, 0x00000e2c, + 0x000032ba, 0x00000e2e, + 0x000032bb, 0x00000e30, + 0x000032bc, 0x00000e32, + 0x000032bd, 0x00000e34, + 0x000032be, 0x00000e36, + 0x000032bf, 0x00000e38, + 0x000032c0, 0x00000e3a, + 0x000032c1, 0x00000e3c, + 0x000032c2, 0x00000e3e, + 0x000032c3, 0x00000e40, + 0x000032c4, 0x00000e42, + 0x000032c5, 0x00000e44, + 0x000032c6, 0x00000e46, + 0x000032c7, 0x00000e48, + 0x000032c8, 0x00000e4a, + 0x000032c9, 0x00000e4c, + 0x000032ca, 0x00000e4f, + 0x000032cb, 0x00000e52, + 0x000032d0, 0x00000e55, + 0x000032d1, 0x00000e56, + 0x000032d2, 0x00000e57, + 0x000032d3, 0x00000e58, + 0x000032d4, 0x00000e59, + 0x000032d5, 0x00000e5a, + 0x000032d6, 0x00000e5b, + 0x000032d7, 0x00000e5c, + 0x000032d8, 0x00000e5d, + 0x000032d9, 0x00000e5e, + 0x000032da, 0x00000e5f, + 0x000032db, 0x00000e60, + 0x000032dc, 0x00000e61, + 0x000032dd, 0x00000e62, + 0x000032de, 0x00000e63, + 0x000032df, 0x00000e64, + 0x000032e0, 0x00000e65, + 0x000032e1, 0x00000e66, + 0x000032e2, 0x00000e67, + 0x000032e3, 0x00000e68, + 0x000032e4, 0x00000e69, + 0x000032e5, 0x00000e6a, + 0x000032e6, 0x00000e6b, + 0x000032e7, 0x00000e6c, + 0x000032e8, 0x00000e6d, + 0x000032e9, 0x00000e6e, + 0x000032ea, 0x00000e6f, + 0x000032eb, 0x00000e70, + 0x000032ec, 0x00000e71, + 0x000032ed, 0x00000e72, + 0x000032ee, 0x00000e73, + 0x000032ef, 0x00000e74, + 0x000032f0, 0x00000e75, + 0x000032f1, 0x00000e76, + 0x000032f2, 0x00000e77, + 0x000032f3, 0x00000e78, + 0x000032f4, 0x00000e79, + 0x000032f5, 0x00000e7a, + 0x000032f6, 0x00000e7b, + 0x000032f7, 0x00000e7c, + 0x000032f8, 0x00000e7d, + 0x000032f9, 0x00000e7e, + 0x000032fa, 0x00000e7f, + 0x000032fb, 0x00000e80, + 0x000032fc, 0x00000e81, + 0x000032fd, 0x00000e82, + 0x000032fe, 0x00000e83, + 0x00003300, 0x00000e84, + 0x00003301, 0x00000e89, + 0x00003302, 0x00000e8d, + 0x00003303, 0x00000e92, + 0x00003304, 0x00000e95, + 0x00003305, 0x00000e9a, + 0x00003306, 0x00000e9d, + 0x00003307, 0x00000ea0, + 0x00003308, 0x00000ea6, + 0x00003309, 0x00000eaa, + 0x0000330a, 0x00000ead, + 0x0000330b, 0x00000eb0, + 0x0000330c, 0x00000eb3, + 0x0000330d, 0x00000eb7, + 0x0000330e, 0x00000ebb, + 0x0000330f, 0x00000ebf, + 0x00003310, 0x00000ec3, + 0x00003311, 0x00000ec7, + 0x00003312, 0x00000ecb, + 0x00003313, 0x00000ecf, + 0x00003314, 0x00000ed5, + 0x00003315, 0x00000ed7, + 0x00003316, 0x00000edd, + 0x00003317, 0x00000ee3, + 0x00003318, 0x00000ee8, + 0x00003319, 0x00000eec, + 0x0000331a, 0x00000ef2, + 0x0000331b, 0x00000ef8, + 0x0000331c, 0x00000efc, + 0x0000331d, 0x00000eff, + 0x0000331e, 0x00000f02, + 0x0000331f, 0x00000f06, + 0x00003320, 0x00000f0a, + 0x00003321, 0x00000f0f, + 0x00003322, 0x00000f14, + 0x00003323, 0x00000f17, + 0x00003324, 0x00000f1a, + 0x00003325, 0x00000f1e, + 0x00003326, 0x00000f21, + 0x00003327, 0x00000f24, + 0x00003328, 0x00000f26, + 0x00003329, 0x00000f28, + 0x0000332a, 0x00000f2b, + 0x0000332b, 0x00000f2e, + 0x0000332c, 0x00000f34, + 0x0000332d, 0x00000f38, + 0x0000332e, 0x00000f3d, + 0x0000332f, 0x00000f43, + 0x00003330, 0x00000f47, + 0x00003331, 0x00000f4a, + 0x00003332, 0x00000f4d, + 0x00003333, 0x00000f53, + 0x00003334, 0x00000f57, + 0x00003335, 0x00000f5d, + 0x00003336, 0x00000f60, + 0x00003337, 0x00000f65, + 0x00003338, 0x00000f68, + 0x00003339, 0x00000f6c, + 0x0000333a, 0x00000f6f, + 0x0000333b, 0x00000f73, + 0x0000333c, 0x00000f78, + 0x0000333d, 0x00000f7c, + 0x0000333e, 0x00000f81, + 0x0000333f, 0x00000f85, + 0x00003340, 0x00000f87, + 0x00003341, 0x00000f8c, + 0x00003342, 0x00000f8f, + 0x00003343, 0x00000f92, + 0x00003344, 0x00000f96, + 0x00003345, 0x00000f99, + 0x00003346, 0x00000f9c, + 0x00003347, 0x00000f9f, + 0x00003348, 0x00000fa4, + 0x00003349, 0x00000fa8, + 0x0000334a, 0x00000faa, + 0x0000334b, 0x00000fb0, + 0x0000334c, 0x00000fb3, + 0x0000334d, 0x00000fb8, + 0x0000334e, 0x00000fbc, + 0x0000334f, 0x00000fc0, + 0x00003350, 0x00000fc3, + 0x00003351, 0x00000fc6, + 0x00003352, 0x00000fca, + 0x00003353, 0x00000fcc, + 0x00003354, 0x00000fd0, + 0x00003355, 0x00000fd5, + 0x00003356, 0x00000fd7, + 0x00003357, 0x00000fdd, + 0x00003358, 0x00000fe0, + 0x00003359, 0x00000fe2, + 0x0000335a, 0x00000fe4, + 0x0000335b, 0x00000fe6, + 0x0000335c, 0x00000fe8, + 0x0000335d, 0x00000fea, + 0x0000335e, 0x00000fec, + 0x0000335f, 0x00000fee, + 0x00003360, 0x00000ff0, + 0x00003361, 0x00000ff2, + 0x00003362, 0x00000ff4, + 0x00003363, 0x00000ff7, + 0x00003364, 0x00000ffa, + 0x00003365, 0x00000ffd, + 0x00003366, 0x00001000, + 0x00003367, 0x00001003, + 0x00003368, 0x00001006, + 0x00003369, 0x00001009, + 0x0000336a, 0x0000100c, + 0x0000336b, 0x0000100f, + 0x0000336c, 0x00001012, + 0x0000336d, 0x00001015, + 0x0000336e, 0x00001018, + 0x0000336f, 0x0000101b, + 0x00003370, 0x0000101e, + 0x00003371, 0x00001021, + 0x00003372, 0x00001024, + 0x00003373, 0x00001026, + 0x00003374, 0x00001028, + 0x00003375, 0x0000102b, + 0x00003376, 0x0000102d, + 0x0000337b, 0x0000102f, + 0x0000337c, 0x00001031, + 0x0000337d, 0x00001033, + 0x0000337e, 0x00001035, + 0x0000337f, 0x00001037, + 0x00003380, 0x0000103b, + 0x00003381, 0x0000103d, + 0x00003382, 0x0000103f, + 0x00003383, 0x00001041, + 0x00003384, 0x00001043, + 0x00003385, 0x00001045, + 0x00003386, 0x00001047, + 0x00003387, 0x00001049, + 0x00003388, 0x0000104b, + 0x00003389, 0x0000104e, + 0x0000338a, 0x00001052, + 0x0000338b, 0x00001054, + 0x0000338c, 0x00001056, + 0x0000338d, 0x00001058, + 0x0000338e, 0x0000105a, + 0x0000338f, 0x0000105c, + 0x00003390, 0x0000105e, + 0x00003391, 0x00001060, + 0x00003392, 0x00001063, + 0x00003393, 0x00001066, + 0x00003394, 0x00001069, + 0x00003395, 0x0000106c, + 0x00003396, 0x0000106e, + 0x00003397, 0x00001070, + 0x00003398, 0x00001072, + 0x00003399, 0x00001074, + 0x0000339a, 0x00001076, + 0x0000339b, 0x00001078, + 0x0000339c, 0x0000107a, + 0x0000339d, 0x0000107c, + 0x0000339e, 0x0000107e, + 0x0000339f, 0x00001080, + 0x000033a0, 0x00001083, + 0x000033a1, 0x00001086, + 0x000033a2, 0x00001088, + 0x000033a3, 0x0000108b, + 0x000033a4, 0x0000108e, + 0x000033a5, 0x00001091, + 0x000033a6, 0x00001093, + 0x000033a7, 0x00001096, + 0x000033a8, 0x00001099, + 0x000033a9, 0x0000109d, + 0x000033aa, 0x0000109f, + 0x000033ab, 0x000010a2, + 0x000033ac, 0x000010a5, + 0x000033ad, 0x000010a8, + 0x000033ae, 0x000010ab, + 0x000033af, 0x000010b0, + 0x000033b0, 0x000010b6, + 0x000033b1, 0x000010b8, + 0x000033b2, 0x000010ba, + 0x000033b3, 0x000010bc, + 0x000033b4, 0x000010be, + 0x000033b5, 0x000010c0, + 0x000033b6, 0x000010c2, + 0x000033b7, 0x000010c4, + 0x000033b8, 0x000010c6, + 0x000033b9, 0x000010c8, + 0x000033ba, 0x000010ca, + 0x000033bb, 0x000010cc, + 0x000033bc, 0x000010ce, + 0x000033bd, 0x000010d0, + 0x000033be, 0x000010d2, + 0x000033bf, 0x000010d4, + 0x000033c0, 0x000010d6, + 0x000033c1, 0x000010d8, + 0x000033c2, 0x000010da, + 0x000033c3, 0x000010de, + 0x000033c4, 0x000010e0, + 0x000033c5, 0x000010e2, + 0x000033c6, 0x000010e4, + 0x000033c7, 0x000010e8, + 0x000033c8, 0x000010eb, + 0x000033c9, 0x000010ed, + 0x000033ca, 0x000010ef, + 0x000033cb, 0x000010f1, + 0x000033cc, 0x000010f3, + 0x000033cd, 0x000010f5, + 0x000033ce, 0x000010f7, + 0x000033cf, 0x000010f9, + 0x000033d0, 0x000010fb, + 0x000033d1, 0x000010fd, + 0x000033d2, 0x000010ff, + 0x000033d3, 0x00001102, + 0x000033d4, 0x00001104, + 0x000033d5, 0x00001106, + 0x000033d6, 0x00001109, + 0x000033d7, 0x0000110c, + 0x000033d8, 0x0000110e, + 0x000033d9, 0x00001112, + 0x000033da, 0x00001115, + 0x000033db, 0x00001117, + 0x000033dc, 0x00001119, + 0x000033dd, 0x0000111b, + 0x000033e0, 0x0000111d, + 0x000033e1, 0x0000111f, + 0x000033e2, 0x00001121, + 0x000033e3, 0x00001123, + 0x000033e4, 0x00001125, + 0x000033e5, 0x00001127, + 0x000033e6, 0x00001129, + 0x000033e7, 0x0000112b, + 0x000033e8, 0x0000112d, + 0x000033e9, 0x0000112f, + 0x000033ea, 0x00001132, + 0x000033eb, 0x00001135, + 0x000033ec, 0x00001138, + 0x000033ed, 0x0000113b, + 0x000033ee, 0x0000113e, + 0x000033ef, 0x00001141, + 0x000033f0, 0x00001144, + 0x000033f1, 0x00001147, + 0x000033f2, 0x0000114a, + 0x000033f3, 0x0000114d, + 0x000033f4, 0x00001150, + 0x000033f5, 0x00001153, + 0x000033f6, 0x00001156, + 0x000033f7, 0x00001159, + 0x000033f8, 0x0000115c, + 0x000033f9, 0x0000115f, + 0x000033fa, 0x00001162, + 0x000033fb, 0x00001165, + 0x000033fc, 0x00001168, + 0x000033fd, 0x0000116b, + 0x000033fe, 0x0000116e, + 0x0000f902, 0x00001171, + 0x0000f903, 0x00001172, + 0x0000f904, 0x00001173, + 0x0000f905, 0x00001174, + 0x0000f906, 0x00001175, + 0x0000f907, 0x00001176, + 0x0000f908, 0x00001177, + 0x0000f909, 0x00001178, + 0x0000f90a, 0x00001179, + 0x0000f90b, 0x0000117a, + 0x0000f90c, 0x0000117b, + 0x0000f90d, 0x0000117c, + 0x0000f90e, 0x0000117d, + 0x0000f90f, 0x0000117e, + 0x0000f910, 0x0000117f, + 0x0000f911, 0x00001180, + 0x0000f912, 0x00001181, + 0x0000f913, 0x00001182, + 0x0000f914, 0x00001183, + 0x0000f915, 0x00001184, + 0x0000f916, 0x00001185, + 0x0000f917, 0x00001186, + 0x0000f918, 0x00001187, + 0x0000f919, 0x00001188, + 0x0000f91a, 0x00001189, + 0x0000f91b, 0x0000118a, + 0x0000f91c, 0x0000118b, + 0x0000f91d, 0x0000118c, + 0x0000f91e, 0x0000118d, + 0x0000f91f, 0x0000118e, + 0x0000f920, 0x0000118f, + 0x0000f921, 0x00001190, + 0x0000f922, 0x00001191, + 0x0000f923, 0x00001192, + 0x0000f924, 0x00001193, + 0x0000f925, 0x00001194, + 0x0000f926, 0x00001195, + 0x0000f927, 0x00001196, + 0x0000f928, 0x00001197, + 0x0000f929, 0x00001198, + 0x0000f92a, 0x00001199, + 0x0000f92b, 0x0000119a, + 0x0000f92c, 0x0000119b, + 0x0000f92d, 0x0000119c, + 0x0000f92e, 0x0000119d, + 0x0000f92f, 0x0000119e, + 0x0000f930, 0x0000119f, + 0x0000f931, 0x000011a0, + 0x0000f932, 0x000011a1, + 0x0000f933, 0x000011a2, + 0x0000f934, 0x000011a3, + 0x0000f935, 0x000011a4, + 0x0000f936, 0x000011a5, + 0x0000f937, 0x000011a6, + 0x0000f938, 0x000011a7, + 0x0000f939, 0x000011a8, + 0x0000f93a, 0x000011a9, + 0x0000f93b, 0x000011aa, + 0x0000f93c, 0x000011ab, + 0x0000f93d, 0x000011ac, + 0x0000f93e, 0x000011ad, + 0x0000f93f, 0x000011ae, + 0x0000f940, 0x000011af, + 0x0000f941, 0x000011b0, + 0x0000f942, 0x000011b1, + 0x0000f943, 0x000011b2, + 0x0000f944, 0x000011b3, + 0x0000f945, 0x000011b4, + 0x0000f946, 0x000011b5, + 0x0000f947, 0x000011b6, + 0x0000f948, 0x000011b7, + 0x0000f949, 0x000011b8, + 0x0000f94a, 0x000011b9, + 0x0000f94b, 0x000011ba, + 0x0000f94c, 0x000011bb, + 0x0000f94d, 0x000011bc, + 0x0000f94e, 0x000011bd, + 0x0000f94f, 0x000011be, + 0x0000f950, 0x000011bf, + 0x0000f951, 0x000011c0, + 0x0000f952, 0x000011c1, + 0x0000f953, 0x000011c2, + 0x0000f954, 0x000011c3, + 0x0000f955, 0x000011c4, + 0x0000f956, 0x000011c5, + 0x0000f957, 0x000011c6, + 0x0000f958, 0x000011c7, + 0x0000f959, 0x000011c8, + 0x0000f95a, 0x000011c9, + 0x0000f95b, 0x000011ca, + 0x0000f95c, 0x000011cb, + 0x0000f95d, 0x000011cc, + 0x0000f95e, 0x000011cd, + 0x0000f95f, 0x000011ce, + 0x0000f960, 0x000011cf, + 0x0000f961, 0x000011d0, + 0x0000f962, 0x000011d1, + 0x0000f963, 0x000011d2, + 0x0000f964, 0x000011d3, + 0x0000f965, 0x000011d4, + 0x0000f966, 0x000011d5, + 0x0000f967, 0x000011d6, + 0x0000f968, 0x000011d7, + 0x0000f969, 0x000011d8, + 0x0000f96a, 0x000011d9, + 0x0000f96b, 0x000011da, + 0x0000f96c, 0x000011db, + 0x0000f96d, 0x000011dc, + 0x0000f96e, 0x000011dd, + 0x0000f96f, 0x000011de, + 0x0000f970, 0x000011df, + 0x0000f971, 0x000011e0, + 0x0000f972, 0x000011e1, + 0x0000f973, 0x000011e2, + 0x0000f974, 0x000011e3, + 0x0000f975, 0x000011e4, + 0x0000f976, 0x000011e5, + 0x0000f977, 0x000011e6, + 0x0000f978, 0x000011e7, + 0x0000f979, 0x000011e8, + 0x0000f97a, 0x000011e9, + 0x0000f97b, 0x000011ea, + 0x0000f97c, 0x000011eb, + 0x0000f97d, 0x000011ec, + 0x0000f97e, 0x000011ed, + 0x0000f97f, 0x000011ee, + 0x0000f980, 0x000011ef, + 0x0000f981, 0x000011f0, + 0x0000f982, 0x000011f1, + 0x0000f983, 0x000011f2, + 0x0000f984, 0x000011f3, + 0x0000f985, 0x000011f4, + 0x0000f986, 0x000011f5, + 0x0000f987, 0x000011f6, + 0x0000f988, 0x000011f7, + 0x0000f989, 0x000011f8, + 0x0000f98a, 0x000011f9, + 0x0000f98b, 0x000011fa, + 0x0000f98c, 0x000011fb, + 0x0000f98d, 0x000011fc, + 0x0000f98e, 0x000011fd, + 0x0000f98f, 0x000011fe, + 0x0000f990, 0x000011ff, + 0x0000f991, 0x00001200, + 0x0000f992, 0x00001201, + 0x0000f993, 0x00001202, + 0x0000f994, 0x00001203, + 0x0000f995, 0x00001204, + 0x0000f996, 0x00001205, + 0x0000f997, 0x00001206, + 0x0000f998, 0x00001207, + 0x0000f999, 0x00001208, + 0x0000f99a, 0x00001209, + 0x0000f99b, 0x0000120a, + 0x0000f99c, 0x0000120b, + 0x0000f99d, 0x0000120c, + 0x0000f99e, 0x0000120d, + 0x0000f99f, 0x0000120e, + 0x0000f9a0, 0x0000120f, + 0x0000f9a1, 0x00001210, + 0x0000f9a2, 0x00001211, + 0x0000f9a3, 0x00001212, + 0x0000f9a4, 0x00001213, + 0x0000f9a5, 0x00001214, + 0x0000f9a6, 0x00001215, + 0x0000f9a7, 0x00001216, + 0x0000f9a8, 0x00001217, + 0x0000f9a9, 0x00001218, + 0x0000f9aa, 0x00001219, + 0x0000f9ab, 0x0000121a, + 0x0000f9ac, 0x0000121b, + 0x0000f9ad, 0x0000121c, + 0x0000f9ae, 0x0000121d, + 0x0000f9af, 0x0000121e, + 0x0000f9b0, 0x0000121f, + 0x0000f9b1, 0x00001220, + 0x0000f9b2, 0x00001221, + 0x0000f9b3, 0x00001222, + 0x0000f9b4, 0x00001223, + 0x0000f9b5, 0x00001224, + 0x0000f9b6, 0x00001225, + 0x0000f9b7, 0x00001226, + 0x0000f9b8, 0x00001227, + 0x0000f9b9, 0x00001228, + 0x0000f9ba, 0x00001229, + 0x0000f9bb, 0x0000122a, + 0x0000f9bc, 0x0000122b, + 0x0000f9bd, 0x0000122c, + 0x0000f9be, 0x0000122d, + 0x0000f9bf, 0x0000122e, + 0x0000f9c0, 0x0000122f, + 0x0000f9c1, 0x00001230, + 0x0000f9c2, 0x00001231, + 0x0000f9c3, 0x00001232, + 0x0000f9c4, 0x00001233, + 0x0000f9c5, 0x00001234, + 0x0000f9c6, 0x00001235, + 0x0000f9c7, 0x00001236, + 0x0000f9c8, 0x00001237, + 0x0000f9c9, 0x00001238, + 0x0000f9ca, 0x00001239, + 0x0000f9cb, 0x0000123a, + 0x0000f9cc, 0x0000123b, + 0x0000f9cd, 0x0000123c, + 0x0000f9ce, 0x0000123d, + 0x0000f9cf, 0x0000123e, + 0x0000f9d0, 0x0000123f, + 0x0000f9d1, 0x00001240, + 0x0000f9d2, 0x00001241, + 0x0000f9d3, 0x00001242, + 0x0000f9d4, 0x00001243, + 0x0000f9d5, 0x00001244, + 0x0000f9d6, 0x00001245, + 0x0000f9d7, 0x00001246, + 0x0000f9d8, 0x00001247, + 0x0000f9d9, 0x00001248, + 0x0000f9da, 0x00001249, + 0x0000f9db, 0x0000124a, + 0x0000f9dc, 0x0000124b, + 0x0000f9dd, 0x0000124c, + 0x0000f9de, 0x0000124d, + 0x0000f9df, 0x0000124e, + 0x0000f9e0, 0x0000124f, + 0x0000f9e1, 0x00001250, + 0x0000f9e2, 0x00001251, + 0x0000f9e3, 0x00001252, + 0x0000f9e4, 0x00001253, + 0x0000f9e5, 0x00001254, + 0x0000f9e6, 0x00001255, + 0x0000f9e7, 0x00001256, + 0x0000f9e8, 0x00001257, + 0x0000f9e9, 0x00001258, + 0x0000f9ea, 0x00001259, + 0x0000f9eb, 0x0000125a, + 0x0000f9ec, 0x0000125b, + 0x0000f9ed, 0x0000125c, + 0x0000f9ee, 0x0000125d, + 0x0000f9ef, 0x0000125e, + 0x0000f9f0, 0x0000125f, + 0x0000f9f1, 0x00001260, + 0x0000f9f2, 0x00001261, + 0x0000f9f3, 0x00001262, + 0x0000f9f4, 0x00001263, + 0x0000f9f5, 0x00001264, + 0x0000f9f6, 0x00001265, + 0x0000f9f7, 0x00001266, + 0x0000f9f8, 0x00001267, + 0x0000f9f9, 0x00001268, + 0x0000f9fa, 0x00001269, + 0x0000f9fb, 0x0000126a, + 0x0000f9fc, 0x0000126b, + 0x0000f9fd, 0x0000126c, + 0x0000f9fe, 0x0000126d, + 0x0000f9ff, 0x0000126e, + 0x0000fa00, 0x0000126f, + 0x0000fa01, 0x00001270, + 0x0000fa02, 0x00001271, + 0x0000fa03, 0x00001272, + 0x0000fa04, 0x00001273, + 0x0000fa05, 0x00001274, + 0x0000fa06, 0x00001275, + 0x0000fa07, 0x00001276, + 0x0000fa08, 0x00001277, + 0x0000fa09, 0x00001278, + 0x0000fa0a, 0x00001279, + 0x0000fa0b, 0x0000127a, + 0x0000fa0c, 0x0000127b, + 0x0000fa0d, 0x0000127c, + 0x0000fa10, 0x0000127d, + 0x0000fa12, 0x0000127e, + 0x0000fa15, 0x0000127f, + 0x0000fa16, 0x00001280, + 0x0000fa17, 0x00001281, + 0x0000fa18, 0x00001282, + 0x0000fa19, 0x00001283, + 0x0000fa1a, 0x00001284, + 0x0000fa1b, 0x00001285, + 0x0000fa1c, 0x00001286, + 0x0000fa1d, 0x00001287, + 0x0000fa1e, 0x00001288, + 0x0000fa20, 0x00001289, + 0x0000fa22, 0x0000128a, + 0x0000fa25, 0x0000128b, + 0x0000fa26, 0x0000128c, + 0x0000fa2a, 0x0000128d, + 0x0000fa2b, 0x0000128e, + 0x0000fa2c, 0x0000128f, + 0x0000fa2d, 0x00001290, + 0x0000fa30, 0x00001291, + 0x0000fa31, 0x00001292, + 0x0000fa32, 0x00001293, + 0x0000fa33, 0x00001294, + 0x0000fa34, 0x00001295, + 0x0000fa35, 0x00001296, + 0x0000fa36, 0x00001297, + 0x0000fa37, 0x00001298, + 0x0000fa38, 0x00001299, + 0x0000fa39, 0x0000129a, + 0x0000fa3a, 0x0000129b, + 0x0000fa3b, 0x0000129c, + 0x0000fa3c, 0x0000129d, + 0x0000fa3d, 0x0000129e, + 0x0000fa3e, 0x0000129f, + 0x0000fa3f, 0x000012a0, + 0x0000fa40, 0x000012a1, + 0x0000fa41, 0x000012a2, + 0x0000fa42, 0x000012a3, + 0x0000fa43, 0x000012a4, + 0x0000fa44, 0x000012a5, + 0x0000fa45, 0x000012a6, + 0x0000fa46, 0x000012a7, + 0x0000fa47, 0x000012a8, + 0x0000fa48, 0x000012a9, + 0x0000fa49, 0x000012aa, + 0x0000fa4a, 0x000012ab, + 0x0000fa4b, 0x000012ac, + 0x0000fa4c, 0x000012ad, + 0x0000fa4d, 0x000012ae, + 0x0000fa4e, 0x000012af, + 0x0000fa4f, 0x000012b0, + 0x0000fa50, 0x000012b1, + 0x0000fa51, 0x000012b2, + 0x0000fa52, 0x000012b3, + 0x0000fa53, 0x000012b4, + 0x0000fa54, 0x000012b5, + 0x0000fa55, 0x000012b6, + 0x0000fa56, 0x000012b7, + 0x0000fa57, 0x000012b8, + 0x0000fa58, 0x000012b9, + 0x0000fa59, 0x000012ba, + 0x0000fa5a, 0x000012bb, + 0x0000fa5b, 0x000012bc, + 0x0000fa5c, 0x000012bd, + 0x0000fa5d, 0x000012be, + 0x0000fa5e, 0x000012bf, + 0x0000fa5f, 0x000012c0, + 0x0000fa60, 0x000012c1, + 0x0000fa61, 0x000012c2, + 0x0000fa62, 0x000012c3, + 0x0000fa63, 0x000012c4, + 0x0000fa64, 0x000012c5, + 0x0000fa65, 0x000012c6, + 0x0000fa66, 0x000012c7, + 0x0000fa67, 0x000012c8, + 0x0000fa68, 0x000012c9, + 0x0000fa69, 0x000012ca, + 0x0000fa6a, 0x000012cb, + 0x0000fb00, 0x000012cc, + 0x0000fb01, 0x000012ce, + 0x0000fb02, 0x000012d0, + 0x0000fb03, 0x000012d2, + 0x0000fb04, 0x000012d5, + 0x0000fb05, 0x000012d8, + 0x0000fb06, 0x000012da, + 0x0000fb13, 0x000012dc, + 0x0000fb14, 0x000012de, + 0x0000fb15, 0x000012e0, + 0x0000fb16, 0x000012e2, + 0x0000fb17, 0x000012e4, + 0x0000fb1d, 0x000012e6, + 0x0000fb1f, 0x000012e8, + 0x0000fb20, 0x000012ea, + 0x0000fb21, 0x000012eb, + 0x0000fb22, 0x000012ec, + 0x0000fb23, 0x000012ed, + 0x0000fb24, 0x000012ee, + 0x0000fb25, 0x000012ef, + 0x0000fb26, 0x000012f0, + 0x0000fb27, 0x000012f1, + 0x0000fb28, 0x000012f2, + 0x0000fb29, 0x000012f3, + 0x0000fb2a, 0x000012f4, + 0x0000fb2b, 0x000012f6, + 0x0000fb2c, 0x000012f8, + 0x0000fb2d, 0x000012fb, + 0x0000fb2e, 0x000012fe, + 0x0000fb2f, 0x00001300, + 0x0000fb30, 0x00001302, + 0x0000fb31, 0x00001304, + 0x0000fb32, 0x00001306, + 0x0000fb33, 0x00001308, + 0x0000fb34, 0x0000130a, + 0x0000fb35, 0x0000130c, + 0x0000fb36, 0x0000130e, + 0x0000fb38, 0x00001310, + 0x0000fb39, 0x00001312, + 0x0000fb3a, 0x00001314, + 0x0000fb3b, 0x00001316, + 0x0000fb3c, 0x00001318, + 0x0000fb3e, 0x0000131a, + 0x0000fb40, 0x0000131c, + 0x0000fb41, 0x0000131e, + 0x0000fb43, 0x00001320, + 0x0000fb44, 0x00001322, + 0x0000fb46, 0x00001324, + 0x0000fb47, 0x00001326, + 0x0000fb48, 0x00001328, + 0x0000fb49, 0x0000132a, + 0x0000fb4a, 0x0000132c, + 0x0000fb4b, 0x0000132e, + 0x0000fb4c, 0x00001330, + 0x0000fb4d, 0x00001332, + 0x0000fb4e, 0x00001334, + 0x0000fb4f, 0x00001336, + 0x0000fb50, 0x00001338, + 0x0000fb51, 0x00001339, + 0x0000fb52, 0x0000133a, + 0x0000fb53, 0x0000133b, + 0x0000fb54, 0x0000133c, + 0x0000fb55, 0x0000133d, + 0x0000fb56, 0x0000133e, + 0x0000fb57, 0x0000133f, + 0x0000fb58, 0x00001340, + 0x0000fb59, 0x00001341, + 0x0000fb5a, 0x00001342, + 0x0000fb5b, 0x00001343, + 0x0000fb5c, 0x00001344, + 0x0000fb5d, 0x00001345, + 0x0000fb5e, 0x00001346, + 0x0000fb5f, 0x00001347, + 0x0000fb60, 0x00001348, + 0x0000fb61, 0x00001349, + 0x0000fb62, 0x0000134a, + 0x0000fb63, 0x0000134b, + 0x0000fb64, 0x0000134c, + 0x0000fb65, 0x0000134d, + 0x0000fb66, 0x0000134e, + 0x0000fb67, 0x0000134f, + 0x0000fb68, 0x00001350, + 0x0000fb69, 0x00001351, + 0x0000fb6a, 0x00001352, + 0x0000fb6b, 0x00001353, + 0x0000fb6c, 0x00001354, + 0x0000fb6d, 0x00001355, + 0x0000fb6e, 0x00001356, + 0x0000fb6f, 0x00001357, + 0x0000fb70, 0x00001358, + 0x0000fb71, 0x00001359, + 0x0000fb72, 0x0000135a, + 0x0000fb73, 0x0000135b, + 0x0000fb74, 0x0000135c, + 0x0000fb75, 0x0000135d, + 0x0000fb76, 0x0000135e, + 0x0000fb77, 0x0000135f, + 0x0000fb78, 0x00001360, + 0x0000fb79, 0x00001361, + 0x0000fb7a, 0x00001362, + 0x0000fb7b, 0x00001363, + 0x0000fb7c, 0x00001364, + 0x0000fb7d, 0x00001365, + 0x0000fb7e, 0x00001366, + 0x0000fb7f, 0x00001367, + 0x0000fb80, 0x00001368, + 0x0000fb81, 0x00001369, + 0x0000fb82, 0x0000136a, + 0x0000fb83, 0x0000136b, + 0x0000fb84, 0x0000136c, + 0x0000fb85, 0x0000136d, + 0x0000fb86, 0x0000136e, + 0x0000fb87, 0x0000136f, + 0x0000fb88, 0x00001370, + 0x0000fb89, 0x00001371, + 0x0000fb8a, 0x00001372, + 0x0000fb8b, 0x00001373, + 0x0000fb8c, 0x00001374, + 0x0000fb8d, 0x00001375, + 0x0000fb8e, 0x00001376, + 0x0000fb8f, 0x00001377, + 0x0000fb90, 0x00001378, + 0x0000fb91, 0x00001379, + 0x0000fb92, 0x0000137a, + 0x0000fb93, 0x0000137b, + 0x0000fb94, 0x0000137c, + 0x0000fb95, 0x0000137d, + 0x0000fb96, 0x0000137e, + 0x0000fb97, 0x0000137f, + 0x0000fb98, 0x00001380, + 0x0000fb99, 0x00001381, + 0x0000fb9a, 0x00001382, + 0x0000fb9b, 0x00001383, + 0x0000fb9c, 0x00001384, + 0x0000fb9d, 0x00001385, + 0x0000fb9e, 0x00001386, + 0x0000fb9f, 0x00001387, + 0x0000fba0, 0x00001388, + 0x0000fba1, 0x00001389, + 0x0000fba2, 0x0000138a, + 0x0000fba3, 0x0000138b, + 0x0000fba4, 0x0000138c, + 0x0000fba5, 0x0000138e, + 0x0000fba6, 0x00001390, + 0x0000fba7, 0x00001391, + 0x0000fba8, 0x00001392, + 0x0000fba9, 0x00001393, + 0x0000fbaa, 0x00001394, + 0x0000fbab, 0x00001395, + 0x0000fbac, 0x00001396, + 0x0000fbad, 0x00001397, + 0x0000fbae, 0x00001398, + 0x0000fbaf, 0x00001399, + 0x0000fbb0, 0x0000139a, + 0x0000fbb1, 0x0000139c, + 0x0000fbd3, 0x0000139e, + 0x0000fbd4, 0x0000139f, + 0x0000fbd5, 0x000013a0, + 0x0000fbd6, 0x000013a1, + 0x0000fbd7, 0x000013a2, + 0x0000fbd8, 0x000013a3, + 0x0000fbd9, 0x000013a4, + 0x0000fbda, 0x000013a5, + 0x0000fbdb, 0x000013a6, + 0x0000fbdc, 0x000013a7, + 0x0000fbdd, 0x000013a8, + 0x0000fbde, 0x000013aa, + 0x0000fbdf, 0x000013ab, + 0x0000fbe0, 0x000013ac, + 0x0000fbe1, 0x000013ad, + 0x0000fbe2, 0x000013ae, + 0x0000fbe3, 0x000013af, + 0x0000fbe4, 0x000013b0, + 0x0000fbe5, 0x000013b1, + 0x0000fbe6, 0x000013b2, + 0x0000fbe7, 0x000013b3, + 0x0000fbe8, 0x000013b4, + 0x0000fbe9, 0x000013b5, + 0x0000fbea, 0x000013b6, + 0x0000fbeb, 0x000013b9, + 0x0000fbec, 0x000013bc, + 0x0000fbed, 0x000013bf, + 0x0000fbee, 0x000013c2, + 0x0000fbef, 0x000013c5, + 0x0000fbf0, 0x000013c8, + 0x0000fbf1, 0x000013cb, + 0x0000fbf2, 0x000013ce, + 0x0000fbf3, 0x000013d1, + 0x0000fbf4, 0x000013d4, + 0x0000fbf5, 0x000013d7, + 0x0000fbf6, 0x000013da, + 0x0000fbf7, 0x000013dd, + 0x0000fbf8, 0x000013e0, + 0x0000fbf9, 0x000013e3, + 0x0000fbfa, 0x000013e6, + 0x0000fbfb, 0x000013e9, + 0x0000fbfc, 0x000013ec, + 0x0000fbfd, 0x000013ed, + 0x0000fbfe, 0x000013ee, + 0x0000fbff, 0x000013ef, + 0x0000fc00, 0x000013f0, + 0x0000fc01, 0x000013f3, + 0x0000fc02, 0x000013f6, + 0x0000fc03, 0x000013f9, + 0x0000fc04, 0x000013fc, + 0x0000fc05, 0x000013ff, + 0x0000fc06, 0x00001401, + 0x0000fc07, 0x00001403, + 0x0000fc08, 0x00001405, + 0x0000fc09, 0x00001407, + 0x0000fc0a, 0x00001409, + 0x0000fc0b, 0x0000140b, + 0x0000fc0c, 0x0000140d, + 0x0000fc0d, 0x0000140f, + 0x0000fc0e, 0x00001411, + 0x0000fc0f, 0x00001413, + 0x0000fc10, 0x00001415, + 0x0000fc11, 0x00001417, + 0x0000fc12, 0x00001419, + 0x0000fc13, 0x0000141b, + 0x0000fc14, 0x0000141d, + 0x0000fc15, 0x0000141f, + 0x0000fc16, 0x00001421, + 0x0000fc17, 0x00001423, + 0x0000fc18, 0x00001425, + 0x0000fc19, 0x00001427, + 0x0000fc1a, 0x00001429, + 0x0000fc1b, 0x0000142b, + 0x0000fc1c, 0x0000142d, + 0x0000fc1d, 0x0000142f, + 0x0000fc1e, 0x00001431, + 0x0000fc1f, 0x00001433, + 0x0000fc20, 0x00001435, + 0x0000fc21, 0x00001437, + 0x0000fc22, 0x00001439, + 0x0000fc23, 0x0000143b, + 0x0000fc24, 0x0000143d, + 0x0000fc25, 0x0000143f, + 0x0000fc26, 0x00001441, + 0x0000fc27, 0x00001443, + 0x0000fc28, 0x00001445, + 0x0000fc29, 0x00001447, + 0x0000fc2a, 0x00001449, + 0x0000fc2b, 0x0000144b, + 0x0000fc2c, 0x0000144d, + 0x0000fc2d, 0x0000144f, + 0x0000fc2e, 0x00001451, + 0x0000fc2f, 0x00001453, + 0x0000fc30, 0x00001455, + 0x0000fc31, 0x00001457, + 0x0000fc32, 0x00001459, + 0x0000fc33, 0x0000145b, + 0x0000fc34, 0x0000145d, + 0x0000fc35, 0x0000145f, + 0x0000fc36, 0x00001461, + 0x0000fc37, 0x00001463, + 0x0000fc38, 0x00001465, + 0x0000fc39, 0x00001467, + 0x0000fc3a, 0x00001469, + 0x0000fc3b, 0x0000146b, + 0x0000fc3c, 0x0000146d, + 0x0000fc3d, 0x0000146f, + 0x0000fc3e, 0x00001471, + 0x0000fc3f, 0x00001473, + 0x0000fc40, 0x00001475, + 0x0000fc41, 0x00001477, + 0x0000fc42, 0x00001479, + 0x0000fc43, 0x0000147b, + 0x0000fc44, 0x0000147d, + 0x0000fc45, 0x0000147f, + 0x0000fc46, 0x00001481, + 0x0000fc47, 0x00001483, + 0x0000fc48, 0x00001485, + 0x0000fc49, 0x00001487, + 0x0000fc4a, 0x00001489, + 0x0000fc4b, 0x0000148b, + 0x0000fc4c, 0x0000148d, + 0x0000fc4d, 0x0000148f, + 0x0000fc4e, 0x00001491, + 0x0000fc4f, 0x00001493, + 0x0000fc50, 0x00001495, + 0x0000fc51, 0x00001497, + 0x0000fc52, 0x00001499, + 0x0000fc53, 0x0000149b, + 0x0000fc54, 0x0000149d, + 0x0000fc55, 0x0000149f, + 0x0000fc56, 0x000014a1, + 0x0000fc57, 0x000014a3, + 0x0000fc58, 0x000014a5, + 0x0000fc59, 0x000014a7, + 0x0000fc5a, 0x000014a9, + 0x0000fc5b, 0x000014ab, + 0x0000fc5c, 0x000014ad, + 0x0000fc5d, 0x000014af, + 0x0000fc5e, 0x000014b1, + 0x0000fc5f, 0x000014b4, + 0x0000fc60, 0x000014b7, + 0x0000fc61, 0x000014ba, + 0x0000fc62, 0x000014bd, + 0x0000fc63, 0x000014c0, + 0x0000fc64, 0x000014c3, + 0x0000fc65, 0x000014c6, + 0x0000fc66, 0x000014c9, + 0x0000fc67, 0x000014cc, + 0x0000fc68, 0x000014cf, + 0x0000fc69, 0x000014d2, + 0x0000fc6a, 0x000014d5, + 0x0000fc6b, 0x000014d7, + 0x0000fc6c, 0x000014d9, + 0x0000fc6d, 0x000014db, + 0x0000fc6e, 0x000014dd, + 0x0000fc6f, 0x000014df, + 0x0000fc70, 0x000014e1, + 0x0000fc71, 0x000014e3, + 0x0000fc72, 0x000014e5, + 0x0000fc73, 0x000014e7, + 0x0000fc74, 0x000014e9, + 0x0000fc75, 0x000014eb, + 0x0000fc76, 0x000014ed, + 0x0000fc77, 0x000014ef, + 0x0000fc78, 0x000014f1, + 0x0000fc79, 0x000014f3, + 0x0000fc7a, 0x000014f5, + 0x0000fc7b, 0x000014f7, + 0x0000fc7c, 0x000014f9, + 0x0000fc7d, 0x000014fb, + 0x0000fc7e, 0x000014fd, + 0x0000fc7f, 0x000014ff, + 0x0000fc80, 0x00001501, + 0x0000fc81, 0x00001503, + 0x0000fc82, 0x00001505, + 0x0000fc83, 0x00001507, + 0x0000fc84, 0x00001509, + 0x0000fc85, 0x0000150b, + 0x0000fc86, 0x0000150d, + 0x0000fc87, 0x0000150f, + 0x0000fc88, 0x00001511, + 0x0000fc89, 0x00001513, + 0x0000fc8a, 0x00001515, + 0x0000fc8b, 0x00001517, + 0x0000fc8c, 0x00001519, + 0x0000fc8d, 0x0000151b, + 0x0000fc8e, 0x0000151d, + 0x0000fc8f, 0x0000151f, + 0x0000fc90, 0x00001521, + 0x0000fc91, 0x00001523, + 0x0000fc92, 0x00001525, + 0x0000fc93, 0x00001527, + 0x0000fc94, 0x00001529, + 0x0000fc95, 0x0000152b, + 0x0000fc96, 0x0000152d, + 0x0000fc97, 0x0000152f, + 0x0000fc98, 0x00001532, + 0x0000fc99, 0x00001535, + 0x0000fc9a, 0x00001538, + 0x0000fc9b, 0x0000153b, + 0x0000fc9c, 0x0000153e, + 0x0000fc9d, 0x00001540, + 0x0000fc9e, 0x00001542, + 0x0000fc9f, 0x00001544, + 0x0000fca0, 0x00001546, + 0x0000fca1, 0x00001548, + 0x0000fca2, 0x0000154a, + 0x0000fca3, 0x0000154c, + 0x0000fca4, 0x0000154e, + 0x0000fca5, 0x00001550, + 0x0000fca6, 0x00001552, + 0x0000fca7, 0x00001554, + 0x0000fca8, 0x00001556, + 0x0000fca9, 0x00001558, + 0x0000fcaa, 0x0000155a, + 0x0000fcab, 0x0000155c, + 0x0000fcac, 0x0000155e, + 0x0000fcad, 0x00001560, + 0x0000fcae, 0x00001562, + 0x0000fcaf, 0x00001564, + 0x0000fcb0, 0x00001566, + 0x0000fcb1, 0x00001568, + 0x0000fcb2, 0x0000156a, + 0x0000fcb3, 0x0000156c, + 0x0000fcb4, 0x0000156e, + 0x0000fcb5, 0x00001570, + 0x0000fcb6, 0x00001572, + 0x0000fcb7, 0x00001574, + 0x0000fcb8, 0x00001576, + 0x0000fcb9, 0x00001578, + 0x0000fcba, 0x0000157a, + 0x0000fcbb, 0x0000157c, + 0x0000fcbc, 0x0000157e, + 0x0000fcbd, 0x00001580, + 0x0000fcbe, 0x00001582, + 0x0000fcbf, 0x00001584, + 0x0000fcc0, 0x00001586, + 0x0000fcc1, 0x00001588, + 0x0000fcc2, 0x0000158a, + 0x0000fcc3, 0x0000158c, + 0x0000fcc4, 0x0000158e, + 0x0000fcc5, 0x00001590, + 0x0000fcc6, 0x00001592, + 0x0000fcc7, 0x00001594, + 0x0000fcc8, 0x00001596, + 0x0000fcc9, 0x00001598, + 0x0000fcca, 0x0000159a, + 0x0000fccb, 0x0000159c, + 0x0000fccc, 0x0000159e, + 0x0000fccd, 0x000015a0, + 0x0000fcce, 0x000015a2, + 0x0000fccf, 0x000015a4, + 0x0000fcd0, 0x000015a6, + 0x0000fcd1, 0x000015a8, + 0x0000fcd2, 0x000015aa, + 0x0000fcd3, 0x000015ac, + 0x0000fcd4, 0x000015ae, + 0x0000fcd5, 0x000015b0, + 0x0000fcd6, 0x000015b2, + 0x0000fcd7, 0x000015b4, + 0x0000fcd8, 0x000015b6, + 0x0000fcd9, 0x000015b8, + 0x0000fcda, 0x000015ba, + 0x0000fcdb, 0x000015bc, + 0x0000fcdc, 0x000015be, + 0x0000fcdd, 0x000015c0, + 0x0000fcde, 0x000015c2, + 0x0000fcdf, 0x000015c4, + 0x0000fce0, 0x000015c7, + 0x0000fce1, 0x000015ca, + 0x0000fce2, 0x000015cc, + 0x0000fce3, 0x000015ce, + 0x0000fce4, 0x000015d0, + 0x0000fce5, 0x000015d2, + 0x0000fce6, 0x000015d4, + 0x0000fce7, 0x000015d6, + 0x0000fce8, 0x000015d8, + 0x0000fce9, 0x000015da, + 0x0000fcea, 0x000015dc, + 0x0000fceb, 0x000015de, + 0x0000fcec, 0x000015e0, + 0x0000fced, 0x000015e2, + 0x0000fcee, 0x000015e4, + 0x0000fcef, 0x000015e6, + 0x0000fcf0, 0x000015e8, + 0x0000fcf1, 0x000015ea, + 0x0000fcf2, 0x000015ec, + 0x0000fcf3, 0x000015ef, + 0x0000fcf4, 0x000015f2, + 0x0000fcf5, 0x000015f5, + 0x0000fcf6, 0x000015f7, + 0x0000fcf7, 0x000015f9, + 0x0000fcf8, 0x000015fb, + 0x0000fcf9, 0x000015fd, + 0x0000fcfa, 0x000015ff, + 0x0000fcfb, 0x00001601, + 0x0000fcfc, 0x00001603, + 0x0000fcfd, 0x00001605, + 0x0000fcfe, 0x00001607, + 0x0000fcff, 0x00001609, + 0x0000fd00, 0x0000160b, + 0x0000fd01, 0x0000160d, + 0x0000fd02, 0x0000160f, + 0x0000fd03, 0x00001611, + 0x0000fd04, 0x00001613, + 0x0000fd05, 0x00001615, + 0x0000fd06, 0x00001617, + 0x0000fd07, 0x00001619, + 0x0000fd08, 0x0000161b, + 0x0000fd09, 0x0000161d, + 0x0000fd0a, 0x0000161f, + 0x0000fd0b, 0x00001621, + 0x0000fd0c, 0x00001623, + 0x0000fd0d, 0x00001625, + 0x0000fd0e, 0x00001627, + 0x0000fd0f, 0x00001629, + 0x0000fd10, 0x0000162b, + 0x0000fd11, 0x0000162d, + 0x0000fd12, 0x0000162f, + 0x0000fd13, 0x00001631, + 0x0000fd14, 0x00001633, + 0x0000fd15, 0x00001635, + 0x0000fd16, 0x00001637, + 0x0000fd17, 0x00001639, + 0x0000fd18, 0x0000163b, + 0x0000fd19, 0x0000163d, + 0x0000fd1a, 0x0000163f, + 0x0000fd1b, 0x00001641, + 0x0000fd1c, 0x00001643, + 0x0000fd1d, 0x00001645, + 0x0000fd1e, 0x00001647, + 0x0000fd1f, 0x00001649, + 0x0000fd20, 0x0000164b, + 0x0000fd21, 0x0000164d, + 0x0000fd22, 0x0000164f, + 0x0000fd23, 0x00001651, + 0x0000fd24, 0x00001653, + 0x0000fd25, 0x00001655, + 0x0000fd26, 0x00001657, + 0x0000fd27, 0x00001659, + 0x0000fd28, 0x0000165b, + 0x0000fd29, 0x0000165d, + 0x0000fd2a, 0x0000165f, + 0x0000fd2b, 0x00001661, + 0x0000fd2c, 0x00001663, + 0x0000fd2d, 0x00001665, + 0x0000fd2e, 0x00001667, + 0x0000fd2f, 0x00001669, + 0x0000fd30, 0x0000166b, + 0x0000fd31, 0x0000166d, + 0x0000fd32, 0x0000166f, + 0x0000fd33, 0x00001671, + 0x0000fd34, 0x00001673, + 0x0000fd35, 0x00001675, + 0x0000fd36, 0x00001677, + 0x0000fd37, 0x00001679, + 0x0000fd38, 0x0000167b, + 0x0000fd39, 0x0000167d, + 0x0000fd3a, 0x0000167f, + 0x0000fd3b, 0x00001681, + 0x0000fd3c, 0x00001683, + 0x0000fd3d, 0x00001685, + 0x0000fd50, 0x00001687, + 0x0000fd51, 0x0000168a, + 0x0000fd52, 0x0000168d, + 0x0000fd53, 0x00001690, + 0x0000fd54, 0x00001693, + 0x0000fd55, 0x00001696, + 0x0000fd56, 0x00001699, + 0x0000fd57, 0x0000169c, + 0x0000fd58, 0x0000169f, + 0x0000fd59, 0x000016a2, + 0x0000fd5a, 0x000016a5, + 0x0000fd5b, 0x000016a8, + 0x0000fd5c, 0x000016ab, + 0x0000fd5d, 0x000016ae, + 0x0000fd5e, 0x000016b1, + 0x0000fd5f, 0x000016b4, + 0x0000fd60, 0x000016b7, + 0x0000fd61, 0x000016ba, + 0x0000fd62, 0x000016bd, + 0x0000fd63, 0x000016c0, + 0x0000fd64, 0x000016c3, + 0x0000fd65, 0x000016c6, + 0x0000fd66, 0x000016c9, + 0x0000fd67, 0x000016cc, + 0x0000fd68, 0x000016cf, + 0x0000fd69, 0x000016d2, + 0x0000fd6a, 0x000016d5, + 0x0000fd6b, 0x000016d8, + 0x0000fd6c, 0x000016db, + 0x0000fd6d, 0x000016de, + 0x0000fd6e, 0x000016e1, + 0x0000fd6f, 0x000016e4, + 0x0000fd70, 0x000016e7, + 0x0000fd71, 0x000016ea, + 0x0000fd72, 0x000016ed, + 0x0000fd73, 0x000016f0, + 0x0000fd74, 0x000016f3, + 0x0000fd75, 0x000016f6, + 0x0000fd76, 0x000016f9, + 0x0000fd77, 0x000016fc, + 0x0000fd78, 0x000016ff, + 0x0000fd79, 0x00001702, + 0x0000fd7a, 0x00001705, + 0x0000fd7b, 0x00001708, + 0x0000fd7c, 0x0000170b, + 0x0000fd7d, 0x0000170e, + 0x0000fd7e, 0x00001711, + 0x0000fd7f, 0x00001714, + 0x0000fd80, 0x00001717, + 0x0000fd81, 0x0000171a, + 0x0000fd82, 0x0000171d, + 0x0000fd83, 0x00001720, + 0x0000fd84, 0x00001723, + 0x0000fd85, 0x00001726, + 0x0000fd86, 0x00001729, + 0x0000fd87, 0x0000172c, + 0x0000fd88, 0x0000172f, + 0x0000fd89, 0x00001732, + 0x0000fd8a, 0x00001735, + 0x0000fd8b, 0x00001738, + 0x0000fd8c, 0x0000173b, + 0x0000fd8d, 0x0000173e, + 0x0000fd8e, 0x00001741, + 0x0000fd8f, 0x00001744, + 0x0000fd92, 0x00001747, + 0x0000fd93, 0x0000174a, + 0x0000fd94, 0x0000174d, + 0x0000fd95, 0x00001750, + 0x0000fd96, 0x00001753, + 0x0000fd97, 0x00001756, + 0x0000fd98, 0x00001759, + 0x0000fd99, 0x0000175c, + 0x0000fd9a, 0x0000175f, + 0x0000fd9b, 0x00001762, + 0x0000fd9c, 0x00001765, + 0x0000fd9d, 0x00001768, + 0x0000fd9e, 0x0000176b, + 0x0000fd9f, 0x0000176e, + 0x0000fda0, 0x00001771, + 0x0000fda1, 0x00001774, + 0x0000fda2, 0x00001777, + 0x0000fda3, 0x0000177a, + 0x0000fda4, 0x0000177d, + 0x0000fda5, 0x00001780, + 0x0000fda6, 0x00001783, + 0x0000fda7, 0x00001786, + 0x0000fda8, 0x00001789, + 0x0000fda9, 0x0000178c, + 0x0000fdaa, 0x0000178f, + 0x0000fdab, 0x00001792, + 0x0000fdac, 0x00001795, + 0x0000fdad, 0x00001798, + 0x0000fdae, 0x0000179b, + 0x0000fdaf, 0x0000179e, + 0x0000fdb0, 0x000017a1, + 0x0000fdb1, 0x000017a4, + 0x0000fdb2, 0x000017a7, + 0x0000fdb3, 0x000017aa, + 0x0000fdb4, 0x000017ad, + 0x0000fdb5, 0x000017b0, + 0x0000fdb6, 0x000017b3, + 0x0000fdb7, 0x000017b6, + 0x0000fdb8, 0x000017b9, + 0x0000fdb9, 0x000017bc, + 0x0000fdba, 0x000017bf, + 0x0000fdbb, 0x000017c2, + 0x0000fdbc, 0x000017c5, + 0x0000fdbd, 0x000017c8, + 0x0000fdbe, 0x000017cb, + 0x0000fdbf, 0x000017ce, + 0x0000fdc0, 0x000017d1, + 0x0000fdc1, 0x000017d4, + 0x0000fdc2, 0x000017d7, + 0x0000fdc3, 0x000017da, + 0x0000fdc4, 0x000017dd, + 0x0000fdc5, 0x000017e0, + 0x0000fdc6, 0x000017e3, + 0x0000fdc7, 0x000017e6, + 0x0000fdf0, 0x000017e9, + 0x0000fdf1, 0x000017ec, + 0x0000fdf2, 0x000017ef, + 0x0000fdf3, 0x000017f3, + 0x0000fdf4, 0x000017f7, + 0x0000fdf5, 0x000017fb, + 0x0000fdf6, 0x000017ff, + 0x0000fdf7, 0x00001803, + 0x0000fdf8, 0x00001807, + 0x0000fdf9, 0x0000180b, + 0x0000fdfa, 0x0000180e, + 0x0000fdfb, 0x00001820, + 0x0000fdfc, 0x00001828, + 0x0000fe30, 0x0000182c, + 0x0000fe31, 0x0000182e, + 0x0000fe32, 0x0000182f, + 0x0000fe33, 0x00001830, + 0x0000fe34, 0x00001831, + 0x0000fe35, 0x00001832, + 0x0000fe36, 0x00001833, + 0x0000fe37, 0x00001834, + 0x0000fe38, 0x00001835, + 0x0000fe39, 0x00001836, + 0x0000fe3a, 0x00001837, + 0x0000fe3b, 0x00001838, + 0x0000fe3c, 0x00001839, + 0x0000fe3d, 0x0000183a, + 0x0000fe3e, 0x0000183b, + 0x0000fe3f, 0x0000183c, + 0x0000fe40, 0x0000183d, + 0x0000fe41, 0x0000183e, + 0x0000fe42, 0x0000183f, + 0x0000fe43, 0x00001840, + 0x0000fe44, 0x00001841, + 0x0000fe49, 0x00001842, + 0x0000fe4a, 0x00001844, + 0x0000fe4b, 0x00001846, + 0x0000fe4c, 0x00001848, + 0x0000fe4d, 0x0000184a, + 0x0000fe4e, 0x0000184b, + 0x0000fe4f, 0x0000184c, + 0x0000fe50, 0x0000184d, + 0x0000fe51, 0x0000184e, + 0x0000fe52, 0x0000184f, + 0x0000fe54, 0x00001850, + 0x0000fe55, 0x00001851, + 0x0000fe56, 0x00001852, + 0x0000fe57, 0x00001853, + 0x0000fe58, 0x00001854, + 0x0000fe59, 0x00001855, + 0x0000fe5a, 0x00001856, + 0x0000fe5b, 0x00001857, + 0x0000fe5c, 0x00001858, + 0x0000fe5d, 0x00001859, + 0x0000fe5e, 0x0000185a, + 0x0000fe5f, 0x0000185b, + 0x0000fe60, 0x0000185c, + 0x0000fe61, 0x0000185d, + 0x0000fe62, 0x0000185e, + 0x0000fe63, 0x0000185f, + 0x0000fe64, 0x00001860, + 0x0000fe65, 0x00001861, + 0x0000fe66, 0x00001862, + 0x0000fe68, 0x00001863, + 0x0000fe69, 0x00001864, + 0x0000fe6a, 0x00001865, + 0x0000fe6b, 0x00001866, + 0x0000fe70, 0x00001867, + 0x0000fe71, 0x00001869, + 0x0000fe72, 0x0000186b, + 0x0000fe74, 0x0000186d, + 0x0000fe76, 0x0000186f, + 0x0000fe77, 0x00001871, + 0x0000fe78, 0x00001873, + 0x0000fe79, 0x00001875, + 0x0000fe7a, 0x00001877, + 0x0000fe7b, 0x00001879, + 0x0000fe7c, 0x0000187b, + 0x0000fe7d, 0x0000187d, + 0x0000fe7e, 0x0000187f, + 0x0000fe7f, 0x00001881, + 0x0000fe80, 0x00001883, + 0x0000fe81, 0x00001884, + 0x0000fe82, 0x00001886, + 0x0000fe83, 0x00001888, + 0x0000fe84, 0x0000188a, + 0x0000fe85, 0x0000188c, + 0x0000fe86, 0x0000188e, + 0x0000fe87, 0x00001890, + 0x0000fe88, 0x00001892, + 0x0000fe89, 0x00001894, + 0x0000fe8a, 0x00001896, + 0x0000fe8b, 0x00001898, + 0x0000fe8c, 0x0000189a, + 0x0000fe8d, 0x0000189c, + 0x0000fe8e, 0x0000189d, + 0x0000fe8f, 0x0000189e, + 0x0000fe90, 0x0000189f, + 0x0000fe91, 0x000018a0, + 0x0000fe92, 0x000018a1, + 0x0000fe93, 0x000018a2, + 0x0000fe94, 0x000018a3, + 0x0000fe95, 0x000018a4, + 0x0000fe96, 0x000018a5, + 0x0000fe97, 0x000018a6, + 0x0000fe98, 0x000018a7, + 0x0000fe99, 0x000018a8, + 0x0000fe9a, 0x000018a9, + 0x0000fe9b, 0x000018aa, + 0x0000fe9c, 0x000018ab, + 0x0000fe9d, 0x000018ac, + 0x0000fe9e, 0x000018ad, + 0x0000fe9f, 0x000018ae, + 0x0000fea0, 0x000018af, + 0x0000fea1, 0x000018b0, + 0x0000fea2, 0x000018b1, + 0x0000fea3, 0x000018b2, + 0x0000fea4, 0x000018b3, + 0x0000fea5, 0x000018b4, + 0x0000fea6, 0x000018b5, + 0x0000fea7, 0x000018b6, + 0x0000fea8, 0x000018b7, + 0x0000fea9, 0x000018b8, + 0x0000feaa, 0x000018b9, + 0x0000feab, 0x000018ba, + 0x0000feac, 0x000018bb, + 0x0000fead, 0x000018bc, + 0x0000feae, 0x000018bd, + 0x0000feaf, 0x000018be, + 0x0000feb0, 0x000018bf, + 0x0000feb1, 0x000018c0, + 0x0000feb2, 0x000018c1, + 0x0000feb3, 0x000018c2, + 0x0000feb4, 0x000018c3, + 0x0000feb5, 0x000018c4, + 0x0000feb6, 0x000018c5, + 0x0000feb7, 0x000018c6, + 0x0000feb8, 0x000018c7, + 0x0000feb9, 0x000018c8, + 0x0000feba, 0x000018c9, + 0x0000febb, 0x000018ca, + 0x0000febc, 0x000018cb, + 0x0000febd, 0x000018cc, + 0x0000febe, 0x000018cd, + 0x0000febf, 0x000018ce, + 0x0000fec0, 0x000018cf, + 0x0000fec1, 0x000018d0, + 0x0000fec2, 0x000018d1, + 0x0000fec3, 0x000018d2, + 0x0000fec4, 0x000018d3, + 0x0000fec5, 0x000018d4, + 0x0000fec6, 0x000018d5, + 0x0000fec7, 0x000018d6, + 0x0000fec8, 0x000018d7, + 0x0000fec9, 0x000018d8, + 0x0000feca, 0x000018d9, + 0x0000fecb, 0x000018da, + 0x0000fecc, 0x000018db, + 0x0000fecd, 0x000018dc, + 0x0000fece, 0x000018dd, + 0x0000fecf, 0x000018de, + 0x0000fed0, 0x000018df, + 0x0000fed1, 0x000018e0, + 0x0000fed2, 0x000018e1, + 0x0000fed3, 0x000018e2, + 0x0000fed4, 0x000018e3, + 0x0000fed5, 0x000018e4, + 0x0000fed6, 0x000018e5, + 0x0000fed7, 0x000018e6, + 0x0000fed8, 0x000018e7, + 0x0000fed9, 0x000018e8, + 0x0000feda, 0x000018e9, + 0x0000fedb, 0x000018ea, + 0x0000fedc, 0x000018eb, + 0x0000fedd, 0x000018ec, + 0x0000fede, 0x000018ed, + 0x0000fedf, 0x000018ee, + 0x0000fee0, 0x000018ef, + 0x0000fee1, 0x000018f0, + 0x0000fee2, 0x000018f1, + 0x0000fee3, 0x000018f2, + 0x0000fee4, 0x000018f3, + 0x0000fee5, 0x000018f4, + 0x0000fee6, 0x000018f5, + 0x0000fee7, 0x000018f6, + 0x0000fee8, 0x000018f7, + 0x0000fee9, 0x000018f8, + 0x0000feea, 0x000018f9, + 0x0000feeb, 0x000018fa, + 0x0000feec, 0x000018fb, + 0x0000feed, 0x000018fc, + 0x0000feee, 0x000018fd, + 0x0000feef, 0x000018fe, + 0x0000fef0, 0x000018ff, + 0x0000fef1, 0x00001900, + 0x0000fef2, 0x00001901, + 0x0000fef3, 0x00001902, + 0x0000fef4, 0x00001903, + 0x0000fef5, 0x00001904, + 0x0000fef6, 0x00001907, + 0x0000fef7, 0x0000190a, + 0x0000fef8, 0x0000190d, + 0x0000fef9, 0x00001910, + 0x0000fefa, 0x00001913, + 0x0000fefb, 0x00001916, + 0x0000fefc, 0x00001918, + 0x0000ff01, 0x0000191a, + 0x0000ff02, 0x0000191b, + 0x0000ff03, 0x0000191c, + 0x0000ff04, 0x0000191d, + 0x0000ff05, 0x0000191e, + 0x0000ff06, 0x0000191f, + 0x0000ff07, 0x00001920, + 0x0000ff08, 0x00001921, + 0x0000ff09, 0x00001922, + 0x0000ff0a, 0x00001923, + 0x0000ff0b, 0x00001924, + 0x0000ff0c, 0x00001925, + 0x0000ff0d, 0x00001926, + 0x0000ff0e, 0x00001927, + 0x0000ff0f, 0x00001928, + 0x0000ff10, 0x00001929, + 0x0000ff11, 0x0000192a, + 0x0000ff12, 0x0000192b, + 0x0000ff13, 0x0000192c, + 0x0000ff14, 0x0000192d, + 0x0000ff15, 0x0000192e, + 0x0000ff16, 0x0000192f, + 0x0000ff17, 0x00001930, + 0x0000ff18, 0x00001931, + 0x0000ff19, 0x00001932, + 0x0000ff1a, 0x00001933, + 0x0000ff1b, 0x00001934, + 0x0000ff1c, 0x00001935, + 0x0000ff1d, 0x00001936, + 0x0000ff1e, 0x00001937, + 0x0000ff1f, 0x00001938, + 0x0000ff20, 0x00001939, + 0x0000ff21, 0x0000193a, + 0x0000ff22, 0x0000193b, + 0x0000ff23, 0x0000193c, + 0x0000ff24, 0x0000193d, + 0x0000ff25, 0x0000193e, + 0x0000ff26, 0x0000193f, + 0x0000ff27, 0x00001940, + 0x0000ff28, 0x00001941, + 0x0000ff29, 0x00001942, + 0x0000ff2a, 0x00001943, + 0x0000ff2b, 0x00001944, + 0x0000ff2c, 0x00001945, + 0x0000ff2d, 0x00001946, + 0x0000ff2e, 0x00001947, + 0x0000ff2f, 0x00001948, + 0x0000ff30, 0x00001949, + 0x0000ff31, 0x0000194a, + 0x0000ff32, 0x0000194b, + 0x0000ff33, 0x0000194c, + 0x0000ff34, 0x0000194d, + 0x0000ff35, 0x0000194e, + 0x0000ff36, 0x0000194f, + 0x0000ff37, 0x00001950, + 0x0000ff38, 0x00001951, + 0x0000ff39, 0x00001952, + 0x0000ff3a, 0x00001953, + 0x0000ff3b, 0x00001954, + 0x0000ff3c, 0x00001955, + 0x0000ff3d, 0x00001956, + 0x0000ff3e, 0x00001957, + 0x0000ff3f, 0x00001958, + 0x0000ff40, 0x00001959, + 0x0000ff41, 0x0000195a, + 0x0000ff42, 0x0000195b, + 0x0000ff43, 0x0000195c, + 0x0000ff44, 0x0000195d, + 0x0000ff45, 0x0000195e, + 0x0000ff46, 0x0000195f, + 0x0000ff47, 0x00001960, + 0x0000ff48, 0x00001961, + 0x0000ff49, 0x00001962, + 0x0000ff4a, 0x00001963, + 0x0000ff4b, 0x00001964, + 0x0000ff4c, 0x00001965, + 0x0000ff4d, 0x00001966, + 0x0000ff4e, 0x00001967, + 0x0000ff4f, 0x00001968, + 0x0000ff50, 0x00001969, + 0x0000ff51, 0x0000196a, + 0x0000ff52, 0x0000196b, + 0x0000ff53, 0x0000196c, + 0x0000ff54, 0x0000196d, + 0x0000ff55, 0x0000196e, + 0x0000ff56, 0x0000196f, + 0x0000ff57, 0x00001970, + 0x0000ff58, 0x00001971, + 0x0000ff59, 0x00001972, + 0x0000ff5a, 0x00001973, + 0x0000ff5b, 0x00001974, + 0x0000ff5c, 0x00001975, + 0x0000ff5d, 0x00001976, + 0x0000ff5e, 0x00001977, + 0x0000ff5f, 0x00001978, + 0x0000ff60, 0x00001979, + 0x0000ff61, 0x0000197a, + 0x0000ff62, 0x0000197b, + 0x0000ff63, 0x0000197c, + 0x0000ff64, 0x0000197d, + 0x0000ff65, 0x0000197e, + 0x0000ff66, 0x0000197f, + 0x0000ff67, 0x00001980, + 0x0000ff68, 0x00001981, + 0x0000ff69, 0x00001982, + 0x0000ff6a, 0x00001983, + 0x0000ff6b, 0x00001984, + 0x0000ff6c, 0x00001985, + 0x0000ff6d, 0x00001986, + 0x0000ff6e, 0x00001987, + 0x0000ff6f, 0x00001988, + 0x0000ff70, 0x00001989, + 0x0000ff71, 0x0000198a, + 0x0000ff72, 0x0000198b, + 0x0000ff73, 0x0000198c, + 0x0000ff74, 0x0000198d, + 0x0000ff75, 0x0000198e, + 0x0000ff76, 0x0000198f, + 0x0000ff77, 0x00001990, + 0x0000ff78, 0x00001991, + 0x0000ff79, 0x00001992, + 0x0000ff7a, 0x00001993, + 0x0000ff7b, 0x00001994, + 0x0000ff7c, 0x00001995, + 0x0000ff7d, 0x00001996, + 0x0000ff7e, 0x00001997, + 0x0000ff7f, 0x00001998, + 0x0000ff80, 0x00001999, + 0x0000ff81, 0x0000199a, + 0x0000ff82, 0x0000199b, + 0x0000ff83, 0x0000199c, + 0x0000ff84, 0x0000199d, + 0x0000ff85, 0x0000199e, + 0x0000ff86, 0x0000199f, + 0x0000ff87, 0x000019a0, + 0x0000ff88, 0x000019a1, + 0x0000ff89, 0x000019a2, + 0x0000ff8a, 0x000019a3, + 0x0000ff8b, 0x000019a4, + 0x0000ff8c, 0x000019a5, + 0x0000ff8d, 0x000019a6, + 0x0000ff8e, 0x000019a7, + 0x0000ff8f, 0x000019a8, + 0x0000ff90, 0x000019a9, + 0x0000ff91, 0x000019aa, + 0x0000ff92, 0x000019ab, + 0x0000ff93, 0x000019ac, + 0x0000ff94, 0x000019ad, + 0x0000ff95, 0x000019ae, + 0x0000ff96, 0x000019af, + 0x0000ff97, 0x000019b0, + 0x0000ff98, 0x000019b1, + 0x0000ff99, 0x000019b2, + 0x0000ff9a, 0x000019b3, + 0x0000ff9b, 0x000019b4, + 0x0000ff9c, 0x000019b5, + 0x0000ff9d, 0x000019b6, + 0x0000ff9e, 0x000019b7, + 0x0000ff9f, 0x000019b8, + 0x0000ffa0, 0x000019b9, + 0x0000ffa1, 0x000019ba, + 0x0000ffa2, 0x000019bb, + 0x0000ffa3, 0x000019bc, + 0x0000ffa4, 0x000019bd, + 0x0000ffa5, 0x000019be, + 0x0000ffa6, 0x000019bf, + 0x0000ffa7, 0x000019c0, + 0x0000ffa8, 0x000019c1, + 0x0000ffa9, 0x000019c2, + 0x0000ffaa, 0x000019c3, + 0x0000ffab, 0x000019c4, + 0x0000ffac, 0x000019c5, + 0x0000ffad, 0x000019c6, + 0x0000ffae, 0x000019c7, + 0x0000ffaf, 0x000019c8, + 0x0000ffb0, 0x000019c9, + 0x0000ffb1, 0x000019ca, + 0x0000ffb2, 0x000019cb, + 0x0000ffb3, 0x000019cc, + 0x0000ffb4, 0x000019cd, + 0x0000ffb5, 0x000019ce, + 0x0000ffb6, 0x000019cf, + 0x0000ffb7, 0x000019d0, + 0x0000ffb8, 0x000019d1, + 0x0000ffb9, 0x000019d2, + 0x0000ffba, 0x000019d3, + 0x0000ffbb, 0x000019d4, + 0x0000ffbc, 0x000019d5, + 0x0000ffbd, 0x000019d6, + 0x0000ffbe, 0x000019d7, + 0x0000ffc2, 0x000019d8, + 0x0000ffc3, 0x000019d9, + 0x0000ffc4, 0x000019da, + 0x0000ffc5, 0x000019db, + 0x0000ffc6, 0x000019dc, + 0x0000ffc7, 0x000019dd, + 0x0000ffca, 0x000019de, + 0x0000ffcb, 0x000019df, + 0x0000ffcc, 0x000019e0, + 0x0000ffcd, 0x000019e1, + 0x0000ffce, 0x000019e2, + 0x0000ffcf, 0x000019e3, + 0x0000ffd2, 0x000019e4, + 0x0000ffd3, 0x000019e5, + 0x0000ffd4, 0x000019e6, + 0x0000ffd5, 0x000019e7, + 0x0000ffd6, 0x000019e8, + 0x0000ffd7, 0x000019e9, + 0x0000ffda, 0x000019ea, + 0x0000ffdb, 0x000019eb, + 0x0000ffdc, 0x000019ec, + 0x0000ffe0, 0x000019ed, + 0x0000ffe1, 0x000019ee, + 0x0000ffe2, 0x000019ef, + 0x0000ffe3, 0x000019f0, + 0x0000ffe4, 0x000019f2, + 0x0000ffe5, 0x000019f3, + 0x0000ffe6, 0x000019f4, + 0x0000ffe8, 0x000019f5, + 0x0000ffe9, 0x000019f6, + 0x0000ffea, 0x000019f7, + 0x0000ffeb, 0x000019f8, + 0x0000ffec, 0x000019f9, + 0x0000ffed, 0x000019fa, + 0x0000ffee, 0x000019fb, + 0x0001d15e, 0x000019fc, + 0x0001d15f, 0x000019fe, + 0x0001d160, 0x00001a00, + 0x0001d161, 0x00001a03, + 0x0001d162, 0x00001a06, + 0x0001d163, 0x00001a09, + 0x0001d164, 0x00001a0c, + 0x0001d1bb, 0x00001a0f, + 0x0001d1bc, 0x00001a11, + 0x0001d1bd, 0x00001a13, + 0x0001d1be, 0x00001a16, + 0x0001d1bf, 0x00001a19, + 0x0001d1c0, 0x00001a1c, + 0x0001d400, 0x00001a1f, + 0x0001d401, 0x00001a20, + 0x0001d402, 0x00001a21, + 0x0001d403, 0x00001a22, + 0x0001d404, 0x00001a23, + 0x0001d405, 0x00001a24, + 0x0001d406, 0x00001a25, + 0x0001d407, 0x00001a26, + 0x0001d408, 0x00001a27, + 0x0001d409, 0x00001a28, + 0x0001d40a, 0x00001a29, + 0x0001d40b, 0x00001a2a, + 0x0001d40c, 0x00001a2b, + 0x0001d40d, 0x00001a2c, + 0x0001d40e, 0x00001a2d, + 0x0001d40f, 0x00001a2e, + 0x0001d410, 0x00001a2f, + 0x0001d411, 0x00001a30, + 0x0001d412, 0x00001a31, + 0x0001d413, 0x00001a32, + 0x0001d414, 0x00001a33, + 0x0001d415, 0x00001a34, + 0x0001d416, 0x00001a35, + 0x0001d417, 0x00001a36, + 0x0001d418, 0x00001a37, + 0x0001d419, 0x00001a38, + 0x0001d41a, 0x00001a39, + 0x0001d41b, 0x00001a3a, + 0x0001d41c, 0x00001a3b, + 0x0001d41d, 0x00001a3c, + 0x0001d41e, 0x00001a3d, + 0x0001d41f, 0x00001a3e, + 0x0001d420, 0x00001a3f, + 0x0001d421, 0x00001a40, + 0x0001d422, 0x00001a41, + 0x0001d423, 0x00001a42, + 0x0001d424, 0x00001a43, + 0x0001d425, 0x00001a44, + 0x0001d426, 0x00001a45, + 0x0001d427, 0x00001a46, + 0x0001d428, 0x00001a47, + 0x0001d429, 0x00001a48, + 0x0001d42a, 0x00001a49, + 0x0001d42b, 0x00001a4a, + 0x0001d42c, 0x00001a4b, + 0x0001d42d, 0x00001a4c, + 0x0001d42e, 0x00001a4d, + 0x0001d42f, 0x00001a4e, + 0x0001d430, 0x00001a4f, + 0x0001d431, 0x00001a50, + 0x0001d432, 0x00001a51, + 0x0001d433, 0x00001a52, + 0x0001d434, 0x00001a53, + 0x0001d435, 0x00001a54, + 0x0001d436, 0x00001a55, + 0x0001d437, 0x00001a56, + 0x0001d438, 0x00001a57, + 0x0001d439, 0x00001a58, + 0x0001d43a, 0x00001a59, + 0x0001d43b, 0x00001a5a, + 0x0001d43c, 0x00001a5b, + 0x0001d43d, 0x00001a5c, + 0x0001d43e, 0x00001a5d, + 0x0001d43f, 0x00001a5e, + 0x0001d440, 0x00001a5f, + 0x0001d441, 0x00001a60, + 0x0001d442, 0x00001a61, + 0x0001d443, 0x00001a62, + 0x0001d444, 0x00001a63, + 0x0001d445, 0x00001a64, + 0x0001d446, 0x00001a65, + 0x0001d447, 0x00001a66, + 0x0001d448, 0x00001a67, + 0x0001d449, 0x00001a68, + 0x0001d44a, 0x00001a69, + 0x0001d44b, 0x00001a6a, + 0x0001d44c, 0x00001a6b, + 0x0001d44d, 0x00001a6c, + 0x0001d44e, 0x00001a6d, + 0x0001d44f, 0x00001a6e, + 0x0001d450, 0x00001a6f, + 0x0001d451, 0x00001a70, + 0x0001d452, 0x00001a71, + 0x0001d453, 0x00001a72, + 0x0001d454, 0x00001a73, + 0x0001d456, 0x00001a74, + 0x0001d457, 0x00001a75, + 0x0001d458, 0x00001a76, + 0x0001d459, 0x00001a77, + 0x0001d45a, 0x00001a78, + 0x0001d45b, 0x00001a79, + 0x0001d45c, 0x00001a7a, + 0x0001d45d, 0x00001a7b, + 0x0001d45e, 0x00001a7c, + 0x0001d45f, 0x00001a7d, + 0x0001d460, 0x00001a7e, + 0x0001d461, 0x00001a7f, + 0x0001d462, 0x00001a80, + 0x0001d463, 0x00001a81, + 0x0001d464, 0x00001a82, + 0x0001d465, 0x00001a83, + 0x0001d466, 0x00001a84, + 0x0001d467, 0x00001a85, + 0x0001d468, 0x00001a86, + 0x0001d469, 0x00001a87, + 0x0001d46a, 0x00001a88, + 0x0001d46b, 0x00001a89, + 0x0001d46c, 0x00001a8a, + 0x0001d46d, 0x00001a8b, + 0x0001d46e, 0x00001a8c, + 0x0001d46f, 0x00001a8d, + 0x0001d470, 0x00001a8e, + 0x0001d471, 0x00001a8f, + 0x0001d472, 0x00001a90, + 0x0001d473, 0x00001a91, + 0x0001d474, 0x00001a92, + 0x0001d475, 0x00001a93, + 0x0001d476, 0x00001a94, + 0x0001d477, 0x00001a95, + 0x0001d478, 0x00001a96, + 0x0001d479, 0x00001a97, + 0x0001d47a, 0x00001a98, + 0x0001d47b, 0x00001a99, + 0x0001d47c, 0x00001a9a, + 0x0001d47d, 0x00001a9b, + 0x0001d47e, 0x00001a9c, + 0x0001d47f, 0x00001a9d, + 0x0001d480, 0x00001a9e, + 0x0001d481, 0x00001a9f, + 0x0001d482, 0x00001aa0, + 0x0001d483, 0x00001aa1, + 0x0001d484, 0x00001aa2, + 0x0001d485, 0x00001aa3, + 0x0001d486, 0x00001aa4, + 0x0001d487, 0x00001aa5, + 0x0001d488, 0x00001aa6, + 0x0001d489, 0x00001aa7, + 0x0001d48a, 0x00001aa8, + 0x0001d48b, 0x00001aa9, + 0x0001d48c, 0x00001aaa, + 0x0001d48d, 0x00001aab, + 0x0001d48e, 0x00001aac, + 0x0001d48f, 0x00001aad, + 0x0001d490, 0x00001aae, + 0x0001d491, 0x00001aaf, + 0x0001d492, 0x00001ab0, + 0x0001d493, 0x00001ab1, + 0x0001d494, 0x00001ab2, + 0x0001d495, 0x00001ab3, + 0x0001d496, 0x00001ab4, + 0x0001d497, 0x00001ab5, + 0x0001d498, 0x00001ab6, + 0x0001d499, 0x00001ab7, + 0x0001d49a, 0x00001ab8, + 0x0001d49b, 0x00001ab9, + 0x0001d49c, 0x00001aba, + 0x0001d49e, 0x00001abb, + 0x0001d49f, 0x00001abc, + 0x0001d4a2, 0x00001abd, + 0x0001d4a5, 0x00001abe, + 0x0001d4a6, 0x00001abf, + 0x0001d4a9, 0x00001ac0, + 0x0001d4aa, 0x00001ac1, + 0x0001d4ab, 0x00001ac2, + 0x0001d4ac, 0x00001ac3, + 0x0001d4ae, 0x00001ac4, + 0x0001d4af, 0x00001ac5, + 0x0001d4b0, 0x00001ac6, + 0x0001d4b1, 0x00001ac7, + 0x0001d4b2, 0x00001ac8, + 0x0001d4b3, 0x00001ac9, + 0x0001d4b4, 0x00001aca, + 0x0001d4b5, 0x00001acb, + 0x0001d4b6, 0x00001acc, + 0x0001d4b7, 0x00001acd, + 0x0001d4b8, 0x00001ace, + 0x0001d4b9, 0x00001acf, + 0x0001d4bb, 0x00001ad0, + 0x0001d4bd, 0x00001ad1, + 0x0001d4be, 0x00001ad2, + 0x0001d4bf, 0x00001ad3, + 0x0001d4c0, 0x00001ad4, + 0x0001d4c2, 0x00001ad5, + 0x0001d4c3, 0x00001ad6, + 0x0001d4c5, 0x00001ad7, + 0x0001d4c6, 0x00001ad8, + 0x0001d4c7, 0x00001ad9, + 0x0001d4c8, 0x00001ada, + 0x0001d4c9, 0x00001adb, + 0x0001d4ca, 0x00001adc, + 0x0001d4cb, 0x00001add, + 0x0001d4cc, 0x00001ade, + 0x0001d4cd, 0x00001adf, + 0x0001d4ce, 0x00001ae0, + 0x0001d4cf, 0x00001ae1, + 0x0001d4d0, 0x00001ae2, + 0x0001d4d1, 0x00001ae3, + 0x0001d4d2, 0x00001ae4, + 0x0001d4d3, 0x00001ae5, + 0x0001d4d4, 0x00001ae6, + 0x0001d4d5, 0x00001ae7, + 0x0001d4d6, 0x00001ae8, + 0x0001d4d7, 0x00001ae9, + 0x0001d4d8, 0x00001aea, + 0x0001d4d9, 0x00001aeb, + 0x0001d4da, 0x00001aec, + 0x0001d4db, 0x00001aed, + 0x0001d4dc, 0x00001aee, + 0x0001d4dd, 0x00001aef, + 0x0001d4de, 0x00001af0, + 0x0001d4df, 0x00001af1, + 0x0001d4e0, 0x00001af2, + 0x0001d4e1, 0x00001af3, + 0x0001d4e2, 0x00001af4, + 0x0001d4e3, 0x00001af5, + 0x0001d4e4, 0x00001af6, + 0x0001d4e5, 0x00001af7, + 0x0001d4e6, 0x00001af8, + 0x0001d4e7, 0x00001af9, + 0x0001d4e8, 0x00001afa, + 0x0001d4e9, 0x00001afb, + 0x0001d4ea, 0x00001afc, + 0x0001d4eb, 0x00001afd, + 0x0001d4ec, 0x00001afe, + 0x0001d4ed, 0x00001aff, + 0x0001d4ee, 0x00001b00, + 0x0001d4ef, 0x00001b01, + 0x0001d4f0, 0x00001b02, + 0x0001d4f1, 0x00001b03, + 0x0001d4f2, 0x00001b04, + 0x0001d4f3, 0x00001b05, + 0x0001d4f4, 0x00001b06, + 0x0001d4f5, 0x00001b07, + 0x0001d4f6, 0x00001b08, + 0x0001d4f7, 0x00001b09, + 0x0001d4f8, 0x00001b0a, + 0x0001d4f9, 0x00001b0b, + 0x0001d4fa, 0x00001b0c, + 0x0001d4fb, 0x00001b0d, + 0x0001d4fc, 0x00001b0e, + 0x0001d4fd, 0x00001b0f, + 0x0001d4fe, 0x00001b10, + 0x0001d4ff, 0x00001b11, + 0x0001d500, 0x00001b12, + 0x0001d501, 0x00001b13, + 0x0001d502, 0x00001b14, + 0x0001d503, 0x00001b15, + 0x0001d504, 0x00001b16, + 0x0001d505, 0x00001b17, + 0x0001d507, 0x00001b18, + 0x0001d508, 0x00001b19, + 0x0001d509, 0x00001b1a, + 0x0001d50a, 0x00001b1b, + 0x0001d50d, 0x00001b1c, + 0x0001d50e, 0x00001b1d, + 0x0001d50f, 0x00001b1e, + 0x0001d510, 0x00001b1f, + 0x0001d511, 0x00001b20, + 0x0001d512, 0x00001b21, + 0x0001d513, 0x00001b22, + 0x0001d514, 0x00001b23, + 0x0001d516, 0x00001b24, + 0x0001d517, 0x00001b25, + 0x0001d518, 0x00001b26, + 0x0001d519, 0x00001b27, + 0x0001d51a, 0x00001b28, + 0x0001d51b, 0x00001b29, + 0x0001d51c, 0x00001b2a, + 0x0001d51e, 0x00001b2b, + 0x0001d51f, 0x00001b2c, + 0x0001d520, 0x00001b2d, + 0x0001d521, 0x00001b2e, + 0x0001d522, 0x00001b2f, + 0x0001d523, 0x00001b30, + 0x0001d524, 0x00001b31, + 0x0001d525, 0x00001b32, + 0x0001d526, 0x00001b33, + 0x0001d527, 0x00001b34, + 0x0001d528, 0x00001b35, + 0x0001d529, 0x00001b36, + 0x0001d52a, 0x00001b37, + 0x0001d52b, 0x00001b38, + 0x0001d52c, 0x00001b39, + 0x0001d52d, 0x00001b3a, + 0x0001d52e, 0x00001b3b, + 0x0001d52f, 0x00001b3c, + 0x0001d530, 0x00001b3d, + 0x0001d531, 0x00001b3e, + 0x0001d532, 0x00001b3f, + 0x0001d533, 0x00001b40, + 0x0001d534, 0x00001b41, + 0x0001d535, 0x00001b42, + 0x0001d536, 0x00001b43, + 0x0001d537, 0x00001b44, + 0x0001d538, 0x00001b45, + 0x0001d539, 0x00001b46, + 0x0001d53b, 0x00001b47, + 0x0001d53c, 0x00001b48, + 0x0001d53d, 0x00001b49, + 0x0001d53e, 0x00001b4a, + 0x0001d540, 0x00001b4b, + 0x0001d541, 0x00001b4c, + 0x0001d542, 0x00001b4d, + 0x0001d543, 0x00001b4e, + 0x0001d544, 0x00001b4f, + 0x0001d546, 0x00001b50, + 0x0001d54a, 0x00001b51, + 0x0001d54b, 0x00001b52, + 0x0001d54c, 0x00001b53, + 0x0001d54d, 0x00001b54, + 0x0001d54e, 0x00001b55, + 0x0001d54f, 0x00001b56, + 0x0001d550, 0x00001b57, + 0x0001d552, 0x00001b58, + 0x0001d553, 0x00001b59, + 0x0001d554, 0x00001b5a, + 0x0001d555, 0x00001b5b, + 0x0001d556, 0x00001b5c, + 0x0001d557, 0x00001b5d, + 0x0001d558, 0x00001b5e, + 0x0001d559, 0x00001b5f, + 0x0001d55a, 0x00001b60, + 0x0001d55b, 0x00001b61, + 0x0001d55c, 0x00001b62, + 0x0001d55d, 0x00001b63, + 0x0001d55e, 0x00001b64, + 0x0001d55f, 0x00001b65, + 0x0001d560, 0x00001b66, + 0x0001d561, 0x00001b67, + 0x0001d562, 0x00001b68, + 0x0001d563, 0x00001b69, + 0x0001d564, 0x00001b6a, + 0x0001d565, 0x00001b6b, + 0x0001d566, 0x00001b6c, + 0x0001d567, 0x00001b6d, + 0x0001d568, 0x00001b6e, + 0x0001d569, 0x00001b6f, + 0x0001d56a, 0x00001b70, + 0x0001d56b, 0x00001b71, + 0x0001d56c, 0x00001b72, + 0x0001d56d, 0x00001b73, + 0x0001d56e, 0x00001b74, + 0x0001d56f, 0x00001b75, + 0x0001d570, 0x00001b76, + 0x0001d571, 0x00001b77, + 0x0001d572, 0x00001b78, + 0x0001d573, 0x00001b79, + 0x0001d574, 0x00001b7a, + 0x0001d575, 0x00001b7b, + 0x0001d576, 0x00001b7c, + 0x0001d577, 0x00001b7d, + 0x0001d578, 0x00001b7e, + 0x0001d579, 0x00001b7f, + 0x0001d57a, 0x00001b80, + 0x0001d57b, 0x00001b81, + 0x0001d57c, 0x00001b82, + 0x0001d57d, 0x00001b83, + 0x0001d57e, 0x00001b84, + 0x0001d57f, 0x00001b85, + 0x0001d580, 0x00001b86, + 0x0001d581, 0x00001b87, + 0x0001d582, 0x00001b88, + 0x0001d583, 0x00001b89, + 0x0001d584, 0x00001b8a, + 0x0001d585, 0x00001b8b, + 0x0001d586, 0x00001b8c, + 0x0001d587, 0x00001b8d, + 0x0001d588, 0x00001b8e, + 0x0001d589, 0x00001b8f, + 0x0001d58a, 0x00001b90, + 0x0001d58b, 0x00001b91, + 0x0001d58c, 0x00001b92, + 0x0001d58d, 0x00001b93, + 0x0001d58e, 0x00001b94, + 0x0001d58f, 0x00001b95, + 0x0001d590, 0x00001b96, + 0x0001d591, 0x00001b97, + 0x0001d592, 0x00001b98, + 0x0001d593, 0x00001b99, + 0x0001d594, 0x00001b9a, + 0x0001d595, 0x00001b9b, + 0x0001d596, 0x00001b9c, + 0x0001d597, 0x00001b9d, + 0x0001d598, 0x00001b9e, + 0x0001d599, 0x00001b9f, + 0x0001d59a, 0x00001ba0, + 0x0001d59b, 0x00001ba1, + 0x0001d59c, 0x00001ba2, + 0x0001d59d, 0x00001ba3, + 0x0001d59e, 0x00001ba4, + 0x0001d59f, 0x00001ba5, + 0x0001d5a0, 0x00001ba6, + 0x0001d5a1, 0x00001ba7, + 0x0001d5a2, 0x00001ba8, + 0x0001d5a3, 0x00001ba9, + 0x0001d5a4, 0x00001baa, + 0x0001d5a5, 0x00001bab, + 0x0001d5a6, 0x00001bac, + 0x0001d5a7, 0x00001bad, + 0x0001d5a8, 0x00001bae, + 0x0001d5a9, 0x00001baf, + 0x0001d5aa, 0x00001bb0, + 0x0001d5ab, 0x00001bb1, + 0x0001d5ac, 0x00001bb2, + 0x0001d5ad, 0x00001bb3, + 0x0001d5ae, 0x00001bb4, + 0x0001d5af, 0x00001bb5, + 0x0001d5b0, 0x00001bb6, + 0x0001d5b1, 0x00001bb7, + 0x0001d5b2, 0x00001bb8, + 0x0001d5b3, 0x00001bb9, + 0x0001d5b4, 0x00001bba, + 0x0001d5b5, 0x00001bbb, + 0x0001d5b6, 0x00001bbc, + 0x0001d5b7, 0x00001bbd, + 0x0001d5b8, 0x00001bbe, + 0x0001d5b9, 0x00001bbf, + 0x0001d5ba, 0x00001bc0, + 0x0001d5bb, 0x00001bc1, + 0x0001d5bc, 0x00001bc2, + 0x0001d5bd, 0x00001bc3, + 0x0001d5be, 0x00001bc4, + 0x0001d5bf, 0x00001bc5, + 0x0001d5c0, 0x00001bc6, + 0x0001d5c1, 0x00001bc7, + 0x0001d5c2, 0x00001bc8, + 0x0001d5c3, 0x00001bc9, + 0x0001d5c4, 0x00001bca, + 0x0001d5c5, 0x00001bcb, + 0x0001d5c6, 0x00001bcc, + 0x0001d5c7, 0x00001bcd, + 0x0001d5c8, 0x00001bce, + 0x0001d5c9, 0x00001bcf, + 0x0001d5ca, 0x00001bd0, + 0x0001d5cb, 0x00001bd1, + 0x0001d5cc, 0x00001bd2, + 0x0001d5cd, 0x00001bd3, + 0x0001d5ce, 0x00001bd4, + 0x0001d5cf, 0x00001bd5, + 0x0001d5d0, 0x00001bd6, + 0x0001d5d1, 0x00001bd7, + 0x0001d5d2, 0x00001bd8, + 0x0001d5d3, 0x00001bd9, + 0x0001d5d4, 0x00001bda, + 0x0001d5d5, 0x00001bdb, + 0x0001d5d6, 0x00001bdc, + 0x0001d5d7, 0x00001bdd, + 0x0001d5d8, 0x00001bde, + 0x0001d5d9, 0x00001bdf, + 0x0001d5da, 0x00001be0, + 0x0001d5db, 0x00001be1, + 0x0001d5dc, 0x00001be2, + 0x0001d5dd, 0x00001be3, + 0x0001d5de, 0x00001be4, + 0x0001d5df, 0x00001be5, + 0x0001d5e0, 0x00001be6, + 0x0001d5e1, 0x00001be7, + 0x0001d5e2, 0x00001be8, + 0x0001d5e3, 0x00001be9, + 0x0001d5e4, 0x00001bea, + 0x0001d5e5, 0x00001beb, + 0x0001d5e6, 0x00001bec, + 0x0001d5e7, 0x00001bed, + 0x0001d5e8, 0x00001bee, + 0x0001d5e9, 0x00001bef, + 0x0001d5ea, 0x00001bf0, + 0x0001d5eb, 0x00001bf1, + 0x0001d5ec, 0x00001bf2, + 0x0001d5ed, 0x00001bf3, + 0x0001d5ee, 0x00001bf4, + 0x0001d5ef, 0x00001bf5, + 0x0001d5f0, 0x00001bf6, + 0x0001d5f1, 0x00001bf7, + 0x0001d5f2, 0x00001bf8, + 0x0001d5f3, 0x00001bf9, + 0x0001d5f4, 0x00001bfa, + 0x0001d5f5, 0x00001bfb, + 0x0001d5f6, 0x00001bfc, + 0x0001d5f7, 0x00001bfd, + 0x0001d5f8, 0x00001bfe, + 0x0001d5f9, 0x00001bff, + 0x0001d5fa, 0x00001c00, + 0x0001d5fb, 0x00001c01, + 0x0001d5fc, 0x00001c02, + 0x0001d5fd, 0x00001c03, + 0x0001d5fe, 0x00001c04, + 0x0001d5ff, 0x00001c05, + 0x0001d600, 0x00001c06, + 0x0001d601, 0x00001c07, + 0x0001d602, 0x00001c08, + 0x0001d603, 0x00001c09, + 0x0001d604, 0x00001c0a, + 0x0001d605, 0x00001c0b, + 0x0001d606, 0x00001c0c, + 0x0001d607, 0x00001c0d, + 0x0001d608, 0x00001c0e, + 0x0001d609, 0x00001c0f, + 0x0001d60a, 0x00001c10, + 0x0001d60b, 0x00001c11, + 0x0001d60c, 0x00001c12, + 0x0001d60d, 0x00001c13, + 0x0001d60e, 0x00001c14, + 0x0001d60f, 0x00001c15, + 0x0001d610, 0x00001c16, + 0x0001d611, 0x00001c17, + 0x0001d612, 0x00001c18, + 0x0001d613, 0x00001c19, + 0x0001d614, 0x00001c1a, + 0x0001d615, 0x00001c1b, + 0x0001d616, 0x00001c1c, + 0x0001d617, 0x00001c1d, + 0x0001d618, 0x00001c1e, + 0x0001d619, 0x00001c1f, + 0x0001d61a, 0x00001c20, + 0x0001d61b, 0x00001c21, + 0x0001d61c, 0x00001c22, + 0x0001d61d, 0x00001c23, + 0x0001d61e, 0x00001c24, + 0x0001d61f, 0x00001c25, + 0x0001d620, 0x00001c26, + 0x0001d621, 0x00001c27, + 0x0001d622, 0x00001c28, + 0x0001d623, 0x00001c29, + 0x0001d624, 0x00001c2a, + 0x0001d625, 0x00001c2b, + 0x0001d626, 0x00001c2c, + 0x0001d627, 0x00001c2d, + 0x0001d628, 0x00001c2e, + 0x0001d629, 0x00001c2f, + 0x0001d62a, 0x00001c30, + 0x0001d62b, 0x00001c31, + 0x0001d62c, 0x00001c32, + 0x0001d62d, 0x00001c33, + 0x0001d62e, 0x00001c34, + 0x0001d62f, 0x00001c35, + 0x0001d630, 0x00001c36, + 0x0001d631, 0x00001c37, + 0x0001d632, 0x00001c38, + 0x0001d633, 0x00001c39, + 0x0001d634, 0x00001c3a, + 0x0001d635, 0x00001c3b, + 0x0001d636, 0x00001c3c, + 0x0001d637, 0x00001c3d, + 0x0001d638, 0x00001c3e, + 0x0001d639, 0x00001c3f, + 0x0001d63a, 0x00001c40, + 0x0001d63b, 0x00001c41, + 0x0001d63c, 0x00001c42, + 0x0001d63d, 0x00001c43, + 0x0001d63e, 0x00001c44, + 0x0001d63f, 0x00001c45, + 0x0001d640, 0x00001c46, + 0x0001d641, 0x00001c47, + 0x0001d642, 0x00001c48, + 0x0001d643, 0x00001c49, + 0x0001d644, 0x00001c4a, + 0x0001d645, 0x00001c4b, + 0x0001d646, 0x00001c4c, + 0x0001d647, 0x00001c4d, + 0x0001d648, 0x00001c4e, + 0x0001d649, 0x00001c4f, + 0x0001d64a, 0x00001c50, + 0x0001d64b, 0x00001c51, + 0x0001d64c, 0x00001c52, + 0x0001d64d, 0x00001c53, + 0x0001d64e, 0x00001c54, + 0x0001d64f, 0x00001c55, + 0x0001d650, 0x00001c56, + 0x0001d651, 0x00001c57, + 0x0001d652, 0x00001c58, + 0x0001d653, 0x00001c59, + 0x0001d654, 0x00001c5a, + 0x0001d655, 0x00001c5b, + 0x0001d656, 0x00001c5c, + 0x0001d657, 0x00001c5d, + 0x0001d658, 0x00001c5e, + 0x0001d659, 0x00001c5f, + 0x0001d65a, 0x00001c60, + 0x0001d65b, 0x00001c61, + 0x0001d65c, 0x00001c62, + 0x0001d65d, 0x00001c63, + 0x0001d65e, 0x00001c64, + 0x0001d65f, 0x00001c65, + 0x0001d660, 0x00001c66, + 0x0001d661, 0x00001c67, + 0x0001d662, 0x00001c68, + 0x0001d663, 0x00001c69, + 0x0001d664, 0x00001c6a, + 0x0001d665, 0x00001c6b, + 0x0001d666, 0x00001c6c, + 0x0001d667, 0x00001c6d, + 0x0001d668, 0x00001c6e, + 0x0001d669, 0x00001c6f, + 0x0001d66a, 0x00001c70, + 0x0001d66b, 0x00001c71, + 0x0001d66c, 0x00001c72, + 0x0001d66d, 0x00001c73, + 0x0001d66e, 0x00001c74, + 0x0001d66f, 0x00001c75, + 0x0001d670, 0x00001c76, + 0x0001d671, 0x00001c77, + 0x0001d672, 0x00001c78, + 0x0001d673, 0x00001c79, + 0x0001d674, 0x00001c7a, + 0x0001d675, 0x00001c7b, + 0x0001d676, 0x00001c7c, + 0x0001d677, 0x00001c7d, + 0x0001d678, 0x00001c7e, + 0x0001d679, 0x00001c7f, + 0x0001d67a, 0x00001c80, + 0x0001d67b, 0x00001c81, + 0x0001d67c, 0x00001c82, + 0x0001d67d, 0x00001c83, + 0x0001d67e, 0x00001c84, + 0x0001d67f, 0x00001c85, + 0x0001d680, 0x00001c86, + 0x0001d681, 0x00001c87, + 0x0001d682, 0x00001c88, + 0x0001d683, 0x00001c89, + 0x0001d684, 0x00001c8a, + 0x0001d685, 0x00001c8b, + 0x0001d686, 0x00001c8c, + 0x0001d687, 0x00001c8d, + 0x0001d688, 0x00001c8e, + 0x0001d689, 0x00001c8f, + 0x0001d68a, 0x00001c90, + 0x0001d68b, 0x00001c91, + 0x0001d68c, 0x00001c92, + 0x0001d68d, 0x00001c93, + 0x0001d68e, 0x00001c94, + 0x0001d68f, 0x00001c95, + 0x0001d690, 0x00001c96, + 0x0001d691, 0x00001c97, + 0x0001d692, 0x00001c98, + 0x0001d693, 0x00001c99, + 0x0001d694, 0x00001c9a, + 0x0001d695, 0x00001c9b, + 0x0001d696, 0x00001c9c, + 0x0001d697, 0x00001c9d, + 0x0001d698, 0x00001c9e, + 0x0001d699, 0x00001c9f, + 0x0001d69a, 0x00001ca0, + 0x0001d69b, 0x00001ca1, + 0x0001d69c, 0x00001ca2, + 0x0001d69d, 0x00001ca3, + 0x0001d69e, 0x00001ca4, + 0x0001d69f, 0x00001ca5, + 0x0001d6a0, 0x00001ca6, + 0x0001d6a1, 0x00001ca7, + 0x0001d6a2, 0x00001ca8, + 0x0001d6a3, 0x00001ca9, + 0x0001d6a8, 0x00001caa, + 0x0001d6a9, 0x00001cab, + 0x0001d6aa, 0x00001cac, + 0x0001d6ab, 0x00001cad, + 0x0001d6ac, 0x00001cae, + 0x0001d6ad, 0x00001caf, + 0x0001d6ae, 0x00001cb0, + 0x0001d6af, 0x00001cb1, + 0x0001d6b0, 0x00001cb2, + 0x0001d6b1, 0x00001cb3, + 0x0001d6b2, 0x00001cb4, + 0x0001d6b3, 0x00001cb5, + 0x0001d6b4, 0x00001cb6, + 0x0001d6b5, 0x00001cb7, + 0x0001d6b6, 0x00001cb8, + 0x0001d6b7, 0x00001cb9, + 0x0001d6b8, 0x00001cba, + 0x0001d6b9, 0x00001cbb, + 0x0001d6ba, 0x00001cbc, + 0x0001d6bb, 0x00001cbd, + 0x0001d6bc, 0x00001cbe, + 0x0001d6bd, 0x00001cbf, + 0x0001d6be, 0x00001cc0, + 0x0001d6bf, 0x00001cc1, + 0x0001d6c0, 0x00001cc2, + 0x0001d6c1, 0x00001cc3, + 0x0001d6c2, 0x00001cc4, + 0x0001d6c3, 0x00001cc5, + 0x0001d6c4, 0x00001cc6, + 0x0001d6c5, 0x00001cc7, + 0x0001d6c6, 0x00001cc8, + 0x0001d6c7, 0x00001cc9, + 0x0001d6c8, 0x00001cca, + 0x0001d6c9, 0x00001ccb, + 0x0001d6ca, 0x00001ccc, + 0x0001d6cb, 0x00001ccd, + 0x0001d6cc, 0x00001cce, + 0x0001d6cd, 0x00001ccf, + 0x0001d6ce, 0x00001cd0, + 0x0001d6cf, 0x00001cd1, + 0x0001d6d0, 0x00001cd2, + 0x0001d6d1, 0x00001cd3, + 0x0001d6d2, 0x00001cd4, + 0x0001d6d3, 0x00001cd5, + 0x0001d6d4, 0x00001cd6, + 0x0001d6d5, 0x00001cd7, + 0x0001d6d6, 0x00001cd8, + 0x0001d6d7, 0x00001cd9, + 0x0001d6d8, 0x00001cda, + 0x0001d6d9, 0x00001cdb, + 0x0001d6da, 0x00001cdc, + 0x0001d6db, 0x00001cdd, + 0x0001d6dc, 0x00001cde, + 0x0001d6dd, 0x00001cdf, + 0x0001d6de, 0x00001ce0, + 0x0001d6df, 0x00001ce1, + 0x0001d6e0, 0x00001ce2, + 0x0001d6e1, 0x00001ce3, + 0x0001d6e2, 0x00001ce4, + 0x0001d6e3, 0x00001ce5, + 0x0001d6e4, 0x00001ce6, + 0x0001d6e5, 0x00001ce7, + 0x0001d6e6, 0x00001ce8, + 0x0001d6e7, 0x00001ce9, + 0x0001d6e8, 0x00001cea, + 0x0001d6e9, 0x00001ceb, + 0x0001d6ea, 0x00001cec, + 0x0001d6eb, 0x00001ced, + 0x0001d6ec, 0x00001cee, + 0x0001d6ed, 0x00001cef, + 0x0001d6ee, 0x00001cf0, + 0x0001d6ef, 0x00001cf1, + 0x0001d6f0, 0x00001cf2, + 0x0001d6f1, 0x00001cf3, + 0x0001d6f2, 0x00001cf4, + 0x0001d6f3, 0x00001cf5, + 0x0001d6f4, 0x00001cf6, + 0x0001d6f5, 0x00001cf7, + 0x0001d6f6, 0x00001cf8, + 0x0001d6f7, 0x00001cf9, + 0x0001d6f8, 0x00001cfa, + 0x0001d6f9, 0x00001cfb, + 0x0001d6fa, 0x00001cfc, + 0x0001d6fb, 0x00001cfd, + 0x0001d6fc, 0x00001cfe, + 0x0001d6fd, 0x00001cff, + 0x0001d6fe, 0x00001d00, + 0x0001d6ff, 0x00001d01, + 0x0001d700, 0x00001d02, + 0x0001d701, 0x00001d03, + 0x0001d702, 0x00001d04, + 0x0001d703, 0x00001d05, + 0x0001d704, 0x00001d06, + 0x0001d705, 0x00001d07, + 0x0001d706, 0x00001d08, + 0x0001d707, 0x00001d09, + 0x0001d708, 0x00001d0a, + 0x0001d709, 0x00001d0b, + 0x0001d70a, 0x00001d0c, + 0x0001d70b, 0x00001d0d, + 0x0001d70c, 0x00001d0e, + 0x0001d70d, 0x00001d0f, + 0x0001d70e, 0x00001d10, + 0x0001d70f, 0x00001d11, + 0x0001d710, 0x00001d12, + 0x0001d711, 0x00001d13, + 0x0001d712, 0x00001d14, + 0x0001d713, 0x00001d15, + 0x0001d714, 0x00001d16, + 0x0001d715, 0x00001d17, + 0x0001d716, 0x00001d18, + 0x0001d717, 0x00001d19, + 0x0001d718, 0x00001d1a, + 0x0001d719, 0x00001d1b, + 0x0001d71a, 0x00001d1c, + 0x0001d71b, 0x00001d1d, + 0x0001d71c, 0x00001d1e, + 0x0001d71d, 0x00001d1f, + 0x0001d71e, 0x00001d20, + 0x0001d71f, 0x00001d21, + 0x0001d720, 0x00001d22, + 0x0001d721, 0x00001d23, + 0x0001d722, 0x00001d24, + 0x0001d723, 0x00001d25, + 0x0001d724, 0x00001d26, + 0x0001d725, 0x00001d27, + 0x0001d726, 0x00001d28, + 0x0001d727, 0x00001d29, + 0x0001d728, 0x00001d2a, + 0x0001d729, 0x00001d2b, + 0x0001d72a, 0x00001d2c, + 0x0001d72b, 0x00001d2d, + 0x0001d72c, 0x00001d2e, + 0x0001d72d, 0x00001d2f, + 0x0001d72e, 0x00001d30, + 0x0001d72f, 0x00001d31, + 0x0001d730, 0x00001d32, + 0x0001d731, 0x00001d33, + 0x0001d732, 0x00001d34, + 0x0001d733, 0x00001d35, + 0x0001d734, 0x00001d36, + 0x0001d735, 0x00001d37, + 0x0001d736, 0x00001d38, + 0x0001d737, 0x00001d39, + 0x0001d738, 0x00001d3a, + 0x0001d739, 0x00001d3b, + 0x0001d73a, 0x00001d3c, + 0x0001d73b, 0x00001d3d, + 0x0001d73c, 0x00001d3e, + 0x0001d73d, 0x00001d3f, + 0x0001d73e, 0x00001d40, + 0x0001d73f, 0x00001d41, + 0x0001d740, 0x00001d42, + 0x0001d741, 0x00001d43, + 0x0001d742, 0x00001d44, + 0x0001d743, 0x00001d45, + 0x0001d744, 0x00001d46, + 0x0001d745, 0x00001d47, + 0x0001d746, 0x00001d48, + 0x0001d747, 0x00001d49, + 0x0001d748, 0x00001d4a, + 0x0001d749, 0x00001d4b, + 0x0001d74a, 0x00001d4c, + 0x0001d74b, 0x00001d4d, + 0x0001d74c, 0x00001d4e, + 0x0001d74d, 0x00001d4f, + 0x0001d74e, 0x00001d50, + 0x0001d74f, 0x00001d51, + 0x0001d750, 0x00001d52, + 0x0001d751, 0x00001d53, + 0x0001d752, 0x00001d54, + 0x0001d753, 0x00001d55, + 0x0001d754, 0x00001d56, + 0x0001d755, 0x00001d57, + 0x0001d756, 0x00001d58, + 0x0001d757, 0x00001d59, + 0x0001d758, 0x00001d5a, + 0x0001d759, 0x00001d5b, + 0x0001d75a, 0x00001d5c, + 0x0001d75b, 0x00001d5d, + 0x0001d75c, 0x00001d5e, + 0x0001d75d, 0x00001d5f, + 0x0001d75e, 0x00001d60, + 0x0001d75f, 0x00001d61, + 0x0001d760, 0x00001d62, + 0x0001d761, 0x00001d63, + 0x0001d762, 0x00001d64, + 0x0001d763, 0x00001d65, + 0x0001d764, 0x00001d66, + 0x0001d765, 0x00001d67, + 0x0001d766, 0x00001d68, + 0x0001d767, 0x00001d69, + 0x0001d768, 0x00001d6a, + 0x0001d769, 0x00001d6b, + 0x0001d76a, 0x00001d6c, + 0x0001d76b, 0x00001d6d, + 0x0001d76c, 0x00001d6e, + 0x0001d76d, 0x00001d6f, + 0x0001d76e, 0x00001d70, + 0x0001d76f, 0x00001d71, + 0x0001d770, 0x00001d72, + 0x0001d771, 0x00001d73, + 0x0001d772, 0x00001d74, + 0x0001d773, 0x00001d75, + 0x0001d774, 0x00001d76, + 0x0001d775, 0x00001d77, + 0x0001d776, 0x00001d78, + 0x0001d777, 0x00001d79, + 0x0001d778, 0x00001d7a, + 0x0001d779, 0x00001d7b, + 0x0001d77a, 0x00001d7c, + 0x0001d77b, 0x00001d7d, + 0x0001d77c, 0x00001d7e, + 0x0001d77d, 0x00001d7f, + 0x0001d77e, 0x00001d80, + 0x0001d77f, 0x00001d81, + 0x0001d780, 0x00001d82, + 0x0001d781, 0x00001d83, + 0x0001d782, 0x00001d84, + 0x0001d783, 0x00001d85, + 0x0001d784, 0x00001d86, + 0x0001d785, 0x00001d87, + 0x0001d786, 0x00001d88, + 0x0001d787, 0x00001d89, + 0x0001d788, 0x00001d8a, + 0x0001d789, 0x00001d8b, + 0x0001d78a, 0x00001d8c, + 0x0001d78b, 0x00001d8d, + 0x0001d78c, 0x00001d8e, + 0x0001d78d, 0x00001d8f, + 0x0001d78e, 0x00001d90, + 0x0001d78f, 0x00001d91, + 0x0001d790, 0x00001d92, + 0x0001d791, 0x00001d93, + 0x0001d792, 0x00001d94, + 0x0001d793, 0x00001d95, + 0x0001d794, 0x00001d96, + 0x0001d795, 0x00001d97, + 0x0001d796, 0x00001d98, + 0x0001d797, 0x00001d99, + 0x0001d798, 0x00001d9a, + 0x0001d799, 0x00001d9b, + 0x0001d79a, 0x00001d9c, + 0x0001d79b, 0x00001d9d, + 0x0001d79c, 0x00001d9e, + 0x0001d79d, 0x00001d9f, + 0x0001d79e, 0x00001da0, + 0x0001d79f, 0x00001da1, + 0x0001d7a0, 0x00001da2, + 0x0001d7a1, 0x00001da3, + 0x0001d7a2, 0x00001da4, + 0x0001d7a3, 0x00001da5, + 0x0001d7a4, 0x00001da6, + 0x0001d7a5, 0x00001da7, + 0x0001d7a6, 0x00001da8, + 0x0001d7a7, 0x00001da9, + 0x0001d7a8, 0x00001daa, + 0x0001d7a9, 0x00001dab, + 0x0001d7aa, 0x00001dac, + 0x0001d7ab, 0x00001dad, + 0x0001d7ac, 0x00001dae, + 0x0001d7ad, 0x00001daf, + 0x0001d7ae, 0x00001db0, + 0x0001d7af, 0x00001db1, + 0x0001d7b0, 0x00001db2, + 0x0001d7b1, 0x00001db3, + 0x0001d7b2, 0x00001db4, + 0x0001d7b3, 0x00001db5, + 0x0001d7b4, 0x00001db6, + 0x0001d7b5, 0x00001db7, + 0x0001d7b6, 0x00001db8, + 0x0001d7b7, 0x00001db9, + 0x0001d7b8, 0x00001dba, + 0x0001d7b9, 0x00001dbb, + 0x0001d7ba, 0x00001dbc, + 0x0001d7bb, 0x00001dbd, + 0x0001d7bc, 0x00001dbe, + 0x0001d7bd, 0x00001dbf, + 0x0001d7be, 0x00001dc0, + 0x0001d7bf, 0x00001dc1, + 0x0001d7c0, 0x00001dc2, + 0x0001d7c1, 0x00001dc3, + 0x0001d7c2, 0x00001dc4, + 0x0001d7c3, 0x00001dc5, + 0x0001d7c4, 0x00001dc6, + 0x0001d7c5, 0x00001dc7, + 0x0001d7c6, 0x00001dc8, + 0x0001d7c7, 0x00001dc9, + 0x0001d7c8, 0x00001dca, + 0x0001d7c9, 0x00001dcb, + 0x0001d7ce, 0x00001dcc, + 0x0001d7cf, 0x00001dcd, + 0x0001d7d0, 0x00001dce, + 0x0001d7d1, 0x00001dcf, + 0x0001d7d2, 0x00001dd0, + 0x0001d7d3, 0x00001dd1, + 0x0001d7d4, 0x00001dd2, + 0x0001d7d5, 0x00001dd3, + 0x0001d7d6, 0x00001dd4, + 0x0001d7d7, 0x00001dd5, + 0x0001d7d8, 0x00001dd6, + 0x0001d7d9, 0x00001dd7, + 0x0001d7da, 0x00001dd8, + 0x0001d7db, 0x00001dd9, + 0x0001d7dc, 0x00001dda, + 0x0001d7dd, 0x00001ddb, + 0x0001d7de, 0x00001ddc, + 0x0001d7df, 0x00001ddd, + 0x0001d7e0, 0x00001dde, + 0x0001d7e1, 0x00001ddf, + 0x0001d7e2, 0x00001de0, + 0x0001d7e3, 0x00001de1, + 0x0001d7e4, 0x00001de2, + 0x0001d7e5, 0x00001de3, + 0x0001d7e6, 0x00001de4, + 0x0001d7e7, 0x00001de5, + 0x0001d7e8, 0x00001de6, + 0x0001d7e9, 0x00001de7, + 0x0001d7ea, 0x00001de8, + 0x0001d7eb, 0x00001de9, + 0x0001d7ec, 0x00001dea, + 0x0001d7ed, 0x00001deb, + 0x0001d7ee, 0x00001dec, + 0x0001d7ef, 0x00001ded, + 0x0001d7f0, 0x00001dee, + 0x0001d7f1, 0x00001def, + 0x0001d7f2, 0x00001df0, + 0x0001d7f3, 0x00001df1, + 0x0001d7f4, 0x00001df2, + 0x0001d7f5, 0x00001df3, + 0x0001d7f6, 0x00001df4, + 0x0001d7f7, 0x00001df5, + 0x0001d7f8, 0x00001df6, + 0x0001d7f9, 0x00001df7, + 0x0001d7fa, 0x00001df8, + 0x0001d7fb, 0x00001df9, + 0x0001d7fc, 0x00001dfa, + 0x0001d7fd, 0x00001dfb, + 0x0001d7fe, 0x00001dfc, + 0x0001d7ff, 0x00001dfd, + 0x0002f800, 0x00001dfe, + 0x0002f801, 0x00001dff, + 0x0002f802, 0x00001e00, + 0x0002f803, 0x00001e01, + 0x0002f804, 0x00001e02, + 0x0002f805, 0x00001e03, + 0x0002f806, 0x00001e04, + 0x0002f807, 0x00001e05, + 0x0002f808, 0x00001e06, + 0x0002f809, 0x00001e07, + 0x0002f80a, 0x00001e08, + 0x0002f80b, 0x00001e09, + 0x0002f80c, 0x00001e0a, + 0x0002f80d, 0x00001e0b, + 0x0002f80e, 0x00001e0c, + 0x0002f80f, 0x00001e0d, + 0x0002f810, 0x00001e0e, + 0x0002f811, 0x00001e0f, + 0x0002f812, 0x00001e10, + 0x0002f813, 0x00001e11, + 0x0002f814, 0x00001e12, + 0x0002f815, 0x00001e13, + 0x0002f816, 0x00001e14, + 0x0002f817, 0x00001e15, + 0x0002f818, 0x00001e16, + 0x0002f819, 0x00001e17, + 0x0002f81a, 0x00001e18, + 0x0002f81b, 0x00001e19, + 0x0002f81c, 0x00001e1a, + 0x0002f81d, 0x00001e1b, + 0x0002f81e, 0x00001e1c, + 0x0002f81f, 0x00001e1d, + 0x0002f820, 0x00001e1e, + 0x0002f821, 0x00001e1f, + 0x0002f822, 0x00001e20, + 0x0002f823, 0x00001e21, + 0x0002f824, 0x00001e22, + 0x0002f825, 0x00001e23, + 0x0002f826, 0x00001e24, + 0x0002f827, 0x00001e25, + 0x0002f828, 0x00001e26, + 0x0002f829, 0x00001e27, + 0x0002f82a, 0x00001e28, + 0x0002f82b, 0x00001e29, + 0x0002f82c, 0x00001e2a, + 0x0002f82d, 0x00001e2b, + 0x0002f82e, 0x00001e2c, + 0x0002f82f, 0x00001e2d, + 0x0002f830, 0x00001e2e, + 0x0002f831, 0x00001e2f, + 0x0002f832, 0x00001e30, + 0x0002f833, 0x00001e31, + 0x0002f834, 0x00001e32, + 0x0002f835, 0x00001e33, + 0x0002f836, 0x00001e34, + 0x0002f837, 0x00001e35, + 0x0002f838, 0x00001e36, + 0x0002f839, 0x00001e37, + 0x0002f83a, 0x00001e38, + 0x0002f83b, 0x00001e39, + 0x0002f83c, 0x00001e3a, + 0x0002f83d, 0x00001e3b, + 0x0002f83e, 0x00001e3c, + 0x0002f83f, 0x00001e3d, + 0x0002f840, 0x00001e3e, + 0x0002f841, 0x00001e3f, + 0x0002f842, 0x00001e40, + 0x0002f843, 0x00001e41, + 0x0002f844, 0x00001e42, + 0x0002f845, 0x00001e43, + 0x0002f846, 0x00001e44, + 0x0002f847, 0x00001e45, + 0x0002f848, 0x00001e46, + 0x0002f849, 0x00001e47, + 0x0002f84a, 0x00001e48, + 0x0002f84b, 0x00001e49, + 0x0002f84c, 0x00001e4a, + 0x0002f84d, 0x00001e4b, + 0x0002f84e, 0x00001e4c, + 0x0002f84f, 0x00001e4d, + 0x0002f850, 0x00001e4e, + 0x0002f851, 0x00001e4f, + 0x0002f852, 0x00001e50, + 0x0002f853, 0x00001e51, + 0x0002f854, 0x00001e52, + 0x0002f855, 0x00001e53, + 0x0002f856, 0x00001e54, + 0x0002f857, 0x00001e55, + 0x0002f858, 0x00001e56, + 0x0002f859, 0x00001e57, + 0x0002f85a, 0x00001e58, + 0x0002f85b, 0x00001e59, + 0x0002f85c, 0x00001e5a, + 0x0002f85d, 0x00001e5b, + 0x0002f85e, 0x00001e5c, + 0x0002f85f, 0x00001e5d, + 0x0002f860, 0x00001e5e, + 0x0002f861, 0x00001e5f, + 0x0002f862, 0x00001e60, + 0x0002f863, 0x00001e61, + 0x0002f864, 0x00001e62, + 0x0002f865, 0x00001e63, + 0x0002f866, 0x00001e64, + 0x0002f867, 0x00001e65, + 0x0002f868, 0x00001e66, + 0x0002f869, 0x00001e67, + 0x0002f86a, 0x00001e68, + 0x0002f86b, 0x00001e69, + 0x0002f86c, 0x00001e6a, + 0x0002f86d, 0x00001e6b, + 0x0002f86e, 0x00001e6c, + 0x0002f86f, 0x00001e6d, + 0x0002f870, 0x00001e6e, + 0x0002f871, 0x00001e6f, + 0x0002f872, 0x00001e70, + 0x0002f873, 0x00001e71, + 0x0002f874, 0x00001e72, + 0x0002f875, 0x00001e73, + 0x0002f876, 0x00001e74, + 0x0002f877, 0x00001e75, + 0x0002f878, 0x00001e76, + 0x0002f879, 0x00001e77, + 0x0002f87a, 0x00001e78, + 0x0002f87b, 0x00001e79, + 0x0002f87c, 0x00001e7a, + 0x0002f87d, 0x00001e7b, + 0x0002f87e, 0x00001e7c, + 0x0002f87f, 0x00001e7d, + 0x0002f880, 0x00001e7e, + 0x0002f881, 0x00001e7f, + 0x0002f882, 0x00001e80, + 0x0002f883, 0x00001e81, + 0x0002f884, 0x00001e82, + 0x0002f885, 0x00001e83, + 0x0002f886, 0x00001e84, + 0x0002f887, 0x00001e85, + 0x0002f888, 0x00001e86, + 0x0002f889, 0x00001e87, + 0x0002f88a, 0x00001e88, + 0x0002f88b, 0x00001e89, + 0x0002f88c, 0x00001e8a, + 0x0002f88d, 0x00001e8b, + 0x0002f88e, 0x00001e8c, + 0x0002f88f, 0x00001e8d, + 0x0002f890, 0x00001e8e, + 0x0002f891, 0x00001e8f, + 0x0002f892, 0x00001e90, + 0x0002f893, 0x00001e91, + 0x0002f894, 0x00001e92, + 0x0002f895, 0x00001e93, + 0x0002f896, 0x00001e94, + 0x0002f897, 0x00001e95, + 0x0002f898, 0x00001e96, + 0x0002f899, 0x00001e97, + 0x0002f89a, 0x00001e98, + 0x0002f89b, 0x00001e99, + 0x0002f89c, 0x00001e9a, + 0x0002f89d, 0x00001e9b, + 0x0002f89e, 0x00001e9c, + 0x0002f89f, 0x00001e9d, + 0x0002f8a0, 0x00001e9e, + 0x0002f8a1, 0x00001e9f, + 0x0002f8a2, 0x00001ea0, + 0x0002f8a3, 0x00001ea1, + 0x0002f8a4, 0x00001ea2, + 0x0002f8a5, 0x00001ea3, + 0x0002f8a6, 0x00001ea4, + 0x0002f8a7, 0x00001ea5, + 0x0002f8a8, 0x00001ea6, + 0x0002f8a9, 0x00001ea7, + 0x0002f8aa, 0x00001ea8, + 0x0002f8ab, 0x00001ea9, + 0x0002f8ac, 0x00001eaa, + 0x0002f8ad, 0x00001eab, + 0x0002f8ae, 0x00001eac, + 0x0002f8af, 0x00001ead, + 0x0002f8b0, 0x00001eae, + 0x0002f8b1, 0x00001eaf, + 0x0002f8b2, 0x00001eb0, + 0x0002f8b3, 0x00001eb1, + 0x0002f8b4, 0x00001eb2, + 0x0002f8b5, 0x00001eb3, + 0x0002f8b6, 0x00001eb4, + 0x0002f8b7, 0x00001eb5, + 0x0002f8b8, 0x00001eb6, + 0x0002f8b9, 0x00001eb7, + 0x0002f8ba, 0x00001eb8, + 0x0002f8bb, 0x00001eb9, + 0x0002f8bc, 0x00001eba, + 0x0002f8bd, 0x00001ebb, + 0x0002f8be, 0x00001ebc, + 0x0002f8bf, 0x00001ebd, + 0x0002f8c0, 0x00001ebe, + 0x0002f8c1, 0x00001ebf, + 0x0002f8c2, 0x00001ec0, + 0x0002f8c3, 0x00001ec1, + 0x0002f8c4, 0x00001ec2, + 0x0002f8c5, 0x00001ec3, + 0x0002f8c6, 0x00001ec4, + 0x0002f8c7, 0x00001ec5, + 0x0002f8c8, 0x00001ec6, + 0x0002f8c9, 0x00001ec7, + 0x0002f8ca, 0x00001ec8, + 0x0002f8cb, 0x00001ec9, + 0x0002f8cc, 0x00001eca, + 0x0002f8cd, 0x00001ecb, + 0x0002f8ce, 0x00001ecc, + 0x0002f8cf, 0x00001ecd, + 0x0002f8d0, 0x00001ece, + 0x0002f8d1, 0x00001ecf, + 0x0002f8d2, 0x00001ed0, + 0x0002f8d3, 0x00001ed1, + 0x0002f8d4, 0x00001ed2, + 0x0002f8d5, 0x00001ed3, + 0x0002f8d6, 0x00001ed4, + 0x0002f8d7, 0x00001ed5, + 0x0002f8d8, 0x00001ed6, + 0x0002f8d9, 0x00001ed7, + 0x0002f8da, 0x00001ed8, + 0x0002f8db, 0x00001ed9, + 0x0002f8dc, 0x00001eda, + 0x0002f8dd, 0x00001edb, + 0x0002f8de, 0x00001edc, + 0x0002f8df, 0x00001edd, + 0x0002f8e0, 0x00001ede, + 0x0002f8e1, 0x00001edf, + 0x0002f8e2, 0x00001ee0, + 0x0002f8e3, 0x00001ee1, + 0x0002f8e4, 0x00001ee2, + 0x0002f8e5, 0x00001ee3, + 0x0002f8e6, 0x00001ee4, + 0x0002f8e7, 0x00001ee5, + 0x0002f8e8, 0x00001ee6, + 0x0002f8e9, 0x00001ee7, + 0x0002f8ea, 0x00001ee8, + 0x0002f8eb, 0x00001ee9, + 0x0002f8ec, 0x00001eea, + 0x0002f8ed, 0x00001eeb, + 0x0002f8ee, 0x00001eec, + 0x0002f8ef, 0x00001eed, + 0x0002f8f0, 0x00001eee, + 0x0002f8f1, 0x00001eef, + 0x0002f8f2, 0x00001ef0, + 0x0002f8f3, 0x00001ef1, + 0x0002f8f4, 0x00001ef2, + 0x0002f8f5, 0x00001ef3, + 0x0002f8f6, 0x00001ef4, + 0x0002f8f7, 0x00001ef5, + 0x0002f8f8, 0x00001ef6, + 0x0002f8f9, 0x00001ef7, + 0x0002f8fa, 0x00001ef8, + 0x0002f8fb, 0x00001ef9, + 0x0002f8fc, 0x00001efa, + 0x0002f8fd, 0x00001efb, + 0x0002f8fe, 0x00001efc, + 0x0002f8ff, 0x00001efd, + 0x0002f900, 0x00001efe, + 0x0002f901, 0x00001eff, + 0x0002f902, 0x00001f00, + 0x0002f903, 0x00001f01, + 0x0002f904, 0x00001f02, + 0x0002f905, 0x00001f03, + 0x0002f906, 0x00001f04, + 0x0002f907, 0x00001f05, + 0x0002f908, 0x00001f06, + 0x0002f909, 0x00001f07, + 0x0002f90a, 0x00001f08, + 0x0002f90b, 0x00001f09, + 0x0002f90c, 0x00001f0a, + 0x0002f90d, 0x00001f0b, + 0x0002f90e, 0x00001f0c, + 0x0002f90f, 0x00001f0d, + 0x0002f910, 0x00001f0e, + 0x0002f911, 0x00001f0f, + 0x0002f912, 0x00001f10, + 0x0002f913, 0x00001f11, + 0x0002f914, 0x00001f12, + 0x0002f915, 0x00001f13, + 0x0002f916, 0x00001f14, + 0x0002f917, 0x00001f15, + 0x0002f918, 0x00001f16, + 0x0002f919, 0x00001f17, + 0x0002f91a, 0x00001f18, + 0x0002f91b, 0x00001f19, + 0x0002f91c, 0x00001f1a, + 0x0002f91d, 0x00001f1b, + 0x0002f91e, 0x00001f1c, + 0x0002f91f, 0x00001f1d, + 0x0002f920, 0x00001f1e, + 0x0002f921, 0x00001f1f, + 0x0002f922, 0x00001f20, + 0x0002f923, 0x00001f21, + 0x0002f924, 0x00001f22, + 0x0002f925, 0x00001f23, + 0x0002f926, 0x00001f24, + 0x0002f927, 0x00001f25, + 0x0002f928, 0x00001f26, + 0x0002f929, 0x00001f27, + 0x0002f92a, 0x00001f28, + 0x0002f92b, 0x00001f29, + 0x0002f92c, 0x00001f2a, + 0x0002f92d, 0x00001f2b, + 0x0002f92e, 0x00001f2c, + 0x0002f92f, 0x00001f2d, + 0x0002f930, 0x00001f2e, + 0x0002f931, 0x00001f2f, + 0x0002f932, 0x00001f30, + 0x0002f933, 0x00001f31, + 0x0002f934, 0x00001f32, + 0x0002f935, 0x00001f33, + 0x0002f936, 0x00001f34, + 0x0002f937, 0x00001f35, + 0x0002f938, 0x00001f36, + 0x0002f939, 0x00001f37, + 0x0002f93a, 0x00001f38, + 0x0002f93b, 0x00001f39, + 0x0002f93c, 0x00001f3a, + 0x0002f93d, 0x00001f3b, + 0x0002f93e, 0x00001f3c, + 0x0002f93f, 0x00001f3d, + 0x0002f940, 0x00001f3e, + 0x0002f941, 0x00001f3f, + 0x0002f942, 0x00001f40, + 0x0002f943, 0x00001f41, + 0x0002f944, 0x00001f42, + 0x0002f945, 0x00001f43, + 0x0002f946, 0x00001f44, + 0x0002f947, 0x00001f45, + 0x0002f948, 0x00001f46, + 0x0002f949, 0x00001f47, + 0x0002f94a, 0x00001f48, + 0x0002f94b, 0x00001f49, + 0x0002f94c, 0x00001f4a, + 0x0002f94d, 0x00001f4b, + 0x0002f94e, 0x00001f4c, + 0x0002f94f, 0x00001f4d, + 0x0002f950, 0x00001f4e, + 0x0002f951, 0x00001f4f, + 0x0002f952, 0x00001f50, + 0x0002f953, 0x00001f51, + 0x0002f954, 0x00001f52, + 0x0002f955, 0x00001f53, + 0x0002f956, 0x00001f54, + 0x0002f957, 0x00001f55, + 0x0002f958, 0x00001f56, + 0x0002f959, 0x00001f57, + 0x0002f95a, 0x00001f58, + 0x0002f95b, 0x00001f59, + 0x0002f95c, 0x00001f5a, + 0x0002f95d, 0x00001f5b, + 0x0002f95e, 0x00001f5c, + 0x0002f95f, 0x00001f5d, + 0x0002f960, 0x00001f5e, + 0x0002f961, 0x00001f5f, + 0x0002f962, 0x00001f60, + 0x0002f963, 0x00001f61, + 0x0002f964, 0x00001f62, + 0x0002f965, 0x00001f63, + 0x0002f966, 0x00001f64, + 0x0002f967, 0x00001f65, + 0x0002f968, 0x00001f66, + 0x0002f969, 0x00001f67, + 0x0002f96a, 0x00001f68, + 0x0002f96b, 0x00001f69, + 0x0002f96c, 0x00001f6a, + 0x0002f96d, 0x00001f6b, + 0x0002f96e, 0x00001f6c, + 0x0002f96f, 0x00001f6d, + 0x0002f970, 0x00001f6e, + 0x0002f971, 0x00001f6f, + 0x0002f972, 0x00001f70, + 0x0002f973, 0x00001f71, + 0x0002f974, 0x00001f72, + 0x0002f975, 0x00001f73, + 0x0002f976, 0x00001f74, + 0x0002f977, 0x00001f75, + 0x0002f978, 0x00001f76, + 0x0002f979, 0x00001f77, + 0x0002f97a, 0x00001f78, + 0x0002f97b, 0x00001f79, + 0x0002f97c, 0x00001f7a, + 0x0002f97d, 0x00001f7b, + 0x0002f97e, 0x00001f7c, + 0x0002f97f, 0x00001f7d, + 0x0002f980, 0x00001f7e, + 0x0002f981, 0x00001f7f, + 0x0002f982, 0x00001f80, + 0x0002f983, 0x00001f81, + 0x0002f984, 0x00001f82, + 0x0002f985, 0x00001f83, + 0x0002f986, 0x00001f84, + 0x0002f987, 0x00001f85, + 0x0002f988, 0x00001f86, + 0x0002f989, 0x00001f87, + 0x0002f98a, 0x00001f88, + 0x0002f98b, 0x00001f89, + 0x0002f98c, 0x00001f8a, + 0x0002f98d, 0x00001f8b, + 0x0002f98e, 0x00001f8c, + 0x0002f98f, 0x00001f8d, + 0x0002f990, 0x00001f8e, + 0x0002f991, 0x00001f8f, + 0x0002f992, 0x00001f90, + 0x0002f993, 0x00001f91, + 0x0002f994, 0x00001f92, + 0x0002f995, 0x00001f93, + 0x0002f996, 0x00001f94, + 0x0002f997, 0x00001f95, + 0x0002f998, 0x00001f96, + 0x0002f999, 0x00001f97, + 0x0002f99a, 0x00001f98, + 0x0002f99b, 0x00001f99, + 0x0002f99c, 0x00001f9a, + 0x0002f99d, 0x00001f9b, + 0x0002f99e, 0x00001f9c, + 0x0002f99f, 0x00001f9d, + 0x0002f9a0, 0x00001f9e, + 0x0002f9a1, 0x00001f9f, + 0x0002f9a2, 0x00001fa0, + 0x0002f9a3, 0x00001fa1, + 0x0002f9a4, 0x00001fa2, + 0x0002f9a5, 0x00001fa3, + 0x0002f9a6, 0x00001fa4, + 0x0002f9a7, 0x00001fa5, + 0x0002f9a8, 0x00001fa6, + 0x0002f9a9, 0x00001fa7, + 0x0002f9aa, 0x00001fa8, + 0x0002f9ab, 0x00001fa9, + 0x0002f9ac, 0x00001faa, + 0x0002f9ad, 0x00001fab, + 0x0002f9ae, 0x00001fac, + 0x0002f9af, 0x00001fad, + 0x0002f9b0, 0x00001fae, + 0x0002f9b1, 0x00001faf, + 0x0002f9b2, 0x00001fb0, + 0x0002f9b3, 0x00001fb1, + 0x0002f9b4, 0x00001fb2, + 0x0002f9b5, 0x00001fb3, + 0x0002f9b6, 0x00001fb4, + 0x0002f9b7, 0x00001fb5, + 0x0002f9b8, 0x00001fb6, + 0x0002f9b9, 0x00001fb7, + 0x0002f9ba, 0x00001fb8, + 0x0002f9bb, 0x00001fb9, + 0x0002f9bc, 0x00001fba, + 0x0002f9bd, 0x00001fbb, + 0x0002f9be, 0x00001fbc, + 0x0002f9bf, 0x00001fbd, + 0x0002f9c0, 0x00001fbe, + 0x0002f9c1, 0x00001fbf, + 0x0002f9c2, 0x00001fc0, + 0x0002f9c3, 0x00001fc1, + 0x0002f9c4, 0x00001fc2, + 0x0002f9c5, 0x00001fc3, + 0x0002f9c6, 0x00001fc4, + 0x0002f9c7, 0x00001fc5, + 0x0002f9c8, 0x00001fc6, + 0x0002f9c9, 0x00001fc7, + 0x0002f9ca, 0x00001fc8, + 0x0002f9cb, 0x00001fc9, + 0x0002f9cc, 0x00001fca, + 0x0002f9cd, 0x00001fcb, + 0x0002f9ce, 0x00001fcc, + 0x0002f9cf, 0x00001fcd, + 0x0002f9d0, 0x00001fce, + 0x0002f9d1, 0x00001fcf, + 0x0002f9d2, 0x00001fd0, + 0x0002f9d3, 0x00001fd1, + 0x0002f9d4, 0x00001fd2, + 0x0002f9d5, 0x00001fd3, + 0x0002f9d6, 0x00001fd4, + 0x0002f9d7, 0x00001fd5, + 0x0002f9d8, 0x00001fd6, + 0x0002f9d9, 0x00001fd7, + 0x0002f9da, 0x00001fd8, + 0x0002f9db, 0x00001fd9, + 0x0002f9dc, 0x00001fda, + 0x0002f9dd, 0x00001fdb, + 0x0002f9de, 0x00001fdc, + 0x0002f9df, 0x00001fdd, + 0x0002f9e0, 0x00001fde, + 0x0002f9e1, 0x00001fdf, + 0x0002f9e2, 0x00001fe0, + 0x0002f9e3, 0x00001fe1, + 0x0002f9e4, 0x00001fe2, + 0x0002f9e5, 0x00001fe3, + 0x0002f9e6, 0x00001fe4, + 0x0002f9e7, 0x00001fe5, + 0x0002f9e8, 0x00001fe6, + 0x0002f9e9, 0x00001fe7, + 0x0002f9ea, 0x00001fe8, + 0x0002f9eb, 0x00001fe9, + 0x0002f9ec, 0x00001fea, + 0x0002f9ed, 0x00001feb, + 0x0002f9ee, 0x00001fec, + 0x0002f9ef, 0x00001fed, + 0x0002f9f0, 0x00001fee, + 0x0002f9f1, 0x00001fef, + 0x0002f9f2, 0x00001ff0, + 0x0002f9f3, 0x00001ff1, + 0x0002f9f4, 0x00001ff2, + 0x0002f9f5, 0x00001ff3, + 0x0002f9f6, 0x00001ff4, + 0x0002f9f7, 0x00001ff5, + 0x0002f9f8, 0x00001ff6, + 0x0002f9f9, 0x00001ff7, + 0x0002f9fa, 0x00001ff8, + 0x0002f9fb, 0x00001ff9, + 0x0002f9fc, 0x00001ffa, + 0x0002f9fd, 0x00001ffb, + 0x0002f9fe, 0x00001ffc, + 0x0002f9ff, 0x00001ffd, + 0x0002fa00, 0x00001ffe, + 0x0002fa01, 0x00001fff, + 0x0002fa02, 0x00002000, + 0x0002fa03, 0x00002001, + 0x0002fa04, 0x00002002, + 0x0002fa05, 0x00002003, + 0x0002fa06, 0x00002004, + 0x0002fa07, 0x00002005, + 0x0002fa08, 0x00002006, + 0x0002fa09, 0x00002007, + 0x0002fa0a, 0x00002008, + 0x0002fa0b, 0x00002009, + 0x0002fa0c, 0x0000200a, + 0x0002fa0d, 0x0000200b, + 0x0002fa0e, 0x0000200c, + 0x0002fa0f, 0x0000200d, + 0x0002fa10, 0x0000200e, + 0x0002fa11, 0x0000200f, + 0x0002fa12, 0x00002010, + 0x0002fa13, 0x00002011, + 0x0002fa14, 0x00002012, + 0x0002fa15, 0x00002013, + 0x0002fa16, 0x00002014, + 0x0002fa17, 0x00002015, + 0x0002fa18, 0x00002016, + 0x0002fa19, 0x00002017, + 0x0002fa1a, 0x00002018, + 0x0002fa1b, 0x00002019, + 0x0002fa1c, 0x0000201a, + 0x0002fa1d, 0x0000201b, + 0x0000201c +}; + +static const krb5_ui_4 _uckdcmp_decomp[] = { + 0x00000020, 0x00000020, 0x00000308, 0x00000061, + 0x00000020, 0x00000304, 0x00000032, 0x00000033, + 0x00000020, 0x00000301, 0x000003bc, 0x00000020, + 0x00000327, 0x00000031, 0x0000006f, 0x00000031, + 0x00002044, 0x00000034, 0x00000031, 0x00002044, + 0x00000032, 0x00000033, 0x00002044, 0x00000034, + 0x00000041, 0x00000300, 0x00000041, 0x00000301, + 0x00000041, 0x00000302, 0x00000041, 0x00000303, + 0x00000041, 0x00000308, 0x00000041, 0x0000030a, + 0x00000043, 0x00000327, 0x00000045, 0x00000300, + 0x00000045, 0x00000301, 0x00000045, 0x00000302, + 0x00000045, 0x00000308, 0x00000049, 0x00000300, + 0x00000049, 0x00000301, 0x00000049, 0x00000302, + 0x00000049, 0x00000308, 0x0000004e, 0x00000303, + 0x0000004f, 0x00000300, 0x0000004f, 0x00000301, + 0x0000004f, 0x00000302, 0x0000004f, 0x00000303, + 0x0000004f, 0x00000308, 0x00000055, 0x00000300, + 0x00000055, 0x00000301, 0x00000055, 0x00000302, + 0x00000055, 0x00000308, 0x00000059, 0x00000301, + 0x00000061, 0x00000300, 0x00000061, 0x00000301, + 0x00000061, 0x00000302, 0x00000061, 0x00000303, + 0x00000061, 0x00000308, 0x00000061, 0x0000030a, + 0x00000063, 0x00000327, 0x00000065, 0x00000300, + 0x00000065, 0x00000301, 0x00000065, 0x00000302, + 0x00000065, 0x00000308, 0x00000069, 0x00000300, + 0x00000069, 0x00000301, 0x00000069, 0x00000302, + 0x00000069, 0x00000308, 0x0000006e, 0x00000303, + 0x0000006f, 0x00000300, 0x0000006f, 0x00000301, + 0x0000006f, 0x00000302, 0x0000006f, 0x00000303, + 0x0000006f, 0x00000308, 0x00000075, 0x00000300, + 0x00000075, 0x00000301, 0x00000075, 0x00000302, + 0x00000075, 0x00000308, 0x00000079, 0x00000301, + 0x00000079, 0x00000308, 0x00000041, 0x00000304, + 0x00000061, 0x00000304, 0x00000041, 0x00000306, + 0x00000061, 0x00000306, 0x00000041, 0x00000328, + 0x00000061, 0x00000328, 0x00000043, 0x00000301, + 0x00000063, 0x00000301, 0x00000043, 0x00000302, + 0x00000063, 0x00000302, 0x00000043, 0x00000307, + 0x00000063, 0x00000307, 0x00000043, 0x0000030c, + 0x00000063, 0x0000030c, 0x00000044, 0x0000030c, + 0x00000064, 0x0000030c, 0x00000045, 0x00000304, + 0x00000065, 0x00000304, 0x00000045, 0x00000306, + 0x00000065, 0x00000306, 0x00000045, 0x00000307, + 0x00000065, 0x00000307, 0x00000045, 0x00000328, + 0x00000065, 0x00000328, 0x00000045, 0x0000030c, + 0x00000065, 0x0000030c, 0x00000047, 0x00000302, + 0x00000067, 0x00000302, 0x00000047, 0x00000306, + 0x00000067, 0x00000306, 0x00000047, 0x00000307, + 0x00000067, 0x00000307, 0x00000047, 0x00000327, + 0x00000067, 0x00000327, 0x00000048, 0x00000302, + 0x00000068, 0x00000302, 0x00000049, 0x00000303, + 0x00000069, 0x00000303, 0x00000049, 0x00000304, + 0x00000069, 0x00000304, 0x00000049, 0x00000306, + 0x00000069, 0x00000306, 0x00000049, 0x00000328, + 0x00000069, 0x00000328, 0x00000049, 0x00000307, + 0x00000049, 0x0000004a, 0x00000069, 0x0000006a, + 0x0000004a, 0x00000302, 0x0000006a, 0x00000302, + 0x0000004b, 0x00000327, 0x0000006b, 0x00000327, + 0x0000004c, 0x00000301, 0x0000006c, 0x00000301, + 0x0000004c, 0x00000327, 0x0000006c, 0x00000327, + 0x0000004c, 0x0000030c, 0x0000006c, 0x0000030c, + 0x0000004c, 0x000000b7, 0x0000006c, 0x000000b7, + 0x0000004e, 0x00000301, 0x0000006e, 0x00000301, + 0x0000004e, 0x00000327, 0x0000006e, 0x00000327, + 0x0000004e, 0x0000030c, 0x0000006e, 0x0000030c, + 0x000002bc, 0x0000006e, 0x0000004f, 0x00000304, + 0x0000006f, 0x00000304, 0x0000004f, 0x00000306, + 0x0000006f, 0x00000306, 0x0000004f, 0x0000030b, + 0x0000006f, 0x0000030b, 0x00000052, 0x00000301, + 0x00000072, 0x00000301, 0x00000052, 0x00000327, + 0x00000072, 0x00000327, 0x00000052, 0x0000030c, + 0x00000072, 0x0000030c, 0x00000053, 0x00000301, + 0x00000073, 0x00000301, 0x00000053, 0x00000302, + 0x00000073, 0x00000302, 0x00000053, 0x00000327, + 0x00000073, 0x00000327, 0x00000053, 0x0000030c, + 0x00000073, 0x0000030c, 0x00000054, 0x00000327, + 0x00000074, 0x00000327, 0x00000054, 0x0000030c, + 0x00000074, 0x0000030c, 0x00000055, 0x00000303, + 0x00000075, 0x00000303, 0x00000055, 0x00000304, + 0x00000075, 0x00000304, 0x00000055, 0x00000306, + 0x00000075, 0x00000306, 0x00000055, 0x0000030a, + 0x00000075, 0x0000030a, 0x00000055, 0x0000030b, + 0x00000075, 0x0000030b, 0x00000055, 0x00000328, + 0x00000075, 0x00000328, 0x00000057, 0x00000302, + 0x00000077, 0x00000302, 0x00000059, 0x00000302, + 0x00000079, 0x00000302, 0x00000059, 0x00000308, + 0x0000005a, 0x00000301, 0x0000007a, 0x00000301, + 0x0000005a, 0x00000307, 0x0000007a, 0x00000307, + 0x0000005a, 0x0000030c, 0x0000007a, 0x0000030c, + 0x00000073, 0x0000004f, 0x0000031b, 0x0000006f, + 0x0000031b, 0x00000055, 0x0000031b, 0x00000075, + 0x0000031b, 0x00000044, 0x0000005a, 0x0000030c, + 0x00000044, 0x0000007a, 0x0000030c, 0x00000064, + 0x0000007a, 0x0000030c, 0x0000004c, 0x0000004a, + 0x0000004c, 0x0000006a, 0x0000006c, 0x0000006a, + 0x0000004e, 0x0000004a, 0x0000004e, 0x0000006a, + 0x0000006e, 0x0000006a, 0x00000041, 0x0000030c, + 0x00000061, 0x0000030c, 0x00000049, 0x0000030c, + 0x00000069, 0x0000030c, 0x0000004f, 0x0000030c, + 0x0000006f, 0x0000030c, 0x00000055, 0x0000030c, + 0x00000075, 0x0000030c, 0x00000055, 0x00000308, + 0x00000304, 0x00000075, 0x00000308, 0x00000304, + 0x00000055, 0x00000308, 0x00000301, 0x00000075, + 0x00000308, 0x00000301, 0x00000055, 0x00000308, + 0x0000030c, 0x00000075, 0x00000308, 0x0000030c, + 0x00000055, 0x00000308, 0x00000300, 0x00000075, + 0x00000308, 0x00000300, 0x00000041, 0x00000308, + 0x00000304, 0x00000061, 0x00000308, 0x00000304, + 0x00000041, 0x00000307, 0x00000304, 0x00000061, + 0x00000307, 0x00000304, 0x000000c6, 0x00000304, + 0x000000e6, 0x00000304, 0x00000047, 0x0000030c, + 0x00000067, 0x0000030c, 0x0000004b, 0x0000030c, + 0x0000006b, 0x0000030c, 0x0000004f, 0x00000328, + 0x0000006f, 0x00000328, 0x0000004f, 0x00000328, + 0x00000304, 0x0000006f, 0x00000328, 0x00000304, + 0x000001b7, 0x0000030c, 0x00000292, 0x0000030c, + 0x0000006a, 0x0000030c, 0x00000044, 0x0000005a, + 0x00000044, 0x0000007a, 0x00000064, 0x0000007a, + 0x00000047, 0x00000301, 0x00000067, 0x00000301, + 0x0000004e, 0x00000300, 0x0000006e, 0x00000300, + 0x00000041, 0x0000030a, 0x00000301, 0x00000061, + 0x0000030a, 0x00000301, 0x000000c6, 0x00000301, + 0x000000e6, 0x00000301, 0x000000d8, 0x00000301, + 0x000000f8, 0x00000301, 0x00000041, 0x0000030f, + 0x00000061, 0x0000030f, 0x00000041, 0x00000311, + 0x00000061, 0x00000311, 0x00000045, 0x0000030f, + 0x00000065, 0x0000030f, 0x00000045, 0x00000311, + 0x00000065, 0x00000311, 0x00000049, 0x0000030f, + 0x00000069, 0x0000030f, 0x00000049, 0x00000311, + 0x00000069, 0x00000311, 0x0000004f, 0x0000030f, + 0x0000006f, 0x0000030f, 0x0000004f, 0x00000311, + 0x0000006f, 0x00000311, 0x00000052, 0x0000030f, + 0x00000072, 0x0000030f, 0x00000052, 0x00000311, + 0x00000072, 0x00000311, 0x00000055, 0x0000030f, + 0x00000075, 0x0000030f, 0x00000055, 0x00000311, + 0x00000075, 0x00000311, 0x00000053, 0x00000326, + 0x00000073, 0x00000326, 0x00000054, 0x00000326, + 0x00000074, 0x00000326, 0x00000048, 0x0000030c, + 0x00000068, 0x0000030c, 0x00000041, 0x00000307, + 0x00000061, 0x00000307, 0x00000045, 0x00000327, + 0x00000065, 0x00000327, 0x0000004f, 0x00000308, + 0x00000304, 0x0000006f, 0x00000308, 0x00000304, + 0x0000004f, 0x00000303, 0x00000304, 0x0000006f, + 0x00000303, 0x00000304, 0x0000004f, 0x00000307, + 0x0000006f, 0x00000307, 0x0000004f, 0x00000307, + 0x00000304, 0x0000006f, 0x00000307, 0x00000304, + 0x00000059, 0x00000304, 0x00000079, 0x00000304, + 0x00000068, 0x00000266, 0x0000006a, 0x00000072, + 0x00000279, 0x0000027b, 0x00000281, 0x00000077, + 0x00000079, 0x00000020, 0x00000306, 0x00000020, + 0x00000307, 0x00000020, 0x0000030a, 0x00000020, + 0x00000328, 0x00000020, 0x00000303, 0x00000020, + 0x0000030b, 0x00000263, 0x0000006c, 0x00000073, + 0x00000078, 0x00000295, 0x00000300, 0x00000301, + 0x00000313, 0x00000308, 0x00000301, 0x000002b9, + 0x00000020, 0x00000345, 0x0000003b, 0x00000020, + 0x00000301, 0x00000020, 0x00000308, 0x00000301, + 0x00000391, 0x00000301, 0x000000b7, 0x00000395, + 0x00000301, 0x00000397, 0x00000301, 0x00000399, + 0x00000301, 0x0000039f, 0x00000301, 0x000003a5, + 0x00000301, 0x000003a9, 0x00000301, 0x000003b9, + 0x00000308, 0x00000301, 0x00000399, 0x00000308, + 0x000003a5, 0x00000308, 0x000003b1, 0x00000301, + 0x000003b5, 0x00000301, 0x000003b7, 0x00000301, + 0x000003b9, 0x00000301, 0x000003c5, 0x00000308, + 0x00000301, 0x000003b9, 0x00000308, 0x000003c5, + 0x00000308, 0x000003bf, 0x00000301, 0x000003c5, + 0x00000301, 0x000003c9, 0x00000301, 0x000003b2, + 0x000003b8, 0x000003a5, 0x000003a5, 0x00000301, + 0x000003a5, 0x00000308, 0x000003c6, 0x000003c0, + 0x000003ba, 0x000003c1, 0x000003c2, 0x00000398, + 0x000003b5, 0x00000415, 0x00000300, 0x00000415, + 0x00000308, 0x00000413, 0x00000301, 0x00000406, + 0x00000308, 0x0000041a, 0x00000301, 0x00000418, + 0x00000300, 0x00000423, 0x00000306, 0x00000418, + 0x00000306, 0x00000438, 0x00000306, 0x00000435, + 0x00000300, 0x00000435, 0x00000308, 0x00000433, + 0x00000301, 0x00000456, 0x00000308, 0x0000043a, + 0x00000301, 0x00000438, 0x00000300, 0x00000443, + 0x00000306, 0x00000474, 0x0000030f, 0x00000475, + 0x0000030f, 0x00000416, 0x00000306, 0x00000436, + 0x00000306, 0x00000410, 0x00000306, 0x00000430, + 0x00000306, 0x00000410, 0x00000308, 0x00000430, + 0x00000308, 0x00000415, 0x00000306, 0x00000435, + 0x00000306, 0x000004d8, 0x00000308, 0x000004d9, + 0x00000308, 0x00000416, 0x00000308, 0x00000436, + 0x00000308, 0x00000417, 0x00000308, 0x00000437, + 0x00000308, 0x00000418, 0x00000304, 0x00000438, + 0x00000304, 0x00000418, 0x00000308, 0x00000438, + 0x00000308, 0x0000041e, 0x00000308, 0x0000043e, + 0x00000308, 0x000004e8, 0x00000308, 0x000004e9, + 0x00000308, 0x0000042d, 0x00000308, 0x0000044d, + 0x00000308, 0x00000423, 0x00000304, 0x00000443, + 0x00000304, 0x00000423, 0x00000308, 0x00000443, + 0x00000308, 0x00000423, 0x0000030b, 0x00000443, + 0x0000030b, 0x00000427, 0x00000308, 0x00000447, + 0x00000308, 0x0000042b, 0x00000308, 0x0000044b, + 0x00000308, 0x00000565, 0x00000582, 0x00000627, + 0x00000653, 0x00000627, 0x00000654, 0x00000648, + 0x00000654, 0x00000627, 0x00000655, 0x0000064a, + 0x00000654, 0x00000627, 0x00000674, 0x00000648, + 0x00000674, 0x000006c7, 0x00000674, 0x0000064a, + 0x00000674, 0x000006d5, 0x00000654, 0x000006c1, + 0x00000654, 0x000006d2, 0x00000654, 0x00000928, + 0x0000093c, 0x00000930, 0x0000093c, 0x00000933, + 0x0000093c, 0x00000915, 0x0000093c, 0x00000916, + 0x0000093c, 0x00000917, 0x0000093c, 0x0000091c, + 0x0000093c, 0x00000921, 0x0000093c, 0x00000922, + 0x0000093c, 0x0000092b, 0x0000093c, 0x0000092f, + 0x0000093c, 0x000009c7, 0x000009be, 0x000009c7, + 0x000009d7, 0x000009a1, 0x000009bc, 0x000009a2, + 0x000009bc, 0x000009af, 0x000009bc, 0x00000a32, + 0x00000a3c, 0x00000a38, 0x00000a3c, 0x00000a16, + 0x00000a3c, 0x00000a17, 0x00000a3c, 0x00000a1c, + 0x00000a3c, 0x00000a2b, 0x00000a3c, 0x00000b47, + 0x00000b56, 0x00000b47, 0x00000b3e, 0x00000b47, + 0x00000b57, 0x00000b21, 0x00000b3c, 0x00000b22, + 0x00000b3c, 0x00000b92, 0x00000bd7, 0x00000bc6, + 0x00000bbe, 0x00000bc7, 0x00000bbe, 0x00000bc6, + 0x00000bd7, 0x00000c46, 0x00000c56, 0x00000cbf, + 0x00000cd5, 0x00000cc6, 0x00000cd5, 0x00000cc6, + 0x00000cd6, 0x00000cc6, 0x00000cc2, 0x00000cc6, + 0x00000cc2, 0x00000cd5, 0x00000d46, 0x00000d3e, + 0x00000d47, 0x00000d3e, 0x00000d46, 0x00000d57, + 0x00000dd9, 0x00000dca, 0x00000dd9, 0x00000dcf, + 0x00000dd9, 0x00000dcf, 0x00000dca, 0x00000dd9, + 0x00000ddf, 0x00000e4d, 0x00000e32, 0x00000ecd, + 0x00000eb2, 0x00000eab, 0x00000e99, 0x00000eab, + 0x00000ea1, 0x00000f0b, 0x00000f42, 0x00000fb7, + 0x00000f4c, 0x00000fb7, 0x00000f51, 0x00000fb7, + 0x00000f56, 0x00000fb7, 0x00000f5b, 0x00000fb7, + 0x00000f40, 0x00000fb5, 0x00000f71, 0x00000f72, + 0x00000f71, 0x00000f74, 0x00000fb2, 0x00000f80, + 0x00000fb2, 0x00000f71, 0x00000f80, 0x00000fb3, + 0x00000f80, 0x00000fb3, 0x00000f71, 0x00000f80, + 0x00000f71, 0x00000f80, 0x00000f92, 0x00000fb7, + 0x00000f9c, 0x00000fb7, 0x00000fa1, 0x00000fb7, + 0x00000fa6, 0x00000fb7, 0x00000fab, 0x00000fb7, + 0x00000f90, 0x00000fb5, 0x00001025, 0x0000102e, + 0x00000041, 0x00000325, 0x00000061, 0x00000325, + 0x00000042, 0x00000307, 0x00000062, 0x00000307, + 0x00000042, 0x00000323, 0x00000062, 0x00000323, + 0x00000042, 0x00000331, 0x00000062, 0x00000331, + 0x00000043, 0x00000327, 0x00000301, 0x00000063, + 0x00000327, 0x00000301, 0x00000044, 0x00000307, + 0x00000064, 0x00000307, 0x00000044, 0x00000323, + 0x00000064, 0x00000323, 0x00000044, 0x00000331, + 0x00000064, 0x00000331, 0x00000044, 0x00000327, + 0x00000064, 0x00000327, 0x00000044, 0x0000032d, + 0x00000064, 0x0000032d, 0x00000045, 0x00000304, + 0x00000300, 0x00000065, 0x00000304, 0x00000300, + 0x00000045, 0x00000304, 0x00000301, 0x00000065, + 0x00000304, 0x00000301, 0x00000045, 0x0000032d, + 0x00000065, 0x0000032d, 0x00000045, 0x00000330, + 0x00000065, 0x00000330, 0x00000045, 0x00000327, + 0x00000306, 0x00000065, 0x00000327, 0x00000306, + 0x00000046, 0x00000307, 0x00000066, 0x00000307, + 0x00000047, 0x00000304, 0x00000067, 0x00000304, + 0x00000048, 0x00000307, 0x00000068, 0x00000307, + 0x00000048, 0x00000323, 0x00000068, 0x00000323, + 0x00000048, 0x00000308, 0x00000068, 0x00000308, + 0x00000048, 0x00000327, 0x00000068, 0x00000327, + 0x00000048, 0x0000032e, 0x00000068, 0x0000032e, + 0x00000049, 0x00000330, 0x00000069, 0x00000330, + 0x00000049, 0x00000308, 0x00000301, 0x00000069, + 0x00000308, 0x00000301, 0x0000004b, 0x00000301, + 0x0000006b, 0x00000301, 0x0000004b, 0x00000323, + 0x0000006b, 0x00000323, 0x0000004b, 0x00000331, + 0x0000006b, 0x00000331, 0x0000004c, 0x00000323, + 0x0000006c, 0x00000323, 0x0000004c, 0x00000323, + 0x00000304, 0x0000006c, 0x00000323, 0x00000304, + 0x0000004c, 0x00000331, 0x0000006c, 0x00000331, + 0x0000004c, 0x0000032d, 0x0000006c, 0x0000032d, + 0x0000004d, 0x00000301, 0x0000006d, 0x00000301, + 0x0000004d, 0x00000307, 0x0000006d, 0x00000307, + 0x0000004d, 0x00000323, 0x0000006d, 0x00000323, + 0x0000004e, 0x00000307, 0x0000006e, 0x00000307, + 0x0000004e, 0x00000323, 0x0000006e, 0x00000323, + 0x0000004e, 0x00000331, 0x0000006e, 0x00000331, + 0x0000004e, 0x0000032d, 0x0000006e, 0x0000032d, + 0x0000004f, 0x00000303, 0x00000301, 0x0000006f, + 0x00000303, 0x00000301, 0x0000004f, 0x00000303, + 0x00000308, 0x0000006f, 0x00000303, 0x00000308, + 0x0000004f, 0x00000304, 0x00000300, 0x0000006f, + 0x00000304, 0x00000300, 0x0000004f, 0x00000304, + 0x00000301, 0x0000006f, 0x00000304, 0x00000301, + 0x00000050, 0x00000301, 0x00000070, 0x00000301, + 0x00000050, 0x00000307, 0x00000070, 0x00000307, + 0x00000052, 0x00000307, 0x00000072, 0x00000307, + 0x00000052, 0x00000323, 0x00000072, 0x00000323, + 0x00000052, 0x00000323, 0x00000304, 0x00000072, + 0x00000323, 0x00000304, 0x00000052, 0x00000331, + 0x00000072, 0x00000331, 0x00000053, 0x00000307, + 0x00000073, 0x00000307, 0x00000053, 0x00000323, + 0x00000073, 0x00000323, 0x00000053, 0x00000301, + 0x00000307, 0x00000073, 0x00000301, 0x00000307, + 0x00000053, 0x0000030c, 0x00000307, 0x00000073, + 0x0000030c, 0x00000307, 0x00000053, 0x00000323, + 0x00000307, 0x00000073, 0x00000323, 0x00000307, + 0x00000054, 0x00000307, 0x00000074, 0x00000307, + 0x00000054, 0x00000323, 0x00000074, 0x00000323, + 0x00000054, 0x00000331, 0x00000074, 0x00000331, + 0x00000054, 0x0000032d, 0x00000074, 0x0000032d, + 0x00000055, 0x00000324, 0x00000075, 0x00000324, + 0x00000055, 0x00000330, 0x00000075, 0x00000330, + 0x00000055, 0x0000032d, 0x00000075, 0x0000032d, + 0x00000055, 0x00000303, 0x00000301, 0x00000075, + 0x00000303, 0x00000301, 0x00000055, 0x00000304, + 0x00000308, 0x00000075, 0x00000304, 0x00000308, + 0x00000056, 0x00000303, 0x00000076, 0x00000303, + 0x00000056, 0x00000323, 0x00000076, 0x00000323, + 0x00000057, 0x00000300, 0x00000077, 0x00000300, + 0x00000057, 0x00000301, 0x00000077, 0x00000301, + 0x00000057, 0x00000308, 0x00000077, 0x00000308, + 0x00000057, 0x00000307, 0x00000077, 0x00000307, + 0x00000057, 0x00000323, 0x00000077, 0x00000323, + 0x00000058, 0x00000307, 0x00000078, 0x00000307, + 0x00000058, 0x00000308, 0x00000078, 0x00000308, + 0x00000059, 0x00000307, 0x00000079, 0x00000307, + 0x0000005a, 0x00000302, 0x0000007a, 0x00000302, + 0x0000005a, 0x00000323, 0x0000007a, 0x00000323, + 0x0000005a, 0x00000331, 0x0000007a, 0x00000331, + 0x00000068, 0x00000331, 0x00000074, 0x00000308, + 0x00000077, 0x0000030a, 0x00000079, 0x0000030a, + 0x00000061, 0x000002be, 0x00000073, 0x00000307, + 0x00000041, 0x00000323, 0x00000061, 0x00000323, + 0x00000041, 0x00000309, 0x00000061, 0x00000309, + 0x00000041, 0x00000302, 0x00000301, 0x00000061, + 0x00000302, 0x00000301, 0x00000041, 0x00000302, + 0x00000300, 0x00000061, 0x00000302, 0x00000300, + 0x00000041, 0x00000302, 0x00000309, 0x00000061, + 0x00000302, 0x00000309, 0x00000041, 0x00000302, + 0x00000303, 0x00000061, 0x00000302, 0x00000303, + 0x00000041, 0x00000323, 0x00000302, 0x00000061, + 0x00000323, 0x00000302, 0x00000041, 0x00000306, + 0x00000301, 0x00000061, 0x00000306, 0x00000301, + 0x00000041, 0x00000306, 0x00000300, 0x00000061, + 0x00000306, 0x00000300, 0x00000041, 0x00000306, + 0x00000309, 0x00000061, 0x00000306, 0x00000309, + 0x00000041, 0x00000306, 0x00000303, 0x00000061, + 0x00000306, 0x00000303, 0x00000041, 0x00000323, + 0x00000306, 0x00000061, 0x00000323, 0x00000306, + 0x00000045, 0x00000323, 0x00000065, 0x00000323, + 0x00000045, 0x00000309, 0x00000065, 0x00000309, + 0x00000045, 0x00000303, 0x00000065, 0x00000303, + 0x00000045, 0x00000302, 0x00000301, 0x00000065, + 0x00000302, 0x00000301, 0x00000045, 0x00000302, + 0x00000300, 0x00000065, 0x00000302, 0x00000300, + 0x00000045, 0x00000302, 0x00000309, 0x00000065, + 0x00000302, 0x00000309, 0x00000045, 0x00000302, + 0x00000303, 0x00000065, 0x00000302, 0x00000303, + 0x00000045, 0x00000323, 0x00000302, 0x00000065, + 0x00000323, 0x00000302, 0x00000049, 0x00000309, + 0x00000069, 0x00000309, 0x00000049, 0x00000323, + 0x00000069, 0x00000323, 0x0000004f, 0x00000323, + 0x0000006f, 0x00000323, 0x0000004f, 0x00000309, + 0x0000006f, 0x00000309, 0x0000004f, 0x00000302, + 0x00000301, 0x0000006f, 0x00000302, 0x00000301, + 0x0000004f, 0x00000302, 0x00000300, 0x0000006f, + 0x00000302, 0x00000300, 0x0000004f, 0x00000302, + 0x00000309, 0x0000006f, 0x00000302, 0x00000309, + 0x0000004f, 0x00000302, 0x00000303, 0x0000006f, + 0x00000302, 0x00000303, 0x0000004f, 0x00000323, + 0x00000302, 0x0000006f, 0x00000323, 0x00000302, + 0x0000004f, 0x0000031b, 0x00000301, 0x0000006f, + 0x0000031b, 0x00000301, 0x0000004f, 0x0000031b, + 0x00000300, 0x0000006f, 0x0000031b, 0x00000300, + 0x0000004f, 0x0000031b, 0x00000309, 0x0000006f, + 0x0000031b, 0x00000309, 0x0000004f, 0x0000031b, + 0x00000303, 0x0000006f, 0x0000031b, 0x00000303, + 0x0000004f, 0x0000031b, 0x00000323, 0x0000006f, + 0x0000031b, 0x00000323, 0x00000055, 0x00000323, + 0x00000075, 0x00000323, 0x00000055, 0x00000309, + 0x00000075, 0x00000309, 0x00000055, 0x0000031b, + 0x00000301, 0x00000075, 0x0000031b, 0x00000301, + 0x00000055, 0x0000031b, 0x00000300, 0x00000075, + 0x0000031b, 0x00000300, 0x00000055, 0x0000031b, + 0x00000309, 0x00000075, 0x0000031b, 0x00000309, + 0x00000055, 0x0000031b, 0x00000303, 0x00000075, + 0x0000031b, 0x00000303, 0x00000055, 0x0000031b, + 0x00000323, 0x00000075, 0x0000031b, 0x00000323, + 0x00000059, 0x00000300, 0x00000079, 0x00000300, + 0x00000059, 0x00000323, 0x00000079, 0x00000323, + 0x00000059, 0x00000309, 0x00000079, 0x00000309, + 0x00000059, 0x00000303, 0x00000079, 0x00000303, + 0x000003b1, 0x00000313, 0x000003b1, 0x00000314, + 0x000003b1, 0x00000313, 0x00000300, 0x000003b1, + 0x00000314, 0x00000300, 0x000003b1, 0x00000313, + 0x00000301, 0x000003b1, 0x00000314, 0x00000301, + 0x000003b1, 0x00000313, 0x00000342, 0x000003b1, + 0x00000314, 0x00000342, 0x00000391, 0x00000313, + 0x00000391, 0x00000314, 0x00000391, 0x00000313, + 0x00000300, 0x00000391, 0x00000314, 0x00000300, + 0x00000391, 0x00000313, 0x00000301, 0x00000391, + 0x00000314, 0x00000301, 0x00000391, 0x00000313, + 0x00000342, 0x00000391, 0x00000314, 0x00000342, + 0x000003b5, 0x00000313, 0x000003b5, 0x00000314, + 0x000003b5, 0x00000313, 0x00000300, 0x000003b5, + 0x00000314, 0x00000300, 0x000003b5, 0x00000313, + 0x00000301, 0x000003b5, 0x00000314, 0x00000301, + 0x00000395, 0x00000313, 0x00000395, 0x00000314, + 0x00000395, 0x00000313, 0x00000300, 0x00000395, + 0x00000314, 0x00000300, 0x00000395, 0x00000313, + 0x00000301, 0x00000395, 0x00000314, 0x00000301, + 0x000003b7, 0x00000313, 0x000003b7, 0x00000314, + 0x000003b7, 0x00000313, 0x00000300, 0x000003b7, + 0x00000314, 0x00000300, 0x000003b7, 0x00000313, + 0x00000301, 0x000003b7, 0x00000314, 0x00000301, + 0x000003b7, 0x00000313, 0x00000342, 0x000003b7, + 0x00000314, 0x00000342, 0x00000397, 0x00000313, + 0x00000397, 0x00000314, 0x00000397, 0x00000313, + 0x00000300, 0x00000397, 0x00000314, 0x00000300, + 0x00000397, 0x00000313, 0x00000301, 0x00000397, + 0x00000314, 0x00000301, 0x00000397, 0x00000313, + 0x00000342, 0x00000397, 0x00000314, 0x00000342, + 0x000003b9, 0x00000313, 0x000003b9, 0x00000314, + 0x000003b9, 0x00000313, 0x00000300, 0x000003b9, + 0x00000314, 0x00000300, 0x000003b9, 0x00000313, + 0x00000301, 0x000003b9, 0x00000314, 0x00000301, + 0x000003b9, 0x00000313, 0x00000342, 0x000003b9, + 0x00000314, 0x00000342, 0x00000399, 0x00000313, + 0x00000399, 0x00000314, 0x00000399, 0x00000313, + 0x00000300, 0x00000399, 0x00000314, 0x00000300, + 0x00000399, 0x00000313, 0x00000301, 0x00000399, + 0x00000314, 0x00000301, 0x00000399, 0x00000313, + 0x00000342, 0x00000399, 0x00000314, 0x00000342, + 0x000003bf, 0x00000313, 0x000003bf, 0x00000314, + 0x000003bf, 0x00000313, 0x00000300, 0x000003bf, + 0x00000314, 0x00000300, 0x000003bf, 0x00000313, + 0x00000301, 0x000003bf, 0x00000314, 0x00000301, + 0x0000039f, 0x00000313, 0x0000039f, 0x00000314, + 0x0000039f, 0x00000313, 0x00000300, 0x0000039f, + 0x00000314, 0x00000300, 0x0000039f, 0x00000313, + 0x00000301, 0x0000039f, 0x00000314, 0x00000301, + 0x000003c5, 0x00000313, 0x000003c5, 0x00000314, + 0x000003c5, 0x00000313, 0x00000300, 0x000003c5, + 0x00000314, 0x00000300, 0x000003c5, 0x00000313, + 0x00000301, 0x000003c5, 0x00000314, 0x00000301, + 0x000003c5, 0x00000313, 0x00000342, 0x000003c5, + 0x00000314, 0x00000342, 0x000003a5, 0x00000314, + 0x000003a5, 0x00000314, 0x00000300, 0x000003a5, + 0x00000314, 0x00000301, 0x000003a5, 0x00000314, + 0x00000342, 0x000003c9, 0x00000313, 0x000003c9, + 0x00000314, 0x000003c9, 0x00000313, 0x00000300, + 0x000003c9, 0x00000314, 0x00000300, 0x000003c9, + 0x00000313, 0x00000301, 0x000003c9, 0x00000314, + 0x00000301, 0x000003c9, 0x00000313, 0x00000342, + 0x000003c9, 0x00000314, 0x00000342, 0x000003a9, + 0x00000313, 0x000003a9, 0x00000314, 0x000003a9, + 0x00000313, 0x00000300, 0x000003a9, 0x00000314, + 0x00000300, 0x000003a9, 0x00000313, 0x00000301, + 0x000003a9, 0x00000314, 0x00000301, 0x000003a9, + 0x00000313, 0x00000342, 0x000003a9, 0x00000314, + 0x00000342, 0x000003b1, 0x00000300, 0x000003b1, + 0x00000301, 0x000003b5, 0x00000300, 0x000003b5, + 0x00000301, 0x000003b7, 0x00000300, 0x000003b7, + 0x00000301, 0x000003b9, 0x00000300, 0x000003b9, + 0x00000301, 0x000003bf, 0x00000300, 0x000003bf, + 0x00000301, 0x000003c5, 0x00000300, 0x000003c5, + 0x00000301, 0x000003c9, 0x00000300, 0x000003c9, + 0x00000301, 0x000003b1, 0x00000313, 0x00000345, + 0x000003b1, 0x00000314, 0x00000345, 0x000003b1, + 0x00000313, 0x00000300, 0x00000345, 0x000003b1, + 0x00000314, 0x00000300, 0x00000345, 0x000003b1, + 0x00000313, 0x00000301, 0x00000345, 0x000003b1, + 0x00000314, 0x00000301, 0x00000345, 0x000003b1, + 0x00000313, 0x00000342, 0x00000345, 0x000003b1, + 0x00000314, 0x00000342, 0x00000345, 0x00000391, + 0x00000313, 0x00000345, 0x00000391, 0x00000314, + 0x00000345, 0x00000391, 0x00000313, 0x00000300, + 0x00000345, 0x00000391, 0x00000314, 0x00000300, + 0x00000345, 0x00000391, 0x00000313, 0x00000301, + 0x00000345, 0x00000391, 0x00000314, 0x00000301, + 0x00000345, 0x00000391, 0x00000313, 0x00000342, + 0x00000345, 0x00000391, 0x00000314, 0x00000342, + 0x00000345, 0x000003b7, 0x00000313, 0x00000345, + 0x000003b7, 0x00000314, 0x00000345, 0x000003b7, + 0x00000313, 0x00000300, 0x00000345, 0x000003b7, + 0x00000314, 0x00000300, 0x00000345, 0x000003b7, + 0x00000313, 0x00000301, 0x00000345, 0x000003b7, + 0x00000314, 0x00000301, 0x00000345, 0x000003b7, + 0x00000313, 0x00000342, 0x00000345, 0x000003b7, + 0x00000314, 0x00000342, 0x00000345, 0x00000397, + 0x00000313, 0x00000345, 0x00000397, 0x00000314, + 0x00000345, 0x00000397, 0x00000313, 0x00000300, + 0x00000345, 0x00000397, 0x00000314, 0x00000300, + 0x00000345, 0x00000397, 0x00000313, 0x00000301, + 0x00000345, 0x00000397, 0x00000314, 0x00000301, + 0x00000345, 0x00000397, 0x00000313, 0x00000342, + 0x00000345, 0x00000397, 0x00000314, 0x00000342, + 0x00000345, 0x000003c9, 0x00000313, 0x00000345, + 0x000003c9, 0x00000314, 0x00000345, 0x000003c9, + 0x00000313, 0x00000300, 0x00000345, 0x000003c9, + 0x00000314, 0x00000300, 0x00000345, 0x000003c9, + 0x00000313, 0x00000301, 0x00000345, 0x000003c9, + 0x00000314, 0x00000301, 0x00000345, 0x000003c9, + 0x00000313, 0x00000342, 0x00000345, 0x000003c9, + 0x00000314, 0x00000342, 0x00000345, 0x000003a9, + 0x00000313, 0x00000345, 0x000003a9, 0x00000314, + 0x00000345, 0x000003a9, 0x00000313, 0x00000300, + 0x00000345, 0x000003a9, 0x00000314, 0x00000300, + 0x00000345, 0x000003a9, 0x00000313, 0x00000301, + 0x00000345, 0x000003a9, 0x00000314, 0x00000301, + 0x00000345, 0x000003a9, 0x00000313, 0x00000342, + 0x00000345, 0x000003a9, 0x00000314, 0x00000342, + 0x00000345, 0x000003b1, 0x00000306, 0x000003b1, + 0x00000304, 0x000003b1, 0x00000300, 0x00000345, + 0x000003b1, 0x00000345, 0x000003b1, 0x00000301, + 0x00000345, 0x000003b1, 0x00000342, 0x000003b1, + 0x00000342, 0x00000345, 0x00000391, 0x00000306, + 0x00000391, 0x00000304, 0x00000391, 0x00000300, + 0x00000391, 0x00000301, 0x00000391, 0x00000345, + 0x00000020, 0x00000313, 0x000003b9, 0x00000020, + 0x00000313, 0x00000020, 0x00000342, 0x00000020, + 0x00000308, 0x00000342, 0x000003b7, 0x00000300, + 0x00000345, 0x000003b7, 0x00000345, 0x000003b7, + 0x00000301, 0x00000345, 0x000003b7, 0x00000342, + 0x000003b7, 0x00000342, 0x00000345, 0x00000395, + 0x00000300, 0x00000395, 0x00000301, 0x00000397, + 0x00000300, 0x00000397, 0x00000301, 0x00000397, + 0x00000345, 0x00000020, 0x00000313, 0x00000300, + 0x00000020, 0x00000313, 0x00000301, 0x00000020, + 0x00000313, 0x00000342, 0x000003b9, 0x00000306, + 0x000003b9, 0x00000304, 0x000003b9, 0x00000308, + 0x00000300, 0x000003b9, 0x00000308, 0x00000301, + 0x000003b9, 0x00000342, 0x000003b9, 0x00000308, + 0x00000342, 0x00000399, 0x00000306, 0x00000399, + 0x00000304, 0x00000399, 0x00000300, 0x00000399, + 0x00000301, 0x00000020, 0x00000314, 0x00000300, + 0x00000020, 0x00000314, 0x00000301, 0x00000020, + 0x00000314, 0x00000342, 0x000003c5, 0x00000306, + 0x000003c5, 0x00000304, 0x000003c5, 0x00000308, + 0x00000300, 0x000003c5, 0x00000308, 0x00000301, + 0x000003c1, 0x00000313, 0x000003c1, 0x00000314, + 0x000003c5, 0x00000342, 0x000003c5, 0x00000308, + 0x00000342, 0x000003a5, 0x00000306, 0x000003a5, + 0x00000304, 0x000003a5, 0x00000300, 0x000003a5, + 0x00000301, 0x000003a1, 0x00000314, 0x00000020, + 0x00000308, 0x00000300, 0x00000020, 0x00000308, + 0x00000301, 0x00000060, 0x000003c9, 0x00000300, + 0x00000345, 0x000003c9, 0x00000345, 0x000003c9, + 0x00000301, 0x00000345, 0x000003c9, 0x00000342, + 0x000003c9, 0x00000342, 0x00000345, 0x0000039f, + 0x00000300, 0x0000039f, 0x00000301, 0x000003a9, + 0x00000300, 0x000003a9, 0x00000301, 0x000003a9, + 0x00000345, 0x00000020, 0x00000301, 0x00000020, + 0x00000314, 0x00000020, 0x00000020, 0x00000020, + 0x00000020, 0x00000020, 0x00000020, 0x00000020, + 0x00000020, 0x00000020, 0x00000020, 0x00000020, + 0x00002010, 0x00000020, 0x00000333, 0x0000002e, + 0x0000002e, 0x0000002e, 0x0000002e, 0x0000002e, + 0x0000002e, 0x00000020, 0x00002032, 0x00002032, + 0x00002032, 0x00002032, 0x00002032, 0x00002035, + 0x00002035, 0x00002035, 0x00002035, 0x00002035, + 0x00000021, 0x00000021, 0x00000020, 0x00000305, + 0x0000003f, 0x0000003f, 0x0000003f, 0x00000021, + 0x00000021, 0x0000003f, 0x00002032, 0x00002032, + 0x00002032, 0x00002032, 0x00000020, 0x00000030, + 0x00000069, 0x00000034, 0x00000035, 0x00000036, + 0x00000037, 0x00000038, 0x00000039, 0x0000002b, + 0x00002212, 0x0000003d, 0x00000028, 0x00000029, + 0x0000006e, 0x00000030, 0x00000031, 0x00000032, + 0x00000033, 0x00000034, 0x00000035, 0x00000036, + 0x00000037, 0x00000038, 0x00000039, 0x0000002b, + 0x00002212, 0x0000003d, 0x00000028, 0x00000029, + 0x00000052, 0x00000073, 0x00000061, 0x0000002f, + 0x00000063, 0x00000061, 0x0000002f, 0x00000073, + 0x00000043, 0x000000b0, 0x00000043, 0x00000063, + 0x0000002f, 0x0000006f, 0x00000063, 0x0000002f, + 0x00000075, 0x00000190, 0x000000b0, 0x00000046, + 0x00000067, 0x00000048, 0x00000048, 0x00000048, + 0x00000068, 0x00000127, 0x00000049, 0x00000049, + 0x0000004c, 0x0000006c, 0x0000004e, 0x0000004e, + 0x0000006f, 0x00000050, 0x00000051, 0x00000052, + 0x00000052, 0x00000052, 0x00000053, 0x0000004d, + 0x00000054, 0x00000045, 0x0000004c, 0x00000054, + 0x0000004d, 0x0000005a, 0x000003a9, 0x0000005a, + 0x0000004b, 0x00000041, 0x0000030a, 0x00000042, + 0x00000043, 0x00000065, 0x00000045, 0x00000046, + 0x0000004d, 0x0000006f, 0x000005d0, 0x000005d1, + 0x000005d2, 0x000005d3, 0x00000069, 0x000003b3, + 0x00000393, 0x000003a0, 0x00002211, 0x00000044, + 0x00000064, 0x00000065, 0x00000069, 0x0000006a, + 0x00000031, 0x00002044, 0x00000033, 0x00000032, + 0x00002044, 0x00000033, 0x00000031, 0x00002044, + 0x00000035, 0x00000032, 0x00002044, 0x00000035, + 0x00000033, 0x00002044, 0x00000035, 0x00000034, + 0x00002044, 0x00000035, 0x00000031, 0x00002044, + 0x00000036, 0x00000035, 0x00002044, 0x00000036, + 0x00000031, 0x00002044, 0x00000038, 0x00000033, + 0x00002044, 0x00000038, 0x00000035, 0x00002044, + 0x00000038, 0x00000037, 0x00002044, 0x00000038, + 0x00000031, 0x00002044, 0x00000049, 0x00000049, + 0x00000049, 0x00000049, 0x00000049, 0x00000049, + 0x00000049, 0x00000056, 0x00000056, 0x00000056, + 0x00000049, 0x00000056, 0x00000049, 0x00000049, + 0x00000056, 0x00000049, 0x00000049, 0x00000049, + 0x00000049, 0x00000058, 0x00000058, 0x00000058, + 0x00000049, 0x00000058, 0x00000049, 0x00000049, + 0x0000004c, 0x00000043, 0x00000044, 0x0000004d, + 0x00000069, 0x00000069, 0x00000069, 0x00000069, + 0x00000069, 0x00000069, 0x00000069, 0x00000076, + 0x00000076, 0x00000076, 0x00000069, 0x00000076, + 0x00000069, 0x00000069, 0x00000076, 0x00000069, + 0x00000069, 0x00000069, 0x00000069, 0x00000078, + 0x00000078, 0x00000078, 0x00000069, 0x00000078, + 0x00000069, 0x00000069, 0x0000006c, 0x00000063, + 0x00000064, 0x0000006d, 0x00002190, 0x00000338, + 0x00002192, 0x00000338, 0x00002194, 0x00000338, + 0x000021d0, 0x00000338, 0x000021d4, 0x00000338, + 0x000021d2, 0x00000338, 0x00002203, 0x00000338, + 0x00002208, 0x00000338, 0x0000220b, 0x00000338, + 0x00002223, 0x00000338, 0x00002225, 0x00000338, + 0x0000222b, 0x0000222b, 0x0000222b, 0x0000222b, + 0x0000222b, 0x0000222e, 0x0000222e, 0x0000222e, + 0x0000222e, 0x0000222e, 0x0000223c, 0x00000338, + 0x00002243, 0x00000338, 0x00002245, 0x00000338, + 0x00002248, 0x00000338, 0x0000003d, 0x00000338, + 0x00002261, 0x00000338, 0x0000224d, 0x00000338, + 0x0000003c, 0x00000338, 0x0000003e, 0x00000338, + 0x00002264, 0x00000338, 0x00002265, 0x00000338, + 0x00002272, 0x00000338, 0x00002273, 0x00000338, + 0x00002276, 0x00000338, 0x00002277, 0x00000338, + 0x0000227a, 0x00000338, 0x0000227b, 0x00000338, + 0x00002282, 0x00000338, 0x00002283, 0x00000338, + 0x00002286, 0x00000338, 0x00002287, 0x00000338, + 0x000022a2, 0x00000338, 0x000022a8, 0x00000338, + 0x000022a9, 0x00000338, 0x000022ab, 0x00000338, + 0x0000227c, 0x00000338, 0x0000227d, 0x00000338, + 0x00002291, 0x00000338, 0x00002292, 0x00000338, + 0x000022b2, 0x00000338, 0x000022b3, 0x00000338, + 0x000022b4, 0x00000338, 0x000022b5, 0x00000338, + 0x00003008, 0x00003009, 0x00000031, 0x00000032, + 0x00000033, 0x00000034, 0x00000035, 0x00000036, + 0x00000037, 0x00000038, 0x00000039, 0x00000031, + 0x00000030, 0x00000031, 0x00000031, 0x00000031, + 0x00000032, 0x00000031, 0x00000033, 0x00000031, + 0x00000034, 0x00000031, 0x00000035, 0x00000031, + 0x00000036, 0x00000031, 0x00000037, 0x00000031, + 0x00000038, 0x00000031, 0x00000039, 0x00000032, + 0x00000030, 0x00000028, 0x00000031, 0x00000029, + 0x00000028, 0x00000032, 0x00000029, 0x00000028, + 0x00000033, 0x00000029, 0x00000028, 0x00000034, + 0x00000029, 0x00000028, 0x00000035, 0x00000029, + 0x00000028, 0x00000036, 0x00000029, 0x00000028, + 0x00000037, 0x00000029, 0x00000028, 0x00000038, + 0x00000029, 0x00000028, 0x00000039, 0x00000029, + 0x00000028, 0x00000031, 0x00000030, 0x00000029, + 0x00000028, 0x00000031, 0x00000031, 0x00000029, + 0x00000028, 0x00000031, 0x00000032, 0x00000029, + 0x00000028, 0x00000031, 0x00000033, 0x00000029, + 0x00000028, 0x00000031, 0x00000034, 0x00000029, + 0x00000028, 0x00000031, 0x00000035, 0x00000029, + 0x00000028, 0x00000031, 0x00000036, 0x00000029, + 0x00000028, 0x00000031, 0x00000037, 0x00000029, + 0x00000028, 0x00000031, 0x00000038, 0x00000029, + 0x00000028, 0x00000031, 0x00000039, 0x00000029, + 0x00000028, 0x00000032, 0x00000030, 0x00000029, + 0x00000031, 0x0000002e, 0x00000032, 0x0000002e, + 0x00000033, 0x0000002e, 0x00000034, 0x0000002e, + 0x00000035, 0x0000002e, 0x00000036, 0x0000002e, + 0x00000037, 0x0000002e, 0x00000038, 0x0000002e, + 0x00000039, 0x0000002e, 0x00000031, 0x00000030, + 0x0000002e, 0x00000031, 0x00000031, 0x0000002e, + 0x00000031, 0x00000032, 0x0000002e, 0x00000031, + 0x00000033, 0x0000002e, 0x00000031, 0x00000034, + 0x0000002e, 0x00000031, 0x00000035, 0x0000002e, + 0x00000031, 0x00000036, 0x0000002e, 0x00000031, + 0x00000037, 0x0000002e, 0x00000031, 0x00000038, + 0x0000002e, 0x00000031, 0x00000039, 0x0000002e, + 0x00000032, 0x00000030, 0x0000002e, 0x00000028, + 0x00000061, 0x00000029, 0x00000028, 0x00000062, + 0x00000029, 0x00000028, 0x00000063, 0x00000029, + 0x00000028, 0x00000064, 0x00000029, 0x00000028, + 0x00000065, 0x00000029, 0x00000028, 0x00000066, + 0x00000029, 0x00000028, 0x00000067, 0x00000029, + 0x00000028, 0x00000068, 0x00000029, 0x00000028, + 0x00000069, 0x00000029, 0x00000028, 0x0000006a, + 0x00000029, 0x00000028, 0x0000006b, 0x00000029, + 0x00000028, 0x0000006c, 0x00000029, 0x00000028, + 0x0000006d, 0x00000029, 0x00000028, 0x0000006e, + 0x00000029, 0x00000028, 0x0000006f, 0x00000029, + 0x00000028, 0x00000070, 0x00000029, 0x00000028, + 0x00000071, 0x00000029, 0x00000028, 0x00000072, + 0x00000029, 0x00000028, 0x00000073, 0x00000029, + 0x00000028, 0x00000074, 0x00000029, 0x00000028, + 0x00000075, 0x00000029, 0x00000028, 0x00000076, + 0x00000029, 0x00000028, 0x00000077, 0x00000029, + 0x00000028, 0x00000078, 0x00000029, 0x00000028, + 0x00000079, 0x00000029, 0x00000028, 0x0000007a, + 0x00000029, 0x00000041, 0x00000042, 0x00000043, + 0x00000044, 0x00000045, 0x00000046, 0x00000047, + 0x00000048, 0x00000049, 0x0000004a, 0x0000004b, + 0x0000004c, 0x0000004d, 0x0000004e, 0x0000004f, + 0x00000050, 0x00000051, 0x00000052, 0x00000053, + 0x00000054, 0x00000055, 0x00000056, 0x00000057, + 0x00000058, 0x00000059, 0x0000005a, 0x00000061, + 0x00000062, 0x00000063, 0x00000064, 0x00000065, + 0x00000066, 0x00000067, 0x00000068, 0x00000069, + 0x0000006a, 0x0000006b, 0x0000006c, 0x0000006d, + 0x0000006e, 0x0000006f, 0x00000070, 0x00000071, + 0x00000072, 0x00000073, 0x00000074, 0x00000075, + 0x00000076, 0x00000077, 0x00000078, 0x00000079, + 0x0000007a, 0x00000030, 0x0000222b, 0x0000222b, + 0x0000222b, 0x0000222b, 0x0000003a, 0x0000003a, + 0x0000003d, 0x0000003d, 0x0000003d, 0x0000003d, + 0x0000003d, 0x0000003d, 0x00002add, 0x00000338, + 0x00006bcd, 0x00009f9f, 0x00004e00, 0x00004e28, + 0x00004e36, 0x00004e3f, 0x00004e59, 0x00004e85, + 0x00004e8c, 0x00004ea0, 0x00004eba, 0x0000513f, + 0x00005165, 0x0000516b, 0x00005182, 0x00005196, + 0x000051ab, 0x000051e0, 0x000051f5, 0x00005200, + 0x0000529b, 0x000052f9, 0x00005315, 0x0000531a, + 0x00005338, 0x00005341, 0x0000535c, 0x00005369, + 0x00005382, 0x000053b6, 0x000053c8, 0x000053e3, + 0x000056d7, 0x0000571f, 0x000058eb, 0x00005902, + 0x0000590a, 0x00005915, 0x00005927, 0x00005973, + 0x00005b50, 0x00005b80, 0x00005bf8, 0x00005c0f, + 0x00005c22, 0x00005c38, 0x00005c6e, 0x00005c71, + 0x00005ddb, 0x00005de5, 0x00005df1, 0x00005dfe, + 0x00005e72, 0x00005e7a, 0x00005e7f, 0x00005ef4, + 0x00005efe, 0x00005f0b, 0x00005f13, 0x00005f50, + 0x00005f61, 0x00005f73, 0x00005fc3, 0x00006208, + 0x00006236, 0x0000624b, 0x0000652f, 0x00006534, + 0x00006587, 0x00006597, 0x000065a4, 0x000065b9, + 0x000065e0, 0x000065e5, 0x000066f0, 0x00006708, + 0x00006728, 0x00006b20, 0x00006b62, 0x00006b79, + 0x00006bb3, 0x00006bcb, 0x00006bd4, 0x00006bdb, + 0x00006c0f, 0x00006c14, 0x00006c34, 0x0000706b, + 0x0000722a, 0x00007236, 0x0000723b, 0x0000723f, + 0x00007247, 0x00007259, 0x0000725b, 0x000072ac, + 0x00007384, 0x00007389, 0x000074dc, 0x000074e6, + 0x00007518, 0x0000751f, 0x00007528, 0x00007530, + 0x0000758b, 0x00007592, 0x00007676, 0x0000767d, + 0x000076ae, 0x000076bf, 0x000076ee, 0x000077db, + 0x000077e2, 0x000077f3, 0x0000793a, 0x000079b8, + 0x000079be, 0x00007a74, 0x00007acb, 0x00007af9, + 0x00007c73, 0x00007cf8, 0x00007f36, 0x00007f51, + 0x00007f8a, 0x00007fbd, 0x00008001, 0x0000800c, + 0x00008012, 0x00008033, 0x0000807f, 0x00008089, + 0x000081e3, 0x000081ea, 0x000081f3, 0x000081fc, + 0x0000820c, 0x0000821b, 0x0000821f, 0x0000826e, + 0x00008272, 0x00008278, 0x0000864d, 0x0000866b, + 0x00008840, 0x0000884c, 0x00008863, 0x0000897e, + 0x0000898b, 0x000089d2, 0x00008a00, 0x00008c37, + 0x00008c46, 0x00008c55, 0x00008c78, 0x00008c9d, + 0x00008d64, 0x00008d70, 0x00008db3, 0x00008eab, + 0x00008eca, 0x00008f9b, 0x00008fb0, 0x00008fb5, + 0x00009091, 0x00009149, 0x000091c6, 0x000091cc, + 0x000091d1, 0x00009577, 0x00009580, 0x0000961c, + 0x000096b6, 0x000096b9, 0x000096e8, 0x00009751, + 0x0000975e, 0x00009762, 0x00009769, 0x000097cb, + 0x000097ed, 0x000097f3, 0x00009801, 0x000098a8, + 0x000098db, 0x000098df, 0x00009996, 0x00009999, + 0x000099ac, 0x00009aa8, 0x00009ad8, 0x00009adf, + 0x00009b25, 0x00009b2f, 0x00009b32, 0x00009b3c, + 0x00009b5a, 0x00009ce5, 0x00009e75, 0x00009e7f, + 0x00009ea5, 0x00009ebb, 0x00009ec3, 0x00009ecd, + 0x00009ed1, 0x00009ef9, 0x00009efd, 0x00009f0e, + 0x00009f13, 0x00009f20, 0x00009f3b, 0x00009f4a, + 0x00009f52, 0x00009f8d, 0x00009f9c, 0x00009fa0, + 0x00000020, 0x00003012, 0x00005341, 0x00005344, + 0x00005345, 0x0000304b, 0x00003099, 0x0000304d, + 0x00003099, 0x0000304f, 0x00003099, 0x00003051, + 0x00003099, 0x00003053, 0x00003099, 0x00003055, + 0x00003099, 0x00003057, 0x00003099, 0x00003059, + 0x00003099, 0x0000305b, 0x00003099, 0x0000305d, + 0x00003099, 0x0000305f, 0x00003099, 0x00003061, + 0x00003099, 0x00003064, 0x00003099, 0x00003066, + 0x00003099, 0x00003068, 0x00003099, 0x0000306f, + 0x00003099, 0x0000306f, 0x0000309a, 0x00003072, + 0x00003099, 0x00003072, 0x0000309a, 0x00003075, + 0x00003099, 0x00003075, 0x0000309a, 0x00003078, + 0x00003099, 0x00003078, 0x0000309a, 0x0000307b, + 0x00003099, 0x0000307b, 0x0000309a, 0x00003046, + 0x00003099, 0x00000020, 0x00003099, 0x00000020, + 0x0000309a, 0x0000309d, 0x00003099, 0x00003088, + 0x0000308a, 0x000030ab, 0x00003099, 0x000030ad, + 0x00003099, 0x000030af, 0x00003099, 0x000030b1, + 0x00003099, 0x000030b3, 0x00003099, 0x000030b5, + 0x00003099, 0x000030b7, 0x00003099, 0x000030b9, + 0x00003099, 0x000030bb, 0x00003099, 0x000030bd, + 0x00003099, 0x000030bf, 0x00003099, 0x000030c1, + 0x00003099, 0x000030c4, 0x00003099, 0x000030c6, + 0x00003099, 0x000030c8, 0x00003099, 0x000030cf, + 0x00003099, 0x000030cf, 0x0000309a, 0x000030d2, + 0x00003099, 0x000030d2, 0x0000309a, 0x000030d5, + 0x00003099, 0x000030d5, 0x0000309a, 0x000030d8, + 0x00003099, 0x000030d8, 0x0000309a, 0x000030db, + 0x00003099, 0x000030db, 0x0000309a, 0x000030a6, + 0x00003099, 0x000030ef, 0x00003099, 0x000030f0, + 0x00003099, 0x000030f1, 0x00003099, 0x000030f2, + 0x00003099, 0x000030fd, 0x00003099, 0x000030b3, + 0x000030c8, 0x00001100, 0x00001101, 0x000011aa, + 0x00001102, 0x000011ac, 0x000011ad, 0x00001103, + 0x00001104, 0x00001105, 0x000011b0, 0x000011b1, + 0x000011b2, 0x000011b3, 0x000011b4, 0x000011b5, + 0x0000111a, 0x00001106, 0x00001107, 0x00001108, + 0x00001121, 0x00001109, 0x0000110a, 0x0000110b, + 0x0000110c, 0x0000110d, 0x0000110e, 0x0000110f, + 0x00001110, 0x00001111, 0x00001112, 0x00001161, + 0x00001162, 0x00001163, 0x00001164, 0x00001165, + 0x00001166, 0x00001167, 0x00001168, 0x00001169, + 0x0000116a, 0x0000116b, 0x0000116c, 0x0000116d, + 0x0000116e, 0x0000116f, 0x00001170, 0x00001171, + 0x00001172, 0x00001173, 0x00001174, 0x00001175, + 0x00001160, 0x00001114, 0x00001115, 0x000011c7, + 0x000011c8, 0x000011cc, 0x000011ce, 0x000011d3, + 0x000011d7, 0x000011d9, 0x0000111c, 0x000011dd, + 0x000011df, 0x0000111d, 0x0000111e, 0x00001120, + 0x00001122, 0x00001123, 0x00001127, 0x00001129, + 0x0000112b, 0x0000112c, 0x0000112d, 0x0000112e, + 0x0000112f, 0x00001132, 0x00001136, 0x00001140, + 0x00001147, 0x0000114c, 0x000011f1, 0x000011f2, + 0x00001157, 0x00001158, 0x00001159, 0x00001184, + 0x00001185, 0x00001188, 0x00001191, 0x00001192, + 0x00001194, 0x0000119e, 0x000011a1, 0x00004e00, + 0x00004e8c, 0x00004e09, 0x000056db, 0x00004e0a, + 0x00004e2d, 0x00004e0b, 0x00007532, 0x00004e59, + 0x00004e19, 0x00004e01, 0x00005929, 0x00005730, + 0x00004eba, 0x00000028, 0x00001100, 0x00000029, + 0x00000028, 0x00001102, 0x00000029, 0x00000028, + 0x00001103, 0x00000029, 0x00000028, 0x00001105, + 0x00000029, 0x00000028, 0x00001106, 0x00000029, + 0x00000028, 0x00001107, 0x00000029, 0x00000028, + 0x00001109, 0x00000029, 0x00000028, 0x0000110b, + 0x00000029, 0x00000028, 0x0000110c, 0x00000029, + 0x00000028, 0x0000110e, 0x00000029, 0x00000028, + 0x0000110f, 0x00000029, 0x00000028, 0x00001110, + 0x00000029, 0x00000028, 0x00001111, 0x00000029, + 0x00000028, 0x00001112, 0x00000029, 0x00000028, + 0x00001100, 0x00001161, 0x00000029, 0x00000028, + 0x00001102, 0x00001161, 0x00000029, 0x00000028, + 0x00001103, 0x00001161, 0x00000029, 0x00000028, + 0x00001105, 0x00001161, 0x00000029, 0x00000028, + 0x00001106, 0x00001161, 0x00000029, 0x00000028, + 0x00001107, 0x00001161, 0x00000029, 0x00000028, + 0x00001109, 0x00001161, 0x00000029, 0x00000028, + 0x0000110b, 0x00001161, 0x00000029, 0x00000028, + 0x0000110c, 0x00001161, 0x00000029, 0x00000028, + 0x0000110e, 0x00001161, 0x00000029, 0x00000028, + 0x0000110f, 0x00001161, 0x00000029, 0x00000028, + 0x00001110, 0x00001161, 0x00000029, 0x00000028, + 0x00001111, 0x00001161, 0x00000029, 0x00000028, + 0x00001112, 0x00001161, 0x00000029, 0x00000028, + 0x0000110c, 0x0000116e, 0x00000029, 0x00000028, + 0x00004e00, 0x00000029, 0x00000028, 0x00004e8c, + 0x00000029, 0x00000028, 0x00004e09, 0x00000029, + 0x00000028, 0x000056db, 0x00000029, 0x00000028, + 0x00004e94, 0x00000029, 0x00000028, 0x0000516d, + 0x00000029, 0x00000028, 0x00004e03, 0x00000029, + 0x00000028, 0x0000516b, 0x00000029, 0x00000028, + 0x00004e5d, 0x00000029, 0x00000028, 0x00005341, + 0x00000029, 0x00000028, 0x00006708, 0x00000029, + 0x00000028, 0x0000706b, 0x00000029, 0x00000028, + 0x00006c34, 0x00000029, 0x00000028, 0x00006728, + 0x00000029, 0x00000028, 0x000091d1, 0x00000029, + 0x00000028, 0x0000571f, 0x00000029, 0x00000028, + 0x000065e5, 0x00000029, 0x00000028, 0x0000682a, + 0x00000029, 0x00000028, 0x00006709, 0x00000029, + 0x00000028, 0x0000793e, 0x00000029, 0x00000028, + 0x0000540d, 0x00000029, 0x00000028, 0x00007279, + 0x00000029, 0x00000028, 0x00008ca1, 0x00000029, + 0x00000028, 0x0000795d, 0x00000029, 0x00000028, + 0x000052b4, 0x00000029, 0x00000028, 0x00004ee3, + 0x00000029, 0x00000028, 0x0000547c, 0x00000029, + 0x00000028, 0x00005b66, 0x00000029, 0x00000028, + 0x000076e3, 0x00000029, 0x00000028, 0x00004f01, + 0x00000029, 0x00000028, 0x00008cc7, 0x00000029, + 0x00000028, 0x00005354, 0x00000029, 0x00000028, + 0x0000796d, 0x00000029, 0x00000028, 0x00004f11, + 0x00000029, 0x00000028, 0x000081ea, 0x00000029, + 0x00000028, 0x000081f3, 0x00000029, 0x00000032, + 0x00000031, 0x00000032, 0x00000032, 0x00000032, + 0x00000033, 0x00000032, 0x00000034, 0x00000032, + 0x00000035, 0x00000032, 0x00000036, 0x00000032, + 0x00000037, 0x00000032, 0x00000038, 0x00000032, + 0x00000039, 0x00000033, 0x00000030, 0x00000033, + 0x00000031, 0x00000033, 0x00000032, 0x00000033, + 0x00000033, 0x00000033, 0x00000034, 0x00000033, + 0x00000035, 0x00001100, 0x00001102, 0x00001103, + 0x00001105, 0x00001106, 0x00001107, 0x00001109, + 0x0000110b, 0x0000110c, 0x0000110e, 0x0000110f, + 0x00001110, 0x00001111, 0x00001112, 0x00001100, + 0x00001161, 0x00001102, 0x00001161, 0x00001103, + 0x00001161, 0x00001105, 0x00001161, 0x00001106, + 0x00001161, 0x00001107, 0x00001161, 0x00001109, + 0x00001161, 0x0000110b, 0x00001161, 0x0000110c, + 0x00001161, 0x0000110e, 0x00001161, 0x0000110f, + 0x00001161, 0x00001110, 0x00001161, 0x00001111, + 0x00001161, 0x00001112, 0x00001161, 0x00004e00, + 0x00004e8c, 0x00004e09, 0x000056db, 0x00004e94, + 0x0000516d, 0x00004e03, 0x0000516b, 0x00004e5d, + 0x00005341, 0x00006708, 0x0000706b, 0x00006c34, + 0x00006728, 0x000091d1, 0x0000571f, 0x000065e5, + 0x0000682a, 0x00006709, 0x0000793e, 0x0000540d, + 0x00007279, 0x00008ca1, 0x0000795d, 0x000052b4, + 0x000079d8, 0x00007537, 0x00005973, 0x00009069, + 0x0000512a, 0x00005370, 0x00006ce8, 0x00009805, + 0x00004f11, 0x00005199, 0x00006b63, 0x00004e0a, + 0x00004e2d, 0x00004e0b, 0x00005de6, 0x000053f3, + 0x0000533b, 0x00005b97, 0x00005b66, 0x000076e3, + 0x00004f01, 0x00008cc7, 0x00005354, 0x0000591c, + 0x00000033, 0x00000036, 0x00000033, 0x00000037, + 0x00000033, 0x00000038, 0x00000033, 0x00000039, + 0x00000034, 0x00000030, 0x00000034, 0x00000031, + 0x00000034, 0x00000032, 0x00000034, 0x00000033, + 0x00000034, 0x00000034, 0x00000034, 0x00000035, + 0x00000034, 0x00000036, 0x00000034, 0x00000037, + 0x00000034, 0x00000038, 0x00000034, 0x00000039, + 0x00000035, 0x00000030, 0x00000031, 0x00006708, + 0x00000032, 0x00006708, 0x00000033, 0x00006708, + 0x00000034, 0x00006708, 0x00000035, 0x00006708, + 0x00000036, 0x00006708, 0x00000037, 0x00006708, + 0x00000038, 0x00006708, 0x00000039, 0x00006708, + 0x00000031, 0x00000030, 0x00006708, 0x00000031, + 0x00000031, 0x00006708, 0x00000031, 0x00000032, + 0x00006708, 0x000030a2, 0x000030a4, 0x000030a6, + 0x000030a8, 0x000030aa, 0x000030ab, 0x000030ad, + 0x000030af, 0x000030b1, 0x000030b3, 0x000030b5, + 0x000030b7, 0x000030b9, 0x000030bb, 0x000030bd, + 0x000030bf, 0x000030c1, 0x000030c4, 0x000030c6, + 0x000030c8, 0x000030ca, 0x000030cb, 0x000030cc, + 0x000030cd, 0x000030ce, 0x000030cf, 0x000030d2, + 0x000030d5, 0x000030d8, 0x000030db, 0x000030de, + 0x000030df, 0x000030e0, 0x000030e1, 0x000030e2, + 0x000030e4, 0x000030e6, 0x000030e8, 0x000030e9, + 0x000030ea, 0x000030eb, 0x000030ec, 0x000030ed, + 0x000030ef, 0x000030f0, 0x000030f1, 0x000030f2, + 0x000030a2, 0x000030cf, 0x0000309a, 0x000030fc, + 0x000030c8, 0x000030a2, 0x000030eb, 0x000030d5, + 0x000030a1, 0x000030a2, 0x000030f3, 0x000030d8, + 0x0000309a, 0x000030a2, 0x000030a2, 0x000030fc, + 0x000030eb, 0x000030a4, 0x000030cb, 0x000030f3, + 0x000030af, 0x00003099, 0x000030a4, 0x000030f3, + 0x000030c1, 0x000030a6, 0x000030a9, 0x000030f3, + 0x000030a8, 0x000030b9, 0x000030af, 0x000030fc, + 0x000030c8, 0x00003099, 0x000030a8, 0x000030fc, + 0x000030ab, 0x000030fc, 0x000030aa, 0x000030f3, + 0x000030b9, 0x000030aa, 0x000030fc, 0x000030e0, + 0x000030ab, 0x000030a4, 0x000030ea, 0x000030ab, + 0x000030e9, 0x000030c3, 0x000030c8, 0x000030ab, + 0x000030ed, 0x000030ea, 0x000030fc, 0x000030ab, + 0x00003099, 0x000030ed, 0x000030f3, 0x000030ab, + 0x00003099, 0x000030f3, 0x000030de, 0x000030ad, + 0x00003099, 0x000030ab, 0x00003099, 0x000030ad, + 0x00003099, 0x000030cb, 0x000030fc, 0x000030ad, + 0x000030e5, 0x000030ea, 0x000030fc, 0x000030ad, + 0x00003099, 0x000030eb, 0x000030bf, 0x00003099, + 0x000030fc, 0x000030ad, 0x000030ed, 0x000030ad, + 0x000030ed, 0x000030af, 0x00003099, 0x000030e9, + 0x000030e0, 0x000030ad, 0x000030ed, 0x000030e1, + 0x000030fc, 0x000030c8, 0x000030eb, 0x000030ad, + 0x000030ed, 0x000030ef, 0x000030c3, 0x000030c8, + 0x000030af, 0x00003099, 0x000030e9, 0x000030e0, + 0x000030af, 0x00003099, 0x000030e9, 0x000030e0, + 0x000030c8, 0x000030f3, 0x000030af, 0x000030eb, + 0x000030bb, 0x00003099, 0x000030a4, 0x000030ed, + 0x000030af, 0x000030ed, 0x000030fc, 0x000030cd, + 0x000030b1, 0x000030fc, 0x000030b9, 0x000030b3, + 0x000030eb, 0x000030ca, 0x000030b3, 0x000030fc, + 0x000030db, 0x0000309a, 0x000030b5, 0x000030a4, + 0x000030af, 0x000030eb, 0x000030b5, 0x000030f3, + 0x000030c1, 0x000030fc, 0x000030e0, 0x000030b7, + 0x000030ea, 0x000030f3, 0x000030af, 0x00003099, + 0x000030bb, 0x000030f3, 0x000030c1, 0x000030bb, + 0x000030f3, 0x000030c8, 0x000030bf, 0x00003099, + 0x000030fc, 0x000030b9, 0x000030c6, 0x00003099, + 0x000030b7, 0x000030c8, 0x00003099, 0x000030eb, + 0x000030c8, 0x000030f3, 0x000030ca, 0x000030ce, + 0x000030ce, 0x000030c3, 0x000030c8, 0x000030cf, + 0x000030a4, 0x000030c4, 0x000030cf, 0x0000309a, + 0x000030fc, 0x000030bb, 0x000030f3, 0x000030c8, + 0x000030cf, 0x0000309a, 0x000030fc, 0x000030c4, + 0x000030cf, 0x00003099, 0x000030fc, 0x000030ec, + 0x000030eb, 0x000030d2, 0x0000309a, 0x000030a2, + 0x000030b9, 0x000030c8, 0x000030eb, 0x000030d2, + 0x0000309a, 0x000030af, 0x000030eb, 0x000030d2, + 0x0000309a, 0x000030b3, 0x000030d2, 0x00003099, + 0x000030eb, 0x000030d5, 0x000030a1, 0x000030e9, + 0x000030c3, 0x000030c8, 0x00003099, 0x000030d5, + 0x000030a3, 0x000030fc, 0x000030c8, 0x000030d5, + 0x00003099, 0x000030c3, 0x000030b7, 0x000030a7, + 0x000030eb, 0x000030d5, 0x000030e9, 0x000030f3, + 0x000030d8, 0x000030af, 0x000030bf, 0x000030fc, + 0x000030eb, 0x000030d8, 0x0000309a, 0x000030bd, + 0x000030d8, 0x0000309a, 0x000030cb, 0x000030d2, + 0x000030d8, 0x000030eb, 0x000030c4, 0x000030d8, + 0x0000309a, 0x000030f3, 0x000030b9, 0x000030d8, + 0x0000309a, 0x000030fc, 0x000030b7, 0x00003099, + 0x000030d8, 0x00003099, 0x000030fc, 0x000030bf, + 0x000030db, 0x0000309a, 0x000030a4, 0x000030f3, + 0x000030c8, 0x000030db, 0x00003099, 0x000030eb, + 0x000030c8, 0x000030db, 0x000030f3, 0x000030db, + 0x0000309a, 0x000030f3, 0x000030c8, 0x00003099, + 0x000030db, 0x000030fc, 0x000030eb, 0x000030db, + 0x000030fc, 0x000030f3, 0x000030de, 0x000030a4, + 0x000030af, 0x000030ed, 0x000030de, 0x000030a4, + 0x000030eb, 0x000030de, 0x000030c3, 0x000030cf, + 0x000030de, 0x000030eb, 0x000030af, 0x000030de, + 0x000030f3, 0x000030b7, 0x000030e7, 0x000030f3, + 0x000030df, 0x000030af, 0x000030ed, 0x000030f3, + 0x000030df, 0x000030ea, 0x000030df, 0x000030ea, + 0x000030cf, 0x00003099, 0x000030fc, 0x000030eb, + 0x000030e1, 0x000030ab, 0x00003099, 0x000030e1, + 0x000030ab, 0x00003099, 0x000030c8, 0x000030f3, + 0x000030e1, 0x000030fc, 0x000030c8, 0x000030eb, + 0x000030e4, 0x000030fc, 0x000030c8, 0x00003099, + 0x000030e4, 0x000030fc, 0x000030eb, 0x000030e6, + 0x000030a2, 0x000030f3, 0x000030ea, 0x000030c3, + 0x000030c8, 0x000030eb, 0x000030ea, 0x000030e9, + 0x000030eb, 0x000030d2, 0x0000309a, 0x000030fc, + 0x000030eb, 0x000030fc, 0x000030d5, 0x00003099, + 0x000030eb, 0x000030ec, 0x000030e0, 0x000030ec, + 0x000030f3, 0x000030c8, 0x000030b1, 0x00003099, + 0x000030f3, 0x000030ef, 0x000030c3, 0x000030c8, + 0x00000030, 0x000070b9, 0x00000031, 0x000070b9, + 0x00000032, 0x000070b9, 0x00000033, 0x000070b9, + 0x00000034, 0x000070b9, 0x00000035, 0x000070b9, + 0x00000036, 0x000070b9, 0x00000037, 0x000070b9, + 0x00000038, 0x000070b9, 0x00000039, 0x000070b9, + 0x00000031, 0x00000030, 0x000070b9, 0x00000031, + 0x00000031, 0x000070b9, 0x00000031, 0x00000032, + 0x000070b9, 0x00000031, 0x00000033, 0x000070b9, + 0x00000031, 0x00000034, 0x000070b9, 0x00000031, + 0x00000035, 0x000070b9, 0x00000031, 0x00000036, + 0x000070b9, 0x00000031, 0x00000037, 0x000070b9, + 0x00000031, 0x00000038, 0x000070b9, 0x00000031, + 0x00000039, 0x000070b9, 0x00000032, 0x00000030, + 0x000070b9, 0x00000032, 0x00000031, 0x000070b9, + 0x00000032, 0x00000032, 0x000070b9, 0x00000032, + 0x00000033, 0x000070b9, 0x00000032, 0x00000034, + 0x000070b9, 0x00000068, 0x00000050, 0x00000061, + 0x00000064, 0x00000061, 0x00000041, 0x00000055, + 0x00000062, 0x00000061, 0x00000072, 0x0000006f, + 0x00000056, 0x00000070, 0x00000063, 0x00005e73, + 0x00006210, 0x0000662d, 0x0000548c, 0x00005927, + 0x00006b63, 0x0000660e, 0x00006cbb, 0x0000682a, + 0x00005f0f, 0x00004f1a, 0x0000793e, 0x00000070, + 0x00000041, 0x0000006e, 0x00000041, 0x000003bc, + 0x00000041, 0x0000006d, 0x00000041, 0x0000006b, + 0x00000041, 0x0000004b, 0x00000042, 0x0000004d, + 0x00000042, 0x00000047, 0x00000042, 0x00000063, + 0x00000061, 0x0000006c, 0x0000006b, 0x00000063, + 0x00000061, 0x0000006c, 0x00000070, 0x00000046, + 0x0000006e, 0x00000046, 0x000003bc, 0x00000046, + 0x000003bc, 0x00000067, 0x0000006d, 0x00000067, + 0x0000006b, 0x00000067, 0x00000048, 0x0000007a, + 0x0000006b, 0x00000048, 0x0000007a, 0x0000004d, + 0x00000048, 0x0000007a, 0x00000047, 0x00000048, + 0x0000007a, 0x00000054, 0x00000048, 0x0000007a, + 0x000003bc, 0x0000006c, 0x0000006d, 0x0000006c, + 0x00000064, 0x0000006c, 0x0000006b, 0x0000006c, + 0x00000066, 0x0000006d, 0x0000006e, 0x0000006d, + 0x000003bc, 0x0000006d, 0x0000006d, 0x0000006d, + 0x00000063, 0x0000006d, 0x0000006b, 0x0000006d, + 0x0000006d, 0x0000006d, 0x00000032, 0x00000063, + 0x0000006d, 0x00000032, 0x0000006d, 0x00000032, + 0x0000006b, 0x0000006d, 0x00000032, 0x0000006d, + 0x0000006d, 0x00000033, 0x00000063, 0x0000006d, + 0x00000033, 0x0000006d, 0x00000033, 0x0000006b, + 0x0000006d, 0x00000033, 0x0000006d, 0x00002215, + 0x00000073, 0x0000006d, 0x00002215, 0x00000073, + 0x00000032, 0x00000050, 0x00000061, 0x0000006b, + 0x00000050, 0x00000061, 0x0000004d, 0x00000050, + 0x00000061, 0x00000047, 0x00000050, 0x00000061, + 0x00000072, 0x00000061, 0x00000064, 0x00000072, + 0x00000061, 0x00000064, 0x00002215, 0x00000073, + 0x00000072, 0x00000061, 0x00000064, 0x00002215, + 0x00000073, 0x00000032, 0x00000070, 0x00000073, + 0x0000006e, 0x00000073, 0x000003bc, 0x00000073, + 0x0000006d, 0x00000073, 0x00000070, 0x00000056, + 0x0000006e, 0x00000056, 0x000003bc, 0x00000056, + 0x0000006d, 0x00000056, 0x0000006b, 0x00000056, + 0x0000004d, 0x00000056, 0x00000070, 0x00000057, + 0x0000006e, 0x00000057, 0x000003bc, 0x00000057, + 0x0000006d, 0x00000057, 0x0000006b, 0x00000057, + 0x0000004d, 0x00000057, 0x0000006b, 0x000003a9, + 0x0000004d, 0x000003a9, 0x00000061, 0x0000002e, + 0x0000006d, 0x0000002e, 0x00000042, 0x00000071, + 0x00000063, 0x00000063, 0x00000063, 0x00000064, + 0x00000043, 0x00002215, 0x0000006b, 0x00000067, + 0x00000043, 0x0000006f, 0x0000002e, 0x00000064, + 0x00000042, 0x00000047, 0x00000079, 0x00000068, + 0x00000061, 0x00000048, 0x00000050, 0x00000069, + 0x0000006e, 0x0000004b, 0x0000004b, 0x0000004b, + 0x0000004d, 0x0000006b, 0x00000074, 0x0000006c, + 0x0000006d, 0x0000006c, 0x0000006e, 0x0000006c, + 0x0000006f, 0x00000067, 0x0000006c, 0x00000078, + 0x0000006d, 0x00000062, 0x0000006d, 0x00000069, + 0x0000006c, 0x0000006d, 0x0000006f, 0x0000006c, + 0x00000050, 0x00000048, 0x00000070, 0x0000002e, + 0x0000006d, 0x0000002e, 0x00000050, 0x00000050, + 0x0000004d, 0x00000050, 0x00000052, 0x00000073, + 0x00000072, 0x00000053, 0x00000076, 0x00000057, + 0x00000062, 0x00000031, 0x000065e5, 0x00000032, + 0x000065e5, 0x00000033, 0x000065e5, 0x00000034, + 0x000065e5, 0x00000035, 0x000065e5, 0x00000036, + 0x000065e5, 0x00000037, 0x000065e5, 0x00000038, + 0x000065e5, 0x00000039, 0x000065e5, 0x00000031, + 0x00000030, 0x000065e5, 0x00000031, 0x00000031, + 0x000065e5, 0x00000031, 0x00000032, 0x000065e5, + 0x00000031, 0x00000033, 0x000065e5, 0x00000031, + 0x00000034, 0x000065e5, 0x00000031, 0x00000035, + 0x000065e5, 0x00000031, 0x00000036, 0x000065e5, + 0x00000031, 0x00000037, 0x000065e5, 0x00000031, + 0x00000038, 0x000065e5, 0x00000031, 0x00000039, + 0x000065e5, 0x00000032, 0x00000030, 0x000065e5, + 0x00000032, 0x00000031, 0x000065e5, 0x00000032, + 0x00000032, 0x000065e5, 0x00000032, 0x00000033, + 0x000065e5, 0x00000032, 0x00000034, 0x000065e5, + 0x00000032, 0x00000035, 0x000065e5, 0x00000032, + 0x00000036, 0x000065e5, 0x00000032, 0x00000037, + 0x000065e5, 0x00000032, 0x00000038, 0x000065e5, + 0x00000032, 0x00000039, 0x000065e5, 0x00000033, + 0x00000030, 0x000065e5, 0x00000033, 0x00000031, + 0x000065e5, 0x00008eca, 0x00008cc8, 0x00006ed1, + 0x00004e32, 0x000053e5, 0x00009f9c, 0x00009f9c, + 0x00005951, 0x000091d1, 0x00005587, 0x00005948, + 0x000061f6, 0x00007669, 0x00007f85, 0x0000863f, + 0x000087ba, 0x000088f8, 0x0000908f, 0x00006a02, + 0x00006d1b, 0x000070d9, 0x000073de, 0x0000843d, + 0x0000916a, 0x000099f1, 0x00004e82, 0x00005375, + 0x00006b04, 0x0000721b, 0x0000862d, 0x00009e1e, + 0x00005d50, 0x00006feb, 0x000085cd, 0x00008964, + 0x000062c9, 0x000081d8, 0x0000881f, 0x00005eca, + 0x00006717, 0x00006d6a, 0x000072fc, 0x000090ce, + 0x00004f86, 0x000051b7, 0x000052de, 0x000064c4, + 0x00006ad3, 0x00007210, 0x000076e7, 0x00008001, + 0x00008606, 0x0000865c, 0x00008def, 0x00009732, + 0x00009b6f, 0x00009dfa, 0x0000788c, 0x0000797f, + 0x00007da0, 0x000083c9, 0x00009304, 0x00009e7f, + 0x00008ad6, 0x000058df, 0x00005f04, 0x00007c60, + 0x0000807e, 0x00007262, 0x000078ca, 0x00008cc2, + 0x000096f7, 0x000058d8, 0x00005c62, 0x00006a13, + 0x00006dda, 0x00006f0f, 0x00007d2f, 0x00007e37, + 0x0000964b, 0x000052d2, 0x0000808b, 0x000051dc, + 0x000051cc, 0x00007a1c, 0x00007dbe, 0x000083f1, + 0x00009675, 0x00008b80, 0x000062cf, 0x00006a02, + 0x00008afe, 0x00004e39, 0x00005be7, 0x00006012, + 0x00007387, 0x00007570, 0x00005317, 0x000078fb, + 0x00004fbf, 0x00005fa9, 0x00004e0d, 0x00006ccc, + 0x00006578, 0x00007d22, 0x000053c3, 0x0000585e, + 0x00007701, 0x00008449, 0x00008aaa, 0x00006bba, + 0x00008fb0, 0x00006c88, 0x000062fe, 0x000082e5, + 0x000063a0, 0x00007565, 0x00004eae, 0x00005169, + 0x000051c9, 0x00006881, 0x00007ce7, 0x0000826f, + 0x00008ad2, 0x000091cf, 0x000052f5, 0x00005442, + 0x00005973, 0x00005eec, 0x000065c5, 0x00006ffe, + 0x0000792a, 0x000095ad, 0x00009a6a, 0x00009e97, + 0x00009ece, 0x0000529b, 0x000066c6, 0x00006b77, + 0x00008f62, 0x00005e74, 0x00006190, 0x00006200, + 0x0000649a, 0x00006f23, 0x00007149, 0x00007489, + 0x000079ca, 0x00007df4, 0x0000806f, 0x00008f26, + 0x000084ee, 0x00009023, 0x0000934a, 0x00005217, + 0x000052a3, 0x000054bd, 0x000070c8, 0x000088c2, + 0x00008aaa, 0x00005ec9, 0x00005ff5, 0x0000637b, + 0x00006bae, 0x00007c3e, 0x00007375, 0x00004ee4, + 0x000056f9, 0x00005be7, 0x00005dba, 0x0000601c, + 0x000073b2, 0x00007469, 0x00007f9a, 0x00008046, + 0x00009234, 0x000096f6, 0x00009748, 0x00009818, + 0x00004f8b, 0x000079ae, 0x000091b4, 0x000096b8, + 0x000060e1, 0x00004e86, 0x000050da, 0x00005bee, + 0x00005c3f, 0x00006599, 0x00006a02, 0x000071ce, + 0x00007642, 0x000084fc, 0x0000907c, 0x00009f8d, + 0x00006688, 0x0000962e, 0x00005289, 0x0000677b, + 0x000067f3, 0x00006d41, 0x00006e9c, 0x00007409, + 0x00007559, 0x0000786b, 0x00007d10, 0x0000985e, + 0x0000516d, 0x0000622e, 0x00009678, 0x0000502b, + 0x00005d19, 0x00006dea, 0x00008f2a, 0x00005f8b, + 0x00006144, 0x00006817, 0x00007387, 0x00009686, + 0x00005229, 0x0000540f, 0x00005c65, 0x00006613, + 0x0000674e, 0x000068a8, 0x00006ce5, 0x00007406, + 0x000075e2, 0x00007f79, 0x000088cf, 0x000088e1, + 0x000091cc, 0x000096e2, 0x0000533f, 0x00006eba, + 0x0000541d, 0x000071d0, 0x00007498, 0x000085fa, + 0x000096a3, 0x00009c57, 0x00009e9f, 0x00006797, + 0x00006dcb, 0x000081e8, 0x00007acb, 0x00007b20, + 0x00007c92, 0x000072c0, 0x00007099, 0x00008b58, + 0x00004ec0, 0x00008336, 0x0000523a, 0x00005207, + 0x00005ea6, 0x000062d3, 0x00007cd6, 0x00005b85, + 0x00006d1e, 0x000066b4, 0x00008f3b, 0x0000884c, + 0x0000964d, 0x0000898b, 0x00005ed3, 0x00005140, + 0x000055c0, 0x0000585a, 0x00006674, 0x000051de, + 0x0000732a, 0x000076ca, 0x0000793c, 0x0000795e, + 0x00007965, 0x0000798f, 0x00009756, 0x00007cbe, + 0x00007fbd, 0x00008612, 0x00008af8, 0x00009038, + 0x000090fd, 0x000098ef, 0x000098fc, 0x00009928, + 0x00009db4, 0x00004fae, 0x000050e7, 0x0000514d, + 0x000052c9, 0x000052e4, 0x00005351, 0x0000559d, + 0x00005606, 0x00005668, 0x00005840, 0x000058a8, + 0x00005c64, 0x00005c6e, 0x00006094, 0x00006168, + 0x0000618e, 0x000061f2, 0x0000654f, 0x000065e2, + 0x00006691, 0x00006885, 0x00006d77, 0x00006e1a, + 0x00006f22, 0x0000716e, 0x0000722b, 0x00007422, + 0x00007891, 0x0000793e, 0x00007949, 0x00007948, + 0x00007950, 0x00007956, 0x0000795d, 0x0000798d, + 0x0000798e, 0x00007a40, 0x00007a81, 0x00007bc0, + 0x00007df4, 0x00007e09, 0x00007e41, 0x00007f72, + 0x00008005, 0x000081ed, 0x00008279, 0x00008279, + 0x00008457, 0x00008910, 0x00008996, 0x00008b01, + 0x00008b39, 0x00008cd3, 0x00008d08, 0x00008fb6, + 0x00009038, 0x000096e3, 0x000097ff, 0x0000983b, + 0x00000066, 0x00000066, 0x00000066, 0x00000069, + 0x00000066, 0x0000006c, 0x00000066, 0x00000066, + 0x00000069, 0x00000066, 0x00000066, 0x0000006c, + 0x00000073, 0x00000074, 0x00000073, 0x00000074, + 0x00000574, 0x00000576, 0x00000574, 0x00000565, + 0x00000574, 0x0000056b, 0x0000057e, 0x00000576, + 0x00000574, 0x0000056d, 0x000005d9, 0x000005b4, + 0x000005f2, 0x000005b7, 0x000005e2, 0x000005d0, + 0x000005d3, 0x000005d4, 0x000005db, 0x000005dc, + 0x000005dd, 0x000005e8, 0x000005ea, 0x0000002b, + 0x000005e9, 0x000005c1, 0x000005e9, 0x000005c2, + 0x000005e9, 0x000005bc, 0x000005c1, 0x000005e9, + 0x000005bc, 0x000005c2, 0x000005d0, 0x000005b7, + 0x000005d0, 0x000005b8, 0x000005d0, 0x000005bc, + 0x000005d1, 0x000005bc, 0x000005d2, 0x000005bc, + 0x000005d3, 0x000005bc, 0x000005d4, 0x000005bc, + 0x000005d5, 0x000005bc, 0x000005d6, 0x000005bc, + 0x000005d8, 0x000005bc, 0x000005d9, 0x000005bc, + 0x000005da, 0x000005bc, 0x000005db, 0x000005bc, + 0x000005dc, 0x000005bc, 0x000005de, 0x000005bc, + 0x000005e0, 0x000005bc, 0x000005e1, 0x000005bc, + 0x000005e3, 0x000005bc, 0x000005e4, 0x000005bc, + 0x000005e6, 0x000005bc, 0x000005e7, 0x000005bc, + 0x000005e8, 0x000005bc, 0x000005e9, 0x000005bc, + 0x000005ea, 0x000005bc, 0x000005d5, 0x000005b9, + 0x000005d1, 0x000005bf, 0x000005db, 0x000005bf, + 0x000005e4, 0x000005bf, 0x000005d0, 0x000005dc, + 0x00000671, 0x00000671, 0x0000067b, 0x0000067b, + 0x0000067b, 0x0000067b, 0x0000067e, 0x0000067e, + 0x0000067e, 0x0000067e, 0x00000680, 0x00000680, + 0x00000680, 0x00000680, 0x0000067a, 0x0000067a, + 0x0000067a, 0x0000067a, 0x0000067f, 0x0000067f, + 0x0000067f, 0x0000067f, 0x00000679, 0x00000679, + 0x00000679, 0x00000679, 0x000006a4, 0x000006a4, + 0x000006a4, 0x000006a4, 0x000006a6, 0x000006a6, + 0x000006a6, 0x000006a6, 0x00000684, 0x00000684, + 0x00000684, 0x00000684, 0x00000683, 0x00000683, + 0x00000683, 0x00000683, 0x00000686, 0x00000686, + 0x00000686, 0x00000686, 0x00000687, 0x00000687, + 0x00000687, 0x00000687, 0x0000068d, 0x0000068d, + 0x0000068c, 0x0000068c, 0x0000068e, 0x0000068e, + 0x00000688, 0x00000688, 0x00000698, 0x00000698, + 0x00000691, 0x00000691, 0x000006a9, 0x000006a9, + 0x000006a9, 0x000006a9, 0x000006af, 0x000006af, + 0x000006af, 0x000006af, 0x000006b3, 0x000006b3, + 0x000006b3, 0x000006b3, 0x000006b1, 0x000006b1, + 0x000006b1, 0x000006b1, 0x000006ba, 0x000006ba, + 0x000006bb, 0x000006bb, 0x000006bb, 0x000006bb, + 0x000006d5, 0x00000654, 0x000006d5, 0x00000654, + 0x000006c1, 0x000006c1, 0x000006c1, 0x000006c1, + 0x000006be, 0x000006be, 0x000006be, 0x000006be, + 0x000006d2, 0x000006d2, 0x000006d2, 0x00000654, + 0x000006d2, 0x00000654, 0x000006ad, 0x000006ad, + 0x000006ad, 0x000006ad, 0x000006c7, 0x000006c7, + 0x000006c6, 0x000006c6, 0x000006c8, 0x000006c8, + 0x000006c7, 0x00000674, 0x000006cb, 0x000006cb, + 0x000006c5, 0x000006c5, 0x000006c9, 0x000006c9, + 0x000006d0, 0x000006d0, 0x000006d0, 0x000006d0, + 0x00000649, 0x00000649, 0x0000064a, 0x00000654, + 0x00000627, 0x0000064a, 0x00000654, 0x00000627, + 0x0000064a, 0x00000654, 0x000006d5, 0x0000064a, + 0x00000654, 0x000006d5, 0x0000064a, 0x00000654, + 0x00000648, 0x0000064a, 0x00000654, 0x00000648, + 0x0000064a, 0x00000654, 0x000006c7, 0x0000064a, + 0x00000654, 0x000006c7, 0x0000064a, 0x00000654, + 0x000006c6, 0x0000064a, 0x00000654, 0x000006c6, + 0x0000064a, 0x00000654, 0x000006c8, 0x0000064a, + 0x00000654, 0x000006c8, 0x0000064a, 0x00000654, + 0x000006d0, 0x0000064a, 0x00000654, 0x000006d0, + 0x0000064a, 0x00000654, 0x000006d0, 0x0000064a, + 0x00000654, 0x00000649, 0x0000064a, 0x00000654, + 0x00000649, 0x0000064a, 0x00000654, 0x00000649, + 0x000006cc, 0x000006cc, 0x000006cc, 0x000006cc, + 0x0000064a, 0x00000654, 0x0000062c, 0x0000064a, + 0x00000654, 0x0000062d, 0x0000064a, 0x00000654, + 0x00000645, 0x0000064a, 0x00000654, 0x00000649, + 0x0000064a, 0x00000654, 0x0000064a, 0x00000628, + 0x0000062c, 0x00000628, 0x0000062d, 0x00000628, + 0x0000062e, 0x00000628, 0x00000645, 0x00000628, + 0x00000649, 0x00000628, 0x0000064a, 0x0000062a, + 0x0000062c, 0x0000062a, 0x0000062d, 0x0000062a, + 0x0000062e, 0x0000062a, 0x00000645, 0x0000062a, + 0x00000649, 0x0000062a, 0x0000064a, 0x0000062b, + 0x0000062c, 0x0000062b, 0x00000645, 0x0000062b, + 0x00000649, 0x0000062b, 0x0000064a, 0x0000062c, + 0x0000062d, 0x0000062c, 0x00000645, 0x0000062d, + 0x0000062c, 0x0000062d, 0x00000645, 0x0000062e, + 0x0000062c, 0x0000062e, 0x0000062d, 0x0000062e, + 0x00000645, 0x00000633, 0x0000062c, 0x00000633, + 0x0000062d, 0x00000633, 0x0000062e, 0x00000633, + 0x00000645, 0x00000635, 0x0000062d, 0x00000635, + 0x00000645, 0x00000636, 0x0000062c, 0x00000636, + 0x0000062d, 0x00000636, 0x0000062e, 0x00000636, + 0x00000645, 0x00000637, 0x0000062d, 0x00000637, + 0x00000645, 0x00000638, 0x00000645, 0x00000639, + 0x0000062c, 0x00000639, 0x00000645, 0x0000063a, + 0x0000062c, 0x0000063a, 0x00000645, 0x00000641, + 0x0000062c, 0x00000641, 0x0000062d, 0x00000641, + 0x0000062e, 0x00000641, 0x00000645, 0x00000641, + 0x00000649, 0x00000641, 0x0000064a, 0x00000642, + 0x0000062d, 0x00000642, 0x00000645, 0x00000642, + 0x00000649, 0x00000642, 0x0000064a, 0x00000643, + 0x00000627, 0x00000643, 0x0000062c, 0x00000643, + 0x0000062d, 0x00000643, 0x0000062e, 0x00000643, + 0x00000644, 0x00000643, 0x00000645, 0x00000643, + 0x00000649, 0x00000643, 0x0000064a, 0x00000644, + 0x0000062c, 0x00000644, 0x0000062d, 0x00000644, + 0x0000062e, 0x00000644, 0x00000645, 0x00000644, + 0x00000649, 0x00000644, 0x0000064a, 0x00000645, + 0x0000062c, 0x00000645, 0x0000062d, 0x00000645, + 0x0000062e, 0x00000645, 0x00000645, 0x00000645, + 0x00000649, 0x00000645, 0x0000064a, 0x00000646, + 0x0000062c, 0x00000646, 0x0000062d, 0x00000646, + 0x0000062e, 0x00000646, 0x00000645, 0x00000646, + 0x00000649, 0x00000646, 0x0000064a, 0x00000647, + 0x0000062c, 0x00000647, 0x00000645, 0x00000647, + 0x00000649, 0x00000647, 0x0000064a, 0x0000064a, + 0x0000062c, 0x0000064a, 0x0000062d, 0x0000064a, + 0x0000062e, 0x0000064a, 0x00000645, 0x0000064a, + 0x00000649, 0x0000064a, 0x0000064a, 0x00000630, + 0x00000670, 0x00000631, 0x00000670, 0x00000649, + 0x00000670, 0x00000020, 0x0000064c, 0x00000651, + 0x00000020, 0x0000064d, 0x00000651, 0x00000020, + 0x0000064e, 0x00000651, 0x00000020, 0x0000064f, + 0x00000651, 0x00000020, 0x00000650, 0x00000651, + 0x00000020, 0x00000651, 0x00000670, 0x0000064a, + 0x00000654, 0x00000631, 0x0000064a, 0x00000654, + 0x00000632, 0x0000064a, 0x00000654, 0x00000645, + 0x0000064a, 0x00000654, 0x00000646, 0x0000064a, + 0x00000654, 0x00000649, 0x0000064a, 0x00000654, + 0x0000064a, 0x00000628, 0x00000631, 0x00000628, + 0x00000632, 0x00000628, 0x00000645, 0x00000628, + 0x00000646, 0x00000628, 0x00000649, 0x00000628, + 0x0000064a, 0x0000062a, 0x00000631, 0x0000062a, + 0x00000632, 0x0000062a, 0x00000645, 0x0000062a, + 0x00000646, 0x0000062a, 0x00000649, 0x0000062a, + 0x0000064a, 0x0000062b, 0x00000631, 0x0000062b, + 0x00000632, 0x0000062b, 0x00000645, 0x0000062b, + 0x00000646, 0x0000062b, 0x00000649, 0x0000062b, + 0x0000064a, 0x00000641, 0x00000649, 0x00000641, + 0x0000064a, 0x00000642, 0x00000649, 0x00000642, + 0x0000064a, 0x00000643, 0x00000627, 0x00000643, + 0x00000644, 0x00000643, 0x00000645, 0x00000643, + 0x00000649, 0x00000643, 0x0000064a, 0x00000644, + 0x00000645, 0x00000644, 0x00000649, 0x00000644, + 0x0000064a, 0x00000645, 0x00000627, 0x00000645, + 0x00000645, 0x00000646, 0x00000631, 0x00000646, + 0x00000632, 0x00000646, 0x00000645, 0x00000646, + 0x00000646, 0x00000646, 0x00000649, 0x00000646, + 0x0000064a, 0x00000649, 0x00000670, 0x0000064a, + 0x00000631, 0x0000064a, 0x00000632, 0x0000064a, + 0x00000645, 0x0000064a, 0x00000646, 0x0000064a, + 0x00000649, 0x0000064a, 0x0000064a, 0x0000064a, + 0x00000654, 0x0000062c, 0x0000064a, 0x00000654, + 0x0000062d, 0x0000064a, 0x00000654, 0x0000062e, + 0x0000064a, 0x00000654, 0x00000645, 0x0000064a, + 0x00000654, 0x00000647, 0x00000628, 0x0000062c, + 0x00000628, 0x0000062d, 0x00000628, 0x0000062e, + 0x00000628, 0x00000645, 0x00000628, 0x00000647, + 0x0000062a, 0x0000062c, 0x0000062a, 0x0000062d, + 0x0000062a, 0x0000062e, 0x0000062a, 0x00000645, + 0x0000062a, 0x00000647, 0x0000062b, 0x00000645, + 0x0000062c, 0x0000062d, 0x0000062c, 0x00000645, + 0x0000062d, 0x0000062c, 0x0000062d, 0x00000645, + 0x0000062e, 0x0000062c, 0x0000062e, 0x00000645, + 0x00000633, 0x0000062c, 0x00000633, 0x0000062d, + 0x00000633, 0x0000062e, 0x00000633, 0x00000645, + 0x00000635, 0x0000062d, 0x00000635, 0x0000062e, + 0x00000635, 0x00000645, 0x00000636, 0x0000062c, + 0x00000636, 0x0000062d, 0x00000636, 0x0000062e, + 0x00000636, 0x00000645, 0x00000637, 0x0000062d, + 0x00000638, 0x00000645, 0x00000639, 0x0000062c, + 0x00000639, 0x00000645, 0x0000063a, 0x0000062c, + 0x0000063a, 0x00000645, 0x00000641, 0x0000062c, + 0x00000641, 0x0000062d, 0x00000641, 0x0000062e, + 0x00000641, 0x00000645, 0x00000642, 0x0000062d, + 0x00000642, 0x00000645, 0x00000643, 0x0000062c, + 0x00000643, 0x0000062d, 0x00000643, 0x0000062e, + 0x00000643, 0x00000644, 0x00000643, 0x00000645, + 0x00000644, 0x0000062c, 0x00000644, 0x0000062d, + 0x00000644, 0x0000062e, 0x00000644, 0x00000645, + 0x00000644, 0x00000647, 0x00000645, 0x0000062c, + 0x00000645, 0x0000062d, 0x00000645, 0x0000062e, + 0x00000645, 0x00000645, 0x00000646, 0x0000062c, + 0x00000646, 0x0000062d, 0x00000646, 0x0000062e, + 0x00000646, 0x00000645, 0x00000646, 0x00000647, + 0x00000647, 0x0000062c, 0x00000647, 0x00000645, + 0x00000647, 0x00000670, 0x0000064a, 0x0000062c, + 0x0000064a, 0x0000062d, 0x0000064a, 0x0000062e, + 0x0000064a, 0x00000645, 0x0000064a, 0x00000647, + 0x0000064a, 0x00000654, 0x00000645, 0x0000064a, + 0x00000654, 0x00000647, 0x00000628, 0x00000645, + 0x00000628, 0x00000647, 0x0000062a, 0x00000645, + 0x0000062a, 0x00000647, 0x0000062b, 0x00000645, + 0x0000062b, 0x00000647, 0x00000633, 0x00000645, + 0x00000633, 0x00000647, 0x00000634, 0x00000645, + 0x00000634, 0x00000647, 0x00000643, 0x00000644, + 0x00000643, 0x00000645, 0x00000644, 0x00000645, + 0x00000646, 0x00000645, 0x00000646, 0x00000647, + 0x0000064a, 0x00000645, 0x0000064a, 0x00000647, + 0x00000640, 0x0000064e, 0x00000651, 0x00000640, + 0x0000064f, 0x00000651, 0x00000640, 0x00000650, + 0x00000651, 0x00000637, 0x00000649, 0x00000637, + 0x0000064a, 0x00000639, 0x00000649, 0x00000639, + 0x0000064a, 0x0000063a, 0x00000649, 0x0000063a, + 0x0000064a, 0x00000633, 0x00000649, 0x00000633, + 0x0000064a, 0x00000634, 0x00000649, 0x00000634, + 0x0000064a, 0x0000062d, 0x00000649, 0x0000062d, + 0x0000064a, 0x0000062c, 0x00000649, 0x0000062c, + 0x0000064a, 0x0000062e, 0x00000649, 0x0000062e, + 0x0000064a, 0x00000635, 0x00000649, 0x00000635, + 0x0000064a, 0x00000636, 0x00000649, 0x00000636, + 0x0000064a, 0x00000634, 0x0000062c, 0x00000634, + 0x0000062d, 0x00000634, 0x0000062e, 0x00000634, + 0x00000645, 0x00000634, 0x00000631, 0x00000633, + 0x00000631, 0x00000635, 0x00000631, 0x00000636, + 0x00000631, 0x00000637, 0x00000649, 0x00000637, + 0x0000064a, 0x00000639, 0x00000649, 0x00000639, + 0x0000064a, 0x0000063a, 0x00000649, 0x0000063a, + 0x0000064a, 0x00000633, 0x00000649, 0x00000633, + 0x0000064a, 0x00000634, 0x00000649, 0x00000634, + 0x0000064a, 0x0000062d, 0x00000649, 0x0000062d, + 0x0000064a, 0x0000062c, 0x00000649, 0x0000062c, + 0x0000064a, 0x0000062e, 0x00000649, 0x0000062e, + 0x0000064a, 0x00000635, 0x00000649, 0x00000635, + 0x0000064a, 0x00000636, 0x00000649, 0x00000636, + 0x0000064a, 0x00000634, 0x0000062c, 0x00000634, + 0x0000062d, 0x00000634, 0x0000062e, 0x00000634, + 0x00000645, 0x00000634, 0x00000631, 0x00000633, + 0x00000631, 0x00000635, 0x00000631, 0x00000636, + 0x00000631, 0x00000634, 0x0000062c, 0x00000634, + 0x0000062d, 0x00000634, 0x0000062e, 0x00000634, + 0x00000645, 0x00000633, 0x00000647, 0x00000634, + 0x00000647, 0x00000637, 0x00000645, 0x00000633, + 0x0000062c, 0x00000633, 0x0000062d, 0x00000633, + 0x0000062e, 0x00000634, 0x0000062c, 0x00000634, + 0x0000062d, 0x00000634, 0x0000062e, 0x00000637, + 0x00000645, 0x00000638, 0x00000645, 0x00000627, + 0x0000064b, 0x00000627, 0x0000064b, 0x0000062a, + 0x0000062c, 0x00000645, 0x0000062a, 0x0000062d, + 0x0000062c, 0x0000062a, 0x0000062d, 0x0000062c, + 0x0000062a, 0x0000062d, 0x00000645, 0x0000062a, + 0x0000062e, 0x00000645, 0x0000062a, 0x00000645, + 0x0000062c, 0x0000062a, 0x00000645, 0x0000062d, + 0x0000062a, 0x00000645, 0x0000062e, 0x0000062c, + 0x00000645, 0x0000062d, 0x0000062c, 0x00000645, + 0x0000062d, 0x0000062d, 0x00000645, 0x0000064a, + 0x0000062d, 0x00000645, 0x00000649, 0x00000633, + 0x0000062d, 0x0000062c, 0x00000633, 0x0000062c, + 0x0000062d, 0x00000633, 0x0000062c, 0x00000649, + 0x00000633, 0x00000645, 0x0000062d, 0x00000633, + 0x00000645, 0x0000062d, 0x00000633, 0x00000645, + 0x0000062c, 0x00000633, 0x00000645, 0x00000645, + 0x00000633, 0x00000645, 0x00000645, 0x00000635, + 0x0000062d, 0x0000062d, 0x00000635, 0x0000062d, + 0x0000062d, 0x00000635, 0x00000645, 0x00000645, + 0x00000634, 0x0000062d, 0x00000645, 0x00000634, + 0x0000062d, 0x00000645, 0x00000634, 0x0000062c, + 0x0000064a, 0x00000634, 0x00000645, 0x0000062e, + 0x00000634, 0x00000645, 0x0000062e, 0x00000634, + 0x00000645, 0x00000645, 0x00000634, 0x00000645, + 0x00000645, 0x00000636, 0x0000062d, 0x00000649, + 0x00000636, 0x0000062e, 0x00000645, 0x00000636, + 0x0000062e, 0x00000645, 0x00000637, 0x00000645, + 0x0000062d, 0x00000637, 0x00000645, 0x0000062d, + 0x00000637, 0x00000645, 0x00000645, 0x00000637, + 0x00000645, 0x0000064a, 0x00000639, 0x0000062c, + 0x00000645, 0x00000639, 0x00000645, 0x00000645, + 0x00000639, 0x00000645, 0x00000645, 0x00000639, + 0x00000645, 0x00000649, 0x0000063a, 0x00000645, + 0x00000645, 0x0000063a, 0x00000645, 0x0000064a, + 0x0000063a, 0x00000645, 0x00000649, 0x00000641, + 0x0000062e, 0x00000645, 0x00000641, 0x0000062e, + 0x00000645, 0x00000642, 0x00000645, 0x0000062d, + 0x00000642, 0x00000645, 0x00000645, 0x00000644, + 0x0000062d, 0x00000645, 0x00000644, 0x0000062d, + 0x0000064a, 0x00000644, 0x0000062d, 0x00000649, + 0x00000644, 0x0000062c, 0x0000062c, 0x00000644, + 0x0000062c, 0x0000062c, 0x00000644, 0x0000062e, + 0x00000645, 0x00000644, 0x0000062e, 0x00000645, + 0x00000644, 0x00000645, 0x0000062d, 0x00000644, + 0x00000645, 0x0000062d, 0x00000645, 0x0000062d, + 0x0000062c, 0x00000645, 0x0000062d, 0x00000645, + 0x00000645, 0x0000062d, 0x0000064a, 0x00000645, + 0x0000062c, 0x0000062d, 0x00000645, 0x0000062c, + 0x00000645, 0x00000645, 0x0000062e, 0x0000062c, + 0x00000645, 0x0000062e, 0x00000645, 0x00000645, + 0x0000062c, 0x0000062e, 0x00000647, 0x00000645, + 0x0000062c, 0x00000647, 0x00000645, 0x00000645, + 0x00000646, 0x0000062d, 0x00000645, 0x00000646, + 0x0000062d, 0x00000649, 0x00000646, 0x0000062c, + 0x00000645, 0x00000646, 0x0000062c, 0x00000645, + 0x00000646, 0x0000062c, 0x00000649, 0x00000646, + 0x00000645, 0x0000064a, 0x00000646, 0x00000645, + 0x00000649, 0x0000064a, 0x00000645, 0x00000645, + 0x0000064a, 0x00000645, 0x00000645, 0x00000628, + 0x0000062e, 0x0000064a, 0x0000062a, 0x0000062c, + 0x0000064a, 0x0000062a, 0x0000062c, 0x00000649, + 0x0000062a, 0x0000062e, 0x0000064a, 0x0000062a, + 0x0000062e, 0x00000649, 0x0000062a, 0x00000645, + 0x0000064a, 0x0000062a, 0x00000645, 0x00000649, + 0x0000062c, 0x00000645, 0x0000064a, 0x0000062c, + 0x0000062d, 0x00000649, 0x0000062c, 0x00000645, + 0x00000649, 0x00000633, 0x0000062e, 0x00000649, + 0x00000635, 0x0000062d, 0x0000064a, 0x00000634, + 0x0000062d, 0x0000064a, 0x00000636, 0x0000062d, + 0x0000064a, 0x00000644, 0x0000062c, 0x0000064a, + 0x00000644, 0x00000645, 0x0000064a, 0x0000064a, + 0x0000062d, 0x0000064a, 0x0000064a, 0x0000062c, + 0x0000064a, 0x0000064a, 0x00000645, 0x0000064a, + 0x00000645, 0x00000645, 0x0000064a, 0x00000642, + 0x00000645, 0x0000064a, 0x00000646, 0x0000062d, + 0x0000064a, 0x00000642, 0x00000645, 0x0000062d, + 0x00000644, 0x0000062d, 0x00000645, 0x00000639, + 0x00000645, 0x0000064a, 0x00000643, 0x00000645, + 0x0000064a, 0x00000646, 0x0000062c, 0x0000062d, + 0x00000645, 0x0000062e, 0x0000064a, 0x00000644, + 0x0000062c, 0x00000645, 0x00000643, 0x00000645, + 0x00000645, 0x00000644, 0x0000062c, 0x00000645, + 0x00000646, 0x0000062c, 0x0000062d, 0x0000062c, + 0x0000062d, 0x0000064a, 0x0000062d, 0x0000062c, + 0x0000064a, 0x00000645, 0x0000062c, 0x0000064a, + 0x00000641, 0x00000645, 0x0000064a, 0x00000628, + 0x0000062d, 0x0000064a, 0x00000643, 0x00000645, + 0x00000645, 0x00000639, 0x0000062c, 0x00000645, + 0x00000635, 0x00000645, 0x00000645, 0x00000633, + 0x0000062e, 0x0000064a, 0x00000646, 0x0000062c, + 0x0000064a, 0x00000635, 0x00000644, 0x000006d2, + 0x00000642, 0x00000644, 0x000006d2, 0x00000627, + 0x00000644, 0x00000644, 0x00000647, 0x00000627, + 0x00000643, 0x00000628, 0x00000631, 0x00000645, + 0x0000062d, 0x00000645, 0x0000062f, 0x00000635, + 0x00000644, 0x00000639, 0x00000645, 0x00000631, + 0x00000633, 0x00000648, 0x00000644, 0x00000639, + 0x00000644, 0x0000064a, 0x00000647, 0x00000648, + 0x00000633, 0x00000644, 0x00000645, 0x00000635, + 0x00000644, 0x00000649, 0x00000635, 0x00000644, + 0x00000649, 0x00000020, 0x00000627, 0x00000644, + 0x00000644, 0x00000647, 0x00000020, 0x00000639, + 0x00000644, 0x0000064a, 0x00000647, 0x00000020, + 0x00000648, 0x00000633, 0x00000644, 0x00000645, + 0x0000062c, 0x00000644, 0x00000020, 0x0000062c, + 0x00000644, 0x00000627, 0x00000644, 0x00000647, + 0x00000631, 0x000006cc, 0x00000627, 0x00000644, + 0x0000002e, 0x0000002e, 0x00002014, 0x00002013, + 0x0000005f, 0x0000005f, 0x00000028, 0x00000029, + 0x0000007b, 0x0000007d, 0x00003014, 0x00003015, + 0x00003010, 0x00003011, 0x0000300a, 0x0000300b, + 0x00003008, 0x00003009, 0x0000300c, 0x0000300d, + 0x0000300e, 0x0000300f, 0x00000020, 0x00000305, + 0x00000020, 0x00000305, 0x00000020, 0x00000305, + 0x00000020, 0x00000305, 0x0000005f, 0x0000005f, + 0x0000005f, 0x0000002c, 0x00003001, 0x0000002e, + 0x0000003b, 0x0000003a, 0x0000003f, 0x00000021, + 0x00002014, 0x00000028, 0x00000029, 0x0000007b, + 0x0000007d, 0x00003014, 0x00003015, 0x00000023, + 0x00000026, 0x0000002a, 0x0000002b, 0x0000002d, + 0x0000003c, 0x0000003e, 0x0000003d, 0x0000005c, + 0x00000024, 0x00000025, 0x00000040, 0x00000020, + 0x0000064b, 0x00000640, 0x0000064b, 0x00000020, + 0x0000064c, 0x00000020, 0x0000064d, 0x00000020, + 0x0000064e, 0x00000640, 0x0000064e, 0x00000020, + 0x0000064f, 0x00000640, 0x0000064f, 0x00000020, + 0x00000650, 0x00000640, 0x00000650, 0x00000020, + 0x00000651, 0x00000640, 0x00000651, 0x00000020, + 0x00000652, 0x00000640, 0x00000652, 0x00000621, + 0x00000627, 0x00000653, 0x00000627, 0x00000653, + 0x00000627, 0x00000654, 0x00000627, 0x00000654, + 0x00000648, 0x00000654, 0x00000648, 0x00000654, + 0x00000627, 0x00000655, 0x00000627, 0x00000655, + 0x0000064a, 0x00000654, 0x0000064a, 0x00000654, + 0x0000064a, 0x00000654, 0x0000064a, 0x00000654, + 0x00000627, 0x00000627, 0x00000628, 0x00000628, + 0x00000628, 0x00000628, 0x00000629, 0x00000629, + 0x0000062a, 0x0000062a, 0x0000062a, 0x0000062a, + 0x0000062b, 0x0000062b, 0x0000062b, 0x0000062b, + 0x0000062c, 0x0000062c, 0x0000062c, 0x0000062c, + 0x0000062d, 0x0000062d, 0x0000062d, 0x0000062d, + 0x0000062e, 0x0000062e, 0x0000062e, 0x0000062e, + 0x0000062f, 0x0000062f, 0x00000630, 0x00000630, + 0x00000631, 0x00000631, 0x00000632, 0x00000632, + 0x00000633, 0x00000633, 0x00000633, 0x00000633, + 0x00000634, 0x00000634, 0x00000634, 0x00000634, + 0x00000635, 0x00000635, 0x00000635, 0x00000635, + 0x00000636, 0x00000636, 0x00000636, 0x00000636, + 0x00000637, 0x00000637, 0x00000637, 0x00000637, + 0x00000638, 0x00000638, 0x00000638, 0x00000638, + 0x00000639, 0x00000639, 0x00000639, 0x00000639, + 0x0000063a, 0x0000063a, 0x0000063a, 0x0000063a, + 0x00000641, 0x00000641, 0x00000641, 0x00000641, + 0x00000642, 0x00000642, 0x00000642, 0x00000642, + 0x00000643, 0x00000643, 0x00000643, 0x00000643, + 0x00000644, 0x00000644, 0x00000644, 0x00000644, + 0x00000645, 0x00000645, 0x00000645, 0x00000645, + 0x00000646, 0x00000646, 0x00000646, 0x00000646, + 0x00000647, 0x00000647, 0x00000647, 0x00000647, + 0x00000648, 0x00000648, 0x00000649, 0x00000649, + 0x0000064a, 0x0000064a, 0x0000064a, 0x0000064a, + 0x00000644, 0x00000627, 0x00000653, 0x00000644, + 0x00000627, 0x00000653, 0x00000644, 0x00000627, + 0x00000654, 0x00000644, 0x00000627, 0x00000654, + 0x00000644, 0x00000627, 0x00000655, 0x00000644, + 0x00000627, 0x00000655, 0x00000644, 0x00000627, + 0x00000644, 0x00000627, 0x00000021, 0x00000022, + 0x00000023, 0x00000024, 0x00000025, 0x00000026, + 0x00000027, 0x00000028, 0x00000029, 0x0000002a, + 0x0000002b, 0x0000002c, 0x0000002d, 0x0000002e, + 0x0000002f, 0x00000030, 0x00000031, 0x00000032, + 0x00000033, 0x00000034, 0x00000035, 0x00000036, + 0x00000037, 0x00000038, 0x00000039, 0x0000003a, + 0x0000003b, 0x0000003c, 0x0000003d, 0x0000003e, + 0x0000003f, 0x00000040, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x0000005b, 0x0000005c, 0x0000005d, 0x0000005e, + 0x0000005f, 0x00000060, 0x00000061, 0x00000062, + 0x00000063, 0x00000064, 0x00000065, 0x00000066, + 0x00000067, 0x00000068, 0x00000069, 0x0000006a, + 0x0000006b, 0x0000006c, 0x0000006d, 0x0000006e, + 0x0000006f, 0x00000070, 0x00000071, 0x00000072, + 0x00000073, 0x00000074, 0x00000075, 0x00000076, + 0x00000077, 0x00000078, 0x00000079, 0x0000007a, + 0x0000007b, 0x0000007c, 0x0000007d, 0x0000007e, + 0x00002985, 0x00002986, 0x00003002, 0x0000300c, + 0x0000300d, 0x00003001, 0x000030fb, 0x000030f2, + 0x000030a1, 0x000030a3, 0x000030a5, 0x000030a7, + 0x000030a9, 0x000030e3, 0x000030e5, 0x000030e7, + 0x000030c3, 0x000030fc, 0x000030a2, 0x000030a4, + 0x000030a6, 0x000030a8, 0x000030aa, 0x000030ab, + 0x000030ad, 0x000030af, 0x000030b1, 0x000030b3, + 0x000030b5, 0x000030b7, 0x000030b9, 0x000030bb, + 0x000030bd, 0x000030bf, 0x000030c1, 0x000030c4, + 0x000030c6, 0x000030c8, 0x000030ca, 0x000030cb, + 0x000030cc, 0x000030cd, 0x000030ce, 0x000030cf, + 0x000030d2, 0x000030d5, 0x000030d8, 0x000030db, + 0x000030de, 0x000030df, 0x000030e0, 0x000030e1, + 0x000030e2, 0x000030e4, 0x000030e6, 0x000030e8, + 0x000030e9, 0x000030ea, 0x000030eb, 0x000030ec, + 0x000030ed, 0x000030ef, 0x000030f3, 0x00003099, + 0x0000309a, 0x00001160, 0x00001100, 0x00001101, + 0x000011aa, 0x00001102, 0x000011ac, 0x000011ad, + 0x00001103, 0x00001104, 0x00001105, 0x000011b0, + 0x000011b1, 0x000011b2, 0x000011b3, 0x000011b4, + 0x000011b5, 0x0000111a, 0x00001106, 0x00001107, + 0x00001108, 0x00001121, 0x00001109, 0x0000110a, + 0x0000110b, 0x0000110c, 0x0000110d, 0x0000110e, + 0x0000110f, 0x00001110, 0x00001111, 0x00001112, + 0x00001161, 0x00001162, 0x00001163, 0x00001164, + 0x00001165, 0x00001166, 0x00001167, 0x00001168, + 0x00001169, 0x0000116a, 0x0000116b, 0x0000116c, + 0x0000116d, 0x0000116e, 0x0000116f, 0x00001170, + 0x00001171, 0x00001172, 0x00001173, 0x00001174, + 0x00001175, 0x000000a2, 0x000000a3, 0x000000ac, + 0x00000020, 0x00000304, 0x000000a6, 0x000000a5, + 0x000020a9, 0x00002502, 0x00002190, 0x00002191, + 0x00002192, 0x00002193, 0x000025a0, 0x000025cb, + 0x0001d157, 0x0001d165, 0x0001d158, 0x0001d165, + 0x0001d158, 0x0001d165, 0x0001d16e, 0x0001d158, + 0x0001d165, 0x0001d16f, 0x0001d158, 0x0001d165, + 0x0001d170, 0x0001d158, 0x0001d165, 0x0001d171, + 0x0001d158, 0x0001d165, 0x0001d172, 0x0001d1b9, + 0x0001d165, 0x0001d1ba, 0x0001d165, 0x0001d1b9, + 0x0001d165, 0x0001d16e, 0x0001d1ba, 0x0001d165, + 0x0001d16e, 0x0001d1b9, 0x0001d165, 0x0001d16f, + 0x0001d1ba, 0x0001d165, 0x0001d16f, 0x00000041, + 0x00000042, 0x00000043, 0x00000044, 0x00000045, + 0x00000046, 0x00000047, 0x00000048, 0x00000049, + 0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d, + 0x0000004e, 0x0000004f, 0x00000050, 0x00000051, + 0x00000052, 0x00000053, 0x00000054, 0x00000055, + 0x00000056, 0x00000057, 0x00000058, 0x00000059, + 0x0000005a, 0x00000061, 0x00000062, 0x00000063, + 0x00000064, 0x00000065, 0x00000066, 0x00000067, + 0x00000068, 0x00000069, 0x0000006a, 0x0000006b, + 0x0000006c, 0x0000006d, 0x0000006e, 0x0000006f, + 0x00000070, 0x00000071, 0x00000072, 0x00000073, + 0x00000074, 0x00000075, 0x00000076, 0x00000077, + 0x00000078, 0x00000079, 0x0000007a, 0x00000041, + 0x00000042, 0x00000043, 0x00000044, 0x00000045, + 0x00000046, 0x00000047, 0x00000048, 0x00000049, + 0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d, + 0x0000004e, 0x0000004f, 0x00000050, 0x00000051, + 0x00000052, 0x00000053, 0x00000054, 0x00000055, + 0x00000056, 0x00000057, 0x00000058, 0x00000059, + 0x0000005a, 0x00000061, 0x00000062, 0x00000063, + 0x00000064, 0x00000065, 0x00000066, 0x00000067, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000043, + 0x00000044, 0x00000047, 0x0000004a, 0x0000004b, + 0x0000004e, 0x0000004f, 0x00000050, 0x00000051, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000066, 0x00000068, 0x00000069, 0x0000006a, + 0x0000006b, 0x0000006d, 0x0000006e, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000044, 0x00000045, 0x00000046, 0x00000047, + 0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d, + 0x0000004e, 0x0000004f, 0x00000050, 0x00000051, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x00000061, + 0x00000062, 0x00000063, 0x00000064, 0x00000065, + 0x00000066, 0x00000067, 0x00000068, 0x00000069, + 0x0000006a, 0x0000006b, 0x0000006c, 0x0000006d, + 0x0000006e, 0x0000006f, 0x00000070, 0x00000071, + 0x00000072, 0x00000073, 0x00000074, 0x00000075, + 0x00000076, 0x00000077, 0x00000078, 0x00000079, + 0x0000007a, 0x00000041, 0x00000042, 0x00000044, + 0x00000045, 0x00000046, 0x00000047, 0x00000049, + 0x0000004a, 0x0000004b, 0x0000004c, 0x0000004d, + 0x0000004f, 0x00000053, 0x00000054, 0x00000055, + 0x00000056, 0x00000057, 0x00000058, 0x00000059, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000041, 0x00000042, + 0x00000043, 0x00000044, 0x00000045, 0x00000046, + 0x00000047, 0x00000048, 0x00000049, 0x0000004a, + 0x0000004b, 0x0000004c, 0x0000004d, 0x0000004e, + 0x0000004f, 0x00000050, 0x00000051, 0x00000052, + 0x00000053, 0x00000054, 0x00000055, 0x00000056, + 0x00000057, 0x00000058, 0x00000059, 0x0000005a, + 0x00000061, 0x00000062, 0x00000063, 0x00000064, + 0x00000065, 0x00000066, 0x00000067, 0x00000068, + 0x00000069, 0x0000006a, 0x0000006b, 0x0000006c, + 0x0000006d, 0x0000006e, 0x0000006f, 0x00000070, + 0x00000071, 0x00000072, 0x00000073, 0x00000074, + 0x00000075, 0x00000076, 0x00000077, 0x00000078, + 0x00000079, 0x0000007a, 0x00000391, 0x00000392, + 0x00000393, 0x00000394, 0x00000395, 0x00000396, + 0x00000397, 0x00000398, 0x00000399, 0x0000039a, + 0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e, + 0x0000039f, 0x000003a0, 0x000003a1, 0x00000398, + 0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6, + 0x000003a7, 0x000003a8, 0x000003a9, 0x00002207, + 0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4, + 0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8, + 0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc, + 0x000003bd, 0x000003be, 0x000003bf, 0x000003c0, + 0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4, + 0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8, + 0x000003c9, 0x00002202, 0x000003b5, 0x000003b8, + 0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0, + 0x00000391, 0x00000392, 0x00000393, 0x00000394, + 0x00000395, 0x00000396, 0x00000397, 0x00000398, + 0x00000399, 0x0000039a, 0x0000039b, 0x0000039c, + 0x0000039d, 0x0000039e, 0x0000039f, 0x000003a0, + 0x000003a1, 0x00000398, 0x000003a3, 0x000003a4, + 0x000003a5, 0x000003a6, 0x000003a7, 0x000003a8, + 0x000003a9, 0x00002207, 0x000003b1, 0x000003b2, + 0x000003b3, 0x000003b4, 0x000003b5, 0x000003b6, + 0x000003b7, 0x000003b8, 0x000003b9, 0x000003ba, + 0x000003bb, 0x000003bc, 0x000003bd, 0x000003be, + 0x000003bf, 0x000003c0, 0x000003c1, 0x000003c2, + 0x000003c3, 0x000003c4, 0x000003c5, 0x000003c6, + 0x000003c7, 0x000003c8, 0x000003c9, 0x00002202, + 0x000003b5, 0x000003b8, 0x000003ba, 0x000003c6, + 0x000003c1, 0x000003c0, 0x00000391, 0x00000392, + 0x00000393, 0x00000394, 0x00000395, 0x00000396, + 0x00000397, 0x00000398, 0x00000399, 0x0000039a, + 0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e, + 0x0000039f, 0x000003a0, 0x000003a1, 0x00000398, + 0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6, + 0x000003a7, 0x000003a8, 0x000003a9, 0x00002207, + 0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4, + 0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8, + 0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc, + 0x000003bd, 0x000003be, 0x000003bf, 0x000003c0, + 0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4, + 0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8, + 0x000003c9, 0x00002202, 0x000003b5, 0x000003b8, + 0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0, + 0x00000391, 0x00000392, 0x00000393, 0x00000394, + 0x00000395, 0x00000396, 0x00000397, 0x00000398, + 0x00000399, 0x0000039a, 0x0000039b, 0x0000039c, + 0x0000039d, 0x0000039e, 0x0000039f, 0x000003a0, + 0x000003a1, 0x00000398, 0x000003a3, 0x000003a4, + 0x000003a5, 0x000003a6, 0x000003a7, 0x000003a8, + 0x000003a9, 0x00002207, 0x000003b1, 0x000003b2, + 0x000003b3, 0x000003b4, 0x000003b5, 0x000003b6, + 0x000003b7, 0x000003b8, 0x000003b9, 0x000003ba, + 0x000003bb, 0x000003bc, 0x000003bd, 0x000003be, + 0x000003bf, 0x000003c0, 0x000003c1, 0x000003c2, + 0x000003c3, 0x000003c4, 0x000003c5, 0x000003c6, + 0x000003c7, 0x000003c8, 0x000003c9, 0x00002202, + 0x000003b5, 0x000003b8, 0x000003ba, 0x000003c6, + 0x000003c1, 0x000003c0, 0x00000391, 0x00000392, + 0x00000393, 0x00000394, 0x00000395, 0x00000396, + 0x00000397, 0x00000398, 0x00000399, 0x0000039a, + 0x0000039b, 0x0000039c, 0x0000039d, 0x0000039e, + 0x0000039f, 0x000003a0, 0x000003a1, 0x00000398, + 0x000003a3, 0x000003a4, 0x000003a5, 0x000003a6, + 0x000003a7, 0x000003a8, 0x000003a9, 0x00002207, + 0x000003b1, 0x000003b2, 0x000003b3, 0x000003b4, + 0x000003b5, 0x000003b6, 0x000003b7, 0x000003b8, + 0x000003b9, 0x000003ba, 0x000003bb, 0x000003bc, + 0x000003bd, 0x000003be, 0x000003bf, 0x000003c0, + 0x000003c1, 0x000003c2, 0x000003c3, 0x000003c4, + 0x000003c5, 0x000003c6, 0x000003c7, 0x000003c8, + 0x000003c9, 0x00002202, 0x000003b5, 0x000003b8, + 0x000003ba, 0x000003c6, 0x000003c1, 0x000003c0, + 0x00000030, 0x00000031, 0x00000032, 0x00000033, + 0x00000034, 0x00000035, 0x00000036, 0x00000037, + 0x00000038, 0x00000039, 0x00000030, 0x00000031, + 0x00000032, 0x00000033, 0x00000034, 0x00000035, + 0x00000036, 0x00000037, 0x00000038, 0x00000039, + 0x00000030, 0x00000031, 0x00000032, 0x00000033, + 0x00000034, 0x00000035, 0x00000036, 0x00000037, + 0x00000038, 0x00000039, 0x00000030, 0x00000031, + 0x00000032, 0x00000033, 0x00000034, 0x00000035, + 0x00000036, 0x00000037, 0x00000038, 0x00000039, + 0x00000030, 0x00000031, 0x00000032, 0x00000033, + 0x00000034, 0x00000035, 0x00000036, 0x00000037, + 0x00000038, 0x00000039, 0x00004e3d, 0x00004e38, + 0x00004e41, 0x00020122, 0x00004f60, 0x00004fae, + 0x00004fbb, 0x00005002, 0x0000507a, 0x00005099, + 0x000050e7, 0x000050cf, 0x0000349e, 0x0002063a, + 0x0000514d, 0x00005154, 0x00005164, 0x00005177, + 0x0002051c, 0x000034b9, 0x00005167, 0x0000518d, + 0x0002054b, 0x00005197, 0x000051a4, 0x00004ecc, + 0x000051ac, 0x000051b5, 0x000291df, 0x000051f5, + 0x00005203, 0x000034df, 0x0000523b, 0x00005246, + 0x00005272, 0x00005277, 0x00003515, 0x000052c7, + 0x000052c9, 0x000052e4, 0x000052fa, 0x00005305, + 0x00005306, 0x00005317, 0x00005349, 0x00005351, + 0x0000535a, 0x00005373, 0x0000537d, 0x0000537f, + 0x0000537f, 0x0000537f, 0x00020a2c, 0x00007070, + 0x000053ca, 0x000053df, 0x00020b63, 0x000053eb, + 0x000053f1, 0x00005406, 0x0000549e, 0x00005438, + 0x00005448, 0x00005468, 0x000054a2, 0x000054f6, + 0x00005510, 0x00005553, 0x00005563, 0x00005584, + 0x00005584, 0x00005599, 0x000055ab, 0x000055b3, + 0x000055c2, 0x00005716, 0x00005606, 0x00005717, + 0x00005651, 0x00005674, 0x00005207, 0x000058ee, + 0x000057ce, 0x000057f4, 0x0000580d, 0x0000578b, + 0x00005832, 0x00005831, 0x000058ac, 0x000214e4, + 0x000058f2, 0x000058f7, 0x00005906, 0x0000591a, + 0x00005922, 0x00005962, 0x000216a8, 0x000216ea, + 0x000059ec, 0x00005a1b, 0x00005a27, 0x000059d8, + 0x00005a66, 0x000036ee, 0x0002136a, 0x00005b08, + 0x00005b3e, 0x00005b3e, 0x000219c8, 0x00005bc3, + 0x00005bd8, 0x00005be7, 0x00005bf3, 0x00021b18, + 0x00005bff, 0x00005c06, 0x00005f33, 0x00005c22, + 0x00003781, 0x00005c60, 0x00005c6e, 0x00005cc0, + 0x00005c8d, 0x00021de4, 0x00005d43, 0x00021de6, + 0x00005d6e, 0x00005d6b, 0x00005d7c, 0x00005de1, + 0x00005de2, 0x0000382f, 0x00005dfd, 0x00005e28, + 0x00005e3d, 0x00005e69, 0x00003862, 0x00022183, + 0x0000387c, 0x00005eb0, 0x00005eb3, 0x00005eb6, + 0x00005eca, 0x0002a392, 0x00005efe, 0x00022331, + 0x00022331, 0x00008201, 0x00005f22, 0x00005f22, + 0x000038c7, 0x000232b8, 0x000261da, 0x00005f62, + 0x00005f6b, 0x000038e3, 0x00005f9a, 0x00005fcd, + 0x00005fd7, 0x00005ff9, 0x00006081, 0x0000393a, + 0x0000391c, 0x00006094, 0x000226d4, 0x000060c7, + 0x00006148, 0x0000614c, 0x0000614e, 0x0000614c, + 0x0000617a, 0x0000618e, 0x000061b2, 0x000061a4, + 0x000061af, 0x000061de, 0x000061f2, 0x000061f6, + 0x00006210, 0x0000621b, 0x0000625d, 0x000062b1, + 0x000062d4, 0x00006350, 0x00022b0c, 0x0000633d, + 0x000062fc, 0x00006368, 0x00006383, 0x000063e4, + 0x00022bf1, 0x00006422, 0x000063c5, 0x000063a9, + 0x00003a2e, 0x00006469, 0x0000647e, 0x0000649d, + 0x00006477, 0x00003a6c, 0x0000654f, 0x0000656c, + 0x0002300a, 0x000065e3, 0x000066f8, 0x00006649, + 0x00003b19, 0x00006691, 0x00003b08, 0x00003ae4, + 0x00005192, 0x00005195, 0x00006700, 0x0000669c, + 0x000080ad, 0x000043d9, 0x00006717, 0x0000671b, + 0x00006721, 0x0000675e, 0x00006753, 0x000233c3, + 0x00003b49, 0x000067fa, 0x00006785, 0x00006852, + 0x00006885, 0x0002346d, 0x0000688e, 0x0000681f, + 0x00006914, 0x00003b9d, 0x00006942, 0x000069a3, + 0x000069ea, 0x00006aa8, 0x000236a3, 0x00006adb, + 0x00003c18, 0x00006b21, 0x000238a7, 0x00006b54, + 0x00003c4e, 0x00006b72, 0x00006b9f, 0x00006bba, + 0x00006bbb, 0x00023a8d, 0x00021d0b, 0x00023afa, + 0x00006c4e, 0x00023cbc, 0x00006cbf, 0x00006ccd, + 0x00006c67, 0x00006d16, 0x00006d3e, 0x00006d77, + 0x00006d41, 0x00006d69, 0x00006d78, 0x00006d85, + 0x00023d1e, 0x00006d34, 0x00006e2f, 0x00006e6e, + 0x00003d33, 0x00006ecb, 0x00006ec7, 0x00023ed1, + 0x00006df9, 0x00006f6e, 0x00023f5e, 0x00023f8e, + 0x00006fc6, 0x00007039, 0x0000701e, 0x0000701b, + 0x00003d96, 0x0000704a, 0x0000707d, 0x00007077, + 0x000070ad, 0x00020525, 0x00007145, 0x00024263, + 0x0000719c, 0x000043ab, 0x00007228, 0x00007235, + 0x00007250, 0x00024608, 0x00007280, 0x00007295, + 0x00024735, 0x00024814, 0x0000737a, 0x0000738b, + 0x00003eac, 0x000073a5, 0x00003eb8, 0x00003eb8, + 0x00007447, 0x0000745c, 0x00007471, 0x00007485, + 0x000074ca, 0x00003f1b, 0x00007524, 0x00024c36, + 0x0000753e, 0x00024c92, 0x00007570, 0x0002219f, + 0x00007610, 0x00024fa1, 0x00024fb8, 0x00025044, + 0x00003ffc, 0x00004008, 0x000076f4, 0x000250f3, + 0x000250f2, 0x00025119, 0x00025133, 0x0000771e, + 0x0000771f, 0x0000771f, 0x0000774a, 0x00004039, + 0x0000778b, 0x00004046, 0x00004096, 0x0002541d, + 0x0000784e, 0x0000788c, 0x000078cc, 0x000040e3, + 0x00025626, 0x00007956, 0x0002569a, 0x000256c5, + 0x0000798f, 0x000079eb, 0x0000412f, 0x00007a40, + 0x00007a4a, 0x00007a4f, 0x0002597c, 0x00025aa7, + 0x00025aa7, 0x00007aae, 0x00004202, 0x00025bab, + 0x00007bc6, 0x00007bc9, 0x00004227, 0x00025c80, + 0x00007cd2, 0x000042a0, 0x00007ce8, 0x00007ce3, + 0x00007d00, 0x00025f86, 0x00007d63, 0x00004301, + 0x00007dc7, 0x00007e02, 0x00007e45, 0x00004334, + 0x00026228, 0x00026247, 0x00004359, 0x000262d9, + 0x00007f7a, 0x0002633e, 0x00007f95, 0x00007ffa, + 0x00008005, 0x000264da, 0x00026523, 0x00008060, + 0x000265a8, 0x00008070, 0x0002335f, 0x000043d5, + 0x000080b2, 0x00008103, 0x0000440b, 0x0000813e, + 0x00005ab5, 0x000267a7, 0x000267b5, 0x00023393, + 0x0002339c, 0x00008201, 0x00008204, 0x00008f9e, + 0x0000446b, 0x00008291, 0x0000828b, 0x0000829d, + 0x000052b3, 0x000082b1, 0x000082b3, 0x000082bd, + 0x000082e6, 0x00026b3c, 0x000082e5, 0x0000831d, + 0x00008363, 0x000083ad, 0x00008323, 0x000083bd, + 0x000083e7, 0x00008457, 0x00008353, 0x000083ca, + 0x000083cc, 0x000083dc, 0x00026c36, 0x00026d6b, + 0x00026cd5, 0x0000452b, 0x000084f1, 0x000084f3, + 0x00008516, 0x000273ca, 0x00008564, 0x00026f2c, + 0x0000455d, 0x00004561, 0x00026fb1, 0x000270d2, + 0x0000456b, 0x00008650, 0x0000865c, 0x00008667, + 0x00008669, 0x000086a9, 0x00008688, 0x0000870e, + 0x000086e2, 0x00008779, 0x00008728, 0x0000876b, + 0x00008786, 0x00004d57, 0x000087e1, 0x00008801, + 0x000045f9, 0x00008860, 0x00008863, 0x00027667, + 0x000088d7, 0x000088de, 0x00004635, 0x000088fa, + 0x000034bb, 0x000278ae, 0x00027966, 0x000046be, + 0x000046c7, 0x00008aa0, 0x00008aed, 0x00008b8a, + 0x00008c55, 0x00027ca8, 0x00008cab, 0x00008cc1, + 0x00008d1b, 0x00008d77, 0x00027f2f, 0x00020804, + 0x00008dcb, 0x00008dbc, 0x00008df0, 0x000208de, + 0x00008ed4, 0x00008f38, 0x000285d2, 0x000285ed, + 0x00009094, 0x000090f1, 0x00009111, 0x0002872e, + 0x0000911b, 0x00009238, 0x000092d7, 0x000092d8, + 0x0000927c, 0x000093f9, 0x00009415, 0x00028bfa, + 0x0000958b, 0x00004995, 0x000095b7, 0x00028d77, + 0x000049e6, 0x000096c3, 0x00005db2, 0x00009723, + 0x00029145, 0x0002921a, 0x00004a6e, 0x00004a76, + 0x000097e0, 0x0002940a, 0x00004ab2, 0x00029496, + 0x0000980b, 0x0000980b, 0x00009829, 0x000295b6, + 0x000098e2, 0x00004b33, 0x00009929, 0x000099a7, + 0x000099c2, 0x000099fe, 0x00004bce, 0x00029b30, + 0x00009b12, 0x00009c40, 0x00009cfd, 0x00004cce, + 0x00004ced, 0x00009d67, 0x0002a0ce, 0x00004cf8, + 0x0002a105, 0x0002a20e, 0x0002a291, 0x00009ebb, + 0x00004d56, 0x00009ef9, 0x00009efe, 0x00009f05, + 0x00009f0f, 0x00009f16, 0x00009f3b, 0x0002a600 +}; + +static const krb5_ui_4 _uccmcl_size = 489; + +static const krb5_ui_4 _uccmcl_nodes[] = { + 0x00000300, 0x00000314, 0x000000e6, 0x00000315, + 0x00000315, 0x000000e8, 0x00000316, 0x00000319, + 0x000000dc, 0x0000031a, 0x0000031a, 0x000000e8, + 0x0000031b, 0x0000031b, 0x000000d8, 0x0000031c, + 0x00000320, 0x000000dc, 0x00000321, 0x00000322, + 0x000000ca, 0x00000323, 0x00000326, 0x000000dc, + 0x00000327, 0x00000328, 0x000000ca, 0x00000329, + 0x00000333, 0x000000dc, 0x00000334, 0x00000338, + 0x00000001, 0x00000339, 0x0000033c, 0x000000dc, + 0x0000033d, 0x00000344, 0x000000e6, 0x00000345, + 0x00000345, 0x000000f0, 0x00000346, 0x00000346, + 0x000000e6, 0x00000347, 0x00000349, 0x000000dc, + 0x0000034a, 0x0000034c, 0x000000e6, 0x0000034d, + 0x0000034e, 0x000000dc, 0x00000360, 0x00000361, + 0x000000ea, 0x00000362, 0x00000362, 0x000000e9, + 0x00000363, 0x0000036f, 0x000000e6, 0x00000483, + 0x00000486, 0x000000e6, 0x00000591, 0x00000591, + 0x000000dc, 0x00000592, 0x00000595, 0x000000e6, + 0x00000596, 0x00000596, 0x000000dc, 0x00000597, + 0x00000599, 0x000000e6, 0x0000059a, 0x0000059a, + 0x000000de, 0x0000059b, 0x0000059b, 0x000000dc, + 0x0000059c, 0x000005a1, 0x000000e6, 0x000005a3, + 0x000005a7, 0x000000dc, 0x000005a8, 0x000005a9, + 0x000000e6, 0x000005aa, 0x000005aa, 0x000000dc, + 0x000005ab, 0x000005ac, 0x000000e6, 0x000005ad, + 0x000005ad, 0x000000de, 0x000005ae, 0x000005ae, + 0x000000e4, 0x000005af, 0x000005af, 0x000000e6, + 0x000005b0, 0x000005b0, 0x0000000a, 0x000005b1, + 0x000005b1, 0x0000000b, 0x000005b2, 0x000005b2, + 0x0000000c, 0x000005b3, 0x000005b3, 0x0000000d, + 0x000005b4, 0x000005b4, 0x0000000e, 0x000005b5, + 0x000005b5, 0x0000000f, 0x000005b6, 0x000005b6, + 0x00000010, 0x000005b7, 0x000005b7, 0x00000011, + 0x000005b8, 0x000005b8, 0x00000012, 0x000005b9, + 0x000005b9, 0x00000013, 0x000005bb, 0x000005bb, + 0x00000014, 0x000005bc, 0x000005bc, 0x00000015, + 0x000005bd, 0x000005bd, 0x00000016, 0x000005bf, + 0x000005bf, 0x00000017, 0x000005c1, 0x000005c1, + 0x00000018, 0x000005c2, 0x000005c2, 0x00000019, + 0x000005c4, 0x000005c4, 0x000000e6, 0x0000064b, + 0x0000064b, 0x0000001b, 0x0000064c, 0x0000064c, + 0x0000001c, 0x0000064d, 0x0000064d, 0x0000001d, + 0x0000064e, 0x0000064e, 0x0000001e, 0x0000064f, + 0x0000064f, 0x0000001f, 0x00000650, 0x00000650, + 0x00000020, 0x00000651, 0x00000651, 0x00000021, + 0x00000652, 0x00000652, 0x00000022, 0x00000653, + 0x00000654, 0x000000e6, 0x00000655, 0x00000655, + 0x000000dc, 0x00000670, 0x00000670, 0x00000023, + 0x000006d6, 0x000006dc, 0x000000e6, 0x000006df, + 0x000006e2, 0x000000e6, 0x000006e3, 0x000006e3, + 0x000000dc, 0x000006e4, 0x000006e4, 0x000000e6, + 0x000006e7, 0x000006e8, 0x000000e6, 0x000006ea, + 0x000006ea, 0x000000dc, 0x000006eb, 0x000006ec, + 0x000000e6, 0x000006ed, 0x000006ed, 0x000000dc, + 0x00000711, 0x00000711, 0x00000024, 0x00000730, + 0x00000730, 0x000000e6, 0x00000731, 0x00000731, + 0x000000dc, 0x00000732, 0x00000733, 0x000000e6, + 0x00000734, 0x00000734, 0x000000dc, 0x00000735, + 0x00000736, 0x000000e6, 0x00000737, 0x00000739, + 0x000000dc, 0x0000073a, 0x0000073a, 0x000000e6, + 0x0000073b, 0x0000073c, 0x000000dc, 0x0000073d, + 0x0000073d, 0x000000e6, 0x0000073e, 0x0000073e, + 0x000000dc, 0x0000073f, 0x00000741, 0x000000e6, + 0x00000742, 0x00000742, 0x000000dc, 0x00000743, + 0x00000743, 0x000000e6, 0x00000744, 0x00000744, + 0x000000dc, 0x00000745, 0x00000745, 0x000000e6, + 0x00000746, 0x00000746, 0x000000dc, 0x00000747, + 0x00000747, 0x000000e6, 0x00000748, 0x00000748, + 0x000000dc, 0x00000749, 0x0000074a, 0x000000e6, + 0x0000093c, 0x0000093c, 0x00000007, 0x0000094d, + 0x0000094d, 0x00000009, 0x00000951, 0x00000951, + 0x000000e6, 0x00000952, 0x00000952, 0x000000dc, + 0x00000953, 0x00000954, 0x000000e6, 0x000009bc, + 0x000009bc, 0x00000007, 0x000009cd, 0x000009cd, + 0x00000009, 0x00000a3c, 0x00000a3c, 0x00000007, + 0x00000a4d, 0x00000a4d, 0x00000009, 0x00000abc, + 0x00000abc, 0x00000007, 0x00000acd, 0x00000acd, + 0x00000009, 0x00000b3c, 0x00000b3c, 0x00000007, + 0x00000b4d, 0x00000b4d, 0x00000009, 0x00000bcd, + 0x00000bcd, 0x00000009, 0x00000c4d, 0x00000c4d, + 0x00000009, 0x00000c55, 0x00000c55, 0x00000054, + 0x00000c56, 0x00000c56, 0x0000005b, 0x00000ccd, + 0x00000ccd, 0x00000009, 0x00000d4d, 0x00000d4d, + 0x00000009, 0x00000dca, 0x00000dca, 0x00000009, + 0x00000e38, 0x00000e39, 0x00000067, 0x00000e3a, + 0x00000e3a, 0x00000009, 0x00000e48, 0x00000e4b, + 0x0000006b, 0x00000eb8, 0x00000eb9, 0x00000076, + 0x00000ec8, 0x00000ecb, 0x0000007a, 0x00000f18, + 0x00000f19, 0x000000dc, 0x00000f35, 0x00000f35, + 0x000000dc, 0x00000f37, 0x00000f37, 0x000000dc, + 0x00000f39, 0x00000f39, 0x000000d8, 0x00000f71, + 0x00000f71, 0x00000081, 0x00000f72, 0x00000f72, + 0x00000082, 0x00000f74, 0x00000f74, 0x00000084, + 0x00000f7a, 0x00000f7d, 0x00000082, 0x00000f80, + 0x00000f80, 0x00000082, 0x00000f82, 0x00000f83, + 0x000000e6, 0x00000f84, 0x00000f84, 0x00000009, + 0x00000f86, 0x00000f87, 0x000000e6, 0x00000fc6, + 0x00000fc6, 0x000000dc, 0x00001037, 0x00001037, + 0x00000007, 0x00001039, 0x00001039, 0x00000009, + 0x00001714, 0x00001714, 0x00000009, 0x00001734, + 0x00001734, 0x00000009, 0x000017d2, 0x000017d2, + 0x00000009, 0x000018a9, 0x000018a9, 0x000000e4, + 0x000020d0, 0x000020d1, 0x000000e6, 0x000020d2, + 0x000020d3, 0x00000001, 0x000020d4, 0x000020d7, + 0x000000e6, 0x000020d8, 0x000020da, 0x00000001, + 0x000020db, 0x000020dc, 0x000000e6, 0x000020e1, + 0x000020e1, 0x000000e6, 0x000020e5, 0x000020e6, + 0x00000001, 0x000020e7, 0x000020e7, 0x000000e6, + 0x000020e8, 0x000020e8, 0x000000dc, 0x000020e9, + 0x000020e9, 0x000000e6, 0x000020ea, 0x000020ea, + 0x00000001, 0x0000302a, 0x0000302a, 0x000000da, + 0x0000302b, 0x0000302b, 0x000000e4, 0x0000302c, + 0x0000302c, 0x000000e8, 0x0000302d, 0x0000302d, + 0x000000de, 0x0000302e, 0x0000302f, 0x000000e0, + 0x00003099, 0x0000309a, 0x00000008, 0x0000fb1e, + 0x0000fb1e, 0x0000001a, 0x0000fe20, 0x0000fe23, + 0x000000e6, 0x0001d165, 0x0001d166, 0x000000d8, + 0x0001d167, 0x0001d169, 0x00000001, 0x0001d16d, + 0x0001d16d, 0x000000e2, 0x0001d16e, 0x0001d172, + 0x000000d8, 0x0001d17b, 0x0001d182, 0x000000dc, + 0x0001d185, 0x0001d189, 0x000000e6, 0x0001d18a, + 0x0001d18b, 0x000000dc, 0x0001d1aa, 0x0001d1ad, + 0x000000e6 +}; + +static const krb5_ui_4 _ucnum_size = 1066; + +static const krb5_ui_4 _ucnum_nodes[] = { + 0x00000030, 0x00000000, 0x00000031, 0x00000002, + 0x00000032, 0x00000004, 0x00000033, 0x00000006, + 0x00000034, 0x00000008, 0x00000035, 0x0000000a, + 0x00000036, 0x0000000c, 0x00000037, 0x0000000e, + 0x00000038, 0x00000010, 0x00000039, 0x00000012, + 0x000000b2, 0x00000004, 0x000000b3, 0x00000006, + 0x000000b9, 0x00000002, 0x000000bc, 0x00000014, + 0x000000bd, 0x00000016, 0x000000be, 0x00000018, + 0x00000660, 0x00000000, 0x00000661, 0x00000002, + 0x00000662, 0x00000004, 0x00000663, 0x00000006, + 0x00000664, 0x00000008, 0x00000665, 0x0000000a, + 0x00000666, 0x0000000c, 0x00000667, 0x0000000e, + 0x00000668, 0x00000010, 0x00000669, 0x00000012, + 0x000006f0, 0x00000000, 0x000006f1, 0x00000002, + 0x000006f2, 0x00000004, 0x000006f3, 0x00000006, + 0x000006f4, 0x00000008, 0x000006f5, 0x0000000a, + 0x000006f6, 0x0000000c, 0x000006f7, 0x0000000e, + 0x000006f8, 0x00000010, 0x000006f9, 0x00000012, + 0x00000966, 0x00000000, 0x00000967, 0x00000002, + 0x00000968, 0x00000004, 0x00000969, 0x00000006, + 0x0000096a, 0x00000008, 0x0000096b, 0x0000000a, + 0x0000096c, 0x0000000c, 0x0000096d, 0x0000000e, + 0x0000096e, 0x00000010, 0x0000096f, 0x00000012, + 0x000009e6, 0x00000000, 0x000009e7, 0x00000002, + 0x000009e8, 0x00000004, 0x000009e9, 0x00000006, + 0x000009ea, 0x00000008, 0x000009eb, 0x0000000a, + 0x000009ec, 0x0000000c, 0x000009ed, 0x0000000e, + 0x000009ee, 0x00000010, 0x000009ef, 0x00000012, + 0x000009f4, 0x00000002, 0x000009f5, 0x00000004, + 0x000009f6, 0x00000006, 0x000009f7, 0x00000008, + 0x000009f9, 0x0000001a, 0x00000a66, 0x00000000, + 0x00000a67, 0x00000002, 0x00000a68, 0x00000004, + 0x00000a69, 0x00000006, 0x00000a6a, 0x00000008, + 0x00000a6b, 0x0000000a, 0x00000a6c, 0x0000000c, + 0x00000a6d, 0x0000000e, 0x00000a6e, 0x00000010, + 0x00000a6f, 0x00000012, 0x00000ae6, 0x00000000, + 0x00000ae7, 0x00000002, 0x00000ae8, 0x00000004, + 0x00000ae9, 0x00000006, 0x00000aea, 0x00000008, + 0x00000aeb, 0x0000000a, 0x00000aec, 0x0000000c, + 0x00000aed, 0x0000000e, 0x00000aee, 0x00000010, + 0x00000aef, 0x00000012, 0x00000b66, 0x00000000, + 0x00000b67, 0x00000002, 0x00000b68, 0x00000004, + 0x00000b69, 0x00000006, 0x00000b6a, 0x00000008, + 0x00000b6b, 0x0000000a, 0x00000b6c, 0x0000000c, + 0x00000b6d, 0x0000000e, 0x00000b6e, 0x00000010, + 0x00000b6f, 0x00000012, 0x00000be7, 0x00000002, + 0x00000be8, 0x00000004, 0x00000be9, 0x00000006, + 0x00000bea, 0x00000008, 0x00000beb, 0x0000000a, + 0x00000bec, 0x0000000c, 0x00000bed, 0x0000000e, + 0x00000bee, 0x00000010, 0x00000bef, 0x00000012, + 0x00000bf0, 0x0000001c, 0x00000bf1, 0x0000001e, + 0x00000bf2, 0x00000020, 0x00000c66, 0x00000000, + 0x00000c67, 0x00000002, 0x00000c68, 0x00000004, + 0x00000c69, 0x00000006, 0x00000c6a, 0x00000008, + 0x00000c6b, 0x0000000a, 0x00000c6c, 0x0000000c, + 0x00000c6d, 0x0000000e, 0x00000c6e, 0x00000010, + 0x00000c6f, 0x00000012, 0x00000ce6, 0x00000000, + 0x00000ce7, 0x00000002, 0x00000ce8, 0x00000004, + 0x00000ce9, 0x00000006, 0x00000cea, 0x00000008, + 0x00000ceb, 0x0000000a, 0x00000cec, 0x0000000c, + 0x00000ced, 0x0000000e, 0x00000cee, 0x00000010, + 0x00000cef, 0x00000012, 0x00000d66, 0x00000000, + 0x00000d67, 0x00000002, 0x00000d68, 0x00000004, + 0x00000d69, 0x00000006, 0x00000d6a, 0x00000008, + 0x00000d6b, 0x0000000a, 0x00000d6c, 0x0000000c, + 0x00000d6d, 0x0000000e, 0x00000d6e, 0x00000010, + 0x00000d6f, 0x00000012, 0x00000e50, 0x00000000, + 0x00000e51, 0x00000002, 0x00000e52, 0x00000004, + 0x00000e53, 0x00000006, 0x00000e54, 0x00000008, + 0x00000e55, 0x0000000a, 0x00000e56, 0x0000000c, + 0x00000e57, 0x0000000e, 0x00000e58, 0x00000010, + 0x00000e59, 0x00000012, 0x00000ed0, 0x00000000, + 0x00000ed1, 0x00000002, 0x00000ed2, 0x00000004, + 0x00000ed3, 0x00000006, 0x00000ed4, 0x00000008, + 0x00000ed5, 0x0000000a, 0x00000ed6, 0x0000000c, + 0x00000ed7, 0x0000000e, 0x00000ed8, 0x00000010, + 0x00000ed9, 0x00000012, 0x00000f20, 0x00000000, + 0x00000f21, 0x00000002, 0x00000f22, 0x00000004, + 0x00000f23, 0x00000006, 0x00000f24, 0x00000008, + 0x00000f25, 0x0000000a, 0x00000f26, 0x0000000c, + 0x00000f27, 0x0000000e, 0x00000f28, 0x00000010, + 0x00000f29, 0x00000012, 0x00000f2a, 0x00000016, + 0x00000f2b, 0x00000022, 0x00000f2c, 0x00000024, + 0x00000f2d, 0x00000026, 0x00000f2e, 0x00000028, + 0x00000f2f, 0x0000002a, 0x00000f30, 0x0000002c, + 0x00000f31, 0x0000002e, 0x00000f32, 0x00000030, + 0x00000f33, 0x00000032, 0x00001040, 0x00000000, + 0x00001041, 0x00000002, 0x00001042, 0x00000004, + 0x00001043, 0x00000006, 0x00001044, 0x00000008, + 0x00001045, 0x0000000a, 0x00001046, 0x0000000c, + 0x00001047, 0x0000000e, 0x00001048, 0x00000010, + 0x00001049, 0x00000012, 0x00001369, 0x00000002, + 0x0000136a, 0x00000004, 0x0000136b, 0x00000006, + 0x0000136c, 0x00000008, 0x0000136d, 0x0000000a, + 0x0000136e, 0x0000000c, 0x0000136f, 0x0000000e, + 0x00001370, 0x00000010, 0x00001371, 0x00000012, + 0x00001372, 0x0000001c, 0x00001373, 0x00000034, + 0x00001374, 0x00000036, 0x00001375, 0x00000038, + 0x00001376, 0x0000003a, 0x00001377, 0x0000003c, + 0x00001378, 0x0000003e, 0x00001379, 0x00000040, + 0x0000137a, 0x00000042, 0x0000137b, 0x0000001e, + 0x0000137c, 0x00000044, 0x000016ee, 0x00000046, + 0x000016ef, 0x00000048, 0x000016f0, 0x0000004a, + 0x000017e0, 0x00000000, 0x000017e1, 0x00000002, + 0x000017e2, 0x00000004, 0x000017e3, 0x00000006, + 0x000017e4, 0x00000008, 0x000017e5, 0x0000000a, + 0x000017e6, 0x0000000c, 0x000017e7, 0x0000000e, + 0x000017e8, 0x00000010, 0x000017e9, 0x00000012, + 0x00001810, 0x00000000, 0x00001811, 0x00000002, + 0x00001812, 0x00000004, 0x00001813, 0x00000006, + 0x00001814, 0x00000008, 0x00001815, 0x0000000a, + 0x00001816, 0x0000000c, 0x00001817, 0x0000000e, + 0x00001818, 0x00000010, 0x00001819, 0x00000012, + 0x00002070, 0x00000000, 0x00002074, 0x00000008, + 0x00002075, 0x0000000a, 0x00002076, 0x0000000c, + 0x00002077, 0x0000000e, 0x00002078, 0x00000010, + 0x00002079, 0x00000012, 0x00002080, 0x00000000, + 0x00002081, 0x00000002, 0x00002082, 0x00000004, + 0x00002083, 0x00000006, 0x00002084, 0x00000008, + 0x00002085, 0x0000000a, 0x00002086, 0x0000000c, + 0x00002087, 0x0000000e, 0x00002088, 0x00000010, + 0x00002089, 0x00000012, 0x00002153, 0x0000004c, + 0x00002154, 0x0000004e, 0x00002155, 0x00000050, + 0x00002156, 0x00000052, 0x00002157, 0x00000054, + 0x00002158, 0x00000056, 0x00002159, 0x00000058, + 0x0000215a, 0x0000005a, 0x0000215b, 0x0000005c, + 0x0000215c, 0x0000005e, 0x0000215d, 0x00000060, + 0x0000215e, 0x00000062, 0x0000215f, 0x00000002, + 0x00002160, 0x00000002, 0x00002161, 0x00000004, + 0x00002162, 0x00000006, 0x00002163, 0x00000008, + 0x00002164, 0x0000000a, 0x00002165, 0x0000000c, + 0x00002166, 0x0000000e, 0x00002167, 0x00000010, + 0x00002168, 0x00000012, 0x00002169, 0x0000001c, + 0x0000216a, 0x00000064, 0x0000216b, 0x00000066, + 0x0000216c, 0x0000003a, 0x0000216d, 0x0000001e, + 0x0000216e, 0x00000068, 0x0000216f, 0x00000020, + 0x00002170, 0x00000002, 0x00002171, 0x00000004, + 0x00002172, 0x00000006, 0x00002173, 0x00000008, + 0x00002174, 0x0000000a, 0x00002175, 0x0000000c, + 0x00002176, 0x0000000e, 0x00002177, 0x00000010, + 0x00002178, 0x00000012, 0x00002179, 0x0000001c, + 0x0000217a, 0x00000064, 0x0000217b, 0x00000066, + 0x0000217c, 0x0000003a, 0x0000217d, 0x0000001e, + 0x0000217e, 0x00000068, 0x0000217f, 0x00000020, + 0x00002180, 0x00000020, 0x00002181, 0x0000006a, + 0x00002182, 0x00000044, 0x00002460, 0x00000002, + 0x00002461, 0x00000004, 0x00002462, 0x00000006, + 0x00002463, 0x00000008, 0x00002464, 0x0000000a, + 0x00002465, 0x0000000c, 0x00002466, 0x0000000e, + 0x00002467, 0x00000010, 0x00002468, 0x00000012, + 0x00002469, 0x0000001c, 0x0000246a, 0x00000064, + 0x0000246b, 0x00000066, 0x0000246c, 0x0000006c, + 0x0000246d, 0x0000006e, 0x0000246e, 0x00000070, + 0x0000246f, 0x0000001a, 0x00002470, 0x00000046, + 0x00002471, 0x00000048, 0x00002472, 0x0000004a, + 0x00002473, 0x00000034, 0x00002474, 0x00000002, + 0x00002475, 0x00000004, 0x00002476, 0x00000006, + 0x00002477, 0x00000008, 0x00002478, 0x0000000a, + 0x00002479, 0x0000000c, 0x0000247a, 0x0000000e, + 0x0000247b, 0x00000010, 0x0000247c, 0x00000012, + 0x0000247d, 0x0000001c, 0x0000247e, 0x00000064, + 0x0000247f, 0x00000066, 0x00002480, 0x0000006c, + 0x00002481, 0x0000006e, 0x00002482, 0x00000070, + 0x00002483, 0x0000001a, 0x00002484, 0x00000046, + 0x00002485, 0x00000048, 0x00002486, 0x0000004a, + 0x00002487, 0x00000034, 0x00002488, 0x00000002, + 0x00002489, 0x00000004, 0x0000248a, 0x00000006, + 0x0000248b, 0x00000008, 0x0000248c, 0x0000000a, + 0x0000248d, 0x0000000c, 0x0000248e, 0x0000000e, + 0x0000248f, 0x00000010, 0x00002490, 0x00000012, + 0x00002491, 0x0000001c, 0x00002492, 0x00000064, + 0x00002493, 0x00000066, 0x00002494, 0x0000006c, + 0x00002495, 0x0000006e, 0x00002496, 0x00000070, + 0x00002497, 0x0000001a, 0x00002498, 0x00000046, + 0x00002499, 0x00000048, 0x0000249a, 0x0000004a, + 0x0000249b, 0x00000034, 0x000024ea, 0x00000000, + 0x000024eb, 0x00000064, 0x000024ec, 0x00000066, + 0x000024ed, 0x0000006c, 0x000024ee, 0x0000006e, + 0x000024ef, 0x00000070, 0x000024f0, 0x0000001a, + 0x000024f1, 0x00000046, 0x000024f2, 0x00000048, + 0x000024f3, 0x0000004a, 0x000024f4, 0x00000034, + 0x000024f5, 0x00000002, 0x000024f6, 0x00000004, + 0x000024f7, 0x00000006, 0x000024f8, 0x00000008, + 0x000024f9, 0x0000000a, 0x000024fa, 0x0000000c, + 0x000024fb, 0x0000000e, 0x000024fc, 0x00000010, + 0x000024fd, 0x00000012, 0x000024fe, 0x0000001c, + 0x00002776, 0x00000002, 0x00002777, 0x00000004, + 0x00002778, 0x00000006, 0x00002779, 0x00000008, + 0x0000277a, 0x0000000a, 0x0000277b, 0x0000000c, + 0x0000277c, 0x0000000e, 0x0000277d, 0x00000010, + 0x0000277e, 0x00000012, 0x0000277f, 0x0000001c, + 0x00002780, 0x00000002, 0x00002781, 0x00000004, + 0x00002782, 0x00000006, 0x00002783, 0x00000008, + 0x00002784, 0x0000000a, 0x00002785, 0x0000000c, + 0x00002786, 0x0000000e, 0x00002787, 0x00000010, + 0x00002788, 0x00000012, 0x00002789, 0x0000001c, + 0x0000278a, 0x00000002, 0x0000278b, 0x00000004, + 0x0000278c, 0x00000006, 0x0000278d, 0x00000008, + 0x0000278e, 0x0000000a, 0x0000278f, 0x0000000c, + 0x00002790, 0x0000000e, 0x00002791, 0x00000010, + 0x00002792, 0x00000012, 0x00002793, 0x0000001c, + 0x00003007, 0x00000000, 0x00003021, 0x00000002, + 0x00003022, 0x00000004, 0x00003023, 0x00000006, + 0x00003024, 0x00000008, 0x00003025, 0x0000000a, + 0x00003026, 0x0000000c, 0x00003027, 0x0000000e, + 0x00003028, 0x00000010, 0x00003029, 0x00000012, + 0x00003038, 0x0000001c, 0x00003039, 0x00000034, + 0x0000303a, 0x00000036, 0x00003192, 0x00000002, + 0x00003193, 0x00000004, 0x00003194, 0x00000006, + 0x00003195, 0x00000008, 0x00003220, 0x00000002, + 0x00003221, 0x00000004, 0x00003222, 0x00000006, + 0x00003223, 0x00000008, 0x00003224, 0x0000000a, + 0x00003225, 0x0000000c, 0x00003226, 0x0000000e, + 0x00003227, 0x00000010, 0x00003228, 0x00000012, + 0x00003229, 0x0000001c, 0x00003251, 0x00000072, + 0x00003252, 0x00000074, 0x00003253, 0x00000076, + 0x00003254, 0x00000078, 0x00003255, 0x0000007a, + 0x00003256, 0x0000007c, 0x00003257, 0x0000007e, + 0x00003258, 0x00000080, 0x00003259, 0x00000082, + 0x0000325a, 0x00000036, 0x0000325b, 0x00000084, + 0x0000325c, 0x00000086, 0x0000325d, 0x00000088, + 0x0000325e, 0x0000008a, 0x0000325f, 0x0000008c, + 0x00003280, 0x00000002, 0x00003281, 0x00000004, + 0x00003282, 0x00000006, 0x00003283, 0x00000008, + 0x00003284, 0x0000000a, 0x00003285, 0x0000000c, + 0x00003286, 0x0000000e, 0x00003287, 0x00000010, + 0x00003288, 0x00000012, 0x00003289, 0x0000001c, + 0x000032b1, 0x0000008e, 0x000032b2, 0x00000090, + 0x000032b3, 0x00000092, 0x000032b4, 0x00000094, + 0x000032b5, 0x00000038, 0x000032b6, 0x00000096, + 0x000032b7, 0x00000098, 0x000032b8, 0x0000009a, + 0x000032b9, 0x0000009c, 0x000032ba, 0x0000009e, + 0x000032bb, 0x000000a0, 0x000032bc, 0x000000a2, + 0x000032bd, 0x000000a4, 0x000032be, 0x000000a6, + 0x000032bf, 0x0000003a, 0x0000ff10, 0x00000000, + 0x0000ff11, 0x00000002, 0x0000ff12, 0x00000004, + 0x0000ff13, 0x00000006, 0x0000ff14, 0x00000008, + 0x0000ff15, 0x0000000a, 0x0000ff16, 0x0000000c, + 0x0000ff17, 0x0000000e, 0x0000ff18, 0x00000010, + 0x0000ff19, 0x00000012, 0x00010320, 0x00000002, + 0x00010321, 0x0000000a, 0x00010322, 0x0000001c, + 0x00010323, 0x0000003a, 0x0001d7ce, 0x00000000, + 0x0001d7cf, 0x00000002, 0x0001d7d0, 0x00000004, + 0x0001d7d1, 0x00000006, 0x0001d7d2, 0x00000008, + 0x0001d7d3, 0x0000000a, 0x0001d7d4, 0x0000000c, + 0x0001d7d5, 0x0000000e, 0x0001d7d6, 0x00000010, + 0x0001d7d7, 0x00000012, 0x0001d7d8, 0x00000000, + 0x0001d7d9, 0x00000002, 0x0001d7da, 0x00000004, + 0x0001d7db, 0x00000006, 0x0001d7dc, 0x00000008, + 0x0001d7dd, 0x0000000a, 0x0001d7de, 0x0000000c, + 0x0001d7df, 0x0000000e, 0x0001d7e0, 0x00000010, + 0x0001d7e1, 0x00000012, 0x0001d7e2, 0x00000000, + 0x0001d7e3, 0x00000002, 0x0001d7e4, 0x00000004, + 0x0001d7e5, 0x00000006, 0x0001d7e6, 0x00000008, + 0x0001d7e7, 0x0000000a, 0x0001d7e8, 0x0000000c, + 0x0001d7e9, 0x0000000e, 0x0001d7ea, 0x00000010, + 0x0001d7eb, 0x00000012, 0x0001d7ec, 0x00000000, + 0x0001d7ed, 0x00000002, 0x0001d7ee, 0x00000004, + 0x0001d7ef, 0x00000006, 0x0001d7f0, 0x00000008, + 0x0001d7f1, 0x0000000a, 0x0001d7f2, 0x0000000c, + 0x0001d7f3, 0x0000000e, 0x0001d7f4, 0x00000010, + 0x0001d7f5, 0x00000012, 0x0001d7f6, 0x00000000, + 0x0001d7f7, 0x00000002, 0x0001d7f8, 0x00000004, + 0x0001d7f9, 0x00000006, 0x0001d7fa, 0x00000008, + 0x0001d7fb, 0x0000000a, 0x0001d7fc, 0x0000000c, + 0x0001d7fd, 0x0000000e, 0x0001d7fe, 0x00000010, + 0x0001d7ff, 0x00000012 +}; + +static const short _ucnum_vals[] = { + 0x0000, 0x0001, 0x0001, 0x0001, 0x0002, 0x0001, 0x0003, 0x0001, + 0x0004, 0x0001, 0x0005, 0x0001, 0x0006, 0x0001, 0x0007, 0x0001, + 0x0008, 0x0001, 0x0009, 0x0001, 0x0001, 0x0004, 0x0001, 0x0002, + 0x0003, 0x0004, 0x0010, 0x0001, 0x000a, 0x0001, 0x0064, 0x0001, + 0x03e8, 0x0001, 0x0003, 0x0002, 0x0005, 0x0002, 0x0007, 0x0002, + 0x0009, 0x0002, 0x000b, 0x0002, 0x000d, 0x0002, 0x000f, 0x0002, + 0x0011, 0x0002, -1, 0x0002, 0x0014, 0x0001, 0x001e, 0x0001, + 0x0028, 0x0001, 0x0032, 0x0001, 0x003c, 0x0001, 0x0046, 0x0001, + 0x0050, 0x0001, 0x005a, 0x0001, 0x2710, 0x0001, 0x0011, 0x0001, + 0x0012, 0x0001, 0x0013, 0x0001, 0x0001, 0x0003, 0x0002, 0x0003, + 0x0001, 0x0005, 0x0002, 0x0005, 0x0003, 0x0005, 0x0004, 0x0005, + 0x0001, 0x0006, 0x0005, 0x0006, 0x0001, 0x0008, 0x0003, 0x0008, + 0x0005, 0x0008, 0x0007, 0x0008, 0x000b, 0x0001, 0x000c, 0x0001, + 0x01f4, 0x0001, 0x1388, 0x0001, 0x000d, 0x0001, 0x000e, 0x0001, + 0x000f, 0x0001, 0x0015, 0x0001, 0x0016, 0x0001, 0x0017, 0x0001, + 0x0018, 0x0001, 0x0019, 0x0001, 0x001a, 0x0001, 0x001b, 0x0001, + 0x001c, 0x0001, 0x001d, 0x0001, 0x001f, 0x0001, 0x0020, 0x0001, + 0x0021, 0x0001, 0x0022, 0x0001, 0x0023, 0x0001, 0x0024, 0x0001, + 0x0025, 0x0001, 0x0026, 0x0001, 0x0027, 0x0001, 0x0029, 0x0001, + 0x002a, 0x0001, 0x002b, 0x0001, 0x002c, 0x0001, 0x002d, 0x0001, + 0x002e, 0x0001, 0x002f, 0x0001, 0x0030, 0x0001, 0x0031, 0x0001 +}; + diff --git a/src/lib/krb5/unicode/ucstr.c b/src/lib/krb5/unicode/ucstr.c new file mode 100644 index 0000000000..fd5ce1c281 --- /dev/null +++ b/src/lib/krb5/unicode/ucstr.c @@ -0,0 +1,449 @@ +/* + * $OpenLDAP: pkg/ldap/libraries/liblunicode/ucstr.c,v 1.40 2008/03/04 + * 06:24:05 hyc Exp $ + */ +/* + * This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP Public + * License. + * + * A copy of this license is available in file LICENSE in the top-level + * directory of the distribution or, alternatively, at + * . + */ + +#include "k5-int.h" +#include "k5-utf8.h" +#include "k5-unicode.h" +#include "ucdata/ucdata.h" + +#include + +int +krb5int_ucstrncmp( + const krb5_unicode * u1, + const krb5_unicode * u2, + size_t n) +{ + for (; 0 < n; ++u1, ++u2, --n) { + if (*u1 != *u2) { + return *u1 < *u2 ? -1 : +1; + } + if (*u1 == 0) { + return 0; + } + } + return 0; +} + +int +krb5int_ucstrncasecmp( + const krb5_unicode * u1, + const krb5_unicode * u2, + size_t n) +{ + for (; 0 < n; ++u1, ++u2, --n) { + krb5_unicode uu1 = uctolower(*u1); + krb5_unicode uu2 = uctolower(*u2); + + if (uu1 != uu2) { + return uu1 < uu2 ? -1 : +1; + } + if (uu1 == 0) { + return 0; + } + } + return 0; +} + +krb5_unicode * +krb5int_ucstrnchr( + const krb5_unicode * u, + size_t n, + krb5_unicode c) +{ + for (; 0 < n; ++u, --n) { + if (*u == c) { + return (krb5_unicode *) u; + } + } + + return NULL; +} + +krb5_unicode * +krb5int_ucstrncasechr( + const krb5_unicode * u, + size_t n, + krb5_unicode c) +{ + c = uctolower(c); + for (; 0 < n; ++u, --n) { + if (uctolower(*u) == c) { + return (krb5_unicode *) u; + } + } + + return NULL; +} + +void +krb5int_ucstr2upper( + krb5_unicode * u, + size_t n) +{ + for (; 0 < n; ++u, --n) { + *u = uctoupper(*u); + } +} + +#define TOUPPER(c) (islower(c) ? toupper(c) : (c)) +#define TOLOWER(c) (isupper(c) ? tolower(c) : (c)) + +krb5_data * +krb5int_utf8_normalize( + krb5_data * data, + krb5_data * newdata, + unsigned flags) +{ + int i, j, len, clen, outpos, ucsoutlen, outsize, last; + char *out, *outtmp, *s; + krb5_ucs4 *ucs, *p, *ucsout; + + static unsigned char mask[] = { + 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01}; + + unsigned casefold = flags & KRB5_UTF8_CASEFOLD; + unsigned approx = flags & KRB5_UTF8_APPROX; + + if (data == NULL) { + return NULL; + } + s = data->data; + len = data->length; + + if (!newdata) { + newdata = (krb5_data *) malloc(sizeof(*newdata)); + if (newdata == NULL) + return NULL; + } + /* + * Should first check to see if string is already in proper normalized + * form. This is almost as time consuming as the normalization though. + */ + + /* finish off everything up to character before first non-ascii */ + if (KRB5_UTF8_ISASCII(s)) { + if (casefold) { + outsize = len + 7; + out = (char *) malloc(outsize); + if (out == NULL) { + return NULL; + } + outpos = 0; + + for (i = 1; (i < len) && KRB5_UTF8_ISASCII(s + i); i++) { + out[outpos++] = TOLOWER(s[i - 1]); + } + if (i == len) { + out[outpos++] = TOLOWER(s[len - 1]); + out[outpos] = '\0'; + newdata->data = out; + newdata->length = outpos; + return newdata; + } + } else { + for (i = 1; (i < len) && KRB5_UTF8_ISASCII(s + i); i++) { + /* empty */ + } + + if (i == len) { + newdata->length = len; + newdata->data = malloc(newdata->length + 1); + if (newdata->data == NULL) { + return NULL; + } + memcpy(newdata->data, s, len); + newdata->data[len] = '\0'; + return newdata; + } + outsize = len + 7; + out = (char *) malloc(outsize); + if (out == NULL) { + return NULL; + } + outpos = i - 1; + memcpy(out, s, outpos); + } + } else { + outsize = len + 7; + out = (char *) malloc(outsize); + if (out == NULL) { + return NULL; + } + outpos = 0; + i = 0; + } + + p = ucs = malloc(len * sizeof(*ucs)); + if (ucs == NULL) { + free(out); + return NULL; + } + /* convert character before first non-ascii to ucs-4 */ + if (i > 0) { + *p = casefold ? TOLOWER(s[i - 1]) : s[i - 1]; + p++; + } + /* s[i] is now first non-ascii character */ + for (;;) { + /* s[i] is non-ascii */ + /* convert everything up to next ascii to ucs-4 */ + while (i < len) { + clen = KRB5_UTF8_CHARLEN2(s + i, clen); + if (clen == 0) { + free(ucs); + free(out); + return NULL; + } + if (clen == 1) { + /* ascii */ + break; + } + *p = s[i] & mask[clen]; + i++; + for (j = 1; j < clen; j++) { + if ((s[i] & 0xc0) != 0x80) { + free(ucs); + free(out); + return NULL; + } + *p <<= 6; + *p |= s[i] & 0x3f; + i++; + } + if (casefold) { + *p = uctolower(*p); + } + p++; + } + /* normalize ucs of length p - ucs */ + uccompatdecomp(ucs, p - ucs, &ucsout, &ucsoutlen); + if (approx) { + for (j = 0; j < ucsoutlen; j++) { + if (ucsout[j] < 0x80) { + out[outpos++] = ucsout[j]; + } + } + } else { + ucsoutlen = uccanoncomp(ucsout, ucsoutlen); + /* convert ucs to utf-8 and store in out */ + for (j = 0; j < ucsoutlen; j++) { + /* + * allocate more space if not enough room for 6 bytes and + * terminator + */ + if (outsize - outpos < 7) { + outsize = ucsoutlen - j + outpos + 6; + outtmp = (char *) realloc(out, outsize); + if (outtmp == NULL) { + free(ucsout); + free(ucs); + free(out); + return NULL; + } + out = outtmp; + } + outpos += krb5int_ucs4_to_utf8(ucsout[j], &out[outpos]); + } + } + + free(ucsout); + ucsout = NULL; + + if (i == len) { + break; + } + last = i; + + /* Allocate more space in out if necessary */ + if (len - i >= outsize - outpos) { + outsize += 1 + ((len - i) - (outsize - outpos)); + outtmp = (char *) realloc(out, outsize); + if (outtmp == NULL) { + free(ucs); + free(out); + return NULL; + } + out = outtmp; + } + /* s[i] is ascii */ + /* finish off everything up to char before next non-ascii */ + for (i++; (i < len) && KRB5_UTF8_ISASCII(s + i); i++) { + out[outpos++] = casefold ? TOLOWER(s[i - 1]) : s[i - 1]; + } + if (i == len) { + out[outpos++] = casefold ? TOLOWER(s[len - 1]) : s[len - 1]; + break; + } + /* convert character before next non-ascii to ucs-4 */ + *ucs = casefold ? TOLOWER(s[i - 1]) : s[i - 1]; + p = ucs + 1; + } + + free(ucs); + out[outpos] = '\0'; + newdata->data = out; + newdata->length = outpos; + return newdata; +} + +/* compare UTF8-strings, optionally ignore casing */ +/* slow, should be optimized */ +int +krb5int_utf8_normcmp( + const krb5_data * data1, + const krb5_data * data2, + unsigned flags) +{ + int i, l1, l2, len, ulen, res = 0; + char *s1, *s2, *done; + krb5_ucs4 *ucs, *ucsout1, *ucsout2; + + unsigned casefold = flags & KRB5_UTF8_CASEFOLD; + unsigned norm1 = flags & KRB5_UTF8_ARG1NFC; + unsigned norm2 = flags & KRB5_UTF8_ARG2NFC; + + if (data1 == NULL) { + return data2 == NULL ? 0 : -1; + + } else if (data2 == NULL) { + return 1; + } + l1 = data1->length; + l2 = data2->length; + + len = (l1 < l2) ? l1 : l2; + if (len == 0) { + return l1 == 0 ? (l2 == 0 ? 0 : -1) : 1; + } + s1 = data1->data; + s2 = data2->data; + done = s1 + len; + + while ((s1 < done) && KRB5_UTF8_ISASCII(s1) && KRB5_UTF8_ISASCII(s2)) { + if (casefold) { + char c1 = TOLOWER(*s1); + char c2 = TOLOWER(*s2); + res = c1 - c2; + } else { + res = *s1 - *s2; + } + s1++; + s2++; + if (res) { + /* done unless next character in s1 or s2 is non-ascii */ + if (s1 < done) { + if (!KRB5_UTF8_ISASCII(s1) || !KRB5_UTF8_ISASCII(s2)) { + break; + } + } else if (((len < l1) && !KRB5_UTF8_ISASCII(s1)) || + ((len < l2) && !KRB5_UTF8_ISASCII(s2))) { + break; + } + return res; + } + } + + /* We have encountered non-ascii or strings equal up to len */ + + /* set i to number of iterations */ + i = s1 - done + len; + /* passed through loop at least once? */ + if (i > 0) { + if (!res && (s1 == done) && + ((len == l1) || KRB5_UTF8_ISASCII(s1)) && + ((len == l2) || KRB5_UTF8_ISASCII(s2))) { + /* all ascii and equal up to len */ + return l1 - l2; + } + /* rewind one char, and do normalized compare from there */ + s1--; + s2--; + l1 -= i - 1; + l2 -= i - 1; + } + /* + * Should first check to see if strings are already in proper normalized + * form. + */ + ucs = malloc(((norm1 || l1 > l2) ? l1 : l2) * sizeof(*ucs)); + if (ucs == NULL) { + return l1 > l2 ? 1 : -1;/* what to do??? */ + } + /* + * XXYYZ: we convert to ucs4 even though -llunicode + * expects ucs2 in an ac_uint4 + */ + + /* convert and normalize 1st string */ + for (i = 0, ulen = 0; i < l1; i += len, ulen++) { + ucs[ulen] = krb5int_utf8_to_ucs4(s1 + i); + if (ucs[ulen] == KRB5_UCS4_INVALID) { + free(ucs); + return -1; /* what to do??? */ + } + len = KRB5_UTF8_CHARLEN(s1 + i); + } + + if (norm1) { + ucsout1 = ucs; + l1 = ulen; + ucs = malloc(l2 * sizeof(*ucs)); + if (ucs == NULL) { + free(ucsout1); + return l1 > l2 ? 1 : -1; /* what to do??? */ + } + } else { + uccompatdecomp(ucs, ulen, &ucsout1, &l1); + l1 = uccanoncomp(ucsout1, l1); + } + + /* convert and normalize 2nd string */ + for (i = 0, ulen = 0; i < l2; i += len, ulen++) { + ucs[ulen] = krb5int_utf8_to_ucs4(s2 + i); + if (ucs[ulen] == KRB5_UCS4_INVALID) { + free(ucsout1); + free(ucs); + return 1; /* what to do??? */ + } + len = KRB5_UTF8_CHARLEN(s2 + i); + } + + if (norm2) { + ucsout2 = ucs; + l2 = ulen; + } else { + uccompatdecomp(ucs, ulen, &ucsout2, &l2); + l2 = uccanoncomp(ucsout2, l2); + free(ucs); + } + + res = casefold + ? krb5int_ucstrncasecmp(ucsout1, ucsout2, l1 < l2 ? l1 : l2) + : krb5int_ucstrncmp(ucsout1, ucsout2, l1 < l2 ? l1 : l2); + free(ucsout1); + free(ucsout2); + + if (res != 0) { + return res; + } + if (l1 == l2) { + return 0; + } + return l1 > l2 ? 1 : -1; +} diff --git a/src/lib/krb5/unicode/ure/README b/src/lib/krb5/unicode/ure/README new file mode 100644 index 0000000000..c9918f5fd3 --- /dev/null +++ b/src/lib/krb5/unicode/ure/README @@ -0,0 +1,212 @@ +# +# $Id: README,v 1.3 1999/09/21 15:47:43 mleisher Exp $ +# +# Copyright 1997, 1998, 1999 Computing Research Labs, +# New Mexico State University +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY +# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT +# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR +# THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# + + + Unicode and Regular Expressions + Version 0.5 + +This is a simple regular expression package for matching against Unicode text +in UCS2 form. The implementation of this URE package is a variation on the +RE->DFA algorithm done by Mark Hopkins (markh@csd4.csd.uwm.edu). Mark +Hopkins' algorithm had the virtue of being very simple, so it was used as a +model. + +--------------------------------------------------------------------------- + +Assumptions: + + o Regular expression and text already normalized. + + o Conversion to lower case assumes a 1-1 mapping. + +Definitions: + + Separator - any one of U+2028, U+2029, '\n', '\r'. + +Operators: + . - match any character. + * - match zero or more of the last subexpression. + + - match one or more of the last subexpression. + ? - match zero or one of the last subexpression. + () - subexpression grouping. + + Notes: + + o The "." operator normally does not match separators, but a flag is + available for the ure_exec() function that will allow this operator to + match a separator. + +Literals and Constants: + + c - literal UCS2 character. + \x.... - hexadecimal number of up to 4 digits. + \X.... - hexadecimal number of up to 4 digits. + \u.... - hexadecimal number of up to 4 digits. + \U.... - hexadecimal number of up to 4 digits. + +Character classes: + + [...] - Character class. + [^...] - Negated character class. + \pN1,N2,...,Nn - Character properties class. + \PN1,N2,...,Nn - Negated character properties class. + + POSIX character classes recognized: + + :alnum: + :alpha: + :cntrl: + :digit: + :graph: + :lower: + :print: + :punct: + :space: + :upper: + :xdigit: + + Notes: + + o Character property classes are \p or \P followed by a comma separated + list of integers between 1 and 32. These integers are references to + the following character properties: + + N Character Property + -------------------------- + 1 _URE_NONSPACING + 2 _URE_COMBINING + 3 _URE_NUMDIGIT + 4 _URE_NUMOTHER + 5 _URE_SPACESEP + 6 _URE_LINESEP + 7 _URE_PARASEP + 8 _URE_CNTRL + 9 _URE_PUA + 10 _URE_UPPER + 11 _URE_LOWER + 12 _URE_TITLE + 13 _URE_MODIFIER + 14 _URE_OTHERLETTER + 15 _URE_DASHPUNCT + 16 _URE_OPENPUNCT + 17 _URE_CLOSEPUNCT + 18 _URE_OTHERPUNCT + 19 _URE_MATHSYM + 20 _URE_CURRENCYSYM + 21 _URE_OTHERSYM + 22 _URE_LTR + 23 _URE_RTL + 24 _URE_EURONUM + 25 _URE_EURONUMSEP + 26 _URE_EURONUMTERM + 27 _URE_ARABNUM + 28 _URE_COMMONSEP + 29 _URE_BLOCKSEP + 30 _URE_SEGMENTSEP + 31 _URE_WHITESPACE + 32 _URE_OTHERNEUT + + o Character classes can contain literals, constants, and character + property classes. Example: + + [abc\U10A\p1,3,4] + +--------------------------------------------------------------------------- + +Before using URE +---------------- +Before URE is used, two functions need to be created. One to check if a +character matches a set of URE character properties, and one to convert a +character to lower case. + +Stubs for these function are located in the urestubs.c file. + +Using URE +--------- + +Sample pseudo-code fragment. + + ure_buffer_t rebuf; + ure_dfa_t dfa; + ucs2_t *re, *text; + unsigned long relen, textlen; + unsigned long match_start, match_end; + + /* + * Allocate the dynamic storage needed to compile regular expressions. + */ + rebuf = ure_buffer_create(); + + for each regular expression in a list { + re = next regular expression; + relen = length(re); + + /* + * Compile the regular expression with the case insensitive flag + * turned on. + */ + dfa = ure_compile(re, relen, 1, rebuf); + + /* + * Look for the first match in some text. The matching will be done + * in a case insensitive manner because the expression was compiled + * with the case insensitive flag on. + */ + if (ure_exec(dfa, 0, text, textlen, &match_start, &match_end)) + printf("MATCH: %ld %ld\n", match_start, match_end); + + /* + * Look for the first match in some text, ignoring non-spacing + * characters. + */ + if (ure_exec(dfa, URE_IGNORE_NONSPACING, text, textlen, + &match_start, &match_end)) + printf("MATCH: %ld %ld\n", match_start, match_end); + + /* + * Free the DFA. + */ + ure_free_dfa(dfa); + } + + /* + * Free the dynamic storage used for compiling the expressions. + */ + ure_free_buffer(rebuf); + +--------------------------------------------------------------------------- + +Mark Leisher +29 March 1997 + +=========================================================================== + +CHANGES +------- + +Version: 0.5 +Date : 21 September 1999 +========================== + 1. Added copyright stuff and put in CVS. diff --git a/src/lib/krb5/unicode/ure/ure.c b/src/lib/krb5/unicode/ure/ure.c new file mode 100644 index 0000000000..c8a202964b --- /dev/null +++ b/src/lib/krb5/unicode/ure/ure.c @@ -0,0 +1,2131 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.c,v 1.19 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 1997, 1998, 1999 Computing Research Labs, + * New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: ure.c,v 1.2 1999/09/21 15:47:43 mleisher Exp $" */ + +#include + +#include +#include +#include + +#include "ure.h" + +/* + * Flags used internally in the DFA. + */ +#define _URE_DFA_CASEFOLD 0x01 +#define _URE_DFA_BLANKLINE 0x02 + +static unsigned long cclass_flags[] = { + 0, + _URE_NONSPACING, + _URE_COMBINING, + _URE_NUMDIGIT, + _URE_NUMOTHER, + _URE_SPACESEP, + _URE_LINESEP, + _URE_PARASEP, + _URE_CNTRL, + _URE_PUA, + _URE_UPPER, + _URE_LOWER, + _URE_TITLE, + _URE_MODIFIER, + _URE_OTHERLETTER, + _URE_DASHPUNCT, + _URE_OPENPUNCT, + _URE_CLOSEPUNCT, + _URE_OTHERPUNCT, + _URE_MATHSYM, + _URE_CURRENCYSYM, + _URE_OTHERSYM, + _URE_LTR, + _URE_RTL, + _URE_EURONUM, + _URE_EURONUMSEP, + _URE_EURONUMTERM, + _URE_ARABNUM, + _URE_COMMONSEP, + _URE_BLOCKSEP, + _URE_SEGMENTSEP, + _URE_WHITESPACE, + _URE_OTHERNEUT, +}; + +/* + * Symbol types for the DFA. + */ +#define _URE_ANY_CHAR 1 +#define _URE_CHAR 2 +#define _URE_CCLASS 3 +#define _URE_NCCLASS 4 +#define _URE_BOL_ANCHOR 5 +#define _URE_EOL_ANCHOR 6 + +/* + * Op codes for converting the NFA to a DFA. + */ +#define _URE_SYMBOL 10 +#define _URE_PAREN 11 +#define _URE_QUEST 12 +#define _URE_STAR 13 +#define _URE_PLUS 14 +#define _URE_ONE 15 +#define _URE_AND 16 +#define _URE_OR 17 + +#define _URE_NOOP 0xffff + +#define _URE_REGSTART 0x8000 +#define _URE_REGEND 0x4000 + +/* + * Structure used to handle a compacted range of characters. + */ +typedef struct { + ucs4_t min_code; + ucs4_t max_code; +} _ure_range_t; + +typedef struct { + _ure_range_t *ranges; + ucs2_t ranges_used; + ucs2_t ranges_size; +} _ure_ccl_t; + +typedef union { + ucs4_t chr; + _ure_ccl_t ccl; +} _ure_sym_t; + +/* + * This is a general element structure used for expressions and stack + * elements. + */ +typedef struct { + ucs2_t reg; + ucs2_t onstack; + ucs2_t type; + ucs2_t lhs; + ucs2_t rhs; +} _ure_elt_t; + +/* + * This is a structure used to track a list or a stack of states. + */ +typedef struct { + ucs2_t *slist; + ucs2_t slist_size; + ucs2_t slist_used; +} _ure_stlist_t; + +/* + * Structure to track the list of unique states for a symbol + * during reduction. + */ +typedef struct { + ucs2_t id; + ucs2_t type; + unsigned long mods; + unsigned long props; + _ure_sym_t sym; + _ure_stlist_t states; +} _ure_symtab_t; + +/* + * Structure to hold a single state. + */ +typedef struct { + ucs2_t id; + ucs2_t accepting; + ucs2_t pad; + _ure_stlist_t st; + _ure_elt_t *trans; + ucs2_t trans_size; + ucs2_t trans_used; +} _ure_state_t; + +/* + * Structure used for keeping lists of states. + */ +typedef struct { + _ure_state_t *states; + ucs2_t states_size; + ucs2_t states_used; +} _ure_statetable_t; + +/* + * Structure to track pairs of DFA states when equivalent states are + * merged. + */ +typedef struct { + ucs2_t l; + ucs2_t r; +} _ure_equiv_t; + +/* + * Structure used for constructing the NFA and reducing to a minimal DFA. + */ +typedef struct _ure_buffer_t { + int reducing; + int error; + unsigned long flags; + + _ure_stlist_t stack; + + /* + * Table of unique symbols encountered. + */ + _ure_symtab_t *symtab; + ucs2_t symtab_size; + ucs2_t symtab_used; + + /* + * Tracks the unique expressions generated for the NFA and when the NFA is + * reduced. + */ + _ure_elt_t *expr; + ucs2_t expr_used; + ucs2_t expr_size; + + /* + * The reduced table of unique groups of NFA states. + */ + _ure_statetable_t states; + + /* + * Tracks states when equivalent states are merged. + */ + _ure_equiv_t *equiv; + ucs2_t equiv_used; + ucs2_t equiv_size; +} _ure_buffer_t; + +typedef struct { + ucs2_t symbol; + ucs2_t next_state; +} _ure_trans_t; + +typedef struct { + ucs2_t accepting; + ucs2_t ntrans; + _ure_trans_t *trans; +} _ure_dstate_t; + +typedef struct _ure_dfa_t { + unsigned long flags; + + _ure_symtab_t *syms; + ucs2_t nsyms; + + _ure_dstate_t *states; + ucs2_t nstates; + + _ure_trans_t *trans; + ucs2_t ntrans; +} _ure_dfa_t; + +/************************************************************************* + * + * Functions. + * + *************************************************************************/ + +static void +_ure_memmove(char *dest, char *src, unsigned long bytes) +{ + long i, j; + + i = (long) bytes; + j = i & 7; + i = (i + 7) >> 3; + + /* + * Do a memmove using Ye Olde Duff's Device for efficiency. + */ + if (src < dest) { + src += bytes; + dest += bytes; + + switch (j) { + case 0: do { + *--dest = *--src; + case 7: *--dest = *--src; + case 6: *--dest = *--src; + case 5: *--dest = *--src; + case 4: *--dest = *--src; + case 3: *--dest = *--src; + case 2: *--dest = *--src; + case 1: *--dest = *--src; + } while (--i > 0); + } + } else if (src > dest) { + switch (j) { + case 0: do { + *dest++ = *src++; + case 7: *dest++ = *src++; + case 6: *dest++ = *src++; + case 5: *dest++ = *src++; + case 4: *dest++ = *src++; + case 3: *dest++ = *src++; + case 2: *dest++ = *src++; + case 1: *dest++ = *src++; + } while (--i > 0); + } + } +} + +static void +_ure_push(ucs2_t v, _ure_buffer_t *b) +{ + _ure_stlist_t *s; + + if (b == 0) + return; + + /* + * If the `reducing' parameter is non-zero, check to see if the value + * passed is already on the stack. + */ + if (b->reducing != 0 && b->expr[v].onstack != 0) + return; + + s = &b->stack; + if (s->slist_used == s->slist_size) { + if (s->slist_size == 0) + s->slist = (ucs2_t *) malloc(sizeof(ucs2_t) << 3); + else + s->slist = (ucs2_t *) realloc((char *) s->slist, + sizeof(ucs2_t) * (s->slist_size + 8)); + s->slist_size += 8; + } + s->slist[s->slist_used++] = v; + + /* + * If the `reducing' parameter is non-zero, flag the element as being on + * the stack. + */ + if (b->reducing != 0) + b->expr[v].onstack = 1; +} + +static ucs2_t +_ure_peek(_ure_buffer_t *b) +{ + if (b == 0 || b->stack.slist_used == 0) + return _URE_NOOP; + + return b->stack.slist[b->stack.slist_used - 1]; +} + +static ucs2_t +_ure_pop(_ure_buffer_t *b) +{ + ucs2_t v; + + if (b == 0 || b->stack.slist_used == 0) + return _URE_NOOP; + + v = b->stack.slist[--b->stack.slist_used]; + if (b->reducing) + b->expr[v].onstack = 0; + + return v; +} + +/************************************************************************* + * + * Start symbol parse functions. + * + *************************************************************************/ + +/* + * Parse a comma-separated list of integers that represent character + * properties. Combine them into a mask that is returned in the `mask' + * variable, and return the number of characters consumed. + */ +static unsigned long +_ure_prop_list(ucs2_t *pp, unsigned long limit, unsigned long *mask, + _ure_buffer_t *b) +{ + unsigned long n, m; + ucs2_t *sp, *ep; + + sp = pp; + ep = sp + limit; + + for (m = n = 0; b->error == _URE_OK && sp < ep; sp++) { + if (*sp == ',') { + /* + * Encountered a comma, so select the next character property flag + * and reset the number. + */ + m |= cclass_flags[n]; + n = 0; + } else if (*sp >= '0' && *sp <= '9') + /* + * Encountered a digit, so start or continue building the cardinal + * that represents the character property flag. + */ + n = (n * 10) + (*sp - '0'); + else + /* + * Encountered something that is not part of the property list. + * Indicate that we are done. + */ + break; + + /* + * If a property number greater than 32 occurs, then there is a + * problem. Most likely a missing comma separator. + */ + if (n > 32) + b->error = _URE_INVALID_PROPERTY; + } + + if (n != 0) + m |= cclass_flags[n]; + + /* + * Set the mask that represents the group of character properties. + */ + *mask = m; + + /* + * Return the number of characters consumed. + */ + return sp - pp; +} + +/* + * Collect a hex number with 1 to 4 digits and return the number + * of characters used. + */ +static unsigned long +_ure_hex(ucs2_t *np, unsigned long limit, ucs4_t *n) +{ + ucs2_t i; + ucs2_t *sp, *ep; + ucs4_t nn; + + sp = np; + ep = sp + limit; + + for (nn = 0, i = 0; i < 4 && sp < ep; i++, sp++) { + if (*sp >= '0' && *sp <= '9') + nn = (nn << 4) + (*sp - '0'); + else if (*sp >= 'A' && *sp <= 'F') + nn = (nn << 4) + ((*sp - 'A') + 10); + else if (*sp >= 'a' && *sp <= 'f') + nn = (nn << 4) + ((*sp - 'a') + 10); + else + /* + * Encountered something that is not a hex digit. + */ + break; + } + + /* + * Assign the character code collected and return the number of + * characters used. + */ + *n = nn; + + return sp - np; +} + +/* + * Insert a range into a character class, removing duplicates and ordering + * them in increasing range-start order. + */ +static void +_ure_add_range(_ure_ccl_t *ccl, _ure_range_t *r, _ure_buffer_t *b) +{ + ucs2_t i; + ucs4_t tmp; + _ure_range_t *rp; + + /* + * If the `casefold' flag is set, then make sure both endpoints of the + * range are converted to lower case. + */ + if (b->flags & _URE_DFA_CASEFOLD) { + r->min_code = _ure_tolower(r->min_code); + r->max_code = _ure_tolower(r->max_code); + } + + /* + * Swap the range endpoints if they are not in increasing order. + */ + if (r->min_code > r->max_code) { + tmp = r->min_code; + r->min_code = r->max_code; + r->max_code = tmp; + } + + for (i = 0, rp = ccl->ranges; + i < ccl->ranges_used && r->min_code < rp->min_code; i++, rp++) ; + + /* + * Check for a duplicate. + */ + if (i < ccl->ranges_used && + r->min_code == rp->min_code && r->max_code == rp->max_code) + return; + + if (ccl->ranges_used == ccl->ranges_size) { + if (ccl->ranges_size == 0) + ccl->ranges = (_ure_range_t *) malloc(sizeof(_ure_range_t) << 3); + else + ccl->ranges = (_ure_range_t *) + realloc((char *) ccl->ranges, + sizeof(_ure_range_t) * (ccl->ranges_size + 8)); + ccl->ranges_size += 8; + } + + rp = ccl->ranges + ccl->ranges_used; + + if (i < ccl->ranges_used) + _ure_memmove((char *) (rp + 1), (char *) rp, + sizeof(_ure_range_t) * (ccl->ranges_used - i)); + + ccl->ranges_used++; + rp->min_code = r->min_code; + rp->max_code = r->max_code; +} + +#define _URE_ALPHA_MASK (_URE_UPPER|_URE_LOWER|_URE_OTHERLETTER|\ +_URE_MODIFIER|_URE_TITLE|_URE_NONSPACING|_URE_COMBINING) +#define _URE_ALNUM_MASK (_URE_ALPHA_MASK|_URE_NUMDIGIT) +#define _URE_PUNCT_MASK (_URE_DASHPUNCT|_URE_OPENPUNCT|_URE_CLOSEPUNCT|\ +_URE_OTHERPUNCT) +#define _URE_GRAPH_MASK (_URE_NUMDIGIT|_URE_NUMOTHER|_URE_ALPHA_MASK|\ +_URE_MATHSYM|_URE_CURRENCYSYM|_URE_OTHERSYM) +#define _URE_PRINT_MASK (_URE_GRAPH_MASK|_URE_SPACESEP) +#define _URE_SPACE_MASK (_URE_SPACESEP|_URE_LINESEP|_URE_PARASEP) + +typedef void (*_ure_cclsetup_t)( + _ure_symtab_t *sym, + unsigned long mask, + _ure_buffer_t *b +); + +typedef struct { + ucs2_t key; + unsigned long len; + unsigned long next; + _ure_cclsetup_t func; + unsigned long mask; +} _ure_trie_t; + +static void +_ure_ccl_setup(_ure_symtab_t *sym, unsigned long mask, _ure_buffer_t *b) +{ + sym->props |= mask; +} + +static void +_ure_space_setup(_ure_symtab_t *sym, unsigned long mask, _ure_buffer_t *b) +{ + _ure_range_t range; + + sym->props |= mask; + + /* + * Add the additional characters needed for handling isspace(). + */ + range.min_code = range.max_code = '\t'; + _ure_add_range(&sym->sym.ccl, &range, b); + range.min_code = range.max_code = '\r'; + _ure_add_range(&sym->sym.ccl, &range, b); + range.min_code = range.max_code = '\n'; + _ure_add_range(&sym->sym.ccl, &range, b); + range.min_code = range.max_code = '\f'; + _ure_add_range(&sym->sym.ccl, &range, b); + range.min_code = range.max_code = 0xfeff; + _ure_add_range(&sym->sym.ccl, &range, b); +} + +static void +_ure_xdigit_setup(_ure_symtab_t *sym, unsigned long mask, _ure_buffer_t *b) +{ + _ure_range_t range; + + /* + * Add the additional characters needed for handling isxdigit(). + */ + range.min_code = '0'; + range.max_code = '9'; + _ure_add_range(&sym->sym.ccl, &range, b); + range.min_code = 'A'; + range.max_code = 'F'; + _ure_add_range(&sym->sym.ccl, &range, b); + range.min_code = 'a'; + range.max_code = 'f'; + _ure_add_range(&sym->sym.ccl, &range, b); +} + +static _ure_trie_t cclass_trie[] = { + {0x003a, 1, 1, 0, 0}, + {0x0061, 9, 10, 0, 0}, + {0x0063, 8, 19, 0, 0}, + {0x0064, 7, 24, 0, 0}, + {0x0067, 6, 29, 0, 0}, + {0x006c, 5, 34, 0, 0}, + {0x0070, 4, 39, 0, 0}, + {0x0073, 3, 49, 0, 0}, + {0x0075, 2, 54, 0, 0}, + {0x0078, 1, 59, 0, 0}, + {0x006c, 1, 11, 0, 0}, + {0x006e, 2, 13, 0, 0}, + {0x0070, 1, 16, 0, 0}, + {0x0075, 1, 14, 0, 0}, + {0x006d, 1, 15, 0, 0}, + {0x003a, 1, 16, _ure_ccl_setup, _URE_ALNUM_MASK}, + {0x0068, 1, 17, 0, 0}, + {0x0061, 1, 18, 0, 0}, + {0x003a, 1, 19, _ure_ccl_setup, _URE_ALPHA_MASK}, + {0x006e, 1, 20, 0, 0}, + {0x0074, 1, 21, 0, 0}, + {0x0072, 1, 22, 0, 0}, + {0x006c, 1, 23, 0, 0}, + {0x003a, 1, 24, _ure_ccl_setup, _URE_CNTRL}, + {0x0069, 1, 25, 0, 0}, + {0x0067, 1, 26, 0, 0}, + {0x0069, 1, 27, 0, 0}, + {0x0074, 1, 28, 0, 0}, + {0x003a, 1, 29, _ure_ccl_setup, _URE_NUMDIGIT}, + {0x0072, 1, 30, 0, 0}, + {0x0061, 1, 31, 0, 0}, + {0x0070, 1, 32, 0, 0}, + {0x0068, 1, 33, 0, 0}, + {0x003a, 1, 34, _ure_ccl_setup, _URE_GRAPH_MASK}, + {0x006f, 1, 35, 0, 0}, + {0x0077, 1, 36, 0, 0}, + {0x0065, 1, 37, 0, 0}, + {0x0072, 1, 38, 0, 0}, + {0x003a, 1, 39, _ure_ccl_setup, _URE_LOWER}, + {0x0072, 2, 41, 0, 0}, + {0x0075, 1, 45, 0, 0}, + {0x0069, 1, 42, 0, 0}, + {0x006e, 1, 43, 0, 0}, + {0x0074, 1, 44, 0, 0}, + {0x003a, 1, 45, _ure_ccl_setup, _URE_PRINT_MASK}, + {0x006e, 1, 46, 0, 0}, + {0x0063, 1, 47, 0, 0}, + {0x0074, 1, 48, 0, 0}, + {0x003a, 1, 49, _ure_ccl_setup, _URE_PUNCT_MASK}, + {0x0070, 1, 50, 0, 0}, + {0x0061, 1, 51, 0, 0}, + {0x0063, 1, 52, 0, 0}, + {0x0065, 1, 53, 0, 0}, + {0x003a, 1, 54, _ure_space_setup, _URE_SPACE_MASK}, + {0x0070, 1, 55, 0, 0}, + {0x0070, 1, 56, 0, 0}, + {0x0065, 1, 57, 0, 0}, + {0x0072, 1, 58, 0, 0}, + {0x003a, 1, 59, _ure_ccl_setup, _URE_UPPER}, + {0x0064, 1, 60, 0, 0}, + {0x0069, 1, 61, 0, 0}, + {0x0067, 1, 62, 0, 0}, + {0x0069, 1, 63, 0, 0}, + {0x0074, 1, 64, 0, 0}, + {0x003a, 1, 65, _ure_xdigit_setup, 0}, +}; + +/* + * Probe for one of the POSIX colon delimited character classes in the static + * trie. + */ +static unsigned long +_ure_posix_ccl(ucs2_t *cp, unsigned long limit, _ure_symtab_t *sym, + _ure_buffer_t *b) +{ + int i; + unsigned long n; + _ure_trie_t *tp; + ucs2_t *sp, *ep; + + /* + * If the number of characters left is less than 7, then this cannot be + * interpreted as one of the colon delimited classes. + */ + if (limit < 7) + return 0; + + sp = cp; + ep = sp + limit; + tp = cclass_trie; + for (i = 0; sp < ep && i < 8; i++, sp++) { + n = tp->len; + + for (; n > 0 && tp->key != *sp; tp++, n--) ; + + if (n == 0) + return 0; + + if (*sp == ':' && (i == 6 || i == 7)) { + sp++; + break; + } + if (sp + 1 < ep) + tp = cclass_trie + tp->next; + } + if (tp->func == 0) + return 0; + + (*tp->func)(sym, tp->mask, b); + + return sp - cp; +} + +/* + * Construct a list of ranges and return the number of characters consumed. + */ +static unsigned long +_ure_cclass(ucs2_t *cp, unsigned long limit, _ure_symtab_t *symp, + _ure_buffer_t *b) +{ + int range_end; + unsigned long n; + ucs2_t *sp, *ep; + ucs4_t c, last; + _ure_ccl_t *cclp; + _ure_range_t range; + + sp = cp; + ep = sp + limit; + + if (*sp == '^') { + symp->type = _URE_NCCLASS; + sp++; + } else + symp->type = _URE_CCLASS; + + for (last = 0, range_end = 0; + b->error == _URE_OK && sp < ep && *sp != ']'; ) { + c = *sp++; + if (c == '\\') { + if (sp == ep) { + /* + * The EOS was encountered when expecting the reverse solidus + * to be followed by the character it is escaping. Set an + * error code and return the number of characters consumed up + * to this point. + */ + b->error = _URE_UNEXPECTED_EOS; + return sp - cp; + } + + c = *sp++; + switch (c) { + case 'a': + c = 0x07; + break; + case 'b': + c = 0x08; + break; + case 'f': + c = 0x0c; + break; + case 'n': + c = 0x0a; + break; + case 'r': + c = 0x0d; + break; + case 't': + c = 0x09; + break; + case 'v': + c = 0x0b; + break; + case 'p': + case 'P': + sp += _ure_prop_list(sp, ep - sp, &symp->props, b); + /* + * Invert the bit mask of the properties if this is a negated + * character class or if 'P' is used to specify a list of + * character properties that should *not* match in a + * character class. + */ + if (c == 'P') + symp->props = ~symp->props; + continue; + break; + case 'x': + case 'X': + case 'u': + case 'U': + if (sp < ep && + ((*sp >= '0' && *sp <= '9') || + (*sp >= 'A' && *sp <= 'F') || + (*sp >= 'a' && *sp <= 'f'))) + sp += _ure_hex(sp, ep - sp, &c); + } + } else if (c == ':') { + /* + * Probe for a POSIX colon delimited character class. + */ + sp--; + if ((n = _ure_posix_ccl(sp, ep - sp, symp, b)) == 0) + sp++; + else { + sp += n; + continue; + } + } + + cclp = &symp->sym.ccl; + + /* + * Check to see if the current character is a low surrogate that needs + * to be combined with a preceding high surrogate. + */ + if (last != 0) { + if (c >= 0xdc00 && c <= 0xdfff) + /* + * Construct the UTF16 character code. + */ + c = 0x10000 + (((last & 0x03ff) << 10) | (c & 0x03ff)); + else { + /* + * Add the isolated high surrogate to the range. + */ + if (range_end == 1) + range.max_code = last & 0xffff; + else + range.min_code = range.max_code = last & 0xffff; + + _ure_add_range(cclp, &range, b); + range_end = 0; + } + } + + /* + * Clear the last character code. + */ + last = 0; + + /* + * This slightly awkward code handles the different cases needed to + * construct a range. + */ + if (c >= 0xd800 && c <= 0xdbff) { + /* + * If the high surrogate is followed by a range indicator, simply + * add it as the range start. Otherwise, save it in case the next + * character is a low surrogate. + */ + if (*sp == '-') { + sp++; + range.min_code = c; + range_end = 1; + } else + last = c; + } else if (range_end == 1) { + range.max_code = c; + _ure_add_range(cclp, &range, b); + range_end = 0; + } else { + range.min_code = range.max_code = c; + if (*sp == '-') { + sp++; + range_end = 1; + } else + _ure_add_range(cclp, &range, b); + } + } + + if (sp < ep && *sp == ']') + sp++; + else + /* + * The parse was not terminated by the character class close symbol + * (']'), so set an error code. + */ + b->error = _URE_CCLASS_OPEN; + + return sp - cp; +} + +/* + * Probe for a low surrogate hex code. + */ +static unsigned long +_ure_probe_ls(ucs2_t *ls, unsigned long limit, ucs4_t *c) +{ + ucs4_t i, code; + ucs2_t *sp, *ep; + + for (i = code = 0, sp = ls, ep = sp + limit; i < 4 && sp < ep; sp++) { + if (*sp >= '0' && *sp <= '9') + code = (code << 4) + (*sp - '0'); + else if (*sp >= 'A' && *sp <= 'F') + code = (code << 4) + ((*sp - 'A') + 10); + else if (*sp >= 'a' && *sp <= 'f') + code = (code << 4) + ((*sp - 'a') + 10); + else + break; + } + + *c = code; + return (0xdc00 <= code && code <= 0xdfff) ? sp - ls : 0; +} + +static unsigned long +_ure_compile_symbol(ucs2_t *sym, unsigned long limit, _ure_symtab_t *symp, + _ure_buffer_t *b) +{ + ucs4_t c; + ucs2_t *sp, *ep; + + sp = sym; + ep = sym + limit; + + if ((c = *sp++) == '\\') { + + if (sp == ep) { + /* + * The EOS was encountered when expecting the reverse solidus to + * be followed by the character it is escaping. Set an error code + * and return the number of characters consumed up to this point. + */ + b->error = _URE_UNEXPECTED_EOS; + return sp - sym; + } + + c = *sp++; + switch (c) { + case 'p': + case 'P': + symp->type = (c == 'p') ? _URE_CCLASS : _URE_NCCLASS; + sp += _ure_prop_list(sp, ep - sp, &symp->props, b); + break; + case 'a': + symp->type = _URE_CHAR; + symp->sym.chr = 0x07; + break; + case 'b': + symp->type = _URE_CHAR; + symp->sym.chr = 0x08; + break; + case 'f': + symp->type = _URE_CHAR; + symp->sym.chr = 0x0c; + break; + case 'n': + symp->type = _URE_CHAR; + symp->sym.chr = 0x0a; + break; + case 'r': + symp->type = _URE_CHAR; + symp->sym.chr = 0x0d; + break; + case 't': + symp->type = _URE_CHAR; + symp->sym.chr = 0x09; + break; + case 'v': + symp->type = _URE_CHAR; + symp->sym.chr = 0x0b; + break; + case 'x': + case 'X': + case 'u': + case 'U': + /* + * Collect between 1 and 4 digits representing a UCS2 code. Fall + * through to the next case. + */ + if (sp < ep && + ((*sp >= '0' && *sp <= '9') || + (*sp >= 'A' && *sp <= 'F') || + (*sp >= 'a' && *sp <= 'f'))) + sp += _ure_hex(sp, ep - sp, &c); + /* FALLTHROUGH */ + default: + /* + * Simply add an escaped character here. + */ + symp->type = _URE_CHAR; + symp->sym.chr = c; + } + } else if (c == '^' || c == '$') + /* + * Handle the BOL and EOL anchors. This actually consists simply of + * setting a flag that indicates that the user supplied anchor match + * function should be called. This needs to be done instead of simply + * matching line/paragraph separators because beginning-of-text and + * end-of-text tests are needed as well. + */ + symp->type = (c == '^') ? _URE_BOL_ANCHOR : _URE_EOL_ANCHOR; + else if (c == '[') + /* + * Construct a character class. + */ + sp += _ure_cclass(sp, ep - sp, symp, b); + else if (c == '.') + symp->type = _URE_ANY_CHAR; + else { + symp->type = _URE_CHAR; + symp->sym.chr = c; + } + + /* + * If the symbol type happens to be a character and is a high surrogate, + * then probe forward to see if it is followed by a low surrogate that + * needs to be added. + */ + if (sp < ep && symp->type == _URE_CHAR && + 0xd800 <= symp->sym.chr && symp->sym.chr <= 0xdbff) { + + if (0xdc00 <= *sp && *sp <= 0xdfff) { + symp->sym.chr = 0x10000 + (((symp->sym.chr & 0x03ff) << 10) | + (*sp & 0x03ff)); + sp++; + } else if (*sp == '\\' && (*(sp + 1) == 'x' || *(sp + 1) == 'X' || + *(sp + 1) == 'u' || *(sp + 1) == 'U')) { + sp += _ure_probe_ls(sp + 2, ep - (sp + 2), &c); + if (0xdc00 <= c && c <= 0xdfff) { + /* + * Take into account the \[xu] in front of the hex code. + */ + sp += 2; + symp->sym.chr = 0x10000 + (((symp->sym.chr & 0x03ff) << 10) | + (c & 0x03ff)); + } + } + } + + /* + * Last, make sure any _URE_CHAR type symbols are changed to lower case if + * the `casefold' flag is set. + */ + if ((b->flags & _URE_DFA_CASEFOLD) && symp->type == _URE_CHAR) + symp->sym.chr = _ure_tolower(symp->sym.chr); + + /* + * If the symbol constructed is anything other than one of the anchors, + * make sure the _URE_DFA_BLANKLINE flag is removed. + */ + if (symp->type != _URE_BOL_ANCHOR && symp->type != _URE_EOL_ANCHOR) + b->flags &= ~_URE_DFA_BLANKLINE; + + /* + * Return the number of characters consumed. + */ + return sp - sym; +} + +static int +_ure_sym_neq(_ure_symtab_t *a, _ure_symtab_t *b) +{ + if (a->type != b->type || a->mods != b->mods || a->props != b->props) + return 1; + + if (a->type == _URE_CCLASS || a->type == _URE_NCCLASS) { + if (a->sym.ccl.ranges_used != b->sym.ccl.ranges_used) + return 1; + if (a->sym.ccl.ranges_used > 0 && + memcmp((char *) a->sym.ccl.ranges, (char *) b->sym.ccl.ranges, + sizeof(_ure_range_t) * a->sym.ccl.ranges_used) != 0) + return 1; + } else if (a->type == _URE_CHAR && a->sym.chr != b->sym.chr) + return 1; + return 0; +} + +/* + * Construct a symbol, but only keep unique symbols. + */ +static ucs2_t +_ure_make_symbol(ucs2_t *sym, unsigned long limit, unsigned long *consumed, + _ure_buffer_t *b) +{ + ucs2_t i; + _ure_symtab_t *sp, symbol; + + /* + * Build the next symbol so we can test to see if it is already in the + * symbol table. + */ + (void) memset((char *) &symbol, '\0', sizeof(_ure_symtab_t)); + *consumed = _ure_compile_symbol(sym, limit, &symbol, b); + + /* + * Check to see if the symbol exists. + */ + for (i = 0, sp = b->symtab; + i < b->symtab_used && _ure_sym_neq(&symbol, sp); i++, sp++) ; + + if (i < b->symtab_used) { + /* + * Free up any ranges used for the symbol. + */ + if ((symbol.type == _URE_CCLASS || symbol.type == _URE_NCCLASS) && + symbol.sym.ccl.ranges_size > 0) + free((char *) symbol.sym.ccl.ranges); + + return b->symtab[i].id; + } + + /* + * Need to add the new symbol. + */ + if (b->symtab_used == b->symtab_size) { + if (b->symtab_size == 0) + b->symtab = (_ure_symtab_t *) malloc(sizeof(_ure_symtab_t) << 3); + else + b->symtab = (_ure_symtab_t *) + realloc((char *) b->symtab, + sizeof(_ure_symtab_t) * (b->symtab_size + 8)); + sp = b->symtab + b->symtab_size; + (void) memset((char *) sp, '\0', sizeof(_ure_symtab_t) << 3); + b->symtab_size += 8; + } + + symbol.id = b->symtab_used++; + (void) memcpy((char *) &b->symtab[symbol.id], (char *) &symbol, + sizeof(_ure_symtab_t)); + + return symbol.id; +} + +/************************************************************************* + * + * End symbol parse functions. + * + *************************************************************************/ + +static ucs2_t +_ure_make_expr(ucs2_t type, ucs2_t lhs, ucs2_t rhs, _ure_buffer_t *b) +{ + ucs2_t i; + + if (b == 0) + return _URE_NOOP; + + /* + * Determine if the expression already exists or not. + */ + for (i = 0; i < b->expr_used; i++) { + if (b->expr[i].type == type && b->expr[i].lhs == lhs && + b->expr[i].rhs == rhs) + break; + } + if (i < b->expr_used) + return i; + + /* + * Need to add a new expression. + */ + if (b->expr_used == b->expr_size) { + if (b->expr_size == 0) + b->expr = (_ure_elt_t *) malloc(sizeof(_ure_elt_t) << 3); + else + b->expr = (_ure_elt_t *) + realloc((char *) b->expr, + sizeof(_ure_elt_t) * (b->expr_size + 8)); + b->expr_size += 8; + } + + b->expr[b->expr_used].onstack = 0; + b->expr[b->expr_used].type = type; + b->expr[b->expr_used].lhs = lhs; + b->expr[b->expr_used].rhs = rhs; + + return b->expr_used++; +} + +static unsigned char spmap[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +}; + +#define _ure_isspecial(cc) ((cc) > 0x20 && (cc) < 0x7f && \ + (spmap[(cc) >> 3] & (1 << ((cc) & 7)))) + +/* + * Convert the regular expression into an NFA in a form that will be easy to + * reduce to a DFA. The starting state for the reduction will be returned. + */ +static ucs2_t +_ure_re2nfa(ucs2_t *re, unsigned long relen, _ure_buffer_t *b) +{ + ucs2_t c, state, top, sym, *sp, *ep; + unsigned long used; + + state = _URE_NOOP; + + sp = re; + ep = sp + relen; + while (b->error == _URE_OK && sp < ep) { + c = *sp++; + switch (c) { + case '(': + _ure_push(_URE_PAREN, b); + break; + case ')': + /* + * Check for the case of too many close parentheses. + */ + if (_ure_peek(b) == _URE_NOOP) { + b->error = _URE_UNBALANCED_GROUP; + break; + } + + while ((top = _ure_peek(b)) == _URE_AND || top == _URE_OR) + /* + * Make an expression with the AND or OR operator and its right + * hand side. + */ + state = _ure_make_expr(_ure_pop(b), _ure_pop(b), state, b); + + /* + * Remove the _URE_PAREN off the stack. + */ + (void) _ure_pop(b); + break; + case '*': + state = _ure_make_expr(_URE_STAR, state, _URE_NOOP, b); + break; + case '+': + state = _ure_make_expr(_URE_PLUS, state, _URE_NOOP, b); + break; + case '?': + state = _ure_make_expr(_URE_QUEST, state, _URE_NOOP, b); + break; + case '|': + while ((top = _ure_peek(b)) == _URE_AND || top == _URE_OR) + /* + * Make an expression with the AND or OR operator and its right + * hand side. + */ + state = _ure_make_expr(_ure_pop(b), _ure_pop(b), state, b); + + _ure_push(state, b); + _ure_push(_URE_OR, b); + break; + default: + sp--; + sym = _ure_make_symbol(sp, ep - sp, &used, b); + sp += used; + state = _ure_make_expr(_URE_SYMBOL, sym, _URE_NOOP, b); + break; + } + + if (c != '(' && c != '|' && sp < ep && + (!_ure_isspecial(*sp) || *sp == '(')) { + _ure_push(state, b); + _ure_push(_URE_AND, b); + } + } + while ((top = _ure_peek(b)) == _URE_AND || top == _URE_OR) + /* + * Make an expression with the AND or OR operator and its right + * hand side. + */ + state = _ure_make_expr(_ure_pop(b), _ure_pop(b), state, b); + + if (b->stack.slist_used > 0) + b->error = _URE_UNBALANCED_GROUP; + + return (b->error == _URE_OK) ? state : _URE_NOOP; +} + +static void +_ure_add_symstate(ucs2_t sym, ucs2_t state, _ure_buffer_t *b) +{ + ucs2_t i, *stp; + _ure_symtab_t *sp; + + /* + * Locate the symbol in the symbol table so the state can be added. + * If the symbol doesn't exist, then a real problem exists. + */ + for (i = 0, sp = b->symtab; i < b->symtab_used && sym != sp->id; + i++, sp++) ; + + /* + * Now find out if the state exists in the symbol's state list. + */ + for (i = 0, stp = sp->states.slist; + i < sp->states.slist_used && state > *stp; i++, stp++) ; + + if (i == sp->states.slist_used || state < *stp) { + /* + * Need to add the state in order. + */ + if (sp->states.slist_used == sp->states.slist_size) { + if (sp->states.slist_size == 0) + sp->states.slist = (ucs2_t *) malloc(sizeof(ucs2_t) << 3); + else + sp->states.slist = (ucs2_t *) + realloc((char *) sp->states.slist, + sizeof(ucs2_t) * (sp->states.slist_size + 8)); + sp->states.slist_size += 8; + } + if (i < sp->states.slist_used) + (void) _ure_memmove((char *) (sp->states.slist + i + 1), + (char *) (sp->states.slist + i), + sizeof(ucs2_t) * (sp->states.slist_used - i)); + sp->states.slist[i] = state; + sp->states.slist_used++; + } +} + +static ucs2_t +_ure_add_state(ucs2_t nstates, ucs2_t *states, _ure_buffer_t *b) +{ + ucs2_t i; + _ure_state_t *sp; + + for (i = 0, sp = b->states.states; i < b->states.states_used; i++, sp++) { + if (sp->st.slist_used == nstates && + memcmp((char *) states, (char *) sp->st.slist, + sizeof(ucs2_t) * nstates) == 0) + break; + } + + if (i == b->states.states_used) { + /* + * Need to add a new DFA state (set of NFA states). + */ + if (b->states.states_used == b->states.states_size) { + if (b->states.states_size == 0) + b->states.states = (_ure_state_t *) + malloc(sizeof(_ure_state_t) << 3); + else + b->states.states = (_ure_state_t *) + realloc((char *) b->states.states, + sizeof(_ure_state_t) * (b->states.states_size + 8)); + sp = b->states.states + b->states.states_size; + (void) memset((char *) sp, '\0', sizeof(_ure_state_t) << 3); + b->states.states_size += 8; + } + + sp = b->states.states + b->states.states_used++; + sp->id = i; + + if (sp->st.slist_used + nstates > sp->st.slist_size) { + if (sp->st.slist_size == 0) + sp->st.slist = (ucs2_t *) + malloc(sizeof(ucs2_t) * (sp->st.slist_used + nstates)); + else + sp->st.slist = (ucs2_t *) + realloc((char *) sp->st.slist, + sizeof(ucs2_t) * (sp->st.slist_used + nstates)); + sp->st.slist_size = sp->st.slist_used + nstates; + } + sp->st.slist_used = nstates; + (void) memcpy((char *) sp->st.slist, (char *) states, + sizeof(ucs2_t) * nstates); + } + + /* + * Return the ID of the DFA state representing a group of NFA states. + */ + return i; +} + +static void +_ure_reduce(ucs2_t start, _ure_buffer_t *b) +{ + ucs2_t i, j, state, eval, syms, rhs; + ucs2_t s1, s2, ns1, ns2; + _ure_state_t *sp; + _ure_symtab_t *smp; + + b->reducing = 1; + + /* + * Add the starting state for the reduction. + */ + _ure_add_state(1, &start, b); + + /* + * Process each set of NFA states that get created. + */ + for (i = 0; i < b->states.states_used; i++) { + sp = b->states.states + i; + + /* + * Push the current states on the stack. + */ + for (j = 0; j < sp->st.slist_used; j++) + _ure_push(sp->st.slist[j], b); + + /* + * Reduce the NFA states. + */ + for (j = sp->accepting = syms = 0; j < b->stack.slist_used; j++) { + state = b->stack.slist[j]; + eval = 1; + + /* + * This inner loop is the iterative equivalent of recursively + * reducing subexpressions generated as a result of a reduction. + */ + while (eval) { + switch (b->expr[state].type) { + case _URE_SYMBOL: + ns1 = _ure_make_expr(_URE_ONE, _URE_NOOP, _URE_NOOP, b); + _ure_add_symstate(b->expr[state].lhs, ns1, b); + syms++; + eval = 0; + break; + case _URE_ONE: + sp->accepting = 1; + eval = 0; + break; + case _URE_QUEST: + s1 = b->expr[state].lhs; + ns1 = _ure_make_expr(_URE_ONE, _URE_NOOP, _URE_NOOP, b); + state = _ure_make_expr(_URE_OR, ns1, s1, b); + break; + case _URE_PLUS: + s1 = b->expr[state].lhs; + ns1 = _ure_make_expr(_URE_STAR, s1, _URE_NOOP, b); + state = _ure_make_expr(_URE_AND, s1, ns1, b); + break; + case _URE_STAR: + s1 = b->expr[state].lhs; + ns1 = _ure_make_expr(_URE_ONE, _URE_NOOP, _URE_NOOP, b); + ns2 = _ure_make_expr(_URE_PLUS, s1, _URE_NOOP, b); + state = _ure_make_expr(_URE_OR, ns1, ns2, b); + break; + case _URE_OR: + s1 = b->expr[state].lhs; + s2 = b->expr[state].rhs; + _ure_push(s1, b); + _ure_push(s2, b); + eval = 0; + break; + case _URE_AND: + s1 = b->expr[state].lhs; + s2 = b->expr[state].rhs; + switch (b->expr[s1].type) { + case _URE_SYMBOL: + _ure_add_symstate(b->expr[s1].lhs, s2, b); + syms++; + eval = 0; + break; + case _URE_ONE: + state = s2; + break; + case _URE_QUEST: + ns1 = b->expr[s1].lhs; + ns2 = _ure_make_expr(_URE_AND, ns1, s2, b); + state = _ure_make_expr(_URE_OR, s2, ns2, b); + break; + case _URE_PLUS: + ns1 = b->expr[s1].lhs; + ns2 = _ure_make_expr(_URE_OR, s2, state, b); + state = _ure_make_expr(_URE_AND, ns1, ns2, b); + break; + case _URE_STAR: + ns1 = b->expr[s1].lhs; + ns2 = _ure_make_expr(_URE_AND, ns1, state, b); + state = _ure_make_expr(_URE_OR, s2, ns2, b); + break; + case _URE_OR: + ns1 = b->expr[s1].lhs; + ns2 = b->expr[s1].rhs; + ns1 = _ure_make_expr(_URE_AND, ns1, s2, b); + ns2 = _ure_make_expr(_URE_AND, ns2, s2, b); + state = _ure_make_expr(_URE_OR, ns1, ns2, b); + break; + case _URE_AND: + ns1 = b->expr[s1].lhs; + ns2 = b->expr[s1].rhs; + ns2 = _ure_make_expr(_URE_AND, ns2, s2, b); + state = _ure_make_expr(_URE_AND, ns1, ns2, b); + break; + } + } + } + } + + /* + * Clear the state stack. + */ + while (_ure_pop(b) != _URE_NOOP) ; + + /* + * Reset the state pointer because the reduction may have moved it + * during a reallocation. + */ + sp = b->states.states + i; + + /* + * Generate the DFA states for the symbols collected during the + * current reduction. + */ + if (sp->trans_used + syms > sp->trans_size) { + if (sp->trans_size == 0) + sp->trans = (_ure_elt_t *) + malloc(sizeof(_ure_elt_t) * (sp->trans_used + syms)); + else + sp->trans = (_ure_elt_t *) + realloc((char *) sp->trans, + sizeof(_ure_elt_t) * (sp->trans_used + syms)); + sp->trans_size = sp->trans_used + syms; + } + + /* + * Go through the symbol table and generate the DFA state transitions + * for each symbol that has collected NFA states. + */ + for (j = syms = 0, smp = b->symtab; j < b->symtab_used; j++, smp++) { + sp = b->states.states + i; + + if (smp->states.slist_used > 0) { + sp->trans[syms].lhs = smp->id; + rhs = _ure_add_state(smp->states.slist_used, + smp->states.slist, b); + /* + * Reset the state pointer in case the reallocation moves it + * in memory. + */ + sp = b->states.states + i; + sp->trans[syms].rhs = rhs; + + smp->states.slist_used = 0; + syms++; + } + } + + /* + * Set the number of transitions actually used. + */ + sp->trans_used = syms; + } + b->reducing = 0; +} + +static void +_ure_add_equiv(ucs2_t l, ucs2_t r, _ure_buffer_t *b) +{ + ucs2_t tmp; + + l = b->states.states[l].id; + r = b->states.states[r].id; + + if (l == r) + return; + + if (l > r) { + tmp = l; + l = r; + r = tmp; + } + + /* + * Check to see if the equivalence pair already exists. + */ + for (tmp = 0; tmp < b->equiv_used && + (b->equiv[tmp].l != l || b->equiv[tmp].r != r); + tmp++) ; + + if (tmp < b->equiv_used) + return; + + if (b->equiv_used == b->equiv_size) { + if (b->equiv_size == 0) + b->equiv = (_ure_equiv_t *) malloc(sizeof(_ure_equiv_t) << 3); + else + b->equiv = (_ure_equiv_t *) realloc((char *) b->equiv, + sizeof(_ure_equiv_t) * + (b->equiv_size + 8)); + b->equiv_size += 8; + } + b->equiv[b->equiv_used].l = l; + b->equiv[b->equiv_used].r = r; + b->equiv_used++; +} + +/* + * Merge the DFA states that are equivalent. + */ +static void +_ure_merge_equiv(_ure_buffer_t *b) +{ + ucs2_t i, j, k, eq, done; + _ure_state_t *sp1, *sp2, *ls, *rs; + + for (i = 0; i < b->states.states_used; i++) { + sp1 = b->states.states + i; + if (sp1->id != i) + continue; + for (j = 0; j < i; j++) { + sp2 = b->states.states + j; + if (sp2->id != j) + continue; + b->equiv_used = 0; + _ure_add_equiv(i, j, b); + for (eq = 0, done = 0; eq < b->equiv_used; eq++) { + ls = b->states.states + b->equiv[eq].l; + rs = b->states.states + b->equiv[eq].r; + if (ls->accepting != rs->accepting || + ls->trans_used != rs->trans_used) { + done = 1; + break; + } + for (k = 0; k < ls->trans_used && + ls->trans[k].lhs == rs->trans[k].lhs; k++) ; + if (k < ls->trans_used) { + done = 1; + break; + } + + for (k = 0; k < ls->trans_used; k++) + _ure_add_equiv(ls->trans[k].rhs, rs->trans[k].rhs, b); + } + if (done == 0) + break; + } + for (eq = 0; j < i && eq < b->equiv_used; eq++) + b->states.states[b->equiv[eq].r].id = + b->states.states[b->equiv[eq].l].id; + } + + /* + * Renumber the states appropriately. + */ + for (i = eq = 0, sp1 = b->states.states; i < b->states.states_used; + sp1++, i++) + sp1->id = (sp1->id == i) ? eq++ : b->states.states[sp1->id].id; +} + +/************************************************************************* + * + * API. + * + *************************************************************************/ + +ure_buffer_t +ure_buffer_create(void) +{ + ure_buffer_t b; + + b = (ure_buffer_t) calloc(1, sizeof(_ure_buffer_t)); + + return b; +} + +void +ure_buffer_free(ure_buffer_t buf) +{ + unsigned long i; + + if (buf == 0) + return; + + if (buf->stack.slist_size > 0) + free((char *) buf->stack.slist); + + if (buf->expr_size > 0) + free((char *) buf->expr); + + for (i = 0; i < buf->symtab_size; i++) { + if (buf->symtab[i].states.slist_size > 0) + free((char *) buf->symtab[i].states.slist); + } + + if (buf->symtab_size > 0) + free((char *) buf->symtab); + + for (i = 0; i < buf->states.states_size; i++) { + if (buf->states.states[i].trans_size > 0) + free((char *) buf->states.states[i].trans); + if (buf->states.states[i].st.slist_size > 0) + free((char *) buf->states.states[i].st.slist); + } + + if (buf->states.states_size > 0) + free((char *) buf->states.states); + + if (buf->equiv_size > 0) + free((char *) buf->equiv); + + free((char *) buf); +} + +ure_dfa_t +ure_compile(ucs2_t *re, unsigned long relen, int casefold, ure_buffer_t buf) +{ + ucs2_t i, j, state; + _ure_state_t *sp; + _ure_dstate_t *dsp; + _ure_trans_t *tp; + ure_dfa_t dfa; + + if (re == 0 || *re == 0 || relen == 0 || buf == 0) + return 0; + + /* + * Reset the various fields of the compilation buffer. Default the flags + * to indicate the presense of the "^$" pattern. If any other pattern + * occurs, then this flag will be removed. This is done to catch this + * special pattern and handle it specially when matching. + */ + buf->flags = _URE_DFA_BLANKLINE | ((casefold) ? _URE_DFA_CASEFOLD : 0); + buf->reducing = 0; + buf->stack.slist_used = 0; + buf->expr_used = 0; + + for (i = 0; i < buf->symtab_used; i++) + buf->symtab[i].states.slist_used = 0; + buf->symtab_used = 0; + + for (i = 0; i < buf->states.states_used; i++) { + buf->states.states[i].st.slist_used = 0; + buf->states.states[i].trans_used = 0; + } + buf->states.states_used = 0; + + /* + * Construct the NFA. If this stage returns a 0, then an error occured or + * an empty expression was passed. + */ + if ((state = _ure_re2nfa(re, relen, buf)) == _URE_NOOP) + return 0; + + /* + * Do the expression reduction to get the initial DFA. + */ + _ure_reduce(state, buf); + + /* + * Merge all the equivalent DFA states. + */ + _ure_merge_equiv(buf); + + /* + * Construct the minimal DFA. + */ + dfa = (ure_dfa_t) malloc(sizeof(_ure_dfa_t)); + (void) memset((char *) dfa, '\0', sizeof(_ure_dfa_t)); + + dfa->flags = buf->flags & (_URE_DFA_CASEFOLD|_URE_DFA_BLANKLINE); + + /* + * Free up the NFA state groups and transfer the symbols from the buffer + * to the DFA. + */ + for (i = 0; i < buf->symtab_size; i++) { + if (buf->symtab[i].states.slist_size > 0) + free((char *) buf->symtab[i].states.slist); + } + dfa->syms = buf->symtab; + dfa->nsyms = buf->symtab_used; + + buf->symtab_used = buf->symtab_size = 0; + + /* + * Collect the total number of states and transitions needed for the DFA. + */ + for (i = state = 0, sp = buf->states.states; i < buf->states.states_used; + i++, sp++) { + if (sp->id == state) { + dfa->nstates++; + dfa->ntrans += sp->trans_used; + state++; + } + } + + /* + * Allocate enough space for the states and transitions. + */ + dfa->states = (_ure_dstate_t *) malloc(sizeof(_ure_dstate_t) * + dfa->nstates); + dfa->trans = (_ure_trans_t *) malloc(sizeof(_ure_trans_t) * dfa->ntrans); + + /* + * Actually transfer the DFA states from the buffer. + */ + dsp = dfa->states; + tp = dfa->trans; + for (i = state = 0, sp = buf->states.states; i < buf->states.states_used; + i++, sp++) { + if (sp->id == state) { + dsp->trans = tp; + dsp->ntrans = sp->trans_used; + dsp->accepting = sp->accepting; + + /* + * Add the transitions for the state. + */ + for (j = 0; j < dsp->ntrans; j++, tp++) { + tp->symbol = sp->trans[j].lhs; + tp->next_state = buf->states.states[sp->trans[j].rhs].id; + } + + dsp++; + state++; + } + } + + return dfa; +} + +void +ure_dfa_free(ure_dfa_t dfa) +{ + ucs2_t i; + + if (dfa == 0) + return; + + for (i = 0; i < dfa->nsyms; i++) { + if ((dfa->syms[i].type == _URE_CCLASS || + dfa->syms[i].type == _URE_NCCLASS) && + dfa->syms[i].sym.ccl.ranges_size > 0) + free((char *) dfa->syms[i].sym.ccl.ranges); + } + if (dfa->nsyms > 0) + free((char *) dfa->syms); + + if (dfa->nstates > 0) + free((char *) dfa->states); + if (dfa->ntrans > 0) + free((char *) dfa->trans); + free((char *) dfa); +} + +void +ure_write_dfa(ure_dfa_t dfa, FILE *out) +{ + ucs2_t i, j, k, h, l; + _ure_dstate_t *sp; + _ure_symtab_t *sym; + _ure_range_t *rp; + + if (dfa == 0 || out == 0) + return; + + /* + * Write all the different character classes. + */ + for (i = 0, sym = dfa->syms; i < dfa->nsyms; i++, sym++) { + if (sym->type == _URE_CCLASS || sym->type == _URE_NCCLASS) { + fprintf(out, "C%hd = ", sym->id); + if (sym->sym.ccl.ranges_used > 0) { + putc('[', out); + if (sym->type == _URE_NCCLASS) + putc('^', out); + } + if (sym->props != 0) { + if (sym->type == _URE_NCCLASS) + fprintf(out, "\\P"); + else + fprintf(out, "\\p"); + for (k = h = 0; k < 32; k++) { + if (sym->props & (1 << k)) { + if (h != 0) + putc(',', out); + fprintf(out, "%hd", k + 1); + h = 1; + } + } + } + /* + * Dump the ranges. + */ + for (k = 0, rp = sym->sym.ccl.ranges; + k < sym->sym.ccl.ranges_used; k++, rp++) { + /* + * Check for UTF16 characters. + */ + if (0x10000 <= rp->min_code && + rp->min_code <= 0x10ffff) { + h = (ucs2_t) (((rp->min_code - 0x10000) >> 10) + 0xd800); + l = (ucs2_t) (((rp->min_code - 0x10000) & 1023) + 0xdc00); + fprintf(out, "\\x%04hX\\x%04hX", h, l); + } else + fprintf(out, "\\x%04lX", rp->min_code & 0xffff); + if (rp->max_code != rp->min_code) { + putc('-', out); + if (rp->max_code >= 0x10000 && + rp->max_code <= 0x10ffff) { + h = (ucs2_t) (((rp->max_code - 0x10000) >> 10) + 0xd800); + l = (ucs2_t) (((rp->max_code - 0x10000) & 1023) + 0xdc00); + fprintf(out, "\\x%04hX\\x%04hX", h, l); + } else + fprintf(out, "\\x%04lX", rp->max_code & 0xffff); + } + } + if (sym->sym.ccl.ranges_used > 0) + putc(']', out); + putc('\n', out); + } + } + + for (i = 0, sp = dfa->states; i < dfa->nstates; i++, sp++) { + fprintf(out, "S%hd = ", i); + if (sp->accepting) { + fprintf(out, "1 "); + if (sp->ntrans) + fprintf(out, "| "); + } + for (j = 0; j < sp->ntrans; j++) { + if (j > 0) + fprintf(out, "| "); + + sym = dfa->syms + sp->trans[j].symbol; + switch (sym->type) { + case _URE_CHAR: + if (0x10000 <= sym->sym.chr && sym->sym.chr <= 0x10ffff) { + /* + * Take care of UTF16 characters. + */ + h = (ucs2_t) (((sym->sym.chr - 0x10000) >> 10) + 0xd800); + l = (ucs2_t) (((sym->sym.chr - 0x10000) & 1023) + 0xdc00); + fprintf(out, "\\x%04hX\\x%04hX ", h, l); + } else + fprintf(out, "\\x%04lX ", sym->sym.chr & 0xffff); + break; + case _URE_ANY_CHAR: + fprintf(out, " "); + break; + case _URE_BOL_ANCHOR: + fprintf(out, " "); + break; + case _URE_EOL_ANCHOR: + fprintf(out, " "); + break; + case _URE_CCLASS: + case _URE_NCCLASS: + fprintf(out, "[C%hd] ", sym->id); + break; + } + fprintf(out, "S%hd", sp->trans[j].next_state); + if (j + 1 < sp->ntrans) + putc(' ', out); + } + putc('\n', out); + } +} + +#define _ure_issep(cc) ((cc) == '\n' || (cc) == '\r' || (cc) == 0x2028 ||\ + (cc) == 0x2029) + +int +ure_exec(ure_dfa_t dfa, int flags, ucs2_t *text, unsigned long textlen, + unsigned long *match_start, unsigned long *match_end) +{ + int i, j, matched, found, skip; + unsigned long ms, me; + ucs4_t c; + ucs2_t *sp, *ep, *lp; + _ure_dstate_t *stp; + _ure_symtab_t *sym; + _ure_range_t *rp; + + if (dfa == 0 || text == 0) + return 0; + + /* + * Handle the special case of an empty string matching the "^$" pattern. + */ + if (textlen == 0 && (dfa->flags & _URE_DFA_BLANKLINE)) { + *match_start = *match_end = 0; + return 1; + } + + sp = text; + ep = sp + textlen; + + ms = me = ~0; + + stp = dfa->states; + + for (found = skip = 0; found == 0 && sp < ep; ) { + lp = sp; + c = *sp++; + + /* + * Check to see if this is a high surrogate that should be + * combined with a following low surrogate. + */ + if (sp < ep && 0xd800 <= c && c <= 0xdbff && + 0xdc00 <= *sp && *sp <= 0xdfff) + c = 0x10000 + (((c & 0x03ff) << 10) | (*sp++ & 0x03ff)); + + /* + * Determine if the character is non-spacing and should be skipped. + */ + if (_ure_matches_properties(_URE_NONSPACING, c) && + (flags & URE_IGNORE_NONSPACING)) { + sp++; + continue; + } + + if (dfa->flags & _URE_DFA_CASEFOLD) + c = _ure_tolower(c); + + /* + * See if one of the transitions matches. + */ + for (i = 0, matched = 0; matched == 0 && i < stp->ntrans; i++) { + sym = dfa->syms + stp->trans[i].symbol; + switch (sym->type) { + case _URE_ANY_CHAR: + if ((flags & URE_DOT_MATCHES_SEPARATORS) || + !_ure_issep(c)) + matched = 1; + break; + case _URE_CHAR: + if (c == sym->sym.chr) + matched = 1; + break; + case _URE_BOL_ANCHOR: + if (lp == text) { + sp = lp; + matched = 1; + } else if (_ure_issep(c)) { + if (c == '\r' && sp < ep && *sp == '\n') + sp++; + lp = sp; + matched = 1; + } + break; + case _URE_EOL_ANCHOR: + if (_ure_issep(c)) { + /* + * Put the pointer back before the separator so the match + * end position will be correct. This case will also + * cause the `sp' pointer to be advanced over the current + * separator once the match end point has been recorded. + */ + sp = lp; + matched = 1; + } + break; + case _URE_CCLASS: + case _URE_NCCLASS: + if (sym->props != 0) + matched = _ure_matches_properties(sym->props, c); + for (j = 0, rp = sym->sym.ccl.ranges; + j < sym->sym.ccl.ranges_used; j++, rp++) { + if (rp->min_code <= c && c <= rp->max_code) + matched = 1; + } + if (sym->type == _URE_NCCLASS) + matched = !matched; + break; + } + + if (matched) { + if (ms == ~0UL) + ms = lp - text; + else + me = sp - text; + stp = dfa->states + stp->trans[i].next_state; + + /* + * If the match was an EOL anchor, adjust the pointer past the + * separator that caused the match. The correct match + * position has been recorded already. + */ + if (sym->type == _URE_EOL_ANCHOR) { + /* + * Skip the character that caused the match. + */ + sp++; + + /* + * Handle the infamous CRLF situation. + */ + if (sp < ep && c == '\r' && *sp == '\n') + sp++; + } + } + } + + if (matched == 0) { + if (stp->accepting == 0) { + /* + * If the last state was not accepting, then reset + * and start over. + */ + stp = dfa->states; + ms = me = ~0; + } else + /* + * The last state was accepting, so terminate the matching + * loop to avoid more work. + */ + found = 1; + } else if (sp == ep) { + if (!stp->accepting) { + /* + * This ugly hack is to make sure the end-of-line anchors + * match when the source text hits the end. This is only done + * if the last subexpression matches. + */ + for (i = 0; found == 0 && i < stp->ntrans; i++) { + sym = dfa->syms + stp->trans[i].symbol; + if (sym->type ==_URE_EOL_ANCHOR) { + stp = dfa->states + stp->trans[i].next_state; + if (stp->accepting) { + me = sp - text; + found = 1; + } else + break; + } + } + } else { + /* + * Make sure any conditions that match all the way to the end + * of the string match. + */ + found = 1; + me = sp - text; + } + } + } + + if (found == 0) + ms = me = ~0; + + *match_start = ms; + *match_end = me; + + return (ms != ~0UL) ? 1 : 0; +} diff --git a/src/lib/krb5/unicode/ure/ure.h b/src/lib/krb5/unicode/ure/ure.h new file mode 100644 index 0000000000..e5b3387068 --- /dev/null +++ b/src/lib/krb5/unicode/ure/ure.h @@ -0,0 +1,149 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/ure.h,v 1.15 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 1997, 1998, 1999 Computing Research Labs, + * New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: ure.h,v 1.2 1999/09/21 15:47:44 mleisher Exp $ */ + +#ifndef _h_ure +#define _h_ure + +#include "k5-int.h" + +#include + +/* + * Set of character class flags. + */ +#define _URE_NONSPACING 0x00000001 +#define _URE_COMBINING 0x00000002 +#define _URE_NUMDIGIT 0x00000004 +#define _URE_NUMOTHER 0x00000008 +#define _URE_SPACESEP 0x00000010 +#define _URE_LINESEP 0x00000020 +#define _URE_PARASEP 0x00000040 +#define _URE_CNTRL 0x00000080 +#define _URE_PUA 0x00000100 + +#define _URE_UPPER 0x00000200 +#define _URE_LOWER 0x00000400 +#define _URE_TITLE 0x00000800 +#define _URE_MODIFIER 0x00001000 +#define _URE_OTHERLETTER 0x00002000 +#define _URE_DASHPUNCT 0x00004000 +#define _URE_OPENPUNCT 0x00008000 +#define _URE_CLOSEPUNCT 0x00010000 +#define _URE_OTHERPUNCT 0x00020000 +#define _URE_MATHSYM 0x00040000 +#define _URE_CURRENCYSYM 0x00080000 +#define _URE_OTHERSYM 0x00100000 + +#define _URE_LTR 0x00200000 +#define _URE_RTL 0x00400000 + +#define _URE_EURONUM 0x00800000 +#define _URE_EURONUMSEP 0x01000000 +#define _URE_EURONUMTERM 0x02000000 +#define _URE_ARABNUM 0x04000000 +#define _URE_COMMONSEP 0x08000000 + +#define _URE_BLOCKSEP 0x10000000 +#define _URE_SEGMENTSEP 0x20000000 + +#define _URE_WHITESPACE 0x40000000 +#define _URE_OTHERNEUT 0x80000000 + +/* + * Error codes. + */ +#define _URE_OK 0 +#define _URE_UNEXPECTED_EOS -1 +#define _URE_CCLASS_OPEN -2 +#define _URE_UNBALANCED_GROUP -3 +#define _URE_INVALID_PROPERTY -4 + +/* + * Options that can be combined for searching. + */ +#define URE_IGNORE_NONSPACING 0x01 +#define URE_DOT_MATCHES_SEPARATORS 0x02 + +typedef krb5_ui_4 ucs4_t; +typedef krb5_ui_2 ucs2_t; + +/* + * Opaque type for memory used when compiling expressions. + */ +typedef struct _ure_buffer_t *ure_buffer_t; + +/* + * Opaque type for the minimal DFA used when matching. + */ +typedef struct _ure_dfa_t *ure_dfa_t; + +/************************************************************************* + * + * API. + * + *************************************************************************/ + +ure_buffer_t ure_buffer_create (void); + +void ure_buffer_free (ure_buffer_t buf); + +ure_dfa_t +ure_compile (ucs2_t *re, unsigned long relen, + int casefold, ure_buffer_t buf); + +void ure_dfa_free (ure_dfa_t dfa); + +void ure_write_dfa (ure_dfa_t dfa, FILE *out); + +int +ure_exec (ure_dfa_t dfa, int flags, ucs2_t *text, + unsigned long textlen, unsigned long *match_start, + unsigned long *match_end); + +/************************************************************************* + * + * Prototypes for stub functions used for URE. These need to be rewritten to + * use the Unicode support available on the system. + * + *************************************************************************/ + +ucs4_t _ure_tolower (ucs4_t c); + +int +_ure_matches_properties (unsigned long props, ucs4_t c); + +#endif /* _h_ure */ diff --git a/src/lib/krb5/unicode/ure/urestubs.c b/src/lib/krb5/unicode/ure/urestubs.c new file mode 100644 index 0000000000..18be50cbdc --- /dev/null +++ b/src/lib/krb5/unicode/ure/urestubs.c @@ -0,0 +1,126 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/ure/urestubs.c,v 1.16 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* + * Copyright 1997, 1998, 1999 Computing Research Labs, + * New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: urestubs.c,v 1.2 1999/09/21 15:47:44 mleisher Exp $" */ + +#include "k5-int.h" + +#include "ure.h" + +#ifdef _MSC_VER +# include "../ucdata/ucdata.h" +#else +# include "ucdata.h" +#endif + +/* + * This file contains stub routines needed by the URE package to test + * character properties and other Unicode implementation specific details. + */ + +/* + * This routine should return the lower case equivalent for the character or, + * if there is no lower case quivalent, the character itself. + */ +ucs4_t _ure_tolower(ucs4_t c) +{ + return uctoupper(c); +} + +static struct ucmaskmap { + unsigned long mask1; + unsigned long mask2; +} masks[32] = { + { UC_MN, 0 }, /* _URE_NONSPACING */ + { UC_MC, 0 }, /* _URE_COMBINING */ + { UC_ND, 0 }, /* _URE_NUMDIGIT */ + { UC_NL|UC_NO, 0 }, /* _URE_NUMOTHER */ + { UC_ZS, 0 }, /* _URE_SPACESEP */ + { UC_ZL, 0 }, /* _URE_LINESEP */ + { UC_ZP, 0 }, /* _URE_PARASEP */ + { UC_CC, 0 }, /* _URE_CNTRL */ + { UC_CO, 0 }, /* _URE_PUA */ + + { UC_LU, 0 }, /* _URE_UPPER */ + { UC_LL, 0 }, /* _URE_LOWER */ + { UC_LT, 0 }, /* _URE_TITLE */ + { UC_LM, 0 }, /* _URE_MODIFIER */ + { UC_LO, 0 }, /* _URE_OTHERLETTER */ + { UC_PD, 0 }, /* _URE_DASHPUNCT */ + { UC_PS, 0 }, /* _URE_OPENPUNCT */ + { UC_PC, 0 }, /* _URE_CLOSEPUNCT */ + { UC_PO, 0 }, /* _URE_OTHERPUNCT */ + { UC_SM, 0 }, /* _URE_MATHSYM */ + { UC_SC, 0 }, /* _URE_CURRENCYSYM */ + { UC_SO, 0 }, /* _URE_OTHERSYM */ + + { UC_L, 0 }, /* _URE_LTR */ + { UC_R, 0 }, /* _URE_RTL */ + + { 0, UC_EN }, /* _URE_EURONUM */ + { 0, UC_ES }, /* _URE_EURONUMSEP */ + { 0, UC_ET }, /* _URE_EURONUMTERM */ + { 0, UC_AN }, /* _URE_ARABNUM */ + { 0, UC_CS }, /* _URE_COMMONSEP */ + + { 0, UC_B }, /* _URE_BLOCKSEP */ + { 0, UC_S }, /* _URE_SEGMENTSEP */ + + { 0, UC_WS }, /* _URE_WHITESPACE */ + { 0, UC_ON } /* _URE_OTHERNEUT */ +}; + + +/* + * This routine takes a set of URE character property flags (see ure.h) along + * with a character and tests to see if the character has one or more of those + * properties. + */ +int +_ure_matches_properties(unsigned long props, ucs4_t c) +{ + int i; + unsigned long mask1=0, mask2=0; + + for( i=0; i<32; i++ ) { + if( props & (1 << i) ) { + mask1 |= masks[i].mask1; + mask2 |= masks[i].mask2; + } + } + + return ucisprop( mask1, mask2, c ); +} diff --git a/src/lib/krb5/unicode/utbm/README b/src/lib/krb5/unicode/utbm/README new file mode 100644 index 0000000000..8c0212dcf5 --- /dev/null +++ b/src/lib/krb5/unicode/utbm/README @@ -0,0 +1,121 @@ +# +# $Id: README,v 1.1 1999/09/21 15:45:17 mleisher Exp $ +# +# Copyright 1997, 1998, 1999 Computing Research Labs, +# New Mexico State University +# +# Permission is hereby granted, free of charge, to any person obtaining a +# copy of this software and associated documentation files (the "Software"), +# to deal in the Software without restriction, including without limitation +# the rights to use, copy, modify, merge, publish, distribute, sublicense, +# and/or sell copies of the Software, and to permit persons to whom the +# Software is furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +# THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY +# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT +# OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR +# THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# + + Unicode and Boyer-Moore Searching + Version 0.2 + +UTBM (Unicode Tuned Boyer-Moore) is a simple package that provides tuned +Boyer-Moore searches on Unicode UCS2 text (handles high and low surrogates). + +--------------------------------------------------------------------------- + +Assumptions: + + o Search pattern and text already normalized in some fasion. + + o Upper, lower, and title case conversions are one-to-one. + + o For conversions between upper, lower, and title case, UCS2 characters + always convert to other UCS2 characters, and UTF-16 characters always + convert to other UTF-16 characters. + +Flags: + + UTBM provides three processing flags: + + o UTBM_CASEFOLD - search in a case-insensitive manner. + + o UTBM_IGNORE_NONSPACING - ignore non-spacing characters in the pattern and + the text. + + o UTBM_SPACE_COMPRESS - view as a *single space*, sequential groups of + U+2028, U+2029, '\n', '\r', '\t', and any + character identified as a space by the Unicode + support on the platform. + + This flag also causes all characters identified + as control by the Unicode support on the + platform to be ignored (except for '\n', '\r', + and '\t'). + +--------------------------------------------------------------------------- + +Before using UTBM +----------------- +Before UTBM is used, some functions need to be created. The "utbmstub.c" file +contains stubs that need to be rewritten so they work with the Unicode support +on the platform on which this package is being used. + +Using UTBM +---------- + +Sample pseudo-code fragment. + + utbm_pattern_t pat; + ucs2_t *pattern, *text; + unsigned long patternlen, textlen; + unsigned long flags, match_start, match_end; + + /* + * Allocate the dynamic storage needed for a search pattern. + */ + pat = utbm_create_pattern(); + + /* + * Set the search flags desired. + */ + flags = UTBM_CASEFOLD|UTBM_IGNORE_NONSPACING; + + /* + * Compile the search pattern. + */ + utbm_compile(pattern, patternlen, flags, pat); + + /* + * Find the first occurance of the search pattern in the text. + */ + if (utbm_exec(pat, text, textlen, &match_start, &match_end)) + printf("MATCH: %ld %ld\n", match_start, match_end); + + /* + * Free the dynamic storage used for the search pattern. + */ + ure_free_pattern(pat); + +--------------------------------------------------------------------------- + +Mark Leisher +2 May 1997 + +=========================================================================== + +CHANGES +------- + +Version: 0.2 +Date : 21 September 1999 +========================== + 1. Added copyright stuff and put in CVS. + diff --git a/src/lib/krb5/unicode/utbm/utbm.c b/src/lib/krb5/unicode/utbm/utbm.c new file mode 100644 index 0000000000..ffc84afbc7 --- /dev/null +++ b/src/lib/krb5/unicode/utbm/utbm.c @@ -0,0 +1,472 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.c,v 1.9 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 1997, 1998, 1999 Computing Research Labs, + * New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: utbm.c,v 1.1 1999/09/21 15:45:17 mleisher Exp $ */ + +/* + * Assumptions: + * 1. Case conversions of UTF-16 characters must also be UTF-16 characters. + * 2. Case conversions are all one-to-one. + * 3. Text and pattern have already been normalized in some fashion. + */ + +#include +#include +#include +#include "utbm.h" + +/* + * Single pattern character. + */ +typedef struct { + ucs4_t lc; + ucs4_t uc; + ucs4_t tc; +} _utbm_char_t; + +typedef struct { + _utbm_char_t *ch; + unsigned long skip; +} _utbm_skip_t; + +typedef struct _utbm_pattern_t { + unsigned long flags; + + _utbm_char_t *pat; + unsigned long pat_used; + unsigned long pat_size; + unsigned long patlen; + + _utbm_skip_t *skip; + unsigned long skip_used; + unsigned long skip_size; + + unsigned long md4; +} _utbm_pattern_t; + +/************************************************************************* + * + * Support functions. + * + *************************************************************************/ + +/* + * Routine to look up the skip value for a character. + */ +static unsigned long +_utbm_skip(utbm_pattern_t p, ucs2_t *start, ucs2_t *end) +{ + unsigned long i; + ucs4_t c1, c2; + _utbm_skip_t *sp; + + if (start >= end) + return 0; + + c1 = *start; + c2 = (start + 1 < end) ? *(start + 1) : ~0; + if (0xd800 <= c1 && c1 <= 0xdbff && 0xdc00 <= c2 && c2 <= 0xdfff) + c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff)); + + for (i = 0, sp = p->skip; i < p->skip_used; i++, sp++) { + if (!((c1 ^ sp->ch->uc) & (c1 ^ sp->ch->lc) & (c1 ^ sp->ch->tc))) { + return ((unsigned long) (end - start) < sp->skip) ? + end - start : sp->skip; + } + } + return p->patlen; +} + +static int +_utbm_match(utbm_pattern_t pat, ucs2_t *text, ucs2_t *start, ucs2_t *end, + unsigned long *match_start, unsigned long *match_end) +{ + int check_space; + ucs4_t c1, c2; + unsigned long count; + _utbm_char_t *cp; + + /* + * Set the potential match endpoint first. + */ + *match_end = (start - text) + 1; + + c1 = *start; + c2 = (start + 1 < end) ? *(start + 1) : ~0; + if (0xd800 <= c1 && c1 <= 0xdbff && 0xdc00 <= c2 && c2 <= 0xdfff) { + c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff)); + /* + * Adjust the match end point to occur after the UTF-16 character. + */ + *match_end = *match_end + 1; + } + + if (pat->pat_used == 1) { + *match_start = start - text; + return 1; + } + + /* + * Compare backward. + */ + cp = pat->pat + (pat->pat_used - 1); + + for (count = pat->patlen; start > text && count > 0;) { + /* + * Ignore non-spacing characters if indicated. + */ + if (pat->flags & UTBM_IGNORE_NONSPACING) { + while (start > text && _utbm_nonspacing(c1)) { + c2 = *--start; + c1 = (start - 1 > text) ? *(start - 1) : ~0; + if (0xdc00 <= c2 && c2 <= 0xdfff && + 0xd800 <= c1 && c1 <= 0xdbff) { + c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff)); + start--; + } else + c1 = c2; + } + } + + /* + * Handle space compression if indicated. + */ + if (pat->flags & UTBM_SPACE_COMPRESS) { + check_space = 0; + while (start > text && + (_utbm_isspace(c1, 1) || _utbm_iscntrl(c1))) { + check_space = _utbm_isspace(c1, 1); + c2 = *--start; + c1 = (start - 1 > text) ? *(start - 1) : ~0; + if (0xdc00 <= c2 && c2 <= 0xdfff && + 0xd800 <= c1 && c1 <= 0xdbff) { + c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff)); + start--; + } else + c1 = c2; + } + /* + * Handle things if space compression was indicated and one or + * more member characters were found. + */ + if (check_space) { + if (cp->uc != ' ') + return 0; + cp--; + count--; + } + } + + /* + * Handle the normal comparison cases. + */ + if (count > 0 && ((c1 ^ cp->uc) & (c1 ^ cp->lc) & (c1 ^ cp->tc))) + return 0; + + count -= (c1 >= 0x10000) ? 2 : 1; + if (count > 0) { + cp--; + + /* + * Get the next preceding character. + */ + if (start > text) { + c2 = *--start; + c1 = (start - 1 > text) ? *(start - 1) : ~0; + if (0xdc00 <= c2 && c2 <= 0xdfff && + 0xd800 <= c1 && c1 <= 0xdbff) { + c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff)); + start--; + } else + c1 = c2; + } + } + } + + /* + * Set the match start position. + */ + *match_start = start - text; + return 1; +} + +/************************************************************************* + * + * API. + * + *************************************************************************/ + +utbm_pattern_t +utbm_create_pattern(void) +{ + utbm_pattern_t p; + + p = (utbm_pattern_t) malloc(sizeof(_utbm_pattern_t)); + (void) memset((char *) p, '\0', sizeof(_utbm_pattern_t)); + return p; +} + +void +utbm_free_pattern(utbm_pattern_t pattern) +{ + if (pattern == 0) + return; + + if (pattern->pat_size > 0) + free((char *) pattern->pat); + + if (pattern->skip_size > 0) + free((char *) pattern->skip); + + free((char *) pattern); +} + +void +utbm_compile(ucs2_t *pat, unsigned long patlen, unsigned long flags, + utbm_pattern_t p) +{ + int have_space; + unsigned long i, j, k, slen; + _utbm_char_t *cp; + _utbm_skip_t *sp; + ucs4_t c1, c2, sentinel; + + if (p == 0 || pat == 0 || *pat == 0 || patlen == 0) + return; + + /* + * Reset the pattern buffer. + */ + p->patlen = p->pat_used = p->skip_used = 0; + + /* + * Set the flags. + */ + p->flags = flags; + + /* + * Initialize the extra skip flag. + */ + p->md4 = 1; + + /* + * Allocate more storage if necessary. + */ + if (patlen > p->pat_size) { + if (p->pat_size == 0) { + p->pat = (_utbm_char_t *) malloc(sizeof(_utbm_char_t) * patlen); + p->skip = (_utbm_skip_t *) malloc(sizeof(_utbm_skip_t) * patlen); + } else { + p->pat = (_utbm_char_t *) + realloc((char *) p->pat, sizeof(_utbm_char_t) * patlen); + p->skip = (_utbm_skip_t *) + realloc((char *) p->skip, sizeof(_utbm_skip_t) * patlen); + } + p->pat_size = p->skip_size = patlen; + } + + /* + * Preprocess the pattern to remove controls (if specified) and determine + * case. + */ + for (have_space = 0, cp = p->pat, i = 0; i < patlen; i++) { + c1 = pat[i]; + c2 = (i + 1 < patlen) ? pat[i + 1] : ~0; + if (0xd800 <= c1 && c1 <= 0xdbff && 0xdc00 <= c2 && c2 <= 0xdfff) + c1 = 0x10000 + (((c1 & 0x03ff) << 10) | (c2 & 0x03ff)); + + /* + * Make sure the `have_space' flag is turned off if the character + * is not an appropriate one. + */ + if (!_utbm_isspace(c1, flags & UTBM_SPACE_COMPRESS)) + have_space = 0; + + /* + * If non-spacing characters should be ignored, do it here. + */ + if ((flags & UTBM_IGNORE_NONSPACING) && _utbm_nonspacing(c1)) + continue; + + /* + * Check if spaces and controls need to be compressed. + */ + if (flags & UTBM_SPACE_COMPRESS) { + if (_utbm_isspace(c1, 1)) { + if (!have_space) { + /* + * Add a space and set the flag. + */ + cp->uc = cp->lc = cp->tc = ' '; + cp++; + + /* + * Increase the real pattern length. + */ + p->patlen++; + sentinel = ' '; + have_space = 1; + } + continue; + } + + /* + * Ignore all control characters. + */ + if (_utbm_iscntrl(c1)) + continue; + } + + /* + * Add the character. + */ + if (flags & UTBM_CASEFOLD) { + cp->uc = _utbm_toupper(c1); + cp->lc = _utbm_tolower(c1); + cp->tc = _utbm_totitle(c1); + } else + cp->uc = cp->lc = cp->tc = c1; + + /* + * Set the sentinel character. + */ + sentinel = cp->uc; + + /* + * Move to the next character. + */ + cp++; + + /* + * Increase the real pattern length appropriately. + */ + p->patlen += (c1 >= 0x10000) ? 2 : 1; + + /* + * Increment the loop index for UTF-16 characters. + */ + i += (c1 >= 0x10000) ? 1 : 0; + + } + + /* + * Set the number of characters actually used. + */ + p->pat_used = cp - p->pat; + + /* + * Go through and construct the skip array and determine the actual length + * of the pattern in UCS2 terms. + */ + slen = p->patlen - 1; + cp = p->pat; + for (i = k = 0; i < p->pat_used; i++, cp++) { + /* + * Locate the character in the skip array. + */ + for (sp = p->skip, j = 0; + j < p->skip_used && sp->ch->uc != cp->uc; j++, sp++) ; + + /* + * If the character is not found, set the new skip element and + * increase the number of skip elements. + */ + if (j == p->skip_used) { + sp->ch = cp; + p->skip_used++; + } + + /* + * Set the updated skip value. If the character is UTF-16 and is + * not the last one in the pattern, add one to its skip value. + */ + sp->skip = slen - k; + if (cp->uc >= 0x10000 && k + 2 < slen) + sp->skip++; + + /* + * Set the new extra skip for the sentinel character. + */ + if (((cp->uc >= 0x10000 && k + 2 <= slen) || k + 1 <= slen) && + cp->uc == sentinel) + p->md4 = slen - k; + + /* + * Increase the actual index. + */ + k += (cp->uc >= 0x10000) ? 2 : 1; + } +} + +int +utbm_exec(utbm_pattern_t pat, ucs2_t *text, unsigned long textlen, + unsigned long *match_start, unsigned long *match_end) +{ + unsigned long k; + ucs2_t *start, *end; + + if (pat == 0 || pat->pat_used == 0 || text == 0 || textlen == 0 || + textlen < pat->patlen) + return 0; + + start = text + pat->patlen; + end = text + textlen; + + /* + * Adjust the start point if it points to a low surrogate. + */ + if (0xdc00 <= *start && *start <= 0xdfff && + 0xd800 <= *(start - 1) && *(start - 1) <= 0xdbff) + start--; + + while (start < end) { + while ((k = _utbm_skip(pat, start, end))) { + start += k; + if (start < end && 0xdc00 <= *start && *start <= 0xdfff && + 0xd800 <= *(start - 1) && *(start - 1) <= 0xdbff) + start--; + } + + if (start < end && + _utbm_match(pat, text, start, end, match_start, match_end)) + return 1; + + start += pat->md4; + if (start < end && 0xdc00 <= *start && *start <= 0xdfff && + 0xd800 <= *(start - 1) && *(start - 1) <= 0xdbff) + start--; + } + return 0; +} diff --git a/src/lib/krb5/unicode/utbm/utbm.h b/src/lib/krb5/unicode/utbm/utbm.h new file mode 100644 index 0000000000..26adee9c89 --- /dev/null +++ b/src/lib/krb5/unicode/utbm/utbm.h @@ -0,0 +1,107 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbm.h,v 1.10 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 1997, 1998, 1999 Computing Research Labs, + * New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: utbm.h,v 1.1 1999/09/21 15:45:18 mleisher Exp $ */ + +#ifndef _h_utbm +#define _h_utbm + +#include "k5-int.h" + +/************************************************************************* + * + * Types. + * + *************************************************************************/ + +/* + * Fundamental character types. + */ +typedef krb5_ui_4 ucs4_t; +typedef krb5_ui_2 ucs2_t; + +/* + * An opaque type used for the search pattern. + */ +typedef struct _utbm_pattern_t *utbm_pattern_t; + +/************************************************************************* + * + * Flags. + * + *************************************************************************/ + +#define UTBM_CASEFOLD 0x01 +#define UTBM_IGNORE_NONSPACING 0x02 +#define UTBM_SPACE_COMPRESS 0x04 + +/************************************************************************* + * + * API. + * + *************************************************************************/ + +utbm_pattern_t utbm_create_pattern (void); + +void utbm_free_pattern (utbm_pattern_t pattern); + +void +utbm_compile (ucs2_t *pat, unsigned long patlen, + unsigned long flags, utbm_pattern_t pattern); + +int +utbm_exec (utbm_pattern_t pat, ucs2_t *text, + unsigned long textlen, unsigned long *match_start, + unsigned long *match_end); + +/************************************************************************* + * + * Prototypes for the stub functions needed. + * + *************************************************************************/ + +int _utbm_isspace (ucs4_t c, int compress); + +int _utbm_iscntrl (ucs4_t c); + +int _utbm_nonspacing (ucs4_t c); + +ucs4_t _utbm_tolower (ucs4_t c); + +ucs4_t _utbm_toupper (ucs4_t c); + +ucs4_t _utbm_totitle (ucs4_t c); + +#endif /* _h_utbm */ diff --git a/src/lib/krb5/unicode/utbm/utbmstub.c b/src/lib/krb5/unicode/utbm/utbmstub.c new file mode 100644 index 0000000000..866632807f --- /dev/null +++ b/src/lib/krb5/unicode/utbm/utbmstub.c @@ -0,0 +1,105 @@ +/* $OpenLDAP: pkg/ldap/libraries/liblunicode/utbm/utbmstub.c,v 1.8 2008/01/07 23:20:05 kurt Exp $ */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Copyright 1997, 1998, 1999 Computing Research Labs, + * New Mexico State University + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT + * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR + * THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +/* $Id: utbmstub.c,v 1.1 1999/09/21 15:45:18 mleisher Exp $ */ + +#include "utbm.h" + +/* + * This should be redefined to use the `isspace' function available in the + * Unicode support on the platform where this is being used. + */ +#define _platform_isspace(x) 0 + +/* + * Return non-zero for any character that should be considered the equivalent + * of a space character. Return zero otherwise. + */ +int +_utbm_isspace(ucs4_t c, int compress) +{ + if (compress) + return (c == 0x09 || c == 0x0a || c == 0x0d || + c == 0x2028 || c == 0x2029 || _platform_isspace(c)) ? 1 : 0; + + return _platform_isspace(c); + +} + +/* + * Return non-zero if the character is a control character, or zero otherwise. + */ +int +_utbm_iscntrl(ucs4_t c) +{ + return 0; +} + +/* + * Return non-zero if the character is a non-spacing character, or zero + * otherwise. + */ +int +_utbm_nonspacing(ucs4_t c) +{ + return 0; +} + +/* + * Convert a character to lower case. + */ +ucs4_t +_utbm_tolower(ucs4_t c) +{ + return c; +} + +/* + * Convert a character to upper case. + */ +ucs4_t +_utbm_toupper(ucs4_t c) +{ + return c; +} + +/* + * Convert a character to title case. + */ +ucs4_t +_utbm_totitle(ucs4_t c) +{ + return c; +} diff --git a/src/lib/rpc/Makefile.in b/src/lib/rpc/Makefile.in index 52eb79f0d7..ec164a8871 100644 --- a/src/lib/rpc/Makefile.in +++ b/src/lib/rpc/Makefile.in @@ -239,326 +239,3 @@ clean-windows:: @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -auth_none.so auth_none.po $(OUTPRE)auth_none.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - auth_none.c -auth_unix.so auth_unix.po $(OUTPRE)auth_unix.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - auth_unix.c -authgss_prot.so authgss_prot.po $(OUTPRE)authgss_prot.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - authgss_prot.c -authunix_prot.so authunix_prot.po $(OUTPRE)authunix_prot.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h authunix_prot.c -auth_gss.so auth_gss.po $(OUTPRE)auth_gss.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h auth_gss.c -auth_gssapi.so auth_gssapi.po $(OUTPRE)auth_gssapi.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/krb5.h auth_gssapi.c -auth_gssapi_misc.so auth_gssapi_misc.po $(OUTPRE)auth_gssapi_misc.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h auth_gssapi_misc.c -bindresvport.so bindresvport.po $(OUTPRE)bindresvport.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - bindresvport.c -clnt_generic.so clnt_generic.po $(OUTPRE)clnt_generic.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h clnt_generic.c -clnt_perror.so clnt_perror.po $(OUTPRE)clnt_perror.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - clnt_perror.c -clnt_raw.so clnt_raw.po $(OUTPRE)clnt_raw.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - clnt_raw.c -clnt_simple.so clnt_simple.po $(OUTPRE)clnt_simple.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/port-sockets.h \ - clnt_simple.c -clnt_tcp.so clnt_tcp.po $(OUTPRE)clnt_tcp.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/port-sockets.h clnt_tcp.c -clnt_udp.so clnt_udp.po $(OUTPRE)clnt_udp.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/port-sockets.h clnt_udp.c -dyn.so dyn.po $(OUTPRE)dyn.$(OBJEXT): dyn.c dyn.h dynP.h -rpc_dtablesize.so rpc_dtablesize.po $(OUTPRE)rpc_dtablesize.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - rpc_dtablesize.c -get_myaddress.so get_myaddress.po $(OUTPRE)get_myaddress.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/krb5.h get_myaddress.c -getrpcport.so getrpcport.po $(OUTPRE)getrpcport.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - getrpcport.c -pmap_clnt.so pmap_clnt.po $(OUTPRE)pmap_clnt.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - pmap_clnt.c -pmap_getmaps.so pmap_getmaps.po $(OUTPRE)pmap_getmaps.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - pmap_getmaps.c -pmap_getport.so pmap_getport.po $(OUTPRE)pmap_getport.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - pmap_getport.c -pmap_prot.so pmap_prot.po $(OUTPRE)pmap_prot.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - pmap_prot.c -pmap_prot2.so pmap_prot2.po $(OUTPRE)pmap_prot2.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - pmap_prot2.c -pmap_rmt.so pmap_rmt.po $(OUTPRE)pmap_rmt.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_prot.h $(SRCTOP)/include/gssrpc/pmap_rmt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h pmap_rmt.c -rpc_prot.so rpc_prot.po $(OUTPRE)rpc_prot.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - rpc_prot.c -rpc_commondata.so rpc_commondata.po $(OUTPRE)rpc_commondata.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - rpc_commondata.c -rpc_callmsg.so rpc_callmsg.po $(OUTPRE)rpc_callmsg.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - rpc_callmsg.c -svc.so svc.po $(OUTPRE)svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h svc.c -svc_auth.so svc_auth.po $(OUTPRE)svc_auth.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - svc_auth.c -svc_auth_gss.so svc_auth_gss.po $(OUTPRE)svc_auth_gss.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - svc_auth_gss.c -svc_auth_none.so svc_auth_none.po $(OUTPRE)svc_auth_none.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - svc_auth_none.c -svc_auth_unix.so svc_auth_unix.po $(OUTPRE)svc_auth_unix.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - svc_auth_unix.c -svc_auth_gssapi.so svc_auth_gssapi.po $(OUTPRE)svc_auth_gssapi.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/krb5.h \ - svc_auth_gssapi.c -svc_raw.so svc_raw.po $(OUTPRE)svc_raw.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h svc_raw.c -svc_run.so svc_run.po $(OUTPRE)svc_run.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h svc_run.c -svc_simple.so svc_simple.po $(OUTPRE)svc_simple.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h svc_simple.c -svc_tcp.so svc_tcp.po $(OUTPRE)svc_tcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h svc_tcp.c -svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h svc_udp.c -xdr.so xdr.po $(OUTPRE)xdr.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - xdr.c -xdr_array.so xdr_array.po $(OUTPRE)xdr_array.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h xdr_array.c -xdr_float.so xdr_float.po $(OUTPRE)xdr_float.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h xdr_float.c -xdr_mem.so xdr_mem.po $(OUTPRE)xdr_mem.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - xdr_mem.c -xdr_rec.so xdr_rec.po $(OUTPRE)xdr_rec.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - xdr_rec.c -xdr_reference.so xdr_reference.po $(OUTPRE)xdr_reference.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h xdr_reference.c -xdr_stdio.so xdr_stdio.po $(OUTPRE)xdr_stdio.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h xdr_stdio.c -xdr_sizeof.so xdr_sizeof.po $(OUTPRE)xdr_sizeof.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h xdr_sizeof.c -xdr_alloc.so xdr_alloc.po $(OUTPRE)xdr_alloc.$(OBJEXT): \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h dyn.h xdr_alloc.c diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c index fa8ce4b176..7211156708 100644 --- a/src/lib/rpc/auth_gssapi.c +++ b/src/lib/rpc/auth_gssapi.c @@ -16,6 +16,8 @@ #include #include +#include "gssrpcint.h" + #ifdef __CODECENTER__ #define DEBUG_GSSAPI 1 #endif diff --git a/src/lib/rpc/auth_gssapi_misc.c b/src/lib/rpc/auth_gssapi_misc.c index 89569f0a62..908ac0cb2a 100644 --- a/src/lib/rpc/auth_gssapi_misc.c +++ b/src/lib/rpc/auth_gssapi_misc.c @@ -9,6 +9,8 @@ #include #include +#include "gssrpcint.h" + #ifdef __CODECENTER__ #define DEBUG_GSSAPI 1 #endif @@ -181,7 +183,7 @@ static void auth_gssapi_display_status_1( putc ('\n', stderr); if (misc_debug_gssapi) gssrpcint_printf("GSS-API authentication error %s: %*s\n", - m, msg.length, msg.value); + m, msg.length, (char *) msg.value); (void) gss_release_buffer(&minor_stat, &msg); if (!msg_ctx) diff --git a/src/lib/rpc/clnt_perror.c b/src/lib/rpc/clnt_perror.c index 0a52885a3d..09b432294f 100644 --- a/src/lib/rpc/clnt_perror.c +++ b/src/lib/rpc/clnt_perror.c @@ -233,7 +233,7 @@ static struct rpc_errtab rpc_errlist[] = { char * clnt_sperrno(enum clnt_stat stat) { - int i; + unsigned int i; for (i = 0; i < sizeof(rpc_errlist)/sizeof(struct rpc_errtab); i++) { if (rpc_errlist[i].status == stat) { @@ -339,7 +339,7 @@ static struct auth_errtab auth_errlist[] = { static char * auth_errmsg(enum auth_stat stat) { - int i; + unsigned int i; for (i = 0; i < sizeof(auth_errlist)/sizeof(struct auth_errtab); i++) { if (auth_errlist[i].status == stat) { diff --git a/src/lib/rpc/clnt_simple.c b/src/lib/rpc/clnt_simple.c index 65ae5c1765..3649c8048b 100644 --- a/src/lib/rpc/clnt_simple.c +++ b/src/lib/rpc/clnt_simple.c @@ -51,7 +51,9 @@ static char sccsid[] = "@(#)clnt_simple.c 1.35 87/08/11 Copyr 1984 Sun Micro"; static struct callrpc_private { CLIENT *client; SOCKET socket; - int oldprognum, oldversnum, valid; + rpcprog_t oldprognum; + rpcvers_t oldversnum; + int valid; char *oldhost; } *callrpc_private; diff --git a/src/lib/rpc/deps b/src/lib/rpc/deps new file mode 100644 index 0000000000..53ea7ae59a --- /dev/null +++ b/src/lib/rpc/deps @@ -0,0 +1,323 @@ +# +# Generated makefile dependencies follow. +# +auth_none.so auth_none.po $(OUTPRE)auth_none.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + auth_none.c +auth_unix.so auth_unix.po $(OUTPRE)auth_unix.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + auth_unix.c +authgss_prot.so authgss_prot.po $(OUTPRE)authgss_prot.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + authgss_prot.c +authunix_prot.so authunix_prot.po $(OUTPRE)authunix_prot.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h authunix_prot.c +auth_gss.so auth_gss.po $(OUTPRE)auth_gss.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h auth_gss.c +auth_gssapi.so auth_gssapi.po $(OUTPRE)auth_gssapi.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/krb5.h \ + auth_gssapi.c gssrpcint.h +auth_gssapi_misc.so auth_gssapi_misc.po $(OUTPRE)auth_gssapi_misc.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h auth_gssapi_misc.c gssrpcint.h +bindresvport.so bindresvport.po $(OUTPRE)bindresvport.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + bindresvport.c +clnt_generic.so clnt_generic.po $(OUTPRE)clnt_generic.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h clnt_generic.c +clnt_perror.so clnt_perror.po $(OUTPRE)clnt_perror.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + clnt_perror.c +clnt_raw.so clnt_raw.po $(OUTPRE)clnt_raw.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + clnt_raw.c +clnt_simple.so clnt_simple.po $(OUTPRE)clnt_simple.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/port-sockets.h \ + clnt_simple.c +clnt_tcp.so clnt_tcp.po $(OUTPRE)clnt_tcp.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/port-sockets.h clnt_tcp.c +clnt_udp.so clnt_udp.po $(OUTPRE)clnt_udp.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/port-sockets.h clnt_udp.c +dyn.so dyn.po $(OUTPRE)dyn.$(OBJEXT): dyn.c dyn.h dynP.h +rpc_dtablesize.so rpc_dtablesize.po $(OUTPRE)rpc_dtablesize.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + rpc_dtablesize.c +get_myaddress.so get_myaddress.po $(OUTPRE)get_myaddress.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/krb5.h get_myaddress.c +getrpcport.so getrpcport.po $(OUTPRE)getrpcport.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + getrpcport.c +pmap_clnt.so pmap_clnt.po $(OUTPRE)pmap_clnt.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + pmap_clnt.c +pmap_getmaps.so pmap_getmaps.po $(OUTPRE)pmap_getmaps.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + pmap_getmaps.c +pmap_getport.so pmap_getport.po $(OUTPRE)pmap_getport.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + pmap_getport.c +pmap_prot.so pmap_prot.po $(OUTPRE)pmap_prot.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + pmap_prot.c +pmap_prot2.so pmap_prot2.po $(OUTPRE)pmap_prot2.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + pmap_prot2.c +pmap_rmt.so pmap_rmt.po $(OUTPRE)pmap_rmt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_prot.h $(SRCTOP)/include/gssrpc/pmap_rmt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h pmap_rmt.c +rpc_prot.so rpc_prot.po $(OUTPRE)rpc_prot.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + rpc_prot.c +rpc_commondata.so rpc_commondata.po $(OUTPRE)rpc_commondata.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + rpc_commondata.c +rpc_callmsg.so rpc_callmsg.po $(OUTPRE)rpc_callmsg.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + rpc_callmsg.c +svc.so svc.po $(OUTPRE)svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h svc.c +svc_auth.so svc_auth.po $(OUTPRE)svc_auth.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + svc_auth.c +svc_auth_gss.so svc_auth_gss.po $(OUTPRE)svc_auth_gss.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h svc_auth_gss.c +svc_auth_none.so svc_auth_none.po $(OUTPRE)svc_auth_none.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + svc_auth_none.c +svc_auth_unix.so svc_auth_unix.po $(OUTPRE)svc_auth_unix.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + svc_auth_unix.c +svc_auth_gssapi.so svc_auth_gssapi.po $(OUTPRE)svc_auth_gssapi.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/krb5.h \ + gssrpcint.h svc_auth_gssapi.c +svc_raw.so svc_raw.po $(OUTPRE)svc_raw.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h svc_raw.c +svc_run.so svc_run.po $(OUTPRE)svc_run.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h svc_run.c +svc_simple.so svc_simple.po $(OUTPRE)svc_simple.$(OBJEXT): \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h svc_simple.c +svc_tcp.so svc_tcp.po $(OUTPRE)svc_tcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h svc_tcp.c +svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h svc_udp.c +xdr.so xdr.po $(OUTPRE)xdr.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + xdr.c +xdr_array.so xdr_array.po $(OUTPRE)xdr_array.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h xdr_array.c +xdr_float.so xdr_float.po $(OUTPRE)xdr_float.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h xdr_float.c +xdr_mem.so xdr_mem.po $(OUTPRE)xdr_mem.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + xdr_mem.c +xdr_rec.so xdr_rec.po $(OUTPRE)xdr_rec.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + xdr_rec.c +xdr_reference.so xdr_reference.po $(OUTPRE)xdr_reference.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h xdr_reference.c +xdr_stdio.so xdr_stdio.po $(OUTPRE)xdr_stdio.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h xdr_stdio.c +xdr_sizeof.so xdr_sizeof.po $(OUTPRE)xdr_sizeof.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h xdr_sizeof.c +xdr_alloc.so xdr_alloc.po $(OUTPRE)xdr_alloc.$(OBJEXT): \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h dyn.h xdr_alloc.c diff --git a/src/lib/des425/weak_key.c b/src/lib/rpc/gssrpcint.h similarity index 75% rename from src/lib/des425/weak_key.c rename to src/lib/rpc/gssrpcint.h index f4ef6fbc55..c9f03d868b 100644 --- a/src/lib/des425/weak_key.c +++ b/src/lib/rpc/gssrpcint.h @@ -1,8 +1,8 @@ /* - * lib/des425/weak_key.c + * lib/rpc/gssrpcint.h * - * Copyright 1989,1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. + * Copyright (C) 2008 by the Massachusetts Institute of Technology. + * All rights reserved. * * Export of this software from the United States of America may * require a specific license from the United States Government. @@ -23,19 +23,17 @@ * this software for any purpose. It is provided "as is" without express * or implied warranty. * + * + * <<< Description >>> */ -#include "des_int.h" -#include "des.h" +#ifndef __GSSRPCINT_H__ +#define __GSSRPCINT_H__ -/* - * mit_des_is_weak_key: returns true iff key is a [semi-]weak des key. - * - * Requires: key has correct odd parity. - */ -int -des_is_weak_key(key) - mit_des_cblock key; -{ - return (mit_des_is_weak_key(key)); -} +extern void gssrpcint_printf(const char *format, ...) +#if !defined(__cplusplus) && (__GNUC__ > 2) + __attribute__((__format__(__printf__, 1, 2))) +#endif + ; + +#endif /* __GSSRPCINT_H__ */ diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index 8b82291a00..990e7fa85c 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -47,6 +47,7 @@ #include #include #endif +#include "k5-platform.h" /* SIZE_MAX */ #ifdef DEBUG_GSSAPI int svc_debug_gss = DEBUG_GSSAPI; diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c index f899c89689..e374f006ba 100644 --- a/src/lib/rpc/svc_auth_gssapi.c +++ b/src/lib/rpc/svc_auth_gssapi.c @@ -24,6 +24,8 @@ #include #endif +#include "gssrpcint.h" + #ifdef GSSAPI_KRB5 /* This is here for the krb5_error_code typedef and the KRB5KRB_AP_WRONG_PRINC #define.*/ @@ -403,7 +405,7 @@ enum auth_stat gssrpc__svcauth_gssapi( break; PRINTF(("accept_sec_context returned 0x%x 0x%x wrong-princ=%#x\n", - call_res.gss_major, call_res.gss_minor, KRB5KRB_AP_WRONG_PRINC)); + call_res.gss_major, call_res.gss_minor, (int) KRB5KRB_AP_WRONG_PRINC)); if (call_res.gss_major == GSS_S_COMPLETE || call_res.gss_major == GSS_S_CONTINUE_NEEDED) { /* server_creds was right, set it! */ @@ -950,7 +952,7 @@ bool_t svcauth_gssapi_set_names( in_buf.value = names[i].name; in_buf.length = strlen(in_buf.value) + 1; - PRINTF(("svcauth_gssapi_set_names: importing %s\n", in_buf.value)); + PRINTF(("svcauth_gssapi_set_names: importing %s\n", names[i].name)); gssstat = gss_import_name(&minor_stat, &in_buf, names[i].type, &server_name_list[i]); diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in index 9f84eb2b3b..ee6f66e603 100644 --- a/src/lib/rpc/unit-test/Makefile.in +++ b/src/lib/rpc/unit-test/Makefile.in @@ -69,39 +69,3 @@ clean:: $(RM) server client $(RM) dbg.log rpc_test.log rpc_test.sum -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h client.c rpc_test.h -$(OUTPRE)rpc_test_clnt.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h rpc_test.h rpc_test_clnt.c -$(OUTPRE)rpc_test_svc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h rpc_test.h rpc_test_svc.c -$(OUTPRE)server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h rpc_test.h server.c diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c index e66f040a0f..662a8c51c6 100644 --- a/src/lib/rpc/unit-test/client.c +++ b/src/lib/rpc/unit-test/client.c @@ -139,7 +139,7 @@ main(argc, argv) */ echo_arg = buf; for (i = 0; i < 3; i++) { - sprintf(buf, "testing %d\n", i); + snprintf(buf, sizeof(buf), "testing %d\n", i); echo_resp = rpc_test_echo_1(&echo_arg, clnt); if (echo_resp == NULL) { diff --git a/src/lib/rpc/unit-test/deps b/src/lib/rpc/unit-test/deps new file mode 100644 index 0000000000..94e4c8f0af --- /dev/null +++ b/src/lib/rpc/unit-test/deps @@ -0,0 +1,35 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h client.c rpc_test.h +$(OUTPRE)rpc_test_clnt.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h rpc_test.h rpc_test_clnt.c +$(OUTPRE)rpc_test_svc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h rpc_test.h rpc_test_svc.c +$(OUTPRE)server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h rpc_test.h server.c diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c index d4f0d8c6a0..e373a33142 100644 --- a/src/lib/rpc/unit-test/server.c +++ b/src/lib/rpc/unit-test/server.c @@ -9,6 +9,8 @@ static char *rcsid = "$Header$"; #endif +#include "k5-platform.h" + #include #include #include "autoconf.h" @@ -158,8 +160,7 @@ char **rpc_test_echo_1_svc(char **arg, struct svc_req *h) if (res) free(res); - res = (char *) malloc(strlen(*arg) + strlen("Echo: ") + 1); - sprintf(res, "Echo: %s", *arg); + asprintf(&res, "Echo: %s", *arg); return &res; } diff --git a/src/plugins/authdata/greet/Makefile.in b/src/plugins/authdata/greet/Makefile.in index ef5f903c01..d88ba5bc4f 100644 --- a/src/plugins/authdata/greet/Makefile.in +++ b/src/plugins/authdata/greet/Makefile.in @@ -37,11 +37,3 @@ clean:: @libnover_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -greet_auth.so greet_auth.po $(OUTPRE)greet_auth.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/authdata_plugin.h \ - greet_auth.c diff --git a/src/plugins/authdata/greet/deps b/src/plugins/authdata/greet/deps new file mode 100644 index 0000000000..b754fcff91 --- /dev/null +++ b/src/plugins/authdata/greet/deps @@ -0,0 +1,6 @@ +# +# Generated makefile dependencies follow. +# +greet_auth.so greet_auth.po $(OUTPRE)greet_auth.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/authdata_plugin.h \ + greet_auth.c diff --git a/src/plugins/authdata/greet/greet_auth.c b/src/plugins/authdata/greet/greet_auth.c index a9d359eaa6..91b9a697fb 100644 --- a/src/plugins/authdata/greet/greet_auth.c +++ b/src/plugins/authdata/greet/greet_auth.c @@ -65,11 +65,11 @@ greet_authdata(krb5_context ctx, krb5_db_entry *client, free(a); return ENOMEM; } - strcpy(p, "hello there"); + strncpy(p, "hello there", GREET_SIZE-1); a->magic = KV5M_AUTHDATA; a->ad_type = -42; a->length = GREET_SIZE; - a->contents = p; + a->contents = (unsigned char *)p; if (enc_tkt_reply->authorization_data == 0) { count = 0; } else { diff --git a/src/plugins/kdb/db2/Makefile.in b/src/plugins/kdb/db2/Makefile.in index 53663f1b51..c355c37739 100644 --- a/src/plugins/kdb/db2/Makefile.in +++ b/src/plugins/kdb/db2/Makefile.in @@ -93,73 +93,3 @@ depend-verify-db-sys: .d: .depend-verify-db -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdb_xdr.c kdb_xdr.h -adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/kdb/adb_err.h \ - $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h adb_openclose.c policy_db.h -adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/lib/kdb/adb_err.h \ - $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h adb_policy.c policy_db.h -kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_db2.c kdb_db2.h kdb_xdr.h policy_db.h -pol_xdr.so pol_xdr.po $(OUTPRE)pol_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/lib/kdb/adb_err.h \ - $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h pol_xdr.c policy_db.h -db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - db2_exp.c kdb_db2.h kdb_xdr.h policy_db.h diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c index e1df767cda..0457fd58d0 100644 --- a/src/plugins/kdb/db2/db2_exp.c +++ b/src/plugins/kdb/db2/db2_exp.c @@ -124,6 +124,7 @@ WRAP_K (krb5_db2_db_unlock, (krb5_context ctx), (ctx)); WRAP_K (krb5_db2_db_get_principal, (krb5_context ctx, krb5_const_principal p, + unsigned int flags, krb5_db_entry *d, int * i, krb5_boolean *b), @@ -264,4 +265,5 @@ kdb_vftabl kdb_function_table = { /* get_master_key_list */ wrap_krb5_db2_db_get_mkey_list, /* blah blah blah */ 0,0,0,0,0,0,0, /* promote_db */ wrap_krb5_db2_promote_db, + 0,0,0, }; diff --git a/src/plugins/kdb/db2/deps b/src/plugins/kdb/db2/deps new file mode 100644 index 0000000000..f5203c536b --- /dev/null +++ b/src/plugins/kdb/db2/deps @@ -0,0 +1,70 @@ +# +# Generated makefile dependencies follow. +# +kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb_xdr.c kdb_xdr.h +adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/kdb/adb_err.h \ + $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h adb_openclose.c policy_db.h +adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/lib/kdb/adb_err.h \ + $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h adb_policy.c policy_db.h +kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_db2.c kdb_db2.h kdb_xdr.h policy_db.h +pol_xdr.so pol_xdr.po $(OUTPRE)pol_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/lib/kdb/adb_err.h \ + $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h pol_xdr.c policy_db.h +db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + db2_exp.c kdb_db2.h kdb_xdr.h policy_db.h diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index f3092d6937..1627315bbf 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -219,11 +219,8 @@ gen_dbsuffix(char *db_name, char *sfx) if (sfx == NULL) return ((char *) NULL); - dbsuffix = malloc(strlen(db_name) + strlen(sfx) + 1); - if (!dbsuffix) + if (asprintf(&dbsuffix, "%s%s", db_name, sfx) < 0) return (0); - (void) strcpy(dbsuffix, db_name); - (void) strcat(dbsuffix, sfx); return dbsuffix; } @@ -1769,7 +1766,7 @@ krb5_db2_db_rename(context, from, to) retval = errno; goto errout; } - strcat(new_policy, ".lock"); + strlcat(new_policy, ".lock",sizeof(new_policy)); (void) unlink(new_policy); } diff --git a/src/plugins/kdb/db2/libdb2/btree/Makefile.in b/src/plugins/kdb/db2/libdb2/btree/Makefile.in index 6c3444814f..2904b50f77 100644 --- a/src/plugins/kdb/db2/libdb2/btree/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/btree/Makefile.in @@ -15,74 +15,3 @@ all-unix:: all-libobjs clean-unix:: clean-libobjs @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -bt_close.so bt_close.po $(OUTPRE)bt_close.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_close.c btree.h extern.h -bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_conv.c btree.h extern.h -bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_debug.c btree.h extern.h -bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_delete.c btree.h extern.h -bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_get.c btree.h extern.h -bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_open.c btree.h extern.h -bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_overflow.c btree.h extern.h -bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_page.c btree.h extern.h -bt_put.so bt_put.po $(OUTPRE)bt_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_put.c btree.h extern.h -bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_search.c btree.h extern.h -bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - bt_seq.c btree.h extern.h -bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_split.c btree.h extern.h -bt_utils.so bt_utils.po $(OUTPRE)bt_utils.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h bt_utils.c btree.h extern.h diff --git a/src/plugins/kdb/db2/libdb2/btree/deps b/src/plugins/kdb/db2/libdb2/btree/deps new file mode 100644 index 0000000000..3739d2cc5d --- /dev/null +++ b/src/plugins/kdb/db2/libdb2/btree/deps @@ -0,0 +1,69 @@ +# +# Generated makefile dependencies follow. +# +bt_close.so bt_close.po $(OUTPRE)bt_close.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_close.c btree.h extern.h +bt_conv.so bt_conv.po $(OUTPRE)bt_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + bt_conv.c btree.h extern.h +bt_debug.so bt_debug.po $(OUTPRE)bt_debug.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_debug.c btree.h extern.h +bt_delete.so bt_delete.po $(OUTPRE)bt_delete.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_delete.c btree.h extern.h +bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + bt_get.c btree.h extern.h +bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + bt_open.c btree.h extern.h +bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_overflow.c btree.h extern.h +bt_page.so bt_page.po $(OUTPRE)bt_page.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + bt_page.c btree.h extern.h +bt_put.so bt_put.po $(OUTPRE)bt_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + bt_put.c btree.h extern.h +bt_search.so bt_search.po $(OUTPRE)bt_search.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_search.c btree.h extern.h +bt_seq.so bt_seq.po $(OUTPRE)bt_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + bt_seq.c btree.h extern.h +bt_split.so bt_split.po $(OUTPRE)bt_split.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_split.c btree.h extern.h +bt_utils.so bt_utils.po $(OUTPRE)bt_utils.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h bt_utils.c btree.h extern.h diff --git a/src/plugins/kdb/db2/libdb2/db/Makefile.in b/src/plugins/kdb/db2/libdb2/db/Makefile.in index 7c5d2b5829..0b263887dc 100644 --- a/src/plugins/kdb/db2/libdb2/db/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/db/Makefile.in @@ -12,12 +12,3 @@ clean-unix:: clean-libobjs SRCS= $(STLIBOBJS:.o=.c) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -db.so db.po $(OUTPRE)db.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ - db.c diff --git a/src/plugins/kdb/db2/libdb2/db/deps b/src/plugins/kdb/db2/libdb2/db/deps new file mode 100644 index 0000000000..c18e25ab67 --- /dev/null +++ b/src/plugins/kdb/db2/libdb2/db/deps @@ -0,0 +1,7 @@ +# +# Generated makefile dependencies follow. +# +db.so db.po $(OUTPRE)db.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ + db.c diff --git a/src/plugins/kdb/db2/libdb2/deps b/src/plugins/kdb/db2/libdb2/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/plugins/kdb/db2/libdb2/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/plugins/kdb/db2/libdb2/hash/Makefile.in b/src/plugins/kdb/db2/libdb2/hash/Makefile.in index 12b2a471e5..468124b50a 100644 --- a/src/plugins/kdb/db2/libdb2/hash/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/hash/Makefile.in @@ -14,49 +14,3 @@ clean-unix:: clean-libobjs SRCS= $(STLIBOBJS:.o=.c) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -hash.so hash.po $(OUTPRE)hash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h hash.c hash.h page.h -hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.h hash_bigkey.c \ - page.h -hash_debug.so hash_debug.po $(OUTPRE)hash_debug.$(OBJEXT): \ - hash_debug.c -hash_func.so hash_func.po $(OUTPRE)hash_func.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.h hash_func.c \ - page.h -hash_log2.so hash_log2.po $(OUTPRE)hash_log2.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.h hash_log2.c \ - page.h -hash_page.so hash_page.po $(OUTPRE)hash_page.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h hash.h hash_page.c \ - page.h -hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ - hsearch.c search.h -dbm.so dbm.po $(OUTPRE)dbm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/db-ndbm.h $(BUILDTOP)/include/db.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-dbm.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h dbm.c hash.h diff --git a/src/plugins/kdb/db2/libdb2/hash/deps b/src/plugins/kdb/db2/libdb2/hash/deps new file mode 100644 index 0000000000..bd2087072e --- /dev/null +++ b/src/plugins/kdb/db2/libdb2/hash/deps @@ -0,0 +1,44 @@ +# +# Generated makefile dependencies follow. +# +hash.so hash.po $(OUTPRE)hash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h hash.c hash.h page.h +hash_bigkey.so hash_bigkey.po $(OUTPRE)hash_bigkey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_bigkey.c \ + page.h +hash_debug.so hash_debug.po $(OUTPRE)hash_debug.$(OBJEXT): \ + hash_debug.c +hash_func.so hash_func.po $(OUTPRE)hash_func.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_func.c \ + page.h +hash_log2.so hash_log2.po $(OUTPRE)hash_log2.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_log2.c \ + page.h +hash_page.so hash_page.po $(OUTPRE)hash_page.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h hash.h hash_page.c \ + page.h +hsearch.so hsearch.po $(OUTPRE)hsearch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db.h \ + hsearch.c search.h +dbm.so dbm.po $(OUTPRE)dbm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/db-ndbm.h $(BUILDTOP)/include/db.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-dbm.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h dbm.c hash.h diff --git a/src/plugins/kdb/db2/libdb2/mpool/Makefile.in b/src/plugins/kdb/db2/libdb2/mpool/Makefile.in index e33402f492..e554d59933 100644 --- a/src/plugins/kdb/db2/libdb2/mpool/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/mpool/Makefile.in @@ -12,12 +12,3 @@ clean-unix:: clean-libobjs SRCS= $(STLIBOBJS:.o=.c) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -mpool.so mpool.po $(OUTPRE)mpool.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h mpool.c mpool.h diff --git a/src/plugins/kdb/db2/libdb2/mpool/deps b/src/plugins/kdb/db2/libdb2/mpool/deps new file mode 100644 index 0000000000..d9bacde4df --- /dev/null +++ b/src/plugins/kdb/db2/libdb2/mpool/deps @@ -0,0 +1,7 @@ +# +# Generated makefile dependencies follow. +# +mpool.so mpool.po $(OUTPRE)mpool.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h mpool.c mpool.h diff --git a/src/plugins/kdb/db2/libdb2/recno/Makefile.in b/src/plugins/kdb/db2/libdb2/recno/Makefile.in index ddfbf0157e..b3a6ef4552 100644 --- a/src/plugins/kdb/db2/libdb2/recno/Makefile.in +++ b/src/plugins/kdb/db2/libdb2/recno/Makefile.in @@ -14,56 +14,3 @@ clean-unix:: clean-libobjs SRCS= $(STLIBOBJS:.o=.c) -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -rec_close.so rec_close.po $(OUTPRE)rec_close.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ - $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_close.c recno.h -rec_delete.so rec_delete.po $(OUTPRE)rec_delete.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ - $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_delete.c recno.h -rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_get.c recno.h -rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ - $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_open.c recno.h -rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_put.c recno.h -rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ - $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_search.c recno.h -rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ - $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ - $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ - $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ - extern.h rec_seq.c recno.h -rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ - $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ - $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ - $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ - $(srcdir)/../mpool/mpool.h extern.h rec_utils.c recno.h diff --git a/src/plugins/kdb/db2/libdb2/recno/deps b/src/plugins/kdb/db2/libdb2/recno/deps new file mode 100644 index 0000000000..e874e25010 --- /dev/null +++ b/src/plugins/kdb/db2/libdb2/recno/deps @@ -0,0 +1,51 @@ +# +# Generated makefile dependencies follow. +# +rec_close.so rec_close.po $(OUTPRE)rec_close.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_close.c recno.h +rec_delete.so rec_delete.po $(OUTPRE)rec_delete.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_delete.c recno.h +rec_get.so rec_get.po $(OUTPRE)rec_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h rec_get.c recno.h +rec_open.so rec_open.po $(OUTPRE)rec_open.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_open.c recno.h +rec_put.so rec_put.po $(OUTPRE)rec_put.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h rec_put.c recno.h +rec_search.so rec_search.po $(OUTPRE)rec_search.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_search.c recno.h +rec_seq.so rec_seq.po $(OUTPRE)rec_seq.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(srcdir)/../btree/btree.h $(srcdir)/../btree/extern.h \ + $(srcdir)/../include/config.h $(srcdir)/../include/db-config.h \ + $(srcdir)/../include/db-int.h $(srcdir)/../include/db-queue.h \ + $(srcdir)/../include/db.h $(srcdir)/../mpool/mpool.h \ + extern.h rec_seq.c recno.h +rec_utils.so rec_utils.po $(OUTPRE)rec_utils.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(srcdir)/../btree/btree.h \ + $(srcdir)/../btree/extern.h $(srcdir)/../include/config.h \ + $(srcdir)/../include/db-config.h $(srcdir)/../include/db-int.h \ + $(srcdir)/../include/db-queue.h $(srcdir)/../include/db.h \ + $(srcdir)/../mpool/mpool.h extern.h rec_utils.c recno.h diff --git a/src/plugins/kdb/db2/libdb2/test/dbtest.c b/src/plugins/kdb/db2/libdb2/test/dbtest.c index d479f19677..b0aee708dc 100644 --- a/src/plugins/kdb/db2/libdb2/test/dbtest.c +++ b/src/plugins/kdb/db2/libdb2/test/dbtest.c @@ -163,7 +163,7 @@ main(argc, argv) p = getenv("TMPDIR"); if (p == NULL) p = "/var/tmp"; - (void)sprintf(buf, "%s/__dbtest", p); + (void)snprintf(buf, sizeof(buf), "%s/__dbtest", p); fname = buf; (void)unlink(buf); } else if (!sflag) diff --git a/src/plugins/kdb/db2/libdb2/test/deps b/src/plugins/kdb/db2/libdb2/test/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/plugins/kdb/db2/libdb2/test/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c index 6a3b432cb6..34397ecaa5 100644 --- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c +++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c @@ -82,7 +82,7 @@ main(argc, argv) #endif info.lorder = 0; if (!(db = dbopen("bigtest", O_RDWR | O_CREAT | O_BINARY, 0644, DB_HASH, &info))) { - sprintf(buf, "dbopen: failed on file bigtest"); + snprintf(buf, sizeof(buf), "dbopen: failed on file bigtest"); perror(buf); exit(1); } @@ -96,10 +96,10 @@ main(argc, argv) content.size = 128 + (rand()&1023); /* printf("%d: Key size %d, data size %d\n", i, key.size, content.size); */ - sprintf(keybuf, "Key #%d", i); - sprintf(contentbuf, "Contents #%d", i); + snprintf(keybuf, sizeof(keybuf), "Key #%d", i); + snprintf(contentbuf, sizeof(contentbuf), "Contents #%d", i); if ((db->put)(db, &key, &content, R_NOOVERWRITE)) { - sprintf(buf, "dbm_store #%d", i); + snprintf(buf, sizeof(buf), "dbm_store #%d", i); perror(buf); } } diff --git a/src/plugins/kdb/ldap/Makefile.in b/src/plugins/kdb/ldap/Makefile.in index 9dadf64ad0..ae80287371 100644 --- a/src/plugins/kdb/ldap/Makefile.in +++ b/src/plugins/kdb/ldap/Makefile.in @@ -45,21 +45,3 @@ clean-unix:: clean-libs clean-libobjs @libnover_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -ldap_exp.so ldap_exp.po $(OUTPRE)ldap_exp.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - $(srcdir)/libkdb_ldap/kdb_ldap.h $(srcdir)/libkdb_ldap/ldap_krbcontainer.h \ - $(srcdir)/libkdb_ldap/ldap_principal.h $(srcdir)/libkdb_ldap/ldap_pwd_policy.h \ - $(srcdir)/libkdb_ldap/ldap_realm.h $(srcdir)/libkdb_ldap/ldap_tkt_policy.h \ - ldap_exp.c diff --git a/src/plugins/kdb/ldap/deps b/src/plugins/kdb/ldap/deps new file mode 100644 index 0000000000..4724bb22f9 --- /dev/null +++ b/src/plugins/kdb/ldap/deps @@ -0,0 +1,18 @@ +# +# Generated makefile dependencies follow. +# +ldap_exp.so ldap_exp.po $(OUTPRE)ldap_exp.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + $(srcdir)/libkdb_ldap/kdb_ldap.h $(srcdir)/libkdb_ldap/ldap_krbcontainer.h \ + $(srcdir)/libkdb_ldap/ldap_principal.h $(srcdir)/libkdb_ldap/ldap_pwd_policy.h \ + $(srcdir)/libkdb_ldap/ldap_realm.h $(srcdir)/libkdb_ldap/ldap_tkt_policy.h \ + ldap_exp.c diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in index 50b8ff452d..b53d4ea95f 100644 --- a/src/plugins/kdb/ldap/ldap_util/Makefile.in +++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in @@ -4,7 +4,7 @@ mydir=plugins/kdb/ldap/ldap_util BUILDTOP=$(REL)..$(S)..$(S)..$(S).. DEFINES = -DKDB4_DISABLE DEFS= -LOCALINCLUDES = -I. @KRB4_INCLUDES@ -I$(srcdir)/../libkdb_ldap -I$(SRCTOP)/lib/kdb +LOCALINCLUDES = -I. -I$(srcdir)/../libkdb_ldap -I$(SRCTOP)/lib/kdb PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR) #KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS) @@ -17,9 +17,9 @@ GETDATE = ../../../../kadmin/cli/getdate.o all:: $(PROG) -$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(GETDATE) +$(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE) $(CC_LINK) -o $(PROG) $(OBJS) $(GETDATE) \ - $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) install:: $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) diff --git a/src/plugins/kdb/ldap/ldap_util/deps b/src/plugins/kdb/ldap/ldap_util/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/plugins/kdb/ldap/ldap_util/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c index 972176cf22..e794e61592 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c @@ -874,8 +874,7 @@ static char *strdur(duration) minutes = duration / 60; duration %= 60; seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", - days, days == 1 ? "day" : "days", - hours, minutes, seconds); + snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + days, days == 1 ? "day" : "days", hours, minutes, seconds); return out; } diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index 83eb162867..c13d967108 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -87,6 +87,7 @@ #include #include #include +#include #include "kdb5_ldap_util.h" #include "kdb5_ldap_list.h" #include @@ -1991,7 +1992,7 @@ static char *strdur(duration) minutes = duration / 60; duration %= 60; seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", days, days == 1 ? "day" : "days", hours, minutes, seconds); return out; @@ -2004,7 +2005,7 @@ static char *strdur(duration) static void print_realm_params(krb5_ldap_realm_params *rparams, int mask) { char **slist = NULL; - int num_entry_printed = 0, i = 0; + unsigned int num_entry_printed = 0, i = 0; /* Print the Realm Attributes on the standard output */ printf("%25s: %-50s\n", "Realm Name", global_params.realm); diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c index 1260131201..9f7caa07e5 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c @@ -85,9 +85,11 @@ static int process_host_list(char **host_list, int servicetype) /* Parse for the protocol string and translate to number */ strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN); if (!strcmp(proto_str, "udp")) - sprintf (proto_str, "%d", PROTOCOL_NUM_UDP); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_NUM_UDP); else if (!strcmp(proto_str, "tcp")) - sprintf (proto_str, "%d", PROTOCOL_NUM_TCP); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_NUM_TCP); else proto_str[0] = '\0'; /* Make the string null if invalid */ @@ -109,27 +111,32 @@ static int process_host_list(char **host_list, int servicetype) and port values if they are absent or not matching */ if (servicetype == LDAP_KDC_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_KDC); if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_KDC); + snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_KDC); } else if (servicetype == LDAP_ADMIN_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_ADM); else if (strcmp(proto_str, "1")) { - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_ADM); /* Print warning message */ printf ("Admin Server supports only TCP protocol, hence setting that\n"); } if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_ADM); + snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_ADM); } else if (servicetype == LDAP_PASSWD_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_PWD); else if (strcmp(proto_str, "0")) { - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_PWD); /* Print warning message */ printf ("Password Server supports only UDP protocol, hence setting that\n"); @@ -1538,7 +1545,6 @@ kdb5_ldap_set_service_password(argc, argv) unsigned int passwd_len = 0; krb5_error_code errcode = -1; int retval = 0, i = 0; - unsigned int len = 0; krb5_boolean print_usage = FALSE; FILE *pfile = NULL; char *str = NULL; @@ -1667,23 +1673,17 @@ kdb5_ldap_set_service_password(argc, argv) memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1); passwd_len = MAX_SERVICE_PASSWD_LEN; - len = strlen(service_object); - /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */ - prompt1 = (char *)malloc(len + 20); - if (prompt1 == NULL) { + if (asprintf(&prompt1, "Password for \"%s\"", service_object) < 0) { com_err(me, ENOMEM, "while setting service object password"); goto cleanup; } - sprintf(prompt1, "Password for \"%s\"", service_object); - /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */ - prompt2 = (char *)malloc(len + 30); - if (prompt2 == NULL) { + if (asprintf(&prompt2, "Re-enter password for \"%s\"", + service_object) < 0) { com_err(me, ENOMEM, "while setting service object password"); free(prompt1); goto cleanup; } - sprintf(prompt2, "Re-enter password for \"%s\"", service_object); retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); free(prompt1); @@ -1718,19 +1718,15 @@ kdb5_ldap_set_service_password(argc, argv) goto cleanup; } /* Password = {HEX}: */ - encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) + - 1 + 5 + hex.length + 2); - if (encrypted_passwd.value == NULL) { + if (asprintf(&str, "%s#{HEX}%s\n", service_object, hex.data) < 0) { com_err(me, ENOMEM, "while setting service object password"); memset(passwd, 0, passwd_len); memset(hex.data, 0, hex.length); free(hex.data); goto cleanup; } - encrypted_passwd.value[strlen(service_object) + - 1 + 5 + hex.length + 1] = '\0'; - sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data); - encrypted_passwd.len = strlen((char *)encrypted_passwd.value); + encrypted_passwd.data = (unsigned char *)str; + encrypted_passwd.len = strlen(str); memset(hex.data, 0, hex.length); free(hex.data); } @@ -1806,12 +1802,10 @@ kdb5_ldap_set_service_password(argc, argv) mode_t omask; /* Create a new file with the extension .tmp */ - tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1)); - if (tmp_file == NULL) { + if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) { com_err(me, ENOMEM, "while setting service object password"); goto cleanup; } - sprintf(tmp_file,"%s.%s",file_name,"tmp"); omask = umask(077); newfile = fopen(tmp_file, "w+"); @@ -1832,7 +1826,6 @@ kdb5_ldap_set_service_password(argc, argv) goto cleanup; } } else { - len = strlen(line); if (fprintf(newfile, "%s", line) < 0) { com_err(me, errno, "Failed to write service object password to file"); fclose(newfile); @@ -1998,12 +1991,12 @@ done: /* size of prompt = strlen of servicedn + strlen("Password for \" \"") */ assert (sizeof (prompt1) > (strlen (service_object) + sizeof ("Password for \" \""))); - sprintf(prompt1, "Password for \"%s\"", service_object); + snprintf(prompt1, sizeof(prompt1), "Password for \"%s\"", service_object); /* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */ assert (sizeof (prompt2) > (strlen (service_object) + sizeof ("Re-enter Password for \" \""))); - sprintf(prompt2, "Re-enter password for \"%s\"", service_object); + snprintf(prompt2, sizeof(prompt2), "Re-enter password for \"%s\"", service_object); ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); if (ret != 0) { @@ -2082,13 +2075,11 @@ done: mode_t omask; /* Create a new file with the extension .tmp */ - tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1)); - if (tmp_file == NULL) { + if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) { com_err(me, ENOMEM, "while setting service object password"); fclose(pfile); goto cleanup; } - sprintf(tmp_file,"%s.%s",file_name,"tmp"); omask = umask(077); newfile = fopen(tmp_file, "w"); diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c index 9ed1f2dee4..33511af47b 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c @@ -104,7 +104,7 @@ krb5_boolean manual_mkey = FALSE; * This function prints the usage of kdb5_ldap_util, which is * the LDAP configuration utility. */ -void usage() +void usage(void) { fprintf(stderr, "Usage: " "kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n" @@ -420,7 +420,6 @@ int main(argc, argv) * we will print the help corresponding to the sub-command. */ if (print_help_message) { - char *cmd_name = cmd_argv[0]; free(cmd_argv); cmd_argv = NULL; usage(); diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h index a2b3bb802a..d27dd52471 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h @@ -63,10 +63,10 @@ extern char *progname; extern int exit_status; extern krb5_context util_context; -extern void usage(); +extern void usage(void); extern void db_usage(int); -#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(MAIN_HELP), NULL)) +#define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(db_usage(MAIN_HELP), NULL)) /* Following are the bitmaps that indicate which of the options among -D, -w, -h, -p & -t * were specified on the command line. diff --git a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in index b9b2425918..8479fb6fcb 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in +++ b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in @@ -84,245 +84,3 @@ clean-unix:: clean-liblinks clean-libobjs clean-libs @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -kdb_ldap.so kdb_ldap.po $(OUTPRE)kdb_ldap.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.c kdb_ldap.h ldap_err.h ldap_krbcontainer.h \ - ldap_misc.h ldap_realm.h ldap_services.h -kdb_ldap_conn.so kdb_ldap_conn.po $(OUTPRE)kdb_ldap_conn.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h kdb_ldap_conn.c ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_realm.h ldap_service_stash.h \ - ldap_services.h -ldap_realm.so ldap_realm.po $(OUTPRE)ldap_realm.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_principal.h ldap_pwd_policy.h \ - ldap_realm.c ldap_realm.h ldap_services.h ldap_tkt_policy.h -ldap_create.so ldap_create.po $(OUTPRE)ldap_create.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_create.c ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_principal.h ldap_realm.h \ - ldap_services.h ldap_tkt_policy.h -ldap_krbcontainer.so ldap_krbcontainer.po $(OUTPRE)ldap_krbcontainer.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.c \ - ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_realm.h \ - ldap_services.h -ldap_principal.so ldap_principal.po $(OUTPRE)ldap_principal.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_principal.c ldap_principal.h \ - ldap_realm.h ldap_services.h ldap_tkt_policy.h princ_xdr.h -ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_principal.h ldap_principal2.c \ - ldap_pwd_policy.h ldap_realm.h ldap_services.h ldap_tkt_policy.h \ - princ_xdr.h -ldap_pwd_policy.so ldap_pwd_policy.po $(OUTPRE)ldap_pwd_policy.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_pwd_policy.c ldap_pwd_policy.h \ - ldap_realm.h ldap_services.h -ldap_misc.so ldap_misc.po $(OUTPRE)ldap_misc.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_misc.c ldap_misc.h ldap_principal.h ldap_pwd_policy.h \ - ldap_realm.h ldap_services.h ldap_tkt_policy.h princ_xdr.h -ldap_handle.so ldap_handle.po $(OUTPRE)ldap_handle.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_handle.c ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_realm.h ldap_services.h -ldap_tkt_policy.so ldap_tkt_policy.po $(OUTPRE)ldap_tkt_policy.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_realm.h ldap_services.h \ - ldap_tkt_policy.c ldap_tkt_policy.h -ldap_services.so ldap_services.po $(OUTPRE)ldap_services.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_realm.h ldap_services.c \ - ldap_services.h -ldap_service_rights.so ldap_service_rights.po $(OUTPRE)ldap_service_rights.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_realm.h ldap_service_rights.c \ - ldap_services.h -princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_krbcontainer.h ldap_principal.h ldap_realm.h \ - ldap_tkt_policy.h princ_xdr.c princ_xdr.h -ldap_fetch_mkey.so ldap_fetch_mkey.po $(OUTPRE)ldap_fetch_mkey.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_fetch_mkey.c ldap_handle.h ldap_krbcontainer.h \ - ldap_main.h ldap_misc.h ldap_realm.h ldap_services.h -ldap_service_stash.so ldap_service_stash.po $(OUTPRE)ldap_service_stash.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ - kdb_ldap.h ldap_handle.h ldap_krbcontainer.h ldap_main.h \ - ldap_misc.h ldap_realm.h ldap_service_stash.c ldap_service_stash.h \ - ldap_services.h -kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdb_xdr.c kdb_xdr.h -ldap_err.so ldap_err.po $(OUTPRE)ldap_err.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ - ldap_err.c ldap_err.h diff --git a/src/plugins/kdb/ldap/libkdb_ldap/deps b/src/plugins/kdb/ldap/libkdb_ldap/deps new file mode 100644 index 0000000000..2c60dd2e9a --- /dev/null +++ b/src/plugins/kdb/ldap/libkdb_ldap/deps @@ -0,0 +1,271 @@ +# +# Generated makefile dependencies follow. +# +kdb_ldap.so kdb_ldap.po $(OUTPRE)kdb_ldap.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.c kdb_ldap.h ldap_err.h \ + ldap_krbcontainer.h ldap_misc.h ldap_realm.h ldap_services.h +kdb_ldap_conn.so kdb_ldap_conn.po $(OUTPRE)kdb_ldap_conn.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h kdb_ldap_conn.c ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_realm.h ldap_service_stash.h \ + ldap_services.h +ldap_realm.so ldap_realm.po $(OUTPRE)ldap_realm.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_principal.h ldap_pwd_policy.h \ + ldap_realm.c ldap_realm.h ldap_services.h ldap_tkt_policy.h +ldap_create.so ldap_create.po $(OUTPRE)ldap_create.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_create.c ldap_err.h ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_principal.h ldap_realm.h \ + ldap_services.h ldap_tkt_policy.h +ldap_krbcontainer.so ldap_krbcontainer.po $(OUTPRE)ldap_krbcontainer.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.c \ + ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_realm.h \ + ldap_services.h +ldap_principal.so ldap_principal.po $(OUTPRE)ldap_principal.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_principal.c ldap_principal.h \ + ldap_realm.h ldap_services.h ldap_tkt_policy.h princ_xdr.h +ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \ + ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_principal.h \ + ldap_principal2.c ldap_pwd_policy.h ldap_realm.h ldap_services.h \ + ldap_tkt_policy.h princ_xdr.h +ldap_pwd_policy.so ldap_pwd_policy.po $(OUTPRE)ldap_pwd_policy.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_pwd_policy.c ldap_pwd_policy.h \ + ldap_realm.h ldap_services.h +ldap_misc.so ldap_misc.po $(OUTPRE)ldap_misc.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ + ldap_misc.c ldap_misc.h ldap_principal.h ldap_pwd_policy.h \ + ldap_realm.h ldap_services.h ldap_tkt_policy.h princ_xdr.h +ldap_handle.so ldap_handle.po $(OUTPRE)ldap_handle.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_handle.c ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_realm.h ldap_services.h +ldap_tkt_policy.so ldap_tkt_policy.po $(OUTPRE)ldap_tkt_policy.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_realm.h ldap_services.h \ + ldap_tkt_policy.c ldap_tkt_policy.h +ldap_services.so ldap_services.po $(OUTPRE)ldap_services.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_realm.h ldap_services.c \ + ldap_services.h +ldap_service_rights.so ldap_service_rights.po $(OUTPRE)ldap_service_rights.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_realm.h ldap_service_rights.c \ + ldap_services.h +princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_krbcontainer.h \ + ldap_principal.h ldap_realm.h ldap_tkt_policy.h princ_xdr.c \ + princ_xdr.h +ldap_fetch_mkey.so ldap_fetch_mkey.po $(OUTPRE)ldap_fetch_mkey.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_fetch_mkey.c ldap_handle.h ldap_krbcontainer.h \ + ldap_main.h ldap_misc.h ldap_realm.h ldap_services.h +ldap_service_stash.so ldap_service_stash.po $(OUTPRE)ldap_service_stash.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \ + kdb_ldap.h ldap_handle.h ldap_krbcontainer.h ldap_main.h \ + ldap_misc.h ldap_realm.h ldap_service_stash.c ldap_service_stash.h \ + ldap_services.h +kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kdb_xdr.c kdb_xdr.h +ldap_err.so ldap_err.po $(OUTPRE)ldap_err.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + ldap_err.c ldap_err.h diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index d7f63d0a8c..08a87fe8e5 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -39,6 +39,10 @@ #include #include +#if defined(NEED_ISBLANK_PROTO) && !defined(isblank) +extern int isblank(); +#endif + krb5_error_code krb5_ldap_get_db_opt(char *input, char **opt, char **val) { @@ -389,32 +393,17 @@ krb5_error_code krb5_ldap_open(krb5_context context, goto clean_n_exit; } } else { - void *tmp=NULL; - char *oldstr = NULL; - unsigned int len=0; + char *newstr; - oldstr = strdup(ldap_context->root_certificate_file); - if (oldstr == NULL) { - free (opt); - free (val); - status = ENOMEM; - goto clean_n_exit; - } - - tmp = ldap_context->root_certificate_file; - len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val); - ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file, - len); - if (ldap_context->root_certificate_file == NULL) { - free (tmp); + if (asprintf(&newstr, "%s %s", + ldap_context->root_certificate_file, val) < 0) { free (opt); free (val); status = ENOMEM; goto clean_n_exit; } - memset(ldap_context->root_certificate_file, 0, len); - sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); - free (oldstr); + free(ldap_context->root_certificate_file); + ldap_context->root_certificate_file = newstr; } #endif } else { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index 918c6bcf32..74bf4b17e9 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -285,6 +285,10 @@ krb5_ldap_read_startup_information(krb5_context ); int has_sasl_external_mech(krb5_context, char *); +krb5_error_code +krb5_ldap_free_server_context_params(krb5_ldap_context *ldap_context); + + /* DAL functions */ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c index 08311e89ba..fdc5d10c77 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c @@ -212,7 +212,7 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context) server_info = ldap_context->server_info_list[cnt]; if (server_info->server_status == NOTSET) { - int conns=0; + unsigned int conns=0; /* * Check if the server has to perform certificate-based authentication diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index 02589b554a..c71d9e5fd2 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -198,32 +198,16 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args) goto cleanup; } } else { - void *tmp=NULL; - char *oldstr = NULL; - unsigned int len=0; + char *newstr; - oldstr = strdup(ldap_context->root_certificate_file); - if (oldstr == NULL) { + if (asprintf(&newstr, "%s %s", + ldap_context->root_certificate_file, val) < 0) { free (opt); free (val); status = ENOMEM; goto cleanup; } - - tmp = ldap_context->root_certificate_file; - len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val); - ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file, - len); - if (ldap_context->root_certificate_file == NULL) { - free (tmp); - free (opt); - free (val); - status = ENOMEM; - goto cleanup; - } - memset(ldap_context->root_certificate_file, 0, len); - sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); - free (oldstr); + ldap_context->root_certificate_file = newstr; } #endif } else { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index b864f4b6d8..79ca63472f 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -1499,7 +1499,7 @@ static inline char * format_d (int val) { char tmpbuf[2+3*sizeof(val)]; - sprintf(tmpbuf, "%d", val); + snprintf(tmpbuf, sizeof(tmpbuf), "%d", val); return strdup(tmpbuf); } @@ -1655,14 +1655,12 @@ krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr, goto cleanup; } - filter = (char *) malloc (strlen (refattr) + strlen (ptr) + 2); - if (filter == NULL) { + if (asprintf (&filter, "%s=%s", refattr, ptr) < 0) { + filter = NULL; st = ENOMEM; goto cleanup; } - sprintf (filter, "%s=%s", refattr, ptr); - if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h index 5fc969f46d..7177af6014 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h @@ -150,4 +150,6 @@ populate_krb5_db_entry(krb5_context context, krb5_const_principal princ, krb5_db_entry *entry); +int kldap_ensure_initialized (void); + #endif diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c index ef6786c68e..6625570efc 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -143,7 +143,7 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) krb5_db_entry entry; krb5_principal principal; char **subtree=NULL, *princ_name=NULL, *realm=NULL, **values=NULL, *filter=NULL; - unsigned int filterlen=0, tree=0, ntree=1, i=0; + unsigned int tree=0, ntree=1, i=0; krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL, *ent=NULL; @@ -174,11 +174,9 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) if (match_expr == NULL) match_expr = default_match_expr; - filterlen = strlen(FILTER) + strlen(match_expr) + 2 + 1; /* 2 for closing brackets */ - filter = malloc (filterlen); + if (asprintf(&filter, FILTER"%s))", match_expr) < 0) + filter = NULL; CHECK_NULL(filter); - memset(filter, 0, filterlen); - sprintf(filter, FILTER"%s))", match_expr); if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0) goto cleanup; @@ -256,7 +254,7 @@ krb5_ldap_delete_principal(context, searchfor, nentries) SETUP_CONTEXT(); /* get the principal info */ - if ((st=krb5_ldap_get_principal(context, searchfor, &entries, nentries, &more)) != 0 || *nentries == 0) + if ((st=krb5_ldap_get_principal(context, searchfor, 0, &entries, nentries, &more)) != 0 || *nentries == 0) goto cleanup; if (((st=krb5_get_princ_type(context, &entries, &(ptype))) != 0) || @@ -385,52 +383,17 @@ cleanup: krb5_error_code krb5_ldap_unparse_principal_name(char *user_name) { - char *tmp_princ_name=NULL, *princ_name=NULL, *tmp=NULL; - int l=0; - krb5_error_code st=0; + char *in, *out; - if (strstr(user_name, "\\@")) { - - tmp_princ_name = strdup(user_name); - if (!tmp_princ_name) { - st = ENOMEM; - goto cleanup; - } - tmp = tmp_princ_name; - - princ_name = (char *) malloc (strlen(user_name)); - if (!princ_name) { - st = ENOMEM; - goto cleanup; - } - memset(princ_name, 0, strlen(user_name)); - - l = 0; - while (*tmp_princ_name) { - if ((*tmp_princ_name == '\\') && (*(tmp_princ_name+1) == '@')) { - tmp_princ_name += 1; - } else { - *(princ_name + l) = *tmp_princ_name++; - l++; - } - } - - memset(user_name, 0, strlen(user_name)); - sprintf(user_name, "%s", princ_name); + out = user_name; + for (in = user_name; *in; in++) { + if (*in == '\\' && *(in + 1) == '@') + continue; + *out++ = *in; } + *out = '\0'; -cleanup: - if (tmp) { - free(tmp); - tmp = NULL; - } - - if (princ_name) { - free(princ_name); - princ_name = NULL; - } - - return st; + return 0; } @@ -452,62 +415,25 @@ krb5_ldap_parse_principal_name(i_princ_name, o_princ_name) char *i_princ_name; char **o_princ_name; { - char *tmp_princ_name = NULL, *princ_name = NULL, *at_rlm_name = NULL; - int l = 0, m = 0, tmp_princ_name_len = 0, princ_name_len = 0, at_count = 0; - krb5_error_code st = 0; + const char *at_rlm_name, *p; + struct k5buf buf; at_rlm_name = strrchr(i_princ_name, '@'); - if (!at_rlm_name) { *o_princ_name = strdup(i_princ_name); - if (!o_princ_name) { - st = ENOMEM; - goto cleanup; - } + if (!o_princ_name) + return ENOMEM; } else { - tmp_princ_name_len = at_rlm_name - i_princ_name; - - tmp_princ_name = (char *) malloc ((unsigned) tmp_princ_name_len + 1); - if (!tmp_princ_name) { - st = ENOMEM; - goto cleanup; - } - memset(tmp_princ_name, 0, (unsigned) tmp_princ_name_len + 1); - memcpy(tmp_princ_name, i_princ_name, (unsigned) tmp_princ_name_len); - - l = 0; - while (tmp_princ_name[l]) { - if (tmp_princ_name[l++] == '@') - at_count++; - } - - princ_name_len = strlen(i_princ_name) + at_count + 1; - princ_name = (char *) malloc ((unsigned) princ_name_len); - if (!princ_name) { - st = ENOMEM; - goto cleanup; - } - memset(princ_name, 0, (unsigned) princ_name_len); - - l = 0; - m = 0; - while (tmp_princ_name[l]) { - if (tmp_princ_name[l] == '@') { - princ_name[m++]='\\'; - } - princ_name[m++]=tmp_princ_name[l++]; + krb5int_buf_init_dynamic(&buf); + for (p = i_princ_name; p < at_rlm_name; p++) { + if (*p == '@') + krb5int_buf_add(&buf, "\\"); + krb5int_buf_add_len(&buf, p, 1); } - strcat(princ_name, at_rlm_name); - - *o_princ_name = princ_name; + krb5int_buf_add(&buf, at_rlm_name); + *o_princ_name = krb5int_buf_data(&buf); + if (!*o_princ_name) + return ENOMEM; } - -cleanup: - - if (tmp_princ_name) { - free(tmp_princ_name); - tmp_princ_name = NULL; - } - - return st; + return 0; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h index ca8c80681c..18e2acc060 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h @@ -89,7 +89,7 @@ krb5_ldap_put_principal(krb5_context, krb5_db_entry *, int *, char **); krb5_error_code krb5_ldap_get_principal(krb5_context , krb5_const_principal , - krb5_db_entry *,int *, krb5_boolean *); + unsigned int, krb5_db_entry *,int *, krb5_boolean *); krb5_error_code krb5_ldap_delete_principal(krb5_context, krb5_const_principal, int *); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 7819ddd95d..561a65d99b 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -74,9 +74,10 @@ berval2tl_data(struct berval *in, krb5_tl_data **out) */ krb5_error_code -krb5_ldap_get_principal(context, searchfor, entries, nentries, more) +krb5_ldap_get_principal(context, searchfor, flags, entries, nentries, more) krb5_context context; krb5_const_principal searchfor; + unsigned int flags; krb5_db_entry *entries; /* filled in */ int *nentries; /* how much room/how many found */ krb5_boolean *more; /* are there more? */ @@ -319,13 +320,13 @@ cleanup: } krb5int_access accessor; -extern int kldap_ensure_initialized (void); static krb5_error_code asn1_encode_sequence_of_keys (krb5_key_data *key_data, krb5_int16 n_key_data, krb5_int32 mkvno, krb5_data **code) { krb5_error_code err; + ldap_seqof_key_data val; /* * This should be pushed back into other library initialization @@ -335,8 +336,11 @@ asn1_encode_sequence_of_keys (krb5_key_data *key_data, krb5_int16 n_key_data, if (err) return err; - return accessor.asn1_ldap_encode_sequence_of_keys(key_data, n_key_data, - mkvno, code); + val.key_data = key_data; + val.n_key_data = n_key_data; + val.mkvno = mkvno; + + return accessor.asn1_ldap_encode_sequence_of_keys(&val, code); } static krb5_error_code @@ -344,6 +348,7 @@ asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out, krb5_int16 *n_key_data, int *mkvno) { krb5_error_code err; + ldap_seqof_key_data *p; /* * This should be pushed back into other library initialization @@ -353,8 +358,14 @@ asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out, if (err) return err; - return accessor.asn1_ldap_decode_sequence_of_keys(in, out, n_key_data, - mkvno); + err = accessor.asn1_ldap_decode_sequence_of_keys(in, &p); + if (err) + return err; + *out = p->key_data; + *n_key_data = p->n_key_data; + *mkvno = p->mkvno; + free(p); + return 0; } @@ -614,7 +625,8 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) { int ost = st; st = EINVAL; - sprintf(errbuf, "'%s' not found: ", xargs.containerdn); + snprintf(errbuf, sizeof(errbuf), "'%s' not found: ", + xargs.containerdn); prepend_err_str(context, errbuf, st, ost); } goto cleanup; @@ -631,10 +643,10 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) } CHECK_NULL(subtree); - standalone_principal_dn = malloc(strlen("krbprincipalname=") + strlen(user) + strlen(",") + - strlen(subtree) + 1); + if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s", + user, subtree) < 0) + standalone_principal_dn = NULL; CHECK_NULL(standalone_principal_dn); - sprintf(standalone_principal_dn, "krbprincipalname=%s,%s", user, subtree); /* * free subtree when you are done using the subtree * set the boolean create_standalone_prinicipal to TRUE @@ -1062,7 +1074,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) /* a load operation must replace an existing entry */ st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL); if (st != LDAP_SUCCESS) { - sprintf(errbuf, "Principal delete failed (trying to replace entry): %s", + snprintf(errbuf, sizeof(errbuf), "Principal delete failed (trying to replace entry): %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, "%s", errbuf); @@ -1072,7 +1084,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) } } if (st != LDAP_SUCCESS) { - sprintf(errbuf, "Principal add failed: %s", ldap_err2string(st)); + snprintf(errbuf, sizeof(errbuf), "Principal add failed: %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; @@ -1109,7 +1121,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { - sprintf(errbuf, "User modification failed: %s", ldap_err2string(st)); + snprintf(errbuf, sizeof(errbuf), "User modification failed: %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c index 6f8b3efd89..94d461b29f 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c @@ -179,7 +179,7 @@ cleanup: return(st); } -krb5_error_code +static krb5_error_code populate_policy(krb5_context context, LDAP *ld, LDAPMessage *ent, @@ -209,7 +209,7 @@ cleanup: return st; } -krb5_error_code +static krb5_error_code krb5_ldap_get_password_policy_from_dn (krb5_context context, char *pol_name, char *pol_dn, diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 3ab49dbc1d..d41ffa329d 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -203,7 +203,7 @@ krb5_ldap_list_realm(context, realms) goto cleanup; } - *realms = calloc(count+1, sizeof (char *)); + *realms = calloc((unsigned int) count+1, sizeof (char *)); CHECK_NULL(*realms); for (ent = ldap_first_entry(ld, result), count = 0; ent != NULL; @@ -288,7 +288,7 @@ krb5_ldap_delete_realm (context, lrealm) assert (sizeof (filter) >= sizeof ("(krbprincipalname=)") + strlen (realm) + 2 /* "*@" */ + 1); - sprintf (filter, "(krbprincipalname=*@%s)", realm); + snprintf (filter, sizeof(filter), "(krbprincipalname=*@%s)", realm); free (realm); /* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */ @@ -297,7 +297,8 @@ krb5_ldap_delete_realm (context, lrealm) if ((st=krb5_get_subtree_info(&lcontext, &subtrees, &ntree)) != 0) goto cleanup; - result_arr = (LDAPMessage **) calloc(ntree+1, sizeof(LDAPMessage *)); + result_arr = (LDAPMessage **) calloc((unsigned int)ntree+1, + sizeof(LDAPMessage *)); if (result_arr == NULL) { st = ENOMEM; goto cleanup; @@ -642,8 +643,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldkdcservers[i]; ++i) if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf (errbuf, "Error removing 'krbRealmReferences' from %s: ", - oldkdcservers[i]); + snprintf (errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from %s: ", + oldkdcservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -653,8 +654,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newkdcservers[i]; ++i) if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf (errbuf, "Error adding 'krbRealmReferences' to %s: ", - newkdcservers[i]); + snprintf (errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newkdcservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -679,8 +680,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldadminservers[i]; ++i) if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error removing 'krbRealmReferences' from " - "%s: ", oldadminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from " + "%s: ", oldadminservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -690,8 +691,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newadminservers[i]; ++i) if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - newadminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newadminservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -715,8 +716,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldpasswdservers[i]; ++i) if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error removing 'krbRealmReferences' from " - "%s: ", oldpasswdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from " + "%s: ", oldpasswdservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -726,8 +727,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newpasswdservers[i]; ++i) if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - newpasswdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newpasswdservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -994,9 +995,10 @@ krb5_ldap_create_realm(context, rparams, mask) realm_name = rparams->realm_name; - dn = malloc(strlen("cn=") + strlen(realm_name) + strlen(ldap_context->krbcontainer->DN) + 2); + if (asprintf(&dn, "cn=%s,%s", realm_name, + ldap_context->krbcontainer->DN) < 0) + dn = NULL; CHECK_NULL(dn); - sprintf(dn, "cn=%s,%s", realm_name, ldap_context->krbcontainer->DN); strval[0] = realm_name; strval[1] = NULL; @@ -1135,8 +1137,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_KDCSERVERS) for (i=0; rparams->kdcservers[i]; ++i) if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->kdcservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->kdcservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1146,8 +1148,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_ADMINSERVERS) for (i=0; rparams->adminservers[i]; ++i) if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->adminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->adminservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1157,8 +1159,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_PASSWDSERVERS) for (i=0; rparams->passwdservers[i]; ++i) if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->passwdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->passwdservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1241,12 +1243,11 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask) krbcontDN = ldap_context->krbcontainer->DN; - rlparams->realmdn = (char *) malloc(strlen("cn=") + strlen(lrealm) + strlen(krbcontDN) + 2); - if (rlparams->realmdn == NULL) { + if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN) < 0) { + rlparams->realmdn = NULL; st = ENOMEM; goto cleanup; } - sprintf(rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN); /* populate the realm name in the structure */ rlparams->realm_name = strdup(lrealm); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c index aed6de8c4d..23bb3dbeb2 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c @@ -322,12 +322,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt for (i=0; strcmp(security_container[i][0], "") != 0; i++) { - seccontacls[0] = (char *)malloc(strlen(security_container[i][0]) + - strlen(serviceobjdn) + - strlen(security_container[i][1]) + 1); - - sprintf(seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn, - security_container[i][1]); + asprintf(&seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn, + security_container[i][1]); seccontclass.mod_values = seccontacls; seccontarr[0] = &seccontclass; @@ -351,10 +347,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt krbcontclass.mod_type = "ACL"; for (i=0; strcmp(kerberos_container[i][0], "") != 0; i++) { - krbcontacls[0] = (char *)malloc(strlen(kerberos_container[i][0]) + strlen(serviceobjdn) - + strlen(kerberos_container[i][1]) + 1); - sprintf(krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn, - kerberos_container[i][1]); + asprintf(&krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn, + kerberos_container[i][1]); krbcontclass.mod_values = krbcontacls; krbcontarr[0] = &krbcontclass; @@ -373,20 +367,15 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } /* Construct the realm dn from realm name */ - realmdn = (char *)malloc(strlen("cn=") + strlen(realmname) + - strlen(ldap_context->krbcontainer->DN) + 2); - sprintf(realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); + asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); realmclass.mod_op = LDAP_MOD_ADD; realmclass.mod_type = "ACL"; if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *)malloc(strlen(kdcrights_realmcontainer[i][0]) - + strlen(serviceobjdn) + - strlen(kdcrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, - kdcrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, + kdcrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -405,11 +394,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(adminrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, - adminrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, + adminrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -428,11 +414,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_realmcontainer[i][0], "")!=0; i++) { - realmacls[0] = (char *) malloc(strlen(pwdrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(pwdrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, - pwdrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, + pwdrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -462,11 +445,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(kdcrights_subtree[i][0]) + - strlen(serviceobjdn) + - strlen(kdcrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, - kdcrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, + kdcrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -488,11 +468,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(adminrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, - adminrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, + adminrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -514,11 +491,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *)malloc(strlen(pwdrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, - pwdrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, + pwdrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -632,21 +606,15 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s /* Set the rights for the realm */ if (mask & LDAP_REALM_RIGHTS) { - /* Construct the realm dn from realm name */ - realmdn = (char *) malloc(strlen("cn=") + strlen(realmname) + - strlen(ldap_context->krbcontainer->DN) + 2); - sprintf(realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); + asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); realmclass.mod_op=LDAP_MOD_DELETE; realmclass.mod_type="ACL"; if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(kdcrights_realmcontainer[i][0]) - + strlen(serviceobjdn) + - strlen(kdcrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, - kdcrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, + kdcrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -665,11 +633,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(adminrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, - adminrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, + adminrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -688,11 +653,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0]=(char *)malloc(strlen(pwdrights_realmcontainer[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, - pwdrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, + pwdrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -723,11 +685,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(kdcrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(kdcrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, - kdcrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, + kdcrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; @@ -748,11 +707,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(adminrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, - adminrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, + adminrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; @@ -773,11 +729,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *) malloc(strlen(pwdrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, - pwdrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, + pwdrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c index f95105678a..3c2fbacca8 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c @@ -125,16 +125,16 @@ krb5_ldap_readpassword(context, ldap_context, password) /* Check if the entry has the path of a certificate */ if (!strncmp(start, "{FILE}", strlen("{FILE}"))) { /* Set *password = {FILE}\0 */ - /*ptr = strchr(start, ':'); - if (ptr == NULL) { */ - *password = (unsigned char *)malloc(strlen(start) + 2); + size_t len = strlen(start); + + *password = (unsigned char *)malloc(len + 2); if (*password == NULL) { st = ENOMEM; goto rp_exit; } - (*password)[strlen(start) + 1] = '\0'; - (*password)[strlen(start)] = '\0'; - strcpy((char *)(*password), start); + memcpy((char *)(*password), start, len); + (*password)[len] = '\0'; + (*password)[len + 1] = '\0'; goto got_password; } else { CT.value = (unsigned char *)start; @@ -198,7 +198,7 @@ tohex(in, ret) ret->data[ret->length] = 0; for (i = 0; i < in.length; i++) - sprintf(ret->data + 2 * i, "%02x", in.data[i] & 0xff); + snprintf(ret->data + 2 * i, 3, "%02x", in.data[i] & 0xff); cleanup: diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c index 3bd5e90495..11f78efb1d 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c @@ -148,8 +148,9 @@ krb5_ldap_create_service(context, service, mask) for (i=0; service->krbrealmreferences[i]; ++i) { if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr, service->servicedn)) != 0) { - sprintf (errbuf, "Error adding 'krbRealmReferences' to %s: ", - service->krbrealmreferences[i]); + snprintf (errbuf, sizeof(errbuf), + "Error adding 'krbRealmReferences' to %s: ", + service->krbrealmreferences[i]); prepend_err_str (context, errbuf, st, st); /* delete service object, status ignored intentionally */ ldap_delete_ext_s(ld, service->servicedn, NULL, NULL); diff --git a/src/plugins/locate/python/Makefile.in b/src/plugins/locate/python/Makefile.in index ab369919b9..175bf6ef0d 100644 --- a/src/plugins/locate/python/Makefile.in +++ b/src/plugins/locate/python/Makefile.in @@ -11,7 +11,7 @@ RELDIR=../plugins/locate/python MODULE_INSTALL_DIR = $(KRB5_LIBKRB5_MODULE_DIR) SHLIB_EXPDEPS= $(KRB5_DEPLIB) $(SUPPORT_DEPLIB) -SHLIB_EXPLIBS= -lpython2.3 $(KRB5_LIB) $(SUPPORT_LIB) +SHLIB_EXPLIBS= @PYTHON_LIB@ $(KRB5_LIB) $(SUPPORT_LIB) SHLIB_DIRS=-L$(TOPLIBD) SHLIB_RDIRS=$(KRB5_LIBDIR) @@ -28,14 +28,3 @@ clean-unix:: clean-libs clean-libobjs @libnover_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -py-locate.so py-locate.po $(OUTPRE)py-locate.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - py-locate.c diff --git a/src/plugins/locate/python/deps b/src/plugins/locate/python/deps new file mode 100644 index 0000000000..11624e9daa --- /dev/null +++ b/src/plugins/locate/python/deps @@ -0,0 +1,9 @@ +# +# Generated makefile dependencies follow. +# +py-locate.so py-locate.po $(OUTPRE)py-locate.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + py-locate.c diff --git a/src/plugins/locate/python/py-locate.c b/src/plugins/locate/python/py-locate.c index 4e99612650..5167230a00 100644 --- a/src/plugins/locate/python/py-locate.c +++ b/src/plugins/locate/python/py-locate.c @@ -66,6 +66,8 @@ #include #elif HAVE_PYTHON2_3_PYTHON_H #include +#elif HAVE_PYTHON2_5_PYTHON_H +#include #else #error "Where's the Python header file?" #endif @@ -261,7 +263,7 @@ lookup (void *blob, enum locate_service_type svc, const char *realm, if (PyString_Check (field)) { portstr = PyString_AsString (field); } else if (PyInt_Check (field)) { - sprintf(portbuf, "%ld", PyInt_AsLong (field)); + snprintf(portbuf, sizeof(portbuf), "%ld", PyInt_AsLong (field)); portstr = portbuf; } else { krb5_set_error_message(blob, -1, diff --git a/src/plugins/preauth/cksum_body/Makefile.in b/src/plugins/preauth/cksum_body/Makefile.in index ae79f82197..ba91e9a2ab 100644 --- a/src/plugins/preauth/cksum_body/Makefile.in +++ b/src/plugins/preauth/cksum_body/Makefile.in @@ -39,12 +39,3 @@ clean:: @libnover_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -cksum_body_main.so cksum_body_main.po $(OUTPRE)cksum_body_main.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/preauth_plugin.h \ - cksum_body_main.c diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c index 66b1620b42..5239513515 100644 --- a/src/plugins/preauth/cksum_body/cksum_body_main.c +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c @@ -535,8 +535,9 @@ server_verify(krb5_context kcontext, my_authz_data[0]->ad_type = 1; my_authz_data[0]->length = AD_ALLOC_SIZE; memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header)); - sprintf(my_authz_data[0]->contents + sizeof(ad_header), - "cksum authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); + snprintf(my_authz_data[0]->contents + sizeof(ad_header), + AD_ALLOC_SIZE - sizeof(ad_header), + "cksum authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); *authz_data = my_authz_data; #ifdef DEBUG fprintf(stderr, "Returning %d bytes of authorization data\n", diff --git a/src/plugins/preauth/cksum_body/deps b/src/plugins/preauth/cksum_body/deps new file mode 100644 index 0000000000..3300d76695 --- /dev/null +++ b/src/plugins/preauth/cksum_body/deps @@ -0,0 +1,7 @@ +# +# Generated makefile dependencies follow. +# +cksum_body_main.so cksum_body_main.po $(OUTPRE)cksum_body_main.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/preauth_plugin.h \ + cksum_body_main.c diff --git a/src/plugins/preauth/pkinit/Makefile.in b/src/plugins/preauth/pkinit/Makefile.in index d5fcc82a67..f066454cab 100644 --- a/src/plugins/preauth/pkinit/Makefile.in +++ b/src/plugins/preauth/pkinit/Makefile.in @@ -56,54 +56,3 @@ clean:: @libnover_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -pkinit_accessor.so pkinit_accessor.po $(OUTPRE)pkinit_accessor.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h pkinit_accessor.c \ - pkinit_accessor.h -pkinit_srv.so pkinit_srv.po $(OUTPRE)pkinit_srv.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_srv.c -pkinit_lib.so pkinit_lib.po $(OUTPRE)pkinit_lib.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_lib.c -pkinit_clnt.so pkinit_clnt.po $(OUTPRE)pkinit_clnt.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_clnt.c pkinit_crypto.h -pkinit_profile.so pkinit_profile.po $(OUTPRE)pkinit_profile.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h pkinit.h pkinit_accessor.h \ - pkinit_crypto.h pkinit_profile.c -pkinit_identity.so pkinit_identity.po $(OUTPRE)pkinit_identity.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_identity.c -pkinit_matching.so pkinit_matching.po $(OUTPRE)pkinit_matching.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h pkinit.h pkinit_accessor.h \ - pkinit_crypto.h pkinit_matching.c -pkinit_crypto_openssl.so pkinit_crypto_openssl.po $(OUTPRE)pkinit_crypto_openssl.$(OBJEXT): \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_crypto_openssl.c \ - pkinit_crypto_openssl.h diff --git a/src/plugins/preauth/pkinit/deps b/src/plugins/preauth/pkinit/deps new file mode 100644 index 0000000000..177ef4dccf --- /dev/null +++ b/src/plugins/preauth/pkinit/deps @@ -0,0 +1,57 @@ +# +# Generated makefile dependencies follow. +# +pkinit_accessor.so pkinit_accessor.po $(OUTPRE)pkinit_accessor.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h pkinit_accessor.c \ + pkinit_accessor.h +pkinit_srv.so pkinit_srv.po $(OUTPRE)pkinit_srv.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \ + pkinit_srv.c +pkinit_lib.so pkinit_lib.po $(OUTPRE)pkinit_lib.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_lib.c +pkinit_clnt.so pkinit_clnt.po $(OUTPRE)pkinit_clnt.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + pkcs11.h pkinit.h pkinit_accessor.h pkinit_clnt.c pkinit_crypto.h +pkinit_profile.so pkinit_profile.po $(OUTPRE)pkinit_profile.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_profile.c +pkinit_identity.so pkinit_identity.po $(OUTPRE)pkinit_identity.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \ + pkinit_identity.c +pkinit_matching.so pkinit_matching.po $(OUTPRE)pkinit_matching.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_matching.c +pkinit_crypto_openssl.so pkinit_crypto_openssl.po $(OUTPRE)pkinit_crypto_openssl.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_crypto_openssl.c \ + pkinit_crypto_openssl.h diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 2ab23b03a4..15bbbb85c0 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -3200,6 +3200,7 @@ pkinit_login(krb5_context context, { krb5_data rdat; char *prompt; + const char *warning; krb5_prompt kprompt; krb5_prompt_type prompt_type; int r = 0; @@ -3208,15 +3209,17 @@ pkinit_login(krb5_context context, rdat.data = NULL; rdat.length = 0; } else { - if ((prompt = (char *) malloc(sizeof (tip->label) + 32)) == NULL) - return ENOMEM; - sprintf(prompt, "%.*s PIN", sizeof (tip->label), tip->label); if (tip->flags & CKF_USER_PIN_LOCKED) - strcat(prompt, " (Warning: PIN locked)"); + warning = " (Warning: PIN locked)"; else if (tip->flags & CKF_USER_PIN_FINAL_TRY) - strcat(prompt, " (Warning: PIN final try)"); + warning = " (Warning: PIN final try)"; else if (tip->flags & CKF_USER_PIN_COUNT_LOW) - strcat(prompt, " (Warning: PIN count low)"); + warning = " (Warning: PIN count low)"; + else + warning = ""; + if (asprintf(&prompt, "%.*s PIN%s", (int) sizeof (tip->label), + tip->label, warning) < 0) + return ENOMEM; rdat.data = (char *)malloc(tip->ulMaxPinLen + 2); rdat.length = tip->ulMaxPinLen + 1; @@ -5610,6 +5613,6 @@ pkinit_pkcs11_code_to_text(int err) break; if (pkcs11_errstrings[i].text != NULL) return (pkcs11_errstrings[i].text); - sprintf(uc, "unknown code 0x%x", err); + snprintf(uc, sizeof(uc), "unknown code 0x%x", err); return (uc); } diff --git a/src/plugins/preauth/pkinit/pkinit_profile.c b/src/plugins/preauth/pkinit/pkinit_profile.c index 403068a7d1..1f7045aca8 100644 --- a/src/plugins/preauth/pkinit/pkinit_profile.c +++ b/src/plugins/preauth/pkinit/pkinit_profile.c @@ -161,11 +161,9 @@ pkinit_kdcdefault_string(krb5_context context, const char *realmname, if (values[0] == NULL) { retval = ENOENT; } else { - *ret_value = malloc(strlen(values[0]) + 1); + *ret_value = strdup(values[0]); if (*ret_value == NULL) retval = ENOMEM; - else - strcpy(*ret_value, values[0]); } profile_free_list(values); @@ -321,11 +319,9 @@ pkinit_libdefault_string(krb5_context context, const krb5_data *realm, if (values[0] == NULL) { retval = ENOENT; } else { - *ret_value = malloc(strlen(values[0]) + 1); + *ret_value = strdup(values[0]); if (*ret_value == NULL) retval = ENOMEM; - else - strcpy(*ret_value, values[0]); } profile_free_list(values); diff --git a/src/plugins/preauth/wpse/Makefile.in b/src/plugins/preauth/wpse/Makefile.in index efb054177d..d69a110e97 100644 --- a/src/plugins/preauth/wpse/Makefile.in +++ b/src/plugins/preauth/wpse/Makefile.in @@ -39,12 +39,3 @@ clean:: @libnover_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -wpse_main.so wpse_main.po $(OUTPRE)wpse_main.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/preauth_plugin.h \ - wpse_main.c diff --git a/src/plugins/preauth/wpse/deps b/src/plugins/preauth/wpse/deps new file mode 100644 index 0000000000..e84ae7ab84 --- /dev/null +++ b/src/plugins/preauth/wpse/deps @@ -0,0 +1,7 @@ +# +# Generated makefile dependencies follow. +# +wpse_main.so wpse_main.po $(OUTPRE)wpse_main.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/preauth_plugin.h \ + wpse_main.c diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c index 22dfd13220..655f2b9496 100644 --- a/src/plugins/preauth/wpse/wpse_main.c +++ b/src/plugins/preauth/wpse/wpse_main.c @@ -333,8 +333,9 @@ server_verify(krb5_context kcontext, my_authz_data[0]->ad_type = 1; my_authz_data[0]->length = AD_ALLOC_SIZE; memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header)); - sprintf(my_authz_data[0]->contents + sizeof(ad_header), - "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); + snprintf(my_authz_data[0]->contents + sizeof(ad_header), + AD_ALLOC_SIZE - sizeof(ad_header), + "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); *authz_data = my_authz_data; #ifdef DEBUG fprintf(stderr, "Returning %d bytes of authorization data\n", diff --git a/src/slave/Makefile.in b/src/slave/Makefile.in index f2be88dd50..6ff3c71739 100644 --- a/src/slave/Makefile.in +++ b/src/slave/Makefile.in @@ -38,68 +38,8 @@ install:: done clean:: - $(RM) $(CLIENTOBJS) $(SERVEROBJS) + $(RM) $(CLIENTOBJS) $(SERVEROBJS) $(LOGOBJS) clean:: - $(RM) kprop kpropd + $(RM) kprop kpropd kproplog -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kprop.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kprop.c kprop.h -$(OUTPRE)kpropd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kprop.h kpropd.c -$(OUTPRE)kpropd_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ - kpropd_rpc.c -$(OUTPRE)kproplog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ - $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ - $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ - $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ - $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - kproplog.c diff --git a/src/slave/deps b/src/slave/deps new file mode 100644 index 0000000000..059692e377 --- /dev/null +++ b/src/slave/deps @@ -0,0 +1,59 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kprop.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kprop.c kprop.h +$(OUTPRE)kpropd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kprop.h kpropd.c +$(OUTPRE)kpropd_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \ + kpropd_rpc.c +$(OUTPRE)kproplog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ + $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kproplog.c diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 164f8aeb8f..5f68f29e8e 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -241,7 +241,7 @@ void get_tickets(context) * Initialize cache file which we're going to be using */ (void) mktemp(tkstring); - sprintf(buf, "FILE:%s", tkstring); + snprintf(buf, sizeof(buf), "FILE:%s", tkstring); retval = krb5_cc_resolve(context, buf, &ccache); if (retval) { @@ -337,7 +337,7 @@ open_connection(host, fd, Errmsg, ErrmsgSz) hp = gethostbyname(host); if (hp == NULL) { - (void) sprintf(Errmsg, "%s: unknown host", host); + (void) snprintf(Errmsg, ErrmsgSz, "%s: unknown host", host); *fd = -1; return(0); } @@ -355,13 +355,13 @@ open_connection(host, fd, Errmsg, ErrmsgSz) s = socket(AF_INET, SOCK_STREAM, 0); if (s < 0) { - (void) sprintf(Errmsg, "in call to socket"); + (void) snprintf(Errmsg, ErrmsgSz, "in call to socket"); return(errno); } if (connect(s, (struct sockaddr *)&my_sin, sizeof my_sin) < 0) { retval = errno; close(s); - (void) sprintf(Errmsg, "in call to connect"); + (void) snprintf(Errmsg, ErrmsgSz, "in call to connect"); return(retval); } *fd = s; @@ -379,7 +379,7 @@ open_connection(host, fd, Errmsg, ErrmsgSz) if (getsockname(s, (struct sockaddr *)&my_sin, &socket_length) < 0) { retval = errno; close(s); - (void) sprintf(Errmsg, "in call to getsockname"); + (void) snprintf(Errmsg, ErrmsgSz, "in call to getsockname"); return(retval); } sender_addr.addrtype = ADDRTYPE_INET; @@ -492,13 +492,10 @@ open_database(context, data_fn, size) data_fn); exit(1); } - if ((data_ok_fn = (char *) malloc(strlen(data_fn)+strlen(ok)+1)) - == NULL) { + if (asprintf(&data_ok_fn, "%s%s", data_fn, ok) < 0) { com_err(progname, ENOMEM, "while trying to malloc data_ok_fn"); exit(1); } - strcpy(data_ok_fn, data_fn); - strcat(data_ok_fn, ok); if (stat(data_ok_fn, &stbuf_ok)) { com_err(progname, errno, "while trying to stat %s", data_ok_fn); @@ -600,7 +597,7 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, retval = krb5_mk_priv(context, auth_context, &inbuf, &outbuf, NULL); if (retval) { - sprintf(buf, + snprintf(buf, sizeof(buf), "while encoding database block starting at %d", sent_size); com_err(progname, retval, buf); @@ -711,9 +708,8 @@ send_error(context, my_creds, fd, err_text, err_code) else text = error_message(err_code); error.text.length = strlen(text) + 1; - error.text.data = malloc((unsigned int) error.text.length); + error.text.data = strdup(text); if (error.text.data) { - strcpy(error.text.data, text); if (!krb5_mk_error(context, &error, &outbuf)) { (void) krb5_write_message(context, (void *)&fd,&outbuf); krb5_free_data_contents(context, &outbuf); @@ -731,17 +727,12 @@ void update_last_prop_file(hostname, file_name) int fd; static char last_prop[]=".last_prop"; - if ((file_last_prop = (char *)malloc(strlen(file_name) + - strlen(hostname) + 1 + - strlen(last_prop) + 1)) == NULL) { + if (asprintf(&file_last_prop, "%s.%s%s", file_name, hostname, + last_prop) < 0) { com_err(progname, ENOMEM, "while allocating filename for update_last_prop_file"); return; } - strcpy(file_last_prop, file_name); - strcat(file_last_prop, "."); - strcat(file_last_prop, hostname); - strcat(file_last_prop, last_prop); if ((fd = THREEPARAMOPEN(file_last_prop, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { com_err(progname, errno, "while creating 'last_prop' file, '%s'", diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c index fd46819a18..ba63d5847d 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -98,10 +98,16 @@ extern int daemon(int, int); #endif #define SYSLOG_CLASS LOG_DAEMON +#define INITIAL_TIMER 10 char *def_realm = NULL; int runonce = 0; +/* + * Global fd to close upon alarm time-out. + */ +volatile int gfd = -1; + /* * This struct simulates the use of _kadm5_server_handle_t * @@ -243,6 +249,14 @@ main(argc, argv) exit(ret); } +static void resync_alarm(int sn) +{ + close (gfd); + if (debug) + fprintf(stderr, _("resync_alarm: closing fd: %d\n"), gfd); + gfd = -1; +} + int do_standalone(iprop_role iproprole) { struct sockaddr_in my_sin, frominet; @@ -250,6 +264,12 @@ int do_standalone(iprop_role iproprole) int finet, s; GETPEERNAME_ARG3_TYPE fromlen; int ret; + /* + * Timer for accept/read calls, in case of network type errors. + */ + int backoff_timer = INITIAL_TIMER; + +retry: finet = socket(AF_INET, SOCK_STREAM, 0); if (finet < 0) { @@ -281,13 +301,30 @@ int do_standalone(iprop_role iproprole) if (setsockopt(finet, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on)) < 0) com_err(progname, errno, - _("in setsockopt(SO_REUSEADDR)")); + _("while setting socket option (SO_REUSEADDR)")); linger.l_onoff = 1; linger.l_linger = 2; if (setsockopt(finet, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger)) < 0) com_err(progname, errno, - _("in setsockopt(SO_LINGER)")); + _("while setting socket option (SO_LINGER)")); + /* + * We also want to set a timer so that the slave is not waiting + * until infinity for an update from the master. + */ + gfd = finet; + signal(SIGALRM, resync_alarm); + if (debug) { + fprintf(stderr, "do_standalone: setting resync alarm to %d\n", + backoff_timer); + } + if (alarm(backoff_timer) != 0) { + if (debug) { + fprintf(stderr, + _("%s: alarm already set\n"), progname); + } + } + backoff_timer *= 2; } if ((ret = bind(finet, (struct sockaddr *) &my_sin, sizeof(my_sin))) < 0) { if (debug) { @@ -331,11 +368,30 @@ int do_standalone(iprop_role iproprole) s = accept(finet, (struct sockaddr *) &frominet, &fromlen); if (s < 0) { - if (errno != EINTR) - com_err(progname, errno, - "from accept system call"); - continue; + int e = errno; + if (e != EINTR) { + com_err(progname, e, + _("while accepting connection")); + if (e != EBADF) + backoff_timer = INITIAL_TIMER; + } + /* + * If we got EBADF, an alarm signal handler closed + * the file descriptor on us. + */ + if (e != EBADF) + close(finet); + /* + * An alarm could have been set and the fd closed, we + * should retry in case of transient network error for + * up to a couple of minutes. + */ + if (backoff_timer > 120) + return EINTR; + goto retry; } + alarm(0); + gfd = -1; if (debug && iproprole != IPROP_SLAVE) child_pid = 0; else @@ -351,10 +407,18 @@ int do_standalone(iprop_role iproprole) close(s); _exit(0); default: + /* + * Errors should not be considered fatal in the + * iprop case as we could have transient type + * errors, such as network outage, etc. Sleeping + * 3s for 2s linger interval. + */ if (wait(&status) < 0) { com_err(progname, errno, _("while waiting to receive database")); - exit(1); + if (iproprole != IPROP_SLAVE) + exit(1); + sleep(3); } close(s); @@ -384,6 +448,23 @@ void doit(fd) krb5_enctype etype; int database_fd; + if (kpropd_context->kdblog_context && + kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) { + /* + * We also want to set a timer so that the slave is not waiting + * until infinity for an update from the master. + */ + if (debug) + fprintf(stderr, "doit: setting resync alarm to 5s\n"); + signal(SIGALRM, resync_alarm); + gfd = fd; + if (alarm(INITIAL_TIMER) != 0) { + if (debug) { + fprintf(stderr, + _("%s: alarm already set\n"), progname); + } + } + } fromlen = sizeof (from); if (getpeername(fd, (struct sockaddr *) &from, &fromlen) < 0) { #ifdef ENOTSOCK @@ -423,6 +504,12 @@ void doit(fd) */ kerberos_authenticate(kpropd_context, fd, &client, &etype, from); + /* + * Turn off alarm upon successful authentication from master. + */ + alarm(0); + gfd = -1; + if (!authorized_principal(kpropd_context, client, etype)) { char *name; @@ -512,7 +599,6 @@ krb5_error_code do_iprop(kdb_log_context *log_ctx) void *server_handle = NULL; char *iprop_svc_princstr = NULL; char *master_svc_princstr = NULL; - char *keytab_name = NULL; unsigned int pollin, backoff_time; int backoff_cnt = 0; int reinit_cnt = 0; @@ -553,8 +639,9 @@ krb5_error_code do_iprop(kdb_log_context *log_ctx) params.realm = def_realm; if (master_svc_princstr == NULL) { - if (retval = kadm5_get_kiprop_host_srv_name(kpropd_context, - def_realm, &master_svc_princstr)) { + if ((retval = kadm5_get_kiprop_host_srv_name(kpropd_context, + def_realm, + &master_svc_princstr))) { com_err(progname, retval, _("%s: unable to get kiprop host based " "service name for realm %s\n"), @@ -566,7 +653,7 @@ krb5_error_code do_iprop(kdb_log_context *log_ctx) /* * Set cc to the default credentials cache */ - if (retval = krb5_cc_default(kpropd_context, &cc)) { + if ((retval = krb5_cc_default(kpropd_context, &cc))) { com_err(progname, retval, _("while opening default " "credentials cache")); @@ -596,8 +683,8 @@ krb5_error_code do_iprop(kdb_log_context *log_ctx) } /* XXX Memory leak: Old r->data value. */ } - if (retval = krb5_unparse_name(kpropd_context, iprop_svc_principal, - &iprop_svc_princstr)) { + if ((retval = krb5_unparse_name(kpropd_context, iprop_svc_principal, + &iprop_svc_princstr))) { com_err(progname, retval, _("while canonicalizing principal name")); krb5_free_principal(kpropd_context, iprop_svc_principal); @@ -609,7 +696,7 @@ reinit: /* * Authentication, initialize rpcsec_gss handle etc. */ - retval = kadm5_init_with_skey(iprop_svc_princstr, keytab_name, + retval = kadm5_init_with_skey(iprop_svc_princstr, srvtab, master_svc_princstr, ¶ms, KADM5_STRUCT_VERSION, @@ -725,10 +812,6 @@ reinit: * the full dump */ ret = do_standalone(log_ctx->iproprole); - if (ret) - syslog(LOG_WARNING, - _("kpropd: Full resync, " - "invalid return.")); if (debug) { if (ret) fprintf(stderr, @@ -739,7 +822,13 @@ reinit: _("Full resync " "was successful\n")); } - frdone = 1; + if (ret) { + syslog(LOG_WARNING, + _("kpropd: Full resync, invalid return.")); + frdone = 0; + backoff_cnt++; + } else + frdone = 1; break; case UPDATE_BUSY: @@ -783,9 +872,12 @@ reinit: db_args); if (retval) { - syslog(LOG_ERR, _("kpropd: ulog_replay" - " failed, updates not registered.")); - break; + char *msg = krb5_get_error_message(kpropd_context, + retval); + syslog(LOG_ERR, + _("kpropd: ulog_replay failed (%s), updates not registered."), msg); + krb5_free_error_message(kpropd_context, msg); + break; } if (debug) @@ -860,7 +952,7 @@ done: free(iprop_svc_princstr); if (master_svc_princstr) free(master_svc_princstr); - if (retval = krb5_cc_close(kpropd_context, cc)) { + if ((retval = krb5_cc_close(kpropd_context, cc))) { com_err(progname, retval, _("while closing default ccache")); exit(1); @@ -894,23 +986,21 @@ unsigned int backoff_from_master(int *cnt) { return (btime); } - -static char * -copy_leading_substring(char *src, size_t len) -{ - char *result; - result = malloc((len + 1) * sizeof(char)); - (void) strncpy(result, src, len+1); - result[len] = 0; - return result; -} +static void +kpropd_com_err_proc(const char *whoami, + long code, + const char *fmt, + va_list args) +#if !defined(__cplusplus) && (__GNUC__ > 2) + __attribute__((__format__(__printf__, 3, 0))) +#endif + ; static void -kpropd_com_err_proc(whoami, code, fmt, args) - const char *whoami; - long code; - const char *fmt; - va_list args; +kpropd_com_err_proc(const char *whoami, + long code, + const char *fmt, + va_list args) { char error_buf[8096]; @@ -1082,14 +1172,11 @@ void PRS(argv) /* * Construct the name of the temporary file. */ - if ((temp_file_name = (char *) malloc(strlen(file) + - strlen(tmp) + 1)) == NULL) { + if (asprintf(&temp_file_name, "%s%s", file, tmp) < 0) { com_err(progname, ENOMEM, "while allocating filename for temp file"); exit(1); } - strcpy(temp_file_name, file); - strcat(temp_file_name, tmp); retval = kadm5_get_config_params(kpropd_context, 1, ¶ms, ¶ms); if (retval) { @@ -1346,7 +1433,7 @@ recv_database(context, fd, database_fd, confmsg) while (received_size < database_size) { retval = krb5_read_message(context, (void *) &fd, &inbuf); if (retval) { - sprintf(buf, + snprintf(buf, sizeof(buf), "while reading database block starting at offset %d", received_size); com_err(progname, retval, buf); @@ -1358,7 +1445,7 @@ recv_database(context, fd, database_fd, confmsg) retval = krb5_rd_priv(context, auth_context, &inbuf, &outbuf, NULL); if (retval) { - sprintf(buf, + snprintf(buf, sizeof(buf), "while decoding database block starting at offset %d", received_size); com_err(progname, retval, buf); @@ -1370,12 +1457,12 @@ recv_database(context, fd, database_fd, confmsg) krb5_free_data_contents(context, &inbuf); krb5_free_data_contents(context, &outbuf); if (n < 0) { - sprintf(buf, + snprintf(buf, sizeof(buf), "while writing database block starting at offset %d", received_size); send_error(context, fd, errno, buf); } else if (n != outbuf.length) { - sprintf(buf, + snprintf(buf, sizeof(buf), "incomplete write while writing database block starting at \noffset %d (%d written, %d expected)", received_size, n, outbuf.length); send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); @@ -1386,7 +1473,7 @@ recv_database(context, fd, database_fd, confmsg) * OK, we've seen the entire file. Did we get too many bytes? */ if (received_size > database_size) { - sprintf(buf, + snprintf(buf, sizeof(buf), "Received %d bytes, expected %d bytes for database file", received_size, database_size); send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); @@ -1435,15 +1522,14 @@ send_error(context, fd, err_code, err_text) if (error.error > 127) { error.error = KRB_ERR_GENERIC; if (err_text) { - sprintf(buf, "%s %s", error_message(err_code), - err_text); + snprintf(buf, sizeof(buf), "%s %s", + error_message(err_code), err_text); text = buf; } } error.text.length = strlen(text) + 1; - error.text.data = malloc(error.text.length); + error.text.data = strdup(text); if (error.text.data) { - strcpy(error.text.data, text); if (!krb5_mk_error(context, &error, &outbuf)) { (void) krb5_write_message(context, (void *)&fd,&outbuf); krb5_free_data_contents(context, &outbuf); @@ -1474,7 +1560,7 @@ recv_error(context, inbuf) } else if (error->error) { com_err(progname, (krb5_error_code) error->error + ERROR_TABLE_BASE_krb5, - "signalled from server"); + "signaled from server"); if (error->text.data) fprintf(stderr, "Error text from client: %s\n", @@ -1583,18 +1669,15 @@ kadm5_get_kiprop_host_srv_name(krb5_context context, const char *realm, char **host_service_name) { - kadm5_ret_t ret; char *name; char *host; host = params.admin_server; /* XXX */ - name = malloc(strlen(KADM5_KIPROP_HOST_SERVICE) + strlen(host) + 2); - if (name == NULL) { + if (asprintf(&name, "%s/%s", KADM5_KIPROP_HOST_SERVICE, host) < 0) { free(host); return (ENOMEM); } - sprintf(name, "%s/%s", KADM5_KIPROP_HOST_SERVICE, host); *host_service_name = name; return (KADM5_OK); diff --git a/src/slave/kproplog.c b/src/slave/kproplog.c index 58ce70ffef..7bf9bbaa33 100644 --- a/src/slave/kproplog.c +++ b/src/slave/kproplog.c @@ -1,5 +1,5 @@ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -28,77 +28,340 @@ static char *progname; static void usage() { - (void) fprintf(stderr, _("\nUsage: %s [-h] [-v] [-e num]\n\n"), + (void) fprintf(stderr, _("\nUsage: %s [-h] [-v] [-v] [-e num]\n\n"), progname); exit(1); } +/* + * Print the attribute flags of principal in human readable form. + */ +static void +print_flags(unsigned int flags) +{ + unsigned int i; + static char *prflags[] = { + "DISALLOW_POSTDATED", /* 0x00000001 */ + "DISALLOW_FORWARDABLE", /* 0x00000002 */ + "DISALLOW_TGT_BASED", /* 0x00000004 */ + "DISALLOW_RENEWABLE", /* 0x00000008 */ + "DISALLOW_PROXIABLE", /* 0x00000010 */ + "DISALLOW_DUP_SKEY", /* 0x00000020 */ + "DISALLOW_ALL_TIX", /* 0x00000040 */ + "REQUIRES_PRE_AUTH", /* 0x00000080 */ + "REQUIRES_HW_AUTH", /* 0x00000100 */ + "REQUIRES_PWCHANGE", /* 0x00000200 */ + "UNKNOWN_0x00000400", /* 0x00000400 */ + "UNKNOWN_0x00000800", /* 0x00000800 */ + "DISALLOW_SVR", /* 0x00001000 */ + "PWCHANGE_SERVICE", /* 0x00002000 */ + "SUPPORT_DESMD5", /* 0x00004000 */ + "NEW_PRINC", /* 0x00008000 */ + }; + + for (i = 0; i < sizeof (prflags) / sizeof (char *); i++) { + if (flags & (krb5_flags) 1 << i) + printf("\t\t\t%s\n", prflags[i]); + } +} + +/* + * Display time information. + */ +static void +print_time(unsigned int *timep) +{ + if (*timep == 0L) + printf("\t\t\tNone\n"); + else { + time_t ltime = *timep; + printf("\t\t\t%s", ctime(<ime)); + } +} + +/* + * Display string in hex primitive. + */ +static void +print_hex(const char *tag, utf8str_t *str) +{ + unsigned int i; + unsigned int len; + + len = str->utf8str_t_len; + + (void) printf("\t\t\t%s(%d): 0x", tag, len); + for (i = 0; i < len; i++) { + printf("%02x", (krb5_octet) str->utf8str_t_val[i]); + } + (void) printf("\n"); +} + +/* + * Display string primitive. + */ +static void +print_str(const char *tag, utf8str_t *str) +{ + char *dis; + unsigned int len; + + /* + 1 for null byte */ + len = str->utf8str_t_len + 1; + dis = (char *) malloc(len); + + if (!dis) { + (void) fprintf(stderr, _("\nCouldn't allocate memory")); + exit(1); + } + + (void) snprintf(dis, len, "%s", str->utf8str_t_val); + + (void) printf("\t\t\t%s(%d): %s\n", tag, len - 1, dis); + + free(dis); +} + +/* + * Display data components. + */ +static void +print_data(const char *tag, kdbe_data_t *data) +{ + + (void) printf("\t\t\tmagic: 0x%x\n", data->k_magic); + + (void) print_str(tag, &data->k_data); +} + +/* + * Display the principal components. + */ +static void +print_princ(kdbe_princ_t *princ) +{ + int i, len; + kdbe_data_t *data; + + print_str("realm", &princ->k_realm); + + len = princ->k_components.k_components_len; + data = princ->k_components.k_components_val; + + for (i = 0; i < len; i++, data++) { + + print_data("princ", data); + } +} + +/* + * Display individual key. + */ +static void +print_key(kdbe_key_t *k) +{ + unsigned int i; + utf8str_t *str; + + printf("\t\t\tver: %d\n", k->k_ver); + + printf("\t\t\tkvno: %d\n", k->k_kvno); + + for (i = 0; i < k->k_enctype.k_enctype_len; i++) { + printf("\t\t\tenc type: 0x%x\n", + k->k_enctype.k_enctype_val[i]); + } + + str = k->k_contents.k_contents_val; + for (i = 0; i < k->k_contents.k_contents_len; i++, str++) { + print_hex("key", str); + } +} + +/* + * Display all key data. + */ +static void +print_keydata(kdbe_key_t *keys, unsigned int len) +{ + unsigned int i; + + for (i = 0; i < len; i++, keys++) { + print_key(keys); + } +} + +/* + * Display TL item. + */ +static void +print_tl(kdbe_tl_t *tl) +{ + int i, len; + + printf("\t\t\ttype: 0x%x\n", tl->tl_type); + + len = tl->tl_data.tl_data_len; + + printf("\t\t\tvalue(%d): 0x", len); + for (i = 0; i < len; i++) { + printf("%02x", (krb5_octet) tl->tl_data.tl_data_val[i]); + } + printf("\n"); +} + +/* + * Display TL data items. + */ +static void +print_tldata(kdbe_tl_t *tldata, int len) +{ + int i; + + printf("\t\t\titems: %d\n", len); + + for (i = 0; i < len; i++, tldata++) { + print_tl(tldata); + } +} + /* * Print the individual types if verbose mode was specified. + * If verbose-verbose then print types along with respective values. */ static void -print_attr(kdbe_attr_type_t type) +print_attr(kdbe_val_t *val, int vverbose) { - switch (type) { + switch (val->av_type) { case AT_ATTRFLAGS: (void) printf(_("\t\tAttribute flags\n")); + if (vverbose) { + print_flags(val->kdbe_val_t_u.av_attrflags); + } break; case AT_MAX_LIFE: (void) printf(_("\t\tMaximum ticket life\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_max_life); + } break; case AT_MAX_RENEW_LIFE: (void) printf(_("\t\tMaximum renewable life\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_max_renew_life); + } break; case AT_EXP: (void) printf(_("\t\tPrincipal expiration\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_exp); + } break; case AT_PW_EXP: (void) printf(_("\t\tPassword expiration\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_pw_exp); + } break; case AT_LAST_SUCCESS: (void) printf(_("\t\tLast successful auth\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_last_success); + } break; case AT_LAST_FAILED: (void) printf(_("\t\tLast failed auth\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_last_failed); + } break; case AT_FAIL_AUTH_COUNT: (void) printf(_("\t\tFailed passwd attempt\n")); + if (vverbose) { + (void) printf("\t\t\t%d\n", + val->kdbe_val_t_u.av_fail_auth_count); + } break; case AT_PRINC: (void) printf(_("\t\tPrincipal\n")); + if (vverbose) { + print_princ(&val->kdbe_val_t_u.av_princ); + } break; case AT_KEYDATA: (void) printf(_("\t\tKey data\n")); + if (vverbose) { + print_keydata( + val->kdbe_val_t_u.av_keydata.av_keydata_val, + val->kdbe_val_t_u.av_keydata.av_keydata_len); + } break; case AT_TL_DATA: (void) printf(_("\t\tTL data\n")); + if (vverbose) { + print_tldata( + val->kdbe_val_t_u.av_tldata.av_tldata_val, + val->kdbe_val_t_u.av_tldata.av_tldata_len); + } break; case AT_LEN: (void) printf(_("\t\tLength\n")); + if (vverbose) { + (void) printf("\t\t\t%d\n", + val->kdbe_val_t_u.av_len); + } + break; + case AT_PW_LAST_CHANGE: + (void) printf(_("\t\tPassword last changed\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_pw_last_change); + } break; case AT_MOD_PRINC: (void) printf(_("\t\tModifying principal\n")); + if (vverbose) { + print_princ(&val->kdbe_val_t_u.av_mod_princ); + } break; case AT_MOD_TIME: (void) printf(_("\t\tModification time\n")); + if (vverbose) { + print_time(&val->kdbe_val_t_u.av_mod_time); + } break; case AT_MOD_WHERE: (void) printf(_("\t\tModified where\n")); - break; - case AT_PW_LAST_CHANGE: - (void) printf(_("\t\tPassword last changed\n")); + if (vverbose) { + print_str("where", + &val->kdbe_val_t_u.av_mod_where); + } break; case AT_PW_POLICY: (void) printf(_("\t\tPassword policy\n")); + if (vverbose) { + print_str("policy", + &val->kdbe_val_t_u.av_pw_policy); + } break; case AT_PW_POLICY_SWITCH: (void) printf(_("\t\tPassword policy switch\n")); + if (vverbose) { + (void) printf("\t\t\t%d\n", + val->kdbe_val_t_u.av_pw_policy_switch); + } break; case AT_PW_HIST_KVNO: (void) printf(_("\t\tPassword history KVNO\n")); + if (vverbose) { + (void) printf("\t\t\t%d\n", + val->kdbe_val_t_u.av_pw_hist_kvno); + } break; case AT_PW_HIST: (void) printf(_("\t\tPassword history\n")); + if (vverbose) { + (void) printf("\t\t\tPW history elided\n"); + } break; } /* switch */ @@ -107,7 +370,7 @@ print_attr(kdbe_attr_type_t type) * Print the update entry information */ static void -print_update(kdb_hlog_t *ulog, uint32_t entry, bool_t verbose) +print_update(kdb_hlog_t *ulog, uint32_t entry, unsigned int verbose) { XDR xdrs; uint32_t start_sno, i, j, indx; @@ -161,7 +424,7 @@ print_update(kdb_hlog_t *ulog, uint32_t entry, bool_t verbose) exit(1); } (void) strncpy(dbprinc, upd.kdb_princ_name.utf8str_t_val, - (upd.kdb_princ_name.utf8str_t_len + 1)); + upd.kdb_princ_name.utf8str_t_len); dbprinc[upd.kdb_princ_name.utf8str_t_len] = 0; (void) printf(_("\tUpdate principal : %s\n"), dbprinc); @@ -182,8 +445,8 @@ print_update(kdb_hlog_t *ulog, uint32_t entry, bool_t verbose) if (verbose) for (j = 0; j < upd.kdb_update.kdbe_t_len; j++) - print_attr( - upd.kdb_update.kdbe_t_val[j].av_type); + print_attr(&upd.kdb_update.kdbe_t_val[j], + verbose > 1 ? 1 : 0); xdr_free(xdr_kdb_incr_update_t, (char *)&upd); free(dbprinc); @@ -194,7 +457,7 @@ int main(int argc, char **argv) { int c; - bool_t verbose = FALSE; + unsigned int verbose = 0; bool_t headeronly = FALSE; uint32_t entry = 0; krb5_context context; @@ -222,7 +485,7 @@ main(int argc, char **argv) entry = atoi(optarg); break; case 'v': - verbose = TRUE; + verbose++; break; default: usage(); @@ -243,12 +506,12 @@ main(int argc, char **argv) exit(1); } - (void) printf(_("\nKerberos update log (%s.ulog)\n"), - params.dbname); + (void) printf(_("\nKerberos update log (%s)\n"), + params.iprop_logfile); if (ulog_map(context, params.iprop_logfile, 0, FKPROPLOG, db_args)) { - (void) fprintf(stderr, _("Unable to map log file " - "%s.ulog\n\n"), params.dbname); + (void) fprintf(stderr, _("Unable to map log file %s\n\n"), + params.iprop_logfile); exit(1); } @@ -256,8 +519,8 @@ main(int argc, char **argv) if (log_ctx) ulog = log_ctx->ulog; else { - (void) fprintf(stderr, _("Unable to map log file " - "%s.ulog\n\n"), params.dbname); + (void) fprintf(stderr, _("Unable to map log file %s\n\n"), + params.iprop_logfile); exit(1); } diff --git a/src/tests/asn.1/Makefile.in b/src/tests/asn.1/Makefile.in index 6fd8ddbbc3..8bfa46e601 100644 --- a/src/tests/asn.1/Makefile.in +++ b/src/tests/asn.1/Makefile.in @@ -4,6 +4,7 @@ mydir=tests/asn.1 BUILDTOP=$(REL)..$(S).. PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) +LDAP=@LDAP@ RUN_SETUP = @KRB5_RUN_ENV@ @@ -28,25 +29,43 @@ krb5_decode_test: $(DECOBJS) $(KRB5_BASE_DEPLIBS) t_trval: t_trval.o $(CC) -o t_trval $(ALL_CFLAGS) t_trval.o -check:: krb5_decode_test krb5_encode_test +check:: check-encode check-encode-trval check-decode + +check-decode: krb5_decode_test KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \ export KRB5_CONFIG ;\ $(RUN_SETUP) $(VALGRIND) ./krb5_decode_test - $(RM) test.out + +expected_encode.out: reference_encode.out ldap_encode.out + if test "$(LDAP)" = yes; then \ + cat $(srcdir)/reference_encode.out $(srcdir)/ldap_encode.out > expected_encode.out; \ + else \ + cat $(srcdir)/reference_encode.out > expected_encode.out; \ + fi + +expected_trval.out: trval_reference.out ldap_trval.out + if test "$(LDAP)" = yes; then \ + cat $(srcdir)/trval_reference.out $(srcdir)/ldap_trval.out > expected_trval.out; \ + else \ + cat $(srcdir)/trval_reference.out > expected_trval.out; \ + fi + +check-encode: krb5_encode_test expected_encode.out KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \ export KRB5_CONFIG ;\ $(RUN_SETUP) $(VALGRIND) ./krb5_encode_test > test.out - cmp test.out $(srcdir)/reference_encode.out + cmp test.out expected_encode.out + +check-encode-trval: krb5_encode_test expected_trval.out KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \ export KRB5_CONFIG ;\ - $(RUN_SETUP) $(VALGRIND) ./krb5_encode_test -t > test.out - cmp test.out $(srcdir)/trval_reference.out - $(RM) test.out + $(RUN_SETUP) $(VALGRIND) ./krb5_encode_test -t > trval.out + cmp trval.out expected_trval.out install:: clean:: - rm -f *~ *.o krb5_encode_test krb5_decode_test test.out trval t_trval + rm -f *~ *.o krb5_encode_test krb5_decode_test test.out trval t_trval expected_encode.out expected_trval.out trval.out ################ Dependencies ################ @@ -59,51 +78,3 @@ ktest_equal.o: ktest_equal.h #utility.h: krbasn1.h asn1buf.h ############################################## -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)krb5_encode_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \ - $(SRCTOP)/lib/krb5/asn.1/krbasn1.h debug.h krb5_encode_test.c \ - ktest.h utility.h -$(OUTPRE)ktest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \ - $(SRCTOP)/lib/krb5/asn.1/krbasn1.h ktest.c ktest.h \ - utility.h -$(OUTPRE)ktest_equal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h ktest_equal.c ktest_equal.h -$(OUTPRE)utility.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \ - $(SRCTOP)/lib/krb5/asn.1/krbasn1.h utility.c utility.h -$(OUTPRE)trval.$(OBJEXT): trval.c -$(OUTPRE)t_trval.$(OBJEXT): t_trval.c trval.c diff --git a/src/tests/asn.1/deps b/src/tests/asn.1/deps new file mode 100644 index 0000000000..13fabb706b --- /dev/null +++ b/src/tests/asn.1/deps @@ -0,0 +1,50 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)krb5_encode_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \ + $(SRCTOP)/lib/krb5/asn.1/krbasn1.h debug.h krb5_encode_test.c \ + ktest.h utility.h +$(OUTPRE)ktest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \ + $(SRCTOP)/lib/krb5/asn.1/krbasn1.h ktest.c ktest.h \ + utility.h +$(OUTPRE)ktest_equal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h ktest_equal.c ktest_equal.h +$(OUTPRE)utility.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/lib/krb5/asn.1/asn1buf.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h \ + utility.c utility.h +$(OUTPRE)trval.$(OBJEXT): trval.c +$(OUTPRE)t_trval.$(OBJEXT): t_trval.c trval.c diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c index bd42508654..4afc273c27 100644 --- a/src/tests/asn.1/krb5_decode_test.c +++ b/src/tests/asn.1/krb5_decode_test.c @@ -16,237 +16,238 @@ void krb5_ktest_free_pwd_sequence(krb5_context context, void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val); int main(argc, argv) - int argc; - char **argv; + int argc; + char **argv; { - krb5_data code; - krb5_error_code retval; - - retval = krb5_init_context(&test_context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } - - -#define setup(type,typestring,constructor)\ - type ref, *var;\ - retval = constructor(&ref);\ - if(retval){\ - com_err("krb5_decode_test", retval, "while making sample %s", typestring);\ - exit(1);\ - } - -#define decode_run(typestring,description,encoding,decoder,comparator,cleanup)\ - retval = krb5_data_hex_parse(&code,encoding);\ - if(retval){\ - com_err("krb5_decode_test", retval, "while parsing %s", typestring);\ - exit(1);\ - }\ - retval = decoder(&code,&var);\ - if(retval){\ - com_err("krb5_decode_test", retval, "while decoding %s", typestring);\ - error_count++;\ - }\ - test(comparator(&ref,var),typestring);\ - printf("%s\n",description);\ - krb5_free_data_contents(test_context, &code);\ + krb5_data code; + krb5_error_code retval; + + retval = krb5_init_context(&test_context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } + init_access(argv[0]); + + +#define setup(type,typestring,constructor) \ + type ref, *var; \ + retval = constructor(&ref); \ + if (retval) { \ + com_err("krb5_decode_test", retval, "while making sample %s", typestring); \ + exit(1); \ + } + +#define decode_run(typestring,description,encoding,decoder,comparator,cleanup) \ + retval = krb5_data_hex_parse(&code,encoding); \ + if (retval) { \ + com_err("krb5_decode_test", retval, "while parsing %s", typestring); \ + exit(1); \ + } \ + retval = decoder(&code,&var); \ + if (retval) { \ + com_err("krb5_decode_test", retval, "while decoding %s", typestring); \ + error_count++; \ + } \ + test(comparator(&ref,var),typestring); \ + printf("%s\n",description); \ + krb5_free_data_contents(test_context, &code); \ cleanup(test_context, var); - /****************************************************************/ - /* decode_krb5_authenticator */ - { - setup(krb5_authenticator,"krb5_authenticator",ktest_make_sample_authenticator); - - decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - - ref.seq_number = 0xffffff80; - decode_run("authenticator","(80 -> seq-number 0xffffff80)", - "62 81 A1 30 81 9E" - " A0 03 02 01 05" - " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" - " A2 1A 30 18" - " A0 03 02 01 01" - " A1 11 30 0F" - " 1B 06 68 66 74 73 61 69" - " 1B 05 65 78 74 72 61" - " A3 0F 30 0D" - " A0 03 02 01 01" - " A1 06 04 04 31 32 33 34" - " A4 05 02 03 01 E2 40" - " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" - " A6 13 30 11" - " A0 03 02 01 01" - " A1 0A 04 08 31 32 33 34 35 36 37 38" - " A7 03 02 01 80" - " A8 24 30 22" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - - ref.seq_number = 0xffffffff; - decode_run("authenticator","(FF -> seq-number 0xffffffff)", - "62 81 A1 30 81 9E" - " A0 03 02 01 05" - " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" - " A2 1A 30 18" - " A0 03 02 01 01" - " A1 11 30 0F" - " 1B 06 68 66 74 73 61 69" - " 1B 05 65 78 74 72 61" - " A3 0F 30 0D" - " A0 03 02 01 01" - " A1 06 04 04 31 32 33 34" - " A4 05 02 03 01 E2 40" - " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" - " A6 13 30 11" - " A0 03 02 01 01" - " A1 0A 04 08 31 32 33 34 35 36 37 38" - " A7 03 02 01 FF" - " A8 24 30 22" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - - ref.seq_number = 0xff; - decode_run("authenticator","(00FF -> seq-number 0xff)", - "62 81 A2 30 81 9F" - " A0 03 02 01 05" - " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" - " A2 1A 30 18" - " A0 03 02 01 01" - " A1 11 30 0F" - " 1B 06 68 66 74 73 61 69" - " 1B 05 65 78 74 72 61" - " A3 0F 30 0D" - " A0 03 02 01 01" - " A1 06 04 04 31 32 33 34" - " A4 05 02 03 01 E2 40" - " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" - " A6 13 30 11" - " A0 03 02 01 01" - " A1 0A 04 08 31 32 33 34 35 36 37 38" - " A7 04 02 02 00 FF" - " A8 24 30 22" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - - ref.seq_number = 0xffffffff; - decode_run("authenticator","(00FFFFFFFF -> seq-number 0xffffffff)", - "62 81 A5 30 81 A2" - " A0 03 02 01 05" - " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" - " A2 1A 30 18" - " A0 03 02 01 01" - " A1 11 30 0F" - " 1B 06 68 66 74 73 61 69" - " 1B 05 65 78 74 72 61" - " A3 0F 30 0D" - " A0 03 02 01 01" - " A1 06 04 04 31 32 33 34" - " A4 05 02 03 01 E2 40" - " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" - " A6 13 30 11" - " A0 03 02 01 01" - " A1 0A 04 08 31 32 33 34 35 36 37 38" - " A7 07 02 05 00 FF FF FF FF" - " A8 24 30 22" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - - ref.seq_number = 0x7fffffff; - decode_run("authenticator","(7FFFFFFF -> seq-number 0x7fffffff)", - "62 81 A4 30 81 A1" - " A0 03 02 01 05" - " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" - " A2 1A 30 18" - " A0 03 02 01 01" - " A1 11 30 0F" - " 1B 06 68 66 74 73 61 69" - " 1B 05 65 78 74 72 61" - " A3 0F 30 0D" - " A0 03 02 01 01" - " A1 06 04 04 31 32 33 34" - " A4 05 02 03 01 E2 40" - " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" - " A6 13 30 11" - " A0 03 02 01 01" - " A1 0A 04 08 31 32 33 34 35 36 37 38" - " A7 06 02 04 7F FF FF FF" - " A8 24 30 22" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - - ref.seq_number = 0xffffffff; - decode_run("authenticator","(FFFFFFFF -> seq-number 0xffffffff)", - "62 81 A4 30 81 A1" - " A0 03 02 01 05" - " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" - " A2 1A 30 18" - " A0 03 02 01 01" - " A1 11 30 0F" - " 1B 06 68 66 74 73 61 69" - " 1B 05 65 78 74 72 61" - " A3 0F 30 0D" - " A0 03 02 01 01" - " A1 06 04 04 31 32 33 34" - " A4 05 02 03 01 E2 40" - " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" - " A6 13 30 11" - " A0 03 02 01 01" - " A1 0A 04 08 31 32 33 34 35 36 37 38" - " A7 06 02 04 FF FF FF FF" - " A8 24 30 22" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - " 30 0F" - " A0 03 02 01 01" - " A1 08 04 06 66 6F 6F 62 61 72" - ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - - ktest_destroy_checksum(&(ref.checksum)); - ktest_destroy_keyblock(&(ref.subkey)); - ref.seq_number = 0; - ktest_empty_authorization_data(ref.authorization_data); - decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - - ktest_destroy_authorization_data(&(ref.authorization_data)); + /****************************************************************/ + /* decode_krb5_authenticator */ + { + setup(krb5_authenticator,"krb5_authenticator",ktest_make_sample_authenticator); + + decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xffffff80; + decode_run("authenticator","(80 -> seq-number 0xffffff80)", + "62 81 A1 30 81 9E" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 03 02 01 80" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xffffffff; + decode_run("authenticator","(FF -> seq-number 0xffffffff)", + "62 81 A1 30 81 9E" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 03 02 01 FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xff; + decode_run("authenticator","(00FF -> seq-number 0xff)", + "62 81 A2 30 81 9F" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 04 02 02 00 FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xffffffff; + decode_run("authenticator","(00FFFFFFFF -> seq-number 0xffffffff)", + "62 81 A5 30 81 A2" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 07 02 05 00 FF FF FF FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0x7fffffff; + decode_run("authenticator","(7FFFFFFF -> seq-number 0x7fffffff)", + "62 81 A4 30 81 A1" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 06 02 04 7F FF FF FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ref.seq_number = 0xffffffff; + decode_run("authenticator","(FFFFFFFF -> seq-number 0xffffffff)", + "62 81 A4 30 81 A1" + " A0 03 02 01 05" + " A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55" + " A2 1A 30 18" + " A0 03 02 01 01" + " A1 11 30 0F" + " 1B 06 68 66 74 73 61 69" + " 1B 05 65 78 74 72 61" + " A3 0F 30 0D" + " A0 03 02 01 01" + " A1 06 04 04 31 32 33 34" + " A4 05 02 03 01 E2 40" + " A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A" + " A6 13 30 11" + " A0 03 02 01 01" + " A1 0A 04 08 31 32 33 34 35 36 37 38" + " A7 06 02 04 FF FF FF FF" + " A8 24 30 22" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + " 30 0F" + " A0 03 02 01 01" + " A1 08 04 06 66 6F 6F 62 61 72" + ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ktest_destroy_checksum(&(ref.checksum)); + ktest_destroy_keyblock(&(ref.subkey)); + ref.seq_number = 0; + ktest_empty_authorization_data(ref.authorization_data); + decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + + ktest_destroy_authorization_data(&(ref.authorization_data)); - decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); + decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator); - ktest_empty_authenticator(&ref); - } + ktest_empty_authenticator(&ref); + } - /****************************************************************/ - /* decode_krb5_ticket */ - { - setup(krb5_ticket,"krb5_ticket",ktest_make_sample_ticket); - decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket); - decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket); + /****************************************************************/ + /* decode_krb5_ticket */ + { + setup(krb5_ticket,"krb5_ticket",ktest_make_sample_ticket); + decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket); + decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket); /* "61 80 30 80 " @@ -267,7 +268,7 @@ int main(argc, argv) " 00 00 00 00" "00 00 00 00" */ - decode_run("ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket); + decode_run("ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket); /* "61 80 30 80 " " A0 03 02 01 05 " @@ -288,617 +289,628 @@ int main(argc, argv) " A4 03 02 01 01 " "00 00 00 00" */ - decode_run("ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket); - - ktest_empty_ticket(&ref); - - } - - /****************************************************************/ - /* decode_krb5_encryption_key */ - { - setup(krb5_keyblock,"krb5_keyblock",ktest_make_sample_keyblock); + decode_run("ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket); - decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + ktest_empty_ticket(&ref); - decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - decode_run("encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - decode_run("encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - decode_run("encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - decode_run("encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - ref.enctype = -1; - decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - ref.enctype = -255; - decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - ref.enctype = 255; - decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - ref.enctype = -2147483648U; - decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - ref.enctype = 2147483647; - decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); - - ktest_empty_keyblock(&ref); - } - - /****************************************************************/ - /* decode_krb5_enc_tkt_part */ - { - setup(krb5_enc_tkt_part,"krb5_enc_tkt_part",ktest_make_sample_enc_tkt_part); - decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); - - /* ref.times.starttime = 0; */ - ref.times.starttime = ref.times.authtime; - ref.times.renew_till = 0; - ktest_destroy_address(&(ref.caddrs[1])); - ktest_destroy_address(&(ref.caddrs[0])); - ktest_destroy_authdata(&(ref.authorization_data[1])); - ktest_destroy_authdata(&(ref.authorization_data[0])); - /* ISODE version fails on the empty caddrs field */ - ktest_destroy_addresses(&(ref.caddrs)); - ktest_destroy_authorization_data(&(ref.authorization_data)); - - decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part, krb5_free_enc_tkt_part); - - decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); - - decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 40 bits)","63 81 A6 30 81 A3 A0 08 03 06 00 FE DC BA 98 DE A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); - - decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 29 bits)","63 81 A5 30 81 A2 A0 07 03 05 03 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); - - ref.flags &= 0xFFFFFF00; - - decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); + } - ktest_empty_enc_tkt_part(&ref); - } - - /****************************************************************/ - /* decode_krb5_enc_kdc_rep_part */ - { - setup(krb5_enc_kdc_rep_part,"krb5_enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part); + /****************************************************************/ + /* decode_krb5_encryption_key */ + { + setup(krb5_keyblock,"krb5_keyblock",ktest_make_sample_keyblock); + + decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + + decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + decode_run("encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + decode_run("encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + decode_run("encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + decode_run("encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + ref.enctype = -1; + decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + ref.enctype = -255; + decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + ref.enctype = 255; + decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + ref.enctype = -2147483648U; + decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + ref.enctype = 2147483647; + decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock); + + ktest_empty_keyblock(&ref); + } + + /****************************************************************/ + /* decode_krb5_enc_tkt_part */ + { + setup(krb5_enc_tkt_part,"krb5_enc_tkt_part",ktest_make_sample_enc_tkt_part); + decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); + + /* ref.times.starttime = 0; */ + ref.times.starttime = ref.times.authtime; + ref.times.renew_till = 0; + ktest_destroy_address(&(ref.caddrs[1])); + ktest_destroy_address(&(ref.caddrs[0])); + ktest_destroy_authdata(&(ref.authorization_data[1])); + ktest_destroy_authdata(&(ref.authorization_data[0])); + /* ISODE version fails on the empty caddrs field */ + ktest_destroy_addresses(&(ref.caddrs)); + ktest_destroy_authorization_data(&(ref.authorization_data)); + + decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part, krb5_free_enc_tkt_part); + + decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); + + decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 40 bits)","63 81 A6 30 81 A3 A0 08 03 06 00 FE DC BA 98 DE A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); + + decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 29 bits)","63 81 A5 30 81 A2 A0 07 03 05 03 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); + + ref.flags &= 0xFFFFFF00; + + decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part); + + ktest_empty_enc_tkt_part(&ref); + } + + /****************************************************************/ + /* decode_krb5_enc_kdc_rep_part */ + { + setup(krb5_enc_kdc_rep_part,"krb5_enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part); #ifdef KRB5_GENEROUS_LR_TYPE - decode_run("enc_kdc_rep_part","(compat_lr_type)","7A 82 01 10 30 82 01 0C A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part); + decode_run("enc_kdc_rep_part","(compat_lr_type)","7A 82 01 10 30 82 01 0C A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part); #endif - decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part); + decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part); - ref.key_exp = 0; - /* ref.times.starttime = 0;*/ - ref.times.starttime = ref.times.authtime; - ref.times.renew_till = 0; - ref.flags &= ~TKT_FLG_RENEWABLE; - ktest_destroy_addresses(&(ref.caddrs)); + ref.key_exp = 0; + /* ref.times.starttime = 0;*/ + ref.times.starttime = ref.times.authtime; + ref.times.renew_till = 0; + ref.flags &= ~TKT_FLG_RENEWABLE; + ktest_destroy_addresses(&(ref.caddrs)); #ifdef KRB5_GENEROUS_LR_TYPE - decode_run("enc_kdc_rep_part","(optionals NULL)(compat lr_type)","7A 81 B4 30 81 B1 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part); + decode_run("enc_kdc_rep_part","(optionals NULL)(compat lr_type)","7A 81 B4 30 81 B1 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part); #endif - decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part); + decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part); - ktest_empty_enc_kdc_rep_part(&ref); - } + ktest_empty_enc_kdc_rep_part(&ref); + } - /****************************************************************/ - /* decode_krb5_as_rep */ - { - setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep); - ref.msg_type = KRB5_AS_REP; + /****************************************************************/ + /* decode_krb5_as_rep */ + { + setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep); + ref.msg_type = KRB5_AS_REP; - decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep); + decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep); /* 6B 80 30 80 - A0 03 02 01 05 - A1 03 02 01 0B - A2 80 30 80 - 30 80 - A1 03 02 01 0D - A2 09 04 07 70 61 2D 64 61 74 61 - 00 00 - 30 80 - A1 03 02 01 0D - A2 09 04 07 70 61 2D 64 61 74 61 - 00 00 - 00 00 00 00 - A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 - A4 80 30 80 - A0 03 02 01 01 - A1 80 30 80 - 1B 06 68 66 74 73 61 69 - 1B 05 65 78 74 72 61 - 00 00 00 00 - 00 00 00 00 - A5 80 61 80 30 80 - A0 03 02 01 05 - A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 - A2 80 30 80 - A0 03 02 01 01 - A1 80 30 80 - 1B 06 68 66 74 73 61 69 - 1B 05 65 78 74 72 61 - 00 00 00 00 - 00 00 00 00 - A3 80 30 80 - A0 03 02 01 00 - A1 03 02 01 05 - A2 17 04 15 6B 72 62 41 53 4E 2E 31 - 20 74 65 73 74 20 6D 65 - 73 73 61 67 65 - 00 00 00 00 - 00 00 00 00 00 00 - A6 80 30 80 - A0 03 02 01 00 - A1 03 02 01 05 - A2 17 04 15 6B 72 62 41 53 4E 2E 31 - 20 74 65 73 74 20 6D 65 - 73 73 61 67 65 - 00 00 00 00 + A0 03 02 01 05 + A1 03 02 01 0B + A2 80 30 80 + 30 80 + A1 03 02 01 0D + A2 09 04 07 70 61 2D 64 61 74 61 + 00 00 + 30 80 + A1 03 02 01 0D + A2 09 04 07 70 61 2D 64 61 74 61 + 00 00 + 00 00 00 00 + A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 + A4 80 30 80 + A0 03 02 01 01 + A1 80 30 80 + 1B 06 68 66 74 73 61 69 + 1B 05 65 78 74 72 61 + 00 00 00 00 + 00 00 00 00 + A5 80 61 80 30 80 + A0 03 02 01 05 + A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 + A2 80 30 80 + A0 03 02 01 01 + A1 80 30 80 + 1B 06 68 66 74 73 61 69 + 1B 05 65 78 74 72 61 + 00 00 00 00 + 00 00 00 00 + A3 80 30 80 + A0 03 02 01 00 + A1 03 02 01 05 + A2 17 04 15 6B 72 62 41 53 4E 2E 31 + 20 74 65 73 74 20 6D 65 + 73 73 61 67 65 + 00 00 00 00 + 00 00 00 00 00 00 + A6 80 30 80 + A0 03 02 01 00 + A1 03 02 01 05 + A2 17 04 15 6B 72 62 41 53 4E 2E 31 + 20 74 65 73 74 20 6D 65 + 73 73 61 67 65 + 00 00 00 00 00 00 00 00 */ - decode_run("as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep); - ktest_destroy_pa_data_array(&(ref.padata)); - decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep); - - ktest_empty_kdc_rep(&ref); - } - - /****************************************************************/ - /* decode_krb5_tgs_rep */ - { - setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep); - ref.msg_type = KRB5_TGS_REP; - - decode_run("tgs_rep","","6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep); - - ktest_destroy_pa_data_array(&(ref.padata)); - decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep); - - ktest_empty_kdc_rep(&ref); - } - - /****************************************************************/ - /* decode_krb5_ap_req */ - { - setup(krb5_ap_req,"krb5_ap_req",ktest_make_sample_ap_req); - decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req,krb5_free_ap_req); - ktest_empty_ap_req(&ref); - - } - - /****************************************************************/ - /* decode_krb5_ap_rep */ - { - setup(krb5_ap_rep,"krb5_ap_rep",ktest_make_sample_ap_rep); - decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep,krb5_free_ap_rep); - ktest_empty_ap_rep(&ref); - } - - /****************************************************************/ - /* decode_krb5_ap_rep_enc_part */ - { - setup(krb5_ap_rep_enc_part,"krb5_ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part); - - decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); - - ktest_destroy_keyblock(&(ref.subkey)); - ref.seq_number = 0; - decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); - ktest_empty_ap_rep_enc_part(&ref); - } - - /****************************************************************/ - /* decode_krb5_as_req */ - { - setup(krb5_kdc_req,"krb5_kdc_req",ktest_make_sample_kdc_req); - ref.msg_type = KRB5_AS_REQ; - - ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - decode_run("as_req","","6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req); - - ktest_destroy_pa_data_array(&(ref.padata)); - ktest_destroy_principal(&(ref.client)); + decode_run("as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep); + ktest_destroy_pa_data_array(&(ref.padata)); + decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep); + + ktest_empty_kdc_rep(&ref); + } + + /****************************************************************/ + /* decode_krb5_tgs_rep */ + { + setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep); + ref.msg_type = KRB5_TGS_REP; + + decode_run("tgs_rep","","6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep); + + ktest_destroy_pa_data_array(&(ref.padata)); + decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep); + + ktest_empty_kdc_rep(&ref); + } + + /****************************************************************/ + /* decode_krb5_ap_req */ + { + setup(krb5_ap_req,"krb5_ap_req",ktest_make_sample_ap_req); + decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req,krb5_free_ap_req); + ktest_empty_ap_req(&ref); + + } + + /****************************************************************/ + /* decode_krb5_ap_rep */ + { + setup(krb5_ap_rep,"krb5_ap_rep",ktest_make_sample_ap_rep); + decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep,krb5_free_ap_rep); + ktest_empty_ap_rep(&ref); + } + + /****************************************************************/ + /* decode_krb5_ap_rep_enc_part */ + { + setup(krb5_ap_rep_enc_part,"krb5_ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part); + + decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); + + ktest_destroy_keyblock(&(ref.subkey)); + ref.seq_number = 0; + decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part); + ktest_empty_ap_rep_enc_part(&ref); + } + + /****************************************************************/ + /* decode_krb5_as_req */ + { + setup(krb5_kdc_req,"krb5_kdc_req",ktest_make_sample_kdc_req); + ref.msg_type = KRB5_AS_REQ; + + ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + decode_run("as_req","","6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req); + + ktest_destroy_pa_data_array(&(ref.padata)); + ktest_destroy_principal(&(ref.client)); #ifndef ISODE_SUCKS - ktest_destroy_principal(&(ref.server)); + ktest_destroy_principal(&(ref.server)); #endif - ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; - ref.from = 0; - ref.rtime = 0; - ktest_destroy_addresses(&(ref.addresses)); - ktest_destroy_enc_data(&(ref.authorization_data)); - decode_run("as_req","(optionals NULL except second_ticket)","6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req); - ktest_destroy_sequence_of_ticket(&(ref.second_ticket)); + ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + ref.from = 0; + ref.rtime = 0; + ktest_destroy_addresses(&(ref.addresses)); + ktest_destroy_enc_data(&(ref.authorization_data)); + decode_run("as_req","(optionals NULL except second_ticket)","6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req); + ktest_destroy_sequence_of_ticket(&(ref.second_ticket)); #ifndef ISODE_SUCKS - ktest_make_sample_principal(&(ref.server)); + ktest_make_sample_principal(&(ref.server)); #endif - ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - decode_run("as_req","(optionals NULL except server)","6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req); + ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + decode_run("as_req","(optionals NULL except server)","6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req); - ktest_empty_kdc_req(&ref); + ktest_empty_kdc_req(&ref); - } + } - /****************************************************************/ - /* decode_krb5_tgs_req */ - { - setup(krb5_kdc_req,"krb5_kdc_req",ktest_make_sample_kdc_req); - ref.msg_type = KRB5_TGS_REQ; + /****************************************************************/ + /* decode_krb5_tgs_req */ + { + setup(krb5_kdc_req,"krb5_kdc_req",ktest_make_sample_kdc_req); + ref.msg_type = KRB5_TGS_REQ; - ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - decode_run("tgs_req","","6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req); + ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + decode_run("tgs_req","","6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req); - ktest_destroy_pa_data_array(&(ref.padata)); - ktest_destroy_principal(&(ref.client)); + ktest_destroy_pa_data_array(&(ref.padata)); + ktest_destroy_principal(&(ref.client)); #ifndef ISODE_SUCKS - ktest_destroy_principal(&(ref.server)); + ktest_destroy_principal(&(ref.server)); #endif - ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; - ref.from = 0; - ref.rtime = 0; - ktest_destroy_addresses(&(ref.addresses)); - ktest_destroy_enc_data(&(ref.authorization_data)); - decode_run("tgs_req","(optionals NULL except second_ticket)","6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req); - - ktest_destroy_sequence_of_ticket(&(ref.second_ticket)); + ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + ref.from = 0; + ref.rtime = 0; + ktest_destroy_addresses(&(ref.addresses)); + ktest_destroy_enc_data(&(ref.authorization_data)); + decode_run("tgs_req","(optionals NULL except second_ticket)","6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req); + + ktest_destroy_sequence_of_ticket(&(ref.second_ticket)); #ifndef ISODE_SUCKS - ktest_make_sample_principal(&(ref.server)); + ktest_make_sample_principal(&(ref.server)); #endif - ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - decode_run("tgs_req","(optionals NULL except server)","6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req); - - ktest_empty_kdc_req(&ref); - } - - /****************************************************************/ - /* decode_krb5_kdc_req_body */ - { - krb5_kdc_req ref, *var; - memset(&ref, 0, sizeof(krb5_kdc_req)); - retval = ktest_make_sample_kdc_req_body(&ref); - if(retval){ - com_err("making sample kdc_req_body",retval,""); - exit(1); - } - ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - decode_run("kdc_req_body","","30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req); + ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + decode_run("tgs_req","(optionals NULL except server)","6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req); - ktest_destroy_principal(&(ref.client)); + ktest_empty_kdc_req(&ref); + } + + /****************************************************************/ + /* decode_krb5_kdc_req_body */ + { + krb5_kdc_req ref, *var; + memset(&ref, 0, sizeof(krb5_kdc_req)); + retval = ktest_make_sample_kdc_req_body(&ref); + if (retval) { + com_err("making sample kdc_req_body",retval,""); + exit(1); + } + ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + decode_run("kdc_req_body","","30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req); + + ktest_destroy_principal(&(ref.client)); #ifndef ISODE_SUCKS - ktest_destroy_principal(&(ref.server)); + ktest_destroy_principal(&(ref.server)); #endif - ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; - ref.from = 0; - ref.rtime = 0; - ktest_destroy_addresses(&(ref.addresses)); - ktest_destroy_enc_data(&(ref.authorization_data)); - decode_run("kdc_req_body","(optionals NULL except second_ticket)","30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req); - - ktest_destroy_sequence_of_ticket(&(ref.second_ticket)); + ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + ref.from = 0; + ref.rtime = 0; + ktest_destroy_addresses(&(ref.addresses)); + ktest_destroy_enc_data(&(ref.authorization_data)); + decode_run("kdc_req_body","(optionals NULL except second_ticket)","30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req); + + ktest_destroy_sequence_of_ticket(&(ref.second_ticket)); #ifndef ISODE_SUCKS - ktest_make_sample_principal(&(ref.server)); + ktest_make_sample_principal(&(ref.server)); #endif - ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - decode_run("kdc_req_body","(optionals NULL except server)","30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req); - ref.nktypes = 0; - free(ref.ktype); - ref.ktype = NULL; - decode_run("kdc_req_body","(optionals NULL except server; zero-length etypes)","30 53 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 02 30 00",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req); - - ktest_empty_kdc_req(&ref); - } - - - /****************************************************************/ - /* decode_krb5_safe */ - { - setup(krb5_safe,"krb5_safe",ktest_make_sample_safe); - decode_run("safe","","74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe); - - ref.timestamp = 0; - ref.usec = 0; - ref.seq_number = 0; - ktest_destroy_address(&(ref.r_address)); - decode_run("safe","(optionals NULL)","74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe); - - ktest_empty_safe(&ref); - } - - /****************************************************************/ - /* decode_krb5_priv */ - { - setup(krb5_priv,"krb5_priv",ktest_make_sample_priv); - decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv,krb5_free_priv); - ktest_empty_priv(&ref); - } - - /****************************************************************/ - /* decode_krb5_enc_priv_part */ - { - setup(krb5_priv_enc_part,"krb5_priv_enc_part",ktest_make_sample_priv_enc_part); - decode_run("enc_priv_part","","7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part); - - ref.timestamp = 0; - ref.usec = 0; - ref.seq_number = 0; - ktest_destroy_address(&(ref.r_address)); - decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part); - ktest_empty_priv_enc_part(&ref); - } - - /****************************************************************/ - /* decode_krb5_cred */ - { - setup(krb5_cred,"krb5_cred",ktest_make_sample_cred); - decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred,krb5_free_cred); - ktest_empty_cred(&ref); - } - - /****************************************************************/ - /* decode_krb5_enc_cred_part */ - { - setup(krb5_cred_enc_part,"krb5_cred_enc_part",ktest_make_sample_cred_enc_part); - decode_run("enc_cred_part","","7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part); - /* free_cred_enc_part does not free the pointer */ - krb5_xfree(var); - ktest_destroy_principal(&(ref.ticket_info[0]->client)); - ktest_destroy_principal(&(ref.ticket_info[0]->server)); - ref.ticket_info[0]->flags = 0; - ref.ticket_info[0]->times.authtime = 0; - ref.ticket_info[0]->times.starttime = 0; - ref.ticket_info[0]->times.endtime = 0; - ref.ticket_info[0]->times.renew_till = 0; - ktest_destroy_addresses(&(ref.ticket_info[0]->caddrs)); - ref.nonce = 0; - ref.timestamp = 0; - ref.usec = 0; - ktest_destroy_address(&(ref.s_address)); - ktest_destroy_address(&(ref.r_address)); - decode_run("enc_cred_part","(optionals NULL)","7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part); - /* free_cred_enc_part does not free the pointer */ - krb5_xfree(var); - - ktest_empty_cred_enc_part(&ref); - } - - /****************************************************************/ - /* decode_krb5_error */ - { - setup(krb5_error,"krb5_error",ktest_make_sample_error); - decode_run("error","","7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_error,ktest_equal_error,krb5_free_error); - - ref.ctime = 0; - ktest_destroy_principal(&(ref.client)); - ktest_empty_data(&(ref.text)); - ktest_empty_data(&(ref.e_data)); - decode_run("error","(optionals NULL)","7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_error,ktest_equal_error,krb5_free_error); - - ktest_empty_error(&ref); - } - - /****************************************************************/ - /* decode_krb5_authdata */ - { - krb5_authdata **ref, **var; - retval = ktest_make_sample_authorization_data(&ref); - if(retval){ - com_err("making sample authorization_data",retval,""); - exit(1); + ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + decode_run("kdc_req_body","(optionals NULL except server)","30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req); + ref.nktypes = 0; + free(ref.ktype); + ref.ktype = NULL; + decode_run("kdc_req_body","(optionals NULL except server; zero-length etypes)","30 53 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 02 30 00",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req); + + ktest_empty_kdc_req(&ref); + } + + + /****************************************************************/ + /* decode_krb5_safe */ + { + setup(krb5_safe,"krb5_safe",ktest_make_sample_safe); + decode_run("safe","","74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe); + + ref.timestamp = 0; + ref.usec = 0; + ref.seq_number = 0; + ktest_destroy_address(&(ref.r_address)); + decode_run("safe","(optionals NULL)","74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe); + + ktest_empty_safe(&ref); + } + + /****************************************************************/ + /* decode_krb5_priv */ + { + setup(krb5_priv,"krb5_priv",ktest_make_sample_priv); + decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv,krb5_free_priv); + ktest_empty_priv(&ref); + } + + /****************************************************************/ + /* decode_krb5_enc_priv_part */ + { + setup(krb5_priv_enc_part,"krb5_priv_enc_part",ktest_make_sample_priv_enc_part); + decode_run("enc_priv_part","","7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part); + + ref.timestamp = 0; + ref.usec = 0; + ref.seq_number = 0; + ktest_destroy_address(&(ref.r_address)); + decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part); + ktest_empty_priv_enc_part(&ref); + } + + /****************************************************************/ + /* decode_krb5_cred */ + { + setup(krb5_cred,"krb5_cred",ktest_make_sample_cred); + decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred,krb5_free_cred); + ktest_empty_cred(&ref); + } + + /****************************************************************/ + /* decode_krb5_enc_cred_part */ + { + setup(krb5_cred_enc_part,"krb5_cred_enc_part",ktest_make_sample_cred_enc_part); + decode_run("enc_cred_part","","7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part); + /* free_cred_enc_part does not free the pointer */ + krb5_xfree(var); + ktest_destroy_principal(&(ref.ticket_info[0]->client)); + ktest_destroy_principal(&(ref.ticket_info[0]->server)); + ref.ticket_info[0]->flags = 0; + ref.ticket_info[0]->times.authtime = 0; + ref.ticket_info[0]->times.starttime = 0; + ref.ticket_info[0]->times.endtime = 0; + ref.ticket_info[0]->times.renew_till = 0; + ktest_destroy_addresses(&(ref.ticket_info[0]->caddrs)); + ref.nonce = 0; + ref.timestamp = 0; + ref.usec = 0; + ktest_destroy_address(&(ref.s_address)); + ktest_destroy_address(&(ref.r_address)); + decode_run("enc_cred_part","(optionals NULL)","7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part); + /* free_cred_enc_part does not free the pointer */ + krb5_xfree(var); + + ktest_empty_cred_enc_part(&ref); + } + + /****************************************************************/ + /* decode_krb5_error */ + { + setup(krb5_error,"krb5_error",ktest_make_sample_error); + decode_run("error","","7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_error,ktest_equal_error,krb5_free_error); + + ref.ctime = 0; + ktest_destroy_principal(&(ref.client)); + ktest_empty_data(&(ref.text)); + ktest_empty_data(&(ref.e_data)); + decode_run("error","(optionals NULL)","7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_error,ktest_equal_error,krb5_free_error); + + ktest_empty_error(&ref); + } + + /****************************************************************/ + /* decode_krb5_authdata */ + { + krb5_authdata **ref, **var; + retval = ktest_make_sample_authorization_data(&ref); + if (retval) { + com_err("making sample authorization_data",retval,""); + exit(1); + } + retval = krb5_data_hex_parse(&code,"30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72"); + if (retval) { + com_err("parsing authorization_data",retval,""); + exit(1); + } + retval = decode_krb5_authdata(&code,&var); + if (retval) com_err("decoding authorization_data",retval,""); + test(ktest_equal_authorization_data(ref,var),"authorization_data\n") + krb5_free_data_contents(test_context, &code); + krb5_free_authdata(test_context, var); + ktest_destroy_authorization_data(&ref); } - retval = krb5_data_hex_parse(&code,"30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72"); - if(retval){ - com_err("parsing authorization_data",retval,""); - exit(1); + + /****************************************************************/ + /* decode_pwd_sequence */ + { + setup(passwd_phrase_element,"passwd_phrase_element",ktest_make_sample_passwd_phrase_element); + decode_run("PasswdSequence","","30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_sequence,ktest_equal_passwd_phrase_element,krb5_ktest_free_pwd_sequence); + ktest_empty_passwd_phrase_element(&ref); } - retval = decode_krb5_authdata(&code,&var); - if(retval) com_err("decoding authorization_data",retval,""); - test(ktest_equal_authorization_data(ref,var),"authorization_data\n") - krb5_free_data_contents(test_context, &code); - krb5_free_authdata(test_context, var); - ktest_destroy_authorization_data(&ref); - } - - /****************************************************************/ - /* decode_pwd_sequence */ - { - setup(passwd_phrase_element,"passwd_phrase_element",ktest_make_sample_passwd_phrase_element); - decode_run("PasswdSequence","","30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_sequence,ktest_equal_passwd_phrase_element,krb5_ktest_free_pwd_sequence); - ktest_empty_passwd_phrase_element(&ref); - } - - /****************************************************************/ - /* decode_passwd_data */ - { - setup(krb5_pwd_data,"krb5_pwd_data",ktest_make_sample_krb5_pwd_data); - decode_run("PasswdData","","30 3D A0 03 02 01 02 A1 36 30 34 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_data,ktest_equal_krb5_pwd_data,krb5_free_pwd_data); - ktest_empty_pwd_data(&ref); - } - - /****************************************************************/ - /* decode_krb5_padata_sequence */ - { - krb5_pa_data **ref, **var; - retval = ktest_make_sample_pa_data_array(&ref); - if(retval){ - com_err("making sample pa_data array",retval,""); - exit(1); + + /****************************************************************/ + /* decode_passwd_data */ + { + setup(krb5_pwd_data,"krb5_pwd_data",ktest_make_sample_krb5_pwd_data); + decode_run("PasswdData","","30 3D A0 03 02 01 02 A1 36 30 34 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_data,ktest_equal_krb5_pwd_data,krb5_free_pwd_data); + ktest_empty_pwd_data(&ref); } - retval = krb5_data_hex_parse(&code,"30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61"); - if(retval){ - com_err("parsing padata_sequence",retval,""); - exit(1); + + /****************************************************************/ + /* decode_krb5_padata_sequence */ + { + krb5_pa_data **ref, **var; + retval = ktest_make_sample_pa_data_array(&ref); + if (retval) { + com_err("making sample pa_data array",retval,""); + exit(1); + } + retval = krb5_data_hex_parse(&code,"30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61"); + if (retval) { + com_err("parsing padata_sequence",retval,""); + exit(1); + } + retval = decode_krb5_padata_sequence(&code,&var); + if (retval) com_err("decoding padata_sequence",retval,""); + test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data\n"); + krb5_free_pa_data(test_context, var); + krb5_free_data_contents(test_context, &code); + ktest_destroy_pa_data_array(&ref); } - retval = decode_krb5_padata_sequence(&code,&var); - if(retval) com_err("decoding padata_sequence",retval,""); - test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data\n"); - krb5_free_pa_data(test_context, var); - krb5_free_data_contents(test_context, &code); - ktest_destroy_pa_data_array(&ref); - } - - /****************************************************************/ - /* decode_krb5_padata_sequence (empty) */ - { - krb5_pa_data **ref, **var; - retval = ktest_make_sample_empty_pa_data_array(&ref); - if(retval){ - com_err("making sample empty pa_data array",retval,""); - exit(1); + + /****************************************************************/ + /* decode_krb5_padata_sequence (empty) */ + { + krb5_pa_data **ref, **var; + retval = ktest_make_sample_empty_pa_data_array(&ref); + if (retval) { + com_err("making sample empty pa_data array",retval,""); + exit(1); + } + retval = krb5_data_hex_parse(&code,"30 00"); + if (retval) { + com_err("parsing padata_sequence (empty)",retval,""); + exit(1); + } + retval = decode_krb5_padata_sequence(&code,&var); + if (retval) com_err("decoding padata_sequence (empty)",retval,""); + test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data (empty)\n"); + krb5_free_pa_data(test_context, var); + krb5_free_data_contents(test_context, &code); + ktest_destroy_pa_data_array(&ref); } - retval = krb5_data_hex_parse(&code,"30 00"); - if(retval){ - com_err("parsing padata_sequence (empty)",retval,""); - exit(1); + + /****************************************************************/ + /* decode_pwd_sequence */ + { + setup(krb5_alt_method,"krb5_alt_method",ktest_make_sample_alt_method); + decode_run("alt_method","","30 0F A0 03 02 01 2A A1 08 04 06 73 65 63 72 65 74",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method); + ref.length = 0; + decode_run("alt_method (no data)","","30 05 A0 03 02 01 2A",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method); + ktest_empty_alt_method(&ref); } - retval = decode_krb5_padata_sequence(&code,&var); - if(retval) com_err("decoding padata_sequence (empty)",retval,""); - test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data (empty)\n"); - krb5_free_pa_data(test_context, var); - krb5_free_data_contents(test_context, &code); - ktest_destroy_pa_data_array(&ref); - } - - /****************************************************************/ - /* decode_pwd_sequence */ - { - setup(krb5_alt_method,"krb5_alt_method",ktest_make_sample_alt_method); - decode_run("alt_method","","30 0F A0 03 02 01 2A A1 08 04 06 73 65 63 72 65 74",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method); - ref.length = 0; - decode_run("alt_method (no data)","","30 05 A0 03 02 01 2A",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method); - ktest_empty_alt_method(&ref); - } - - /****************************************************************/ - /* decode_etype_info */ - { - krb5_etype_info ref, var; - - retval = ktest_make_sample_etype_info(&ref); - if (retval) { - com_err("krb5_decode_test", retval, - "while making sample etype info"); - exit(1); - } - retval = krb5_data_hex_parse(&code,"30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32"); - if(retval){ - com_err("krb5_decode_test", retval, "while parsing etype_info"); - exit(1); - } - retval = decode_krb5_etype_info(&code,&var); - if(retval){ - com_err("krb5_decode_test", retval, "while decoding etype_info"); - } - test(ktest_equal_etype_info(ref,var),"etype_info\n"); - - ktest_destroy_etype_info(var); - ktest_destroy_etype_info_entry(ref[2]); ref[2] = 0; - ktest_destroy_etype_info_entry(ref[1]); ref[1] = 0; - krb5_free_data_contents(test_context, &code); + + /****************************************************************/ + /* decode_etype_info */ + { + krb5_etype_info ref, var; + + retval = ktest_make_sample_etype_info(&ref); + if (retval) { + com_err("krb5_decode_test", retval, + "while making sample etype info"); + exit(1); + } + retval = krb5_data_hex_parse(&code,"30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32"); + if (retval) { + com_err("krb5_decode_test", retval, "while parsing etype_info"); + exit(1); + } + retval = decode_krb5_etype_info(&code,&var); + if (retval) { + com_err("krb5_decode_test", retval, "while decoding etype_info"); + } + test(ktest_equal_etype_info(ref,var),"etype_info\n"); + + ktest_destroy_etype_info(var); + ktest_destroy_etype_info_entry(ref[2]); ref[2] = 0; + ktest_destroy_etype_info_entry(ref[1]); ref[1] = 0; + krb5_free_data_contents(test_context, &code); - retval = krb5_data_hex_parse(&code,"30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30"); - if(retval){ - com_err("krb5_decode_test", retval, - "while parsing etype_info (only one)"); - exit(1); - } - retval = decode_krb5_etype_info(&code,&var); - if(retval){ - com_err("krb5_decode_test", retval, - "while decoding etype_info (only one)"); - } - test(ktest_equal_etype_info(ref,var),"etype_info (only one)\n"); + retval = krb5_data_hex_parse(&code,"30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30"); + if (retval) { + com_err("krb5_decode_test", retval, + "while parsing etype_info (only one)"); + exit(1); + } + retval = decode_krb5_etype_info(&code,&var); + if (retval) { + com_err("krb5_decode_test", retval, + "while decoding etype_info (only one)"); + } + test(ktest_equal_etype_info(ref,var),"etype_info (only one)\n"); - ktest_destroy_etype_info(var); - ktest_destroy_etype_info_entry(ref[0]); ref[0] = 0; - krb5_free_data_contents(test_context, &code); + ktest_destroy_etype_info(var); + ktest_destroy_etype_info_entry(ref[0]); ref[0] = 0; + krb5_free_data_contents(test_context, &code); - retval = krb5_data_hex_parse(&code,"30 00"); - if(retval){ - com_err("krb5_decode_test", retval, - "while parsing etype_info (no info)"); - exit(1); - } - retval = decode_krb5_etype_info(&code,&var); - if(retval){ - com_err("krb5_decode_test", retval, - "while decoding etype_info (no info)"); - } - test(ktest_equal_etype_info(ref,var),"etype_info (no info)\n"); - - krb5_free_data_contents(test_context, &code); - ktest_destroy_etype_info(var); - ktest_destroy_etype_info(ref); - } - - /****************************************************************/ - /* decode_pa_enc_ts */ - { - setup(krb5_pa_enc_ts,"krb5_pa_enc_ts",ktest_make_sample_pa_enc_ts); - decode_run("pa_enc_ts","","30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts); - ref.pausec = 0; - decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts); - } - - /****************************************************************/ - /* decode_enc_data */ - { - setup(krb5_enc_data,"krb5_enc_data",ktest_make_sample_enc_data); - decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data); - ktest_destroy_enc_data(&ref); - } - - /****************************************************************/ - /* decode_sam_challenge */ - { - setup(krb5_sam_challenge,"krb5_sam_challenge",ktest_make_sample_sam_challenge); - decode_run("sam_challenge","","30 78 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A3 02 04 00 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A7 02 04 00 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge); - ktest_empty_sam_challenge(&ref); - - } - - /****************************************************************/ - /* decode_sam_challenge */ - { - setup(krb5_sam_challenge,"krb5_sam_challenge - no optionals",ktest_make_sample_sam_challenge); - decode_run("sam_challenge","","30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge); - ktest_empty_sam_challenge(&ref); - } - - /****************************************************************/ - /* decode_sam_response */ - { - setup(krb5_sam_response,"krb5_sam_response",ktest_make_sample_sam_response); - decode_run("sam_response","","30 6A A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 14 30 12 A0 03 02 01 01 A1 04 02 02 07 96 A2 05 04 03 6B 65 79 A4 1C 30 1A A0 03 02 01 01 A1 04 02 02 0D 36 A2 0D 04 0B 6E 6F 6E 63 65 20 6F 72 20 74 73 A5 05 02 03 54 32 10 A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_sam_response,ktest_equal_sam_response,krb5_free_sam_response); - - ktest_empty_sam_response(&ref); - } - - krb5_free_context(test_context); - exit(error_count); - return(error_count); + retval = krb5_data_hex_parse(&code,"30 00"); + if (retval) { + com_err("krb5_decode_test", retval, + "while parsing etype_info (no info)"); + exit(1); + } + retval = decode_krb5_etype_info(&code,&var); + if (retval) { + com_err("krb5_decode_test", retval, + "while decoding etype_info (no info)"); + } + test(ktest_equal_etype_info(ref,var),"etype_info (no info)\n"); + + krb5_free_data_contents(test_context, &code); + ktest_destroy_etype_info(var); + ktest_destroy_etype_info(ref); + } + + /****************************************************************/ + /* decode_pa_enc_ts */ + { + setup(krb5_pa_enc_ts,"krb5_pa_enc_ts",ktest_make_sample_pa_enc_ts); + decode_run("pa_enc_ts","","30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts); + ref.pausec = 0; + decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts); + } + + /****************************************************************/ + /* decode_enc_data */ + { + setup(krb5_enc_data,"krb5_enc_data",ktest_make_sample_enc_data); + decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data); + ktest_destroy_enc_data(&ref); + } + + /****************************************************************/ + /* decode_sam_challenge */ + { + setup(krb5_sam_challenge,"krb5_sam_challenge",ktest_make_sample_sam_challenge); + decode_run("sam_challenge","","30 78 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A3 02 04 00 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A7 02 04 00 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge); + ktest_empty_sam_challenge(&ref); + + } + + /****************************************************************/ + /* decode_sam_challenge */ + { + setup(krb5_sam_challenge,"krb5_sam_challenge - no optionals",ktest_make_sample_sam_challenge); + decode_run("sam_challenge","","30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge); + ktest_empty_sam_challenge(&ref); + } + + /****************************************************************/ + /* decode_sam_response */ + { + setup(krb5_sam_response,"krb5_sam_response",ktest_make_sample_sam_response); + decode_run("sam_response","","30 6A A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 14 30 12 A0 03 02 01 01 A1 04 02 02 07 96 A2 05 04 03 6B 65 79 A4 1C 30 1A A0 03 02 01 01 A1 04 02 02 0D 36 A2 0D 04 0B 6E 6F 6E 63 65 20 6F 72 20 74 73 A5 05 02 03 54 32 10 A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_sam_response,ktest_equal_sam_response,krb5_free_sam_response); + + ktest_empty_sam_response(&ref); + } + +#ifdef ENABLE_LDAP + /* ldap sequence_of_keys */ + { + setup(ldap_seqof_key_data,"ldap_seqof_key_data", + ktest_make_sample_ldap_seqof_key_data); + decode_run("ldap_seqof_key_data","","30 81 87 A0 03 02 01 01 A1 03 02 01 01 A2 03 02 01 2A A3 03 02 01 0E A4 71 30 6F 30 23 A0 10 30 0E A0 03 02 01 00 A1 07 04 05 73 61 6C 74 30 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 30 30 23 A0 10 30 0E A0 03 02 01 01 A1 07 04 05 73 61 6C 74 31 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 31 30 23 A0 10 30 0E A0 03 02 01 02 A1 07 04 05 73 61 6C 74 32 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 32",acc.asn1_ldap_decode_sequence_of_keys,ktest_equal_ldap_sequence_of_keys,ktest_empty_ldap_seqof_key_data); + ktest_empty_ldap_seqof_key_data(test_context, &ref); + } + +#endif + + krb5_free_context(test_context); + exit(error_count); + return(error_count); } void krb5_ktest_free_alt_method(krb5_context context, krb5_alt_method *val) { - if (val->data) - krb5_xfree(val->data); - krb5_xfree(val); + if (val->data) + krb5_xfree(val->data); + krb5_xfree(val); } void krb5_ktest_free_pwd_sequence(krb5_context context, passwd_phrase_element *val) { - krb5_free_data(context, val->passwd); - krb5_free_data(context, val->phrase); - krb5_xfree(val); + krb5_free_data(context, val->passwd); + krb5_free_data(context, val->phrase); + krb5_xfree(val); } void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val) { - if(val) { - krb5_free_data_contents(context, &(val->ciphertext)); - free(val); - } + if (val) { + krb5_free_data_contents(context, &(val->ciphertext)); + free(val); + } } diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c index a6f8694923..2da5c1e7f7 100644 --- a/src/tests/asn.1/krb5_encode_test.c +++ b/src/tests/asn.1/krb5_encode_test.c @@ -16,666 +16,698 @@ int do_trval = 0; int trval2(); static void encoder_print_results(code, typestring, description) - krb5_data *code; - char *typestring; - char *description; + krb5_data *code; + char *typestring; + char *description; { - char *code_string = NULL; - krb5_error_code retval; - int r, rlen; - - if (do_trval) { - printf("encode_krb5_%s%s:\n", typestring, description); - r = trval2(stdout, code->data, code->length, 0, &rlen); - printf("\n\n"); - if (rlen != code->length) { - printf("Error: length mismatch: was %d, parsed %d\n", - code->length, rlen); - exit(1); - } - if (r != 0) { - printf("Error: Return from trval2 is %d.\n", r); - exit(1); - } - current_appl_type = -1; /* Reset type */ - } else { - retval = asn1_krb5_data_unparse(code,&(code_string)); - if(retval) { - com_err("krb5_encode_test", retval , - "while unparsing %s", typestring); - exit(1); - } - printf("encode_krb5_%s%s: %s\n", typestring, description, - code_string); - free(code_string); + char *code_string = NULL; + krb5_error_code retval; + int r, rlen; + + if (do_trval) { + printf("encode_krb5_%s%s:\n", typestring, description); + r = trval2(stdout, code->data, code->length, 0, &rlen); + printf("\n\n"); + if (rlen < 0 || (unsigned int) rlen != code->length) { + printf("Error: length mismatch: was %d, parsed %d\n", + code->length, rlen); + exit(1); } - ktest_destroy_data(&code); + if (r != 0) { + printf("Error: Return from trval2 is %d.\n", r); + exit(1); + } + current_appl_type = -1; /* Reset type */ + } else { + retval = asn1_krb5_data_unparse(code,&(code_string)); + if (retval) { + com_err("krb5_encode_test", retval , + "while unparsing %s", typestring); + exit(1); + } + printf("encode_krb5_%s%s: %s\n", typestring, description, + code_string); + free(code_string); + } + ktest_destroy_data(&code); } static void PRS(argc, argv) - int argc; - char **argv; + int argc; + char **argv; { - extern char *optarg; - int optchar; - extern int print_types, print_krb5_types, print_id_and_len, - print_constructed_length, print_skip_context, - print_skip_tagnum, print_context_shortcut; - - while ((optchar = getopt(argc, argv, "tp:")) != -1) { - switch(optchar) { - case 't': - do_trval = 1; - break; - case 'p': - sample_principal_name = optarg; - break; - case '?': - default: - fprintf(stderr, "Usage: %s [-t] [-p principal]\n", - argv[0]); - exit(1); - } + extern char *optarg; + int optchar; + extern int print_types, print_krb5_types, print_id_and_len, + print_constructed_length, print_skip_context, + print_skip_tagnum, print_context_shortcut; + + while ((optchar = getopt(argc, argv, "tp:")) != -1) { + switch(optchar) { + case 't': + do_trval = 1; + break; + case 'p': + sample_principal_name = optarg; + break; + case '?': + default: + fprintf(stderr, "Usage: %s [-t] [-p principal]\n", + argv[0]); + exit(1); } - print_types = 1; - print_krb5_types = 1; - print_id_and_len = 0; - print_constructed_length = 0; - print_skip_context = 1; - print_skip_tagnum = 1; - print_context_shortcut = 1; + } + print_types = 1; + print_krb5_types = 1; + print_id_and_len = 0; + print_constructed_length = 0; + print_skip_context = 1; + print_skip_tagnum = 1; + print_context_shortcut = 1; } int main(argc, argv) - int argc; - char **argv; + int argc; + char **argv; { - krb5_data *code; - krb5_error_code retval; + krb5_data *code; + krb5_error_code retval; - PRS(argc, argv); + PRS(argc, argv); - retval = krb5_init_context(&test_context); - if (retval) { - com_err(argv[0], retval, "while initializing krb5"); - exit(1); - } + retval = krb5_init_context(&test_context); + if (retval) { + com_err(argv[0], retval, "while initializing krb5"); + exit(1); + } + init_access(argv[0]); -#define setup(value,type,typestring,constructor)\ - retval = constructor(&(value));\ - if(retval){\ - com_err("krb5_encode_test", retval, "while making sample %s", typestring);\ - exit(1);\ - } +#define setup(value,type,typestring,constructor) \ + retval = constructor(&(value)); \ + if (retval) { \ + com_err("krb5_encode_test", retval, "while making sample %s", typestring); \ + exit(1); \ + } -#define encode_run(value,type,typestring,description,encoder)\ - retval = encoder(&(value),&(code));\ - if(retval){\ - com_err("krb5_encode_test", retval,"while encoding %s", typestring);\ - exit(1);\ - }\ - encoder_print_results(code, typestring, description); +#define encode_run(value,type,typestring,description,encoder) \ + retval = encoder(&(value),&(code)); \ + if (retval) { \ + com_err("krb5_encode_test", retval,"while encoding %s", typestring); \ + exit(1); \ + } \ + encoder_print_results(code, typestring, description); - /****************************************************************/ - /* encode_krb5_authenticator */ - { - krb5_authenticator authent; - setup(authent,authenticator,"authenticator",ktest_make_sample_authenticator); - - encode_run(authent,authenticator,"authenticator","",encode_krb5_authenticator); - - ktest_destroy_checksum(&(authent.checksum)); - ktest_destroy_keyblock(&(authent.subkey)); - authent.seq_number = 0; - ktest_empty_authorization_data(authent.authorization_data); - encode_run(authent,authenticator,"authenticator","(optionals empty)",encode_krb5_authenticator); - - ktest_destroy_authorization_data(&(authent.authorization_data)); - encode_run(authent,authenticator,"authenticator","(optionals NULL)",encode_krb5_authenticator); - ktest_empty_authenticator(&authent); - } + /****************************************************************/ + /* encode_krb5_authenticator */ + { + krb5_authenticator authent; + setup(authent,authenticator,"authenticator",ktest_make_sample_authenticator); + + encode_run(authent,authenticator,"authenticator","",encode_krb5_authenticator); + + ktest_destroy_checksum(&(authent.checksum)); + ktest_destroy_keyblock(&(authent.subkey)); + authent.seq_number = 0; + ktest_empty_authorization_data(authent.authorization_data); + encode_run(authent,authenticator,"authenticator","(optionals empty)",encode_krb5_authenticator); + + ktest_destroy_authorization_data(&(authent.authorization_data)); + encode_run(authent,authenticator,"authenticator","(optionals NULL)",encode_krb5_authenticator); + ktest_empty_authenticator(&authent); + } - /****************************************************************/ - /* encode_krb5_ticket */ - { - krb5_ticket tkt; - setup(tkt,ticket,"ticket",ktest_make_sample_ticket); - encode_run(tkt,ticket,"ticket","",encode_krb5_ticket); - ktest_empty_ticket(&tkt); - } + /****************************************************************/ + /* encode_krb5_ticket */ + { + krb5_ticket tkt; + setup(tkt,ticket,"ticket",ktest_make_sample_ticket); + encode_run(tkt,ticket,"ticket","",encode_krb5_ticket); + ktest_empty_ticket(&tkt); + } - /****************************************************************/ - /* encode_krb5_encryption_key */ - { - krb5_keyblock keyblk; - setup(keyblk,keyblock,"keyblock",ktest_make_sample_keyblock); - current_appl_type = 1005; - encode_run(keyblk,keyblock,"keyblock","",encode_krb5_encryption_key); - ktest_empty_keyblock(&keyblk); - } + /****************************************************************/ + /* encode_krb5_encryption_key */ + { + krb5_keyblock keyblk; + setup(keyblk,keyblock,"keyblock",ktest_make_sample_keyblock); + current_appl_type = 1005; + encode_run(keyblk,keyblock,"keyblock","",encode_krb5_encryption_key); + ktest_empty_keyblock(&keyblk); + } - /****************************************************************/ - /* encode_krb5_enc_tkt_part */ - { - krb5_ticket tkt; - memset(&tkt, 0, sizeof(krb5_ticket)); - tkt.enc_part2 = (krb5_enc_tkt_part*)calloc(1,sizeof(krb5_enc_tkt_part)); - if(tkt.enc_part2 == NULL) com_err("allocating enc_tkt_part",errno,""); - setup(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part",ktest_make_sample_enc_tkt_part); + /****************************************************************/ + /* encode_krb5_enc_tkt_part */ + { + krb5_ticket tkt; + memset(&tkt, 0, sizeof(krb5_ticket)); + tkt.enc_part2 = (krb5_enc_tkt_part*)calloc(1,sizeof(krb5_enc_tkt_part)); + if (tkt.enc_part2 == NULL) com_err("allocating enc_tkt_part",errno,""); + setup(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part",ktest_make_sample_enc_tkt_part); - encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","",encode_krb5_enc_tkt_part); + encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","",encode_krb5_enc_tkt_part); - tkt.enc_part2->times.starttime = 0; - tkt.enc_part2->times.renew_till = 0; - ktest_destroy_address(&(tkt.enc_part2->caddrs[1])); - ktest_destroy_address(&(tkt.enc_part2->caddrs[0])); - ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1])); - ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0])); + tkt.enc_part2->times.starttime = 0; + tkt.enc_part2->times.renew_till = 0; + ktest_destroy_address(&(tkt.enc_part2->caddrs[1])); + ktest_destroy_address(&(tkt.enc_part2->caddrs[0])); + ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1])); + ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0])); - /* ISODE version fails on the empty caddrs field */ - ktest_destroy_addresses(&(tkt.enc_part2->caddrs)); - ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data)); + /* ISODE version fails on the empty caddrs field */ + ktest_destroy_addresses(&(tkt.enc_part2->caddrs)); + ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data)); - encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","(optionals NULL)",encode_krb5_enc_tkt_part); - ktest_empty_ticket(&tkt); - } + encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","(optionals NULL)",encode_krb5_enc_tkt_part); + ktest_empty_ticket(&tkt); + } - /****************************************************************/ - /* encode_krb5_enc_kdc_rep_part */ - { - krb5_kdc_rep kdcr; + /****************************************************************/ + /* encode_krb5_enc_kdc_rep_part */ + { + krb5_kdc_rep kdcr; - memset(&kdcr, 0, sizeof(kdcr)); + memset(&kdcr, 0, sizeof(kdcr)); - kdcr.enc_part2 = (krb5_enc_kdc_rep_part*) - calloc(1,sizeof(krb5_enc_kdc_rep_part)); - if(kdcr.enc_part2 == NULL) com_err("allocating enc_kdc_rep_part",errno,""); - setup(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part); + kdcr.enc_part2 = (krb5_enc_kdc_rep_part*) + calloc(1,sizeof(krb5_enc_kdc_rep_part)); + if (kdcr.enc_part2 == NULL) com_err("allocating enc_kdc_rep_part",errno,""); + setup(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part); - encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","",encode_krb5_enc_kdc_rep_part); + encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","",encode_krb5_enc_kdc_rep_part); - kdcr.enc_part2->key_exp = 0; - kdcr.enc_part2->times.starttime = 0; - kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE; - ktest_destroy_addresses(&(kdcr.enc_part2->caddrs)); + kdcr.enc_part2->key_exp = 0; + kdcr.enc_part2->times.starttime = 0; + kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE; + ktest_destroy_addresses(&(kdcr.enc_part2->caddrs)); - encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","(optionals NULL)",encode_krb5_enc_kdc_rep_part); + encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","(optionals NULL)",encode_krb5_enc_kdc_rep_part); - ktest_empty_kdc_rep(&kdcr); - } + ktest_empty_kdc_rep(&kdcr); + } - /****************************************************************/ - /* encode_krb5_as_rep */ - { - krb5_kdc_rep kdcr; - setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep); + /****************************************************************/ + /* encode_krb5_as_rep */ + { + krb5_kdc_rep kdcr; + setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep); /* kdcr.msg_type = KRB5_TGS_REP; - test(encode_krb5_as_rep(&kdcr,&code) == KRB5_BADMSGTYPE, - "encode_krb5_as_rep type check\n"); - ktest_destroy_data(&code);*/ + test(encode_krb5_as_rep(&kdcr,&code) == KRB5_BADMSGTYPE, + "encode_krb5_as_rep type check\n"); + ktest_destroy_data(&code);*/ - kdcr.msg_type = KRB5_AS_REP; - encode_run(kdcr,as_rep,"as_rep","",encode_krb5_as_rep); + kdcr.msg_type = KRB5_AS_REP; + encode_run(kdcr,as_rep,"as_rep","",encode_krb5_as_rep); - ktest_destroy_pa_data_array(&(kdcr.padata)); - encode_run(kdcr,as_rep,"as_rep","(optionals NULL)",encode_krb5_as_rep); + ktest_destroy_pa_data_array(&(kdcr.padata)); + encode_run(kdcr,as_rep,"as_rep","(optionals NULL)",encode_krb5_as_rep); - ktest_empty_kdc_rep(&kdcr); + ktest_empty_kdc_rep(&kdcr); - } + } - /****************************************************************/ - /* encode_krb5_tgs_rep */ - { - krb5_kdc_rep kdcr; - setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep); + /****************************************************************/ + /* encode_krb5_tgs_rep */ + { + krb5_kdc_rep kdcr; + setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep); /* kdcr.msg_type = KRB5_AS_REP; - test(encode_krb5_tgs_rep(&kdcr,&code) == KRB5_BADMSGTYPE, - "encode_krb5_tgs_rep type check\n");*/ + test(encode_krb5_tgs_rep(&kdcr,&code) == KRB5_BADMSGTYPE, + "encode_krb5_tgs_rep type check\n");*/ - kdcr.msg_type = KRB5_TGS_REP; - encode_run(kdcr,tgs_rep,"tgs_rep","",encode_krb5_tgs_rep); + kdcr.msg_type = KRB5_TGS_REP; + encode_run(kdcr,tgs_rep,"tgs_rep","",encode_krb5_tgs_rep); - ktest_destroy_pa_data_array(&(kdcr.padata)); - encode_run(kdcr,tgs_rep,"tgs_rep","(optionals NULL)",encode_krb5_tgs_rep); + ktest_destroy_pa_data_array(&(kdcr.padata)); + encode_run(kdcr,tgs_rep,"tgs_rep","(optionals NULL)",encode_krb5_tgs_rep); - ktest_empty_kdc_rep(&kdcr); + ktest_empty_kdc_rep(&kdcr); - } + } - /****************************************************************/ - /* encode_krb5_ap_req */ - { - krb5_ap_req apreq; - setup(apreq,ap_req,"ap_req",ktest_make_sample_ap_req); - encode_run(apreq,ap_req,"ap_req","",encode_krb5_ap_req); - ktest_empty_ap_req(&apreq); - } - - /****************************************************************/ - /* encode_krb5_ap_rep */ - { - krb5_ap_rep aprep; - setup(aprep,ap_rep,"ap_rep",ktest_make_sample_ap_rep); - encode_run(aprep,ap_rep,"ap_rep","",encode_krb5_ap_rep); - ktest_empty_ap_rep(&aprep); - } - - /****************************************************************/ - /* encode_krb5_ap_rep_enc_part */ - { - krb5_ap_rep_enc_part apenc; - setup(apenc,ap_rep_enc_part,"ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part); - encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","",encode_krb5_ap_rep_enc_part); + /****************************************************************/ + /* encode_krb5_ap_req */ + { + krb5_ap_req apreq; + setup(apreq,ap_req,"ap_req",ktest_make_sample_ap_req); + encode_run(apreq,ap_req,"ap_req","",encode_krb5_ap_req); + ktest_empty_ap_req(&apreq); + } + + /****************************************************************/ + /* encode_krb5_ap_rep */ + { + krb5_ap_rep aprep; + setup(aprep,ap_rep,"ap_rep",ktest_make_sample_ap_rep); + encode_run(aprep,ap_rep,"ap_rep","",encode_krb5_ap_rep); + ktest_empty_ap_rep(&aprep); + } + + /****************************************************************/ + /* encode_krb5_ap_rep_enc_part */ + { + krb5_ap_rep_enc_part apenc; + setup(apenc,ap_rep_enc_part,"ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part); + encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","",encode_krb5_ap_rep_enc_part); - ktest_destroy_keyblock(&(apenc.subkey)); - apenc.seq_number = 0; - encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","(optionals NULL)",encode_krb5_ap_rep_enc_part); - ktest_empty_ap_rep_enc_part(&apenc); - } + ktest_destroy_keyblock(&(apenc.subkey)); + apenc.seq_number = 0; + encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","(optionals NULL)",encode_krb5_ap_rep_enc_part); + ktest_empty_ap_rep_enc_part(&apenc); + } - /****************************************************************/ - /* encode_krb5_as_req */ - { - krb5_kdc_req asreq; - setup(asreq,kdc_req,"kdc_req",ktest_make_sample_kdc_req); - asreq.msg_type = KRB5_AS_REQ; - asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - encode_run(asreq,as_req,"as_req","",encode_krb5_as_req); - - ktest_destroy_pa_data_array(&(asreq.padata)); - ktest_destroy_principal(&(asreq.client)); + /****************************************************************/ + /* encode_krb5_as_req */ + { + krb5_kdc_req asreq; + setup(asreq,kdc_req,"kdc_req",ktest_make_sample_kdc_req); + asreq.msg_type = KRB5_AS_REQ; + asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + encode_run(asreq,as_req,"as_req","",encode_krb5_as_req); + + ktest_destroy_pa_data_array(&(asreq.padata)); + ktest_destroy_principal(&(asreq.client)); #ifndef ISODE_SUCKS - ktest_destroy_principal(&(asreq.server)); + ktest_destroy_principal(&(asreq.server)); #endif - asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; - asreq.from = 0; - asreq.rtime = 0; - ktest_destroy_addresses(&(asreq.addresses)); - ktest_destroy_enc_data(&(asreq.authorization_data)); - encode_run(asreq,as_req,"as_req","(optionals NULL except second_ticket)",encode_krb5_as_req); - ktest_destroy_sequence_of_ticket(&(asreq.second_ticket)); + asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + asreq.from = 0; + asreq.rtime = 0; + ktest_destroy_addresses(&(asreq.addresses)); + ktest_destroy_enc_data(&(asreq.authorization_data)); + encode_run(asreq,as_req,"as_req","(optionals NULL except second_ticket)",encode_krb5_as_req); + ktest_destroy_sequence_of_ticket(&(asreq.second_ticket)); #ifndef ISODE_SUCKS - ktest_make_sample_principal(&(asreq.server)); + ktest_make_sample_principal(&(asreq.server)); #endif - asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - encode_run(asreq,as_req,"as_req","(optionals NULL except server)",encode_krb5_as_req); - ktest_empty_kdc_req(&asreq); - } + asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + encode_run(asreq,as_req,"as_req","(optionals NULL except server)",encode_krb5_as_req); + ktest_empty_kdc_req(&asreq); + } - /****************************************************************/ - /* encode_krb5_tgs_req */ - { - krb5_kdc_req tgsreq; - setup(tgsreq,kdc_req,"kdc_req",ktest_make_sample_kdc_req); - tgsreq.msg_type = KRB5_TGS_REQ; - tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - encode_run(tgsreq,tgs_req,"tgs_req","",encode_krb5_tgs_req); - - ktest_destroy_pa_data_array(&(tgsreq.padata)); - ktest_destroy_principal(&(tgsreq.client)); + /****************************************************************/ + /* encode_krb5_tgs_req */ + { + krb5_kdc_req tgsreq; + setup(tgsreq,kdc_req,"kdc_req",ktest_make_sample_kdc_req); + tgsreq.msg_type = KRB5_TGS_REQ; + tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + encode_run(tgsreq,tgs_req,"tgs_req","",encode_krb5_tgs_req); + + ktest_destroy_pa_data_array(&(tgsreq.padata)); + ktest_destroy_principal(&(tgsreq.client)); #ifndef ISODE_SUCKS - ktest_destroy_principal(&(tgsreq.server)); + ktest_destroy_principal(&(tgsreq.server)); #endif - tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; - tgsreq.from = 0; - tgsreq.rtime = 0; - ktest_destroy_addresses(&(tgsreq.addresses)); - ktest_destroy_enc_data(&(tgsreq.authorization_data)); - encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except second_ticket)",encode_krb5_tgs_req); - - ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket)); + tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + tgsreq.from = 0; + tgsreq.rtime = 0; + ktest_destroy_addresses(&(tgsreq.addresses)); + ktest_destroy_enc_data(&(tgsreq.authorization_data)); + encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except second_ticket)",encode_krb5_tgs_req); + + ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket)); #ifndef ISODE_SUCKS - ktest_make_sample_principal(&(tgsreq.server)); + ktest_make_sample_principal(&(tgsreq.server)); #endif - tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except server)",encode_krb5_tgs_req); + tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except server)",encode_krb5_tgs_req); - ktest_empty_kdc_req(&tgsreq); - } + ktest_empty_kdc_req(&tgsreq); + } - /****************************************************************/ - /* encode_krb5_kdc_req_body */ - { - krb5_kdc_req kdcrb; - memset(&kdcrb, 0, sizeof(kdcrb)); - setup(kdcrb,kdc_req_body,"kdc_req_body",ktest_make_sample_kdc_req_body); - kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - current_appl_type = 1007; /* Force interpretation as kdc-req-body */ - encode_run(kdcrb,kdc_req_body,"kdc_req_body","",encode_krb5_kdc_req_body); - - ktest_destroy_principal(&(kdcrb.client)); + /****************************************************************/ + /* encode_krb5_kdc_req_body */ + { + krb5_kdc_req kdcrb; + memset(&kdcrb, 0, sizeof(kdcrb)); + setup(kdcrb,kdc_req_body,"kdc_req_body",ktest_make_sample_kdc_req_body); + kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + current_appl_type = 1007; /* Force interpretation as kdc-req-body */ + encode_run(kdcrb,kdc_req_body,"kdc_req_body","",encode_krb5_kdc_req_body); + + ktest_destroy_principal(&(kdcrb.client)); #ifndef ISODE_SUCKS - ktest_destroy_principal(&(kdcrb.server)); + ktest_destroy_principal(&(kdcrb.server)); #endif - kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; - kdcrb.from = 0; - kdcrb.rtime = 0; - ktest_destroy_addresses(&(kdcrb.addresses)); - ktest_destroy_enc_data(&(kdcrb.authorization_data)); - current_appl_type = 1007; /* Force interpretation as kdc-req-body */ - encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except second_ticket)",encode_krb5_kdc_req_body); - - ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket)); + kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY; + kdcrb.from = 0; + kdcrb.rtime = 0; + ktest_destroy_addresses(&(kdcrb.addresses)); + ktest_destroy_enc_data(&(kdcrb.authorization_data)); + current_appl_type = 1007; /* Force interpretation as kdc-req-body */ + encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except second_ticket)",encode_krb5_kdc_req_body); + + ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket)); #ifndef ISODE_SUCKS - ktest_make_sample_principal(&(kdcrb.server)); + ktest_make_sample_principal(&(kdcrb.server)); #endif - kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; - current_appl_type = 1007; /* Force interpretation as kdc-req-body */ - encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except server)",encode_krb5_kdc_req_body); + kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY; + current_appl_type = 1007; /* Force interpretation as kdc-req-body */ + encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except server)",encode_krb5_kdc_req_body); - ktest_empty_kdc_req(&kdcrb); - } - - /****************************************************************/ - /* encode_krb5_safe */ - { - krb5_safe s; - setup(s,safe,"safe",ktest_make_sample_safe); - encode_run(s,safe,"safe","",encode_krb5_safe); - - s.timestamp = 0; - /* s.usec should be opted out by the timestamp */ - s.seq_number = 0; - ktest_destroy_address(&(s.r_address)); - encode_run(s,safe,"safe","(optionals NULL)",encode_krb5_safe); - - ktest_empty_safe(&s); - } + ktest_empty_kdc_req(&kdcrb); + } - /****************************************************************/ - /* encode_krb5_priv */ - { - krb5_priv p; - setup(p,priv,"priv",ktest_make_sample_priv); - encode_run(p,priv,"priv","",encode_krb5_priv); - ktest_empty_priv(&p); - } + /****************************************************************/ + /* encode_krb5_safe */ + { + krb5_safe s; + setup(s,safe,"safe",ktest_make_sample_safe); + encode_run(s,safe,"safe","",encode_krb5_safe); + + s.timestamp = 0; + /* s.usec should be opted out by the timestamp */ + s.seq_number = 0; + ktest_destroy_address(&(s.r_address)); + encode_run(s,safe,"safe","(optionals NULL)",encode_krb5_safe); + + ktest_empty_safe(&s); + } - /****************************************************************/ - /* encode_krb5_enc_priv_part */ - { - krb5_priv_enc_part ep; - setup(ep,priv_enc_part,"priv_enc_part",ktest_make_sample_priv_enc_part); - encode_run(ep,enc_priv_part,"enc_priv_part","",encode_krb5_enc_priv_part); - - ep.timestamp = 0; - /* ep.usec should be opted out along with timestamp */ - ep.seq_number = 0; - ktest_destroy_address(&(ep.r_address)); - encode_run(ep,enc_priv_part,"enc_priv_part","(optionals NULL)",encode_krb5_enc_priv_part); - - ktest_empty_priv_enc_part(&ep); - } + /****************************************************************/ + /* encode_krb5_priv */ + { + krb5_priv p; + setup(p,priv,"priv",ktest_make_sample_priv); + encode_run(p,priv,"priv","",encode_krb5_priv); + ktest_empty_priv(&p); + } - /****************************************************************/ - /* encode_krb5_cred */ - { - krb5_cred c; - setup(c,cred,"cred",ktest_make_sample_cred); - encode_run(c,cred,"cred","",encode_krb5_cred); - ktest_empty_cred(&c); - } + /****************************************************************/ + /* encode_krb5_enc_priv_part */ + { + krb5_priv_enc_part ep; + setup(ep,priv_enc_part,"priv_enc_part",ktest_make_sample_priv_enc_part); + encode_run(ep,enc_priv_part,"enc_priv_part","",encode_krb5_enc_priv_part); + + ep.timestamp = 0; + /* ep.usec should be opted out along with timestamp */ + ep.seq_number = 0; + ktest_destroy_address(&(ep.r_address)); + encode_run(ep,enc_priv_part,"enc_priv_part","(optionals NULL)",encode_krb5_enc_priv_part); + + ktest_empty_priv_enc_part(&ep); + } - /****************************************************************/ - /* encode_krb5_enc_cred_part */ - { - krb5_cred_enc_part cep; - setup(cep,cred_enc_part,"cred_enc_part",ktest_make_sample_cred_enc_part); - encode_run(cep,enc_cred_part,"enc_cred_part","",encode_krb5_enc_cred_part); - - ktest_destroy_principal(&(cep.ticket_info[0]->client)); - ktest_destroy_principal(&(cep.ticket_info[0]->server)); - cep.ticket_info[0]->flags = 0; - cep.ticket_info[0]->times.authtime = 0; - cep.ticket_info[0]->times.starttime = 0; - cep.ticket_info[0]->times.endtime = 0; - cep.ticket_info[0]->times.renew_till = 0; - ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs)); - cep.nonce = 0; - cep.timestamp = 0; - ktest_destroy_address(&(cep.s_address)); - ktest_destroy_address(&(cep.r_address)); - encode_run(cep,enc_cred_part,"enc_cred_part","(optionals NULL)",encode_krb5_enc_cred_part); - - ktest_empty_cred_enc_part(&cep); - } + /****************************************************************/ + /* encode_krb5_cred */ + { + krb5_cred c; + setup(c,cred,"cred",ktest_make_sample_cred); + encode_run(c,cred,"cred","",encode_krb5_cred); + ktest_empty_cred(&c); + } - /****************************************************************/ - /* encode_krb5_error */ - { - krb5_error kerr; - setup(kerr,error,"error",ktest_make_sample_error); - encode_run(kerr,error,"error","",encode_krb5_error); - - kerr.ctime = 0; - ktest_destroy_principal(&(kerr.client)); - ktest_empty_data(&(kerr.text)); - ktest_empty_data(&(kerr.e_data)); - encode_run(kerr,error,"error","(optionals NULL)",encode_krb5_error); - - ktest_empty_error(&kerr); - } + /****************************************************************/ + /* encode_krb5_enc_cred_part */ + { + krb5_cred_enc_part cep; + setup(cep,cred_enc_part,"cred_enc_part",ktest_make_sample_cred_enc_part); + encode_run(cep,enc_cred_part,"enc_cred_part","",encode_krb5_enc_cred_part); + + ktest_destroy_principal(&(cep.ticket_info[0]->client)); + ktest_destroy_principal(&(cep.ticket_info[0]->server)); + cep.ticket_info[0]->flags = 0; + cep.ticket_info[0]->times.authtime = 0; + cep.ticket_info[0]->times.starttime = 0; + cep.ticket_info[0]->times.endtime = 0; + cep.ticket_info[0]->times.renew_till = 0; + ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs)); + cep.nonce = 0; + cep.timestamp = 0; + ktest_destroy_address(&(cep.s_address)); + ktest_destroy_address(&(cep.r_address)); + encode_run(cep,enc_cred_part,"enc_cred_part","(optionals NULL)",encode_krb5_enc_cred_part); + + ktest_empty_cred_enc_part(&cep); + } - /****************************************************************/ - /* encode_krb5_authdata */ - { - krb5_authdata **ad; - setup(ad,authorization_data,"authorization_data",ktest_make_sample_authorization_data); - - retval = encode_krb5_authdata((const krb5_authdata**)ad,&(code)); - if(retval) { - com_err("encoding authorization_data",retval,""); - exit(1); + /****************************************************************/ + /* encode_krb5_error */ + { + krb5_error kerr; + setup(kerr,error,"error",ktest_make_sample_error); + encode_run(kerr,error,"error","",encode_krb5_error); + + kerr.ctime = 0; + ktest_destroy_principal(&(kerr.client)); + ktest_empty_data(&(kerr.text)); + ktest_empty_data(&(kerr.e_data)); + encode_run(kerr,error,"error","(optionals NULL)",encode_krb5_error); + + ktest_empty_error(&kerr); } - current_appl_type = 1004; /* Force type to be authdata */ - encoder_print_results(code, "authorization_data", ""); - - ktest_destroy_authorization_data(&ad); - } - /****************************************************************/ - /* encode_pwd_sequence */ - { - passwd_phrase_element ppe; - setup(ppe,passwd_phrase_element,"PasswdSequence",ktest_make_sample_passwd_phrase_element); - encode_run(ppe,passwd_phrase_element,"pwd_sequence","",encode_krb5_pwd_sequence); - ktest_empty_passwd_phrase_element(&ppe); - } + /****************************************************************/ + /* encode_krb5_authdata */ + { + krb5_authdata **ad; + setup(ad,authorization_data,"authorization_data",ktest_make_sample_authorization_data); + + retval = encode_krb5_authdata(ad,&(code)); + if (retval) { + com_err("encoding authorization_data",retval,""); + exit(1); + } + current_appl_type = 1004; /* Force type to be authdata */ + encoder_print_results(code, "authorization_data", ""); - /****************************************************************/ - /* encode_passwd_data */ - { - krb5_pwd_data pd; - setup(pd,krb5_pwd_data,"PasswdData",ktest_make_sample_krb5_pwd_data); - encode_run(pd,krb5_pwd_data,"pwd_data","",encode_krb5_pwd_data); - ktest_empty_pwd_data(&pd); - } + ktest_destroy_authorization_data(&ad); + } + + /****************************************************************/ + /* encode_pwd_sequence */ + { + passwd_phrase_element ppe; + setup(ppe,passwd_phrase_element,"PasswdSequence",ktest_make_sample_passwd_phrase_element); + encode_run(ppe,passwd_phrase_element,"pwd_sequence","",encode_krb5_pwd_sequence); + ktest_empty_passwd_phrase_element(&ppe); + } - /****************************************************************/ - /* encode_padata_sequence */ - { - krb5_pa_data **pa; - - setup(pa,krb5_pa_data,"PreauthData",ktest_make_sample_pa_data_array); - retval = encode_krb5_padata_sequence((const krb5_pa_data**)pa,&(code)); - if(retval) { - com_err("encoding padata_sequence",retval,""); - exit(1); + /****************************************************************/ + /* encode_passwd_data */ + { + krb5_pwd_data pd; + setup(pd,krb5_pwd_data,"PasswdData",ktest_make_sample_krb5_pwd_data); + encode_run(pd,krb5_pwd_data,"pwd_data","",encode_krb5_pwd_data); + ktest_empty_pwd_data(&pd); } - encoder_print_results(code, "padata_sequence", ""); - - ktest_destroy_pa_data_array(&pa); - } - /****************************************************************/ - /* encode_padata_sequence (empty) */ - { - krb5_pa_data **pa; + /****************************************************************/ + /* encode_padata_sequence */ + { + krb5_pa_data **pa; - setup(pa,krb5_pa_data,"EmptyPreauthData",ktest_make_sample_empty_pa_data_array); - retval = encode_krb5_padata_sequence((const krb5_pa_data**)pa,&(code)); - if(retval) { - com_err("encoding padata_sequence(empty)",retval,""); - exit(1); + setup(pa,krb5_pa_data,"PreauthData",ktest_make_sample_pa_data_array); + retval = encode_krb5_padata_sequence(pa,&(code)); + if (retval) { + com_err("encoding padata_sequence",retval,""); + exit(1); + } + encoder_print_results(code, "padata_sequence", ""); + + ktest_destroy_pa_data_array(&pa); } - encoder_print_results(code, "padata_sequence(empty)", ""); - - ktest_destroy_pa_data_array(&pa); - } - /****************************************************************/ - /* encode_alt_method */ - { - krb5_alt_method am; - setup(am,krb5_alt_method,"AltMethod",ktest_make_sample_alt_method); - encode_run(am,krb5_alt_method,"alt_method","",encode_krb5_alt_method); - am.length = 0; - if (am.data) - free(am.data); - am.data = 0; - encode_run(am,krb5_alt_method,"alt_method (no data)","", - encode_krb5_alt_method); - ktest_empty_alt_method(&am); - } - - /****************************************************************/ - /* encode_etype_info */ - { - krb5_etype_info_entry **info; + /****************************************************************/ + /* encode_padata_sequence (empty) */ + { + krb5_pa_data **pa; - setup(info,krb5_etype_info_entry **,"etype_info", - ktest_make_sample_etype_info); - retval = encode_krb5_etype_info((const krb5_etype_info_entry **)info,&(code)); - if(retval) { - com_err("encoding etype_info",retval,""); - exit(1); - } - encoder_print_results(code, "etype_info", ""); - ktest_destroy_etype_info_entry(info[2]); info[2] = 0; - ktest_destroy_etype_info_entry(info[1]); info[1] = 0; + setup(pa,krb5_pa_data,"EmptyPreauthData",ktest_make_sample_empty_pa_data_array); + retval = encode_krb5_padata_sequence(pa,&(code)); + if (retval) { + com_err("encoding padata_sequence(empty)",retval,""); + exit(1); + } + encoder_print_results(code, "padata_sequence(empty)", ""); - retval = encode_krb5_etype_info((const krb5_etype_info_entry **)info,&(code)); - if(retval) { - com_err("encoding etype_info (only 1)",retval,""); - exit(1); + ktest_destroy_pa_data_array(&pa); } - encoder_print_results(code, "etype_info (only 1)", ""); - ktest_destroy_etype_info_entry(info[0]); info[0] = 0; - - retval = encode_krb5_etype_info((const krb5_etype_info_entry **)info,&(code)); - if(retval) { - com_err("encoding etype_info (no info)",retval,""); - exit(1); + /****************************************************************/ + /* encode_alt_method */ + { + krb5_alt_method am; + setup(am,krb5_alt_method,"AltMethod",ktest_make_sample_alt_method); + encode_run(am,krb5_alt_method,"alt_method","",encode_krb5_alt_method); + am.length = 0; + if (am.data) + free(am.data); + am.data = 0; + encode_run(am,krb5_alt_method,"alt_method (no data)","", + encode_krb5_alt_method); + ktest_empty_alt_method(&am); } - encoder_print_results(code, "etype_info (no info)", ""); - ktest_destroy_etype_info(info); - } + /****************************************************************/ + /* encode_etype_info */ + { + krb5_etype_info_entry **info; + + setup(info,krb5_etype_info_entry **,"etype_info", + ktest_make_sample_etype_info); + retval = encode_krb5_etype_info(info,&(code)); + if (retval) { + com_err("encoding etype_info",retval,""); + exit(1); + } + encoder_print_results(code, "etype_info", ""); + ktest_destroy_etype_info_entry(info[2]); info[2] = 0; + ktest_destroy_etype_info_entry(info[1]); info[1] = 0; + + retval = encode_krb5_etype_info(info,&(code)); + if (retval) { + com_err("encoding etype_info (only 1)",retval,""); + exit(1); + } + encoder_print_results(code, "etype_info (only 1)", ""); - /* encode_etype_info 2*/ - { - krb5_etype_info_entry **info; + ktest_destroy_etype_info_entry(info[0]); info[0] = 0; - setup(info,krb5_etype_info_entry **,"etype_info2", - ktest_make_sample_etype_info2); - retval = encode_krb5_etype_info2((const krb5_etype_info_entry **)info,&(code)); - if(retval) { - com_err("encoding etype_info",retval,""); - exit(1); - } - encoder_print_results(code, "etype_info2", ""); - ktest_destroy_etype_info_entry(info[2]); info[2] = 0; - ktest_destroy_etype_info_entry(info[1]); info[1] = 0; + retval = encode_krb5_etype_info(info,&(code)); + if (retval) { + com_err("encoding etype_info (no info)",retval,""); + exit(1); + } + encoder_print_results(code, "etype_info (no info)", ""); - retval = encode_krb5_etype_info2((const krb5_etype_info_entry **)info,&(code)); - if(retval) { - com_err("encoding etype_info (only 1)",retval,""); - exit(1); + ktest_destroy_etype_info(info); } - encoder_print_results(code, "etype_info2 (only 1)", ""); - ktest_destroy_etype_info(info); + /* encode_etype_info 2*/ + { + krb5_etype_info_entry **info; + + setup(info,krb5_etype_info_entry **,"etype_info2", + ktest_make_sample_etype_info2); + retval = encode_krb5_etype_info2(info,&(code)); + if (retval) { + com_err("encoding etype_info",retval,""); + exit(1); + } + encoder_print_results(code, "etype_info2", ""); + ktest_destroy_etype_info_entry(info[2]); info[2] = 0; + ktest_destroy_etype_info_entry(info[1]); info[1] = 0; + + retval = encode_krb5_etype_info2(info,&(code)); + if (retval) { + com_err("encoding etype_info (only 1)",retval,""); + exit(1); + } + encoder_print_results(code, "etype_info2 (only 1)", ""); + + ktest_destroy_etype_info(info); /* ktest_destroy_etype_info_entry(info[0]); info[0] = 0;*/ - } + } - /****************************************************************/ - /* encode_pa_enc_ts */ - { - krb5_pa_enc_ts pa_enc; - setup(pa_enc,krb5_pa_enc_ts,"pa_enc_ts",ktest_make_sample_pa_enc_ts); - encode_run(pa_enc,krb5_pa_enc_ts,"pa_enc_ts","",encode_krb5_pa_enc_ts); - pa_enc.pausec = 0; - encode_run(pa_enc,krb5_pa_enc_ts,"pa_enc_ts (no usec)","",encode_krb5_pa_enc_ts); - } + /****************************************************************/ + /* encode_pa_enc_ts */ + { + krb5_pa_enc_ts pa_enc; + setup(pa_enc,krb5_pa_enc_ts,"pa_enc_ts",ktest_make_sample_pa_enc_ts); + encode_run(pa_enc,krb5_pa_enc_ts,"pa_enc_ts","",encode_krb5_pa_enc_ts); + pa_enc.pausec = 0; + encode_run(pa_enc,krb5_pa_enc_ts,"pa_enc_ts (no usec)","",encode_krb5_pa_enc_ts); + } + /****************************************************************/ + /* encode_enc_data */ + { + krb5_enc_data enc_data; + setup(enc_data,krb5_enc_data,"enc_data",ktest_make_sample_enc_data); + current_appl_type = 1001; + encode_run(enc_data,krb5_enc_data,"enc_data","",encode_krb5_enc_data); + ktest_destroy_enc_data(&enc_data); + } + /****************************************************************/ + /* encode_krb5_sam_challenge */ + { + krb5_sam_challenge sam_ch; + setup(sam_ch,krb5_sam_challenge,"sam_challenge", + ktest_make_sample_sam_challenge); + encode_run(sam_ch,krb5_sam_challenge,"sam_challenge","", + encode_krb5_sam_challenge); + ktest_empty_sam_challenge(&sam_ch); + } + /****************************************************************/ + /* encode_krb5_sam_response */ + { + krb5_sam_response sam_ch; + setup(sam_ch,krb5_sam_response,"sam_response", + ktest_make_sample_sam_response); + encode_run(sam_ch,krb5_sam_response,"sam_response","", + encode_krb5_sam_response); + ktest_empty_sam_response(&sam_ch); + } + /****************************************************************/ + /* encode_krb5_sam_key */ + { + krb5_sam_key sam_ch; + setup(sam_ch,krb5_sam_key,"sam_key", + ktest_make_sample_sam_key); + encode_run(sam_ch,krb5_sam_key,"sam_key","", + encode_krb5_sam_key); + ktest_empty_sam_key(&sam_ch); + } + /****************************************************************/ + /* encode_krb5_enc_sam_response_enc */ + { + krb5_enc_sam_response_enc sam_ch; + setup(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc", + ktest_make_sample_enc_sam_response_enc); + encode_run(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc","", + encode_krb5_enc_sam_response_enc); + ktest_empty_enc_sam_response_enc(&sam_ch); + } + /****************************************************************/ + /* encode_krb5_predicted_sam_response */ + { + krb5_predicted_sam_response sam_ch; + setup(sam_ch,krb5_predicted_sam_response,"predicted_sam_response", + ktest_make_sample_predicted_sam_response); + encode_run(sam_ch,krb5_predicted_sam_response,"predicted_sam_response","", + encode_krb5_predicted_sam_response); + ktest_empty_predicted_sam_response(&sam_ch); + } /****************************************************************/ - /* encode_enc_data */ - { - krb5_enc_data enc_data; - setup(enc_data,krb5_enc_data,"enc_data",ktest_make_sample_enc_data); - current_appl_type = 1001; - encode_run(enc_data,krb5_enc_data,"enc_data","",encode_krb5_enc_data); - ktest_destroy_enc_data(&enc_data); - } - /****************************************************************/ - /* encode_krb5_sam_challenge */ - { - krb5_sam_challenge sam_ch; - setup(sam_ch,krb5_sam_challenge,"sam_challenge", - ktest_make_sample_sam_challenge); - encode_run(sam_ch,krb5_sam_challenge,"sam_challenge","", - encode_krb5_sam_challenge); - ktest_empty_sam_challenge(&sam_ch); - } - /****************************************************************/ - /* encode_krb5_sam_response */ - { - krb5_sam_response sam_ch; - setup(sam_ch,krb5_sam_response,"sam_response", - ktest_make_sample_sam_response); - encode_run(sam_ch,krb5_sam_response,"sam_response","", - encode_krb5_sam_response); - ktest_empty_sam_response(&sam_ch); - } -#if 0 - /****************************************************************/ - /* encode_krb5_sam_key */ - { - krb5_sam_key sam_ch; - setup(sam_ch,krb5_sam_key,"sam_key", - ktest_make_sample_sam_key); - encode_run(sam_ch,krb5_sam_key,"sam_key","", - encode_krb5_sam_key); - } - /****************************************************************/ - /* encode_krb5_enc_sam_response_enc */ - { - krb5_enc_sam_response_enc sam_ch; - setup(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc", - ktest_make_sample_enc_sam_response_enc); - encode_run(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc","", - encode_krb5_enc_sam_response_enc); - } - /****************************************************************/ - /* encode_krb5_predicted_sam_response */ - { - krb5_predicted_sam_response sam_ch; - setup(sam_ch,krb5_predicted_sam_response,"predicted_sam_response", - ktest_make_sample_predicted_sam_response); - encode_run(sam_ch,krb5_predicted_sam_response,"predicted_sam_response","", - encode_krb5_predicted_sam_response); - } + /* encode_krb5_sam_response_2 */ + { + krb5_sam_response_2 sam_ch2; + setup(sam_ch2,krb5_sam_response_2,"sam_response_2", + ktest_make_sample_sam_response_2); + encode_run(sam_ch2,krb5_sam_response_2,"sam_response_2","", + acc.encode_krb5_sam_response_2); + ktest_empty_sam_response_2(&sam_ch2); + } + /****************************************************************/ + /* encode_krb5_sam_response_enc_2 */ + { + krb5_enc_sam_response_enc_2 sam_ch2; + setup(sam_ch2,krb5_enc_sam_response_enc_2,"enc_sam_response_enc_2", + ktest_make_sample_enc_sam_response_enc_2); + encode_run(sam_ch2,krb5_enc_sam_response_enc_2, + "enc_sam_response_enc_2","", + acc.encode_krb5_enc_sam_response_enc_2); + ktest_empty_enc_sam_response_enc_2(&sam_ch2); + } +#ifdef ENABLE_LDAP + { + ldap_seqof_key_data skd; + + setup(skd, ldap_seqof_key_data, "ldap_seqof_key_data", + ktest_make_sample_ldap_seqof_key_data); + encode_run(skd, ldap_seqof_key_data, "ldap_seqof_key_data", "", + acc.asn1_ldap_encode_sequence_of_keys); + ktest_empty_ldap_seqof_key_data(test_context, &skd); + } #endif - krb5_free_context(test_context); - exit(error_count); - return(error_count); + krb5_free_context(test_context); + exit(error_count); + return(error_count); } - - diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c index 12ff8fb93f..5951b6c7eb 100644 --- a/src/tests/asn.1/ktest.c +++ b/src/tests/asn.1/ktest.c @@ -5,640 +5,640 @@ char *sample_principal_name = "hftsai/extra@ATHENA.MIT.EDU"; krb5_error_code ktest_make_sample_authenticator(a) - krb5_authenticator * a; -{ - krb5_error_code retval; - - retval = ktest_make_sample_principal(&(a->client)); - if(retval) return retval; - a->checksum = (krb5_checksum*)calloc(1,sizeof(krb5_checksum)); - if(a->checksum == NULL) return ENOMEM; - retval = ktest_make_sample_checksum(a->checksum); - if(retval) return retval; - a->cusec = SAMPLE_USEC; - a->ctime = SAMPLE_TIME; - a->subkey = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); - if(a->subkey == NULL) return ENOMEM; - retval = ktest_make_sample_keyblock(a->subkey); - if(retval) return retval; - a->seq_number = SAMPLE_SEQ_NUMBER; - retval = ktest_make_sample_authorization_data(&(a->authorization_data)); - if(retval) return retval; + krb5_authenticator * a; +{ + krb5_error_code retval; + + retval = ktest_make_sample_principal(&(a->client)); + if (retval) return retval; + a->checksum = (krb5_checksum*)calloc(1,sizeof(krb5_checksum)); + if (a->checksum == NULL) return ENOMEM; + retval = ktest_make_sample_checksum(a->checksum); + if (retval) return retval; + a->cusec = SAMPLE_USEC; + a->ctime = SAMPLE_TIME; + a->subkey = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); + if (a->subkey == NULL) return ENOMEM; + retval = ktest_make_sample_keyblock(a->subkey); + if (retval) return retval; + a->seq_number = SAMPLE_SEQ_NUMBER; + retval = ktest_make_sample_authorization_data(&(a->authorization_data)); + if (retval) return retval; - return 0; + return 0; } krb5_error_code ktest_make_sample_principal(p) - krb5_principal * p; + krb5_principal * p; { - krb5_error_code retval; + krb5_error_code retval; - retval = krb5_parse_name(test_context, sample_principal_name, p); - return retval; + retval = krb5_parse_name(test_context, sample_principal_name, p); + return retval; } krb5_error_code ktest_make_sample_checksum(cs) - krb5_checksum * cs; + krb5_checksum * cs; { - cs->checksum_type = 1; - cs->length = 4; - cs->contents = (krb5_octet*)calloc(4,sizeof(krb5_octet)); - if(cs->contents == NULL) return ENOMEM; - memcpy(cs->contents,"1234",4); + cs->checksum_type = 1; + cs->length = 4; + cs->contents = (krb5_octet*)calloc(4,sizeof(krb5_octet)); + if (cs->contents == NULL) return ENOMEM; + memcpy(cs->contents,"1234",4); - return 0; + return 0; } krb5_error_code ktest_make_sample_keyblock(kb) - krb5_keyblock * kb; + krb5_keyblock * kb; { - kb->magic = KV5M_KEYBLOCK; - kb->enctype = 1; - kb->length = 8; - kb->contents = (krb5_octet*)calloc(8,sizeof(krb5_octet)); - if(kb->contents == NULL) return ENOMEM; - memcpy(kb->contents,"12345678",8); + kb->magic = KV5M_KEYBLOCK; + kb->enctype = 1; + kb->length = 8; + kb->contents = (krb5_octet*)calloc(8,sizeof(krb5_octet)); + if (kb->contents == NULL) return ENOMEM; + memcpy(kb->contents,"12345678",8); - return 0; + return 0; } krb5_error_code ktest_make_sample_ticket(tkt) - krb5_ticket * tkt; + krb5_ticket * tkt; { - krb5_error_code retval; + krb5_error_code retval; - retval = ktest_make_sample_principal(&(tkt->server)); - if(retval) return retval; - retval = ktest_make_sample_enc_data(&(tkt->enc_part)); - if(retval) return retval; - tkt->enc_part2 = NULL; + retval = ktest_make_sample_principal(&(tkt->server)); + if (retval) return retval; + retval = ktest_make_sample_enc_data(&(tkt->enc_part)); + if (retval) return retval; + tkt->enc_part2 = NULL; - return 0; + return 0; } krb5_error_code ktest_make_sample_enc_data(ed) - krb5_enc_data * ed; + krb5_enc_data * ed; { - krb5_error_code retval; + krb5_error_code retval; - ed->kvno = 5; - ed->enctype = 0; - retval = krb5_data_parse(&(ed->ciphertext),"krbASN.1 test message"); - if(retval) return retval; + ed->kvno = 5; + ed->enctype = 0; + retval = krb5_data_parse(&(ed->ciphertext),"krbASN.1 test message"); + if (retval) return retval; - return 0; + return 0; } krb5_error_code ktest_make_sample_enc_tkt_part(etp) - krb5_enc_tkt_part * etp; -{ - krb5_error_code retval; - - etp->flags = SAMPLE_FLAGS; - etp->session = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); - if(etp->session == NULL) return ENOMEM; - retval = ktest_make_sample_keyblock(etp->session); - if(retval) return retval; - retval = ktest_make_sample_principal(&(etp->client)); - if(retval) return retval; - retval = ktest_make_sample_transited(&(etp->transited)); - if(retval) return retval; - retval = ktest_make_sample_ticket_times(&(etp->times)); - if(retval) return retval; - retval = ktest_make_sample_addresses(&(etp->caddrs)); - if(retval) return retval; - retval = ktest_make_sample_authorization_data(&(etp->authorization_data)); - if(retval) return retval; - return 0; + krb5_enc_tkt_part * etp; +{ + krb5_error_code retval; + + etp->flags = SAMPLE_FLAGS; + etp->session = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); + if (etp->session == NULL) return ENOMEM; + retval = ktest_make_sample_keyblock(etp->session); + if (retval) return retval; + retval = ktest_make_sample_principal(&(etp->client)); + if (retval) return retval; + retval = ktest_make_sample_transited(&(etp->transited)); + if (retval) return retval; + retval = ktest_make_sample_ticket_times(&(etp->times)); + if (retval) return retval; + retval = ktest_make_sample_addresses(&(etp->caddrs)); + if (retval) return retval; + retval = ktest_make_sample_authorization_data(&(etp->authorization_data)); + if (retval) return retval; + return 0; } krb5_error_code ktest_make_sample_addresses(caddrs) - krb5_address *** caddrs; -{ - asn1_error_code retval; - int i; - - *caddrs = (krb5_address**)calloc(3,sizeof(krb5_address*)); - if(*caddrs == NULL) return ENOMEM; - for(i=0; i<2; i++){ - (*caddrs)[i] = (krb5_address*)calloc(1,sizeof(krb5_address)); - if((*caddrs)[i] == NULL) return ENOMEM; - retval = ktest_make_sample_address((*caddrs)[i]); - if(retval) return retval; - } - (*caddrs)[2] = NULL; - return 0; + krb5_address *** caddrs; +{ + asn1_error_code retval; + int i; + + *caddrs = (krb5_address**)calloc(3,sizeof(krb5_address*)); + if (*caddrs == NULL) return ENOMEM; + for (i=0; i<2; i++) { + (*caddrs)[i] = (krb5_address*)calloc(1,sizeof(krb5_address)); + if ((*caddrs)[i] == NULL) return ENOMEM; + retval = ktest_make_sample_address((*caddrs)[i]); + if (retval) return retval; + } + (*caddrs)[2] = NULL; + return 0; } krb5_error_code ktest_make_sample_authorization_data(ad) - krb5_authdata *** ad; + krb5_authdata *** ad; { - krb5_error_code retval; - int i; + krb5_error_code retval; + int i; - *ad = (krb5_authdata**)calloc(3,sizeof(krb5_authdata*)); - if(*ad == NULL) return ENOMEM; + *ad = (krb5_authdata**)calloc(3,sizeof(krb5_authdata*)); + if (*ad == NULL) return ENOMEM; - for(i=0; i<=1; i++){ - (*ad)[i] = (krb5_authdata*)calloc(1,sizeof(krb5_authdata)); - if((*ad)[i] == NULL) return ENOMEM; - retval = ktest_make_sample_authdata((*ad)[i]); - if(retval) return retval; - } - (*ad)[2] = NULL; + for (i=0; i<=1; i++) { + (*ad)[i] = (krb5_authdata*)calloc(1,sizeof(krb5_authdata)); + if ((*ad)[i] == NULL) return ENOMEM; + retval = ktest_make_sample_authdata((*ad)[i]); + if (retval) return retval; + } + (*ad)[2] = NULL; - return 0; + return 0; } krb5_error_code ktest_make_sample_transited(t) - krb5_transited * t; + krb5_transited * t; { - t->tr_type = 1; - return krb5_data_parse(&(t->tr_contents), - "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."); + t->tr_type = 1; + return krb5_data_parse(&(t->tr_contents), + "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS."); } krb5_error_code ktest_make_sample_ticket_times(tt) - krb5_ticket_times * tt; + krb5_ticket_times * tt; { - tt->authtime = SAMPLE_TIME; - tt->starttime = SAMPLE_TIME; - tt->endtime = SAMPLE_TIME; - tt->renew_till = SAMPLE_TIME; - return 0; + tt->authtime = SAMPLE_TIME; + tt->starttime = SAMPLE_TIME; + tt->endtime = SAMPLE_TIME; + tt->renew_till = SAMPLE_TIME; + return 0; } krb5_error_code ktest_make_sample_address(a) - krb5_address * a; + krb5_address * a; { - a->addrtype = ADDRTYPE_INET; - a->length = 4; - a->contents = (krb5_octet*)calloc(4,sizeof(krb5_octet)); - if(a->contents == NULL) return ENOMEM; - a->contents[0] = 18; - a->contents[1] = 208; - a->contents[2] = 0; - a->contents[3] = 35; + a->addrtype = ADDRTYPE_INET; + a->length = 4; + a->contents = (krb5_octet*)calloc(4,sizeof(krb5_octet)); + if (a->contents == NULL) return ENOMEM; + a->contents[0] = 18; + a->contents[1] = 208; + a->contents[2] = 0; + a->contents[3] = 35; - return 0; + return 0; } krb5_error_code ktest_make_sample_authdata(ad) - krb5_authdata * ad; + krb5_authdata * ad; { - ad->ad_type = 1; - ad->length = 6; - ad->contents = (krb5_octet*)calloc(6,sizeof(krb5_octet)); - if(ad->contents == NULL) return ENOMEM; - memcpy(ad->contents,"foobar",6); - return 0; + ad->ad_type = 1; + ad->length = 6; + ad->contents = (krb5_octet*)calloc(6,sizeof(krb5_octet)); + if (ad->contents == NULL) return ENOMEM; + memcpy(ad->contents,"foobar",6); + return 0; } krb5_error_code ktest_make_sample_enc_kdc_rep_part(ekr) - krb5_enc_kdc_rep_part * ekr; -{ - krb5_error_code retval; - - ekr->session = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); - if(ekr->session == NULL) return ENOMEM; - retval = ktest_make_sample_keyblock(ekr->session); - if(retval) return retval; - retval = ktest_make_sample_last_req(&(ekr->last_req)); - if(retval) return retval; - ekr->nonce = SAMPLE_NONCE; - ekr->key_exp = SAMPLE_TIME; - ekr->flags = SAMPLE_FLAGS; - ekr->times.authtime = SAMPLE_TIME; - ekr->times.starttime = SAMPLE_TIME; - ekr->times.endtime = SAMPLE_TIME; - ekr->times.renew_till = SAMPLE_TIME; - retval = ktest_make_sample_principal(&(ekr->server)); - if(retval) return retval; - retval = ktest_make_sample_addresses(&(ekr->caddrs)); - if(retval) return retval; - - return 0; + krb5_enc_kdc_rep_part * ekr; +{ + krb5_error_code retval; + + ekr->session = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); + if (ekr->session == NULL) return ENOMEM; + retval = ktest_make_sample_keyblock(ekr->session); + if (retval) return retval; + retval = ktest_make_sample_last_req(&(ekr->last_req)); + if (retval) return retval; + ekr->nonce = SAMPLE_NONCE; + ekr->key_exp = SAMPLE_TIME; + ekr->flags = SAMPLE_FLAGS; + ekr->times.authtime = SAMPLE_TIME; + ekr->times.starttime = SAMPLE_TIME; + ekr->times.endtime = SAMPLE_TIME; + ekr->times.renew_till = SAMPLE_TIME; + retval = ktest_make_sample_principal(&(ekr->server)); + if (retval) return retval; + retval = ktest_make_sample_addresses(&(ekr->caddrs)); + if (retval) return retval; + + return 0; } krb5_error_code ktest_make_sample_last_req(lr) - krb5_last_req_entry *** lr; + krb5_last_req_entry *** lr; { - krb5_error_code retval; - int i; + krb5_error_code retval; + int i; - *lr = (krb5_last_req_entry**)calloc(3,sizeof(krb5_last_req_entry*)); - if(*lr == NULL) return ENOMEM; - for(i=0; i<=1; i++){ - retval = ktest_make_sample_last_req_entry(&((*lr)[i])); - if(retval) return retval; - } - (*lr)[2] = NULL; - return 0; + *lr = (krb5_last_req_entry**)calloc(3,sizeof(krb5_last_req_entry*)); + if (*lr == NULL) return ENOMEM; + for (i=0; i<=1; i++) { + retval = ktest_make_sample_last_req_entry(&((*lr)[i])); + if (retval) return retval; + } + (*lr)[2] = NULL; + return 0; } krb5_error_code ktest_make_sample_last_req_entry(lre) - krb5_last_req_entry ** lre; + krb5_last_req_entry ** lre; { - *lre = (krb5_last_req_entry*)calloc(1,sizeof(krb5_last_req_entry)); - if(*lre == NULL) return ENOMEM; - (*lre)->lr_type = -5; - (*lre)->value = SAMPLE_TIME; - return 0; + *lre = (krb5_last_req_entry*)calloc(1,sizeof(krb5_last_req_entry)); + if (*lre == NULL) return ENOMEM; + (*lre)->lr_type = -5; + (*lre)->value = SAMPLE_TIME; + return 0; } krb5_error_code ktest_make_sample_kdc_rep(kdcr) - krb5_kdc_rep * kdcr; -{ - krb5_error_code retval; - - retval = ktest_make_sample_pa_data_array(&(kdcr->padata)); - if(retval) return retval; - retval = ktest_make_sample_principal(&(kdcr->client)); - if(retval) return retval; - kdcr->ticket = (krb5_ticket*)calloc(1,sizeof(krb5_ticket)); - if(kdcr->ticket == NULL) return ENOMEM; - retval = ktest_make_sample_ticket(kdcr->ticket); - if(retval) return retval; - retval = ktest_make_sample_enc_data(&(kdcr->enc_part)); - if(retval) return retval; - kdcr->enc_part2 = NULL; + krb5_kdc_rep * kdcr; +{ + krb5_error_code retval; + + retval = ktest_make_sample_pa_data_array(&(kdcr->padata)); + if (retval) return retval; + retval = ktest_make_sample_principal(&(kdcr->client)); + if (retval) return retval; + kdcr->ticket = (krb5_ticket*)calloc(1,sizeof(krb5_ticket)); + if (kdcr->ticket == NULL) return ENOMEM; + retval = ktest_make_sample_ticket(kdcr->ticket); + if (retval) return retval; + retval = ktest_make_sample_enc_data(&(kdcr->enc_part)); + if (retval) return retval; + kdcr->enc_part2 = NULL; - return 0; + return 0; } krb5_error_code ktest_make_sample_pa_data_array(pad) - krb5_pa_data *** pad; + krb5_pa_data *** pad; { - krb5_error_code retval; - int i; + krb5_error_code retval; + int i; - *pad = (krb5_pa_data**)calloc(3,sizeof(krb5_pa_data*)); - if(*pad == NULL) return ENOMEM; + *pad = (krb5_pa_data**)calloc(3,sizeof(krb5_pa_data*)); + if (*pad == NULL) return ENOMEM; - for(i=0; i<=1; i++){ - (*pad)[i] = (krb5_pa_data*)calloc(1,sizeof(krb5_pa_data)); - if((*pad)[i] == NULL) return ENOMEM; - retval = ktest_make_sample_pa_data((*pad)[i]); - if(retval) return retval; - } - (*pad)[2] = NULL; + for (i=0; i<=1; i++) { + (*pad)[i] = (krb5_pa_data*)calloc(1,sizeof(krb5_pa_data)); + if ((*pad)[i] == NULL) return ENOMEM; + retval = ktest_make_sample_pa_data((*pad)[i]); + if (retval) return retval; + } + (*pad)[2] = NULL; - return 0; + return 0; } krb5_error_code ktest_make_sample_empty_pa_data_array(pad) - krb5_pa_data *** pad; + krb5_pa_data *** pad; { - *pad = (krb5_pa_data**)calloc(1,sizeof(krb5_pa_data*)); - if(*pad == NULL) return ENOMEM; + *pad = (krb5_pa_data**)calloc(1,sizeof(krb5_pa_data*)); + if (*pad == NULL) return ENOMEM; - (*pad)[0] = NULL; + (*pad)[0] = NULL; - return 0; + return 0; } krb5_error_code ktest_make_sample_pa_data(pad) - krb5_pa_data * pad; + krb5_pa_data * pad; { - pad->pa_type = 13; - pad->length = 7; - pad->contents = (krb5_octet*)calloc(7,sizeof(krb5_octet)); - if(pad->contents == NULL) return ENOMEM; - memcpy(pad->contents,"pa-data",7); - return 0; + pad->pa_type = 13; + pad->length = 7; + pad->contents = (krb5_octet*)calloc(7,sizeof(krb5_octet)); + if (pad->contents == NULL) return ENOMEM; + memcpy(pad->contents,"pa-data",7); + return 0; } krb5_error_code ktest_make_sample_ap_req(ar) - krb5_ap_req * ar; -{ - krb5_error_code retval; - ar->ap_options = SAMPLE_FLAGS; - ar->ticket = (krb5_ticket*)calloc(1,sizeof(krb5_ticket)); - if(ar->ticket == NULL) return ENOMEM; - retval = ktest_make_sample_ticket(ar->ticket); - if(retval) return retval; - retval = ktest_make_sample_enc_data(&(ar->authenticator)); - if(retval) return retval; - return 0; + krb5_ap_req * ar; +{ + krb5_error_code retval; + ar->ap_options = SAMPLE_FLAGS; + ar->ticket = (krb5_ticket*)calloc(1,sizeof(krb5_ticket)); + if (ar->ticket == NULL) return ENOMEM; + retval = ktest_make_sample_ticket(ar->ticket); + if (retval) return retval; + retval = ktest_make_sample_enc_data(&(ar->authenticator)); + if (retval) return retval; + return 0; } krb5_error_code ktest_make_sample_ap_rep(ar) - krb5_ap_rep * ar; + krb5_ap_rep * ar; { - return ktest_make_sample_enc_data(&(ar->enc_part)); + return ktest_make_sample_enc_data(&(ar->enc_part)); } krb5_error_code ktest_make_sample_ap_rep_enc_part(arep) - krb5_ap_rep_enc_part * arep; + krb5_ap_rep_enc_part * arep; { - krb5_error_code retval; + krb5_error_code retval; - arep->ctime = SAMPLE_TIME; - arep->cusec = SAMPLE_USEC; - arep->subkey = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); - if(arep->subkey == NULL) return ENOMEM; - retval = ktest_make_sample_keyblock(arep->subkey); - if(retval) return retval; - arep->seq_number = SAMPLE_SEQ_NUMBER; + arep->ctime = SAMPLE_TIME; + arep->cusec = SAMPLE_USEC; + arep->subkey = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); + if (arep->subkey == NULL) return ENOMEM; + retval = ktest_make_sample_keyblock(arep->subkey); + if (retval) return retval; + arep->seq_number = SAMPLE_SEQ_NUMBER; - return 0; + return 0; } krb5_error_code ktest_make_sample_kdc_req(kr) - krb5_kdc_req * kr; -{ - krb5_error_code retval; - - /* msg_type is left up to the calling procedure */ - retval = ktest_make_sample_pa_data_array(&(kr->padata)); - if(retval) return retval; - kr->kdc_options = SAMPLE_FLAGS; - retval = ktest_make_sample_principal(&(kr->client)); - if(retval) return retval; - retval = ktest_make_sample_principal(&(kr->server)); - if(retval) return retval; - kr->from = SAMPLE_TIME; - kr->till = SAMPLE_TIME; - kr->rtime = SAMPLE_TIME; - kr->nonce = SAMPLE_NONCE; - kr->nktypes = 2; - kr->ktype = (krb5_enctype*)calloc(2,sizeof(krb5_enctype)); - kr->ktype[0] = 0; - kr->ktype[1] = 1; - retval = ktest_make_sample_addresses(&(kr->addresses)); - if(retval) return retval; - retval = ktest_make_sample_enc_data(&(kr->authorization_data)); - if(retval) return retval; - retval = ktest_make_sample_authorization_data(&(kr->unenc_authdata)); - if(retval) return retval; - retval = ktest_make_sample_sequence_of_ticket(&(kr->second_ticket)); - if(retval) return retval; - return 0; + krb5_kdc_req * kr; +{ + krb5_error_code retval; + + /* msg_type is left up to the calling procedure */ + retval = ktest_make_sample_pa_data_array(&(kr->padata)); + if (retval) return retval; + kr->kdc_options = SAMPLE_FLAGS; + retval = ktest_make_sample_principal(&(kr->client)); + if (retval) return retval; + retval = ktest_make_sample_principal(&(kr->server)); + if (retval) return retval; + kr->from = SAMPLE_TIME; + kr->till = SAMPLE_TIME; + kr->rtime = SAMPLE_TIME; + kr->nonce = SAMPLE_NONCE; + kr->nktypes = 2; + kr->ktype = (krb5_enctype*)calloc(2,sizeof(krb5_enctype)); + kr->ktype[0] = 0; + kr->ktype[1] = 1; + retval = ktest_make_sample_addresses(&(kr->addresses)); + if (retval) return retval; + retval = ktest_make_sample_enc_data(&(kr->authorization_data)); + if (retval) return retval; + retval = ktest_make_sample_authorization_data(&(kr->unenc_authdata)); + if (retval) return retval; + retval = ktest_make_sample_sequence_of_ticket(&(kr->second_ticket)); + if (retval) return retval; + return 0; } krb5_error_code ktest_make_sample_kdc_req_body(krb) - krb5_kdc_req * krb; -{ - krb5_error_code retval; - - krb->kdc_options = SAMPLE_FLAGS; - retval = ktest_make_sample_principal(&(krb->client)); - if(retval) return retval; - retval = ktest_make_sample_principal(&(krb->server)); - if(retval) return retval; - krb->from = SAMPLE_TIME; - krb->till = SAMPLE_TIME; - krb->rtime = SAMPLE_TIME; - krb->nonce = SAMPLE_NONCE; - krb->nktypes = 2; - krb->ktype = (krb5_enctype*)calloc(2,sizeof(krb5_enctype)); - krb->ktype[0] = 0; - krb->ktype[1] = 1; - retval = ktest_make_sample_addresses(&(krb->addresses)); - if(retval) return retval; - retval = ktest_make_sample_enc_data(&(krb->authorization_data)); - if(retval) return retval; - retval = ktest_make_sample_authorization_data(&(krb->unenc_authdata)); - if(retval) return retval; - retval = ktest_make_sample_sequence_of_ticket(&(krb->second_ticket)); - if(retval) return retval; - return 0; + krb5_kdc_req * krb; +{ + krb5_error_code retval; + + krb->kdc_options = SAMPLE_FLAGS; + retval = ktest_make_sample_principal(&(krb->client)); + if (retval) return retval; + retval = ktest_make_sample_principal(&(krb->server)); + if (retval) return retval; + krb->from = SAMPLE_TIME; + krb->till = SAMPLE_TIME; + krb->rtime = SAMPLE_TIME; + krb->nonce = SAMPLE_NONCE; + krb->nktypes = 2; + krb->ktype = (krb5_enctype*)calloc(2,sizeof(krb5_enctype)); + krb->ktype[0] = 0; + krb->ktype[1] = 1; + retval = ktest_make_sample_addresses(&(krb->addresses)); + if (retval) return retval; + retval = ktest_make_sample_enc_data(&(krb->authorization_data)); + if (retval) return retval; + retval = ktest_make_sample_authorization_data(&(krb->unenc_authdata)); + if (retval) return retval; + retval = ktest_make_sample_sequence_of_ticket(&(krb->second_ticket)); + if (retval) return retval; + return 0; } krb5_error_code ktest_make_sample_safe(s) - krb5_safe * s; -{ - krb5_error_code retval; - - retval = ktest_make_sample_data(&(s->user_data)); - if(retval) return retval; - s->timestamp = SAMPLE_TIME; - s->usec = SAMPLE_USEC; - s->seq_number = SAMPLE_SEQ_NUMBER; - s->s_address = (krb5_address*)calloc(1,sizeof(krb5_address)); - if(s->s_address == NULL) return ENOMEM; - retval = ktest_make_sample_address(s->s_address); - if(retval) return retval; - s->r_address = (krb5_address*)calloc(1,sizeof(krb5_address)); - if(s->r_address == NULL) return ENOMEM; - retval = ktest_make_sample_address(s->r_address); - if(retval) return retval; - s->checksum = (krb5_checksum*)calloc(1,sizeof(krb5_checksum)); - if(s->checksum == NULL) return ENOMEM; - retval = ktest_make_sample_checksum(s->checksum); - if(retval) return retval; - - return 0; + krb5_safe * s; +{ + krb5_error_code retval; + + retval = ktest_make_sample_data(&(s->user_data)); + if (retval) return retval; + s->timestamp = SAMPLE_TIME; + s->usec = SAMPLE_USEC; + s->seq_number = SAMPLE_SEQ_NUMBER; + s->s_address = (krb5_address*)calloc(1,sizeof(krb5_address)); + if (s->s_address == NULL) return ENOMEM; + retval = ktest_make_sample_address(s->s_address); + if (retval) return retval; + s->r_address = (krb5_address*)calloc(1,sizeof(krb5_address)); + if (s->r_address == NULL) return ENOMEM; + retval = ktest_make_sample_address(s->r_address); + if (retval) return retval; + s->checksum = (krb5_checksum*)calloc(1,sizeof(krb5_checksum)); + if (s->checksum == NULL) return ENOMEM; + retval = ktest_make_sample_checksum(s->checksum); + if (retval) return retval; + + return 0; } krb5_error_code ktest_make_sample_priv(p) - krb5_priv * p; + krb5_priv * p; { - return ktest_make_sample_enc_data(&(p->enc_part)); + return ktest_make_sample_enc_data(&(p->enc_part)); } krb5_error_code ktest_make_sample_priv_enc_part(pep) - krb5_priv_enc_part * pep; -{ - krb5_error_code retval; - retval = ktest_make_sample_data(&(pep->user_data)); - if(retval) return retval; - pep->timestamp = SAMPLE_TIME; - pep->usec = SAMPLE_USEC; - pep->seq_number = SAMPLE_SEQ_NUMBER; - pep->s_address = (krb5_address*)calloc(1,sizeof(krb5_address)); - if(pep->s_address == NULL) return ENOMEM; - retval = ktest_make_sample_address(pep->s_address); - if(retval) return retval; - pep->r_address = (krb5_address*)calloc(1,sizeof(krb5_address)); - if(pep->r_address == NULL) return ENOMEM; - retval = ktest_make_sample_address(pep->r_address); - if(retval) return retval; - return 0; + krb5_priv_enc_part * pep; +{ + krb5_error_code retval; + retval = ktest_make_sample_data(&(pep->user_data)); + if (retval) return retval; + pep->timestamp = SAMPLE_TIME; + pep->usec = SAMPLE_USEC; + pep->seq_number = SAMPLE_SEQ_NUMBER; + pep->s_address = (krb5_address*)calloc(1,sizeof(krb5_address)); + if (pep->s_address == NULL) return ENOMEM; + retval = ktest_make_sample_address(pep->s_address); + if (retval) return retval; + pep->r_address = (krb5_address*)calloc(1,sizeof(krb5_address)); + if (pep->r_address == NULL) return ENOMEM; + retval = ktest_make_sample_address(pep->r_address); + if (retval) return retval; + return 0; } krb5_error_code ktest_make_sample_cred(c) - krb5_cred * c; + krb5_cred * c; { - krb5_error_code retval; - retval = ktest_make_sample_sequence_of_ticket(&(c->tickets)); - if(retval) return retval; - retval = ktest_make_sample_enc_data(&(c->enc_part)); - if(retval) return retval; - return 0; + krb5_error_code retval; + retval = ktest_make_sample_sequence_of_ticket(&(c->tickets)); + if (retval) return retval; + retval = ktest_make_sample_enc_data(&(c->enc_part)); + if (retval) return retval; + return 0; } krb5_error_code ktest_make_sample_sequence_of_ticket(sot) - krb5_ticket *** sot; -{ - krb5_error_code retval; - int i; - - *sot = (krb5_ticket**)calloc(3,sizeof(krb5_ticket*)); - if(*sot == NULL) return ENOMEM; - for(i=0; i<2; i++){ - (*sot)[i] = (krb5_ticket*)calloc(1,sizeof(krb5_ticket)); - if((*sot)[i] == NULL) return ENOMEM; - retval = ktest_make_sample_ticket((*sot)[i]); - if(retval) return retval; - } - (*sot)[2] = NULL; + krb5_ticket *** sot; +{ + krb5_error_code retval; + int i; + + *sot = (krb5_ticket**)calloc(3,sizeof(krb5_ticket*)); + if (*sot == NULL) return ENOMEM; + for (i=0; i<2; i++) { + (*sot)[i] = (krb5_ticket*)calloc(1,sizeof(krb5_ticket)); + if ((*sot)[i] == NULL) return ENOMEM; + retval = ktest_make_sample_ticket((*sot)[i]); + if (retval) return retval; + } + (*sot)[2] = NULL; - return 0; + return 0; } krb5_error_code ktest_make_sample_cred_enc_part(cep) - krb5_cred_enc_part * cep; -{ - krb5_error_code retval; + krb5_cred_enc_part * cep; +{ + krb5_error_code retval; + + cep->nonce = SAMPLE_NONCE; + cep->timestamp = SAMPLE_TIME; + cep->usec = SAMPLE_USEC; + cep->s_address = (krb5_address*)calloc(1,sizeof(krb5_address)); + if (cep->s_address == NULL) return ENOMEM; + retval = ktest_make_sample_address(cep->s_address); + if (retval) return retval; + cep->r_address = (krb5_address*)calloc(1,sizeof(krb5_address)); + if (cep->r_address == NULL) return ENOMEM; + retval = ktest_make_sample_address(cep->r_address); + if (retval) return retval; + retval = ktest_make_sequence_of_cred_info(&(cep->ticket_info)); + if (retval) return retval; - cep->nonce = SAMPLE_NONCE; - cep->timestamp = SAMPLE_TIME; - cep->usec = SAMPLE_USEC; - cep->s_address = (krb5_address*)calloc(1,sizeof(krb5_address)); - if(cep->s_address == NULL) return ENOMEM; - retval = ktest_make_sample_address(cep->s_address); - if(retval) return retval; - cep->r_address = (krb5_address*)calloc(1,sizeof(krb5_address)); - if(cep->r_address == NULL) return ENOMEM; - retval = ktest_make_sample_address(cep->r_address); - if(retval) return retval; - retval = ktest_make_sequence_of_cred_info(&(cep->ticket_info)); - if(retval) return retval; - - return 0; + return 0; } krb5_error_code ktest_make_sequence_of_cred_info(soci) - krb5_cred_info *** soci; -{ - krb5_error_code retval; - int i; - - *soci = (krb5_cred_info**)calloc(3,sizeof(krb5_cred_info*)); - if(*soci == NULL) return ENOMEM; - for(i=0; i<2; i++){ - (*soci)[i] = (krb5_cred_info*)calloc(1,sizeof(krb5_cred_info)); - if((*soci)[i] == NULL) return ENOMEM; - retval = ktest_make_sample_cred_info((*soci)[i]); - if(retval) return retval; - } - (*soci)[2] = NULL; + krb5_cred_info *** soci; +{ + krb5_error_code retval; + int i; + + *soci = (krb5_cred_info**)calloc(3,sizeof(krb5_cred_info*)); + if (*soci == NULL) return ENOMEM; + for (i=0; i<2; i++) { + (*soci)[i] = (krb5_cred_info*)calloc(1,sizeof(krb5_cred_info)); + if ((*soci)[i] == NULL) return ENOMEM; + retval = ktest_make_sample_cred_info((*soci)[i]); + if (retval) return retval; + } + (*soci)[2] = NULL; - return 0; + return 0; } krb5_error_code ktest_make_sample_cred_info(ci) - krb5_cred_info * ci; -{ - krb5_error_code retval; - - ci->session = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); - if(ci->session == NULL) return ENOMEM; - retval = ktest_make_sample_keyblock(ci->session); - if(retval) return retval; - retval = ktest_make_sample_principal(&(ci->client)); - if(retval) return retval; - retval = ktest_make_sample_principal(&(ci->server)); - if(retval) return retval; - ci->flags = SAMPLE_FLAGS; - ci->times.authtime = SAMPLE_TIME; - ci->times.starttime = SAMPLE_TIME; - ci->times.endtime = SAMPLE_TIME; - ci->times.renew_till = SAMPLE_TIME; - retval = ktest_make_sample_addresses(&(ci->caddrs)); - if(retval) return retval; + krb5_cred_info * ci; +{ + krb5_error_code retval; + + ci->session = (krb5_keyblock*)calloc(1,sizeof(krb5_keyblock)); + if (ci->session == NULL) return ENOMEM; + retval = ktest_make_sample_keyblock(ci->session); + if (retval) return retval; + retval = ktest_make_sample_principal(&(ci->client)); + if (retval) return retval; + retval = ktest_make_sample_principal(&(ci->server)); + if (retval) return retval; + ci->flags = SAMPLE_FLAGS; + ci->times.authtime = SAMPLE_TIME; + ci->times.starttime = SAMPLE_TIME; + ci->times.endtime = SAMPLE_TIME; + ci->times.renew_till = SAMPLE_TIME; + retval = ktest_make_sample_addresses(&(ci->caddrs)); + if (retval) return retval; - return 0; + return 0; } krb5_error_code ktest_make_sample_error(kerr) - krb5_error * kerr; -{ - krb5_error_code retval; + krb5_error * kerr; +{ + krb5_error_code retval; + + kerr->ctime = SAMPLE_TIME; + kerr->cusec = SAMPLE_USEC; + kerr->susec = SAMPLE_USEC; + kerr->stime = SAMPLE_TIME; + kerr->error = SAMPLE_ERROR; + retval = ktest_make_sample_principal(&(kerr->client)); + if (retval) return retval; + retval = ktest_make_sample_principal(&(kerr->server)); + if (retval) return retval; + retval = ktest_make_sample_data(&(kerr->text)); + if (retval) return retval; + retval = ktest_make_sample_data(&(kerr->e_data)); + if (retval) return retval; - kerr->ctime = SAMPLE_TIME; - kerr->cusec = SAMPLE_USEC; - kerr->susec = SAMPLE_USEC; - kerr->stime = SAMPLE_TIME; - kerr->error = SAMPLE_ERROR; - retval = ktest_make_sample_principal(&(kerr->client)); - if(retval) return retval; - retval = ktest_make_sample_principal(&(kerr->server)); - if(retval) return retval; - retval = ktest_make_sample_data(&(kerr->text)); - if(retval) return retval; - retval = ktest_make_sample_data(&(kerr->e_data)); - if(retval) return retval; - - return 0; + return 0; } krb5_error_code ktest_make_sample_data(d) - krb5_data * d; + krb5_data * d; { - d->data = (char*)calloc(8,sizeof(char)); - if(d->data == NULL) return ENOMEM; - d->length = 8; - memcpy(d->data,"krb5data",8); + d->data = (char*)calloc(8,sizeof(char)); + if (d->data == NULL) return ENOMEM; + d->length = 8; + memcpy(d->data,"krb5data",8); - return 0; + return 0; } krb5_error_code ktest_make_sample_passwd_phrase_element(ppe) - passwd_phrase_element * ppe; -{ - krb5_error_code retval; - - ppe->passwd = (krb5_data*)calloc(1,sizeof(krb5_data)); - if(ppe->passwd == NULL) return ENOMEM; - retval = ktest_make_sample_data(ppe->passwd); - if(retval) return retval; - ppe->phrase = (krb5_data*)calloc(1,sizeof(krb5_data)); - if(ppe->phrase == NULL) return ENOMEM; - retval = ktest_make_sample_data(ppe->phrase); - if(retval) return retval; - return 0; + passwd_phrase_element * ppe; +{ + krb5_error_code retval; + + ppe->passwd = (krb5_data*)calloc(1,sizeof(krb5_data)); + if (ppe->passwd == NULL) return ENOMEM; + retval = ktest_make_sample_data(ppe->passwd); + if (retval) return retval; + ppe->phrase = (krb5_data*)calloc(1,sizeof(krb5_data)); + if (ppe->phrase == NULL) return ENOMEM; + retval = ktest_make_sample_data(ppe->phrase); + if (retval) return retval; + return 0; } krb5_error_code ktest_make_sample_krb5_pwd_data(pd) - krb5_pwd_data * pd; + krb5_pwd_data * pd; { - krb5_error_code retval; - int i; + krb5_error_code retval; + int i; - pd->sequence_count = 2; + pd->sequence_count = 2; - pd->element = (passwd_phrase_element**)calloc(3,sizeof(passwd_phrase_element*)); - if(pd->element == NULL) return ENOMEM; + pd->element = (passwd_phrase_element**)calloc(3,sizeof(passwd_phrase_element*)); + if (pd->element == NULL) return ENOMEM; - for(i=0; i<=1; i++){ - pd->element[i] = (passwd_phrase_element*)calloc(1,sizeof(passwd_phrase_element)); - if(pd->element[i] == NULL) return ENOMEM; - retval = ktest_make_sample_passwd_phrase_element(pd->element[i]); - if(retval) return retval; - } - pd->element[2] = NULL; + for (i=0; i<=1; i++) { + pd->element[i] = (passwd_phrase_element*)calloc(1,sizeof(passwd_phrase_element)); + if (pd->element[i] == NULL) return ENOMEM; + retval = ktest_make_sample_passwd_phrase_element(pd->element[i]); + if (retval) return retval; + } + pd->element[2] = NULL; - return 0; + return 0; } krb5_error_code ktest_make_sample_alt_method(p) - krb5_alt_method * p; + krb5_alt_method * p; { p->method = 42; p->data = (krb5_octet *) strdup("secret"); - if(p->data == NULL) return ENOMEM; + if (p->data == NULL) return ENOMEM; p->length = strlen((char *) p->data); return 0; } krb5_error_code ktest_make_sample_etype_info(p) - krb5_etype_info_entry *** p; + krb5_etype_info_entry *** p; { krb5_etype_info_entry **info; - int i; - char buf[80]; + int i, len; + char *str; info = malloc(sizeof(krb5_etype_info_entry *) * 4); if (!info) @@ -650,12 +650,11 @@ krb5_error_code ktest_make_sample_etype_info(p) if (info[i] == 0) goto memfail; info[i]->etype = i; - sprintf(buf, "Morton's #%d", i); - info[i]->length = strlen(buf); - info[i]->salt = malloc((size_t) (info[i]->length+1)); - if (info[i]->salt == 0) + len = asprintf(&str, "Morton's #%d", i); + if (len < 0) goto memfail; - strcpy((char *) info[i]->salt, buf); + info[i]->salt = (krb5_octet *) str; + info[i]->length = len; info[i]->s2kparams.data = NULL; info[i]->s2kparams.length = 0; info[i]->magic = KV5M_ETYPE_INFO_ENTRY; @@ -672,11 +671,11 @@ memfail: krb5_error_code ktest_make_sample_etype_info2(p) - krb5_etype_info_entry *** p; + krb5_etype_info_entry *** p; { krb5_etype_info_entry **info; - int i; - char buf[80]; + int i, len; + char *str; info = malloc(sizeof(krb5_etype_info_entry *) * 4); if (!info) @@ -688,18 +687,15 @@ krb5_error_code ktest_make_sample_etype_info2(p) if (info[i] == 0) goto memfail; info[i]->etype = i; - sprintf(buf, "Morton's #%d", i); - info[i]->length = strlen(buf); - info[i]->salt = malloc((size_t) (info[i]->length+1)); - if (info[i]->salt == 0) + len = asprintf(&str, "Morton's #%d", i); + if (len < 0) goto memfail; - strcpy((char *) info[i]->salt, buf); - sprintf(buf, "s2k: %d", i); - info[i]->s2kparams.data = malloc(strlen(buf)+1); - if (info[i]->s2kparams.data == NULL) + info[i]->salt = (krb5_octet *) str; + info[i]->length = (unsigned int) len; + len = asprintf(&info[i]->s2kparams.data, "s2k: %d", i); + if (len < 0) goto memfail; - strcpy( info[i]->s2kparams.data, buf); - info[i]->s2kparams.length = strlen(buf); + info[i]->s2kparams.length = (unsigned int) len; info[i]->magic = KV5M_ETYPE_INFO_ENTRY; } free(info[1]->salt); @@ -714,279 +710,380 @@ memfail: krb5_error_code ktest_make_sample_pa_enc_ts(pa_enc) - krb5_pa_enc_ts * pa_enc; + krb5_pa_enc_ts * pa_enc; { - pa_enc->patimestamp = SAMPLE_TIME; - pa_enc->pausec = SAMPLE_USEC; + pa_enc->patimestamp = SAMPLE_TIME; + pa_enc->pausec = SAMPLE_USEC; - return 0; + return 0; } krb5_error_code ktest_make_sample_sam_challenge(p) - krb5_sam_challenge * p; -{ - krb5_error_code retval; - - p->magic = KV5M_SAM_CHALLENGE; - p->sam_type = 42; /* information */ - p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */ - p->sam_type_name.data = strdup("type name"); - if (p->sam_type_name.data == NULL) return ENOMEM; - p->sam_type_name.length = strlen(p->sam_type_name.data); - p->sam_track_id.data = 0; - p->sam_track_id.length = 0; - p->sam_challenge_label.data = strdup("challenge label"); - if (p->sam_challenge_label.data == NULL) return ENOMEM; - p->sam_challenge_label.length = strlen(p->sam_challenge_label.data); - p->sam_challenge.data = strdup("challenge ipse"); - if (p->sam_challenge.data == NULL) return ENOMEM; - p->sam_challenge.length = strlen(p->sam_challenge.data); - p->sam_response_prompt.data = strdup("response_prompt ipse"); - if (p->sam_response_prompt.data == NULL) return ENOMEM; - p->sam_response_prompt.length = strlen(p->sam_response_prompt.data); - p->sam_pk_for_sad.data = 0; - p->sam_pk_for_sad.length = 0; - p->sam_nonce = 0x543210; - retval = ktest_make_sample_checksum(&p->sam_cksum); - if(retval) return retval; - - return 0; + krb5_sam_challenge * p; +{ + krb5_error_code retval; + + p->magic = KV5M_SAM_CHALLENGE; + p->sam_type = 42; /* information */ + p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */ + p->sam_type_name.data = strdup("type name"); + if (p->sam_type_name.data == NULL) return ENOMEM; + p->sam_type_name.length = strlen(p->sam_type_name.data); + p->sam_track_id.data = 0; + p->sam_track_id.length = 0; + p->sam_challenge_label.data = strdup("challenge label"); + if (p->sam_challenge_label.data == NULL) return ENOMEM; + p->sam_challenge_label.length = strlen(p->sam_challenge_label.data); + p->sam_challenge.data = strdup("challenge ipse"); + if (p->sam_challenge.data == NULL) return ENOMEM; + p->sam_challenge.length = strlen(p->sam_challenge.data); + p->sam_response_prompt.data = strdup("response_prompt ipse"); + if (p->sam_response_prompt.data == NULL) return ENOMEM; + p->sam_response_prompt.length = strlen(p->sam_response_prompt.data); + p->sam_pk_for_sad.data = 0; + p->sam_pk_for_sad.length = 0; + p->sam_nonce = 0x543210; + retval = ktest_make_sample_checksum(&p->sam_cksum); + if (retval) return retval; + + return 0; } krb5_error_code ktest_make_sample_sam_response(p) - krb5_sam_response * p; + krb5_sam_response * p; +{ + p->magic = KV5M_SAM_RESPONSE; + p->sam_type = 42; /* information */ + p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */ + p->sam_track_id.data = strdup("track data"); + if (p->sam_track_id.data == NULL) return ENOMEM; + p->sam_track_id.length = strlen(p->sam_track_id.data); + p->sam_enc_key.ciphertext.data = strdup("key"); + if (p->sam_enc_key.ciphertext.data == NULL) return ENOMEM; + p->sam_enc_key.ciphertext.length = strlen(p->sam_enc_key.ciphertext.data); + p->sam_enc_key.enctype = ENCTYPE_DES_CBC_CRC; + p->sam_enc_key.kvno = 1942; + p->sam_enc_nonce_or_ts.ciphertext.data = strdup("nonce or ts"); + if (p->sam_enc_nonce_or_ts.ciphertext.data == NULL) return ENOMEM; + p->sam_enc_nonce_or_ts.ciphertext.length = + strlen(p->sam_enc_nonce_or_ts.ciphertext.data); + p->sam_enc_nonce_or_ts.enctype = ENCTYPE_DES_CBC_CRC; + p->sam_enc_nonce_or_ts.kvno = 3382; + p->sam_nonce = 0x543210; + p->sam_patimestamp = SAMPLE_TIME; + + return 0; +} +krb5_error_code ktest_make_sample_sam_response_2(p) + krb5_sam_response_2 * p; +{ + p->magic = KV5M_SAM_RESPONSE; + p->sam_type = 43; /* information */ + p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */ + p->sam_track_id.data = strdup("track data"); + if (p->sam_track_id.data == NULL) return ENOMEM; + p->sam_track_id.length = strlen(p->sam_track_id.data); + p->sam_enc_nonce_or_sad.ciphertext.data = strdup("nonce or sad"); + if (p->sam_enc_nonce_or_sad.ciphertext.data == NULL) return ENOMEM; + p->sam_enc_nonce_or_sad.ciphertext.length = + strlen(p->sam_enc_nonce_or_sad.ciphertext.data); + p->sam_enc_nonce_or_sad.enctype = ENCTYPE_DES_CBC_CRC; + p->sam_enc_nonce_or_sad.kvno = 3382; + p->sam_nonce = 0x543210; + + return 0; +} + +krb5_error_code ktest_make_sample_sam_key(p) + krb5_sam_key *p; { - p->magic = KV5M_SAM_RESPONSE; - p->sam_type = 42; /* information */ - p->sam_flags = KRB5_SAM_USE_SAD_AS_KEY; /* KRB5_SAM_* values */ - p->sam_track_id.data = strdup("track data"); - if (p->sam_track_id.data == NULL) return ENOMEM; - p->sam_track_id.length = strlen(p->sam_track_id.data); - p->sam_enc_key.ciphertext.data = strdup("key"); - if (p->sam_enc_key.ciphertext.data == NULL) return ENOMEM; - p->sam_enc_key.ciphertext.length = strlen(p->sam_enc_key.ciphertext.data); - p->sam_enc_key.enctype = ENCTYPE_DES_CBC_CRC; - p->sam_enc_key.kvno = 1942; - p->sam_enc_nonce_or_ts.ciphertext.data = strdup("nonce or ts"); - if (p->sam_enc_nonce_or_ts.ciphertext.data == NULL) return ENOMEM; - p->sam_enc_nonce_or_ts.ciphertext.length = - strlen(p->sam_enc_nonce_or_ts.ciphertext.data); - p->sam_enc_nonce_or_ts.enctype = ENCTYPE_DES_CBC_CRC; - p->sam_enc_nonce_or_ts.kvno = 3382; - p->sam_nonce = 0x543210; - p->sam_patimestamp = SAMPLE_TIME; + p->magic = 99; + return ktest_make_sample_keyblock(&p->sam_key); +} - return 0; +krb5_error_code ktest_make_sample_enc_sam_response_enc(p) + krb5_enc_sam_response_enc *p; +{ + p->magic = 78; + p->sam_nonce = 78634; + p->sam_timestamp = 99999; + p->sam_usec = 399; + p->sam_sad.data = strdup("enc_sam_response_enc"); + if (p->sam_sad.data == NULL) return ENOMEM; + p->sam_sad.length = strlen(p->sam_sad.data); + return 0; } +krb5_error_code ktest_make_sample_enc_sam_response_enc_2(p) + krb5_enc_sam_response_enc_2 *p; +{ + p->magic = 83; + p->sam_nonce = 88; + p->sam_sad.data = strdup("enc_sam_response_enc_2"); + if (p->sam_sad.data == NULL) return ENOMEM; + p->sam_sad.length = strlen(p->sam_sad.data); + return 0; +} +#ifdef ENABLE_LDAP +static krb5_error_code ktest_make_sample_key_data(krb5_key_data *p, int i) +{ + char *str; + int len; + p->key_data_ver = 2; + p->key_data_kvno = 42; + len = asprintf(&str, "key%d", i); + p->key_data_type[0] = 2; + p->key_data_length[0] = (unsigned int) len; + p->key_data_contents[0] = (krb5_octet *) str; + len = asprintf(&str, "salt%d", i); + p->key_data_type[1] = i; + p->key_data_length[1] = (unsigned int) len; + p->key_data_contents[1] = (krb5_octet *) str; + if (p->key_data_contents[0] == NULL || p->key_data_contents[1] == NULL) + return ENOMEM; + return 0; +} +krb5_error_code ktest_make_sample_ldap_seqof_key_data(p) + ldap_seqof_key_data *p; +{ + int i; + p->mkvno = 14; + p->n_key_data = 3; + p->key_data = calloc(3,sizeof(krb5_key_data)); + for (i = 0; i < 3; i++) { + krb5_error_code ret; + ret = ktest_make_sample_key_data(&p->key_data[i], i); + if (ret) return ret; + } + return 0; +} +#endif + +krb5_error_code ktest_make_sample_predicted_sam_response(p) + krb5_predicted_sam_response *p; +{ + krb5_error_code retval; + + p->magic = 79; + retval = ktest_make_sample_keyblock(&p->sam_key); + if (retval) return retval; + p->sam_flags = 9; + p->stime = 17; + p->susec = 18; + retval = ktest_make_sample_principal(&p->client); + if (retval) return retval; + retval = krb5_data_parse(&p->msd, "hello"); + if (retval) return retval; + return 0; +} /****************************************************************/ /* destructors */ void ktest_destroy_data(d) - krb5_data ** d; + krb5_data ** d; { - if(*d != NULL){ - if((*d)->data != NULL) free((*d)->data); - free(*d); - *d = NULL; - } + if (*d != NULL) { + if ((*d)->data != NULL) free((*d)->data); + free(*d); + *d = NULL; + } } void ktest_empty_data(d) - krb5_data * d; + krb5_data * d; { - if(d->data != NULL){ - free(d->data); - d->data = NULL; - d->length = 0; - } + if (d->data != NULL) { + free(d->data); + d->data = NULL; + d->length = 0; + } } void ktest_destroy_checksum(cs) - krb5_checksum ** cs; + krb5_checksum ** cs; { - if(*cs != NULL){ - if((*cs)->contents != NULL) free((*cs)->contents); - free(*cs); - *cs = NULL; - } + if (*cs != NULL) { + if ((*cs)->contents != NULL) free((*cs)->contents); + free(*cs); + *cs = NULL; + } } void ktest_empty_keyblock(kb) - krb5_keyblock * kb; + krb5_keyblock * kb; { - if (kb != NULL) { - if (kb->contents) { - free (kb->contents); - kb->contents = NULL; + if (kb != NULL) { + if (kb->contents) { + free (kb->contents); + kb->contents = NULL; + } } - } } void ktest_destroy_keyblock(kb) - krb5_keyblock ** kb; + krb5_keyblock ** kb; { - if(*kb != NULL){ - if((*kb)->contents != NULL) free((*kb)->contents); - free(*kb); - *kb = NULL; - } + if (*kb != NULL) { + if ((*kb)->contents != NULL) free((*kb)->contents); + free(*kb); + *kb = NULL; + } } void ktest_empty_authorization_data(ad) - krb5_authdata ** ad; + krb5_authdata ** ad; { - int i; + int i; - if(*ad != NULL) { - for(i=0; ad[i] != NULL; i++) - ktest_destroy_authdata(&(ad[i])); - } + if (*ad != NULL) { + for (i=0; ad[i] != NULL; i++) + ktest_destroy_authdata(&(ad[i])); + } } void ktest_destroy_authorization_data(ad) - krb5_authdata *** ad; + krb5_authdata *** ad; { - ktest_empty_authorization_data(*ad); - free(*ad); - *ad = NULL; + ktest_empty_authorization_data(*ad); + free(*ad); + *ad = NULL; } void ktest_destroy_authdata(ad) - krb5_authdata ** ad; + krb5_authdata ** ad; { - if(*ad != NULL){ - if((*ad)->contents != NULL) free((*ad)->contents); - free(*ad); - *ad = NULL; - } + if (*ad != NULL) { + if ((*ad)->contents != NULL) free((*ad)->contents); + free(*ad); + *ad = NULL; + } } void ktest_empty_pa_data_array(pad) - krb5_pa_data ** pad; + krb5_pa_data ** pad; { - int i; + int i; - for(i=0; pad[i] != NULL; i++) - ktest_destroy_pa_data(&(pad[i])); + for (i=0; pad[i] != NULL; i++) + ktest_destroy_pa_data(&(pad[i])); } void ktest_destroy_pa_data_array(pad) - krb5_pa_data *** pad; + krb5_pa_data *** pad; { - ktest_empty_pa_data_array(*pad); - free(*pad); - *pad = NULL; + ktest_empty_pa_data_array(*pad); + free(*pad); + *pad = NULL; } void ktest_destroy_pa_data(pad) - krb5_pa_data ** pad; + krb5_pa_data ** pad; { - if(*pad != NULL){ - if((*pad)->contents != NULL) free((*pad)->contents); - free(*pad); - *pad = NULL; - } + if (*pad != NULL) { + if ((*pad)->contents != NULL) free((*pad)->contents); + free(*pad); + *pad = NULL; + } } void ktest_destroy_address(a) - krb5_address ** a; + krb5_address ** a; { - if(*a != NULL){ - if((*a)->contents != NULL) free((*a)->contents); - free(*a); - *a = NULL; - } + if (*a != NULL) { + if ((*a)->contents != NULL) free((*a)->contents); + free(*a); + *a = NULL; + } } void ktest_empty_addresses(a) - krb5_address ** a; + krb5_address ** a; { - int i; + int i; - for(i=0; a[i] != NULL; i++) - ktest_destroy_address(&(a[i])); + for (i=0; a[i] != NULL; i++) + ktest_destroy_address(&(a[i])); } void ktest_destroy_addresses(a) - krb5_address *** a; + krb5_address *** a; { - ktest_empty_addresses(*a); - free(*a); - *a = NULL; + ktest_empty_addresses(*a); + free(*a); + *a = NULL; } void ktest_destroy_principal(p) - krb5_principal * p; + krb5_principal * p; { - int i; + int i; - for(i=0; i<(*p)->length; i++) - ktest_empty_data(&(((*p)->data)[i])); - ktest_empty_data(&((*p)->realm)); - free((*p)->data); - free(*p); - *p = NULL; + for (i=0; i<(*p)->length; i++) + ktest_empty_data(&(((*p)->data)[i])); + ktest_empty_data(&((*p)->realm)); + free((*p)->data); + free(*p); + *p = NULL; } void ktest_destroy_sequence_of_integer(soi) - long ** soi; + long ** soi; { - free(*soi); - *soi = NULL; + free(*soi); + *soi = NULL; } #if 0 void ktest_destroy_sequence_of_enctype(soi) - krb5_enctype ** soi; + krb5_enctype ** soi; { - free(*soi); - *soi = NULL; + free(*soi); + *soi = NULL; } #endif void ktest_destroy_sequence_of_ticket(sot) - krb5_ticket *** sot; + krb5_ticket *** sot; { - int i; + int i; - for(i=0; (*sot)[i] != NULL; i++) - ktest_destroy_ticket(&((*sot)[i])); - free(*sot); - *sot = NULL; + for (i=0; (*sot)[i] != NULL; i++) + ktest_destroy_ticket(&((*sot)[i])); + free(*sot); + *sot = NULL; } void ktest_destroy_ticket(tkt) - krb5_ticket ** tkt; + krb5_ticket ** tkt; { - ktest_destroy_principal(&((*tkt)->server)); - ktest_destroy_enc_data(&((*tkt)->enc_part)); - /* ktest_empty_enc_tkt_part(((*tkt)->enc_part2));*/ - free(*tkt); - *tkt = NULL; + ktest_destroy_principal(&((*tkt)->server)); + ktest_destroy_enc_data(&((*tkt)->enc_part)); + /* ktest_empty_enc_tkt_part(((*tkt)->enc_part2));*/ + free(*tkt); + *tkt = NULL; } void ktest_empty_ticket(tkt) - krb5_ticket * tkt; -{ - if(tkt->server) - ktest_destroy_principal(&((tkt)->server)); - ktest_destroy_enc_data(&((tkt)->enc_part)); - if (tkt->enc_part2) { - ktest_destroy_enc_tkt_part(&(tkt->enc_part2)); - } + krb5_ticket * tkt; +{ + if (tkt->server) + ktest_destroy_principal(&((tkt)->server)); + ktest_destroy_enc_data(&((tkt)->enc_part)); + if (tkt->enc_part2) { + ktest_destroy_enc_tkt_part(&(tkt->enc_part2)); + } } void ktest_destroy_enc_data(ed) - krb5_enc_data * ed; + krb5_enc_data * ed; { - ktest_empty_data(&(ed->ciphertext)); - ed->kvno = 0; + ktest_empty_data(&(ed->ciphertext)); + ed->kvno = 0; } void ktest_destroy_etype_info_entry(i) @@ -1001,291 +1098,338 @@ void ktest_destroy_etype_info_entry(i) void ktest_destroy_etype_info(info) krb5_etype_info_entry **info; { - int i; + int i; - for(i=0; info[i] != NULL; i++) - ktest_destroy_etype_info_entry(info[i]); - free(info); + for (i=0; info[i] != NULL; i++) + ktest_destroy_etype_info_entry(info[i]); + free(info); } void ktest_empty_kdc_req(kr) - krb5_kdc_req *kr; + krb5_kdc_req *kr; { - if (kr->padata) - ktest_destroy_pa_data_array(&(kr->padata)); + if (kr->padata) + ktest_destroy_pa_data_array(&(kr->padata)); - if (kr->client) - ktest_destroy_principal(&(kr->client)); + if (kr->client) + ktest_destroy_principal(&(kr->client)); - if (kr->server) - ktest_destroy_principal(&(kr->server)); - if (kr->ktype) - free(kr->ktype); - if (kr->addresses) - ktest_destroy_addresses(&(kr->addresses)); - ktest_destroy_enc_data(&(kr->authorization_data)); - if (kr->unenc_authdata) - ktest_destroy_authorization_data(&(kr->unenc_authdata)); - if (kr->second_ticket) - ktest_destroy_sequence_of_ticket(&(kr->second_ticket)); + if (kr->server) + ktest_destroy_principal(&(kr->server)); + if (kr->ktype) + free(kr->ktype); + if (kr->addresses) + ktest_destroy_addresses(&(kr->addresses)); + ktest_destroy_enc_data(&(kr->authorization_data)); + if (kr->unenc_authdata) + ktest_destroy_authorization_data(&(kr->unenc_authdata)); + if (kr->second_ticket) + ktest_destroy_sequence_of_ticket(&(kr->second_ticket)); } void ktest_empty_kdc_rep(kr) - krb5_kdc_rep *kr; + krb5_kdc_rep *kr; { - if (kr->padata) - ktest_destroy_pa_data_array(&(kr->padata)); + if (kr->padata) + ktest_destroy_pa_data_array(&(kr->padata)); - if (kr->client) - ktest_destroy_principal(&(kr->client)); + if (kr->client) + ktest_destroy_principal(&(kr->client)); - if (kr->ticket) - ktest_destroy_ticket(&(kr->ticket)); + if (kr->ticket) + ktest_destroy_ticket(&(kr->ticket)); - ktest_destroy_enc_data(&kr->enc_part); + ktest_destroy_enc_data(&kr->enc_part); - if (kr->enc_part2) { - ktest_empty_enc_kdc_rep_part(kr->enc_part2); - free(kr->enc_part2); - kr->enc_part2 = NULL; - } + if (kr->enc_part2) { + ktest_empty_enc_kdc_rep_part(kr->enc_part2); + free(kr->enc_part2); + kr->enc_part2 = NULL; + } } void ktest_empty_authenticator(a) - krb5_authenticator * a; + krb5_authenticator * a; { - if(a->client) - ktest_destroy_principal(&(a->client)); - if(a->checksum) - ktest_destroy_checksum(&(a->checksum)); - if(a->subkey) - ktest_destroy_keyblock(&(a->subkey)); - if(a->authorization_data) - ktest_destroy_authorization_data(&(a->authorization_data)); + if (a->client) + ktest_destroy_principal(&(a->client)); + if (a->checksum) + ktest_destroy_checksum(&(a->checksum)); + if (a->subkey) + ktest_destroy_keyblock(&(a->subkey)); + if (a->authorization_data) + ktest_destroy_authorization_data(&(a->authorization_data)); } void ktest_empty_enc_tkt_part(etp) - krb5_enc_tkt_part * etp; + krb5_enc_tkt_part * etp; { - if(etp->session) - ktest_destroy_keyblock(&(etp->session)); - if(etp->client) - ktest_destroy_principal(&(etp->client)); - if (etp->caddrs) - ktest_destroy_addresses(&(etp->caddrs)); - if(etp->authorization_data) - ktest_destroy_authorization_data(&(etp->authorization_data)); - ktest_destroy_transited(&(etp->transited)); + if (etp->session) + ktest_destroy_keyblock(&(etp->session)); + if (etp->client) + ktest_destroy_principal(&(etp->client)); + if (etp->caddrs) + ktest_destroy_addresses(&(etp->caddrs)); + if (etp->authorization_data) + ktest_destroy_authorization_data(&(etp->authorization_data)); + ktest_destroy_transited(&(etp->transited)); } void ktest_destroy_enc_tkt_part(etp) - krb5_enc_tkt_part ** etp; + krb5_enc_tkt_part ** etp; { - if(*etp) { - ktest_empty_enc_tkt_part(*etp); - free(*etp); - *etp = NULL; - } + if (*etp) { + ktest_empty_enc_tkt_part(*etp); + free(*etp); + *etp = NULL; + } } void ktest_empty_enc_kdc_rep_part(ekr) - krb5_enc_kdc_rep_part * ekr; + krb5_enc_kdc_rep_part * ekr; { - if(ekr->session) - ktest_destroy_keyblock(&(ekr->session)); + if (ekr->session) + ktest_destroy_keyblock(&(ekr->session)); - if(ekr->server) - ktest_destroy_principal(&(ekr->server)); + if (ekr->server) + ktest_destroy_principal(&(ekr->server)); - if (ekr->caddrs) - ktest_destroy_addresses(&(ekr->caddrs)); - ktest_destroy_last_req(&(ekr->last_req)); + if (ekr->caddrs) + ktest_destroy_addresses(&(ekr->caddrs)); + ktest_destroy_last_req(&(ekr->last_req)); } void ktest_destroy_transited(t) - krb5_transited * t; + krb5_transited * t; { - if(t->tr_contents.data) - ktest_empty_data(&(t->tr_contents)); + if (t->tr_contents.data) + ktest_empty_data(&(t->tr_contents)); } void ktest_empty_ap_rep(ar) - krb5_ap_rep * ar; + krb5_ap_rep * ar; { - ktest_destroy_enc_data(&ar->enc_part); + ktest_destroy_enc_data(&ar->enc_part); } void ktest_empty_ap_req(ar) - krb5_ap_req * ar; + krb5_ap_req * ar; { - if(ar->ticket) - ktest_destroy_ticket(&(ar->ticket)); - ktest_destroy_enc_data(&(ar->authenticator)); + if (ar->ticket) + ktest_destroy_ticket(&(ar->ticket)); + ktest_destroy_enc_data(&(ar->authenticator)); } void ktest_empty_cred_enc_part(cep) - krb5_cred_enc_part * cep; + krb5_cred_enc_part * cep; { - if (cep->s_address) - ktest_destroy_address(&(cep->s_address)); - if (cep->r_address) - ktest_destroy_address(&(cep->r_address)); - if (cep->ticket_info) - ktest_destroy_sequence_of_cred_info(&(cep->ticket_info)); + if (cep->s_address) + ktest_destroy_address(&(cep->s_address)); + if (cep->r_address) + ktest_destroy_address(&(cep->r_address)); + if (cep->ticket_info) + ktest_destroy_sequence_of_cred_info(&(cep->ticket_info)); } void ktest_destroy_cred_info(ci) - krb5_cred_info ** ci; + krb5_cred_info ** ci; { - if((*ci)->session) - ktest_destroy_keyblock(&((*ci)->session)); - if((*ci)->client) - ktest_destroy_principal(&((*ci)->client)); - if((*ci)->server) - ktest_destroy_principal(&((*ci)->server)); - if ((*ci)->caddrs) - ktest_destroy_addresses(&((*ci)->caddrs)); - free(*ci); - *ci = NULL; + if ((*ci)->session) + ktest_destroy_keyblock(&((*ci)->session)); + if ((*ci)->client) + ktest_destroy_principal(&((*ci)->client)); + if ((*ci)->server) + ktest_destroy_principal(&((*ci)->server)); + if ((*ci)->caddrs) + ktest_destroy_addresses(&((*ci)->caddrs)); + free(*ci); + *ci = NULL; } void ktest_destroy_sequence_of_cred_info(soci) - krb5_cred_info *** soci; + krb5_cred_info *** soci; { - int i; + int i; - for(i=0; (*soci)[i] != NULL; i++) - ktest_destroy_cred_info(&((*soci)[i])); - free(*soci); - *soci = NULL; + for (i=0; (*soci)[i] != NULL; i++) + ktest_destroy_cred_info(&((*soci)[i])); + free(*soci); + *soci = NULL; } void ktest_empty_safe(s) - krb5_safe * s; + krb5_safe * s; { - ktest_empty_data(&(s->user_data)); - ktest_destroy_address(&(s->s_address)); - ktest_destroy_address(&(s->r_address)); - ktest_destroy_checksum(&(s->checksum)); + ktest_empty_data(&(s->user_data)); + ktest_destroy_address(&(s->s_address)); + ktest_destroy_address(&(s->r_address)); + ktest_destroy_checksum(&(s->checksum)); } void ktest_empty_priv_enc_part(pep) - krb5_priv_enc_part * pep; + krb5_priv_enc_part * pep; { - ktest_empty_data(&(pep->user_data)); - ktest_destroy_address(&(pep->s_address)); - ktest_destroy_address(&(pep->r_address)); + ktest_empty_data(&(pep->user_data)); + ktest_destroy_address(&(pep->s_address)); + ktest_destroy_address(&(pep->r_address)); } void ktest_empty_priv(p) - krb5_priv * p; + krb5_priv * p; { - ktest_destroy_enc_data(&(p->enc_part)); + ktest_destroy_enc_data(&(p->enc_part)); } void ktest_empty_cred(c) - krb5_cred * c; + krb5_cred * c; { - ktest_destroy_sequence_of_ticket(&(c->tickets)); - ktest_destroy_enc_data(&(c->enc_part)); - /* enc_part2 */ + ktest_destroy_sequence_of_ticket(&(c->tickets)); + ktest_destroy_enc_data(&(c->enc_part)); + /* enc_part2 */ } void ktest_destroy_last_req(lr) - krb5_last_req_entry *** lr; + krb5_last_req_entry *** lr; { - int i; + int i; - if(*lr) { - for(i=0; (*lr)[i] != NULL; i++) { - free((*lr)[i]); + if (*lr) { + for (i=0; (*lr)[i] != NULL; i++) { + free((*lr)[i]); + } + free(*lr); } - free(*lr); - } } void ktest_empty_error(kerr) - krb5_error * kerr; + krb5_error * kerr; { - if(kerr->client) - ktest_destroy_principal(&(kerr->client)); - if(kerr->server) - ktest_destroy_principal(&(kerr->server)); - ktest_empty_data(&(kerr->text)); - ktest_empty_data(&(kerr->e_data)); + if (kerr->client) + ktest_destroy_principal(&(kerr->client)); + if (kerr->server) + ktest_destroy_principal(&(kerr->server)); + ktest_empty_data(&(kerr->text)); + ktest_empty_data(&(kerr->e_data)); } void ktest_empty_ap_rep_enc_part(arep) - krb5_ap_rep_enc_part * arep; + krb5_ap_rep_enc_part * arep; { - ktest_destroy_keyblock(&((arep)->subkey)); + ktest_destroy_keyblock(&((arep)->subkey)); } void ktest_empty_passwd_phrase_element(ppe) - passwd_phrase_element * ppe; + passwd_phrase_element * ppe; { - ktest_destroy_data(&(ppe->passwd)); - ktest_destroy_data(&(ppe->phrase)); + ktest_destroy_data(&(ppe->passwd)); + ktest_destroy_data(&(ppe->phrase)); } void ktest_empty_pwd_data(pd) - krb5_pwd_data * pd; + krb5_pwd_data * pd; { - int i; + int i; - for(i=0; i <= pd->sequence_count; i++){ - if(pd->element[i]) { - ktest_empty_passwd_phrase_element(pd->element[i]); - free(pd->element[i]); - pd->element[i] = NULL; + for (i=0; i <= pd->sequence_count; i++) { + if (pd->element[i]) { + ktest_empty_passwd_phrase_element(pd->element[i]); + free(pd->element[i]); + pd->element[i] = NULL; + } } - } - free(pd->element); + free(pd->element); } void ktest_empty_alt_method(am) - krb5_alt_method *am; + krb5_alt_method *am; { - if (am->data) { - free(am->data); - am->data = NULL; - } + if (am->data) { + free(am->data); + am->data = NULL; + } } void ktest_empty_sam_challenge(p) - krb5_sam_challenge * p; + krb5_sam_challenge * p; +{ + ktest_empty_data(&(p->sam_type_name)); + ktest_empty_data(&(p->sam_track_id)); + ktest_empty_data(&(p->sam_challenge_label)); + ktest_empty_data(&(p->sam_challenge)); + ktest_empty_data(&(p->sam_response_prompt)); + ktest_empty_data(&(p->sam_pk_for_sad)); + + if (p->sam_cksum.contents != NULL) { + free(p->sam_cksum.contents); + p->sam_cksum.contents = NULL; + } + +} + +void ktest_empty_sam_response(p) + krb5_sam_response * p; { - ktest_empty_data(&(p->sam_type_name)); - ktest_empty_data(&(p->sam_track_id)); - ktest_empty_data(&(p->sam_challenge_label)); - ktest_empty_data(&(p->sam_challenge)); - ktest_empty_data(&(p->sam_response_prompt)); - ktest_empty_data(&(p->sam_pk_for_sad)); + ktest_empty_data(&(p->sam_track_id)); + ktest_empty_data(&(p->sam_enc_key.ciphertext)); + ktest_empty_data(&(p->sam_enc_nonce_or_ts.ciphertext)); +} - if(p->sam_cksum.contents != NULL) { - free(p->sam_cksum.contents); - p->sam_cksum.contents = NULL; - } +void ktest_empty_sam_key(p) + krb5_sam_key *p; +{ + if (p->sam_key.contents) + free(p->sam_key.contents); +} +void ktest_empty_predicted_sam_response(p) + krb5_predicted_sam_response *p; +{ + ktest_empty_keyblock(&p->sam_key); + ktest_destroy_principal(&p->client); + ktest_empty_data(&p->msd); } -void ktest_empty_sam_response(p) - krb5_sam_response * p; +void ktest_empty_enc_sam_response_enc(p) + krb5_enc_sam_response_enc *p; +{ + ktest_empty_data(&p->sam_sad); +} + +void ktest_empty_sam_response_2(p) + krb5_sam_response_2 *p; +{ + ktest_empty_data(&p->sam_track_id); + ktest_empty_data(&p->sam_enc_nonce_or_sad.ciphertext); +} +void ktest_empty_enc_sam_response_enc_2(p) + krb5_enc_sam_response_enc_2 *p; +{ + ktest_empty_data(&p->sam_sad); +} + +#ifdef ENABLE_LDAP +void ktest_empty_ldap_seqof_key_data(ctx, p) + krb5_context ctx; + ldap_seqof_key_data *p; { - ktest_empty_data(&(p->sam_track_id)); - ktest_empty_data(&(p->sam_enc_key.ciphertext)); - ktest_empty_data(&(p->sam_enc_nonce_or_ts.ciphertext)); + int i; + for (i = 0; i < p->n_key_data; i++) { + free(p->key_data[i].key_data_contents[0]); + free(p->key_data[i].key_data_contents[1]); + } + free(p->key_data); } +#endif diff --git a/src/tests/asn.1/ktest.h b/src/tests/asn.1/ktest.h index 915f36a009..af7c9acc8c 100644 --- a/src/tests/asn.1/ktest.h +++ b/src/tests/asn.1/ktest.h @@ -2,6 +2,7 @@ #define __KTEST_H__ #include "k5-int.h" +#include "kdb.h" #define SAMPLE_USEC 123456 #define SAMPLE_TIME 771228197 /* Fri Jun 10 6:03:17 GMT 1994 */ @@ -97,7 +98,18 @@ krb5_error_code ktest_make_sample_sam_challenge (krb5_sam_challenge * p); krb5_error_code ktest_make_sample_sam_response (krb5_sam_response * p); +krb5_error_code ktest_make_sample_sam_response_2 + (krb5_sam_response_2 * p); +krb5_error_code ktest_make_sample_sam_key(krb5_sam_key *p); +krb5_error_code ktest_make_sample_enc_sam_response_enc + (krb5_enc_sam_response_enc *p); +krb5_error_code ktest_make_sample_predicted_sam_response(krb5_predicted_sam_response *p); +krb5_error_code ktest_make_sample_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p); + +#ifdef ENABLE_LDAP +krb5_error_code ktest_make_sample_ldap_seqof_key_data(ldap_seqof_key_data * p); +#endif /*----------------------------------------------------------------------*/ void ktest_empty_authorization_data @@ -197,6 +209,15 @@ void ktest_empty_sam_challenge (krb5_sam_challenge * p); void ktest_empty_sam_response (krb5_sam_response * p); +void ktest_empty_sam_key(krb5_sam_key *p); +void ktest_empty_enc_sam_response_enc(krb5_enc_sam_response_enc *p); +void ktest_empty_predicted_sam_response(krb5_predicted_sam_response *p); +void ktest_empty_sam_response_2(krb5_sam_response_2 *p); +void ktest_empty_enc_sam_response_enc_2(krb5_enc_sam_response_enc_2 *p); + +#ifdef ENABLE_LDAP +void ktest_empty_ldap_seqof_key_data(krb5_context, ldap_seqof_key_data *p); +#endif extern krb5_context test_context; extern char *sample_principal_name; diff --git a/src/tests/asn.1/ktest_equal.c b/src/tests/asn.1/ktest_equal.c index 7f2fa44b1e..5ec0a01dc6 100644 --- a/src/tests/asn.1/ktest_equal.c +++ b/src/tests/asn.1/ktest_equal.c @@ -5,464 +5,464 @@ #define FALSE 0 #define TRUE 1 -#define struct_equal(field,comparator)\ -comparator(&(ref->field),&(var->field)) +#define struct_equal(field,comparator) \ + comparator(&(ref->field),&(var->field)) -#define ptr_equal(field,comparator)\ -comparator(ref->field,var->field) +#define ptr_equal(field,comparator) \ + comparator(ref->field,var->field) -#define scalar_equal(field)\ -((ref->field) == (var->field)) +#define scalar_equal(field) \ + ((ref->field) == (var->field)) -#define len_equal(length,field,comparator)\ -((ref->length == var->length) && \ - comparator(ref->length,ref->field,var->field)) +#define len_equal(length,field,comparator) \ + ((ref->length == var->length) && \ + comparator(ref->length,ref->field,var->field)) int ktest_equal_authenticator(ref, var) - krb5_authenticator * ref; - krb5_authenticator * var; -{ - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p = p && ptr_equal(client,ktest_equal_principal_data); - p = p && ptr_equal(checksum,ktest_equal_checksum); - p = p && scalar_equal(cusec); - p = p && scalar_equal(ctime); - p = p && ptr_equal(subkey,ktest_equal_keyblock); - p = p && scalar_equal(seq_number); - p = p && ptr_equal(authorization_data,ktest_equal_authorization_data); - return p; + krb5_authenticator * ref; + krb5_authenticator * var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p = p && ptr_equal(client,ktest_equal_principal_data); + p = p && ptr_equal(checksum,ktest_equal_checksum); + p = p && scalar_equal(cusec); + p = p && scalar_equal(ctime); + p = p && ptr_equal(subkey,ktest_equal_keyblock); + p = p && scalar_equal(seq_number); + p = p && ptr_equal(authorization_data,ktest_equal_authorization_data); + return p; } int ktest_equal_principal_data(ref, var) - krb5_principal_data * ref; - krb5_principal_data * var; + krb5_principal_data * ref; + krb5_principal_data * var; { - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - return(struct_equal(realm,ktest_equal_data) && - len_equal(length,data,ktest_equal_array_of_data) && - scalar_equal(type)); + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + return(struct_equal(realm,ktest_equal_data) && + len_equal(length,data,ktest_equal_array_of_data) && + scalar_equal(type)); } int ktest_equal_authdata(ref, var) - krb5_authdata * ref; - krb5_authdata * var; + krb5_authdata * ref; + krb5_authdata * var; { - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - return(scalar_equal(ad_type) && - len_equal(length,contents,ktest_equal_array_of_octet)); + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + return(scalar_equal(ad_type) && + len_equal(length,contents,ktest_equal_array_of_octet)); } int ktest_equal_checksum(ref, var) - krb5_checksum * ref; - krb5_checksum * var; + krb5_checksum * ref; + krb5_checksum * var; { - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - return(scalar_equal(checksum_type) && len_equal(length,contents,ktest_equal_array_of_octet)); + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + return(scalar_equal(checksum_type) && len_equal(length,contents,ktest_equal_array_of_octet)); } int ktest_equal_keyblock(ref, var) - krb5_keyblock * ref; - krb5_keyblock * var; + krb5_keyblock * ref; + krb5_keyblock * var; { - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - return(scalar_equal(enctype) && len_equal(length,contents,ktest_equal_array_of_octet)); + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + return(scalar_equal(enctype) && len_equal(length,contents,ktest_equal_array_of_octet)); } int ktest_equal_data(ref, var) - krb5_data * ref; - krb5_data * var; + krb5_data * ref; + krb5_data * var; { - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - return(len_equal(length,data,ktest_equal_array_of_char)); + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + return(len_equal(length,data,ktest_equal_array_of_char)); } int ktest_equal_ticket(ref, var) - krb5_ticket * ref; - krb5_ticket * var; + krb5_ticket * ref; + krb5_ticket * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p = p && ptr_equal(server,ktest_equal_principal_data); - p = p && struct_equal(enc_part,ktest_equal_enc_data); - /* enc_part2 is irrelevant, as far as the ASN.1 code is concerned */ - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p = p && ptr_equal(server,ktest_equal_principal_data); + p = p && struct_equal(enc_part,ktest_equal_enc_data); + /* enc_part2 is irrelevant, as far as the ASN.1 code is concerned */ + return p; } int ktest_equal_enc_data(ref, var) - krb5_enc_data * ref; - krb5_enc_data * var; + krb5_enc_data * ref; + krb5_enc_data * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(enctype); - p=p&&scalar_equal(kvno); - p=p&&struct_equal(ciphertext,ktest_equal_data); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(enctype); + p=p&&scalar_equal(kvno); + p=p&&struct_equal(ciphertext,ktest_equal_data); + return p; } int ktest_equal_encryption_key(ref, var) - krb5_keyblock * ref; - krb5_keyblock * var; + krb5_keyblock * ref; + krb5_keyblock * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p = p && scalar_equal(enctype); - p = p && len_equal(length,contents,ktest_equal_array_of_octet); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p = p && scalar_equal(enctype); + p = p && len_equal(length,contents,ktest_equal_array_of_octet); + return p; } int ktest_equal_enc_tkt_part(ref, var) - krb5_enc_tkt_part * ref; - krb5_enc_tkt_part * var; -{ - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p = p && scalar_equal(flags); - p = p && ptr_equal(session,ktest_equal_encryption_key); - p = p && ptr_equal(client,ktest_equal_principal_data); - p = p && struct_equal(transited,ktest_equal_transited); - p = p && struct_equal(times,ktest_equal_ticket_times); - p = p && ptr_equal(caddrs,ktest_equal_addresses); - p = p && ptr_equal(authorization_data,ktest_equal_authorization_data); - return p; + krb5_enc_tkt_part * ref; + krb5_enc_tkt_part * var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p = p && scalar_equal(flags); + p = p && ptr_equal(session,ktest_equal_encryption_key); + p = p && ptr_equal(client,ktest_equal_principal_data); + p = p && struct_equal(transited,ktest_equal_transited); + p = p && struct_equal(times,ktest_equal_ticket_times); + p = p && ptr_equal(caddrs,ktest_equal_addresses); + p = p && ptr_equal(authorization_data,ktest_equal_authorization_data); + return p; } int ktest_equal_transited(ref, var) - krb5_transited * ref; - krb5_transited * var; + krb5_transited * ref; + krb5_transited * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p = p && scalar_equal(tr_type); - p = p && struct_equal(tr_contents,ktest_equal_data); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p = p && scalar_equal(tr_type); + p = p && struct_equal(tr_contents,ktest_equal_data); + return p; } int ktest_equal_ticket_times(ref, var) - krb5_ticket_times * ref; - krb5_ticket_times * var; + krb5_ticket_times * ref; + krb5_ticket_times * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p = p && scalar_equal(authtime); - p = p && scalar_equal(starttime); - p = p && scalar_equal(endtime); - p = p && scalar_equal(renew_till); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p = p && scalar_equal(authtime); + p = p && scalar_equal(starttime); + p = p && scalar_equal(endtime); + p = p && scalar_equal(renew_till); + return p; } int ktest_equal_address(ref, var) - krb5_address * ref; - krb5_address * var; + krb5_address * ref; + krb5_address * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(addrtype); - p=p&&len_equal(length,contents,ktest_equal_array_of_octet); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(addrtype); + p=p&&len_equal(length,contents,ktest_equal_array_of_octet); + return p; } int ktest_equal_enc_kdc_rep_part(ref, var) - krb5_enc_kdc_rep_part * ref; - krb5_enc_kdc_rep_part * var; -{ - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&ptr_equal(session,ktest_equal_keyblock); - p=p&&ptr_equal(last_req,ktest_equal_last_req); - p=p&&scalar_equal(nonce); - p=p&&scalar_equal(key_exp); - p=p&&scalar_equal(flags); - p=p&&struct_equal(times,ktest_equal_ticket_times); - p=p&&ptr_equal(server,ktest_equal_principal_data); - p=p&&ptr_equal(caddrs,ktest_equal_addresses); - return p; + krb5_enc_kdc_rep_part * ref; + krb5_enc_kdc_rep_part * var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&ptr_equal(session,ktest_equal_keyblock); + p=p&&ptr_equal(last_req,ktest_equal_last_req); + p=p&&scalar_equal(nonce); + p=p&&scalar_equal(key_exp); + p=p&&scalar_equal(flags); + p=p&&struct_equal(times,ktest_equal_ticket_times); + p=p&&ptr_equal(server,ktest_equal_principal_data); + p=p&&ptr_equal(caddrs,ktest_equal_addresses); + return p; } int ktest_equal_priv(ref, var) - krb5_priv * ref; - krb5_priv * var; + krb5_priv * ref; + krb5_priv * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&struct_equal(enc_part,ktest_equal_enc_data); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&struct_equal(enc_part,ktest_equal_enc_data); + return p; } int ktest_equal_cred(ref, var) - krb5_cred * ref; - krb5_cred * var; + krb5_cred * ref; + krb5_cred * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&ptr_equal(tickets,ktest_equal_sequence_of_ticket); - p=p&&struct_equal(enc_part,ktest_equal_enc_data); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&ptr_equal(tickets,ktest_equal_sequence_of_ticket); + p=p&&struct_equal(enc_part,ktest_equal_enc_data); + return p; } int ktest_equal_error(ref, var) - krb5_error * ref; - krb5_error * var; -{ - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(ctime); - p=p&&scalar_equal(cusec); - p=p&&scalar_equal(susec); - p=p&&scalar_equal(stime); - p=p&&scalar_equal(error); - p=p&&ptr_equal(client,ktest_equal_principal_data); - p=p&&ptr_equal(server,ktest_equal_principal_data); - p=p&&struct_equal(text,ktest_equal_data); - p=p&&struct_equal(e_data,ktest_equal_data); - return p; + krb5_error * ref; + krb5_error * var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(ctime); + p=p&&scalar_equal(cusec); + p=p&&scalar_equal(susec); + p=p&&scalar_equal(stime); + p=p&&scalar_equal(error); + p=p&&ptr_equal(client,ktest_equal_principal_data); + p=p&&ptr_equal(server,ktest_equal_principal_data); + p=p&&struct_equal(text,ktest_equal_data); + p=p&&struct_equal(e_data,ktest_equal_data); + return p; } int ktest_equal_ap_req(ref, var) - krb5_ap_req * ref; - krb5_ap_req * var; + krb5_ap_req * ref; + krb5_ap_req * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(ap_options); - p=p&&ptr_equal(ticket,ktest_equal_ticket); - p=p&&struct_equal(authenticator,ktest_equal_enc_data); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(ap_options); + p=p&&ptr_equal(ticket,ktest_equal_ticket); + p=p&&struct_equal(authenticator,ktest_equal_enc_data); + return p; } int ktest_equal_ap_rep(ref, var) - krb5_ap_rep * ref; - krb5_ap_rep * var; + krb5_ap_rep * ref; + krb5_ap_rep * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&struct_equal(enc_part,ktest_equal_enc_data); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&struct_equal(enc_part,ktest_equal_enc_data); + return p; } int ktest_equal_ap_rep_enc_part(ref, var) - krb5_ap_rep_enc_part * ref; - krb5_ap_rep_enc_part * var; + krb5_ap_rep_enc_part * ref; + krb5_ap_rep_enc_part * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(ctime); - p=p&&scalar_equal(cusec); - p=p&&ptr_equal(subkey,ktest_equal_encryption_key); - p=p&&scalar_equal(seq_number); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(ctime); + p=p&&scalar_equal(cusec); + p=p&&ptr_equal(subkey,ktest_equal_encryption_key); + p=p&&scalar_equal(seq_number); + return p; } int ktest_equal_safe(ref, var) - krb5_safe * ref; - krb5_safe * var; + krb5_safe * ref; + krb5_safe * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&struct_equal(user_data,ktest_equal_data); - p=p&&scalar_equal(timestamp); - p=p&&scalar_equal(usec); - p=p&&scalar_equal(seq_number); - p=p&&ptr_equal(s_address,ktest_equal_address); - p=p&&ptr_equal(r_address,ktest_equal_address); - p=p&&ptr_equal(checksum,ktest_equal_checksum); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&struct_equal(user_data,ktest_equal_data); + p=p&&scalar_equal(timestamp); + p=p&&scalar_equal(usec); + p=p&&scalar_equal(seq_number); + p=p&&ptr_equal(s_address,ktest_equal_address); + p=p&&ptr_equal(r_address,ktest_equal_address); + p=p&&ptr_equal(checksum,ktest_equal_checksum); + return p; } int ktest_equal_enc_cred_part(ref, var) - krb5_cred_enc_part * ref; - krb5_cred_enc_part * var; + krb5_cred_enc_part * ref; + krb5_cred_enc_part * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(nonce); - p=p&&scalar_equal(timestamp); - p=p&&scalar_equal(usec); - p=p&&ptr_equal(s_address,ktest_equal_address); - p=p&&ptr_equal(r_address,ktest_equal_address); - p=p&&ptr_equal(ticket_info,ktest_equal_sequence_of_cred_info); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(nonce); + p=p&&scalar_equal(timestamp); + p=p&&scalar_equal(usec); + p=p&&ptr_equal(s_address,ktest_equal_address); + p=p&&ptr_equal(r_address,ktest_equal_address); + p=p&&ptr_equal(ticket_info,ktest_equal_sequence_of_cred_info); + return p; } int ktest_equal_enc_priv_part(ref, var) - krb5_priv_enc_part * ref; - krb5_priv_enc_part * var; + krb5_priv_enc_part * ref; + krb5_priv_enc_part * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&struct_equal(user_data,ktest_equal_data); - p=p&&scalar_equal(timestamp); - p=p&&scalar_equal(usec); - p=p&&scalar_equal(seq_number); - p=p&&ptr_equal(s_address,ktest_equal_address); - p=p&&ptr_equal(r_address,ktest_equal_address); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&struct_equal(user_data,ktest_equal_data); + p=p&&scalar_equal(timestamp); + p=p&&scalar_equal(usec); + p=p&&scalar_equal(seq_number); + p=p&&ptr_equal(s_address,ktest_equal_address); + p=p&&ptr_equal(r_address,ktest_equal_address); + return p; } int ktest_equal_as_rep(ref, var) - krb5_kdc_rep * ref; - krb5_kdc_rep * var; + krb5_kdc_rep * ref; + krb5_kdc_rep * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(msg_type); - p=p&&ptr_equal(padata,ktest_equal_sequence_of_pa_data); - p=p&&ptr_equal(client,ktest_equal_principal_data); - p=p&&ptr_equal(ticket,ktest_equal_ticket); - p=p&&struct_equal(enc_part,ktest_equal_enc_data); - p=p&&ptr_equal(enc_part2,ktest_equal_enc_kdc_rep_part); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(msg_type); + p=p&&ptr_equal(padata,ktest_equal_sequence_of_pa_data); + p=p&&ptr_equal(client,ktest_equal_principal_data); + p=p&&ptr_equal(ticket,ktest_equal_ticket); + p=p&&struct_equal(enc_part,ktest_equal_enc_data); + p=p&&ptr_equal(enc_part2,ktest_equal_enc_kdc_rep_part); + return p; } int ktest_equal_tgs_rep(ref, var) - krb5_kdc_rep * ref; - krb5_kdc_rep * var; + krb5_kdc_rep * ref; + krb5_kdc_rep * var; { - return ktest_equal_as_rep(ref,var); + return ktest_equal_as_rep(ref,var); } int ktest_equal_as_req(ref, var) - krb5_kdc_req * ref; - krb5_kdc_req * var; -{ - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(msg_type); - p=p&&ptr_equal(padata,ktest_equal_sequence_of_pa_data); - p=p&&scalar_equal(kdc_options); - p=p&&ptr_equal(client,ktest_equal_principal_data); - p=p&&ptr_equal(server,ktest_equal_principal_data); - p=p&&scalar_equal(from); - p=p&&scalar_equal(till); - p=p&&scalar_equal(rtime); - p=p&&scalar_equal(nonce); - p=p&&len_equal(nktypes,ktype,ktest_equal_array_of_enctype); - p=p&&ptr_equal(addresses,ktest_equal_addresses); - p=p&&struct_equal(authorization_data,ktest_equal_enc_data); + krb5_kdc_req * ref; + krb5_kdc_req * var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(msg_type); + p=p&&ptr_equal(padata,ktest_equal_sequence_of_pa_data); + p=p&&scalar_equal(kdc_options); + p=p&&ptr_equal(client,ktest_equal_principal_data); + p=p&&ptr_equal(server,ktest_equal_principal_data); + p=p&&scalar_equal(from); + p=p&&scalar_equal(till); + p=p&&scalar_equal(rtime); + p=p&&scalar_equal(nonce); + p=p&&len_equal(nktypes,ktype,ktest_equal_array_of_enctype); + p=p&&ptr_equal(addresses,ktest_equal_addresses); + p=p&&struct_equal(authorization_data,ktest_equal_enc_data); /* This field isn't actually in the ASN.1 encoding. */ /* p=p&&ptr_equal(unenc_authdata,ktest_equal_authorization_data); */ - return p; + return p; } int ktest_equal_tgs_req(ref, var) - krb5_kdc_req * ref; - krb5_kdc_req * var; + krb5_kdc_req * ref; + krb5_kdc_req * var; { - return ktest_equal_as_req(ref,var); + return ktest_equal_as_req(ref,var); } int ktest_equal_kdc_req_body(ref, var) - krb5_kdc_req * ref; - krb5_kdc_req * var; -{ - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(kdc_options); - p=p&&ptr_equal(client,ktest_equal_principal_data); - p=p&&ptr_equal(server,ktest_equal_principal_data); - p=p&&scalar_equal(from); - p=p&&scalar_equal(till); - p=p&&scalar_equal(rtime); - p=p&&scalar_equal(nonce); - p=p&&len_equal(nktypes,ktype,ktest_equal_array_of_enctype); - p=p&&ptr_equal(addresses,ktest_equal_addresses); - p=p&&struct_equal(authorization_data,ktest_equal_enc_data); - /* This isn't part of the ASN.1 encoding. */ - /* p=p&&ptr_equal(unenc_authdata,ktest_equal_authorization_data); */ - return p; + krb5_kdc_req * ref; + krb5_kdc_req * var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(kdc_options); + p=p&&ptr_equal(client,ktest_equal_principal_data); + p=p&&ptr_equal(server,ktest_equal_principal_data); + p=p&&scalar_equal(from); + p=p&&scalar_equal(till); + p=p&&scalar_equal(rtime); + p=p&&scalar_equal(nonce); + p=p&&len_equal(nktypes,ktype,ktest_equal_array_of_enctype); + p=p&&ptr_equal(addresses,ktest_equal_addresses); + p=p&&struct_equal(authorization_data,ktest_equal_enc_data); + /* This isn't part of the ASN.1 encoding. */ + /* p=p&&ptr_equal(unenc_authdata,ktest_equal_authorization_data); */ + return p; } int ktest_equal_last_req_entry(ref, var) - krb5_last_req_entry * ref; - krb5_last_req_entry * var; + krb5_last_req_entry * ref; + krb5_last_req_entry * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(lr_type); - p=p&&scalar_equal(value); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(lr_type); + p=p&&scalar_equal(value); + return p; } int ktest_equal_pa_data(ref, var) - krb5_pa_data * ref; - krb5_pa_data * var; + krb5_pa_data * ref; + krb5_pa_data * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(pa_type); - p=p&&len_equal(length,contents,ktest_equal_array_of_octet); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(pa_type); + p=p&&len_equal(length,contents,ktest_equal_array_of_octet); + return p; } int ktest_equal_cred_info(ref, var) - krb5_cred_info * ref; - krb5_cred_info * var; + krb5_cred_info * ref; + krb5_cred_info * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&ptr_equal(session,ktest_equal_keyblock); - p=p&&ptr_equal(client,ktest_equal_principal_data); - p=p&&ptr_equal(server,ktest_equal_principal_data); - p=p&&scalar_equal(flags); - p=p&&struct_equal(times,ktest_equal_ticket_times); - p=p&&ptr_equal(caddrs,ktest_equal_addresses); + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&ptr_equal(session,ktest_equal_keyblock); + p=p&&ptr_equal(client,ktest_equal_principal_data); + p=p&&ptr_equal(server,ktest_equal_principal_data); + p=p&&scalar_equal(flags); + p=p&&struct_equal(times,ktest_equal_ticket_times); + p=p&&ptr_equal(caddrs,ktest_equal_addresses); - return p; + return p; } int ktest_equal_passwd_phrase_element(ref, var) - passwd_phrase_element * ref; - passwd_phrase_element * var; + passwd_phrase_element * ref; + passwd_phrase_element * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&ptr_equal(passwd,ktest_equal_data); - p=p&&ptr_equal(phrase,ktest_equal_data); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&ptr_equal(passwd,ktest_equal_data); + p=p&&ptr_equal(phrase,ktest_equal_data); + return p; } int ktest_equal_krb5_pwd_data(ref, var) - krb5_pwd_data * ref; - krb5_pwd_data * var; + krb5_pwd_data * ref; + krb5_pwd_data * var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(sequence_count); - p=p&&ptr_equal(element,ktest_equal_array_of_passwd_phrase_element); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(sequence_count); + p=p&&ptr_equal(element,ktest_equal_array_of_passwd_phrase_element); + return p; } int ktest_equal_krb5_alt_method(ref, var) @@ -496,174 +496,213 @@ int ktest_equal_krb5_pa_enc_ts(ref, var) krb5_pa_enc_ts *ref; krb5_pa_enc_ts *var; { - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(patimestamp); - p=p&&scalar_equal(pausec); - return p; + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(patimestamp); + p=p&&scalar_equal(pausec); + return p; } #define equal_str(f) struct_equal(f,ktest_equal_data) int ktest_equal_sam_challenge(ref, var) - krb5_sam_challenge *ref; - krb5_sam_challenge *var; -{ - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(sam_type); - p=p&&scalar_equal(sam_flags); - p=p&&scalar_equal(sam_nonce); - p=p&&ktest_equal_checksum(&ref->sam_cksum,&var->sam_cksum); - p=p&&equal_str(sam_track_id); - p=p&&equal_str(sam_challenge_label); - p=p&&equal_str(sam_challenge); - p=p&&equal_str(sam_response_prompt); - p=p&&equal_str(sam_pk_for_sad); - return p; + krb5_sam_challenge *ref; + krb5_sam_challenge *var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(sam_type); + p=p&&scalar_equal(sam_flags); + p=p&&scalar_equal(sam_nonce); + p=p&&ktest_equal_checksum(&ref->sam_cksum,&var->sam_cksum); + p=p&&equal_str(sam_track_id); + p=p&&equal_str(sam_challenge_label); + p=p&&equal_str(sam_challenge); + p=p&&equal_str(sam_response_prompt); + p=p&&equal_str(sam_pk_for_sad); + return p; } int ktest_equal_sam_response(ref, var) - krb5_sam_response *ref; - krb5_sam_response *var; -{ - int p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - p=p&&scalar_equal(sam_type); - p=p&&scalar_equal(sam_flags); - p=p&&equal_str(sam_track_id); - p=p&&struct_equal(sam_enc_key,ktest_equal_enc_data); - p=p&&struct_equal(sam_enc_nonce_or_ts,ktest_equal_enc_data); - p=p&&scalar_equal(sam_nonce); - p=p&&scalar_equal(sam_patimestamp); - return p; -} + krb5_sam_response *ref; + krb5_sam_response *var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(sam_type); + p=p&&scalar_equal(sam_flags); + p=p&&equal_str(sam_track_id); + p=p&&struct_equal(sam_enc_key,ktest_equal_enc_data); + p=p&&struct_equal(sam_enc_nonce_or_ts,ktest_equal_enc_data); + p=p&&scalar_equal(sam_nonce); + p=p&&scalar_equal(sam_patimestamp); + return p; +} + +#ifdef ENABLE_LDAP +static int equal_key_data(ref, var) + krb5_key_data *ref; + krb5_key_data *var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(key_data_ver); + p=p&&scalar_equal(key_data_kvno); + p=p&&scalar_equal(key_data_type[0]); + p=p&&scalar_equal(key_data_type[1]); + p=p&&len_equal(key_data_length[0],key_data_contents[0], + ktest_equal_array_of_octet); + p=p&&len_equal(key_data_length[1],key_data_contents[1], + ktest_equal_array_of_octet); + return p; +} +static int equal_key_data_array(int n, krb5_key_data *ref, krb5_key_data *val) +{ + int i, p=TRUE; + for (i = 0; i < n; i++) { + p=p&&equal_key_data(ref+i, val+i); + } + return p; +} +int ktest_equal_ldap_sequence_of_keys(ref, var) + ldap_seqof_key_data *ref; + ldap_seqof_key_data *var; +{ + int p=TRUE; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + p=p&&scalar_equal(mkvno); + p=p&&len_equal(n_key_data,key_data,equal_key_data_array); + return p; +} +#endif /**** arrays ****************************************************************/ int ktest_equal_array_of_data(length, ref, var) - const int length; - krb5_data * ref; - krb5_data * var; + const int length; + krb5_data * ref; + krb5_data * var; { - int i,p=TRUE; + int i,p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - for(i=0; i<(length); i++){ - p = p && ktest_equal_data(&(ref[i]),&(var[i])); - } - return p; + if (ref==var) return TRUE; + else if (ref == NULL || var == NULL) return FALSE; + for (i=0; i<(length); i++) { + p = p && ktest_equal_data(&(ref[i]),&(var[i])); + } + return p; } int ktest_equal_array_of_octet(length, ref, var) - const unsigned int length; - krb5_octet * ref; - krb5_octet * var; + const unsigned int length; + krb5_octet * ref; + krb5_octet * var; { - int i, p=TRUE; + unsigned int i, p=TRUE; - if(ref==var) return TRUE; - else if(ref == NULL || var == NULL) return FALSE; - for(i=0; i 0) { - argv++; - if (optflg && *(argv)[0] == '-') { - if (check_option(*argv, "help")) - usage(); - else if (check_option(*argv, "types")) - print_types = 1; - else if (check_option(*argv, "notypes")) - print_types = 0; - else if (check_option(*argv, "krb5")) - print_krb5_types = 1; - else if (check_option(*argv, "hex")) - do_hex = 1; - else if (check_option(*argv, "notypebytes")) - print_id_and_len = 0; - else if (check_option(*argv, "krb5decode")) { - print_id_and_len = 0; - print_krb5_types = 1; - print_types = 1; - } else { - fprintf(stderr,"trval: unknown option: %s\n", *argv); - usage(); - } - } else { - optflg = 0; - if ((fp = fopen(*argv,"r")) == NULL) { - fprintf(stderr,"trval: unable to open %s\n", *argv); - continue; - } - r = trval(fp, stdout); - fclose(fp); - } + while (--argc > 0) { + argv++; + if (optflg && *(argv)[0] == '-') { + if (check_option(*argv, "help")) + usage(); + else if (check_option(*argv, "types")) + print_types = 1; + else if (check_option(*argv, "notypes")) + print_types = 0; + else if (check_option(*argv, "krb5")) + print_krb5_types = 1; + else if (check_option(*argv, "hex")) + do_hex = 1; + else if (check_option(*argv, "notypebytes")) + print_id_and_len = 0; + else if (check_option(*argv, "krb5decode")) { + print_id_and_len = 0; + print_krb5_types = 1; + print_types = 1; + } else { + fprintf(stderr,"trval: unknown option: %s\n", *argv); + usage(); + } + } else { + optflg = 0; + if ((fp = fopen(*argv,"r")) == NULL) { + fprintf(stderr,"trval: unable to open %s\n", *argv); + continue; + } + r = trval(fp, stdout); + fclose(fp); } - if (optflg) r = trval(stdin, stdout); + } + if (optflg) r = trval(stdin, stdout); - exit(r); + exit(r); } diff --git a/src/tests/asn.1/trval.c b/src/tests/asn.1/trval.c index 4506a3f50c..99c0c38464 100644 --- a/src/tests/asn.1/trval.c +++ b/src/tests/asn.1/trval.c @@ -44,21 +44,21 @@ #define OK 0 #define NOTOK (-1) - /* IDENTIFIER OCTET = TAG CLASS | FORM OF ENCODING | TAG NUMBER */ +/* IDENTIFIER OCTET = TAG CLASS | FORM OF ENCODING | TAG NUMBER */ - /* TAG CLASSES */ +/* TAG CLASSES */ #define ID_CLASS 0xc0 /* bits 8 and 7 */ #define CLASS_UNIV 0x00 /* 0 = universal */ #define CLASS_APPL 0x40 /* 1 = application */ #define CLASS_CONT 0x80 /* 2 = context-specific */ #define CLASS_PRIV 0xc0 /* 3 = private */ - /* FORM OF ENCODING */ +/* FORM OF ENCODING */ #define ID_FORM 0x20 /* bit 6 */ #define FORM_PRIM 0x00 /* 0 = primitive */ #define FORM_CONS 0x20 /* 1 = constructed */ - /* TAG NUMBERS */ +/* TAG NUMBERS */ #define ID_TAG 0x1f /* bits 5-1 */ #define PRIM_BOOL 0x01 /* Boolean */ #define PRIM_INT 0x02 /* Integer */ @@ -131,192 +131,192 @@ static int convert_nibble(int ch) } int trval(fin, fout) - FILE *fin; - FILE *fout; + FILE *fin; + FILE *fout; { - unsigned char *p; - unsigned int maxlen; - int len; - int cc, cc2, n1, n2; - int r; - int rlen; + unsigned char *p; + unsigned int maxlen; + int len; + int cc, cc2, n1, n2; + int r; + int rlen; - maxlen = BUFSIZ; - p = (unsigned char *)malloc(maxlen); - len = 0; - while ((cc = fgetc(fin)) != EOF) { - if (len == maxlen) { - maxlen += BUFSIZ; - p = (unsigned char *)realloc(p, maxlen); - } - if (do_hex) { - if (cc == ' ' || cc == '\n' || cc == '\t') - continue; - cc2 = fgetc(fin); - if (cc2 == EOF) - break; - n1 = convert_nibble(cc); - n2 = convert_nibble(cc2); - cc = (n1 << 4) + n2; - } - p[len++] = cc; + maxlen = BUFSIZ; + p = (unsigned char *)malloc(maxlen); + len = 0; + while ((cc = fgetc(fin)) != EOF) { + if ((unsigned int) len == maxlen) { + maxlen += BUFSIZ; + p = (unsigned char *)realloc(p, maxlen); } - fprintf(fout, "<%d>", len); - r = trval2(fout, p, len, 0, &rlen); - fprintf(fout, "\n"); - (void) free(p); - return(r); + if (do_hex) { + if (cc == ' ' || cc == '\n' || cc == '\t') + continue; + cc2 = fgetc(fin); + if (cc2 == EOF) + break; + n1 = convert_nibble(cc); + n2 = convert_nibble(cc2); + cc = (n1 << 4) + n2; + } + p[len++] = cc; + } + fprintf(fout, "<%d>", len); + r = trval2(fout, p, len, 0, &rlen); + fprintf(fout, "\n"); + (void) free(p); + return(r); } int trval2(fp, enc, len, lev, rlen) - FILE *fp; - unsigned char *enc; - int len; - int lev; - int *rlen; + FILE *fp; + unsigned char *enc; + int len; + int lev; + int *rlen; { - int l, eid, elen, xlen, r, rlen2; - int rlen_ext = 0; + int l, eid, elen, xlen, r, rlen2; + int rlen_ext = 0; - r = OK; + r = OK; - if (len < 2) { - fprintf(fp, "missing id and length octets (%d)\n", len); - return(NOTOK); - } + if (len < 2) { + fprintf(fp, "missing id and length octets (%d)\n", len); + return(NOTOK); + } - fprintf(fp, "\n"); - for (l=0; l len - 2) { - fprintf(fp, "extended length too long (%d > %d - 2)\n", xlen, len); - return(NOTOK); - } - elen = decode_len(fp, enc+2, xlen); + xlen = 0; + if (elen & LEN_XTND) { + xlen = elen & LEN_MASK; + if (xlen > len - 2) { + fprintf(fp, "extended length too long (%d > %d - 2)\n", xlen, len); + return(NOTOK); } + elen = decode_len(fp, enc+2, xlen); + } - if (elen > len - 2 - xlen) { - fprintf(fp, "length too long (%d > %d - 2 - %d)\n", elen, len, xlen); - return(NOTOK); - } + if (elen > len - 2 - xlen) { + fprintf(fp, "length too long (%d > %d - 2 - %d)\n", elen, len, xlen); + return(NOTOK); + } - print_tag_type(fp, eid, lev); + print_tag_type(fp, eid, lev); - if (print_context_shortcut && - ((eid & ID_CLASS) == CLASS_CONT) && (lev > 0)) { - rlen_ext += 2 + xlen; - enc += 2 + xlen; - goto context_restart; - } + if (print_context_shortcut && + ((eid & ID_CLASS) == CLASS_CONT) && (lev > 0)) { + rlen_ext += 2 + xlen; + enc += 2 + xlen; + goto context_restart; + } - switch(eid & ID_FORM) { - case FORM_PRIM: - r = do_prim(fp, eid & ID_TAG, enc+2+xlen, elen, lev+1); - *rlen = 2 + xlen + elen + rlen_ext; - break; - case FORM_CONS: - if (print_constructed_length) { - fprintf(fp, "constr "); - fprintf(fp, "<%d>", elen); - } - r = do_cons(fp, enc+2+xlen, elen, lev+1, &rlen2); - *rlen = 2 + xlen + rlen2 + rlen_ext; - break; + switch(eid & ID_FORM) { + case FORM_PRIM: + r = do_prim(fp, eid & ID_TAG, enc+2+xlen, elen, lev+1); + *rlen = 2 + xlen + elen + rlen_ext; + break; + case FORM_CONS: + if (print_constructed_length) { + fprintf(fp, "constr "); + fprintf(fp, "<%d>", elen); } + r = do_cons(fp, enc+2+xlen, elen, lev+1, &rlen2); + *rlen = 2 + xlen + rlen2 + rlen_ext; + break; + } - return(r); + return(r); } int decode_len(fp, enc, len) - FILE *fp; - unsigned char *enc; - int len; + FILE *fp; + unsigned char *enc; + int len; { - int rlen; - int i; + int rlen; + int i; + if (print_id_and_len) + fprintf(fp, "%02x ", enc[0]); + rlen = enc[0]; + for (i=1; i 5) - return 0; + if (tag != PRIM_BITS || len > 5) + return 0; - for (i=1; i < len; i++) { - num = num << 8; - num += enc[i]; - } + for (i=1; i < len; i++) { + num = num << 8; + num += enc[i]; + } - fprintf(fp, "0x%lx", num); - if (enc[0]) - fprintf(fp, " (%d unused bits)", enc[0]); - return 1; + fprintf(fp, "0x%lx", num); + if (enc[0]) + fprintf(fp, " (%d unused bits)", enc[0]); + return 1; } /* * This is the printing function for integers */ int do_prim_int(fp, tag, enc, len, lev) - FILE *fp; - int tag; - unsigned char *enc; - int len; - int lev; + FILE *fp; + int tag; + unsigned char *enc; + int len; + int lev; { - int i; - long num = 0; + int i; + long num = 0; - if (tag != PRIM_INT || len > 4) - return 0; + if (tag != PRIM_INT || len > 4) + return 0; - if (enc[0] & 0x80) - num = -1; + if (enc[0] & 0x80) + num = -1; - for (i=0; i < len; i++) { - num = num << 8; - num += enc[i]; - } + for (i=0; i < len; i++) { + num = num << 8; + num += enc[i]; + } - fprintf(fp, "%ld", num); - return 1; + fprintf(fp, "%ld", num); + return 1; } @@ -325,80 +325,80 @@ int do_prim_int(fp, tag, enc, len, lev) * other other type which is best printed as a string */ int do_prim_string(fp, tag, enc, len, lev) - FILE *fp; - int tag; - unsigned char *enc; - int len; - int lev; + FILE *fp; + int tag; + unsigned char *enc; + int len; + int lev; { - int i; - - /* - * Only try this printing function with "reasonable" types - */ - if ((tag < DEFN_NUMS) && (tag != PRIM_OCTS)) - return 0; - - for (i=0; i < len; i++) - if (!isprint(enc[i])) - return 0; - fprintf(fp, "\"%.*s\"", len, enc); - return 1; + int i; + + /* + * Only try this printing function with "reasonable" types + */ + if ((tag < DEFN_NUMS) && (tag != PRIM_OCTS)) + return 0; + + for (i=0; i < len; i++) + if (!isprint(enc[i])) + return 0; + fprintf(fp, "\"%.*s\"", len, enc); + return 1; } int do_prim(fp, tag, enc, len, lev) - FILE *fp; - int tag; - unsigned char *enc; - int len; - int lev; + FILE *fp; + int tag; + unsigned char *enc; + int len; + int lev; { - int n; - int i; - int j; - int width; - - if (do_prim_string(fp, tag, enc, len, lev)) - return OK; - if (do_prim_int(fp, tag, enc, len, lev)) - return OK; - if (do_prim_bitstring(fp, tag, enc, len, lev)) - return OK; - - if (print_primitive_length) - fprintf(fp, "<%d>", len); + int n; + int i; + int j; + int width; + + if (do_prim_string(fp, tag, enc, len, lev)) + return OK; + if (do_prim_int(fp, tag, enc, len, lev)) + return OK; + if (do_prim_bitstring(fp, tag, enc, len, lev)) + return OK; + + if (print_primitive_length) + fprintf(fp, "<%d>", len); - width = (80 - (lev * 3) - 8) / 4; + width = (80 - (lev * 3) - 8) / 4; - for (n = 0; n < len; n++) { - if ((n % width) == 0) { - fprintf(fp, "\n"); - for (i=0; ik1 > 0; ent++) { - if ((ent->k1 == key1) && - (ent->k2 == key2)) { - if (ent->new_appl) - current_appl_type = ent->new_appl; - return ent->str; - } + struct typestring_table *ent; + + for (ent = table; ent->k1 > 0; ent++) { + if ((ent->k1 == key1) && + (ent->k2 == key2)) { + if (ent->new_appl) + current_appl_type = ent->new_appl; + return ent->str; } - return 0; + } + return 0; } struct typestring_table univ_types[] = { - { PRIM_BOOL, -1, "Boolean"}, - { PRIM_INT, -1, "Integer"}, - { PRIM_BITS, -1, "Bit String"}, - { PRIM_OCTS, -1, "Octet String"}, - { PRIM_NULL, -1, "Null"}, - { PRIM_OID, -1, "Object Identifier"}, - { PRIM_ODE, -1, "Object Descriptor"}, - { CONS_EXTN, -1, "External"}, - { PRIM_REAL, -1, "Real"}, - { PRIM_ENUM, -1, "Enumerated type"}, - { PRIM_ENCR, -1, "Encrypted"}, - { CONS_SEQ, -1, "Sequence/Sequence Of"}, - { CONS_SET, -1, "Set/Set Of"}, - { DEFN_NUMS, -1, "Numeric String"}, - { DEFN_PRTS, -1, "Printable String"}, - { DEFN_T61S, -1, "T.61 String"}, - { DEFN_VTXS, -1, "Videotex String"}, - { DEFN_IA5S, -1, "IA5 String"}, - { DEFN_UTCT, -1, "UTCTime"}, - { DEFN_GENT, -1, "Generalized Time"}, - { DEFN_GFXS, -1, "Graphics string (ISO2375)"}, - { DEFN_VISS, -1, "Visible string"}, - { DEFN_GENS, -1, "General string"}, - { DEFN_CHRS, -1, "Character string"}, - { -1, -1, 0} - }; + { PRIM_BOOL, -1, "Boolean"}, + { PRIM_INT, -1, "Integer"}, + { PRIM_BITS, -1, "Bit String"}, + { PRIM_OCTS, -1, "Octet String"}, + { PRIM_NULL, -1, "Null"}, + { PRIM_OID, -1, "Object Identifier"}, + { PRIM_ODE, -1, "Object Descriptor"}, + { CONS_EXTN, -1, "External"}, + { PRIM_REAL, -1, "Real"}, + { PRIM_ENUM, -1, "Enumerated type"}, + { PRIM_ENCR, -1, "Encrypted"}, + { CONS_SEQ, -1, "Sequence/Sequence Of"}, + { CONS_SET, -1, "Set/Set Of"}, + { DEFN_NUMS, -1, "Numeric String"}, + { DEFN_PRTS, -1, "Printable String"}, + { DEFN_T61S, -1, "T.61 String"}, + { DEFN_VTXS, -1, "Videotex String"}, + { DEFN_IA5S, -1, "IA5 String"}, + { DEFN_UTCT, -1, "UTCTime"}, + { DEFN_GENT, -1, "Generalized Time"}, + { DEFN_GFXS, -1, "Graphics string (ISO2375)"}, + { DEFN_VISS, -1, "Visible string"}, + { DEFN_GENS, -1, "General string"}, + { DEFN_CHRS, -1, "Character string"}, + { -1, -1, 0} +}; #ifdef KRB5 struct typestring_table krb5_types[] = { - { 1, -1, "Krb5 Ticket"}, - { 2, -1, "Krb5 Autenticator"}, - { 3, -1, "Krb5 Encrypted ticket part"}, - { 10, -1, "Krb5 AS-REQ packet"}, - { 11, -1, "Krb5 AS-REP packet"}, - { 12, -1, "Krb5 TGS-REQ packet"}, - { 13, -1, "Krb5 TGS-REP packet"}, - { 14, -1, "Krb5 AP-REQ packet"}, - { 15, -1, "Krb5 AP-REP packet"}, - { 20, -1, "Krb5 SAFE packet"}, - { 21, -1, "Krb5 PRIV packet"}, - { 22, -1, "Krb5 CRED packet"}, - { 30, -1, "Krb5 ERROR packet"}, - { 25, -1, "Krb5 Encrypted AS-REP part"}, - { 26, -1, "Krb5 Encrypted TGS-REP part"}, - { 27, -1, "Krb5 Encrypted AP-REP part"}, - { 28, -1, "Krb5 Encrypted PRIV part"}, - { 29, -1, "Krb5 Encrypted CRED part"}, - { -1, -1, 0} + { 1, -1, "Krb5 Ticket"}, + { 2, -1, "Krb5 Autenticator"}, + { 3, -1, "Krb5 Encrypted ticket part"}, + { 10, -1, "Krb5 AS-REQ packet"}, + { 11, -1, "Krb5 AS-REP packet"}, + { 12, -1, "Krb5 TGS-REQ packet"}, + { 13, -1, "Krb5 TGS-REP packet"}, + { 14, -1, "Krb5 AP-REQ packet"}, + { 15, -1, "Krb5 AP-REP packet"}, + { 20, -1, "Krb5 SAFE packet"}, + { 21, -1, "Krb5 PRIV packet"}, + { 22, -1, "Krb5 CRED packet"}, + { 30, -1, "Krb5 ERROR packet"}, + { 25, -1, "Krb5 Encrypted AS-REP part"}, + { 26, -1, "Krb5 Encrypted TGS-REP part"}, + { 27, -1, "Krb5 Encrypted AP-REP part"}, + { 28, -1, "Krb5 Encrypted PRIV part"}, + { 29, -1, "Krb5 Encrypted CRED part"}, + { -1, -1, 0} }; struct typestring_table krb5_fields[] = { - { 1000, 0, "name-type"}, /* PrincipalName */ - { 1000, 1, "name-string"}, - - { 1001, 0, "etype"}, /* Encrypted data */ - { 1001, 1, "kvno"}, - { 1001, 2, "cipher"}, - - { 1002, 0, "addr-type"}, /* HostAddress */ - { 1002, 1, "address"}, - - { 1003, 0, "addr-type"}, /* HostAddresses */ - { 1003, 1, "address"}, - - { 1004, 0, "ad-type"}, /* AuthorizationData */ - { 1004, 1, "ad-data"}, - - { 1005, 0, "keytype"}, /* EncryptionKey */ - { 1005, 1, "keyvalue"}, - - { 1006, 0, "cksumtype"}, /* Checksum */ - { 1006, 1, "checksum"}, - - { 1007, 0, "kdc-options"}, /* KDC-REQ-BODY */ - { 1007, 1, "cname", 1000}, - { 1007, 2, "realm"}, - { 1007, 3, "sname", 1000}, - { 1007, 4, "from"}, - { 1007, 5, "till"}, - { 1007, 6, "rtime"}, - { 1007, 7, "nonce"}, - { 1007, 8, "etype"}, - { 1007, 9, "addresses", 1003}, - { 1007, 10, "enc-authorization-data", 1001}, - { 1007, 11, "additional-tickets"}, - - { 1008, 1, "padata-type"}, /* PA-DATA */ - { 1008, 2, "pa-data"}, - - { 1009, 0, "user-data"}, /* KRB-SAFE-BODY */ - { 1009, 1, "timestamp"}, - { 1009, 2, "usec"}, - { 1009, 3, "seq-number"}, - { 1009, 4, "s-address", 1002}, - { 1009, 5, "r-address", 1002}, - - { 1010, 0, "lr-type"}, /* LastReq */ - { 1010, 1, "lr-value"}, - - { 1011, 0, "key", 1005}, /* KRB-CRED-INFO */ - { 1011, 1, "prealm"}, - { 1011, 2, "pname", 1000}, - { 1011, 3, "flags"}, - { 1011, 4, "authtime"}, - { 1011, 5, "startime"}, - { 1011, 6, "endtime"}, - { 1011, 7, "renew-till"}, - { 1011, 8, "srealm"}, - { 1011, 9, "sname", 1000}, - { 1011, 10, "caddr", 1002}, - - { 1, 0, "tkt-vno"}, /* Ticket */ - { 1, 1, "realm"}, - { 1, 2, "sname", 1000}, - { 1, 3, "tkt-enc-part", 1001}, - - { 2, 0, "authenticator-vno"}, /* Authenticator */ - { 2, 1, "crealm"}, - { 2, 2, "cname", 1000}, - { 2, 3, "cksum", 1006}, - { 2, 4, "cusec"}, - { 2, 5, "ctime"}, - { 2, 6, "subkey", 1005}, - { 2, 7, "seq-number"}, - { 2, 8, "authorization-data", 1004}, - - { 3, 0, "flags"}, /* EncTicketPart */ - { 3, 1, "key", 1005}, - { 3, 2, "crealm"}, - { 3, 3, "cname", 1000}, - { 3, 4, "transited"}, - { 3, 5, "authtime"}, - { 3, 6, "starttime"}, - { 3, 7, "endtime"}, - { 3, 8, "renew-till"}, - { 3, 9, "caddr", 1003}, - { 3, 10, "authorization-data", 1004}, - - { 10, 1, "pvno"}, /* AS-REQ */ - { 10, 2, "msg-type"}, - { 10, 3, "padata", 1008}, - { 10, 4, "req-body", 1007}, - - { 11, 0, "pvno"}, /* AS-REP */ - { 11, 1, "msg-type"}, - { 11, 2, "padata", 1008}, - { 11, 3, "crealm"}, - { 11, 4, "cname", 1000}, - { 11, 5, "ticket"}, - { 11, 6, "enc-part", 1001}, - - { 12, 1, "pvno"}, /* TGS-REQ */ - { 12, 2, "msg-type"}, - { 12, 3, "padata", 1008}, - { 12, 4, "req-body", 1007}, - - { 13, 0, "pvno"}, /* TGS-REP */ - { 13, 1, "msg-type"}, - { 13, 2, "padata", 1008}, - { 13, 3, "crealm"}, - { 13, 4, "cname", 1000}, - { 13, 5, "ticket"}, - { 13, 6, "enc-part", 1001}, - - { 14, 0, "pvno"}, /* AP-REQ */ - { 14, 1, "msg-type"}, - { 14, 2, "ap-options"}, - { 14, 3, "ticket"}, - { 14, 4, "authenticator", 1001}, - - { 15, 0, "pvno"}, /* AP-REP */ - { 15, 1, "msg-type"}, - { 15, 2, "enc-part", 1001}, + { 1000, 0, "name-type"}, /* PrincipalName */ + { 1000, 1, "name-string"}, + + { 1001, 0, "etype"}, /* Encrypted data */ + { 1001, 1, "kvno"}, + { 1001, 2, "cipher"}, + + { 1002, 0, "addr-type"}, /* HostAddress */ + { 1002, 1, "address"}, + + { 1003, 0, "addr-type"}, /* HostAddresses */ + { 1003, 1, "address"}, + + { 1004, 0, "ad-type"}, /* AuthorizationData */ + { 1004, 1, "ad-data"}, + + { 1005, 0, "keytype"}, /* EncryptionKey */ + { 1005, 1, "keyvalue"}, + + { 1006, 0, "cksumtype"}, /* Checksum */ + { 1006, 1, "checksum"}, + + { 1007, 0, "kdc-options"}, /* KDC-REQ-BODY */ + { 1007, 1, "cname", 1000}, + { 1007, 2, "realm"}, + { 1007, 3, "sname", 1000}, + { 1007, 4, "from"}, + { 1007, 5, "till"}, + { 1007, 6, "rtime"}, + { 1007, 7, "nonce"}, + { 1007, 8, "etype"}, + { 1007, 9, "addresses", 1003}, + { 1007, 10, "enc-authorization-data", 1001}, + { 1007, 11, "additional-tickets"}, + + { 1008, 1, "padata-type"}, /* PA-DATA */ + { 1008, 2, "pa-data"}, + + { 1009, 0, "user-data"}, /* KRB-SAFE-BODY */ + { 1009, 1, "timestamp"}, + { 1009, 2, "usec"}, + { 1009, 3, "seq-number"}, + { 1009, 4, "s-address", 1002}, + { 1009, 5, "r-address", 1002}, + + { 1010, 0, "lr-type"}, /* LastReq */ + { 1010, 1, "lr-value"}, + + { 1011, 0, "key", 1005}, /* KRB-CRED-INFO */ + { 1011, 1, "prealm"}, + { 1011, 2, "pname", 1000}, + { 1011, 3, "flags"}, + { 1011, 4, "authtime"}, + { 1011, 5, "startime"}, + { 1011, 6, "endtime"}, + { 1011, 7, "renew-till"}, + { 1011, 8, "srealm"}, + { 1011, 9, "sname", 1000}, + { 1011, 10, "caddr", 1002}, + + { 1, 0, "tkt-vno"}, /* Ticket */ + { 1, 1, "realm"}, + { 1, 2, "sname", 1000}, + { 1, 3, "tkt-enc-part", 1001}, + + { 2, 0, "authenticator-vno"}, /* Authenticator */ + { 2, 1, "crealm"}, + { 2, 2, "cname", 1000}, + { 2, 3, "cksum", 1006}, + { 2, 4, "cusec"}, + { 2, 5, "ctime"}, + { 2, 6, "subkey", 1005}, + { 2, 7, "seq-number"}, + { 2, 8, "authorization-data", 1004}, + + { 3, 0, "flags"}, /* EncTicketPart */ + { 3, 1, "key", 1005}, + { 3, 2, "crealm"}, + { 3, 3, "cname", 1000}, + { 3, 4, "transited"}, + { 3, 5, "authtime"}, + { 3, 6, "starttime"}, + { 3, 7, "endtime"}, + { 3, 8, "renew-till"}, + { 3, 9, "caddr", 1003}, + { 3, 10, "authorization-data", 1004}, + + { 10, 1, "pvno"}, /* AS-REQ */ + { 10, 2, "msg-type"}, + { 10, 3, "padata", 1008}, + { 10, 4, "req-body", 1007}, + + { 11, 0, "pvno"}, /* AS-REP */ + { 11, 1, "msg-type"}, + { 11, 2, "padata", 1008}, + { 11, 3, "crealm"}, + { 11, 4, "cname", 1000}, + { 11, 5, "ticket"}, + { 11, 6, "enc-part", 1001}, + + { 12, 1, "pvno"}, /* TGS-REQ */ + { 12, 2, "msg-type"}, + { 12, 3, "padata", 1008}, + { 12, 4, "req-body", 1007}, + + { 13, 0, "pvno"}, /* TGS-REP */ + { 13, 1, "msg-type"}, + { 13, 2, "padata", 1008}, + { 13, 3, "crealm"}, + { 13, 4, "cname", 1000}, + { 13, 5, "ticket"}, + { 13, 6, "enc-part", 1001}, + + { 14, 0, "pvno"}, /* AP-REQ */ + { 14, 1, "msg-type"}, + { 14, 2, "ap-options"}, + { 14, 3, "ticket"}, + { 14, 4, "authenticator", 1001}, + + { 15, 0, "pvno"}, /* AP-REP */ + { 15, 1, "msg-type"}, + { 15, 2, "enc-part", 1001}, - { 20, 0, "pvno"}, /* KRB-SAFE */ - { 20, 1, "msg-type"}, - { 20, 2, "safe-body", 1009}, - { 20, 3, "cksum", 1006}, - - { 21, 0, "pvno"}, /* KRB-PRIV */ - { 21, 1, "msg-type"}, - { 21, 2, "enc-part", 1001}, - - { 22, 0, "pvno"}, /* KRB-CRED */ - { 22, 1, "msg-type"}, - { 22, 2, "tickets"}, - { 22, 3, "enc-part", 1001}, - - { 25, 0, "key", 1005}, /* EncASRepPart */ - { 25, 1, "last-req", 1010}, - { 25, 2, "nonce"}, - { 25, 3, "key-expiration"}, - { 25, 4, "flags"}, - { 25, 5, "authtime"}, - { 25, 6, "starttime"}, - { 25, 7, "enddtime"}, - { 25, 8, "renew-till"}, - { 25, 9, "srealm"}, - { 25, 10, "sname", 1000}, - { 25, 11, "caddr", 1003}, + { 20, 0, "pvno"}, /* KRB-SAFE */ + { 20, 1, "msg-type"}, + { 20, 2, "safe-body", 1009}, + { 20, 3, "cksum", 1006}, + + { 21, 0, "pvno"}, /* KRB-PRIV */ + { 21, 1, "msg-type"}, + { 21, 2, "enc-part", 1001}, + + { 22, 0, "pvno"}, /* KRB-CRED */ + { 22, 1, "msg-type"}, + { 22, 2, "tickets"}, + { 22, 3, "enc-part", 1001}, + + { 25, 0, "key", 1005}, /* EncASRepPart */ + { 25, 1, "last-req", 1010}, + { 25, 2, "nonce"}, + { 25, 3, "key-expiration"}, + { 25, 4, "flags"}, + { 25, 5, "authtime"}, + { 25, 6, "starttime"}, + { 25, 7, "enddtime"}, + { 25, 8, "renew-till"}, + { 25, 9, "srealm"}, + { 25, 10, "sname", 1000}, + { 25, 11, "caddr", 1003}, - { 26, 0, "key", 1005}, /* EncTGSRepPart */ - { 26, 1, "last-req", 1010}, - { 26, 2, "nonce"}, - { 26, 3, "key-expiration"}, - { 26, 4, "flags"}, - { 26, 5, "authtime"}, - { 26, 6, "starttime"}, - { 26, 7, "enddtime"}, - { 26, 8, "renew-till"}, - { 26, 9, "srealm"}, - { 26, 10, "sname", 1000}, - { 26, 11, "caddr", 1003}, + { 26, 0, "key", 1005}, /* EncTGSRepPart */ + { 26, 1, "last-req", 1010}, + { 26, 2, "nonce"}, + { 26, 3, "key-expiration"}, + { 26, 4, "flags"}, + { 26, 5, "authtime"}, + { 26, 6, "starttime"}, + { 26, 7, "enddtime"}, + { 26, 8, "renew-till"}, + { 26, 9, "srealm"}, + { 26, 10, "sname", 1000}, + { 26, 11, "caddr", 1003}, - { 27, 0, "ctime"}, /* EncApRepPart */ - { 27, 1, "cusec"}, - { 27, 2, "subkey", 1005}, - { 27, 3, "seq-number"}, - - { 28, 0, "user-data"}, /* EncKrbPrivPart */ - { 28, 1, "timestamp"}, - { 28, 2, "usec"}, - { 28, 3, "seq-number"}, - { 28, 4, "s-address", 1002}, - { 28, 5, "r-address", 1002}, - - { 29, 0, "ticket-info", 1011}, /* EncKrbCredPart */ - { 29, 1, "nonce"}, - { 29, 2, "timestamp"}, - { 29, 3, "usec"}, - { 29, 4, "s-address", 1002}, - { 29, 5, "r-address", 1002}, - - { 30, 0, "pvno"}, /* KRB-ERROR */ - { 30, 1, "msg-type"}, - { 30, 2, "ctime"}, - { 30, 3, "cusec"}, - { 30, 4, "stime"}, - { 30, 5, "susec"}, - { 30, 6, "error-code"}, - { 30, 7, "crealm"}, - { 30, 8, "cname", 1000}, - { 30, 9, "realm"}, - { 30, 10, "sname", 1000}, - { 30, 11, "e-text"}, - { 30, 12, "e-data"}, + { 27, 0, "ctime"}, /* EncApRepPart */ + { 27, 1, "cusec"}, + { 27, 2, "subkey", 1005}, + { 27, 3, "seq-number"}, + + { 28, 0, "user-data"}, /* EncKrbPrivPart */ + { 28, 1, "timestamp"}, + { 28, 2, "usec"}, + { 28, 3, "seq-number"}, + { 28, 4, "s-address", 1002}, + { 28, 5, "r-address", 1002}, + + { 29, 0, "ticket-info", 1011}, /* EncKrbCredPart */ + { 29, 1, "nonce"}, + { 29, 2, "timestamp"}, + { 29, 3, "usec"}, + { 29, 4, "s-address", 1002}, + { 29, 5, "r-address", 1002}, + + { 30, 0, "pvno"}, /* KRB-ERROR */ + { 30, 1, "msg-type"}, + { 30, 2, "ctime"}, + { 30, 3, "cusec"}, + { 30, 4, "stime"}, + { 30, 5, "susec"}, + { 30, 6, "error-code"}, + { 30, 7, "crealm"}, + { 30, 8, "cname", 1000}, + { 30, 9, "realm"}, + { 30, 10, "sname", 1000}, + { 30, 11, "e-text"}, + { 30, 12, "e-data"}, - { -1, -1, 0} + { -1, -1, 0} }; #endif void print_tag_type(fp, eid, lev) - FILE *fp; - int eid; - int lev; + FILE *fp; + int eid; + int lev; { - int tag = eid & ID_TAG; - int do_space = 1; - char *str; + int tag = eid & ID_TAG; + int do_space = 1; + char *str; - fprintf(fp, "["); + fprintf(fp, "["); - switch(eid & ID_CLASS) { - case CLASS_UNIV: - if (print_types && print_skip_tagnum) - do_space = 0; - else - fprintf(fp, "UNIV %d", tag); - break; - case CLASS_APPL: - current_appl_type = tag; + switch(eid & ID_CLASS) { + case CLASS_UNIV: + if (print_types && print_skip_tagnum) + do_space = 0; + else + fprintf(fp, "UNIV %d", tag); + break; + case CLASS_APPL: + current_appl_type = tag; #ifdef KRB5 - if (print_krb5_types) { - str = lookup_typestring(krb5_types, tag, -1); - if (str) { - fputs(str, fp); - break; - } - } -#endif - fprintf(fp, "APPL %d", tag); + if (print_krb5_types) { + str = lookup_typestring(krb5_types, tag, -1); + if (str) { + fputs(str, fp); break; - case CLASS_CONT: -#ifdef KRB5 - if (print_krb5_types && current_appl_type) { - str = lookup_typestring(krb5_fields, - current_appl_type, tag); - if (str) { - fputs(str, fp); - break; - } - } + } + } #endif - if (print_skip_context && lev) - fprintf(fp, "%d", tag); - else - fprintf(fp, "CONT %d", tag); - break; - case CLASS_PRIV: - fprintf(fp, "PRIV %d", tag); + fprintf(fp, "APPL %d", tag); + break; + case CLASS_CONT: +#ifdef KRB5 + if (print_krb5_types && current_appl_type) { + str = lookup_typestring(krb5_fields, + current_appl_type, tag); + if (str) { + fputs(str, fp); break; + } } +#endif + if (print_skip_context && lev) + fprintf(fp, "%d", tag); + else + fprintf(fp, "CONT %d", tag); + break; + case CLASS_PRIV: + fprintf(fp, "PRIV %d", tag); + break; + } - if (print_types && ((eid & ID_CLASS) == CLASS_UNIV)) { - if (do_space) - fputs(" ", fp); - str = lookup_typestring(univ_types, eid & ID_TAG, -1); - if (str) - fputs(str, fp); - else - fprintf(fp, "UNIV %d???", eid & ID_TAG); - } + if (print_types && ((eid & ID_CLASS) == CLASS_UNIV)) { + if (do_space) + fputs(" ", fp); + str = lookup_typestring(univ_types, eid & ID_TAG, -1); + if (str) + fputs(str, fp); + else + fprintf(fp, "UNIV %d???", eid & ID_TAG); + } - fprintf(fp, "] "); + fprintf(fp, "] "); } diff --git a/src/tests/asn.1/trval_reference.out b/src/tests/asn.1/trval_reference.out index 95311d3fe2..9c5f8cc1e0 100644 --- a/src/tests/asn.1/trval_reference.out +++ b/src/tests/asn.1/trval_reference.out @@ -1196,3 +1196,53 @@ encode_krb5_sam_response: . [5] [Integer] 5517840 . [6] [Generalized Time] "19940610060317Z" +encode_krb5_sam_key: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "12345678" + +encode_krb5_enc_sam_response_enc: + +[Sequence/Sequence Of] +. [0] [Integer] 78634 +. [1] [Generalized Time] "19700102034639Z" +. [2] [Integer] 399 +. [3] [Octet String] "enc_sam_response_enc" + +encode_krb5_predicted_sam_response: + +[Sequence/Sequence Of] +. [0] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Octet String] "12345678" +. [1] [Bit String] 0x9 +. [2] [Generalized Time] "19700101000017Z" +. [3] [Integer] 18 +. [4] [General string] "ATHENA.MIT.EDU" +. [5] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Sequence/Sequence Of] +. . . [General string] "hftsai" +. . . [General string] "extra" +. [6] [Octet String] "hello" + +encode_krb5_sam_response_2: + +[Sequence/Sequence Of] +. [0] [Integer] 43 +. [1] [Bit String] 0x80000000 +. [2] [Octet String] "track data" +. [3] [Sequence/Sequence Of] +. . [0] [Integer] 1 +. . [1] [Integer] 3382 +. . [2] [Octet String] "nonce or sad" +. [4] [Integer] 5517840 + +encode_krb5_enc_sam_response_enc_2: + +[Sequence/Sequence Of] +. [0] [Integer] 88 +. [1] [Octet String] "enc_sam_response_enc_2" + diff --git a/src/tests/asn.1/utility.c b/src/tests/asn.1/utility.c index 6ad2e9de85..00d7f6298b 100644 --- a/src/tests/asn.1/utility.c +++ b/src/tests/asn.1/utility.c @@ -4,61 +4,61 @@ #include #include +krb5int_access acc; + char hexchar (const unsigned int digit); asn1_error_code asn1_krb5_data_unparse(code, s) - const krb5_data * code; - char ** s; + const krb5_data * code; + char ** s; { - if(*s != NULL) free(*s); + if (*s != NULL) free(*s); - if(code==NULL){ - *s = (char*)calloc(strlen("")+1, sizeof(char)); - if(*s == NULL) return ENOMEM; - strcpy(*s,""); - }else if(code->data == NULL || ((int) code->length) <= 0){ - *s = (char*)calloc(strlen("")+1, sizeof(char)); - if(*s==NULL) return ENOMEM; - strcpy(*s,""); - }else{ - int i; + if (code==NULL) { + *s = strdup(""); + if (*s == NULL) return ENOMEM; + } else if (code->data == NULL || ((int) code->length) <= 0) { + *s = strdup(""); + if (*s==NULL) return ENOMEM; + } else { + unsigned int i; - *s = (char*)calloc((size_t) 3*(code->length), sizeof(char)); - if(*s == NULL) return ENOMEM; - for(i = 0; i < code->length; i++){ - (*s)[3*i] = hexchar((unsigned char) (((code->data)[i]&0xF0)>>4)); - (*s)[3*i+1] = hexchar((unsigned char) ((code->data)[i]&0x0F)); - (*s)[3*i+2] = ' '; + *s = (char*)calloc((size_t) 3*(code->length), sizeof(char)); + if (*s == NULL) return ENOMEM; + for (i = 0; i < code->length; i++) { + (*s)[3*i] = hexchar((unsigned char) (((code->data)[i]&0xF0)>>4)); + (*s)[3*i+1] = hexchar((unsigned char) ((code->data)[i]&0x0F)); + (*s)[3*i+2] = ' '; + } + (*s)[3*(code->length)-1] = '\0'; } - (*s)[3*(code->length)-1] = '\0'; - } - return 0; + return 0; } char hexchar(digit) - const unsigned int digit; + const unsigned int digit; { - if(digit<=9) - return '0'+digit; - else if(digit<=15) - return 'A'+digit-10; - else - return 'X'; + if (digit<=9) + return '0'+digit; + else if (digit<=15) + return 'A'+digit-10; + else + return 'X'; } krb5_error_code krb5_data_parse(d, s) - krb5_data * d; - const char * s; + krb5_data * d; + const char * s; { - /*if(d->data != NULL){ - free(d->data); - d->length = 0; - }*/ - d->data = (char*)calloc(strlen(s),sizeof(char)); - if(d->data == NULL) return ENOMEM; - d->length = strlen(s); - memcpy(d->data,s,strlen(s)); - return 0; + /*if (d->data != NULL) { + free(d->data); + d->length = 0; + }*/ + d->data = (char*)calloc(strlen(s),sizeof(char)); + if (d->data == NULL) return ENOMEM; + d->length = strlen(s); + memcpy(d->data,s,strlen(s)); + return 0; } krb5_error_code krb5_data_hex_parse(krb5_data *d, const char *s) @@ -99,27 +99,37 @@ krb5_error_code krb5_data_hex_parse(krb5_data *d, const char *s) #if 0 void asn1buf_print(buf) - const asn1buf * buf; + const asn1buf * buf; { - asn1buf bufcopy; - char *s=NULL; - int length; - int i; + asn1buf bufcopy; + char *s=NULL; + int length; + int i; - bufcopy.base = bufcopy.next = buf->next; - bufcopy.bound = buf->bound; - length = asn1buf_len(&bufcopy); + bufcopy.base = bufcopy.next = buf->next; + bufcopy.bound = buf->bound; + length = asn1buf_len(&bufcopy); - s = calloc(3*length, sizeof(char)); - if(s == NULL) return; - for(i=0; i>4); - s[3*i+1] = hexchar((bufcopy.base)[i]&0x0F); - s[3*i+2] = ' '; - } - s[3*length-1] = '\0'; + s = calloc(3*length, sizeof(char)); + if (s == NULL) return; + for (i=0; i>4); + s[3*i+1] = hexchar((bufcopy.base)[i]&0x0F); + s[3*i+2] = ' '; + } + s[3*length-1] = '\0'; - printf("%s\n",s); - free(s); + printf("%s\n",s); + free(s); } #endif + +void init_access(const char *progname) +{ + krb5_error_code ret; + ret = krb5int_accessor(&acc, KRB5INT_ACCESS_VERSION); + if (ret) { + com_err(progname, ret, "while initializing accessor"); + exit(1); + } +} diff --git a/src/tests/asn.1/utility.h b/src/tests/asn.1/utility.h index 4c761244f2..12d7a996a9 100644 --- a/src/tests/asn.1/utility.h +++ b/src/tests/asn.1/utility.h @@ -3,6 +3,7 @@ #include "krbasn1.h" #include "asn1buf.h" +#include "k5-int.h" asn1_error_code asn1_krb5_data_unparse (const krb5_data *code, char **s); @@ -28,4 +29,7 @@ krb5_error_code krb5_data_hex_parse void asn1buf_print (const asn1buf *buf); +extern krb5int_access acc; +extern void init_access(const char *progname); + #endif diff --git a/src/tests/create/Makefile.in b/src/tests/create/Makefile.in index 4f3a93cba2..26f8b6ca52 100644 --- a/src/tests/create/Makefile.in +++ b/src/tests/create/Makefile.in @@ -19,17 +19,3 @@ install:: clean:: $(RM) kdb5_mkdums.o kdb5_mkdums -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kdb5_mkdums.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SS_DEPS) kdb5_mkdums.c diff --git a/src/tests/create/deps b/src/tests/create/deps new file mode 100644 index 0000000000..b48a5b4b6b --- /dev/null +++ b/src/tests/create/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kdb5_mkdums.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SS_DEPS) kdb5_mkdums.c diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c index 3abef65dba..12f4587b85 100644 --- a/src/tests/create/kdb5_mkdums.c +++ b/src/tests/create/kdb5_mkdums.c @@ -96,6 +96,7 @@ main(argc, argv) int num_to_create; char principal_string[BUFSIZ]; char *suffix = 0; + size_t suffix_size; int depth; krb5_init_context(&test_context); @@ -121,6 +122,8 @@ main(argc, argv) strncpy(principal_string, optarg, sizeof(principal_string) - 1); principal_string[sizeof(principal_string) - 1] = '\0'; suffix = principal_string + strlen(principal_string); + suffix_size = sizeof(principal_string) - + (suffix - principal_string); break; case 'n': /* how many to create */ num_to_create = atoi(optarg); @@ -175,14 +178,15 @@ main(argc, argv) /* build the new principal name */ /* we can't pick random names because we need to generate all the names again given a prefix and count to test the db lib and kdb */ - (void) sprintf(suffix, "%d", n); - (void) sprintf(tmp, "%s-DEPTH-1", principal_string); + (void) snprintf(suffix, suffix_size, "%d", n); + (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string); tmp[sizeof(tmp) - 1] = '\0'; str_newprinc = tmp; add_princ(test_context, str_newprinc); for (i = 2; i <= depth; i++) { - (void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i); + (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d", + principal_string, i); tmp2[sizeof(tmp2) - 1] = '\0'; strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp)); str_newprinc = tmp; @@ -215,7 +219,7 @@ add_princ(context, str_newprinc) char princ_name[4096]; memset((char *)&newentry, 0, sizeof(newentry)); - sprintf(princ_name, "%s@%s", str_newprinc, cur_realm); + snprintf(princ_name, sizeof(princ_name), "%s@%s", str_newprinc, cur_realm); if ((retval = krb5_parse_name(context, princ_name, &newprinc))) { com_err(progname, retval, "while parsing '%s'", princ_name); return; @@ -375,12 +379,10 @@ char *dbname; } /* Pathname is passed to db2 via 'args' parameter. */ args[1] = NULL; - args[0] = malloc(sizeof("dbname=") + strlen(dbname)); - if (args[0] == NULL) { + if (asprintf(&args[0], "dbname=%s", dbname) < 0) { com_err(pname, errno, "while setting up db parameters"); return 1; } - sprintf(args[0], "dbname=%s", dbname); if ((retval = krb5_db_open(test_context, args, KRB5_KDB_OPEN_RO))) { com_err(pname, retval, "while initializing database"); diff --git a/src/tests/dejagnu/Makefile.in b/src/tests/dejagnu/Makefile.in index 75db997892..aee83ec445 100644 --- a/src/tests/dejagnu/Makefile.in +++ b/src/tests/dejagnu/Makefile.in @@ -7,7 +7,6 @@ RUNTESTFLAGS = KRB5_RUN_ENV= @KRB5_RUN_ENV@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) -KRB4_RUNTESTFLAGS=@KRB4_DEJAGNU_TEST@ SRCS=$(srcdir)/t_inetd.c @@ -21,8 +20,9 @@ check-runtest-no:: @echo "+++ runtest is unavailable." @echo "+++" +# Set VALGRIND at run time, that may be changed when running 'make'. check-runtest-yes:: t_inetd site.exp - $(RUNTEST) --tool krb --srcdir $(srcdir) $(KRB4_RUNTESTFLAGS) PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" $(RUNTESTFLAGS) + $(RUNTEST) --tool krb --srcdir $(srcdir) VALGRIND="$(VALGRIND)" $(RUNTESTFLAGS) t_inetd:: t_inetd.o $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o t_inetd t_inetd.o $(KRB5_BASE_LIBS) @@ -45,11 +45,5 @@ site.exp: runenv.vals Makefile echo "set runvarlist [list `cat runenv.vals | tr '\n' ' '`]" | \ sed -e 's%=\.%='`pwd`'/.%g' > site.exp echo "set KRB5_DB_MODULE_DIR {$(KRB5_DB_MODULE_DIR)}" >> site.exp + echo "set PRIOCNTL_HACK @PRIOCNTL_HACK@" >> site.exp -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)t_inetd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(COM_ERR_DEPS) t_inetd.c diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 8e5d28e220..d76ad4c116 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -179,18 +179,6 @@ set passes { {master_key_type=aes256-cts-hmac-sha1-96} {dummy=[verbose -log "AES + DES enctypes"]} } - { - aes-tcp - mode=tcp - des3_krbtgt=0 - {supported_enctypes=aes256-cts-hmac-sha1-96:normal} - {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal} - {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} - {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} - {permitted_enctypes(server)=aes256-cts-hmac-sha1-96} - {master_key_type=aes256-cts-hmac-sha1-96} - {dummy=[verbose -log "AES via TCP"]} - } { aes-des3 mode=udp @@ -351,6 +339,18 @@ set unused_passes { } {dummy=[verbose -log "DES3 TGT, default enctypes"]} } + { + aes-tcp + mode=tcp + des3_krbtgt=0 + {supported_enctypes=aes256-cts-hmac-sha1-96:normal} + {kdc_supported_enctypes=aes256-cts-hmac-sha1-96:normal} + {permitted_enctypes(kdc)=aes256-cts-hmac-sha1-96} + {permitted_enctypes(client)=aes256-cts-hmac-sha1-96} + {permitted_enctypes(server)=aes256-cts-hmac-sha1-96} + {master_key_type=aes256-cts-hmac-sha1-96} + {dummy=[verbose -log "AES via TCP"]} + } } # {supported_enctypes=des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal } # {kdc_supported_enctypes= des-cbc-md5:normal des-cbc-crc:normal twofish256-hmac-sha1:normal} @@ -408,7 +408,24 @@ if ![info exists KEY] { # Clear away any files left over from a previous run. # We can't use them now because we don't know the right KEY. # krb5.conf might change if running tests on another host -catch "exec rm -f $tmppwd/db.ok $tmppwd/srvtab $tmppwd/krb5.conf $tmppwd/kdc.conf $tmppwd/cpw_srvtab $tmppwd/krb.realms $tmppwd/krb.conf" +file delete $tmppwd/krb5.conf $tmppwd/kdc.conf $tmppwd/slave.conf \ + $tmppwd/krb.realms $tmppwd/krb.conf \ + $tmppwd/krb5.client.conf $tmppwd/krb5.server.conf \ + $tmppwd/krb5.kdc.conf $tmppwd/krb5.slave.conf + +proc delete_db {} { + global tmppwd + # Master and slave db files + file delete $tmppwd/kdc-db $tmppwd/kdc-db.ok $tmppwd/kdc-db.kadm5 \ + $tmppwd/kdc-db.kadm5.lock \ + $tmppwd/kdc-db.ulog \ + $tmppwd/slave-db $tmppwd/slave-db.ok $tmppwd/slave-db.kadm5 $tmppwd/slave-db.kadm5.lock \ + $tmppwd/slave-db~ $tmppwd/slave-db~.ok $tmppwd/slave-db~.kadm5 $tmppwd/slave-db~.kadm5.lock + # Creating a new database means we need a new srvtab. + file delete $tmppwd/srvtab $tmppwd/cpw_srvtab +} + +delete_db # Put the installed kerberos directories on PATH. # This needs to be fixed for V5. @@ -450,6 +467,10 @@ foreach i { {KDESTROY $objdir/../../clients/kdestroy/kdestroy} {RESOLVE $objdir/../resolve/resolve} {T_INETD $objdir/t_inetd} + {KPROPLOG $objdir/../../slave/kproplog} + {KPASSWD $objdir/../../clients/kpasswd/kpasswd} + {KPROPD $objdir/../../slave/kpropd} + {KPROP $objdir/../../slave/kprop} } { set varname [lindex $i 0] if ![info exists $varname] { @@ -488,6 +509,23 @@ exit -onexit [concat { stop_kerberos_daemons; } [exit -onexit]] +# run_once + +# Many tests are independent of the actual enctypes used, which is +# what our passes are (currently) all about. Use this to prevent +# multiple invocations. If a test depends on, say, the master key +# type but nothing else, you could also use the master key type in the +# tag name, and avoid redundant tests in additional passes using the +# same master key type. + +proc run_once { tag body } { + global run_once_tags + if ![info exists run_once_tags($tag)] { + set run_once_tags($tag) 1 + uplevel 1 $body + } +} + # check_k5login # Most of the tests won't work if the user has a .k5login file, unless @@ -562,11 +600,11 @@ proc check_klogin { testname } { } # check_exit_status -# Check the exit status of a spawned program. Returns 1 if the -# program succeeded, 0 if it failed. +# Check the exit status of a spawned program (using the caller's value +# of spawn_id). Returns 1 if the program succeeded, 0 if it failed. proc check_exit_status { testname } { - global spawn_id + upvar 1 spawn_id spawn_id verbose "about to wait ($testname)" set status_list [wait -i $spawn_id] @@ -734,7 +772,7 @@ proc get_hostname { } { return 0 } close $file - catch "exec rm -f $tmppwd/hostname" exec_output + file delete $tmppwd/hostname regexp "^(\[^.\]*)\\.(.*)$" $hostname foo localhostname domain set hostname [string tolower $hostname] @@ -751,7 +789,10 @@ proc modify_principal { name args } { global KADMIN_LOCAL global REALMNAME + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { eof { fail "modprinc (kadmin.local)" @@ -779,14 +820,18 @@ proc modify_principal { name args } { # client tries +1 and +6 # kadmind +4 # kpasswd +5 -# krb524 +7 +# (nothing) +6 # application servers (krlogind, telnetd, krshd, ftpd, etc) +8 +# iprop +9 (if enabled) +# kpropd +10 if [info exists PORTBASE] { set portbase $PORTBASE } else { set portbase 3085 } +set ulog 0 + # setup_kerberos_files # This procedure will create some Kerberos files which must be created # manually before trying to run any Kerberos programs. Returns 1 on @@ -804,6 +849,7 @@ proc setup_kerberos_files { } { global master_key_type global mode global portbase + global ulog if ![get_hostname] { return 0 @@ -812,6 +858,7 @@ proc setup_kerberos_files { } { setup_krb5_conf client setup_krb5_conf server setup_krb5_conf kdc + setup_krb5_conf slave # Create a kdc.conf file. if { ![file exists $tmppwd/kdc.conf] \ @@ -829,7 +876,9 @@ proc setup_kerberos_files { } { # puts $conffile " database_name = $tmppwd/db" puts $conffile " admin_database_name = $tmppwd/adb" puts $conffile " admin_database_lockfile = $tmppwd/adb.lock" - puts $conffile " key_stash_file = $tmppwd/stash" + # Testing with a colon in the name exercises default handling + # for pathnames. + puts $conffile " key_stash_file = $tmppwd/stash:foo" puts $conffile " acl_file = $tmppwd/acl" puts $conffile " kadmind_port = [expr 4 + $portbase]" puts $conffile " kpasswd_port = [expr 5 + $portbase]" @@ -849,6 +898,64 @@ proc setup_kerberos_files { } { puts $conffile " default_principal_expiration = 2037.12.31.23.59.59" puts $conffile " default_principal_flags = -postdateable forwardable" puts $conffile " dict_file = $tmppwd/dictfile" + if { $ulog != 0 } { + puts $conffile " iprop_enable = true" + puts $conffile " iprop_port = [expr 9 + $portbase]" + puts $conffile " iprop_logfile = $tmppwd/db.ulog" + } else { + puts $conffile "# no ulog" + } + puts $conffile " \}" + puts $conffile "" + close $conffile + } + + # Create a config file for the slave KDC (kpropd only, no normal + # KDC processes). + if { ![file exists $tmppwd/slave.conf] \ + || $last_passname_conf != $multipass_name } { + if ![info exists master_key_type] { + set master_key_type des-cbc-md5 + } + set conffile [open $tmppwd/slave.conf w] + puts $conffile "\[kdcdefaults\]" + puts $conffile " kdc_ports = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]" + puts $conffile " kdc_tcp_ports = $portbase,[expr 1 + $portbase],[expr 2 + $portbase]" + puts $conffile "" + puts $conffile "\[realms\]" + puts $conffile " $REALMNAME = \{" +# puts $conffile " database_name = $tmppwd/slave-db" + puts $conffile " admin_database_name = $tmppwd/slave-adb" + puts $conffile " admin_database_lockfile = $tmppwd/slave-adb.lock" + # Testing with a colon in the name exercises default handling + # for pathnames. + puts $conffile " key_stash_file = $tmppwd/slave-stash" + puts $conffile " acl_file = $tmppwd/slave-acl" + puts $conffile " kadmind_port = [expr 4 + $portbase]" + puts $conffile " kpasswd_port = [expr 5 + $portbase]" + puts $conffile " max_life = 1:00:00" + puts $conffile " max_renewable_life = 3:00:00" + puts $conffile " master_key_type = $master_key_type" + puts $conffile " master_key_name = master/key" + puts $conffile " supported_enctypes = $supported_enctypes" + puts $conffile " kdc_supported_enctypes = $kdc_supported_enctypes" + if { $mode == "tcp" } { + puts $conffile " kdc_ports = [expr 3 + $portbase]" + puts $conffile " kdc_tcp_ports = [expr 1 + $portbase],[expr 3 + $portbase]" + } else { + puts $conffile " kdc_ports = [expr 1 + $portbase]" + puts $conffile " kdc_tcp_ports = [expr 3 + $portbase]" + } + puts $conffile " default_principal_expiration = 2037.12.31.23.59.59" + puts $conffile " default_principal_flags = -postdateable forwardable" + puts $conffile " dict_file = $tmppwd/dictfile" + if { $ulog != 0 } { + puts $conffile " iprop_enable = true" + puts $conffile " iprop_port = [expr 9 + $portbase]" + puts $conffile " iprop_logfile = $tmppwd/slave-db.ulog" + } else { + puts $conffile "# no ulog" + } puts $conffile " \}" puts $conffile "" close $conffile @@ -858,6 +965,7 @@ proc setup_kerberos_files { } { if ![file exists $tmppwd/acl] { set aclfile [open $tmppwd/acl w] puts $aclfile "krbtest/admin@$REALMNAME *" + puts $aclfile "kiprop/$hostname@$REALMNAME p" close $aclfile } @@ -888,6 +996,13 @@ proc setup_kerberos_files { } { return 1 } +proc reset_kerberos_files { } { + global tmppwd + file delete $tmppwd/kdc.conf $tmppwd/slave.conf $tmppwd/krb5.client.conf \ + $tmppwd/krb5.server.conf $tmppwd/krb5.kdc.conf + setup_kerberos_files +} + proc setup_krb5_conf { {type client} } { global tmppwd global hostname @@ -923,7 +1038,6 @@ proc setup_krb5_conf { {type client} } { } puts $conffile " krb4_config = $tmppwd/krb.conf" puts $conffile " krb4_realms = $tmppwd/krb.realms" - puts $conffile " krb4_srvtab = $tmppwd/v4srvtab" if { $mode == "tcp" } { puts $conffile " udp_preference_limit = 1" } @@ -942,7 +1056,6 @@ proc setup_krb5_conf { {type client} } { puts $conffile " admin_server = $hostname:[expr 4 + $portbase]" puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]" puts $conffile " default_domain = $domain" - puts $conffile " krb524_server = $hostname:[expr 7 + $portbase]" puts $conffile " database_module = foo_db2" puts $conffile " \}" puts $conffile "" @@ -959,7 +1072,7 @@ proc setup_krb5_conf { {type client} } { puts $conffile " db_module_dir = $tmppwd/../../../util/fakedest$KRB5_DB_MODULE_DIR" puts $conffile " foo_db2 = {" puts $conffile " db_library = db2" - puts $conffile " database_name = $tmppwd/db" + puts $conffile " database_name = $tmppwd/$type-db" puts $conffile " }" close $conffile } @@ -1015,10 +1128,6 @@ proc setup_kerberos_env { {type client} } { set env(KRB5CCNAME) $tmppwd/tkt verbose "KRB5CCNAME=$env(KRB5CCNAME)" - # Direct the Kerberos programs at a local ticket file. - set env(KRBTKFILE) $tmppwd/tktv4 - verbose "KRBTKFILE=$env(KRBTKFILE)" - # Direct the Kerberos server at a cache file stored in the # temporary directory. set env(KRB5RCACHEDIR) $tmppwd @@ -1031,18 +1140,30 @@ proc setup_kerberos_env { {type client} } { # Get the run time environment variables... (including LD_LIBRARY_PATH) setup_runtime_env - # Set our kdc config file. - set env(KRB5_KDC_PROFILE) $tmppwd/kdc.conf - verbose "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)" + # Set our kdc config file, if needed. + switch $type { + client - + server { catch {unset env(KRB5_KDC_PROFILE)} } + kdc { set env(KRB5_KDC_PROFILE) $tmppwd/kdc.conf } + slave { set env(KRB5_KDC_PROFILE) $tmppwd/slave.conf } + default { error "unknown config file type $type" } + } + if [info exists env(KRB5_KDC_PROFILE)] { + verbose "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)" + } # Create an environment setup script. (For convenience) - if ![file exists $tmppwd/env.sh] { - set envfile [open $tmppwd/env.sh w] + if ![file exists $tmppwd/$type-env.sh] { + set envfile [open $tmppwd/$type-env.sh w] puts $envfile "KRB5_CONFIG=$env(KRB5_CONFIG)" puts $envfile "KRB5CCNAME=$env(KRB5CCNAME)" puts $envfile "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)" puts $envfile "KERBEROS_SERVER=$env(KERBEROS_SERVER)" - puts $envfile "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)" + if [info exists env(KRB5_KDC_PROFILE)] { + puts $envfile "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)" + } else { + puts $envfile "unset KRB5_KDC_PROFILE" + } puts $envfile "export KRB5_CONFIG KRB5CCNAME KRB5RCACHEDIR" puts $envfile "export KERBEROS_SERVER KRB5_KDC_PROFILE" foreach i $krb5_init_vars { @@ -1052,13 +1173,17 @@ proc setup_kerberos_env { {type client} } { } close $envfile } - if ![file exists $tmppwd/env.csh] { - set envfile [open $tmppwd/env.csh w] + if ![file exists $tmppwd/$type-env.csh] { + set envfile [open $tmppwd/$type-env.csh w] puts $envfile "setenv KRB5_CONFIG $env(KRB5_CONFIG)" puts $envfile "setenv KRB5CCNAME $env(KRB5CCNAME)" puts $envfile "setenv KRB5RCACHEDIR $env(KRB5RCACHEDIR)" puts $envfile "setenv KERBEROS_SERVER $env(KERBEROS_SERVER)" - puts $envfile "setenv KRB5_KDC_PROFILE $env(KRB5_KDC_PROFILE)" + if [info exists env(KRB5_KDC_PROFILE)] { + puts $envfile "setenv KRB5_KDC_PROFILE $env(KRB5_KDC_PROFILE)" + } else { + puts $envfile "unsetenv KRB5_KDC_PROFILE" + } foreach i $krb5_init_vars { regexp "^(\[^=\]*)=(.*)" $i foo evar evalue puts $envfile "setenv $evar $env($evar)" @@ -1109,28 +1234,20 @@ proc restore_kerberos_env { } { # pass at relevant points. Returns 1 on success, 0 on failure. proc setup_kerberos_db { standalone } { - global REALMNAME - global KDB5_UTIL - global KADMIN_LOCAL - global KEY - global tmppwd + global REALMNAME KDB5_UTIL KADMIN_LOCAL KEY + global tmppwd hostname global spawn_id - global des3_krbtgt - global tgt_support_desmd5 - global multipass_name - global last_passname_db + global des3_krbtgt tgt_support_desmd5 + global multipass_name last_passname_db set failall 0 - if {!$standalone && [file exists $tmppwd/db.ok] \ + if {!$standalone && [file exists $tmppwd/kdc-db.ok] \ && $last_passname_db == $multipass_name} { return 1 } - catch "exec rm -f [glob -nocomplain $tmppwd/db* $tmppwd/adb*]" - - # Creating a new database means we need a new srvtab. - catch "exec rm -f $tmppwd/srvtab" + delete_db envstack_push if { ![setup_kerberos_files] || ![setup_kerberos_env kdc] } { @@ -1219,7 +1336,7 @@ proc setup_kerberos_db { standalone } { if $standalone { fail $test } else { - catch "exec rm -f $tmppwd/db.ok $tmppwd/adb.db" + delete_db } } else { if $standalone { @@ -1228,8 +1345,6 @@ proc setup_kerberos_db { standalone } { } # Add an admin user. -#send_user "will run: $KADMIN_LOCAL -r $REALMNAME\n" -#exec xterm set test "kadmin.local ank krbtest/admin" set body { if $failall { @@ -1267,7 +1382,53 @@ proc setup_kerberos_db { standalone } { if $standalone { fail $test } else { - catch "exec rm -f $tmppwd/db.ok $tmppwd/adb.db" + delete_db + } + } else { + if $standalone { + pass $test + } + } + + # Add an incremental-propagation service. + set test "kadmin.local ank kiprop/$hostname" + set body { + if $failall { + break + } + spawn $KADMIN_LOCAL -r $REALMNAME + verbose "starting $test" + expect_after $def_exp_after + + expect "kadmin.local: " + send "ank kiprop/$hostname@$REALMNAME\r" + # It echos... + expect "ank kiprop/$hostname@$REALMNAME\r" + expect "Enter password for principal \"kiprop/$hostname@$REALMNAME\":" + send "kiproppass$KEY\r" + expect "Re-enter password for principal \"kiprop/$hostname@$REALMNAME\":" + send "kiproppass$KEY\r" + expect { + "Principal \"kiprop/$hostname@$REALMNAME\" created" { } + "Principal or policy already exists while creating*" { } + } + expect "kadmin.local: " + send "quit\r" + expect eof + catch expect_after + if ![check_exit_status kadmin_local] { + break + } + } + set ret [catch $body] + catch "expect eof" + catch expect_after + if $ret { + set failall 1 + if $standalone { + fail $test + } else { + delete_db } } else { if $standalone { @@ -1309,7 +1470,7 @@ proc setup_kerberos_db { standalone } { if $standalone { fail $test } else { - catch "exec rm -f $tmppwd/db.ok $tmppwd/adb.db" + delete_db } } else { if $standalone { @@ -1351,7 +1512,7 @@ proc setup_kerberos_db { standalone } { if $standalone { fail $test } else { - catch "exec rm -f $tmppwd/db.ok $tmppwd/adb.db" + delete_db } } else { if $standalone { @@ -1368,6 +1529,122 @@ proc setup_kerberos_db { standalone } { return 1 } +# setup_slave_db +# Initialize the slave Kerberos database. Returns 1 on success, 0 on +# failure. + +proc setup_slave_db { } { + global REALMNAME + global KDB5_UTIL + global KADMIN_LOCAL + global KEY + global tmppwd + global spawn_id + + set failall 0 + + envstack_push + if { ![setup_kerberos_files] || ![setup_kerberos_env slave] } { + set failall 1 + } + + # Set up a common expect_after for use in multiple places. + set def_exp_after { + timeout { + set test "$test (timeout)" + break + } + eof { + set test "$test (eof)" + break + } + } + + set test "slave kdb5_util create " + set body { + if $failall { + break + } + #exec xterm + verbose "starting $test" + spawn $KDB5_UTIL -r $REALMNAME create + expect_after $def_exp_after + + expect "Enter KDC database master key:" + + set test "slave kdb5_util create (verify)" + send "masterkey$KEY\r" + expect "Re-enter KDC database master key to verify:" + + set test "slave kdb5_util create" + send "masterkey$KEY\r" + expect { + -re "\[Cc\]ouldn't" { + expect eof + break + } + "Cannot find/read stored" exp_continue + "Warning: proceeding without master key" exp_continue + eof { } + } + catch expect_after + if ![check_exit_status kdb5_util] { + break + } + } + set ret [catch $body] + catch expect_after + if $ret { + set failall 1 + } + + # Stash the master key in a file. + set test "slave kdb5_util stash" + set body { + if $failall { + break + } + spawn $KDB5_UTIL -r $REALMNAME stash + verbose "starting $test" + expect_after $def_exp_after + expect "Enter KDC database master key:" + send "masterkey$KEY\r" + expect eof + catch expect_after + if ![check_exit_status kdb5_util] { + break + } + } + set ret [catch $body] + catch "expect eof" + catch expect_after + if $ret { + set failall 1 + delete_db + } + + if !$failall { + # create the admin database lock file + catch "exec touch $tmppwd/slave-adb.lock" + } + + return [expr !$failall] +} + +proc start_kpropd {} { + global kpropd_pid kpropd_spawn_id KPROPD T_INETD KDB5_UTIL portbase tmppwd + global spawn_id + + envstack_push + setup_kerberos_env slave + spawn $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl + set kpropd_pid [exp_pid] + set kpropd_spawn_id $spawn_id +# send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n +# spawn_shell + envstack_pop +} + proc start_tail { fname spawnid_var pid_var which standalone } { upvar $spawnid_var spawnid upvar $pid_var pid @@ -1385,12 +1662,12 @@ proc start_tail { fname spawnid_var pid_var which standalone } { set p 0 set otimeout $timeout - set timeout 1 + set timeout 3 set ok 0 while { $ok == 0 && $p < 3 } { expect { -i $spawn_id - -ex "$markstr\r\n" { set ok 1 } + -ex "$markstr" { set ok 1 } -re "\[^\r\n\]*\r\n" { exp_continue } timeout { # Some versions of GNU tail had a race condition where @@ -1458,9 +1735,7 @@ proc start_kerberos_daemons { standalone } { } if {$standalone} { - catch "exec rm -f $tmppwd/krb.log" - catch "exec rm -f $tmppwd/kadmind.log" - catch "exec rm -f $tmppwd/krb5kdc_rcache" + file delete $tmppwd/krb.log $tmppwd/kadmind.log $tmppwd/krb5kdc_rcache } # Start up the kerberos daemon @@ -1480,7 +1755,7 @@ proc start_kerberos_daemons { standalone } { envstack_push setup_kerberos_env kdc - spawn $KRB5KDC -r $REALMNAME -n -4 full + spawn $KRB5KDC -r $REALMNAME -n full envstack_pop set kdc_pid [exp_pid] set kdc_spawn_id $spawn_id @@ -1829,13 +2104,13 @@ proc setup_srvtab { standalone {id host} } { return 1 } - catch "exec rm -f $tmppwd/srvtab $tmppwd/srvtab.old" + file delete $tmppwd/srvtab $tmppwd/srvtab.old if ![get_hostname] { return 0 } - catch "exec rm -f $hostname-new-srvtab" + file delete $hostname-new-srvtab envstack_push setup_kerberos_env kdc @@ -1845,7 +2120,7 @@ proc setup_srvtab { standalone {id host} } { -re "(.*)\r\nkadmin.local: " { fail "kadmin.local srvtab (unmatched output: $expect_out(1,string))" if {!$standalone} { - catch "exec rm -f $tmppwd/srvtab" + file delete $tmppwd/srvtab } catch "expect_after" return 0 @@ -1853,7 +2128,7 @@ proc setup_srvtab { standalone {id host} } { timeout { fail "kadmin.local srvtab" if {!$standalone} { - catch "exec rm -f $tmppwd/srvtab" + file delete $tmppwd/srvtab } catch "expect_after" return 0 @@ -1861,22 +2136,22 @@ proc setup_srvtab { standalone {id host} } { eof { fail "kadmin.local srvtab" if {!$standalone} { - catch "exec rm -f $tmppwd/srvtab" + file delete $tmppwd/srvtab } catch "expect_after" return 0 } } expect "kadmin.local: " - send "xst -k $hostname-new-srvtab $id/$hostname\r" - expect "xst -k $hostname-new-srvtab $id/$hostname\r\n" + send "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r" + expect "xst -k $hostname-new-srvtab $id/$hostname kiprop/$hostname\r\n" expect { -re ".*Entry for principal $id/$hostname.* added to keytab WRFILE:$hostname-new-srvtab." { } -re "\r\nkadmin.local: " { if {$standalone} { fail "kadmin.local srvtab" } else { - catch "exec rm -f $tmppwd/srvtab" + file delete $tmppwd/srvtab } catch expect_after return 0 @@ -1888,7 +2163,7 @@ proc setup_srvtab { standalone {id host} } { catch expect_after if ![check_exit_status "kadmin.local srvtab"] { if {!$standalone} { - catch "exec rm -f $tmppwd/srvtab" + file delete $tmppwd/srvtab } return 0 } @@ -2157,171 +2432,6 @@ proc v4_compatible_enctype {} { } } -# kinit -# Use kinit to get a ticket. If the argument is non-zero, call pass -# at relevant points. Returns 1 on success, 0 on failure. - -proc v4kinit { name pass standalone } { - global REALMNAME - global KINIT - global spawn_id - global des3_krbtgt - - # Use kinit to get a ticket. - # - # For now always get forwardable tickets. Later when we need to make - # tests that distiguish between forwardable tickets and otherwise - # we should but another option to this proc. --proven - # - spawn $KINIT -4 $name@$REALMNAME - expect { - "Password for $name@$REALMNAME:" { - verbose "v4kinit started" - } - timeout { - fail "v4kinit" - return 0 - } - eof { - fail "v4kinit" - return 0 - } - } - send "$pass\r" - expect eof - if {$des3_krbtgt == 0} { - if ![check_exit_status v4kinit] { - return 0 - } - } else { - # Fail if kinit is successful with a des3 TGT. - set status_list [wait -i $spawn_id] - set testname v4kinit - verbose "wait -i $spawn_id returned $status_list ($testname)" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } { - verbose -log "exit status: $status_list" - fail "$testname (exit status)" - } - } - if {$standalone} { - pass "v4kinit" - } - - return 1 -} - -proc v4kinit_kt { name keytab standalone } { - global REALMNAME - global KINIT - global spawn_id - - # Use kinit to get a ticket. - # - # For now always get forwardable tickets. Later when we need to make - # tests that distiguish between forwardable tickets and otherwise - # we should but another option to this proc. --proven - # - spawn $KINIT -4 -k -t $keytab $name@$REALMNAME - expect { - timeout { - fail "v4kinit" - return 0 - } - eof { } - } - if ![check_exit_status kinit] { - return 0 - } - - if {$standalone} { - pass "v4kinit" - } - - return 1 -} - -# List v4 tickets. -# Client and server are regular expressions. -proc v4klist { client server testname } { - global KLIST - global tmppwd - - spawn $KLIST -4 - expect { - -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Principal:\[ \]*$client.*$server\r\n" { - verbose "klist started" - } - timeout { - fail $testname - return 0 - } - eof { - fail $testname - return 0 - } - } - - expect eof - - if ![check_exit_status $testname] { - return 0 - } - pass $testname - return 1 -} - -# Destroy tickets. -proc v4kdestroy { testname } { - global KDESTROY - spawn $KDESTROY -4 - if ![check_exit_status $testname] { - return 0 - } - pass $testname - return 1 -} - -# Try to list the krb4 tickets -- there shouldn't be any ticket file. -proc v4klist_none { testname } { - global KLIST - global tmppwd - - # Double check that the ticket was destroyed. - spawn $KLIST -4 - expect { - -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*klist: You have no tickets cached.*\r\n" { - verbose "v4klist started" - pass "$testname (output)" - } - timeout { - fail "$testname (output)" - # Skip the 'wait' below, if it's taking too long. - untested "$testname (exit status)" - return 0 - } - eof { - fail "$testname (output)" - } - } - # We can't use check_exit_status, because we expect an exit status - # of 1. - expect eof - set status_list [wait -i $spawn_id] - verbose "wait -i $spawn_id returned $status_list (v4klist)" - if { [lindex $status_list 2] != 0 } { - fail "$testname (exit status)" - return 0 - } else { - if { [lindex $status_list 3] != 1 } { - fail "$testname (exit status)" - return 0 - } else { - pass "$testname (exit status)" - } - } - return 1 -} - # Set up a root shell using rlogin $hostname -l root. This is used # when testing the daemons that must be run as root, such as telnetd # or rlogind. This sets the global variables rlogin_spawn_id and @@ -2399,7 +2509,7 @@ proc setup_root_shell { testname } { set got_refused 1 exp_continue } - -re "word:|erberos rlogin failed|ection refused|ection reset by peer|not authorized" { + -re "word:|erberos rlogin failed|ection refused|ection reset by peer|not authorized|Ticket expired" { note "$testname test requires ability to rlogin as root" unsupported "$testname" set timeout $old_timeout @@ -2668,7 +2778,7 @@ proc setup_wrapper { file command } { global krb5_init_vars # We will start with a BINSH script - catch "exec rm -f $file" + file delete $file set f [open $file "w" 0777] puts $f "#!$BINSH" @@ -2690,11 +2800,19 @@ proc krb_exit { } { } # helpful sometimes for debugging the test suite -proc spawn_xterm { } { +proc export_debug_envvars { } { global env - foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST RLOGIN RLOGIND FTP FTPD KPASSWD REALMNAME GSSCLIENT} { + foreach i {KDB5_UTIL KRB5KDC KADMIND KADMIN KADMIN_LOCAL KINIT KTUTIL KLIST RLOGIN RLOGIND FTP FTPD KPASSWD REALMNAME GSSCLIENT KPROPLOG} { global $i if [info exists $i] { set env($i) [set $i] } } +} +proc spawn_xterm { } { + export_debug_envvars exec "xterm" } +proc spawn_shell { } { + export_debug_envvars + spawn "sh" + exp_interact +} diff --git a/src/tests/dejagnu/deps b/src/tests/dejagnu/deps new file mode 100644 index 0000000000..c3c46ddb31 --- /dev/null +++ b/src/tests/dejagnu/deps @@ -0,0 +1,5 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)t_inetd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(COM_ERR_DEPS) t_inetd.c diff --git a/src/tests/dejagnu/krb-root/rlogin.exp b/src/tests/dejagnu/krb-root/rlogin.exp index bc40564677..a0e8e4ff54 100644 --- a/src/tests/dejagnu/krb-root/rlogin.exp +++ b/src/tests/dejagnu/krb-root/rlogin.exp @@ -174,6 +174,7 @@ proc rlogin_test { } { # prompt. set testname "shell" send "$BINSH\r" + expect "$BINSH" expect -re "$SHELL_PROMPT" set testname "date" @@ -249,6 +250,7 @@ proc rlogin_test { } { # prompt. set testname "shell" send "$BINSH\r" + expect "$BINSH" expect -re "$SHELL_PROMPT" # Make sure the encryption is not destroying the text. diff --git a/src/tests/dejagnu/krb-root/telnet.exp b/src/tests/dejagnu/krb-root/telnet.exp index c283d6150b..17095b3361 100644 --- a/src/tests/dejagnu/krb-root/telnet.exp +++ b/src/tests/dejagnu/krb-root/telnet.exp @@ -25,29 +25,6 @@ if ![regexp des- $supported_enctypes] { return } -# Remove old wrapper script - catch "exec rm -f $tmppwd/login.wrap" - -# Start up a root shell. -if ![setup_root_shell telnet] { - return -} - -# Make sure .k5login is reasonable. -if ![check_k5login rlogin] { - stop_root_shell - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - stop_root_shell - return -} - # A procedure to start up the telnet daemon. proc start_telnet_daemon { args } { @@ -70,7 +47,7 @@ proc start_telnet_daemon { args } { # we don't need to use inetd. The portbase+8 is the port to listen at. # Note that tmppwd here is a shell variable, which is set in # setup_root_shell, not a TCL variable. - send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap -X KERBEROS_V4 [expr 8 + $portbase]\" &\r" + send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap [expr 8 + $portbase]\" &\r" expect { -i $rlogin_spawn_id -re "$ROOT_PROMPT" { } @@ -427,23 +404,48 @@ proc telnet_test { } { stop_telnet_daemon } -# Run the test. Logging in sometimes takes a while, so increase the -# timeout. -set oldtimeout $timeout -set timeout 60 -set status [catch telnet_test msg] -set timeout $oldtimeout +run_once telnet { + # Remove old wrapper script + catch "exec rm -f $tmppwd/login.wrap" -# Shut down the kerberos daemons, the telnet daemon, and the rlogin -# process. -stop_kerberos_daemons + # Start up a root shell. + if ![setup_root_shell telnet] { + return + } -stop_telnet_daemon + # Make sure .k5login is reasonable. + if ![check_k5login rlogin] { + stop_root_shell + return + } + + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + stop_root_shell + return + } -stop_root_shell + # Run the test. Logging in sometimes takes a while, so increase the + # timeout. + set oldtimeout $timeout + set timeout 60 + set status [catch telnet_test msg] + set timeout $oldtimeout -if { $status != 0 } { - send_error "ERROR: error in telnet.exp\n" - send_error "$msg\n" - exit 1 + # Shut down the kerberos daemons, the telnet daemon, and the rlogin + # process. + stop_kerberos_daemons + + stop_telnet_daemon + + stop_root_shell + + if { $status != 0 } { + send_error "ERROR: error in telnet.exp\n" + send_error "$msg\n" + exit 1 + } } diff --git a/src/tests/dejagnu/krb-standalone/gssftp.exp b/src/tests/dejagnu/krb-standalone/gssftp.exp index 53bc265279..4519b155d1 100644 --- a/src/tests/dejagnu/krb-standalone/gssftp.exp +++ b/src/tests/dejagnu/krb-standalone/gssftp.exp @@ -16,19 +16,6 @@ if ![info exists FTPD] { set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd] } -# Make sure .klogin is reasonable. -if ![check_k5login ftp] { - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - # A procedure to start up the ftp daemon. proc start_ftp_daemon { } { @@ -68,20 +55,6 @@ proc stop_ftp_daemon { } { } } -# Create a file to use for ftp testing. -set file [open $tmppwd/ftp-test w] -puts $file "This file is used for ftp testing." -close $file - -# Create a large file to use for ftp testing. File needs to be -# larger that 2^20 or 1MB for PBSZ testing. -set file [open $tmppwd/bigftp-test w] -puts $file "This file is used for ftp testing.\n" -seek $file 1048576 current -puts $file "This file is used for ftp testing." -close $file - - # Test that a file was copied correctly. proc check_file { filename {bigfile 0}} { if ![file exists $filename] { @@ -206,7 +179,7 @@ proc ftp_test { } { spawn $FTP -d -v $hostname [expr 8 + $portbase] expect_after { -re "--->\[^\r\n\]*\r\n" { exp_continue } - -re "encoding \[0-9\]* bytes MIC \[a-zA-Z/+\]*" { exp_continue } + -re "encoding \[0-9\]* bytes MIC \[a-zA-Z0-9/+=\]*\r\n" { exp_continue } -re "sealed \[A-Z()\]*" { exp_continue } -re "secure_command\[A-Z()\]*" { exp_continue } timeout { @@ -470,37 +443,65 @@ proc ftp_test { } { } } -# The ftp client will look in $HOME/.netrc for the user name to use. -# To avoid confusing the testsuite, point $HOME at a directory where -# we know there is no .netrc file. -if [info exists env(HOME)] { - set home $env(HOME) -} elseif [info exists home] { - unset home -} -set env(HOME) $tmppwd +run_once gssftp { + # Make sure .klogin is reasonable. + if ![check_k5login ftp] { + return + } + + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return + } -# Run the test. Logging in sometimes takes a while, so increase the -# timeout. -set oldtimeout $timeout -set timeout 60 -set status [catch ftp_test msg] -set timeout $oldtimeout + # Create a file to use for ftp testing. + set file [open $tmppwd/ftp-test w] + puts $file "This file is used for ftp testing." + close $file -# Shut down the kerberos daemons and the ftp daemon. -stop_kerberos_daemons + # Create a large file to use for ftp testing. File needs to be + # larger that 2^20 or 1MB for PBSZ testing. + set file [open $tmppwd/bigftp-test w] + puts $file "This file is used for ftp testing.\n" + seek $file 1048576 current + puts $file "This file is used for ftp testing." + close $file -stop_ftp_daemon + # The ftp client will look in $HOME/.netrc for the user name to use. + # To avoid confusing the testsuite, point $HOME at a directory where + # we know there is no .netrc file. + if [info exists env(HOME)] { + set home $env(HOME) + } elseif [info exists home] { + unset home + } + set env(HOME) $tmppwd -ftp_restore_env + # Run the test. Logging in sometimes takes a while, so increase the + # timeout. + set oldtimeout $timeout + set timeout 60 + set status [catch ftp_test msg] + set timeout $oldtimeout -# Reset $HOME, for safety in case we are going to run more tests. -if [info exists home] { - set env(HOME) $home -} else { - unset env(HOME) -} + # Shut down the kerberos daemons and the ftp daemon. + stop_kerberos_daemons -if { $status != 0 } { - perror "error in gssftp.exp: $msg" + stop_ftp_daemon + + ftp_restore_env + + # Reset $HOME, for safety in case we are going to run more tests. + if [info exists home] { + set env(HOME) $home + } else { + unset env(HOME) + } + + if { $status != 0 } { + perror "error in gssftp.exp: $msg" + } } diff --git a/src/tests/dejagnu/krb-standalone/iprop.exp b/src/tests/dejagnu/krb-standalone/iprop.exp new file mode 100644 index 0000000000..54a71a34a7 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/iprop.exp @@ -0,0 +1,238 @@ +# Password-changing Kerberos test. +# This is a DejaGnu test script. + +proc setup_slave {} { + global tmppwd hostname REALMNAME KDB5_UTIL + file delete $tmppwd/slave-stash $tmppwd/slave-acl + file copy -force $tmppwd/acl $tmppwd/slave-acl + if ![file exists $tmppwd/kpropdacl] { + set aclfile [open $tmppwd/kpropd-acl w] + puts $aclfile "host/$hostname@$REALMNAME" + close $aclfile + } + setup_slave_db + # copy database - must be used after master db set up + envstack_push + setup_kerberos_env kdc + set dumpfile $tmppwd/dump-file + file delete $dumpfile $dumpfile.dump_ok + if [catch {exec $KDB5_UTIL dump -i $dumpfile} msg] { + error "master dump failed: $msg" + } + setup_kerberos_env slave + foreach suffix { .kadm5.lock .ok } { + file copy -force $tmppwd/kdc-db$suffix $tmppwd/slave-db$suffix + } + if [catch {exec $KDB5_UTIL load -i $dumpfile} msg] { + send_user "slave load failed: $msg" + spawn_shell + error "slave load failed: $msg" + } +} + +# We are about to start up a couple of daemon processes. We do all +# the rest of the tests inside a proc, so that we can easily kill the +# processes when the procedure ends. + +proc doit { } { + global REALMNAME KEY + global KLIST KDESTROY KADMIN_LOCAL KTUTIL KPROPLOG KPROPD KDB5_UTIL + global hostname tmppwd spawn_id kpropd_spawn_id kpropd_pid + global supported_enctypes KRBIV portbase mode + global ulog des3_krbtgt + + # Delete any db, ulog files + delete_db + + # Update config file + set ulog 1 + reset_kerberos_files + + # Initialize the Kerberos database. The argument tells + # setup_kerberos_db that it is being called from here. + if ![setup_kerberos_db 0] { + return + } + if ![start_kerberos_daemons 0] { + return + } + + # Check that ulog file does exist + if [file exists $tmppwd/db.ulog] { + pass "create update log" + } else { + fail "create update log" + } + + setup_slave + + # Use kadmin to add a key. + if ![add_kerberos_key wakawaka 0] { + return + } + set c chocolate-flavored-school-bus + # Long enough to make realloc likely, but not enough to grow + # basic ulog entry size. + set longname $c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c/$c + if ![add_kerberos_key $longname 0] { + return + } + if ![add_kerberos_key w 0] { + return + } + if ![modify_principal w -allow_tix] { + return + } + if ![modify_principal w +allow_tix] { + return + } + # Should test rename_principal once we have that. + + # Run kproplog, look at output. + setup_kerberos_env kdc + spawn $KPROPLOG + expect_after { + timeout { + fail "kproplog output" + break + } + eof { + fail "kproplog output" + break + } + } + catch { + expect -re "Kerberos update log" + expect -re "Update log dump" + expect -re "First serial \# : 1" + if $des3_krbtgt { + expect -re "Last serial \# : 8" + expect -re "Update Entry" + expect -re "Update serial \# : 1" + expect -re "Attributes changed : 15" + expect -re "Update Entry" + expect -re "Update serial \# : 2" + expect -re "Attributes changed : 6" + expect -re "Update Entry" + expect -re "Update serial \# : 3" + expect -re "Attributes changed : 15" + expect -re "Update Entry" + expect -re "Update serial \# : 4" + } else { + expect -re "Last serial \# : 7" + expect -re "Update Entry" + expect -re "Update serial \# : 1" + expect -re "Attributes changed : 15" + expect -re "Update Entry" + expect -re "Update serial \# : 2" + expect -re "Attributes changed : 15" + expect -re "Update Entry" + expect -re "Update serial \# : 3" + } + expect -re "Update operation : Add" + expect -re "Update principal : wakawaka@KRBTEST.COM" + expect_after { + timeout { + fail "kproplog output" + break + } + } + expect -re "Attributes changed : 15" + expect eof + pass "kproplog output" + } foo + catch expect_after + if [check_exit_status kproplog] { + pass "kproplog" + } + add_random_key host/$hostname 0 + add_random_key kiprop/$hostname 0 + + # Already have kadmind running. + + # Get a keytab file. + setup_srvtab 0 + + # Sleep 11s for built-in delay. + verbose "Delaying to bypass contention-avoidance code in kadmind/iprop" + sleep 11 + + # Launch slave kpropd. + start_kpropd +# send_user [list $KPROPD -S -d -P [expr 10 + $portbase] -s $tmppwd/srvtab -f $tmppwd/incoming-slave-datatrans -p $KDB5_UTIL -a $tmppwd/kpropd-acl]\n +# spawn_shell + expect { + -i $kpropd_spawn_id + "Update transfer from master was OK" { + exec kill $kpropd_pid + wait -i $kpropd_spawn_id + unset kpropd_spawn_id kpropd_pid + } + -re ..* { exp_continue } + timeout { + catch { exec kill $kpropd_pid } + exp_continue + } + eof { + wait -i $kpropd_spawn_id + unset kpropd_spawn_id kpropd_pid + } + } + + # Wait briefly? + # Check slave db for new principal. + setup_kerberos_env slave + spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs + expect { + wakawaka@ { + expect eof + } + eof { + fail "kprop (updated slave data)" + return + } + timeout { + fail "kprop (examining new db)" + return + } + } + pass "iprop" + + # What about testing for full propagation? (Small number of + # entries in update log, change one principal's record a lot of + # times, then fire up incremental kpropd...) Do later. +} + +run_once iprop { + catch "unset kpropd_pid" + catch "unset kpropd_spawn_id" + + # Set up the Kerberos files and environment. + if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + return + } + + set status [catch doit msg] + + stop_kerberos_daemons + + # if kpropd is running, kill it + if [info exists kpropd_pid] { + catch { + exec kill $kpropd_pid + expect -i $kpropd_spawn_id eof + wait -i $kpropd_spawn_id + unset kpropd_pid kpropd_spawn_id + } + } + + set ulog 0 + reset_kerberos_files + delete_db + + if { $status != 0 } { + send_error "ERROR: error in iprop.exp\n" + send_error "$msg\n" + exit 1 + } +} diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp index e3e39168db..3ec5103dbb 100644 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp @@ -2,24 +2,6 @@ # This is a DejaGnu test script. # This script tests Kerberos kadmin5 using kadmin.local as verification. -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - -# find kpasswd -if ![info exists KPASSWD] { - set KPASSWD [findfile $objdir/../../clients/kpasswd/kpasswd] -} - -# find kdestroy -if ![info exists KDESTROY] { - set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy] -} - #++ # kadmin_add - Test add new v5 principal function of kadmin. # @@ -68,7 +50,10 @@ proc kadmin_add { pname password } { # use kadmin.local to verify that a principal was created and that its # salt types are 0 (normal). # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -169,7 +154,10 @@ proc kadmin_add_rnd { pname { flags "" } } { # use kadmin.local to verify that a principal was created and that its # salt types are 0 (normal). # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -395,7 +383,9 @@ proc kadmin_list { } { global KEY global spawn_id - spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principals *" + # "*" would match everything + # "*n" should match a few like kadmin/admin but see ticket 5667 + spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principals *n" expect_after { "Cannot contact any KDC" { fail "kadmin ldb lost KDC" @@ -568,7 +558,10 @@ proc kadmin_delete { pname } { # # use kadmin.local to verify that the old principal is not present. # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -692,7 +685,10 @@ proc kadmin_addpol { pname } { # # use kadmin.local to verify that a policy was created # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -775,7 +771,10 @@ proc kadmin_delpol { pname } { # # use kadmin.local to verify that the old policy is not present. # + envstack_push + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME + envstack_pop expect_after { -i $spawn_id timeout { @@ -1062,14 +1061,24 @@ proc kadmin_test { } { verbose "kadmin_test succeeded" } -# Run the test. -set status [catch kadmin_test msg] +run_once kadmin { + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return + } -# Shut down the kerberos daemons and the rsh daemon. -stop_kerberos_daemons + # Run the test. + set status [catch kadmin_test msg] -if { $status != 0 } { - send_error "ERROR: error in kadmin.exp\n" - send_error "$msg\n" - exit 1 + # Shut down the kerberos daemons and the rsh daemon. + stop_kerberos_daemons + + if { $status != 0 } { + send_error "ERROR: error in kadmin.exp\n" + send_error "$msg\n" + exit 1 + } } diff --git a/src/tests/dejagnu/krb-standalone/kprop.exp b/src/tests/dejagnu/krb-standalone/kprop.exp new file mode 100644 index 0000000000..ed7ed684f9 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/kprop.exp @@ -0,0 +1,155 @@ +# Password-changing Kerberos test. +# This is a DejaGnu test script. + +# We are about to start up a couple of daemon processes. We do all +# the rest of the tests inside a proc, so that we can easily kill the +# processes when the procedure ends. + +proc setup_slave {} { + global tmppwd hostname REALMNAME + file delete $tmppwd/slave-stash $tmppwd/slave-acl + file copy -force $tmppwd/stash:foo $tmppwd/slave-stash + file copy -force $tmppwd/acl $tmppwd/slave-acl + if ![file exists $tmppwd/kpropdacl] { + set aclfile [open $tmppwd/kpropd-acl w] + puts $aclfile "host/$hostname@$REALMNAME" + close $aclfile + } + file copy -force $tmppwd/adb.lock $tmppwd/slave-adb.lock + foreach suffix { {} .kadm5 .kadm5.lock .ok } { + file copy -force $tmppwd/kdc-db$suffix $tmppwd/slave-db$suffix + } +} + +proc scan_kpropd_output {} { + global kpropd_spawn_id kpropd_pid + + # See if kpropd logged anything. + expect { + -i $kpropd_spawn_id + eof { + # I think kpropd is supposed to run a loop in standalone + # mode, but exiting seems to be normal behavior. +# fail "kprop (server exited)" + wait -i $kpropd_spawn_id + unset kpropd_spawn_id kpropd_pid + } + timeout { } + -re "Connection from \[a-zA-Z.-\]*" { exp_continue } + -re "krb5_recvauth" { exp_continue } + -re "authenticated client" { exp_continue } + -re "calling kdb5_util to load database\r\n" { exp_continue } + -re "Child PID is \[0-9\]*\r\n" { exp_continue } + -re "Rejected connection" { + fail "kprop (rejected)" + } + } +} + +proc doit { } { + global KLIST KDESTROY + global REALMNAME KEY + global KADMIN_LOCAL KTUTIL KDB5_UTIL KPROPLOG KPROP kpropd_spawn_id + global hostname tmppwd spawn_id timeout + global KRBIV supported_enctypes portbase mode ulog des3_krbtgt + + # Delete any db, ulog files + delete_db + + # Initialize the Kerberos database. The argument tells + # setup_kerberos_db that it is being called from here. + if ![setup_kerberos_db 0] { + return + } + setup_slave + if ![start_kerberos_daemons 0] { + return + } + if ![add_random_key host/$hostname 0] { + fail "kprop (host key)" + return + } + if ![setup_srvtab 0] { + fail "kprop (srvtab)" + return + } + + # Get kprop server up and running. + envstack_push + setup_kerberos_env slave + start_kpropd + envstack_pop + + # Use kadmin to add a key. + if ![add_kerberos_key wakawaka 0] { + return + } + + # Dump master database. + envstack_push + setup_kerberos_env kdc + spawn $KDB5_UTIL dump $tmppwd/slave_datatrans + expect eof + if ![check_exit_status "kprop (kdb5_util dump)"] { return } + + # Just in case kpropd is a little slow in starting up... + sleep 1 + + # Try a propagation. + spawn $KPROP -f $tmppwd/slave_datatrans -P [expr 10 + $portbase] -s $tmppwd/srvtab $hostname + expect eof + set kprop_exit [check_exit_status "kprop (exit status)"] + # log output for debugging + scan_kpropd_output + if !$kprop_exit { return } + + # Examine new database. + setup_kerberos_env slave + spawn $KADMIN_LOCAL -r $REALMNAME -q listprincs + expect { + wakawaka@ { + expect eof + } + eof { + fail "kprop (updated slave data)" + return + } + timeout { + fail "kprop (examining new db)" + return + } + } + pass "kprop" +} + +run_once kprop { + catch "unset kpropd_pid" + catch "unset kpropd_spawn_id" + + # Set up the Kerberos files and environment. + if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + return + } + + set status [catch doit msg] + + stop_kerberos_daemons + + # if kpropd is running, kill it + if [info exists kpropd_pid] { + catch { + exec kill $kpropd_pid + expect -i $kpropd_spawn_id eof + wait -i $kpropd_spawn_id + unset kpropd_pid kpropd_spawn_id + } + } + + delete_db + + if { $status != 0 } { + send_error "ERROR: error in kprop.exp\n" + send_error "$msg\n" + exit 1 + } +} diff --git a/src/tests/dejagnu/krb-standalone/pwchange.exp b/src/tests/dejagnu/krb-standalone/pwchange.exp new file mode 100644 index 0000000000..9792401c89 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/pwchange.exp @@ -0,0 +1,145 @@ +# Password-changing Kerberos test. +# This is a DejaGnu test script. + +# We are about to start up a couple of daemon processes. We do all +# the rest of the tests inside a proc, so that we can easily kill the +# processes when the procedure ends. + +proc kinit_expecting_pwchange { name pass newpass } { + global REALMNAME + global KINIT + global spawn_id + + # Use kinit to get a ticket. + # + # For now always get forwardable tickets. Later when we need to make + # tests that distiguish between forwardable tickets and otherwise + # we should but another option to this proc. --proven + # + spawn $KINIT -5 -f $name@$REALMNAME + expect { + "Password for $name@$REALMNAME:" { + verbose "kinit started" + } + timeout { + fail "kinit" + return 0 + } + eof { + fail "kinit" + return 0 + } + } + send "$pass\r" + expect { + "Enter new password: " { } + timeout { + fail "kinit (new password prompt)" + return 0 + } + eof { + fail "kinit (new password prompt)" + return 0 + } + } + send "$newpass\r" + expect { + " again: " { } + timeout { + fail "kinit (new password prompt2)" + return 0 + } + eof { + fail "kinit (new password prompt2)" + return 0 + } + } + send "$newpass\r" + expect eof + if ![check_exit_status kinit] { + return 0 + } + + return 1 +} + +proc doit { } { + global REALMNAME + global KLIST + global KDESTROY + global KEY + global KADMIN_LOCAL + global KTUTIL + global hostname + global tmppwd + global spawn_id + global supported_enctypes + global KRBIV + global portbase + global mode + + # Start up the kerberos and kadmind daemons. + if ![start_kerberos_daemons 0] { + return + } + + # Use kadmin to add a key. + if ![add_kerberos_key pwchanger 0] { + return + } + + setup_kerberos_env kdc + spawn $KADMIN_LOCAL -q "modprinc +needchange pwchanger" + catch expect_after + expect { + timeout { + fail "kadmin.local modprinc +needchange" + } + eof { + pass "kadmin.local modprinc +needchange" + } + } + set k_stat [wait -i $spawn_id] + verbose "wait -i $spawn_id returned $k_stat (kadmin modprinc +needchange)" + catch "close -i $spawn_id" + + setup_kerberos_env client + if ![kinit_expecting_pwchange pwchanger pwchanger$KEY floople] { + return + } + pass "kinit (password change)" + if ![kinit pwchanger floople 0] { + return + } + pass "kinit (new password)" + + # Destroy the ticket. + spawn $KDESTROY -5 + if ![check_exit_status "kdestroy"] { + return + } + pass "kdestroy" +} + +run_once pwchange { + # Set up the Kerberos files and environment. + if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + return + } + + # Initialize the Kerberos database. The argument tells + # setup_kerberos_db that it is being called from here. + if ![setup_kerberos_db 0] { + return + } + + set status [catch doit msg] + + stop_kerberos_daemons + + if { $status != 0 } { + send_error "ERROR: error in pwchange.exp\n" + send_error "$msg\n" + exit 1 + } +} diff --git a/src/tests/dejagnu/krb-standalone/pwhist.exp b/src/tests/dejagnu/krb-standalone/pwhist.exp index f9938e0912..ed7a3771ab 100644 --- a/src/tests/dejagnu/krb-standalone/pwhist.exp +++ b/src/tests/dejagnu/krb-standalone/pwhist.exp @@ -121,95 +121,97 @@ proc wraptest { test cmd } { } } -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - -set failall 0 -wraptest "nkeys=1, nhist=3" { - mustrun { addpol crashpol } - mustrun { modpol crashpol "-history 3"} - mustrun { addprinc crash 1111 } - mustrun { modprinc crash "-policy crashpol" } - chkpass { cpw crash 2222 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } -} -verbose {old_keys [ 1111 ->[] ]} +run_once pwhist { + # Set up the kerberos database. + if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env kdc] \ + || ![setup_kerberos_db 0]} { + return + } -# The following will result in reading/writing past array bounds if -# add_to_history() is not patched. -# -# NOTE: A pass from this test does not mean the bug isn't present; -# check with Purify, valgrind, etc. -wraptest "array bounds ok on nkeys=1, nhist 3->2" { - mustrun { modpol crashpol "-history 2" } - chkpass { cpw crash 3333 } -} -verbose {old_keys [ ->2222 ]} - -wraptest "verify nhist=2" { - mustrun { delprinc crash } - mustrun { addprinc crash 1111 } - mustrun { modprinc crash "-policy crashpol" } - chkpass { cpw crash 2222 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } -} -verbose {old_keys [ ->1111 ]} - -# The following will fail if growing the history array causes an extra -# key to be lost due to failure to shift entries. -wraptest "grow nhist 2->3" { - mustrun { modpol crashpol "-history 3" } - chkpass { cpw crash 3333 } - chkfail { cpw crash 3333 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } -} -verbose {old_keys [ 2222 ->1111 ]} - -wraptest "grow nhist 3->4" { - mustrun { modpol crashpol "-history 4" } - chkfail { cpw crash 3333 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } - chkpass { cpw crash 4444 } - chkfail { cpw crash 3333 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } -} -verbose {old_keys [ 2222 3333 ->1111 ]} -wraptest "shrink nhist 4->3" { - mustrun { modpol crashpol "-history 3" } - chkfail { cpw crash 4444 } - chkfail { cpw crash 3333 } - chkfail { cpw crash 2222 } - chkfail { cpw crash 1111 } - chkpass { cpw crash 5555 } -} -verbose {old_keys [ 4444 ->3333 ]} -wraptest "verify nhist=3" { - chkfail { cpw crash 5555 } - chkfail { cpw crash 4444 } - chkfail { cpw crash 3333 } - chkpass { cpw crash 2222 } -} -verbose {old_keys [ ->4444 5555 ]} -wraptest "shrink nhist 3->2" { - mustrun { modpol crashpol "-history 2" } - chkfail { cpw crash 2222 } - chkfail { cpw crash 5555 } - chkfail { cpw crash 4444 } - chkpass { cpw crash 3333 } -} -verbose {old_keys [ ->2222 ]} + set failall 0 + wraptest "nkeys=1, nhist=3" { + mustrun { addpol crashpol } + mustrun { modpol crashpol "-history 3"} + mustrun { addprinc crash 1111 } + mustrun { modprinc crash "-policy crashpol" } + chkpass { cpw crash 2222 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + } + verbose {old_keys [ 1111 ->[] ]} + + # The following will result in reading/writing past array bounds if + # add_to_history() is not patched. + # + # NOTE: A pass from this test does not mean the bug isn't present; + # check with Purify, valgrind, etc. + wraptest "array bounds ok on nkeys=1, nhist 3->2" { + mustrun { modpol crashpol "-history 2" } + chkpass { cpw crash 3333 } + } + verbose {old_keys [ ->2222 ]} + + wraptest "verify nhist=2" { + mustrun { delprinc crash } + mustrun { addprinc crash 1111 } + mustrun { modprinc crash "-policy crashpol" } + chkpass { cpw crash 2222 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + } + verbose {old_keys [ ->1111 ]} + + # The following will fail if growing the history array causes an extra + # key to be lost due to failure to shift entries. + wraptest "grow nhist 2->3" { + mustrun { modpol crashpol "-history 3" } + chkpass { cpw crash 3333 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + } + verbose {old_keys [ 2222 ->1111 ]} + + wraptest "grow nhist 3->4" { + mustrun { modpol crashpol "-history 4" } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + chkpass { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + } + verbose {old_keys [ 2222 3333 ->1111 ]} + wraptest "shrink nhist 4->3" { + mustrun { modpol crashpol "-history 3" } + chkfail { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + chkpass { cpw crash 5555 } + } + verbose {old_keys [ 4444 ->3333 ]} + wraptest "verify nhist=3" { + chkfail { cpw crash 5555 } + chkfail { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkpass { cpw crash 2222 } + } + verbose {old_keys [ ->4444 5555 ]} + wraptest "shrink nhist 3->2" { + mustrun { modpol crashpol "-history 2" } + chkfail { cpw crash 2222 } + chkfail { cpw crash 5555 } + chkfail { cpw crash 4444 } + chkpass { cpw crash 3333 } + } + verbose {old_keys [ ->2222 ]} -delprinc crash -delpol crashpol + delprinc crash + delpol crashpol -stop_kerberos_daemons + stop_kerberos_daemons +} diff --git a/src/tests/dejagnu/krb-standalone/simple.exp b/src/tests/dejagnu/krb-standalone/simple.exp new file mode 100644 index 0000000000..7f2763c783 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/simple.exp @@ -0,0 +1,214 @@ +# Test for the simple clients +# This is a DejaGnu test script. +# This script tests that krb-safe and krb-priv messages work. + +# This mostly just calls procedures in test/dejagnu/config/default.exp. + +if ![info exists KLIST] { + set KLIST [findfile $objdir/../../clients/klist/klist] +} + +if ![info exists KDESTROY] { + set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy] +} + +if ![info exists SIM_SERVER] { + set SIM_SERVER [findfile $objdir/../../appl/simple/server/sim_server] +} +if ![info exists SIM_CLIENT] { + set SIM_CLIENT [findfile $objdir/../../appl/simple/client/sim_client] +} + +# Set up the Kerberos files and environment. +if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + return +} + +# Initialize the Kerberos database. The argument tells +# setup_kerberos_db that it is being called from here. +if ![setup_kerberos_db 0] { + return +} + +proc start_sim_server_daemon { } { + global spawn_id + global sim_server_pid + global sim_server_spawn_id + global SIM_SERVER + global T_INETD + global tmppwd + global portbase + + # Start the sim_server + spawn $SIM_SERVER -p [expr 8 + $portbase] -S $tmppwd/srvtab + set sim_server_pid [exp_pid] + set sim_server_spawn_id $spawn_id + + verbose "sim_server_spawn is $sim_server_spawn_id" 1 + + # Give sim_server some time to start + sleep 2 + + return 1 +} + + +proc stop_sim_server_daemon { } { + global sim_server_pid + global sim_server_spawn_id + + if [info exists sim_server_pid] { + catch "close -i $sim_server_spawn_id" + catch "exec kill $sim_server_pid" + wait -i $sim_server_spawn_id + unset sim_server_pid + } + + return 1 +} + +proc stop_check_sim_server_daemon { } { + global sim_server_spawn_id + global sim_server_pid + + # Check the exit status of sim_server - should exit here + set status_list [wait -i $sim_server_spawn_id] + verbose "wait -i $sim_server_spawn_id returned $status_list (sim_server)" + catch "close -i $sim_server_spawn_id" + if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } { + send_log "exit status: $status_list\n" + verbose "exit status: $status_list" + fail "sim_server" + } else { + pass "sim_server" + } + # In either case the server shutdown + unset sim_server_pid +} + +proc test_sim_client { msg } { + global REALMNAME + global SIM_CLIENT + global hostname + global spawn_id + global portbase + global sim_server_spawn_id + + # Test the client + spawn $SIM_CLIENT -p [expr 8 + $portbase] $hostname + verbose "sim_client_spawn is $spawn_id" 1 + + expect { + "Sent checksummed message: " { + verbose "received safe message" + } + timeout { + fail $msg + return 0 + } + eof { + fail $msg + return 0 + } + } + + expect { + "Sent encrypted message: " { + verbose "received private message" + } + eof { + fail $msg + return 0 + } + } + expect { + "\r" { } + } + + expect { + -i $sim_server_spawn_id + "Safe message is: 'hi there!'" { } + timeout { + fail $msg + return 0 + } + eof { + fail $msg + return 0 + } + } + + expect { + -i $sim_server_spawn_id + "Decrypted message is: 'hi there!'" { } + timeout { + fail $msg + return 0 + } + eof { + fail $msg + return 0 + } + } + + if ![check_exit_status "simple"] { + return 0 + } + + return 1 +} +# We are about to start up a couple of daemon processes. We do all +# the rest of the tests inside a proc, so that we can easily kill the +# processes when the procedure ends. + +proc doit { } { + global hostname + global KEY + global sim_server_pid + global sim_server_spawn_id + + # Start up the kerberos and kadmind daemons. + if ![start_kerberos_daemons 0] { + return + } + + # Use kadmin to add an host key. + if ![add_random_key sample/$hostname 1] { + return + } + + # Use ksrvutil to create a srvtab entry for sample + if ![setup_srvtab 1 sample] { + return + } + + # Use kinit to get a ticket. + if ![kinit krbtest/admin adminpass$KEY 1] { + return + } + + if ![start_sim_server_daemon] { + return + } + + if ![test_sim_client sim_client] { + return + } + + pass "simple - standalone" + + stop_check_sim_server_daemon + return +} + +set status [catch doit msg] + +stop_sim_server_daemon + +stop_kerberos_daemons + +if { $status != 0 } { + send_error "ERROR: error in simple.exp\n" + send_error "$msg\n" + exit 1 +} diff --git a/src/tests/dejagnu/krb-standalone/standalone.exp b/src/tests/dejagnu/krb-standalone/standalone.exp index 9a92b93035..ad14bcc7d0 100644 --- a/src/tests/dejagnu/krb-standalone/standalone.exp +++ b/src/tests/dejagnu/krb-standalone/standalone.exp @@ -89,6 +89,8 @@ proc doit { } { global portbase global mode + setup_kerberos_env kdc + # Start up the kerberos and kadmind daemons. if ![start_kerberos_daemons 1] { return @@ -138,6 +140,7 @@ proc doit { } { verbose "wait -i $spawn_id returned $k_stat (kadmin addpol)" catch "close -i $spawn_id" + setup_kerberos_env client # Use kinit to get a ticket. if ![kinit krbtest/admin adminpass$KEY 1] { return @@ -172,51 +175,11 @@ proc doit { } { kinit_kt "foo/bar" $tmppwd/fookeytab 1 "kt kvno $vno" do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist kt foo/bar vno $vno" do_kdestroy "kdestroy foo/bar vno $vno" - - if {[info exists KRBIV] && $KRBIV && - [regexp {des-cbc-[a-z0-9-]*:v4} [lindex $supported_enctypes 0]]} { - catch "exec rm -f $tmppwd/foosrvtab" - spawn $KTUTIL - expect_after { - timeout { fail "ktutil converting keytab to srvtab" ; set ok 0 } - eof { fail "ktutil converting keytab to srvtab" ; set ok 0 } - } - expect "ktutil: " - send "rkt $tmppwd/fookeytab\r" - expect -ex "rkt $tmppwd/fookeytab\r" - expect "ktutil: " -# for debugging, just log this -# send "list\r" -# expect "ktutil: " - # - send "wst $tmppwd/foosrvtab\r" - expect -ex "wst $tmppwd/foosrvtab\r" - expect "ktutil: " -# for debugging, just log this -# send "clear\r" -# expect "ktutil: " -# send "rst $tmppwd/foosrvtab\r" -# expect "ktutil: " -# send "list\r" -# expect "ktutil: " - # okay, now quit and finish testing - send "quit\r" - expect eof - catch expect_after - if [check_exit_status "ktutil converting keytab to srvtab (vno $vno)"] { - pass "ktutil converting keytab to srvtab (vno $vno)" - do_klist_kt $tmppwd/fookeytab "klist srvtab foo/bar vno $vno" - kinit_kt "foo/bar" "SRVTAB:$tmppwd/foosrvtab" 1 "st kvno $vno" - do_klist "foo/bar" "krbtgt/$REALMNAME@$REALMNAME" "klist st foo/bar vno $vno" - do_kdestroy "kdestroy st foo/bar vno $vno" - } - } else { - verbose "skipping v5kinit/srvtab tests because of non-v4 enctype" - } } catch "exec rm -f $keytab" # Check that kadmin.local can actually read the correct kvno, even # if we don't expect kadmin to be able to. + setup_kerberos_env kdc spawn $KADMIN_LOCAL -r $REALMNAME set ok 1 expect_after { @@ -234,36 +197,6 @@ proc doit { } { pass "kadmin.local correct high kvno" } } - - if { $mode == "tcp" } { - set response {} - set got_response 0 - set kdcsock "" - catch { - send_log "connecting to $hostname [expr 3 + $portbase]\n" - set kdcsock [socket $hostname [expr 3 + $portbase]] - fconfigure $kdcsock -encoding binary -blocking 0 -buffering none - puts -nonewline $kdcsock [binary format H* ffffffff] - # XXX - sleep 3 - set response [read $kdcsock] - set got_response 1 - } msg - if [string length $kdcsock] { catch "close $kdcsock" } - if $got_response { -# send_log [list sent length -1, got back $response] -# send_log "\n" - if [string length $response]>10 { - pass "too-long TCP request" - } else { - send_log "response too short\n" - fail "too-long TCP request" - } - } else { - send_log "too-long connect/exchange failure: $msg\n" - fail "too-long TCP request" - } - } } set status [catch doit msg] diff --git a/src/tests/dejagnu/krb-standalone/tcp.exp b/src/tests/dejagnu/krb-standalone/tcp.exp new file mode 100644 index 0000000000..db09b895e5 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/tcp.exp @@ -0,0 +1,117 @@ +# Standalone Kerberos test. +# This is a DejaGnu test script. +# This script tests that the Kerberos tools can talk to each other. + +# This mostly just calls procedures in testsuite/config/default.exp. + +# We are about to start up a couple of daemon processes. We do all +# the rest of the tests inside a proc, so that we can easily kill the +# processes when the procedure ends. + +proc doit { } { + global REALMNAME + global KLIST + global KDESTROY + global KEY + global KADMIN_LOCAL + global KTUTIL + global hostname + global tmppwd + global spawn_id + global supported_enctypes + global KRBIV + global portbase + global mode + + # Start up the kerberos and kadmind daemons. + if ![start_kerberos_daemons 1] { + return + } + + # Use kadmin to add an host key. + if ![add_random_key host/$hostname 1] { + return + } + + # Use ksrvutil to create a srvtab entry. +# if ![setup_srvtab 1] { +# return +# } + + # Use kinit to get a ticket. + if ![kinit krbtest/admin adminpass$KEY 1] { + return + } + + # Make sure that klist can see the ticket. + if ![do_klist "krbtest/admin@$REALMNAME" "krbtgt/$REALMNAME@$REALMNAME" "klist"] { + return + } + + # Destroy the ticket. + spawn $KDESTROY -5 + if ![check_exit_status "kdestroy"] { + return + } + pass "kdestroy" + + set response {} + set got_response 0 + set kdcsock "" + catch { + send_log "connecting to $hostname [expr 3 + $portbase]\n" + set kdcsock [socket $hostname [expr 3 + $portbase]] + fconfigure $kdcsock -encoding binary -blocking 0 -buffering none + puts -nonewline $kdcsock [binary format H* ffffffff] + # XXX + sleep 3 + set response [read $kdcsock] + set got_response 1 + } msg + if [string length $kdcsock] { catch "close $kdcsock" } + if $got_response { +# send_log [list sent length -1, got back $response] +# send_log "\n" + if [string length $response]>10 { + pass "too-long TCP request" + } else { + send_log "response too short\n" + fail "too-long TCP request" + } + } else { + send_log "too-long connect/exchange failure: $msg\n" + fail "too-long TCP request" + } +} + +set status 0 +run_once tcp { + # Set up the Kerberos files and environment. + set mode tcp + reset_kerberos_files + if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { + set mode udp + reset_kerberos_files + return + } + # Reset now, for next time we write the config files. + set mode udp + + # Initialize the Kerberos database. The argument tells + # setup_kerberos_db that it is being called from here. + if ![setup_kerberos_db 1] { + reset_kerberos_files + return + } + + set status [catch doit msg] +} + +reset_kerberos_files +stop_kerberos_daemons + +if { $status != 0 } { + send_error "ERROR: error in standalone.exp\n" + send_error "$msg\n" + exit 1 +} diff --git a/src/tests/dejagnu/krb-standalone/v4gssftp.exp b/src/tests/dejagnu/krb-standalone/v4gssftp.exp deleted file mode 100644 index b65b3fbad8..0000000000 --- a/src/tests/dejagnu/krb-standalone/v4gssftp.exp +++ /dev/null @@ -1,506 +0,0 @@ -# Kerberos ftp test. -# This is a DejaGnu test script. -# This script tests Kerberos ftp. -# Originally written by Ian Lance Taylor, Cygnus Support, . -# Modified bye Ezra Peisach for GSSAPI support. - -# Find the programs we need. We use the binaries from the build tree -# if they exist. If they do not, then they must be in PATH. We -# expect $objdir to be .../kerberos/build/tests/dejagnu - -if ![info exists FTP] { - set FTP [findfile $objdir/../../appl/gssftp/ftp/ftp] -} - -if ![info exists FTPD] { - set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd] -} - -# If we do not have what is for a V4 test - return -if ![v4_compatible_enctype] { - return -} - -# Make sure .klogin is reasonable. -if ![check_k5login ftp] { - return -} - -if ![check_klogin ftp] { - return -} - -# Set up the kerberos database. -if {![get_hostname] \ - || ![setup_kerberos_files] \ - || ![setup_kerberos_env] \ - || ![setup_kerberos_db 0]} { - return -} - -# A procedure to start up the ftp daemon. - -proc start_ftp_daemon { } { - global FTPD - global tmppwd - global ftpd_spawn_id - global ftpd_pid - global portbase - - # The -p argument tells it to accept a single connection, so we - # don't need to use inetd. Portbase+8 is the port to listen at. - # We rely on KRB5_KTNAME being set to the proper keyfile as there is - # no way to cleanly set it with the gssapi API. - # The -U argument tells it to use an alternate ftpusers file (using - # /dev/null will allow root to login regardless of /etc/ftpusers). - # The -a argument requires authorization, to mitigate any - # vulnerability introduced by circumventing ftpusers. - spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb.conf - set ftpd_spawn_id $spawn_id - set ftpd_pid [exp_pid] - - # Give the ftp daemon a few seconds to get set up. - sleep 2 -} - -# A procedure to stop the ftp daemon. - -proc stop_ftp_daemon { } { - global ftpd_spawn_id - global ftpd_pid - - if [info exists ftpd_pid] { - catch "close -i $ftpd_spawn_id" - catch "exec kill $ftpd_pid" - catch "wait -i $ftpd_spawn_id" - unset ftpd_pid - } -} - -# Create a file to use for ftp testing. -set file [open $tmppwd/ftp-test w] -puts $file "This file is used for ftp testing." -close $file - -# Create a large file to use for ftp testing. File needs to be -# larger that 2^20 or 1MB for PBSZ testing. -set file [open $tmppwd/bigftp-test w] -puts $file "This file is used for ftp testing.\n" -seek $file 1048576 current -puts $file "This file is used for ftp testing." -close $file - -# Test that a file was copied correctly. -proc check_file { filename {bigfile 0}} { - if ![file exists $filename] { - verbose "$filename does not exist" - send_log "$filename does not exist\n" - return 0 - } - - set file [open $filename r] - if { [gets $file line] == -1 } { - verbose "$filename is empty" - send_log "$filename is empty\n" - close $file - return 0 - } - - if ![string match "This file is used for ftp testing." $line] { - verbose "$filename contains $line" - send_log "$filename contains $line\n" - close $file - return 0 - } - - if {$bigfile} { - # + 1 for the newline - seek $file 1048577 current - if { [gets $file line] == -1 } { - verbose "$filename is truncated" - send_log "$filename is truncated\n" - close $file - return 0 - } - - if ![string match "This file is used for ftp testing." $line] { - verbose "$filename contains $line" - send_log "$filename contains $line\n" - close $file - return 0 - } - } - - if { [gets $file line] != -1} { - verbose "$filename is too long ($line)" - send_log "$filename is too long ($line)\n" - close $file - return 0 - } - - close $file - - return 1 -} - -# -# Restore environment variables possibly set. -# -proc ftp_restore_env { } { - global env - global ftp_save_ktname - global ftp_save_ccname - - catch "unset env(KRB5_KTNAME)" - if [info exists ftp_save_ktname] { - set env(KRB5_KTNAME) $ftp_save_ktname - unset ftp_save_ktname - } - - catch "unset env(KRB5CCNAME)" - if [info exists ftp_save_ccname] { - set env(KRB5CCNAME) $ftp_save_ccname - unset ftp_save_ccname - } -} - -# Wrap the tests in a procedure, so that we can kill the daemons if -# we get some sort of error. - -proc v4ftp_test { } { - global FTP - global KEY - global REALMNAME - global hostname - global localhostname - global env - global ftpd_spawn_id - global ftpd_pid - global spawn_id - global tmppwd - global ftp_save_ktname - global ftp_save_ccname - global des3_krbtgt - global portbase - - if {$des3_krbtgt} { - return - } - # Start up the kerberos and kadmind daemons and get a srvtab and a - # ticket file. - if {![start_kerberos_daemons 0] \ - || ![add_random_key ftp/$hostname 0] \ - || ![setup_srvtab 0 ftp] \ - || ![add_kerberos_key $env(USER) 0] \ - || ![v4kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - # - # Save settings of KRB5_KTNAME - # - if [info exists env(KRB5_KTNAME)] { - set ftp_save_ktname $env(KRB5_KTNAME) - } - - # - # set KRB5_KTNAME - # - set env(KRB5_KTNAME) FILE:$tmppwd/srvtab - verbose "KRB5_KTNAME=$env(KRB5_KTNAME)" - - # - # Save settings of KRB5CCNAME - # These tests fail if the krb5 cache happens to have a valid credential - # which can result from running the gssftp.exp test immediately - # preceeding these tests. - # - if [info exists env(KRB5CCNAME)] { - set ftp_save_ccname $env(KRB5CCNAME) - } - - # - # set KRB5_KTNAME - # - set env(KRB5CCNAME) FILE:$tmppwd/non-existant-cache - verbose "KRB5CCNAME=$env(KRB5CCNAME)" - - # Start the ftp daemon. - start_ftp_daemon - - # Make an ftp client connection to it. - spawn $FTP $hostname [expr 8 + $portbase] - - expect_after { - timeout { - fail "$testname (timeout)" - catch "expect_after" - return - } - eof { - fail "$testname (eof)" - catch "expect_after" - return - } - } - - set testname "ftp connection(v4)" - expect -nocase "connected to $hostname" - expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready." - expect -re "Using authentication type GSSAPI; ADAT must follow" - expect "GSSAPI accepted as authentication type" - expect -re "GSSAPI error major: (Unspecified GSS|Miscellaneous) failure" - expect { - "GSSAPI error minor: Unsupported credentials cache format version number" {} - "GSSAPI error minor: No credentials cache found" {} - -re "GSSAPI error minor: Credentials cache file '.*' not found" {} - "GSSAPI error minor: Decrypt integrity check failed" {} - } - expect "GSSAPI error: initializing context" - expect "GSSAPI authentication failed" - expect -re "Using authentication type KERBEROS_V4; ADAT must follow" - expect { - "Kerberos V4 authentication succeeded" { pass "ftp authentication" } - eof { fail "ftp authentication" ; catch "expect_after" ; return } - -re "Kerberos V4 .* failed.*\r" { - fail "ftp authentication"; - send "quit\r"; catch "expect_after"; - return - } - } - expect -nocase "name ($hostname:$env(USER)): " - send "$env(USER)\r" - expect "Kerberos user $env(USER)@$REALMNAME is authorized as $env(USER)" - expect "Remote system type is UNIX." - expect "Using binary mode to transfer files." - expect "ftp> " { - pass $testname - } - - set testname "binary(v4)" - send "binary\r" - expect "ftp> " { - pass $testname - } - - set testname "status(v4)" - send "status\r" - expect -nocase "connected to $hostname." - expect "Authentication type: KERBEROS_V4" - expect "ftp> " { - pass $testname - } - - set testname "ls(v4)" - send "ls $tmppwd/ftp-test\r" - expect -re "Opening ASCII mode data connection for .*ls." - expect -re ".* $tmppwd/ftp-test" - expect "ftp> " { - pass $testname - } - - set testname "nlist(v4)" - send "nlist $tmppwd/ftp-test\r" - expect -re "Opening ASCII mode data connection for file list." - expect -re "$tmppwd/ftp-test" - expect -re ".* Transfer complete." - expect "ftp> " { - pass $testname - } - - set testname "ls missing(v4)" - send "ls $tmppwd/ftp-testmiss\r" - expect -re "Opening ASCII mode data connection for .*ls." - expect { - -re "$tmppwd/ftp-testmiss not found" {} - -re "$tmppwd/ftp-testmiss: No such file or directory" - } - expect "ftp> " { - pass $testname - } - - - set testname "get(v4)" - catch "exec rm -f $tmppwd/copy" - send "get $tmppwd/ftp-test $tmppwd/copy\r" - expect "Opening BINARY mode data connection for $tmppwd/ftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "put(v4)" - catch "exec rm -f $tmppwd/copy" - send "put $tmppwd/ftp-test $tmppwd/copy\r" - expect "Opening BINARY mode data connection for $tmppwd/copy" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes sent in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "cd(v4)" - send "cd $tmppwd\r" - expect "CWD command successful." - expect "ftp> " { - pass $testname - } - - set testname "lcd(v4)" - send "lcd $tmppwd\r" - expect "Local directory now $tmppwd" - expect "ftp> " { - pass $testname - } - - set testname "local get(v4)" - catch "exec rm -f $tmppwd/copy" - send "get ftp-test copy\r" - expect "Opening BINARY mode data connection for ftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - set testname "big local get(v4)" - catch "exec rm -f $tmppwd/copy" - send "get bigftp-test copy\r" - expect "Opening BINARY mode data connection for bigftp-test" - expect "Transfer complete" - expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" - expect "ftp> " - if [check_file $tmppwd/copy 1] { - pass $testname - } else { - fail $testname - } - - set testname "start encryption(v4)" - send "private\r" - expect "Data channel protection level set to private" - expect "ftp> " { - pass $testname - } - - set testname "status(v4)" - send "status\r" - expect "Protection Level: private" - expect "ftp> " { - pass $testname - } - - set testname "encrypted get(v4)" - catch "exec rm -f $tmppwd/copy" - send "get ftp-test copy\r" - expect "Opening BINARY mode data connection for ftp-test" - expect "Transfer complete" - expect { - -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds" {} - -re "krb_rd_priv failed for KERBEROS_V4" { - fail $testname - send "quit\r" - catch "expect_after" - return - } - } - expect "ftp> " - if [check_file $tmppwd/copy] { - pass $testname - } else { - fail $testname - } - - - # Test a large file that will overflow PBSZ size - set testname "big encrypted get(v4)" - catch "exec rm -f $tmppwd/copy" - send "get bigftp-test copy\r" - expect "Opening BINARY mode data connection for bigftp-test" - expect "Transfer complete" - expect { - -re "\[0-9\]+ bytes received in \[0-9.e+-\]+ seconds" {} - -re "krb_rd_priv failed for KERBEROS_V4" { - fail $testname - send "quit\r" - catch "expect_after" - return - } - } - expect "ftp> " - if [check_file $tmppwd/copy 1] { - pass $testname - } else { - fail $testname - } - - set testname "close(v4)" - send "close\r" - expect "Goodbye." - expect "ftp> " - set status_list [wait -i $ftpd_spawn_id] - verbose "wait -i $ftpd_spawn_id returned $status_list ($testname)" - catch "close -i $ftpd_spawn_id" - if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } { - send_log "exit status: $status_list\n" - verbose "exit status: $status_list" - fail $testname - } else { - pass $testname - unset ftpd_pid - } - - set testname "quit(v4)" - send "quit\r" - expect_after - expect eof - if [check_exit_status $testname] { - pass $testname - } - -} - -# The ftp client will look in $HOME/.netrc for the user name to use. -# To avoid confusing the testsuite, point $HOME at a directory where -# we know there is no .netrc file. -if [info exists env(HOME)] { - set home $env(HOME) -} elseif [info exists home] { - unset home -} -set env(HOME) $tmppwd - -# Run the test. Logging in sometimes takes a while, so increase the -# timeout. -set oldtimeout $timeout -set timeout 60 -set status [catch v4ftp_test msg] -set timeout $oldtimeout - -# Shut down the kerberos daemons and the ftp daemon. -stop_kerberos_daemons - -stop_ftp_daemon - -ftp_restore_env - -# Reset $HOME, for safety in case we are going to run more tests. -if [info exists home] { - set env(HOME) $home -} else { - unset env(HOME) -} - -if { $status != 0 } { - perror "error in v4gssftp.exp: $msg" -} diff --git a/src/tests/dejagnu/krb-standalone/v4krb524d.exp b/src/tests/dejagnu/krb-standalone/v4krb524d.exp deleted file mode 100644 index d78f14ba37..0000000000 --- a/src/tests/dejagnu/krb-standalone/v4krb524d.exp +++ /dev/null @@ -1,168 +0,0 @@ -# Standalone Kerberos test. -# This is a DejaGnu test script. -# This script tests that the Kerberos tools can talk to each other. - -# This mostly just calls procedures in testsuite/config/default.exp. - -if ![info exists K524INIT] { - set K524INIT [findfile $objdir/../../krb524/k524init] -} - -if ![info exists KRB524D] { - set KRB524D [findfile $objdir/../../krb524/krb524d] -} - -if ![info exists KLIST] { - set KLIST [findfile $objdir/../../clients/klist/klist] -} - -if ![info exists KDESTROY] { - set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy] -} - -# Set up the Kerberos files and environment. -if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { - return -} - -# If we do not have what is for a V4 test - return -if ![v4_compatible_enctype] { - return -} - -# Initialize the Kerberos database. The argument tells -# setup_kerberos_db that it is being called from here. -if ![setup_kerberos_db 1] { - return -} - -# A procedure to stop the krb524 daemon. -proc start_k524_daemon { } { - global KRB524D - global k524d_spawn_id - global k524d_pid - global REALMNAME - global portbase - - spawn $KRB524D -m -p [expr 7 + $portbase] -r $REALMNAME -nofork - set k524d_spawn_id $spawn_id - set k524d_pid [exp_pid] - - # Give the krb524d daemon a few seconds to get set up. - sleep 2 -} - -# A procedure to stop the krb524 daemon. -proc stop_k524_daemon { } { - global k524d_spawn_id - global k524d_pid - - if [info exists k524d_pid] { - catch "close -i $k524d_spawn_id" - catch "exec kill $k524d_pid" - catch "wait -i $k524d_spawn_id" - unset k524d_pid - } -} - -# We are about to start up a couple of daemon processes. We do all -# the rest of the tests inside a proc, so that we can easily kill the -# processes when the procedure ends. - -proc doit { } { - global env - global KEY - global K524INIT - # To pass spawn_id to the wait process - global spawn_id - global KLIST - global KDESTROY - global tmppwd - global REALMNAME - global des3_krbtgt - - if {$des3_krbtgt} { - return - } - # Start up the kerberos and kadmind daemons. - if ![start_kerberos_daemons 1] { - return - } - - # Add a user key and get a V5 ticket - if {![add_kerberos_key $env(USER) 0] \ - || ![kinit $env(USER) $env(USER)$KEY 0]} { - return - } - - # Start the krb524d daemon. - start_k524_daemon - - # The k524init program does not advertise anything on success - - #only failure. - spawn $K524INIT - expect { - -timeout 10 - -re "k524init: .*\r" { - fail "k524init" - return - } - eof {} - timeout {} - } - - - if ![check_exit_status "k524init"] { - return - } - pass "k524init" - - # Make sure that klist can see the ticket. - spawn $KLIST -4 - expect { - -re "Kerberos 4 ticket cache:\[ \]*(.+:)?$tmppwd/tkt.*Principal:\[ \]*$env(USER)@$REALMNAME.*krbtgt\.$REALMNAME@$REALMNAME\r\n" { - verbose "klist started" - } - timeout { - fail "v4klist" - return - } - eof { - fail "v4klist" - return - } - } - - expect { - "\r" { } - eof { } - } - - if ![check_exit_status "klist"] { - return - } - pass "krb524d: v4klist" - - # Destroy the ticket. - spawn $KDESTROY -4 - if ![check_exit_status "kdestroy"] { - return - } - pass "krb524d: v4kdestroy" - - pass "krb524d: krb524d" -} - -set status [catch doit msg] - -stop_kerberos_daemons - -stop_k524_daemon - -if { $status != 0 } { - send_error "ERROR: error in v4krb524d.exp\n" - send_error "$msg\n" - exit 1 -} - - diff --git a/src/tests/dejagnu/krb-standalone/v4standalone.exp b/src/tests/dejagnu/krb-standalone/v4standalone.exp deleted file mode 100644 index cc42e8daba..0000000000 --- a/src/tests/dejagnu/krb-standalone/v4standalone.exp +++ /dev/null @@ -1,95 +0,0 @@ -# Standalone Kerberos test. -# This is a DejaGnu test script. -# This script tests that the Kerberos tools can talk to each other. - -# This mostly just calls procedures in testsuite/config/default.exp. - -# Set up the Kerberos files and environment. -if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} { - return -} - -# If we do not have what is for a V4 test - return -if ![v4_compatible_enctype] { - return -} - -# Initialize the Kerberos database. The argument tells -# setup_kerberos_db that it is being called from here. -if ![setup_kerberos_db 1] { - return -} - -# We are about to start up a couple of daemon processes. We do all -# the rest of the tests inside a proc, so that we can easily kill the -# processes when the procedure ends. - -proc check_and_destroy_v4_tix { client server } { - global REALMNAME - global des3_krbtgt - - # Skip this if we're using a des3 TGT, since that's supposed to fail. - if {$des3_krbtgt} { - return - } - # Make sure that klist can see the ticket. - if ![v4klist "$client" "$server" "v4klist"] { - return - } - - # Destroy the ticket. - if ![v4kdestroy "v4kdestroy"] { - return - } - - if ![v4klist_none "v4klist no tix 1"] { - return - } -} - -proc doit { } { - global REALMNAME - global KLIST - global KDESTROY - global KEY - global hostname - global spawn_id - global tmppwd - - # Start up the kerberos and kadmind daemons. - if ![start_kerberos_daemons 1] { - return - } - - # Use kadmin to add an host key. - if ![add_random_key host/$hostname 1] { - return - } - - # Use ksrvutil to create a srvtab entry. - if ![setup_srvtab 1] { - return - } - - # Use kinit to get a ticket. - if [v4kinit krbtest.admin adminpass$KEY 1] { - check_and_destroy_v4_tix krbtest.admin@$REALMNAME krbtgt.$REALMNAME@$REALMNAME - } - - # Use kinit with srvtab to get a ticket. - # XXX - Currently kinit doesn't support "-4 -k"! -# set shorthost [string range $hostname 0 [expr [string first . $hostname] - 1]] -# if [v4kinit_kt host.$shorthost SRVTAB:$tmppwd/srvtab 1] { -# check_and_destroy_v4_tix host.$shorthost@$REALMNAME krbtgt.$REALMNAME@$REALMNAME -# } -} - -set status [catch doit msg] - -stop_kerberos_daemons - -if { $status != 0 } { - send_error "ERROR: error in v4standalone.exp\n" - send_error "$msg\n" - exit 1 -} diff --git a/src/tests/deps b/src/tests/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/tests/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/tests/gss-threads/Makefile.in b/src/tests/gss-threads/Makefile.in index 24357045f4..53c25747f3 100644 --- a/src/tests/gss-threads/Makefile.in +++ b/src/tests/gss-threads/Makefile.in @@ -36,19 +36,3 @@ clean-unix:: install-unix:: # $(INSTALL_PROGRAM) gss-client $(DESTDIR)$(CLIENT_BINDIR)/gss-tclient # $(INSTALL_PROGRAM) gss-server $(DESTDIR)$(SERVER_BINDIR)/gss-tserver -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)gss-client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h gss-client.c gss-misc.h -$(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - gss-misc.c gss-misc.h -$(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ - $(SRCTOP)/include/port-sockets.h gss-misc.h gss-server.c diff --git a/src/tests/gss-threads/deps b/src/tests/gss-threads/deps new file mode 100644 index 0000000000..b7fe304b34 --- /dev/null +++ b/src/tests/gss-threads/deps @@ -0,0 +1,14 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)gss-client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h gss-client.c gss-misc.h +$(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + gss-misc.c gss-misc.h +$(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ + $(SRCTOP)/include/port-sockets.h gss-misc.h gss-server.c diff --git a/src/tests/gss-threads/gss-client.c b/src/tests/gss-threads/gss-client.c index 25c9d63ee6..08bac92ca4 100644 --- a/src/tests/gss-threads/gss-client.c +++ b/src/tests/gss-threads/gss-client.c @@ -66,6 +66,7 @@ #include "gss-misc.h" #include "port-sockets.h" #include "fake-addrinfo.h" +#include "k5-platform.h" static int verbose = 1; @@ -606,12 +607,10 @@ static void parse_oid(char *mechanism, gss_OID *oid) OM_uint32 maj_stat, min_stat; if (isdigit((int) mechanism[0])) { - mechstr = malloc(strlen(mechanism)+5); - if (!mechstr) { + if (asprintf(&mechstr, "{ %s }", mechanism) < 0) { fprintf(stderr, "Couldn't allocate mechanism scratch!\n"); return; } - sprintf(mechstr, "{ %s }", mechanism); for (cp = mechstr; *cp; cp++) if (*cp == '.') *cp = ' '; diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in index 19c6fd33e5..d0ea1e137e 100644 --- a/src/tests/gssapi/Makefile.in +++ b/src/tests/gssapi/Makefile.in @@ -18,10 +18,3 @@ t_imp_name: t_imp_name.o $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS) clean:: $(RM) t_imp_name -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)t_imp_name.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssapi/gssapi_generic.h t_imp_name.c diff --git a/src/tests/gssapi/deps b/src/tests/gssapi/deps new file mode 100644 index 0000000000..bdce1a3c5f --- /dev/null +++ b/src/tests/gssapi/deps @@ -0,0 +1,5 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)t_imp_name.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssapi/gssapi_generic.h t_imp_name.c diff --git a/src/tests/hammer/Makefile.in b/src/tests/hammer/Makefile.in index b751cca4d5..263abd0853 100644 --- a/src/tests/hammer/Makefile.in +++ b/src/tests/hammer/Makefile.in @@ -17,17 +17,3 @@ install:: clean:: $(RM) kdc5_hammer.o kdc5_hammer -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kdc5_hammer.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h kdc5_hammer.c diff --git a/src/tests/hammer/deps b/src/tests/hammer/deps new file mode 100644 index 0000000000..adb2f9e442 --- /dev/null +++ b/src/tests/hammer/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kdc5_hammer.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kdc5_hammer.c diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c index 5fd8d1c51b..b1f5c179db 100644 --- a/src/tests/hammer/kdc5_hammer.c +++ b/src/tests/hammer/kdc5_hammer.c @@ -217,12 +217,12 @@ main(argc, argv) again given a prefix and count to test the db lib and kdb */ ctmp[0] = '\0'; for (i = 1; i <= depth; i++) { - (void) sprintf(ctmp2, "%s%s%d-DEPTH-%d", (i != 1) ? "/" : "", - prefix, n, i); + (void) snprintf(ctmp2, sizeof(ctmp2), "%s%s%d-DEPTH-%d", + (i != 1) ? "/" : "", prefix, n, i); ctmp2[sizeof(ctmp2) - 1] = '\0'; strncat(ctmp, ctmp2, sizeof(ctmp) - 1 - strlen(ctmp)); ctmp[sizeof(ctmp) - 1] = '\0'; - sprintf(client, "%s@%s", ctmp, cur_realm); + snprintf(client, sizeof(client), "%s@%s", ctmp, cur_realm); if (get_tgt (test_context, client, &client_princ, ccache)) { errors++; @@ -233,12 +233,12 @@ main(argc, argv) stmp[0] = '\0'; for (j = 1; j <= depth; j++) { - (void) sprintf(stmp2, "%s%s%d-DEPTH-%d", (j != 1) ? "/" : "", - prefix, n, j); + (void) snprintf(stmp2, sizeof(stmp2), "%s%s%d-DEPTH-%d", + (j != 1) ? "/" : "", prefix, n, j); stmp2[sizeof (stmp2) - 1] = '\0'; strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp)); stmp[sizeof(stmp) - 1] = '\0'; - sprintf(server, "%s@%s", stmp, cur_realm); + snprintf(server, sizeof(server), "%s@%s", stmp, cur_realm); if (verify_cs_pair(test_context, client, client_princ, stmp, cur_realm, n, i, j, ccache)) errors++; @@ -343,9 +343,7 @@ int verify_cs_pair(context, p_client_str, p_client, service, hostname, memset((char *)&creds, 0, sizeof(creds)); /* Do client side */ - sname = (char *) malloc(strlen(service)+strlen(hostname)+2); - if (sname) { - sprintf(sname, "%s@%s", service, hostname); + if (asprintf(&sname, "%s@%s", service, hostname) >= 0) { retval = krb5_parse_name(context, sname, &creds.server); free(sname); } diff --git a/src/tests/misc/Makefile.in b/src/tests/misc/Makefile.in index 1b90d0a229..811d12282a 100644 --- a/src/tests/misc/Makefile.in +++ b/src/tests/misc/Makefile.in @@ -29,11 +29,11 @@ test_getsockname: $(OUTPRE)test_getsockname.$(OBJEXT) $(CC_LINK) $(ALL_CFLAGS) -o test_getsockname $(OUTPRE)test_getsockname.$(OBJEXT) $(LIBS) test_cxx_krb5: $(OUTPRE)test_cxx_krb5.$(OBJEXT) $(KRB5_DEPLIB) - $(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_krb5 $(OUTPRE)test_cxx_krb5.$(OBJEXT) $(KRB5_LIB) $(LIBS) + $(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_krb5 $(OUTPRE)test_cxx_krb5.$(OBJEXT) $(KRB5_BASE_LIBS) $(LIBS) test_cxx_gss: $(OUTPRE)test_cxx_gss.$(OBJEXT) $(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_gss $(OUTPRE)test_cxx_gss.$(OBJEXT) $(LIBS) test_cxx_rpc: $(OUTPRE)test_cxx_rpc.$(OBJEXT) $(GSSRPC_DEPLIBS) - $(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_rpc $(OUTPRE)test_cxx_rpc.$(OBJEXT) $(GSSRPC_LIBS) $(LIBS) + $(CXX_LINK) $(ALL_CXXFLAGS) -o test_cxx_rpc $(OUTPRE)test_cxx_rpc.$(OBJEXT) $(GSSRPC_LIBS) $(KRB5_BASE_LIBS) $(LIBS) test_cxx_krb5.$(OBJEXT): test_cxx_krb5.cpp test_cxx_gss.$(OBJEXT): test_cxx_gss.cpp @@ -44,25 +44,3 @@ install:: clean:: $(RM) test_getpw test_cxx_krb5 test_cxx_gss *.o -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)test_getpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - test_getpw.c -$(OUTPRE)test_getsockname.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - test_getsockname.c -$(OUTPRE)test_cxx_krb5.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h test_cxx_krb5.cpp -$(OUTPRE)test_cxx_gss.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - test_cxx_gss.cpp -$(OUTPRE)test_cxx_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ - $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ - $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ - $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h test_cxx_rpc.cpp diff --git a/src/tests/misc/deps b/src/tests/misc/deps new file mode 100644 index 0000000000..db21c4b8db --- /dev/null +++ b/src/tests/misc/deps @@ -0,0 +1,20 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)test_getpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + test_getpw.c +$(OUTPRE)test_getsockname.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + test_getsockname.c +$(OUTPRE)test_cxx_krb5.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h test_cxx_krb5.cpp +$(OUTPRE)test_cxx_gss.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + test_cxx_gss.cpp +$(OUTPRE)test_cxx_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ + $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ + $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ + $(SRCTOP)/include/gssrpc/xdr.h test_cxx_rpc.cpp diff --git a/src/tests/mkeystash_compat/Makefile.in b/src/tests/mkeystash_compat/Makefile.in index b4fd7e45dc..5ce9b4ae02 100644 --- a/src/tests/mkeystash_compat/Makefile.in +++ b/src/tests/mkeystash_compat/Makefile.in @@ -32,6 +32,9 @@ kdc.conf: Makefile krb5.conf: Makefile cat $(SRCTOP)/config-files/krb5.conf > krb5.new + echo "[dbmodules]" >> krb5.new + echo " db_module_dir = $(BUILDTOP)/util/fakedest$(KRB5_DB_MODULE_DIR)" >> krb5.new + mv krb5.new krb5.conf # Verify that the mkey stash code is backward compat with old/non-keytab stashfile format mkeystash_check: kdc.conf krb5.conf bigendian @@ -47,9 +50,3 @@ mkeystash_check: kdc.conf krb5.conf bigendian clean:: $(RM) kdc.conf -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)bigendian.$(OBJEXT): bigendian.c diff --git a/src/tests/mkeystash_compat/deps b/src/tests/mkeystash_compat/deps new file mode 100644 index 0000000000..5a1f8e6bce --- /dev/null +++ b/src/tests/mkeystash_compat/deps @@ -0,0 +1,4 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)bigendian.$(OBJEXT): bigendian.c diff --git a/src/tests/resolve/Makefile.in b/src/tests/resolve/Makefile.in index 2f0815607f..1a7d340934 100644 --- a/src/tests/resolve/Makefile.in +++ b/src/tests/resolve/Makefile.in @@ -16,7 +16,7 @@ resolve: resolve.o $(CC_LINK) -o $@ resolve.o $(LIBS) addrinfo-test: addrinfo-test.o - $(CC_LINK) -o $@ addrinfo-test.o $(LIBS) + $(CC_LINK) -o $@ addrinfo-test.o $(SUPPORT_LIB) $(LIBS) fake-addrinfo-test: fake-addrinfo-test.o $(CC_LINK) -o $@ fake-addrinfo-test.o $(SUPPORT_LIB) $(LIBS) @@ -31,15 +31,3 @@ install:: clean:: $(RM) resolve addrinfo-test fake-addrinfo-test -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)resolve.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - resolve.c -$(OUTPRE)addrinfo-test.$(OBJEXT): addrinfo-test.c -$(OUTPRE)fake-addrinfo-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h addrinfo-test.c fake-addrinfo-test.c diff --git a/src/tests/resolve/addrinfo-test.c b/src/tests/resolve/addrinfo-test.c index 35fb0731d1..dff8df1ddd 100644 --- a/src/tests/resolve/addrinfo-test.c +++ b/src/tests/resolve/addrinfo-test.c @@ -44,6 +44,7 @@ #include #include #include /* needed for IPPROTO_* on NetBSD */ +#include #ifdef USE_FAKE_ADDRINFO #include "fake-addrinfo.h" #endif @@ -70,7 +71,7 @@ static const char *protoname (int p) { X(COMP); #endif - sprintf(buf, " %-2d", p); + snprintf(buf, sizeof(buf), " %-2d", p); return buf; } @@ -83,7 +84,7 @@ static const char *socktypename (int t) { case SOCK_RDM: return "RDM"; case SOCK_SEQPACKET: return "SEQPACKET"; } - sprintf(buf, " %-2d", t); + snprintf(buf, sizeof(buf), " %-2d", t); return buf; } @@ -124,7 +125,7 @@ static const char *familyname (int f) { static char buf[30]; switch (f) { default: - sprintf(buf, "AF %d", f); + snprintf(buf, sizeof(buf), "AF %d", f); return buf; case AF_INET: return "AF_INET"; #ifdef AF_INET6 @@ -284,8 +285,10 @@ int main (int argc, char *argv[]) ap2->ai_addr->sa_family = ap2->ai_family; } if (getnameinfo(ap2->ai_addr, ap2->ai_addrlen, hbuf, sizeof(hbuf), - pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) - strcpy(hbuf, "..."), strcpy(pbuf, "..."); + pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) { + strlcpy(hbuf, "...", sizeof(hbuf)); + strlcpy(pbuf, "...", sizeof(pbuf)); + } printf("%p:\n" "\tfamily = %s\tproto = %-4s\tsocktype = %s\n", ap2, familyname(ap2->ai_family), diff --git a/src/tests/resolve/deps b/src/tests/resolve/deps new file mode 100644 index 0000000000..109bf32094 --- /dev/null +++ b/src/tests/resolve/deps @@ -0,0 +1,12 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)resolve.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + resolve.c +$(OUTPRE)addrinfo-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + addrinfo-test.c +$(OUTPRE)fake-addrinfo-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h addrinfo-test.c fake-addrinfo-test.c diff --git a/src/tests/shlib/Makefile.in b/src/tests/shlib/Makefile.in index 6b8bb6f037..58fd58dd15 100644 --- a/src/tests/shlib/Makefile.in +++ b/src/tests/shlib/Makefile.in @@ -27,11 +27,3 @@ install:: clean:: $(RM) t_loader.o t_loader -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)t_loader.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h t_loader.c diff --git a/src/tests/shlib/deps b/src/tests/shlib/deps new file mode 100644 index 0000000000..062611358c --- /dev/null +++ b/src/tests/shlib/deps @@ -0,0 +1,7 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)t_loader.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h t_loader.c diff --git a/src/tests/shlib/t_loader.c b/src/tests/shlib/t_loader.c index 70cd6d13b8..6b2b1b7a51 100644 --- a/src/tests/shlib/t_loader.c +++ b/src/tests/shlib/t_loader.c @@ -5,6 +5,7 @@ #include "autoconf.h" #include "krb5.h" #include "gssapi/gssapi.h" +#include "k5-platform.h" #define HAVE_DLOPEN 1 static int verbose = 1; @@ -53,28 +54,20 @@ static void *do_open_1(const char *libname, const char *rev, { void *p; char *namebuf; - size_t sz; + int r; if (verbose) printf("from line %d: do_open(%s)...%*s", line, libname, HORIZ-strlen(libname), ""); - sz = strlen(SHLIB_SUFFIX) + strlen(libname) + 4; #ifdef _AIX - sz += strlen(rev) + 8; + r = asprintf(&namebuf, "lib%s%s", libname, SHLIB_SUFFIX); +#else + r = asprintf(&namebuf, "lib%s%s(shr.o.%s)", libname, SHLIB_SUFFIX, rev); #endif - namebuf = malloc(sz); - if (namebuf == 0) { - perror("malloc"); + if (r < 0) { + perror("asprintf"); exit(1); } - strcpy(namebuf, "lib"); - strcat(namebuf, libname); - strcat(namebuf, SHLIB_SUFFIX); -#ifdef _AIX - strcat(namebuf, "(shr.o."); - strcat(namebuf, rev); - strcat(namebuf, ")"); -#endif #ifndef RTLD_MEMBER #define RTLD_MEMBER 0 @@ -116,7 +109,7 @@ static void do_close_1(void *libhandle, int line) { if (verbose) { char pbuf[3*sizeof(libhandle)+4]; - sprintf(pbuf, "%p", libhandle); + snprintf(pbuf, sizeof(pbuf), "%p", libhandle); printf("from line %d: do_close(%s)...%*s", line, pbuf, HORIZ-1-strlen(pbuf), ""); } diff --git a/src/tests/threads/Makefile.in b/src/tests/threads/Makefile.in index 62ba589779..e564f53582 100644 --- a/src/tests/threads/Makefile.in +++ b/src/tests/threads/Makefile.in @@ -36,9 +36,3 @@ install:: clean:: $(RM) t_rcache.o t_rcache -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# - diff --git a/src/tests/threads/deps b/src/tests/threads/deps new file mode 100644 index 0000000000..2553aa9456 --- /dev/null +++ b/src/tests/threads/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)t_rcache.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + t_rcache.c diff --git a/src/tests/threads/t_rcache.c b/src/tests/threads/t_rcache.c index 5d817defb1..06f4d3b194 100644 --- a/src/tests/threads/t_rcache.c +++ b/src/tests/threads/t_rcache.c @@ -58,12 +58,14 @@ static void try_one (struct tinfo *t) char buf[100], buf2[100]; krb5_rcache my_rcache; - sprintf(buf, "host/all-in-one.mit.edu/%p@ATHENA.MIT.EDU", buf); + snprintf(buf, sizeof(buf), "host/all-in-one.mit.edu/%p@ATHENA.MIT.EDU", + buf); r.server = buf; r.client = (t->my_cusec & 7) + "abcdefgh@ATHENA.MIT.EDU"; if (t->now != t->my_ctime) { if (t->my_ctime != 0) { - sprintf(buf2, "%3d: %ld %5d\n", t->idx, t->my_ctime, t->my_cusec); + snprintf(buf2, sizeof(buf2), "%3d: %ld %5d\n", t->idx, + t->my_ctime, t->my_cusec); printf("%s", buf2); } t->my_ctime = t->now; diff --git a/src/tests/verify/Makefile.in b/src/tests/verify/Makefile.in index df51297994..a78bef1387 100644 --- a/src/tests/verify/Makefile.in +++ b/src/tests/verify/Makefile.in @@ -18,17 +18,3 @@ install:: clean:: $(RM) kdb5_verify.o kdb5_verify -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -$(OUTPRE)kdb5_verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ - $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \ - $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ - $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h $(SS_DEPS) kdb5_verify.c diff --git a/src/tests/verify/deps b/src/tests/verify/deps new file mode 100644 index 0000000000..d6ad40ece4 --- /dev/null +++ b/src/tests/verify/deps @@ -0,0 +1,13 @@ +# +# Generated makefile dependencies follow. +# +$(OUTPRE)kdb5_verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \ + $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h $(SS_DEPS) kdb5_verify.c diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c index b6d7b23325..92a375b55d 100644 --- a/src/tests/verify/kdb5_verify.c +++ b/src/tests/verify/kdb5_verify.c @@ -97,6 +97,7 @@ main(argc, argv) int num_to_check; char principal_string[BUFSIZ]; char *suffix = 0; + size_t suffix_size; int depth, errors; krb5_init_context(&context); @@ -122,6 +123,8 @@ main(argc, argv) strncpy(principal_string, optarg, sizeof(principal_string) - 1); principal_string[sizeof(principal_string) - 1] = '\0'; suffix = principal_string + strlen(principal_string); + suffix_size = sizeof(principal_string) - + (suffix - principal_string); break; case 'n': /* how many to check */ num_to_check = atoi(optarg); @@ -182,13 +185,14 @@ main(argc, argv) /* build the new principal name */ /* we can't pick random names because we need to generate all the names again given a prefix and count to test the db lib and kdb */ - (void) sprintf(suffix, "%d", n); - (void) sprintf(tmp, "%s-DEPTH-1", principal_string); + (void) snprintf(suffix, suffix_size, "%d", n); + (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string); str_princ = tmp; if (check_princ(context, str_princ)) errors++; for (i = 2; i <= depth; i++) { - (void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i); + (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d", + principal_string, i); tmp2[sizeof(tmp2) - 1] = '\0'; strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp)); str_princ = tmp; @@ -234,7 +238,7 @@ check_princ(context, str_princ) /* char *str_mod_name; */ char princ_name[4096]; - sprintf(princ_name, "%s@%s", str_princ, cur_realm); + snprintf(princ_name, sizeof(princ_name), "%s@%s", str_princ, cur_realm); fprintf(stderr, "\t%s ...\n", princ_name); @@ -405,12 +409,10 @@ set_dbname_help(context, pname, dbname) } /* Pathname is passed to db2 via 'args' parameter. */ args[1] = NULL; - args[0] = malloc(sizeof("dbname=") + strlen(dbname)); - if (args[0] == NULL) { + if (asprintf(&args[0], "dbname=%s", dbname) < 0) { com_err(pname, errno, "while setting up db parameters"); return 1; } - sprintf(args[0], "dbname=%s", dbname); if ((retval = krb5_db_open(context, args, KRB5_KDB_OPEN_RO))) { com_err(pname, retval, "while initializing database"); diff --git a/src/util/Makefile.in b/src/util/Makefile.in index a7f1704fc5..0af09777d4 100644 --- a/src/util/Makefile.in +++ b/src/util/Makefile.in @@ -16,14 +16,6 @@ MAYBE_SS_k5 = ss MAYBE_ET_sys = MAYBE_SS_sys = -editsh = sed -e 's,@''ARADD''@,$(ARADD),g' -e 's,@''ARCHIVE''@,$(ARCHIVE),g' -HOST_TYPE=@HOST_TYPE@ -HAVE_GCC=@HAVE_GCC@ -SLIBSH=sed -e 's|@''CC''@|$(CC)|g' -e 's,@''HOST_TYPE''@,$(HOST_TYPE),g' -e 's,@''HAVE_GCC''@,$(HAVE_GCC),g' - -DL_COMPILE=@DL_COMPILE@ -DL_COMPILE_TAIL=@DL_COMPILE_TAIL@ - all-recurse: clean-unix:: diff --git a/src/util/collected-client-lib/Makefile.in b/src/util/collected-client-lib/Makefile.in index df800ba431..fefda49a42 100644 --- a/src/util/collected-client-lib/Makefile.in +++ b/src/util/collected-client-lib/Makefile.in @@ -77,8 +77,3 @@ clean-unix:: clean-libs @lib_frag@ #@#libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# diff --git a/src/util/collected-client-lib/deps b/src/util/collected-client-lib/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/util/collected-client-lib/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/util/depfix.pl b/src/util/depfix.pl index dfe7742517..96689e86a7 100644 --- a/src/util/depfix.pl +++ b/src/util/depfix.pl @@ -1,6 +1,6 @@ #!env perl -w # -# Copyright 1995,2001,2002,2003,2004,2005 by the Massachusetts Institute of Technology. +# Copyright 1995,2001,2002,2003,2004,2005,2009 by the Massachusetts Institute of Technology. # All Rights Reserved. # # Export of this software from the United States of America may @@ -162,10 +162,6 @@ sub do_subs_2 { $_ = &uniquify($_); - # Some krb4 dependencies should only be present if building with krb4 - # enabled. - s;\$\(BUILDTOP\)/include/kerberosIV/krb_err.h ;\$(KRB_ERR_H_DEP) ;g; - # Delete trailing whitespace. s; *$;;g; @@ -204,10 +200,8 @@ sub split_lines { } print < +#include "k5-platform.h" + #ifndef SYS_ERRLIST_DECLARED extern char const * const sys_errlist[]; extern const int sys_nerr; diff --git a/src/util/et/t_com_err.c b/src/util/et/t_com_err.c index 2cba3cfdcc..5c4a4609bd 100644 --- a/src/util/et/t_com_err.c +++ b/src/util/et/t_com_err.c @@ -15,14 +15,14 @@ try_one (errcode_t code, int known, int table, int msgno) const char *msg = error_message (code); char buffy[1024]; - sprintf (buffy, "error table %d message %d", table, msgno); + snprintf (buffy, sizeof(buffy), "error table %d message %d", table, msgno); if (0 == strcmp (buffy, msg)) { if (!known) { known_err++; } return; } - sprintf (buffy, "Unknown code et%d %d", table, msgno); + snprintf (buffy, sizeof(buffy), "Unknown code et%d %d", table, msgno); if (!strcmp (buffy, msg)) { if (known) known_err++; diff --git a/src/util/mac/k5_mig_client.c b/src/util/mac/k5_mig_client.c index 6bb3b3dd99..7dedbbebb5 100644 --- a/src/util/mac/k5_mig_client.c +++ b/src/util/mac/k5_mig_client.c @@ -27,23 +27,114 @@ #ifndef LEAN_CLIENT #include "k5_mig_client.h" - -#include #include "k5_mig_request.h" #include "k5_mig_replyServer.h" #include "k5-thread.h" -#define KIPC_SERVICE_COUNT 3 +#include +#include -typedef struct k5_ipc_request_port { - char *service_id; - mach_port_t port; -} k5_ipc_request_port; -static k5_ipc_request_port k5_ipc_known_ports[KIPC_SERVICE_COUNT] = { + +/* Number of services available. Update if modifying the lists below */ +#define KIPC_SERVICE_COUNT 2 + +/* ------------------------------------------------------------------------ */ + +/* This struct exists to store the global service port shared between all + * threads. Note that there is one of these ports per server, whereas + * there is one connection port per thread. Thus this is global and mutexed, + * whereas the connection ports below are in TLS */ + +typedef struct k5_ipc_service_port { + const char *service_id; + mach_port_t service_port; +} k5_ipc_service_port; + +/* global service ports and mutex to protect it */ +static k5_mutex_t g_service_ports_mutex = K5_MUTEX_PARTIAL_INITIALIZER; +static k5_ipc_service_port g_service_ports[KIPC_SERVICE_COUNT] = { { "edu.mit.Kerberos.CCacheServer", MACH_PORT_NULL }, -{ "edu.mit.Kerberos.KerberosAgent", MACH_PORT_NULL }, -{ "edu.mit.Kerberos.OldKerberosAgent", MACH_PORT_NULL } }; +{ "edu.mit.Kerberos.KerberosAgent", MACH_PORT_NULL } }; + +/* ------------------------------------------------------------------------ */ + +/* This struct exists to hold the per-thread connection port used for ipc + * messages to the server. Each thread is issued a separate connection + * port so that the server can distinguish between threads in the same + * application. */ + +typedef struct k5_ipc_connection { + const char *service_id; + mach_port_t port; +} *k5_ipc_connection; + +typedef struct k5_ipc_connection_info { + struct k5_ipc_connection connections[KIPC_SERVICE_COUNT]; + boolean_t server_died; + k5_ipc_stream reply_stream; +} *k5_ipc_connection_info; + +/* initializer for k5_ipc_request_port to fill in server names in TLS */ +static const char *k5_ipc_known_services[KIPC_SERVICE_COUNT] = { +"edu.mit.Kerberos.CCacheServer", +"edu.mit.Kerberos.KerberosAgent" }; + +/* ------------------------------------------------------------------------ */ + +static void k5_ipc_client_cinfo_free (void *io_cinfo) +{ + if (io_cinfo) { + k5_ipc_connection_info cinfo = io_cinfo; + int i; + + for (i = 0; i < KIPC_SERVICE_COUNT; i++) { + if (MACH_PORT_VALID (cinfo->connections[i].port)) { + mach_port_mod_refs (mach_task_self(), + cinfo->connections[i].port, + MACH_PORT_RIGHT_SEND, -1 ); + cinfo->connections[i].port = MACH_PORT_NULL; + } + } + /* reply_stream will always be freed by k5_ipc_send_request() */ + free (cinfo); + } +} + +/* ------------------------------------------------------------------------ */ + +static int k5_ipc_client_cinfo_allocate (k5_ipc_connection_info *out_cinfo) +{ + int err = 0; + k5_ipc_connection_info cinfo = NULL; + + cinfo = malloc (sizeof (*cinfo)); + if (!cinfo) { err = ENOMEM; } + + if (!err) { + int i; + + cinfo->server_died = 0; + cinfo->reply_stream = NULL; + + for (i = 0; i < KIPC_SERVICE_COUNT; i++) { + cinfo->connections[i].service_id = k5_ipc_known_services[i]; + cinfo->connections[i].port = MACH_PORT_NULL; + } + } + + if (!err) { + *out_cinfo = cinfo; + cinfo = NULL; + } + + k5_ipc_client_cinfo_free (cinfo); + + return err; +} + + +#pragma mark - MAKE_INIT_FUNCTION(k5_cli_ipc_thread_init); MAKE_FINI_FUNCTION(k5_cli_ipc_thread_fini); @@ -53,15 +144,12 @@ MAKE_FINI_FUNCTION(k5_cli_ipc_thread_fini); static int k5_cli_ipc_thread_init (void) { int err = 0; - - err = k5_key_register (K5_KEY_IPC_REQUEST_PORTS, free); - if (!err) { - err = k5_key_register (K5_KEY_IPC_REPLY_STREAM, NULL); - } + err = k5_key_register (K5_KEY_IPC_CONNECTION_INFO, + k5_ipc_client_cinfo_free); if (!err) { - err = k5_key_register (K5_KEY_IPC_SERVER_DIED, NULL); + err = k5_mutex_finish_init (&g_service_ports_mutex); } return err; @@ -71,9 +159,119 @@ static int k5_cli_ipc_thread_init (void) static void k5_cli_ipc_thread_fini (void) { - k5_key_delete (K5_KEY_IPC_REQUEST_PORTS); - k5_key_delete (K5_KEY_IPC_REPLY_STREAM); - k5_key_delete (K5_KEY_IPC_SERVER_DIED); + int err = 0; + + err = k5_mutex_lock (&g_service_ports_mutex); + + if (!err) { + int i; + + for (i = 0; i < KIPC_SERVICE_COUNT; i++) { + if (MACH_PORT_VALID (g_service_ports[i].service_port)) { + mach_port_destroy (mach_task_self (), + g_service_ports[i].service_port); + g_service_ports[i].service_port = MACH_PORT_NULL; + } + } + k5_mutex_unlock (&g_service_ports_mutex); + } + + k5_key_delete (K5_KEY_IPC_CONNECTION_INFO); + k5_mutex_destroy (&g_service_ports_mutex); +} + +#pragma mark - + +/* ------------------------------------------------------------------------ */ + +static kern_return_t k5_ipc_client_lookup_server (const char *in_service_id, + boolean_t in_launch_if_necessary, + boolean_t in_use_cached_port, + mach_port_t *out_service_port) +{ + kern_return_t err = 0; + kern_return_t lock_err = 0; + mach_port_t k5_service_port = MACH_PORT_NULL; + boolean_t found_entry = 0; + int i; + + if (!in_service_id ) { err = EINVAL; } + if (!out_service_port) { err = EINVAL; } + + if (!err) { + lock_err = k5_mutex_lock (&g_service_ports_mutex); + if (lock_err) { err = lock_err; } + } + + for (i = 0; !err && i < KIPC_SERVICE_COUNT; i++) { + if (!strcmp (in_service_id, g_service_ports[i].service_id)) { + found_entry = 1; + if (in_use_cached_port) { + k5_service_port = g_service_ports[i].service_port; + } + break; + } + } + + if (!err && (!MACH_PORT_VALID (k5_service_port) || !in_use_cached_port)) { + mach_port_t boot_port = MACH_PORT_NULL; + char *service = NULL; + + /* Get our bootstrap port */ + err = task_get_bootstrap_port (mach_task_self (), &boot_port); + + if (!err && !in_launch_if_necessary) { + char *lookup = NULL; + mach_port_t lookup_port = MACH_PORT_NULL; + + int w = asprintf (&lookup, "%s%s", + in_service_id, K5_MIG_LOOKUP_SUFFIX); + if (w < 0) { err = ENOMEM; } + + if (!err) { + /* Use the lookup name because the service name will return + * a valid port even if the server isn't running */ + err = bootstrap_look_up (boot_port, lookup, &lookup_port); + } + + free (lookup); + if (MACH_PORT_VALID (lookup_port)) { + mach_port_deallocate (mach_task_self (), lookup_port); + } + } + + if (!err) { + int w = asprintf (&service, "%s%s", + in_service_id, K5_MIG_SERVICE_SUFFIX); + if (w < 0) { err = ENOMEM; } + } + + if (!err) { + err = bootstrap_look_up (boot_port, service, &k5_service_port); + + if (!err && found_entry) { + /* Free old port if it is valid */ + if (!err && MACH_PORT_VALID (g_service_ports[i].service_port)) { + mach_port_deallocate (mach_task_self (), + g_service_ports[i].service_port); + } + + g_service_ports[i].service_port = k5_service_port; + } + } + + free (service); + if (MACH_PORT_VALID (boot_port)) { mach_port_deallocate (mach_task_self (), + boot_port); } + } + + if (!err) { + *out_service_port = k5_service_port; + } + + if (!lock_err) { k5_mutex_unlock (&g_service_ports_mutex); } + + return err; } #pragma mark - @@ -90,9 +288,9 @@ static boolean_t k5_ipc_reply_demux (mach_msg_header_t *request, } if (!handled && request->msgh_id == MACH_NOTIFY_NO_SENDERS) { - int32_t *server_died = k5_getspecific (K5_KEY_IPC_SERVER_DIED); - if (!server_died) { - *server_died = 1; + k5_ipc_connection_info cinfo = k5_getspecific (K5_KEY_IPC_CONNECTION_INFO); + if (cinfo) { + cinfo->server_died = 1; } handled = 1; /* server died */ @@ -114,30 +312,34 @@ kern_return_t k5_ipc_client_reply (mach_port_t in_reply_port, mach_msg_type_number_t in_ool_replyCnt) { kern_return_t err = KERN_SUCCESS; - k5_ipc_stream reply_stream = NULL; + k5_ipc_connection_info cinfo = NULL; if (!err) { err = CALL_INIT_FUNCTION (k5_cli_ipc_thread_init); } if (!err) { - reply_stream = k5_getspecific (K5_KEY_IPC_REPLY_STREAM); - if (!reply_stream) { err = EINVAL; } + cinfo = k5_getspecific (K5_KEY_IPC_CONNECTION_INFO); + if (!cinfo || !cinfo->reply_stream) { err = EINVAL; } } if (!err) { if (in_inl_replyCnt) { - err = k5_ipc_stream_write (reply_stream, in_inl_reply, in_inl_replyCnt); + err = k5_ipc_stream_write (cinfo->reply_stream, + in_inl_reply, in_inl_replyCnt); } else if (in_ool_replyCnt) { - err = k5_ipc_stream_write (reply_stream, in_ool_reply, in_ool_replyCnt); + err = k5_ipc_stream_write (cinfo->reply_stream, + in_ool_reply, in_ool_replyCnt); } else { err = EINVAL; } } - if (in_ool_replyCnt) { vm_deallocate (mach_task_self (), (vm_address_t) in_ool_reply, in_ool_replyCnt); } + if (in_ool_replyCnt) { vm_deallocate (mach_task_self (), + (vm_address_t) in_ool_reply, + in_ool_replyCnt); } return err; } @@ -154,16 +356,15 @@ int32_t k5_ipc_send_request (const char *in_service_id, int err = 0; int32_t done = 0; int32_t try_count = 0; - int32_t server_died = 0; mach_port_t server_port = MACH_PORT_NULL; - mach_port_t *request_port = NULL; + k5_ipc_connection_info cinfo = NULL; + k5_ipc_connection connection = NULL; mach_port_t reply_port = MACH_PORT_NULL; const char *inl_request = NULL; /* char * so we can pass the buffer in directly */ mach_msg_type_number_t inl_request_length = 0; k5_ipc_ool_request_t ool_request = NULL; mach_msg_type_number_t ool_request_length = 0; - k5_ipc_stream reply_stream = NULL; - + if (!in_request_stream) { err = EINVAL; } if (!out_reply_stream ) { err = EINVAL; } @@ -176,16 +377,18 @@ int32_t k5_ipc_send_request (const char *in_service_id, * the slow dynamically allocated buffer */ mach_msg_type_number_t request_length = k5_ipc_stream_size (in_request_stream); - if (request_length > K5_IPC_MAX_MSG_SIZE) { - //dprintf ("%s choosing out of line buffer (size is %d)", - // __FUNCTION__, request_length); + if (request_length > K5_IPC_MAX_INL_MSG_SIZE) { + /*dprintf ("%s choosing out of line buffer (size is %d)", + * __FUNCTION__, request_length); */ err = vm_read (mach_task_self (), - (vm_address_t) k5_ipc_stream_data (in_request_stream), request_length, - (vm_address_t *) &ool_request, &ool_request_length); + (vm_address_t) k5_ipc_stream_data (in_request_stream), + request_length, + (vm_address_t *) &ool_request, + &ool_request_length); } else { - //dprintf ("%s choosing in line buffer (size is %d)", - // __FUNCTION__, request_length); + /*dprintf ("%s choosing in line buffer (size is %d)", + * __FUNCTION__, request_length); */ inl_request_length = request_length; inl_request = k5_ipc_stream_data (in_request_stream); @@ -193,25 +396,13 @@ int32_t k5_ipc_send_request (const char *in_service_id, } if (!err) { - k5_ipc_request_port *port_list = NULL; - - port_list = k5_getspecific (K5_KEY_IPC_REQUEST_PORTS); + cinfo = k5_getspecific (K5_KEY_IPC_CONNECTION_INFO); + + if (!cinfo) { + err = k5_ipc_client_cinfo_allocate (&cinfo); - if (!port_list) { - int size = sizeof (*port_list) * KIPC_SERVICE_COUNT; - - port_list = malloc (size); - if (!port_list) { err = ENOMEM; } - if (!err) { - int i; - - for (i = 0; i < KIPC_SERVICE_COUNT; i++) { - port_list[i].service_id = k5_ipc_known_ports[i].service_id; - port_list[i].port = k5_ipc_known_ports[i].port; - } - - err = k5_setspecific (K5_KEY_IPC_REQUEST_PORTS, port_list); + err = k5_setspecific (K5_KEY_IPC_CONNECTION_INFO, cinfo); } } @@ -219,9 +410,9 @@ int32_t k5_ipc_send_request (const char *in_service_id, int i, found = 0; for (i = 0; i < KIPC_SERVICE_COUNT; i++) { - if (!strcmp (in_service_id, port_list[i].service_id)) { + if (!strcmp (in_service_id, cinfo->connections[i].service_id)) { found = 1; - request_port = &port_list[i].port; + connection = &cinfo->connections[i]; break; } } @@ -231,21 +422,23 @@ int32_t k5_ipc_send_request (const char *in_service_id, } if (!err) { - err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE, &reply_port); + err = k5_ipc_client_lookup_server (in_service_id, in_launch_server, + TRUE, &server_port); } if (!err) { - err = kipc_client_lookup_server (in_service_id, in_launch_server, - TRUE, &server_port); + err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE, + &reply_port); } while (!err && !done) { - if (!err && !MACH_PORT_VALID (*request_port)) { - err = k5_ipc_client_create_client_connection (server_port, request_port); + if (!err && !MACH_PORT_VALID (connection->port)) { + err = k5_ipc_client_create_client_connection (server_port, + &connection->port); } if (!err) { - err = k5_ipc_client_request (*request_port, reply_port, + err = k5_ipc_client_request (connection->port, reply_port, inl_request, inl_request_length, ool_request, ool_request_length); @@ -257,15 +450,16 @@ int32_t k5_ipc_send_request (const char *in_service_id, err = 0; } - if (request_port && MACH_PORT_VALID (*request_port)) { - mach_port_mod_refs (mach_task_self(), *request_port, MACH_PORT_RIGHT_SEND, -1 ); - *request_port = MACH_PORT_NULL; + if (MACH_PORT_VALID (connection->port)) { + mach_port_mod_refs (mach_task_self(), connection->port, + MACH_PORT_RIGHT_SEND, -1 ); + connection->port = MACH_PORT_NULL; } /* Look up server name again without using the cached copy */ - err = kipc_client_lookup_server (in_service_id, - in_launch_server, - FALSE, &server_port); + err = k5_ipc_client_lookup_server (in_service_id, + in_launch_server, + FALSE, &server_port); } else { /* Talked to server, though we may have gotten an error */ @@ -279,23 +473,16 @@ int32_t k5_ipc_send_request (const char *in_service_id, } if (!err) { - err = k5_ipc_stream_new (&reply_stream); - } - - if (!err) { - err = k5_setspecific (K5_KEY_IPC_REPLY_STREAM, reply_stream); - } - - if (!err) { - err = k5_setspecific (K5_KEY_IPC_SERVER_DIED, &server_died); + err = k5_ipc_stream_new (&cinfo->reply_stream); } if (!err) { mach_port_t old_notification_target = MACH_PORT_NULL; - /* request no-senders notification so we can get a message when server dies */ + /* request no-senders notification so we know when server dies */ err = mach_port_request_notification (mach_task_self (), reply_port, - MACH_NOTIFY_NO_SENDERS, 1, reply_port, + MACH_NOTIFY_NO_SENDERS, 1, + reply_port, MACH_MSG_TYPE_MAKE_SEND_ONCE, &old_notification_target); @@ -305,28 +492,36 @@ int32_t k5_ipc_send_request (const char *in_service_id, } if (!err) { - err = mach_msg_server_once (k5_ipc_reply_demux, kkipc_max_message_size, + cinfo->server_died = 0; + + err = mach_msg_server_once (k5_ipc_reply_demux, K5_IPC_MAX_MSG_SIZE, reply_port, MACH_MSG_TIMEOUT_NONE); - } - - if (!err && server_died) { - err = ENOTCONN; + + if (!err && cinfo->server_died) { + err = ENOTCONN; + } } if (err == BOOTSTRAP_UNKNOWN_SERVICE && !in_launch_server) { - err = 0; /* If the server is not running just return an empty stream. */ + err = 0; /* If server is not running just return an empty stream. */ } if (!err) { - *out_reply_stream = reply_stream; - reply_stream = NULL; + *out_reply_stream = cinfo->reply_stream; + cinfo->reply_stream = NULL; + } + + if (reply_port != MACH_PORT_NULL) { + mach_port_destroy (mach_task_self (), reply_port); + } + if (ool_request_length) { + vm_deallocate (mach_task_self (), + (vm_address_t) ool_request, ool_request_length); + } + if (cinfo && cinfo->reply_stream) { + k5_ipc_stream_release (cinfo->reply_stream); + cinfo->reply_stream = NULL; } - - k5_setspecific (K5_KEY_IPC_REPLY_STREAM, NULL); - k5_setspecific (K5_KEY_IPC_SERVER_DIED, NULL); - if (reply_port != MACH_PORT_NULL) { mach_port_destroy (mach_task_self (), reply_port); } - if (ool_request_length ) { vm_deallocate (mach_task_self (), (vm_address_t) ool_request, ool_request_length); } - if (reply_stream ) { k5_ipc_stream_release (reply_stream); } return err; } diff --git a/src/util/mac/k5_mig_server.c b/src/util/mac/k5_mig_server.c index a320ad5286..45f1b31afb 100644 --- a/src/util/mac/k5_mig_server.c +++ b/src/util/mac/k5_mig_server.c @@ -27,30 +27,48 @@ #include "k5_mig_server.h" #include -#include #include "k5_mig_requestServer.h" #include "k5_mig_reply.h" +#include +#include +#include +#include + +/* Global variables for servers (used by k5_ipc_request_demux) */ +static mach_port_t g_service_port = MACH_PORT_NULL; +static mach_port_t g_notify_port = MACH_PORT_NULL; +static mach_port_t g_listen_port_set = MACH_PORT_NULL; +static boolean_t g_ready_to_quit = 0; + /* ------------------------------------------------------------------------ */ static boolean_t k5_ipc_request_demux (mach_msg_header_t *request, mach_msg_header_t *reply) { - boolean_t handled = false; + boolean_t handled = 0; if (!handled) { handled = k5_ipc_request_server (request, reply); } + /* Our session has a send right. If that goes away it's time to quit. */ + if (!handled && (request->msgh_id == MACH_NOTIFY_NO_SENDERS && + request->msgh_local_port == g_notify_port)) { + g_ready_to_quit = 1; + handled = 1; + } + + /* Check here for a client death. If so remove it */ if (!handled && request->msgh_id == MACH_NOTIFY_NO_SENDERS) { kern_return_t err = KERN_SUCCESS; err = k5_ipc_server_remove_client (request->msgh_local_port); if (!err) { - /* Check here for a client in our table and free rights associated with it */ - err = mach_port_mod_refs (mach_task_self (), request->msgh_local_port, + err = mach_port_mod_refs (mach_task_self (), + request->msgh_local_port, MACH_PORT_RIGHT_RECEIVE, -1); } @@ -58,7 +76,7 @@ static boolean_t k5_ipc_request_demux (mach_msg_header_t *request, handled = 1; /* was a port we are tracking */ } } - + return handled; } @@ -72,18 +90,23 @@ kern_return_t k5_ipc_server_create_client_connection (mach_port_t in_server_p mach_port_t old_notification_target = MACH_PORT_NULL; if (!err) { - err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE, &connection_port); + err = mach_port_allocate (mach_task_self (), + MACH_PORT_RIGHT_RECEIVE, &connection_port); } if (!err) { - err = mach_port_move_member (mach_task_self (), connection_port, kipc_server_get_listen_portset ()); + err = mach_port_move_member (mach_task_self (), + connection_port, g_listen_port_set); } if (!err) { /* request no-senders notification so we can tell when client quits/crashes */ - err = mach_port_request_notification (mach_task_self (), connection_port, - MACH_NOTIFY_NO_SENDERS, 1, connection_port, - MACH_MSG_TYPE_MAKE_SEND_ONCE, &old_notification_target ); + err = mach_port_request_notification (mach_task_self (), + connection_port, + MACH_NOTIFY_NO_SENDERS, 1, + connection_port, + MACH_MSG_TYPE_MAKE_SEND_ONCE, + &old_notification_target ); } if (!err) { @@ -138,6 +161,71 @@ kern_return_t k5_ipc_server_request (mach_port_t in_connection_port, return err; } +/* ------------------------------------------------------------------------ */ + +static kern_return_t k5_ipc_server_get_lookup_and_service_names (char **out_lookup, + char **out_service) +{ + kern_return_t err = KERN_SUCCESS; + CFBundleRef bundle = NULL; + CFStringRef id_string = NULL; + CFIndex len = 0; + char *service_id = NULL; + char *lookup = NULL; + char *service = NULL; + + if (!out_lookup ) { err = EINVAL; } + if (!out_service) { err = EINVAL; } + + if (!err) { + bundle = CFBundleGetMainBundle (); + if (!bundle) { err = ENOENT; } + } + + if (!err) { + id_string = CFBundleGetIdentifier (bundle); + if (!id_string) { err = ENOMEM; } + } + + if (!err) { + len = CFStringGetMaximumSizeForEncoding (CFStringGetLength (id_string), + kCFStringEncodingUTF8) + 1; + } + + if (!err) { + service_id = calloc (len, sizeof (char)); + if (!service_id) { err = errno; } + } + + if (!err && !CFStringGetCString (id_string, service_id, len, + kCFStringEncodingUTF8)) { + err = ENOMEM; + } + + if (!err) { + int w = asprintf (&lookup, "%s%s", service_id, K5_MIG_LOOKUP_SUFFIX); + if (w < 0) { err = ENOMEM; } + } + + if (!err) { + int w = asprintf (&service, "%s%s", service_id, K5_MIG_SERVICE_SUFFIX); + if (w < 0) { err = ENOMEM; } + } + + if (!err) { + *out_lookup = lookup; + lookup = NULL; + *out_service = service; + service = NULL; + } + + free (service); + free (lookup); + free (service_id); + + return err; +} + #pragma mark - /* ------------------------------------------------------------------------ */ @@ -148,7 +236,97 @@ int32_t k5_ipc_server_listen_loop (void) * This will call k5_ipc_server_create_client_connection for new clients * and k5_ipc_server_request for existing clients */ - return kipc_server_run_server (k5_ipc_request_demux); + kern_return_t err = KERN_SUCCESS; + char *service = NULL; + char *lookup = NULL; + mach_port_t lookup_port = MACH_PORT_NULL; + mach_port_t boot_port = MACH_PORT_NULL; + mach_port_t previous_notify_port = MACH_PORT_NULL; + + if (!err) { + err = k5_ipc_server_get_lookup_and_service_names (&lookup, &service); + } + + if (!err) { + /* Get the bootstrap port */ + err = task_get_bootstrap_port (mach_task_self (), &boot_port); + } + + if (!err) { + /* We are an on-demand server so our lookup port already exists. */ + err = bootstrap_check_in (boot_port, lookup, &lookup_port); + } + + if (!err) { + /* We are an on-demand server so our service port already exists. */ + err = bootstrap_check_in (boot_port, service, &g_service_port); + } + + if (!err) { + /* Create the port set that the server will listen on */ + err = mach_port_allocate (mach_task_self (), MACH_PORT_RIGHT_RECEIVE, + &g_notify_port); + } + + if (!err) { + /* Ask for notification when the server port has no more senders + * A send-once right != a send right so our send-once right will + * not interfere with the notification */ + err = mach_port_request_notification (mach_task_self (), g_service_port, + MACH_NOTIFY_NO_SENDERS, true, + g_notify_port, + MACH_MSG_TYPE_MAKE_SEND_ONCE, + &previous_notify_port); + } + + if (!err) { + /* Create the port set that the server will listen on */ + err = mach_port_allocate (mach_task_self (), + MACH_PORT_RIGHT_PORT_SET, &g_listen_port_set); + } + + if (!err) { + /* Add the lookup port to the port set */ + err = mach_port_move_member (mach_task_self (), + lookup_port, g_listen_port_set); + } + + if (!err) { + /* Add the service port to the port set */ + err = mach_port_move_member (mach_task_self (), + g_service_port, g_listen_port_set); + } + + if (!err) { + /* Add the notify port to the port set */ + err = mach_port_move_member (mach_task_self (), + g_notify_port, g_listen_port_set); + } + + while (!err && !g_ready_to_quit) { + /* Handle one message at a time so we can check to see if + * the server wants to quit */ + err = mach_msg_server_once (k5_ipc_request_demux, K5_IPC_MAX_MSG_SIZE, + g_listen_port_set, MACH_MSG_OPTION_NONE); + } + + /* Clean up the ports and strings */ + if (MACH_PORT_VALID (g_notify_port)) { + mach_port_destroy (mach_task_self (), g_notify_port); + g_notify_port = MACH_PORT_NULL; + } + if (MACH_PORT_VALID (g_listen_port_set)) { + mach_port_destroy (mach_task_self (), g_listen_port_set); + g_listen_port_set = MACH_PORT_NULL; + } + if (MACH_PORT_VALID (boot_port)) { + mach_port_deallocate (mach_task_self (), boot_port); + } + + free (service); + free (lookup); + + return err; } /* ------------------------------------------------------------------------ */ @@ -170,7 +348,7 @@ int32_t k5_ipc_server_send_reply (mach_port_t in_reply_port, * the slow dynamically allocated buffer */ mach_msg_type_number_t reply_length = k5_ipc_stream_size (in_reply_stream); - if (reply_length > K5_IPC_MAX_MSG_SIZE) { + if (reply_length > K5_IPC_MAX_INL_MSG_SIZE) { //dprintf ("%s choosing out of line buffer (size is %d)", // __FUNCTION__, reply_length); @@ -203,3 +381,10 @@ int32_t k5_ipc_server_send_reply (mach_port_t in_reply_port, return err; } + +/* ------------------------------------------------------------------------ */ + +void k5_ipc_server_quit (void) +{ + g_ready_to_quit = 1; +} diff --git a/src/util/mac/k5_mig_server.h b/src/util/mac/k5_mig_server.h index 94a68e9a8b..0c66ae5bfe 100644 --- a/src/util/mac/k5_mig_server.h +++ b/src/util/mac/k5_mig_server.h @@ -41,9 +41,12 @@ int32_t k5_ipc_server_handle_request (mach_port_t in_connection_port, /* Server control functions */ +/* WARNING: Currently only supports running server loop on a single thread! */ int32_t k5_ipc_server_listen_loop (void); int32_t k5_ipc_server_send_reply (mach_port_t in_reply_pipe, k5_ipc_stream in_reply_stream); +void k5_ipc_server_quit (void); + #endif /* K5_MIG_SERVER */ diff --git a/src/util/mac/k5_mig_types.h b/src/util/mac/k5_mig_types.h index 4c8ddb73b1..0f877a3144 100644 --- a/src/util/mac/k5_mig_types.h +++ b/src/util/mac/k5_mig_types.h @@ -44,12 +44,16 @@ #ifndef K5_MIG_TYPES_H #define K5_MIG_TYPES_H +#define K5_IPC_MAX_MSG_SIZE 2048 + MAX_TRAILER_SIZE -#define K5_IPC_MAX_MSG_SIZE 1024 +#define K5_MIG_LOOKUP_SUFFIX ".ipcLookup" +#define K5_MIG_SERVICE_SUFFIX ".ipcService" -typedef const char k5_ipc_inl_request_t[K5_IPC_MAX_MSG_SIZE]; +#define K5_IPC_MAX_INL_MSG_SIZE 1024 + +typedef const char k5_ipc_inl_request_t[K5_IPC_MAX_INL_MSG_SIZE]; typedef const char *k5_ipc_ool_request_t; -typedef char k5_ipc_inl_reply_t[K5_IPC_MAX_MSG_SIZE]; +typedef char k5_ipc_inl_reply_t[K5_IPC_MAX_INL_MSG_SIZE]; typedef char *k5_ipc_ool_reply_t; #endif /* K5_MIG_TYPES_H */ diff --git a/src/util/profile/Makefile.in b/src/util/profile/Makefile.in index 8ef538aaf3..064e72d162 100644 --- a/src/util/profile/Makefile.in +++ b/src/util/profile/Makefile.in @@ -154,44 +154,3 @@ check-windows:: $(OUTPRE)test_profile.exe $(OUTPRE)test_parse.exe @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -prof_tree.so prof_tree.po $(OUTPRE)prof_tree.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - prof_int.h prof_tree.c -prof_file.so prof_file.po $(OUTPRE)prof_file.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - prof_file.c prof_int.h -prof_parse.so prof_parse.po $(OUTPRE)prof_parse.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - prof_int.h prof_parse.c -prof_get.so prof_get.po $(OUTPRE)prof_get.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - prof_get.c prof_int.h -prof_set.so prof_set.po $(OUTPRE)prof_set.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - prof_int.h prof_set.c -prof_err.so prof_err.po $(OUTPRE)prof_err.$(OBJEXT): \ - $(COM_ERR_DEPS) prof_err.c -prof_init.so prof_init.po $(OUTPRE)prof_init.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - prof_init.c prof_int.h -test_parse.so test_parse.po $(OUTPRE)test_parse.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - prof_int.h test_parse.c -test_profile.so test_profile.po $(OUTPRE)test_profile.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - argv_parse.h prof_int.h test_profile.c -profile_tcl.so profile_tcl.po $(OUTPRE)profile_tcl.$(OBJEXT): \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) profile_tcl.c diff --git a/src/util/profile/deps b/src/util/profile/deps new file mode 100644 index 0000000000..2b4082cc46 --- /dev/null +++ b/src/util/profile/deps @@ -0,0 +1,39 @@ +# +# Generated makefile dependencies follow. +# +prof_tree.so prof_tree.po $(OUTPRE)prof_tree.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + prof_int.h prof_tree.c +prof_file.so prof_file.po $(OUTPRE)prof_file.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + prof_file.c prof_int.h +prof_parse.so prof_parse.po $(OUTPRE)prof_parse.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + prof_int.h prof_parse.c +prof_get.so prof_get.po $(OUTPRE)prof_get.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + prof_get.c prof_int.h +prof_set.so prof_set.po $(OUTPRE)prof_set.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + prof_int.h prof_set.c +prof_err.so prof_err.po $(OUTPRE)prof_err.$(OBJEXT): \ + $(COM_ERR_DEPS) prof_err.c +prof_init.so prof_init.po $(OUTPRE)prof_init.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + prof_init.c prof_int.h +test_parse.so test_parse.po $(OUTPRE)test_parse.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + prof_int.h test_parse.c +test_profile.so test_profile.po $(OUTPRE)test_profile.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + argv_parse.h prof_int.h test_profile.c +profile_tcl.so profile_tcl.po $(OUTPRE)profile_tcl.$(OBJEXT): \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) profile_tcl.c diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c index 13d8860e8b..fad1b28710 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -182,7 +182,7 @@ profile_make_prf_data(const char *filename) memset(d, 0, len); fcopy = (char *) d + slen; assert(fcopy == d->filespec); - strcpy(fcopy, filename); + strlcpy(fcopy, filename, flen + 1); d->refcount = 1; d->comment = NULL; d->magic = PROF_MAGIC_FILE_DATA; @@ -198,7 +198,6 @@ errcode_t profile_open_file(const_profile_filespec_t filespec, prf_file_t prf; errcode_t retval; char *home_env = 0; - unsigned int len; prf_data_t data; char *expanded_filename; @@ -214,7 +213,6 @@ errcode_t profile_open_file(const_profile_filespec_t filespec, memset(prf, 0, sizeof(struct _prf_file_t)); prf->magic = PROF_MAGIC_FILE; - len = strlen(filespec)+1; if (filespec[0] == '~' && filespec[1] == '/') { home_env = getenv("HOME"); #ifdef HAVE_PWD_H @@ -229,19 +227,17 @@ errcode_t profile_open_file(const_profile_filespec_t filespec, home_env = pw->pw_dir; } #endif - if (home_env) - len += strlen(home_env); } - expanded_filename = malloc(len); + if (home_env) { + if (asprintf(&expanded_filename, "%s%s", home_env, + filespec + 1) < 0) + expanded_filename = 0; + } else + expanded_filename = strdup(filespec); if (expanded_filename == 0) { free(prf); return ENOMEM; } - if (home_env) { - strcpy(expanded_filename, home_env); - strcat(expanded_filename, filespec+1); - } else - memcpy(expanded_filename, filespec, len); retval = k5_mutex_lock(&g_shared_trees_mutex); if (retval) { diff --git a/src/util/profile/prof_get.c b/src/util/profile/prof_get.c index c79500215f..6c94d96ccf 100644 --- a/src/util/profile/prof_get.c +++ b/src/util/profile/prof_get.c @@ -28,8 +28,8 @@ struct profile_string_list { char **list; - int num; - int max; + unsigned int num; + unsigned int max; }; /* @@ -75,7 +75,7 @@ static void end_list(struct profile_string_list *list, char ***ret_list) static errcode_t add_to_list(struct profile_string_list *list, const char *str) { char *newstr, **newlist; - int newmax; + unsigned int newmax; if (list->num+1 >= list->max) { newmax = list->max + 10; @@ -85,10 +85,9 @@ static errcode_t add_to_list(struct profile_string_list *list, const char *str) list->max = newmax; list->list = newlist; } - newstr = malloc(strlen(str)+1); + newstr = strdup(str); if (newstr == 0) return ENOMEM; - strcpy(newstr, str); list->list[list->num++] = newstr; list->list[list->num] = 0; @@ -217,10 +216,9 @@ profile_get_string(profile_t profile, const char *name, const char *subname, value = def_val; if (value) { - *ret_string = malloc(strlen(value)+1); + *ret_string = strdup(value); if (*ret_string == 0) return ENOMEM; - strcpy(*ret_string, value); } else *ret_string = 0; return 0; diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c index 4048f88a9e..d8653049cf 100644 --- a/src/util/profile/prof_init.c +++ b/src/util/profile/prof_init.c @@ -42,7 +42,7 @@ profile_init(const_profile_filespec_t *files, profile_t *ret_profile) for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) { retval = profile_open_file(*fs, &new_file); /* if this file is missing, skip to the next */ - if (retval == ENOENT || retval == EACCES) { + if (retval == ENOENT || retval == EACCES || retval == EPERM) { continue; } if (retval) { @@ -71,7 +71,7 @@ profile_init(const_profile_filespec_t *files, profile_t *ret_profile) #define COUNT_LINKED_LIST(COUNT, PTYPE, START, FIELD) \ { \ - int cll_counter = 0; \ + size_t cll_counter = 0; \ PTYPE cll_ptr = (START); \ while (cll_ptr != NULL) { \ cll_counter++; \ @@ -106,7 +106,8 @@ errcode_t KRB5_CALLCONV profile_init_path(const_profile_filespec_list_t filepath, profile_t *ret_profile) { - int n_entries, i; + unsigned int n_entries; + int i; unsigned int ent_len; const char *s, *t; profile_filespec_t *filenames; @@ -125,7 +126,7 @@ profile_init_path(const_profile_filespec_list_t filepath, /* measure, copy, and skip each one */ for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) { - ent_len = t-s; + ent_len = (unsigned int) (t-s); filenames[i] = (char*) malloc(ent_len + 1); if (filenames[i] == 0) { /* if malloc fails, free the ones that worked */ @@ -252,7 +253,6 @@ profile_release(profile_t profile) free(profile); } -#ifndef LEAN_CLIENT /* * Here begins the profile serialization functions. */ @@ -344,6 +344,7 @@ errcode_t profile_ser_internalize(const char *unused, profile_t *profilep, bp = *bufpp; remain = *remainp; + fcount = 0; if (remain >= 12) (void) unpack_int32(&tmp, &bp, &remain); @@ -358,11 +359,11 @@ errcode_t profile_ser_internalize(const char *unused, profile_t *profilep, (void) unpack_int32(&fcount, &bp, &remain); retval = ENOMEM; - flist = (profile_filespec_t *) malloc(sizeof(profile_filespec_t) * (fcount + 1)); + flist = (profile_filespec_t *) malloc(sizeof(profile_filespec_t) * (size_t) (fcount + 1)); if (!flist) goto cleanup; - memset(flist, 0, sizeof(char *) * (fcount+1)); + memset(flist, 0, sizeof(char *) * (size_t) (fcount+1)); for (i=0; ivalue) return PROF_SET_SECTION_VALUE; - cp = malloc(strlen(new_value)+1); + cp = strdup(new_value); if (!cp) return ENOMEM; - strcpy(cp, new_value); free(node->value); node->value = cp; @@ -667,10 +666,9 @@ errcode_t profile_rename_node(struct profile_node *node, const char *new_name) /* * Make sure we can allocate memory for the new name, first! */ - new_string = malloc(strlen(new_name)+1); + new_string = strdup(new_name); if (!new_string) return ENOMEM; - strcpy(new_string, new_name); /* * Find the place to where the new node should go. We look diff --git a/src/util/send-pr/deps b/src/util/send-pr/deps new file mode 100644 index 0000000000..2feac3c9d3 --- /dev/null +++ b/src/util/send-pr/deps @@ -0,0 +1 @@ +# No dependencies here. diff --git a/src/util/ss/Makefile.in b/src/util/ss/Makefile.in index 9d89de8407..41512aedff 100644 --- a/src/util/ss/Makefile.in +++ b/src/util/ss/Makefile.in @@ -170,73 +170,3 @@ clean:: @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -invocation.so invocation.po $(OUTPRE)invocation.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - copyright.h invocation.c ss.h ss_internal.h -help.so help.po $(OUTPRE)help.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h help.c ss.h \ - ss_internal.h -execute_cmd.so execute_cmd.po $(OUTPRE)execute_cmd.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - copyright.h execute_cmd.c ss.h ss_internal.h -listen.so listen.po $(OUTPRE)listen.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h listen.c \ - ss.h ss_internal.h -parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h parse.c ss.h \ - ss_internal.h -error.so error.po $(OUTPRE)error.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h error.c ss.h \ - ss_internal.h -prompt.so prompt.po $(OUTPRE)prompt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h prompt.c \ - ss.h ss_internal.h -request_tbl.so request_tbl.po $(OUTPRE)request_tbl.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - copyright.h request_tbl.c ss.h ss_internal.h -list_rqs.so list_rqs.po $(OUTPRE)list_rqs.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - copyright.h list_rqs.c ss.h ss_internal.h -pager.so pager.po $(OUTPRE)pager.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h pager.c ss.h \ - ss_internal.h -requests.so requests.po $(OUTPRE)requests.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - requests.c ss.h ss_internal.h -data.so data.po $(OUTPRE)data.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h data.c ss.h \ - ss_internal.h -mk_cmds.so mk_cmds.po $(OUTPRE)mk_cmds.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h mk_cmds.c \ - ss.h ss_internal.h -utils.so utils.po $(OUTPRE)utils.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h copyright.h ss.h ss_internal.h \ - utils.c -options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \ - $(COM_ERR_DEPS) copyright.h options.c ss.h -cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h -ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \ - ct.tab.c ss.h -ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \ - ss_err.c -std_rqs.so std_rqs.po $(OUTPRE)std_rqs.$(OBJEXT): $(COM_ERR_DEPS) \ - $(SS_DEPS) std_rqs.c diff --git a/src/util/ss/deps b/src/util/ss/deps new file mode 100644 index 0000000000..8bbd6aabc3 --- /dev/null +++ b/src/util/ss/deps @@ -0,0 +1,68 @@ +# +# Generated makefile dependencies follow. +# +invocation.so invocation.po $(OUTPRE)invocation.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + copyright.h invocation.c ss.h ss_internal.h +help.so help.po $(OUTPRE)help.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h help.c ss.h \ + ss_internal.h +execute_cmd.so execute_cmd.po $(OUTPRE)execute_cmd.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + copyright.h execute_cmd.c ss.h ss_internal.h +listen.so listen.po $(OUTPRE)listen.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h listen.c \ + ss.h ss_internal.h +parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h parse.c ss.h \ + ss_internal.h +error.so error.po $(OUTPRE)error.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h error.c ss.h \ + ss_internal.h +prompt.so prompt.po $(OUTPRE)prompt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h prompt.c \ + ss.h ss_internal.h +request_tbl.so request_tbl.po $(OUTPRE)request_tbl.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + copyright.h request_tbl.c ss.h ss_internal.h +list_rqs.so list_rqs.po $(OUTPRE)list_rqs.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + copyright.h list_rqs.c ss.h ss_internal.h +pager.so pager.po $(OUTPRE)pager.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h pager.c ss.h \ + ss_internal.h +requests.so requests.po $(OUTPRE)requests.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + requests.c ss.h ss_internal.h +data.so data.po $(OUTPRE)data.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h data.c ss.h \ + ss_internal.h +mk_cmds.so mk_cmds.po $(OUTPRE)mk_cmds.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h mk_cmds.c \ + ss.h ss_internal.h +utils.so utils.po $(OUTPRE)utils.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h copyright.h ss.h ss_internal.h \ + utils.c +options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \ + $(COM_ERR_DEPS) copyright.h options.c ss.h +cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h +ct.tab.o: $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) \ + ct.tab.c ss.h +ss_err.so ss_err.po $(OUTPRE)ss_err.$(OBJEXT): $(COM_ERR_DEPS) \ + ss_err.c +std_rqs.so std_rqs.po $(OUTPRE)std_rqs.$(OBJEXT): $(COM_ERR_DEPS) \ + $(SS_DEPS) std_rqs.c diff --git a/src/util/ss/execute_cmd.c b/src/util/ss/execute_cmd.c index 3f684052ca..3b33fdbd0f 100644 --- a/src/util/ss/execute_cmd.c +++ b/src/util/ss/execute_cmd.c @@ -27,19 +27,7 @@ * Has been replaced by a macro. */ -#ifdef __SABER__ -/* sigh. saber won't deal with pointer-to-const-struct */ -static struct _ss_request_entry * get_request (tbl, idx) - ss_request_table * tbl; - int idx; -{ - struct _ss_request_table *tbl1 = (struct _ss_request_table *) tbl; - struct _ss_request_entry *e = (struct _ss_request_entry *) tbl1->requests; - return e + idx; -} -#else #define get_request(tbl,idx) ((tbl) -> requests + (idx)) -#endif /* * check_request_table(rqtbl, argc, argv, sci_idx) @@ -69,11 +57,7 @@ static int check_request_table (rqtbl, argc, argv, sci_idx) char *argv[]; int sci_idx; { -#ifdef __SABER__ - struct _ss_request_entry *request; -#else register ss_request_entry *request; -#endif register ss_data *info; register char const * const * name; char *string = argv[0]; diff --git a/src/util/ss/help.c b/src/util/ss/help.c index b144e282e6..10b1c10756 100644 --- a/src/util/ss/help.c +++ b/src/util/ss/help.c @@ -128,8 +128,7 @@ void ss_add_info_dir(sci_idx, info_dir, code_ptr) } info->info_dirs = dirs; dirs[n_dirs + 1] = (char *)NULL; - dirs[n_dirs] = malloc((unsigned)strlen(info_dir)+1); - strcpy(dirs[n_dirs], info_dir); + dirs[n_dirs] = strdup(info_dir); *code_ptr = 0; } diff --git a/src/util/ss/utils.c b/src/util/ss/utils.c index c578001574..d240333333 100644 --- a/src/util/ss/utils.c +++ b/src/util/ss/utils.c @@ -56,26 +56,11 @@ char * generate_rqte(func_name, info_string, cmds, options) char const *cmds; int options; { - int size; - char *string, *var_name, numbuf[16]; + char *string, *var_name; var_name = generate_cmds_string(cmds); generate_function_definition(func_name); - size = 6; /* " { " */ - size += strlen(var_name)+8; /* "quux, " */ - size += strlen(func_name)+8; /* "foo, " */ - size += strlen(info_string)+8; /* "\"Info!\", " */ - sprintf(numbuf, "%d", options); - size += strlen(numbuf)+5; /* " }," + NL + NUL */ - string = malloc(size); - strcpy(string, " { "); - strcat(string, var_name); - strcat(string, ",\n "); - strcat(string, func_name); - strcat(string, ",\n "); - strcat(string, info_string); - strcat(string, ",\n "); - strcat(string, numbuf); - strcat(string, " },\n"); + asprintf(&string, " { %s,\n %s,\n %s,\n %d },\n", + var_name, func_name, info_string, options); return(string); } @@ -85,9 +70,8 @@ gensym(name) { char *symbol; - symbol = malloc((strlen(name)+6) * sizeof(char)); gensym_n++; - sprintf(symbol, "%s%05ld", name, gensym_n); + asprintf(&symbol, "%s%05ld", name, gensym_n); return(symbol); } @@ -96,14 +80,8 @@ char *str_concat3(a, b, c) register char *a, *b, *c; { char *result; - int size_a = strlen(a); - int size_b = strlen(b); - int size_c = strlen(c); - result = malloc((size_a + size_b + size_c + 2)*sizeof(char)); - strcpy(result, a); - strcpy(&result[size_a], c); - strcpy(&result[size_a+size_c], b); + asprintf(&result, "%s%s%s", a, c, b); return(result); } @@ -112,13 +90,8 @@ char *quote(string) register char *string; { register char *result; - int len; - len = strlen(string)+1; - result = malloc(len+2); - result[0] = '"'; - strncpy(&result[1], string, len-1); - result[len] = '"'; - result[len+1] = '\0'; + + asprintf(&result, "\"%s\"", string); return(result); } diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in index dfd642c2c1..0927c61a1b 100644 --- a/src/util/support/Makefile.in +++ b/src/util/support/Makefile.in @@ -30,13 +30,24 @@ MKSTEMP_OBJ= @MKSTEMP_OBJ@ ##DOS##MKSTEMP_ST_OBJ= mkstemp.o ##DOS##MKSTEMP_OBJ= $(OUTPRE)mkstemp.$(OBJEXT) +STRLCPY_ST_OBJ=@STRLCPY_ST_OBJ@ +STRLCPY_OBJ=@STRLCPY_OBJ@ + +PRINTF_ST_OBJ= @PRINTF_ST_OBJ@ +PRINTF_OBJ= @PRINTF_OBJ@ + STLIBOBJS= \ threads.o \ init-addrinfo.o \ plugins.o \ errors.o \ + k5buf.o \ gmt_mktime.o \ fake-addrinfo.o \ + utf8.o \ + utf8_conv.o \ + $(STRLCPY_ST_OBJ) \ + $(PRINTF_ST_OBJ) \ $(MKSTEMP_ST_OBJ) LIBOBJS= \ @@ -44,8 +55,13 @@ LIBOBJS= \ $(OUTPRE)init-addrinfo.$(OBJEXT) \ $(OUTPRE)plugins.$(OBJEXT) \ $(OUTPRE)errors.$(OBJEXT) \ + $(OUTPRE)k5buf.$(OBJEXT) \ $(OUTPRE)gmt_mktime.$(OBJEXT) \ $(OUTPRE)fake-addrinfo.$(OBJEXT) \ + $(OUTPRE)utf8.$(OBJEXT) \ + $(OUTPRE)utf8_conv.$(OBJEXT) \ + $(STRLCPY_OBJ) \ + $(PRINTF_OBJ) \ $(MKSTEMP_OBJ) STOBJLISTS=OBJS.ST @@ -58,9 +74,15 @@ SRCS=\ $(srcdir)/threads.c \ $(srcdir)/init-addrinfo.c \ $(srcdir)/errors.c \ + $(srcdir)/k5buf.c \ $(srcdir)/gmt_mktime.c \ $(srcdir)/fake-addrinfo.c \ - $(srcdir)/mkstemp.c + $(srcdir)/utf8.c \ + $(srcdir)/utf8_conv.c \ + $(srcdir)/strlcpy.c \ + $(srcdir)/printf.c \ + $(srcdir)/mkstemp.c \ + $(srcdir)/t_k5buf.c SHLIB_EXPDEPS = # Add -lm if dumping thread stats, for sqrt. @@ -105,35 +127,19 @@ libkrb5support.exports: $(srcdir)/libkrb5support-fixed.exports Makefile ##DOS## $(RM) libkrb5support.exports ##DOS## $(MV) new-exports libkrb5support.exports +T_K5BUF_OBJS= t_k5buf.o k5buf.o $(PRINTF_ST_OBJ) + +t_k5buf: $(T_K5BUF_OBJS) + $(CC_LINK) -o t_k5buf $(T_K5BUF_OBJS) + +TEST_PROGS= t_k5buf + +check-unix:: $(TEST_PROGS) + ./t_k5buf + +clean:: + $(RM) t_k5buf.o t_k5buf + @lib_frag@ @libobj_frag@ -# +++ Dependency line eater +++ -# -# Makefile dependencies follow. This must be the last section in -# the Makefile.in file -# -threads.so threads.po $(OUTPRE)threads.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h cache-addrinfo.h supp-int.h \ - threads.c -init-addrinfo.so init-addrinfo.po $(OUTPRE)init-addrinfo.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cache-addrinfo.h init-addrinfo.c -errors.so errors.po $(OUTPRE)errors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h errors.c supp-int.h -gmt_mktime.so gmt_mktime.po $(OUTPRE)gmt_mktime.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-gmt_mktime.h \ - gmt_mktime.c -fake-addrinfo.so fake-addrinfo.po $(OUTPRE)fake-addrinfo.$(OBJEXT): \ - $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - cache-addrinfo.h fake-addrinfo.c supp-int.h -mkstemp.so mkstemp.po $(OUTPRE)mkstemp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ - mkstemp.c diff --git a/src/util/support/deps b/src/util/support/deps new file mode 100644 index 0000000000..c75af76417 --- /dev/null +++ b/src/util/support/deps @@ -0,0 +1,46 @@ +# +# Generated makefile dependencies follow. +# +threads.so threads.po $(OUTPRE)threads.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h cache-addrinfo.h supp-int.h \ + threads.c +init-addrinfo.so init-addrinfo.po $(OUTPRE)init-addrinfo.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + cache-addrinfo.h init-addrinfo.c +errors.so errors.po $(OUTPRE)errors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h errors.c supp-int.h +k5buf.so k5buf.po $(OUTPRE)k5buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h k5buf-int.h k5buf.c +gmt_mktime.so gmt_mktime.po $(OUTPRE)gmt_mktime.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-gmt_mktime.h \ + gmt_mktime.c +fake-addrinfo.so fake-addrinfo.po $(OUTPRE)fake-addrinfo.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + cache-addrinfo.h fake-addrinfo.c supp-int.h +utf8.so utf8.po $(OUTPRE)utf8.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-utf8.h supp-int.h utf8.c +utf8_conv.so utf8_conv.po $(OUTPRE)utf8_conv.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-utf8.h \ + supp-int.h utf8_conv.c +strlcpy.so strlcpy.po $(OUTPRE)strlcpy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + strlcpy.c +printf.so printf.po $(OUTPRE)printf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + printf.c +mkstemp.so mkstemp.po $(OUTPRE)mkstemp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + mkstemp.c +t_k5buf.so t_k5buf.po $(OUTPRE)t_k5buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-thread.h k5buf-int.h t_k5buf.c diff --git a/src/util/support/errors.c b/src/util/support/errors.c index d1aa485c5a..d85ba42443 100644 --- a/src/util/support/errors.c +++ b/src/util/support/errors.c @@ -11,6 +11,10 @@ #include "k5-platform.h" #include "supp-int.h" +#ifdef USE_KIM +#include "kim_string_private.h" +#endif + /* It would be nice to just use error_message() always. Pity that it's defined in a library that depends on this one, and we're not allowed to make circular dependencies. */ @@ -43,27 +47,45 @@ void krb5int_vset_error (struct errinfo *ep, long code, const char *fmt, va_list args) { - char *p; - char *str = NULL; va_list args2; - - if (ep->msg && ep->msg != ep->scratch_buf) { - free (ep->msg); - ep->msg = NULL; + char *str = NULL; + const char *loc_fmt = NULL; + +#ifdef USE_KIM + /* Try to localize the format string */ + if (kim_os_string_create_localized(&loc_fmt, fmt) != KIM_NO_ERROR) { + loc_fmt = fmt; } - ep->code = code; +#else + loc_fmt = fmt; +#endif + + /* try vasprintf first */ va_copy(args2, args); - if (vasprintf(&str, fmt, args2) >= 0 && str != NULL) { - va_end(args2); - ep->msg = str; - return; + if (vasprintf(&str, loc_fmt, args2) < 0) { + str = NULL; } va_end(args2); - /* Allocation failure? */ - vsnprintf(ep->scratch_buf, sizeof(ep->scratch_buf), fmt, args); - /* Try again, just in case. */ - p = strdup(ep->scratch_buf); - ep->msg = p ? p : ep->scratch_buf; + + /* If that failed, try using scratch_buf */ + if (str == NULL) { + vsnprintf(ep->scratch_buf, sizeof(ep->scratch_buf), loc_fmt, args); + str = strdup(ep->scratch_buf); /* try allocating again */ + } + + /* free old string before setting new one */ + if (ep->msg && ep->msg != ep->scratch_buf) { + free ((char *) ep->msg); + ep->msg = NULL; + } + ep->code = code; + ep->msg = str ? str : ep->scratch_buf; + +#ifdef USE_KIM + if (loc_fmt != fmt) { kim_string_free(&loc_fmt); } +#else + if (loc_fmt != fmt) { free((char *) loc_fmt); } +#endif } const char * @@ -73,7 +95,8 @@ krb5int_get_error (struct errinfo *ep, long code) if (code == ep->code && ep->msg) { r = strdup(ep->msg); if (r == NULL) { - strcpy(ep->scratch_buf, _("Out of memory")); + strlcpy(ep->scratch_buf, _("Out of memory"), + sizeof(ep->scratch_buf)); r = ep->scratch_buf; } return r; @@ -130,7 +153,8 @@ krb5int_get_error (struct errinfo *ep, long code) unlock(); goto format_number; } - r2 = strdup (r); + + r2 = strdup(r); if (r2 == NULL) { strncpy(ep->scratch_buf, r, sizeof(ep->scratch_buf)); unlock(); diff --git a/src/util/support/fake-addrinfo.c b/src/util/support/fake-addrinfo.c index 8ebf195649..4b628bb67b 100644 --- a/src/util/support/fake-addrinfo.c +++ b/src/util/support/fake-addrinfo.c @@ -102,7 +102,7 @@ #include "k5-thread.h" #include "supp-int.h" -#include /* for sprintf */ +#include #include #define IMPLEMENT_FAKE_GETADDRINFO @@ -354,7 +354,7 @@ system_getnameinfo (const struct sockaddr *sa, socklen_t salen, #if (!defined (HAVE_GETADDRINFO) || defined (WRAP_GETADDRINFO)) && defined(DEBUG_ADDRINFO) /* Some debug routines. */ -static const char *protoname (int p, char *buf) { +static const char *protoname (int p, char *buf, size_t bufsize) { #define X(N) if (p == IPPROTO_ ## N) return #N X(TCP); @@ -373,11 +373,11 @@ static const char *protoname (int p, char *buf) { X(IGMP); #endif - sprintf(buf, " %-2d", p); + snprintf(buf, bufsize, " %-2d", p); return buf; } -static const char *socktypename (int t, char *buf) { +static const char *socktypename (int t, char *buf, size_t bufsize) { switch (t) { case SOCK_DGRAM: return "DGRAM"; case SOCK_STREAM: return "STREAM"; @@ -385,14 +385,14 @@ static const char *socktypename (int t, char *buf) { case SOCK_RDM: return "RDM"; case SOCK_SEQPACKET: return "SEQPACKET"; } - sprintf(buf, " %-2d", t); + snprintf(buf, bufsize, " %-2d", t); return buf; } -static const char *familyname (int f, char *buf) { +static const char *familyname (int f, char *buf, size_t bufsize) { switch (f) { default: - sprintf(buf, "AF %d", f); + snprintf(buf, bufsize, "AF %d", f); return buf; case AF_INET: return "AF_INET"; case AF_INET6: return "AF_INET6"; @@ -422,11 +422,14 @@ static void debug_dump_getaddrinfo_args (const char *name, const char *serv, if (sep[0] == 0) fprintf(stderr, "no-flags"); if (hint->ai_family) - fprintf(stderr, " %s", familyname(hint->ai_family, buf)); + fprintf(stderr, " %s", familyname(hint->ai_family, buf, + sizeof(buf))); if (hint->ai_socktype) - fprintf(stderr, " SOCK_%s", socktypename(hint->ai_socktype, buf)); + fprintf(stderr, " SOCK_%s", socktypename(hint->ai_socktype, buf, + sizeof(buf))); if (hint->ai_protocol) - fprintf(stderr, " IPPROTO_%s", protoname(hint->ai_protocol, buf)); + fprintf(stderr, " IPPROTO_%s", protoname(hint->ai_protocol, buf, + sizeof(buf))); } else fprintf(stderr, "(null)"); fprintf(stderr, " }):\n"); @@ -444,11 +447,13 @@ static void debug_dump_addrinfos (const struct addrinfo *ai) fprintf(stderr, "addrinfos returned:\n"); while (ai) { fprintf(stderr, "%p...", ai); - fprintf(stderr, " socktype=%s", socktypename(ai->ai_socktype, buf)); - fprintf(stderr, " ai_family=%s", familyname(ai->ai_family, buf)); + fprintf(stderr, " socktype=%s", socktypename(ai->ai_socktype, buf, + sizeof(buf))); + fprintf(stderr, " ai_family=%s", familyname(ai->ai_family, buf, + sizeof(buf))); if (ai->ai_family != ai->ai_addr->sa_family) fprintf(stderr, " sa_family=%s", - familyname(ai->ai_addr->sa_family, buf)); + familyname(ai->ai_addr->sa_family, buf, sizeof(buf))); fprintf(stderr, "\n"); ai = ai->ai_next; count++; @@ -960,7 +965,8 @@ fake_getnameinfo (const struct sockaddr *sa, socklen_t len, char tmpbuf[20]; numeric_host: uc = (const unsigned char *) &sinp->sin_addr; - sprintf(tmpbuf, "%d.%d.%d.%d", uc[0], uc[1], uc[2], uc[3]); + snprintf(tmpbuf, sizeof(tmpbuf), "%d.%d.%d.%d", + uc[0], uc[1], uc[2], uc[3]); strncpy(host, tmpbuf, hlen); #else char *p; @@ -996,7 +1002,7 @@ fake_getnameinfo (const struct sockaddr *sa, socklen_t len, port = ntohs (sinp->sin_port); if (port < 0 || port > 65535) return EAI_FAIL; - sprintf (numbuf, "%d", port); + snprintf (numbuf, sizeof(numbuf), "%d", port); strncpy (service, numbuf, slen); } else { int serr; diff --git a/src/util/support/init-addrinfo.c b/src/util/support/init-addrinfo.c index 4c94dc7434..186950fb8b 100644 --- a/src/util/support/init-addrinfo.c +++ b/src/util/support/init-addrinfo.c @@ -50,7 +50,7 @@ #include "k5-platform.h" #include "k5-thread.h" -#include /* for sprintf */ +#include #include #define IMPLEMENT_FAKE_GETADDRINFO diff --git a/src/lib/krb4/g_tf_realm.c b/src/util/support/k5buf-int.h similarity index 58% rename from src/lib/krb4/g_tf_realm.c rename to src/util/support/k5buf-int.h index fe99e61e1c..20aefc3679 100644 --- a/src/lib/krb4/g_tf_realm.c +++ b/src/util/support/k5buf-int.h @@ -1,7 +1,9 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ + /* - * lib/krb4/g_tf_realm.c + * k5buf-int.h * - * Copyright 1987-2002 by the Massachusetts Institute of Technology. + * Copyright 2008 Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -16,29 +18,34 @@ * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label + * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. + * + * Internal declarations for the k5buf string buffer module. */ -#include "krb.h" +#ifndef K5BUF_INT_H +#define K5BUF_INT_H -/* - * This file contains a routine to extract the realm of a kerberos - * ticket file. - */ +#include "k5-platform.h" +#include "k5-buf.h" -/* - * krb_get_tf_realm() takes two arguments: the name of a ticket - * and a variable to store the name of the realm in. - * - */ +/* The k5buf structure has funny field names to discourage callers + from violating the abstraction barrier. Define less funny names + for them here. */ +#define buftype xx_buftype +#define data xx_data +#define space xx_space +#define len xx_len + +#define DYNAMIC_INITIAL_SIZE 128 +#define SPACE_MAX (SIZE_MAX / 2) /* rounds down, since SIZE_MAX is odd */ + +/* Buffer type values. */ +enum { FIXED, DYNAMIC, ERROR }; -int KRB5_CALLCONV -krb_get_tf_realm(const char *ticket_file, char *realm) -{ - return krb_get_tf_fullname(ticket_file, NULL, NULL, realm); -} +#endif /* K5BUF_INT_H */ diff --git a/src/util/support/k5buf.c b/src/util/support/k5buf.c new file mode 100644 index 0000000000..0bdffb1ad2 --- /dev/null +++ b/src/util/support/k5buf.c @@ -0,0 +1,213 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ + +/* + * k5buf.c + * + * Copyright 2008 Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * Implement the k5buf string buffer module. + */ + +/* Can't include krb5.h here, or k5-int.h which includes it, because + krb5.h needs to be generated with error tables, after util/et, + which builds after this directory. */ +#include "k5buf-int.h" +#include + +/* Structure invariants: + + buftype is FIXED, DYNAMIC, or ERROR + if buftype is not ERROR: + space > 0 + space <= floor(SIZE_MAX / 2) (to fit within ssize_t) + len < space + data[len] = '\0' +*/ + +/* Make sure there is room for LEN more characters in BUF, in addition + to the null terminator and what's already in there. Return true on + success. On failure, set the error flag and return false. */ +static int ensure_space(struct k5buf *buf, size_t len) +{ + size_t new_space; + char *new_data; + + if (buf->buftype == ERROR) + return 0; + if (buf->space - 1 - buf->len >= len) /* Enough room already. */ + return 1; + if (buf->buftype == FIXED) /* Can't resize a fixed buffer. */ + goto error_exit; + assert(buf->buftype == DYNAMIC); + new_space = buf->space * 2; + while (new_space <= SPACE_MAX && new_space - buf->len - 1 < len) + new_space *= 2; + if (new_space > SPACE_MAX) + goto error_exit; + new_data = realloc(buf->data, new_space); + if (new_data == NULL) + goto error_exit; + buf->data = new_data; + buf->space = new_space; + return 1; + + error_exit: + if (buf->buftype == DYNAMIC) { + free(buf->data); + buf->data = NULL; + } + buf->buftype = ERROR; + return 0; +} + +void krb5int_buf_init_fixed(struct k5buf *buf, char *data, size_t space) +{ + assert(space > 0); + buf->buftype = FIXED; + buf->data = data; + buf->space = space; + buf->len = 0; + buf->data[0] = '\0'; +} + +void krb5int_buf_init_dynamic(struct k5buf *buf) +{ + buf->buftype = DYNAMIC; + buf->space = DYNAMIC_INITIAL_SIZE; + buf->data = malloc(buf->space); + if (buf->data == NULL) { + buf->buftype = ERROR; + return; + } + buf->len = 0; + buf->data[0] = '\0'; +} + +void krb5int_buf_add(struct k5buf *buf, const char *data) +{ + krb5int_buf_add_len(buf, data, strlen(data)); +} + +void krb5int_buf_add_len(struct k5buf *buf, const char *data, size_t len) +{ + if (!ensure_space(buf, len)) + return; + memcpy(buf->data + buf->len, data, len); + buf->len += len; + buf->data[buf->len] = '\0'; +} + +void krb5int_buf_add_fmt(struct k5buf *buf, const char *fmt, ...) +{ + va_list ap; + int r; + size_t remaining; + char *tmp; + + if (buf->buftype == ERROR) + return; + remaining = buf->space - buf->len; + + if (buf->buftype == FIXED) { + /* Format the data directly into the fixed buffer. */ + va_start(ap, fmt); + r = vsnprintf(buf->data + buf->len, remaining, fmt, ap); + va_end(ap); + if (SNPRINTF_OVERFLOW(r, remaining)) + buf->buftype = ERROR; + else + buf->len += (unsigned int) r; + return; + } + + /* Optimistically format the data directly into the dynamic buffer. */ + assert(buf->buftype == DYNAMIC); + va_start(ap, fmt); + r = vsnprintf(buf->data + buf->len, remaining, fmt, ap); + va_end(ap); + if (!SNPRINTF_OVERFLOW(r, remaining)) { + buf->len += (unsigned int) r; + return; + } + + if (r >= 0) { + /* snprintf correctly told us how much space is required. */ + if (!ensure_space(buf, r)) + return; + remaining = buf->space - buf->len; + va_start(ap, fmt); + r = vsnprintf(buf->data + buf->len, remaining, fmt, ap); + va_end(ap); + if (SNPRINTF_OVERFLOW(r, remaining)) /* Shouldn't ever happen. */ + buf->buftype = ERROR; + else + buf->len += (unsigned int) r; + return; + } + + /* It's a pre-C99 snprintf implementation, or something else went + wrong. Fall back to asprintf. */ + va_start(ap, fmt); + r = vasprintf(&tmp, fmt, ap); + va_end(ap); + if (r < 0) { + buf->buftype = ERROR; + return; + } + if (ensure_space(buf, r)) { + /* Copy the temporary string into buf, including terminator. */ + memcpy(buf->data + buf->len, tmp, r + 1); + buf->len += r; + } + free(tmp); +} + +void krb5int_buf_truncate(struct k5buf *buf, size_t len) +{ + if (buf->buftype == ERROR) + return; + assert(len <= buf->len); + buf->len = len; + buf->data[buf->len] = '\0'; +} + + +char *krb5int_buf_data(struct k5buf *buf) +{ + return (buf->buftype == ERROR) ? NULL : buf->data; +} + +ssize_t krb5int_buf_len(struct k5buf *buf) +{ + return (buf->buftype == ERROR) ? -1 : (ssize_t) buf->len; +} + +void krb5int_free_buf(struct k5buf *buf) +{ + if (buf->buftype == ERROR) + return; + assert(buf->buftype == DYNAMIC); + free(buf->data); + buf->data = NULL; + buf->buftype = ERROR; +} diff --git a/src/util/support/libkrb5support-fixed.exports b/src/util/support/libkrb5support-fixed.exports index 225c54ac05..4638bb6597 100644 --- a/src/util/support/libkrb5support-fixed.exports +++ b/src/util/support/libkrb5support-fixed.exports @@ -29,3 +29,20 @@ krb5int_free_error krb5int_clear_error krb5int_set_error_info_callout_fn krb5int_gmt_mktime +krb5int_buf_init_fixed +krb5int_buf_init_dynamic +krb5int_buf_add +krb5int_buf_add_len +krb5int_buf_add_fmt +krb5int_buf_truncate +krb5int_buf_data +krb5int_buf_len +krb5int_free_buf +krb5int_utf8cs_to_ucs2les +krb5int_utf8s_to_ucs2les +krb5int_ucs2lecs_to_utf8s +krb5int_ucs4_to_utf8 +krb5int_utf8_to_ucs4 +krb5int_utf8_lentab +krb5int_utf8_mintab +krb5int_utf8_next diff --git a/src/util/support/plugins.c b/src/util/support/plugins.c index c790d8cba7..26ec3912f9 100644 --- a/src/util/support/plugins.c +++ b/src/util/support/plugins.c @@ -453,12 +453,12 @@ krb5int_plugin_file_handle_array_init (struct plugin_file_handle ***harray) } static long -krb5int_plugin_file_handle_array_add (struct plugin_file_handle ***harray, int *count, +krb5int_plugin_file_handle_array_add (struct plugin_file_handle ***harray, size_t *count, struct plugin_file_handle *p) { long err = 0; struct plugin_file_handle **newharray = NULL; - int newcount = *count + 1; + size_t newcount = *count + 1; newharray = realloc (*harray, ((newcount + 1) * sizeof (**harray))); /* +1 for NULL */ if (newharray == NULL) { @@ -528,7 +528,7 @@ krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames) } if (!err) { - int j; + size_t j; for (i = 0; !err && filebases[i]; i++) { for (j = 0; !err && fileexts[j]; j++) { if (asprintf(&tempnames[(i*exts_count)+j], "%s%s", @@ -564,7 +564,7 @@ krb5int_open_plugin_dirs (const char * const *dirnames, { long err = 0; struct plugin_file_handle **h = NULL; - int count = 0; + size_t count = 0; char **filenames = NULL; int i; @@ -683,7 +683,7 @@ krb5int_get_plugin_dir_data (struct plugin_dir_handle *dirhandle, { long err = 0; void **p = NULL; - int count = 0; + size_t count = 0; /* XXX Do we need to add a leading "_" to the symbol name on any modern platforms? */ @@ -742,7 +742,7 @@ krb5int_get_plugin_dir_func (struct plugin_dir_handle *dirhandle, { long err = 0; void (**p)() = NULL; - int count = 0; + size_t count = 0; /* XXX Do we need to add a leading "_" to the symbol name on any modern platforms? */ diff --git a/src/util/support/printf.c b/src/util/support/printf.c new file mode 100644 index 0000000000..0df8c84ca3 --- /dev/null +++ b/src/util/support/printf.c @@ -0,0 +1,101 @@ +/* + * printf.c + * + * Copyright 2003, 2004, 2005, 2007, 2008 Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Provide {,v}asprintf for platforms that don't have them. + */ + +#include "k5-platform.h" + +/* On error: BSD: Set *ret to NULL. GNU: *ret is undefined. + + Since we want to be able to use the GNU version directly, we need + provide only the weaker guarantee in this version. */ +int +krb5int_vasprintf(char **ret, const char *format, va_list ap) +{ + va_list ap2; + char *str = NULL, *nstr; + size_t len = 80; + int len2; + + while (1) { + if (len >= INT_MAX || len == 0) + goto fail; + nstr = realloc(str, len); + if (nstr == NULL) + goto fail; + str = nstr; + va_copy(ap2, ap); + len2 = vsnprintf(str, len, format, ap2); + va_end(ap2); + /* ISO C vsnprintf returns the needed length. Some old + vsnprintf implementations return -1 on truncation. */ + if (len2 < 0) { + /* Don't know how much space we need, just that we didn't + supply enough; get a bigger buffer and try again. */ + if (len <= SIZE_MAX/2) + len *= 2; + else if (len < SIZE_MAX) + len = SIZE_MAX; + else + goto fail; + } else if ((unsigned int) len2 >= SIZE_MAX) { + /* Need more space than we can request. */ + goto fail; + } else if ((size_t) len2 >= len) { + /* Need more space, but we know how much. */ + len = (size_t) len2 + 1; + } else { + /* Success! */ + break; + } + } + /* We might've allocated more than we need, if we're still using + the initial guess, or we got here by doubling. */ + if ((size_t) len2 < len - 1) { + nstr = realloc(str, (size_t) len2 + 1); + if (nstr) + str = nstr; + } + *ret = str; + return len2; + +fail: + free(str); + return -1; +} + +int +krb5int_asprintf(char **ret, const char *format, ...) +{ + va_list ap; + int n; + + va_start(ap, format); + n = krb5int_vasprintf(ret, format, ap); + va_end(ap); + return n; +} diff --git a/src/util/support/strlcpy.c b/src/util/support/strlcpy.c new file mode 100644 index 0000000000..fd2c79b76f --- /dev/null +++ b/src/util/support/strlcpy.c @@ -0,0 +1,88 @@ +#include "k5-platform.h" + +/* Provide strlcpy and strlcat for platforms that don't have them. */ + +/* + * Copyright (c) 1998 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +/* + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t +krb5int_strlcpy(char *dst, const char *src, size_t siz) +{ + char *d = dst; + const char *s = src; + size_t n = siz; + + /* Copy as many bytes as will fit */ + if (n != 0) { + while (--n != 0) { + if ((*d++ = *s++) == '\0') + break; + } + } + + /* Not enough room in dst, add NUL and traverse rest of src */ + if (n == 0) { + if (siz != 0) + *d = '\0'; /* NUL-terminate dst */ + while (*s++) + ; + } + + return(s - src - 1); /* count does not include NUL */ +} + +/* + * Appends src to string dst of size siz (unlike strncat, siz is the + * full size of dst, not space left). At most siz-1 characters + * will be copied. Always NUL terminates (unless siz <= strlen(dst)). + * Returns strlen(src) + MIN(siz, strlen(initial dst)). + * If retval >= siz, truncation occurred. + */ +size_t +krb5int_strlcat(char *dst, const char *src, size_t siz) +{ + char *d = dst; + const char *s = src; + size_t n = siz; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end */ + while (n-- != 0 && *d != '\0') + d++; + dlen = d - dst; + n = siz - dlen; + + if (n == 0) + return(dlen + strlen(s)); + while (*s != '\0') { + if (n != 1) { + *d++ = *s; + n--; + } + s++; + } + *d = '\0'; + + return(dlen + (s - src)); /* count does not include NUL */ +} diff --git a/src/util/support/t_k5buf.c b/src/util/support/t_k5buf.c new file mode 100644 index 0000000000..bb60db4402 --- /dev/null +++ b/src/util/support/t_k5buf.c @@ -0,0 +1,287 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ + +/* + * t_k5buf.c + * + * Copyright 2008 Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * Test the k5buf string buffer module. + */ + +#include "k5buf-int.h" +#include +#include + +static void fail_if(int condition, const char *name) +{ + if (condition) { + fprintf(stderr, "%s failed\n", name); + exit(1); + } +} + +/* Test the invariants of a buffer. */ +static void check_buf(struct k5buf *buf, const char *name) +{ + fail_if(buf->buftype != FIXED && buf->buftype != DYNAMIC + && buf->buftype != ERROR, name); + if (buf->buftype == ERROR) + return; + fail_if(buf->space == 0, name); + fail_if(buf->space > SPACE_MAX, name); + fail_if(buf->len >= buf->space, name); + fail_if(buf->data[buf->len] != 0, name); +} + +static void test_basic() +{ + struct k5buf buf; + char storage[1024], *s; + ssize_t len; + + krb5int_buf_init_fixed(&buf, storage, sizeof(storage)); + krb5int_buf_add(&buf, "Hello "); + krb5int_buf_add_len(&buf, "world", 5); + check_buf(&buf, "basic fixed"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || strcmp(s, "Hello world") != 0 || len != 11, "basic fixed"); + + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add_len(&buf, "Hello", 5); + krb5int_buf_add(&buf, " world"); + check_buf(&buf, "basic dynamic"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || strcmp(s, "Hello world") != 0 || len != 11, "basic dynamic"); + krb5int_free_buf(&buf); +} + +static void test_realloc() +{ + struct k5buf buf; + char data[1024], *s; + ssize_t len; + size_t i; + + for (i = 0; i < sizeof(data); i++) + data[i] = 'a'; + + /* Cause the buffer size to double from 128 to 256 bytes. */ + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add_len(&buf, data, 10); + krb5int_buf_add_len(&buf, data, 128); + fail_if(buf.space != 256, "realloc 1"); + check_buf(&buf, "realloc 1"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 138 || memcmp(s, data, len) != 0, "realloc 1"); + + /* Cause the same buffer to double in size to 512 bytes. */ + krb5int_buf_add_len(&buf, data, 128); + fail_if(buf.space != 512, "realloc 2"); + check_buf(&buf, "realloc 2"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 266 || memcmp(s, data, len) != 0, "realloc 2"); + krb5int_free_buf(&buf); + + /* Cause a buffer to increase from 128 to 512 bytes directly. */ + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add_len(&buf, data, 10); + krb5int_buf_add_len(&buf, data, 256); + fail_if(buf.space != 512, "realloc 3"); + check_buf(&buf, "realloc 3"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 266 || memcmp(s, data, len) != 0, "realloc 3"); + krb5int_free_buf(&buf); + + /* Cause a buffer to increase from 128 to 1024 bytes directly. */ + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add_len(&buf, data, 10); + krb5int_buf_add_len(&buf, data, 512); + fail_if(buf.space != 1024, "realloc 4"); + check_buf(&buf, "realloc 4"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 522 || memcmp(s, data, len) != 0, "realloc 4"); + krb5int_free_buf(&buf); + + /* Cause a reallocation to fail by exceeding SPACE_MAX. */ + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add_len(&buf, data, 10); + krb5int_buf_add_len(&buf, NULL, SPACE_MAX); + check_buf(&buf, "realloc 5"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(buf.buftype != ERROR || s != NULL || len != -1, "realloc 5"); + krb5int_free_buf(&buf); + + /* Cause a reallocation to fail by integer overflow. */ + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add_len(&buf, data, 100); + krb5int_buf_add_len(&buf, NULL, SPACE_MAX * 2); + check_buf(&buf, "realloc 6"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(buf.buftype != ERROR || s != NULL || len != -1, "realloc 6"); + krb5int_free_buf(&buf); +} + +static void test_overflow() +{ + struct k5buf buf; + char storage[10], *s; + ssize_t len; + + /* Cause a fixed-sized buffer overflow. */ + krb5int_buf_init_fixed(&buf, storage, sizeof(storage)); + krb5int_buf_add(&buf, "12345"); + krb5int_buf_add(&buf, "12345"); + check_buf(&buf, "overflow 1"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(buf.buftype != ERROR || s != NULL || len != -1, "overflow 1"); + + /* Cause a fixed-sized buffer overflow with integer overflow. */ + krb5int_buf_init_fixed(&buf, storage, sizeof(storage)); + krb5int_buf_add(&buf, "12345"); + krb5int_buf_add_len(&buf, NULL, SPACE_MAX * 2); + check_buf(&buf, "overflow 2"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(buf.buftype != ERROR || s != NULL || len != -1, "overflow 2"); +} + +static void test_error() +{ + struct k5buf buf; + char storage[1]; + + /* Cause an overflow and then perform actions afterwards. */ + krb5int_buf_init_fixed(&buf, storage, sizeof(storage)); + krb5int_buf_add(&buf, "1"); + fail_if(buf.buftype != ERROR, "error"); + check_buf(&buf, "error"); + krb5int_buf_add(&buf, "test"); + check_buf(&buf, "error"); + krb5int_buf_add_len(&buf, "test", 4); + check_buf(&buf, "error"); + krb5int_buf_truncate(&buf, 3); + check_buf(&buf, "error"); + fail_if(buf.buftype != ERROR, "error"); +} + +static void test_truncate() +{ + struct k5buf buf; + char *s; + ssize_t len; + + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add(&buf, "abcde"); + krb5int_buf_add(&buf, "fghij"); + krb5int_buf_truncate(&buf, 7); + check_buf(&buf, "truncate"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 7 || strcmp(s, "abcdefg") != 0, "truncate"); + krb5int_free_buf(&buf); +} + +static void test_binary() +{ + struct k5buf buf; + char *s, data[] = { 'a', 0, 'b' }; + ssize_t len; + + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add_len(&buf, data, 3); + krb5int_buf_add_len(&buf, data, 3); + check_buf(&buf, "binary"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 6, "binary"); + fail_if(s[0] != 'a' || s[1] != 0 || s[2] != 'b', "binary"); + fail_if(s[3] != 'a' || s[4] != 0 || s[5] != 'b', "binary"); + krb5int_free_buf(&buf); +} + +static void test_fmt() +{ + struct k5buf buf; + char *s, storage[10], data[1024]; + ssize_t len; + size_t i; + + for (i = 0; i < sizeof(data) - 1; i++) + data[i] = 'a'; + data[i] = '\0'; + + /* Format some text into a non-empty fixed buffer. */ + krb5int_buf_init_fixed(&buf, storage, sizeof(storage)); + krb5int_buf_add(&buf, "foo"); + krb5int_buf_add_fmt(&buf, " %d ", 3); + check_buf(&buf, "fmt 1"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 6 || strcmp(s, "foo 3 ") != 0, "fmt 1"); + + /* Overflow the same buffer with formatted text. */ + krb5int_buf_add_fmt(&buf, "%d%d%d%d", 1, 2, 3, 4); + check_buf(&buf, "fmt 2"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(buf.buftype != ERROR || s != NULL || len != -1, "fmt 2"); + + /* Format some text into a non-empty dynamic buffer. */ + krb5int_buf_init_dynamic(&buf); + krb5int_buf_add(&buf, "foo"); + krb5int_buf_add_fmt(&buf, " %d ", 3); + check_buf(&buf, "fmt 3"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 6 || strcmp(s, "foo 3 ") != 0, "fmt 3"); + + /* Format more text into the same buffer, causing a big resize. */ + krb5int_buf_add_fmt(&buf, "%s", data); + check_buf(&buf, "fmt 4"); + fail_if(buf.space != 2048, "fmt 4"); + s = krb5int_buf_data(&buf); + len = krb5int_buf_len(&buf); + fail_if(!s || len != 1029 || strcmp(s + 6, data) != 0, "fmt 4"); + krb5int_free_buf(&buf); +} + +int main() +{ + test_basic(); + test_realloc(); + test_overflow(); + test_error(); + test_truncate(); + test_binary(); + test_fmt(); + return 0; +} diff --git a/src/util/support/utf8.c b/src/util/support/utf8.c new file mode 100644 index 0000000000..f0d764e4a8 --- /dev/null +++ b/src/util/support/utf8.c @@ -0,0 +1,541 @@ +/* + * util/support/utf8.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Basic UTF-8 routines + * + * These routines are "dumb". Though they understand UTF-8, + * they don't grok Unicode. That is, they can push bits, + * but don't have a clue what the bits represent. That's + * good enough for use with the KRB5 Client SDK. + * + * These routines are not optimized. + */ + +#include "k5-platform.h" +#include "k5-utf8.h" +#include "supp-int.h" + +/* + * return the number of bytes required to hold the + * NULL-terminated UTF-8 string NOT INCLUDING the + * termination. + */ +size_t krb5int_utf8_bytes(const char *p) +{ + size_t bytes; + + for (bytes = 0; p[bytes]; bytes++) + ; + + return bytes; +} + +size_t krb5int_utf8_chars(const char *p) +{ + /* could be optimized and could check for invalid sequences */ + size_t chars = 0; + + for ( ; *p ; KRB5_UTF8_INCR(p)) + chars++; + + return chars; +} + +size_t krb5int_utf8c_chars(const char *p, size_t length) +{ + /* could be optimized and could check for invalid sequences */ + size_t chars = 0; + const char *end = p + length; + + for ( ; p < end; KRB5_UTF8_INCR(p)) + chars++; + + return chars; +} + +/* return offset to next character */ +int krb5int_utf8_offset(const char *p) +{ + return KRB5_UTF8_NEXT(p) - p; +} + +/* + * Returns length indicated by first byte. + */ +const char krb5int_utf8_lentab[] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, + 4, 4, 4, 4, 4, 4, 4, 4, 5, 5, 5, 5, 6, 6, 0, 0 }; + +int krb5int_utf8_charlen(const char *p) +{ + if (!(*p & 0x80)) + return 1; + + return krb5int_utf8_lentab[*(const unsigned char *)p ^ 0x80]; +} + +/* + * Make sure the UTF-8 char used the shortest possible encoding + * returns charlen if valid, 0 if not. + * + * Here are the valid UTF-8 encodings, taken from RFC 2279 page 4. + * The table is slightly modified from that of the RFC. + * + * UCS-4 range (hex) UTF-8 sequence (binary) + * 0000 0000-0000 007F 0....... + * 0000 0080-0000 07FF 110++++. 10...... + * 0000 0800-0000 FFFF 1110++++ 10+..... 10...... + * 0001 0000-001F FFFF 11110+++ 10++.... 10...... 10...... + * 0020 0000-03FF FFFF 111110++ 10+++... 10...... 10...... 10...... + * 0400 0000-7FFF FFFF 1111110+ 10++++.. 10...... 10...... 10...... 10...... + * + * The '.' bits are "don't cares". When validating a UTF-8 sequence, + * at least one of the '+' bits must be set, otherwise the character + * should have been encoded in fewer octets. Note that in the two-octet + * case, only the first octet needs to be validated, and this is done + * in the krb5int_utf8_lentab[] above. + */ + +/* mask of required bits in second octet */ +#undef c +#define c const char +c krb5int_utf8_mintab[] = { + (c)0x20, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, + (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, + (c)0x30, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, (c)0x80, + (c)0x38, (c)0x80, (c)0x80, (c)0x80, (c)0x3c, (c)0x80, (c)0x00, (c)0x00 }; +#undef c + +int krb5int_utf8_charlen2(const char *p) +{ + int i = KRB5_UTF8_CHARLEN(p); + + if (i > 2) { + if (!(krb5int_utf8_mintab[*p & 0x1f] & p[1])) + i = 0; + } + + return i; +} + +krb5_ucs4 krb5int_utf8_to_ucs4(const char *p) +{ + const unsigned char *c = (const unsigned char *) p; + krb5_ucs4 ch; + int len, i; + static unsigned char mask[] = { + 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 }; + + len = KRB5_UTF8_CHARLEN2(p, len); + + if (len == 0) + return KRB5_UCS4_INVALID; + + ch = c[0] & mask[len]; + + for (i = 1; i < len; i++) { + if ((c[i] & 0xc0) != 0x80) { + return KRB5_UCS4_INVALID; + } + + ch <<= 6; + ch |= c[i] & 0x3f; + } + + return ch; +} + +krb5_ucs2 krb5int_utf8_to_ucs2(const char *p) +{ + krb5_ucs4 ch = krb5int_utf8_to_ucs4(p); + + if (ch == KRB5_UCS4_INVALID || ch > SHRT_MAX) + return KRB5_UCS2_INVALID; + + return (krb5_ucs2)ch; +} + +/* conv UCS-2 to UTF-8, not used */ +size_t krb5int_ucs4_to_utf8(krb5_ucs4 c, char *buf) +{ + size_t len = 0; + unsigned char *p = (unsigned char *) buf; + + /* not a valid Unicode character */ + if (c < 0) + return 0; + + /* Just return length, don't convert */ + if (buf == NULL) { + if (c < 0x80) return 1; + else if (c < 0x800) return 2; + else if (c < 0x10000) return 3; + else if (c < 0x200000) return 4; + else if (c < 0x4000000) return 5; + else return 6; + } + + if (c < 0x80) { + p[len++] = c; + } else if (c < 0x800) { + p[len++] = 0xc0 | ( c >> 6 ); + p[len++] = 0x80 | ( c & 0x3f ); + } else if (c < 0x10000) { + p[len++] = 0xe0 | ( c >> 12 ); + p[len++] = 0x80 | ( (c >> 6) & 0x3f ); + p[len++] = 0x80 | ( c & 0x3f ); + } else if (c < 0x200000) { + p[len++] = 0xf0 | ( c >> 18 ); + p[len++] = 0x80 | ( (c >> 12) & 0x3f ); + p[len++] = 0x80 | ( (c >> 6) & 0x3f ); + p[len++] = 0x80 | ( c & 0x3f ); + } else if (c < 0x4000000) { + p[len++] = 0xf8 | ( c >> 24 ); + p[len++] = 0x80 | ( (c >> 18) & 0x3f ); + p[len++] = 0x80 | ( (c >> 12) & 0x3f ); + p[len++] = 0x80 | ( (c >> 6) & 0x3f ); + p[len++] = 0x80 | ( c & 0x3f ); + } else /* if( c < 0x80000000 ) */ { + p[len++] = 0xfc | ( c >> 30 ); + p[len++] = 0x80 | ( (c >> 24) & 0x3f ); + p[len++] = 0x80 | ( (c >> 18) & 0x3f ); + p[len++] = 0x80 | ( (c >> 12) & 0x3f ); + p[len++] = 0x80 | ( (c >> 6) & 0x3f ); + p[len++] = 0x80 | ( c & 0x3f ); + } + + return len; +} + +size_t krb5int_ucs2_to_utf8(krb5_ucs2 c, char *buf) +{ + return krb5int_ucs4_to_utf8((krb5_ucs4)c, buf); +} + +#define KRB5_UCS_UTF8LEN(c) \ + c < 0 ? 0 : (c < 0x80 ? 1 : (c < 0x800 ? 2 : (c < 0x10000 ? 3 : \ + (c < 0x200000 ? 4 : (c < 0x4000000 ? 5 : 6))))) + +/* + * Advance to the next UTF-8 character + * + * Ignores length of multibyte character, instead rely on + * continuation markers to find start of next character. + * This allows for "resyncing" of when invalid characters + * are provided provided the start of the next character + * is appears within the 6 bytes examined. + */ +char *krb5int_utf8_next(const char *p) +{ + int i; + const unsigned char *u = (const unsigned char *) p; + + if (KRB5_UTF8_ISASCII(u)) { + return (char *) &p[1]; + } + + for (i = 1; i < 6; i++) { + if ((u[i] & 0xc0) != 0x80) { + return (char *) &p[i]; + } + } + + return (char *) &p[i]; +} + +/* + * Advance to the previous UTF-8 character + * + * Ignores length of multibyte character, instead rely on + * continuation markers to find start of next character. + * This allows for "resyncing" of when invalid characters + * are provided provided the start of the next character + * is appears within the 6 bytes examined. + */ +char *krb5int_utf8_prev(const char *p) +{ + int i; + const unsigned char *u = (const unsigned char *) p; + + for (i = -1; i>-6 ; i--) { + if ((u[i] & 0xc0 ) != 0x80) { + return (char *) &p[i]; + } + } + + return (char *) &p[i]; +} + +/* + * Copy one UTF-8 character from src to dst returning + * number of bytes copied. + * + * Ignores length of multibyte character, instead rely on + * continuation markers to find start of next character. + * This allows for "resyncing" of when invalid characters + * are provided provided the start of the next character + * is appears within the 6 bytes examined. + */ +int krb5int_utf8_copy(char* dst, const char *src) +{ + int i; + const unsigned char *u = (const unsigned char *) src; + + dst[0] = src[0]; + + if (KRB5_UTF8_ISASCII(u)) { + return 1; + } + + for (i=1; i<6; i++) { + if ((u[i] & 0xc0) != 0x80) { + return i; + } + dst[i] = src[i]; + } + + return i; +} + +#ifndef UTF8_ALPHA_CTYPE +/* + * UTF-8 ctype routines + * Only deals with characters < 0x80 (ie: US-ASCII) + */ + +int krb5int_utf8_isascii(const char * p) +{ + unsigned c = * (const unsigned char *) p; + + return KRB5_ASCII(c); +} + +int krb5int_utf8_isdigit(const char * p) +{ + unsigned c = * (const unsigned char *) p; + + if (!KRB5_ASCII(c)) + return 0; + + return KRB5_DIGIT( c ); +} + +int krb5int_utf8_isxdigit(const char * p) +{ + unsigned c = * (const unsigned char *) p; + + if (!KRB5_ASCII(c)) + return 0; + + return KRB5_HEX(c); +} + +int krb5int_utf8_isspace(const char * p) +{ + unsigned c = * (const unsigned char *) p; + + if (!KRB5_ASCII(c)) + return 0; + + switch(c) { + case ' ': + case '\t': + case '\n': + case '\r': + case '\v': + case '\f': + return 1; + } + + return 0; +} + +/* + * These are not needed by the C SDK and are + * not "good enough" for general use. + */ +int krb5int_utf8_isalpha(const char * p) +{ + unsigned c = * (const unsigned char *) p; + + if (!KRB5_ASCII(c)) + return 0; + + return KRB5_ALPHA(c); +} + +int krb5int_utf8_isalnum(const char * p) +{ + unsigned c = * (const unsigned char *) p; + + if (!KRB5_ASCII(c)) + return 0; + + return KRB5_ALNUM(c); +} + +#if 0 +int krb5int_utf8_islower(const char * p) +{ + unsigned c = * (const unsigned char *) p; + + if (!KRB5_ASCII(c)) + return 0; + + return KRB5_LOWER(c); +} + +int krb5int_utf8_isupper(const char * p) +{ + unsigned c = * (const unsigned char *) p; + + if (!KRB5_ASCII(c)) + return 0; + + return KRB5_UPPER(c); +} +#endif +#endif + + +/* + * UTF-8 string routines + */ + +/* like strchr() */ +char *krb5int_utf8_strchr(const char *str, const char *chr) +{ + for ( ; *str != '\0'; KRB5_UTF8_INCR(str)) { + if (krb5int_utf8_to_ucs4(str) == krb5int_utf8_to_ucs4(chr)) { + return (char *)str; + } + } + + return NULL; +} + +/* like strcspn() but returns number of bytes, not characters */ +size_t krb5int_utf8_strcspn(const char *str, const char *set) +{ + const char *cstr; + const char *cset; + + for (cstr = str; *cstr != '\0'; KRB5_UTF8_INCR(cstr)) { + for (cset = set; *cset != '\0'; KRB5_UTF8_INCR(cset)) { + if (krb5int_utf8_to_ucs4(cstr) == krb5int_utf8_to_ucs4(cset)) { + return cstr - str; + } + } + } + + return cstr - str; +} + +/* like strspn() but returns number of bytes, not characters */ +size_t krb5int_utf8_strspn(const char *str, const char *set) +{ + const char *cstr; + const char *cset; + + for (cstr = str; *cstr != '\0'; KRB5_UTF8_INCR(cstr)) { + for (cset = set; ; KRB5_UTF8_INCR(cset)) { + if (*cset == '\0') { + return cstr - str; + } + + if (krb5int_utf8_to_ucs4(cstr) == krb5int_utf8_to_ucs4(cset)) { + break; + } + } + } + + return cstr - str; +} + +/* like strpbrk(), replaces strchr() as well */ +char *krb5int_utf8_strpbrk(const char *str, const char *set) +{ + for ( ; *str != '\0'; KRB5_UTF8_INCR(str)) { + const char *cset; + + for (cset = set; *cset != '\0'; KRB5_UTF8_INCR(cset)) { + if (krb5int_utf8_to_ucs4(str) == krb5int_utf8_to_ucs4(cset)) { + return (char *)str; + } + } + } + + return NULL; +} + +/* like strtok_r(), not strtok() */ +char *krb5int_utf8_strtok(char *str, const char *sep, char **last) +{ + char *begin; + char *end; + + if (last == NULL) + return NULL; + + begin = str ? str : *last; + + begin += krb5int_utf8_strspn(begin, sep); + + if (*begin == '\0') { + *last = NULL; + return NULL; + } + + end = &begin[krb5int_utf8_strcspn(begin, sep)]; + + if (*end != '\0') { + char *next = KRB5_UTF8_NEXT(end); + *end = '\0'; + end = next; + } + + *last = end; + + return begin; +} diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c new file mode 100644 index 0000000000..185dc4ba77 --- /dev/null +++ b/src/util/support/utf8_conv.c @@ -0,0 +1,455 @@ +/* + * util/support/utf8_conv.c + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +/* This work is part of OpenLDAP Software . + * + * Copyright 1998-2008 The OpenLDAP Foundation. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted only as authorized by the OpenLDAP + * Public License. + * + * A copy of this license is available in the file LICENSE in the + * top-level directory of the distribution or, alternatively, at + * . + */ +/* Portions Copyright (C) 1999, 2000 Novell, Inc. All Rights Reserved. + * + * THIS WORK IS SUBJECT TO U.S. AND INTERNATIONAL COPYRIGHT LAWS AND + * TREATIES. USE, MODIFICATION, AND REDISTRIBUTION OF THIS WORK IS SUBJECT + * TO VERSION 2.0.1 OF THE OPENLDAP PUBLIC LICENSE, A COPY OF WHICH IS + * AVAILABLE AT HTTP://WWW.OPENLDAP.ORG/LICENSE.HTML OR IN THE FILE "LICENSE" + * IN THE TOP-LEVEL DIRECTORY OF THE DISTRIBUTION. ANY USE OR EXPLOITATION + * OF THIS WORK OTHER THAN AS AUTHORIZED IN VERSION 2.0.1 OF THE OPENLDAP + * PUBLIC LICENSE, OR OTHER PRIOR WRITTEN CONSENT FROM NOVELL, COULD SUBJECT + * THE PERPETRATOR TO CRIMINAL AND CIVIL LIABILITY. + */ + +/* + * UTF-8 Conversion Routines + * + * These routines convert between Wide Character and UTF-8, + * or between MultiByte and UTF-8 encodings. + * + * Both single character and string versions of the functions are provided. + * All functions return -1 if the character or string cannot be converted. + */ + +#include "k5-platform.h" +#include "k5-utf8.h" +#include "supp-int.h" + +static unsigned char mask[] = { 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 }; + +static ssize_t +k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str, + const char *utf8str, + size_t count, + int little_endian) +{ + size_t ucs2len = 0; + size_t utflen, i; + krb5_ucs2 ch; + + /* If input ptr is NULL or empty... */ + if (utf8str == NULL || *utf8str == '\0') { + *ucs2str = 0; + + return 0; + } + + /* Examine next UTF-8 character. */ + while (*utf8str && ucs2len < count) { + /* Get UTF-8 sequence length from 1st byte */ + utflen = KRB5_UTF8_CHARLEN2(utf8str, utflen); + + if (utflen == 0 || utflen > KRB5_MAX_UTF8_LEN) + return -1; + + /* First byte minus length tag */ + ch = (krb5_ucs2)(utf8str[0] & mask[utflen]); + + for (i = 1; i < utflen; i++) { + /* Subsequent bytes must start with 10 */ + if ((utf8str[i] & 0xc0) != 0x80) + return -1; + + ch <<= 6; /* 6 bits of data in each subsequent byte */ + ch |= (krb5_ucs2)(utf8str[i] & 0x3f); + } + + if (ucs2str != NULL) { +#ifdef K5_BE +#ifndef SWAP16 +#define SWAP16(X) ((((X) << 8) | ((X) >> 8)) & 0xFFFF) +#endif + if (little_endian) + ucs2str[ucs2len] = SWAP16(ch); + else +#endif + ucs2str[ucs2len] = ch; + } + + utf8str += utflen; /* Move to next UTF-8 character */ + ucs2len++; /* Count number of wide chars stored/required */ + } + + assert(ucs2len < count); + + /* Add null terminator if there's room in the buffer. */ + ucs2str[ucs2len] = 0; + + return ucs2len; +} + +int +krb5int_utf8s_to_ucs2s(const char *utf8s, + krb5_ucs2 **ucs2s, + size_t *ucs2chars) +{ + ssize_t len; + size_t chars; + + chars = krb5int_utf8_chars(utf8s); + *ucs2s = (krb5_ucs2 *)malloc((chars + 1) * sizeof(krb5_ucs2)); + if (*ucs2s == NULL) { + return ENOMEM; + } + + len = k5_utf8s_to_ucs2s(*ucs2s, utf8s, chars + 1, 0); + if (len < 0) { + free(*ucs2s); + *ucs2s = NULL; + return EINVAL; + } + + if (ucs2chars != NULL) { + *ucs2chars = chars; + } + + return 0; +} + +int +krb5int_utf8cs_to_ucs2s(const char *utf8s, + size_t utf8slen, + krb5_ucs2 **ucs2s, + size_t *ucs2chars) +{ + ssize_t len; + size_t chars; + + chars = krb5int_utf8c_chars(utf8s, utf8slen); + *ucs2s = (krb5_ucs2 *)malloc((chars + 1) * sizeof(krb5_ucs2)); + if (*ucs2s == NULL) { + return ENOMEM; + } + + len = k5_utf8s_to_ucs2s(*ucs2s, utf8s, chars + 1, 0); + if (len < 0) { + free(*ucs2s); + *ucs2s = NULL; + return EINVAL; + } + + if (ucs2chars != NULL) { + *ucs2chars = chars; + } + + return 0; +} + +int +krb5int_utf8s_to_ucs2les(const char *utf8s, + unsigned char **ucs2les, + size_t *ucs2leslen) +{ + ssize_t len; + size_t chars; + + chars = krb5int_utf8_chars(utf8s); + + *ucs2les = (unsigned char *)malloc((chars + 1) * sizeof(krb5_ucs2)); + if (*ucs2les == NULL) { + return ENOMEM; + } + + len = k5_utf8s_to_ucs2s((krb5_ucs2 *)*ucs2les, utf8s, chars + 1, 1); + if (len < 0) { + free(ucs2les); + *ucs2les = NULL; + return EINVAL; + } + + if (ucs2leslen != NULL) { + *ucs2leslen = chars * sizeof(krb5_ucs2); + } + + return 0; +} + +int +krb5int_utf8cs_to_ucs2les(const char *utf8s, + size_t utf8slen, + unsigned char **ucs2les, + size_t *ucs2leslen) +{ + ssize_t len; + size_t chars; + + chars = krb5int_utf8c_chars(utf8s, utf8slen); + + *ucs2les = (unsigned char *)malloc((chars + 1) * sizeof(krb5_ucs2)); + if (*ucs2les == NULL) { + return ENOMEM; + } + + len = k5_utf8s_to_ucs2s((krb5_ucs2 *)*ucs2les, utf8s, chars + 1, 1); + if (len < 0) { + free(*ucs2les); + *ucs2les = NULL; + return EINVAL; + } + + if (ucs2leslen != NULL) { + *ucs2leslen = chars * sizeof(krb5_ucs2); + } + + return 0; +} + +/*----------------------------------------------------------------------------- + Convert a wide char string to a UTF-8 string. + No more than 'count' bytes will be written to the output buffer. + Return the # of bytes written to the output buffer, excl null terminator. + + ucs2len is -1 if the UCS-2 string is NUL terminated, otherwise it is the + length of the UCS-2 string in characters +*/ +static ssize_t +k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str, + size_t count, ssize_t ucs2len, int little_endian) +{ + int len = 0; + int n; + char *p = utf8str; + krb5_ucs2 empty = 0, ch; + + if (ucs2str == NULL) /* Treat input ptr NULL as an empty string */ + ucs2str = ∅ + + if (utf8str == NULL) /* Just compute size of output, excl null */ + { + while (ucs2len == -1 ? *ucs2str : --ucs2len >= 0) { + /* Get UTF-8 size of next wide char */ +#ifdef K5_BE + if (little_endian) + ch = SWAP16(*ucs2str++); + else +#endif + ch = *ucs2str++; + + n = krb5int_ucs2_to_utf8(ch, NULL); + if (n < 1) + return -1; + if (len + n < len) + return -1; /* overflow */ + len += n; + } + + return len; + } + + /* Do the actual conversion. */ + + n = 1; /* In case of empty ucs2str */ + while (ucs2len == -1 ? *ucs2str != 0 : --ucs2len >= 0) { +#ifdef K5_BE + if (little_endian) + ch = SWAP16(*ucs2str++); + else +#endif + ch = *ucs2str++; + + n = krb5int_ucs2_to_utf8(ch, p); + + if (n < 1) + break; + + p += n; + count -= n; /* Space left in output buffer */ + } + + /* If not enough room for last character, pad remainder with null + so that return value = original count, indicating buffer full. */ + if (n == 0) { + while (count--) + *p++ = 0; + } + /* Add a null terminator if there's room. */ + else if (count) + *p = 0; + + if (n == -1) /* Conversion encountered invalid wide char. */ + return -1; + + /* Return the number of bytes written to output buffer, excl null. */ + return (p - utf8str); +} + +int +krb5int_ucs2s_to_utf8s(const krb5_ucs2 *ucs2s, + char **utf8s, + size_t *utf8slen) +{ + ssize_t len; + + len = k5_ucs2s_to_utf8s(NULL, ucs2s, 0, -1, 0); + if (len < 0) { + return EINVAL; + } + + *utf8s = (char *)malloc((size_t)len + 1); + if (*utf8s == NULL) { + return ENOMEM; + } + + len = k5_ucs2s_to_utf8s(*utf8s, ucs2s, (size_t)len + 1, -1, 0); + if (len < 0) { + free(*utf8s); + *utf8s = NULL; + return EINVAL; + } + + if (utf8slen != NULL) { + *utf8slen = len; + } + + return 0; +} + +int +krb5int_ucs2les_to_utf8s(const unsigned char *ucs2les, + char **utf8s, + size_t *utf8slen) +{ + ssize_t len; + + len = k5_ucs2s_to_utf8s(NULL, (krb5_ucs2 *)ucs2les, 0, -1, 1); + if (len < 0) + return EINVAL; + + *utf8s = (char *)malloc((size_t)len + 1); + if (*utf8s == NULL) { + return ENOMEM; + } + + len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2les, (size_t)len + 1, -1, 1); + if (len < 0) { + free(*utf8s); + *utf8s = NULL; + return EINVAL; + } + + if (utf8slen != NULL) { + *utf8slen = len; + } + + return 0; +} + +int +krb5int_ucs2cs_to_utf8s(const krb5_ucs2 *ucs2s, + size_t ucs2slen, + char **utf8s, + size_t *utf8slen) +{ + ssize_t len; + + if (ucs2slen > SSIZE_MAX) + return ERANGE; + + len = k5_ucs2s_to_utf8s(NULL, (krb5_ucs2 *)ucs2s, 0, + (ssize_t)ucs2slen, 0); + if (len < 0) + return EINVAL; + + *utf8s = (char *)malloc((size_t)len + 1); + if (*utf8s == NULL) { + return ENOMEM; + } + + len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2s, + (size_t)len + 1, (ssize_t)ucs2slen, 0); + if (len < 0) { + free(*utf8s); + *utf8s = NULL; + return EINVAL; + } + + if (utf8slen != NULL) { + *utf8slen = len; + } + + return 0; +} + +int +krb5int_ucs2lecs_to_utf8s(const unsigned char *ucs2les, + size_t ucs2leslen, + char **utf8s, + size_t *utf8slen) +{ + ssize_t len; + + if (ucs2leslen > SSIZE_MAX) + return ERANGE; + + len = k5_ucs2s_to_utf8s(NULL, (krb5_ucs2 *)ucs2les, 0, + (ssize_t)ucs2leslen, 1); + if (len < 0) + return EINVAL; + + *utf8s = (char *)malloc((size_t)len + 1); + if (*utf8s == NULL) { + return ENOMEM; + } + + len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2les, + (size_t)len + 1, (ssize_t)ucs2leslen, 1); + if (len < 0) { + free(*utf8s); + *utf8s = NULL; + return EINVAL; + } + + if (utf8slen != NULL) { + *utf8slen = len; + } + + return 0; +} + diff --git a/src/wconfig.c b/src/wconfig.c index 087a54b5ca..27531b8e23 100644 --- a/src/wconfig.c +++ b/src/wconfig.c @@ -57,9 +57,10 @@ int main(int argc, char *argv[]) { char *ignore_str = "--ignore="; int ignore_len; - char *cp, tmp[80]; + char *cp, *tmp; char *win_flag; char wflags[1024]; + size_t wlen, alen; #ifdef _WIN32 win_flag = win32_flag; @@ -67,21 +68,22 @@ int main(int argc, char *argv[]) win_flag = "UNIX##"; #endif - wflags[0] = 0; + wlen = 0; ignore_len = strlen(ignore_str); argc--; argv++; while (*argv && *argv[0] == '-') { - wflags[sizeof(wflags) - 1] = '\0'; - if (strlen (wflags) + 1 + strlen (*argv) > sizeof (wflags) - 1) { + alen = strlen(*argv); + if (wlen + 1 + alen > sizeof (wflags) - 1) { fprintf (stderr, - "wconfig: argument list too long (internal limit %d)", - sizeof (wflags)); + "wconfig: argument list too long (internal limit %lu)", + (unsigned long) sizeof (wflags)); exit (1); } - if (wflags[0]) - strcat(wflags, " "); - strcat(wflags, *argv); + if (wlen > 0) + wflags[wlen++] = ' '; + memcpy(&wflags[wlen], *argv, alen); + wlen += alen; if (!strcmp(*argv, "--mit")) { mit_specific = 1; @@ -99,19 +101,19 @@ int main(int argc, char *argv[]) continue; } if (!strncmp(*argv, "--enable-", 9)) { - sprintf(tmp, "%s##", (*argv)+ignore_len); - for (cp = tmp; *cp; cp++) { - if (islower(*cp)) - *cp = toupper(*cp); - } - cp = malloc(strlen(tmp)+1); - if (!cp) { + tmp = malloc(alen - ignore_len + 3); + if (!tmp) { fprintf(stderr, "wconfig: malloc failed!\n"); exit(1); } - strcpy(cp, tmp); - add_ignore_list(cp); + memcpy(tmp, *argv + ignore_len, alen - ignore_len); + memcpy(tmp + alen - ignore_len, "##", 3); + for (cp = tmp; *cp; cp++) { + if (islower(*cp)) + *cp = toupper(*cp); + } + add_ignore_list(tmp); argc--; argv++; continue; } @@ -123,6 +125,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "Invalid option: %s\n", *argv); exit(1); } + wflags[wlen] = '\0'; if (win_flag) add_ignore_list(win_flag); @@ -175,16 +178,25 @@ copy_file (char *path, char *fname) FILE *fin; char buf[1024]; char **cpp, *ptr; - int len; + size_t len, plen, flen; if (strcmp(fname, "-") == 0) { fin = stdin; } else { + plen = strlen(path); + flen = strlen(fname); + if (plen + 1 + flen > sizeof(buf) - 1) { + fprintf(stderr, "Name %s or %s too long", path, fname); + return 1; + } + memcpy(buf, path, plen); #ifdef _WIN32 - sprintf(buf, "%s\\%s", path, fname); + buf[plen] = '\\'; #else - sprintf(buf, "%s/%s", path, fname); + buf[plen] = '/'; #endif + memcpy(buf + plen + 1, fname, flen); + buf[plen + 1 + flen] = '\0'; fin = fopen (buf, "r"); /* File to read */ if (fin == NULL) { fprintf(stderr, "wconfig: Can't open file %s\n", buf);